From 0a36b8d8a959c18c670a7e41e3f5a728f3ea88c3 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 19 May 1998 17:48:40 +0000 Subject: ldap.c : - added support for some of the new passdb_ops functions. - removed functions that are supported "indirectly" through passdb.c nisppass.c : - modified make_nisname_from_xxx() functions to take a "file" arg. - turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid() functionality is available through "indirect" support in passdb.c - removed functions that are supported "indirectly" through passdb.c - added support for some of the new passdb_ops functions. passdb.c : - created getsam21pwrid() function to go alongside getsam21pwuid. it is not expected that getsam21pwuid ever be used, certainly not from the lib/rpc code. - created getsamdisprid() and getsamdispent(). these are primarily for support of SamrQueryDisplayInfo, however given that they [struct sam_disp_info] return username, rid and fullname, there may be further instances where these functions will be useful. - added support where either the get/add/mod-smb or get/add/mod-sam21 functions are optional. this can be done very easily by checking whether the struct passdb_ops table functions are NULL or not. documented this capability in the notes at the top of the module. - where unix uid was referenced, use uid_t. - where unix gid was referenced, use gid_t. smb.h : - added sam_disp_info functions to passdb_ops. - added getsam21pwrid() function. smbpass.c : - added reference to iterate_getsam21pwrid(). lib/rpc/server/srv_samr.c : - removed group rid code added to get_user_info_21() code: this had been added in the wrong place. the client / server should already know whether it wants to do a lookup by user rid or by group rid. the test of whether the rid is a user or group rid has been left in because this may become useful consistency-check code. - converted back to getsam21pwrid() not getsam21pwuid(pdb_user_rid_to_uid()). this is because the unix uid to user rid mapping can be non-monotonic in some password database systems, and monotonic in others. imposing the restriction by converting immediately from rid to uid at this point is inadviseable, and will place this potential restriction on _all_ password database systems, not just some which, for whatever reason, do not support user rids. it should be up to the individual password database writer to convert from user rid to unix uid, should that module not support rids. lib/rpc/server/srv_util.c : - got lookup_user_name() to call getsamdisprid() not getsmbpwuid(). a bug was introduced (or at least the bug already there was not fixed) whereby the nt user rid was converted to a unix uid, and then not used. (This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8) --- source3/include/proto.h | 15 ++- source3/include/smb.h | 28 ++++- source3/passdb/ldap.c | 34 +++--- source3/passdb/nispass.c | 80 +++++-------- source3/passdb/passdb.c | 259 ++++++++++++++++++++++++++++++++++++++---- source3/passdb/smbpass.c | 1 + source3/rpc_server/srv_samr.c | 38 ++----- source3/rpc_server/srv_util.c | 12 +- 8 files changed, 335 insertions(+), 132 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 8207aa8adc..177a45c9c0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1568,13 +1568,16 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override); struct smb_passwd *getsmbpwnam(char *name); struct smb_passwd *getsmbpwuid(uid_t smb_userid); struct sam_passwd *iterate_getsam21pwnam(char *name); -struct sam_passwd *iterate_getsam21pwuid(uint32 uid); +struct sam_passwd *iterate_getsam21pwrid(uint32 rid); +struct sam_passwd *iterate_getsam21pwuid(uid_t uid); +struct sam_disp_info *getsamdisprid(uint32 rid); struct sam_disp_info *getsamdispent(void *vp); struct sam_passwd *getsam21pwent(void *vp); BOOL add_sam21pwd_entry(struct sam_passwd *newpwd); BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override); struct sam_passwd *getsam21pwnam(char *name); -struct sam_passwd *getsam21pwuid(uint32 uid); +struct sam_passwd *getsam21pwrid(uint32 rid); +struct sam_passwd *getsam21pwuid(uid_t uid); void pdb_init_dispinfo(struct sam_disp_info *user); void pdb_init_smb(struct smb_passwd *user); void pdb_init_sam(struct sam_passwd *user); @@ -1588,10 +1591,10 @@ uint16 pdb_decode_acct_ctrl(char *p); int pdb_gethexpwd(char *p, char *pwd); BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); BOOL pdb_generate_machine_sid(void); -uint32 pdb_user_rid_to_uid(uint32 u_rid); -uint32 pdb_group_rid_to_gid(uint32 u_gid); -uint32 pdb_uid_to_user_rid(uint32 uid); -uint32 pdb_gid_to_group_rid(uint32 gid); +uid_t pdb_user_rid_to_uid(uint32 u_rid); +gid_t pdb_group_rid_to_gid(uint32 g_rid); +uint32 pdb_uid_to_user_rid(uid_t uid); +uint32 pdb_gid_to_group_rid(gid_t gid); BOOL pdb_rid_is_user(uint32 rid); /*The following definitions come from password.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index fff44f179d..8687f618e4 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -637,6 +637,17 @@ struct shmem_ops { /* * Each implementation of the password database code needs * to support the following operations. + * + * either the get/mod/add-smbXXX or the get/mod/add-sam21XXX functions + * are optional, but not both. conversion routines will be called + * if only one of each is supported. the preference is to provide + * full getsam21pwXXX functionality. + * + * e.g: provide a getsam21pwnam() function but set getsmbpwnam() to NULL: + * passdb.c will automatically call getsam21pwnam() and then call the + * sam21-to-smb conversion routine if the passdb.c::getsmbpwnam() function + * is called. + * */ struct passdb_ops { @@ -647,12 +658,14 @@ struct passdb_ops { void (*endsmbpwent)(void *); unsigned long (*getsmbpwpos)(void *); BOOL (*setsmbpwpos)(void *, unsigned long); + /* * smb password database query functions. */ struct smb_passwd *(*getsmbpwnam)(char *); struct smb_passwd *(*getsmbpwuid)(uid_t); struct smb_passwd *(*getsmbpwent)(void *); + /* * smb password database modification functions. */ @@ -664,11 +677,24 @@ struct passdb_ops { */ struct sam_passwd *(*getsam21pwent)(void *); + /* + * sam password database query functions. + */ struct sam_passwd *(*getsam21pwnam)(char *); - struct sam_passwd *(*getsam21pwuid)(uint32); + struct sam_passwd *(*getsam21pwuid)(uid_t); + struct sam_passwd *(*getsam21pwrid)(uint32); + /* + * sam password database modification functions. + */ BOOL (*add_sam21pwd_entry)(struct sam_passwd *); BOOL (*mod_sam21pwd_entry)(struct sam_passwd *, BOOL); + + /* + * sam query display info functions. + */ + struct sam_disp_info *(*getsamdisprid)(uint32); + struct sam_disp_info *(*getsamdispent)(void *); }; /* this is used for smbstatus */ diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index de1e3cc9ab..4ee53edbef 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -945,21 +945,25 @@ static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override); } -static struct passdb_ops ldap_ops = { - startldappwent, - endldappwent, - getldappwpos, - setldappwpos, - getldappwnam, - getldappwuid, - getldappwent, - add_ldappwd_entry, - mod_ldappwd_entry, - getldap21pwent, - iterate_getsam21pwnam, /* From passdb.c */ - iterate_getsam21pwuid, /* From passdb.c */ - add_ldap21pwd_entry, - mod_ldap21pwd_entry +static struct passdb_ops ldap_ops = +{ + startldappwent, + endldappwent, + getldappwpos, + setldappwpos, + getldappwnam, + NULL, /* getldappwuid, */ + NULL, /* getldappwent, */ + NULL, /* add_ldappwd_entry, */ + NULL, /* mod_ldappwd_entry, */ + getldap21pwent, + iterate_getsam21pwnam, /* From passdb.c */ + iterate_getsam21pwuid, /* From passdb.c */ + iterate_getsam21pwrid, /* From passdb.c */ + add_ldap21pwd_entry, + mod_ldap21pwd_entry, + NULL, /* getsamdisprid, */ + NULL /* getsamdispent */ }; struct passdb_ops *ldap_initialize_password_db(void) diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index 436fbc0e91..cb49f15059 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -94,13 +94,14 @@ static void gotalarm_sig(void) /*************************************************************** make_nisname_from_user_rid ****************************************************************/ -static char *make_nisname_from_user_rid(uint32 rid) +static char *make_nisname_from_user_rid(uint32 rid, char *pfile) { static pstring nisname; safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1); slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid); - safe_strcat(nisname, "], passwd.org_dir", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); return nisname; } @@ -108,13 +109,14 @@ static char *make_nisname_from_user_rid(uint32 rid) /*************************************************************** make_nisname_from_uid ****************************************************************/ -static char *make_nisname_from_uid(int uid) +static char *make_nisname_from_uid(int uid, char *pfile) { static pstring nisname; safe_strcpy(nisname, "[uid=", sizeof(nisname)-1); slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid); - safe_strcat(nisname, "], passwd.org_dir", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); return nisname; } @@ -122,13 +124,14 @@ static char *make_nisname_from_uid(int uid) /*************************************************************** make_nisname_from_name ****************************************************************/ -static char *make_nisname_from_name(char *user_name) +static char *make_nisname_from_name(char *user_name, char *pfile) { static pstring nisname; safe_strcpy(nisname, "[name=", sizeof(nisname)-1); safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1); - safe_strcat(nisname, "], passwd.org_dir", sizeof(nisname) - strlen(nisname) - 1); + safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); return nisname; } @@ -214,9 +217,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) pfile = lp_smb_passwd_file(); - safe_strcpy(user_name, newpwd->smb_name, sizeof(user_name)-1); - - nisname = make_nisname_from_name(user_name); + nisname = make_nisname_from_name(user_name, "passwd.org_dir"); nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); @@ -229,10 +230,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) user_obj = NIS_RES_OBJECT(nis_user); - safe_strcpy(nisname, "[name=", sizeof(nisname)-1); - safe_strcat(nisname, ENTRY_VAL(user_obj,0),sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); + make_nisname_from_name(ENTRY_VAL(user_obj,0), pfile); result = nis_list(nisname, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL); if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) @@ -465,12 +463,12 @@ static struct sam_passwd *getnisp21pwnam(char *name) /************************************************************************* Routine to search the nisplus passwd file for an entry matching the username *************************************************************************/ -static struct sam_passwd *getnisp21pwuid(int smb_userid) +static struct sam_passwd *getnisp21pwrid(uint32 rid) { /* Static buffers we will return. */ static struct sam_passwd pw_buf; nis_result *result; - pstring nisname; + char *nisname; BOOL ret; if (!*lp_smb_passwd_file()) @@ -479,10 +477,10 @@ static struct sam_passwd *getnisp21pwuid(int smb_userid) return NULL; } - DEBUG(10, ("getnisppwuid: search by uid: %d\n", smb_userid)); - DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", lp_smb_passwd_file())); + DEBUG(10, ("getnisp21pwrid: search by rid: %x\n", rid)); + DEBUG(10, ("getnisp21pwrid: using NIS+ table %s\n", lp_smb_passwd_file())); - slprintf(nisname, sizeof(nisname)-1, "[uid=%d],%s", smb_userid, lp_smb_passwd_file()); + nisname = make_nisname_from_user_rid(rid, lp_smb_passwd_file()); /* Search the table. */ gotalarm = 0; @@ -496,7 +494,7 @@ static struct sam_passwd *getnisp21pwuid(int smb_userid) if (gotalarm) { - DEBUG(0,("getnisppwuid: NIS+ lookup time out\n")); + DEBUG(0,("getnisp21pwrid: NIS+ lookup time out\n")); nis_freeresult(result); return NULL; } @@ -511,46 +509,24 @@ static struct sam_passwd *getnisp21pwuid(int smb_userid) * Derived functions for NIS+. */ -static struct smb_passwd *getnispwnam(char *name) -{ - return pdb_sam_to_smb(iterate_getsam21pwnam(name)); -} - -static struct smb_passwd *getnispwuid(uid_t smb_userid) -{ - return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); -} - -static struct smb_passwd *getnispwent(void *vp) -{ - return pdb_sam_to_smb(getnisp21pwent(vp)); -} - -static BOOL add_nispwd_entry(struct smb_passwd *newpwd) -{ - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); -} - -static BOOL mod_nispwd_entry(struct smb_passwd* pwd, BOOL override) -{ - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); -} - static struct passdb_ops nispasswd_ops = { startnisppwent, endnisppwent, getnisppwpos, setnisppwpos, - getnispwnam, - getsmbpwuid, - getnispwent, - add_nispwd_entry, - mod_nispwd_entry, + NULL, /* getnispwnam, */ + NULL, /* getnispwuid, */ + NULL, /* getnispwent, */ + NULL, /* add_nispwd_entry, */ + NULL, /* mod_nispwd_entry, */ getnisp21pwent, - iterate_getsam21pwnam, /* Found in passdb.c */ - iterate_getsam21pwuid, /* Found in passdb.c */ + getnisp21pwnam, + NULL, /* getsam21pwuid */ + getnisp21pwrid, add_nisp21pwd_entry, - mod_nisp21pwd_entry + mod_nisp21pwd_entry, + NULL, /* getsamdisprid */ + NULL /* getsamdispent */ }; struct passdb_ops *nisplus_initialize_password_db(void) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index acc8d1c609..d7ba8479bf 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -35,6 +35,19 @@ DOM_SID global_machine_sid; /* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. + * + * NOTE. for the get/mod/add functions, there are two sets of functions. + * one supports struct sam_passwd, the other supports struct smb_passwd. + * for speed optimisation it is best to support both these sets. + * + * it is, however, optional to support one set but not the other: there + * is conversion-capability built in to passdb.c, and run-time error + * detection for when neither are supported. + * + * password database writers are recommended to implement the sam_passwd + * functions in a first pass, as struct sam_passwd contains more + * information, needed by the NT Domain support. lkcl. + * */ static struct passdb_ops *pdb_ops; @@ -115,8 +128,10 @@ struct smb_passwd *iterate_getsmbpwnam(char *name) BOOL initialize_password_db(void) { - if(pdb_ops) + if (pdb_ops) + { return True; + } #ifdef USE_NISPLUS_DB pdb_ops = nisplus_initialize_password_db(); @@ -141,6 +156,7 @@ BOOL initialize_password_db(void) from this function may be used to enumerate struct sam_passwd entries as well as struct smb_passwd entries. This may need to change. JRA. + ****************************************************************/ void *startsmbpwent(BOOL update) @@ -169,7 +185,19 @@ void endsmbpwent(void *vp) struct smb_passwd *getsmbpwent(void *vp) { - return pdb_ops->getsmbpwent(vp); + if (pdb_ops->getsmbpwent == NULL && pdb_ops->getsam21pwent == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsmbpwent: getsmbpwent() and getsam21pwent() not supported!\n")); + return NULL; + } + if (pdb_ops->getsmbpwent != NULL) + { + return pdb_ops->getsmbpwent(vp); + } + return pdb_sam_to_smb(pdb_ops->getsam21pwent(vp)); } /************************************************************************* @@ -210,7 +238,19 @@ BOOL setsmbpwpos(void *vp, unsigned long tok) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pdb_ops->add_smbpwd_entry(newpwd); + if (pdb_ops->add_smbpwd_entry == NULL && pdb_ops->add_sam21pwd_entry == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("add_smbpwd_entry: add_smbpwd_entry() and add_sam21pwd_entry() not supported!\n")); + return False; + } + if (pdb_ops->add_smbpwd_entry != NULL) + { + return pdb_ops->add_smbpwd_entry(newpwd); + } + return pdb_ops->add_sam21pwd_entry(pdb_smb_to_sam(newpwd)); } /************************************************************************ @@ -224,7 +264,19 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pdb_ops->mod_smbpwd_entry(pwd, override); + if (pdb_ops->mod_smbpwd_entry == NULL && pdb_ops->mod_sam21pwd_entry == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("mod_smbpwd_entry: mod_smbpwd_entry() and mod_sam21pwd_entry() not supported!\n")); + return False; + } + if (pdb_ops->mod_smbpwd_entry != NULL) + { + return pdb_ops->mod_smbpwd_entry(pwd, override); + } + return pdb_ops->mod_sam21pwd_entry(pdb_smb_to_sam(pwd), override); } /************************************************************************ @@ -233,7 +285,19 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(char *name) { - return pdb_ops->getsmbpwnam(name); + if (pdb_ops->getsmbpwnam == NULL && pdb_ops->getsam21pwnam == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsmbpwnam: getsmbpwnam() and getsam21pwnam() not supported!\n")); + return NULL; + } + if (pdb_ops->getsam21pwnam != NULL) + { + return pdb_ops->getsmbpwnam(name); + } + return pdb_sam_to_smb(getsam21pwnam(name)); } /************************************************************************ @@ -242,7 +306,19 @@ struct smb_passwd *getsmbpwnam(char *name) struct smb_passwd *getsmbpwuid(uid_t smb_userid) { - return pdb_ops->getsmbpwuid(smb_userid); + if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsmbpwuid: getsmbpwuid() and getsam21pwrid() not supported!\n")); + return NULL; + } + if (pdb_ops->getsmbpwuid != NULL) + { + return pdb_ops->getsmbpwuid(smb_userid); + } + return pdb_sam_to_smb(pdb_ops->getsam21pwuid(pdb_uid_to_user_rid(smb_userid))); } /* @@ -285,9 +361,50 @@ struct sam_passwd *iterate_getsam21pwnam(char *name) /************************************************************************ Utility function to search sam passwd by uid. use this if your database does not have search facilities. + + search capability by both rid and uid are needed as the rid <-> uid + mapping may be non-monotonic. + *************************************************************************/ -struct sam_passwd *iterate_getsam21pwuid(uint32 uid) +struct sam_passwd *iterate_getsam21pwrid(uint32 rid) +{ + struct sam_passwd *pwd = NULL; + void *fp = NULL; + + DEBUG(10, ("iterate_getsam21pwrid: search by rid: %x\n", rid)); + + /* Open the smb password file - not for update. */ + fp = startsmbpwent(False); + + if (fp == NULL) + { + DEBUG(0, ("iterate_getsam21pwrid: unable to open sam password database.\n")); + return NULL; + } + + while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid) + ; + + if (pwd != NULL) + { + DEBUG(10, ("iterate_getsam21pwrid: found by user_rid: %x\n", rid)); + } + + endsmbpwent(fp); + return pwd; +} + +/************************************************************************ + Utility function to search sam passwd by uid. use this if your database + does not have search facilities. + + search capability by both rid and uid are needed as the rid <-> uid + mapping may be non-monotonic. + +*************************************************************************/ + +struct sam_passwd *iterate_getsam21pwuid(uid_t uid) { struct sam_passwd *pwd = NULL; void *fp = NULL; @@ -316,12 +433,27 @@ struct sam_passwd *iterate_getsam21pwuid(uint32 uid) } /************************************************************************* - Routine to return the next entry in the sam passwd list. + Routine to return a display info structure, by rid *************************************************************************/ +struct sam_disp_info *getsamdisprid(uint32 rid) +{ + if (pdb_ops->getsamdisprid != NULL) + { + return pdb_ops->getsamdisprid(rid); + } + return pdb_sam_to_dispinfo(pdb_ops->getsam21pwrid(rid)); +} +/************************************************************************* + Routine to return the next entry in the sam passwd list. + *************************************************************************/ struct sam_disp_info *getsamdispent(void *vp) { - return pdb_sam_to_dispinfo(pdb_ops->getsam21pwent(vp)); + if (pdb_ops->getsamdispent != NULL) + { + return pdb_ops->getsamdispent(vp); + } + return pdb_sam_to_dispinfo(pdb_ops->getsam21pwent(vp)); } /************************************************************************* @@ -330,7 +462,19 @@ struct sam_disp_info *getsamdispent(void *vp) struct sam_passwd *getsam21pwent(void *vp) { - return pdb_ops->getsam21pwent(vp); + if (pdb_ops->getsmbpwent == NULL && pdb_ops->getsam21pwent == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsmbpwent: getsmbpwent() and getsam21pwent() not supported!\n")); + return NULL; + } + if (pdb_ops->getsam21pwent != NULL) + { + return pdb_ops->getsam21pwent(vp); + } + return pdb_smb_to_sam(pdb_ops->getsmbpwent(vp)); } /************************************************************************ @@ -339,7 +483,19 @@ struct sam_passwd *getsam21pwent(void *vp) BOOL add_sam21pwd_entry(struct sam_passwd *newpwd) { - return pdb_ops->add_sam21pwd_entry(newpwd); + if (pdb_ops->add_smbpwd_entry == NULL && pdb_ops->add_sam21pwd_entry == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("add_smbpwd_entry: add_smbpwd_entry() and add_sam21pwd_entry() not supported!\n")); + return False; + } + if (pdb_ops->add_sam21pwd_entry != NULL) + { + return pdb_ops->add_sam21pwd_entry(newpwd); + } + return pdb_ops->add_smbpwd_entry(pdb_sam_to_smb(newpwd)); } /************************************************************************ @@ -353,7 +509,19 @@ BOOL add_sam21pwd_entry(struct sam_passwd *newpwd) BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override) { - return pdb_ops->mod_sam21pwd_entry(pwd, override); + if (pdb_ops->mod_smbpwd_entry == NULL && pdb_ops->mod_sam21pwd_entry == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("mod_smbpwd_entry: mod_smbpwd_entry() and mod_sam21pwd_entry() not supported!\n")); + return False; + } + if (pdb_ops->mod_sam21pwd_entry != NULL) + { + return pdb_ops->mod_sam21pwd_entry(pwd, override); + } + return pdb_ops->mod_smbpwd_entry(pdb_sam_to_smb(pwd), override); } @@ -363,16 +531,61 @@ BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override) struct sam_passwd *getsam21pwnam(char *name) { - return pdb_ops->getsam21pwnam(name); + if (pdb_ops->getsmbpwnam == NULL && pdb_ops->getsam21pwnam == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsam21pwnam: getsmbpwnam() and getsam21pwnam() not supported!\n")); + return NULL; + } + if (pdb_ops->getsam21pwnam != NULL) + { + return pdb_ops->getsam21pwnam(name); + } + return pdb_smb_to_sam(getsmbpwnam(name)); +} + +/************************************************************************ + Routine to search sam passwd by rid. +*************************************************************************/ + +struct sam_passwd *getsam21pwrid(uint32 rid) +{ + if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsam21pwrid: getsmbpwuid() and getsam21pwrid() not supported!\n")); + return NULL; + } + if (pdb_ops->getsam21pwrid != NULL) + { + return pdb_ops->getsam21pwrid(rid); + } + return pdb_smb_to_sam(pdb_ops->getsmbpwuid(pdb_user_rid_to_uid(rid))); } /************************************************************************ Routine to search sam passwd by uid. *************************************************************************/ -struct sam_passwd *getsam21pwuid(uint32 uid) +struct sam_passwd *getsam21pwuid(uid_t uid) { - return pdb_ops->getsam21pwuid(uid); + if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL) + { + /* must have one or the other: this is an error by the password + database implementor for the back-end you are using. + */ + DEBUG(0,("getsam21pwuid: getsmbpwuid() and getsam21pwrid() not supported!\n")); + return NULL; + } + if (pdb_ops->getsam21pwuid != NULL) + { + return pdb_ops->getsam21pwuid(uid); + } + return pdb_smb_to_sam(pdb_ops->getsmbpwuid(uid)); } @@ -885,25 +1098,25 @@ Error was %s\n", sid_file, strerror(errno) )); converts NT User RID to a UNIX uid. ********************************************************************/ -uint32 pdb_user_rid_to_uid(uint32 u_rid) +uid_t pdb_user_rid_to_uid(uint32 u_rid) { - return (u_rid - 1000); + return (uid_t)(u_rid - 1000); } /******************************************************************* converts NT Group RID to a UNIX uid. ********************************************************************/ -uint32 pdb_group_rid_to_gid(uint32 u_gid) +gid_t pdb_group_rid_to_gid(uint32 g_rid) { - return (u_gid - 1000); + return (gid_t)(g_rid - 1000); } /******************************************************************* converts UNIX uid to an NT User RID. ********************************************************************/ -uint32 pdb_uid_to_user_rid(uint32 uid) +uint32 pdb_uid_to_user_rid(uid_t uid) { return (uint32)(uid + 1000); } @@ -912,7 +1125,7 @@ uint32 pdb_uid_to_user_rid(uint32 uid) converts NT Group RID to a UNIX uid. ********************************************************************/ -uint32 pdb_gid_to_group_rid(uint32 gid) +uint32 pdb_gid_to_group_rid(gid_t gid) { return (uint32)(gid + 1000); } @@ -924,5 +1137,9 @@ uint32 pdb_gid_to_group_rid(uint32 gid) BOOL pdb_rid_is_user(uint32 rid) { /* Punt for now - we need to look at the encoding here. JRA. */ + /* lkcl i understand that NT attaches an enumeration to a RID + * such that it can be identified as either a user, group etc + * type. there are 5 such categories, and they are documented. + */ return True; } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 8e0ace9986..ff06905927 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -933,6 +933,7 @@ static struct passdb_ops file_ops = { getsmbfile21pwent, iterate_getsam21pwnam, /* In passdb.c */ iterate_getsam21pwuid, /* In passdb.c */ + iterate_getsam21pwrid, /* In passdb.c */ add_smbfile21pwd_entry, mod_smbfile21pwd_entry }; diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index adc16fa5c8..d1503a762e 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -860,41 +860,21 @@ static void api_samr_open_user( int uid, prs_struct *data, prs_struct *rdata) /************************************************************************* get_user_info_21 *************************************************************************/ -static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) +static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { NTTIME dummy_time; struct sam_passwd *sam_pass; LOGON_HRS hrs; int i; - /* - * Convert from rid to either a uid or gid as soon as - * possible. JRA. - */ - - if(pdb_rid_is_user(rid)) - { - uint32 uid = pdb_user_rid_to_uid(rid); - become_root(True); - sam_pass = getsam21pwuid(uid); - unbecome_root(True); - } - else - { - struct group *grent; - uint32 gid; - gid = pdb_group_rid_to_gid(rid); - if((grent = getgrgid(gid)) == NULL) - { - DEBUG(0,("get_user_info_21: Unable to get group info.\n")); - return False; - } - /* TODO - at this point we need to convert from - a UNIX struct group into a user info 21 structure. - Punt for now. JRA. - */ - return False; - } + if (!pdb_rid_is_user(user_rid)) + { + return False; + } + + become_root(True); + sam_pass = getsam21pwrid(user_rid); + unbecome_root(True); if (sam_pass == NULL) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 15c06d18bd..fca37db717 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -394,8 +394,7 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) ********************************************************************/ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) { - struct smb_passwd *smb_pass; - uint32 unix_uid; + struct sam_disp_info *disp_info; int i = 0; (*type) = SID_NAME_USER; @@ -414,17 +413,14 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) return 0x0; } - unix_uid = pdb_uid_to_user_rid(rid); - DEBUG(5,(" uid: %d", unix_uid)); - /* ok, it's a user. find the user account */ become_root(True); - smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */ + disp_info = getsamdisprid(rid); unbecome_root(True); - if (smb_pass != NULL) + if (disp_info != NULL) { - fstrcpy(user_name, smb_pass->smb_name); + fstrcpy(user_name, disp_info->smb_name); DEBUG(5,(" = %s\n", user_name)); return 0x0; } -- cgit