weekend work. user / group database API.
authorLuke Leighton <lkcl@samba.org>
Sun, 29 Nov 1998 20:03:33 +0000 (20:03 +0000)
committerLuke Leighton <lkcl@samba.org>
Sun, 29 Nov 1998 20:03:33 +0000 (20:03 +0000)
- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)

40 files changed:
source3/groupdb/aliasdb.c
source3/groupdb/aliasfile.c
source3/groupdb/aliasunix.c
source3/groupdb/groupdb.c
source3/groupdb/groupfile.c
source3/groupdb/groupunix.c
source3/include/ntdomain.h
source3/include/proto.h
source3/include/rpc_misc.h
source3/include/rpc_samr.h
source3/include/smb.h
source3/lib/util.c
source3/lib/util_sid.c
source3/nmbd/nmbd.c
source3/param/loadparm.c
source3/passdb/ldap.c
source3/passdb/nispass.c
source3/passdb/passdb.c
source3/passdb/passgrp.c
source3/passdb/smbpass.c
source3/passdb/smbpasschange.c
source3/passdb/smbpassgroup.c
source3/passdb/smbpassgroupunix.c
source3/rpc_client/cli_login.c
source3/rpc_client/cli_lsarpc.c
source3/rpc_client/cli_samr.c
source3/rpc_parse/parse_misc.c
source3/rpc_parse/parse_samr.c
source3/rpc_server/srv_lookup.c
source3/rpc_server/srv_netlog.c
source3/rpc_server/srv_samr.c
source3/rpcclient/cmd_lsarpc.c
source3/rpcclient/cmd_samr.c
source3/rpcclient/display.c
source3/smbd/chgpasswd.c
source3/smbd/password.c
source3/smbd/server.c
source3/smbwrapper/smbw_dir.c
source3/utils/smbpasswd.c
source3/web/swat.c

index 648700dd863e732e458a29cf8a3d25e39dcbcceb..011eee0f3dd33500008fc46819417651e9cb3b61 100644 (file)
@@ -26,6 +26,7 @@
 extern int DEBUGLEVEL;
 
 extern fstring global_sam_name;
+extern DOM_SID global_sam_sid;
 
 /*
  * NOTE. All these functions are abstracted into a structure
@@ -67,7 +68,28 @@ BOOL initialise_alias_db(void)
 *************************************************************************/
 LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
 {
-       return iterate_getaliasrid(pwdb_gid_to_alias_rid(gid), mem, num_mem);
+       DOM_NAME_MAP gmep;
+       uint32 rid;
+       if (!lookupsmbgrpgid(gid, &gmep))
+       {
+               DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid));
+               return NULL;
+       }
+
+       if (gmep.type != SID_NAME_ALIAS )
+       {
+               DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid));
+               return NULL;
+       }
+
+       sid_split_rid(&gmep.sid, &rid);
+       if (!sid_equal(&gmep.sid, &global_sam_sid))
+       {
+               DEBUG(0,("iterate_getaliasgid: gid %d does not map into our Domain SID\n", gid));
+               return NULL;
+       }
+
+       return iterate_getaliasrid(rid, mem, num_mem);
 }
 
 /************************************************************************
@@ -108,7 +130,7 @@ LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
  Utility function to search alias database by name.  use this if your database
  does not have search facilities.
 *************************************************************************/
-LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
+LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
 {
        LOCAL_GRP *als = NULL;
        void *fp = NULL;
@@ -167,11 +189,11 @@ BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als)
 /*************************************************************************
  checks to see if a user is a member of a domain alias
  *************************************************************************/
-static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
+static BOOL user_is_member(const char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
 {
        int i;
        pstring name;
-       slprintf(name, sizeof(name)-1, "\\%s\\%s", global_sam_name, user_name);
+       slprintf(name, sizeof(name)-1, "%s\\%s", global_sam_name, user_name);
 
        for (i = 0; i < num_mem; i++)
        {
@@ -190,7 +212,7 @@ static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
  gets an array of aliases that a user is in.  use this if your database
  does not have search facilities
  *************************************************************************/
-BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss)
+BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss)
 {
        LOCAL_GRP *als = NULL;
        LOCAL_GRP_MEMBER *mem = NULL;
@@ -347,9 +369,9 @@ BOOL mod_alias_entry(LOCAL_GRP* als)
  Routine to search alias database by name.
 *************************************************************************/
 
-LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
+LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
 {
-       return aldb_ops->getaliasnam(name, mem, num_mem);
+       return aldb_ops->getaliasntnam(name, mem, num_mem);
 }
 
 /************************************************************************
@@ -373,9 +395,9 @@ LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
 /*************************************************************************
  gets an array of aliases that a user is in.
  *************************************************************************/
-BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss)
+BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss)
 {
-       return aldb_ops->getuseraliasnam(user_name, als, num_alss);
+       return aldb_ops->getuseraliasntnam(user_name, als, num_alss);
 }
 
 /*************************************************************
index e73ff39e7428e3851a5c3539fa427389d3e13b1b..4ae2c25b943193acf3a6b979d566c06cc58b0727 100644 (file)
@@ -131,6 +131,7 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
 
        pstring linebuf;
        char  *p;
+       uint8 type;
 
        aldb_init_als(&al_buf);
 
@@ -139,6 +140,8 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
         */
        while (getfileline(vp, linebuf, sizeof(linebuf)) > 0)
        {
+               DOM_NAME_MAP gmep;
+
                /* get alias name */
 
                p = strncpyn(al_buf.name, linebuf, sizeof(al_buf.name), ':');
@@ -190,9 +193,25 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
                        }
                }
 
-               /* ok, set up the static data structure and return it */
+               /*
+                * look up the gid, turn it into a rid.  the _correct_ type of rid */
+                */
 
-               al_buf.rid     = pwdb_gid_to_alias_rid((gid_t)gidval);
+               if (!lookupsmbgrpgid((gid_t)gidval, &gmep))
+               {
+                       continue;
+               }
+               if (gmep.type != SID_NAME_DOM_GRP &&
+                   gmep.type != SID_NAME_WKN_GRP))
+               {
+                       continue;
+               }
+
+               sid_split_rid(&gmep.sid, &gp_buf.rid);
+               if (!sid_equal(&gmep.sid, &global_sam_sid))
+               {
+                       continue;
+               }
 
                make_alias_line(linebuf, sizeof(linebuf), &al_buf, mem, num_mem);
                DEBUG(10,("line: '%s'\n", linebuf));
@@ -237,7 +256,7 @@ static struct aliasdb_ops file_ops =
        getalsfilepwpos,
        setalsfilepwpos,
 
-       iterate_getaliasnam,          /* In aliasdb.c */
+       iterate_getaliasntnam,          /* In aliasdb.c */
        iterate_getaliasgid,          /* In aliasdb.c */
        iterate_getaliasrid,          /* In aliasdb.c */
        getalsfilepwent,
@@ -245,7 +264,7 @@ static struct aliasdb_ops file_ops =
        add_alsfileals_entry,
        mod_alsfileals_entry,
 
-       iterate_getuseraliasnam      /* in aliasdb.c */
+       iterate_getuseraliasntnam      /* in aliasdb.c */
 };
 
 struct aliasdb_ops *file_initialise_alias_db(void)
index b9d9dc6856b1bbe6af1df636936f03995656b64d..715e2906438fb14e1a1d3731d58fc6b77bd96a50 100644 (file)
@@ -65,63 +65,14 @@ static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok)
        return False;
 }
 
-/*************************************************************************
- maps a unix group to a domain sid and an nt alias name.  
-*************************************************************************/
-static void map_unix_grp_to_nt_als(char *unix_name,
-       struct group *unix_grp, char *nt_name, DOM_SID *sid)
-{
-       BOOL found = False;
-       uint32 rid;
-       fstring ntname;
-       fstring ntdomain;
-
-       if (isdigit(unix_name[0]))
-       {
-               unix_grp->gr_gid = get_number(unix_name);
-               unix_grp->gr_name = unix_name;
-               found = map_alias_gid(unix_grp->gr_gid, sid, ntname, ntdomain);
-       }
-       else
-       {
-               unix_grp->gr_name = unix_name;
-               found = map_unix_alias_name(unix_grp->gr_name, sid, ntname, ntdomain);
-       }
-
-       if (found)
-       {
-               /*
-                * find the NT name represented by this UNIX gid.
-                * then, only accept NT aliass that are in our domain
-                */
-
-               sid_split_rid(sid, &rid);
-       }
-       else
-       {
-               /*
-                * assume that the UNIX group is an NT alias with
-                * the same name.  convert gid to a alias rid.
-                */
-               
-               fstrcpy(ntdomain, global_sam_name);
-               fstrcpy(ntname, unix_grp->gr_name);
-               sid_copy(sid, &global_sam_sid);
-       }
-
-       slprintf(nt_name, sizeof(fstring)-1, "\\%s\\%s",
-                ntdomain, ntname);
-}
-
 /*************************************************************************
  Routine to return the next entry in the smbdomainalias list.
  *************************************************************************/
-BOOL get_unixalias_members(struct group *als,
+BOOL get_unixalias_members(struct group *grp,
                                int *num_mem, LOCAL_GRP_MEMBER **members)
 {
        int i;
        char *unix_name;
-       fstring nt_name;
 
        if (num_mem == NULL || members == NULL)
        {
@@ -131,28 +82,43 @@ BOOL get_unixalias_members(struct group *als,
        (*num_mem) = 0;
        (*members) = NULL;
 
-       for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++)
+       for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
        {
-               DOM_SID sid;
-               struct group unix_grp;
+               fstring name;
+               DOM_NAME_MAP gmep;
+               LOCAL_GRP_MEMBER *mem;
+
+               fstrcpy(name, unix_name);
 
-               map_unix_grp_to_nt_als(unix_name, &unix_grp, nt_name, &sid);
+               if (!lookupsmbgrpnam(name, &gmep) &&
+                   !lookupsmbpwnam (name, &gmep))
+               {
+                       continue;
+               }
 
-               if (!sid_equal(&sid, &global_sam_sid))
+               if (!sid_front_equal(&global_sam_sid, &gmep.sid))
                {
-                       DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
-                                 unix_name, global_sam_name));
+                       DEBUG(0,("alias database: could not resolve name %s (wrong Domain SID)\n",
+                                 name));
                        continue;
                }
 
-               (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
+               (*num_mem)++;
+               (*members) = Realloc((*members), (*num_mem) * sizeof(LOCAL_GRP_MEMBER));
                if ((*members) == NULL)
                {
+                       DEBUG(0,("get_unixalias_members: could not realloc LOCAL_GRP_MEMBERs\n"));
                        return False;
                }
 
-               fstrcpy((*members)[(*num_mem)].name, nt_name);
-               (*num_mem)++;
+               mem = &(*members)[(*num_mem)-1];
+               slprintf(mem->name, sizeof(mem->name)-1, "%s\\%s",
+                        gmep.nt_domain, gmep.nt_name);
+               sid_copy(&mem->sid, &gmep.sid);
+               mem->sid_use = gmep.type;
+
+               DEBUG(10,("get_unixalias_members: adding alias %s\n",
+                          mem->name));
        }
        return True;
 }
@@ -161,7 +127,7 @@ BOOL get_unixalias_members(struct group *als,
  Routine to return the next entry in the domain alias list.
 
  when we are a PDC or BDC, then unix groups that are explicitly NOT mapped
- to aliases (map_alias_gid) are treated as DOMAIN groups (see groupunix.c).
+ to aliases are treated as DOMAIN groups (see groupunix.c).
 
  when we are a member of a domain (not a PDC or BDC) then unix groups
  that are explicitly NOT mapped to aliases (map_alias_gid) are treated
@@ -190,36 +156,36 @@ static LOCAL_GRP *getalsunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
 
        aldb_init_als(&gp_buf);
 
-       fstrcpy(gp_buf.comment, "");
-
        /* cycle through unix groups */
        while ((unix_grp = getgrent()) != NULL)
        {
-               DOM_SID sid;
-               if (map_alias_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL))
+               DOM_NAME_MAP gmep;
+               fstring sid_str;
+               DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
+                          unix_grp->gr_name));
+                       
+               if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep))
                {
-                       /*
-                        * find the NT name represented by this UNIX gid.
-                        * then, only accept NT aliases that are in our domain
-                        */
-
-                       sid_split_rid(&sid, &gp_buf.rid);
-                       if (sid_equal(&sid, &global_sam_sid))
-                       {
-                               break; /* hooray. */
-                       }
+                       continue;
                }
-               else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+
+               sid_to_string(sid_str, &gmep.sid);
+               DEBUG(10,("group %s found, sid %s type %d\n",
+                       gmep.nt_name, sid_str, gmep.type));
+
+               if (gmep.type != SID_NAME_ALIAS)
                {
-                       /*
-                        * if we are a member of a domain,
-                        * assume that the UNIX alias is an NT alias with
-                        * the same name.  convert gid to a alias rid.
-                        */
-                       
-                       fstrcpy(gp_buf.name, unix_grp->gr_name);
-                       gp_buf.rid = pwdb_gid_to_alias_rid(unix_grp->gr_gid);
+                       continue;
                }
+
+               sid_split_rid(&gmep.sid, &gp_buf.rid);
+               if (!sid_equal(&global_sam_sid, &gmep.sid))
+               {
+                       continue;
+               }
+
+               fstrcpy(gp_buf.name, gmep.nt_name);
+               break;
        }
 
        if (unix_grp == NULL)
@@ -279,7 +245,7 @@ static struct aliasdb_ops unix_ops =
        getalsunixpwpos,
        setalsunixpwpos,
 
-       iterate_getaliasnam,          /* In aliasdb.c */
+       iterate_getaliasntnam,          /* In aliasdb.c */
        iterate_getaliasgid,          /* In aliasdb.c */
        iterate_getaliasrid,          /* In aliasdb.c */
        getalsunixpwent,
@@ -287,7 +253,7 @@ static struct aliasdb_ops unix_ops =
        add_alsunixgrp_entry,
        mod_alsunixgrp_entry,
 
-       iterate_getuseraliasnam      /* in aliasdb.c */
+       iterate_getuseraliasntnam      /* in aliasdb.c */
 };
 
 struct aliasdb_ops *unix_initialise_alias_db(void)
index 7b9a14c7df12b86ffdb0562f7c2fc5668ed5d957..6bd6c34442f57e1f02d7a091f2ff3d369c944e9f 100644 (file)
@@ -24,6 +24,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
 
 /*
  * NOTE. All these functions are abstracted into a structure
@@ -65,7 +66,28 @@ BOOL initialise_group_db(void)
 *************************************************************************/
 DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
 {
-       return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem);
+       DOM_NAME_MAP gmep;
+       uint32 rid;
+       if (!lookupsmbgrpgid(gid, &gmep))
+       {
+               DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
+               return NULL;
+       }
+
+       if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP)
+       {
+               DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
+               return NULL;
+       }
+
+       sid_split_rid(&gmep.sid, &rid);
+       if (!sid_equal(&gmep.sid, &global_sam_sid))
+       {
+               DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid));
+               return NULL;
+       }
+
+       return iterate_getgrouprid(rid, mem, num_mem);
 }
 
 /************************************************************************
@@ -105,7 +127,7 @@ DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_me
  Utility function to search group database by name.  use this if your database
  does not have search facilities.
 *************************************************************************/
-DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
 {
        DOMAIN_GRP *grp = NULL;
        void *fp = NULL;
@@ -165,7 +187,7 @@ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp)
 /*************************************************************************
  checks to see if a user is a member of a domain group
  *************************************************************************/
-static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
+static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
 {
        int i;
        for (i = 0; i < num_mem; i++)
@@ -185,7 +207,7 @@ static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
  gets an array of groups that a user is in.  use this if your database
  does not have search facilities
  *************************************************************************/
-BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps)
+BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps)
 {
        DOMAIN_GRP *grp = NULL;
        DOMAIN_GRP_MEMBER *mem = NULL;
@@ -342,9 +364,9 @@ BOOL mod_group_entry(DOMAIN_GRP* grp)
  Routine to search group database by name.
 *************************************************************************/
 
-DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
 {
-       return gpdb_ops->getgroupnam(name, mem, num_mem);
+       return gpdb_ops->getgroupntnam(name, mem, num_mem);
 }
 
 /************************************************************************
@@ -368,9 +390,9 @@ DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
 /*************************************************************************
  gets an array of groups that a user is in.
  *************************************************************************/
-BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps)
+BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps)
 {
-       return gpdb_ops->getusergroupsnam(user_name, grp, num_grps);
+       return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps);
 }
 
 /*************************************************************
index e0f791cafbb1dae0fd9ac1244cdcf1d8b9e0e895..e20ba6434c3c5be53ae1941521ee388822b4f26a 100644 (file)
@@ -105,7 +105,7 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member
 
                if (!found)
                {
-                       DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
+                       DEBUG(0,("group database: could not resolve name %s in domain %s\n",
                                  name, global_sam_name));
                        continue;
                }
@@ -130,6 +130,7 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
 {
        /* Static buffers we will return. */
        static DOMAIN_GRP gp_buf;
+       DOM_NAME_MAP gmep;
 
        int gidval;
 
@@ -196,7 +197,22 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
 
                /* ok, set up the static data structure and return it */
 
-               gp_buf.rid     = pwdb_gid_to_group_rid((gid_t)gidval);
+               if (!lookupsmbgrpgid((gid_t)gidval, &gmep))
+               {
+                       continue;
+               }
+               if (gmep.type != SID_NAME_DOM_GRP &&
+                   gmep.type != SID_NAME_WKN_GRP))
+               {
+                       continue;
+               }
+
+               sid_split_rid(&gmep.sid, &gp_buf.rid);
+               if (!sid_equal(&gmep.sid, &global_sam_sid))
+               {
+                       continue;
+               }
+
                gp_buf.attr    = 0x07;
 
                make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem);
@@ -242,7 +258,7 @@ static struct groupdb_ops file_ops =
        getgrpfilepwpos,
        setgrpfilepwpos,
 
-       iterate_getgroupnam,          /* In groupdb.c */
+       iterate_getgroupntnam,          /* In groupdb.c */
        iterate_getgroupgid,          /* In groupdb.c */
        iterate_getgrouprid,          /* In groupdb.c */
        getgrpfilepwent,
@@ -250,7 +266,7 @@ static struct groupdb_ops file_ops =
        add_grpfilegrp_entry,
        mod_grpfilegrp_entry,
 
-       iterate_getusergroupsnam      /* in groupdb.c */
+       iterate_getusergroupntnam      /* in groupdb.c */
 };
 
 struct groupdb_ops *file_initialise_group_db(void)
index 56d9584155ebda7738163c3d19a44777ce5584bb..e5ad029e48a02cb87966e975ff764cfe22c36b76 100644 (file)
@@ -25,7 +25,6 @@ extern int DEBUGLEVEL;
 
 
 extern DOM_SID global_sam_sid;
-extern fstring global_sam_name;
 
 /***************************************************************
  Start to enumerate the grppasswd list. Returns a void pointer
@@ -65,48 +64,6 @@ static BOOL setgrpunixpwpos(void *vp, SMB_BIG_UINT tok)
        return False;
 }
 
-/*************************************************************************
- maps a unix group to a domain sid and an nt group name.  
-*************************************************************************/
-static void map_unix_grp_to_nt_grp(char *unix_name,
-       struct group *unix_grp, char *nt_name, DOM_SID *sid)
-{
-       BOOL found = False;
-       uint32 rid;
-
-       if (isdigit(unix_name[0]))
-       {
-               unix_grp->gr_gid = get_number(unix_name);
-               unix_grp->gr_name = unix_name;
-               found = map_group_gid(unix_grp->gr_gid, sid, nt_name, NULL);
-       }
-       else
-       {
-               unix_grp->gr_name = unix_name;
-               found = map_unix_group_name(unix_grp->gr_name, sid, nt_name, NULL);
-       }
-
-       if (found)
-       {
-               /*
-                * find the NT name represented by this UNIX gid.
-                * then, only accept NT groups that are in our domain
-                */
-
-               sid_split_rid(sid, &rid);
-       }
-       else
-       {
-               /*
-                * assume that the UNIX group is an NT group with
-                * the same name.  convert gid to a group rid.
-                */
-               
-               fstrcpy(nt_name, unix_grp->gr_name);
-               sid_copy(sid, &global_sam_sid);
-       }
-}
-
 /*************************************************************************
  Routine to return the next entry in the smbdomaingroup list.
  *************************************************************************/
@@ -115,7 +72,6 @@ BOOL get_unixgroup_members(struct group *grp,
 {
        int i;
        char *unix_name;
-       fstring nt_name;
 
        if (num_mem == NULL || members == NULL)
        {
@@ -127,15 +83,27 @@ BOOL get_unixgroup_members(struct group *grp,
 
        for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
        {
-               DOM_SID sid;
-               struct group unix_grp;
+               DOM_NAME_MAP gmep;
 
-               map_unix_grp_to_nt_grp(unix_name, &unix_grp, nt_name, &sid);
+               if (!lookupsmbgrpnam(unix_name, &gmep) &&
+                   !lookupsmbpwnam (unix_name, &gmep))
+               {
+                       continue;
+               }
 
-               if (!sid_equal(&sid, &global_sam_sid))
+               if (gmep.type != SID_NAME_DOM_GRP &&
+                   gmep.type != SID_NAME_USER &&
+                   gmep.type != SID_NAME_WKN_GRP)
+               {
+                       DEBUG(0,("group database: name %s is not in a Domain Group\n",
+                                 unix_name));
+                       continue;
+               }
+                       
+               if (!sid_front_equal(&global_sam_sid, &gmep.sid))
                {
-                       DEBUG(0,("group database: could not resolve name %s in domain %s\n",
-                                 unix_name, global_sam_name));
+                       DEBUG(0,("group database: could not resolve name %s (wrong Domain SID)\n",
+                                 unix_name));
                        continue;
                }
 
@@ -145,7 +113,7 @@ BOOL get_unixgroup_members(struct group *grp,
                        return False;
                }
 
-               fstrcpy((*members)[(*num_mem)].name, nt_name);
+               fstrcpy((*members)[(*num_mem)].name, gmep.nt_name);
                (*members)[(*num_mem)].attr = 0x07;
                (*num_mem)++;
        }
@@ -189,53 +157,29 @@ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
        /* cycle through unix groups */
        while ((unix_grp = getgrent()) != NULL)
        {
-               DOM_SID sid;
-               BOOL is_alias;
-
+               DOM_NAME_MAP gmep;
                DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
                           unix_grp->gr_name));
-               is_alias = map_alias_gid(unix_grp->gr_gid, &sid, NULL, NULL);
-               if (is_alias)
+                       
+               if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep))
                {
-                       sid_split_rid(&sid, NULL);
-                       is_alias = sid_equal(&sid, &global_sam_sid);
+                       continue;
                }
 
-               if (map_group_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL))
+               if (gmep.type != SID_NAME_DOM_GRP &&
+                   gmep.type != SID_NAME_WKN_GRP)
                {
-                       fstring sid_str;
-                       /*
-                        * find the NT name represented by this UNIX gid.
-                        * then, only accept NT groups that are in our domain
-                        */
-
-                       sid_to_string(sid_str, &sid);
-                       DEBUG(10,("getgrpunixpwent: entry %s mapped to name %s, SID %s\n",
-                                  unix_grp->gr_name, gp_buf.name, sid_str));
-
-                       sid_split_rid(&sid, &gp_buf.rid);
-                       if (sid_equal(&sid, &global_sam_sid))
-                       {
-                               if (!is_alias)
-                               {
-                                       break; /* hooray. */
-                               }
-                               DEBUG(0,("configuration mistake: unix group %s is mapped to both an NT alias and an NT group\n",
-                                         gp_buf.name));
-                       }
+                       continue;
                }
-               else if (!is_alias)
-               {
-                       /*
-                        * assume that the UNIX group is an NT group with
-                        * the same name.  convert gid to a group rid.
-                        */
-                       
-                       fstrcpy(gp_buf.name, unix_grp->gr_name);
-                       gp_buf.rid = pwdb_gid_to_group_rid(unix_grp->gr_gid);
 
-                       break;
+               sid_split_rid(&gmep.sid, &gp_buf.rid);
+               if (!sid_equal(&gmep.sid, &global_sam_sid))
+               {
+                       continue;
                }
+
+               fstrcpy(gp_buf.name, gmep.nt_name);
+               break;
        }
 
        if (unix_grp == NULL)
@@ -295,7 +239,7 @@ static struct groupdb_ops unix_ops =
        getgrpunixpwpos,
        setgrpunixpwpos,
 
-       iterate_getgroupnam,          /* In groupdb.c */
+       iterate_getgroupntnam,          /* In groupdb.c */
        iterate_getgroupgid,          /* In groupdb.c */
        iterate_getgrouprid,          /* In groupdb.c */
        getgrpunixpwent,
index edbe87ab8d89d3c05f5f080602f25ee3d6976bf2..ed74943187165871d5cf52188865e46a465db35d 100644 (file)
@@ -145,7 +145,7 @@ typedef struct
 struct acct_info
 {
     fstring acct_name; /* account name */
-    uint32 smb_userid; /* domain-relative RID */
+    uint32  user_rid; /* domain-relative RID */
 };
 
 #endif /* _NT_DOMAIN_H */
index 685248fa47036ddb933a603553d78249d8d21b1e..4902cf06bf8ca39db687843a7ba1c60c4a04ccf0 100644 (file)
@@ -22,19 +22,19 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
 BOOL initialise_alias_db(void);
 LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
 LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
-LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
 BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als);
-BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss);
+BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss);
 BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss);
 void *startaliasent(BOOL update);
 void endaliasent(void *vp);
 LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem);
 BOOL add_alias_entry(LOCAL_GRP *newals);
 BOOL mod_alias_entry(LOCAL_GRP* als);
-LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
 LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
 LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
-BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss);
+BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss);
 void aldb_init_als(LOCAL_GRP *als);
 BOOL make_alias_line(char *p, int max_len,
                                LOCAL_GRP *als,
@@ -46,7 +46,7 @@ struct aliasdb_ops *file_initialise_alias_db(void);
 
 /*The following definitions come from  groupdb/aliasunix.c  */
 
-BOOL get_unixalias_members(struct group *als,
+BOOL get_unixalias_members(struct group *grp,
                                int *num_mem, LOCAL_GRP_MEMBER **members);
 struct aliasdb_ops *unix_initialise_alias_db(void);
 
@@ -55,19 +55,19 @@ struct aliasdb_ops *unix_initialise_alias_db(void);
 BOOL initialise_group_db(void);
 DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
 DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
-DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
 BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp);
-BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps);
+BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps);
 BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps);
 void *startgroupent(BOOL update);
 void endgroupent(void *vp);
 DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem);
 BOOL add_group_entry(DOMAIN_GRP *newgrp);
 BOOL mod_group_entry(DOMAIN_GRP* grp);
-DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
 DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
 DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
-BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps);
+BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps);
 void gpdb_init_grp(DOMAIN_GRP *grp);
 BOOL make_group_line(char *p, int max_len,
                                DOMAIN_GRP *grp,
@@ -124,6 +124,23 @@ void force_check_log_size( void );
 void dbgflush( void );
 BOOL dbghdr( int level, char *file, char *func, int line );
 
+/*The following definitions come from  lib/domain_namemap.c  */
+
+BOOL pwdb_rid_is_user(uint32 rid);
+BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info);
+BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info);
+BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info);
+BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info);
+BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info);
+BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info);
+BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp);
+BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep);
+BOOL lookupsmbpwntnam(char *fullntname, DOM_NAME_MAP *gmep);
+BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep);
+BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp);
+BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep);
+BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep);
+
 /*The following definitions come from  lib/doscalls.c  */
 
 int dos_unlink(char *fname);
@@ -210,6 +227,16 @@ void pidfile_create(char *name);
 
 char *rep_inet_ntoa(struct in_addr ip);
 
+/*The following definitions come from  lib/sids.c  */
+
+void get_sam_domain_name(void);
+BOOL get_member_domain_sid(void);
+void generate_wellknown_sids(void);
+BOOL generate_sam_sid(void);
+BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
+BOOL split_domain_name(char *fullname, char *domain, char *name);
+
 /*The following definitions come from  lib/signal.c  */
 
 void BlockSignals(BOOL block,int signum);
@@ -289,7 +316,7 @@ BOOL user_in_list(char *user,char *list);
 
 char *tmpdir(void);
 BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups);
-int get_number(char *tmp);
+int get_number(const char *tmp);
 char *Atoic(char *p, int *n, char *c);
 uint32 *add_num_to_list(uint32 **num, int *count, int val);
 char *get_numlist(char *p, uint32 **num, int *count);
@@ -343,7 +370,8 @@ struct hostent *Get_Hostbyname(const char *name);
 BOOL process_exists(int pid);
 char *uidtoname(uid_t uid);
 char *gidtoname(gid_t gid);
-uid_t nametouid(const char *name);
+BOOL nametogid(const char *name, gid_t *gid);
+BOOL nametouid(const char *name, uid_t *uid);
 void smb_panic(char *why);
 char *readdirname(DIR *p);
 BOOL is_in_path(char *name, name_compare_entry *namelist);
@@ -379,15 +407,37 @@ BOOL setfilepwpos(void *vp, SMB_BIG_UINT tok);
 int getfileline(void *vp, char *linebuf, int linebuf_size);
 char *fgets_slash(char *s2,int maxlen,FILE *f);
 
+/*The following definitions come from  lib/util_pwdb.c  */
+
+uint32 lookup_wk_group_name(const char *group_name, const char *domain,
+                               DOM_SID *sid, uint8 *type);
+uint32 lookup_wk_user_name(const char *user_name, const char *domain,
+                               DOM_SID *sid, uint8 *type);
+uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
+                               DOM_SID *sid, uint8 *type);
+char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
+uint16 pwdb_decode_acct_ctrl(const char *p);
+time_t pwdb_get_last_set_time(const char *p);
+void pwdb_set_logon_time(char *p, int max_len, time_t t);
+void pwdb_set_logoff_time(char *p, int max_len, time_t t);
+void pwdb_set_kickoff_time(char *p, int max_len, time_t t);
+void pwdb_set_can_change_time(char *p, int max_len, time_t t);
+void pwdb_set_must_change_time(char *p, int max_len, time_t t);
+void pwdb_set_last_set_time(char *p, int max_len, time_t t);
+void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl);
+BOOL pwdb_gethexpwd(const char *p, char *pwd);
+BOOL pwdb_initialise(void);
+
 /*The following definitions come from  lib/util_sid.c  */
 
-char *sid_to_string(pstring sidstr_out, DOM_SID *sid);
-BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
+char *sid_to_string(pstring sidstr_out, const DOM_SID *sid);
+BOOL string_to_sid(DOM_SID *sidout, const char *sidstr);
 BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
 BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
-void sid_copy(DOM_SID *sid1, DOM_SID *sid2);
-BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2);
-int sid_size(DOM_SID *sid);
+void sid_copy(DOM_SID *sid1, const DOM_SID *sid2);
+BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2);
+BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);
+int sid_size(const DOM_SID *sid);
 
 /*The following definitions come from  lib/util_sock.c  */
 
@@ -1058,6 +1108,8 @@ char *lp_workgroup(void);
 char *lp_username_map(void);
 char *lp_aliasname_map(void);
 char *lp_groupname_map(void);
+char *lp_builtinname_map(void);
+char *lp_ntusrname_map(void);
 char *lp_logon_script(void);
 char *lp_logon_path(void);
 char *lp_logon_drive(void);
@@ -1275,47 +1327,19 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd,
 /*The following definitions come from  passdb/passdb.c  */
 
 BOOL initialise_password_db(void);
-struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid);
-struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid);
+struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid);
 struct smb_passwd *iterate_getsmbpwnam(const char *name);
 void *startsmbpwent(BOOL update);
 void endsmbpwent(void *vp);
+SMB_BIG_UINT getsmbpwpos(void *vp);
+BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok);
 struct smb_passwd *getsmbpwent(void *vp);
 BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
 BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
 struct smb_passwd *getsmbpwnam(const char *name);
-struct smb_passwd *getsmbpwrid(uint32 user_rid);
-struct smb_passwd *getsmbpwuid(uid_t smb_userid);
-struct sam_passwd *iterate_getsam21pwnam(const char *name);
-struct sam_passwd *iterate_getsam21pwrid(uint32 rid);
-struct sam_passwd *iterate_getsam21pwuid(uid_t uid);
-struct sam_disp_info *getsamdisprid(uint32 rid);
-struct sam_passwd *getsam21pwent(void *vp);
-struct sam_passwd *getsam21pwnam(const char *name);
-struct sam_passwd *getsam21pwrid(uint32 rid);
+struct smb_passwd *getsmbpwuid(uid_t unix_uid);
 void pwdb_init_smb(struct smb_passwd *user);
-void pwdb_init_sam(struct sam_passwd *user);
-struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user);
-struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user);
-struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user);
-char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
-uint16 pwdb_decode_acct_ctrl(const char *p);
-time_t pwdb_get_last_set_time(const char *p);
-void pwdb_set_logon_time(char *p, int max_len, time_t t);
-void pwdb_set_logoff_time(char *p, int max_len, time_t t);
-void pwdb_set_kickoff_time(char *p, int max_len, time_t t);
-void pwdb_set_can_change_time(char *p, int max_len, time_t t);
-void pwdb_set_must_change_time(char *p, int max_len, time_t t);
-void pwdb_set_last_set_time(char *p, int max_len, time_t t);
-void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl);
-BOOL pwdb_gethexpwd(const char *p, char *pwd);
-uid_t pwdb_user_rid_to_uid(uint32 user_rid);
-uint32 pwdb_uid_to_user_rid(uid_t uid);
-uint32 pwdb_gid_to_group_rid(gid_t gid);
-gid_t pwdb_group_rid_to_gid(uint32 group_rid);
-uint32 pwdb_gid_to_alias_rid(gid_t gid);
-gid_t pwdb_alias_rid_to_gid(uint32 alias_rid);
-BOOL pwdb_rid_is_user(uint32 rid);
+struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb);
 
 /*The following definitions come from  passdb/passgrp.c  */
 
@@ -1323,10 +1347,10 @@ BOOL initialise_passgrp_db(void);
 struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
-struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
-struct smb_passwd *iterate_getsmbgrpnam(char *name,
+struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
 void *startsmbgrpent(BOOL update);
@@ -1334,24 +1358,45 @@ void endsmbgrpent(void *vp);
 struct smb_passwd *getsmbgrpent(void *vp,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
-struct smb_passwd *getsmbgrpnam(char *name,
+struct smb_passwd *getsmbgrpntnam(char *name,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
 struct smb_passwd *getsmbgrprid(uint32 user_rid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
-struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *getsmbgrpuid(uid_t unix_uid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss);
 
+/*The following definitions come from  passdb/sampass.c  */
+
+void *startsamfilepwent(BOOL update);
+void endsamfilepwent(void *vp);
+SMB_BIG_UINT getsamfilepwpos(void *vp);
+BOOL setsamfilepwpos(void *vp, SMB_BIG_UINT tok);
+struct sam_passdb_ops *file_initialise_sam_password_db(void);
+
+/*The following definitions come from  passdb/sampassdb.c  */
+
+BOOL initialise_sam_password_db(void);
+void *startsam21pwent(BOOL update);
+void endsam21pwent(void *vp);
+struct sam_passwd *getsam21pwent(void *vp);
+struct sam_passwd *iterate_getsam21pwntnam(const char *name);
+struct sam_passwd *iterate_getsam21pwrid(uint32 rid);
+struct sam_passwd *iterate_getsam21pwuid(uid_t uid);
+struct sam_disp_info *getsamdisprid(uint32 rid);
+struct sam_passwd *getsam21pwntnam(const char *name);
+struct sam_passwd *getsam21pwrid(uint32 rid);
+void pwdb_init_sam(struct sam_passwd *user);
+struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user);
+struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user);
+struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user);
+struct sam_passwd *pwdb_sam_map_names(struct sam_passwd *sam);
+
 /*The following definitions come from  passdb/smbpass.c  */
 
-void *startsmbfilepwent(BOOL update);
-void endsmbfilepwent(void *vp);
-SMB_BIG_UINT getsmbfilepwpos(void *vp);
-BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok);
-struct smb_passwd *getsmbfilepwent(void *vp);
-struct passdb_ops *file_initialise_password_db(void);
+struct smb_passdb_ops *file_initialise_password_db(void);
 
 /*The following definitions come from  passdb/smbpasschange.c  */
 
@@ -1407,10 +1452,10 @@ void load_printers(void);
 BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
 BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
 BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, 
-                              uint32 smb_userid_low, char *password,
+                              uint32 luid_low, char *password,
                               NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
 BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, 
-                          uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
+                          uint32 luid_low, char lm_chal[8], char lm_chal_resp[24],
                           char nt_chal_resp[24],
                           NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
 BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
@@ -1535,6 +1580,9 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli,
                                uint32 *num_aliases,
                                fstring als_names    [MAX_LOOKUP_SIDS],
                                uint32  num_als_users[MAX_LOOKUP_SIDS]);
+BOOL do_samr_query_useraliases(struct cli_state *cli, 
+                               POLICY_HND *pol, DOM_SID *sid,
+                               uint32 *num_aliases, uint32 *rid);
 BOOL do_samr_query_usergroups(struct cli_state *cli, 
                                POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
 BOOL do_samr_query_userinfo(struct cli_state *cli, 
@@ -1621,7 +1669,6 @@ uint32 get_enum_hnd(ENUM_HND *enh);
 void make_enum_hnd(ENUM_HND *enh, uint32 hnd);
 void smb_io_enum_hnd(char *desc,  ENUM_HND *hnd, prs_struct *ps, int depth);
 void smb_io_dom_sid(char *desc,  DOM_SID *sid, prs_struct *ps, int depth);
-void make_dom_sid(DOM_SID *sid, char *str_sid);
 void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid);
 void smb_io_dom_sid2(char *desc,  DOM_SID2 *sid, prs_struct *ps, int depth);
 void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer);
@@ -1986,6 +2033,9 @@ void make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u,
                uint16 switch_value, char *acct_desc,
                uint32 status);
 void samr_io_r_query_aliasinfo(char *desc,  SAMR_R_QUERY_ALIASINFO *r_u, prs_struct *ps, int depth);
+void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
+                               POLICY_HND *hnd,
+                               DOM_SID *sid);
 void samr_io_q_query_useraliases(char *desc,  SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth);
 void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
                uint32 num_rids, uint32 *rid, uint32 status);
@@ -2211,20 +2261,13 @@ uint32 lookup_wk_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type);
 uint32 lookup_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type);
 uint32 lookup_wk_user_sid(DOM_SID *sid, char *user_name, uint8 *type);
 uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type);
-uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_added_user_rids(char *user_name,
+uint32 lookup_added_group_name(const char *grp_name, const char *domain,
+                               DOM_SID *sid, uint8 *type);
+uint32 lookup_added_alias_name(const char *als_name, const char *domain,
+                               DOM_SID *sid, uint8 *type);
+uint32 lookup_added_user_rids(char *nt_name,
                uint32 *usr_rid, uint32 *grp_rid);
-uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type);
-uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type);
-uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type);
-uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type);
-uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type);
 uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type);
-uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid);
 
 /*The following definitions come from  rpc_server/srv_lsa.c  */
 
@@ -2278,16 +2321,6 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data);
 
 BOOL api_samr_rpc(pipes_struct *p, prs_struct *data);
 
-/*The following definitions come from  rpc_server/srv_sid.c  */
-
-void get_sam_domain_name(void);
-BOOL get_member_domain_sid(void);
-void generate_wellknown_sids(void);
-BOOL generate_sam_sid(void);
-BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
-BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
-BOOL split_domain_name(char *fullname, char *domain, char *name);
-
 /*The following definitions come from  rpc_server/srv_srvsvc.c  */
 
 BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
@@ -2384,6 +2417,9 @@ void display_share2(FILE *out_hnd, enum action_type action,
                                char *path, char *passwd);
 void display_name(FILE *out_hnd, enum action_type action,
                                char *sname);
+void display_alias_rid_info(FILE *out_hnd, enum action_type action,
+                               DOM_SID *sid,
+                               uint32 num_rids, uint32 *rid);
 void display_group_rid_info(FILE *out_hnd, enum action_type action,
                                uint32 num_gids, DOM_GID *gid);
 void display_alias_name_info(FILE *out_hnd, enum action_type action,
@@ -2530,17 +2566,6 @@ void file_chain_reset(void);
 void file_chain_save(void);
 void file_chain_restore(void);
 
-/*The following definitions come from  smbd/groupname.c  */
-
-BOOL map_group_sid(DOM_SID *psid, gid_t *gid, char *group_name, char *nt_domain);
-BOOL map_alias_sid(DOM_SID *psid, gid_t *gid, char *alias_name, char *nt_domain);
-BOOL map_unix_group_name(char *group_name, DOM_SID *psid, char *ntgroup_name, char *nt_domain);
-BOOL map_unix_alias_name(char *alias_name, DOM_SID *psid, char *ntalias_name, char *nt_domain);
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_SID *psid, char *group_name, gid_t *gid);
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_SID *psid, char *alias_name, gid_t *gid);
-BOOL map_alias_gid(gid_t gid, DOM_SID *psid, char *nt_als_name, char *nt_domain);
-BOOL map_group_gid( gid_t gid, DOM_SID *psid, char *nt_grp_name, char *nt_domain);
-
 /*The following definitions come from  smbd/ipc.c  */
 
 int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize);
index 786aad32d2dd039dd018d5271ad18ff46b94bd5f..e41c61f882a1d64830ffccb88068b2a7f16f0dae 100644 (file)
 #define BUILTIN_ALIAS_RID_USERS         (0x00000221L)
 #define BUILTIN_ALIAS_RID_GUESTS        (0x00000222L)
 #define BUILTIN_ALIAS_RID_POWER_USERS   (0x00000223L)
-
 #define BUILTIN_ALIAS_RID_ACCOUNT_OPS   (0x00000224L)
 #define BUILTIN_ALIAS_RID_SYSTEM_OPS    (0x00000225L)
 #define BUILTIN_ALIAS_RID_PRINT_OPS     (0x00000226L)
 #define BUILTIN_ALIAS_RID_BACKUP_OPS    (0x00000227L)
-
 #define BUILTIN_ALIAS_RID_REPLICATOR    (0x00000228L)
 
 /*
@@ -61,9 +59,9 @@
 #define RID_MULTIPLIER 4
 
 /* The three common types. */
-#define RID_TYPE_USER 0
-#define RID_TYPE_GROUP 1
-#define RID_TYPE_ALIAS 2
+#define RID_TYPE_USER    0
+#define RID_TYPE_GROUP   1
+#define RID_TYPE_ALIAS   2
 
 /* ENUM_HND */
 typedef struct enum_hnd_info
@@ -213,6 +211,17 @@ typedef struct domrid4_info
 
 } DOM_RID4;
 
+/* DOM_RID5 - rid, type & attributes */
+typedef struct domrid5_info
+{
+       uint32 ptr_unk;   /* pointer to unk */
+       uint32 unk;      /* value is 0x1 */
+       uint32 rid;  /* RID */
+       uint8  type; /* SID_NAME_USE_ENUM */
+       uint16 attr;
+
+} DOM_RID5;
+
 /* DOM_CLNT_SRV - client / server names */
 typedef struct clnt_srv_info
 {
index d373cff8c74b114f6cec31dee53276ba92074c7e..83be3b83f000b9b2ad7f3ad7d0cab9ca084ea85b 100644 (file)
  the following information comes from a QuickView on samsrv.dll,
  and gives an idea of exactly what is needed:
  
-SamrAddMemberToAlias
-SamrAddMemberToGroup
+SamrAddMemberToAlias
+SamrAddMemberToGroup
 SamrAddMultipleMembersToAlias
-SamrChangePasswordUser
+SamrChangePasswordUser
 x SamrCloseHandle
 x SamrConnect
-SamrCreateAliasInDomain
-SamrCreateGroupInDomain
+SamrCreateAliasInDomain
+SamrCreateGroupInDomain
 SamrCreateUserInDomain
-SamrDeleteAlias
+SamrDeleteAlias
 SamrDeleteGroup
 SamrDeleteUser
 x SamrEnumerateAliasesInDomain
@@ -54,7 +54,7 @@ SamrLookupDomainInSamServer
 x SamrLookupNamesInDomain
 x SamrOpenAlias
 x SamrOpenDomain
-SamrOpenGroup
+SamrOpenGroup
 x SamrOpenUser
 x SamrQueryDisplayInformation
 x SamrQueryInformationAlias
@@ -65,9 +65,9 @@ SamrRemoveMemberFromAlias
 SamrRemoveMemberFromForiegnDomain
 SamrRemoveMemberFromGroup
 SamrRemoveMultipleMembersFromAlias
-SamrSetInformationAlias
+SamrSetInformationAlias
 SamrSetInformationDomain
-SamrSetInformationGroup
+SamrSetInformationGroup
 SamrSetInformationUser
 SamrSetMemberAttributesOfGroup
 SamrSetSecurityObject
@@ -77,30 +77,53 @@ SamrTestPrivateFunctionsUser
 
 ********************************************************************/
 
+#define SAMR_CONNECT_ANON      0x00
 #define SAMR_CLOSE_HND         0x01
+
+#define SAMR_UNKNOWN_3         0x03
 #define SAMR_OPEN_DOMAIN       0x07
+
 #define SAMR_QUERY_DOMAIN_INFO 0x08
-#define SAMR_QUERY_USERALIASES        0x10
+
+#define SAMR_CREATE_DOM_GROUP  0x0a
+#define SAMR_ENUM_DOM_USERS    0x0d
+#define SAMR_CREATE_DOM_ALIAS  0x0e
+#define SAMR_ENUM_DOM_ALIASES  0x0f
+#define SAMR_QUERY_USERALIASES 0x10
+
 #define SAMR_LOOKUP_NAMES      0x11
-#define SAMR_UNKNOWN_3         0x03
-#define SAMR_QUERY_DISPINFO    0x28
+#define SAMR_UNKNOWN_12        0x12
+
+#define SAMR_OPEN_GROUP        0x13
+#define SAMR_QUERY_GROUPINFO   0x14
+#define SAMR_SET_GROUPINFO     0x15
+#define SAMR_ADD_GROUPMEM      0x16
+#define SAMR_QUERY_GROUPMEM    0x19
+
+#define SAMR_OPEN_ALIAS        0x1b
+#define SAMR_QUERY_ALIASINFO   0x1c
+#define SAMR_SET_ALIASINFO     0x1d
+#define SAMR_DELETE_DOM_ALIAS  0x1e
+#define SAMR_UNK_ALIAS         0x1f
+#define SAMR_ADD_ALIASMEM      0x20
+#define SAMR_QUERY_ALIASMEM    0x21
+
+#define SAMR_UNKNOWN_21        0x21
 #define SAMR_OPEN_USER         0x22
+
 #define SAMR_QUERY_USERINFO    0x24
 #define SAMR_QUERY_USERGROUPS  0x27
-#define SAMR_UNKNOWN_12        0x12
-#define SAMR_UNKNOWN_21        0x21
+#define SAMR_QUERY_DISPINFO    0x28
+
 #define SAMR_UNKNOWN_2C        0x2c
+#define SAMR_ENUM_DOM_GROUPS   0x30
 #define SAMR_UNKNOWN_32        0x32
 #define SAMR_UNKNOWN_34        0x34
+
 #define SAMR_CHGPASSWD_USER    0x37
 #define SAMR_UNKNOWN_38        0x38
+
 #define SAMR_CONNECT           0x39
-#define SAMR_CONNECT_ANON      0x00
-#define SAMR_OPEN_ALIAS        0x1b
-#define SAMR_QUERY_ALIASINFO   0x1c
-#define SAMR_ENUM_DOM_USERS    0x0d
-#define SAMR_ENUM_DOM_ALIASES  0x0f
-#define SAMR_ENUM_DOM_GROUPS   0x30
 
 
 typedef struct logon_hours_info
@@ -228,7 +251,7 @@ typedef struct q_samr_close_hnd_info
 /* SAMR_R_CLOSE_HND - probably a policy handle close */
 typedef struct r_samr_close_hnd_info
 {
-    POLICY_HND pol;       /* policy handle */
+       POLICY_HND pol;       /* policy handle */
        uint32 status;         /* return status */
 
 } SAMR_R_CLOSE_HND;
@@ -673,9 +696,143 @@ typedef struct r_samr_query_dispinfo_info
 } SAMR_R_QUERY_DISPINFO;
 
 
+#define SAMR_CREATE_DOM_GROUP  0x0a
+
+/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */
+typedef struct q_samr_create_dom_group_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       UNIHDR hdr_acct_desc;
+       UNISTR2 uni_acct_desc;
+
+       uint16 unknown_1;    /* 0x0002 */
+       uint16 unknown_2;    /* 0x0001 */
+
+} SAMR_Q_CREATE_DOM_GROUP;
+
+/* SAMR_R_CREATE_DOM_GROUP - SAM create group */
+typedef struct r_samr_create_dom_group_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       uint32 rid;    
+       uint32 status;    
+
+} SAMR_R_CREATE_DOM_GROUP;
+
+/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */
+typedef struct q_samr_query_group_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       uint16 switch_level;    /* 0x0001 seen */
+
+} SAMR_Q_QUERY_GROUPINFO;
+
+typedef struct samr_group_info1
+{
+       UNIHDR hdr_acct_name;
+       UNIHDR hdr_acct_desc;
+
+       uint32 unknown_1; /* 0x0000 0003 - number of group members? */
+       uint32 unknown_2; /* 0x0000 0001 - number of group members? */
+
+       UNISTR2 uni_acct_name;
+       UNISTR2 uni_acct_desc;
+
+} GROUP_INFO1;
+
+typedef struct samr_group_info4
+{
+       UNIHDR hdr_acct_desc;
+       UNISTR2 uni_acct_desc;
+
+} GROUP_INFO4;
+
+/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */
+typedef struct r_samr_query_groupinfo_info
+{
+       uint32 ptr;        
+       uint16 switch_value;     /* 0x0001 seen */
+       /* uint8[2] padding */
+
+       union
+       {
+               GROUP_INFO1 info1;
+
+       } group;
+
+       uint32 status;
+
+} SAMR_R_QUERY_GROUPINFO;
+
+
+/* SAMR_Q_SET_GROUPINFO - SAM Group Info */
+typedef struct q_samr_set_group_info
+{
+       POLICY_HND pol;        /* policy handle */
+       uint16 switch_value1;     /* 0x0004 seen */
+       uint16 switch_value2;     /* 0x0004 seen */
+
+       union
+       {
+               GROUP_INFO4 info4;
+
+       } group;
+
+} SAMR_Q_SET_GROUPINFO;
+
+/* SAMR_R_SET_GROUPINFO - SAM Group Info */
+typedef struct r_samr_set_group_info
+{
+       uint32 status;
+
+} SAMR_R_SET_GROUPINFO;
+
+
+/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */
+typedef struct q_samr_delete_dom_alias_info
+{
+    POLICY_HND pol;          /* policy handle */
+
+} SAMR_Q_DELETE_DOM_ALIAS;
+
+
+/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */
+typedef struct r_samr_delete_dom_alias_info
+{
+       POLICY_HND pol;       /* policy handle */
+       uint32 status;        /* return status */
+
+} SAMR_R_DELETE_DOM_ALIAS;
+
+
+/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */
+typedef struct q_samr_create_dom_alias_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       UNIHDR hdr_acct_desc;
+       UNISTR2 uni_acct_desc;
+
+       uint16 unknown_1;    /* 0x001f */
+       uint16 unknown_2;    /* 0x000f */
+
+} SAMR_Q_CREATE_DOM_ALIAS;
+
+/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */
+typedef struct r_samr_create_dom_alias_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       uint32 rid;    
+       uint32 status;    
+
+} SAMR_R_CREATE_DOM_ALIAS;
 
 /* SAMR_Q_QUERY_ALIASINFO - SAM Alias Info */
-typedef struct q_samr_enum_alias_info
+typedef struct q_samr_query_alias_info
 {
        POLICY_HND pol;        /* policy handle */
 
@@ -690,7 +847,7 @@ typedef struct samr_alias_info3
 
 } ALIAS_INFO3;
 
-/* SAMR_R_QUERY_ALIASINFO - SAM rids, names and descriptions */
+/* SAMR_R_QUERY_ALIASINFO - SAM alias info */
 typedef struct r_samr_query_aliasinfo_info
 {
        uint32 ptr;        
@@ -708,6 +865,30 @@ typedef struct r_samr_query_aliasinfo_info
 } SAMR_R_QUERY_ALIASINFO;
 
 
+/* SAMR_Q_SET_ALIASINFO - SAM Alias Info */
+typedef struct q_samr_set_alias_info
+{
+       POLICY_HND pol;        /* policy handle */
+
+       uint16 switch_value1;     /* 0x0003 */
+       uint16 switch_value2;     /* 0x0003 */
+
+       union
+       {
+               ALIAS_INFO3 info3;
+
+       } alias;
+
+} SAMR_Q_SET_ALIASINFO;
+
+/* SAMR_R_SET_ALIASINFO - SAM alias info */
+typedef struct r_samr_set_aliasinfo_info
+{
+       uint32 status;
+
+} SAMR_R_SET_ALIASINFO;
+
+
 /* SAMR_Q_QUERY_USERGROUPS - */
 typedef struct q_samr_query_usergroup_info
 {
@@ -788,7 +969,7 @@ typedef struct r_samr_query_useraliases_info
        uint32 ptr; /* undocumented buffer pointer */
 
        uint32 num_entries2; 
-       uint32 rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
+       uint32 *rid; /* domain RIDs being looked up */
 
        uint32 status; /* return code */
 
@@ -911,17 +1092,6 @@ typedef struct q_samr_unknown_13_info
 } SAMR_Q_UNKNOWN_13;
 
 
-/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */
-typedef struct q_samr_unknown_21_info
-{
-    POLICY_HND group_pol;        /* policy handle */
-
-       uint16 unknown_1;            /* 16 bit unknown - 0x0477 */
-       uint16 unknown_2;            /* 16 bit unknown - 0x0000 */
-
-} SAMR_Q_UNKNOWN_21;
-
-
 /* SAMR_Q_UNKNOWN_32 - probably a "create SAM entry" */
 typedef struct q_samr_unknown_32_info
 {
@@ -950,6 +1120,91 @@ typedef struct r_samr_unknown_32_info
 } SAMR_R_UNKNOWN_32;
 
 
+/* SAMR_Q_ADD_GROUPMEM - probably an add group member */
+typedef struct q_samr_add_group_mem_info
+{
+       POLICY_HND pol;       /* policy handle */
+
+       uint32 rid;         /* rid */
+       uint32 unknown;     /* 0x0000 0005 */
+
+} SAMR_Q_ADD_GROUPMEM;
+
+
+/* SAMR_R_ADD_GROUPMEM - probably an add group member */
+typedef struct r_samr_add_group_mem_info
+{
+       uint32 status;         /* return status */
+
+} SAMR_R_ADD_GROUPMEM;
+
+
+/* SAMR_Q_OPEN_GROUP - probably an open */
+typedef struct q_samr_open_group_info
+{
+       uint32 unknown_0;         /* 0x0000 0001, 0x0000 0003, 0x0000 001f */
+       uint32 rid_group;        /* rid */
+
+} SAMR_Q_OPEN_GROUP;
+
+
+/* SAMR_R_OPEN_GROUP - probably an open */
+typedef struct r_samr_open_group_info
+{
+       POLICY_HND pol;       /* policy handle */
+       uint32 status;         /* return status */
+
+} SAMR_R_OPEN_GROUP;
+
+
+/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */
+typedef struct q_samr_unknown_21_info
+{
+    POLICY_HND group_pol;        /* policy handle */
+
+       uint16 unknown_1;            /* 16 bit unknown - 0x0477 */
+       uint16 unknown_2;            /* 16 bit unknown - 0x0000 */
+
+} SAMR_Q_UNKNOWN_21;
+
+
+/* SAMR_Q_UNK_ALIASMEM - don't know! */
+typedef struct q_samr_unk_alias_mem_info
+{
+       POLICY_HND pol;       /* policy handle */
+
+       DOM_SID sid; /* member sid to be "something"ed to do with the alias */
+
+} SAMR_Q_UNK_ALIASMEM;
+
+
+/* SAMR_R_UNK_ALIASMEM - probably an open */
+typedef struct r_samr_unk_alias_mem_info
+{
+       uint32 status;         /* return status */
+
+} SAMR_R_UNK_ALIASMEM;
+
+
+/* SAMR_Q_ADD_ALIASMEM - probably an add member */
+typedef struct q_samr_add_alias_mem_info
+{
+       POLICY_HND pol;       /* policy handle */
+
+       DOM_SID sid; /* member sid to be added to alias */
+
+} SAMR_Q_ADD_ALIASMEM;
+
+
+/* SAMR_R_ADD_ALIASMEM - probably an open */
+typedef struct r_samr_add_alias_mem_info
+{
+       uint32 status;         /* return status */
+
+} SAMR_R_ADD_ALIASMEM;
+
+
+
 /* SAMR_Q_OPEN_ALIAS - probably an open */
 typedef struct q_samr_open_alias_info
 {
index 50d8c080a3e565ea25625abd69d800700617a246..3d8dd14a1b89c8b52e6b29dc1dd8c0af5cfd4983 100644 (file)
@@ -357,14 +357,15 @@ typedef struct nttime_info
 
 struct sam_passwd
 {
-       time_t logon_time;            /* logon time */
-       time_t logoff_time;           /* logoff time */
-       time_t kickoff_time;          /* kickoff time */
-       time_t pass_last_set_time;    /* password last set time */
-       time_t pass_can_change_time;  /* password can change time */
-       time_t pass_must_change_time; /* password must change time */
-
-       char *smb_name;     /* username string */
+       NTTIME logon_time;            /* logon time */
+       NTTIME logoff_time;           /* logoff time */
+       NTTIME kickoff_time;          /* kickoff time */
+       NTTIME pass_last_set_time;    /* password last set time */
+       NTTIME pass_can_change_time;  /* password can change time */
+       NTTIME pass_must_change_time; /* password must change time */
+
+       char *unix_name;    /* unix username string */
+       char *nt_name;      /* nt username string */
        char *full_name;    /* user's full name string */
        char *home_dir;     /* home directory string */
        char *dir_drive;    /* home directory drive string */
@@ -375,8 +376,8 @@ struct sam_passwd
        char *unknown_str ; /* don't know what this is, yet. */
        char *munged_dial ; /* munged path name and dial-back tel number */
 
-       uid_t smb_userid;       /* this is actually the unix uid_t */
-       gid_t smb_grpid;        /* this is actually the unix gid_t */
+       uid_t unix_uid;       /* this is actually the unix uid_t */
+       gid_t unix_gid;        /* this is actually the unix gid_t */
        uint32 user_rid;      /* Primary User ID */
        uint32 group_rid;     /* Primary Group ID */
 
@@ -396,8 +397,11 @@ struct sam_passwd
 
 struct smb_passwd
 {
-       uid_t smb_userid;     /* this is actually the unix uid_t */
-       char *smb_name;     /* username string */
+       uid_t unix_uid;     /* unix userid */
+       char *unix_name;     /* unix username string */
+
+       uint32 user_rid;     /* Primary User ID */
+       char *nt_name;     /* unix username string */
 
        unsigned char *smb_passwd; /* Null if no password */
        unsigned char *smb_nt_passwd; /* Null if no password */
@@ -410,8 +414,8 @@ struct smb_passwd
 struct sam_disp_info
 {
        uint32 user_rid;      /* Primary User ID */
-       char *smb_name;     /* username string */
-       char *full_name;    /* user's full name string */
+       char *nt_name;        /* username string */
+       char *full_name;      /* user's full name string */
 };
 
 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
@@ -431,6 +435,28 @@ typedef struct sid_info
 } DOM_SID;
 
 
+typedef struct group_name_info
+{
+       char *nt_name;
+       char *nt_domain;
+       char *unix_name;
+
+       DOM_SID sid;
+       uint8 type;
+       uint32 unix_id;
+
+} DOM_NAME_MAP;
+
+/* map either local aliases, domain groups or builtin aliases */
+typedef enum 
+{
+       DOM_MAP_LOCAL,
+       DOM_MAP_DOMAIN,
+       DOM_MAP_USER,
+
+} DOM_MAP_TYPE;
+
+
 /*** query a local group, get a list of these: shows who is in that group ***/
 
 /* local group member info */
@@ -744,40 +770,60 @@ struct shmem_ops {
  * to support the following operations.
  */
 
-struct passdb_ops {
-  /*
-   * Password database ops.
-   */
-  void *(*startsmbpwent)(BOOL);
-  void (*endsmbpwent)(void *);
-  SMB_BIG_UINT (*getsmbpwpos)(void *);
-  BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
+struct smb_passdb_ops
+{
+       /*
+        * Password database operations.
+        */
+       void *(*startsmbpwent)(BOOL);
+       void (*endsmbpwent)(void *);
+       SMB_BIG_UINT (*getsmbpwpos)(void *);
+       BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
 
-  /*
-   * smb password database query functions.
-   */
-  struct smb_passwd *(*getsmbpwnam)(const char *);
-  struct smb_passwd *(*getsmbpwuid)(uid_t);
-  struct smb_passwd *(*getsmbpwrid)(uint32);
-  struct smb_passwd *(*getsmbpwent)(void *);
+       /*
+        * smb password database query functions.
+        */
+       struct smb_passwd *(*getsmbpwnam)(const char *);
+       struct smb_passwd *(*getsmbpwuid)(uid_t);
+       struct smb_passwd *(*getsmbpwent)(void *);
 
+       /*
+        * smb password database modification functions.
+        */
+       BOOL (*add_smbpwd_entry)(struct smb_passwd *);
+       BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
+
+#if 0
   /*
-   * smb password database modification functions.
+   * password checking functions
    */
-  BOOL (*add_smbpwd_entry)(struct smb_passwd *);
-  BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
+  struct smb_passwd *(*smb_password_chal  )(const char *username, const char lm_pass[24], const char nt_pass[24], char chal[8]);
+  struct smb_passwd *(*smb_password_check )(const char *username, const char lm_hash[16], const char nt_hash[16]);
+  struct passwd     *(*unix_password_check)(const char *username, const char *pass, int pass_len);
+#endif
+};
+
+/*
+ * Each implementation of the password database code needs
+ * to support the following operations.
+ */
 
+struct sam_passdb_ops {
   /*
-   * Functions that manupulate a struct sam_passwd.
+   * Password database operations.
    */
-  struct sam_passwd *(*getsam21pwent)(void *);
+  void *(*startsam21pwent)(BOOL);
+  void (*endsam21pwent)(void *);
+  SMB_BIG_UINT (*getsam21pwpos)(void *);
+  BOOL (*setsam21pwpos)(void *, SMB_BIG_UINT);
 
   /*
    * sam password database query functions.
    */
-  struct sam_passwd *(*getsam21pwnam)(const char *);
+  struct sam_passwd *(*getsam21pwntnam)(const char *);
   struct sam_passwd *(*getsam21pwuid)(uid_t);
   struct sam_passwd *(*getsam21pwrid)(uint32);
+  struct sam_passwd *(*getsam21pwent)(void *);
 
   /*
    * sam password database modification functions.
@@ -788,18 +834,10 @@ struct passdb_ops {
   /*
    * sam query display info functions.
    */
-  struct sam_disp_info *(*getsamdispnam)(const char *);
+  struct sam_disp_info *(*getsamdispntnam)(const char *);
   struct sam_disp_info *(*getsamdisprid)(uint32);
   struct sam_disp_info *(*getsamdispent)(void *);
 
-#if 0
-  /*
-   * password checking functions
-   */
-  struct smb_passwd *(*smb_password_chal  )(const char *username, const char lm_pass[24], const char nt_pass[24], char chal[8]);
-  struct smb_passwd *(*smb_password_check )(const char *username, const char lm_hash[16], const char nt_hash[16]);
-  struct passwd     *(*unix_password_check)(const char *username, const char *pass, int pass_len);
-#endif
 };
 
 /*
@@ -807,23 +845,23 @@ struct passdb_ops {
  * to support the following operations.
  */
 
-struct passgrp_ops {
-  /*
-   * Password database ops.
-   */
-  void *(*startsmbgrpent)(BOOL);
-  void (*endsmbgrpent)(void *);
-  SMB_BIG_UINT (*getsmbgrppos)(void *);
-  BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
-
-  /*
-   * smb passgrp database query functions.
-   */
-  struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*);
-  struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
-  struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
-  struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
+struct passgrp_ops
+{
+       /*
+        * Password group database ops.
+        */
+       void *(*startsmbgrpent)(BOOL);
+       void (*endsmbgrpent)(void *);
+       SMB_BIG_UINT (*getsmbgrppos)(void *);
+       BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
 
+       /*
+        * smb passgrp database query functions, by user attributes.
+        */
+       struct smb_passwd *(*getsmbgrpntnam)(const char *, uint32**, int*, uint32**, int*);
+       struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
+       struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
+       struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
 };
 
 /*
@@ -846,10 +884,9 @@ struct groupdb_ops
        BOOL (*setgrouppos)(void *, SMB_BIG_UINT);
 
        /*
-        * group database query functions. set the BOOL to Tru
-        * if you want the members in the group as well.
+        * group database query functions. 
         */
-       DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *);
+       DOMAIN_GRP *(*getgroupntnam)(const char *, DOMAIN_GRP_MEMBER **, int *);
        DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *);
        DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *);
        DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *);
@@ -863,7 +900,7 @@ struct groupdb_ops
        /*
         * user group functions
         */
-       BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *);
+       BOOL (*getusergroupsntnam)(const char *, DOMAIN_GRP **, int *);
 };
 
 /*
@@ -886,10 +923,9 @@ struct aliasdb_ops
        BOOL (*setaliaspos)(void *, SMB_BIG_UINT);
 
        /*
-        * alias database query functions. set the BOOL to Tru
-        * if you want the members in the alias as well.
+        * alias database query functions. 
         */
-       LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *);
+       LOCAL_GRP *(*getaliasntnam)(const char *, LOCAL_GRP_MEMBER **, int *);
        LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *);
        LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *);
        LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *);
@@ -903,7 +939,7 @@ struct aliasdb_ops
        /*
         * user alias functions
         */
-       BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *);
+       BOOL (*getuseraliasntnam)(const char *, LOCAL_GRP **, int *);
 };
 
 /* this is used for smbstatus */
index 757abc81751e8efb9d6608a2d42ccb87d59676dd..8bc75e1137ea8d05b25ebfc575817c421ac0cb70 100644 (file)
@@ -121,7 +121,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
 /****************************************************************************
 gets either a hex number (0xNNN) or decimal integer (NNN).
 ****************************************************************************/
-int get_number(char *tmp)
+int get_number(const char *tmp)
 {
        if (strnequal(tmp, "0x", 2))
        {
@@ -2185,33 +2185,18 @@ void standard_sub(connection_struct *conn,char *str)
 {
        char *p, *s, *home;
 
-       for (s=str; (p=strchr(s, '%'));s=p) {
-               switch (*(p+1)) {
-               case 'H': 
-                       if ((home = get_home_dir(conn->user))) {
-                               string_sub(p,"%H",home);
-                       } else {
-                               p += 2;
-                       }
-                       break;
-                       
-               case 'P': 
-                       string_sub(p,"%P",conn->connectpath); 
-                       break;
-                       
-               case 'S': 
-                       string_sub(p,"%S",
-                                  lp_servicename(SNUM(conn))); 
-                       break;
-                       
-               case 'g': 
-                       string_sub(p,"%g",
-                                  gidtoname(conn->gid)); 
-                       break;
-               case 'u': 
-                       string_sub(p,"%u",conn->user); 
-                       break;
-                       
+       for (s=str; (p=strchr(s, '%'));s=p)
+       {
+               switch (*(p+1))
+               {
+                       case 'H': 
+                               if ((home = get_home_dir(conn->user)) != NULL) {
+                                       string_sub(p,"%H",home);
+                               } else {
+                                       p += 2;
+                               }
+                               break;
+                               
                        /* Patch from jkf@soton.ac.uk Left the %N (NIS
                         * server name) in standard_sub_basic as it is
                         * a feature for logon servers, hence uses the
@@ -2219,17 +2204,14 @@ void standard_sub(connection_struct *conn,char *str)
                         * here as it is used instead of the default
                         * "path =" string in [homes] and so needs the
                         * service name, not the username.  */
-               case 'p': 
-                       string_sub(p,"%p",
-                                  automount_path(lp_servicename(SNUM(conn)))); 
-                       break;
-               case '\0': 
-                       p++; 
-                       break; /* don't run off the end of the string 
-                               */
-                       
-               default: p+=2; 
-                       break;
+                       case 'p': string_sub(p,"%p", automount_path(lp_servicename(SNUM(conn)))); break;
+                       case 'P': string_sub(p,"%P",conn->connectpath); break; 
+                       case 'S': string_sub(p,"%S", lp_servicename(SNUM(conn))); break; 
+                       case 'g': string_sub(p,"%g", gidtoname(conn->gid)); break;
+                       case 'u': string_sub(p,"%u", conn->user); break;
+                               
+                       case '\0': p++; break; /* don't run off the end of the string */ 
+                       default  : p+=2; break;
                }
        }
        
@@ -2350,14 +2332,49 @@ char *gidtoname(gid_t gid)
        return(name);
 }
 
+/*******************************************************************
+turn a group name into a gid
+********************************************************************/
+
+BOOL nametogid(const char *name, gid_t *gid)
+{
+       struct group *grp = getgrnam(name);
+       if (grp)
+       {
+               *gid = grp->gr_gid;
+               return True;
+       }
+       else if (isdigit(name[0]))
+       {
+               *gid = (gid_t)get_number(name);
+               return True;
+       }
+       else
+       {
+               return False;
+       }
+}
+
 /*******************************************************************
 turn a user name into a uid
 ********************************************************************/
-uid_t nametouid(const char *name)
+BOOL nametouid(const char *name, uid_t *uid)
 {
-       struct passwd *pass = getpwnam(name);
-       if (pass) return(pass->pw_uid);
-       return (uid_t)-1;
+       struct passwd *pass = Get_Pwnam(name, False);
+       if (pass)
+       {
+               *uid = pass->pw_uid;
+               return True;
+       }
+       else if (isdigit(name[0]))
+       {
+               *uid = (uid_t)get_number(name);
+               return True;
+       }
+       else
+       {
+               return False;
+       }
 }
 
 /*******************************************************************
index 8741479067249d0252479c0d2e445b8f868dcd3f..48c092ecf7dda97893e3f6d73c18640ac5ba8ebc 100644 (file)
@@ -29,7 +29,7 @@ extern int DEBUGLEVEL;
  Convert a SID to an ascii string.
 *****************************************************************/
 
-char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
+char *sid_to_string(pstring sidstr_out, const DOM_SID *sid)
 {
   char subauth[16];
   int i;
@@ -55,10 +55,10 @@ char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
  Convert a string to a SID. Returns True on success, False on fail.
 *****************************************************************/  
    
-BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
+BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 {
   pstring tok;
-  char *p = sidstr;
+  const char *p = sidstr;
   /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
   uint32 ia;
 
@@ -146,7 +146,7 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
 /*****************************************************************
  copies a sid
 *****************************************************************/  
-void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
+void sid_copy(DOM_SID *sid1, const DOM_SID *sid2)
 {
        int i;
 
@@ -163,10 +163,35 @@ void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
        sid1->num_auths   = sid2->num_auths;
        sid1->sid_rev_num = sid2->sid_rev_num;
 }
+
+/*****************************************************************
+ compare two sids up to the auths of the first sid
+*****************************************************************/  
+BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+       int i;
+
+       /* compare most likely different rids, first: i.e start at end */
+       for (i = sid1->num_auths-1; i >= 0; --i)
+       {
+               if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
+       }
+
+       if (sid1->num_auths   >  sid2->num_auths  ) return False;
+       if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
+
+       for (i = 0; i < 6; i++)
+       {
+               if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
+       }
+
+       return True;
+}
+
 /*****************************************************************
  compare two sids
 *****************************************************************/  
-BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
+BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
 {
        int i;
 
@@ -191,7 +216,7 @@ BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
 /*****************************************************************
  calculates size of a sid
 *****************************************************************/  
-int sid_size(DOM_SID *sid)
+int sid_size(const DOM_SID *sid)
 {
        if (sid == NULL)
        {
index 2c9dd1327454b368135bbbdbe2c03ff019746a8f..bfcf0ad2399d50b4c8df2617c834c3b166889905 100644 (file)
@@ -1,7 +1,7 @@
 /*
-   Unix SMB/Netbios implementation.
+   Unix SMB/NetBIOS implementation.
    Version 1.9.
-   NBT netbios routines and daemon - version 2
+   NBT NetBIOS routines and daemon - version 2
    Copyright (C) Andrew Tridgell 1994-1998
    
    This program is free software; you can redistribute it and/or modify
@@ -509,7 +509,7 @@ static BOOL init_structs(void)
     *p = 0;
   strlower( local_machine );
 
-  DEBUG( 5, ("Netbios name list:-\n") );
+  DEBUG( 5, ("NetBIOS name list:-\n") );
   for( n=0; my_netbios_names[n]; n++ )
     DEBUGADD( 5, ( "my_netbios_names[%d]=\"%s\"\n", n, my_netbios_names[n] ) );
 
@@ -567,9 +567,6 @@ static void usage(char *pname)
 
   charset_initialise();
 
-  if(!initialise_password_db())
-    exit(1);
-
 #ifdef LMHOSTSFILE
   pstrcpy( host_file, LMHOSTSFILE );
 #endif
@@ -661,7 +658,7 @@ static void usage(char *pname)
 
   reopen_logs();
 
-  DEBUG( 1, ( "Netbios nameserver version %s started.\n", VERSION ) );
+  DEBUG( 1, ( "NetBIOS nameserver version %s started.\n", VERSION ) );
   DEBUGADD( 1, ( "Copyright Andrew Tridgell 1994-1998\n" ) );
 
   if( !get_myname( myhostname, NULL) )
@@ -680,13 +677,17 @@ static void usage(char *pname)
 
   reload_services( True );
 
-  fstrcpy( global_myworkgroup, lp_workgroup() );
-
-  if (strequal(global_myworkgroup,"*"))
-  {
-    DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));
-    exit(1);
-  }
+       if (!pwdb_initialise())
+       {
+               exit(1);
+       }
+
+       if (!get_member_domain_sid())
+       {
+               DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",
+                         lp_passwordserver()));
+               exit(1);
+       }
 
   set_samba_nb_type();
 
index 2286d95fd524fb0fde487a8b9897321d7b8888e5..871fc774a5c65ef1a75a210fb7fdd03794d0995c 100644 (file)
@@ -126,6 +126,8 @@ typedef struct
   char *szUsernameMap;
   char *szAliasnameMap;
   char *szGroupnameMap;
+  char *szBuiltinnameMap;
+  char *szNTusernameMap;
   char *szCharacterSet;
   char *szLogonScript;
   char *szLogonPath;
@@ -517,9 +519,13 @@ static struct parm_struct parm_table[] =
   {"null passwords",   P_BOOL,    P_GLOBAL, &Globals.bNullPasswords,    NULL,   NULL,  0},
   {"password server",  P_STRING,  P_GLOBAL, &Globals.szPasswordServer,  NULL,   NULL,  0},
   {"smb passwd file",  P_STRING,  P_GLOBAL, &Globals.szSMBPasswdFile,   NULL,   NULL,  0},
+#if USE_SMBFILE_DB
   {"smb passgrp file", P_STRING,  P_GLOBAL, &Globals.szSMBPassGroupFile, NULL,   NULL,  0},
+#endif
+#if USE_SMBGROUP_DB
   {"smb group file",   P_STRING,  P_GLOBAL, &Globals.szSMBGroupFile,    NULL,   NULL,  0},
   {"smb alias file",   P_STRING,  P_GLOBAL, &Globals.szSMBAliasFile,    NULL,   NULL,  0},
+#endif
   {"hosts equiv",      P_STRING,  P_GLOBAL, &Globals.szHostsEquiv,      NULL,   NULL,  0},
   {"root directory",   P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL,   NULL,  0},
   {"root dir",         P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL,   NULL,  0},
@@ -687,6 +693,8 @@ static struct parm_struct parm_table[] =
 
   {"local group map",   P_STRING, P_GLOBAL, &Globals.szAliasnameMap,     NULL,   NULL,  0},
   {"domain group map",  P_STRING, P_GLOBAL, &Globals.szGroupnameMap,     NULL,   NULL,  0},
+  {"builtin group map", P_STRING, P_GLOBAL, &Globals.szBuiltinnameMap,   NULL,   NULL,  0},
+  {"domain user map",   P_STRING, P_GLOBAL, &Globals.szNTusernameMap,     NULL,   NULL,  0},
   {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout,  NULL,   NULL,  0},
 
   {"Logon Options", P_SEP, P_SEPARATOR},
@@ -819,9 +827,13 @@ static void init_globals(void)
   DEBUG(3,("Initialising global parameters\n"));
 
   string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
+#if USE_SMBFILE_DB
   string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE);
+#endif
+#if USE_SMBGROUP_DB
   string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE);
   string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE);
+#endif
   string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*");
   string_set(&Globals.szWorkGroup, WORKGROUP);
   string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM);
@@ -1101,9 +1113,13 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile)
 FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun)
 FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile)
 FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile)
+#if USE_SMBFILE_DB
 FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile)
+#endif
+#if USE_SMBGROUP_DB
 FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile)
 FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile)
+#endif
 FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString)
 FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname)
 FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir)
@@ -1120,6 +1136,8 @@ FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
 FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
 FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap)
 FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
+FN_GLOBAL_STRING(lp_builtinname_map,&Globals.szBuiltinnameMap)
+FN_GLOBAL_STRING(lp_ntusrname_map,&Globals.szNTusernameMap)
 FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) 
 FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) 
 FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive) 
index 270616fbcff2cab4ee395b7074a6b84a46325111..5e196889ca2405472e41603c7b6412417e06930d 100644 (file)
@@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
        get_single_attribute(ldap_struct, entry, "rid", temp);
 
        /* the smb (unix) ids are not stored: they are created */
-       user->smb_userid = pwdb_user_rid_to_uid (atoi(temp));
+       user->unix_uid = pwdb_user_rid_to_uid (atoi(temp));
 
        if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
        {
@@ -347,7 +347,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
        user->group_rid = atoi(temp);
 
        /* the smb (unix) ids are not stored: they are created */
-       user->smb_userid = pw_buf.smb_userid;
+       user->unix_uid = pw_buf.unix_uid;
        user->smb_grpid = group_rid_to_uid(user->group_rid);
 
        user->acct_ctrl = pw_buf.acct_ctrl;
@@ -553,7 +553,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
        }
        slprintf(nthash, sizeof(nthash)-1, "%s", temp);
 
-       slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) );
+       slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->unix_uid) );
        slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time);
        
        mods = NULL; 
@@ -925,9 +925,9 @@ static struct smb_passwd *getldappwnam(char *name)
   return pwdb_sam_to_smb(iterate_getsam21pwnam(name));
 }
 
-static struct smb_passwd *getldappwuid(uid_t smb_userid)
+static struct smb_passwd *getldappwuid(uid_t unix_uid)
 {
-  return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
+  return pwdb_sam_to_smb(iterate_getsam21pwuid(unix_uid));
 }
 
 static struct smb_passwd *getldappwrid(uint32 user_rid)
index 58257d5b2d64ec69157f7249cfccae68846c8e5c..f554958adebd2c7bd232184b97a0240fb346aa1e 100644 (file)
@@ -371,7 +371,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
        pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); 
        pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); 
 
-       slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid);
+       slprintf(uid, sizeof(uid), "%u", newpwd->unix_uid);
        slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid);
        slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid);
        slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid);
@@ -500,7 +500,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
        uidval = atoi(ENTRY_VAL(obj, NPF_UID));
 
        pw_buf->smb_name      = user_name;
-       pw_buf->smb_userid    = uidval;         
+       pw_buf->unix_uid    = uidval;           
        pw_buf->smb_passwd    = smbpwd;
        pw_buf->smb_nt_passwd = smbntpwd;
 
@@ -621,9 +621,9 @@ static struct smb_passwd *getnisppwnam(char *name)
        return pwdb_sam_to_smb(getnisp21pwnam(name));
 }
 
-static struct sam_passwd *getnisp21pwuid(uid_t smb_userid)
+static struct sam_passwd *getnisp21pwuid(uid_t unix_uid)
 {
-       return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid));
+       return getnisp21pwrid(pwdb_uid_to_user_rid(unix_uid));
 }
 
 static struct smb_passwd *getnisppwrid(uid_t user_rid)
@@ -631,9 +631,9 @@ static struct smb_passwd *getnisppwrid(uid_t user_rid)
        return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid)));
 }
 
-static struct smb_passwd *getnisppwuid(uid_t smb_userid)
+static struct smb_passwd *getnisppwuid(uid_t unix_uid)
 {
-       return pwdb_sam_to_smb(getnisp21pwuid(smb_userid));
+       return pwdb_sam_to_smb(getnisp21pwuid(unix_uid));
 }
 
 static struct sam_disp_info *getnispdispnam(char *name)
index 70c7f1fc9cbd4c50942b65eeda2ab0347722005e..4dc945ff313fff83f5e3f1d57370d206aa097285 100644 (file)
@@ -24,6 +24,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
 
 /*
  * NOTE. All these functions are abstracted into a structure
@@ -52,7 +53,7 @@ extern int DEBUGLEVEL;
  *
  */
 
-static struct passdb_ops *pwdb_ops;
+static struct smb_passdb_ops *pwdb_ops;
 
 /***************************************************************
  Initialise the password db operations.
@@ -80,26 +81,17 @@ BOOL initialise_password_db(void)
  * Functions that return/manipulate a struct smb_passwd.
  */
 
-/************************************************************************
- Utility function to search smb passwd by rid.  
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid)
-{
-       return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid));
-}
-
 /************************************************************************
  Utility function to search smb passwd by uid.  use this if your database
  does not have search facilities.
 *************************************************************************/
 
-struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
+struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid)
 {
        struct smb_passwd *pwd = NULL;
        void *fp = NULL;
 
-       DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
+       DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
 
        /* Open the smb password database - not for update. */
        fp = startsmbpwent(False);
@@ -110,13 +102,13 @@ struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
                return NULL;
        }
 
-       while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid)
+       while ((pwd = getsmbpwent(fp)) != NULL && pwd->unix_uid != unix_uid)
        {
        }
 
        if (pwd != NULL)
        {
-               DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+               DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
        }
 
        endsmbpwent(fp);
@@ -144,9 +136,9 @@ struct smb_passwd *iterate_getsmbpwnam(const char *name)
                return NULL;
        }
 
-       while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name))
+       while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->unix_name, name))
        {
-               DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->smb_userid));
+               DEBUG(10, ("iterate: %s 0x%x\n", pwd->unix_name, pwd->unix_uid));
        }
 
        if (pwd != NULL)
@@ -189,13 +181,23 @@ void endsmbpwent(void *vp)
   pwdb_ops->endsmbpwent(vp);
 }
 
+SMB_BIG_UINT getsmbpwpos(void *vp)
+{
+  return pwdb_ops->getsmbpwpos(vp);
+}
+
+BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok)
+{
+  return pwdb_ops->setsmbpwpos(vp, tok);
+}
+
 /*************************************************************************
  Routine to return the next entry in the smb passwd list.
  *************************************************************************/
 
 struct smb_passwd *getsmbpwent(void *vp)
 {
-       return pwdb_ops->getsmbpwent(vp);
+       return pwdb_smb_map_names(pwdb_ops->getsmbpwent(vp));
 }
 
 /************************************************************************
@@ -204,7 +206,7 @@ struct smb_passwd *getsmbpwent(void *vp)
 
 BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
 {
-       return pwdb_ops->add_smbpwd_entry(newpwd);
+       return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd));
 }
 
 /************************************************************************
@@ -218,7 +220,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
 
 BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
 {
-       return pwdb_ops->mod_smbpwd_entry(pwd, override);
+       return pwdb_ops->mod_smbpwd_entry(pwdb_smb_map_names(pwd), override);
 }
 
 /************************************************************************
@@ -227,604 +229,94 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
 
 struct smb_passwd *getsmbpwnam(const char *name)
 {
-       return pwdb_ops->getsmbpwnam(name);
-}
-
-/************************************************************************
- Routine to search smb passwd by user rid.
-*************************************************************************/
-
-struct smb_passwd *getsmbpwrid(uint32 user_rid)
-{
-       return pwdb_ops->getsmbpwrid(user_rid);
+       return pwdb_smb_map_names(pwdb_ops->getsmbpwnam(name));
 }
 
 /************************************************************************
  Routine to search smb passwd by uid.
 *************************************************************************/
 
-struct smb_passwd *getsmbpwuid(uid_t smb_userid)
-{
-       return pwdb_ops->getsmbpwuid(smb_userid);
-}
-
-/*
- * Functions that manupulate a struct sam_passwd.
- */
-
-/************************************************************************
- Utility function to search sam passwd by name.  use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwnam(const char *name)
-{
-       struct sam_passwd *pwd = NULL;
-       void *fp = NULL;
-
-       DEBUG(10, ("search by name: %s\n", name));
-
-       /* Open the smb password database - not for update. */
-       fp = startsmbpwent(False);
-
-       if (fp == NULL)
-       {
-               DEBUG(0, ("unable to open sam password database.\n"));
-               return NULL;
-       }
-
-       while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name))
-       {
-               DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
-       }
-
-       if (pwd != NULL)
-       {
-               DEBUG(10, ("found by name: %s\n", name));
-       }
-
-       endsmbpwent(fp);
-       return pwd;
-}
-
-/************************************************************************
- Utility function to search sam passwd by rid.  use this if your database
- does not have search facilities.
-
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.  
-
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
-{
-       struct sam_passwd *pwd = NULL;
-       void *fp = NULL;
-
-       DEBUG(10, ("search by rid: %x\n", rid));
-
-       /* Open the smb password file - not for update. */
-       fp = startsmbpwent(False);
-
-       if (fp == NULL)
-       {
-               DEBUG(0, ("unable to open sam password database.\n"));
-               return NULL;
-       }
-
-       while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
-       {
-               DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
-       }
-
-       if (pwd != NULL)
-       {
-               DEBUG(10, ("found by user_rid: %x\n", rid));
-       }
-
-       endsmbpwent(fp);
-       return pwd;
-}
-
-/************************************************************************
- Utility function to search sam passwd by uid.  use this if your database
- does not have search facilities.
-
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.  
-
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
-{
-       struct sam_passwd *pwd = NULL;
-       void *fp = NULL;
-
-       DEBUG(10, ("search by uid: %x\n", (int)uid));
-
-       /* Open the smb password file - not for update. */
-       fp = startsmbpwent(False);
-
-       if (fp == NULL)
-       {
-               DEBUG(0, ("unable to open sam password database.\n"));
-               return NULL;
-       }
-
-       while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid)
-       {
-       }
-
-       if (pwd != NULL)
-       {
-               DEBUG(10, ("found by smb_userid: %x\n", (int)uid));
-       }
-
-       endsmbpwent(fp);
-       return pwd;
-}
-
-/*************************************************************************
- Routine to return a display info structure, by rid
- *************************************************************************/
-struct sam_disp_info *getsamdisprid(uint32 rid)
-{
-       return pwdb_ops->getsamdisprid(rid);
-}
-
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-
-struct sam_passwd *getsam21pwent(void *vp)
-{
-       return pwdb_ops->getsam21pwent(vp);
-}
-
-
-/************************************************************************
- Routine to search sam passwd by name.
-*************************************************************************/
-
-struct sam_passwd *getsam21pwnam(const char *name)
-{
-       return pwdb_ops->getsam21pwnam(name);
-}
-
-/************************************************************************
- Routine to search sam passwd by rid.  
-*************************************************************************/
-
-struct sam_passwd *getsam21pwrid(uint32 rid)
+struct smb_passwd *getsmbpwuid(uid_t unix_uid)
 {
-       return pwdb_ops->getsam21pwrid(rid);
-}
-
-
-/**********************************************************
- **********************************************************
-
- utility routines which are likely to be useful to all password
- databases
-
- **********************************************************
- **********************************************************/
-
-/*************************************************************
- initialises a struct sam_disp_info.
- **************************************************************/
-
-static void pwdb_init_dispinfo(struct sam_disp_info *user)
-{
-       if (user == NULL) return;
-       bzero(user, sizeof(*user));
+       return pwdb_smb_map_names(pwdb_ops->getsmbpwuid(unix_uid));
 }
 
 /*************************************************************
  initialises a struct smb_passwd.
  **************************************************************/
-
 void pwdb_init_smb(struct smb_passwd *user)
 {
        if (user == NULL) return;
        bzero(user, sizeof(*user));
        user->pass_last_set_time    = (time_t)-1;
+       user->unix_uid = (uid_t)-1;
+       user->user_rid = 0xffffffff;
 }
 
 /*************************************************************
initialises a struct sam_passwd.
fills in missing details.  one set of details _must_ exist.
  **************************************************************/
-void pwdb_init_sam(struct sam_passwd *user)
-{
-       if (user == NULL) return;
-       bzero(user, sizeof(*user));
-       user->logon_time            = (time_t)-1;
-       user->logoff_time           = (time_t)-1;
-       user->kickoff_time          = (time_t)-1;
-       user->pass_last_set_time    = (time_t)-1;
-       user->pass_can_change_time  = (time_t)-1;
-       user->pass_must_change_time = (time_t)-1;
-}
-
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-
-struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
-{
-       static struct sam_disp_info disp_info;
-
-       if (user == NULL) return NULL;
-
-       pwdb_init_dispinfo(&disp_info);
-
-       disp_info.smb_name  = user->smb_name;
-       disp_info.full_name = user->full_name;
-       disp_info.user_rid  = user->user_rid;
-
-       return &disp_info;
-}
-
-/*************************************************************
- converts a sam_passwd structure to a smb_passwd structure.
- **************************************************************/
-
-struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
+struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb)
 {
-       static struct smb_passwd pw_buf;
+       DOM_NAME_MAP gmep;
+       BOOL found = False;
+       DOM_SID sid;
+       static fstring unix_name;
+       static fstring nt_name;
 
-       if (user == NULL) return NULL;
+       DEBUG(10,("pwdb_smb_map_names\n"));
 
-       pwdb_init_smb(&pw_buf);
-
-       pw_buf.smb_userid         = user->smb_userid;
-       pw_buf.smb_name           = user->smb_name;
-       pw_buf.smb_passwd         = user->smb_passwd;
-       pw_buf.smb_nt_passwd      = user->smb_nt_passwd;
-       pw_buf.acct_ctrl          = user->acct_ctrl;
-       pw_buf.pass_last_set_time = user->pass_last_set_time;
-
-       return &pw_buf;
-}
-
-
-/*************************************************************
- converts a smb_passwd structure to a sam_passwd structure.
- **************************************************************/
-
-struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
-{
-       static struct sam_passwd pw_buf;
-
-       if (user == NULL) return NULL;
-
-       pwdb_init_sam(&pw_buf);
-
-       pw_buf.smb_userid         = user->smb_userid;
-       pw_buf.smb_name           = user->smb_name;
-       pw_buf.smb_passwd         = user->smb_passwd;
-       pw_buf.smb_nt_passwd      = user->smb_nt_passwd;
-       pw_buf.acct_ctrl          = user->acct_ctrl;
-       pw_buf.pass_last_set_time = user->pass_last_set_time;
-
-       return &pw_buf;
-}
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
-       static fstring acct_str;
-       size_t i = 0;
-
-       acct_str[i++] = '[';
-
-       if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
-       if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
-       if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
-       if (acct_ctrl & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
-       if (acct_ctrl & ACB_NORMAL   ) acct_str[i++] = 'U';
-       if (acct_ctrl & ACB_MNS      ) acct_str[i++] = 'M';
-       if (acct_ctrl & ACB_WSTRUST  ) acct_str[i++] = 'W';
-       if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
-       if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
-       if (acct_ctrl & ACB_PWNOEXP  ) acct_str[i++] = 'X';
-       if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
-       for ( ; i < length - 2 ; i++ )
+       if (smb == NULL)
        {
-               acct_str[i] = ' ';
+               return NULL;
        }
 
-       i = length - 2;
-       acct_str[i++] = ']';
-       acct_str[i++] = '\0';
-
-       return acct_str;
-}     
-
-/**********************************************************
- Decode the account control bits from a string.
-
- this function breaks coding standards minimum line width of 80 chars.
- reason: vertical line-up code clarity - all case statements fit into
- 15 lines, which is more important.
- **********************************************************/
-
-uint16 pwdb_decode_acct_ctrl(const char *p)
-{
-       uint16 acct_ctrl = 0;
-       BOOL finished = False;
-
-       /*
-        * Check if the account type bits have been encoded after the
-        * NT password (in the form [NDHTUWSLXI]).
-        */
-
-       if (*p != '[') return 0;
-
-       for (p++; *p && !finished; p++)
+       if (smb->unix_name == NULL && smb->nt_name == NULL &&
+           smb->unix_uid == (uid_t)-1 && smb->user_rid == 0xffffffff)
        {
-               switch (*p)
-               {
-                       case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
-                       case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
-                       case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
-                       case 'T': { acct_ctrl |= ACB_TEMPDUP  ; break; /* 'T'emp account. */ } 
-                       case 'U': { acct_ctrl |= ACB_NORMAL   ; break; /* 'U'ser account (normal). */ } 
-                       case 'M': { acct_ctrl |= ACB_MNS      ; break; /* 'M'NS logon user account. What is this ? */ } 
-                       case 'W': { acct_ctrl |= ACB_WSTRUST  ; break; /* 'W'orkstation account. */ } 
-                       case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 
-                       case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
-                       case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
-                       case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
-                       case ' ': { break; }
-                       case ':':
-                       case '\n':
-                       case '\0': 
-                       case ']':
-                       default:  { finished = True; }
-               }
+               return NULL;
        }
 
-       return acct_ctrl;
-}
-
-/*******************************************************************
- gets password-database-format time from a string.
- ********************************************************************/
-
-static time_t get_time_from_string(const char *p)
-{
-       int i;
-
-       for (i = 0; i < 8; i++)
+       if (!found && smb->unix_name != NULL)
        {
-               if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
-               {
-                       break;
-               }
+               found = lookupsmbpwnam(smb->unix_name, &gmep);
        }
-       if (i == 8)
+       if (!found && smb->unix_uid  != (uid_t)-1)
        {
-               /*
-                * p points at 8 characters of hex digits - 
-                * read into a time_t as the seconds since
-                * 1970 that the password was last changed.
-                */
-               return (time_t)strtol(p, NULL, 16);
+               found = lookupsmbpwuid(smb->unix_uid , &gmep);
        }
-       return (time_t)-1;
-}
-
-/*******************************************************************
- gets password last set time
- ********************************************************************/
 
-time_t pwdb_get_last_set_time(const char *p)
-{
-       if (*p && StrnCaseCmp(p, "LCT-", 4))
+       if (!found)
        {
-               return get_time_from_string(p + 4);
+               sid_copy(&sid, &global_sam_sid);
+               sid_append_rid(&sid, smb->user_rid);
        }
-       return (time_t)-1;
-}
-
-
-/*******************************************************************
- sets password-database-format time in a string.
- ********************************************************************/
-static void set_time_in_string(char *p, int max_len, char *type, time_t t)
-{
-       slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
-}
-
-/*******************************************************************
- sets logon time
- ********************************************************************/
-void pwdb_set_logon_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "LNT", t);
-}
-
-/*******************************************************************
- sets logoff time
- ********************************************************************/
-void pwdb_set_logoff_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "LOT", t);
-}
-
-/*******************************************************************
- sets kickoff time
- ********************************************************************/
-void pwdb_set_kickoff_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "KOT", t);
-}
-
-/*******************************************************************
- sets password can change time
- ********************************************************************/
-void pwdb_set_can_change_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "CCT", t);
-}
-
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pwdb_set_must_change_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "MCT", t);
-}
-
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pwdb_set_last_set_time(char *p, int max_len, time_t t)
-{
-       set_time_in_string(p, max_len, "LCT", t);
-}
 
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl)
-{
-       if (pwd != NULL)
+       if (!found && smb->user_rid != 0xffffffff)
        {
-               int i;
-               for (i = 0; i < 16; i++)
-               {
-                       slprintf(&p[i*2], 33, "%02X", pwd[i]);
-               }
+               found = lookupsmbpwsid  (&sid        , &gmep);
        }
-       else
+       if (!found && smb->nt_name  != NULL)
        {
-               if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ))
-               {
-                       safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
-               }
-               else
-               {
-                       safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
-               }
+               found = lookupsmbpwntnam(smb->nt_name, &gmep);
        }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-BOOL pwdb_gethexpwd(const char *p, char *pwd)
-{
-       return strhex_to_str(pwd, 32, p) == 16;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
-       uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER);
-       return uid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_uid_to_user_rid(uid_t uid)
-{
-       uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
-       return user_rid;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_gid_to_group_rid(gid_t gid)
-{
-       uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
-       return grp_rid;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-gid_t pwdb_group_rid_to_gid(uint32 group_rid)
-{
-       gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER);
-       return gid;
-}
-
-/*******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_gid_to_alias_rid(gid_t gid)
-{
-       uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
-       return alias_rid;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-gid_t pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
-       gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER);
-       return gid;
-}
 
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
-       return (rid < 1000);
-}
+       if (!found)
+       {
+               return NULL;
+       }
 
-/*******************************************************************
- determines a rid's type.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
-       /* lkcl i understand that NT attaches an enumeration to a RID
-        * such that it can be identified as either a user, group etc
-        * type: SID_ENUM_TYPE.
-        */
-       if (pwdb_rid_is_well_known(rid))
+       if (!sid_front_equal(&global_sam_sid, &gmep.sid))
        {
-               /*
-                * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
-                * and DOMAIN_USER_RID_GUEST.
-                */
-               if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
-               {
-                       return RID_TYPE_USER;
-               }
-               if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
-               {
-                       return RID_TYPE_GROUP;
-               }
-               if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
-               {
-                       return RID_TYPE_ALIAS;
-               }
+               return NULL;
        }
-       return (rid & RID_TYPE_MASK);
-}
 
-/*******************************************************************
- checks whether rid is a user rid.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
-       return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
+       fstrcpy(unix_name, gmep.unix_name);
+       fstrcpy(nt_name  , gmep.nt_name  );
+       if (smb->unix_name == NULL      ) smb->unix_name = unix_name;
+       if (smb->nt_name   == NULL      ) smb->nt_name   = nt_name  ;
+       if (smb->unix_uid  == (uid_t)-1 ) smb->unix_uid  = (uid_t)gmep.unix_id;
+       if (smb->user_rid  == 0xffffffff) sid_split_rid(&gmep.sid, &smb->user_rid);
 
+       return smb;
+}
index f626dd978ae9705360f8370dc4e099cbc7c7dc42..41b01a1a49927ee8f77b40f1c82448a5ddfef385 100644 (file)
@@ -72,8 +72,30 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss)
 {
-       return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid),
-                                   grps, num_grps, alss, num_alss);
+       struct smb_passwd *pwd = NULL;
+       void *fp = NULL;
+
+       DEBUG(10, ("search by user_rid: 0x%x\n", user_rid));
+
+       /* Open the smb password database - not for update. */
+       fp = startsmbgrpent(False);
+
+       if (fp == NULL)
+       {
+               DEBUG(0, ("unable to open smb passgrp database.\n"));
+               return NULL;
+       }
+
+       while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->user_rid != user_rid)
+      ;
+
+       if (pwd != NULL)
+       {
+               DEBUG(10, ("found by user_rid: 0x%x\n", user_rid));
+       }
+
+       endsmbgrpent(fp);
+       return pwd;
 }
 
 /************************************************************************
@@ -81,14 +103,14 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
  does not have search facilities.
 *************************************************************************/
 
-struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss)
 {
        struct smb_passwd *pwd = NULL;
        void *fp = NULL;
 
-       DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
+       DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
 
        /* Open the smb password database - not for update. */
        fp = startsmbgrpent(False);
@@ -99,12 +121,12 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
                return NULL;
        }
 
-       while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid)
+       while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->unix_uid != unix_uid)
       ;
 
        if (pwd != NULL)
        {
-               DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+               DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
        }
 
        endsmbgrpent(fp);
@@ -116,12 +138,14 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
  does not have search facilities.
 *************************************************************************/
 
-struct smb_passwd *iterate_getsmbgrpnam(char *name,
+struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss)
 {
        struct smb_passwd *pwd = NULL;
+       fstring name;
        void *fp = NULL;
+       fstrcpy(name, nt_name);
 
        DEBUG(10, ("search by name: %s\n", name));
 
@@ -134,7 +158,7 @@ struct smb_passwd *iterate_getsmbgrpnam(char *name,
                return NULL;
        }
 
-       while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name))
+       while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->nt_name, name))
       ;
 
        if (pwd != NULL)
@@ -192,11 +216,11 @@ struct smb_passwd *getsmbgrpent(void *vp,
  Routine to search smb passwd by name.
 *************************************************************************/
 
-struct smb_passwd *getsmbgrpnam(char *name,
+struct smb_passwd *getsmbgrpntnam(char *name,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss)
 {
-       return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss);
+       return pwgrp_ops->getsmbgrpntnam(name, grps, num_grps, alss, num_alss);
 }
 
 /************************************************************************
@@ -214,10 +238,10 @@ struct smb_passwd *getsmbgrprid(uint32 user_rid,
  Routine to search smb passwd by uid.
 *************************************************************************/
 
-struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *getsmbgrpuid(uid_t unix_uid,
                uint32 **grps, int *num_grps,
                uint32 **alss, int *num_alss)
 {
-       return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss);
+       return pwgrp_ops->getsmbgrpuid(unix_uid, grps, num_grps, alss, num_alss);
 }
 
index 262ffa3e2e6b706656bb0348bc3eeed3f79494db..0de09e60853a11f35497790fa5426cf2dcf604ad 100644 (file)
@@ -23,8 +23,6 @@
 
 static int pw_file_lock_depth = 0;
 extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
 
 static char s_readbuf[1024];
 
@@ -33,7 +31,7 @@ static char s_readbuf[1024];
  to ensure no modification outside this module.
 ****************************************************************/
 
-void *startsmbfilepwent(BOOL update)
+static void *startsmbfilepwent(BOOL update)
 {
        return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
                              &pw_file_lock_depth, update);
@@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update)
  End enumeration of the smbpasswd list.
 ****************************************************************/
 
-void endsmbfilepwent(void *vp)
+static void endsmbfilepwent(void *vp)
 {
        endfilepwent(vp, &pw_file_lock_depth);
 }
@@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp)
  This must be treated as an opaque token.
 *************************************************************************/
 
-SMB_BIG_UINT getsmbfilepwpos(void *vp)
+static SMB_BIG_UINT getsmbfilepwpos(void *vp)
 {
        return getfilepwpos(vp);
 }
@@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp)
  This must be treated as an opaque token.
 *************************************************************************/
 
-BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
+static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
 {
        return setfilepwpos(vp, tok);
 }
@@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
 /*************************************************************************
  Routine to return the next entry in the smbpasswd list.
  *************************************************************************/
-struct smb_passwd *getsmbfilepwent(void *vp)
+static struct smb_passwd *getsmbfilepwent(void *vp)
 {
        /* Static buffers we will return. */
        static struct smb_passwd pw_buf;
-       static pstring  user_name;
+       static pstring  nt_name;
        static unsigned char smbpwd[16];
        static unsigned char smbntpwd[16];
-       struct passwd *pwfile;
        char            linebuf[256];
        char  *p;
        int            uidval;
@@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
                 * As 256 is shorter than a pstring we don't need to check
                 * length here - if this ever changes....
                 */
-               p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
+               p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
 
                /* Go past ':' */
                p++;
@@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
 
                p = Atoic( p, &uidval, ":");
 
-               pw_buf.smb_name = user_name;
-               pw_buf.smb_userid = uidval;
+               pw_buf.nt_name = nt_name;
+               pw_buf.unix_uid = uidval;
 
                /*
                 * Now get the password value - this should be 32 hex digits
@@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
                if (*p == '*' || *p == 'X')
                {
                        /* Password deliberately invalid - end here. */
-                       DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
+                       DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
                        pw_buf.smb_nt_passwd = NULL;
                        pw_buf.smb_passwd = NULL;
                        pw_buf.acct_ctrl |= ACB_DISABLED;
@@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
                        p += 33;
                }
 
-               DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n",
-                         user_name, uidval));
+               DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
+                         nt_name, uidval));
 
                if (*p == '[')
                {
@@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp)
                         * password file as 'normal accounts'. If this changes
                         * we will have to fix this code. JRA.
                         */
-                       if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$')        
+                       if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')  
                        {
                                pw_buf.acct_ctrl &= ~ACB_NORMAL;
                                pw_buf.acct_ctrl |= ACB_WSTRUST;
                        }
                }
 
-               pwfile = Get_Pwnam(pw_buf.smb_name, False);
-               if (pwfile == NULL)
-               {
-                       DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n"));
-                       DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name));
-                       return NULL;
-               }
-
                return &pw_buf;
        }
 
@@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp)
        return NULL;
 }
 
-/*************************************************************************
- Routine to return the next entry in the smbpasswd list.
- this function is a nice, messy combination of reading:
- - the smbpasswd file
- - the unix password database
- - smb.conf options (not done at present).
- *************************************************************************/
-
-static struct sam_passwd *getsmbfile21pwent(void *vp)
-{
-       struct smb_passwd *pw_buf = getsmbfilepwent(vp);
-       static struct sam_passwd user;
-       struct passwd *pwfile;
-#if ARGH
-       uint32 status = 0x0;
-#endif
-       static pstring full_name;
-       static pstring home_dir;
-       static pstring home_drive;
-       static pstring logon_script;
-       static pstring profile_path;
-       static pstring acct_desc;
-       static pstring workstations;
-       
-       DEBUG(5,("getsmbfile21pwent\n"));
-
-       if (pw_buf == NULL) return NULL;
-
-       pwdb_init_sam(&user);
-
-       pwfile = Get_Pwnam(pw_buf->smb_name, False);
-       if (pwfile == NULL)
-       {
-               DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
-               DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
-               return NULL;
-       }
-
-       pstrcpy(samlogon_user, pw_buf->smb_name);
-
-       if (samlogon_user[strlen(samlogon_user)-1] != '$')
-       {
-               /* XXXX hack to get standard_sub_basic() to use sam logon username */
-               /* possibly a better way would be to do a become_user() call */
-               sam_logon_in_ssb = True;
-
-               user.smb_userid    = pw_buf->smb_userid;
-               user.smb_grpid     = pwfile->pw_gid;
-
-#if ARGH
-               status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid);
-#else
-               user.user_rid  = pwdb_uid_to_user_rid (user.smb_userid);
-               user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid );
-#endif
-
-               pstrcpy(full_name    , pwfile->pw_gecos        );
-               pstrcpy(logon_script , lp_logon_script       ());
-               pstrcpy(profile_path , lp_logon_path         ());
-               pstrcpy(home_drive   , lp_logon_drive        ());
-               pstrcpy(home_dir     , lp_logon_home         ());
-               pstrcpy(acct_desc    , "");
-               pstrcpy(workstations , "");
-
-               sam_logon_in_ssb = False;
-       }
-       else
-       {
-               user.smb_userid    = pw_buf->smb_userid;
-               user.smb_grpid     = pwfile->pw_gid;
-
-               user.user_rid  = pwdb_uid_to_user_rid (user.smb_userid);
-               user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-
-               pstrcpy(full_name    , "");
-               pstrcpy(logon_script , "");
-               pstrcpy(profile_path , "");
-               pstrcpy(home_drive   , "");
-               pstrcpy(home_dir     , "");
-               pstrcpy(acct_desc    , "");
-               pstrcpy(workstations , "");
-       }
-
-#if ARGH
-       if (status != 0x0)
-       {
-               return NULL;
-       }
-#endif
-
-       user.smb_name     = pw_buf->smb_name;
-       user.full_name    = full_name;
-       user.home_dir     = home_dir;
-       user.dir_drive    = home_drive;
-       user.logon_script = logon_script;
-       user.profile_path = profile_path;
-       user.acct_desc    = acct_desc;
-       user.workstations = workstations;
-
-       user.unknown_str = NULL; /* don't know, yet! */
-       user.munged_dial = NULL; /* "munged" dial-back telephone number */
-
-       user.smb_nt_passwd = pw_buf->smb_nt_passwd;
-       user.smb_passwd    = pw_buf->smb_passwd;
-                       
-       user.acct_ctrl = pw_buf->acct_ctrl;
-
-       user.unknown_3 = 0xffffff; /* don't know */
-       user.logon_divs = 168; /* hours per week */
-       user.hours_len = 21; /* 21 times 8 bits = 168 */
-       memset(user.hours, 0xff, user.hours_len); /* available at all hours */
-       user.unknown_5 = 0x00020000; /* don't know */
-       user.unknown_5 = 0x000004ec; /* don't know */
-
-       return &user;
-}
-
 /************************************************************************
  Routine to add an entry to the smbpasswd file.
 *************************************************************************/
@@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
    */
 
   while ((pwd = getsmbfilepwent(fp)) != NULL) {
-    if (strequal(newpwd->smb_name, pwd->smb_name)) {
-      DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
+    if (strequal(newpwd->nt_name, pwd->nt_name)) {
+      DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
       endsmbfilepwent(fp);
       return False;
     }
@@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
 
   if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
     DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+  new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
 
   if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
     DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
+  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
   p = &new_entry[strlen(new_entry)];
 
   if(newpwd->smb_passwd != NULL) {
@@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
 
   if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
     DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
 
     /* Remove the entry we just wrote. */
     if(sys_ftruncate(fd, offpos) == -1) {
       DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
 Error was %s. Password file may be corrupt ! Please examine by hand !\n", 
-             newpwd->smb_name, strerror(errno)));
+             newpwd->nt_name, strerror(errno)));
     }
 
     endsmbfilepwent(fp);
@@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
 static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 {
   /* Static buffers we will return. */
-  static pstring  user_name;
+  static pstring  nt_name;
 
   char            linebuf[256];
   char            readbuf[1024];
@@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
      * As 256 is shorter than a pstring we don't need to check
      * length here - if this ever changes....
      */
-    strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
-    user_name[PTR_DIFF(p, linebuf)] = '\0';
-    if (strequal(user_name, pwd->smb_name)) {
+    strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
+    nt_name[PTR_DIFF(p, linebuf)] = '\0';
+    if (strequal(nt_name, pwd->nt_name)) {
       found_entry = True;
       break;
     }
@@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if (!override && (*p == '*' || *p == 'X')) {
     /* Password deliberately invalid - end here. */
-    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
+    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
     file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
@@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   return True;
 }
 
-/*
- * Stub functions - implemented in terms of others.
- */
-
-static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
-{
-       return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override);
-}
-
-static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
-{
-       return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd));
-}
-
-static struct sam_disp_info *getsmbfiledispnam(const char *name)
-{
-       return pwdb_sam_to_dispinfo(getsam21pwnam(name));
-}
-
-static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
-{
-       return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
-}
-
-static struct sam_disp_info *getsmbfiledispent(void *vp)
-{
-       return pwdb_sam_to_dispinfo(getsam21pwent(vp));
-}
-
-static struct passdb_ops file_ops = {
+static struct smb_passdb_ops file_ops = {
   startsmbfilepwent,
   endsmbfilepwent,
   getsmbfilepwpos,
   setsmbfilepwpos,
   iterate_getsmbpwnam,          /* In passdb.c */
   iterate_getsmbpwuid,          /* In passdb.c */
-  iterate_getsmbpwrid,          /* In passdb.c */
   getsmbfilepwent,
   add_smbfilepwd_entry,
-  mod_smbfilepwd_entry,
-  getsmbfile21pwent,
-  iterate_getsam21pwnam,
-  iterate_getsam21pwuid,
-  iterate_getsam21pwrid, 
-  add_smbfile21pwd_entry,
-  mod_smbfile21pwd_entry,
-  getsmbfiledispnam,
-  getsmbfiledisprid,
-  getsmbfiledispent
+  mod_smbfilepwd_entry
 };
 
-struct passdb_ops *file_initialise_password_db(void)
+struct smb_passdb_ops *file_initialise_password_db(void)
 {    
   return &file_ops;
 }
index 1a3c100fa56e38d96f133e51747a670f2d9b309f..843cf4a8156e37dd7c64839d900454a2272e2e40 100644 (file)
@@ -31,9 +31,11 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
 {
        struct smb_passwd new_smb_pwent;
 
+       pwdb_init_smb(&new_smb_pwent);
+
        /* Create a new smb passwd entry and set it to the given password. */
-       new_smb_pwent.smb_userid = uid;
-       new_smb_pwent.smb_name = user_name; 
+       new_smb_pwent.unix_uid = uid;
+       new_smb_pwent.nt_name = user_name; 
        new_smb_pwent.smb_passwd = NULL;
        new_smb_pwent.smb_nt_passwd = NULL;
        new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL);
index 3723f9cf57f3792c04d6c87a27988bbbba50c5a2..13963b8c0faed01f81998cdcbaa0fc71c92d21c1 100644 (file)
@@ -113,7 +113,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
                p = Atoic((char *) p, &uidval, ":");
 
                pw_buf.smb_name = user_name;
-               pw_buf.smb_userid = uidval;
+               pw_buf.unix_uid = uidval;
 
                /*
                 * Now get a list of alias RIDs
index d83196415cf2fba725699a2a4ba5b0cb86abef11..26c6d6ff1302317d7c24e9a3ee7cfc59af818cb2 100644 (file)
@@ -22,7 +22,7 @@
 #ifdef USE_SMBUNIX_DB
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_member_sid;
+extern DOM_SID global_sam_sid;
 
 /***************************************************************
  Start to enumerate the smbpasswd list. Returns a void pointer
@@ -31,7 +31,7 @@ extern DOM_SID global_member_sid;
 
 static void *startsmbunixgrpent(BOOL update)
 {
-       return startsmbfilepwent(False);
+       return startsmbpwent(False);
 }
 
 /***************************************************************
@@ -40,7 +40,7 @@ static void *startsmbunixgrpent(BOOL update)
 
 static void endsmbunixgrpent(void *vp)
 {
-       endsmbfilepwent(vp);
+       endsmbpwent(vp);
 }
 
 /*************************************************************************
@@ -50,7 +50,7 @@ static void endsmbunixgrpent(void *vp)
 
 static SMB_BIG_UINT getsmbunixgrppos(void *vp)
 {
-       return getsmbfilepwpos(vp);
+       return getsmbpwpos(vp);
 }
 
 /*************************************************************************
@@ -60,7 +60,7 @@ static SMB_BIG_UINT getsmbunixgrppos(void *vp)
 
 static BOOL setsmbunixgrppos(void *vp, SMB_BIG_UINT tok)
 {
-       return setsmbfilepwpos(vp, tok);
+       return setsmbpwpos(vp, tok);
 }
 
 /*************************************************************************
@@ -71,11 +71,12 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
                uint32 **als_rids, int *num_alss)
 {
        /* Static buffers we will return. */
-       struct smb_passwd *pw_buf;
-       struct passwd *pw;
+       struct sam_passwd *pw_buf;
+       fstring unix_name;
        int i;
        int unixgrps;
        gid_t *grps;
+       BOOL failed = False;
 
        if (vp == NULL)
        {
@@ -83,8 +84,15 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
                return NULL;
        }
 
-       pw_buf = getsmbfilepwent(vp);
+       pw_buf = getsam21pwent(vp);
        
+       if (pw_buf == NULL)
+       {
+               return NULL;
+       }
+
+       fstrcpy(unix_name, pw_buf->unix_name);
+
        if (grp_rids != NULL)
        {
                (*grp_rids) = NULL;
@@ -99,21 +107,14 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
        
        if (als_rids == NULL && grp_rids == NULL)
        {
-               return pw_buf;
+               return pwdb_sam_to_smb(pw_buf);
        }
 
        /*
         * find all unix groups
         */
 
-       pw = Get_Pwnam(pw_buf->smb_name, False);
-
-       if (pw == NULL)
-       {
-               return NULL;
-       }
-
-       if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+       if (get_unixgroups(unix_name, pw_buf->unix_uid, pw_buf->unix_gid, &unixgrps, &grps))
        {
                return NULL;
        }
@@ -122,10 +123,8 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
         * check each unix group for a mapping as an nt alias or an nt group
         */
 
-       for (i = 0; i < unixgrps; i++)
+       for (i = 0; i < unixgrps && !failed; i++)
        {
-               DOM_SID sid;
-               char *unix_grpname;
                uint32 rid;
 
                /*
@@ -134,101 +133,80 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
                 * (user or not our own domain will be an error).
                 */
 
-               unix_grpname = gidtoname(grps[i]);
-               if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+               DOM_NAME_MAP gmep;
+
+               if (!lookupsmbgrpgid(grps[i], &gmep))
                {
-                       /*
-                        * ok, the unix groupname is mapped to an alias.
-                        * check that it is in our domain.
-                        */
+                       continue;
+               }
 
-                       sid_split_rid(&sid, &rid);
-                       if (!sid_equal(&sid, &global_member_sid))
-                       {
-                               pstring sid_str;
-                               sid_to_string(sid_str, &sid);
-                               DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Alias RID (0x%x) in another domain (%s)\n",
-                                         pw_buf->smb_name, unix_grpname, rid, sid_str));
-                               continue;
-                       }
+               sid_split_rid(&gmep.sid, &rid);
+               if (!sid_equal(&global_sam_sid, &gmep.sid))
+               {
+                       continue;
+               }
 
-                       if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+               switch (gmep.type)
+               {
+                       case SID_NAME_ALIAS:
                        {
-                               return NULL;
+                               if (als_rids != NULL && add_num_to_list(als_rids, num_alss, rid) == NULL)
+                               {
+                                       failed = True;
+                               }
+                               break;
                        }
-               }
-               else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
-               {
-                       /*
-                        * ok, the unix groupname is mapped to a domain group.
-                        * check that it is in our domain.
-                        */
-
-                       sid_split_rid(&sid, &rid);
-                       if (!sid_equal(&sid, &global_member_sid))
+                       case SID_NAME_DOM_GRP:
+                       case SID_NAME_WKN_GRP:
                        {
-                               pstring sid_str;
-                               sid_to_string(sid_str, &sid);
-                               DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Group RID (0x%x) in another domain (%s)\n",
-                                         pw_buf->smb_name, unix_grpname, rid, sid_str));
-                               continue;
+                               if (grp_rids != NULL && add_num_to_list(grp_rids, num_grps, rid) == NULL)
+                               {
+                                       failed = True;
+                               }
+                               break;
                        }
-
-                       if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+                       default:
                        {
-                               return NULL;
+                               break;
                        }
                }
-               else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+       }
+
+       if (failed)
+       {
+               if (grp_rids != NULL && (*grp_rids) != NULL)
                {
-                       /*
-                        * server is a member of a domain or stand-alone.
-                        * name is not explicitly mapped
-                        * so we are responsible for it.
-                        * as a LOCAL group.
-                        */
-
-                       rid = pwdb_gid_to_alias_rid(grps[i]);
-                       if (add_num_to_list(als_rids, num_alss, rid) == NULL)
-                       {
-                               return NULL;
-                       }
+                       free(*grp_rids);
+                       (*num_grps) = 0;
                }
-               else if (lp_server_role() != ROLE_DOMAIN_NONE)
+
+               if (als_rids != NULL && (*als_rids) != NULL)
                {
-                       /*
-                        * server is a PDC or BDC.
-                        * name is explicitly mapped
-                        * so we are responsible for it.
-                        * as a DOMAIN group.
-                        */
-
-                       rid = pwdb_gid_to_group_rid(grps[i]);
-                       if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
-                       {
-                               return NULL;
-                       }
+                       free(*als_rids);
+                       (*num_alss) = 0;
                }
+
+               return NULL;
        }
 
-       return pw_buf;
+       return pwdb_sam_to_smb(pw_buf);
 }
 
-static struct passgrp_ops file_ops =
+static struct passgrp_ops smbunixgrp_ops =
 {
        startsmbunixgrpent,
        endsmbunixgrpent,
        getsmbunixgrppos,
        setsmbunixgrppos,
-       iterate_getsmbgrpnam,          /* In passgrp.c */
+       iterate_getsmbgrpntnam,          /* In passgrp.c */
        iterate_getsmbgrpuid,          /* In passgrp.c */
        iterate_getsmbgrprid,          /* In passgrp.c */
-       getsmbunixgrpent,
+       getsmbunixgrpent
 };
 
 struct passgrp_ops *unix_initialise_password_grp(void)
 {    
-  return &file_ops;
+  return &smbunixgrp_ops;
 }
 
 #else
index 3ce22fd854284f776e5d9556b0708663544f8a2f..c7a542577fc11c46e30e2afaa4609960083b12fd 100644 (file)
@@ -101,7 +101,7 @@ password equivalents, protected by the session key) is inherently insecure
 given the current design of the NT Domain system. JRA.
  ****************************************************************************/
 BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, 
-                              uint32 smb_userid_low, char *password,
+                              uint32 luid_low, char *password,
                               NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
 {
   uchar lm_owf_user_pwd[16];
@@ -129,7 +129,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
 
   /* Create the structure needed for SAM logon. */
   make_id_info1(&ctr->auth.id1, domain, 0, 
-                smb_userid_low, 0,
+                luid_low, 0,
                 username, cli->clnt_name_slash,
                 (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
 
@@ -154,7 +154,7 @@ password equivalents over the network. JRA.
 ****************************************************************************/
 
 BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, 
-                          uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
+                          uint32 luid_low, char lm_chal[8], char lm_chal_resp[24],
                           char nt_chal_resp[24],
                           NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
 {
@@ -165,7 +165,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
 
   /* Create the structure needed for SAM logon. */
   make_id_info2(&ctr->auth.id2, domain, 0, 
-                smb_userid_low, 0,
+                luid_low, 0,
                 username, cli->clnt_name_slash,
                 (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);
 
index 48dd90ffa952179bf167d22093f60d5ee38502ff..e8f1cac19b899384733be077a23fd55f023e385d 100644 (file)
@@ -309,7 +309,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
                                        fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
                                        fstrcpy(name    , unistr2(t_names.uni_name[i].buffer));
                                        
-                                       slprintf(full_name, sizeof(full_name), "\\%s\\%s",
+                                       slprintf(full_name, sizeof(full_name), "%s\\%s",
                                                 dom_name, name);
 
                                        (*names)[i] = strdup(full_name);
index 50e44f5138dc7283e319babb2ac8fed2e4b38038..c51fcd42e898e8b24ff83ea3db133422816355a6 100644 (file)
@@ -334,7 +334,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
                        for (i = 0; i < *num_sam_users; i++)
                        {
 
-                               (*sam)[i].smb_userid = r_e.sam[i].rid;
+                               (*sam)[i].user_rid = r_e.sam[i].rid;
                                if (r_e.sam[i].hdr_name.buffer)
                                {
                                        char *acct_name = unistrn2(r_e.uni_acct_name[name_idx].buffer,
@@ -347,7 +347,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
                                        bzero((*sam)[i].acct_name, sizeof((*sam)[i].acct_name));
                                }
                                DEBUG(5,("do_samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n",
-                                         i, (*sam)[i].smb_userid, (*sam)[i].acct_name));
+                                         i, (*sam)[i].user_rid, (*sam)[i].acct_name));
                        }
                        valid_pol = True;
                }
@@ -618,6 +618,67 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli,
        return valid_query;
 }
 
+/****************************************************************************
+do a SAMR Query User Aliases
+****************************************************************************/
+BOOL do_samr_query_useraliases(struct cli_state *cli, 
+                               POLICY_HND *pol, DOM_SID *sid,
+                               uint32 *num_aliases, uint32 *rid)
+{
+       prs_struct data;
+       prs_struct rdata;
+
+       SAMR_Q_QUERY_USERALIASES q_o;
+       BOOL valid_query = False;
+
+       /* create and send a MSRPC command with api SAMR_QUERY_USERALIASES */
+
+       prs_init(&data , 1024, 4, SAFETY_MARGIN, False);
+       prs_init(&rdata, 0   , 4, SAFETY_MARGIN, True );
+
+       DEBUG(4,("SAMR Query User Aliases.\n"));
+
+       if (pol == NULL || sid == NULL || rid == NULL || num_aliases == 0) return False;
+
+       /* store the parameters */
+       make_samr_q_query_useraliases(&q_o, pol, sid);
+
+       /* turn parameters into data stream */
+       samr_io_q_query_useraliases("", &q_o,  &data, 0);
+
+       /* send the data on \PIPE\ */
+       if (rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &data, &rdata))
+       {
+               SAMR_R_QUERY_USERALIASES r_o;
+               BOOL p;
+
+               /* get user info */
+               r_o.rid = rid;
+
+               samr_io_r_query_useraliases("", &r_o, &rdata, 0);
+               p = rdata.offset != 0;
+               
+               if (p && r_o.status != 0)
+               {
+                       /* report error code */
+                       DEBUG(0,("SAMR_R_QUERY_USERALIASES: %s\n", get_nt_error_msg(r_o.status)));
+                       p = False;
+               }
+
+               if (p && r_o.ptr != 0)
+               {
+                       valid_query = True;
+                       *num_aliases = r_o.num_entries;
+               }
+
+       }
+
+       prs_mem_free(&data   );
+       prs_mem_free(&rdata  );
+
+       return valid_query;
+}
+
 /****************************************************************************
 do a SAMR Query User Groups
 ****************************************************************************/
@@ -628,7 +689,7 @@ BOOL do_samr_query_usergroups(struct cli_state *cli,
        prs_struct rdata;
 
        SAMR_Q_QUERY_USERGROUPS q_o;
-    BOOL valid_query = False;
+       BOOL valid_query = False;
 
        /* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */
 
index ad268f60a47a4321005c4015ba96655d940d5f7e..e9423b3a51277108515c4fa919191ce2c88d9915 100644 (file)
@@ -145,60 +145,6 @@ void smb_io_dom_sid(char *desc,  DOM_SID *sid, prs_struct *ps, int depth)
        prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths);
 }
 
-/*******************************************************************
-creates a DOM_SID structure.
-
-BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 
-identauth >= 2^32 can be detected because it will be specified in hex
-
-********************************************************************/
-void make_dom_sid(DOM_SID *sid, char *str_sid)
-{
-       pstring domsid;
-       int identauth;
-       char *p;
-
-       if (sid == NULL) return;
-
-       if (domsid == NULL)
-       {
-               DEBUG(4,("netlogon domain SID: none\n"));
-               sid->sid_rev_num = 0;
-               sid->num_auths = 0;
-               return;
-       }
-               
-       pstrcpy(domsid, str_sid);
-
-       DEBUG(4,("make_dom_sid %d SID:  %s\n", __LINE__, domsid));
-
-       /* assume, but should check, that domsid starts "S-" */
-       p = strtok(domsid+2,"-");
-       sid->sid_rev_num = atoi(p);
-
-       /* identauth in decimal should be <  2^32 */
-       /* identauth in hex     should be >= 2^32 */
-       identauth = atoi(strtok(0,"-"));
-
-       DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
-       DEBUG(4,("netlogon %s ia %d\n", p, identauth));
-
-       sid->id_auth[0] = 0;
-       sid->id_auth[1] = 0;
-       sid->id_auth[2] = (identauth & 0xff000000) >> 24;
-       sid->id_auth[3] = (identauth & 0x00ff0000) >> 16;
-       sid->id_auth[4] = (identauth & 0x0000ff00) >> 8;
-       sid->id_auth[5] = (identauth & 0x000000ff);
-
-       sid->num_auths = 0;
-
-       while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS)
-       {
-               sid->sub_auths[sid->num_auths++] = atoi(p);
-       }
-
-       DEBUG(4,("make_dom_sid: %d SID:  %s\n", __LINE__, domsid));
-}
 /*******************************************************************
 creates a DOM_SID2 structure.
 ********************************************************************/
index da13e1033ba016a5b2a0ce78953ba4b6c95c1c86..af459d1fd65e78796e03826d7e55d73323672277 100644 (file)
@@ -1645,6 +1645,30 @@ void samr_io_r_query_aliasinfo(char *desc,  SAMR_R_QUERY_ALIASINFO *r_u, prs_str
        prs_uint32("status", ps, depth, &(r_u->status));
 }
 
+
+/*******************************************************************
+makes a SAMR_Q_QUERY_USERALIASES structure.
+********************************************************************/
+void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
+                               POLICY_HND *hnd,
+                               DOM_SID *sid)
+{
+       if (q_u == NULL || hnd == NULL) return;
+
+       DEBUG(5,("make_samr_q_query_useraliases\n"));
+
+       memcpy(&(q_u->pol), hnd, sizeof(q_u->pol));
+
+       q_u->num_sids1 = 1;
+       q_u->ptr = 0;
+       q_u->num_sids2 = 1;
+
+       {
+               q_u->ptr_sid[0] = 1;
+               make_dom_sid2(&q_u->sid[0], sid);
+       }
+}
+
 /*******************************************************************
 reads or writes a SAMR_Q_QUERY_USERALIASES structure.
 ********************************************************************/
@@ -1695,7 +1719,6 @@ makes a SAMR_R_QUERY_USERALIASES structure.
 void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
                uint32 num_rids, uint32 *rid, uint32 status)
 {
-       int i;
        if (r_u == NULL) return;
 
        DEBUG(5,("make_samr_r_query_useraliases\n"));
@@ -1706,12 +1729,7 @@ void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
                r_u->ptr = 1;
                r_u->num_entries2 = num_rids;
 
-               SMB_ASSERT_ARRAY(r_u->rid, num_rids);
-
-               for (i = 0; i < num_rids; i++)
-               {
-                       r_u->rid[i] = rid[i];
-               }
+               r_u->rid = rid;
        }
        else
        {
@@ -1743,8 +1761,6 @@ void samr_io_r_query_useraliases(char *desc,  SAMR_R_QUERY_USERALIASES *r_u, prs
 
        if (r_u->num_entries != 0)
        {
-               SMB_ASSERT_ARRAY(r_u->rid, r_u->num_entries2);
-
                for (i = 0; i < r_u->num_entries2; i++)
                {
                        slprintf(tmp, sizeof(tmp)-1, "rid[%02d]", i);
index 9981ce0371aa601b4434413fc6c0858bd898e1b3..fc73edc4edb7d97167c1f3de7eecab62a56dd872 100644 (file)
@@ -52,43 +52,9 @@ extern fstring global_sam_name;
 extern DOM_SID global_sam_sid;
 extern DOM_SID global_sid_S_1_5_20;
 
-/*
- * A list of the rids of well known BUILTIN and Domain users
- * and groups.
- */
-
-rid_name builtin_alias_rids[] =
-{  
-    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
-    { BUILTIN_ALIAS_RID_USERS        , "Users" },
-    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
-    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
-   
-    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
-    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
-    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
-    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
-    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
-{  
-    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
-    { DOMAIN_USER_RID_GUEST         , "Guest" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
-{  
-    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
-    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
-    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
-    { 0                             , NULL }
-};
-
+extern rid_name builtin_alias_rids[];
+extern rid_name domain_user_rids[];
+extern rid_name domain_group_rids[];
 
 int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
 {
@@ -117,13 +83,20 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
                char   *name = mem[count].name;
 
                become_root(True);
-               status = lookup_group_name(name, &sid, &type);
+               status = lookup_name(name, &sid, &type);
                unbecome_root(True);
 
-               sid_split_rid(&sid, &rid);
-
-               if (status == 0x0 && sid_equal(&sid, &global_sam_sid))
+               if (status == 0x0 && !sid_front_equal(&global_sam_sid, &sid))
+               {
+                       fstring sid_str;
+                       sid_to_string(sid_str, &sid);
+                       DEBUG(1,("make_dom_gids: unknown sid %s for groupname %s\n",
+                                 sid_str, name));
+               }
+               else if (status == 0x0)
                {
+                       sid_split_rid(&sid, &rid);
+
                        gids = (DOM_GID *)Realloc( gids, sizeof(DOM_GID) * (count+1) );
 
                        if (gids == NULL)
@@ -141,7 +114,7 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
                }
                else
                {
-                       DEBUG(1,("make_dom_gids: unknown group name %s\n", name));
+                       DEBUG(1,("make_dom_gids: unknown groupname %s\n", name));
                }
        }
 
@@ -428,7 +401,7 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type)
 
                if (disp_info != NULL)
                {
-                       fstrcpy(user_name, disp_info->smb_name);
+                       fstrcpy(user_name, disp_info->nt_name);
                        DEBUG(5,(" = %s\n", user_name));
                        return 0x0;
                }
@@ -442,14 +415,21 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type)
 /*******************************************************************
  lookup_group_rid
  ********************************************************************/
-uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type)
+uint32 lookup_added_group_name(const char *grp_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
 {
        DOMAIN_GRP *grp = NULL;
        (*type) = SID_NAME_DOM_GRP;
 
-       DEBUG(5,("lookup_group_name: name: %s", grp_name));
+       DEBUG(5,("lookup_added_group_name: name: %s", grp_name));
 
-       grp = getgroupnam(grp_name, NULL, NULL);
+       if (!strequal(domain, global_sam_name))
+       {
+               DEBUG(5,(" not our domain\n"));
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
+       grp = getgroupntnam(grp_name, NULL, NULL);
 
        if (grp != NULL)
        {
@@ -465,45 +445,23 @@ uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type)
 }
 
 /*******************************************************************
- lookup_wk_group_name
- ********************************************************************/
-uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type)
-{
-       char *grp_name;
-       int i = -1; /* start do loop at -1 */
-       uint32 rid;
-       (*type) = SID_NAME_WKN_GRP;
-
-       do /* find, if it exists, a group rid for the group name */
-       {
-               i++;
-               rid      = domain_group_rids[i].rid;
-               grp_name = domain_group_rids[i].name;
-
-               if (strequal(grp_name, group_name))
-               {
-                       sid_copy(sid, &global_sam_sid);
-                       sid_append_rid(sid, rid);
-
-                       return 0x0;
-               }
-                       
-       } while (grp_name != NULL);
-
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_name
+ lookup_added_alias_name
  ********************************************************************/
-uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type)
+uint32 lookup_added_alias_name(const char *als_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
 {
        LOCAL_GRP *als = NULL;
        (*type) = SID_NAME_ALIAS;
 
-       DEBUG(5,("lookup_alias_name: name: %s", als_name));
+       DEBUG(5,("lookup_added_alias_name: name: %s\%s", domain, als_name));
 
-       als = getaliasnam(als_name, NULL, NULL);
+       if (!strequal(domain, global_sam_name))
+       {
+               DEBUG(5,(" not our domain\n"));
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
+       als = getaliasntnam(als_name, NULL, NULL);
 
        if (als != NULL)
        {
@@ -518,40 +476,10 @@ uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type)
        return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
-/*******************************************************************
- lookup_wk_alias_name
- ********************************************************************/
-uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type)
-{
-       char *als_name;
-       int i = 0;
-       uint32 rid;
-       (*type) = SID_NAME_ALIAS;
-
-       do /* find, if it exists, a alias rid for the alias name*/
-       {
-               rid      = builtin_alias_rids[i].rid;
-               als_name = builtin_alias_rids[i].name;
-
-               i++;
-
-               if (strequal(als_name, alias_name))
-               {
-                       sid_copy(sid, &global_sid_S_1_5_20);
-                       sid_append_rid(sid, rid);
-
-                       return 0x0;
-               }
-                       
-       } while (als_name != NULL);
-
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
 /*******************************************************************
  lookup_added_user_rid
  ********************************************************************/
-uint32 lookup_added_user_rids(char *user_name,
+uint32 lookup_added_user_rids(char *nt_name,
                uint32 *usr_rid, uint32 *grp_rid)
 {
        struct sam_passwd *sam_pass;
@@ -560,7 +488,7 @@ uint32 lookup_added_user_rids(char *user_name,
 
        /* find the user account */
        become_root(True);
-       sam_pass = getsam21pwnam(user_name);
+       sam_pass = getsam21pwntnam(nt_name);
        unbecome_root(True);
 
        if (sam_pass != NULL)
@@ -576,14 +504,20 @@ uint32 lookup_added_user_rids(char *user_name,
 /*******************************************************************
  lookup_added_user_name
  ********************************************************************/
-uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type)
+static uint32 lookup_added_user_name(const char *nt_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
 {
        struct sam_passwd *sam_pass;
        (*type) = SID_NAME_USER;
 
+       if (!strequal(domain, global_sam_name))
+       {
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
        /* find the user account */
        become_root(True);
-       sam_pass = getsam21pwnam(user_name);
+       sam_pass = getsam21pwntnam(nt_name);
        unbecome_root(True);
 
        if (sam_pass != NULL)
@@ -597,67 +531,18 @@ uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type)
        return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
-/*******************************************************************
- lookup_wk_user_name
- ********************************************************************/
-uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type)
-{
-       char *usr_name;
-       int i = -1; /* start do loop at -1 */
-       (*type) = SID_NAME_USER;
-
-       do /* find, if it exists, a alias rid for the alias name*/
-       {
-               i++;
-               usr_name = domain_user_rids[i].name;
-
-       } while (usr_name != NULL && !strequal(usr_name, user_name));
-
-       if (usr_name != NULL)
-       {
-               sid_copy(sid, &global_sid_S_1_5_20);
-               sid_append_rid(sid, domain_user_rids[i].rid);
-               return 0;
-       }
-
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_added_grp_name
- ********************************************************************/
-uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type)
-{
-       uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
-       status = (status != 0x0) ? lookup_group_name(name, sid, type) : status;
-       status = (status != 0x0) ? lookup_alias_name(name, sid, type) : status;
-
-       return status;
-}
-
-/*******************************************************************
- lookup_builtin_grp_name
- ********************************************************************/
-uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type)
-{
-       uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
-       status = (status != 0x0) ? lookup_wk_group_name(name, sid, type) : status;
-       status = (status != 0x0) ? lookup_wk_alias_name(name, sid, type) : status;
-
-       return status;
-}
-
 /*******************************************************************
  lookup_grp_name
  ********************************************************************/
-uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type)
+static uint32 lookup_grp_name(const char *name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
 {
        uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
 
-       status = (status != 0x0) ? lookup_builtin_grp_name(name, sid, type) : status;
-       status = (status != 0x0) ? lookup_added_grp_name  (name, sid, type) : status;
+       status = (status != 0x0) ? lookup_wk_group_name     (name, domain, sid, type) : status;
+       status = (status != 0x0) ? lookup_builtin_alias_name(name, domain, sid, type) : status;
+       status = (status != 0x0) ? lookup_added_group_name  (name, domain, sid, type) : status;
+       status = (status != 0x0) ? lookup_added_alias_name  (name, domain, sid, type) : status;
 
        return status;
 }
@@ -665,12 +550,13 @@ uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type)
 /*******************************************************************
  lookup_user_name
  ********************************************************************/
-uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type)
+static uint32 lookup_user_name(const char *name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
 {
        uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
 
-       status = (status != 0x0) ? lookup_wk_user_name   (name, sid, type) : status;
-       status = (status != 0x0) ? lookup_added_user_name(name, sid, type) : status;
+       status = (status != 0x0) ? lookup_wk_user_name   (name, domain, sid, type) : status;
+       status = (status != 0x0) ? lookup_added_user_name(name, domain, sid, type) : status;
 
        return status;
 }
@@ -692,66 +578,12 @@ uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)
                return status;
        }
 
-       status = (status != 0x0) ? lookup_wk_alias_name(user, sid, type) : status;
-       status = (status != 0x0) ? lookup_alias_name   (user, sid, type) : status;
-       status = (status != 0x0) ? lookup_user_name    (name, sid, type) : status;
-       status = (status != 0x0) ? lookup_grp_name     (name, sid, type) : status;
+       status = (status != 0x0) ? lookup_user_name    (name, domain, sid, type) : status;
+       status = (status != 0x0) ? lookup_grp_name     (name, domain, sid, type) : status;
 #if 0
-       status = (status != 0x0) ? lookup_domain_name  (user, sid, type) : status;
+       status = (status != 0x0) ? lookup_domain_name  (domain, sid, type) : status;
 #endif
 
        return status;
 }
 
-/*******************************************************************
- lookup_user_rids
- ********************************************************************/
-uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid)
-{
-       uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-       uint8 type;
-       DOM_SID sid;
-
-       /*
-        * try an ordinary user lookup
-        */
-
-       status = lookup_added_user_rids(name, usr_rid, grp_rid);
-       if (status == 0)
-       {
-               return status;
-       }
-
-       /*
-        * hm.  must be a well-known user, in a well-known group.
-        */
-
-       status = lookup_wk_user_name(name, &sid, &type);
-       sid_split_rid(&sid, usr_rid);
-
-       if (status != 0 || type != SID_NAME_USER)
-       {
-               return status; /* ok, maybe not! */
-       }
-
-       if (type != SID_NAME_USER)
-       {
-               return 0xC0000000 | NT_STATUS_NONE_MAPPED; /* users only... */
-       }
-
-       /*
-        * ok, got the user rid: now try the group rid
-        */
-
-       status = lookup_builtin_grp_name(name, &sid, &type);
-       sid_split_rid(&sid, usr_rid);
-
-       if (type == SID_NAME_DOM_GRP ||
-           type == SID_NAME_ALIAS ||
-           type == SID_NAME_WKN_GRP)
-       {
-               status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-       }
-
-       return status;
-}
index 7fbd43c38ef67895f78550ea16649895dcc6aeb5..4f49735ca020facc666980d1541424220bbb5ecf 100644 (file)
 
 extern int DEBUGLEVEL;
 
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
 extern pstring global_myname;
 extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
 
 /*************************************************************************
  make_net_r_req_chal:
@@ -493,7 +492,7 @@ static void api_net_sam_logoff( uint16 vuid,
  net_login_interactive:
  *************************************************************************/
 static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
-                               struct smb_passwd *smb_pass,
+                               struct sam_passwd *smb_pass,
                                user_struct *vuser)
 {
        uint32 status = 0x0;
@@ -543,7 +542,7 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
  net_login_network:
  *************************************************************************/
 static uint32 net_login_network(NET_ID_INFO_2 *id2,
-                               struct smb_passwd *smb_pass,
+                               struct sam_passwd *smb_pass,
                                user_struct *vuser)
 {
        DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
@@ -598,7 +597,7 @@ static void api_net_sam_logon( uint16 vuid,
        NET_USER_INFO_3 usr_info;
        uint32 status = 0x0;
        DOM_CRED srv_cred;
-       struct smb_passwd *smb_pass = NULL;
+       struct sam_passwd *sam_pass = NULL;
        UNISTR2 *uni_samlogon_user = NULL;
        fstring nt_username;
 
@@ -632,14 +631,14 @@ static void api_net_sam_logon( uint16 vuid,
                        {
                                uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
 
-                               DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+                               DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", global_sam_name));
                                break;
                        }
                        case NET_LOGON_TYPE:
                        {
                                uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
 
-                               DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+                               DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", global_sam_name));
                                break;
                        }
                        default:
@@ -660,26 +659,16 @@ static void api_net_sam_logon( uint16 vuid,
 
                DEBUG(3,("User:[%s]\n", nt_username));
 
-               /*
-                * Convert to a UNIX username.
-                */
-               map_username(nt_username);
-
-               /*
-                * Do any case conversions.
-                */
-               (void)Get_Pwnam(nt_username, True);
-
                become_root(True);
-               smb_pass = getsmbpwnam(nt_username);
+               sam_pass = getsam21pwntnam(nt_username);
                unbecome_root(True);
 
-               if (smb_pass == NULL)
+               if (sam_pass == NULL)
                {
                        status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
                }
-               else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) &&
-                        IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))
+               else if (IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_DISABLED) &&
+                        IS_BITS_CLR_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ))
                {
                        status =  0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
                }
@@ -687,20 +676,20 @@ static void api_net_sam_logon( uint16 vuid,
 
        /* validate password - if required */
 
-       if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)))
+       if (status == 0 && !(IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ)))
        {
                switch (q_l.sam_id.logon_level)
                {
                        case INTERACTIVE_LOGON_TYPE:
                        {
                                /* interactive login. */
-                               status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+                               status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, sam_pass, vuser);
                                break;
                        }
                        case NET_LOGON_TYPE:
                        {
                                /* network login.  lm challenge and 24 byte responses */
-                               status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+                               status = net_login_network(&q_l.sam_id.ctr->auth.id2, sam_pass, vuser);
                                break;
                        }
                }
@@ -715,88 +704,60 @@ static void api_net_sam_logon( uint16 vuid,
 
        if (status == 0)
        {
-               DOM_GID *gids = NULL;
                int num_gids = 0;
-               NTTIME dummy_time;
-               pstring logon_script;
-               pstring profile_path;
-               pstring home_dir;
-               pstring home_drive;
-               pstring my_name;
-               pstring my_workgroup;
                DOMAIN_GRP *grp_mem;
-               uint32 r_uid;
-               uint32 r_gid;
 
                /* set up pointer indicating user/password failed to be found */
                usr_info.ptr_user_info = 0;
 
-               dummy_time.low  = 0xffffffff;
-               dummy_time.high = 0x7fffffff;
-
-               /* XXXX hack to get standard_sub_basic() to use sam logon username */
-               /* possibly a better way would be to do a become_user() call */
-               sam_logon_in_ssb = True;
-               pstrcpy(samlogon_user, nt_username);
-
-               pstrcpy(logon_script, lp_logon_script());
-               pstrcpy(profile_path, lp_logon_path());
-
-               pstrcpy(my_workgroup, lp_workgroup());
-
-               pstrcpy(home_drive, lp_logon_drive());
-               pstrcpy(home_dir, lp_logon_home());
-               pstrcpy(my_name, global_myname);
-               strupper(my_name);
-
-               status = lookup_user_rids(nt_username, &r_uid, &r_gid);
-               status = getusergroupsnam(nt_username, &grp_mem, &num_gids) ? 0 : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
-
-               sam_logon_in_ssb = False;
+               if (!getusergroupsntnam(nt_username, &grp_mem, &num_gids))
+               {
+                       status = 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
+               }
 
                if (status == 0x0)
                {
-                       gids = NULL;
+                       DOM_GID *gids = NULL;
                        num_gids = make_dom_gids(grp_mem, num_gids, &gids);
 
                        make_net_user_info3(&usr_info,
-                               &dummy_time, /* logon_time */
-                               &dummy_time, /* logoff_time */
-                               &dummy_time, /* kickoff_time */
-                               &dummy_time, /* pass_last_set_time */
-                               &dummy_time, /* pass_can_change_time */
-                               &dummy_time, /* pass_must_change_time */
-
-                               nt_username   , /* user_name */
-                               vuser->real_name, /* full_name */
-                               logon_script    , /* logon_script */
-                               profile_path    , /* profile_path */
-                               home_dir        , /* home_dir */
-                               home_drive      , /* dir_drive */
+                               &sam_pass->logon_time,
+                               &sam_pass->logoff_time,
+                               &sam_pass->kickoff_time,
+                               &sam_pass->pass_last_set_time,
+                               &sam_pass->pass_can_change_time,
+                               &sam_pass->pass_must_change_time,
+
+                               sam_pass->nt_name         , /* user_name */
+                               sam_pass->full_name       , /* full_name */
+                               sam_pass->logon_script    , /* logon_script */
+                               sam_pass->profile_path    , /* profile_path */
+                               sam_pass->home_dir        , /* home_dir */
+                               sam_pass->dir_drive       , /* dir_drive */
 
                                0, /* logon_count */
                                0, /* bad_pw_count */
 
-                               r_uid   , /* RID user_id */
-                               r_gid   , /* RID group_id */
+                               sam_pass->user_rid   , /* RID user_id */
+                               sam_pass->group_rid  , /* RID group_id */
                                num_gids,    /* uint32 num_groups */
                                gids    , /* DOM_GID *gids */
                                0x20    , /* uint32 user_flgs (?) */
 
                                NULL, /* char sess_key[16] */
 
-                               my_name     , /* char *logon_srv */
-                               my_workgroup, /* char *logon_dom */
-
-                               &global_sam_sid,     /* DOM_SID *dom_sid */
+                               global_myname  , /* char *logon_srv */
+                               global_sam_name, /* char *logon_dom */
+                               &global_sam_sid, /* DOM_SID *dom_sid */
                                NULL); /* char *other_sids */
-               }
 
-               /* Free any allocated groups array. */
-               if (gids)
-               {
-                       free((char *)gids);
+                       /* Free any allocated groups array. */
+                       if (gids)
+                       {
+                               free((char *)gids);
+                       }
                }
+
        }
 
        net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
index ff782a72486a884929b8a5105f49246dd3fd2c5a..fb613c3c51e2ce71373bc8cccd72611215008ce0 100644 (file)
@@ -28,8 +28,6 @@
 
 extern int DEBUGLEVEL;
 
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
 extern fstring global_sam_name;
 extern pstring global_myname;
 extern DOM_SID global_sam_sid;
@@ -79,8 +77,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
                        continue;
                }
 
-               user_name_len = strlen(pwd->smb_name);
-               make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
+               user_name_len = strlen(pwd->nt_name);
+               make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
                make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, 
                               user_name_len, 1);
                pw_buf[(*num_entries)].user_rid = pwd->user_rid;
@@ -95,7 +93,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
                pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
 
                DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
-                         (*num_entries), pwd->smb_name,
+                         (*num_entries), pwd->nt_name,
                          pwd->user_rid, pwd->acct_ctrl));
 
                if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
@@ -401,7 +399,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
        SAMR_R_ENUM_DOM_GROUPS r_e;
        DOMAIN_GRP *grps = NULL;
        int num_entries = 0;
-       BOOL got_grps;
+       BOOL got_grps = False;
        DOM_SID sid;
        fstring sid_str;
 
@@ -418,39 +416,29 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
 
        DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
 
-       /* well-known groups */
-       if (sid_equal(&sid, &global_sid_S_1_5_20))
+       if (sid_equal(&sid, &global_sam_sid))
        {
-               char *name;
+               BOOL ret;
                got_grps = True;
 
-               while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
-               {
-                       DOMAIN_GRP tmp_grp;
-
-                       fstrcpy(tmp_grp.name   , name);
-                       fstrcpy(tmp_grp.comment, "");
-                       tmp_grp.rid = domain_group_rids[num_entries].rid;
-                       tmp_grp.attr = 0x7;
+               become_root(True);
+               ret = enumdomgroups(&grps, &num_entries);
+               unbecome_root(True);
 
-                       if (!add_domain_group(&grps, &num_entries, &tmp_grp))
-                       {
-                               r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
-                               break;
-                       }
+               if (!ret)
+               {
+                       r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
                }
        }
-       else if (sid_equal(&sid, &global_sam_sid))
+
+       if (r_e.status == 0x0 &&
+           (sid_equal(&sid, &global_sam_sid) ||
+            sid_equal(&sid, &global_sid_S_1_5_20)))
        {
-               BOOL ret;
                char *name;
                int i = 0;
                got_grps = True;
 
-               become_root(True);
-               ret = enumdomgroups(&grps, &num_entries);
-               unbecome_root(True);
-
                while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL))
                {
                        DOMAIN_GRP tmp_grp;
@@ -468,11 +456,6 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
 
                        i++;
                }
-
-               if (!ret)
-               {
-                       r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
-               }
        }
 
        if (r_e.status == 0 && got_grps)
@@ -747,10 +730,10 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct
 static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
                                prs_struct *rdata)
 {
-       uint32 rid[MAX_SAM_ENTRIES];
-       uint32 status     = 0;
+       uint32 status = 0;
+
+       uint32 *rid = NULL;
        int num_rids = 0;
-       int i;
        struct sam_passwd *sam_pass;
        DOM_SID usr_sid;
        DOM_SID dom_sid;
@@ -774,12 +757,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
                sid_to_string(sam_sid_str, &global_sam_sid);
        }
 
-       if (num_rids > MAX_SAM_ENTRIES)
-       {
-               num_rids = MAX_SAM_ENTRIES;
-               DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids));
-       }
-
        if (status == 0x0)
        {
                usr_sid = q_u->sid[0].sid;
@@ -811,17 +788,18 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
                else if (sid_equal(&dom_sid, &usr_sid))
                {
                        LOCAL_GRP *mem_grp = NULL;
+                       num_rids = 0;
 
                        DEBUG(10,("lookup on Domain SID\n"));
 
                        become_root(True);
-                       getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids);
+                       getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
                        unbecome_root(True);
 
-                       num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
-
-                       if (mem_grp != NULL)
+                       rid = malloc(num_rids * sizeof(uint32));
+                       if (mem_grp != NULL && rid != NULL)
                        {
+                               int i;
                                for (i = 0; i < num_rids; i++)
                                {
                                        rid[i] = mem_grp[i].rid;
@@ -840,6 +818,11 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
        /* store the response in the SMB stream */
        samr_io_r_query_useraliases("", &r_u, rdata, 0);
 
+       if (rid != NULL)
+       {
+               free(rid);
+       }
+
        DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
 
 }
@@ -1150,27 +1133,21 @@ static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata
  *************************************************************************/
 static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
 {
-       struct smb_passwd *smb_pass;
-
-       if (!pwdb_rid_is_user(user_rid))
-       {
-               DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
-               return False;
-       }
+       struct sam_passwd *sam_pass;
 
        become_root(True);
-       smb_pass = getsmbpwrid(user_rid);
+       sam_pass = getsam21pwrid(user_rid);
        unbecome_root(True);
 
-       if (smb_pass == NULL)
+       if (sam_pass == NULL)
        {
                DEBUG(4,("User 0x%x not found\n", user_rid));
                return False;
        }
 
-       DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
+       DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
 
-       make_sam_user_info10(id10, smb_pass->acct_ctrl); 
+       make_sam_user_info10(id10, sam_pass->acct_ctrl); 
 
        return True;
 }
@@ -1180,17 +1157,10 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
  *************************************************************************/
 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 {
-       NTTIME dummy_time;
        struct sam_passwd *sam_pass;
        LOGON_HRS hrs;
        int i;
 
-       if (!pwdb_rid_is_user(user_rid))
-       {
-               DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
-               return False;
-       }
-
        become_root(True);
        sam_pass = getsam21pwrid(user_rid);
        unbecome_root(True);
@@ -1201,12 +1171,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
                return False;
        }
 
-       DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
-
-       dummy_time.low  = 0xffffffff;
-       dummy_time.high = 0x7fffffff;
-
-       DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
+       DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
 
        /* create a LOGON_HRS structure */
        hrs.len = sam_pass->hours_len;
@@ -1218,14 +1183,14 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 
        make_sam_user_info21(id21,
 
-                          &dummy_time, /* logon_time */
-                          &dummy_time, /* logoff_time */
-                          &dummy_time, /* kickoff_time */
-                          &dummy_time, /* pass_last_set_time */
-                          &dummy_time, /* pass_can_change_time */
-                          &dummy_time, /* pass_must_change_time */
+                          &sam_pass->logon_time,
+                          &sam_pass->logoff_time,
+                          &sam_pass->kickoff_time,
+                          &sam_pass->pass_last_set_time,
+                          &sam_pass->pass_can_change_time,
+                          &sam_pass->pass_must_change_time,
 
-                          sam_pass->smb_name, /* user_name */
+                          sam_pass->nt_name, /* user_name */
                           sam_pass->full_name, /* full_name */
                           sam_pass->home_dir, /* home_dir */
                           sam_pass->dir_drive, /* dir_drive */
@@ -1238,13 +1203,13 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 
                           sam_pass->user_rid, /* RID user_id */
                           sam_pass->group_rid, /* RID group_id */
-                      sam_pass->acct_ctrl,
+                          sam_pass->acct_ctrl,
 
-                  sam_pass->unknown_3, /* unknown_3 */
-                      sam_pass->logon_divs, /* divisions per week */
-                          &hrs, /* logon hours */
-                      sam_pass->unknown_5,
-                      sam_pass->unknown_6);
+                          sam_pass->unknown_3, /* unknown_3 */
+                          sam_pass->logon_divs, /* divisions per week */
+                          &hrs, /* logon hours */
+                          sam_pass->unknown_5,
+                          sam_pass->unknown_6);
 
        return True;
 }
@@ -1393,7 +1358,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
                DOMAIN_GRP *mem_grp = NULL;
 
                become_root(True);
-               getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
+               getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
                unbecome_root(True);
 
                 gids = NULL;
@@ -1559,7 +1524,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat
                                    q_u.uni_mach_acct.uni_str_len));
 
        become_root(True);
-       sam_pass = getsam21pwnam(mach_acct);
+       sam_pass = getsam21pwntnam(mach_acct);
        unbecome_root(True);
 
        if (sam_pass != NULL)
index 4a907fa3441d804f6c627b41ca9df2dac69141cc..83d2e40af421e41e88a33d1373be95b9e739905e 100644 (file)
@@ -252,7 +252,7 @@ void cmd_lsa_lookup_sids(struct client_info *info)
                        fstrcat(sid_name, "-");
                        fstrcat(sid_name, temp);
                }
-               make_dom_sid(&sid[num_sids], sid_name);
+               string_to_sid(&sid[num_sids], sid_name);
                sids[num_sids] = &sid[num_sids];
                num_sids++;
        }
index eeb34c8f887bcd0e71ff0c6df723b1e1aa256052..7a65fc5c37a240f37dd6d4bd7a099aaf60429684 100644 (file)
@@ -185,39 +185,39 @@ void cmd_sam_enum_users(struct client_info *info)
        BOOL res = True;
        BOOL request_user_info  = False;
        BOOL request_group_info = False;
+       BOOL request_alias_info = False;
        uint16 num_entries = 0;
        uint16 unk_0 = 0x0;
        uint16 acb_mask = 0;
        uint16 unk_1 = 0x0;
        uint32 admin_rid = 0x304; /* absolutely no idea. */
        fstring tmp;
+       int i;
 
-       sid_to_string(sid, &info->dom.level5_sid);
+       sid_copy(&sid1, &info->dom.level5_sid);
+       sid_to_string(sid, &sid1);
        fstrcpy(domain, info->dom.level5_dom);
 
-       if (strlen(sid) == 0)
+       if (sid1.num_auths == 0)
        {
                fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
                return;
        }
 
-       make_dom_sid(&sid1, sid);
 
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
        strupper(srv_name);
 
-       /* a bad way to do token parsing... */
-       if (next_token(NULL, tmp, NULL, sizeof(tmp)))
+       for (i = 0; i < 3; i++)
        {
-               request_user_info  |= strequal(tmp, "-u");
-               request_group_info |= strequal(tmp, "-g");
-       }
-
-       if (next_token(NULL, tmp, NULL, sizeof(tmp)))
-       {
-               request_user_info  |= strequal(tmp, "-u");
-               request_group_info |= strequal(tmp, "-g");
+               /* a bad way to do token parsing... */
+               if (next_token(NULL, tmp, NULL, sizeof(tmp)))
+               {
+                       request_user_info  |= strequal(tmp, "-u");
+                       request_group_info |= strequal(tmp, "-g");
+                       request_alias_info |= strequal(tmp, "-a");
+               }
        }
 
 #ifdef DEBUG_TESTING
@@ -275,14 +275,14 @@ void cmd_sam_enum_users(struct client_info *info)
                fprintf(out_hnd, "No users\n");
        }
 
-       if (request_user_info || request_group_info)
+       if (request_user_info || request_group_info || request_alias_info)
        {
                /* query all the users */
                user_idx = 0;
 
                while (res && user_idx < info->dom.num_sam_entries)
                {
-                       uint32 user_rid = info->dom.sam[user_idx].smb_userid;
+                       uint32 user_rid = info->dom.sam[user_idx].user_rid;
                        SAM_USER_INFO_21 usr;
 
                        fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
@@ -318,6 +318,26 @@ void cmd_sam_enum_users(struct client_info *info)
                                }
                        }
 
+                       if (request_alias_info)
+                       {
+                               uint32 num_aliases;
+                               uint32 rid[LSA_MAX_GROUPS];
+                               DOM_SID als_sid;
+
+                               sid_copy(&als_sid, &sid1);
+                               sid_append_rid(&als_sid, user_rid);
+
+                               /* send user alias query */
+                               if (do_samr_query_useraliases(smb_cli,
+                                                       &info->dom.samr_pol_open_domain,
+                                                       &als_sid, &num_aliases, rid))
+                               {
+                                       display_alias_rid_info(out_hnd, ACTION_HEADER   , &als_sid, num_aliases, rid);
+                                       display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid);
+                                       display_alias_rid_info(out_hnd, ACTION_FOOTER   , &als_sid, num_aliases, rid);
+                               }
+                       }
+
                        user_idx++;
                }
        }
@@ -375,7 +395,7 @@ void cmd_sam_query_user(struct client_info *info)
                return;
        }
 
-       make_dom_sid(&sid1, sid);
+       string_to_sid(&sid1, sid);
 
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
@@ -466,7 +486,7 @@ void cmd_sam_query_groups(struct client_info *info)
                return;
        }
 
-       make_dom_sid(&sid1, sid);
+       string_to_sid(&sid1, sid);
 
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
@@ -549,7 +569,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
                return;
        }
 
-       make_dom_sid(&sid1, sid);
+       string_to_sid(&sid1, sid);
 
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
@@ -585,7 +605,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
                    &info->dom.samr_pol_connect, admin_rid, &sid1,
                    &info->dom.samr_pol_open_domain) : False;
 
-       /* send a query on the aliase */
+       /* send a query on the aliases */
        res = res ? do_samr_query_unknown_12(smb_cli,
                    &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
                    &num_aliases, alias_names, num_als_usrs) : False;
@@ -617,7 +637,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
 
                while (res && user_idx < info->dom.num_sam_entries)
                {
-                       uint32 user_rid = info->dom.sam[user_idx].smb_userid;
+                       uint32 user_rid = info->dom.sam[user_idx].user_rid;
                        SAM_USER_INFO_21 usr;
 
                        fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
index a2248920cdcd19253c6d7e758ea3d08a39fae529..5f63b02c764ebe24ba80da2f71c8d6f4a8908e82 100644 (file)
@@ -866,6 +866,50 @@ void display_name(FILE *out_hnd, enum action_type action,
 }
 
 
+/****************************************************************************
+ display alias rid info
+ ****************************************************************************/
+void display_alias_rid_info(FILE *out_hnd, enum action_type action,
+                               DOM_SID *sid,
+                               uint32 num_rids, uint32 *rid)
+{
+       switch (action)
+       {
+               case ACTION_HEADER:
+               {
+                       fstring sid_str;
+                       sid_to_string(sid_str, sid);
+                       if (num_rids == 0)
+                       {
+                               fprintf(out_hnd, "\tNo Aliases: Sid %s\n", sid_str);
+                       }
+                       else
+                       {
+                               fprintf(out_hnd, "\tAlias Info: Sid %s\n", sid_str);
+                               fprintf(out_hnd, "\t----------\n");
+                       }
+                       break;
+               }
+               case ACTION_ENUMERATE:
+               {
+                       int i;
+
+                       for (i = 0; i < num_rids; i++)
+                       {
+                               fprintf(out_hnd, "\tAlias RID: %8x\n", rid[i]);
+                       }
+
+                       break;
+               }
+               case ACTION_FOOTER:
+               {
+                       fprintf(out_hnd, "\n");
+                       break;
+               }
+       }
+}
+
+
 /****************************************************************************
  display group rid info
  ****************************************************************************/
index 30b9b3fed60aac3ddc2f67748295436ca502e7ae..9791d3a38ee8f9a4c9dd16023413128db67e109e 100644 (file)
@@ -529,7 +529,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, uchar *pass1, uchar *pass2
 
   if (smbpw->acct_ctrl & ACB_DISABLED)
   {
-    DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name));
+    DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->unix_name));
     return False;
   }
 
index 8b73ff4518d8e6c4a8e0bf479c817b8a2189b333..ed47e6d3e51133c06f84508fdd686455b1bea153 100644 (file)
@@ -391,11 +391,11 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
        if (!lm_pass || !smb_pass) return(False);
 
        DEBUG(4,("Checking SMB password for user %s\n", 
-                smb_pass->smb_name));
+                smb_pass->unix_name));
 
        if(smb_pass->acct_ctrl & ACB_DISABLED) {
                DEBUG(3,("account for user %s was disabled.\n", 
-                        smb_pass->smb_name));
+                        smb_pass->unix_name));
                return(False);
        }
 
@@ -436,7 +436,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
        if((smb_pass->smb_passwd == NULL) && 
           (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
                DEBUG(4,("no password required for user %s\n",
-                        smb_pass->smb_name));
+                        smb_pass->unix_name));
                return True;
        }
 
@@ -502,7 +502,7 @@ BOOL pass_check_smb(char *user, char *domain,
         }
 
        /* Ensure the uid's match */
-       if (smb_pass->smb_userid != pass->pw_uid)
+       if (smb_pass->unix_uid != pass->pw_uid)
        {
                DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
                return(False);
@@ -510,7 +510,7 @@ BOOL pass_check_smb(char *user, char *domain,
 
        if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
        {
-               DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name));
+               DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->unix_name));
                return(True);
        }
 
@@ -587,7 +587,7 @@ validate a group username entry. Return the username or NULL
 ****************************************************************************/
 static char *validate_group(char *group,char *password,int pwlen,int snum)
 {
-#ifdef HAVE_NETGROUP
+#if defined(HAVE_NETGROUP) && defined(HAVE_GETNETGRENT) && defined(HAVE_SETNETGRENT) && defined(HAVE_ENDNETGRENT)
   {
     char *host, *user, *domain;
     setnetgrent(group);
index d0178508d99f58e05c78966d926bded60c8430cf..3a32e1871f2ed6dfb899d0662012352190084832 100644 (file)
@@ -651,15 +651,28 @@ static void usage(char *pname)
 
        codepage_initialise(lp_client_code_page());
 
-       fstrcpy(global_myworkgroup, lp_workgroup());
+       if (!pwdb_initialise())
+       {
+               exit(1);
+       }
 
-       get_sam_domain_name();
+       if(!initialise_sam_password_db())
+       {
+               exit(1);
+       }
 
-       generate_wellknown_sids();
+       if(!initialise_passgrp_db())
+       {
+               exit(1);
+       }
 
-       if (!generate_sam_sid())
+       if(!initialise_group_db())
+       {
+               exit(1);
+       }
+
+       if(!initialise_alias_db())
        {
-               DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
                exit(1);
        }
 
@@ -700,7 +713,7 @@ static void usage(char *pname)
                become_daemon();
        }
 
-    check_kernel_oplocks();
+       check_kernel_oplocks();
 
        if (!directory_exist(lp_lockdir(), NULL)) {
                mkdir(lp_lockdir(), 0755);
@@ -716,18 +729,6 @@ static void usage(char *pname)
        if (!locking_init(0))
                exit(1);
 
-       if(!initialise_passgrp_db())
-               exit(1);
-
-       if(!initialise_password_db())
-               exit(1);
-
-       if(!initialise_group_db())
-               exit(1);
-
-       if(!initialise_alias_db())
-               exit(1);
-
        /* possibly reload the services file. */
        reload_services(True);
        
index 95b2ac4b64260c9610ab563fb8e363ee1ff05cfb..3dd10d49253ecddd59e6f28d4cbeae7df707ed11 100644 (file)
@@ -146,7 +146,8 @@ static void smbw_printjob_add(struct print_job_info *job)
        finfo.mtime = job->t;
        finfo.atime = job->t;
        finfo.ctime = job->t;
-       finfo.uid = nametouid(job->user);
+       finfo.uid   = (uid_t)-1;
+       nametouid(job->user, finfo.uid);
        finfo.mode = aRONLY;
        finfo.size = job->size;
 
index 519ca5a33d5847c8a4c0fc3ac3debb4faad4daaf..92ec9ae5a850ab5891aba6a1b2fde1d3e78d5875 100644 (file)
@@ -548,7 +548,8 @@ int main(int argc, char **argv)
        
        charset_initialise();
        
-       if(!initialise_password_db()) {
+       if(!pwdb_initialise())
+       {
                fprintf(stderr, "Can't setup password database vectors.\n");
                exit(1);
        }
index e29e72862966b2c1cae902947b4bd106ad3ab818..c4baa70e0b8748ae6746a04b794eb6ab25bacdf0 100644 (file)
@@ -600,7 +600,8 @@ static BOOL change_password(const char *remote_machine, char *user_name,
                return ret;
        }
 
-       if(!initialise_password_db()) {
+       if (!pwdb_initialise())
+       {
                printf("Can't setup password database vectors.\n<p>");
                return False;
        }