#define SHAREMODE_FN(fn) \
void (*fn)(share_mode_entry *, char*)
+/*
+ * bit flags representing initialized fields in SAM_ACCOUNT
+ */
+#define FLAG_SAM_UNINIT 0x00000000
+#define FLAG_SAM_UID 0x00000001
+#define FLAG_SAM_GID 0x00000002
+#define FLAG_SAM_SMBHOME 0x00000004
+#define FLAG_SAM_PROFILE 0x00000008
+#define FLAG_SAM_LOGONSCRIPT 0x00000010
+#define FLAG_SAM_DRIVE 0x00000020
+
+#define IS_SAM_UNIX_USER(x) \
+ (((x)->init_flag & FLAG_SAM_UID) \
+ && ((x)->init_flag & FLAG_SAM_GID))
+
+
typedef struct sam_passwd
{
+ /* initiailization flags */
+ uint32 init_flag;
+
time_t logon_time; /* logon time */
time_t logoff_time; /* logoff time */
time_t kickoff_time; /* kickoff time */
pstring unknown_str ; /* don't know what this is, yet. */
pstring munged_dial ; /* munged path name and dial-back tel number */
- uid_t *uid; /* this is a pointer to the unix uid_t */
- gid_t *gid; /* this is a pointer to the unix gid_t */
+ uid_t uid; /* this is a pointer to the unix uid_t */
+ gid_t gid; /* this is a pointer to the unix gid_t */
uint32 user_rid; /* Primary User ID */
uint32 group_rid; /* Primary Group ID */
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
+ user->init_flag = FLAG_SAM_UNINIT;
+ user->uid = user->gid = -1;
+
user->logon_time = (time_t)0;
user->pass_last_set_time = (time_t)0;
user->pass_can_change_time = (time_t)0;
pdb_set_username(*new_sam_acct, pwd->pw_name);
pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
- pdb_set_uid(*new_sam_acct, &pwd->pw_uid);
- pdb_set_gid(*new_sam_acct, &pwd->pw_gid);
-
+ pdb_set_uid(*new_sam_acct, pwd->pw_uid);
+ pdb_set_gid(*new_sam_acct, pwd->pw_gid);
+
pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, &rid);
- } else
+ }
+ else {
rid=pdb_gid_to_group_rid(pwd->pw_gid);
+ }
+
pdb_set_group_rid(*new_sam_acct, rid);
pstrcpy(str, lp_logon_path());
SAFE_FREE(user->nt_pw);
SAFE_FREE(user->lm_pw);
- SAFE_FREE(user->uid);
- SAFE_FREE(user->gid);
-
return True;
}
return (-1);
}
-uid_t *pdb_get_uid (const SAM_ACCOUNT *sampass)
+uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->uid);
else
- return (NULL);
+ return (-1);
}
-gid_t *pdb_get_gid (const SAM_ACCOUNT *sampass)
+gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->gid);
else
- return (NULL);
+ return (-1);
}
const char* pdb_get_username (const SAM_ACCOUNT *sampass)
return True;
}
-/*********************************************************************
- Set the user's UNIX uid, as a pointer to malloc'ed memory.
- ********************************************************************/
-
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t *uid)
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
{
if (!sampass)
return False;
- if (!uid) {
- /* Allow setting to NULL */
- SAFE_FREE(sampass->uid);
- return True;
- }
-
- if (sampass->uid!=NULL)
- DEBUG(4,("pdb_set_nt_passwd: uid non NULL overwritting ?\n"));
- else
- sampass->uid=(uid_t *)malloc(sizeof(uid_t));
-
- if (sampass->uid==NULL)
- return False;
-
- *sampass->uid = *uid;
+ sampass->uid = uid;
+ sampass->init_flag |= FLAG_SAM_UID;
return True;
}
-/*********************************************************************
- Set the user's UNIX gid, as a pointer to malloc'ed memory.
- ********************************************************************/
-
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t *gid)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
{
if (!sampass)
return False;
-
- if (!gid) {
- /* Allow setting to NULL */
- SAFE_FREE(sampass->gid);
- return True;
- }
-
- if (sampass->gid!=NULL)
- DEBUG(4,("pdb_set_nt_passwd: gid non NULL overwritting ?\n"));
- else
- sampass->gid=(gid_t *)malloc(sizeof(gid_t));
-
- if (sampass->gid==NULL)
- return False;
-
- *sampass->gid = *gid;
+
+ sampass->gid = gid;
+ sampass->init_flag |= FLAG_SAM_GID;
return True;
pdb_set_hours_len(sampass, hours_len);
pdb_set_logons_divs(sampass, logon_divs);
- pdb_set_uid(sampass, &sys_user->pw_uid);
- pdb_set_gid(sampass, &sys_user->pw_gid);
+ pdb_set_uid(sampass, sys_user->pw_uid);
+ pdb_set_gid(sampass, sys_user->pw_gid);
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
make_a_mod(mods, ldap_state, "description", pdb_get_acct_desc(sampass));
make_a_mod(mods, ldap_state, "userWorkstations", pdb_get_workstations(sampass));
- if ( !sampass->user_rid)
- sampass->user_rid = pdb_uid_to_user_rid(pdb_get_uid(sampass));
- slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid);
+ if ( !sampass->user_rid )
+ slprintf(temp, sizeof(temp) - 1, "%i", pdb_uid_to_user_rid(pdb_get_uid(sampass)));
+ else
+ slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid);
make_a_mod(mods, ldap_state, "rid", temp);
if ( !sampass->group_rid) {
pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS));
pdb_set_munged_dial(pw_buf, NULL);
- pdb_set_uid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_UID)));
- pdb_set_gid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
+ pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
+ pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
********************************************************************/
static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
- uid_t *uid;
- gid_t *gid;
+ uid_t uid;
+ gid_t gid;
if (sampass == NULL)
return False;
uid = pdb_get_uid(sampass);
gid = pdb_get_gid(sampass);
- if (!uid || !gid) {
+ if (!IS_SAM_UNIX_USER(sampass)) {
DEBUG(0,("build_sam_pass: Failing attempt to store user without a UNIX uid or gid. \n"));
return False;
}
ZERO_STRUCTP(smb_pw);
- smb_pw->smb_userid=*uid;
+ smb_pw->smb_userid=uid;
smb_pw->smb_name=pdb_get_username(sampass);
smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
- if (*uid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
+ if (uid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
return False;
}
* our domain SID ? well known SID ? local SID ?
*/
- if (*gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+ if (gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
DEBUG(0,("build_sam_pass: %d %d %d. \n", *gid, pdb_group_rid_to_gid(pdb_get_group_rid(sampass)), pdb_get_group_rid(sampass)));
return False;
return False;
}
- pdb_set_uid (sam_pass, &pwfile->pw_uid);
- pdb_set_gid (sam_pass, &pwfile->pw_gid);
+ pdb_set_uid (sam_pass, pwfile->pw_uid);
+ pdb_set_gid (sam_pass, pwfile->pw_gid);
pdb_set_fullname(sam_pass, pwfile->pw_gecos);
pdb_set_dir_drive (sam_pass, lp_logon_drive());
+#if 0 /* JERRY */
/* the smbpasswd format doesn't have a must change time field, so
we can't get this right. The best we can do is to set this to
some time in the future. 21 days seems as reasonable as any other value :)
*/
pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
-
+#endif
/* check if this is a user account or a machine account */
if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$')
{
struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
- build_smb_pass(&smb_pw, sampass);
+ if (!build_smb_pass(&smb_pw, sampass))
+ return False;
/* update the entry */
if(!mod_smbfilepwd_entry(&smb_pw, override))
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (user, &uid);
- pdb_set_gid (user, &gid);
+ pdb_set_uid (user, uid);
+ pdb_set_gid (user, gid);
/* increment to next in line */
global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
if ((pw=sys_getpwnam(pdb_get_username(user)))) {
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (user, &uid);
- pdb_set_gid (user, &gid);
+ pdb_set_uid (user, uid);
+ pdb_set_gid (user, gid);
}
/* cleanup */
auth_authsupplied_info *auth_info = NULL;
auth_serversupplied_info *server_info = NULL;
- uid_t *puid;
- uid_t *pgid;
+ uid_t uid;
+ uid_t gid;
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- puid = pdb_get_uid(server_info->sam_account);
- pgid = pdb_get_gid(server_info->sam_account);
-
- if (!puid || !pgid) {
+ if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
free_server_info(&server_info);
return False;
}
- p->pipe_user.uid = *puid;
- p->pipe_user.gid = *pgid;
+ uid = pdb_get_uid(server_info->sam_account);
+ gid = pdb_get_gid(server_info->sam_account);
+
+ p->pipe_user.uid = uid;
+ p->pipe_user.gid = gid;
/* Set up pipe user group membership. */
initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
{
user_struct *vuser = NULL;
- uid_t *puid;
- gid_t *pgid;
+ uid_t uid;
+ gid_t gid;
/* Ensure no vuid gets registered in share level security. */
if(lp_security() == SEC_SHARE)
ZERO_STRUCTP(vuser);
- puid = pdb_get_uid(server_info->sam_account);
- pgid = pdb_get_gid(server_info->sam_account);
-
- if (!puid || !pgid) {
+ if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n"));
free(vuser);
return UID_FIELD_INVALID;
}
+ uid = pdb_get_uid(server_info->sam_account);
+ gid = pdb_get_gid(server_info->sam_account);
+
/* Allocate a free vuid. Yes this is a linear search... :-) */
while( get_valid_user_struct(next_vuid) != NULL ) {
next_vuid++;
DEBUG(10,("register_vuid: allocated vuid = %u\n", (unsigned int)next_vuid ));
vuser->vuid = next_vuid;
- vuser->uid = *puid;
- vuser->gid = *pgid;
+ vuser->uid = uid;
+ vuser->gid = gid;
vuser->guest = server_info->guest;
fstrcpy(vuser->user.unix_name, pdb_get_username(server_info->sam_account));
fstrcpy(vuser->user.smb_name, smb_name);
static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle)
{
- uid_t *puid;
- gid_t *pgid;
+ uid_t uid;
+ gid_t gid;
/* TODO: chaeck if entry is a user or a workstation */
if (!sam_pwent) return -1;
if (verbosity) {
printf ("username: %s\n", pdb_get_username(sam_pwent));
- if ((puid = pdb_get_uid(sam_pwent)) && (pgid = pdb_get_gid(sam_pwent))) {
- printf ("user ID/Group: %d/%d\n", (unsigned int)*puid,
- (unsigned int)*pgid);
+ if ((uid = pdb_get_uid(sam_pwent)) && (gid = pdb_get_gid(sam_pwent))) {
+ printf ("user ID/Group: %d/%d\n", (unsigned int)uid,
+ (unsigned int)gid);
}
printf ("user RID/GRID: %u/%u\n", (unsigned int)sam_pwent->user_rid,
(unsigned int)sam_pwent->group_rid);
printf ("Logon Script: %s\n", pdb_get_logon_script(sam_pwent));
printf ("Profile Path: %s\n", pdb_get_profile_path(sam_pwent));
} else if (smbpwdstyle) {
- if ((puid = pdb_get_uid(sam_pwent))) {
+ if ((uid = pdb_get_uid(sam_pwent))) {
char lm_passwd[33];
char nt_passwd[33];
pdb_sethexpwd(lm_passwd,
printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
pdb_get_username(sam_pwent),
- (unsigned int)*puid,
+ (unsigned int)uid,
lm_passwd,
nt_passwd,
pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n");
}
} else {
- if ((puid = pdb_get_uid(sam_pwent))) {
- printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), *puid, pdb_get_fullname(sam_pwent));
+ if ((uid = pdb_get_uid(sam_pwent))) {
+ printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent));
} else {
printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent));
}