From: Gerald Carter Date: Thu, 27 Dec 2001 06:38:04 +0000 (+0000) Subject: moving SAM_ACCOUNT to include a bit field for initialized X-Git-Tag: samba-4.0.0alpha6~801^2~16272 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=04aff47c716a51a1039b44a81d6ff19eeaa09017;p=samba.git moving SAM_ACCOUNT to include a bit field for initialized members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317) --- diff --git a/source3/include/smb.h b/source3/include/smb.h index 8c0491a004b..a048726fa2c 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -588,8 +588,27 @@ typedef struct { #define SHAREMODE_FN(fn) \ void (*fn)(share_mode_entry *, char*) +/* + * bit flags representing initialized fields in SAM_ACCOUNT + */ +#define FLAG_SAM_UNINIT 0x00000000 +#define FLAG_SAM_UID 0x00000001 +#define FLAG_SAM_GID 0x00000002 +#define FLAG_SAM_SMBHOME 0x00000004 +#define FLAG_SAM_PROFILE 0x00000008 +#define FLAG_SAM_LOGONSCRIPT 0x00000010 +#define FLAG_SAM_DRIVE 0x00000020 + +#define IS_SAM_UNIX_USER(x) \ + (((x)->init_flag & FLAG_SAM_UID) \ + && ((x)->init_flag & FLAG_SAM_GID)) + + typedef struct sam_passwd { + /* initiailization flags */ + uint32 init_flag; + time_t logon_time; /* logon time */ time_t logoff_time; /* logoff time */ time_t kickoff_time; /* kickoff time */ @@ -610,8 +629,8 @@ typedef struct sam_passwd pstring unknown_str ; /* don't know what this is, yet. */ pstring munged_dial ; /* munged path name and dial-back tel number */ - uid_t *uid; /* this is a pointer to the unix uid_t */ - gid_t *gid; /* this is a pointer to the unix gid_t */ + uid_t uid; /* this is a pointer to the unix uid_t */ + gid_t gid; /* this is a pointer to the unix gid_t */ uint32 user_rid; /* Primary User ID */ uint32 group_rid; /* Primary Group ID */ diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 4c64ad5e017..ca7c508dc5c 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -69,6 +69,9 @@ static BOOL pdb_fill_default_sam(SAM_ACCOUNT *user) /* Don't change these timestamp settings without a good reason. They are important for NT member server compatibility. */ + user->init_flag = FLAG_SAM_UNINIT; + user->uid = user->gid = -1; + user->logon_time = (time_t)0; user->pass_last_set_time = (time_t)0; user->pass_can_change_time = (time_t)0; @@ -135,16 +138,19 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) pdb_set_username(*new_sam_acct, pwd->pw_name); pdb_set_fullname(*new_sam_acct, pwd->pw_gecos); - pdb_set_uid(*new_sam_acct, &pwd->pw_uid); - pdb_set_gid(*new_sam_acct, &pwd->pw_gid); - + pdb_set_uid(*new_sam_acct, pwd->pw_uid); + pdb_set_gid(*new_sam_acct, pwd->pw_gid); + pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid)); /* call the mapping code here */ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { sid_peek_rid(&map.sid, &rid); - } else + } + else { rid=pdb_gid_to_group_rid(pwd->pw_gid); + } + pdb_set_group_rid(*new_sam_acct, rid); pstrcpy(str, lp_logon_path()); @@ -187,9 +193,6 @@ static BOOL pdb_free_sam_contents(SAM_ACCOUNT *user) SAFE_FREE(user->nt_pw); SAFE_FREE(user->lm_pw); - SAFE_FREE(user->uid); - SAFE_FREE(user->gid); - return True; } @@ -1186,20 +1189,20 @@ uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) return (-1); } -uid_t *pdb_get_uid (const SAM_ACCOUNT *sampass) +uid_t pdb_get_uid (const SAM_ACCOUNT *sampass) { if (sampass) return (sampass->uid); else - return (NULL); + return (-1); } -gid_t *pdb_get_gid (const SAM_ACCOUNT *sampass) +gid_t pdb_get_gid (const SAM_ACCOUNT *sampass) { if (sampass) return (sampass->gid); else - return (NULL); + return (-1); } const char* pdb_get_username (const SAM_ACCOUNT *sampass) @@ -1403,59 +1406,25 @@ BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours) return True; } -/********************************************************************* - Set the user's UNIX uid, as a pointer to malloc'ed memory. - ********************************************************************/ - -BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t *uid) +BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid) { if (!sampass) return False; - if (!uid) { - /* Allow setting to NULL */ - SAFE_FREE(sampass->uid); - return True; - } - - if (sampass->uid!=NULL) - DEBUG(4,("pdb_set_nt_passwd: uid non NULL overwritting ?\n")); - else - sampass->uid=(uid_t *)malloc(sizeof(uid_t)); - - if (sampass->uid==NULL) - return False; - - *sampass->uid = *uid; + sampass->uid = uid; + sampass->init_flag |= FLAG_SAM_UID; return True; } -/********************************************************************* - Set the user's UNIX gid, as a pointer to malloc'ed memory. - ********************************************************************/ - -BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t *gid) +BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid) { if (!sampass) return False; - - if (!gid) { - /* Allow setting to NULL */ - SAFE_FREE(sampass->gid); - return True; - } - - if (sampass->gid!=NULL) - DEBUG(4,("pdb_set_nt_passwd: gid non NULL overwritting ?\n")); - else - sampass->gid=(gid_t *)malloc(sizeof(gid_t)); - - if (sampass->gid==NULL) - return False; - - *sampass->gid = *gid; + + sampass->gid = gid; + sampass->init_flag |= FLAG_SAM_GID; return True; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index f426f926b19..a6593491d01 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -485,8 +485,8 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass, pdb_set_hours_len(sampass, hours_len); pdb_set_logons_divs(sampass, logon_divs); - pdb_set_uid(sampass, &sys_user->pw_uid); - pdb_set_gid(sampass, &sys_user->pw_gid); + pdb_set_uid(sampass, sys_user->pw_uid); + pdb_set_gid(sampass, sys_user->pw_gid); pdb_set_user_rid(sampass, user_rid); pdb_set_group_rid(sampass, group_rid); @@ -577,9 +577,10 @@ static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, const SAM_ACCO make_a_mod(mods, ldap_state, "description", pdb_get_acct_desc(sampass)); make_a_mod(mods, ldap_state, "userWorkstations", pdb_get_workstations(sampass)); - if ( !sampass->user_rid) - sampass->user_rid = pdb_uid_to_user_rid(pdb_get_uid(sampass)); - slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid); + if ( !sampass->user_rid ) + slprintf(temp, sizeof(temp) - 1, "%i", pdb_uid_to_user_rid(pdb_get_uid(sampass))); + else + slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid); make_a_mod(mods, ldap_state, "rid", temp); if ( !sampass->group_rid) { diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 2820fa14142..27dd420f3f4 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -313,8 +313,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS)); pdb_set_munged_dial(pw_buf, NULL); - pdb_set_uid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_UID))); - pdb_set_gid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); + pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); + pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 9cfad2540c4..8e942a60fb4 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1133,22 +1133,22 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); ********************************************************************/ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass) { - uid_t *uid; - gid_t *gid; + uid_t uid; + gid_t gid; if (sampass == NULL) return False; uid = pdb_get_uid(sampass); gid = pdb_get_gid(sampass); - if (!uid || !gid) { + if (!IS_SAM_UNIX_USER(sampass)) { DEBUG(0,("build_sam_pass: Failing attempt to store user without a UNIX uid or gid. \n")); return False; } ZERO_STRUCTP(smb_pw); - smb_pw->smb_userid=*uid; + smb_pw->smb_userid=uid; smb_pw->smb_name=pdb_get_username(sampass); smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass); @@ -1157,7 +1157,7 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass); smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass); - if (*uid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) { + if (uid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) { DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); return False; } @@ -1174,7 +1174,7 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas * our domain SID ? well known SID ? local SID ? */ - if (*gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) { + if (gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) { DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n")); DEBUG(0,("build_sam_pass: %d %d %d. \n", *gid, pdb_group_rid_to_gid(pdb_get_group_rid(sampass)), pdb_get_group_rid(sampass))); return False; @@ -1206,8 +1206,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw return False; } - pdb_set_uid (sam_pass, &pwfile->pw_uid); - pdb_set_gid (sam_pass, &pwfile->pw_gid); + pdb_set_uid (sam_pass, pwfile->pw_uid); + pdb_set_gid (sam_pass, pwfile->pw_gid); pdb_set_fullname(sam_pass, pwfile->pw_gecos); @@ -1236,12 +1236,13 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw pdb_set_dir_drive (sam_pass, lp_logon_drive()); +#if 0 /* JERRY */ /* the smbpasswd format doesn't have a must change time field, so we can't get this right. The best we can do is to set this to some time in the future. 21 days seems as reasonable as any other value :) */ pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE); - +#endif /* check if this is a user account or a machine account */ if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') { @@ -1524,7 +1525,8 @@ BOOL pdb_update_sam_account(const SAM_ACCOUNT *sampass, BOOL override) struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ - build_smb_pass(&smb_pw, sampass); + if (!build_smb_pass(&smb_pw, sampass)) + return False; /* update the entry */ if(!mod_smbfilepwd_entry(&smb_pw, override)) diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 1f1d1ab455b..08439a9d206 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -461,8 +461,8 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user) uid = pw->pw_uid; gid = pw->pw_gid; - pdb_set_uid (user, &uid); - pdb_set_gid (user, &gid); + pdb_set_uid (user, uid); + pdb_set_gid (user, gid); /* increment to next in line */ global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key); @@ -531,8 +531,8 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname) if ((pw=sys_getpwnam(pdb_get_username(user)))) { uid = pw->pw_uid; gid = pw->pw_gid; - pdb_set_uid (user, &uid); - pdb_set_gid (user, &gid); + pdb_set_uid (user, uid); + pdb_set_gid (user, gid); } /* cleanup */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4b3140b3504..c97619c4b6c 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -274,8 +274,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm auth_authsupplied_info *auth_info = NULL; auth_serversupplied_info *server_info = NULL; - uid_t *puid; - uid_t *pgid; + uid_t uid; + uid_t gid; DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -417,17 +417,17 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - puid = pdb_get_uid(server_info->sam_account); - pgid = pdb_get_gid(server_info->sam_account); - - if (!puid || !pgid) { + if (!IS_SAM_UNIX_USER(server_info->sam_account)) { DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); free_server_info(&server_info); return False; } - p->pipe_user.uid = *puid; - p->pipe_user.gid = *pgid; + uid = pdb_get_uid(server_info->sam_account); + gid = pdb_get_gid(server_info->sam_account); + + p->pipe_user.uid = uid; + p->pipe_user.gid = gid; /* Set up pipe user group membership. */ initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 71837efdcbd..538225e245e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -209,8 +209,8 @@ tell random client vuid's (normally zero) from valid vuids. int register_vuid(auth_serversupplied_info *server_info, char *smb_name) { user_struct *vuser = NULL; - uid_t *puid; - gid_t *pgid; + uid_t uid; + gid_t gid; /* Ensure no vuid gets registered in share level security. */ if(lp_security() == SEC_SHARE) @@ -227,15 +227,15 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) ZERO_STRUCTP(vuser); - puid = pdb_get_uid(server_info->sam_account); - pgid = pdb_get_gid(server_info->sam_account); - - if (!puid || !pgid) { + if (!IS_SAM_UNIX_USER(server_info->sam_account)) { DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n")); free(vuser); return UID_FIELD_INVALID; } + uid = pdb_get_uid(server_info->sam_account); + gid = pdb_get_gid(server_info->sam_account); + /* Allocate a free vuid. Yes this is a linear search... :-) */ while( get_valid_user_struct(next_vuid) != NULL ) { next_vuid++; @@ -247,8 +247,8 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) DEBUG(10,("register_vuid: allocated vuid = %u\n", (unsigned int)next_vuid )); vuser->vuid = next_vuid; - vuser->uid = *puid; - vuser->gid = *pgid; + vuser->uid = uid; + vuser->gid = gid; vuser->guest = server_info->guest; fstrcpy(vuser->user.unix_name, pdb_get_username(server_info->sam_account)); fstrcpy(vuser->user.smb_name, smb_name); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 73423e0beeb..ce241934a11 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -74,17 +74,17 @@ static void usage(void) static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle) { - uid_t *puid; - gid_t *pgid; + uid_t uid; + gid_t gid; /* TODO: chaeck if entry is a user or a workstation */ if (!sam_pwent) return -1; if (verbosity) { printf ("username: %s\n", pdb_get_username(sam_pwent)); - if ((puid = pdb_get_uid(sam_pwent)) && (pgid = pdb_get_gid(sam_pwent))) { - printf ("user ID/Group: %d/%d\n", (unsigned int)*puid, - (unsigned int)*pgid); + if ((uid = pdb_get_uid(sam_pwent)) && (gid = pdb_get_gid(sam_pwent))) { + printf ("user ID/Group: %d/%d\n", (unsigned int)uid, + (unsigned int)gid); } printf ("user RID/GRID: %u/%u\n", (unsigned int)sam_pwent->user_rid, (unsigned int)sam_pwent->group_rid); @@ -94,7 +94,7 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf ("Logon Script: %s\n", pdb_get_logon_script(sam_pwent)); printf ("Profile Path: %s\n", pdb_get_profile_path(sam_pwent)); } else if (smbpwdstyle) { - if ((puid = pdb_get_uid(sam_pwent))) { + if ((uid = pdb_get_uid(sam_pwent))) { char lm_passwd[33]; char nt_passwd[33]; pdb_sethexpwd(lm_passwd, @@ -106,7 +106,7 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf("%s:%d:%s:%s:%s:LCT-%08X:\n", pdb_get_username(sam_pwent), - (unsigned int)*puid, + (unsigned int)uid, lm_passwd, nt_passwd, pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), @@ -115,8 +115,8 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n"); } } else { - if ((puid = pdb_get_uid(sam_pwent))) { - printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), *puid, pdb_get_fullname(sam_pwent)); + if ((uid = pdb_get_uid(sam_pwent))) { + printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent)); } else { printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent)); }