From cc60b069836cbc355e828675e6f089b6ef22b32e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 13 Apr 2002 08:16:41 +0000 Subject: This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer Vernooij . This patch also includes major rework of pdbedit to use popt, and the addition of -i paramter (allowing the user to specify which PDBs is being operated on) and -e to export a pdb - useful for backup and testing etc. Use of -i and -e gets us pdb2pdb functionality for transition between backends, much like the sam2sam in TNG. Andrew Bartlett (This used to be commit c10def37f506d3f2bab442418ac08fdb62659b02) --- source3/passdb/pdb_interface.c | 300 +++++++++++++++++++++++++++-------------- source3/passdb/pdb_ldap.c | 32 ++--- source3/passdb/pdb_smbpasswd.c | 34 ++--- source3/passdb/pdb_tdb.c | 38 +++--- 4 files changed, 251 insertions(+), 153 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 435b627da6..e454bf3c25 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1,18 +1,19 @@ /* Unix SMB/CIFS implementation. Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Jelmer Vernooij 2002 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -29,102 +30,182 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { { "tdbsam_nua", pdb_init_tdbsam_nua }, { "ldapsam", pdb_init_ldapsam }, { "ldapsam_nua", pdb_init_ldapsam_nua }, -#if 0 - { "nisplus", pdb_init_nisplus }, - { "unix", pdb_init_unix }, -#endif { "plugin", pdb_init_plugin }, { NULL, NULL} }; static BOOL context_setsampwent(struct pdb_context *context, BOOL update) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->setsampwent)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } + + context->pwent_methods = context->pdb_methods; - return context->pdb_selected->setsampwent(context, update); + while(!(context->pwent_methods->setsampwent(context->pwent_methods, update))){ + context->pwent_methods = context->pwent_methods->next; + if(context->pwent_methods == NULL)return False; + } + return True; } static void context_endsampwent(struct pdb_context *context) { - if ((!context) || (!context->pdb_selected)) { + if ((!context)){ DEBUG(0, ("invalid pdb_context specified!\n")); return; } - - context->pdb_selected->endsampwent(context); + + if(context->pwent_methods && context->pwent_methods->endsampwent) + context->pwent_methods->endsampwent(context->pwent_methods); + + /* So we won't get strange data when calling getsampwent now */ + context->pwent_methods = NULL; } static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pwent_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } + /* Loop until we find something useful */ + while((!context->pwent_methods->getsampwent) || + context->pwent_methods->getsampwent(context->pwent_methods, user) == False){ + + if(context->pwent_methods->endsampwent) + context->pwent_methods->endsampwent(context->pwent_methods); + + context->pwent_methods = context->pwent_methods->next; + + /* All methods are checked now. There are no more entries */ + if(context->pwent_methods == NULL)return False; - return context->pdb_selected->getsampwent(context, user); + if(!context->pwent_methods->setsampwent){ + DEBUG(0, ("invalid context->pwent_methods->setsampwent\n")); + return False; + } + + context->pwent_methods->setsampwent(context->pwent_methods, False); + } + user->methods = context->pwent_methods; + return True; } static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *curmethods; + if ((!context)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - - return context->pdb_selected->getsampwnam(context, sam_acct, username); + curmethods = context->pdb_methods; + while(curmethods){ + if(curmethods->getsampwnam && curmethods->getsampwnam(curmethods, sam_acct, username) == True){ + sam_acct->methods = curmethods; + return True; + } + curmethods = curmethods->next; + } + + return False; } static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *curmethods; + if ((!context)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - return context->pdb_selected->getsampwrid(context, sam_acct, rid); + curmethods = context->pdb_methods; + + while(curmethods){ + if(curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){ + sam_acct->methods = curmethods; + return True; + } + curmethods = curmethods->next; + } + + return False; } static BOOL context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->add_sam_account)) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - + /** @todo This is where a 're-read on add' should be done */ - - return context->pdb_selected->add_sam_account(context, sam_acct); + /* We now add a new account to the first database listed. + * Should we? */ + + return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct); } static BOOL context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } - + + if(!sam_acct || !sam_acct->methods){ + DEBUG(0, ("invalid sam_acct specified\n")); + return False; + } + + if(!sam_acct->methods->update_sam_account){ + DEBUG(0, ("invalid sam_acct->methods\n")); + return False; + } + /** @todo This is where a 're-read on update' should be done */ - - return context->pdb_selected->update_sam_account(context, sam_acct); + + return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); } static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { - if ((!context) || (!context->pdb_selected)) { + struct pdb_methods *pdb_selected; + if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } + + if(!sam_acct->methods){ + pdb_selected = context->pdb_methods; + /* There's no passdb backend specified for this account. + * Try to delete it in every passdb available */ + while(pdb_selected){ + if(pdb_selected->delete_sam_account && pdb_selected->delete_sam_account(pdb_selected, sam_acct)){ + return True; + } + pdb_selected = pdb_selected->next; + } + return False; + } + + if(!sam_acct->methods->delete_sam_account){ + DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n")); + return False; + } - return context->pdb_selected->delete_sam_account(context, sam_acct); + return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct); } static void free_pdb_context(struct pdb_context **context) { - if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) { - (*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data); + struct pdb_methods *pdb_selected = (*context)->pdb_methods; + + while(pdb_selected){ + if(pdb_selected->free_private_data) + pdb_selected->free_private_data(pdb_selected->private_data); + pdb_selected = pdb_selected->next; } talloc_destroy((*context)->mem_ctx); @@ -132,13 +213,57 @@ static void free_pdb_context(struct pdb_context **context) } /****************************************************************** - Make a pdb_context from scratch. -*******************************************************************/ + Make a pdb_methods from scratch + *******************************************************************/ + +static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected) +{ + char *module_name = smb_xstrdup(selected); + char *module_location = NULL, *p; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + int i; + + p = strchr(module_name, ':'); + + if (p) { + *p = 0; + module_location = p+1; + trim_string(module_location, " ", " "); + } + + trim_string(module_name, " ", " "); + + DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name)); + for (i = 0; builtin_pdb_init_functions[i].name; i++) + { + if (strequal(builtin_pdb_init_functions[i].name, module_name)) + { + DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i)); + if (NT_STATUS_IS_OK(nt_status + = builtin_pdb_init_functions[i].init(context, methods, module_location))) { + DEBUG(5,("pdb backend %s has a valid init\n", selected)); + } else { + DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); + } + break; + } + } + + if (!*methods) { + DEBUG(0,("failed to select passdb backed!\n")); + return nt_status; + } + return NT_STATUS_OK; +} + +/****************************************************************** + Make a pdb_context from scratch. + *******************************************************************/ static NTSTATUS make_pdb_context(struct pdb_context **context) { TALLOC_CTX *mem_ctx; - + mem_ctx = talloc_init_named("pdb_context internal allocation context"); if (!mem_ctx) { @@ -165,77 +290,58 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; + (*context)->pdb_methods = NULL; + (*context)->pwent_methods = NULL; + (*context)->free_fn = free_pdb_context; - + return NT_STATUS_OK; } /****************************************************************** - Make a pdb_context, given a text string. -*******************************************************************/ + Make a pdb_context, given a text string. + *******************************************************************/ NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selected) { - /* HINT: Don't store 'selected' becouse its often an lp_ string and - will 'go away' */ + /* HINT: Don't store 'selected' becouse its often an lp_ string and will 'go away' */ + char *conf = smb_xstrdup(selected); + char *confcur = conf, *confnext; + struct pdb_methods *curmethods, *tmpmethods; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - int i; - char *module_name = smb_xstrdup(selected); - char *module_location = NULL; - char *p; - p = strchr(module_name, ':'); - - if (p) { - *p = 0; - - module_location = p+1; - - trim_string(module_location, " ", " "); + if(!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))){ + return nt_status; } - trim_string(module_name, " ", " "); - - if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) - goto done; - - DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", - selected, module_name)); - - for (i = 0; builtin_pdb_init_functions[i].name; i++) { - if (strequal(builtin_pdb_init_functions[i].name, - module_name)) { - - DEBUG(5,("Found pdb backend %s (at pos %d)\n", - module_name, i)); - - if (NT_STATUS_IS_OK(nt_status = builtin_pdb_init_functions[i].init(*context, &(*context)->pdb_selected, module_location))) { - DEBUG(5,("pdb backend %s has a valid init\n", selected)); - } else { - DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); - (*context)->pdb_selected = NULL; - } - break; + while(confcur){ + if(strchr(confcur, ' ')){ + confnext = strchr(confcur,' '); + *confnext = '\0'; + confnext++; + }else confnext = NULL; + + /* Try to initialise pdb */ + DEBUG(5,("Trying to load: %s\n", confcur)); + if(!NT_STATUS_IS_OK(make_pdb_methods_name(&curmethods, *context, confcur))){ + DEBUG(5, ("Loading %s failed!\n", confcur)); + SAFE_FREE(curmethods); + continue; } + curmethods->parent = *context; + DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods); + + if(!confnext)break; + confcur = confnext; } - - if (!(*context)->pdb_selected) { - DEBUG(0,("failed to select passdb backed!\n")); - talloc_destroy((*context)->mem_ctx); - *context = NULL; - goto done; - } + SAFE_FREE(conf); nt_status = NT_STATUS_OK; - done: - SAFE_FREE(module_name); - return nt_status; } - /****************************************************************** Return an already initialised pdb_context, to facilitate backward compatibility (see functions below). @@ -244,20 +350,20 @@ NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selecte static struct pdb_context *pdb_get_static_context(BOOL reload) { static struct pdb_context *pdb_context = NULL; - + if ((pdb_context) && (reload)) { pdb_context->free_fn(&pdb_context); if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { return NULL; } } - + if (!pdb_context) { if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { return NULL; } } - + return pdb_context; } @@ -347,21 +453,21 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - + if (!pdb_context) { return False; } - + return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct); } #endif /* !defined(WITH_NISPLUS_SAM) */ /*************************************************************** - Initialize the static context (at smbd startup etc). + Initialize the static context (at smbd startup etc). - If uninitialised, context will auto-init on first use. -***************************************************************/ + If uninitialised, context will auto-init on first use. + ***************************************************************/ BOOL initialize_password_db(BOOL reload) { @@ -381,11 +487,3 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) return NT_STATUS_OK; } - - - - - - - - diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 02bb43b7ff..dc6b9f97ff 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1006,9 +1006,9 @@ static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_s /********************************************************************** Connect to LDAP server for password enumeration *********************************************************************/ -static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update) +static BOOL ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; pstring filter; @@ -1054,9 +1054,9 @@ static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update) /********************************************************************** End enumeration of the LDAP password list *********************************************************************/ -static void ldapsam_endsampwent(struct pdb_context *context) +static void ldapsam_endsampwent(struct pdb_methods *my_methods) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; if (ldap_state->ldap_struct && ldap_state->result) { ldap_msgfree(ldap_state->result); @@ -1069,9 +1069,9 @@ static void ldapsam_endsampwent(struct pdb_context *context) /********************************************************************** Get the next entry in the LDAP password database *********************************************************************/ -static BOOL ldapsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT * user) +static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * user) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; BOOL ret = False; while (!ret) { @@ -1093,9 +1093,9 @@ static BOOL ldapsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT * user) /********************************************************************** Get SAM_ACCOUNT entry from LDAP by username *********************************************************************/ -static BOOL ldapsam_getsampwnam(struct pdb_context *context, SAM_ACCOUNT * user, const char *sname) +static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const char *sname) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; LDAPMessage *result; LDAPMessage *entry; @@ -1144,9 +1144,9 @@ static BOOL ldapsam_getsampwnam(struct pdb_context *context, SAM_ACCOUNT * user, /********************************************************************** Get SAM_ACCOUNT entry from LDAP by rid *********************************************************************/ -static BOOL ldapsam_getsampwrid(struct pdb_context *context, SAM_ACCOUNT * user, uint32 rid) +static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, uint32 rid) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; LDAPMessage *result; LDAPMessage *entry; @@ -1199,9 +1199,9 @@ static BOOL ldapsam_getsampwrid(struct pdb_context *context, SAM_ACCOUNT * user, /********************************************************************** Delete entry from LDAP for username *********************************************************************/ -static BOOL ldapsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT * sam_acct) +static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * sam_acct) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; const char *sname; int rc; char *dn; @@ -1259,9 +1259,9 @@ static BOOL ldapsam_delete_sam_account(struct pdb_context *context, const SAM_AC /********************************************************************** Update SAM_ACCOUNT *********************************************************************/ -static BOOL ldapsam_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * newpwd) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; char *dn; LDAP *ldap_struct; @@ -1326,9 +1326,9 @@ static BOOL ldapsam_update_sam_account(struct pdb_context *context, const SAM_AC /********************************************************************** Add SAM_ACCOUNT to LDAP *********************************************************************/ -static BOOL ldapsam_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * newpwd) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; pstring filter; LDAP *ldap_struct = NULL; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 89a4217c3b..18c949c592 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -198,7 +198,7 @@ static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); if((fp = sys_fopen(pfile, open_mode)) == NULL) { - DEBUG(2, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); + DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); return NULL; } @@ -1340,9 +1340,9 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC /***************************************************************** Functions to be implemented by the new passdb API ****************************************************************/ -static BOOL smbpasswd_setsampwent (struct pdb_context *context, BOOL update) +static BOOL smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, update ? PWF_UPDATE : PWF_READ, @@ -1370,17 +1370,17 @@ static BOOL smbpasswd_setsampwent (struct pdb_context *context, BOOL update) return (smbpasswd_state->pw_file != NULL); } -static void smbpasswd_endsampwent (struct pdb_context *context) +static void smbpasswd_endsampwent (struct pdb_methods *my_methods) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth)); } /***************************************************************** ****************************************************************/ -static BOOL smbpasswd_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +static BOOL smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *pw_buf=NULL; BOOL done = False; DEBUG(5,("pdb_getsampwent\n")); @@ -1419,9 +1419,9 @@ static BOOL smbpasswd_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user call getpwnam() for unix account information until we have found the correct entry ***************************************************************/ -static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username) +static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const char *username) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; char *domain = NULL; @@ -1489,9 +1489,9 @@ static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ } -static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct,uint32 rid) +static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; @@ -1533,9 +1533,9 @@ static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ return True; } -static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ @@ -1551,9 +1551,9 @@ static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACC return True; } -static BOOL smbpasswd_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ @@ -1567,9 +1567,9 @@ static BOOL smbpasswd_update_sam_account(struct pdb_context *context, const SAM_ return True; } -static BOOL smbpasswd_delete_sam_account (struct pdb_context *context, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_delete_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) { - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; + struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; const char *username = pdb_get_username(sampass); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index a8edac917e..7092caa15e 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -462,9 +462,9 @@ static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state, Open the TDB passwd database for SAM account enumeration. ****************************************************************/ -static BOOL tdbsam_setsampwent(struct pdb_context *context, BOOL update) +static BOOL tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; /* Open tdb passwd */ if (!(tdb_state->passwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600))) @@ -490,9 +490,9 @@ static void close_tdb(struct tdbsam_privates *tdb_state) End enumeration of the TDB passwd list. ****************************************************************/ -static void tdbsam_endsampwent(struct pdb_context *context) +static void tdbsam_endsampwent(struct pdb_methods *my_methods) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; close_tdb(tdb_state); DEBUG(7, ("endtdbpwent: closed sam database.\n")); @@ -502,9 +502,9 @@ static void tdbsam_endsampwent(struct pdb_context *context) Get one SAM_ACCOUNT from the TDB (next in line) *****************************************************************/ -static BOOL tdbsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +static BOOL tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_DATA data; char *prefix = USERPREFIX; int prefixlen = strlen (prefix); @@ -550,9 +550,9 @@ static BOOL tdbsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) Lookup a name in the SAM TDB ******************************************************************/ -static BOOL tdbsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, const char *sname) +static BOOL tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA data, key; fstring keystr; @@ -606,9 +606,9 @@ static BOOL tdbsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, Search by rid **************************************************************************/ -static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, uint32 rid) +static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA data, key; fstring keystr; @@ -644,16 +644,16 @@ static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, tdb_close (pwd_tdb); - return tdbsam_getsampwnam (context, user, name); + return tdbsam_getsampwnam (my_methods, user, name); } /*************************************************************************** Delete a SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sam_pass) +static BOOL tdbsam_delete_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sam_pass) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; TDB_DATA key; fstring keystr; @@ -707,9 +707,9 @@ static BOOL tdbsam_delete_sam_account(struct pdb_context *context, const SAM_ACC Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpwd, int flag) +static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* newpwd, int flag) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data; + struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb = NULL; TDB_DATA key, data; uint8 *buf = NULL; @@ -823,18 +823,18 @@ done: Modifies an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_update_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_update_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *newpwd) { - return (tdb_update_sam(context, newpwd, TDB_MODIFY)); + return (tdb_update_sam(my_methods, newpwd, TDB_MODIFY)); } /*************************************************************************** Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_add_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_add_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *newpwd) { - return (tdb_update_sam(context, newpwd, TDB_INSERT)); + return (tdb_update_sam(my_methods, newpwd, TDB_INSERT)); } static void free_private_data(void **vp) -- cgit From 163a855d26106ac9c6eaf945a31a6495204de990 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 13 Apr 2002 09:35:52 +0000 Subject: Better handling of uid/gid -> RID and RID -> uid/gid code. All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5) --- source3/passdb/passdb.c | 44 +++++++++++++++++++++-------------------- source3/passdb/pdb_interface.c | 2 +- source3/passdb/pdb_ldap.c | 26 ++++-------------------- source3/passdb/pdb_smbpasswd.c | 28 +++++--------------------- source3/passdb/pdb_tdb.c | 45 +++++++++++++++++++++++++++++++----------- 5 files changed, 67 insertions(+), 78 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 17aefe1159..d34866fa63 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -436,9 +436,10 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid) Converts NT user RID to a UNIX uid. ********************************************************************/ -static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) +uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); + int rid_offset = lp_algorithmic_rid_base(); + return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER); } @@ -446,9 +447,10 @@ static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) converts UNIX uid to an NT User RID. ********************************************************************/ -static uint32 fallback_pdb_uid_to_user_rid(uid_t uid) +uint32 fallback_pdb_uid_to_user_rid(uid_t uid) { - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + int rid_offset = lp_algorithmic_rid_base(); + return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE); } /******************************************************************* @@ -457,7 +459,8 @@ static uint32 fallback_pdb_uid_to_user_rid(uid_t uid) gid_t pdb_group_rid_to_gid(uint32 group_rid) { - return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER); + int rid_offset = lp_algorithmic_rid_base(); + return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER); } /******************************************************************* @@ -470,7 +473,8 @@ gid_t pdb_group_rid_to_gid(uint32 group_rid) uint32 pdb_gid_to_group_rid(gid_t gid) { - return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE); + int rid_offset = lp_algorithmic_rid_base(); + return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE); } /******************************************************************* @@ -479,7 +483,10 @@ uint32 pdb_gid_to_group_rid(gid_t gid) static BOOL pdb_rid_is_well_known(uint32 rid) { - return (rid < 1000); + /* Not using rid_offset here, becouse this is the actual + NT fixed value (1000) */ + + return (rid < BASE_RID); } /******************************************************************* @@ -817,13 +824,14 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid), (unsigned int)*puid, pdb_get_username(sam_user))); } else { - if (pdb_rid_is_user(rid)) { + if ((pdb_rid_is_user(rid))) { *puid = fallback_pdb_user_rid_to_uid(rid); DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (non-passdb user).\n", sid_to_string( str, psid), (unsigned int)*puid)); } else { + DEBUG(5,("local_sid_to_uid: SID %s not mapped becouse RID isn't a user.\n", sid_to_string( str, psid))); pdb_free_sam(&sam_user); - return False; + return False; } } pdb_free_sam(&sam_user); @@ -846,7 +854,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); - } + } else { sid_append_rid(psid, pdb_gid_to_group_rid(gid)); } @@ -864,7 +872,6 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) DOM_SID dom_sid; uint32 rid; fstring str; - struct group *grp; GROUP_MAP map; *name_type = SID_NAME_UNKNOWN; @@ -891,24 +898,19 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) sid_peek_rid(&map.sid, &rid); *pgid = map.gid; *name_type = map.sid_name_use; + DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid), + map.nt_name, (unsigned int)*pgid)); + } else { if (pdb_rid_is_user(rid)) return False; *pgid = pdb_group_rid_to_gid(rid); *name_type = SID_NAME_ALIAS; + DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid), + (unsigned int)*pgid)); } - /* - * Ensure this gid really does exist. - */ - - if(!(grp = getgrgid(*pgid))) - return False; - - DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str, psid), - (unsigned int)*pgid, grp->gr_name )); - return True; } diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e454bf3c25..a19bf254e7 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -240,7 +240,7 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c { DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i)); if (NT_STATUS_IS_OK(nt_status - = builtin_pdb_init_functions[i].init(context, methods, module_location))) { + = builtin_pdb_init_functions[i].init(context, methods, module_location))) { DEBUG(5,("pdb backend %s has a valid init\n", selected)); } else { DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index dc6b9f97ff..d0280269aa 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -71,24 +71,6 @@ struct ldapsam_privates { static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state); -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ - -static uid_t pdb_user_rid_to_uid(uint32 user_rid) -{ - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); -} - -/******************************************************************* - converts UNIX uid to an NT User RID. - ********************************************************************/ - -static uint32 pdb_uid_to_user_rid(uid_t uid) -{ - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); -} - /******************************************************************* find the ldap password ******************************************************************/ @@ -347,7 +329,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, if (rc != LDAP_SUCCESS) rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct, - pdb_user_rid_to_uid(rid), + fallback_user_rid_to_uid(rid), result); return rc; @@ -754,7 +736,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, if ( pdb_get_user_rid(sampass) ) { rid = pdb_get_user_rid(sampass); } else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) { - rid = pdb_uid_to_user_rid(pdb_get_uid(sampass)); + rid = fallback_uid_to_user_rid(pdb_get_uid(sampass)); } else if (ldap_state->permit_non_unix_accounts) { rid = ldapsam_get_next_available_nua_rid(ldap_state); if (rid == 0) { @@ -1511,9 +1493,9 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method return NT_STATUS_UNSUCCESSFUL; } - ldap_state->low_nua_rid=pdb_uid_to_user_rid(low_nua_uid); + ldap_state->low_nua_rid=fallback_uid_to_user_rid(low_nua_uid); - ldap_state->high_nua_rid=pdb_uid_to_user_rid(high_nua_uid); + ldap_state->high_nua_rid=fallback_uid_to_user_rid(high_nua_uid); return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 18c949c592..9f37cadfe8 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -69,24 +69,6 @@ struct smbpasswd_privates enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ - -static uid_t pdb_user_rid_to_uid(uint32 user_rid) -{ - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); -} - -/******************************************************************* - converts UNIX uid to an NT User RID. - ********************************************************************/ - -static uint32 pdb_uid_to_user_rid(uid_t uid) -{ - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); -} - /*************************************************************** Lock an fd. Abandon after waitsecs seconds. ****************************************************************/ @@ -1195,7 +1177,7 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas uid = pdb_get_uid(sampass); /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid && uid != pdb_user_rid_to_uid(rid)) { + if (rid && uid != fallback_pdb_user_rid_to_uid(rid)) { DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); return False; } @@ -1249,7 +1231,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) { - pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pw_buf->smb_userid)); + pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid)); /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. @@ -1269,7 +1251,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC --jerry */ pwfile = getpwnam_alloc(pw_buf->smb_name); if (pwfile == NULL) { - DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s not in unix passwd database!\n", pw_buf->smb_name)); + DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid)); return False; } @@ -1278,7 +1260,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC pdb_set_fullname(sam_pass, pwfile->pw_gecos); - pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid)); + pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pwfile->pw_uid)); if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { sid_peek_rid(&map.sid, &grid); @@ -1505,7 +1487,7 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s return False; } - while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) ) + while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (fallback_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) ) /* do nothing */ ; endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth)); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 7092caa15e..3a9bc894bb 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -41,8 +41,10 @@ struct tdbsam_privates { BOOL permit_non_unix_accounts; -/* uint32 low_nua_rid; - uint32 high_nua_rid; */ + BOOL algorithmic_rids; + + uint32 low_nua_rid; + uint32 high_nua_rid; }; /********************************************************************** @@ -717,7 +719,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* ne fstring name; BOOL ret = True; uint32 user_rid; - int32 tdb_ret; + BOOL tdb_ret; /* invalidate the existing TDB iterator if it is open */ if (tdb_state->passwd_tdb) { @@ -736,13 +738,32 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* ne /* if flag == TDB_INSERT then make up a new RID else throw an error. */ if (!(user_rid = pdb_get_user_rid(newpwd))) { if (flag & TDB_INSERT) { - user_rid = BASE_RID; - tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (tdb_ret == -1) { - ret = False; - goto done; + if (IS_SAM_UNIX_USER(newpwd)) { + if (tdb_state->algorithmic_rids) { + user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd)); + } else { + user_rid = BASE_RID; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + } + pdb_set_user_rid(newpwd, user_rid); + } else { + user_rid = tdb_state->low_nua_rid; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + if (user_rid > tdb_state->high_nua_rid) { + DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); + ret = False; + goto done; + } + pdb_set_user_rid(newpwd, user_rid); } - pdb_set_user_rid(newpwd, user_rid); } else { DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); ret = False; @@ -884,6 +905,8 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile); } + tdb_state->algorithmic_rids = True; + (*pdb_method)->private_data = tdb_state; (*pdb_method)->free_private_data = free_private_data; @@ -912,10 +935,10 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, return NT_STATUS_UNSUCCESSFUL; } -/* tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); + tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); -*/ + return NT_STATUS_OK; } -- cgit From a0152895897c68e3f9c665320699fb2e0da4a1a3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 13 Apr 2002 10:48:25 +0000 Subject: Fix the compile-bug in pdb_ldap from my last patch. Andrew Bartlett (This used to be commit 81eaa7924b7bd3a13d049bce7fe7a16ab9174364) --- source3/passdb/pdb_ldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index d0280269aa..c4f95dcdee 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -329,7 +329,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, if (rc != LDAP_SUCCESS) rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct, - fallback_user_rid_to_uid(rid), + fallback_pdb_user_rid_to_uid(rid), result); return rc; @@ -736,7 +736,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, if ( pdb_get_user_rid(sampass) ) { rid = pdb_get_user_rid(sampass); } else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) { - rid = fallback_uid_to_user_rid(pdb_get_uid(sampass)); + rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass)); } else if (ldap_state->permit_non_unix_accounts) { rid = ldapsam_get_next_available_nua_rid(ldap_state); if (rid == 0) { @@ -1493,9 +1493,9 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method return NT_STATUS_UNSUCCESSFUL; } - ldap_state->low_nua_rid=fallback_uid_to_user_rid(low_nua_uid); + ldap_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); - ldap_state->high_nua_rid=fallback_uid_to_user_rid(high_nua_uid); + ldap_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); return NT_STATUS_OK; } -- cgit From 07e6ff5fcfe337bb65a7c3a4493a92a7761cf2ed Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 14 Apr 2002 09:44:16 +0000 Subject: Partly based on the work by mimir (Rafal Szczesniak ) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296) --- source3/passdb/secrets.c | 136 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 127 insertions(+), 9 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index b3507a1392..073317824b 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1,6 +1,7 @@ /* Unix SMB/CIFS implementation. Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -124,9 +125,13 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) } -/************************************************************************ -form a key for fetching the machine trust account password -************************************************************************/ +/** + * Form a key for fetching the machine trust account password + * + * @param domain domain name + * + * @return stored password's key + **/ char *trust_keystr(char *domain) { static fstring keystr; @@ -141,7 +146,7 @@ char *trust_keystr(char *domain) /** * Form a key for fetching a trusted domain password * - * @param domain domain name + * @param domain trusted domain name * * @return stored password's key **/ @@ -194,21 +199,23 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], Routine to get account password to trusted domain ************************************************************************/ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, - DOM_SID *sid, time_t *pass_last_set_time) + DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass *pass; size_t size; + /* fetching trusted domain password structure */ if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } - + if (size != sizeof(*pass)) { DEBUG(0, ("secrets were of incorrect size!\n")); return False; } - + + /* the trust's password */ if (pwd) { *pwd = strdup(pass->pass); if (!*pwd) { @@ -216,9 +223,12 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, } } + /* last change time */ if (pass_last_set_time) *pass_last_set_time = pass->mod_time; + /* domain sid */ memcpy(&sid, &(pass->domain_sid), sizeof(sid)); + SAFE_FREE(pass); return True; @@ -247,19 +257,30 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) * @return true if succeeded **/ -BOOL secrets_store_trusted_domain_password(char* domain, char* pwd, +BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name, + size_t uni_name_len, char* pwd, DOM_SID sid) { struct trusted_dom_pass pass; ZERO_STRUCT(pass); + /* unicode domain name and its length */ + if (!uni_dom_name) + return False; + + strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1); + pass.uni_name_len = uni_name_len; + + /* last change time */ pass.mod_time = time(NULL); + /* password of the trust */ pass.pass_len = strlen(pwd); fstrcpy(pass.pass, pwd); + /* domain sid */ memcpy(&(pass.domain_sid), &sid, sizeof(sid)); - + return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass)); } @@ -357,3 +378,100 @@ BOOL secrets_store_ldap_pw(char* dn, char* pw) return secrets_store(key, pw, strlen(pw)); } + +/** + * The linked list is allocated on the supplied talloc context, caller gets to destory + * when done. + * + * @param start_idx starting index, eg. we can start fetching + * at third or sixth trusted domain entry + * @param num_domains number of domain entries to fetch at one call + * + * @return list of trusted domains structs (unicode name, sid and password) + **/ + +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) +{ + TDB_LIST_NODE *keys, *k; + TRUSTDOM *dom = NULL; + char *pattern; + uint32 idx = 0; + size_t size; + struct trusted_dom_pass *pass; + + secrets_init(); + + *num_domains = 0; + + /* generate searching pattern */ + if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { + DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", + max_num_domains, start_idx)); + + *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); + + /* fetching trusted domains' data and collecting them in a list */ + keys = tdb_search_keys(tdb, pattern); + + /* searching for keys in sectrets db -- way to go ... */ + for (k = keys; k; k = k->next) { + char *secrets_key; + + /* important: ensure null-termination of the key string */ + secrets_key = strndup(k->node_key.dptr, k->node_key.dsize); + if (!secrets_key) { + DEBUG(0, ("strndup failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + pass = secrets_fetch(secrets_key, &size); + + if (size != sizeof(*pass)) { + DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key)); + SAFE_FREE(pass); + continue; + } + + SAFE_FREE(secrets_key); + + if (idx >= start_idx && idx < start_idx + max_num_domains) { + dom = talloc_zero(ctx, sizeof(*dom)); + if (!dom) { + /* free returned tdb record */ + SAFE_FREE(pass); + + return NT_STATUS_NO_MEMORY; + } + + /* copy domain sid */ + SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); + memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); + + /* copy unicode domain name */ + dom->name = talloc_strdup_w(ctx, pass->uni_name); + + (*domains)[*num_domains] = dom; + + (*num_domains)++; + + } + + idx++; + + /* free returned tdb record */ + SAFE_FREE(pass); + } + + DEBUG(5, ("secrets_get_trusted_domains: got %d of %d domains\n", + *num_domains, max_num_domains)); + + /* free the results of searching the keys */ + tdb_search_list_free(keys); + + return NT_STATUS_OK; +} + -- cgit From bfa6281944be923816572ce8b0d0f26045c60c3d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 23 Apr 2002 04:43:44 +0000 Subject: Spelling fixes from vance (This used to be commit 70c6f5fc6d3ec3121b29d1e46e7fd3933fbcce6b) --- source3/passdb/pdb_ldap.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index c4f95dcdee..797cc28ee6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -237,7 +237,7 @@ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * l return False; } - DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); + DEBUG(2, ("ldap_connect_system: successful connection to the LDAP server\n")); return True; } @@ -521,7 +521,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pw = getpwnam_alloc(username); if (pw == NULL) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); + DEBUG (2,("init_sam_from_ldap: User [%s] does not have a uid!\n", username)); return False; } uid = pw->pw_uid; @@ -740,7 +740,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, } else if (ldap_state->permit_non_unix_accounts) { rid = ldapsam_get_next_available_nua_rid(ldap_state); if (rid == 0) { - DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass))); + DEBUG(0, ("NO user RID specified on account %s, and finding next available NUA RID failed, cannot store!\n", pdb_get_username(sampass))); return False; } } else { @@ -1097,7 +1097,7 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(4, - ("We don't find this user [%s] count=%d\n", sname, + ("We didn't find the user [%s] count=%d\n", sname, ldap_count_entries(ldap_struct, result))); ldap_unbind(ldap_struct); return False; @@ -1151,7 +1151,7 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(0, - ("We don't find this rid [%i] count=%d\n", rid, + ("We didn't find the rid [%i] count=%d\n", rid, ldap_count_entries(ldap_struct, result))); ldap_unbind(ldap_struct); return False; @@ -1205,7 +1205,7 @@ static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, const SAM if (!ldapsam_connect_system(ldap_state, ldap_struct)) { ldap_unbind (ldap_struct); - DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname)); + DEBUG(0, ("failed to delete user %s from the LDAP database.\n", sname)); return False; } -- cgit From 3fe27b7f9df7d2bb2f7799fd46b79928f0e614b0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 May 2002 13:49:01 +0000 Subject: A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8) --- source3/passdb/secrets.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 073317824b..32d4b42611 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. Copyright (C) Andrew Tridgell 1992-2001 Copyright (C) Andrew Bartlett 2002 + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -383,25 +384,31 @@ BOOL secrets_store_ldap_pw(char* dn, char* pw) * The linked list is allocated on the supplied talloc context, caller gets to destory * when done. * - * @param start_idx starting index, eg. we can start fetching - * at third or sixth trusted domain entry - * @param num_domains number of domain entries to fetch at one call + * @param ctx Allocation context + * @param enum_ctx Starting index, eg. we can start fetching at third + * or sixth trusted domain entry. Zero is the first index. + * Value it is set to is the enum context for the next enumeration. + * @param num_domains Number of domain entries to fetch at one call + * @param domains Pointer to array of trusted domain structs to be filled up * - * @return list of trusted domains structs (unicode name, sid and password) + * @return nt status code of rpc response **/ -NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; char *pattern; + int start_idx; uint32 idx = 0; size_t size; struct trusted_dom_pass *pass; + NTSTATUS status; secrets_init(); *num_domains = 0; + start_idx = *enum_ctx; /* generate searching pattern */ if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { @@ -410,13 +417,19 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num } DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", - max_num_domains, start_idx)); + max_num_domains, *enum_ctx)); *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); /* fetching trusted domains' data and collecting them in a list */ keys = tdb_search_keys(tdb, pattern); + /* + * if there's no keys returned ie. no trusted domain, + * return "no more entries" code + */ + status = NT_STATUS_NO_MORE_ENTRIES; + /* searching for keys in sectrets db -- way to go ... */ for (k = keys; k; k = k->next) { char *secrets_key; @@ -447,17 +460,26 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num return NT_STATUS_NO_MEMORY; } - /* copy domain sid */ + /* copy domain sid */ SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); - /* copy unicode domain name */ + /* copy unicode domain name */ dom->name = talloc_strdup_w(ctx, pass->uni_name); - (*domains)[*num_domains] = dom; + (*domains)[idx - start_idx] = dom; + *enum_ctx = idx + 1; (*num_domains)++; - + + /* set proper status code to return */ + if (k->next) { + /* there are yet some entries to enumerate */ + status = STATUS_MORE_ENTRIES; + } else { + /* this is the last entry in the whole enumeration */ + status = NT_STATUS_OK; + } } idx++; @@ -466,12 +488,11 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num SAFE_FREE(pass); } - DEBUG(5, ("secrets_get_trusted_domains: got %d of %d domains\n", - *num_domains, max_num_domains)); + DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", *num_domains)); /* free the results of searching the keys */ tdb_search_list_free(keys); - return NT_STATUS_OK; + return status; } -- cgit From 0d26e9f69c49bca92a3b4c68ebe36eef24895d75 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 May 2002 14:51:55 +0000 Subject: Make --with-ldapsam 'go away'. This is now a standard, stable, feature and there is no real reason for it to depend on more than the abilty to compile the code. (This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c) --- source3/passdb/pdb_ldap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 797cc28ee6..af0cbef4f2 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -24,7 +24,7 @@ #include "includes.h" -#ifdef WITH_LDAP_SAM +#ifdef HAVE_LDAP /* TODO: * persistent connections: if using NSS LDAP, many connections are made * however, using only one within Samba would be nice @@ -1505,13 +1505,13 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { - DEBUG(0, ("ldapsam not compiled in!\n")); + DEBUG(0, ("ldap not detected at configure time, ldapsam not availalble!\n")); return NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { - DEBUG(0, ("ldapsam_nua not compiled in!\n")); + DEBUG(0, ("ldap not dectected at configure time, ldapsam_nua not available!\n")); return NT_STATUS_UNSUCCESSFUL; } -- cgit From 58e1fe62cc955c6b8449332447a6879c6fab64e7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 May 2002 05:52:52 +0000 Subject: A few things in this commit: cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34) --- source3/passdb/passdb.c | 310 ++++++++++++++++++++++------------------- source3/passdb/pdb_get_set.c | 76 +++++++++- source3/passdb/pdb_interface.c | 16 ++- source3/passdb/pdb_ldap.c | 50 ++++--- source3/passdb/pdb_smbpasswd.c | 55 +------- source3/passdb/pdb_tdb.c | 99 +++++++------ source3/passdb/pdb_unix.c | 126 +++++++++++++++++ 7 files changed, 465 insertions(+), 267 deletions(-) create mode 100644 source3/passdb/pdb_unix.c (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index d34866fa63..edae00389e 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -30,6 +30,7 @@ */ extern DOM_SID global_sam_sid; +extern pstring global_myname; /************************************************************ Fill the SAM_ACCOUNT with default values. @@ -150,32 +151,39 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user) Initialises a struct sam_passwd with sane values. ************************************************************/ -NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) +NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { - pstring str; GROUP_MAP map; uint32 rid; - NTSTATUS nt_status; if (!pwd) { - new_sam_acct = NULL; return NT_STATUS_UNSUCCESSFUL; } - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { - new_sam_acct = NULL; - return nt_status; - } + pdb_fill_default_sam(sam_account); - pdb_set_username(*new_sam_acct, pwd->pw_name); - pdb_set_fullname(*new_sam_acct, pwd->pw_gecos); + pdb_set_username(sam_account, pwd->pw_name); + pdb_set_fullname(sam_account, pwd->pw_gecos); - pdb_set_uid(*new_sam_acct, pwd->pw_uid); - pdb_set_gid(*new_sam_acct, pwd->pw_gid); + pdb_set_unix_homedir(sam_account, pwd->pw_dir); + + pdb_set_domain (sam_account, lp_workgroup()); + + pdb_set_uid(sam_account, pwd->pw_uid); + pdb_set_gid(sam_account, pwd->pw_gid); - /* let the backends set the rid!! - pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid)); - -- simo */ + /* When we get a proper uid -> SID and SID -> uid allocation + mechinism, we should call it here. + + We can't just set this to 0 or allow it only to be filled + in when added to the backend, becouse the user's SID + may already be in security descriptors etc. + + -- abartlet 11-May-02 + */ + + pdb_set_user_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid)); /* call the mapping code here */ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { @@ -185,24 +193,67 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) rid=pdb_gid_to_group_rid(pwd->pw_gid); } - pdb_set_group_rid(*new_sam_acct, rid); + pdb_set_group_rid(sam_account, rid); + + /* check if this is a user account or a machine account */ + if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$') + { + pdb_set_profile_path(sam_account, + standard_sub_specified((sam_account)->mem_ctx, + lp_logon_path(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + + pdb_set_homedir(sam_account, + standard_sub_specified((sam_account)->mem_ctx, + lp_logon_home(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + + pdb_set_dir_drive(sam_account, + standard_sub_specified((sam_account)->mem_ctx, + lp_logon_drive(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + + pdb_set_logon_script(sam_account, + standard_sub_specified((sam_account)->mem_ctx, + lp_logon_script(), + pwd->pw_name, global_myname, + pwd->pw_uid, pwd->pw_gid), + False); + } + return NT_STATUS_OK; +} - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_profile_path(*new_sam_acct, str, False); - - pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_homedir(*new_sam_acct, str, False); - - pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_dir_drive(*new_sam_acct, str, False); - pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); - pdb_set_logon_script(*new_sam_acct, str, False); - +/************************************************************* + Initialises a struct sam_passwd with sane values. + ************************************************************/ + +NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) +{ + NTSTATUS nt_status; + + if (!pwd) { + new_sam_acct = NULL; + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { + new_sam_acct = NULL; + return nt_status; + } + + if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd))) { + pdb_free_sam(new_sam_acct); + new_sam_acct = NULL; + return nt_status; + } + return NT_STATUS_OK; } @@ -210,18 +261,21 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) /** * Free the contets of the SAM_ACCOUNT, but not the structure. * - * Also wipes the LM and NT hashes from memory. + * Also wipes the LM and NT hashes and plaintext passwrod from + * memory. * * @param user SAM_ACCOUNT to free members of. **/ static void pdb_free_sam_contents(SAM_ACCOUNT *user) { - /* As we start mallocing more strings this is where - we should free them. */ + + /* Kill off sensitive data. Free()ed by the + talloc mechinism */ data_blob_clear_free(&(user->private.lm_pw)); data_blob_clear_free(&(user->private.nt_pw)); + data_blob_clear_free(&(user->private.plaintext_pw)); } @@ -519,12 +573,8 @@ BOOL pdb_rid_is_user(uint32 rid) BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use) { uint32 rid; - BOOL is_user; SAM_ACCOUNT *sam_account = NULL; - uid_t uid; - struct passwd *pass; GROUP_MAP map; - sid_peek_rid(sid, &rid); *psid_name_use = SID_NAME_UNKNOWN; @@ -564,6 +614,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return False; } + /* This now does the 'generic' mapping in pdb_unix */ if (pdb_getsampwrid(sam_account, rid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -572,47 +623,36 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - + pdb_free_sam(&sam_account); if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) { if (map.gid!=-1) { DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); - fstrcpy(name, map.nt_name); - *psid_name_use = map.sid_name_use; - return True; + } else { + DEBUG(5,("local_lookup_sid: mapped group %s to no unix gid. Returning name.\n", map.nt_name)); } - } - - is_user = pdb_rid_is_user(rid); - DEBUG(5, ("assuming RID %u is a %s\n", (unsigned)rid, is_user ? "user" : "group")); + fstrcpy(name, map.nt_name); + *psid_name_use = map.sid_name_use; + return True; + } if (pdb_rid_is_user(rid)) { - uid = fallback_pdb_user_rid_to_uid(rid); - pass = getpwuid_alloc(uid); - - *psid_name_use = SID_NAME_USER; - - DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid, - pass ? "succeeded" : "failed" )); - - if(!pass) { - slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid); - return True; - } - - fstrcpy(name, pass->pw_name); - - DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name, - (unsigned int)rid )); - - passwd_free(&pass); - + uid_t uid; + + DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid)); + + uid = fallback_pdb_user_rid_to_uid(rid); + slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid); + + return False; /* Indicates that this user was 'not mapped' */ } else { gid_t gid; struct group *gr; + DEBUG(5, ("assuming RID %u is a group\n", (unsigned)rid)); + gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); @@ -623,15 +663,15 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use if(!gr) { slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid); - return False; + return False; /* Indicates that this group was 'not mapped' */ } fstrcpy( name, gr->gr_name); DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name, (unsigned int)rid )); + return True; } - return True; } /******************************************************************* @@ -641,11 +681,12 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use) { extern DOM_SID global_sid_World_Domain; - struct passwd *pass = NULL; DOM_SID local_sid; fstring user; SAM_ACCOUNT *sam_account = NULL; - + struct group *grp; + GROUP_MAP map; + *psid_name_use = SID_NAME_UNKNOWN; /* @@ -691,52 +732,45 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi pdb_free_sam(&sam_account); - if ((pass = Get_Pwnam(user))) { - sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid)); - *psid_name_use = SID_NAME_USER; + /* + * Maybe it was a group ? + */ + /* check if it's a mapped group */ + if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) { + if (map.gid!=-1) { + /* yes it's a mapped group to a valid unix group */ + sid_copy(&local_sid, &map.sid); + *psid_name_use = map.sid_name_use; + } + else { + /* it's a correct name but not mapped so it points to nothing*/ + return False; + } } else { - /* - * Maybe it was a group ? + /* it's not a mapped group */ + grp = getgrnam(user); + if(!grp) + return False; + + /* + *check if it's mapped, if it is reply it doesn't exist + * + * that's to prevent this case: + * + * unix group ug is mapped to nt group ng + * someone does a lookup on ug + * we must not reply as it doesn't "exist" anymore + * for NT. For NT only ng exists. + * JFM, 30/11/2001 */ - struct group *grp; - GROUP_MAP map; - /* check if it's a mapped group */ - if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) { - if (map.gid!=-1) { - /* yes it's a mapped group to a valid unix group */ - sid_copy(&local_sid, &map.sid); - *psid_name_use = map.sid_name_use; - } - else - /* it's a correct name but not mapped so it points to nothing*/ - return False; - } else { - /* it's not a mapped group */ - grp = getgrnam(user); - if(!grp) - return False; - - /* - *check if it's mapped, if it is reply it doesn't exist - * - * that's to prevent this case: - * - * unix group ug is mapped to nt group ng - * someone does a lookup on ug - * we must not reply as it doesn't "exist" anymore - * for NT. For NT only ng exists. - * JFM, 30/11/2001 - */ - - if(get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){ - return False; - } - - sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); - *psid_name_use = SID_NAME_ALIAS; + if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){ + return False; } + + sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); + *psid_name_use = SID_NAME_ALIAS; } sid_copy( psid, &local_sid); @@ -824,15 +858,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid), (unsigned int)*puid, pdb_get_username(sam_user))); } else { - if ((pdb_rid_is_user(rid))) { - *puid = fallback_pdb_user_rid_to_uid(rid); - DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (non-passdb user).\n", sid_to_string( str, psid), - (unsigned int)*puid)); - } else { - DEBUG(5,("local_sid_to_uid: SID %s not mapped becouse RID isn't a user.\n", sid_to_string( str, psid))); - pdb_free_sam(&sam_user); - return False; - } + DEBUG(5,("local_sid_to_uid: SID %s not mapped becouse RID was not found in passdb.\n", sid_to_string( str, psid))); + pdb_free_sam(&sam_user); + return False; } pdb_free_sam(&sam_user); @@ -919,7 +947,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * @return static buffer containing the converted string **/ -static char *pdb_convert(const UNISTR2 *from) +const char *pdb_unistr2_convert(const UNISTR2 *from) { static pstring convert_buffer; *convert_buffer = 0; @@ -950,25 +978,25 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_convert(&from->uni_user_name )); + pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_convert(&from->uni_full_name )); + pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_convert(&from->uni_home_dir ), True); + pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_convert(&from->uni_dir_drive ), True); + pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_convert(&from->uni_logon_script), True); + pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_convert(&from->uni_profile_path), True); + pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_convert(&from->uni_acct_desc )); + pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_convert(&from->uni_workstations)); + pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_convert(&from->uni_unknown_str )); + pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_convert(&from->uni_munged_dial )); + pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); if (from->user_rid) pdb_set_user_rid(to, from->user_rid); @@ -1005,25 +1033,25 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_convert(&from->uni_user_name )); + pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_convert(&from->uni_full_name )); + pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_convert(&from->uni_home_dir ), True); + pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_convert(&from->uni_dir_drive ), True); + pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_convert(&from->uni_logon_script), True); + pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_convert(&from->uni_profile_path), True); + pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_convert(&from->uni_acct_desc )); + pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_convert(&from->uni_workstations)); + pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_convert(&from->uni_unknown_str )); + pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_convert(&from->uni_munged_dial )); + pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); if (from->user_rid) pdb_set_user_rid(to, from->user_rid); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index cf77efd38f..372b332a45 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -138,6 +138,21 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass) return (NULL); } +/* Return the plaintext password if known. Most of the time + it isn't, so don't assume anything magic about this function. + + Used to pass the plaintext to passdb backends that might + want to store more than just the NTLM hashes. +*/ +const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass) +{ + if (sampass) { + return ((char*)sampass->private.plaintext_pw.data); + } + else + return (NULL); +} + uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) { if (sampass) @@ -224,6 +239,14 @@ const char* pdb_get_homedir (const SAM_ACCOUNT *sampass) return (NULL); } +const char* pdb_get_unix_homedir (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.unix_home_dir); + else + return (NULL); +} + const char* pdb_get_dirdrive (const SAM_ACCOUNT *sampass) { if (sampass) @@ -618,7 +641,7 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL s } if (store) { - DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!")); + DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT); } @@ -650,7 +673,7 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL } if (store) { - DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!")); + DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_PROFILE); } @@ -682,7 +705,7 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store) } if (store) { - DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!")); + DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_DRIVE); } @@ -721,6 +744,34 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store) return True; } +/********************************************************************* + Set the user's unix home directory. + ********************************************************************/ + +BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir) +{ + if (!sampass) + return False; + + if (unix_home_dir) { + DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", unix_home_dir, + (sampass->private.unix_home_dir)?(sampass->private.unix_home_dir):"NULL")); + + sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, + unix_home_dir); + + if (!sampass->private.unix_home_dir) { + DEBUG(0, ("pdb_set_unix_home_dir: talloc_strdup() failed!\n")); + return False; + } + + } else { + sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL; + } + + return True; +} + /********************************************************************* Set the user's account description. ********************************************************************/ @@ -840,7 +891,7 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) Set the user's LM hash. ********************************************************************/ -BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) +BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16]) { if (!sampass) return False; @@ -852,6 +903,23 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd) return True; } +/********************************************************************* + Set the user's plaintext password only (base procedure, see helper + below) + ********************************************************************/ + +BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len) +{ + if (!sampass) + return False; + + data_blob_clear_free(&sampass->private.plaintext_pw); + + sampass->private.plaintext_pw = data_blob(password, len); + + return True; +} + BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn) { if (!sampass) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index a19bf254e7..6488decf94 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -30,6 +30,7 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { { "tdbsam_nua", pdb_init_tdbsam_nua }, { "ldapsam", pdb_init_ldapsam }, { "ldapsam_nua", pdb_init_ldapsam_nua }, + { "unixsam", pdb_init_unixsam }, { "plugin", pdb_init_plugin }, { NULL, NULL} }; @@ -42,7 +43,12 @@ static BOOL context_setsampwent(struct pdb_context *context, BOOL update) } context->pwent_methods = context->pdb_methods; - + + if (!context->pwent_methods) { + /* No passdbs at all */ + return True; + } + while(!(context->pwent_methods->setsampwent(context->pwent_methods, update))){ context->pwent_methods = context->pwent_methods->next; if(context->pwent_methods == NULL)return False; @@ -83,7 +89,7 @@ static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) if(context->pwent_methods == NULL)return False; if(!context->pwent_methods->setsampwent){ - DEBUG(0, ("invalid context->pwent_methods->setsampwent\n")); + DEBUG(5, ("invalid context->pwent_methods->setsampwent\n")); return False; } @@ -251,7 +257,11 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c if (!*methods) { DEBUG(0,("failed to select passdb backed!\n")); - return nt_status; + if (NT_STATUS_IS_OK(nt_status)) { + return NT_STATUS_INVALID_PARAMETER; + } else { + return nt_status; + } } return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index af0cbef4f2..9614483ee1 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -339,7 +339,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, search an attribute and return the first value found. ******************************************************************/ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - char *attribute, char *value) + char *attribute, pstring value) { char **values; @@ -521,12 +521,14 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pw = getpwnam_alloc(username); if (pw == NULL) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not have a uid!\n", username)); + DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); return False; } uid = pw->pw_uid; gid = pw->pw_gid; + pdb_set_unix_homedir(sampass, pw->pw_dir); + passwd_free(&pw); pdb_set_uid(sampass, uid); @@ -603,37 +605,41 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) { - pstrcpy(dir_drive, lp_logon_drive()); - standard_sub_advanced(-1, username, "", gid, username, dir_drive); - DEBUG(5,("homeDrive fell back to %s\n",dir_drive)); - pdb_set_dir_drive(sampass, dir_drive, False); + pdb_set_dir_drive(sampass, standard_sub_specified(sampass->mem_ctx, + lp_logon_path(), + username, domain, + uid, gid), + False); } else { pdb_set_dir_drive(sampass, dir_drive, True); } if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) { - pstrcpy(homedir, lp_logon_home()); - standard_sub_advanced(-1, username, "", gid, username, homedir); - DEBUG(5,("smbHome fell back to %s\n",homedir)); - pdb_set_homedir(sampass, homedir, False); + pdb_set_dir_drive(sampass, standard_sub_specified(sampass->mem_ctx, + lp_logon_home(), + username, domain, + uid, gid), + False); } else { pdb_set_homedir(sampass, homedir, True); } if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) { - pstrcpy(logon_script, lp_logon_script()); - standard_sub_advanced(-1, username, "", gid, username, logon_script); - DEBUG(5,("scriptPath fell back to %s\n",logon_script)); - pdb_set_logon_script(sampass, logon_script, False); + pdb_set_logon_script(sampass, standard_sub_specified(sampass->mem_ctx, + lp_logon_script(), + username, domain, + uid, gid), + False); } else { pdb_set_logon_script(sampass, logon_script, True); } if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) { - pstrcpy(profile_path, lp_logon_path()); - standard_sub_advanced(-1, username, "", gid, username, profile_path); - DEBUG(5,("profilePath fell back to %s\n",profile_path)); - pdb_set_profile_path(sampass, profile_path, False); + pdb_set_profile_path(sampass, standard_sub_specified(sampass->mem_ctx, + lp_logon_path(), + username, domain, + uid, gid), + False); } else { pdb_set_profile_path(sampass, profile_path, True); } @@ -740,7 +746,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, } else if (ldap_state->permit_non_unix_accounts) { rid = ldapsam_get_next_available_nua_rid(ldap_state); if (rid == 0) { - DEBUG(0, ("NO user RID specified on account %s, and finding next available NUA RID failed, cannot store!\n", pdb_get_username(sampass))); + DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass))); return False; } } else { @@ -1097,7 +1103,7 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(4, - ("We didn't find the user [%s] count=%d\n", sname, + ("We don't find this user [%s] count=%d\n", sname, ldap_count_entries(ldap_struct, result))); ldap_unbind(ldap_struct); return False; @@ -1151,7 +1157,7 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(0, - ("We didn't find the rid [%i] count=%d\n", rid, + ("We don't find this rid [%i] count=%d\n", rid, ldap_count_entries(ldap_struct, result))); ldap_unbind(ldap_struct); return False; @@ -1205,7 +1211,7 @@ static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, const SAM if (!ldapsam_connect_system(ldap_state, ldap_struct)) { ldap_unbind (ldap_struct); - DEBUG(0, ("failed to delete user %s from the LDAP database.\n", sname)); + DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname)); return False; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 9f37cadfe8..88e317cea9 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1218,7 +1218,8 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas /********************************************************************* Create a SAM_ACCOUNT from a smb_passwd struct ********************************************************************/ -static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf) +static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, + SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf) { struct passwd *pwfile; @@ -1242,73 +1243,25 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_AC } else { - uint32 grid; - GROUP_MAP map; - - /* Verify in system password file... - FIXME!!! This is where we should look up an internal - mapping of allocated uid for machine accounts as well - --jerry */ pwfile = getpwnam_alloc(pw_buf->smb_name); if (pwfile == NULL) { DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid)); return False; } - pdb_set_uid (sam_pass, pwfile->pw_uid); - pdb_set_gid (sam_pass, pwfile->pw_gid); - - pdb_set_fullname(sam_pass, pwfile->pw_gecos); - - pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pwfile->pw_uid)); - - if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &grid); - } else { - grid=pdb_gid_to_group_rid(pwfile->pw_gid); - } - - pdb_set_group_rid(sam_pass, grid); - - /* check if this is a user account or a machine account */ - if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') - { - pstring str; - - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_profile_path(sam_pass, str, False); - - pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_homedir(sam_pass, str, False); - - pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_dir_drive(sam_pass, str, False); - - pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); - pdb_set_logon_script(sam_pass, str, False); - - } else { - /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - /*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */ + if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) { + return False; } passwd_free(&pwfile); } - pdb_set_username (sam_pass, pw_buf->smb_name); pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd); pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd); pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl); pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time); pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True); - pdb_set_domain (sam_pass, lp_workgroup()); - pdb_set_dir_drive (sam_pass, lp_logon_drive(), False); - #if 0 /* JERRY */ /* the smbpasswd format doesn't have a must change time field, so we can't get this right. The best we can do is to set this to diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 3a9bc894bb..46120c3ccc 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -86,12 +86,11 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uint8 *hours; static uint8 *lm_pw_ptr, *nt_pw_ptr; uint32 len = 0; - uint32 lmpwlen, ntpwlen, hourslen; + uint32 lm_pw_len, nt_pw_len, hourslen; BOOL ret = True; - BOOL setflag; pstring sub_buffer; struct passwd *pw; - uid_t uid; + uid_t uid = -1; gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ if(sampass == NULL || buf == NULL) { @@ -121,8 +120,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, &munged_dial_len, &munged_dial, &user_rid, &group_rid, - &lmpwlen, &lm_pw_ptr, - &ntpwlen, &nt_pw_ptr, + &lm_pw_len, &lm_pw_ptr, + &nt_pw_len, &nt_pw_ptr, &acct_ctrl, &unknown_3, &logon_divs, @@ -152,6 +151,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uid = pw->pw_uid; gid = pw->pw_gid; + pdb_set_unix_homedir(sampass, pw->pw_dir); + passwd_free(&pw); pdb_set_uid(sampass, uid); @@ -165,66 +166,72 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, pdb_set_pass_must_change_time(sampass, pass_must_change_time, True); pdb_set_pass_last_set_time(sampass, pass_last_set_time); - pdb_set_username (sampass, username); + pdb_set_username (sampass, username); pdb_set_domain (sampass, domain); pdb_set_nt_username (sampass, nt_username); pdb_set_fullname (sampass, fullname); - if (homedir) setflag = True; + if (homedir) { + pdb_set_homedir(sampass, homedir, True); + } else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_home()); - /* standard_sub_advanced() assumes pstring is passed!! */ - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - homedir = strdup(sub_buffer); - if(!homedir) { ret = False; goto done; } - DEBUG(5,("Home directory set back to %s\n", homedir)); + pdb_set_homedir(sampass, + standard_sub_specified(sampass->mem_ctx, + lp_logon_home(), + username, domain, + uid, gid), + False); } - pdb_set_homedir(sampass, homedir, setflag); - if (dir_drive) setflag = True; + if (dir_drive) + pdb_set_dir_drive(sampass, dir_drive, True); else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_drive()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - dir_drive = strdup(sub_buffer); - if(!dir_drive) { ret = False; goto done; } - DEBUG(5,("Drive set back to %s\n", dir_drive)); + pdb_set_dir_drive(sampass, + standard_sub_specified(sampass->mem_ctx, + lp_logon_drive(), + username, domain, + uid, gid), + False); } - pdb_set_dir_drive(sampass, dir_drive, setflag); - if (logon_script) setflag = True; + if (logon_script) + pdb_set_logon_script(sampass, logon_script, True); else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_script()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - logon_script = strdup(sub_buffer); - if(!logon_script) { ret = False; goto done; } - DEBUG(5,("Logon script set back to %s\n", logon_script)); + pdb_set_logon_script(sampass, + standard_sub_specified(sampass->mem_ctx, + lp_logon_script(), + username, domain, + uid, gid), + False); } - pdb_set_logon_script(sampass, logon_script, setflag); - if (profile_path) setflag = True; - else { - setflag = False; - pstrcpy(sub_buffer, lp_logon_path()); - standard_sub_advanced(-1, username, "", gid, username, sub_buffer); - profile_path = strdup(sub_buffer); - if(!profile_path) { ret = False; goto done; } - DEBUG(5,("Profile path set back to %s\n", profile_path)); + if (profile_path) { + pdb_set_profile_path(sampass, profile_path, True); + } else { + pdb_set_profile_path(sampass, + standard_sub_specified(sampass->mem_ctx, + lp_logon_path(), + username, domain, + uid, gid), + False); } - pdb_set_profile_path(sampass, profile_path, setflag); pdb_set_acct_desc (sampass, acct_desc); pdb_set_workstations (sampass, workstations); pdb_set_munged_dial (sampass, munged_dial); - if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) { - ret = False; - goto done; + + if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { + if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) { + ret = False; + goto done; + } } - if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) { - ret = False; - goto done; + + if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { + if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) { + ret = False; + goto done; + } } pdb_set_user_rid(sampass, user_rid); diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c new file mode 100644 index 0000000000..d1f95c445b --- /dev/null +++ b/source3/passdb/pdb_unix.c @@ -0,0 +1,126 @@ +/* + * Unix password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +/****************************************************************** + Lookup a name in the SAM database + ******************************************************************/ + +static BOOL unixsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname) +{ + struct passwd *pass; + if (!methods) { + DEBUG(0,("invalid methods\n")); + return False; + } + if (!sname) { + DEBUG(0,("invalid name specified")); + return False; + } + pass = Get_Pwnam(sname); + + return NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); +} + + +/*************************************************************************** + Search by rid + **************************************************************************/ + +static BOOL unixsam_getsampwrid (struct pdb_methods *methods, + SAM_ACCOUNT *user, uint32 rid) +{ + struct passwd *pass; + BOOL ret = False; + if (!methods) { + DEBUG(0,("invalid methods\n")); + return False; + } + + if (pdb_rid_is_user(rid)) { + pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); + + if (pass) { + ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); + passwd_free(&pass); + } + } + return ret; +} + +/*************************************************************************** + Delete a SAM_ACCOUNT + ****************************************************************************/ + +static BOOL unixsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass) +{ + /* + * Unsupported as well - we don't need to get involved in + * unix passdb's - and hey, we would need to use pam for that anyway + */ + return False; +} + +/*************************************************************************** + Modifies an existing SAM_ACCOUNT + ****************************************************************************/ + +static BOOL unixsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) +{ + return False; +} + +/*************************************************************************** + Adds an existing SAM_ACCOUNT + ****************************************************************************/ + +static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) +{ + DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n")); + return False; +} + +NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +{ + NTSTATUS nt_status; + + if (!pdb_context) { + DEBUG(0, ("invalid pdb_context specified\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "unixsam"; + + (*pdb_method)->setsampwent = NULL; + (*pdb_method)->endsampwent = NULL; + (*pdb_method)->getsampwent = NULL; + (*pdb_method)->getsampwnam = unixsam_getsampwnam; + (*pdb_method)->getsampwrid = unixsam_getsampwrid; + (*pdb_method)->add_sam_account = unixsam_add_sam_account; + (*pdb_method)->update_sam_account = unixsam_update_sam_account; + (*pdb_method)->delete_sam_account = unixsam_delete_sam_account; + + /* There's not very much to initialise here */ + return NT_STATUS_OK; +} -- cgit From d4dac178df1ff7dba83e3adddb55770b0b26e530 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 May 2002 09:06:23 +0000 Subject: Passdb: Kill off the silly code that attempts to do NT -> Unix username mapping. This is done well before here, no need to repeat it. Add some small fixes and extra debugs, trying to track down current build farm failures. pdb_unix: When 'updating' a pdb_unix account, instead add it to the default passdb. This means that you don't need to specify '-a' to smbpasswd any more when messing with an existing unix user, the account is simply 'upgraded'. The idea here is that these accounts are just as 'real' as any other, they just don't have the extra attributes an smbpasswd file does. I'm open for debate on the pdb_unix issue, and will remove it if given good reason. (without this, an attempt to add an account already in pdb_unix to smbpasswd would fail, as it would fail to update pdb_unix). rpc_server/srv_netlog_nt.c Change a couple of things around, so as to show the client workstation etc. WRONG_PASSWORD is certainly not the right default error. Try ACCESS_DENIED for now. Andrew Bartlett (This used to be commit d78b74b338df9accd9ad84c56a49fa4f787425e2) --- source3/passdb/pdb_smbpasswd.c | 44 +++++++++++++++++------------------------- source3/passdb/pdb_unix.c | 29 +++++++++++----------------- 2 files changed, 29 insertions(+), 44 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 88e317cea9..f7ab6f3070 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -357,6 +357,8 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ + SMB_ASSERT(sizeof(pstring) > sizeof(linebuf)); + strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); user_name[PTR_DIFF(p, linebuf)] = '\0'; @@ -694,7 +696,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd) { /* Static buffers we will return. */ - char * user_name = smbpasswd_state->user_name; + pstring user_name; char linebuf[256]; char readbuf[1024]; @@ -812,6 +814,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ + + SMB_ASSERT(sizeof(user_name) > sizeof(linebuf)); + strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); user_name[PTR_DIFF(p, linebuf)] = '\0'; if (strequal(user_name, pwd->smb_name)) { @@ -823,6 +828,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con if (!found_entry) { pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth)); fclose(fp); + + DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n", + pwd->smb_name)); return False; } @@ -1166,11 +1174,11 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas if (sampass == NULL) return False; - ZERO_STRUCTP(smb_pw); + ZERO_STRUCTP(smb_pw); if (!IS_SAM_UNIX_USER(sampass)) { smb_pw->smb_userid_set = False; - DEBUG(5,("build_sam_pass: storing user without a UNIX uid or gid. \n")); + DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n")); } else { uint32 rid = pdb_get_user_rid(sampass); smb_pw->smb_userid_set = True; @@ -1365,21 +1373,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username)); - - /* break the username from the domain if we have - been given a string in the form 'DOMAIN\user' */ - fstrcpy (name, username); - if ((user=strchr_m(name, '\\')) != NULL) { - domain = name; - *user = '\0'; - user++; - } - - /* if a domain was specified and it wasn't ours - then there is no chance of matching */ - if ( domain && !StrCaseCmp(domain, lp_workgroup()) ) - return False; - /* startsmbfilepwent() is used here as we don't want to lookup the UNIX account in the local system password file until we have a match. */ @@ -1390,11 +1383,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s return False; } - /* if we have a domain name, then we should map it to a UNIX - username first */ - if ( domain ) - map_username(user); - while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) ) /* do nothing....another loop */ ; @@ -1492,13 +1480,17 @@ static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const S struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ - if (!build_smb_pass(&smb_pw, sampass)) + if (!build_smb_pass(&smb_pw, sampass)) { + DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n")); return False; + } /* update the entry */ - if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) + if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) { + DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n")); return False; - + } + return True; } diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index d1f95c445b..d7574e6e13 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -66,35 +66,28 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, } /*************************************************************************** - Delete a SAM_ACCOUNT + Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL unixsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass) +static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) { - /* - * Unsupported as well - we don't need to get involved in - * unix passdb's - and hey, we would need to use pam for that anyway - */ + DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n")); return False; } /*************************************************************************** - Modifies an existing SAM_ACCOUNT - ****************************************************************************/ + Updates a SAM_ACCOUNT -static BOOL unixsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) -{ - return False; -} + This isn't a particulary practical option for pdb_unix. We certainly don't + want to twidde the filesystem, so what should we do? -/*************************************************************************** - Adds an existing SAM_ACCOUNT + Current plan is to transparently add the account. It should appear + as if the pdb_unix version was modified, but its actually stored somehwere. ****************************************************************************/ -static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) +static BOOL unixsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd) { - DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n")); - return False; + return methods->parent->pdb_add_sam_account(methods->parent, newpwd); } NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) @@ -119,7 +112,7 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->getsampwrid = unixsam_getsampwrid; (*pdb_method)->add_sam_account = unixsam_add_sam_account; (*pdb_method)->update_sam_account = unixsam_update_sam_account; - (*pdb_method)->delete_sam_account = unixsam_delete_sam_account; + (*pdb_method)->delete_sam_account = NULL; /* There's not very much to initialise here */ return NT_STATUS_OK; -- cgit From 55ec09ad95d40fdb8a05388d8f94afec28d44a3b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 May 2002 09:32:59 +0000 Subject: Remove const from some functions to match the changed prototype in a previous commit, and remove some unsued variables. Main change: Make sure to fill in the username when making a non-unix account from smbpasswd. (This used to be commit 7019486eacb72ca44c42ce620b8696bb29f12292) --- source3/passdb/pdb_ldap.c | 6 +++--- source3/passdb/pdb_smbpasswd.c | 12 +++++------- 2 files changed, 8 insertions(+), 10 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 9614483ee1..e10dc73d0b 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1187,7 +1187,7 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us /********************************************************************** Delete entry from LDAP for username *********************************************************************/ -static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * sam_acct) +static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; const char *sname; @@ -1247,7 +1247,7 @@ static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, const SAM /********************************************************************** Update SAM_ACCOUNT *********************************************************************/ -static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; @@ -1314,7 +1314,7 @@ static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, const SAM /********************************************************************** Add SAM_ACCOUNT to LDAP *********************************************************************/ -static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT * newpwd) +static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index f7ab6f3070..e2050627e1 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1248,7 +1248,8 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, a general default for non-unix users. --abartlet 2002-01-08 */ pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); - + pdb_set_username (sam_pass, pw_buf->smb_name); + pdb_set_domain (sam_pass, lp_workgroup()); } else { pwfile = getpwnam_alloc(pw_buf->smb_name); @@ -1367,9 +1368,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; - char *domain = NULL; - char *user = NULL; - fstring name; DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username)); @@ -1456,7 +1454,7 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s return True; } -static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; @@ -1474,7 +1472,7 @@ static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, const SAM_ return True; } -static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd smb_pw; @@ -1494,7 +1492,7 @@ static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const S return True; } -static BOOL smbpasswd_delete_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass) +static BOOL smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; -- cgit From 2a02a76913a91c9882868b73c72ba2e8d2be764d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 18 May 2002 15:09:21 +0000 Subject: so here it is the code to introduce seriously debugggging classes. this is a first step only passdb stuff has beein "classized". - so what can you do? set debug level to: 1 poasdb:10 that will make all the code run at debug level 1 except the code in passdb/* files that will run at level 10 TODO: fix the man page - also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5 will set every smbd to have a default log level of 3 while passdb stuff will be at level 5 and so no.. minor cosmetic fix to pdbedit is there too (This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca) --- source3/passdb/machine_sid.c | 2 ++ source3/passdb/passdb.c | 3 +++ source3/passdb/passgrp.c | 3 +++ source3/passdb/pdb_get_set.c | 3 +++ source3/passdb/pdb_interface.c | 3 +++ source3/passdb/pdb_ldap.c | 3 +++ source3/passdb/pdb_plugin.c | 3 +++ source3/passdb/pdb_smbpasswd.c | 2 ++ source3/passdb/pdb_tdb.c | 25 +++++++++++++++++++++++-- source3/passdb/secrets.c | 3 +++ 10 files changed, 48 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 6436a2cd05..0b4a4ffeba 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -22,6 +22,8 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB /**************************************************************************** Read a SID from a file. This is for compatibility with the old MACHINE.SID diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index edae00389e..32d6731a9e 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /* * This is set on startup - it defines the SID for this * machine, and therefore the SAM database for which it is diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c index d7ed965648..f73591793f 100644 --- a/source3/passdb/passgrp.c +++ b/source3/passdb/passgrp.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 372b332a45..5ed54a9857 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -23,6 +23,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /** * @todo Redefine this to NULL, but this changes the API becouse * much of samba assumes that the pdb_get...() funtions diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 6488decf94..e44d1f8bb4 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + /** List of various built-in passdb modules */ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index e10dc73d0b..46b464a588 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + #ifdef HAVE_LDAP /* TODO: * persistent connections: if using NSS LDAP, many connections are made diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c index 1de61abd5f..f7ab2b90e2 100644 --- a/source3/passdb/pdb_plugin.c +++ b/source3/passdb/pdb_plugin.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { void * dl_handle; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index e2050627e1..f6214220ea 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -23,6 +23,8 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB /* smb_passwd is analogous to sam_passwd used everywhere diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 46120c3ccc..37101c39c9 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * SMB parameters and setup * Copyright (C) Andrew Tridgell 1992-1998 - * Copyright (C) Simo Sorce 2000 + * Copyright (C) Simo Sorce 2000-2002 * Copyright (C) Gerald Carter 2000 * Copyright (C) Jeremy Allison 2001 * Copyright (C) Andrew Bartlett 2002 @@ -24,6 +24,19 @@ #include "includes.h" +#if 0 /* when made a module use this */ + +static int tdbsam_debug_level = DBGC_ALL; +#undef DBGC_CLASS +#define DBGC_CLASS tdbsam_debug_level + +#else + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +#endif + #ifdef WITH_TDB_SAM #define PDB_VERSION "20010830" @@ -880,6 +893,14 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con NTSTATUS nt_status; struct tdbsam_privates *tdb_state; +#if 0 /* when made a module use this */ + tdbsam_debug_level = debug_add_class("tdbsam"); + if(tdbsam_debug_level == -1) { + tdbsam_debug_level = DBGC_ALL; + DEBUG(0, ("tdbsam: Couldn't register custom debugging class!\n")); + } +#endif + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { return nt_status; } @@ -934,7 +955,7 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->name = "tdbsam_nua"; tdb_state = (*pdb_method)->private_data; - + tdb_state->permit_non_unix_accounts = True; if (!lp_non_unix_account_range(&low_nua_uid, &high_nua_uid)) { diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 32d4b42611..43fc3604a0 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -24,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + static TDB_CONTEXT *tdb; /* open up the secrets database */ -- cgit From 5c86ae25a1cfca2e6d786dc2da18310dbdef68ff Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 May 2002 09:02:16 +0000 Subject: Updates for sane storage of ldap root DN passwords (tested, with upgrade from 2.2 format) and LDAP rebind support (untested, I don't have a setup to match). Andrew Bartlett (This used to be commit 4f7ba78c9d50ac584497dcf1d78ce613112742d4) --- source3/passdb/pdb_ldap.c | 132 +++++++++++++++++++++++++++++++++++----------- source3/passdb/secrets.c | 32 ++++++----- 2 files changed, 120 insertions(+), 44 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 46b464a588..55ce8bab36 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -77,36 +77,65 @@ static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_s /******************************************************************* find the ldap password ******************************************************************/ -static BOOL fetch_ldapsam_pw(char *dn, char* pw, int len) +static BOOL fetch_ldapsam_pw(char **dn, char** pw) { - fstring key; - char *p; - void *data = NULL; + char *key = NULL; size_t size; - pstrcpy(key, dn); - for (p=key; *p; p++) - if (*p == ',') *p = '/'; + *dn = smb_xstrdup(lp_ldap_admin_dn()); - data=secrets_fetch(key, &size); - if (!size) { - DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n")); - return False; + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { + SAFE_FREE(*dn); + DEBUG(0, ("fetch_ldapsam_pw: asprintf failed!\n")); } - if (size > len-1) - { - DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1)); - return False; - } + *pw=secrets_fetch(key, &size); + if (!size) { + /* Upgrade 2.2 style entry */ + char *p; + char* old_style_key = strdup(*dn); + char *data; + fstring old_style_pw; + + if (!old_style_key) { + DEBUG(0, ("fetch_ldapsam_pw: strdup failed!\n")); + return False; + } + + for (p=old_style_key; *p; p++) + if (*p == ',') *p = '/'; + + data=secrets_fetch(old_style_key, &size); + if (!size && size < sizeof(old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + + strncpy(old_style_pw, data, size); + old_style_pw[size] = 0; + + SAFE_FREE(data); + + if (!secrets_store_ldap_pw(*dn, old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + if (!secrets_delete(old_style_key)) { + DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); + } - memcpy(pw, data, size); - pw[size] = '\0'; + SAFE_FREE(old_style_key); + + *pw = smb_xstrdup(old_style_pw); + } return True; } - /******************************************************************* open a connection to the ldap server. ******************************************************************/ @@ -210,20 +239,57 @@ static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP * return True; } + +/******************************************************************* + Add a rebind function for authenticated referrals +******************************************************************/ + +static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, + int *method, int freeit ) +{ + int rc; + char *ldap_dn; + char *ldap_secret; + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + if (freeit != 0) + { + + if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) + { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_OPERATIONS_ERROR; /* No idea what to return */ + } + + DEBUG(5,("ldap_connect_system: Rebinding as \"%s\"\n", + ldap_dn)); + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + SAFE_FREE(ldap_dn); + SAFE_FREE(ldap_secret); + + return rc; + } + return 0; +} + /******************************************************************* connect to the ldap server under system privilege. ******************************************************************/ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct) { int rc; - static BOOL got_pw = False; - static pstring ldap_secret; + char *ldap_dn; + char *ldap_secret; - /* get the password if we don't have it already */ - if (!got_pw && !(got_pw=fetch_ldapsam_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring)))) + /* get the password */ + if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password for %s from secrets.tdb\n", - lp_ldap_admin_dn())); + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); return False; } @@ -231,16 +297,22 @@ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * l (OpenLDAP) doesnt' seem to support it */ DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n", - lp_ldap_admin_dn())); - - if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(), - ldap_secret)) != LDAP_SUCCESS) + ldap_dn)); + + ldap_set_rebind_proc(ldap_struct, (LDAP_REBIND_PROC *)(&rebindproc)); + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + SAFE_FREE(ldap_dn); + SAFE_FREE(ldap_secret); + + if (rc != LDAP_SUCCESS) { DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc))); return False; } - DEBUG(2, ("ldap_connect_system: successful connection to the LDAP server\n")); + DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); return True; } diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 43fc3604a0..38e78df9d7 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -52,7 +52,7 @@ BOOL secrets_init(void) /* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ -void *secrets_fetch(char *key, size_t *size) +void *secrets_fetch(const char *key, size_t *size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -68,7 +68,7 @@ void *secrets_fetch(char *key, size_t *size) /* store a secrets entry */ -BOOL secrets_store(char *key, void *data, size_t size) +BOOL secrets_store(const char *key, void *data, size_t size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -84,7 +84,7 @@ BOOL secrets_store(char *key, void *data, size_t size) /* delete a secets database entry */ -BOOL secrets_delete(char *key) +BOOL const secrets_delete(const char *key) { TDB_DATA kbuf; secrets_init(); @@ -136,7 +136,7 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) * * @return stored password's key **/ -char *trust_keystr(char *domain) +const char *trust_keystr(const char *domain) { static fstring keystr; @@ -154,7 +154,7 @@ char *trust_keystr(char *domain) * * @return stored password's key **/ -char *trustdom_keystr(char *domain) +char *trustdom_keystr(const char *domain) { static char* keystr; @@ -325,7 +325,7 @@ char *secrets_fetch_machine_password(void) Routine to delete the machine trust account password file for a domain. ************************************************************************/ -BOOL trust_password_delete(char *domain) +BOOL trust_password_delete(const char *domain) { return secrets_delete(trust_keystr(domain)); } @@ -333,7 +333,7 @@ BOOL trust_password_delete(char *domain) /************************************************************************ Routine to delete the password for trusted domain ************************************************************************/ -BOOL trusted_domain_password_delete(char *domain) +BOOL trusted_domain_password_delete(const char *domain) { return secrets_delete(trustdom_keystr(domain)); } @@ -370,16 +370,20 @@ void reset_globals_after_fork(void) generate_random_buffer( &dummy, 1, True); } -BOOL secrets_store_ldap_pw(char* dn, char* pw) +BOOL secrets_store_ldap_pw(const char* dn, char* pw) { - fstring key; - char *p; + char *key = NULL; + BOOL ret; - pstrcpy(key, dn); - for (p=key; *p; p++) - if (*p == ',') *p = '/'; + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) { + DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n")); + return False; + } + + ret = secrets_store(key, pw, strlen(pw)+1); - return secrets_store(key, pw, strlen(pw)); + SAFE_FREE(key); + return ret; } -- cgit From 8672461697a9d25a1b419e8b43d5e5ed948e7eaf Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 23 May 2002 15:42:29 +0000 Subject: Looks like abartlet got a bit overexcited about using const... BOOL const secrets_init(...) Broke AIX build. (This used to be commit 37b6bf3aae4fd8ee3af7e5947b3e549dcef754cf) --- source3/passdb/secrets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 38e78df9d7..3ecaf52e58 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -84,7 +84,7 @@ BOOL secrets_store(const char *key, void *data, size_t size) /* delete a secets database entry */ -BOOL const secrets_delete(const char *key) +BOOL secrets_delete(const char *key) { TDB_DATA kbuf; secrets_init(); -- cgit From 222f4d90762b177551f11dba5e51761099c64edf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 May 2002 03:25:36 +0000 Subject: Make function match the defintion require for assignment as a function pointer. (This used to be commit 38012edaca4c181f3d3a9e9df4fc434bba78f9dc) --- source3/passdb/pdb_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index d7574e6e13..1c0ede76d3 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -69,7 +69,7 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) +static BOOL unixsam_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd) { DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n")); return False; -- cgit From 98d5699d28c687f8af5671c9a29aa55dd5a01bfd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 May 2002 09:57:48 +0000 Subject: Some of the updates from ctrlsoft's 'Various' patch: - convert net to popt - convert status to popt - adapt examples/pdb/ to multiple passdb system - add dynamic debug class example to examples/pdb/ and some reformatting to better match the samba coding style. Andrew Bartlett (This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726) --- source3/passdb/pdb_interface.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e44d1f8bb4..e57944cda7 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -66,7 +66,7 @@ static void context_endsampwent(struct pdb_context *context) return; } - if(context->pwent_methods && context->pwent_methods->endsampwent) + if (context->pwent_methods && context->pwent_methods->endsampwent) context->pwent_methods->endsampwent(context->pwent_methods); /* So we won't get strange data when calling getsampwent now */ @@ -80,18 +80,19 @@ static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) return False; } /* Loop until we find something useful */ - while((!context->pwent_methods->getsampwent) || + while ((!context->pwent_methods->getsampwent) || context->pwent_methods->getsampwent(context->pwent_methods, user) == False){ - if(context->pwent_methods->endsampwent) + if (context->pwent_methods->endsampwent) context->pwent_methods->endsampwent(context->pwent_methods); context->pwent_methods = context->pwent_methods->next; /* All methods are checked now. There are no more entries */ - if(context->pwent_methods == NULL)return False; + if (context->pwent_methods == NULL) + return False; - if(!context->pwent_methods->setsampwent){ + if (!context->pwent_methods->setsampwent){ DEBUG(5, ("invalid context->pwent_methods->setsampwent\n")); return False; } @@ -110,8 +111,8 @@ static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ac return False; } curmethods = context->pdb_methods; - while(curmethods){ - if(curmethods->getsampwnam && curmethods->getsampwnam(curmethods, sam_acct, username) == True){ + while (curmethods){ + if (curmethods->getsampwnam && curmethods->getsampwnam(curmethods, sam_acct, username) == True){ sam_acct->methods = curmethods; return True; } @@ -131,8 +132,8 @@ static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ac curmethods = context->pdb_methods; - while(curmethods){ - if(curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){ + while (curmethods){ + if (curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){ sam_acct->methods = curmethods; return True; } @@ -163,12 +164,12 @@ static BOOL context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT return False; } - if(!sam_acct || !sam_acct->methods){ + if (!sam_acct || !sam_acct->methods){ DEBUG(0, ("invalid sam_acct specified\n")); return False; } - if(!sam_acct->methods->update_sam_account){ + if (!sam_acct->methods->update_sam_account){ DEBUG(0, ("invalid sam_acct->methods\n")); return False; } @@ -186,12 +187,12 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT return False; } - if(!sam_acct->methods){ + if (!sam_acct->methods){ pdb_selected = context->pdb_methods; /* There's no passdb backend specified for this account. * Try to delete it in every passdb available */ - while(pdb_selected){ - if(pdb_selected->delete_sam_account && pdb_selected->delete_sam_account(pdb_selected, sam_acct)){ + while (pdb_selected){ + if (pdb_selected->delete_sam_account && pdb_selected->delete_sam_account(pdb_selected, sam_acct)){ return True; } pdb_selected = pdb_selected->next; @@ -199,7 +200,7 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT return False; } - if(!sam_acct->methods->delete_sam_account){ + if (!sam_acct->methods->delete_sam_account){ DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n")); return False; } @@ -211,8 +212,8 @@ static void free_pdb_context(struct pdb_context **context) { struct pdb_methods *pdb_selected = (*context)->pdb_methods; - while(pdb_selected){ - if(pdb_selected->free_private_data) + while (pdb_selected){ + if (pdb_selected->free_private_data) pdb_selected->free_private_data(pdb_selected->private_data); pdb_selected = pdb_selected->next; } -- cgit From 8dafae76cd3acc8e052aefb02f4699199ae56009 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 25 May 2002 07:00:33 +0000 Subject: Remove unused variable, fix functions to match prototypes in the various structs. Andrew Bartlett (This used to be commit 57097bf1ba10566389266a4863899a7f25cdbb43) --- source3/passdb/pdb_tdb.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 37101c39c9..cda9d68c10 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -101,7 +101,6 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uint32 len = 0; uint32 lm_pw_len, nt_pw_len, hourslen; BOOL ret = True; - pstring sub_buffer; struct passwd *pw; uid_t uid = -1; gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ @@ -278,7 +277,7 @@ done: Intialize a BYTE buffer from a SAM_ACCOUNT struct *********************************************************************/ static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state, - uint8 **buf, const SAM_ACCOUNT *sampass) + uint8 **buf, SAM_ACCOUNT *sampass) { size_t len, buflen; @@ -673,7 +672,7 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use Delete a SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_delete_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sam_pass) +static BOOL tdbsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_pass) { struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb; @@ -729,7 +728,7 @@ static BOOL tdbsam_delete_sam_account(struct pdb_methods *my_methods, const SAM_ Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* newpwd, int flag) +static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, int flag) { struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_CONTEXT *pwd_tdb = NULL; @@ -864,7 +863,7 @@ done: Modifies an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_update_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_update_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) { return (tdb_update_sam(my_methods, newpwd, TDB_MODIFY)); } @@ -873,7 +872,7 @@ static BOOL tdbsam_update_sam_account (struct pdb_methods *my_methods, const SAM Adds an existing SAM_ACCOUNT ****************************************************************************/ -static BOOL tdbsam_add_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *newpwd) +static BOOL tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) { return (tdb_update_sam(my_methods, newpwd, TDB_INSERT)); } -- cgit From 9921fd9d0ef9a8862b371eec17d47a9e78c5ad67 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 25 May 2002 07:17:38 +0000 Subject: Only reterive the attributes we are actually going to use - rather than the whole record which could include things like photos's etc. Andrew Bartlett (This used to be commit bbc69545516f29cc4e05ba6238b03eb504f28226) --- source3/passdb/pdb_ldap.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 55ce8bab36..70f130c0a3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -136,6 +136,17 @@ static BOOL fetch_ldapsam_pw(char **dn, char** pw) return True; } +char *attr[] = {"uid", "pwdLastSet", "logonTime", + "logoffTime", "kickoffTime", "cn", + "pwdCanChange", "pwdMustChange", + "dislplayName", "homeDrive", + "smbHome", "scriptPath", + "profilePath", "description", + "userWorkstation", "rid", + "primaryGroupID", "lmPassword", + "ntPassword", "acctFlags", + "domain", "description", NULL }; + /******************************************************************* open a connection to the ldap server. ******************************************************************/ @@ -326,7 +337,7 @@ static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter)); - rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result); + rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, attr, 0, result); if (rc != LDAP_SUCCESS) { DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n", @@ -995,7 +1006,7 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter)); rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, final_filter, NULL, 0, + LDAP_SCOPE_SUBTREE, final_filter, attr, 0, &result); if (rc != LDAP_SUCCESS) @@ -1089,7 +1100,7 @@ static BOOL ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) all_string_sub(filter, "%u", "*", sizeof(pstring)); rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, filter, NULL, 0, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &ldap_state->result); if (rc != LDAP_SUCCESS) -- cgit From a27a0e01e2f0c48a4a8d84b17693390a268310f8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 26 May 2002 19:11:52 +0000 Subject: change: pdb_getsampwrid() ->pdb_getsampwsid() passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3) --- source3/passdb/passdb.c | 4 ++-- source3/passdb/pdb_interface.c | 10 +++++----- source3/passdb/pdb_ldap.c | 9 ++++++++- source3/passdb/pdb_nisplus.c | 10 +++++++++- source3/passdb/pdb_smbpasswd.c | 10 ++++++++-- source3/passdb/pdb_tdb.c | 11 +++++++++-- source3/passdb/pdb_unix.c | 9 ++++++++- 7 files changed, 49 insertions(+), 14 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 32d6731a9e..aa7672731a 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -618,7 +618,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use } /* This now does the 'generic' mapping in pdb_unix */ - if (pdb_getsampwrid(sam_account, rid)) { + if (pdb_getsampwsid(sam_account, sid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -852,7 +852,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) return False; - if (pdb_getsampwrid(sam_user, rid)) { + if (pdb_getsampwsid(sam_user, psid)) { *puid = pdb_get_uid(sam_user); if (*puid == -1) { pdb_free_sam(&sam_user); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e57944cda7..d8f69e56b1 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -122,7 +122,7 @@ static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ac return False; } -static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid) +static BOOL context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, DOM_SID *sid) { struct pdb_methods *curmethods; if ((!context)) { @@ -133,7 +133,7 @@ static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ac curmethods = context->pdb_methods; while (curmethods){ - if (curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){ + if (curmethods->getsampwsid && curmethods->getsampwsid(curmethods, sam_acct, sid) == True){ sam_acct->methods = curmethods; return True; } @@ -299,7 +299,7 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_endsampwent = context_endsampwent; (*context)->pdb_getsampwent = context_getsampwent; (*context)->pdb_getsampwnam = context_getsampwnam; - (*context)->pdb_getsampwrid = context_getsampwrid; + (*context)->pdb_getsampwsid = context_getsampwsid; (*context)->pdb_add_sam_account = context_add_sam_account; (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; @@ -431,7 +431,7 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username) return pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username); } -BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) +BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, DOM_SID *sid) { struct pdb_context *pdb_context = pdb_get_static_context(False); @@ -439,7 +439,7 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) return False; } - return pdb_context->pdb_getsampwrid(pdb_context, sam_acct, rid); + return pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid); } BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 70f130c0a3..28c08e0f63 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1270,6 +1270,13 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us } } +static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return ldapsam_getsampwrid(my_methods, user, rid); +} + /********************************************************************** Delete entry from LDAP for username *********************************************************************/ @@ -1537,7 +1544,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->endsampwent = ldapsam_endsampwent; (*pdb_method)->getsampwent = ldapsam_getsampwent; (*pdb_method)->getsampwnam = ldapsam_getsampwnam; - (*pdb_method)->getsampwrid = ldapsam_getsampwrid; + (*pdb_method)->getsampwsid = ldapsam_getsampwsid; (*pdb_method)->add_sam_account = ldapsam_add_sam_account; (*pdb_method)->update_sam_account = ldapsam_update_sam_account; (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 145e1d4f0c..0c4c2c5bb3 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -1030,7 +1030,15 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) /************************************************************************* Routine to search the nisplus passwd file for an entry matching the username *************************************************************************/ -BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) + +BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return pdb_getsampwrid(user, rid); +} + +static BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) { nis_result *result; char *nisname; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index f6214220ea..a6bd66eace 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1411,7 +1411,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s return True; } - static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; @@ -1456,6 +1455,13 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s return True; } +static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return smbpasswd_getsampwrid(my_methods, user, rid); +} + static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; @@ -1529,7 +1535,7 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->endsampwent = smbpasswd_endsampwent; (*pdb_method)->getsampwent = smbpasswd_getsampwent; (*pdb_method)->getsampwnam = smbpasswd_getsampwnam; - (*pdb_method)->getsampwrid = smbpasswd_getsampwrid; + (*pdb_method)->getsampwsid = smbpasswd_getsampwsid; (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index cda9d68c10..2341210e39 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -277,7 +277,7 @@ done: Intialize a BYTE buffer from a SAM_ACCOUNT struct *********************************************************************/ static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state, - uint8 **buf, SAM_ACCOUNT *sampass) + uint8 **buf, const SAM_ACCOUNT *sampass) { size_t len, buflen; @@ -668,6 +668,13 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use return tdbsam_getsampwnam (my_methods, user, name); } +static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return tdbsam_getsampwrid(my_methods, user, rid); +} + /*************************************************************************** Delete a SAM_ACCOUNT ****************************************************************************/ @@ -910,7 +917,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con (*pdb_method)->endsampwent = tdbsam_endsampwent; (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; - (*pdb_method)->getsampwrid = tdbsam_getsampwrid; + (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 1c0ede76d3..85ff5bd933 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -65,6 +65,13 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, return ret; } +static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return unixsam_getsampwrid(my_methods, user, rid); +} + /*************************************************************************** Adds an existing SAM_ACCOUNT ****************************************************************************/ @@ -109,7 +116,7 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->endsampwent = NULL; (*pdb_method)->getsampwent = NULL; (*pdb_method)->getsampwnam = unixsam_getsampwnam; - (*pdb_method)->getsampwrid = unixsam_getsampwrid; + (*pdb_method)->getsampwsid = unixsam_getsampwsid; (*pdb_method)->add_sam_account = unixsam_add_sam_account; (*pdb_method)->update_sam_account = unixsam_update_sam_account; (*pdb_method)->delete_sam_account = NULL; -- cgit From 39d0a1b832793b18c3790482a2240171e31017c7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jun 2002 12:45:51 +0000 Subject: Move the code from lib/util_sid.c that deals with the global_sam_sid into a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function. (This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651) --- source3/passdb/util_sam_sid.c | 280 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 source3/passdb/util_sam_sid.c (limited to 'source3/passdb') diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c new file mode 100644 index 0000000000..a9cec5c5ca --- /dev/null +++ b/source3/passdb/util_sam_sid.c @@ -0,0 +1,280 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 + Copyright (C) Jeremy Allison 1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +DOM_SID global_sam_sid; +extern pstring global_myname; +extern fstring global_myworkgroup; + +/* NOTE! the global_sam_sid is the SID of our local SAM. This is only + equal to the domain SID when we are a DC, otherwise its our + workstation SID */ + +#define MAX_SID_NAMES 7 + +typedef struct _known_sid_users { + uint32 rid; + enum SID_NAME_USE sid_name_use; + char *known_user_name; +} known_sid_users; + +static struct sid_name_map_info +{ + DOM_SID *sid; + char *name; + known_sid_users *known_users; +} sid_name_map[MAX_SID_NAMES]; + +extern DOM_SID global_sid_Builtin; /* Local well-known domain */ +extern DOM_SID global_sid_World_Domain; /* Everyone domain */ +extern DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner domain */ +extern DOM_SID global_sid_NT_Authority; /* NT Authority */ + + +static BOOL sid_name_map_initialized = False; +/* static known_sid_users no_users[] = {{0, 0, NULL}}; */ + +static known_sid_users everyone_users[] = { + { 0, SID_NAME_WKN_GRP, "Everyone" }, + {0, (enum SID_NAME_USE)0, NULL}}; + +static known_sid_users creator_owner_users[] = { + { 0, SID_NAME_ALIAS, "Creator Owner" }, + {0, (enum SID_NAME_USE)0, NULL}}; + +static known_sid_users nt_authority_users[] = { + { 1, SID_NAME_ALIAS, "Dialup" }, + { 2, SID_NAME_ALIAS, "Network"}, + { 3, SID_NAME_ALIAS, "Batch"}, + { 4, SID_NAME_ALIAS, "Interactive"}, + { 6, SID_NAME_ALIAS, "Service"}, + { 7, SID_NAME_ALIAS, "AnonymousLogon"}, + { 8, SID_NAME_ALIAS, "Proxy"}, + { 9, SID_NAME_ALIAS, "ServerLogon"}, + { 11, SID_NAME_ALIAS, "Authenticated Users"}, + { 18, SID_NAME_ALIAS, "SYSTEM"}, + { 0, (enum SID_NAME_USE)0, NULL}}; + +static known_sid_users builtin_groups[] = { + { BUILTIN_ALIAS_RID_ADMINS, SID_NAME_ALIAS, "Administrators" }, + { BUILTIN_ALIAS_RID_USERS, SID_NAME_ALIAS, "Users" }, + { BUILTIN_ALIAS_RID_GUESTS, SID_NAME_ALIAS, "Guests" }, + { BUILTIN_ALIAS_RID_ACCOUNT_OPS, SID_NAME_ALIAS, "Account Operators" }, + { BUILTIN_ALIAS_RID_SYSTEM_OPS, SID_NAME_ALIAS, "Server Operators" }, + { BUILTIN_ALIAS_RID_PRINT_OPS, SID_NAME_ALIAS, "Print Operators" }, + { BUILTIN_ALIAS_RID_BACKUP_OPS, SID_NAME_ALIAS, "Backup Operators" }, + { 0, (enum SID_NAME_USE)0, NULL}}; + + + +/************************************************************************** + quick init function + *************************************************************************/ +static void init_sid_name_map (void) +{ + int i = 0; + + if (sid_name_map_initialized) return; + + generate_wellknown_sids(); + + if ((lp_security() == SEC_USER) && lp_domain_logons()) { + sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].name = global_myworkgroup; + sid_name_map[i].known_users = NULL; + i++; + sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].name = global_myname; + sid_name_map[i].known_users = NULL; + i++; + } + else { + sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].name = global_myname; + sid_name_map[i].known_users = NULL; + i++; + } + + sid_name_map[i].sid = &global_sid_Builtin; + sid_name_map[i].name = "BUILTIN"; + sid_name_map[i].known_users = &builtin_groups[0]; + i++; + + sid_name_map[i].sid = &global_sid_World_Domain; + sid_name_map[i].name = ""; + sid_name_map[i].known_users = &everyone_users[0]; + i++; + + sid_name_map[i].sid = &global_sid_Creator_Owner_Domain; + sid_name_map[i].name = ""; + sid_name_map[i].known_users = &creator_owner_users[0]; + i++; + + sid_name_map[i].sid = &global_sid_NT_Authority; + sid_name_map[i].name = "NT Authority"; + sid_name_map[i].known_users = &nt_authority_users[0]; + i++; + + + /* end of array */ + sid_name_map[i].sid = NULL; + sid_name_map[i].name = NULL; + sid_name_map[i].known_users = NULL; + + sid_name_map_initialized = True; + + return; + +} + +/************************************************************************** + Turns a domain SID into a name, returned in the nt_domain argument. +***************************************************************************/ + +BOOL map_domain_sid_to_name(DOM_SID *sid, fstring nt_domain) +{ + fstring sid_str; + int i = 0; + + sid_to_string(sid_str, sid); + + if (!sid_name_map_initialized) + init_sid_name_map(); + + DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str)); + + if (nt_domain == NULL) + return False; + + while (sid_name_map[i].sid != NULL) { + sid_to_string(sid_str, sid_name_map[i].sid); + DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_str)); + if (sid_equal(sid_name_map[i].sid, sid)) { + fstrcpy(nt_domain, sid_name_map[i].name); + DEBUG(5,("map_domain_sid_to_name: found '%s'\n", nt_domain)); + return True; + } + i++; + } + + DEBUG(5,("map_domain_sid_to_name: mapping for %s not found\n", sid_str)); + + return False; +} + +/************************************************************************** + Looks up a known username from one of the known domains. +***************************************************************************/ + +BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) +{ + int i = 0; + struct sid_name_map_info *psnm; + + if (!sid_name_map_initialized) + init_sid_name_map(); + + for(i = 0; sid_name_map[i].sid != NULL; i++) { + psnm = &sid_name_map[i]; + if(sid_equal(psnm->sid, sid)) { + int j; + for(j = 0; psnm->known_users && psnm->known_users[j].known_user_name != NULL; j++) { + if(rid == psnm->known_users[j].rid) { + DEBUG(5,("lookup_builtin_rid: rid = %u, domain = '%s', user = '%s'\n", + (unsigned int)rid, psnm->name, psnm->known_users[j].known_user_name )); + fstrcpy( name, psnm->known_users[j].known_user_name); + *psid_name_use = psnm->known_users[j].sid_name_use; + return True; + } + } + } + } + + return False; +} + +/************************************************************************** + Turns a domain name into a SID. + *** side-effect: if the domain name is NULL, it is set to our domain *** +***************************************************************************/ + +BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) +{ + int i = 0; + + if (nt_domain == NULL) { + DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n")); + sid_copy(sid, &global_sam_sid); + return True; + } + + if (nt_domain[0] == 0) { + fstrcpy(nt_domain, global_myname); + DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain)); + sid_copy(sid, &global_sam_sid); + return True; + } + + DEBUG(5,("map_domain_name_to_sid: %s\n", nt_domain)); + + if (!sid_name_map_initialized) + init_sid_name_map(); + + while (sid_name_map[i].name != NULL) { + DEBUG(5,("map_domain_name_to_sid: compare: %s\n", sid_name_map[i].name)); + if (strequal(sid_name_map[i].name, nt_domain)) { + fstring sid_str; + sid_copy(sid, sid_name_map[i].sid); + sid_to_string(sid_str, sid_name_map[i].sid); + DEBUG(5,("map_domain_name_to_sid: found %s\n", sid_str)); + return True; + } + i++; + } + + DEBUG(0,("map_domain_name_to_sid: mapping to %s not found.\n", nt_domain)); + return False; +} + +/***************************************************************** + Check if the SID is our domain SID (S-1-5-21-x-y-z). +*****************************************************************/ +BOOL sid_check_is_domain(const DOM_SID *sid) +{ + return sid_equal(sid, &global_sam_sid); +} + +/***************************************************************** + Check if the SID is our domain SID (S-1-5-21-x-y-z). +*****************************************************************/ +BOOL sid_check_is_in_our_domain(const DOM_SID *sid) +{ + DOM_SID dom_sid; + uint32 rid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, &rid); + + return sid_equal(&dom_sid, &global_sam_sid); +} + -- cgit From b0ffabdcca53507a99ce8f00fccf2d4cac78fd6d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jun 2002 14:33:33 +0000 Subject: Globally replace 'global_sam_sid' with get_global_sam_sid(), a self initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc) --- source3/passdb/machine_sid.c | 51 ++++++++++++++++++++++++++++++++----------- source3/passdb/passdb.c | 16 +++++--------- source3/passdb/util_sam_sid.c | 19 ++++++---------- 3 files changed, 50 insertions(+), 36 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 0b4a4ffeba..69d127ec13 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -4,6 +4,7 @@ Copyright (C) Jeremy Allison 1996-2002 Copyright (C) Andrew Tridgell 2002 Copyright (C) Gerald (Jerry) Carter 2000 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +23,11 @@ #include "includes.h" +/* NOTE! the global_sam_sid is the SID of our local SAM. This is only + equal to the domain SID when we are a DC, otherwise its our + workstation SID */ +static DOM_SID *global_sam_sid=NULL; + #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -70,13 +76,17 @@ static void generate_random_sid(DOM_SID *sid) Generate the global machine sid. ****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +static BOOL pdb_generate_sam_sid(void) { char *fname = NULL; extern pstring global_myname; extern fstring global_myworkgroup; BOOL is_dc = False; + if(global_sam_sid==NULL) + if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID)))) + return False; + generate_wellknown_sids(); switch (lp_server_role()) { @@ -89,7 +99,7 @@ BOOL pdb_generate_sam_sid(void) break; } - if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) { + if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) { DOM_SID domain_sid; /* We got our sid. If not a pdc/bdc, we're done. */ @@ -100,19 +110,19 @@ BOOL pdb_generate_sam_sid(void) /* No domain sid and we're a pdc/bdc. Store it */ - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n")); return False; } return True; } - if (!sid_equal(&domain_sid, &global_sam_sid)) { + if (!sid_equal(&domain_sid, global_sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */ DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n")); return False; } @@ -126,24 +136,23 @@ BOOL pdb_generate_sam_sid(void) /* check for an old MACHINE.SID file for backwards compatibility */ asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()); - if (read_sid_from_file(fname, &global_sam_sid)) { + if (read_sid_from_file(fname, global_sam_sid)) { /* remember it for future reference and unlink the old MACHINE.SID */ - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n")); SAFE_FREE(fname); return False; } unlink(fname); if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n")); SAFE_FREE(fname); return False; } } - /* Stored the old sid from MACHINE.SID successfully. - Patch from Stefan "metze" Metzmacher */ + /* Stored the old sid from MACHINE.SID successfully.*/ SAFE_FREE(fname); return True; } @@ -152,14 +161,14 @@ BOOL pdb_generate_sam_sid(void) /* we don't have the SID in secrets.tdb, we will need to generate one and save it */ - generate_random_sid(&global_sam_sid); + generate_random_sid(global_sam_sid); - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n")); return False; } if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n")); return False; } @@ -167,3 +176,19 @@ BOOL pdb_generate_sam_sid(void) return True; } + +/* return our global_sam_sid */ +DOM_SID *get_global_sam_sid(void) +{ + if (global_sam_sid != NULL) + return global_sam_sid; + + /* memory for global_sam_sid is allocated in + pdb_generate_sam_sid() is needed*/ + + if (!pdb_generate_sam_sid()) + global_sam_sid=NULL; + + return global_sam_sid; +} + diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index aa7672731a..154963e2a0 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -32,7 +32,6 @@ * responsible. */ -extern DOM_SID global_sam_sid; extern pstring global_myname; /************************************************************ @@ -699,7 +698,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi fstrcpy(user, c_user); - sid_copy(&local_sid, &global_sam_sid); + sid_copy(&local_sid, get_global_sam_sid()); /* * Special case for MACHINE\Everyone. Map to the world_sid. @@ -787,12 +786,11 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { - extern DOM_SID global_sam_sid; struct passwd *pass; SAM_ACCOUNT *sam_user = NULL; fstring str; /* sid string buffer */ - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if((pass = getpwuid_alloc(uid))) { @@ -830,8 +828,6 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; - DOM_SID dom_sid; uint32 rid; fstring str; @@ -846,7 +842,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) * We can only convert to a uid if this is our local * Domain SID (ie. we are the controling authority). */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) @@ -878,10 +874,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) { - extern DOM_SID global_sam_sid; GROUP_MAP map; - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); @@ -899,7 +894,6 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; DOM_SID dom_sid; uint32 rid; fstring str; @@ -917,7 +911,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * Or in the Builtin SID too. JFM, 11/30/2001 */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index a9cec5c5ca..2c574f4a61 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -22,14 +22,9 @@ #include "includes.h" -DOM_SID global_sam_sid; extern pstring global_myname; extern fstring global_myworkgroup; -/* NOTE! the global_sam_sid is the SID of our local SAM. This is only - equal to the domain SID when we are a DC, otherwise its our - workstation SID */ - #define MAX_SID_NAMES 7 typedef struct _known_sid_users { @@ -99,17 +94,17 @@ static void init_sid_name_map (void) generate_wellknown_sids(); if ((lp_security() == SEC_USER) && lp_domain_logons()) { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myworkgroup; sid_name_map[i].known_users = NULL; i++; - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; } else { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; @@ -224,14 +219,14 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) if (nt_domain == NULL) { DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n")); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } if (nt_domain[0] == 0) { fstrcpy(nt_domain, global_myname); DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain)); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } @@ -261,7 +256,7 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) *****************************************************************/ BOOL sid_check_is_domain(const DOM_SID *sid) { - return sid_equal(sid, &global_sam_sid); + return sid_equal(sid, get_global_sam_sid()); } /***************************************************************** @@ -275,6 +270,6 @@ BOOL sid_check_is_in_our_domain(const DOM_SID *sid) sid_copy(&dom_sid, sid); sid_split_rid(&dom_sid, &rid); - return sid_equal(&dom_sid, &global_sam_sid); + return sid_equal(&dom_sid, get_global_sam_sid()); } -- cgit From c9910cec56a3736a150c0fcc676143ddabe1fd98 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jun 2002 14:36:41 +0000 Subject: Fix comment (This used to be commit 1996bcbe6acae49e191363ee122b30e4e5d5e8a9) --- source3/passdb/machine_sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 69d127ec13..e1f7dec2a9 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -184,7 +184,7 @@ DOM_SID *get_global_sam_sid(void) return global_sam_sid; /* memory for global_sam_sid is allocated in - pdb_generate_sam_sid() is needed*/ + pdb_generate_sam_sid() as needed */ if (!pdb_generate_sam_sid()) global_sam_sid=NULL; -- cgit From bad738e6536e983064eee7647229354bc9028183 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Jun 2002 14:06:08 +0000 Subject: Latest patch from metze to move most of samba across to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901) --- source3/passdb/passdb.c | 78 +++++++++++++-------------------- source3/passdb/pdb_get_set.c | 97 +++++++++++++++++++++++++++++++++++------- source3/passdb/pdb_ldap.c | 10 +++-- source3/passdb/pdb_nisplus.c | 12 +++--- source3/passdb/pdb_smbpasswd.c | 7 +-- source3/passdb/pdb_tdb.c | 13 +++--- source3/passdb/pdb_unix.c | 3 +- 7 files changed, 136 insertions(+), 84 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 154963e2a0..31bbf14299 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -156,7 +156,6 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user) NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { GROUP_MAP map; - uint32 rid; if (!pwd) { return NT_STATUS_UNSUCCESSFUL; @@ -184,18 +183,25 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) -- abartlet 11-May-02 */ - pdb_set_user_rid(sam_account, - fallback_pdb_uid_to_user_rid(pwd->pw_uid)); + if (!pdb_set_user_sid_from_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + DEBUG(0,("Can't set User SID from RID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } /* call the mapping code here */ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &rid); + if (!pdb_set_group_sid(sam_account,&map.sid)){ + DEBUG(0,("Can't set Group SID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } } else { - rid=pdb_gid_to_group_rid(pwd->pw_gid); + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { + DEBUG(0,("Can't set Group SID\n")); + return NT_STATUS_INVALID_PARAMETER; + } } - - pdb_set_group_rid(sam_account, rid); /* check if this is a user account or a machine account */ if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$') @@ -455,39 +461,6 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd) return (True); } -#if 0 /* seem it is not used by anyone */ -/******************************************************************* - Group and User RID username mapping function - ********************************************************************/ - -BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid) -{ - GROUP_MAP map; - struct passwd *pw = Get_Pwnam(user_name); - - if (u_rid == NULL || g_rid == NULL || user_name == NULL) - return False; - - if (!pw) { - DEBUG(1,("Username %s is invalid on this system\n", user_name)); - return False; - } - - /* turn the unix UID into a Domain RID. this is what the posix - sub-system does (adds 1000 to the uid) */ - *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid); - - /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - /* map it ! */ - if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, g_rid); - } else - *g_rid = pdb_gid_to_group_rid(pw->pw_gid); - - return True; -} -#endif /* seem it is not used by anyone */ - /******************************************************************* Converts NT user RID to a UNIX uid. ********************************************************************/ @@ -578,7 +551,11 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use SAM_ACCOUNT *sam_account = NULL; GROUP_MAP map; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ + DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", + sid_string_static(&map.sid))); + return False; + } *psid_name_use = SID_NAME_UNKNOWN; DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid)); @@ -724,10 +701,9 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi } if (pdb_getsampwnam(sam_account, user)) { - sid_append_rid( &local_sid, pdb_get_user_rid(sam_account)); + sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_account)); *psid_name_use = SID_NAME_USER; - sid_copy( psid, &local_sid); pdb_free_sam(&sam_account); return True; } @@ -800,7 +776,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) } if (pdb_getsampwnam(sam_user, pass->pw_name)) { - sid_append_rid(psid, pdb_get_user_rid(sam_user)); + sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_user)); } else { sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid)); } @@ -920,7 +896,11 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) if (map.gid==-1) return False; - sid_peek_rid(&map.sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)){ + DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", + sid_string_static(&map.sid))); + return False; + } *pgid = map.gid; *name_type = map.sid_name_use; DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid), @@ -996,9 +976,9 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); if (from->user_rid) - pdb_set_user_rid(to, from->user_rid); + pdb_set_user_sid_from_rid(to, from->user_rid); if (from->group_rid) - pdb_set_group_rid(to, from->group_rid); + pdb_set_group_sid_from_rid(to, from->group_rid); pdb_set_acct_ctrl(to, from->acb_info); pdb_set_unknown_3(to, from->unknown_3); @@ -1051,9 +1031,9 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); if (from->user_rid) - pdb_set_user_rid(to, from->user_rid); + pdb_set_user_sid_from_rid(to, from->user_rid); if (from->group_rid) - pdb_set_group_rid(to, from->group_rid); + pdb_set_group_sid_from_rid(to, from->group_rid); /* FIXME!! Do we need to copy the passwords here as well? I don't know. Need to figure this out --jerry */ diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 5ed54a9857..0b5a1053ae 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -5,6 +5,7 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -155,21 +156,41 @@ const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass) else return (NULL); } +const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass) +{ + if (sampass) + return &sampass->private.user_sid; + else + return (NULL); +} + +const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass) +{ + if (sampass) + return &sampass->private.group_sid; + else + return (NULL); +} uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) { + uint32 u_rid; + if (sampass) - return (sampass->private.user_rid); - else - return (-1); + if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_user_sid(sampass),&u_rid)) + return u_rid; + + return (-1); } uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) { + uint32 g_rid; + if (sampass) - return (sampass->private.group_rid); - else - return (-1); + if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_group_sid(sampass),&g_rid)) + return g_rid; + return (-1); } /** @@ -487,27 +508,71 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid) } -BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid) +BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid) +{ + if (!sampass || !u_sid) + return False; + + sid_copy(&sampass->private.user_sid, u_sid); + + DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", + sid_string_static(&sampass->private.user_sid))); + + return True; +} + +BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid) { + if (!sampass || !g_sid) + return False; + + sid_copy(&sampass->private.group_sid, g_sid); + + DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", + sid_string_static(&sampass->private.group_sid))); + + return True; +} + +BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) +{ + DOM_SID u_sid; + if (!sampass) return False; - DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n", - rid, sampass->private.user_rid)); - - sampass->private.user_rid = rid; + sid_copy(&u_sid, get_global_sam_sid()); + + if (!sid_append_rid(&u_sid, rid)) + return False; + + if (!pdb_set_user_sid(sampass, &u_sid)) + return False; + + DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", + sid_string_static(&u_sid),rid)); + return True; } -BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid) +BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) { + DOM_SID g_sid; + if (!sampass) return False; + + sid_copy(&g_sid, get_global_sam_sid()); + + if (!sid_append_rid(&g_sid, grid)) + return False; + + if (!pdb_set_group_sid(sampass, &g_sid)) + return False; + + DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", + sid_string_static(&g_sid), grid)); - DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n", - grid, sampass->private.group_rid)); - - sampass->private.group_rid = grid; return True; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 28c08e0f63..7ba8d4a810 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -624,7 +624,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, GROUP_MAP map; /* call the mapping code here */ if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &group_rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &group_rid)) + return False; } else { group_rid=pdb_gid_to_group_rid(gid); @@ -780,8 +781,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_hours_len(sampass, hours_len); pdb_set_logon_divs(sampass, logon_divs); - pdb_set_user_rid(sampass, user_rid); - pdb_set_group_rid(sampass, group_rid); + pdb_set_user_sid_from_rid(sampass, user_rid); + pdb_set_group_sid_from_rid(sampass, group_rid); pdb_set_username(sampass, username); @@ -1273,7 +1274,8 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return ldapsam_getsampwrid(my_methods, user, rid); } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 0c4c2c5bb3..80f918d1a6 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -339,8 +339,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); - pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); - pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); + pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); + pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); /* values, must exist for user */ if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { @@ -381,7 +381,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); } /* Check the lanman password column. */ @@ -538,7 +538,8 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass, if (rid==0) { if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) + return False; } else rid=pdb_gid_to_group_rid(pdb_get_gid(sampass)); } @@ -1034,7 +1035,8 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return pdb_getsampwrid(user, rid); } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index a6bd66eace..25957100d8 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1242,14 +1242,14 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) { - pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid)); + pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid)); /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. This was down the bottom for machines, but it looks pretty good as a general default for non-unix users. --abartlet 2002-01-08 */ - pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); pdb_set_username (sam_pass, pw_buf->smb_name); pdb_set_domain (sam_pass, lp_workgroup()); } else { @@ -1458,7 +1458,8 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return smbpasswd_getsampwrid(my_methods, user, rid); } diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 2341210e39..b309f675b3 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -246,8 +246,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, } } - pdb_set_user_rid(sampass, user_rid); - pdb_set_group_rid(sampass, group_rid); + pdb_set_user_sid_from_rid(sampass, user_rid); + pdb_set_group_sid_from_rid(sampass, group_rid); pdb_set_unknown_3(sampass, unknown_3); pdb_set_hours_len(sampass, hours_len); pdb_set_unknown_5(sampass, unknown_5); @@ -671,7 +671,8 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return tdbsam_getsampwrid(my_methods, user, rid); } @@ -775,7 +776,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, goto done; } } - pdb_set_user_rid(newpwd, user_rid); + pdb_set_user_sid_from_rid(newpwd, user_rid); } else { user_rid = tdb_state->low_nua_rid; tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); @@ -788,7 +789,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, ret = False; goto done; } - pdb_set_user_rid(newpwd, user_rid); + pdb_set_user_sid_from_rid(newpwd, user_rid); } } else { DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); @@ -805,7 +806,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, goto done; } else { /* This seems like a good default choice for non-unix users */ - pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS); } } else { DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 85ff5bd933..b4092b88f8 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -68,7 +68,8 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return unixsam_getsampwrid(my_methods, user, rid); } -- cgit From baef1358d2b5a98a592f0247911a31d79148dcba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 00:47:08 +0000 Subject: Add const, kill of useless casts and therefore eliminate warnings. Andrew Bartlett (This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a) --- source3/passdb/passdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 31bbf14299..fa1bb4b2d9 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -701,7 +701,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi } if (pdb_getsampwnam(sam_account, user)) { - sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_account)); + sid_copy(psid, pdb_get_user_sid(sam_account)); *psid_name_use = SID_NAME_USER; pdb_free_sam(&sam_account); @@ -776,7 +776,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) } if (pdb_getsampwnam(sam_user, pass->pw_name)) { - sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_user)); + sid_copy(psid, pdb_get_user_sid(sam_user)); } else { sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid)); } -- cgit From 0d7ac4bc2ca8eea117a0f594880b5aac02f1056d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 02:58:03 +0000 Subject: Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_list rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d) --- source3/passdb/passdb.c | 2 +- source3/passdb/pdb_get_set.c | 22 ++++++++++++++----- source3/passdb/pdb_interface.c | 49 +++++++++++++++++++++--------------------- 3 files changed, 43 insertions(+), 30 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index fa1bb4b2d9..dd951c02ac 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -184,7 +184,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) */ if (!pdb_set_user_sid_from_rid(sam_account, - fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; } diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 0b5a1053ae..980850b89c 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -177,7 +177,7 @@ uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) uint32 u_rid; if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_user_sid(sampass),&u_rid)) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) return u_rid; return (-1); @@ -188,7 +188,7 @@ uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) uint32 g_rid; if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_group_sid(sampass),&g_rid)) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) return g_rid; return (-1); } @@ -537,11 +537,17 @@ BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid) BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) { DOM_SID u_sid; - + const DOM_SID *global_sam_sid; + if (!sampass) return False; - sid_copy(&u_sid, get_global_sam_sid()); + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&u_sid, global_sam_sid); if (!sid_append_rid(&u_sid, rid)) return False; @@ -558,11 +564,17 @@ BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) { DOM_SID g_sid; + const DOM_SID *global_sam_sid; if (!sampass) return False; - sid_copy(&g_sid, get_global_sam_sid()); + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&g_sid, global_sam_sid); if (!sid_append_rid(&g_sid, grid)) return False; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index d8f69e56b1..7ecc237cf4 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -314,14 +314,12 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) /****************************************************************** - Make a pdb_context, given a text string. + Make a pdb_context, given an array of strings *******************************************************************/ -NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selected) +NTSTATUS make_pdb_context_list(struct pdb_context **context, char **selected) { - /* HINT: Don't store 'selected' becouse its often an lp_ string and will 'go away' */ - char *conf = smb_xstrdup(selected); - char *confcur = conf, *confnext; + int i = 0; struct pdb_methods *curmethods, *tmpmethods; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; @@ -329,31 +327,34 @@ NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selecte return nt_status; } - while(confcur){ - if(strchr(confcur, ' ')){ - confnext = strchr(confcur,' '); - *confnext = '\0'; - confnext++; - }else confnext = NULL; - + while(selected[i]){ /* Try to initialise pdb */ - DEBUG(5,("Trying to load: %s\n", confcur)); - if(!NT_STATUS_IS_OK(make_pdb_methods_name(&curmethods, *context, confcur))){ - DEBUG(5, ("Loading %s failed!\n", confcur)); + DEBUG(5,("Trying to load: %s\n", selected[i])); + if(!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))){ + DEBUG(5, ("Loading %s failed!\n", selected[i])); SAFE_FREE(curmethods); - continue; + free_pdb_context(context); + return nt_status; } curmethods->parent = *context; DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods); - - if(!confnext)break; - confcur = confnext; + i++; } - SAFE_FREE(conf); - nt_status = NT_STATUS_OK; + return NT_STATUS_OK; +} - return nt_status; +/****************************************************************** + Make a pdb_context, given a text string. + *******************************************************************/ + +NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected) +{ + NTSTATUS ret; + char **newsel = lp_list_make(selected); + ret = make_pdb_context_list(context, newsel); + lp_list_free(&newsel); + return ret; } /****************************************************************** @@ -367,13 +368,13 @@ static struct pdb_context *pdb_get_static_context(BOOL reload) if ((pdb_context) && (reload)) { pdb_context->free_fn(&pdb_context); - if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { + if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) { return NULL; } } if (!pdb_context) { - if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) { + if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) { return NULL; } } -- cgit From 7591cb5ee38ff220aa3363a01f9751ff41732a3d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 03:44:38 +0000 Subject: Convenience function to allow a SID to be specified as a string. (for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.) Andrew Bartlett (This used to be commit c70b2c4fb72f251a14e0fc88b6520d69a0889bc2) --- source3/passdb/pdb_get_set.c | 49 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 980850b89c..bbb0d87f59 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -180,7 +180,7 @@ uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) return u_rid; - return (-1); + return (0); } uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) @@ -190,7 +190,7 @@ uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) if (sampass) if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) return g_rid; - return (-1); + return (0); } /** @@ -521,7 +521,29 @@ BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid) return True; } -BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid) +BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid) +{ + DOM_SID new_sid; + if (!sampass || !u_sid) + return False; + + DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n", + u_sid)); + + if (!string_to_sid(&new_sid, u_sid)) { + DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid)); + return False; + } + + if (!pdb_set_user_sid(sampass, &new_sid)) { + DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid)); + return False; + } + + return True; +} + +BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid) { if (!sampass || !g_sid) return False; @@ -534,6 +556,27 @@ BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid) return True; } +BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid) +{ + DOM_SID new_sid; + if (!sampass || !g_sid) + return False; + + DEBUG(10, ("pdb_set_group_sid_from_string: setting group sid %s\n", + g_sid)); + + if (!string_to_sid(&new_sid, g_sid)) { + DEBUG(1, ("pdb_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid)); + return False; + } + + if (!pdb_set_group_sid(sampass, &new_sid)) { + DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid)); + return False; + } + return True; +} + BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) { DOM_SID u_sid; -- cgit From a2f07662a1637a6ee7802fa2d3d12c1227118e28 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 04:26:23 +0000 Subject: Debug fixes from ctrlsoft (This used to be commit 27e34d4e63adc6d6ad63857d2a17595b7cff52db) --- source3/passdb/passdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index dd951c02ac..88b624cc19 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -93,7 +93,7 @@ static void destroy_pdb_talloc(SAM_ACCOUNT **user) NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user) { if (*user != NULL) { - DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n")); + DEBUG(0,("pdb_init_sam_talloc: SAM_ACCOUNT was non NULL\n")); #if 0 smb_panic("non-NULL pointer passed to pdb_init_sam\n"); #endif @@ -108,7 +108,7 @@ NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user) *user=(SAM_ACCOUNT *)talloc(mem_ctx, sizeof(SAM_ACCOUNT)); if (*user==NULL) { - DEBUG(0,("pdb_init_sam: error while allocating memory\n")); + DEBUG(0,("pdb_init_sam_talloc: error while allocating memory\n")); return NT_STATUS_NO_MEMORY; } -- cgit From f1b393ce11245fb7bc4488a5377fa516fb4ae17a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 04:45:04 +0000 Subject: Some updates from ctrlsoft to return failure if *any* of the passdb backends fail to load (is this the right way? - I think so). Also, I've added some more comments, cleaned up some style etc. (This used to be commit c8c490bcb84df43be38bdcb48067fec12331e358) --- source3/passdb/pdb_interface.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 7ecc237cf4..a0f9ff5ec6 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -52,9 +52,10 @@ static BOOL context_setsampwent(struct pdb_context *context, BOOL update) return True; } - while(!(context->pwent_methods->setsampwent(context->pwent_methods, update))){ + while (!(context->pwent_methods->setsampwent(context->pwent_methods, update))) { context->pwent_methods = context->pwent_methods->next; - if(context->pwent_methods == NULL)return False; + if (context->pwent_methods == NULL) + return False; } return True; } @@ -93,7 +94,7 @@ static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) return False; if (!context->pwent_methods->setsampwent){ - DEBUG(5, ("invalid context->pwent_methods->setsampwent\n")); + DEBUG(5, ("next backend does not implment setsampwent\n")); return False; } @@ -190,7 +191,10 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT if (!sam_acct->methods){ pdb_selected = context->pdb_methods; /* There's no passdb backend specified for this account. - * Try to delete it in every passdb available */ + * Try to delete it in every passdb available + * Needed to delete accounts in smbpasswd that are not + * in /etc/passwd. + */ while (pdb_selected){ if (pdb_selected->delete_sam_account && pdb_selected->delete_sam_account(pdb_selected, sam_acct)){ return True; @@ -208,6 +212,11 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct); } +/****************************************************************** + Free and cleanup a pdb context, any associated data and anything + that the attached modules might have associated. + *******************************************************************/ + static void free_pdb_context(struct pdb_context **context) { struct pdb_methods *pdb_selected = (*context)->pdb_methods; @@ -252,22 +261,17 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c if (NT_STATUS_IS_OK(nt_status = builtin_pdb_init_functions[i].init(context, methods, module_location))) { DEBUG(5,("pdb backend %s has a valid init\n", selected)); + return nt_status; } else { DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); + return nt_status; } break; } } - if (!*methods) { - DEBUG(0,("failed to select passdb backed!\n")); - if (NT_STATUS_IS_OK(nt_status)) { - return NT_STATUS_INVALID_PARAMETER; - } else { - return nt_status; - } - } - return NT_STATUS_OK; + /* No such backend found */ + return NT_STATUS_INVALID_PARAMETER; } /****************************************************************** @@ -304,9 +308,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; - (*context)->pdb_methods = NULL; - (*context)->pwent_methods = NULL; - (*context)->free_fn = free_pdb_context; return NT_STATUS_OK; @@ -323,14 +324,14 @@ NTSTATUS make_pdb_context_list(struct pdb_context **context, char **selected) struct pdb_methods *curmethods, *tmpmethods; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - if(!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))){ + if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) { return nt_status; } - while(selected[i]){ + while (selected[i]){ /* Try to initialise pdb */ DEBUG(5,("Trying to load: %s\n", selected[i])); - if(!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))){ + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) { DEBUG(5, ("Loading %s failed!\n", selected[i])); SAFE_FREE(curmethods); free_pdb_context(context); -- cgit From a8748f886ad6bda17cf97d2e7baaa2968cf5f696 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 06:23:42 +0000 Subject: It looks like we never tested the 'cleanup' code, so when I triggered it (invalid passdb backends smb.conf entry) we picked up a few things :-). Andrew Bartlett (This used to be commit dfa98ae0ac195956490ca2f4140a8eff1566095e) --- source3/passdb/pdb_interface.c | 19 ++++++++++--------- source3/passdb/pdb_smbpasswd.c | 13 ++++++++++--- 2 files changed, 20 insertions(+), 12 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index a0f9ff5ec6..da013f6851 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -222,8 +222,9 @@ static void free_pdb_context(struct pdb_context **context) struct pdb_methods *pdb_selected = (*context)->pdb_methods; while (pdb_selected){ - if (pdb_selected->free_private_data) - pdb_selected->free_private_data(pdb_selected->private_data); + if (pdb_selected->free_private_data) { + pdb_selected->free_private_data(&(pdb_selected->private_data)); + } pdb_selected = pdb_selected->next; } @@ -258,19 +259,20 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c if (strequal(builtin_pdb_init_functions[i].name, module_name)) { DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i)); - if (NT_STATUS_IS_OK(nt_status - = builtin_pdb_init_functions[i].init(context, methods, module_location))) { + nt_status = builtin_pdb_init_functions[i].init(context, methods, module_location); + if (NT_STATUS_IS_OK(nt_status)) { DEBUG(5,("pdb backend %s has a valid init\n", selected)); - return nt_status; } else { DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); - return nt_status; } - break; + SAFE_FREE(module_name); + return nt_status; + break; /* unreached */ } } /* No such backend found */ + SAFE_FREE(module_name); return NT_STATUS_INVALID_PARAMETER; } @@ -332,8 +334,7 @@ NTSTATUS make_pdb_context_list(struct pdb_context **context, char **selected) /* Try to initialise pdb */ DEBUG(5,("Trying to load: %s\n", selected[i])); if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) { - DEBUG(5, ("Loading %s failed!\n", selected[i])); - SAFE_FREE(curmethods); + DEBUG(1, ("Loading %s failed!\n", selected[i])); free_pdb_context(context); return nt_status; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 25957100d8..09277e2d23 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -101,6 +101,10 @@ static BOOL pw_file_unlock(int fd, int *plock_depth) { BOOL ret=True; + if (fd == 0 || *plock_depth == 0) { + return True; + } + if(*plock_depth == 1) ret = do_file_lock(fd, 5, F_UNLCK); @@ -264,10 +268,13 @@ Error was %s\n.", pfile, strerror(errno) )); ****************************************************************/ static void endsmbfilepwent(FILE *fp, int *lock_depth) { + if (!fp) { + return; + } - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); + pw_file_unlock(fileno(fp), lock_depth); + fclose(fp); + DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); } /************************************************************************* -- cgit From 89f5301e3d9f45d5a246569e47362423073aedce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 06:43:51 +0000 Subject: Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - instead of implementing it twice inline. This code is complex - but occasionally I get the feeling that people made it more complext than it really needed to be... Andrew Bartlett (This used to be commit 273d518e52a83eca466c134531dd12825fe3cbdb) --- source3/passdb/pdb_smbpasswd.c | 55 ++++++------------------------------------ 1 file changed, 7 insertions(+), 48 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 09277e2d23..8dc8f43630 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -517,7 +517,6 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd) int new_entry_length; char *new_entry; char *p; - int i; new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; @@ -527,38 +526,16 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd) } slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); - p = &new_entry[strlen(new_entry)]; - if(newpwd->smb_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); - } - } else { - i=0; - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } + p = new_entry+strlen(new_entry); - p += 32; + pdb_sethexpwd(p, newpwd->smb_passwd, newpwd->acct_ctrl); - *p++ = ':'; - - if(newpwd->smb_nt_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); - } - } else { - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } + p+=strlen(p); *p = ':'; p++; - p += 32; + pdb_sethexpwd(p, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - *p++ = ':'; + p+=strlen(p); *p = ':'; p++; /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", @@ -966,30 +943,12 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con /* Entry is correctly formed. */ /* Create the 32 byte representation of the new p16 */ - if(pwd->smb_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } + pdb_sethexpwd(ascii_p16, pwd->smb_passwd, pwd->acct_ctrl); /* Add on the NT md4 hash */ ascii_p16[32] = ':'; wr_len = 66; - if (pwd->smb_nt_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } + pdb_sethexpwd(ascii_p16+33, pwd->smb_nt_passwd, pwd->acct_ctrl); ascii_p16[65] = ':'; ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */ -- cgit From 58bec5e2fd8013d187d0840a384f3c4d76102d3f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Jun 2002 14:12:27 +0000 Subject: Allow non unix accounts to be added to an ldap directory without NUA accounts already. Andrew Bartlett (This used to be commit a5d5b4cf2555b9bbded31b556d4fc74c00c6c490) --- source3/passdb/pdb_ldap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 7ba8d4a810..0a16071419 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1048,6 +1048,10 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap } ldap_msgfree(result); + + if (top_rid < ldap_state->low_nua_rid) + top_rid = ldap_state->low_nua_rid; + return top_rid; } -- cgit From e69fba09846f9bfd1564c4c684bb5d4fc059b02d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 14 Jun 2002 16:02:59 +0000 Subject: moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.c and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84) --- source3/passdb/pdb_interface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index da013f6851..3b0f54b2b3 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -353,9 +353,9 @@ NTSTATUS make_pdb_context_list(struct pdb_context **context, char **selected) NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected) { NTSTATUS ret; - char **newsel = lp_list_make(selected); + char **newsel = str_list_make(selected); ret = make_pdb_context_list(context, newsel); - lp_list_free(&newsel); + str_list_free(&newsel); return ret; } -- cgit From ac08646c374cd70e47301bce3e031b35cb220347 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 15 Jun 2002 12:38:13 +0000 Subject: Rework much of the service.c code: The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c) --- source3/passdb/pdb_get_set.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index bbb0d87f59..37530d0e46 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -860,7 +860,7 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store) } if (store) { - DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!")); + DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n")); pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME); } @@ -877,7 +877,7 @@ BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir) return False; if (unix_home_dir) { - DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", unix_home_dir, + DEBUG(10, ("pdb_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir, (sampass->private.unix_home_dir)?(sampass->private.unix_home_dir):"NULL")); sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, -- cgit From 7b60e2304052c5603740ea11ce1345a32e1b9175 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 17 Jun 2002 15:33:13 +0000 Subject: compile warngin fixes merged from 2.2 (This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1) --- source3/passdb/pdb_nisplus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 80f918d1a6..9c5b2e1171 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -56,7 +56,7 @@ struct nisp_enum_info }; static struct nisp_enum_info global_nisp_ent; -static VOLATILE sig_atomic_t gotalarm; +static SIG_ATOMIC_T gotalarm; /*************************************************************** -- cgit From ea7cdc4de060181b11779d726ba2aecf0a09b72b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Jun 2002 12:19:35 +0000 Subject: Add module versioning to the passdb module system All passdb modules need to include a 'magic' macro that creates simple 'return my version number' function. (from metze and jelmer) Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive(). (from metze) Andrew Bartlett (This used to be commit 4a57c445dd4354034fc41b132a484afe6ab66e16) --- source3/passdb/pdb_ldap.c | 2 +- source3/passdb/pdb_plugin.c | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 0a16071419..a5530efdb6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -693,7 +693,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) { pdb_set_dir_drive(sampass, standard_sub_specified(sampass->mem_ctx, - lp_logon_path(), + lp_logon_drive(), username, domain, uid, gid), False); diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c index f7ab2b90e2..1a246631fe 100644 --- a/source3/passdb/pdb_plugin.c +++ b/source3/passdb/pdb_plugin.c @@ -29,6 +29,7 @@ NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con void * dl_handle; char *plugin_location, *plugin_name, *p; pdb_init_function plugin_init; + int (*plugin_version)(void); if (location == NULL) { DEBUG(0, ("The plugin module needs an argument!\n")); @@ -51,8 +52,23 @@ NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con return NT_STATUS_UNSUCCESSFUL; } + plugin_version = sys_dlsym(dl_handle, "pdb_version"); + if (!plugin_version) { + sys_dlclose(dl_handle); + DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + if (plugin_version()!=PASSDB_INTERFACE_VERSION) { + sys_dlclose(dl_handle); + DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", + plugin_version(),PASSDB_INTERFACE_VERSION)); + return NT_STATUS_UNSUCCESSFUL; + } + plugin_init = sys_dlsym(dl_handle, "pdb_init"); - if (!plugin_init){ + if (!plugin_init) { + sys_dlclose(dl_handle); DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } -- cgit From de8fe0a2eb740ead8f37c1e65a3139a3b2cee201 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Jun 2002 03:54:54 +0000 Subject: Another bug fix from metze. (This used to be commit 5c754cef19c9580e2cb1e23152a1097d11ca8c60) --- source3/passdb/pdb_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a5530efdb6..aef366fe7e 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -702,7 +702,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) { - pdb_set_dir_drive(sampass, standard_sub_specified(sampass->mem_ctx, + pdb_set_homedir(sampass, standard_sub_specified(sampass->mem_ctx, lp_logon_home(), username, domain, uid, gid), -- cgit From 9930b0b0650ae3e38c033c28672398425dd8228c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 1 Jul 2002 09:12:41 +0000 Subject: used findstatic.pl to make some variables static and remove some dead code (This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0) --- source3/passdb/pdb_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index aef366fe7e..8e8e8f1574 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -136,7 +136,7 @@ static BOOL fetch_ldapsam_pw(char **dn, char** pw) return True; } -char *attr[] = {"uid", "pwdLastSet", "logonTime", +static const char *attr[] = {"uid", "pwdLastSet", "logonTime", "logoffTime", "kickoffTime", "cn", "pwdCanChange", "pwdMustChange", "dislplayName", "homeDrive", -- cgit From 58bc831cc3252c76fe88758a3db0e539c8626055 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jul 2002 06:55:31 +0000 Subject: Fix the spelling in the LDAP attributes (This used to be commit dab26f8891a77640ce382ce1785ca5dd22d43c22) --- source3/passdb/pdb_ldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 8e8e8f1574..789eb6fa87 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -139,10 +139,10 @@ static BOOL fetch_ldapsam_pw(char **dn, char** pw) static const char *attr[] = {"uid", "pwdLastSet", "logonTime", "logoffTime", "kickoffTime", "cn", "pwdCanChange", "pwdMustChange", - "dislplayName", "homeDrive", + "displayName", "homeDrive", "smbHome", "scriptPath", "profilePath", "description", - "userWorkstation", "rid", + "userWorkstations", "rid", "primaryGroupID", "lmPassword", "ntPassword", "acctFlags", "domain", "description", NULL }; -- cgit From 8e52737efc9cf746d7e9fd1f07bc42201dccbfba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jul 2002 07:37:54 +0000 Subject: Break up the passdb objects (to allow RPC clients to link without brining in *.o) and implment new enum_dom_users code in the SAMR RPC subsystem. Incresingly, we are using the pdb_get_{user,group}_sid() functions, in the eventual hope that we might one day support muliple domains off a single passdb. To extract the RID, we use sid_peek_check_rid(), and supply an 'expected' domain SID. The id21 -> SAM_ACCOUNT and id23 -> SAM_ACCOUNT code has been moved to srv_samr_util.c, to ease linking in passdb users. Compatiblity code that uses 'get_global_sam_sid()' for the 'expected' sid is in pdb_compat.c Andrew Bartlett (This used to be commit 5a2a6f1ba316489d118a8bdd9551b155226de94f) --- source3/passdb/passdb.c | 116 ------------------------------------------- source3/passdb/pdb_compat.c | 104 ++++++++++++++++++++++++++++++++++++++ source3/passdb/pdb_get_set.c | 75 ---------------------------- 3 files changed, 104 insertions(+), 191 deletions(-) create mode 100644 source3/passdb/pdb_compat.c (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 88b624cc19..2bf3eccfb7 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -936,122 +936,6 @@ const char *pdb_unistr2_convert(const UNISTR2 *from) return convert_buffer; } -/************************************************************* - Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT - **************************************************************/ - -void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) -{ - - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_sid_from_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_sid_from_rid(to, from->group_rid); - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - -/************************************************************* - Copies a sam passwd. - **************************************************************/ - -void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) -{ - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_sid_from_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_sid_from_rid(to, from->group_rid); - - /* FIXME!! Do we need to copy the passwords here as well? - I don't know. Need to figure this out --jerry */ - - /* Passwords dealt with in caller --abartlet */ - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - /************************************************************* Change a password entry in the local smbpasswd file. diff --git a/source3/passdb/pdb_compat.c b/source3/passdb/pdb_compat.c new file mode 100644 index 0000000000..713c92e3ac --- /dev/null +++ b/source3/passdb/pdb_compat.c @@ -0,0 +1,104 @@ +/* + Unix SMB/CIFS implementation. + SAM_ACCOUNT access routines + Copyright (C) Jeremy Allison 1996-2001 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000-2001 + Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) +{ + uint32 u_rid; + + if (sampass) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) + return u_rid; + + return (0); +} + +uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) +{ + uint32 g_rid; + + if (sampass) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) + return g_rid; + return (0); +} + +BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) +{ + DOM_SID u_sid; + const DOM_SID *global_sam_sid; + + if (!sampass) + return False; + + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&u_sid, global_sam_sid); + + if (!sid_append_rid(&u_sid, rid)) + return False; + + if (!pdb_set_user_sid(sampass, &u_sid)) + return False; + + DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", + sid_string_static(&u_sid),rid)); + + return True; +} + +BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) +{ + DOM_SID g_sid; + const DOM_SID *global_sam_sid; + + if (!sampass) + return False; + + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&g_sid, global_sam_sid); + + if (!sid_append_rid(&g_sid, grid)) + return False; + + if (!pdb_set_group_sid(sampass, &g_sid)) + return False; + + DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", + sid_string_static(&g_sid), grid)); + + return True; +} + diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 37530d0e46..dff4b40f4d 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -172,27 +172,6 @@ const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass) return (NULL); } -uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) -{ - uint32 u_rid; - - if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) - return u_rid; - - return (0); -} - -uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) -{ - uint32 g_rid; - - if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) - return g_rid; - return (0); -} - /** * Get flags showing what is initalised in the SAM_ACCOUNT * @param sampass the SAM_ACCOUNT in question @@ -577,60 +556,6 @@ BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid) return True; } -BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) -{ - DOM_SID u_sid; - const DOM_SID *global_sam_sid; - - if (!sampass) - return False; - - if (!(global_sam_sid = get_global_sam_sid())) { - DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); - return False; - } - - sid_copy(&u_sid, global_sam_sid); - - if (!sid_append_rid(&u_sid, rid)) - return False; - - if (!pdb_set_user_sid(sampass, &u_sid)) - return False; - - DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", - sid_string_static(&u_sid),rid)); - - return True; -} - -BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) -{ - DOM_SID g_sid; - const DOM_SID *global_sam_sid; - - if (!sampass) - return False; - - if (!(global_sam_sid = get_global_sam_sid())) { - DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); - return False; - } - - sid_copy(&g_sid, global_sam_sid); - - if (!sid_append_rid(&g_sid, grid)) - return False; - - if (!pdb_set_group_sid(sampass, &g_sid)) - return False; - - DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", - sid_string_static(&g_sid), grid)); - - return True; -} - /********************************************************************* Set the user's UNIX name. ********************************************************************/ -- cgit From 4d37c48274d05b9532b33d8f1190a6751a394787 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 5 Jul 2002 01:51:49 +0000 Subject: Fix debug comment. (This used to be commit f32980c807adf8287436be0d5a223b9b1ce399b8) --- source3/passdb/pdb_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 789eb6fa87..643d165e58 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -607,7 +607,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pw = getpwnam_alloc(username); if (pw == NULL) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); + DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username)); return False; } uid = pw->pw_uid; -- cgit From 78722434a6511f06b8ea7da0b8a4ca08c8980c04 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Jul 2002 07:26:35 +0000 Subject: If we get a SID from group mapping, no need to check it's prefix. Just set it directly. Andrew Bartlett (This used to be commit 202202bc475f3b8500423b1a9ccf0adc80a4dc49) --- source3/passdb/pdb_ldap.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 643d165e58..fd5ad7ee12 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -589,10 +589,14 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, get_single_attribute(ldap_struct, entry, "rid", temp); user_rid = (uint32)atol(temp); + + pdb_set_user_sid_from_rid(sampass, user_rid); + if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) { group_rid = 0; } else { group_rid = (uint32)atol(temp); + pdb_set_group_sid_from_rid(sampass, group_rid); } if ((ldap_state->permit_non_unix_accounts) @@ -624,11 +628,10 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, GROUP_MAP map; /* call the mapping code here */ if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { - if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &group_rid)) - return False; + pdb_set_group_sid(sampass, &map.sid); } else { - group_rid=pdb_gid_to_group_rid(gid); + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid)); } } } @@ -781,9 +784,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_hours_len(sampass, hours_len); pdb_set_logon_divs(sampass, logon_divs); - pdb_set_user_sid_from_rid(sampass, user_rid); - pdb_set_group_sid_from_rid(sampass, group_rid); - pdb_set_username(sampass, username); pdb_set_domain(sampass, domain); -- cgit From 6b903424fe1e641c484f9b86eff5b4e12009d0b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 13 Jul 2002 09:10:16 +0000 Subject: Make smbpasswd behave like all the other backends, where a NULL or invalid LM password isn't anything special. All the users check the ACB nowadays, and this allows us to correctly return flags set via usermgr. Andrew Bartlett (This used to be commit 89eb765d398de7654ba6bac7c51df727830c2591) --- source3/passdb/pdb_smbpasswd.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 8dc8f43630..5f94ef62fd 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -408,13 +408,10 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s p++; if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf->smb_nt_passwd = NULL; - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_DISABLED; - return pw_buf; - } + /* NULL LM password */ + pw_buf->smb_passwd = NULL; + DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name)); + } if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); -- cgit From a02a80d7d3b8f93e7afb7e8246b0cf4d8e6eefef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 14 Jul 2002 04:51:57 +0000 Subject: Fix up a botched prevoius commit. The idea here is to allow invalid LM passwords in otherwise valid accounts. This happens when we create an account without a password, for example. Previously we would stop at the LM password, and not read things like the account flags correctly. Now we process the record, and just set the password to NULL. (Note, 'no password for access' is decided only on the basis of the Account Control bits, not on the 'NULL' value of the password feild.). Andrew Bartlett (This used to be commit c590e0c970b5babf370924cef51530e5e215eaf2) --- source3/passdb/pdb_smbpasswd.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 5f94ef62fd..8c7ba364b8 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -407,12 +407,6 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s /* Skip the ':' */ p++; - if (*p == '*' || *p == 'X') { - /* NULL LM password */ - pw_buf->smb_passwd = NULL; - DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name)); - } - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); continue; @@ -427,11 +421,16 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s pw_buf->smb_passwd = NULL; pw_buf->acct_ctrl |= ACB_PWNOTREQ; } else { - if (!pdb_gethexpwd((char *)p, smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); - continue; - } - pw_buf->smb_passwd = smbpwd; + if (*p == '*' || *p == 'X') { + /* NULL LM password */ + pw_buf->smb_passwd = NULL; + DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name)); + } else if (pdb_gethexpwd((char *)p, smbpwd)) { + pw_buf->smb_passwd = smbpwd; + } else { + pw_buf->smb_passwd = NULL; + DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); + } } /* -- cgit