"retired" two modules to preserve their cvs history.
authorLuke Leighton <lkcl@samba.org>
Sun, 29 Nov 1998 20:06:52 +0000 (20:06 +0000)
committerLuke Leighton <lkcl@samba.org>
Sun, 29 Nov 1998 20:06:52 +0000 (20:06 +0000)
added their replacements, added sam password database API modules
(This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)

source3/lib/domain_namemap.c [new file with mode: 0644]
source3/lib/sids.c [new file with mode: 0644]
source3/lib/util_pwdb.c [new file with mode: 0644]
source3/passdb/sampass.c [new file with mode: 0644]
source3/passdb/sampassdb.c [new file with mode: 0644]
source3/rpc_server/srv_sid.c
source3/smbd/groupname.c

diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c
new file mode 100644 (file)
index 0000000..3de5b60
--- /dev/null
@@ -0,0 +1,1186 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   Groupname handling
+   Copyright (C) Jeremy Allison 1998.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* 
+ * UNIX gid and Local or Domain SID resolution.  This module resolves
+ * only those entries in the map files, it is *NOT* responsible for
+ * resolving UNIX groups not listed: that is an entirely different
+ * matter, altogether...
+ */
+
+/*
+ *
+ *
+
+ format of the file is:
+
+ unixname      NT Group name
+ unixname      Domain Admins (well-known Domain Group)
+ unixname      DOMAIN_NAME\NT Group name
+ unixname      OTHER_DOMAIN_NAME\NT Group name
+ unixname      DOMAIN_NAME\Domain Admins (well-known Domain Group)
+ ....
+
+ if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
+
+ *
+ *
+ */
+
+
+#include "includes.h"
+extern int DEBUGLEVEL;
+
+extern fstring global_sam_name;
+extern DOM_SID global_sam_sid;
+extern DOM_SID global_sid_S_1_5_20;
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
+{
+       return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
+}
+
+/*******************************************************************
+ converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
+{
+       return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
+}
+
+/*******************************************************************
+ converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
+{
+       return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
+}
+
+/*******************************************************************
+ converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_gid_to_group_rid(uint32 gid)
+{
+       uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
+       return grp_rid;
+}
+
+/******************************************************************
+ converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_gid_to_alias_rid(uint32 gid)
+{
+       uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
+       return alias_rid;
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_uid_to_user_rid(uint32 uid)
+{
+       uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
+       return user_rid;
+}
+
+/******************************************************************
+ converts SID + SID_NAME_USE type to a UNIX id.  the Domain SID is,
+ and can only be, our own SID.
+ ********************************************************************/
+static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
+{
+       DOM_SID tmp_sid;
+       uint32 rid;
+
+       sid_copy(&tmp_sid, sid);
+       sid_split_rid(&tmp_sid, &rid);
+       if (!sid_equal(&global_sam_sid, &tmp_sid))
+       {
+               return False;
+       }
+
+       switch (type)
+       {
+               case SID_NAME_USER:
+               {
+                       *id = pwdb_user_rid_to_uid(rid);
+                       return True;
+               }
+               case SID_NAME_ALIAS:
+               {
+                       *id = pwdb_alias_rid_to_gid(rid);
+                       return True;
+               }
+               case SID_NAME_DOM_GRP:
+               case SID_NAME_WKN_GRP:
+               {
+                       *id = pwdb_group_rid_to_gid(rid);
+                       return True;
+               }
+       }
+       return False;
+}
+
+/******************************************************************
+ converts UNIX gid + SID_NAME_USE type to a SID.  the Domain SID is,
+ and can only be, our own SID.
+ ********************************************************************/
+static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
+{
+       sid_copy(sid, &global_sam_sid);
+       switch (type)
+       {
+               case SID_NAME_USER:
+               {
+                       sid_append_rid(sid, pwdb_uid_to_user_rid(id));
+                       return True;
+               }
+               case SID_NAME_ALIAS:
+               {
+                       sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
+                       return True;
+               }
+               case SID_NAME_DOM_GRP:
+               case SID_NAME_WKN_GRP:
+               {
+                       sid_append_rid(sid, pwdb_gid_to_group_rid(id));
+                       return True;
+               }
+       }
+       return False;
+}
+
+/*******************************************************************
+ Decides if a RID is a well known RID.
+ ********************************************************************/
+static BOOL pwdb_rid_is_well_known(uint32 rid)
+{
+       return (rid < 1000);
+}
+
+/*******************************************************************
+ determines a rid's type.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_rid_type(uint32 rid)
+{
+       /* lkcl i understand that NT attaches an enumeration to a RID
+        * such that it can be identified as either a user, group etc
+        * type: SID_ENUM_TYPE.
+        */
+       if (pwdb_rid_is_well_known(rid))
+       {
+               /*
+                * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+                * and DOMAIN_USER_RID_GUEST.
+                */
+               if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+               {
+                       return RID_TYPE_USER;
+               }
+               if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
+               {
+                       return RID_TYPE_GROUP;
+               }
+               if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
+               {
+                       return RID_TYPE_ALIAS;
+               }
+       }
+       return (rid & RID_TYPE_MASK);
+}
+
+/*******************************************************************
+ checks whether rid is a user rid.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+BOOL pwdb_rid_is_user(uint32 rid)
+{
+       return pwdb_rid_type(rid) == RID_TYPE_USER;
+}
+
+/**************************************************************************
+ Groupname map functionality. The code loads a groupname map file and
+ (currently) loads it into a linked list. This is slow and memory
+ hungry, but can be changed into a more efficient storage format
+ if the demands on it become excessive.
+***************************************************************************/
+
+typedef struct name_map
+{
+       ubi_slNode next;
+       DOM_NAME_MAP grp;
+
+} name_map_entry;
+
+static ubi_slList groupname_map_list;
+static ubi_slList aliasname_map_list;
+static ubi_slList ntusrname_map_list;
+
+static void delete_name_entry(name_map_entry *gmep)
+{
+       if (gmep->grp.nt_name)
+       {
+               free(gmep->grp.nt_name);
+       }
+       if (gmep->grp.nt_domain)
+       {
+               free(gmep->grp.nt_domain);
+       }
+       if (gmep->grp.unix_name)
+       {
+               free(gmep->grp.unix_name);
+       }
+       free((char*)gmep);
+}
+
+/**************************************************************************
+ Delete all the entries in the name map list.
+***************************************************************************/
+
+static void delete_map_list(ubi_slList *map_list)
+{
+       name_map_entry *gmep;
+
+       while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
+       {
+               delete_name_entry(gmep);
+       }
+}
+
+
+/**************************************************************************
+ makes a group sid out of a domain sid and a _unix_ gid.
+***************************************************************************/
+static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
+{
+       DEBUG(10,("make_mydomain_sid\n"));
+
+       if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
+       {
+               DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
+                         grp->nt_domain));
+               return False;
+       }
+
+       if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
+       {
+               /*
+                * only builtin aliases are recognised in S-1-5-20
+                */
+
+               if (!lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type))
+               {
+                       DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
+                                 grp->unix_name, grp->nt_name));
+                       return False;
+               }
+               return True;
+       }
+       else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
+       {
+               if (type != DOM_MAP_USER)
+               {
+                       DEBUG(0,("well-known NT user %s\%s listed in wrong map file\n",
+                                 grp->nt_domain, grp->nt_name));
+                       return False;
+               }
+               return True;
+       }
+       else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
+       {
+               if (type != DOM_MAP_DOMAIN)
+               {
+                       DEBUG(0,("well-known NT group %s\%s listed in wrong map file\n",
+                                 grp->nt_domain, grp->nt_name));
+                       return False;
+               }
+               return True;
+       }
+       else
+       {
+               BOOL ret;
+               fstring sid_str;
+               switch (type)
+               {
+                       case DOM_MAP_USER:
+                       {
+                               grp->type = SID_NAME_USER;
+                               break;
+                       }
+                       case DOM_MAP_DOMAIN:
+                       {
+                               grp->type = SID_NAME_DOM_GRP;
+                               break;
+                       }
+                       case DOM_MAP_LOCAL:
+                       {
+                               grp->type = SID_NAME_ALIAS;
+                               break;
+                       }
+               }
+
+               ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
+               sid_to_string(sid_str, &grp->sid);
+               DEBUG(10,("nt name %s gid %d mapped to %s\n",
+                          grp->nt_name, grp->unix_id, sid_str));
+               return ret;
+       }
+
+       return False;
+}
+
+/**************************************************************************
+ makes a group sid out of an nt domain, nt group name or a unix group name.
+***************************************************************************/
+static BOOL unix_name_to_group_info(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
+{
+       struct group *gptr = NULL;
+
+       /*
+        * Attempt to get the unix gid_t for this name.
+        */
+
+       DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name));
+
+       gptr = (struct group *)getgrnam(grp->unix_name);
+       if (gptr == NULL)
+       {
+               DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\
+failed. Error was %s.\n", grp->unix_name, strerror(errno) ));
+               return False;
+       }
+
+       grp->unix_id = (uint32)gptr->gr_gid;
+
+       DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_id));
+
+       /*
+        * Now map the name to an NT SID+RID.
+        */
+
+       if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name))
+       {
+               /* Must add client-call lookup code here, to 
+                * resolve remote domain's sid and the group's rid,
+                * in that domain.
+                *
+                * NOTE: it is _incorrect_ to put code here that assumes
+                * we are responsible for lookups for foriegn domains' RIDs.
+                *
+                * for foriegn domains for which we are *NOT* the PDC, all
+                * we can be responsible for is the unix gid_t to which
+                * the foriegn SID+rid maps to, on this _local_ machine.  
+                * we *CANNOT* make any short-cuts or assumptions about
+                * RIDs in a foriegn domain.
+                */
+
+               if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
+               {
+                       DEBUG(0,("unix_name_to_group_info: no known sid for %s\n",
+                                 grp->nt_domain));
+                       return False;
+               }
+       }
+
+       return make_mydomain_sid(grp, type);
+}
+
+static BOOL make_name_entry(name_map_entry **new_ep,
+               char *nt_domain, char *nt_group, char *unix_group,
+               DOM_MAP_TYPE type)
+{
+       /*
+        * Create the list entry and add it onto the list.
+        */
+
+       DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
+
+       (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
+       if ((*new_ep) == NULL)
+       {
+               DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
+               return False;
+       } 
+
+       ZERO_STRUCTP(*new_ep);
+
+       (*new_ep)->grp.nt_name   = strdup(nt_group  );
+       (*new_ep)->grp.nt_domain = strdup(nt_domain );
+       (*new_ep)->grp.unix_name = strdup(unix_group);
+
+       if ((*new_ep)->grp.nt_name   == NULL ||
+           (*new_ep)->grp.unix_name == NULL)
+       {
+               DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
+               delete_name_entry((*new_ep));
+               return False;
+       }
+
+       /*
+        * look up the group names, make the Group-SID and unix gid
+        */
+       if (!unix_name_to_group_info(&(*new_ep)->grp, type))
+       {
+               delete_name_entry((*new_ep));
+               return False;
+       }
+
+       return True;
+}
+
+/**************************************************************************
+ Load a name map file. Sets last accessed timestamp.
+***************************************************************************/
+static ubi_slList *load_name_map(DOM_MAP_TYPE type)
+{
+       static time_t groupmap_file_last_modified = (time_t)0;
+       static time_t aliasmap_file_last_modified = (time_t)0;
+       static time_t ntusrmap_file_last_modified  = (time_t)0;
+       static BOOL initialised_group = False;
+       static BOOL initialised_alias = False;
+       static BOOL initialised_ntusr  = False;
+       char *groupname_map_file = lp_groupname_map();
+       char *aliasname_map_file = lp_aliasname_map();
+       char *ntusrname_map_file = lp_ntusrname_map();
+
+       SMB_STRUCT_STAT st;
+       FILE *fp;
+       char *s;
+       pstring buf;
+       name_map_entry *new_ep;
+
+       time_t *file_last_modified = NULL;
+       int    *initialised = NULL;
+       char   *map_file = NULL;
+       ubi_slList *map_list = NULL;
+
+       switch (type)
+       {
+               case DOM_MAP_DOMAIN:
+               {
+                       file_last_modified = &groupmap_file_last_modified;
+                       initialised        = &initialised_group;
+                       map_file           = groupname_map_file;
+                       map_list           = &groupname_map_list;
+
+                       break;
+               }
+               case DOM_MAP_LOCAL:
+               {
+                       file_last_modified = &aliasmap_file_last_modified;
+                       initialised        = &initialised_alias;
+                       map_file           = aliasname_map_file;
+                       map_list           = &aliasname_map_list;
+
+                       break;
+               }
+               case DOM_MAP_USER:
+               {
+                       file_last_modified = &ntusrmap_file_last_modified;
+                       initialised        = &initialised_ntusr;
+                       map_file           = ntusrname_map_file;
+                       map_list           = &ntusrname_map_list;
+
+                       break;
+               }
+       }
+
+       if (!(*initialised))
+       {
+               DEBUG(10,("initialising map %s\n", map_file));
+               ubi_slInitList(map_list);
+               (*initialised) = True;
+       }
+
+       if (!*map_file)
+       {
+               return map_list;
+       }
+
+       if (sys_stat(map_file, &st) != 0)
+       {
+               DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n",
+                          map_file, strerror(errno) ));
+               return map_list;
+       }
+
+       /*
+        * Check if file has changed.
+        */
+       if (st.st_mtime <= (*file_last_modified))
+       {
+               return map_list;
+       }
+
+       (*file_last_modified) = st.st_mtime;
+
+       /*
+        * Load the file.
+        */
+
+       fp = fopen(map_file,"r");
+       if (!fp)
+       {
+               DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n",
+                         map_file, strerror(errno)));
+               return map_list;
+       }
+
+       /*
+        * Throw away any previous list.
+        */
+       delete_map_list(map_list);
+
+       DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
+
+       while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
+       {
+               pstring unixname;
+               pstring nt_name;
+               fstring nt_domain;
+               fstring nt_group;
+               char *p;
+
+               DEBUG(10,("Read line |%s|\n", s));
+
+               memset(nt_name, 0, sizeof(nt_name));
+
+               if (!*s || strchr("#;",*s))
+                       continue;
+
+               if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
+                       continue;
+
+               if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
+                       continue;
+
+               trim_string(unixname, " ", " ");
+               trim_string(nt_name, " ", " ");
+
+               if (!*nt_name)
+                       continue;
+
+               if (!*unixname)
+                       continue;
+
+               DEBUG(5,("unixname = %s, ntname = %s.\n",
+                         unixname, nt_name));
+
+               p = strchr(nt_name, '\\');
+
+               if (p == NULL)
+               {
+                       memset(nt_domain, 0, sizeof(nt_domain));
+                       fstrcpy(nt_group, nt_name);
+               }
+               else
+               {
+                       *p = 0;
+                       p++;
+                       fstrcpy(nt_domain, nt_name);
+                       fstrcpy(nt_group , p);
+               }
+
+               if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type))
+               {
+                       ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
+               }
+       }
+
+       DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
+                  ubi_slCount(map_list)));
+
+       fclose(fp);
+
+       return map_list;
+}
+
+static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
+{
+       sid_copy(&grp->sid, &from->sid);
+       grp->unix_id   = from->unix_id;
+       grp->nt_name   = from->nt_name;
+       grp->nt_domain = from->nt_domain;
+       grp->unix_name = from->unix_name;
+       grp->type      = from->type;
+}
+
+#if 0
+/***********************************************************
+ Lookup unix name.
+************************************************************/
+static BOOL map_unixname(DOM_MAP_TYPE type,
+               char *unixname, DOM_NAME_MAP *grp_info)
+{
+       name_map_entry *gmep;
+       ubi_slList *map_list;
+
+       /*
+        * Initialise and load if not already loaded.
+        */
+       map_list = load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (strequal(gmep->grp.unix_name, unixname))
+               {
+                       copy_grp_map_entry(grp_info, &gmep->grp);
+                       DEBUG(7,("map_unixname: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+#endif
+
+/***********************************************************
+ Lookup nt name.
+************************************************************/
+static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
+                               DOM_NAME_MAP *grp_info)
+{
+       name_map_entry *gmep;
+       ubi_slList *map_list;
+
+       /*
+        * Initialise and load if not already loaded.
+        */
+       map_list = load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (strequal(gmep->grp.nt_name  , ntname) &&
+                   strequal(gmep->grp.nt_domain, ntdomain))
+               {
+                       copy_grp_map_entry(grp_info, &gmep->grp);
+                       DEBUG(7,("map_ntname: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+
+/***********************************************************
+ Lookup by SID
+************************************************************/
+static BOOL map_sid(DOM_MAP_TYPE type,
+               DOM_SID *psid, DOM_NAME_MAP *grp_info)
+{
+       name_map_entry *gmep;
+       ubi_slList *map_list;
+
+       /*
+        * Initialise and load if not already loaded.
+        */
+       map_list = load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (sid_equal(&gmep->grp.sid, psid))
+               {
+                       copy_grp_map_entry(grp_info, &gmep->grp);
+                       DEBUG(7,("map_sid: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+/***********************************************************
+ Lookup by gid_t.
+************************************************************/
+static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
+{
+       name_map_entry *gmep;
+       ubi_slList *map_list;
+
+       /*
+        * Initialise and load if not already loaded.
+        */
+       map_list = load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               fstring sid_str;
+               sid_to_string(sid_str, &gmep->grp.sid);
+               DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
+                              gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
+               if (gmep->grp.unix_id == unix_id)
+               {
+                       copy_grp_map_entry(grp_info, &gmep->grp);
+                       DEBUG(7,("map_unixid: Mapping unix group %s to nt group %s type %d\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+/***********************************************************
+ *
+ * Call four functions to resolve unix group ids and either
+ * local group SIDs or domain group SIDs listed in the local group
+ * or domain group map files.
+ *
+ * Note that it is *NOT* the responsibility of these functions to
+ * resolve entries that are not in the map files.
+ *
+ * Any SID can be in the map files (i.e from any Domain).
+ *
+ ***********************************************************/
+
+#if 0
+
+/***********************************************************
+ Lookup a UNIX Group entry by name.
+************************************************************/
+BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
+{
+       return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
+}
+
+/***********************************************************
+ Lookup a UNIX Alias entry by name.
+************************************************************/
+BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
+{
+       return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
+}
+
+/***********************************************************
+ Lookup an Alias name entry 
+************************************************************/
+BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
+{
+       return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
+}
+
+/***********************************************************
+ Lookup a Group entry
+************************************************************/
+BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
+{
+       return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
+}
+
+#endif
+
+/***********************************************************
+ Lookup a Username entry by name.
+************************************************************/
+static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
+{
+       return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
+}
+
+/***********************************************************
+ Lookup a Username entry by SID.
+************************************************************/
+static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
+{
+       return map_sid(DOM_MAP_USER, sid, grp_info);
+}
+
+/***********************************************************
+ Lookup a Username SID entry by uid.
+************************************************************/
+static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
+{
+       return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
+}
+
+/***********************************************************
+ Lookup an Alias SID entry by name.
+************************************************************/
+BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
+{
+       return map_sid(DOM_MAP_LOCAL, psid, grp_info);
+}
+
+/***********************************************************
+ Lookup a Group entry by sid.
+************************************************************/
+BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
+{
+       return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
+}
+
+/***********************************************************
+ Lookup an Alias SID entry by gid_t.
+************************************************************/
+static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
+{
+       return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
+}
+
+/***********************************************************
+ Lookup a Group SID entry by gid_t.
+************************************************************/
+static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
+{
+       return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
+}
+
+
+/************************************************************************
+ Routine to look up User details by UNIX name
+*************************************************************************/
+BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
+{
+       uid_t uid;
+       DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
+       if (nametouid(unix_usr_name, &uid))
+       {
+               return lookupsmbpwuid(uid, grp);
+       }
+       else
+       {
+               return False;
+       }
+}
+
+/*
+ * used by lookup functions below
+ */
+
+static fstring nt_name;
+static fstring unix_name;
+static fstring nt_domain;
+
+/*************************************************************************
+ looks up a uid, returns User Information.  
+*************************************************************************/
+BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
+{
+       DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
+       if (map_username_uid(uid, gmep))
+       {
+               return True;
+       }
+       if (lp_server_role() != ROLE_DOMAIN_NONE)
+       {
+               gmep->nt_name   = nt_name;
+               gmep->unix_name = unix_name;
+
+               gmep->unix_id = (uint32)uid;
+
+               /*
+                * here we should do a LsaLookupNames() call
+                * to check the status of the name with the PDC.
+                * if the PDC know nothing of the name, it's ours.
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+#if 0
+                       do_lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
+#endif
+               }
+
+               gmep->type = SID_NAME_USER;
+               fstrcpy(gmep->nt_name, uidtoname(uid));
+               fstrcpy(gmep->unix_name, gmep->nt_name);
+               gmep->nt_domain = global_sam_name;
+               pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
+
+               return True;
+       }
+
+       /* oops. */
+
+       return False;
+}
+
+/*************************************************************************
+ looks up by NT name, returns User Information.  
+*************************************************************************/
+BOOL lookupsmbpwntnam(char *fullntname, DOM_NAME_MAP *gmep)
+{
+       DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
+
+       if (!split_domain_name(fullntname, nt_name, nt_domain))
+       {
+               return False;
+       }
+
+       if (map_nt_username(nt_name, nt_domain, gmep))
+       {
+               return True;
+       }
+       if (lp_server_role() != ROLE_DOMAIN_NONE)
+       {
+               uid_t uid;
+               gmep->nt_name   = nt_name;
+               gmep->unix_name = unix_name;
+               gmep->nt_domain = nt_domain;
+
+               /*
+                * here we should do a LsaLookupNames() call
+                * to check the status of the name with the PDC.
+                * if the PDC know nothing of the name, it's ours.
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+#if 0
+                       do_lsa_lookup_names(global_myworkgroup, gmep->nt_name, gmep->nt_domain, &gmep->sid...);
+#endif
+               }
+
+               gmep->type = SID_NAME_USER;
+               fstrcpy(gmep->unix_name, gmep->nt_name);
+               if (!nametouid(gmep->unix_name, &uid))
+               {
+                       return False;
+               }
+               gmep->unix_id = (uint32)uid;
+               if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
+               {
+                       return False;
+               }
+
+               return True;
+       }
+
+       /* oops. */
+
+       return False;
+}
+
+/*************************************************************************
+ looks up by RID, returns User Information.  
+*************************************************************************/
+BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
+{
+       fstring sid_str;
+       sid_to_string(sid_str, sid);
+       DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
+
+       if (map_username_sid(sid, gmep))
+       {
+               return True;
+       }
+       if (lp_server_role() != ROLE_DOMAIN_NONE)
+       {
+               gmep->nt_name   = nt_name;
+               gmep->unix_name = unix_name;
+               gmep->nt_domain = nt_domain;
+
+               /*
+                * here we should do a LsaLookupNames() call
+                * to check the status of the name with the PDC.
+                * if the PDC know nothing of the name, it's ours.
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+#if 0
+                       do_lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
+#endif
+               }
+
+               gmep->type = SID_NAME_USER;
+               sid_copy(&gmep->sid, sid);
+               if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
+               {
+                       return False;
+               }
+               fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
+               fstrcpy(gmep->unix_name, gmep->nt_name);
+               gmep->nt_domain = global_sam_name;
+
+               return True;
+       }
+
+       /* oops. */
+
+       return False;
+}
+
+/************************************************************************
+ Routine to look up group / alias / well-known group RID by UNIX name
+*************************************************************************/
+BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
+{
+       gid_t gid;
+       DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
+       if (nametogid(unix_grp_name, &gid))
+       {
+               return lookupsmbgrpgid(gid, grp);
+       }
+       else
+       {
+               return False;
+       }
+}
+
+/*************************************************************************
+ looks up a SID, returns name map entry
+*************************************************************************/
+BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
+{
+       fstring sid_str;
+       sid_to_string(sid_str, sid);
+       DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
+
+       if (map_alias_sid(sid, gmep))
+       {
+               return True;
+       }
+       if (map_group_sid(sid, gmep))
+       {
+               return True;
+       }
+       if (lp_server_role() != ROLE_DOMAIN_NONE)
+       {
+               gmep->nt_name   = nt_name;
+               gmep->unix_name = unix_name;
+               gmep->nt_domain = nt_domain;
+
+               /*
+                * here we should do a LsaLookupNames() call
+                * to check the status of the name with the PDC.
+                * if the PDC know nothing of the name, it's ours.
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+#if 0
+                       do_lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
+#endif
+               }
+
+               /* name is not explicitly mapped
+                * with map files or the PDC
+                * so we are responsible for it...
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+                       /* ... as a LOCAL group. */
+                       gmep->type = SID_NAME_ALIAS;
+               }
+               else
+               {
+                       /* ... as a DOMAIN group. */
+                       gmep->type = SID_NAME_DOM_GRP;
+               }
+
+               sid_copy(&gmep->sid, sid);
+               if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
+               {
+                       return False;
+               }
+               fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
+               fstrcpy(gmep->unix_name, gmep->nt_name);
+               gmep->nt_domain = global_sam_name;
+
+               return True;
+       }
+
+       /* oops */
+       return False;
+}
+
+/*************************************************************************
+ looks up a gid, returns RID and type local, domain or well-known domain group
+*************************************************************************/
+BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
+{
+       DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
+       if (map_alias_gid(gid, gmep))
+       {
+               return True;
+       }
+       if (map_group_gid(gid, gmep))
+       {
+               return True;
+       }
+       if (lp_server_role() != ROLE_DOMAIN_NONE)
+       {
+               gmep->nt_name   = nt_name;
+               gmep->unix_name = unix_name;
+
+               gmep->unix_id = (uint32)gid;
+
+               /*
+                * here we should do a LsaLookupNames() call
+                * to check the status of the name with the PDC.
+                * if the PDC know nothing of the name, it's ours.
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+#if 0
+                       do_lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
+                       {
+                               return True;
+                       }
+#endif
+               }
+
+               /* name is not explicitly mapped
+                * with map files or the PDC
+                * so we are responsible for it...
+                */
+
+               if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+               {
+                       /* ... as a LOCAL group. */
+                       gmep->type = SID_NAME_ALIAS;
+               }
+               else
+               {
+                       /* ... as a DOMAIN group. */
+                       gmep->type = SID_NAME_DOM_GRP;
+               }
+               fstrcpy(gmep->nt_name, gidtoname(gid));
+               fstrcpy(gmep->unix_name, gmep->nt_name);
+               gmep->nt_domain = global_sam_name;
+               pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
+
+               return True;
+       }
+
+       /* oops */
+       return False;
+}
+
diff --git a/source3/lib/sids.c b/source3/lib/sids.c
new file mode 100644 (file)
index 0000000..432c334
--- /dev/null
@@ -0,0 +1,554 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+extern int DEBUGLEVEL;
+extern pstring scope;
+extern pstring global_myname;
+
+/*
+ * This is set on startup - it defines the SID for this
+ * machine, and therefore the SAM database for which it is
+ * responsible.
+ */
+
+DOM_SID global_sam_sid;
+
+/*
+ * This is the name associated with the SAM database for
+ * which this machine is responsible.  In the case of a PDC
+ * or PDC, this name is the same as the workgroup.  In the
+ * case of "security = domain" mode, this is the same as
+ * the name of the server (global_myname).
+ */
+
+fstring global_sam_name; 
+
+/*
+ * This is obtained on startup - it defines the SID for which
+ * this machine is a member.  It is therefore only set, and
+ * used, in "security = domain" mode.
+ */
+
+DOM_SID global_member_sid;
+
+/*
+ * note the lack of a "global_member_name" - this is because
+ * this is the same as "global_myworkgroup".
+ */
+
+extern fstring global_myworkgroup;
+/* fstring global_member_dom_name; */
+
+/*
+ * some useful sids
+ */
+
+DOM_SID global_sid_S_1_5_20; /* local well-known domain */
+DOM_SID global_sid_S_1_1;    /* everyone */
+DOM_SID global_sid_S_1_3;    /* Creator Owner */
+DOM_SID global_sid_S_1_5;    /* NT Authority */
+
+static struct sid_name_map_info
+{
+       DOM_SID *sid;
+       char *name;
+
+}
+sid_name_map[] =
+{
+       { &global_sid_S_1_5_20, "BUILTIN" },
+       { &global_sid_S_1_1   , "Everyone" },
+       { &global_sid_S_1_3   , "Creator Owner" },
+       { &global_sid_S_1_5   , "NT Authority" },
+       { &global_sam_sid     , global_sam_name },
+       { &global_member_sid  , global_myworkgroup },
+       { NULL                , NULL      }
+};
+
+/****************************************************************************
+ Read the machine SID from a file.
+****************************************************************************/
+
+static BOOL read_sid_from_file(int fd, char *sid_file)
+{   
+  fstring fline;
+       fstring sid_str;
+    
+  memset(fline, '\0', sizeof(fline));
+
+  if (read(fd, fline, sizeof(fline) -1 ) < 0) {
+    DEBUG(0,("unable to read file %s. Error was %s\n",
+           sid_file, strerror(errno) ));
+    return False;
+  }
+
+  /*
+   * Convert to the machine SID.
+   */
+
+  fline[sizeof(fline)-1] = '\0';
+  if (!string_to_sid( &global_sam_sid, fline)) {
+    DEBUG(0,("unable to generate machine SID.\n"));
+    return False;
+  }
+
+       sid_to_string(sid_str, &global_sam_sid);
+       DEBUG(5,("read_sid_from_file: sid %s\n", sid_str));
+
+  return True;
+}
+
+/****************************************************************************
+ sets up the name associated with the SAM database for which we are responsible
+****************************************************************************/
+void get_sam_domain_name(void)
+{
+       switch (lp_server_role())
+       {
+               case ROLE_DOMAIN_PDC:
+               case ROLE_DOMAIN_BDC:
+               {
+                       /* we are PDC (or BDC) for a Domain */
+                       fstrcpy(global_sam_name, lp_workgroup());
+                       break;
+               }
+               case ROLE_DOMAIN_MEMBER:
+               {
+                       /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */
+                       fstrcpy(global_sam_name, global_myname);
+                       break;
+               }
+               default:
+               {
+                       /* no domain role, probably due to "security = share" */
+                       memset(global_sam_name, 0, sizeof(global_sam_name));
+                       break;
+               }
+       }
+}
+
+/****************************************************************************
+ obtain the sid from the PDC.  do some verification along the way...
+****************************************************************************/
+BOOL get_member_domain_sid(void)
+{
+       POLICY_HND pol;
+       fstring srv_name;
+       struct cli_state cli;
+       BOOL res = True;
+       DOM_SID sid3;
+       DOM_SID sid5;
+       fstring dom3;
+       fstring dom5;
+
+       switch (lp_server_role())
+       {
+               case ROLE_DOMAIN_NONE:
+               {
+                       ZERO_STRUCT(global_member_sid);
+                       return True;
+               }
+               case ROLE_DOMAIN_PDC:
+               {
+                       sid_copy(&global_member_sid, &global_sam_sid);
+                       return True;
+               }
+               default:
+               {
+                       /* member or BDC, we're going for connection to PDC */
+                       break;
+               }
+       }
+
+       if (!cli_connect_serverlist(&cli, lp_passwordserver()))
+       {
+               DEBUG(0,("get_member_domain_sid: unable to initialise client connection.\n"));
+               return False;
+       }
+
+       /*
+        * Ok - we have an anonymous connection to the IPC$ share.
+        * Now start the NT Domain stuff :-).
+        */
+
+       fstrcpy(dom3, "");
+       fstrcpy(dom5, "");
+       ZERO_STRUCT(sid3);
+       ZERO_STRUCT(sid5);
+
+       fstrcpy(srv_name, "\\\\");
+       fstrcat(srv_name, global_myname);
+       strupper(srv_name);
+
+       /* open LSARPC session. */
+       res = res ? cli_nt_session_open(&cli, PIPE_LSARPC) : False;
+
+       /* lookup domain controller; receive a policy handle */
+       res = res ? do_lsa_open_policy(&cli, srv_name, &pol, False) : False;
+
+       /* send client info query, level 3.  receive domain name and sid */
+       res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, &sid3) : False;
+
+       /* send client info query, level 5.  receive domain name and sid */
+       res = res ? do_lsa_query_info_pol(&cli, &pol, 5, dom5, &sid5) : False;
+
+       /* close policy handle */
+       res = res ? do_lsa_close(&cli, &pol) : False;
+
+       /* close the session */
+       cli_nt_session_close(&cli);
+       cli_ulogoff(&cli);
+       cli_shutdown(&cli);
+
+       if (res)
+       {
+               pstring sid;
+               DEBUG(2,("LSA Query Info Policy\n"));
+               sid_to_string(sid, &sid3);
+               DEBUG(2,("Domain Member     - Domain: %s SID: %s\n", dom3, sid));
+               sid_to_string(sid, &sid5);
+               DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid));
+
+               if (!strequal(dom3, global_myworkgroup) ||
+                   !strequal(dom5, global_myworkgroup))
+               {
+                       DEBUG(0,("get_member_domain_sid: %s is a DC for %s not %s\n",
+                                 cli.desthost, dom5, global_myworkgroup));
+                       res = False;
+               }
+       }
+       else
+       {
+               DEBUG(1,("lsa query info failed\n"));
+       }
+
+       if (!res)
+       {
+               DEBUG(0,("get_member_domain_sid: unable to obtain Domain member SID\n"));
+       }
+       else
+       {
+               /* this is a _lot_ of trouble to go to for just this info: */
+               global_member_sid = sid5;
+       }
+
+       return res;
+}
+
+/****************************************************************************
+ creates some useful well known sids
+****************************************************************************/
+void generate_wellknown_sids(void)
+{
+       string_to_sid(&global_sid_S_1_5_20, "S-1-5-32");
+       string_to_sid(&global_sid_S_1_1   , "S-1-1"   );
+       string_to_sid(&global_sid_S_1_3   , "S-1-3"   );
+       string_to_sid(&global_sid_S_1_5   , "S-1-5"   );
+}
+
+/****************************************************************************
+ Generate the global machine sid. Look for the MACHINE.SID file first, if
+ not found then look in smb.conf and use it to create the MACHINE.SID file.
+****************************************************************************/
+BOOL generate_sam_sid(void)
+{
+       int fd;
+       int i;
+       char *p;
+       pstring sid_file;
+       fstring sid_string;
+       SMB_STRUCT_STAT st;
+       uchar raw_sid_data[12];
+
+       pstrcpy(sid_file, lp_smb_passwd_file());
+       p = strrchr(sid_file, '/');
+       if (p != NULL) {
+               *++p = '\0';
+       }
+
+       if (!directory_exist(sid_file, NULL)) {
+               if (dos_mkdir(sid_file, 0700) != 0) {
+                       DEBUG(0,("can't create private directory %s : %s\n",
+                                sid_file, strerror(errno)));
+                       return False;
+               }
+       }
+
+       pstrcat(sid_file, "MACHINE.SID");
+    
+       if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
+               DEBUG(0,("unable to open or create file %s. Error was %s\n",
+                        sid_file, strerror(errno) ));
+               return False;
+       } 
+  
+       /*
+        * Check if the file contains data.
+        */
+       
+       if (sys_fstat( fd, &st) < 0) {
+               DEBUG(0,("unable to stat file %s. Error was %s\n",
+                        sid_file, strerror(errno) ));
+               close(fd);
+               return False;
+       } 
+  
+       if (st.st_size > 0) {
+               /*
+                * We have a valid SID - read it.
+                */
+               if (!read_sid_from_file( fd, sid_file)) {
+                       DEBUG(0,("unable to read file %s. Error was %s\n",
+                                sid_file, strerror(errno) ));
+                       close(fd);
+                       return False;
+               }
+               close(fd);
+               return True;
+       } 
+  
+       /*
+        * Generate the new sid data & turn it into a string.
+        */
+       generate_random_buffer( raw_sid_data, 12, True);
+               
+       fstrcpy( sid_string, "S-1-5-21");
+       for( i = 0; i < 3; i++) {
+               fstring tmp_string;
+               slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4));
+               fstrcat( sid_string, tmp_string);
+       }
+       
+       fstrcat(sid_string, "\n");
+       
+       /*
+        * Ensure our new SID is valid.
+        */
+       
+       if (!string_to_sid( &global_sam_sid, sid_string)) {
+               DEBUG(0,("unable to generate machine SID.\n"));
+               return False;
+       } 
+  
+       /*
+        * Do an exclusive blocking lock on the file.
+        */
+       
+       if (!do_file_lock( fd, 60, F_WRLCK)) {
+               DEBUG(0,("unable to lock file %s. Error was %s\n",
+                        sid_file, strerror(errno) ));
+               close(fd);
+               return False;
+       } 
+  
+       /*
+        * At this point we have a blocking lock on the SID
+        * file - check if in the meantime someone else wrote
+        * SID data into the file. If so - they were here first,
+        * use their data.
+        */
+       
+       if (sys_fstat( fd, &st) < 0) {
+               DEBUG(0,("unable to stat file %s. Error was %s\n",
+                        sid_file, strerror(errno) ));
+               close(fd);
+               return False;
+       } 
+  
+       if (st.st_size > 0) {
+               /*
+                * Unlock as soon as possible to reduce
+                * contention on the exclusive lock.
+                */ 
+               do_file_lock( fd, 60, F_UNLCK);
+               
+               /*
+                * We have a valid SID - read it.
+                */
+               
+               if (!read_sid_from_file( fd, sid_file)) {
+                       DEBUG(0,("unable to read file %s. Error was %s\n",
+                                sid_file, strerror(errno) ));
+                       close(fd);
+                       return False;
+               }
+               close(fd);
+               return True;
+       } 
+       
+       /*
+        * The file is still empty and we have an exlusive lock on it.
+        * Write out out SID data into the file.
+        */
+       
+       if (fchmod(fd, 0644) < 0) {
+               DEBUG(0,("unable to set correct permissions on file %s. \
+Error was %s\n", sid_file, strerror(errno) ));
+               close(fd);
+               return False;
+       } 
+       
+       if (write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
+               DEBUG(0,("unable to write file %s. Error was %s\n",
+                        sid_file, strerror(errno) ));
+               close(fd);
+               return False;
+       } 
+       
+       /*
+        * Unlock & exit.
+        */
+       
+       do_file_lock( fd, 60, F_UNLCK);
+       close(fd);
+       return True;
+}   
+
+/**************************************************************************
+ turns a domain name into a SID.
+
+ *** side-effect: if the domain name is NULL, it is set to our domain ***
+
+***************************************************************************/
+BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain)
+{
+       int i = 0;
+
+       if (nt_domain == NULL)
+       {
+               sid_copy(sid, &global_sam_sid);
+               return True;
+       }
+
+       if ((*nt_domain) == NULL)
+       {
+               DEBUG(5,("map_domain_name_to_sid: overriding NULL name to %s\n",
+                         global_sam_name));
+               (*nt_domain) = strdup(global_sam_name);
+               sid_copy(sid, &global_sam_sid);
+               return True;
+       }
+
+       if ((*nt_domain)[0] == 0)
+       {
+               DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n",
+                         global_sam_name));
+               free(*nt_domain);
+               (*nt_domain) = strdup(global_sam_name);
+               sid_copy(sid, &global_sam_sid);
+               return True;
+       }
+
+       DEBUG(5,("map_domain_name_to_sid: %s\n", (*nt_domain)));
+
+       while (sid_name_map[i].name != NULL)
+       {
+               DEBUG(5,("compare: %s\n", sid_name_map[i].name));
+               if (strequal(sid_name_map[i].name, (*nt_domain)))
+               {
+                       fstring sid_str;
+                       sid_copy(sid, sid_name_map[i].sid);
+                       sid_to_string(sid_str, sid_name_map[i].sid);
+                       DEBUG(5,("found %s\n", sid_str));
+                       return True;
+               }
+               i++;
+       }
+
+       DEBUG(0,("map_domain_name_to_sid: mapping to %s NOT IMPLEMENTED\n",
+                 (*nt_domain)));
+       return False;
+}
+
+/**************************************************************************
+ turns a domain SID into a name.
+
+***************************************************************************/
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
+{
+       fstring sid_str;
+       int i = 0;
+       sid_to_string(sid_str, sid);
+
+       DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
+
+       if (nt_domain == NULL)
+       {
+               return False;
+       }
+
+       while (sid_name_map[i].sid != NULL)
+       {
+               sid_to_string(sid_str, sid_name_map[i].sid);
+               DEBUG(5,("compare: %s\n", sid_str));
+               if (sid_equal(sid_name_map[i].sid, sid))
+               {
+                       fstrcpy(nt_domain, sid_name_map[i].name);
+                       DEBUG(5,("found %s\n", nt_domain));
+                       return True;
+               }
+               i++;
+       }
+
+       DEBUG(0,("map_domain_sid_to_name: mapping NOT IMPLEMENTED\n"));
+
+       return False;
+}
+
+/**************************************************************************
+ splits a name of format \DOMAIN\name into its two components.
+ sets the DOMAIN name to global_sam_name if it has not been specified.
+***************************************************************************/
+BOOL split_domain_name(char *fullname, char *domain, char *name)
+{
+       fstring full_name;
+       char *p;
+
+       if (fullname == NULL || domain == NULL || name == NULL)
+       {
+               return False;
+       }
+
+       if (fullname[0] == '\\')
+       {
+               fullname++;
+       }
+       fstrcpy(full_name, fullname);
+       p = strchr(full_name+1, '\\');
+
+       if (p != NULL)
+       {
+               *p = 0;
+               fstrcpy(domain, full_name);
+               fstrcpy(name, p+1);
+       }
+       else
+       {
+               fstrcpy(domain, global_sam_name);
+               fstrcpy(name, full_name);
+       }
+
+       DEBUG(5,("name '%s' split into '%s\\%s'\n", fullname, domain, name));
+       return True;
+}
diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c
new file mode 100644 (file)
index 0000000..50cc051
--- /dev/null
@@ -0,0 +1,444 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+extern DOM_SID global_sid_S_1_5_20;
+extern fstring global_myworkgroup;
+
+/*
+ * A list of the rids of well known BUILTIN and Domain users
+ * and groups.
+ */
+
+rid_name builtin_alias_rids[] =
+{  
+    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+    { BUILTIN_ALIAS_RID_USERS        , "Users" },
+    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+   
+    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID users. */
+rid_name domain_user_rids[] =
+{  
+    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
+    { DOMAIN_USER_RID_GUEST         , "Guest" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID groups. */
+rid_name domain_group_rids[] =
+{  
+    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
+    { 0                             , NULL }
+};
+
+
+/*******************************************************************
+ lookup_wk_group_name
+ ********************************************************************/
+uint32 lookup_wk_group_name(const char *group_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
+{
+       char *grp_name;
+       int i = -1; /* start do loop at -1 */
+       uint32 rid;
+       (*type) = SID_NAME_WKN_GRP;
+
+       if (strequal(domain, global_sam_name))
+       {
+               sid_copy(sid, &global_sam_sid);
+       }
+       else if (strequal(domain, "BUILTIN"))
+       {
+               sid_copy(sid, &global_sid_S_1_5_20);
+       }
+       else
+       {
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
+       do /* find, if it exists, a group rid for the group name */
+       {
+               i++;
+               rid      = domain_group_rids[i].rid;
+               grp_name = domain_group_rids[i].name;
+
+               if (strequal(grp_name, group_name))
+               {
+                       sid_append_rid(sid, rid);
+
+                       return 0x0;
+               }
+                       
+       } while (grp_name != NULL);
+
+       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_wk_user_name
+ ********************************************************************/
+uint32 lookup_wk_user_name(const char *user_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
+{
+       char *usr_name;
+       int i = -1; /* start do loop at -1 */
+       (*type) = SID_NAME_USER;
+
+       if (strequal(domain, global_sam_name))
+       {
+               sid_copy(sid, &global_sam_sid);
+       }
+       else if (strequal(domain, "BUILTIN"))
+       {
+               sid_copy(sid, &global_sid_S_1_5_20);
+       }
+       else
+       {
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
+       do /* find, if it exists, a alias rid for the alias name */
+       {
+               i++;
+               usr_name = domain_user_rids[i].name;
+
+       } while (usr_name != NULL && !strequal(usr_name, user_name));
+
+       if (usr_name != NULL)
+       {
+               sid_copy(sid, &global_sid_S_1_5_20);
+               sid_append_rid(sid, domain_user_rids[i].rid);
+               return 0;
+       }
+
+       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_builtin_alias_name
+ ********************************************************************/
+uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
+                               DOM_SID *sid, uint8 *type)
+{
+       char *als_name;
+       int i = 0;
+       uint32 rid;
+
+       if (strequal(domain, "BUILTIN"))
+       {
+               if (sid != NULL)
+               {
+                       sid_copy(sid, &global_sid_S_1_5_20);
+               }
+       }
+       else
+       {
+               return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+
+       do /* find, if it exists, a alias rid for the alias name*/
+       {
+               rid      = builtin_alias_rids[i].rid;
+               als_name = builtin_alias_rids[i].name;
+
+               i++;
+
+               if (strequal(als_name, alias_name))
+               {
+                       if (sid != NULL)
+                       {
+                               sid_append_rid(sid, rid);
+                       }
+
+                       if (type != NULL)
+                       {
+                               (*type) = SID_NAME_ALIAS;
+                       }
+
+                       return 0x0;
+               }
+                       
+       } while (als_name != NULL);
+
+       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+/**********************************************************
+ Encode the account control bits into a string.
+ length = length of string to encode into (including terminating
+ null). length *MUST BE MORE THAN 2* !
+ **********************************************************/
+
+char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+{
+       static fstring acct_str;
+       size_t i = 0;
+
+       acct_str[i++] = '[';
+
+       if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+       if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
+       if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+       if (acct_ctrl & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
+       if (acct_ctrl & ACB_NORMAL   ) acct_str[i++] = 'U';
+       if (acct_ctrl & ACB_MNS      ) acct_str[i++] = 'M';
+       if (acct_ctrl & ACB_WSTRUST  ) acct_str[i++] = 'W';
+       if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
+       if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+       if (acct_ctrl & ACB_PWNOEXP  ) acct_str[i++] = 'X';
+       if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+       for ( ; i < length - 2 ; i++ )
+       {
+               acct_str[i] = ' ';
+       }
+
+       i = length - 2;
+       acct_str[i++] = ']';
+       acct_str[i++] = '\0';
+
+       return acct_str;
+}     
+
+/**********************************************************
+ Decode the account control bits from a string.
+
+ this function breaks coding standards minimum line width of 80 chars.
+ reason: vertical line-up code clarity - all case statements fit into
+ 15 lines, which is more important.
+ **********************************************************/
+
+uint16 pwdb_decode_acct_ctrl(const char *p)
+{
+       uint16 acct_ctrl = 0;
+       BOOL finished = False;
+
+       /*
+        * Check if the account type bits have been encoded after the
+        * NT password (in the form [NDHTUWSLXI]).
+        */
+
+       if (*p != '[') return 0;
+
+       for (p++; *p && !finished; p++)
+       {
+               switch (*p)
+               {
+                       case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
+                       case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
+                       case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
+                       case 'T': { acct_ctrl |= ACB_TEMPDUP  ; break; /* 'T'emp account. */ } 
+                       case 'U': { acct_ctrl |= ACB_NORMAL   ; break; /* 'U'ser account (normal). */ } 
+                       case 'M': { acct_ctrl |= ACB_MNS      ; break; /* 'M'NS logon user account. What is this ? */ } 
+                       case 'W': { acct_ctrl |= ACB_WSTRUST  ; break; /* 'W'orkstation account. */ } 
+                       case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 
+                       case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
+                       case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
+                       case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
+                       case ' ': { break; }
+                       case ':':
+                       case '\n':
+                       case '\0': 
+                       case ']':
+                       default:  { finished = True; }
+               }
+       }
+
+       return acct_ctrl;
+}
+
+/*******************************************************************
+ gets password-database-format time from a string.
+ ********************************************************************/
+
+static time_t get_time_from_string(const char *p)
+{
+       int i;
+
+       for (i = 0; i < 8; i++)
+       {
+               if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
+               {
+                       break;
+               }
+       }
+       if (i == 8)
+       {
+               /*
+                * p points at 8 characters of hex digits - 
+                * read into a time_t as the seconds since
+                * 1970 that the password was last changed.
+                */
+               return (time_t)strtol(p, NULL, 16);
+       }
+       return (time_t)-1;
+}
+
+/*******************************************************************
+ gets password last set time
+ ********************************************************************/
+
+time_t pwdb_get_last_set_time(const char *p)
+{
+       if (*p && StrnCaseCmp(p, "LCT-", 4))
+       {
+               return get_time_from_string(p + 4);
+       }
+       return (time_t)-1;
+}
+
+
+/*******************************************************************
+ sets password-database-format time in a string.
+ ********************************************************************/
+static void set_time_in_string(char *p, int max_len, char *type, time_t t)
+{
+       slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
+}
+
+/*******************************************************************
+ sets logon time
+ ********************************************************************/
+void pwdb_set_logon_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "LNT", t);
+}
+
+/*******************************************************************
+ sets logoff time
+ ********************************************************************/
+void pwdb_set_logoff_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "LOT", t);
+}
+
+/*******************************************************************
+ sets kickoff time
+ ********************************************************************/
+void pwdb_set_kickoff_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "KOT", t);
+}
+
+/*******************************************************************
+ sets password can change time
+ ********************************************************************/
+void pwdb_set_can_change_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "CCT", t);
+}
+
+/*******************************************************************
+ sets password last set time
+ ********************************************************************/
+void pwdb_set_must_change_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "MCT", t);
+}
+
+/*******************************************************************
+ sets password last set time
+ ********************************************************************/
+void pwdb_set_last_set_time(char *p, int max_len, time_t t)
+{
+       set_time_in_string(p, max_len, "LCT", t);
+}
+
+
+/*************************************************************
+ Routine to set 32 hex password characters from a 16 byte array.
+**************************************************************/
+void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl)
+{
+       if (pwd != NULL)
+       {
+               int i;
+               for (i = 0; i < 16; i++)
+               {
+                       slprintf(&p[i*2], 33, "%02X", pwd[i]);
+               }
+       }
+       else
+       {
+               if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ))
+               {
+                       safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+               }
+               else
+               {
+                       safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
+               }
+       }
+}
+
+/*************************************************************
+ Routine to get the 32 hex characters and turn them
+ into a 16 byte array.
+**************************************************************/
+BOOL pwdb_gethexpwd(const char *p, char *pwd)
+{
+       return strhex_to_str(pwd, 32, p) == 16;
+}
+
+/*************************************************************
+ initialise password databases, domain names, domain sid.
+**************************************************************/
+BOOL pwdb_initialise(void)
+{
+       fstrcpy(global_myworkgroup, lp_workgroup());
+
+       if (strequal(global_myworkgroup,"*"))
+       {
+               DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));
+               return False;
+       }
+
+       get_sam_domain_name();
+
+       generate_wellknown_sids();
+
+       if (!generate_sam_sid())
+       {
+               DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+               return False;
+       }
+
+       if(!initialise_password_db())
+               return False;
+
+       return True;
+}
diff --git a/source3/passdb/sampass.c b/source3/passdb/sampass.c
new file mode 100644 (file)
index 0000000..967e050
--- /dev/null
@@ -0,0 +1,198 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBPASS_DB
+
+extern int DEBUGLEVEL;
+extern pstring samlogon_user;
+extern BOOL sam_logon_in_ssb;
+
+extern DOM_SID global_sam_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+void *startsamfilepwent(BOOL update)
+{
+       return startsmbpwent(update);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+void endsamfilepwent(void *vp)
+{
+       endsmbpwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+SMB_BIG_UINT getsamfilepwpos(void *vp)
+{
+       return getsmbpwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+BOOL setsamfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+       return setsmbpwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbpasswd list.
+ this function is a nice, messy combination of reading:
+ - the smbpasswd file
+ - the unix password database
+ - smb.conf options (not done at present).
+ *************************************************************************/
+
+static struct sam_passwd *getsamfile21pwent(void *vp)
+{
+       struct sam_passwd *user;
+
+       static pstring full_name;
+       static pstring home_dir;
+       static pstring home_drive;
+       static pstring logon_script;
+       static pstring profile_path;
+       static pstring acct_desc;
+       static pstring workstations;
+
+       DEBUG(5,("getsamfile21pwent\n"));
+
+       user = pwdb_smb_to_sam(getsmbpwent(vp));
+       if (user == NULL)
+       {
+               return NULL;
+       }
+
+       /*
+        * get all the other gubbins we need
+        */
+
+       pstrcpy(samlogon_user, user->nt_name);
+
+       if (samlogon_user[strlen(samlogon_user)-1] == '$' && 
+           user->group_rid != DOMAIN_GROUP_RID_USERS)
+       {
+               DEBUG(0,("trust account %s should be in DOMAIN_GROUP_RID_USERS\n",
+                         samlogon_user));
+       }
+
+       /* XXXX hack to get standard_sub_basic() to use sam logon username */
+       /* possibly a better way would be to do a become_user() call */
+       sam_logon_in_ssb = True;
+
+       pstrcpy(full_name    , "");
+       pstrcpy(logon_script , lp_logon_script       ());
+       pstrcpy(profile_path , lp_logon_path         ());
+       pstrcpy(home_drive   , lp_logon_drive        ());
+       pstrcpy(home_dir     , lp_logon_home         ());
+       pstrcpy(acct_desc    , "");
+       pstrcpy(workstations , "");
+
+       sam_logon_in_ssb = False;
+
+       user->full_name    = full_name;
+       user->home_dir     = home_dir;
+       user->dir_drive    = home_drive;
+       user->logon_script = logon_script;
+       user->profile_path = profile_path;
+       user->acct_desc    = acct_desc;
+       user->workstations = workstations;
+
+       user->unknown_str = NULL; /* don't know, yet! */
+       user->munged_dial = NULL; /* "munged" dial-back telephone number */
+
+       user->unknown_3 = 0xffffff; /* don't know */
+       user->logon_divs = 168; /* hours per week */
+       user->hours_len = 21; /* 21 times 8 bits = 168 */
+       memset(user->hours, 0xff, user->hours_len); /* available at all hours */
+       user->unknown_5 = 0x00020000; /* don't know */
+       user->unknown_6 = 0x000004ec; /* don't know */
+
+       return user;
+}
+
+/*
+ * Stub functions - implemented in terms of others.
+ */
+
+static BOOL mod_samfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+       return mod_smbpwd_entry(pwdb_sam_to_smb(pwd), override);
+}
+
+static BOOL add_samfile21pwd_entry(struct sam_passwd *newpwd)
+{
+       return add_smbpwd_entry(pwdb_sam_to_smb(newpwd));
+}
+
+static struct sam_disp_info *getsamfiledispntnam(const char *name)
+{
+       return pwdb_sam_to_dispinfo(getsam21pwntnam(name));
+}
+
+static struct sam_disp_info *getsamfiledisprid(uint32 rid)
+{
+       return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
+}
+
+static struct sam_disp_info *getsamfiledispent(void *vp)
+{
+       return pwdb_sam_to_dispinfo(getsam21pwent(vp));
+}
+
+static struct sam_passdb_ops file_ops = {
+  startsamfilepwent,
+  endsamfilepwent,
+  getsamfilepwpos,
+  setsamfilepwpos,
+  iterate_getsam21pwntnam,
+  iterate_getsam21pwuid,
+  iterate_getsam21pwrid, 
+  getsamfile21pwent,
+  add_samfile21pwd_entry,
+  mod_samfile21pwd_entry,
+  getsamfiledispntnam,
+  getsamfiledisprid,
+  getsamfiledispent
+};
+
+struct sam_passdb_ops *file_initialise_sam_password_db(void)
+{    
+  return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void sampass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
diff --git a/source3/passdb/sampassdb.c b/source3/passdb/sampassdb.c
new file mode 100644 (file)
index 0000000..95055ed
--- /dev/null
@@ -0,0 +1,515 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
+
+/*
+ * NOTE. All these functions are abstracted into a structure
+ * that points to the correct function for the selected database. JRA.
+ *
+ * NOTE.  for the get/mod/add functions, there are two sets of functions.
+ * one supports struct sam_passwd, the other supports struct smb_passwd.
+ * for speed optimisation it is best to support both these sets.
+ * 
+ * it is, however, optional to support one set but not the other: there
+ * is conversion-capability built in to passdb.c, and run-time error
+ * detection for when neither are supported.
+ * 
+ * password database writers are recommended to implement the sam_passwd
+ * functions in a first pass, as struct sam_passwd contains more
+ * information, needed by the NT Domain support.
+ * 
+ * an API writer is expected to create either one set (struct smb_passwd) or
+ * the other (struct sam_passwd) OR both, and optionally also to write display
+ * info routines * (struct sam_disp_info).  functions which the API writer
+ * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y)
+ * such that API users can call any function and still get valid results.
+ *
+ * the password API does NOT fill in the gaps if you set an API function
+ * to NULL: it will deliberately attempt to call the NULL function.
+ *
+ */
+
+static struct sam_passdb_ops *pwdb_ops;
+
+/***************************************************************
+ Initialise the password db operations.
+***************************************************************/
+
+BOOL initialise_sam_password_db(void)
+{
+  if (pwdb_ops)
+  {
+    return True;
+  }
+
+#ifdef WITH_NISPLUS
+  pwdb_ops =  nisplus_initialise_sam_password_db();
+#elif defined(WITH_LDAP)
+  pwdb_ops = ldap_initialise_sam_password_db();
+#elif defined(USE_SMBPASS_DB)
+  pwdb_ops = file_initialise_sam_password_db();
+#endif 
+
+  return (pwdb_ops != NULL);
+}
+
+/*
+ * Functions that return/manipulate a struct sam_passwd.
+ */
+
+/***************************************************************
+ Start to enumerate the smb or sam passwd list. Returns a void pointer
+ to ensure no modification outside this module.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void *startsam21pwent(BOOL update)
+{
+  return pwdb_ops->startsam21pwent(update);
+}
+
+/***************************************************************
+ End enumeration of the sam passwd list.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void endsam21pwent(void *vp)
+{
+  pwdb_ops->endsam21pwent(vp);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smb passwd list.
+ *************************************************************************/
+
+struct sam_passwd *getsam21pwent(void *vp)
+{
+       return pwdb_sam_map_names(pwdb_ops->getsam21pwent(vp));
+}
+
+/************************************************************************
+ Utility function to search sam passwd by name.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwntnam(const char *name)
+{
+       struct sam_passwd *pwd = NULL;
+       void *fp = NULL;
+
+       DEBUG(10, ("search by name: %s\n", name));
+
+       /* Open the smb password database - not for update. */
+       fp = startsmbpwent(False);
+
+       if (fp == NULL)
+       {
+               DEBUG(0, ("unable to open sam password database.\n"));
+               return NULL;
+       }
+
+       while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->nt_name, name))
+       {
+               DEBUG(10, ("iterate: %s 0x%x\n", pwd->nt_name, pwd->user_rid));
+       }
+
+       if (pwd != NULL)
+       {
+               DEBUG(10, ("found by name: %s\n", name));
+       }
+
+       endsmbpwent(fp);
+       return pwd;
+}
+
+/************************************************************************
+ Utility function to search sam passwd by rid.  use this if your database
+ does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.  
+
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
+{
+       struct sam_passwd *pwd = NULL;
+       void *fp = NULL;
+
+       DEBUG(10, ("search by rid: %x\n", rid));
+
+       /* Open the smb password file - not for update. */
+       fp = startsmbpwent(False);
+
+       if (fp == NULL)
+       {
+               DEBUG(0, ("unable to open sam password database.\n"));
+               return NULL;
+       }
+
+       while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
+       {
+               DEBUG(10, ("iterate: %s 0x%x\n", pwd->nt_name, pwd->user_rid));
+       }
+
+       if (pwd != NULL)
+       {
+               DEBUG(10, ("found by user_rid: %x\n", rid));
+       }
+
+       endsmbpwent(fp);
+       return pwd;
+}
+
+/************************************************************************
+ Utility function to search sam passwd by uid.  use this if your database
+ does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.  
+
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
+{
+       struct sam_passwd *pwd = NULL;
+       void *fp = NULL;
+
+       DEBUG(10, ("search by uid: %x\n", (int)uid));
+
+       /* Open the smb password file - not for update. */
+       fp = startsmbpwent(False);
+
+       if (fp == NULL)
+       {
+               DEBUG(0, ("unable to open sam password database.\n"));
+               return NULL;
+       }
+
+       while ((pwd = getsam21pwent(fp)) != NULL && pwd->unix_uid != uid)
+       {
+       }
+
+       if (pwd != NULL)
+       {
+               DEBUG(10, ("found by unix_uid: %x\n", (int)uid));
+       }
+
+       endsmbpwent(fp);
+       return pwd;
+}
+
+/*************************************************************************
+ Routine to return a display info structure, by rid
+ *************************************************************************/
+struct sam_disp_info *getsamdisprid(uint32 rid)
+{
+       return pwdb_ops->getsamdisprid(rid);
+}
+
+/************************************************************************
+ Routine to search sam passwd by name.
+*************************************************************************/
+
+struct sam_passwd *getsam21pwntnam(const char *name)
+{
+       return pwdb_sam_map_names(pwdb_ops->getsam21pwntnam(name));
+}
+
+/************************************************************************
+ Routine to search sam passwd by rid.  
+*************************************************************************/
+
+struct sam_passwd *getsam21pwrid(uint32 rid)
+{
+       return pwdb_sam_map_names(pwdb_ops->getsam21pwrid(rid));
+}
+
+
+/**********************************************************
+ **********************************************************
+
+ utility routines which are likely to be useful to all password
+ databases
+
+ **********************************************************
+ **********************************************************/
+
+/*************************************************************
+ initialises a struct sam_disp_info.
+ **************************************************************/
+
+static void pwdb_init_dispinfo(struct sam_disp_info *user)
+{
+       if (user == NULL) return;
+       bzero(user, sizeof(*user));
+       user->user_rid = 0xffffffff;
+}
+
+/*************************************************************
+ initialises a struct sam_passwd.
+ **************************************************************/
+void pwdb_init_sam(struct sam_passwd *user)
+{
+       if (user == NULL) return;
+       bzero(user, sizeof(*user));
+       unix_to_nt_time(&user->logon_time            , (time_t)-1);
+       unix_to_nt_time(&user->logoff_time           , (time_t)-1);
+       unix_to_nt_time(&user->kickoff_time          , (time_t)-1);
+       unix_to_nt_time(&user->pass_last_set_time    , (time_t)-1);
+       unix_to_nt_time(&user->pass_can_change_time  , (time_t)-1);
+       unix_to_nt_time(&user->pass_must_change_time , (time_t)-1);
+
+       user->unix_uid = (uid_t)-1;
+       user->unix_gid = (gid_t)-1;
+       user->user_rid  = 0xffffffff;
+       user->group_rid = 0xffffffff;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
+
+struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
+{
+       static struct sam_disp_info disp_info;
+
+       if (user == NULL) return NULL;
+
+       pwdb_init_dispinfo(&disp_info);
+
+       disp_info.nt_name   = user->nt_name;
+       disp_info.full_name = user->full_name;
+       disp_info.user_rid  = user->user_rid;
+
+       return &disp_info;
+}
+
+/*************************************************************
+ converts a sam_passwd structure to a smb_passwd structure.
+ **************************************************************/
+
+struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
+{
+       static struct smb_passwd pw_buf;
+       static fstring nt_name;
+       static fstring unix_name;
+
+       if (user == NULL) return NULL;
+
+       pwdb_init_smb(&pw_buf);
+
+       fstrcpy(nt_name  , user->nt_name);
+       fstrcpy(unix_name, user->unix_name);
+       pw_buf.nt_name            = nt_name;
+       pw_buf.unix_name          = unix_name;
+       pw_buf.unix_uid           = user->unix_uid;
+       pw_buf.user_rid           = user->user_rid;
+       pw_buf.smb_passwd         = user->smb_passwd;
+       pw_buf.smb_nt_passwd      = user->smb_nt_passwd;
+       pw_buf.acct_ctrl          = user->acct_ctrl;
+       pw_buf.pass_last_set_time = nt_time_to_unix(&user->pass_last_set_time);
+
+       return &pw_buf;
+}
+
+
+/*************************************************************
+ converts a smb_passwd structure to a sam_passwd structure.
+ **************************************************************/
+
+struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
+{
+       static struct sam_passwd pw_buf;
+       static fstring nt_name;
+       static fstring unix_name;
+
+       if (user == NULL) return NULL;
+
+       pwdb_init_sam(&pw_buf);
+
+       fstrcpy(nt_name  , user->nt_name);
+       fstrcpy(unix_name, user->unix_name);
+       pw_buf.nt_name            = nt_name;
+       pw_buf.unix_name          = unix_name;
+       pw_buf.unix_uid           = user->unix_uid;
+       pw_buf.user_rid           = user->user_rid;
+       pw_buf.smb_passwd         = user->smb_passwd;
+       pw_buf.smb_nt_passwd      = user->smb_nt_passwd;
+       pw_buf.acct_ctrl          = user->acct_ctrl;
+       unix_to_nt_time(&pw_buf.pass_last_set_time, user->pass_last_set_time);
+
+       return &pw_buf;
+}
+
+static BOOL trust_account_warning_done = False;
+
+/*************************************************************
+ fills in missing details.  one set of details _must_ exist.
+ **************************************************************/
+struct sam_passwd *pwdb_sam_map_names(struct sam_passwd *sam)
+{
+       DOM_NAME_MAP gmep;
+       BOOL found = False;
+       DOM_SID sid;
+       static fstring unix_name;
+       static fstring nt_name;
+
+       DEBUG(10,("pwdb_sam_map_names\n"));
+
+       /*
+        * name details
+        */
+
+       if (sam == NULL)
+       {
+               return NULL;
+       }
+
+       if (!found && sam->unix_name != NULL)
+       {
+               found = lookupsmbpwnam(sam->unix_name, &gmep);
+       }
+       if (!found && sam->unix_uid  != (uid_t)-1)
+       {
+               found = lookupsmbpwuid(sam->unix_uid , &gmep);
+       }
+       if (!found && sam->user_rid != 0xffffffff)
+       {
+               sid_copy(&sid, &global_sam_sid);
+               sid_append_rid(&sid, sam->user_rid);
+               found = lookupsmbpwsid  (&sid        , &gmep);
+       }
+       if (!found && sam->nt_name  != NULL)
+       {
+               found = lookupsmbpwntnam(sam->nt_name, &gmep);
+       }
+
+       if (!found)
+       {
+               return NULL;
+       }
+
+       if (!sid_front_equal(&global_sam_sid, &gmep.sid))
+       {
+               return NULL;
+       }
+
+       fstrcpy(unix_name, gmep.unix_name);
+       fstrcpy(nt_name  , gmep.nt_name  );
+       if (sam->unix_name == NULL      ) sam->unix_name = unix_name;
+       if (sam->nt_name   == NULL      ) sam->nt_name   = nt_name  ;
+       if (sam->unix_uid  == (uid_t)-1 ) sam->unix_uid  = (uid_t)gmep.unix_id;
+       if (sam->user_rid  == 0xffffffff) sid_split_rid(&gmep.sid, &sam->user_rid);
+
+       /*
+        * group details
+        */
+
+       found = False;
+
+       if (sam->unix_gid != (gid_t)-1 && sam->group_rid != 0xffffffff)
+       {
+               return sam;
+       }
+
+       if (sam->unix_gid == (gid_t)-1 && sam->group_rid == 0xffffffff)
+       {
+               struct passwd *pass = getpwnam(unix_name);
+               if (pass != NULL)
+               {
+                       sam->unix_gid = pass->pw_gid;
+               }
+               else
+               {
+                       DEBUG(0,("pwdb_sam_map_names: no unix password entry for %s\n",
+                                 unix_name));
+               }
+       }
+
+       if (!found && sam->unix_gid  != (gid_t)-1)
+       {
+               found = lookupsmbgrpgid(sam->unix_gid , &gmep);
+       }
+       if (!found && sam->group_rid != 0xffffffff)
+       {
+               sid_copy(&sid, &global_sam_sid);
+               sid_append_rid(&sid, sam->group_rid);
+               found = lookupsmbgrpsid(&sid        , &gmep);
+       }
+
+       if (!found)
+       {
+               if (IS_BITS_SET_SOME(sam->acct_ctrl, ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST))
+               {
+                       if (!trust_account_warning_done)
+                       {
+                               trust_account_warning_done = True;
+                               DEBUG(0, ("\
+pwdb_sam_map_names: your unix password database appears to have difficulties\n\
+resolving trust account %s, probably because it ends in a '$'.\n\
+you will get this warning only once (for all trust accounts)\n", unix_name));
+                       }
+                       /*
+                        * oh, dear.
+                        */
+                       if (sam->unix_gid != (gid_t)-1)
+                       {
+                               sam->unix_gid = (gid_t)-1;
+                       }
+                       sam->group_rid = DOMAIN_GROUP_RID_USERS;
+
+                       return sam;
+               }
+               else
+               {
+                       DEBUG(0, ("pwdb_sam_map_names: could not find Primary Group for %s\n",
+                                  unix_name));
+                       return NULL;
+               }
+       }
+
+       if (!sid_front_equal(&global_sam_sid, &gmep.sid))
+       {
+               return NULL;
+       }
+
+       if (sam->unix_gid  == (gid_t)-1 ) sam->unix_gid  = (gid_t)gmep.unix_id;
+       if (sam->group_rid == 0xffffffff) sid_split_rid(&gmep.sid, &sam->group_rid);
+
+       return sam;
+}
index a428a7f06878431429d0b0ebb7cba1807ce91268..6552e0963bf16888040e2e5a2d2749e2b1566a3a 100644 (file)
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#include "includes.h"
-
-
-extern int DEBUGLEVEL;
-extern pstring scope;
-extern pstring global_myname;
-
-/*
- * This is set on startup - it defines the SID for this
- * machine, and therefore the SAM database for which it is
- * responsible.
- */
-
-DOM_SID global_sam_sid;
-
-/*
- * This is the name associated with the SAM database for
- * which this machine is responsible.  In the case of a PDC
- * or PDC, this name is the same as the workgroup.  In the
- * case of "security = domain" mode, this is the same as
- * the name of the server (global_myname).
- */
-
-fstring global_sam_name; 
-
-/*
- * This is obtained on startup - it defines the SID for which
- * this machine is a member.  It is therefore only set, and
- * used, in "security = domain" mode.
- */
-
-DOM_SID global_member_sid;
-
-/*
- * note the lack of a "global_member_name" - this is because
- * this is the same as "global_myworkgroup".
- */
-
-/*
- * some useful sids
- */
-
-DOM_SID global_sid_S_1_5_20; /* local well-known domain */
-DOM_SID global_sid_S_1_1;    /* everyone */
-DOM_SID global_sid_S_1_3;    /* */
-DOM_SID global_sid_S_1_5;    /* NT Authority */
-
-extern fstring global_myworkgroup;
-/* extern fstring global_member_dom_name; */
-
-static struct sid_name_map_info
-{
-       DOM_SID *sid;
-       char *name;
-
-}
-sid_name_map[] =
-{
-       { &global_sid_S_1_5_20, "BUILTIN" },
-       { &global_sid_S_1_1   , "Everyone" },
-       { &global_sid_S_1_3   , "don't know" },
-       { &global_sid_S_1_5   , "NT Authority" },
-       { &global_sam_sid     , global_sam_name },
-       { &global_member_sid  , global_myworkgroup },
-       { NULL                 , NULL      }
-};
-
-/****************************************************************************
- Read the machine SID from a file.
-****************************************************************************/
-
-static BOOL read_sid_from_file(int fd, char *sid_file)
-{   
-  fstring fline;
-       fstring sid_str;
-    
-  memset(fline, '\0', sizeof(fline));
-
-  if (read(fd, fline, sizeof(fline) -1 ) < 0) {
-    DEBUG(0,("unable to read file %s. Error was %s\n",
-           sid_file, strerror(errno) ));
-    return False;
-  }
-
-  /*
-   * Convert to the machine SID.
-   */
-
-  fline[sizeof(fline)-1] = '\0';
-  if (!string_to_sid( &global_sam_sid, fline)) {
-    DEBUG(0,("unable to generate machine SID.\n"));
-    return False;
-  }
-
-       sid_to_string(sid_str, &global_sam_sid);
-       DEBUG(5,("read_sid_from_file: sid %s\n", sid_str));
-
-  return True;
-}
-
-/****************************************************************************
- sets up the name associated with the SAM database for which we are responsible
-****************************************************************************/
-void get_sam_domain_name(void)
-{
-       switch (lp_server_role())
-       {
-               case ROLE_DOMAIN_PDC:
-               case ROLE_DOMAIN_BDC:
-               {
-                       /* we are PDC (or BDC) for a Domain */
-                       fstrcpy(global_sam_name, lp_workgroup());
-                       break;
-               }
-               case ROLE_DOMAIN_MEMBER:
-               {
-                       /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */
-                       fstrcpy(global_sam_name, global_myname);
-                       break;
-               }
-               default:
-               {
-                       /* no domain role, probably due to "security = share" */
-                       memset(global_sam_name, 0, sizeof(global_sam_name));
-                       break;
-               }
-       }
-}
-
-/****************************************************************************
- obtain the sid from the PDC.  do some verification along the way...
-****************************************************************************/
-BOOL get_member_domain_sid(void)
-{
-       POLICY_HND pol;
-       fstring srv_name;
-       struct cli_state cli;
-       BOOL res = True;
-       DOM_SID sid3;
-       DOM_SID sid5;
-       fstring dom3;
-       fstring dom5;
-
-       switch (lp_server_role())
-       {
-               case ROLE_DOMAIN_NONE:
-               {
-                       ZERO_STRUCT(global_member_sid);
-                       return True;
-               }
-               case ROLE_DOMAIN_PDC:
-               {
-                       sid_copy(&global_member_sid, &global_sam_sid);
-                       return True;
-               }
-               default:
-               {
-                       /* member or BDC, we're going for connection to PDC */
-                       break;
-               }
-       }
-
-       if (!cli_connect_serverlist(&cli, lp_passwordserver()))
-       {
-               DEBUG(0,("get_member_domain_sid: unable to initialise client connection.\n"));
-               return False;
-       }
-
-       /*
-        * Ok - we have an anonymous connection to the IPC$ share.
-        * Now start the NT Domain stuff :-).
-        */
-
-       fstrcpy(dom3, "");
-       fstrcpy(dom5, "");
-       ZERO_STRUCT(sid3);
-       ZERO_STRUCT(sid5);
-
-       fstrcpy(srv_name, "\\\\");
-       fstrcat(srv_name, global_myname);
-       strupper(srv_name);
-
-       /* open LSARPC session. */
-       res = res ? cli_nt_session_open(&cli, PIPE_LSARPC) : False;
-
-       /* lookup domain controller; receive a policy handle */
-       res = res ? do_lsa_open_policy(&cli, srv_name, &pol, False) : False;
-
-       /* send client info query, level 3.  receive domain name and sid */
-       res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, &sid3) : False;
-
-       /* send client info query, level 5.  receive domain name and sid */
-       res = res ? do_lsa_query_info_pol(&cli, &pol, 5, dom5, &sid5) : False;
-
-       /* close policy handle */
-       res = res ? do_lsa_close(&cli, &pol) : False;
-
-       /* close the session */
-       cli_nt_session_close(&cli);
-       cli_ulogoff(&cli);
-       cli_shutdown(&cli);
-
-       if (res)
-       {
-               pstring sid;
-               DEBUG(2,("LSA Query Info Policy\n"));
-               sid_to_string(sid, &sid3);
-               DEBUG(2,("Domain Member     - Domain: %s SID: %s\n", dom3, sid));
-               sid_to_string(sid, &sid5);
-               DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid));
-
-               if (!strequal(dom3, global_myworkgroup) ||
-                   !strequal(dom5, global_myworkgroup))
-               {
-                       DEBUG(0,("get_member_domain_sid: %s is a DC for %s not %s\n",
-                                 cli.desthost, dom5, global_myworkgroup));
-                       res = False;
-               }
-       }
-       else
-       {
-               DEBUG(1,("lsa query info failed\n"));
-       }
-       if (!res)
-       {
-               DEBUG(0,("get_member_domain_sid: unable to obtain Domain member SID\n"));
-       }
-       else
-       {
-               /* this is a _lot_ of trouble to go to for just this info: */
-               global_member_sid = sid5;
-       }
-
-       return res;
-}
-
-/****************************************************************************
- creates some useful well known sids
-****************************************************************************/
-void generate_wellknown_sids(void)
-{
-       string_to_sid(&global_sid_S_1_5_20, "S-1-5-32");
-       string_to_sid(&global_sid_S_1_1   , "S-1-1"   );
-       string_to_sid(&global_sid_S_1_3   , "S-1-3"   );
-       string_to_sid(&global_sid_S_1_5   , "S-1-5"   );
-}
-
-/****************************************************************************
- Generate the global machine sid. Look for the MACHINE.SID file first, if
- not found then look in smb.conf and use it to create the MACHINE.SID file.
-****************************************************************************/
-BOOL generate_sam_sid(void)
-{
-       int fd;
-       int i;
-       char *p;
-       pstring sid_file;
-       fstring sid_string;
-       SMB_STRUCT_STAT st;
-       uchar raw_sid_data[12];
-
-       pstrcpy(sid_file, lp_smb_passwd_file());
-       p = strrchr(sid_file, '/');
-       if (p != NULL) {
-               *++p = '\0';
-       }
-
-       if (!directory_exist(sid_file, NULL)) {
-               if (dos_mkdir(sid_file, 0700) != 0) {
-                       DEBUG(0,("can't create private directory %s : %s\n",
-                                sid_file, strerror(errno)));
-                       return False;
-               }
-       }
-
-       pstrcat(sid_file, "MACHINE.SID");
-    
-       if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
-               DEBUG(0,("unable to open or create file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               return False;
-       } 
-  
-       /*
-        * Check if the file contains data.
-        */
-       
-       if (sys_fstat( fd, &st) < 0) {
-               DEBUG(0,("unable to stat file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       if (st.st_size > 0) {
-               /*
-                * We have a valid SID - read it.
-                */
-               if (!read_sid_from_file( fd, sid_file)) {
-                       DEBUG(0,("unable to read file %s. Error was %s\n",
-                                sid_file, strerror(errno) ));
-                       close(fd);
-                       return False;
-               }
-               close(fd);
-               return True;
-       } 
-  
-       /*
-        * Generate the new sid data & turn it into a string.
-        */
-       generate_random_buffer( raw_sid_data, 12, True);
-               
-       fstrcpy( sid_string, "S-1-5-21");
-       for( i = 0; i < 3; i++) {
-               fstring tmp_string;
-               slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4));
-               fstrcat( sid_string, tmp_string);
-       }
-       
-       fstrcat(sid_string, "\n");
-       
-       /*
-        * Ensure our new SID is valid.
-        */
-       
-       if (!string_to_sid( &global_sam_sid, sid_string)) {
-               DEBUG(0,("unable to generate machine SID.\n"));
-               return False;
-       } 
-  
-       /*
-        * Do an exclusive blocking lock on the file.
-        */
-       
-       if (!do_file_lock( fd, 60, F_WRLCK)) {
-               DEBUG(0,("unable to lock file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       /*
-        * At this point we have a blocking lock on the SID
-        * file - check if in the meantime someone else wrote
-        * SID data into the file. If so - they were here first,
-        * use their data.
-        */
-       
-       if (sys_fstat( fd, &st) < 0) {
-               DEBUG(0,("unable to stat file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       if (st.st_size > 0) {
-               /*
-                * Unlock as soon as possible to reduce
-                * contention on the exclusive lock.
-                */ 
-               do_file_lock( fd, 60, F_UNLCK);
-               
-               /*
-                * We have a valid SID - read it.
-                */
-               
-               if (!read_sid_from_file( fd, sid_file)) {
-                       DEBUG(0,("unable to read file %s. Error was %s\n",
-                                sid_file, strerror(errno) ));
-                       close(fd);
-                       return False;
-               }
-               close(fd);
-               return True;
-       } 
-       
-       /*
-        * The file is still empty and we have an exlusive lock on it.
-        * Write out out SID data into the file.
-        */
-       
-       if (fchmod(fd, 0644) < 0) {
-               DEBUG(0,("unable to set correct permissions on file %s. \
-Error was %s\n", sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-       
-       if (write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
-               DEBUG(0,("unable to write file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-       
-       /*
-        * Unlock & exit.
-        */
-       
-       do_file_lock( fd, 60, F_UNLCK);
-       close(fd);
-       return True;
-}   
-
-/**************************************************************************
- turns a domain name into a SID.
-
- *** side-effect: if the domain name is NULL, it is set to our domain ***
-
-***************************************************************************/
-BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain)
-{
-       if (nt_domain == NULL)
-       {
-               *sid = global_sam_sid;
-               return True;
-       }
-
-       if ((*nt_domain) == NULL)
-       {
-               DEBUG(5,("map_domain_name_to_sid: overriding NULL name to %s\n",
-                         global_sam_name));
-               (*nt_domain) = strdup(global_sam_name);
-               sid_copy(sid, &global_sam_sid);
-               return True;
-       }
-
-       if ((*nt_domain)[0] == 0)
-       {
-               DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n",
-                         global_sam_name));
-               free(*nt_domain);
-               (*nt_domain) = strdup(global_sam_name);
-               sid_copy(sid, &global_sam_sid);
-               return True;
-       }
-
-       if (strequal((*nt_domain), global_sam_name))
-       {
-               sid_copy(sid, &global_sam_sid);
-               return True;
-       }
-
-       DEBUG(0,("map_domain_name_to_sid: mapping to %s NOT IMPLEMENTED\n",
-                 (*nt_domain)));
-       return False;
-}
-
-/**************************************************************************
- turns a domain SID into a name.
-
-***************************************************************************/
-BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
-{
-       fstring sid_str;
-       int i = 0;
-       sid_to_string(sid_str, sid);
-
-       DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
-
-       if (nt_domain == NULL)
-       {
-               return False;
-       }
-
-       while (sid_name_map[i].sid != NULL)
-       {
-               sid_to_string(sid_str, sid_name_map[i].sid);
-               DEBUG(5,("compare: %s\n", sid_str));
-               if (sid_equal(sid_name_map[i].sid, sid))
-               {
-                       fstrcpy(nt_domain, sid_name_map[i].name);
-                       DEBUG(5,("found %s\n", nt_domain));
-                       return True;
-               }
-               i++;
-       }
-
-       DEBUG(0,("map_domain_sid_to_name: mapping NOT IMPLEMENTED\n"));
-
-       return False;
-}
-
-/**************************************************************************
- splits a name of format \DOMAIN\name into its two components.
- sets the DOMAIN name to global_sam_name if it has not been specified.
-***************************************************************************/
-BOOL split_domain_name(char *fullname, char *domain, char *name)
-{
-       fstring full_name;
-       char *p;
-
-       if (fullname == NULL || domain == NULL || name == NULL)
-       {
-               return False;
-       }
-
-       if (fullname[0] == '\\')
-       {
-               fullname++;
-       }
-       fstrcpy(full_name, fullname);
-       p = strchr(full_name+1, '\\');
-
-       if (p != NULL)
-       {
-               *p = 0;
-               fstrcpy(domain, full_name);
-               fstrcpy(name, p+1);
-       }
-       else
-       {
-               fstrcpy(domain, global_sam_name);
-               fstrcpy(name, full_name);
-       }
-
-       DEBUG(5,("name '%s' split into '\\%s\\%s'\n", fullname, domain, name));
-       return True;
-}
+/* this module is retired, is is called lib/sids.c */
index a81114169c7c68a46d86902c5be8d10c8ca7d966..0be558848ab5a4c32a939b1041bb409ddf12be03 100644 (file)
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-/* 
- * UNIX gid and Local or Domain SID resolution.  This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname      NT Group name
- unixname      Domain Admins (well-known Domain Group)
- unixname      DOMAIN_NAME\NT Group name
- unixname      OTHER_DOMAIN_NAME\NT Group name
- unixname      DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_sam_name;
-
-/* we can map either local aliases or domain groups */
-typedef enum 
-{
-       GROUP_LOCAL,
-       GROUP_DOMAIN
-
-} GROUP_TYPE;
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct group_name_info
-{
-   char *nt_name;
-   char *nt_domain;
-   char *unix_name;
-
-   DOM_SID sid;
-   gid_t  unix_gid;
-
-} GROUP_NAME_INFO;
-
-typedef struct name_map
-{
-       ubi_slNode next;
-       GROUP_NAME_INFO grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
-       if (gmep->grp.nt_name)
-       {
-               free(gmep->grp.nt_name);
-       }
-       if (gmep->grp.nt_domain)
-       {
-               free(gmep->grp.nt_domain);
-       }
-       if (gmep->grp.unix_name)
-       {
-               free(gmep->grp.unix_name);
-       }
-       free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
-       name_map_entry *gmep;
-
-       while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
-       {
-               delete_name_entry(gmep);
-       }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(GROUP_NAME_INFO *grp, GROUP_TYPE type)
-{
-       uint32 tmp_rid;
-       DOM_SID sid;
-       uint8  tmp_type;
-
-       DEBUG(10,("make_mydomain_sid\n"));
-
-       if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
-       {
-               DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
-                         grp->nt_domain));
-               return False;
-       }
-
-       if (strequal(grp->nt_domain, global_sam_name) &&
-           lookup_builtin_grp_name(grp->nt_name, &sid, &tmp_type) == 0x0)
-       {
-               sid_copy(&grp->sid, &sid);
-               return True;
-       }
-       else
-       {
-               BOOL ret;
-               fstring sid_str;
-               if (type == GROUP_DOMAIN)
-               {
-                       tmp_rid = pwdb_gid_to_group_rid(grp->unix_gid);
-               }
-               else
-               {
-                       tmp_rid = pwdb_gid_to_alias_rid(grp->unix_gid);
-               }
-               ret = sid_append_rid(&(grp->sid), tmp_rid);
-               sid_to_string(sid_str, &grp->sid);
-               DEBUG(10,("nt name %s gid %d mapped to %s\n",
-                          grp->nt_name, grp->unix_gid, sid_str));
-               return ret;
-       }
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_group_info(GROUP_NAME_INFO *grp, GROUP_TYPE type)
-{
-       struct group *gptr = NULL;
-
-       /*
-        * Attempt to get the unix gid_t for this name.
-        */
-
-       DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name));
-
-       gptr = (struct group *)getgrnam(grp->unix_name);
-       if (gptr == NULL)
-       {
-               DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\
-failed. Error was %s.\n", grp->unix_name, strerror(errno) ));
-               return False;
-       }
-
-       grp->unix_gid = (gid_t)gptr->gr_gid;
-
-       DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_gid));
-
-       /*
-        * Now map the name to an NT SID+RID.
-        */
-
-       if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name))
-       {
-               /* Must add client-call lookup code here, to 
-                * resolve remote domain's sid and the group's rid,
-                * in that domain.
-                *
-                * NOTE: it is _incorrect_ to put code here that assumes
-                * that we can call pwdb_gid_to_group_rid() or _alias_rid():
-                * it is a totally different domain for which we are *NOT*
-                * responsible.
-                * for foriegn domains for which we are *NOT* the PDC, all
-                * we can be responsible for is the unix * gid_t to which
-                * the foriegn SID+rid maps to, on this _local_ machine.  
-                */
-
-               if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
-               {
-                       DEBUG(0,("unix_name_to_group_info: no known sid for %s\n",
-                                 grp->nt_domain));
-                       return False;
-               }
-       }
-
-       return make_mydomain_sid(grp, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
-               char *nt_domain, char *nt_group, char *unix_group,
-               GROUP_TYPE type)
-{
-       /*
-        * Create the list entry and add it onto the list.
-        */
-
-       DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
-       (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
-       if ((*new_ep) == NULL)
-       {
-               DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
-               return False;
-       } 
-
-       ZERO_STRUCTP(*new_ep);
-
-       (*new_ep)->grp.nt_name   = strdup(nt_group  );
-       (*new_ep)->grp.nt_domain = strdup(nt_domain );
-       (*new_ep)->grp.unix_name = strdup(unix_group);
-
-       if ((*new_ep)->grp.nt_name   == NULL ||
-           (*new_ep)->grp.unix_name == NULL)
-       {
-               DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
-               delete_name_entry((*new_ep));
-               return False;
-       }
-
-       /*
-        * look up the group names, make the Group-SID and unix gid
-        */
-       if (!unix_name_to_group_info(&(*new_ep)->grp, type))
-       {
-               delete_name_entry((*new_ep));
-               return False;
-       }
-
-       return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(GROUP_TYPE type)
-{
-       static time_t groupmap_file_last_modified = (time_t)0;
-       static time_t aliasmap_file_last_modified = (time_t)0;
-       static BOOL initialised_group = False;
-       static BOOL initialised_alias = False;
-       char *groupname_map_file = lp_groupname_map();
-       char *aliasname_map_file = lp_aliasname_map();
-
-       SMB_STRUCT_STAT st;
-       FILE *fp;
-       char *s;
-       pstring buf;
-       name_map_entry *new_ep;
-
-       time_t *file_last_modified;
-       int    *initialised;
-       char   *map_file;
-       ubi_slList *map_list;
-
-       if (type == GROUP_DOMAIN)
-       {
-               file_last_modified = &groupmap_file_last_modified;
-               initialised        = &initialised_group;
-               map_file           = groupname_map_file;
-               map_list           = &groupname_map_list;
-       }
-       else
-       {
-               file_last_modified = &aliasmap_file_last_modified;
-               initialised        = &initialised_alias;
-               map_file           = aliasname_map_file;
-               map_list           = &aliasname_map_list;
-       }
-
-       if (!(*initialised))
-       {
-               DEBUG(10,("initialising group map %s\n", map_file));
-               ubi_slInitList(map_list);
-               (*initialised) = True;
-       }
-
-       if (!*map_file)
-       {
-               return map_list;
-       }
-
-       if (sys_stat(map_file, &st) != 0)
-       {
-               DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n",
-                          map_file, strerror(errno) ));
-               return map_list;
-       }
-
-       /*
-        * Check if file has changed.
-        */
-       if (st.st_mtime <= (*file_last_modified))
-       {
-               return map_list;
-       }
-
-       (*file_last_modified) = st.st_mtime;
-
-       /*
-        * Load the file.
-        */
-
-       fp = fopen(map_file,"r");
-       if (!fp)
-       {
-               DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n",
-                         map_file, strerror(errno)));
-               return map_list;
-       }
-
-       /*
-        * Throw away any previous list.
-        */
-       delete_map_list(map_list);
-
-       DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
-       while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
-       {
-               pstring unixname;
-               pstring nt_name;
-               fstring nt_domain;
-               fstring nt_group;
-               char *p;
-
-               DEBUG(10,("Read line |%s|\n", s));
-
-               memset(nt_name, 0, sizeof(nt_name));
-
-               if (!*s || strchr("#;",*s))
-                       continue;
-
-               if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
-                       continue;
-
-               if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
-                       continue;
-
-               trim_string(unixname, " ", " ");
-               trim_string(nt_name, " ", " ");
-
-               if (!*nt_name)
-                       continue;
-
-               if (!*unixname)
-                       continue;
-
-               DEBUG(5,("unixname = %s, ntname = %s.\n",
-                         unixname, nt_name));
-
-               p = strchr(nt_name, '\\');
-
-               if (p == NULL)
-               {
-                       memset(nt_domain, 0, sizeof(nt_domain));
-                       fstrcpy(nt_group, nt_name);
-               }
-               else
-               {
-                       *p = 0;
-                       p++;
-                       fstrcpy(nt_domain, nt_name);
-                       fstrcpy(nt_group , p);
-               }
-
-               if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type))
-               {
-                       ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
-               }
-       }
-
-       DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
-                  ubi_slCount(map_list)));
-
-       fclose(fp);
-
-       return map_list;
-}
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(GROUP_TYPE type,
-               DOM_SID *psid, gid_t *gid, char *ntname, char *ntdomain)
-{
-       name_map_entry *gmep;
-       ubi_slList *map_list;
-
-       /*
-        * Initialise and load if not already loaded.
-        */
-       map_list = load_name_map(type);
-
-       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
-            gmep != NULL;
-            gmep = (name_map_entry *)ubi_slNext(gmep ))
-       {
-               if (sid_equal(&gmep->grp.sid, psid))
-               {
-                       if (gid != NULL)
-                       {
-                               *gid = gmep->grp.unix_gid;
-                       }
-                       if (ntname != NULL)
-                       {
-                               fstrcpy(ntname, gmep->grp.nt_name);
-                       }
-                       if (ntdomain != NULL)
-                       {
-                               fstrcpy(ntdomain, gmep->grp.nt_domain);
-                       }
-                       DEBUG(7,("map_sid: Mapping unix group %s to nt group %s.\n",
-                              gmep->grp.unix_name, gmep->grp.nt_name ));
-                       return True;
-               }
-       }
-
-       return False;
-}
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(GROUP_TYPE type,
-               char *ntname, char *ntdomain, DOM_SID *psid,
-               char *unixname, gid_t *gid)
-{
-       name_map_entry *gmep;
-       ubi_slList *map_list;
-
-       /*
-        * Initialise and load if not already loaded.
-        */
-       map_list = load_name_map(type);
-
-       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
-            gmep != NULL;
-            gmep = (name_map_entry *)ubi_slNext(gmep ))
-       {
-               if (strequal(gmep->grp.nt_name  , ntname) &&
-                   strequal(gmep->grp.nt_domain, ntdomain))
-               {
-                       if (psid != NULL)
-                       {
-                               sid_copy(psid, &gmep->grp.sid);
-                       }
-                       if (gid != NULL)
-                       {
-                               *gid = gmep->grp.unix_gid;
-                       }
-                       if (unixname != NULL)
-                       {
-                               fstrcpy(unixname, gmep->grp.unix_name);
-                       }
-                       DEBUG(7,("map_ntname: Mapping unix group %s to nt group %s.\n",
-                              gmep->grp.unix_name, gmep->grp.nt_name ));
-                       return True;
-               }
-       }
-
-       return False;
-}
-
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(GROUP_TYPE type,
-               char *unixname, DOM_SID *psid, char *ntname, char *ntdomain)
-{
-       name_map_entry *gmep;
-       ubi_slList *map_list;
-
-       /*
-        * Initialise and load if not already loaded.
-        */
-       map_list = load_name_map(type);
-
-       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
-            gmep != NULL;
-            gmep = (name_map_entry *)ubi_slNext(gmep ))
-       {
-               if (strequal(gmep->grp.unix_name, unixname))
-               {
-                       if (psid != NULL)
-                       {
-                               sid_copy(psid, &gmep->grp.sid);
-                       }
-                       if (ntname != NULL)
-                       {
-                               fstrcpy(ntname, gmep->grp.nt_name);
-                       }
-                       if (ntdomain != NULL)
-                       {
-                               fstrcpy(ntdomain, gmep->grp.nt_domain);
-                       }
-                       DEBUG(7,("map_unixname: Mapping unix group %s to nt group %s.\n",
-                              gmep->grp.unix_name, gmep->grp.nt_name ));
-                       return True;
-               }
-       }
-
-       return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_gid(GROUP_TYPE type, 
-               gid_t gid, DOM_SID *psid, char *ntname, char *ntdomain)
-{
-       name_map_entry *gmep;
-       ubi_slList *map_list;
-
-       /*
-        * Initialise and load if not already loaded.
-        */
-       map_list = load_name_map(type);
-
-       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
-            gmep != NULL;
-            gmep = (name_map_entry *)ubi_slNext(gmep ))
-       {
-               fstring sid_str;
-               sid_to_string(sid_str, &gmep->grp.sid);
-               DEBUG(10,("map_gid: enum entry unix group %s %d nt %s %s\n",
-                              gmep->grp.unix_name, gmep->grp.unix_gid, gmep->grp.nt_name, sid_str));
-               if (gmep->grp.unix_gid == gid)
-               {
-                       if (psid != NULL)
-                       {
-                               sid_copy(psid, &gmep->grp.sid);
-                       }
-                       if (ntname != NULL)
-                       {
-                               fstrcpy(ntname, gmep->grp.nt_name);
-                       }
-                       if (ntdomain != NULL)
-                       {
-                               fstrcpy(ntdomain, gmep->grp.nt_domain);
-                       }
-                       DEBUG(7,("map_gid: Mapping unix group %s to nt group %s.\n",
-                              gmep->grp.unix_name, gmep->grp.nt_name ));
-                       return True;
-               }
-       }
-
-       return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, gid_t *gid, char *group_name, char *nt_domain)
-{
-       return map_sid(GROUP_DOMAIN, psid, gid, group_name, nt_domain);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, gid_t *gid, char *alias_name, char *nt_domain)
-{
-       return map_sid(GROUP_LOCAL, psid, gid, alias_name, nt_domain);
-}
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_SID *psid, char *ntgroup_name, char *nt_domain)
-{
-       return map_unixname(GROUP_DOMAIN, group_name, psid, ntgroup_name, nt_domain);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_SID *psid, char *ntalias_name, char *nt_domain)
-{
-       return map_unixname(GROUP_LOCAL, alias_name, psid, ntalias_name, nt_domain);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_SID *psid, char *group_name, gid_t *gid)
-{
-       return map_ntname(GROUP_DOMAIN, ntgroup_name, nt_domain, psid, group_name, gid);
-}
-
-/***********************************************************
- Lookup an Alias name entry 
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_SID *psid, char *alias_name, gid_t *gid)
-{
-       return map_ntname(GROUP_LOCAL, ntalias_name, nt_domain, psid, alias_name, gid);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-BOOL map_alias_gid(gid_t gid, DOM_SID *psid, char *nt_als_name, char *nt_domain)
-{
-       return map_gid(GROUP_LOCAL, gid, psid, nt_als_name, nt_domain);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-BOOL map_group_gid( gid_t gid, DOM_SID *psid, char *nt_grp_name, char *nt_domain)
-{
-       return map_gid(GROUP_DOMAIN, gid, psid, nt_grp_name, nt_domain);
-}
-
+/* this module is retired, it is moved to lib/domain_namemap.c */