From 30038de4623bc827ee8019c569faf00583d1fe58 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 29 Nov 1998 20:03:33 +0000 Subject: weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1) --- source3/groupdb/aliasdb.c | 40 ++- source3/groupdb/aliasfile.c | 27 +- source3/groupdb/aliasunix.c | 138 ++++----- source3/groupdb/groupdb.c | 38 ++- source3/groupdb/groupfile.c | 24 +- source3/groupdb/groupunix.c | 124 ++------ source3/include/ntdomain.h | 2 +- source3/include/proto.h | 215 +++++++------ source3/include/rpc_misc.h | 19 +- source3/include/rpc_samr.h | 325 ++++++++++++++++--- source3/include/smb.h | 172 +++++++---- source3/lib/util.c | 103 +++--- source3/lib/util_sid.c | 37 ++- source3/nmbd/nmbd.c | 29 +- source3/param/loadparm.c | 18 ++ source3/passdb/ldap.c | 10 +- source3/passdb/nispass.c | 12 +- source3/passdb/passdb.c | 636 ++++---------------------------------- source3/passdb/passgrp.c | 48 ++- source3/passdb/smbpass.c | 225 ++------------ source3/passdb/smbpasschange.c | 6 +- source3/passdb/smbpassgroup.c | 2 +- source3/passdb/smbpassgroupunix.c | 150 ++++----- source3/rpc_client/cli_login.c | 8 +- source3/rpc_client/cli_lsarpc.c | 2 +- source3/rpc_client/cli_samr.c | 67 +++- source3/rpc_parse/parse_misc.c | 54 ---- source3/rpc_parse/parse_samr.c | 34 +- source3/rpc_server/srv_lookup.c | 288 ++++------------- source3/rpc_server/srv_netlog.c | 123 +++----- source3/rpc_server/srv_samr.c | 135 +++----- source3/rpcclient/cmd_lsarpc.c | 2 +- source3/rpcclient/cmd_samr.c | 60 ++-- source3/rpcclient/display.c | 44 +++ source3/smbd/chgpasswd.c | 2 +- source3/smbd/password.c | 12 +- source3/smbd/server.c | 37 +-- source3/smbwrapper/smbw_dir.c | 3 +- source3/utils/smbpasswd.c | 3 +- source3/web/swat.c | 3 +- 40 files changed, 1415 insertions(+), 1862 deletions(-) (limited to 'source3') diff --git a/source3/groupdb/aliasdb.c b/source3/groupdb/aliasdb.c index 648700dd86..011eee0f3d 100644 --- a/source3/groupdb/aliasdb.c +++ b/source3/groupdb/aliasdb.c @@ -26,6 +26,7 @@ extern int DEBUGLEVEL; extern fstring global_sam_name; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -67,7 +68,28 @@ BOOL initialise_alias_db(void) *************************************************************************/ LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem) { - return iterate_getaliasrid(pwdb_gid_to_alias_rid(gid), mem, num_mem); + DOM_NAME_MAP gmep; + uint32 rid; + if (!lookupsmbgrpgid(gid, &gmep)) + { + DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid)); + return NULL; + } + + if (gmep.type != SID_NAME_ALIAS ) + { + DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid)); + return NULL; + } + + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + DEBUG(0,("iterate_getaliasgid: gid %d does not map into our Domain SID\n", gid)); + return NULL; + } + + return iterate_getaliasrid(rid, mem, num_mem); } /************************************************************************ @@ -108,7 +130,7 @@ LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem) Utility function to search alias database by name. use this if your database does not have search facilities. *************************************************************************/ -LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) +LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) { LOCAL_GRP *als = NULL; void *fp = NULL; @@ -167,11 +189,11 @@ BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als) /************************************************************************* checks to see if a user is a member of a domain alias *************************************************************************/ -static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem) +static BOOL user_is_member(const char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem) { int i; pstring name; - slprintf(name, sizeof(name)-1, "\\%s\\%s", global_sam_name, user_name); + slprintf(name, sizeof(name)-1, "%s\\%s", global_sam_name, user_name); for (i = 0; i < num_mem; i++) { @@ -190,7 +212,7 @@ static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem) gets an array of aliases that a user is in. use this if your database does not have search facilities *************************************************************************/ -BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss) +BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss) { LOCAL_GRP *als = NULL; LOCAL_GRP_MEMBER *mem = NULL; @@ -347,9 +369,9 @@ BOOL mod_alias_entry(LOCAL_GRP* als) Routine to search alias database by name. *************************************************************************/ -LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) +LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) { - return aldb_ops->getaliasnam(name, mem, num_mem); + return aldb_ops->getaliasntnam(name, mem, num_mem); } /************************************************************************ @@ -373,9 +395,9 @@ LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem) /************************************************************************* gets an array of aliases that a user is in. *************************************************************************/ -BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss) +BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss) { - return aldb_ops->getuseraliasnam(user_name, als, num_alss); + return aldb_ops->getuseraliasntnam(user_name, als, num_alss); } /************************************************************* diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c index e73ff39e74..4ae2c25b94 100644 --- a/source3/groupdb/aliasfile.c +++ b/source3/groupdb/aliasfile.c @@ -131,6 +131,7 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem pstring linebuf; char *p; + uint8 type; aldb_init_als(&al_buf); @@ -139,6 +140,8 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem */ while (getfileline(vp, linebuf, sizeof(linebuf)) > 0) { + DOM_NAME_MAP gmep; + /* get alias name */ p = strncpyn(al_buf.name, linebuf, sizeof(al_buf.name), ':'); @@ -190,9 +193,25 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem } } - /* ok, set up the static data structure and return it */ + /* + * look up the gid, turn it into a rid. the _correct_ type of rid */ + */ - al_buf.rid = pwdb_gid_to_alias_rid((gid_t)gidval); + if (!lookupsmbgrpgid((gid_t)gidval, &gmep)) + { + continue; + } + if (gmep.type != SID_NAME_DOM_GRP && + gmep.type != SID_NAME_WKN_GRP)) + { + continue; + } + + sid_split_rid(&gmep.sid, &gp_buf.rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + continue; + } make_alias_line(linebuf, sizeof(linebuf), &al_buf, mem, num_mem); DEBUG(10,("line: '%s'\n", linebuf)); @@ -237,7 +256,7 @@ static struct aliasdb_ops file_ops = getalsfilepwpos, setalsfilepwpos, - iterate_getaliasnam, /* In aliasdb.c */ + iterate_getaliasntnam, /* In aliasdb.c */ iterate_getaliasgid, /* In aliasdb.c */ iterate_getaliasrid, /* In aliasdb.c */ getalsfilepwent, @@ -245,7 +264,7 @@ static struct aliasdb_ops file_ops = add_alsfileals_entry, mod_alsfileals_entry, - iterate_getuseraliasnam /* in aliasdb.c */ + iterate_getuseraliasntnam /* in aliasdb.c */ }; struct aliasdb_ops *file_initialise_alias_db(void) diff --git a/source3/groupdb/aliasunix.c b/source3/groupdb/aliasunix.c index b9d9dc6856..715e290643 100644 --- a/source3/groupdb/aliasunix.c +++ b/source3/groupdb/aliasunix.c @@ -65,63 +65,14 @@ static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok) return False; } -/************************************************************************* - maps a unix group to a domain sid and an nt alias name. -*************************************************************************/ -static void map_unix_grp_to_nt_als(char *unix_name, - struct group *unix_grp, char *nt_name, DOM_SID *sid) -{ - BOOL found = False; - uint32 rid; - fstring ntname; - fstring ntdomain; - - if (isdigit(unix_name[0])) - { - unix_grp->gr_gid = get_number(unix_name); - unix_grp->gr_name = unix_name; - found = map_alias_gid(unix_grp->gr_gid, sid, ntname, ntdomain); - } - else - { - unix_grp->gr_name = unix_name; - found = map_unix_alias_name(unix_grp->gr_name, sid, ntname, ntdomain); - } - - if (found) - { - /* - * find the NT name represented by this UNIX gid. - * then, only accept NT aliass that are in our domain - */ - - sid_split_rid(sid, &rid); - } - else - { - /* - * assume that the UNIX group is an NT alias with - * the same name. convert gid to a alias rid. - */ - - fstrcpy(ntdomain, global_sam_name); - fstrcpy(ntname, unix_grp->gr_name); - sid_copy(sid, &global_sam_sid); - } - - slprintf(nt_name, sizeof(fstring)-1, "\\%s\\%s", - ntdomain, ntname); -} - /************************************************************************* Routine to return the next entry in the smbdomainalias list. *************************************************************************/ -BOOL get_unixalias_members(struct group *als, +BOOL get_unixalias_members(struct group *grp, int *num_mem, LOCAL_GRP_MEMBER **members) { int i; char *unix_name; - fstring nt_name; if (num_mem == NULL || members == NULL) { @@ -131,28 +82,43 @@ BOOL get_unixalias_members(struct group *als, (*num_mem) = 0; (*members) = NULL; - for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++) + for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++) { - DOM_SID sid; - struct group unix_grp; + fstring name; + DOM_NAME_MAP gmep; + LOCAL_GRP_MEMBER *mem; + + fstrcpy(name, unix_name); - map_unix_grp_to_nt_als(unix_name, &unix_grp, nt_name, &sid); + if (!lookupsmbgrpnam(name, &gmep) && + !lookupsmbpwnam (name, &gmep)) + { + continue; + } - if (!sid_equal(&sid, &global_sam_sid)) + if (!sid_front_equal(&global_sam_sid, &gmep.sid)) { - DEBUG(0,("alias database: could not resolve name %s in domain %s\n", - unix_name, global_sam_name)); + DEBUG(0,("alias database: could not resolve name %s (wrong Domain SID)\n", + name)); continue; } - (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + (*num_mem)++; + (*members) = Realloc((*members), (*num_mem) * sizeof(LOCAL_GRP_MEMBER)); if ((*members) == NULL) { + DEBUG(0,("get_unixalias_members: could not realloc LOCAL_GRP_MEMBERs\n")); return False; } - fstrcpy((*members)[(*num_mem)].name, nt_name); - (*num_mem)++; + mem = &(*members)[(*num_mem)-1]; + slprintf(mem->name, sizeof(mem->name)-1, "%s\\%s", + gmep.nt_domain, gmep.nt_name); + sid_copy(&mem->sid, &gmep.sid); + mem->sid_use = gmep.type; + + DEBUG(10,("get_unixalias_members: adding alias %s\n", + mem->name)); } return True; } @@ -161,7 +127,7 @@ BOOL get_unixalias_members(struct group *als, Routine to return the next entry in the domain alias list. when we are a PDC or BDC, then unix groups that are explicitly NOT mapped - to aliases (map_alias_gid) are treated as DOMAIN groups (see groupunix.c). + to aliases are treated as DOMAIN groups (see groupunix.c). when we are a member of a domain (not a PDC or BDC) then unix groups that are explicitly NOT mapped to aliases (map_alias_gid) are treated @@ -190,36 +156,36 @@ static LOCAL_GRP *getalsunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem aldb_init_als(&gp_buf); - fstrcpy(gp_buf.comment, ""); - /* cycle through unix groups */ while ((unix_grp = getgrent()) != NULL) { - DOM_SID sid; - if (map_alias_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL)) + DOM_NAME_MAP gmep; + fstring sid_str; + DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n", + unix_grp->gr_name)); + + if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep)) { - /* - * find the NT name represented by this UNIX gid. - * then, only accept NT aliases that are in our domain - */ - - sid_split_rid(&sid, &gp_buf.rid); - if (sid_equal(&sid, &global_sam_sid)) - { - break; /* hooray. */ - } + continue; } - else if (lp_server_role() == ROLE_DOMAIN_MEMBER) + + sid_to_string(sid_str, &gmep.sid); + DEBUG(10,("group %s found, sid %s type %d\n", + gmep.nt_name, sid_str, gmep.type)); + + if (gmep.type != SID_NAME_ALIAS) { - /* - * if we are a member of a domain, - * assume that the UNIX alias is an NT alias with - * the same name. convert gid to a alias rid. - */ - - fstrcpy(gp_buf.name, unix_grp->gr_name); - gp_buf.rid = pwdb_gid_to_alias_rid(unix_grp->gr_gid); + continue; } + + sid_split_rid(&gmep.sid, &gp_buf.rid); + if (!sid_equal(&global_sam_sid, &gmep.sid)) + { + continue; + } + + fstrcpy(gp_buf.name, gmep.nt_name); + break; } if (unix_grp == NULL) @@ -279,7 +245,7 @@ static struct aliasdb_ops unix_ops = getalsunixpwpos, setalsunixpwpos, - iterate_getaliasnam, /* In aliasdb.c */ + iterate_getaliasntnam, /* In aliasdb.c */ iterate_getaliasgid, /* In aliasdb.c */ iterate_getaliasrid, /* In aliasdb.c */ getalsunixpwent, @@ -287,7 +253,7 @@ static struct aliasdb_ops unix_ops = add_alsunixgrp_entry, mod_alsunixgrp_entry, - iterate_getuseraliasnam /* in aliasdb.c */ + iterate_getuseraliasntnam /* in aliasdb.c */ }; struct aliasdb_ops *unix_initialise_alias_db(void) diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c index 7b9a14c7df..6bd6c34442 100644 --- a/source3/groupdb/groupdb.c +++ b/source3/groupdb/groupdb.c @@ -24,6 +24,7 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -65,7 +66,28 @@ BOOL initialise_group_db(void) *************************************************************************/ DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem); + DOM_NAME_MAP gmep; + uint32 rid; + if (!lookupsmbgrpgid(gid, &gmep)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid)); + return NULL; + } + + return iterate_getgrouprid(rid, mem, num_mem); } /************************************************************************ @@ -105,7 +127,7 @@ DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_me Utility function to search group database by name. use this if your database does not have search facilities. *************************************************************************/ -DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { DOMAIN_GRP *grp = NULL; void *fp = NULL; @@ -165,7 +187,7 @@ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp) /************************************************************************* checks to see if a user is a member of a domain group *************************************************************************/ -static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) +static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) { int i; for (i = 0; i < num_mem; i++) @@ -185,7 +207,7 @@ static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) gets an array of groups that a user is in. use this if your database does not have search facilities *************************************************************************/ -BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps) +BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps) { DOMAIN_GRP *grp = NULL; DOMAIN_GRP_MEMBER *mem = NULL; @@ -342,9 +364,9 @@ BOOL mod_group_entry(DOMAIN_GRP* grp) Routine to search group database by name. *************************************************************************/ -DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return gpdb_ops->getgroupnam(name, mem, num_mem); + return gpdb_ops->getgroupntnam(name, mem, num_mem); } /************************************************************************ @@ -368,9 +390,9 @@ DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) /************************************************************************* gets an array of groups that a user is in. *************************************************************************/ -BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps) +BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps) { - return gpdb_ops->getusergroupsnam(user_name, grp, num_grps); + return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps); } /************************************************************* diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c index e0f791cafb..e20ba6434c 100644 --- a/source3/groupdb/groupfile.c +++ b/source3/groupdb/groupfile.c @@ -105,7 +105,7 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member if (!found) { - DEBUG(0,("alias database: could not resolve name %s in domain %s\n", + DEBUG(0,("group database: could not resolve name %s in domain %s\n", name, global_sam_name)); continue; } @@ -130,6 +130,7 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m { /* Static buffers we will return. */ static DOMAIN_GRP gp_buf; + DOM_NAME_MAP gmep; int gidval; @@ -196,7 +197,22 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m /* ok, set up the static data structure and return it */ - gp_buf.rid = pwdb_gid_to_group_rid((gid_t)gidval); + if (!lookupsmbgrpgid((gid_t)gidval, &gmep)) + { + continue; + } + if (gmep.type != SID_NAME_DOM_GRP && + gmep.type != SID_NAME_WKN_GRP)) + { + continue; + } + + sid_split_rid(&gmep.sid, &gp_buf.rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + continue; + } + gp_buf.attr = 0x07; make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); @@ -242,7 +258,7 @@ static struct groupdb_ops file_ops = getgrpfilepwpos, setgrpfilepwpos, - iterate_getgroupnam, /* In groupdb.c */ + iterate_getgroupntnam, /* In groupdb.c */ iterate_getgroupgid, /* In groupdb.c */ iterate_getgrouprid, /* In groupdb.c */ getgrpfilepwent, @@ -250,7 +266,7 @@ static struct groupdb_ops file_ops = add_grpfilegrp_entry, mod_grpfilegrp_entry, - iterate_getusergroupsnam /* in groupdb.c */ + iterate_getusergroupntnam /* in groupdb.c */ }; struct groupdb_ops *file_initialise_group_db(void) diff --git a/source3/groupdb/groupunix.c b/source3/groupdb/groupunix.c index 56d9584155..e5ad029e48 100644 --- a/source3/groupdb/groupunix.c +++ b/source3/groupdb/groupunix.c @@ -25,7 +25,6 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; -extern fstring global_sam_name; /*************************************************************** Start to enumerate the grppasswd list. Returns a void pointer @@ -65,48 +64,6 @@ static BOOL setgrpunixpwpos(void *vp, SMB_BIG_UINT tok) return False; } -/************************************************************************* - maps a unix group to a domain sid and an nt group name. -*************************************************************************/ -static void map_unix_grp_to_nt_grp(char *unix_name, - struct group *unix_grp, char *nt_name, DOM_SID *sid) -{ - BOOL found = False; - uint32 rid; - - if (isdigit(unix_name[0])) - { - unix_grp->gr_gid = get_number(unix_name); - unix_grp->gr_name = unix_name; - found = map_group_gid(unix_grp->gr_gid, sid, nt_name, NULL); - } - else - { - unix_grp->gr_name = unix_name; - found = map_unix_group_name(unix_grp->gr_name, sid, nt_name, NULL); - } - - if (found) - { - /* - * find the NT name represented by this UNIX gid. - * then, only accept NT groups that are in our domain - */ - - sid_split_rid(sid, &rid); - } - else - { - /* - * assume that the UNIX group is an NT group with - * the same name. convert gid to a group rid. - */ - - fstrcpy(nt_name, unix_grp->gr_name); - sid_copy(sid, &global_sam_sid); - } -} - /************************************************************************* Routine to return the next entry in the smbdomaingroup list. *************************************************************************/ @@ -115,7 +72,6 @@ BOOL get_unixgroup_members(struct group *grp, { int i; char *unix_name; - fstring nt_name; if (num_mem == NULL || members == NULL) { @@ -127,15 +83,27 @@ BOOL get_unixgroup_members(struct group *grp, for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++) { - DOM_SID sid; - struct group unix_grp; + DOM_NAME_MAP gmep; - map_unix_grp_to_nt_grp(unix_name, &unix_grp, nt_name, &sid); + if (!lookupsmbgrpnam(unix_name, &gmep) && + !lookupsmbpwnam (unix_name, &gmep)) + { + continue; + } - if (!sid_equal(&sid, &global_sam_sid)) + if (gmep.type != SID_NAME_DOM_GRP && + gmep.type != SID_NAME_USER && + gmep.type != SID_NAME_WKN_GRP) + { + DEBUG(0,("group database: name %s is not in a Domain Group\n", + unix_name)); + continue; + } + + if (!sid_front_equal(&global_sam_sid, &gmep.sid)) { - DEBUG(0,("group database: could not resolve name %s in domain %s\n", - unix_name, global_sam_name)); + DEBUG(0,("group database: could not resolve name %s (wrong Domain SID)\n", + unix_name)); continue; } @@ -145,7 +113,7 @@ BOOL get_unixgroup_members(struct group *grp, return False; } - fstrcpy((*members)[(*num_mem)].name, nt_name); + fstrcpy((*members)[(*num_mem)].name, gmep.nt_name); (*members)[(*num_mem)].attr = 0x07; (*num_mem)++; } @@ -189,53 +157,29 @@ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m /* cycle through unix groups */ while ((unix_grp = getgrent()) != NULL) { - DOM_SID sid; - BOOL is_alias; - + DOM_NAME_MAP gmep; DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n", unix_grp->gr_name)); - is_alias = map_alias_gid(unix_grp->gr_gid, &sid, NULL, NULL); - if (is_alias) + + if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep)) { - sid_split_rid(&sid, NULL); - is_alias = sid_equal(&sid, &global_sam_sid); + continue; } - if (map_group_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL)) + if (gmep.type != SID_NAME_DOM_GRP && + gmep.type != SID_NAME_WKN_GRP) { - fstring sid_str; - /* - * find the NT name represented by this UNIX gid. - * then, only accept NT groups that are in our domain - */ - - sid_to_string(sid_str, &sid); - DEBUG(10,("getgrpunixpwent: entry %s mapped to name %s, SID %s\n", - unix_grp->gr_name, gp_buf.name, sid_str)); - - sid_split_rid(&sid, &gp_buf.rid); - if (sid_equal(&sid, &global_sam_sid)) - { - if (!is_alias) - { - break; /* hooray. */ - } - DEBUG(0,("configuration mistake: unix group %s is mapped to both an NT alias and an NT group\n", - gp_buf.name)); - } + continue; } - else if (!is_alias) - { - /* - * assume that the UNIX group is an NT group with - * the same name. convert gid to a group rid. - */ - - fstrcpy(gp_buf.name, unix_grp->gr_name); - gp_buf.rid = pwdb_gid_to_group_rid(unix_grp->gr_gid); - break; + sid_split_rid(&gmep.sid, &gp_buf.rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + continue; } + + fstrcpy(gp_buf.name, gmep.nt_name); + break; } if (unix_grp == NULL) @@ -295,7 +239,7 @@ static struct groupdb_ops unix_ops = getgrpunixpwpos, setgrpunixpwpos, - iterate_getgroupnam, /* In groupdb.c */ + iterate_getgroupntnam, /* In groupdb.c */ iterate_getgroupgid, /* In groupdb.c */ iterate_getgrouprid, /* In groupdb.c */ getgrpunixpwent, diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index edbe87ab8d..ed74943187 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -145,7 +145,7 @@ typedef struct struct acct_info { fstring acct_name; /* account name */ - uint32 smb_userid; /* domain-relative RID */ + uint32 user_rid; /* domain-relative RID */ }; #endif /* _NT_DOMAIN_H */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 685248fa47..4902cf06bf 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -22,19 +22,19 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); BOOL initialise_alias_db(void); LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem); -LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als); -BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss); +BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss); BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss); void *startaliasent(BOOL update); void endaliasent(void *vp); LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); BOOL add_alias_entry(LOCAL_GRP *newals); BOOL mod_alias_entry(LOCAL_GRP* als); -LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); -BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss); +BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss); void aldb_init_als(LOCAL_GRP *als); BOOL make_alias_line(char *p, int max_len, LOCAL_GRP *als, @@ -46,7 +46,7 @@ struct aliasdb_ops *file_initialise_alias_db(void); /*The following definitions come from groupdb/aliasunix.c */ -BOOL get_unixalias_members(struct group *als, +BOOL get_unixalias_members(struct group *grp, int *num_mem, LOCAL_GRP_MEMBER **members); struct aliasdb_ops *unix_initialise_alias_db(void); @@ -55,19 +55,19 @@ struct aliasdb_ops *unix_initialise_alias_db(void); BOOL initialise_group_db(void); DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); -DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp); -BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps); +BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps); BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps); void *startgroupent(BOOL update); void endgroupent(void *vp); DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem); BOOL add_group_entry(DOMAIN_GRP *newgrp); BOOL mod_group_entry(DOMAIN_GRP* grp); -DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); -BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps); +BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps); void gpdb_init_grp(DOMAIN_GRP *grp); BOOL make_group_line(char *p, int max_len, DOMAIN_GRP *grp, @@ -124,6 +124,23 @@ void force_check_log_size( void ); void dbgflush( void ); BOOL dbghdr( int level, char *file, char *func, int line ); +/*The following definitions come from lib/domain_namemap.c */ + +BOOL pwdb_rid_is_user(uint32 rid); +BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info); +BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info); +BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info); +BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info); +BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info); +BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info); +BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp); +BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep); +BOOL lookupsmbpwntnam(char *fullntname, DOM_NAME_MAP *gmep); +BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep); +BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp); +BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep); +BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep); + /*The following definitions come from lib/doscalls.c */ int dos_unlink(char *fname); @@ -210,6 +227,16 @@ void pidfile_create(char *name); char *rep_inet_ntoa(struct in_addr ip); +/*The following definitions come from lib/sids.c */ + +void get_sam_domain_name(void); +BOOL get_member_domain_sid(void); +void generate_wellknown_sids(void); +BOOL generate_sam_sid(void); +BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); +BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); +BOOL split_domain_name(char *fullname, char *domain, char *name); + /*The following definitions come from lib/signal.c */ void BlockSignals(BOOL block,int signum); @@ -289,7 +316,7 @@ BOOL user_in_list(char *user,char *list); char *tmpdir(void); BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups); -int get_number(char *tmp); +int get_number(const char *tmp); char *Atoic(char *p, int *n, char *c); uint32 *add_num_to_list(uint32 **num, int *count, int val); char *get_numlist(char *p, uint32 **num, int *count); @@ -343,7 +370,8 @@ struct hostent *Get_Hostbyname(const char *name); BOOL process_exists(int pid); char *uidtoname(uid_t uid); char *gidtoname(gid_t gid); -uid_t nametouid(const char *name); +BOOL nametogid(const char *name, gid_t *gid); +BOOL nametouid(const char *name, uid_t *uid); void smb_panic(char *why); char *readdirname(DIR *p); BOOL is_in_path(char *name, name_compare_entry *namelist); @@ -379,15 +407,37 @@ BOOL setfilepwpos(void *vp, SMB_BIG_UINT tok); int getfileline(void *vp, char *linebuf, int linebuf_size); char *fgets_slash(char *s2,int maxlen,FILE *f); +/*The following definitions come from lib/util_pwdb.c */ + +uint32 lookup_wk_group_name(const char *group_name, const char *domain, + DOM_SID *sid, uint8 *type); +uint32 lookup_wk_user_name(const char *user_name, const char *domain, + DOM_SID *sid, uint8 *type); +uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, + DOM_SID *sid, uint8 *type); +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); +uint16 pwdb_decode_acct_ctrl(const char *p); +time_t pwdb_get_last_set_time(const char *p); +void pwdb_set_logon_time(char *p, int max_len, time_t t); +void pwdb_set_logoff_time(char *p, int max_len, time_t t); +void pwdb_set_kickoff_time(char *p, int max_len, time_t t); +void pwdb_set_can_change_time(char *p, int max_len, time_t t); +void pwdb_set_must_change_time(char *p, int max_len, time_t t); +void pwdb_set_last_set_time(char *p, int max_len, time_t t); +void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); +BOOL pwdb_gethexpwd(const char *p, char *pwd); +BOOL pwdb_initialise(void); + /*The following definitions come from lib/util_sid.c */ -char *sid_to_string(pstring sidstr_out, DOM_SID *sid); -BOOL string_to_sid(DOM_SID *sidout, char *sidstr); +char *sid_to_string(pstring sidstr_out, const DOM_SID *sid); +BOOL string_to_sid(DOM_SID *sidout, const char *sidstr); BOOL sid_append_rid(DOM_SID *sid, uint32 rid); BOOL sid_split_rid(DOM_SID *sid, uint32 *rid); -void sid_copy(DOM_SID *sid1, DOM_SID *sid2); -BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2); -int sid_size(DOM_SID *sid); +void sid_copy(DOM_SID *sid1, const DOM_SID *sid2); +BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2); +BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2); +int sid_size(const DOM_SID *sid); /*The following definitions come from lib/util_sock.c */ @@ -1058,6 +1108,8 @@ char *lp_workgroup(void); char *lp_username_map(void); char *lp_aliasname_map(void); char *lp_groupname_map(void); +char *lp_builtinname_map(void); +char *lp_ntusrname_map(void); char *lp_logon_script(void); char *lp_logon_path(void); char *lp_logon_drive(void); @@ -1275,47 +1327,19 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd, /*The following definitions come from passdb/passdb.c */ BOOL initialise_password_db(void); -struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid); -struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid); +struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid); struct smb_passwd *iterate_getsmbpwnam(const char *name); void *startsmbpwent(BOOL update); void endsmbpwent(void *vp); +SMB_BIG_UINT getsmbpwpos(void *vp); +BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok); struct smb_passwd *getsmbpwent(void *vp); BOOL add_smbpwd_entry(struct smb_passwd *newpwd); BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override); struct smb_passwd *getsmbpwnam(const char *name); -struct smb_passwd *getsmbpwrid(uint32 user_rid); -struct smb_passwd *getsmbpwuid(uid_t smb_userid); -struct sam_passwd *iterate_getsam21pwnam(const char *name); -struct sam_passwd *iterate_getsam21pwrid(uint32 rid); -struct sam_passwd *iterate_getsam21pwuid(uid_t uid); -struct sam_disp_info *getsamdisprid(uint32 rid); -struct sam_passwd *getsam21pwent(void *vp); -struct sam_passwd *getsam21pwnam(const char *name); -struct sam_passwd *getsam21pwrid(uint32 rid); +struct smb_passwd *getsmbpwuid(uid_t unix_uid); void pwdb_init_smb(struct smb_passwd *user); -void pwdb_init_sam(struct sam_passwd *user); -struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user); -struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user); -struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user); -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); -uint16 pwdb_decode_acct_ctrl(const char *p); -time_t pwdb_get_last_set_time(const char *p); -void pwdb_set_logon_time(char *p, int max_len, time_t t); -void pwdb_set_logoff_time(char *p, int max_len, time_t t); -void pwdb_set_kickoff_time(char *p, int max_len, time_t t); -void pwdb_set_can_change_time(char *p, int max_len, time_t t); -void pwdb_set_must_change_time(char *p, int max_len, time_t t); -void pwdb_set_last_set_time(char *p, int max_len, time_t t); -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); -BOOL pwdb_gethexpwd(const char *p, char *pwd); -uid_t pwdb_user_rid_to_uid(uint32 user_rid); -uint32 pwdb_uid_to_user_rid(uid_t uid); -uint32 pwdb_gid_to_group_rid(gid_t gid); -gid_t pwdb_group_rid_to_gid(uint32 group_rid); -uint32 pwdb_gid_to_alias_rid(gid_t gid); -gid_t pwdb_alias_rid_to_gid(uint32 alias_rid); -BOOL pwdb_rid_is_user(uint32 rid); +struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb); /*The following definitions come from passdb/passgrp.c */ @@ -1323,10 +1347,10 @@ BOOL initialise_passgrp_db(void); struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); -struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); -struct smb_passwd *iterate_getsmbgrpnam(char *name, +struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); void *startsmbgrpent(BOOL update); @@ -1334,24 +1358,45 @@ void endsmbgrpent(void *vp); struct smb_passwd *getsmbgrpent(void *vp, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); -struct smb_passwd *getsmbgrpnam(char *name, +struct smb_passwd *getsmbgrpntnam(char *name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); struct smb_passwd *getsmbgrprid(uint32 user_rid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); -struct smb_passwd *getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss); +/*The following definitions come from passdb/sampass.c */ + +void *startsamfilepwent(BOOL update); +void endsamfilepwent(void *vp); +SMB_BIG_UINT getsamfilepwpos(void *vp); +BOOL setsamfilepwpos(void *vp, SMB_BIG_UINT tok); +struct sam_passdb_ops *file_initialise_sam_password_db(void); + +/*The following definitions come from passdb/sampassdb.c */ + +BOOL initialise_sam_password_db(void); +void *startsam21pwent(BOOL update); +void endsam21pwent(void *vp); +struct sam_passwd *getsam21pwent(void *vp); +struct sam_passwd *iterate_getsam21pwntnam(const char *name); +struct sam_passwd *iterate_getsam21pwrid(uint32 rid); +struct sam_passwd *iterate_getsam21pwuid(uid_t uid); +struct sam_disp_info *getsamdisprid(uint32 rid); +struct sam_passwd *getsam21pwntnam(const char *name); +struct sam_passwd *getsam21pwrid(uint32 rid); +void pwdb_init_sam(struct sam_passwd *user); +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user); +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user); +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user); +struct sam_passwd *pwdb_sam_map_names(struct sam_passwd *sam); + /*The following definitions come from passdb/smbpass.c */ -void *startsmbfilepwent(BOOL update); -void endsmbfilepwent(void *vp); -SMB_BIG_UINT getsmbfilepwpos(void *vp); -BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok); -struct smb_passwd *getsmbfilepwent(void *vp); -struct passdb_ops *file_initialise_password_db(void); +struct smb_passdb_ops *file_initialise_password_db(void); /*The following definitions come from passdb/smbpasschange.c */ @@ -1407,10 +1452,10 @@ void load_printers(void); BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]); BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd); BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, + uint32 luid_low, char *password, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24], + uint32 luid_low, char lm_chal[8], char lm_chal_resp[24], char nt_chal_resp[24], NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); @@ -1535,6 +1580,9 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli, uint32 *num_aliases, fstring als_names [MAX_LOOKUP_SIDS], uint32 num_als_users[MAX_LOOKUP_SIDS]); +BOOL do_samr_query_useraliases(struct cli_state *cli, + POLICY_HND *pol, DOM_SID *sid, + uint32 *num_aliases, uint32 *rid); BOOL do_samr_query_usergroups(struct cli_state *cli, POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid); BOOL do_samr_query_userinfo(struct cli_state *cli, @@ -1621,7 +1669,6 @@ uint32 get_enum_hnd(ENUM_HND *enh); void make_enum_hnd(ENUM_HND *enh, uint32 hnd); void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth); void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth); -void make_dom_sid(DOM_SID *sid, char *str_sid); void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid); void smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth); void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer); @@ -1986,6 +2033,9 @@ void make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, uint16 switch_value, char *acct_desc, uint32 status); void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_struct *ps, int depth); +void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, + POLICY_HND *hnd, + DOM_SID *sid); void samr_io_q_query_useraliases(char *desc, SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth); void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u, uint32 num_rids, uint32 *rid, uint32 status); @@ -2211,20 +2261,13 @@ uint32 lookup_wk_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type); uint32 lookup_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type); uint32 lookup_wk_user_sid(DOM_SID *sid, char *user_name, uint8 *type); uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type); -uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type); -uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type); -uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type); -uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type); -uint32 lookup_added_user_rids(char *user_name, +uint32 lookup_added_group_name(const char *grp_name, const char *domain, + DOM_SID *sid, uint8 *type); +uint32 lookup_added_alias_name(const char *als_name, const char *domain, + DOM_SID *sid, uint8 *type); +uint32 lookup_added_user_rids(char *nt_name, uint32 *usr_rid, uint32 *grp_rid); -uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type); -uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type); -uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type); -uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type); -uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type); -uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type); uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type); -uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid); /*The following definitions come from rpc_server/srv_lsa.c */ @@ -2278,16 +2321,6 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data); BOOL api_samr_rpc(pipes_struct *p, prs_struct *data); -/*The following definitions come from rpc_server/srv_sid.c */ - -void get_sam_domain_name(void); -BOOL get_member_domain_sid(void); -void generate_wellknown_sids(void); -BOOL generate_sam_sid(void); -BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); -BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); -BOOL split_domain_name(char *fullname, char *domain, char *name); - /*The following definitions come from rpc_server/srv_srvsvc.c */ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); @@ -2384,6 +2417,9 @@ void display_share2(FILE *out_hnd, enum action_type action, char *path, char *passwd); void display_name(FILE *out_hnd, enum action_type action, char *sname); +void display_alias_rid_info(FILE *out_hnd, enum action_type action, + DOM_SID *sid, + uint32 num_rids, uint32 *rid); void display_group_rid_info(FILE *out_hnd, enum action_type action, uint32 num_gids, DOM_GID *gid); void display_alias_name_info(FILE *out_hnd, enum action_type action, @@ -2530,17 +2566,6 @@ void file_chain_reset(void); void file_chain_save(void); void file_chain_restore(void); -/*The following definitions come from smbd/groupname.c */ - -BOOL map_group_sid(DOM_SID *psid, gid_t *gid, char *group_name, char *nt_domain); -BOOL map_alias_sid(DOM_SID *psid, gid_t *gid, char *alias_name, char *nt_domain); -BOOL map_unix_group_name(char *group_name, DOM_SID *psid, char *ntgroup_name, char *nt_domain); -BOOL map_unix_alias_name(char *alias_name, DOM_SID *psid, char *ntalias_name, char *nt_domain); -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_SID *psid, char *group_name, gid_t *gid); -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_SID *psid, char *alias_name, gid_t *gid); -BOOL map_alias_gid(gid_t gid, DOM_SID *psid, char *nt_als_name, char *nt_domain); -BOOL map_group_gid( gid_t gid, DOM_SID *psid, char *nt_grp_name, char *nt_domain); - /*The following definitions come from smbd/ipc.c */ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index 786aad32d2..e41c61f882 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -43,12 +43,10 @@ #define BUILTIN_ALIAS_RID_USERS (0x00000221L) #define BUILTIN_ALIAS_RID_GUESTS (0x00000222L) #define BUILTIN_ALIAS_RID_POWER_USERS (0x00000223L) - #define BUILTIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) #define BUILTIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) #define BUILTIN_ALIAS_RID_PRINT_OPS (0x00000226L) #define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L) - #define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L) /* @@ -61,9 +59,9 @@ #define RID_MULTIPLIER 4 /* The three common types. */ -#define RID_TYPE_USER 0 -#define RID_TYPE_GROUP 1 -#define RID_TYPE_ALIAS 2 +#define RID_TYPE_USER 0 +#define RID_TYPE_GROUP 1 +#define RID_TYPE_ALIAS 2 /* ENUM_HND */ typedef struct enum_hnd_info @@ -213,6 +211,17 @@ typedef struct domrid4_info } DOM_RID4; +/* DOM_RID5 - rid, type & attributes */ +typedef struct domrid5_info +{ + uint32 ptr_unk; /* pointer to unk */ + uint32 unk; /* value is 0x1 */ + uint32 rid; /* RID */ + uint8 type; /* SID_NAME_USE_ENUM */ + uint16 attr; + +} DOM_RID5; + /* DOM_CLNT_SRV - client / server names */ typedef struct clnt_srv_info { diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index d373cff8c7..83be3b83f0 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -32,16 +32,16 @@ the following information comes from a QuickView on samsrv.dll, and gives an idea of exactly what is needed: -SamrAddMemberToAlias -SamrAddMemberToGroup +x SamrAddMemberToAlias +x SamrAddMemberToGroup SamrAddMultipleMembersToAlias -SamrChangePasswordUser +x SamrChangePasswordUser x SamrCloseHandle x SamrConnect -SamrCreateAliasInDomain -SamrCreateGroupInDomain +x SamrCreateAliasInDomain +x SamrCreateGroupInDomain SamrCreateUserInDomain -SamrDeleteAlias +? SamrDeleteAlias SamrDeleteGroup SamrDeleteUser x SamrEnumerateAliasesInDomain @@ -54,7 +54,7 @@ SamrLookupDomainInSamServer x SamrLookupNamesInDomain x SamrOpenAlias x SamrOpenDomain -SamrOpenGroup +x SamrOpenGroup x SamrOpenUser x SamrQueryDisplayInformation x SamrQueryInformationAlias @@ -65,9 +65,9 @@ SamrRemoveMemberFromAlias SamrRemoveMemberFromForiegnDomain SamrRemoveMemberFromGroup SamrRemoveMultipleMembersFromAlias -SamrSetInformationAlias +x SamrSetInformationAlias SamrSetInformationDomain -SamrSetInformationGroup +x SamrSetInformationGroup SamrSetInformationUser SamrSetMemberAttributesOfGroup SamrSetSecurityObject @@ -77,30 +77,53 @@ SamrTestPrivateFunctionsUser ********************************************************************/ +#define SAMR_CONNECT_ANON 0x00 #define SAMR_CLOSE_HND 0x01 + +#define SAMR_UNKNOWN_3 0x03 #define SAMR_OPEN_DOMAIN 0x07 + #define SAMR_QUERY_DOMAIN_INFO 0x08 -#define SAMR_QUERY_USERALIASES 0x10 + +#define SAMR_CREATE_DOM_GROUP 0x0a +#define SAMR_ENUM_DOM_USERS 0x0d +#define SAMR_CREATE_DOM_ALIAS 0x0e +#define SAMR_ENUM_DOM_ALIASES 0x0f +#define SAMR_QUERY_USERALIASES 0x10 + #define SAMR_LOOKUP_NAMES 0x11 -#define SAMR_UNKNOWN_3 0x03 -#define SAMR_QUERY_DISPINFO 0x28 +#define SAMR_UNKNOWN_12 0x12 + +#define SAMR_OPEN_GROUP 0x13 +#define SAMR_QUERY_GROUPINFO 0x14 +#define SAMR_SET_GROUPINFO 0x15 +#define SAMR_ADD_GROUPMEM 0x16 +#define SAMR_QUERY_GROUPMEM 0x19 + +#define SAMR_OPEN_ALIAS 0x1b +#define SAMR_QUERY_ALIASINFO 0x1c +#define SAMR_SET_ALIASINFO 0x1d +#define SAMR_DELETE_DOM_ALIAS 0x1e +#define SAMR_UNK_ALIAS 0x1f +#define SAMR_ADD_ALIASMEM 0x20 +#define SAMR_QUERY_ALIASMEM 0x21 + +#define SAMR_UNKNOWN_21 0x21 #define SAMR_OPEN_USER 0x22 + #define SAMR_QUERY_USERINFO 0x24 #define SAMR_QUERY_USERGROUPS 0x27 -#define SAMR_UNKNOWN_12 0x12 -#define SAMR_UNKNOWN_21 0x21 +#define SAMR_QUERY_DISPINFO 0x28 + #define SAMR_UNKNOWN_2C 0x2c +#define SAMR_ENUM_DOM_GROUPS 0x30 #define SAMR_UNKNOWN_32 0x32 #define SAMR_UNKNOWN_34 0x34 + #define SAMR_CHGPASSWD_USER 0x37 #define SAMR_UNKNOWN_38 0x38 + #define SAMR_CONNECT 0x39 -#define SAMR_CONNECT_ANON 0x00 -#define SAMR_OPEN_ALIAS 0x1b -#define SAMR_QUERY_ALIASINFO 0x1c -#define SAMR_ENUM_DOM_USERS 0x0d -#define SAMR_ENUM_DOM_ALIASES 0x0f -#define SAMR_ENUM_DOM_GROUPS 0x30 typedef struct logon_hours_info @@ -228,7 +251,7 @@ typedef struct q_samr_close_hnd_info /* SAMR_R_CLOSE_HND - probably a policy handle close */ typedef struct r_samr_close_hnd_info { - POLICY_HND pol; /* policy handle */ + POLICY_HND pol; /* policy handle */ uint32 status; /* return status */ } SAMR_R_CLOSE_HND; @@ -673,9 +696,143 @@ typedef struct r_samr_query_dispinfo_info } SAMR_R_QUERY_DISPINFO; +#define SAMR_CREATE_DOM_GROUP 0x0a + +/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */ +typedef struct q_samr_create_dom_group_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + + uint16 unknown_1; /* 0x0002 */ + uint16 unknown_2; /* 0x0001 */ + +} SAMR_Q_CREATE_DOM_GROUP; + +/* SAMR_R_CREATE_DOM_GROUP - SAM create group */ +typedef struct r_samr_create_dom_group_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 rid; + uint32 status; + +} SAMR_R_CREATE_DOM_GROUP; + +/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */ +typedef struct q_samr_query_group_info +{ + POLICY_HND pol; /* policy handle */ + + uint16 switch_level; /* 0x0001 seen */ + +} SAMR_Q_QUERY_GROUPINFO; + +typedef struct samr_group_info1 +{ + UNIHDR hdr_acct_name; + UNIHDR hdr_acct_desc; + + uint32 unknown_1; /* 0x0000 0003 - number of group members? */ + uint32 unknown_2; /* 0x0000 0001 - number of group members? */ + + UNISTR2 uni_acct_name; + UNISTR2 uni_acct_desc; + +} GROUP_INFO1; + +typedef struct samr_group_info4 +{ + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + +} GROUP_INFO4; + +/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */ +typedef struct r_samr_query_groupinfo_info +{ + uint32 ptr; + uint16 switch_value; /* 0x0001 seen */ + /* uint8[2] padding */ + + union + { + GROUP_INFO1 info1; + + } group; + + uint32 status; + +} SAMR_R_QUERY_GROUPINFO; + + +/* SAMR_Q_SET_GROUPINFO - SAM Group Info */ +typedef struct q_samr_set_group_info +{ + POLICY_HND pol; /* policy handle */ + uint16 switch_value1; /* 0x0004 seen */ + uint16 switch_value2; /* 0x0004 seen */ + + union + { + GROUP_INFO4 info4; + + } group; + +} SAMR_Q_SET_GROUPINFO; + +/* SAMR_R_SET_GROUPINFO - SAM Group Info */ +typedef struct r_samr_set_group_info +{ + uint32 status; + +} SAMR_R_SET_GROUPINFO; + + +/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */ +typedef struct q_samr_delete_dom_alias_info +{ + POLICY_HND pol; /* policy handle */ + +} SAMR_Q_DELETE_DOM_ALIAS; + + +/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */ +typedef struct r_samr_delete_dom_alias_info +{ + POLICY_HND pol; /* policy handle */ + uint32 status; /* return status */ + +} SAMR_R_DELETE_DOM_ALIAS; + + +/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */ +typedef struct q_samr_create_dom_alias_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + + uint16 unknown_1; /* 0x001f */ + uint16 unknown_2; /* 0x000f */ + +} SAMR_Q_CREATE_DOM_ALIAS; + +/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */ +typedef struct r_samr_create_dom_alias_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 rid; + uint32 status; + +} SAMR_R_CREATE_DOM_ALIAS; /* SAMR_Q_QUERY_ALIASINFO - SAM Alias Info */ -typedef struct q_samr_enum_alias_info +typedef struct q_samr_query_alias_info { POLICY_HND pol; /* policy handle */ @@ -690,7 +847,7 @@ typedef struct samr_alias_info3 } ALIAS_INFO3; -/* SAMR_R_QUERY_ALIASINFO - SAM rids, names and descriptions */ +/* SAMR_R_QUERY_ALIASINFO - SAM alias info */ typedef struct r_samr_query_aliasinfo_info { uint32 ptr; @@ -708,6 +865,30 @@ typedef struct r_samr_query_aliasinfo_info } SAMR_R_QUERY_ALIASINFO; +/* SAMR_Q_SET_ALIASINFO - SAM Alias Info */ +typedef struct q_samr_set_alias_info +{ + POLICY_HND pol; /* policy handle */ + + uint16 switch_value1; /* 0x0003 */ + uint16 switch_value2; /* 0x0003 */ + + union + { + ALIAS_INFO3 info3; + + } alias; + +} SAMR_Q_SET_ALIASINFO; + +/* SAMR_R_SET_ALIASINFO - SAM alias info */ +typedef struct r_samr_set_aliasinfo_info +{ + uint32 status; + +} SAMR_R_SET_ALIASINFO; + + /* SAMR_Q_QUERY_USERGROUPS - */ typedef struct q_samr_query_usergroup_info { @@ -788,7 +969,7 @@ typedef struct r_samr_query_useraliases_info uint32 ptr; /* undocumented buffer pointer */ uint32 num_entries2; - uint32 rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */ + uint32 *rid; /* domain RIDs being looked up */ uint32 status; /* return code */ @@ -911,17 +1092,6 @@ typedef struct q_samr_unknown_13_info } SAMR_Q_UNKNOWN_13; -/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */ -typedef struct q_samr_unknown_21_info -{ - POLICY_HND group_pol; /* policy handle */ - - uint16 unknown_1; /* 16 bit unknown - 0x0477 */ - uint16 unknown_2; /* 16 bit unknown - 0x0000 */ - -} SAMR_Q_UNKNOWN_21; - - /* SAMR_Q_UNKNOWN_32 - probably a "create SAM entry" */ typedef struct q_samr_unknown_32_info { @@ -950,6 +1120,91 @@ typedef struct r_samr_unknown_32_info } SAMR_R_UNKNOWN_32; +/* SAMR_Q_ADD_GROUPMEM - probably an add group member */ +typedef struct q_samr_add_group_mem_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 rid; /* rid */ + uint32 unknown; /* 0x0000 0005 */ + +} SAMR_Q_ADD_GROUPMEM; + + +/* SAMR_R_ADD_GROUPMEM - probably an add group member */ +typedef struct r_samr_add_group_mem_info +{ + uint32 status; /* return status */ + +} SAMR_R_ADD_GROUPMEM; + + +/* SAMR_Q_OPEN_GROUP - probably an open */ +typedef struct q_samr_open_group_info +{ + uint32 unknown_0; /* 0x0000 0001, 0x0000 0003, 0x0000 001f */ + uint32 rid_group; /* rid */ + +} SAMR_Q_OPEN_GROUP; + + +/* SAMR_R_OPEN_GROUP - probably an open */ +typedef struct r_samr_open_group_info +{ + POLICY_HND pol; /* policy handle */ + uint32 status; /* return status */ + +} SAMR_R_OPEN_GROUP; + + +/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */ +typedef struct q_samr_unknown_21_info +{ + POLICY_HND group_pol; /* policy handle */ + + uint16 unknown_1; /* 16 bit unknown - 0x0477 */ + uint16 unknown_2; /* 16 bit unknown - 0x0000 */ + +} SAMR_Q_UNKNOWN_21; + + +/* SAMR_Q_UNK_ALIASMEM - don't know! */ +typedef struct q_samr_unk_alias_mem_info +{ + POLICY_HND pol; /* policy handle */ + + DOM_SID sid; /* member sid to be "something"ed to do with the alias */ + +} SAMR_Q_UNK_ALIASMEM; + + +/* SAMR_R_UNK_ALIASMEM - probably an open */ +typedef struct r_samr_unk_alias_mem_info +{ + uint32 status; /* return status */ + +} SAMR_R_UNK_ALIASMEM; + + +/* SAMR_Q_ADD_ALIASMEM - probably an add member */ +typedef struct q_samr_add_alias_mem_info +{ + POLICY_HND pol; /* policy handle */ + + DOM_SID sid; /* member sid to be added to alias */ + +} SAMR_Q_ADD_ALIASMEM; + + +/* SAMR_R_ADD_ALIASMEM - probably an open */ +typedef struct r_samr_add_alias_mem_info +{ + uint32 status; /* return status */ + +} SAMR_R_ADD_ALIASMEM; + + + /* SAMR_Q_OPEN_ALIAS - probably an open */ typedef struct q_samr_open_alias_info { diff --git a/source3/include/smb.h b/source3/include/smb.h index 50d8c080a3..3d8dd14a1b 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -357,14 +357,15 @@ typedef struct nttime_info struct sam_passwd { - time_t logon_time; /* logon time */ - time_t logoff_time; /* logoff time */ - time_t kickoff_time; /* kickoff time */ - time_t pass_last_set_time; /* password last set time */ - time_t pass_can_change_time; /* password can change time */ - time_t pass_must_change_time; /* password must change time */ - - char *smb_name; /* username string */ + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + char *unix_name; /* unix username string */ + char *nt_name; /* nt username string */ char *full_name; /* user's full name string */ char *home_dir; /* home directory string */ char *dir_drive; /* home directory drive string */ @@ -375,8 +376,8 @@ struct sam_passwd char *unknown_str ; /* don't know what this is, yet. */ char *munged_dial ; /* munged path name and dial-back tel number */ - uid_t smb_userid; /* this is actually the unix uid_t */ - gid_t smb_grpid; /* this is actually the unix gid_t */ + uid_t unix_uid; /* this is actually the unix uid_t */ + gid_t unix_gid; /* this is actually the unix gid_t */ uint32 user_rid; /* Primary User ID */ uint32 group_rid; /* Primary Group ID */ @@ -396,8 +397,11 @@ struct sam_passwd struct smb_passwd { - uid_t smb_userid; /* this is actually the unix uid_t */ - char *smb_name; /* username string */ + uid_t unix_uid; /* unix userid */ + char *unix_name; /* unix username string */ + + uint32 user_rid; /* Primary User ID */ + char *nt_name; /* unix username string */ unsigned char *smb_passwd; /* Null if no password */ unsigned char *smb_nt_passwd; /* Null if no password */ @@ -410,8 +414,8 @@ struct smb_passwd struct sam_disp_info { uint32 user_rid; /* Primary User ID */ - char *smb_name; /* username string */ - char *full_name; /* user's full name string */ + char *nt_name; /* username string */ + char *full_name; /* user's full name string */ }; #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ @@ -431,6 +435,28 @@ typedef struct sid_info } DOM_SID; +typedef struct group_name_info +{ + char *nt_name; + char *nt_domain; + char *unix_name; + + DOM_SID sid; + uint8 type; + uint32 unix_id; + +} DOM_NAME_MAP; + +/* map either local aliases, domain groups or builtin aliases */ +typedef enum +{ + DOM_MAP_LOCAL, + DOM_MAP_DOMAIN, + DOM_MAP_USER, + +} DOM_MAP_TYPE; + + /*** query a local group, get a list of these: shows who is in that group ***/ /* local group member info */ @@ -744,40 +770,60 @@ struct shmem_ops { * to support the following operations. */ -struct passdb_ops { - /* - * Password database ops. - */ - void *(*startsmbpwent)(BOOL); - void (*endsmbpwent)(void *); - SMB_BIG_UINT (*getsmbpwpos)(void *); - BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT); +struct smb_passdb_ops +{ + /* + * Password database operations. + */ + void *(*startsmbpwent)(BOOL); + void (*endsmbpwent)(void *); + SMB_BIG_UINT (*getsmbpwpos)(void *); + BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT); - /* - * smb password database query functions. - */ - struct smb_passwd *(*getsmbpwnam)(const char *); - struct smb_passwd *(*getsmbpwuid)(uid_t); - struct smb_passwd *(*getsmbpwrid)(uint32); - struct smb_passwd *(*getsmbpwent)(void *); + /* + * smb password database query functions. + */ + struct smb_passwd *(*getsmbpwnam)(const char *); + struct smb_passwd *(*getsmbpwuid)(uid_t); + struct smb_passwd *(*getsmbpwent)(void *); + /* + * smb password database modification functions. + */ + BOOL (*add_smbpwd_entry)(struct smb_passwd *); + BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL); + +#if 0 /* - * smb password database modification functions. + * password checking functions */ - BOOL (*add_smbpwd_entry)(struct smb_passwd *); - BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL); + struct smb_passwd *(*smb_password_chal )(const char *username, const char lm_pass[24], const char nt_pass[24], char chal[8]); + struct smb_passwd *(*smb_password_check )(const char *username, const char lm_hash[16], const char nt_hash[16]); + struct passwd *(*unix_password_check)(const char *username, const char *pass, int pass_len); +#endif +}; + +/* + * Each implementation of the password database code needs + * to support the following operations. + */ +struct sam_passdb_ops { /* - * Functions that manupulate a struct sam_passwd. + * Password database operations. */ - struct sam_passwd *(*getsam21pwent)(void *); + void *(*startsam21pwent)(BOOL); + void (*endsam21pwent)(void *); + SMB_BIG_UINT (*getsam21pwpos)(void *); + BOOL (*setsam21pwpos)(void *, SMB_BIG_UINT); /* * sam password database query functions. */ - struct sam_passwd *(*getsam21pwnam)(const char *); + struct sam_passwd *(*getsam21pwntnam)(const char *); struct sam_passwd *(*getsam21pwuid)(uid_t); struct sam_passwd *(*getsam21pwrid)(uint32); + struct sam_passwd *(*getsam21pwent)(void *); /* * sam password database modification functions. @@ -788,18 +834,10 @@ struct passdb_ops { /* * sam query display info functions. */ - struct sam_disp_info *(*getsamdispnam)(const char *); + struct sam_disp_info *(*getsamdispntnam)(const char *); struct sam_disp_info *(*getsamdisprid)(uint32); struct sam_disp_info *(*getsamdispent)(void *); -#if 0 - /* - * password checking functions - */ - struct smb_passwd *(*smb_password_chal )(const char *username, const char lm_pass[24], const char nt_pass[24], char chal[8]); - struct smb_passwd *(*smb_password_check )(const char *username, const char lm_hash[16], const char nt_hash[16]); - struct passwd *(*unix_password_check)(const char *username, const char *pass, int pass_len); -#endif }; /* @@ -807,23 +845,23 @@ struct passdb_ops { * to support the following operations. */ -struct passgrp_ops { - /* - * Password database ops. - */ - void *(*startsmbgrpent)(BOOL); - void (*endsmbgrpent)(void *); - SMB_BIG_UINT (*getsmbgrppos)(void *); - BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT); - - /* - * smb passgrp database query functions. - */ - struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*); - struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*); - struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*); - struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*); +struct passgrp_ops +{ + /* + * Password group database ops. + */ + void *(*startsmbgrpent)(BOOL); + void (*endsmbgrpent)(void *); + SMB_BIG_UINT (*getsmbgrppos)(void *); + BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT); + /* + * smb passgrp database query functions, by user attributes. + */ + struct smb_passwd *(*getsmbgrpntnam)(const char *, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*); }; /* @@ -846,10 +884,9 @@ struct groupdb_ops BOOL (*setgrouppos)(void *, SMB_BIG_UINT); /* - * group database query functions. set the BOOL to Tru - * if you want the members in the group as well. + * group database query functions. */ - DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgroupntnam)(const char *, DOMAIN_GRP_MEMBER **, int *); DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *); DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *); DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *); @@ -863,7 +900,7 @@ struct groupdb_ops /* * user group functions */ - BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *); + BOOL (*getusergroupsntnam)(const char *, DOMAIN_GRP **, int *); }; /* @@ -886,10 +923,9 @@ struct aliasdb_ops BOOL (*setaliaspos)(void *, SMB_BIG_UINT); /* - * alias database query functions. set the BOOL to Tru - * if you want the members in the alias as well. + * alias database query functions. */ - LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasntnam)(const char *, LOCAL_GRP_MEMBER **, int *); LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *); LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *); LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *); @@ -903,7 +939,7 @@ struct aliasdb_ops /* * user alias functions */ - BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *); + BOOL (*getuseraliasntnam)(const char *, LOCAL_GRP **, int *); }; /* this is used for smbstatus */ diff --git a/source3/lib/util.c b/source3/lib/util.c index 757abc8175..8bc75e1137 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -121,7 +121,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups) /**************************************************************************** gets either a hex number (0xNNN) or decimal integer (NNN). ****************************************************************************/ -int get_number(char *tmp) +int get_number(const char *tmp) { if (strnequal(tmp, "0x", 2)) { @@ -2185,33 +2185,18 @@ void standard_sub(connection_struct *conn,char *str) { char *p, *s, *home; - for (s=str; (p=strchr(s, '%'));s=p) { - switch (*(p+1)) { - case 'H': - if ((home = get_home_dir(conn->user))) { - string_sub(p,"%H",home); - } else { - p += 2; - } - break; - - case 'P': - string_sub(p,"%P",conn->connectpath); - break; - - case 'S': - string_sub(p,"%S", - lp_servicename(SNUM(conn))); - break; - - case 'g': - string_sub(p,"%g", - gidtoname(conn->gid)); - break; - case 'u': - string_sub(p,"%u",conn->user); - break; - + for (s=str; (p=strchr(s, '%'));s=p) + { + switch (*(p+1)) + { + case 'H': + if ((home = get_home_dir(conn->user)) != NULL) { + string_sub(p,"%H",home); + } else { + p += 2; + } + break; + /* Patch from jkf@soton.ac.uk Left the %N (NIS * server name) in standard_sub_basic as it is * a feature for logon servers, hence uses the @@ -2219,17 +2204,14 @@ void standard_sub(connection_struct *conn,char *str) * here as it is used instead of the default * "path =" string in [homes] and so needs the * service name, not the username. */ - case 'p': - string_sub(p,"%p", - automount_path(lp_servicename(SNUM(conn)))); - break; - case '\0': - p++; - break; /* don't run off the end of the string - */ - - default: p+=2; - break; + case 'p': string_sub(p,"%p", automount_path(lp_servicename(SNUM(conn)))); break; + case 'P': string_sub(p,"%P",conn->connectpath); break; + case 'S': string_sub(p,"%S", lp_servicename(SNUM(conn))); break; + case 'g': string_sub(p,"%g", gidtoname(conn->gid)); break; + case 'u': string_sub(p,"%u", conn->user); break; + + case '\0': p++; break; /* don't run off the end of the string */ + default : p+=2; break; } } @@ -2350,14 +2332,49 @@ char *gidtoname(gid_t gid) return(name); } +/******************************************************************* +turn a group name into a gid +********************************************************************/ + +BOOL nametogid(const char *name, gid_t *gid) +{ + struct group *grp = getgrnam(name); + if (grp) + { + *gid = grp->gr_gid; + return True; + } + else if (isdigit(name[0])) + { + *gid = (gid_t)get_number(name); + return True; + } + else + { + return False; + } +} + /******************************************************************* turn a user name into a uid ********************************************************************/ -uid_t nametouid(const char *name) +BOOL nametouid(const char *name, uid_t *uid) { - struct passwd *pass = getpwnam(name); - if (pass) return(pass->pw_uid); - return (uid_t)-1; + struct passwd *pass = Get_Pwnam(name, False); + if (pass) + { + *uid = pass->pw_uid; + return True; + } + else if (isdigit(name[0])) + { + *uid = (uid_t)get_number(name); + return True; + } + else + { + return False; + } } /******************************************************************* diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 8741479067..48c092ecf7 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -29,7 +29,7 @@ extern int DEBUGLEVEL; Convert a SID to an ascii string. *****************************************************************/ -char *sid_to_string(pstring sidstr_out, DOM_SID *sid) +char *sid_to_string(pstring sidstr_out, const DOM_SID *sid) { char subauth[16]; int i; @@ -55,10 +55,10 @@ char *sid_to_string(pstring sidstr_out, DOM_SID *sid) Convert a string to a SID. Returns True on success, False on fail. *****************************************************************/ -BOOL string_to_sid(DOM_SID *sidout, char *sidstr) +BOOL string_to_sid(DOM_SID *sidout, const char *sidstr) { pstring tok; - char *p = sidstr; + const char *p = sidstr; /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ uint32 ia; @@ -146,7 +146,7 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid) /***************************************************************** copies a sid *****************************************************************/ -void sid_copy(DOM_SID *sid1, DOM_SID *sid2) +void sid_copy(DOM_SID *sid1, const DOM_SID *sid2) { int i; @@ -163,10 +163,35 @@ void sid_copy(DOM_SID *sid1, DOM_SID *sid2) sid1->num_auths = sid2->num_auths; sid1->sid_rev_num = sid2->sid_rev_num; } + +/***************************************************************** + compare two sids up to the auths of the first sid +*****************************************************************/ +BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2) +{ + int i; + + /* compare most likely different rids, first: i.e start at end */ + for (i = sid1->num_auths-1; i >= 0; --i) + { + if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False; + } + + if (sid1->num_auths > sid2->num_auths ) return False; + if (sid1->sid_rev_num != sid2->sid_rev_num) return False; + + for (i = 0; i < 6; i++) + { + if (sid1->id_auth[i] != sid2->id_auth[i]) return False; + } + + return True; +} + /***************************************************************** compare two sids *****************************************************************/ -BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2) +BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2) { int i; @@ -191,7 +216,7 @@ BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2) /***************************************************************** calculates size of a sid *****************************************************************/ -int sid_size(DOM_SID *sid) +int sid_size(const DOM_SID *sid) { if (sid == NULL) { diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 2c9dd13274..bfcf0ad239 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -1,7 +1,7 @@ /* - Unix SMB/Netbios implementation. + Unix SMB/NetBIOS implementation. Version 1.9. - NBT netbios routines and daemon - version 2 + NBT NetBIOS routines and daemon - version 2 Copyright (C) Andrew Tridgell 1994-1998 This program is free software; you can redistribute it and/or modify @@ -509,7 +509,7 @@ static BOOL init_structs(void) *p = 0; strlower( local_machine ); - DEBUG( 5, ("Netbios name list:-\n") ); + DEBUG( 5, ("NetBIOS name list:-\n") ); for( n=0; my_netbios_names[n]; n++ ) DEBUGADD( 5, ( "my_netbios_names[%d]=\"%s\"\n", n, my_netbios_names[n] ) ); @@ -567,9 +567,6 @@ static void usage(char *pname) charset_initialise(); - if(!initialise_password_db()) - exit(1); - #ifdef LMHOSTSFILE pstrcpy( host_file, LMHOSTSFILE ); #endif @@ -661,7 +658,7 @@ static void usage(char *pname) reopen_logs(); - DEBUG( 1, ( "Netbios nameserver version %s started.\n", VERSION ) ); + DEBUG( 1, ( "NetBIOS nameserver version %s started.\n", VERSION ) ); DEBUGADD( 1, ( "Copyright Andrew Tridgell 1994-1998\n" ) ); if( !get_myname( myhostname, NULL) ) @@ -680,13 +677,17 @@ static void usage(char *pname) reload_services( True ); - fstrcpy( global_myworkgroup, lp_workgroup() ); - - if (strequal(global_myworkgroup,"*")) - { - DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n")); - exit(1); - } + if (!pwdb_initialise()) + { + exit(1); + } + + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(1); + } set_samba_nb_type(); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 2286d95fd5..871fc774a5 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -126,6 +126,8 @@ typedef struct char *szUsernameMap; char *szAliasnameMap; char *szGroupnameMap; + char *szBuiltinnameMap; + char *szNTusernameMap; char *szCharacterSet; char *szLogonScript; char *szLogonPath; @@ -517,9 +519,13 @@ static struct parm_struct parm_table[] = {"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0}, {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, +#if USE_SMBFILE_DB {"smb passgrp file", P_STRING, P_GLOBAL, &Globals.szSMBPassGroupFile, NULL, NULL, 0}, +#endif +#if USE_SMBGROUP_DB {"smb group file", P_STRING, P_GLOBAL, &Globals.szSMBGroupFile, NULL, NULL, 0}, {"smb alias file", P_STRING, P_GLOBAL, &Globals.szSMBAliasFile, NULL, NULL, 0}, +#endif {"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, @@ -687,6 +693,8 @@ static struct parm_struct parm_table[] = {"local group map", P_STRING, P_GLOBAL, &Globals.szAliasnameMap, NULL, NULL, 0}, {"domain group map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0}, + {"builtin group map", P_STRING, P_GLOBAL, &Globals.szBuiltinnameMap, NULL, NULL, 0}, + {"domain user map", P_STRING, P_GLOBAL, &Globals.szNTusernameMap, NULL, NULL, 0}, {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0}, {"Logon Options", P_SEP, P_SEPARATOR}, @@ -819,9 +827,13 @@ static void init_globals(void) DEBUG(3,("Initialising global parameters\n")); string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE); +#if USE_SMBFILE_DB string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE); +#endif +#if USE_SMBGROUP_DB string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE); string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE); +#endif string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*"); string_set(&Globals.szWorkGroup, WORKGROUP); string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM); @@ -1101,9 +1113,13 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile) FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun) FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile) FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile) +#if USE_SMBFILE_DB FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile) +#endif +#if USE_SMBGROUP_DB FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile) FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile) +#endif FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString) FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname) FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir) @@ -1120,6 +1136,8 @@ FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup) FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap) FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap) FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap) +FN_GLOBAL_STRING(lp_builtinname_map,&Globals.szBuiltinnameMap) +FN_GLOBAL_STRING(lp_ntusrname_map,&Globals.szNTusernameMap) FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive) diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index 270616fbcf..5e196889ca 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, get_single_attribute(ldap_struct, entry, "rid", temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pwdb_user_rid_to_uid (atoi(temp)); + user->unix_uid = pwdb_user_rid_to_uid (atoi(temp)); if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) { @@ -347,7 +347,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, user->group_rid = atoi(temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pw_buf.smb_userid; + user->unix_uid = pw_buf.unix_uid; user->smb_grpid = group_rid_to_uid(user->group_rid); user->acct_ctrl = pw_buf.acct_ctrl; @@ -553,7 +553,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) } slprintf(nthash, sizeof(nthash)-1, "%s", temp); - slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) ); + slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->unix_uid) ); slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time); mods = NULL; @@ -925,9 +925,9 @@ static struct smb_passwd *getldappwnam(char *name) return pwdb_sam_to_smb(iterate_getsam21pwnam(name)); } -static struct smb_passwd *getldappwuid(uid_t smb_userid) +static struct smb_passwd *getldappwuid(uid_t unix_uid) { - return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); + return pwdb_sam_to_smb(iterate_getsam21pwuid(unix_uid)); } static struct smb_passwd *getldappwrid(uint32 user_rid) diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index 58257d5b2d..f554958ade 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -371,7 +371,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); - slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid); + slprintf(uid, sizeof(uid), "%u", newpwd->unix_uid); slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid); slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); @@ -500,7 +500,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) uidval = atoi(ENTRY_VAL(obj, NPF_UID)); pw_buf->smb_name = user_name; - pw_buf->smb_userid = uidval; + pw_buf->unix_uid = uidval; pw_buf->smb_passwd = smbpwd; pw_buf->smb_nt_passwd = smbntpwd; @@ -621,9 +621,9 @@ static struct smb_passwd *getnisppwnam(char *name) return pwdb_sam_to_smb(getnisp21pwnam(name)); } -static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) +static struct sam_passwd *getnisp21pwuid(uid_t unix_uid) { - return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid)); + return getnisp21pwrid(pwdb_uid_to_user_rid(unix_uid)); } static struct smb_passwd *getnisppwrid(uid_t user_rid) @@ -631,9 +631,9 @@ static struct smb_passwd *getnisppwrid(uid_t user_rid) return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid))); } -static struct smb_passwd *getnisppwuid(uid_t smb_userid) +static struct smb_passwd *getnisppwuid(uid_t unix_uid) { - return pwdb_sam_to_smb(getnisp21pwuid(smb_userid)); + return pwdb_sam_to_smb(getnisp21pwuid(unix_uid)); } static struct sam_disp_info *getnispdispnam(char *name) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 70c7f1fc9c..4dc945ff31 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -24,6 +24,7 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -52,7 +53,7 @@ extern int DEBUGLEVEL; * */ -static struct passdb_ops *pwdb_ops; +static struct smb_passdb_ops *pwdb_ops; /*************************************************************** Initialise the password db operations. @@ -80,26 +81,17 @@ BOOL initialise_password_db(void) * Functions that return/manipulate a struct smb_passwd. */ -/************************************************************************ - Utility function to search smb passwd by rid. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) -{ - return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid)); -} - /************************************************************************ Utility function to search smb passwd by uid. use this if your database does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) +struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid) { struct smb_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid)); /* Open the smb password database - not for update. */ fp = startsmbpwent(False); @@ -110,13 +102,13 @@ struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) return NULL; } - while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid) + while ((pwd = getsmbpwent(fp)) != NULL && pwd->unix_uid != unix_uid) { } if (pwd != NULL) { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid)); } endsmbpwent(fp); @@ -144,9 +136,9 @@ struct smb_passwd *iterate_getsmbpwnam(const char *name) return NULL; } - while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name)) + while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->unix_name, name)) { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->smb_userid)); + DEBUG(10, ("iterate: %s 0x%x\n", pwd->unix_name, pwd->unix_uid)); } if (pwd != NULL) @@ -189,13 +181,23 @@ void endsmbpwent(void *vp) pwdb_ops->endsmbpwent(vp); } +SMB_BIG_UINT getsmbpwpos(void *vp) +{ + return pwdb_ops->getsmbpwpos(vp); +} + +BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok) +{ + return pwdb_ops->setsmbpwpos(vp, tok); +} + /************************************************************************* Routine to return the next entry in the smb passwd list. *************************************************************************/ struct smb_passwd *getsmbpwent(void *vp) { - return pwdb_ops->getsmbpwent(vp); + return pwdb_smb_map_names(pwdb_ops->getsmbpwent(vp)); } /************************************************************************ @@ -204,7 +206,7 @@ struct smb_passwd *getsmbpwent(void *vp) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pwdb_ops->add_smbpwd_entry(newpwd); + return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd)); } /************************************************************************ @@ -218,7 +220,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pwdb_ops->mod_smbpwd_entry(pwd, override); + return pwdb_ops->mod_smbpwd_entry(pwdb_smb_map_names(pwd), override); } /************************************************************************ @@ -227,604 +229,94 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(const char *name) { - return pwdb_ops->getsmbpwnam(name); -} - -/************************************************************************ - Routine to search smb passwd by user rid. -*************************************************************************/ - -struct smb_passwd *getsmbpwrid(uint32 user_rid) -{ - return pwdb_ops->getsmbpwrid(user_rid); + return pwdb_smb_map_names(pwdb_ops->getsmbpwnam(name)); } /************************************************************************ Routine to search smb passwd by uid. *************************************************************************/ -struct smb_passwd *getsmbpwuid(uid_t smb_userid) -{ - return pwdb_ops->getsmbpwuid(smb_userid); -} - -/* - * Functions that manupulate a struct sam_passwd. - */ - -/************************************************************************ - Utility function to search sam passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwnam(const char *name) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the smb password database - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name)) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by rid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwrid(uint32 rid) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by rid: %x\n", rid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) - { - DEBUG(10, ("found by user_rid: %x\n", rid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by uid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwuid(uid_t uid) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by uid: %x\n", (int)uid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid) - { - } - - if (pwd != NULL) - { - DEBUG(10, ("found by smb_userid: %x\n", (int)uid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************* - Routine to return a display info structure, by rid - *************************************************************************/ -struct sam_disp_info *getsamdisprid(uint32 rid) -{ - return pwdb_ops->getsamdisprid(rid); -} - -/************************************************************************* - Routine to return the next entry in the sam passwd list. - *************************************************************************/ - -struct sam_passwd *getsam21pwent(void *vp) -{ - return pwdb_ops->getsam21pwent(vp); -} - - -/************************************************************************ - Routine to search sam passwd by name. -*************************************************************************/ - -struct sam_passwd *getsam21pwnam(const char *name) -{ - return pwdb_ops->getsam21pwnam(name); -} - -/************************************************************************ - Routine to search sam passwd by rid. -*************************************************************************/ - -struct sam_passwd *getsam21pwrid(uint32 rid) +struct smb_passwd *getsmbpwuid(uid_t unix_uid) { - return pwdb_ops->getsam21pwrid(rid); -} - - -/********************************************************** - ********************************************************** - - utility routines which are likely to be useful to all password - databases - - ********************************************************** - **********************************************************/ - -/************************************************************* - initialises a struct sam_disp_info. - **************************************************************/ - -static void pwdb_init_dispinfo(struct sam_disp_info *user) -{ - if (user == NULL) return; - bzero(user, sizeof(*user)); + return pwdb_smb_map_names(pwdb_ops->getsmbpwuid(unix_uid)); } /************************************************************* initialises a struct smb_passwd. **************************************************************/ - void pwdb_init_smb(struct smb_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); user->pass_last_set_time = (time_t)-1; + user->unix_uid = (uid_t)-1; + user->user_rid = 0xffffffff; } /************************************************************* - initialises a struct sam_passwd. + fills in missing details. one set of details _must_ exist. **************************************************************/ -void pwdb_init_sam(struct sam_passwd *user) -{ - if (user == NULL) return; - bzero(user, sizeof(*user)); - user->logon_time = (time_t)-1; - user->logoff_time = (time_t)-1; - user->kickoff_time = (time_t)-1; - user->pass_last_set_time = (time_t)-1; - user->pass_can_change_time = (time_t)-1; - user->pass_must_change_time = (time_t)-1; -} - -/************************************************************************* - Routine to return the next entry in the sam passwd list. - *************************************************************************/ - -struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user) -{ - static struct sam_disp_info disp_info; - - if (user == NULL) return NULL; - - pwdb_init_dispinfo(&disp_info); - - disp_info.smb_name = user->smb_name; - disp_info.full_name = user->full_name; - disp_info.user_rid = user->user_rid; - - return &disp_info; -} - -/************************************************************* - converts a sam_passwd structure to a smb_passwd structure. - **************************************************************/ - -struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user) +struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb) { - static struct smb_passwd pw_buf; + DOM_NAME_MAP gmep; + BOOL found = False; + DOM_SID sid; + static fstring unix_name; + static fstring nt_name; - if (user == NULL) return NULL; + DEBUG(10,("pwdb_smb_map_names\n")); - pwdb_init_smb(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - - -/************************************************************* - converts a smb_passwd structure to a sam_passwd structure. - **************************************************************/ - -struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user) -{ - static struct sam_passwd pw_buf; - - if (user == NULL) return NULL; - - pwdb_init_sam(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) + if (smb == NULL) { - acct_str[i] = ' '; + return NULL; } - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - - this function breaks coding standards minimum line width of 80 chars. - reason: vertical line-up code clarity - all case statements fit into - 15 lines, which is more important. - **********************************************************/ - -uint16 pwdb_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') return 0; - - for (p++; *p && !finished; p++) + if (smb->unix_name == NULL && smb->nt_name == NULL && + smb->unix_uid == (uid_t)-1 && smb->user_rid == 0xffffffff) { - switch (*p) - { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } + return NULL; } - return acct_ctrl; -} - -/******************************************************************* - gets password-database-format time from a string. - ********************************************************************/ - -static time_t get_time_from_string(const char *p) -{ - int i; - - for (i = 0; i < 8; i++) + if (!found && smb->unix_name != NULL) { - if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - { - break; - } + found = lookupsmbpwnam(smb->unix_name, &gmep); } - if (i == 8) + if (!found && smb->unix_uid != (uid_t)-1) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - return (time_t)strtol(p, NULL, 16); + found = lookupsmbpwuid(smb->unix_uid , &gmep); } - return (time_t)-1; -} - -/******************************************************************* - gets password last set time - ********************************************************************/ -time_t pwdb_get_last_set_time(const char *p) -{ - if (*p && StrnCaseCmp(p, "LCT-", 4)) + if (!found) { - return get_time_from_string(p + 4); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, smb->user_rid); } - return (time_t)-1; -} - - -/******************************************************************* - sets password-database-format time in a string. - ********************************************************************/ -static void set_time_in_string(char *p, int max_len, char *type, time_t t) -{ - slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); -} - -/******************************************************************* - sets logon time - ********************************************************************/ -void pwdb_set_logon_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LNT", t); -} - -/******************************************************************* - sets logoff time - ********************************************************************/ -void pwdb_set_logoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LOT", t); -} - -/******************************************************************* - sets kickoff time - ********************************************************************/ -void pwdb_set_kickoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "KOT", t); -} - -/******************************************************************* - sets password can change time - ********************************************************************/ -void pwdb_set_can_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "CCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_must_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "MCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_last_set_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LCT", t); -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) + if (!found && smb->user_rid != 0xffffffff) { - int i; - for (i = 0; i < 16; i++) - { - slprintf(&p[i*2], 33, "%02X", pwd[i]); - } + found = lookupsmbpwsid (&sid , &gmep); } - else + if (!found && smb->nt_name != NULL) { - if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) - { - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - } - else - { - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } + found = lookupsmbpwntnam(smb->nt_name, &gmep); } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ -BOOL pwdb_gethexpwd(const char *p, char *pwd) -{ - return strhex_to_str(pwd, 32, p) == 16; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uid_t pwdb_user_rid_to_uid(uint32 user_rid) -{ - uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER); - return uid; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_uid_to_user_rid(uid_t uid) -{ - uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); - return user_rid; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_gid_to_group_rid(gid_t gid) -{ - uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); - return grp_rid; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -gid_t pwdb_group_rid_to_gid(uint32 group_rid) -{ - gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER); - return gid; -} - -/******************************************************************* - converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_gid_to_alias_rid(gid_t gid) -{ - uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); - return alias_rid; -} - -/******************************************************************* - converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -gid_t pwdb_alias_rid_to_gid(uint32 alias_rid) -{ - gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER); - return gid; -} -/******************************************************************* - Decides if a RID is a well known RID. - ********************************************************************/ -static BOOL pwdb_rid_is_well_known(uint32 rid) -{ - return (rid < 1000); -} + if (!found) + { + return NULL; + } -/******************************************************************* - determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_rid_type(uint32 rid) -{ - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type: SID_ENUM_TYPE. - */ - if (pwdb_rid_is_well_known(rid)) + if (!sid_front_equal(&global_sam_sid, &gmep.sid)) { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - { - return RID_TYPE_USER; - } - if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) - { - return RID_TYPE_GROUP; - } - if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) - { - return RID_TYPE_ALIAS; - } + return NULL; } - return (rid & RID_TYPE_MASK); -} -/******************************************************************* - checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -BOOL pwdb_rid_is_user(uint32 rid) -{ - return pwdb_rid_type(rid) == RID_TYPE_USER; -} + fstrcpy(unix_name, gmep.unix_name); + fstrcpy(nt_name , gmep.nt_name ); + if (smb->unix_name == NULL ) smb->unix_name = unix_name; + if (smb->nt_name == NULL ) smb->nt_name = nt_name ; + if (smb->unix_uid == (uid_t)-1 ) smb->unix_uid = (uid_t)gmep.unix_id; + if (smb->user_rid == 0xffffffff) sid_split_rid(&gmep.sid, &smb->user_rid); + return smb; +} diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c index f626dd978a..41b01a1a49 100644 --- a/source3/passdb/passgrp.c +++ b/source3/passdb/passgrp.c @@ -72,8 +72,30 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid), - grps, num_grps, alss, num_alss); + struct smb_passwd *pwd = NULL; + void *fp = NULL; + + DEBUG(10, ("search by user_rid: 0x%x\n", user_rid)); + + /* Open the smb password database - not for update. */ + fp = startsmbgrpent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open smb passgrp database.\n")); + return NULL; + } + + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->user_rid != user_rid) + ; + + if (pwd != NULL) + { + DEBUG(10, ("found by user_rid: 0x%x\n", user_rid)); + } + + endsmbgrpent(fp); + return pwd; } /************************************************************************ @@ -81,14 +103,14 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { struct smb_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid)); /* Open the smb password database - not for update. */ fp = startsmbgrpent(False); @@ -99,12 +121,12 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, return NULL; } - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid) + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->unix_uid != unix_uid) ; if (pwd != NULL) { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid)); } endsmbgrpent(fp); @@ -116,12 +138,14 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbgrpnam(char *name, +struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { struct smb_passwd *pwd = NULL; + fstring name; void *fp = NULL; + fstrcpy(name, nt_name); DEBUG(10, ("search by name: %s\n", name)); @@ -134,7 +158,7 @@ struct smb_passwd *iterate_getsmbgrpnam(char *name, return NULL; } - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name)) + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->nt_name, name)) ; if (pwd != NULL) @@ -192,11 +216,11 @@ struct smb_passwd *getsmbgrpent(void *vp, Routine to search smb passwd by name. *************************************************************************/ -struct smb_passwd *getsmbgrpnam(char *name, +struct smb_passwd *getsmbgrpntnam(char *name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss); + return pwgrp_ops->getsmbgrpntnam(name, grps, num_grps, alss, num_alss); } /************************************************************************ @@ -214,10 +238,10 @@ struct smb_passwd *getsmbgrprid(uint32 user_rid, Routine to search smb passwd by uid. *************************************************************************/ -struct smb_passwd *getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss); + return pwgrp_ops->getsmbgrpuid(unix_uid, grps, num_grps, alss, num_alss); } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 262ffa3e2e..0de09e6085 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -23,8 +23,6 @@ static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; static char s_readbuf[1024]; @@ -33,7 +31,7 @@ static char s_readbuf[1024]; to ensure no modification outside this module. ****************************************************************/ -void *startsmbfilepwent(BOOL update) +static void *startsmbfilepwent(BOOL update) { return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), &pw_file_lock_depth, update); @@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update) End enumeration of the smbpasswd list. ****************************************************************/ -void endsmbfilepwent(void *vp) +static void endsmbfilepwent(void *vp) { endfilepwent(vp, &pw_file_lock_depth); } @@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp) This must be treated as an opaque token. *************************************************************************/ -SMB_BIG_UINT getsmbfilepwpos(void *vp) +static SMB_BIG_UINT getsmbfilepwpos(void *vp) { return getfilepwpos(vp); } @@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp) This must be treated as an opaque token. *************************************************************************/ -BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) { return setfilepwpos(vp, tok); } @@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) /************************************************************************* Routine to return the next entry in the smbpasswd list. *************************************************************************/ -struct smb_passwd *getsmbfilepwent(void *vp) +static struct smb_passwd *getsmbfilepwent(void *vp) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - static pstring user_name; + static pstring nt_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; - struct passwd *pwfile; char linebuf[256]; char *p; int uidval; @@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':'); /* Go past ':' */ p++; @@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p = Atoic( p, &uidval, ":"); - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; + pw_buf.nt_name = nt_name; + pw_buf.unix_uid = uidval; /* * Now get the password value - this should be 32 hex digits @@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) if (*p == '*' || *p == 'X') { /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name)); pw_buf.smb_nt_passwd = NULL; pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_DISABLED; @@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p += 33; } - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", - user_name, uidval)); + DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n", + nt_name, uidval)); if (*p == '[') { @@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp) * password file as 'normal accounts'. If this changes * we will have to fix this code. JRA. */ - if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$') { pw_buf.acct_ctrl &= ~ACB_NORMAL; pw_buf.acct_ctrl |= ACB_WSTRUST; } } - pwfile = Get_Pwnam(pw_buf.smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); - return NULL; - } - return &pw_buf; } @@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp) return NULL; } -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - this function is a nice, messy combination of reading: - - the smbpasswd file - - the unix password database - - smb.conf options (not done at present). - *************************************************************************/ - -static struct sam_passwd *getsmbfile21pwent(void *vp) -{ - struct smb_passwd *pw_buf = getsmbfilepwent(vp); - static struct sam_passwd user; - struct passwd *pwfile; -#if ARGH - uint32 status = 0x0; -#endif - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - - DEBUG(5,("getsmbfile21pwent\n")); - - if (pw_buf == NULL) return NULL; - - pwdb_init_sam(&user); - - pwfile = Get_Pwnam(pw_buf->smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name)); - return NULL; - } - - pstrcpy(samlogon_user, pw_buf->smb_name); - - if (samlogon_user[strlen(samlogon_user)-1] != '$') - { - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - -#if ARGH - status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid); -#else - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); -#endif - - pstrcpy(full_name , pwfile->pw_gecos ); - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - - sam_logon_in_ssb = False; - } - else - { - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - -#if ARGH - if (status != 0x0) - { - return NULL; - } -#endif - - user.smb_name = pw_buf->smb_name; - user.full_name = full_name; - user.home_dir = home_dir; - user.dir_drive = home_drive; - user.logon_script = logon_script; - user.profile_path = profile_path; - user.acct_desc = acct_desc; - user.workstations = workstations; - - user.unknown_str = NULL; /* don't know, yet! */ - user.munged_dial = NULL; /* "munged" dial-back telephone number */ - - user.smb_nt_passwd = pw_buf->smb_nt_passwd; - user.smb_passwd = pw_buf->smb_passwd; - - user.acct_ctrl = pw_buf->acct_ctrl; - - user.unknown_3 = 0xffffff; /* don't know */ - user.logon_divs = 168; /* hours per week */ - user.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user.hours, 0xff, user.hours_len); /* available at all hours */ - user.unknown_5 = 0x00020000; /* don't know */ - user.unknown_5 = 0x000004ec; /* don't know */ - - return &user; -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) */ while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->smb_name, pwd->smb_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); + if (strequal(newpwd->nt_name, pwd->nt_name)) { + DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name)); endsmbfilepwent(fp); return False; } @@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; + new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; if((new_entry = (char *)malloc( new_entry_length )) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid); p = &new_entry[strlen(new_entry)]; if(newpwd->smb_passwd != NULL) { @@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) { DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ -Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno))); /* Remove the entry we just wrote. */ if(sys_ftruncate(fd, offpos) == -1) { DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->smb_name, strerror(errno))); + newpwd->nt_name, strerror(errno))); } endsmbfilepwent(fp); @@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) { /* Static buffers we will return. */ - static pstring user_name; + static pstring nt_name; char linebuf[256]; char readbuf[1024]; @@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - if (strequal(user_name, pwd->smb_name)) { + strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf)); + nt_name[PTR_DIFF(p, linebuf)] = '\0'; + if (strequal(nt_name, pwd->nt_name)) { found_entry = True; break; } @@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name)); file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; @@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) return True; } -/* - * Stub functions - implemented in terms of others. - */ - -static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); -} - -static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) -{ - return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); -} - -static struct sam_disp_info *getsmbfiledispnam(const char *name) -{ - return pwdb_sam_to_dispinfo(getsam21pwnam(name)); -} - -static struct sam_disp_info *getsmbfiledisprid(uint32 rid) -{ - return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); -} - -static struct sam_disp_info *getsmbfiledispent(void *vp) -{ - return pwdb_sam_to_dispinfo(getsam21pwent(vp)); -} - -static struct passdb_ops file_ops = { +static struct smb_passdb_ops file_ops = { startsmbfilepwent, endsmbfilepwent, getsmbfilepwpos, setsmbfilepwpos, iterate_getsmbpwnam, /* In passdb.c */ iterate_getsmbpwuid, /* In passdb.c */ - iterate_getsmbpwrid, /* In passdb.c */ getsmbfilepwent, add_smbfilepwd_entry, - mod_smbfilepwd_entry, - getsmbfile21pwent, - iterate_getsam21pwnam, - iterate_getsam21pwuid, - iterate_getsam21pwrid, - add_smbfile21pwd_entry, - mod_smbfile21pwd_entry, - getsmbfiledispnam, - getsmbfiledisprid, - getsmbfiledispent + mod_smbfilepwd_entry }; -struct passdb_ops *file_initialise_password_db(void) +struct smb_passdb_ops *file_initialise_password_db(void) { return &file_ops; } diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c index 1a3c100fa5..843cf4a815 100644 --- a/source3/passdb/smbpasschange.c +++ b/source3/passdb/smbpasschange.c @@ -31,9 +31,11 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, { struct smb_passwd new_smb_pwent; + pwdb_init_smb(&new_smb_pwent); + /* Create a new smb passwd entry and set it to the given password. */ - new_smb_pwent.smb_userid = uid; - new_smb_pwent.smb_name = user_name; + new_smb_pwent.unix_uid = uid; + new_smb_pwent.nt_name = user_name; new_smb_pwent.smb_passwd = NULL; new_smb_pwent.smb_nt_passwd = NULL; new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL); diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c index 3723f9cf57..13963b8c0f 100644 --- a/source3/passdb/smbpassgroup.c +++ b/source3/passdb/smbpassgroup.c @@ -113,7 +113,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp, p = Atoic((char *) p, &uidval, ":"); pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; + pw_buf.unix_uid = uidval; /* * Now get a list of alias RIDs diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c index d83196415c..26c6d6ff13 100644 --- a/source3/passdb/smbpassgroupunix.c +++ b/source3/passdb/smbpassgroupunix.c @@ -22,7 +22,7 @@ #ifdef USE_SMBUNIX_DB extern int DEBUGLEVEL; -extern DOM_SID global_member_sid; +extern DOM_SID global_sam_sid; /*************************************************************** Start to enumerate the smbpasswd list. Returns a void pointer @@ -31,7 +31,7 @@ extern DOM_SID global_member_sid; static void *startsmbunixgrpent(BOOL update) { - return startsmbfilepwent(False); + return startsmbpwent(False); } /*************************************************************** @@ -40,7 +40,7 @@ static void *startsmbunixgrpent(BOOL update) static void endsmbunixgrpent(void *vp) { - endsmbfilepwent(vp); + endsmbpwent(vp); } /************************************************************************* @@ -50,7 +50,7 @@ static void endsmbunixgrpent(void *vp) static SMB_BIG_UINT getsmbunixgrppos(void *vp) { - return getsmbfilepwpos(vp); + return getsmbpwpos(vp); } /************************************************************************* @@ -60,7 +60,7 @@ static SMB_BIG_UINT getsmbunixgrppos(void *vp) static BOOL setsmbunixgrppos(void *vp, SMB_BIG_UINT tok) { - return setsmbfilepwpos(vp, tok); + return setsmbpwpos(vp, tok); } /************************************************************************* @@ -71,11 +71,12 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, uint32 **als_rids, int *num_alss) { /* Static buffers we will return. */ - struct smb_passwd *pw_buf; - struct passwd *pw; + struct sam_passwd *pw_buf; + fstring unix_name; int i; int unixgrps; gid_t *grps; + BOOL failed = False; if (vp == NULL) { @@ -83,8 +84,15 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, return NULL; } - pw_buf = getsmbfilepwent(vp); + pw_buf = getsam21pwent(vp); + if (pw_buf == NULL) + { + return NULL; + } + + fstrcpy(unix_name, pw_buf->unix_name); + if (grp_rids != NULL) { (*grp_rids) = NULL; @@ -99,21 +107,14 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, if (als_rids == NULL && grp_rids == NULL) { - return pw_buf; + return pwdb_sam_to_smb(pw_buf); } /* * find all unix groups */ - pw = Get_Pwnam(pw_buf->smb_name, False); - - if (pw == NULL) - { - return NULL; - } - - if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps)) + if (get_unixgroups(unix_name, pw_buf->unix_uid, pw_buf->unix_gid, &unixgrps, &grps)) { return NULL; } @@ -122,10 +123,8 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, * check each unix group for a mapping as an nt alias or an nt group */ - for (i = 0; i < unixgrps; i++) + for (i = 0; i < unixgrps && !failed; i++) { - DOM_SID sid; - char *unix_grpname; uint32 rid; /* @@ -134,101 +133,80 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, * (user or not our own domain will be an error). */ - unix_grpname = gidtoname(grps[i]); - if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL)) + DOM_NAME_MAP gmep; + + if (!lookupsmbgrpgid(grps[i], &gmep)) { - /* - * ok, the unix groupname is mapped to an alias. - * check that it is in our domain. - */ + continue; + } - sid_split_rid(&sid, &rid); - if (!sid_equal(&sid, &global_member_sid)) - { - pstring sid_str; - sid_to_string(sid_str, &sid); - DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Alias RID (0x%x) in another domain (%s)\n", - pw_buf->smb_name, unix_grpname, rid, sid_str)); - continue; - } + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&global_sam_sid, &gmep.sid)) + { + continue; + } - if (add_num_to_list(als_rids, num_alss, rid) == NULL) + switch (gmep.type) + { + case SID_NAME_ALIAS: { - return NULL; + if (als_rids != NULL && add_num_to_list(als_rids, num_alss, rid) == NULL) + { + failed = True; + } + break; } - } - else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL)) - { - /* - * ok, the unix groupname is mapped to a domain group. - * check that it is in our domain. - */ - - sid_split_rid(&sid, &rid); - if (!sid_equal(&sid, &global_member_sid)) + case SID_NAME_DOM_GRP: + case SID_NAME_WKN_GRP: { - pstring sid_str; - sid_to_string(sid_str, &sid); - DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Group RID (0x%x) in another domain (%s)\n", - pw_buf->smb_name, unix_grpname, rid, sid_str)); - continue; + if (grp_rids != NULL && add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + failed = True; + } + break; } - - if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + default: { - return NULL; + break; } } - else if (lp_server_role() == ROLE_DOMAIN_MEMBER) + } + + if (failed) + { + if (grp_rids != NULL && (*grp_rids) != NULL) { - /* - * server is a member of a domain or stand-alone. - * name is not explicitly mapped - * so we are responsible for it. - * as a LOCAL group. - */ - - rid = pwdb_gid_to_alias_rid(grps[i]); - if (add_num_to_list(als_rids, num_alss, rid) == NULL) - { - return NULL; - } + free(*grp_rids); + (*num_grps) = 0; } - else if (lp_server_role() != ROLE_DOMAIN_NONE) + + if (als_rids != NULL && (*als_rids) != NULL) { - /* - * server is a PDC or BDC. - * name is explicitly mapped - * so we are responsible for it. - * as a DOMAIN group. - */ - - rid = pwdb_gid_to_group_rid(grps[i]); - if (add_num_to_list(grp_rids, num_grps, rid) == NULL) - { - return NULL; - } + free(*als_rids); + (*num_alss) = 0; } + + return NULL; } - return pw_buf; + return pwdb_sam_to_smb(pw_buf); } -static struct passgrp_ops file_ops = +static struct passgrp_ops smbunixgrp_ops = { startsmbunixgrpent, endsmbunixgrpent, getsmbunixgrppos, setsmbunixgrppos, - iterate_getsmbgrpnam, /* In passgrp.c */ + iterate_getsmbgrpntnam, /* In passgrp.c */ iterate_getsmbgrpuid, /* In passgrp.c */ iterate_getsmbgrprid, /* In passgrp.c */ - getsmbunixgrpent, + getsmbunixgrpent }; struct passgrp_ops *unix_initialise_password_grp(void) { - return &file_ops; + return &smbunixgrp_ops; } #else diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index 3ce22fd854..c7a542577f 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -101,7 +101,7 @@ password equivalents, protected by the session key) is inherently insecure given the current design of the NT Domain system. JRA. ****************************************************************************/ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, + uint32 luid_low, char *password, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) { uchar lm_owf_user_pwd[16]; @@ -129,7 +129,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam /* Create the structure needed for SAM logon. */ make_id_info1(&ctr->auth.id1, domain, 0, - smb_userid_low, 0, + luid_low, 0, username, cli->clnt_name_slash, (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); @@ -154,7 +154,7 @@ password equivalents over the network. JRA. ****************************************************************************/ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24], + uint32 luid_low, char lm_chal[8], char lm_chal_resp[24], char nt_chal_resp[24], NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) { @@ -165,7 +165,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, /* Create the structure needed for SAM logon. */ make_id_info2(&ctr->auth.id2, domain, 0, - smb_userid_low, 0, + luid_low, 0, username, cli->clnt_name_slash, (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp); diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 48dd90ffa9..e8f1cac19b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -309,7 +309,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - slprintf(full_name, sizeof(full_name), "\\%s\\%s", + slprintf(full_name, sizeof(full_name), "%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 50e44f5138..c51fcd42e8 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -334,7 +334,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli, for (i = 0; i < *num_sam_users; i++) { - (*sam)[i].smb_userid = r_e.sam[i].rid; + (*sam)[i].user_rid = r_e.sam[i].rid; if (r_e.sam[i].hdr_name.buffer) { char *acct_name = unistrn2(r_e.uni_acct_name[name_idx].buffer, @@ -347,7 +347,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli, bzero((*sam)[i].acct_name, sizeof((*sam)[i].acct_name)); } DEBUG(5,("do_samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n", - i, (*sam)[i].smb_userid, (*sam)[i].acct_name)); + i, (*sam)[i].user_rid, (*sam)[i].acct_name)); } valid_pol = True; } @@ -618,6 +618,67 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli, return valid_query; } +/**************************************************************************** +do a SAMR Query User Aliases +****************************************************************************/ +BOOL do_samr_query_useraliases(struct cli_state *cli, + POLICY_HND *pol, DOM_SID *sid, + uint32 *num_aliases, uint32 *rid) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_QUERY_USERALIASES q_o; + BOOL valid_query = False; + + /* create and send a MSRPC command with api SAMR_QUERY_USERALIASES */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Query User Aliases.\n")); + + if (pol == NULL || sid == NULL || rid == NULL || num_aliases == 0) return False; + + /* store the parameters */ + make_samr_q_query_useraliases(&q_o, pol, sid); + + /* turn parameters into data stream */ + samr_io_q_query_useraliases("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &data, &rdata)) + { + SAMR_R_QUERY_USERALIASES r_o; + BOOL p; + + /* get user info */ + r_o.rid = rid; + + samr_io_r_query_useraliases("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_QUERY_USERALIASES: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p && r_o.ptr != 0) + { + valid_query = True; + *num_aliases = r_o.num_entries; + } + + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_query; +} + /**************************************************************************** do a SAMR Query User Groups ****************************************************************************/ @@ -628,7 +689,7 @@ BOOL do_samr_query_usergroups(struct cli_state *cli, prs_struct rdata; SAMR_Q_QUERY_USERGROUPS q_o; - BOOL valid_query = False; + BOOL valid_query = False; /* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */ diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index ad268f60a4..e9423b3a51 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -145,60 +145,6 @@ void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth) prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths); } -/******************************************************************* -creates a DOM_SID structure. - -BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 -identauth >= 2^32 can be detected because it will be specified in hex - -********************************************************************/ -void make_dom_sid(DOM_SID *sid, char *str_sid) -{ - pstring domsid; - int identauth; - char *p; - - if (sid == NULL) return; - - if (domsid == NULL) - { - DEBUG(4,("netlogon domain SID: none\n")); - sid->sid_rev_num = 0; - sid->num_auths = 0; - return; - } - - pstrcpy(domsid, str_sid); - - DEBUG(4,("make_dom_sid %d SID: %s\n", __LINE__, domsid)); - - /* assume, but should check, that domsid starts "S-" */ - p = strtok(domsid+2,"-"); - sid->sid_rev_num = atoi(p); - - /* identauth in decimal should be < 2^32 */ - /* identauth in hex should be >= 2^32 */ - identauth = atoi(strtok(0,"-")); - - DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num)); - DEBUG(4,("netlogon %s ia %d\n", p, identauth)); - - sid->id_auth[0] = 0; - sid->id_auth[1] = 0; - sid->id_auth[2] = (identauth & 0xff000000) >> 24; - sid->id_auth[3] = (identauth & 0x00ff0000) >> 16; - sid->id_auth[4] = (identauth & 0x0000ff00) >> 8; - sid->id_auth[5] = (identauth & 0x000000ff); - - sid->num_auths = 0; - - while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS) - { - sid->sub_auths[sid->num_auths++] = atoi(p); - } - - DEBUG(4,("make_dom_sid: %d SID: %s\n", __LINE__, domsid)); -} /******************************************************************* creates a DOM_SID2 structure. ********************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index da13e1033b..af459d1fd6 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1645,6 +1645,30 @@ void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_str prs_uint32("status", ps, depth, &(r_u->status)); } + +/******************************************************************* +makes a SAMR_Q_QUERY_USERALIASES structure. +********************************************************************/ +void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, + POLICY_HND *hnd, + DOM_SID *sid) +{ + if (q_u == NULL || hnd == NULL) return; + + DEBUG(5,("make_samr_q_query_useraliases\n")); + + memcpy(&(q_u->pol), hnd, sizeof(q_u->pol)); + + q_u->num_sids1 = 1; + q_u->ptr = 0; + q_u->num_sids2 = 1; + + { + q_u->ptr_sid[0] = 1; + make_dom_sid2(&q_u->sid[0], sid); + } +} + /******************************************************************* reads or writes a SAMR_Q_QUERY_USERALIASES structure. ********************************************************************/ @@ -1695,7 +1719,6 @@ makes a SAMR_R_QUERY_USERALIASES structure. void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u, uint32 num_rids, uint32 *rid, uint32 status) { - int i; if (r_u == NULL) return; DEBUG(5,("make_samr_r_query_useraliases\n")); @@ -1706,12 +1729,7 @@ void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u, r_u->ptr = 1; r_u->num_entries2 = num_rids; - SMB_ASSERT_ARRAY(r_u->rid, num_rids); - - for (i = 0; i < num_rids; i++) - { - r_u->rid[i] = rid[i]; - } + r_u->rid = rid; } else { @@ -1743,8 +1761,6 @@ void samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES *r_u, prs if (r_u->num_entries != 0) { - SMB_ASSERT_ARRAY(r_u->rid, r_u->num_entries2); - for (i = 0; i < r_u->num_entries2; i++) { slprintf(tmp, sizeof(tmp)-1, "rid[%02d]", i); diff --git a/source3/rpc_server/srv_lookup.c b/source3/rpc_server/srv_lookup.c index 9981ce0371..fc73edc4ed 100644 --- a/source3/rpc_server/srv_lookup.c +++ b/source3/rpc_server/srv_lookup.c @@ -52,43 +52,9 @@ extern fstring global_sam_name; extern DOM_SID global_sam_sid; extern DOM_SID global_sid_S_1_5_20; -/* - * A list of the rids of well known BUILTIN and Domain users - * and groups. - */ - -rid_name builtin_alias_rids[] = -{ - { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, - { BUILTIN_ALIAS_RID_USERS , "Users" }, - { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, - { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, - - { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, - { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID users. */ -rid_name domain_user_rids[] = -{ - { DOMAIN_USER_RID_ADMIN , "Administrator" }, - { DOMAIN_USER_RID_GUEST , "Guest" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID groups. */ -rid_name domain_group_rids[] = -{ - { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, - { DOMAIN_GROUP_RID_USERS , "Domain Users" }, - { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, - { 0 , NULL } -}; - +extern rid_name builtin_alias_rids[]; +extern rid_name domain_user_rids[]; +extern rid_name domain_group_rids[]; int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) { @@ -117,13 +83,20 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) char *name = mem[count].name; become_root(True); - status = lookup_group_name(name, &sid, &type); + status = lookup_name(name, &sid, &type); unbecome_root(True); - sid_split_rid(&sid, &rid); - - if (status == 0x0 && sid_equal(&sid, &global_sam_sid)) + if (status == 0x0 && !sid_front_equal(&global_sam_sid, &sid)) + { + fstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(1,("make_dom_gids: unknown sid %s for groupname %s\n", + sid_str, name)); + } + else if (status == 0x0) { + sid_split_rid(&sid, &rid); + gids = (DOM_GID *)Realloc( gids, sizeof(DOM_GID) * (count+1) ); if (gids == NULL) @@ -141,7 +114,7 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) } else { - DEBUG(1,("make_dom_gids: unknown group name %s\n", name)); + DEBUG(1,("make_dom_gids: unknown groupname %s\n", name)); } } @@ -428,7 +401,7 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type) if (disp_info != NULL) { - fstrcpy(user_name, disp_info->smb_name); + fstrcpy(user_name, disp_info->nt_name); DEBUG(5,(" = %s\n", user_name)); return 0x0; } @@ -442,14 +415,21 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type) /******************************************************************* lookup_group_rid ********************************************************************/ -uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type) +uint32 lookup_added_group_name(const char *grp_name, const char *domain, + DOM_SID *sid, uint8 *type) { DOMAIN_GRP *grp = NULL; (*type) = SID_NAME_DOM_GRP; - DEBUG(5,("lookup_group_name: name: %s", grp_name)); + DEBUG(5,("lookup_added_group_name: name: %s", grp_name)); - grp = getgroupnam(grp_name, NULL, NULL); + if (!strequal(domain, global_sam_name)) + { + DEBUG(5,(" not our domain\n")); + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + + grp = getgroupntnam(grp_name, NULL, NULL); if (grp != NULL) { @@ -465,45 +445,23 @@ uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type) } /******************************************************************* - lookup_wk_group_name - ********************************************************************/ -uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type) -{ - char *grp_name; - int i = -1; /* start do loop at -1 */ - uint32 rid; - (*type) = SID_NAME_WKN_GRP; - - do /* find, if it exists, a group rid for the group name */ - { - i++; - rid = domain_group_rids[i].rid; - grp_name = domain_group_rids[i].name; - - if (strequal(grp_name, group_name)) - { - sid_copy(sid, &global_sam_sid); - sid_append_rid(sid, rid); - - return 0x0; - } - - } while (grp_name != NULL); - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_name + lookup_added_alias_name ********************************************************************/ -uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type) +uint32 lookup_added_alias_name(const char *als_name, const char *domain, + DOM_SID *sid, uint8 *type) { LOCAL_GRP *als = NULL; (*type) = SID_NAME_ALIAS; - DEBUG(5,("lookup_alias_name: name: %s", als_name)); + DEBUG(5,("lookup_added_alias_name: name: %s\%s", domain, als_name)); - als = getaliasnam(als_name, NULL, NULL); + if (!strequal(domain, global_sam_name)) + { + DEBUG(5,(" not our domain\n")); + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + + als = getaliasntnam(als_name, NULL, NULL); if (als != NULL) { @@ -518,40 +476,10 @@ uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type) return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/******************************************************************* - lookup_wk_alias_name - ********************************************************************/ -uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type) -{ - char *als_name; - int i = 0; - uint32 rid; - (*type) = SID_NAME_ALIAS; - - do /* find, if it exists, a alias rid for the alias name*/ - { - rid = builtin_alias_rids[i].rid; - als_name = builtin_alias_rids[i].name; - - i++; - - if (strequal(als_name, alias_name)) - { - sid_copy(sid, &global_sid_S_1_5_20); - sid_append_rid(sid, rid); - - return 0x0; - } - - } while (als_name != NULL); - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - /******************************************************************* lookup_added_user_rid ********************************************************************/ -uint32 lookup_added_user_rids(char *user_name, +uint32 lookup_added_user_rids(char *nt_name, uint32 *usr_rid, uint32 *grp_rid) { struct sam_passwd *sam_pass; @@ -560,7 +488,7 @@ uint32 lookup_added_user_rids(char *user_name, /* find the user account */ become_root(True); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsam21pwntnam(nt_name); unbecome_root(True); if (sam_pass != NULL) @@ -576,14 +504,20 @@ uint32 lookup_added_user_rids(char *user_name, /******************************************************************* lookup_added_user_name ********************************************************************/ -uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type) +static uint32 lookup_added_user_name(const char *nt_name, const char *domain, + DOM_SID *sid, uint8 *type) { struct sam_passwd *sam_pass; (*type) = SID_NAME_USER; + if (!strequal(domain, global_sam_name)) + { + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + /* find the user account */ become_root(True); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsam21pwntnam(nt_name); unbecome_root(True); if (sam_pass != NULL) @@ -597,67 +531,18 @@ uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type) return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/******************************************************************* - lookup_wk_user_name - ********************************************************************/ -uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type) -{ - char *usr_name; - int i = -1; /* start do loop at -1 */ - (*type) = SID_NAME_USER; - - do /* find, if it exists, a alias rid for the alias name*/ - { - i++; - usr_name = domain_user_rids[i].name; - - } while (usr_name != NULL && !strequal(usr_name, user_name)); - - if (usr_name != NULL) - { - sid_copy(sid, &global_sid_S_1_5_20); - sid_append_rid(sid, domain_user_rids[i].rid); - return 0; - } - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_added_grp_name - ********************************************************************/ -uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_group_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_alias_name(name, sid, type) : status; - - return status; -} - -/******************************************************************* - lookup_builtin_grp_name - ********************************************************************/ -uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_wk_group_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_wk_alias_name(name, sid, type) : status; - - return status; -} - /******************************************************************* lookup_grp_name ********************************************************************/ -uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type) +static uint32 lookup_grp_name(const char *name, const char *domain, + DOM_SID *sid, uint8 *type) { uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - status = (status != 0x0) ? lookup_builtin_grp_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_added_grp_name (name, sid, type) : status; + status = (status != 0x0) ? lookup_wk_group_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_builtin_alias_name(name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_group_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_alias_name (name, domain, sid, type) : status; return status; } @@ -665,12 +550,13 @@ uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type) /******************************************************************* lookup_user_name ********************************************************************/ -uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type) +static uint32 lookup_user_name(const char *name, const char *domain, + DOM_SID *sid, uint8 *type) { uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - status = (status != 0x0) ? lookup_wk_user_name (name, sid, type) : status; - status = (status != 0x0) ? lookup_added_user_name(name, sid, type) : status; + status = (status != 0x0) ? lookup_wk_user_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_user_name(name, domain, sid, type) : status; return status; } @@ -692,66 +578,12 @@ uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type) return status; } - status = (status != 0x0) ? lookup_wk_alias_name(user, sid, type) : status; - status = (status != 0x0) ? lookup_alias_name (user, sid, type) : status; - status = (status != 0x0) ? lookup_user_name (name, sid, type) : status; - status = (status != 0x0) ? lookup_grp_name (name, sid, type) : status; + status = (status != 0x0) ? lookup_user_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_grp_name (name, domain, sid, type) : status; #if 0 - status = (status != 0x0) ? lookup_domain_name (user, sid, type) : status; + status = (status != 0x0) ? lookup_domain_name (domain, sid, type) : status; #endif return status; } -/******************************************************************* - lookup_user_rids - ********************************************************************/ -uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - uint8 type; - DOM_SID sid; - - /* - * try an ordinary user lookup - */ - - status = lookup_added_user_rids(name, usr_rid, grp_rid); - if (status == 0) - { - return status; - } - - /* - * hm. must be a well-known user, in a well-known group. - */ - - status = lookup_wk_user_name(name, &sid, &type); - sid_split_rid(&sid, usr_rid); - - if (status != 0 || type != SID_NAME_USER) - { - return status; /* ok, maybe not! */ - } - - if (type != SID_NAME_USER) - { - return 0xC0000000 | NT_STATUS_NONE_MAPPED; /* users only... */ - } - - /* - * ok, got the user rid: now try the group rid - */ - - status = lookup_builtin_grp_name(name, &sid, &type); - sid_split_rid(&sid, usr_rid); - - if (type == SID_NAME_DOM_GRP || - type == SID_NAME_ALIAS || - type == SID_NAME_WKN_GRP) - { - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - - return status; -} diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 7fbd43c38e..4f49735ca0 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -28,10 +28,9 @@ extern int DEBUGLEVEL; -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; /************************************************************************* make_net_r_req_chal: @@ -493,7 +492,7 @@ static void api_net_sam_logoff( uint16 vuid, net_login_interactive: *************************************************************************/ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, - struct smb_passwd *smb_pass, + struct sam_passwd *smb_pass, user_struct *vuser) { uint32 status = 0x0; @@ -543,7 +542,7 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct smb_passwd *smb_pass, + struct sam_passwd *smb_pass, user_struct *vuser) { DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", @@ -598,7 +597,7 @@ static void api_net_sam_logon( uint16 vuid, NET_USER_INFO_3 usr_info; uint32 status = 0x0; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; + struct sam_passwd *sam_pass = NULL; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; @@ -632,14 +631,14 @@ static void api_net_sam_logon( uint16 vuid, { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", global_sam_name)); break; } case NET_LOGON_TYPE: { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", global_sam_name)); break; } default: @@ -660,26 +659,16 @@ static void api_net_sam_logon( uint16 vuid, DEBUG(3,("User:[%s]\n", nt_username)); - /* - * Convert to a UNIX username. - */ - map_username(nt_username); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(nt_username, True); - become_root(True); - smb_pass = getsmbpwnam(nt_username); + sam_pass = getsam21pwntnam(nt_username); unbecome_root(True); - if (smb_pass == NULL) + if (sam_pass == NULL) { status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } - else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) && - IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)) + else if (IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_DISABLED) && + IS_BITS_CLR_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ)) { status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; } @@ -687,20 +676,20 @@ static void api_net_sam_logon( uint16 vuid, /* validate password - if required */ - if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))) + if (status == 0 && !(IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ))) { switch (q_l.sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: { /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, sam_pass, vuser); break; } case NET_LOGON_TYPE: { /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + status = net_login_network(&q_l.sam_id.ctr->auth.id2, sam_pass, vuser); break; } } @@ -715,88 +704,60 @@ static void api_net_sam_logon( uint16 vuid, if (status == 0) { - DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; DOMAIN_GRP *grp_mem; - uint32 r_uid; - uint32 r_gid; /* set up pointer indicating user/password failed to be found */ usr_info.ptr_user_info = 0; - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - pstrcpy(samlogon_user, nt_username); - - pstrcpy(logon_script, lp_logon_script()); - pstrcpy(profile_path, lp_logon_path()); - - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, lp_logon_drive()); - pstrcpy(home_dir, lp_logon_home()); - pstrcpy(my_name, global_myname); - strupper(my_name); - - status = lookup_user_rids(nt_username, &r_uid, &r_gid); - status = getusergroupsnam(nt_username, &grp_mem, &num_gids) ? 0 : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; - - sam_logon_in_ssb = False; + if (!getusergroupsntnam(nt_username, &grp_mem, &num_gids)) + { + status = 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; + } if (status == 0x0) { - gids = NULL; + DOM_GID *gids = NULL; num_gids = make_dom_gids(grp_mem, num_gids, &gids); make_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ + &sam_pass->logon_time, + &sam_pass->logoff_time, + &sam_pass->kickoff_time, + &sam_pass->pass_last_set_time, + &sam_pass->pass_can_change_time, + &sam_pass->pass_must_change_time, + + sam_pass->nt_name , /* user_name */ + sam_pass->full_name , /* full_name */ + sam_pass->logon_script , /* logon_script */ + sam_pass->profile_path , /* profile_path */ + sam_pass->home_dir , /* home_dir */ + sam_pass->dir_drive , /* dir_drive */ 0, /* logon_count */ 0, /* bad_pw_count */ - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ + sam_pass->user_rid , /* RID user_id */ + sam_pass->group_rid , /* RID group_id */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ NULL, /* char sess_key[16] */ - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ + global_myname , /* char *logon_srv */ + global_sam_name, /* char *logon_dom */ + &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ - } - /* Free any allocated groups array. */ - if (gids) - { - free((char *)gids); + /* Free any allocated groups array. */ + if (gids) + { + free((char *)gids); + } } + } net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index ff782a7248..fb613c3c51 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -28,8 +28,6 @@ extern int DEBUGLEVEL; -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern fstring global_sam_name; extern pstring global_myname; extern DOM_SID global_sam_sid; @@ -79,8 +77,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, continue; } - user_name_len = strlen(pwd->smb_name); - make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); + user_name_len = strlen(pwd->nt_name); + make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len); make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, user_name_len, 1); pw_buf[(*num_entries)].user_rid = pwd->user_rid; @@ -95,7 +93,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, + (*num_entries), pwd->nt_name, pwd->user_rid, pwd->acct_ctrl)); if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) @@ -401,7 +399,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS r_e; DOMAIN_GRP *grps = NULL; int num_entries = 0; - BOOL got_grps; + BOOL got_grps = False; DOM_SID sid; fstring sid_str; @@ -418,39 +416,29 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str)); - /* well-known groups */ - if (sid_equal(&sid, &global_sid_S_1_5_20)) + if (sid_equal(&sid, &global_sam_sid)) { - char *name; + BOOL ret; got_grps = True; - while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) - { - DOMAIN_GRP tmp_grp; - - fstrcpy(tmp_grp.name , name); - fstrcpy(tmp_grp.comment, ""); - tmp_grp.rid = domain_group_rids[num_entries].rid; - tmp_grp.attr = 0x7; + become_root(True); + ret = enumdomgroups(&grps, &num_entries); + unbecome_root(True); - if (!add_domain_group(&grps, &num_entries, &tmp_grp)) - { - r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; - break; - } + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; } } - else if (sid_equal(&sid, &global_sam_sid)) + + if (r_e.status == 0x0 && + (sid_equal(&sid, &global_sam_sid) || + sid_equal(&sid, &global_sid_S_1_5_20))) { - BOOL ret; char *name; int i = 0; got_grps = True; - become_root(True); - ret = enumdomgroups(&grps, &num_entries); - unbecome_root(True); - while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL)) { DOMAIN_GRP tmp_grp; @@ -468,11 +456,6 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, i++; } - - if (!ret) - { - r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; - } } if (r_e.status == 0 && got_grps) @@ -747,10 +730,10 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *rdata) { - uint32 rid[MAX_SAM_ENTRIES]; - uint32 status = 0; + uint32 status = 0; + + uint32 *rid = NULL; int num_rids = 0; - int i; struct sam_passwd *sam_pass; DOM_SID usr_sid; DOM_SID dom_sid; @@ -774,12 +757,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, sid_to_string(sam_sid_str, &global_sam_sid); } - if (num_rids > MAX_SAM_ENTRIES) - { - num_rids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids)); - } - if (status == 0x0) { usr_sid = q_u->sid[0].sid; @@ -811,17 +788,18 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, else if (sid_equal(&dom_sid, &usr_sid)) { LOCAL_GRP *mem_grp = NULL; + num_rids = 0; DEBUG(10,("lookup on Domain SID\n")); become_root(True); - getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids); + getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids); unbecome_root(True); - num_rids = MIN(num_rids, MAX_SAM_ENTRIES); - - if (mem_grp != NULL) + rid = malloc(num_rids * sizeof(uint32)); + if (mem_grp != NULL && rid != NULL) { + int i; for (i = 0; i < num_rids; i++) { rid[i] = mem_grp[i].rid; @@ -840,6 +818,11 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, /* store the response in the SMB stream */ samr_io_r_query_useraliases("", &r_u, rdata, 0); + if (rid != NULL) + { + free(rid); + } + DEBUG(5,("samr_query_useraliases: %d\n", __LINE__)); } @@ -1150,27 +1133,21 @@ static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata *************************************************************************/ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { - struct smb_passwd *smb_pass; - - if (!pwdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); - return False; - } + struct sam_passwd *sam_pass; become_root(True); - smb_pass = getsmbpwrid(user_rid); + sam_pass = getsam21pwrid(user_rid); unbecome_root(True); - if (smb_pass == NULL) + if (sam_pass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", smb_pass->smb_name)); + DEBUG(3,("User:[%s]\n", sam_pass->nt_name)); - make_sam_user_info10(id10, smb_pass->acct_ctrl); + make_sam_user_info10(id10, sam_pass->acct_ctrl); return True; } @@ -1180,17 +1157,10 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) *************************************************************************/ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { - NTTIME dummy_time; struct sam_passwd *sam_pass; LOGON_HRS hrs; int i; - if (!pwdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); - return False; - } - become_root(True); sam_pass = getsam21pwrid(user_rid); unbecome_root(True); @@ -1201,12 +1171,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) return False; } - DEBUG(3,("User:[%s]\n", sam_pass->smb_name)); - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n")); + DEBUG(3,("User:[%s]\n", sam_pass->nt_name)); /* create a LOGON_HRS structure */ hrs.len = sam_pass->hours_len; @@ -1218,14 +1183,14 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) make_sam_user_info21(id21, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ + &sam_pass->logon_time, + &sam_pass->logoff_time, + &sam_pass->kickoff_time, + &sam_pass->pass_last_set_time, + &sam_pass->pass_can_change_time, + &sam_pass->pass_must_change_time, - sam_pass->smb_name, /* user_name */ + sam_pass->nt_name, /* user_name */ sam_pass->full_name, /* full_name */ sam_pass->home_dir, /* home_dir */ sam_pass->dir_drive, /* dir_drive */ @@ -1238,13 +1203,13 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) sam_pass->user_rid, /* RID user_id */ sam_pass->group_rid, /* RID group_id */ - sam_pass->acct_ctrl, + sam_pass->acct_ctrl, - sam_pass->unknown_3, /* unknown_3 */ - sam_pass->logon_divs, /* divisions per week */ - &hrs, /* logon hours */ - sam_pass->unknown_5, - sam_pass->unknown_6); + sam_pass->unknown_3, /* unknown_3 */ + sam_pass->logon_divs, /* divisions per week */ + &hrs, /* logon hours */ + sam_pass->unknown_5, + sam_pass->unknown_6); return True; } @@ -1393,7 +1358,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, DOMAIN_GRP *mem_grp = NULL; become_root(True); - getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups); + getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups); unbecome_root(True); gids = NULL; @@ -1559,7 +1524,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat q_u.uni_mach_acct.uni_str_len)); become_root(True); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = getsam21pwntnam(mach_acct); unbecome_root(True); if (sam_pass != NULL) diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 4a907fa344..83d2e40af4 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -252,7 +252,7 @@ void cmd_lsa_lookup_sids(struct client_info *info) fstrcat(sid_name, "-"); fstrcat(sid_name, temp); } - make_dom_sid(&sid[num_sids], sid_name); + string_to_sid(&sid[num_sids], sid_name); sids[num_sids] = &sid[num_sids]; num_sids++; } diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index eeb34c8f88..7a65fc5c37 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -185,39 +185,39 @@ void cmd_sam_enum_users(struct client_info *info) BOOL res = True; BOOL request_user_info = False; BOOL request_group_info = False; + BOOL request_alias_info = False; uint16 num_entries = 0; uint16 unk_0 = 0x0; uint16 acb_mask = 0; uint16 unk_1 = 0x0; uint32 admin_rid = 0x304; /* absolutely no idea. */ fstring tmp; + int i; - sid_to_string(sid, &info->dom.level5_sid); + sid_copy(&sid1, &info->dom.level5_sid); + sid_to_string(sid, &sid1); fstrcpy(domain, info->dom.level5_dom); - if (strlen(sid) == 0) + if (sid1.num_auths == 0) { fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); return; } - make_dom_sid(&sid1, sid); fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); strupper(srv_name); - /* a bad way to do token parsing... */ - if (next_token(NULL, tmp, NULL, sizeof(tmp))) + for (i = 0; i < 3; i++) { - request_user_info |= strequal(tmp, "-u"); - request_group_info |= strequal(tmp, "-g"); - } - - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - request_user_info |= strequal(tmp, "-u"); - request_group_info |= strequal(tmp, "-g"); + /* a bad way to do token parsing... */ + if (next_token(NULL, tmp, NULL, sizeof(tmp))) + { + request_user_info |= strequal(tmp, "-u"); + request_group_info |= strequal(tmp, "-g"); + request_alias_info |= strequal(tmp, "-a"); + } } #ifdef DEBUG_TESTING @@ -275,14 +275,14 @@ void cmd_sam_enum_users(struct client_info *info) fprintf(out_hnd, "No users\n"); } - if (request_user_info || request_group_info) + if (request_user_info || request_group_info || request_alias_info) { /* query all the users */ user_idx = 0; while (res && user_idx < info->dom.num_sam_entries) { - uint32 user_rid = info->dom.sam[user_idx].smb_userid; + uint32 user_rid = info->dom.sam[user_idx].user_rid; SAM_USER_INFO_21 usr; fprintf(out_hnd, "User RID: %8x User Name: %s\n", @@ -318,6 +318,26 @@ void cmd_sam_enum_users(struct client_info *info) } } + if (request_alias_info) + { + uint32 num_aliases; + uint32 rid[LSA_MAX_GROUPS]; + DOM_SID als_sid; + + sid_copy(&als_sid, &sid1); + sid_append_rid(&als_sid, user_rid); + + /* send user alias query */ + if (do_samr_query_useraliases(smb_cli, + &info->dom.samr_pol_open_domain, + &als_sid, &num_aliases, rid)) + { + display_alias_rid_info(out_hnd, ACTION_HEADER , &als_sid, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_FOOTER , &als_sid, num_aliases, rid); + } + } + user_idx++; } } @@ -375,7 +395,7 @@ void cmd_sam_query_user(struct client_info *info) return; } - make_dom_sid(&sid1, sid); + string_to_sid(&sid1, sid); fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); @@ -466,7 +486,7 @@ void cmd_sam_query_groups(struct client_info *info) return; } - make_dom_sid(&sid1, sid); + string_to_sid(&sid1, sid); fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); @@ -549,7 +569,7 @@ void cmd_sam_enum_aliases(struct client_info *info) return; } - make_dom_sid(&sid1, sid); + string_to_sid(&sid1, sid); fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); @@ -585,7 +605,7 @@ void cmd_sam_enum_aliases(struct client_info *info) &info->dom.samr_pol_connect, admin_rid, &sid1, &info->dom.samr_pol_open_domain) : False; - /* send a query on the aliase */ + /* send a query on the aliases */ res = res ? do_samr_query_unknown_12(smb_cli, &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid, &num_aliases, alias_names, num_als_usrs) : False; @@ -617,7 +637,7 @@ void cmd_sam_enum_aliases(struct client_info *info) while (res && user_idx < info->dom.num_sam_entries) { - uint32 user_rid = info->dom.sam[user_idx].smb_userid; + uint32 user_rid = info->dom.sam[user_idx].user_rid; SAM_USER_INFO_21 usr; fprintf(out_hnd, "User RID: %8x User Name: %s\n", diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c index a2248920cd..5f63b02c76 100644 --- a/source3/rpcclient/display.c +++ b/source3/rpcclient/display.c @@ -866,6 +866,50 @@ void display_name(FILE *out_hnd, enum action_type action, } +/**************************************************************************** + display alias rid info + ****************************************************************************/ +void display_alias_rid_info(FILE *out_hnd, enum action_type action, + DOM_SID *sid, + uint32 num_rids, uint32 *rid) +{ + switch (action) + { + case ACTION_HEADER: + { + fstring sid_str; + sid_to_string(sid_str, sid); + if (num_rids == 0) + { + fprintf(out_hnd, "\tNo Aliases: Sid %s\n", sid_str); + } + else + { + fprintf(out_hnd, "\tAlias Info: Sid %s\n", sid_str); + fprintf(out_hnd, "\t----------\n"); + } + break; + } + case ACTION_ENUMERATE: + { + int i; + + for (i = 0; i < num_rids; i++) + { + fprintf(out_hnd, "\tAlias RID: %8x\n", rid[i]); + } + + break; + } + case ACTION_FOOTER: + { + fprintf(out_hnd, "\n"); + break; + } + } +} + + /**************************************************************************** display group rid info ****************************************************************************/ diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 30b9b3fed6..9791d3a38e 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -529,7 +529,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, uchar *pass1, uchar *pass2 if (smbpw->acct_ctrl & ACB_DISABLED) { - DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name)); + DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->unix_name)); return False; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 8b73ff4518..ed47e6d3e5 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -391,11 +391,11 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], if (!lm_pass || !smb_pass) return(False); DEBUG(4,("Checking SMB password for user %s\n", - smb_pass->smb_name)); + smb_pass->unix_name)); if(smb_pass->acct_ctrl & ACB_DISABLED) { DEBUG(3,("account for user %s was disabled.\n", - smb_pass->smb_name)); + smb_pass->unix_name)); return(False); } @@ -436,7 +436,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], if((smb_pass->smb_passwd == NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ)) { DEBUG(4,("no password required for user %s\n", - smb_pass->smb_name)); + smb_pass->unix_name)); return True; } @@ -502,7 +502,7 @@ BOOL pass_check_smb(char *user, char *domain, } /* Ensure the uid's match */ - if (smb_pass->smb_userid != pass->pw_uid) + if (smb_pass->unix_uid != pass->pw_uid) { DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n")); return(False); @@ -510,7 +510,7 @@ BOOL pass_check_smb(char *user, char *domain, if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords()) { - DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name)); + DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->unix_name)); return(True); } @@ -587,7 +587,7 @@ validate a group username entry. Return the username or NULL ****************************************************************************/ static char *validate_group(char *group,char *password,int pwlen,int snum) { -#ifdef HAVE_NETGROUP +#if defined(HAVE_NETGROUP) && defined(HAVE_GETNETGRENT) && defined(HAVE_SETNETGRENT) && defined(HAVE_ENDNETGRENT) { char *host, *user, *domain; setnetgrent(group); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d0178508d9..3a32e1871f 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -651,15 +651,28 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); - fstrcpy(global_myworkgroup, lp_workgroup()); + if (!pwdb_initialise()) + { + exit(1); + } - get_sam_domain_name(); + if(!initialise_sam_password_db()) + { + exit(1); + } - generate_wellknown_sids(); + if(!initialise_passgrp_db()) + { + exit(1); + } - if (!generate_sam_sid()) + if(!initialise_group_db()) + { + exit(1); + } + + if(!initialise_alias_db()) { - DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } @@ -700,7 +713,7 @@ static void usage(char *pname) become_daemon(); } - check_kernel_oplocks(); + check_kernel_oplocks(); if (!directory_exist(lp_lockdir(), NULL)) { mkdir(lp_lockdir(), 0755); @@ -716,18 +729,6 @@ static void usage(char *pname) if (!locking_init(0)) exit(1); - if(!initialise_passgrp_db()) - exit(1); - - if(!initialise_password_db()) - exit(1); - - if(!initialise_group_db()) - exit(1); - - if(!initialise_alias_db()) - exit(1); - /* possibly reload the services file. */ reload_services(True); diff --git a/source3/smbwrapper/smbw_dir.c b/source3/smbwrapper/smbw_dir.c index 95b2ac4b64..3dd10d4925 100644 --- a/source3/smbwrapper/smbw_dir.c +++ b/source3/smbwrapper/smbw_dir.c @@ -146,7 +146,8 @@ static void smbw_printjob_add(struct print_job_info *job) finfo.mtime = job->t; finfo.atime = job->t; finfo.ctime = job->t; - finfo.uid = nametouid(job->user); + finfo.uid = (uid_t)-1; + nametouid(job->user, finfo.uid); finfo.mode = aRONLY; finfo.size = job->size; diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 519ca5a33d..92ec9ae5a8 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -548,7 +548,8 @@ int main(int argc, char **argv) charset_initialise(); - if(!initialise_password_db()) { + if(!pwdb_initialise()) + { fprintf(stderr, "Can't setup password database vectors.\n"); exit(1); } diff --git a/source3/web/swat.c b/source3/web/swat.c index e29e728629..c4baa70e0b 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -600,7 +600,8 @@ static BOOL change_password(const char *remote_machine, char *user_name, return ret; } - if(!initialise_password_db()) { + if (!pwdb_initialise()) + { printf("Can't setup password database vectors.\n

"); return False; } -- cgit