- group database API. oops and oh dear, the threat has been carried out:
authorLuke Leighton <lkcl@samba.org>
Tue, 17 Nov 1998 16:19:04 +0000 (16:19 +0000)
committerLuke Leighton <lkcl@samba.org>
Tue, 17 Nov 1998 16:19:04 +0000 (16:19 +0000)
  the pre-alpha "domain group" etc parameters have disappeared.

- interactive debug detection

- re-added mem_man (andrew's memory management, detects memory corruption)

- american spellings of "initialise" replaced with english spelling of
  "initialise".

- started on "lookup_name()" and "lookup_sid()" functions.  proper ones.

- moved lots of functions around.  created some modules of commonly used
  code.  e.g the password file locking code, which is used in groupfile.c
  and aliasfile.c and smbpass.c

- moved RID_TYPE_MASK up another bit.  this is really unfortunate, but
  there is no other "fast" way to identify users from groups from aliases.
  i do not believe that this code saves us anything (the multipliers)
  and puts us at a disadvantage (reduces the useable rid space).
  the designers of NT aren't silly: if they can get away with a user-
  interface-speed LsaLookupNames / LsaLookupSids, then so can we.  i
  spoke with isaac at the cifs conference, the only time for example that
  they do a security context check is on file create.  certainly not on
  individual file reads / writes, which would drastically hit their
  performance and ours, too.

- renamed myworkgroup to global_sam_name, amongst other things, when used
  in the rpc code.  there is also a global_member_name, as we are always
  responsible for a SAM database, the scope of which is limited by the role
  of the machine (e.g if a member of a workgroup, your SAM is for _local_
  logins only, and its name is the name of your server.  you even still
  have a SID.  see LsaQueryInfoPolicy, levels 3 and 5).

- updated functionality of groupname.c to be able to cope with names
  like DOMAIN\group and SERVER\alias.  used this code to be able to
  do aliases as well as groups.  this code may actually be better
  off being used in username mapping, too.

- created a connect to serverlist function in clientgen.c and used it
  in password.c

- initialisation in server.c depends on the role of the server.  well,
  it does now.

- rpctorture.  smbtorture.  EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)

47 files changed:
source3/Makefile.in
source3/configure
source3/configure.in
source3/groupdb/aliasfile.c
source3/groupdb/groupfile.c
source3/include/config.h.in
source3/include/proto.h
source3/include/rpc_misc.h
source3/include/rpc_samr.h
source3/include/smb.h
source3/lib/debug.c
source3/lib/util.c
source3/lib/util_hnd.c
source3/libsmb/clientgen.c
source3/lsarpcd/srv_lsa.c
source3/mem_man/mem_man.c
source3/mem_man/mem_man.h
source3/nmbd/nmbd.c
source3/param/loadparm.c
source3/passdb/ldap.c
source3/passdb/nispass.c
source3/passdb/passdb.c
source3/passdb/smbpass.c
source3/passdb/smbpassfile.c
source3/rpc_client/cli_login.c
source3/rpc_client/cli_lsarpc.c
source3/rpc_client/cli_netlogon.c
source3/rpc_client/cli_pipe.c
source3/rpc_parse/parse_lsa.c
source3/rpc_parse/parse_net.c
source3/rpc_parse/parse_rpc.c
source3/rpc_parse/parse_samr.c
source3/rpc_server/srv_lsa.c
source3/rpc_server/srv_lsa_hnd.c
source3/rpc_server/srv_netlog.c
source3/rpc_server/srv_samr.c
source3/rpc_server/srv_util.c
source3/smbd/groupname.c
source3/smbd/nttrans.c
source3/smbd/password.c
source3/smbd/reply.c
source3/smbd/server.c
source3/smbd/service.c
source3/utils/rpctorture.c
source3/utils/smbpasswd.c
source3/utils/torture.c
source3/web/swat.c

index 73931ef65164ddeeaf5c6379d8e3e4e842c5ded7..96ba7306d4ad14291a99003672073f01107f5100 100644 (file)
@@ -42,6 +42,9 @@ LMHOSTSFILE = $(LIBDIR)/lmhosts
 DRIVERFILE = $(LIBDIR)/printers.def
 PASSWD_PROGRAM = /bin/passwd
 SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd
+SMB_PASSGRP_FILE = $(BASEDIR)/private/smbpassgrp
+SMB_GROUP_FILE = $(BASEDIR)/private/smbgroup
+SMB_ALIAS_FILE = $(BASEDIR)/private/smbalias
 SMB_PASSWD_PROGRAM = $(BASEDIR)/bin/smbpasswd
 
 # This is where SWAT images and help files go
@@ -64,7 +67,13 @@ CODEPAGELIST= 437 737 850 852 861 932 866 949 950 936
 SMBRUN = $(BINDIR)/smbrun
 
 
-PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\"
+PASSWD_FLAGS = \
+               -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\"           \
+               -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\"   \
+               -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\"         \
+               -DSMB_PASSGRP_FILE=\"$(SMB_PASSGRP_FILE)\"       \
+               -DSMB_GROUP_FILE=\"$(SMB_GROUP_FILE)\"           \
+               -DSMB_ALIAS_FILE=\"$(SMB_ALIAS_FILE)\" 
 FLAGS1 = $(CFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -DSMBLOGFILE=\"$(SMBLOGFILE)\" -DNMBLOGFILE=\"$(NMBLOGFILE)\"
 FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\"  
 FLAGS3 = -DSWATDIR=\"$(SWATDIR)\" -DSBINDIR=\"$(SBINDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DSMBRUN=\"$(SMBRUN)\" -DCODEPAGEDIR=\"$(CODEPAGEDIR)\"
@@ -90,11 +99,11 @@ LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \
           lib/getsmbpass.o lib/interface.o lib/kanji.o lib/md4.o \
           lib/membuffer.o lib/netmask.o lib/pidfile.o lib/replace.o \
           lib/signal.o lib/slprintf.o lib/system.o lib/time.o lib/ufc.o \
-          lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \
-         lib/bitmap.o lib/crc32.o lib/snprintf.o \
-               lib/util_str.o lib/util_sid.o \
-               lib/util_unistr.o lib/util_file.o \
-               lib/util.o lib/util_sock.o
+          lib/util.o lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \
+         lib/bitmap.o lib/crc32.o lib/util_sid.o lib/snprintf.o \
+               lib/util_str.o lib/util_unistr.o \
+               lib/util_file.o mem_man/mem_man.o \
+               lib/util_sock.o
 
 UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
             ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o ubiqx/debugparse.o
@@ -106,12 +115,18 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/namequery.o libsmb/nmblib.o \
              libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
             libsmb/passchange.o
 
-RPC_SERVER_OBJ = rpc_server/srv_lsa.o \
-                 rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o \
-                 rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o \
-                 rpc_server/srv_samr.o rpc_server/srv_srvsvc.o \
-                 rpc_server/srv_util.o rpc_server/srv_wkssvc.o \
-               rpc_server/srv_pipe.o
+RPC_SERVER_OBJ = \
+               rpc_server/srv_sid.o \
+               rpc_server/srv_lsa.o \
+               rpc_server/srv_lsa_hnd.o \
+               rpc_server/srv_netlog.o \
+               rpc_server/srv_pipe_hnd.o \
+               rpc_server/srv_reg.o \
+               rpc_server/srv_samr.o \
+               rpc_server/srv_srvsvc.o \
+               rpc_server/srv_pipe.o \
+               rpc_server/srv_lookup.o \
+               rpc_server/srv_wkssvc.o
 
 RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \
                 rpc_parse/parse_net.o rpc_parse/parse_prs.o \
@@ -122,19 +137,24 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \
 RPC_CLIENT_OBJ = \
                rpc_client/cli_login.o    \
                rpc_client/cli_netlogon.o \
+               rpc_client/cli_reg.o \
                rpc_client/cli_pipe.o     \
                rpc_client/cli_lsarpc.o   \
                rpc_client/cli_wkssvc.o   \
                rpc_client/cli_srvsvc.o   \
-               rpc_client/cli_reg.o   \
                rpc_client/cli_samr.o 
 
 
 LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \
               locking/shmem.o locking/shmem_sysv.o
 
+GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \
+               groupdb/aliasdb.o groupdb/aliasfile.o
+
 PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \
-             passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o
+             passdb/pass_check.o passdb/ldap.o passdb/nispass.o \
+               passdb/passgrp.o passdb/smbpassgroup.o \
+               passdb/smbpasschange.o
 
 SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
             smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \
@@ -142,13 +162,15 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
             smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \
             smbd/$(QUOTAOBJS) smbd/reply.o smbd/ssl.o smbd/trans2.o smbd/uid.o \
            smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \
-           smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o
+           smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o \
+               smbd/groupname.o 
 
 PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o
 
 SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
            $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
-           $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(LIB_OBJ)
+           $(LOCKING_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(PRINTING_OBJ) \
+               $(LIB_OBJ)
 
 
 NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
@@ -192,7 +214,8 @@ TESTPARM_OBJ = utils/testparm.o \
 TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
                $(LIB_OBJ)
 
-SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
+SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
+               $(PASSDB_OBJ) \
                 $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ)
 
 RPCCLIENT_OBJ = rpcclient/rpcclient.o \
@@ -204,7 +227,8 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \
              rpcclient/cmd_srvsvc.o \
              rpcclient/cmd_netlogon.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
-             $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
+             $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
+               $(PASSDB_OBJ) 
 
 SMBWRAPPER_OBJ = smbwrapper/smbw.o smbwrapper/wrapped.o \
                smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
@@ -238,7 +262,8 @@ RPCTORTURE_OBJ = utils/rpctorture.o \
              rpcclient/cmd_srvsvc.o \
              rpcclient/cmd_netlogon.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
-             $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
+             $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
+               $(PASSDB_OBJ) 
 
 DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o
 
index 0cd5e39d74ec4801a5f2ade8dc360dd355520cfc..0ec5ebb0b3a79345aa2a6d777edea916830e9b85 100755 (executable)
@@ -1532,7 +1532,7 @@ else
 fi
 done
 
-for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h
+for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h 
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
index 5030c7ffe946103bb72f1a153601a91b01e78701..55fe56fe9e3b979d1c6a5ceefaa71a0e1b9eb2ff 100644 (file)
@@ -30,7 +30,7 @@ AC_HEADER_TIME
 AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h)
 AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h)
-AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h)
+AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h )
 AC_CHECK_HEADERS(rpcsvc/yp_prot.h rpcsvc/ypclnt.h sys/param.h ctype.h )
 AC_CHECK_HEADERS(sys/wait.h sys/resource.h sys/ioctl.h sys/mode.h)
 AC_CHECK_HEADERS(sys/filio.h string.h strings.h stdlib.h sys/socket.h)
index 4b8bbe3079fdb699ea6301f5e7bab0866df95b92..fc87b47c47d02900c7fa7123375506605fbc1b9a 100644 (file)
@@ -130,24 +130,36 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members
        {
                DOM_SID sid;
                uint8 type;
+               BOOL found = False;
 
-               if (lookup_sid(name, &sid, &type))
+               if (strnequal(name, "S-", 2))
                {
-                       (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
-                       (*num_mem)++;
+                       /* sid entered directly */
+                       string_to_sid(&sid, name);
+                       found = lookup_name(&sid, name, &type) == 0x0;
                }
                else
+               {
+                       found = lookup_sid(name, &sid, &type) == 0x0;
+               }
+
+               if (!found)
                {
                        DEBUG(0,("alias database: could not resolve alias named %s\n", name));
                        continue;
                }
+
+               (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
+
                if ((*members) == NULL)
                {
                        return NULL;
                }
-               fstrcpy((*members)[(*num_mem)-1].name, name);
-               (*members)[(*num_mem)-1].sid_use = type;
-               sid_copy(&(*members)[(*num_mem)-1].sid, &sid);
+
+               fstrcpy((*members)[*num_mem].name, name);
+               (*members)[*num_mem].sid_use = type;
+               sid_copy(&(*members)[*num_mem].sid, &sid);
+               (*num_mem)++;
        }
        return p;
 }
index 88d362e7d4c7b8116114f4c7d9c99d84a8219924..8044071391fa057a01f3cf8d668d0389be4d9b0f 100644 (file)
@@ -26,6 +26,9 @@ extern int DEBUGLEVEL;
 
 static char s_readbuf[1024];
 
+extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+
 /***************************************************************
  Start to enumerate the grppasswd list. Returns a void pointer
  to ensure no modification outside this module.
@@ -128,11 +131,36 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member
 
        while (next_token(&p, name, ",", sizeof(fstring)))
        {
+               DOM_SID sid;
+               uint8 type;
+               BOOL found = False;
+
+               if (isdigit(name))
+               {
+                       uint32 rid = get_number(name);
+                       sid_copy(&sid, &global_sam_sid);
+                       sid_append_rid(&sid, rid);
+                       
+                       found = lookup_name(&sid, name, &type) == 0x0;
+               }
+               else
+               {
+                       found = lookup_sid(name, &sid, &type) == 0x0;
+               }
+
+               if (!found)
+               {
+                       DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
+                                 name, global_sam_name));
+                       continue;
+               }
+
                (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER));
                if ((*members) == NULL)
                {
                        return NULL;
                }
+
                fstrcpy((*members)[(*num_mem)].name, name);
                (*members)[(*num_mem)].attr = 0x07;
                (*num_mem)++;
index 01bc2ee0d8d0bf2f567c56cdf036d80b325020de..49379cfe9c2dca2822f15500f612ed939e8d0eda 100644 (file)
 /* Define if you have the <rpc/auth.h> header file.  */
 #undef HAVE_RPC_AUTH_H
 
-/* Define if you have the <rpc/clnt.h> header file.  */
-#undef HAVE_RPC_CLNT_H
-
 /* Define if you have the <rpc/rpc.h> header file.  */
 #undef HAVE_RPC_RPC_H
 
index d1aa8383c2d3a86ff8b13e4452986476627da7e8..329903f787e8f257746f1ae667d5e8f237164654 100644 (file)
@@ -17,6 +17,54 @@ void cmd_tar(void);
 int process_tar(void);
 int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
 
+/*The following definitions come from  groupdb/aliasdb.c  */
+
+BOOL initialise_alias_db(void);
+LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als);
+BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss);
+BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss);
+void *startaliasent(BOOL update);
+void endaliasent(void *vp);
+LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_alias_entry(LOCAL_GRP *newals);
+BOOL mod_alias_entry(LOCAL_GRP* als);
+LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss);
+void aldb_init_als(LOCAL_GRP *als);
+
+/*The following definitions come from  groupdb/aliasfile.c  */
+
+struct aliasdb_ops *file_initialise_alias_db(void);
+
+/*The following definitions come from  groupdb/groupdb.c  */
+
+BOOL initialise_group_db(void);
+DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp);
+BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps);
+BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps);
+void *startgroupent(BOOL update);
+void endgroupent(void *vp);
+DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+BOOL add_group_entry(DOMAIN_GRP *newgrp);
+BOOL mod_group_entry(DOMAIN_GRP* grp);
+DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
+BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps);
+void gpdb_init_grp(DOMAIN_GRP *grp);
+
+/*The following definitions come from  groupdb/groupfile.c  */
+
+struct groupdb_ops *file_initialise_group_db(void);
+
 /*The following definitions come from  lib/access.c  */
 
 BOOL allow_access(char *deny_list,char *allow_list,
@@ -49,6 +97,7 @@ uint32 crc32_calc_buffer( uint32 count, char *buffer);
 
 /*The following definitions come from  lib/debug.c  */
 
+BOOL dbg_interactive(void);
 void sig_usr2( int sig );
 void sig_usr1( int sig );
 void setup_logging( char *pname, BOOL interactive );
@@ -208,6 +257,7 @@ BOOL user_in_list(char *user,char *list);
 
 char *tmpdir(void);
 BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups);
+int get_number(char *tmp);
 char *Atoic(char *p, int *n, char *c);
 char *get_numlist(char *p, uint32 **num, int *count);
 void putip(void *dest,void *src);
@@ -454,6 +504,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
                                struct nmb_name *calling, struct nmb_name *called,
                                char *service, char *service_type,
                                BOOL do_shutdown, BOOL do_tcon);
+BOOL cli_connect_serverlist(struct cli_state *cli, char *p);
 int cli_printjob_del(struct cli_state *cli, int job);
 int cli_print_queue(struct cli_state *cli, 
                    void (*fn)(struct print_job_info *));
@@ -487,7 +538,7 @@ BOOL name_status(int fd,char *name,int name_type,BOOL recurse,
 struct in_addr *name_query(int fd,const char *name,int name_type, BOOL bcast,BOOL recurse,
          struct in_addr to_ip, int *count, void (*fn)(struct packet_struct *));
 FILE *startlmhosts(char *fname);
-BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr);
+BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr);
 void endlmhosts(FILE *fp);
 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type);
 BOOL find_master_ip(char *group, struct in_addr *master_ip);
@@ -595,6 +646,23 @@ struct shmem_ops *smb_shm_open(int ronly);
 
 struct shmem_ops *sysv_shm_open(int ronly);
 
+/*The following definitions come from  mem_man/mem_man.c  */
+
+void *smb_mem_malloc(size_t size,char *file,int line);
+char *smb_mem_strdup(char *s, char *file, int line);
+int smb_mem_free(void *ptr,char *file,int line);
+void smb_mem_write_info(void *ptr,FILE *outfile);
+size_t smb_mem_query_size(void *ptr);
+size_t smb_mem_query_real_size(void *ptr);
+char *smb_mem_query_file(void *ptr);
+int smb_mem_query_line(void *ptr);
+int smb_mem_test(void *ptr);
+void smb_mem_write_status(FILE *outfile);
+void smb_mem_write_verbose(FILE *outfile);
+void smb_mem_write_errors(FILE *outfile);
+void smb_mem_set_multiplier(int multiplier);
+void *smb_mem_resize(void *ptr,size_t newsize);
+
 /*The following definitions come from  nmbd/asyncdns.c  */
 
 int asyncdns_fd(void);
@@ -939,6 +1007,9 @@ char *lp_logfile(void);
 char *lp_smbrun(void);
 char *lp_configfile(void);
 char *lp_smb_passwd_file(void);
+char *lp_smb_passgrp_file(void);
+char *lp_smb_group_file(void);
+char *lp_smb_alias_file(void);
 char *lp_serverstring(void);
 char *lp_printcapname(void);
 char *lp_lockdir(void);
@@ -953,6 +1024,7 @@ char *lp_passwordserver(void);
 char *lp_name_resolve_order(void);
 char *lp_workgroup(void);
 char *lp_username_map(void);
+char *lp_aliasname_map(void);
 char *lp_groupname_map(void);
 char *lp_logon_script(void);
 char *lp_logon_path(void);
@@ -967,11 +1039,6 @@ char *lp_nis_home_map_name(void);
 char *lp_netbios_aliases(void);
 char *lp_driverfile(void);
 char *lp_panic_action(void);
-char *lp_domain_groups(void);
-char *lp_domain_admin_group(void);
-char *lp_domain_guest_group(void);
-char *lp_domain_admin_users(void);
-char *lp_domain_guest_users(void);
 char *lp_ldap_server(void);
 char *lp_ldap_suffix(void);
 char *lp_ldap_filter(void);
@@ -1174,7 +1241,7 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd,
 
 /*The following definitions come from  passdb/passdb.c  */
 
-BOOL initialize_password_db(void);
+BOOL initialise_password_db(void);
 struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid);
 struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid);
 struct smb_passwd *iterate_getsmbpwnam(char *name);
@@ -1193,32 +1260,60 @@ struct sam_disp_info *getsamdisprid(uint32 rid);
 struct sam_passwd *getsam21pwent(void *vp);
 struct sam_passwd *getsam21pwnam(char *name);
 struct sam_passwd *getsam21pwrid(uint32 rid);
-void pdb_init_smb(struct smb_passwd *user);
-void pdb_init_sam(struct sam_passwd *user);
-struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user);
-struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user);
-struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user);
-char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
-uint16 pdb_decode_acct_ctrl(char *p);
-time_t pdb_get_last_set_time(char *p);
-void pdb_set_logon_time(char *p, int max_len, time_t t);
-void pdb_set_logoff_time(char *p, int max_len, time_t t);
-void pdb_set_kickoff_time(char *p, int max_len, time_t t);
-void pdb_set_can_change_time(char *p, int max_len, time_t t);
-void pdb_set_must_change_time(char *p, int max_len, time_t t);
-void pdb_set_last_set_time(char *p, int max_len, time_t t);
-void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl);
-BOOL pdb_gethexpwd(char *p, char *pwd);
-BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
-BOOL pdb_generate_sam_sid(void);
-uid_t pdb_user_rid_to_uid(uint32 user_rid);
-uint32 pdb_uid_to_user_rid(uid_t uid);
-uint32 pdb_gid_to_group_rid(gid_t gid);
-BOOL pdb_rid_is_user(uint32 rid);
+void pwdb_init_smb(struct smb_passwd *user);
+void pwdb_init_sam(struct sam_passwd *user);
+struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user);
+struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user);
+struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user);
+char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
+uint16 pwdb_decode_acct_ctrl(char *p);
+time_t pwdb_get_last_set_time(char *p);
+void pwdb_set_logon_time(char *p, int max_len, time_t t);
+void pwdb_set_logoff_time(char *p, int max_len, time_t t);
+void pwdb_set_kickoff_time(char *p, int max_len, time_t t);
+void pwdb_set_can_change_time(char *p, int max_len, time_t t);
+void pwdb_set_must_change_time(char *p, int max_len, time_t t);
+void pwdb_set_last_set_time(char *p, int max_len, time_t t);
+void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl);
+BOOL pwdb_gethexpwd(char *p, char *pwd);
+uid_t pwdb_user_rid_to_uid(uint32 user_rid);
+uint32 pwdb_uid_to_user_rid(uid_t uid);
+uint32 pwdb_gid_to_group_rid(gid_t gid);
+gid_t pwdb_group_rid_to_gid(uint32 group_rid);
+uint32 pwdb_gid_to_alias_rid(gid_t gid);
+gid_t pwdb_alias_rid_to_gid(uint32 alias_rid);
+BOOL pwdb_rid_is_user(uint32 rid);
+
+/*The following definitions come from  passdb/passgrp.c  */
+
+BOOL initialise_passgrp_db(void);
+struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+struct smb_passwd *iterate_getsmbgrpnam(char *name,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+void *startsmbgrpent(BOOL update);
+void endsmbgrpent(void *vp);
+struct smb_passwd *getsmbgrpent(void *vp,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+struct smb_passwd *getsmbgrpnam(char *name,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+struct smb_passwd *getsmbgrprid(uint32 user_rid,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
+struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
+               uint32 **grps, int *num_grps,
+               uint32 **alss, int *num_alss);
 
 /*The following definitions come from  passdb/smbpass.c  */
 
-struct passdb_ops *file_initialize_password_db(void);
+struct passdb_ops *file_initialise_password_db(void);
 
 /*The following definitions come from  passdb/smbpasschange.c  */
 
@@ -1230,8 +1325,6 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user,
 
 /*The following definitions come from  passdb/smbpassfile.c  */
 
-BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth);
-BOOL pw_file_unlock(int fd, int *plock_depth);
 BOOL trust_password_lock( char *domain, char *name, BOOL update);
 BOOL trust_password_unlock(void);
 BOOL trust_password_delete( char *domain, char *name );
@@ -1239,6 +1332,10 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t
 BOOL set_trust_account_password( unsigned char *md4_new_pwd);
 BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname);
 
+/*The following definitions come from  passdb/smbpassgroup.c  */
+
+struct passgrp_ops *file_initialise_password_grp(void);
+
 /*The following definitions come from  printing/pcap.c  */
 
 BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname);
@@ -1808,7 +1905,7 @@ void samr_io_r_enum_dom_users(char *desc,  SAMR_R_ENUM_DOM_USERS *r_u, prs_struc
 void make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 size);
 void samr_io_q_enum_dom_aliases(char *desc,  SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth);
 void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
-               uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES],
+               uint32 num_sam_entries, LOCAL_GRP *alss,
                uint32 status);
 void samr_io_r_enum_dom_aliases(char *desc,  SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth);
 void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol,
@@ -1828,7 +1925,7 @@ void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol,
 void samr_io_q_enum_dom_groups(char *desc,  SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth);
 void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
                uint32 start_idx, uint32 num_sam_entries,
-               SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES],
+               DOMAIN_GRP *grp,
                uint32 status);
 void samr_io_r_enum_dom_groups(char *desc,  SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth);
 void make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e,
@@ -1845,7 +1942,7 @@ void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u,
 void samr_io_r_lookup_ids(char *desc,  SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth);
 void samr_io_q_lookup_names(char *desc,  SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
 void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
-               uint32 num_rids, uint32 *rid, uint32 status);
+               uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);
 void samr_io_r_lookup_names(char *desc,  SAMR_R_LOOKUP_NAMES *r_u, prs_struct *ps, int depth);
 void samr_io_q_unknown_12(char *desc,  SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, int depth);
 void make_samr_r_unknown_12(SAMR_R_UNKNOWN_12 *r_u,
@@ -2051,6 +2148,37 @@ void make_wks_r_query_info(WKS_R_QUERY_INFO *r_u,
                                int status)  ;
 void wks_io_r_query_info(char *desc,  WKS_R_QUERY_INFO *r_u, prs_struct *ps, int depth);
 
+/*The following definitions come from  rpc_server/srv_lookup.c  */
+
+int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids);
+int get_domain_user_groups(DOMAIN_GRP_MEMBER **grp_members, uint32 group_rid);
+uint32 lookup_builtin_names(DOM_SID *sid, char *name, uint8 *type);
+uint32 lookup_added_name(DOM_SID *sid, char *name, uint8 *type);
+uint32 lookup_name(DOM_SID *sid, char *name, uint8 *type);
+uint32 lookup_wk_group_name(DOM_SID *sid, char *group_name, uint8 *type);
+uint32 lookup_group_name(DOM_SID *sid, char *group_name, uint8 *type);
+uint32 lookup_wk_alias_name(DOM_SID *sid, char *alias_name, uint8 *type);
+uint32 lookup_alias_name(DOM_SID *sid, char *alias_name, uint8 *type);
+uint32 lookup_wk_user_name(DOM_SID *sid, char *user_name, uint8 *type);
+uint32 lookup_user_name(DOM_SID *sid, char *user_name, uint8 *type);
+uint32 lookup_group_rid(char *group_name, uint32 *rid, uint8 *type);
+uint32 lookup_wk_group_rid(char *group_name, uint32 *rid, uint8 *type);
+uint32 lookup_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type);
+uint32 lookup_alias_rid(char *alias_name, uint32 *rid, uint8 *type);
+uint32 lookup_wk_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type);
+uint32 lookup_wk_alias_rid(char *alias_name, uint32 *rid, uint8 *type);
+uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type);
+uint32 lookup_added_user_rids(char *user_name,
+               uint32 *usr_rid, uint32 *grp_rid);
+uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type);
+uint32 lookup_wk_user_rid(char *user_name, uint32 *rid, uint8 *type);
+uint32 lookup_added_grp_rid(char *name, uint32 *rid, uint8 *type);
+uint32 lookup_builtin_grp_rid(char *name, uint32 *rid, uint8 *type);
+uint32 lookup_grp_rid(char *name, uint32 *rid, uint8 *type);
+uint32 lookup_user_rid(char *name, uint32 *rid, uint8 *type);
+uint32 lookup_rid(char *name, uint32 *rid, uint8 *type);
+uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid);
+
 /*The following definitions come from  rpc_server/srv_lsa.c  */
 
 BOOL api_ntlsa_rpc(pipes_struct *p, prs_struct *data);
@@ -2103,20 +2231,18 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data);
 
 BOOL api_samr_rpc(pipes_struct *p, prs_struct *data);
 
-/*The following definitions come from  rpc_server/srv_srvsvc.c  */
+/*The following definitions come from  rpc_server/srv_sid.c  */
 
-BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
+BOOL get_member_domain_sid(void);
+void generate_wellknown_sids(void);
+BOOL generate_sam_sid(void);
+BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
+BOOL split_domain_name(char *fullname, char *domain, char *name);
 
-/*The following definitions come from  rpc_server/srv_util.c  */
+/*The following definitions come from  rpc_server/srv_srvsvc.c  */
 
-int make_dom_gids(char *gids_str, DOM_GID **ppgids);
-void get_domain_user_groups(char *domain_groups, char *user);
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type);
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type);
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type);
-uint32 lookup_group_rid(char *group_name, uint32 *rid);
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid);
-uint32 lookup_user_rid(char *user_name, uint32 *rid);
+BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
 
 /*The following definitions come from  rpc_server/srv_wkssvc.c  */
 
@@ -2355,6 +2481,17 @@ void file_chain_reset(void);
 void file_chain_save(void);
 void file_chain_restore(void);
 
+/*The following definitions come from  smbd/groupname.c  */
+
+BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain);
+BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain);
+BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid);
+BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid);
+BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid);
+BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid);
+BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid);
+BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid);
+
 /*The following definitions come from  smbd/ipc.c  */
 
 int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize);
@@ -2431,7 +2568,7 @@ BOOL set_challenge(unsigned char *challenge);
 user_struct *get_valid_user_struct(uint16 vuid);
 void invalidate_vuid(uint16 vuid);
 char *validated_username(uint16 vuid);
-int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups);
+int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups);
 uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest);
 void add_session_user(char *user);
 BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
index e984a4842b59fa4073ab86b8cac0d56b5846acbe..aa1f100dfb7066f7cfc7881ee69d3cb15756a927 100644 (file)
  * NT RIDS.
  */
 
-/* Take the bottom bit. */
-#define RID_TYPE_MASK 1
-#define RID_MULTIPLIER 2
-
-/* The two common types. */
-#define USER_RID_TYPE 0
-#define GROUP_RID_TYPE 1
+/* Take the bottom bits. */
+#define RID_TYPE_MASK 2
+#define RID_MULTIPLIER 4
+
+/* The three common types. */
+#define RID_TYPE_USER 0
+#define RID_TYPE_GROUP 1
+#define RID_TYPE_ALIAS 2
 
 /* ENUM_HND */
 typedef struct enum_hnd_info
index d45cb23388f91da8e548d3d2314dbe594d44d14f..ef7fefc72e7eba6307f7a4c1bb456a3c5c8cfbbf 100644 (file)
@@ -769,7 +769,7 @@ itself.  the response to the lookup rids is relative to this SID.
 /* SAMR_Q_LOOKUP_IDS */
 typedef struct q_samr_lookup_ids_info
 {
-    POLICY_HND pol;       /* policy handle */
+       POLICY_HND pol;       /* policy handle */
 
        uint32 num_sids1;      /* number of rids being looked up */
        uint32 ptr;            /* buffer pointer */
index 0ffbcded1311467ff7c6d1af6a9a5833831c5c6c..63aa7c098d2c6f7f3fb284661f2faf89a53bf663 100644 (file)
@@ -463,30 +463,31 @@ typedef struct local_grp_info
 {
        fstring name;
        fstring comment;
+       uint32  rid; /* alias rid */
 
 } LOCAL_GRP;
 
-/*** enumerate these to get list of domain groups ***/
+/*** query a domain group, get a list of these: shows who is in that group ***/
 
-/* domain group member info */
-typedef struct domain_grp_info
+/* domain group info */
+typedef struct domain_grp_member_info
 {
        fstring name;
-       fstring comment;
-       uint32  rid; /* group rid */
        uint8   attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
 
-} DOMAIN_GRP;
+} DOMAIN_GRP_MEMBER;
 
-/*** query a domain group, get a list of these: shows who is in that group ***/
+/*** enumerate these to get list of domain groups ***/
 
-/* domain group info */
-typedef struct domain_grp_member_info
+/* domain group member info */
+typedef struct domain_grp_info
 {
        fstring name;
+       fstring comment;
+       uint32  rid; /* group rid */
        uint8   attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
 
-} DOMAIN_GRP_MEMBER;
+} DOMAIN_GRP;
 
 /* DOM_CHAL - challenge info */
 typedef struct chal_info
@@ -814,6 +815,110 @@ struct passdb_ops {
 #endif
 };
 
+/*
+ * Each implementation of the passgrp database code needs
+ * to support the following operations.
+ */
+
+struct passgrp_ops {
+  /*
+   * Password database ops.
+   */
+  void *(*startsmbgrpent)(BOOL);
+  void (*endsmbgrpent)(void *);
+  SMB_BIG_UINT (*getsmbgrppos)(void *);
+  BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
+
+  /*
+   * smb passgrp database query functions.
+   */
+  struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*);
+  struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
+  struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
+  struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
+
+};
+
+/*
+ * Each implementation of the group database code needs
+ * to support the following operations.
+ *
+ * This allows enumeration, modification and addition of groups.  there
+ * is _no_ deletion of groups: you can only modify them to a status of
+ * "deleted" (this by the way is a requirement of c2 rating)
+ */
+
+struct groupdb_ops
+{
+       /*
+        * Group database ops.
+        */
+       void *(*startgroupent)(BOOL);
+       void (*endgroupent)(void *);
+       SMB_BIG_UINT (*getgrouppos)(void *);
+       BOOL (*setgrouppos)(void *, SMB_BIG_UINT);
+
+       /*
+        * group database query functions. set the BOOL to Tru
+        * if you want the members in the group as well.
+        */
+       DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *);
+       DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *);
+       DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *);
+       DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *);
+
+       /*
+        * group database modification functions.
+        */
+       BOOL (*add_group_entry)(DOMAIN_GRP *);
+       BOOL (*mod_group_entry)(DOMAIN_GRP *);
+
+       /*
+        * user group functions
+        */
+       BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *);
+};
+
+/*
+ * Each implementation of the alias database code needs
+ * to support the following operations.
+ *
+ * This allows enumeration, modification and addition of aliases.  there
+ * is _no_ deletion of aliases: you can only modify them to a status of
+ * "deleted" (this by the way is a requirement of c2 rating)
+ */
+
+struct aliasdb_ops
+{
+       /*
+        * Alias database ops.
+        */
+       void *(*startaliasent)(BOOL);
+       void (*endaliasent)(void *);
+       SMB_BIG_UINT (*getaliaspos)(void *);
+       BOOL (*setaliaspos)(void *, SMB_BIG_UINT);
+
+       /*
+        * alias database query functions. set the BOOL to Tru
+        * if you want the members in the alias as well.
+        */
+       LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *);
+       LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *);
+       LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *);
+       LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *);
+
+       /*
+        * alias database modification functions.
+        */
+       BOOL (*add_alias_entry)(LOCAL_GRP *);
+       BOOL (*mod_alias_entry)(LOCAL_GRP *);
+
+       /*
+        * user alias functions
+        */
+       BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *);
+};
+
 /* this is used for smbstatus */
 
 struct connect_record
@@ -1650,11 +1755,8 @@ extern int unix_ERR_code;
 /* zero a structure */
 #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
 
-/* zero a structure given a pointer to the structure - no zero check */
-#define ZERO_STRUCTPN(x) memset((char *)(x), 0, sizeof(*(x)))
-
 /* zero a structure given a pointer to the structure */
-#define ZERO_STRUCTP(x) { if ((x) != NULL) ZERO_STRUCTPN(x); }
+#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); }
 
 /* zero an array - note that sizeof(array) must work - ie. it must not be a 
    pointer */
index 6b7b9341a3c1e8c305bfd2bc925d24c8de775e41..619a917747ef8a3557198ebb718f5df79e6fe53c 100644 (file)
@@ -75,6 +75,7 @@
  *  debugf        - Debug file name.
  *  append_log    - If True, then the output file will be opened in append
  *                  mode.
+ *  timestamp_log - 
  *  DEBUGLEVEL    - System-wide debug message limit.  Messages with message-
  *                  levels higher than DEBUGLEVEL will not be processed.
  */
@@ -82,6 +83,7 @@
 FILE   *dbf        = NULL;
 pstring debugf     = "";
 BOOL    append_log = False;
+BOOL    timestamp_log = True;
 int     DEBUGLEVEL = 1;
 
 
@@ -119,7 +121,17 @@ static int     format_pos     = 0;
  * Functions...
  */
 
-#if defined(SIGUSR2)
+/* ************************************************************************** **
+ * tells us if interactive logging was requested
+ * ************************************************************************** **
+ */
+
+BOOL dbg_interactive(void)
+{
+       return stdout_logging;
+}
+
+#if defined(SIGUSR2) && !defined(MEM_MAN)
 /* ************************************************************************** **
  * catch a sigusr2 - decrease the debug log level.
  * ************************************************************************** **
@@ -140,7 +152,7 @@ void sig_usr2( int sig )
   } /* sig_usr2 */
 #endif /* SIGUSR2 */
 
-#if defined(SIGUSR1)
+#if defined(SIGUSR1) && !defined(MEM_MAN)
 /* ************************************************************************** **
  * catch a sigusr1 - increase the debug log level. 
  * ************************************************************************** **
@@ -429,7 +441,7 @@ static void bufr_print( void )
 static void format_debug_text( char *msg )
   {
   int i;
-  BOOL timestamp = (!stdout_logging && (lp_timestamp_logs() || 
+  BOOL timestamp = (timestamp_log && !stdout_logging && (lp_timestamp_logs() || 
                                        !(lp_loaded())));
 
   for( i = 0; msg[i]; i++ )
@@ -527,7 +539,7 @@ BOOL dbghdr( int level, char *file, char *func, int line )
   /* Print the header if timestamps are turned on.  If parameters are
    * not yet loaded, then default to timestamps on.
    */
-  if( lp_timestamp_logs() || !(lp_loaded()) )
+  if( timestamp_log && (lp_timestamp_logs() || !(lp_loaded()) ))
     {
     /* Print it all out at once to prevent split syslog output. */
     (void)Debug1( "[%s, %d] %s:%s(%d)\n",
index 1710205f3c1bc053aff3985b652dd219c34c0a44..df3faa569a565305f2ab47a1d82de245d4340396 100644 (file)
@@ -142,6 +142,21 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
 }
 
 
+/****************************************************************************
+gets either a hex number (0xNNN) or decimal integer (NNN).
+****************************************************************************/
+int get_number(char *tmp)
+{
+       if (strnequal(tmp, "0x", 2))
+       {
+               return strtol(tmp, (char**)NULL, 16);
+       }
+       else
+       {
+               return strtol(tmp, (char**)NULL, 10);
+       }
+}
+
 /****************************************************************************
 like atoi but gets the value up to the separater character
 ****************************************************************************/
@@ -153,7 +168,12 @@ char *Atoic(char *p, int *n, char *c)
                return NULL;
        }
 
-       (*n) = atoi(p);
+       (*n) = get_number(p);
+
+       if (strnequal(p, "0x", 2))
+       {
+               p += 2;
+       }
 
        while ((*p) && isdigit(*p))
        {
index b807c406044267ceb6a56b4cb6584b3934933861..dabc5520ff2c7136019eb0bb769d41eb2e6051c4 100644 (file)
@@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
 {
        struct policy *p = find_lsa_policy(hnd);
 
-       if (!p) {
+       if (!p)
+       {
                DEBUG(3,("Error closing policy\n"));
                return False;
        }
@@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
        bitmap_clear(bmap, p->pnum);
 
        ZERO_STRUCTP(p);
+       ZERO_STRUCTP(hnd);
 
        free(p);
 
index 550f7cc391dc4d3379f748c16f7fe201459a8ea8..bb792b7e2bdabc8b800fb5f46b5bcc22df4f9318 100644 (file)
@@ -39,18 +39,27 @@ static BOOL cli_receive_smb(struct cli_state *cli)
 /****************************************************************************
   send an smb to a fd and re-establish if necessary
 ****************************************************************************/
-static BOOL cli_send_smb(struct cli_state *cli)
+static BOOL cli_send_smb(struct cli_state *cli, BOOL show)
 {
        size_t len;
        size_t nwritten=0;
        ssize_t ret;
        BOOL reestablished=False;
 
+       if (show)
+       {
+               show_msg(cli->outbuf);
+       }
+
        len = smb_len(cli->outbuf) + 4;
 
        while (nwritten < len) {
                ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
-               if (ret <= 0 && errno == EPIPE && !reestablished) {
+               if (ret <= 0 && errno == EPIPE && !reestablished)
+               {
+                       DEBUG(5,("cli_send_smb: write error (%s) - reconnecting\n",
+                                 strerror(errno)));
+       
                        if (cli_reestablish_connection(cli)) {
                                reestablished = True;
                                nwritten=0;
@@ -60,8 +69,7 @@ static BOOL cli_send_smb(struct cli_state *cli)
                if (ret <= 0) {
                        DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",
                                 len,ret));
-                       close_sockets();
-                       exit(1);
+                       return False;
                }
                nwritten += ret;
        }
@@ -259,8 +267,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans,
        set_message(cli->outbuf,14+lsetup,              /* wcnt, bcc */
                    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
 
-       show_msg(cli->outbuf);
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 
        if (this_ldata < ldata || this_lparam < lparam) {
                /* receive interim response */
@@ -300,8 +307,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans,
                        set_message(cli->outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */
                                    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
                        
-                       show_msg(cli->outbuf);
-                       cli_send_smb(cli);
+                       cli_send_smb(cli, True);
                        
                        tot_data += this_ldata;
                        tot_param += this_lparam;
@@ -328,8 +334,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans,
        if (!cli_receive_smb(cli))
                return False;
 
-       show_msg(cli->inbuf);
-       
        /* sanity check */
        if (CVAL(cli->inbuf,smb_com) != trans) {
                DEBUG(0,("Expected %s response, got command 0x%02x\n",
@@ -382,8 +386,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans,
                if (!cli_receive_smb(cli))
                        return False;
 
-               show_msg(cli->inbuf);
-               
                /* sanity check */
                if (CVAL(cli->inbuf,smb_com) != trans) {
                        DEBUG(0,("Expected %s response, got command 0x%02x\n",
@@ -759,11 +761,12 @@ BOOL cli_session_setup(struct cli_state *cli,
                set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
        }
 
-      cli_send_smb(cli);
+      cli_send_smb(cli, True);
       if (!cli_receive_smb(cli))
+       {
+               DEBUG(10,("cli_session_setup: receive smb failed\n"));
              return False;
-
-      show_msg(cli->inbuf);
+       }
 
       if (CVAL(cli->inbuf,smb_rcls) != 0) {
              return False;
@@ -804,7 +807,7 @@ BOOL cli_ulogoff(struct cli_state *cli)
        SSVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
 
-        cli_send_smb(cli);
+        cli_send_smb(cli, True);
         if (!cli_receive_smb(cli))
                 return False;
 
@@ -858,7 +861,7 @@ BOOL cli_send_tconX(struct cli_state *cli,
 
        SCVAL(cli->inbuf,smb_rcls, 1);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli))
                return False;
 
@@ -899,7 +902,7 @@ BOOL cli_tdis(struct cli_state *cli)
        SSVAL(cli->outbuf,smb_tid,cli->cnum);
        cli_setup_packet(cli);
        
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli))
                return False;
        
@@ -931,7 +934,7 @@ BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst)
         *p++ = 4;
         pstrcpy(p,fname_dst);
 
-        cli_send_smb(cli);
+        cli_send_smb(cli, True);
         if (!cli_receive_smb(cli)) {
                 return False;
         }
@@ -965,7 +968,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname)
        *p++ = 4;      
        pstrcpy(p,fname);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -997,7 +1000,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname)
        *p++ = 4;      
        pstrcpy(p,dname);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1029,7 +1032,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname)
        *p++ = 4;      
        pstrcpy(p,dname);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1074,7 +1077,7 @@ int cli_nt_create(struct cli_state *cli, char *fname)
        pstrcpy(p,fname);
        p = skip_string(p,1);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return -1;
        }
@@ -1145,7 +1148,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
        pstrcpy(p,fname);
        p = skip_string(p,1);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return -1;
        }
@@ -1177,7 +1180,7 @@ BOOL cli_close(struct cli_state *cli, int fnum)
        SSVAL(cli->outbuf,smb_vwv0,fnum);
        SIVALS(cli->outbuf,smb_vwv1,-1);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1218,7 +1221,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int ti
        SSVAL(p, 0, cli->pid);
        SIVAL(p, 2, offset);
        SIVAL(p, 6, len);
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 
         cli->timeout = (timeout == -1) ? 0x7FFFFFFF : timeout;
 
@@ -1264,7 +1267,7 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int
        SIVAL(p, 2, offset);
        SIVAL(p, 6, len);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1300,7 +1303,7 @@ static void cli_issue_read(struct cli_state *cli, int fnum, off_t offset,
        SSVAL(cli->outbuf,smb_vwv6,size);
        SSVAL(cli->outbuf,smb_mid,cli->mid + i);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 }
 
 /****************************************************************************
@@ -1406,8 +1409,7 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1
 
        SSVAL(cli->outbuf,smb_mid,cli->mid + i);
        
-       show_msg(cli->outbuf);
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 }
 
 /****************************************************************************
@@ -1495,7 +1497,7 @@ BOOL cli_getattrE(struct cli_state *cli, int fd,
 
        SSVAL(cli->outbuf,smb_vwv0,fd);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1549,7 +1551,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname,
        *p = 4;
        pstrcpy(p+1, fname);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -1600,7 +1602,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t)
        p = skip_string(p,1);
        *p = 4;
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -2163,13 +2165,14 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
 
   data_len = 532;
     
-  if (cli_send_trans(cli,SMBtrans,
+  if (!cli_send_trans(cli,SMBtrans,
                     PIPE_LANMAN,strlen(PIPE_LANMAN),      /* name, length */
                     0,0,                                  /* fid, flags */
                     NULL,0,0,                             /* setup, length, max */
                     param,param_len,2,                    /* param, length, max */
                     data,data_len,0                       /* data, length, max */
-                   ) == False) {
+                   ))
+  {
     DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n",
               user ));
     return False;
@@ -2223,11 +2226,11 @@ BOOL cli_negprot(struct cli_state *cli)
 
        CVAL(smb_buf(cli->outbuf),0) = 2;
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli))
+       {
                return False;
-
-       show_msg(cli->inbuf);
+       }
 
        if (CVAL(cli->inbuf,smb_rcls) != 0 || 
            ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
@@ -2305,7 +2308,7 @@ BOOL cli_session_request(struct cli_state *cli,
 retry:
 #endif /* WITH_SSL */
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, False);
        DEBUG(5,("Sent session request\n"));
 
        if (!cli_receive_smb(cli))
@@ -2401,6 +2404,7 @@ shutdown a client structure
 ****************************************************************************/
 void cli_shutdown(struct cli_state *cli)
 {
+       DEBUG(10,("cli_shutdown\n"));
        if (cli->outbuf)
        {
                free(cli->outbuf);
@@ -2414,7 +2418,9 @@ void cli_shutdown(struct cli_state *cli)
       sslutil_disconnect(cli->fd);
 #endif /* WITH_SSL */
        if (cli->fd != -1) 
-      close(cli->fd);
+       {
+               close(cli->fd);
+       }
        memset(cli, 0, sizeof(*cli));
 }
 
@@ -2429,10 +2435,18 @@ void cli_shutdown(struct cli_state *cli)
 ****************************************************************************/
 int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num)
 {
-       int  flgs2 = SVAL(cli->inbuf,smb_flg2);
+       int  flgs2;
        char rcls;
        int code;
 
+       if (!cli->initialised)
+       {
+               DEBUG(0,("cli_error: client state uninitialised!\n"));
+               return EINVAL;
+       }
+
+       flgs2 = SVAL(cli->inbuf,smb_flg2);
+
        if (eclass) *eclass = 0;
        if (num   ) *num = 0;
 
@@ -2671,7 +2685,9 @@ BOOL cli_establish_connection(struct cli_state *cli,
                {
                        DEBUG(1,("failed session setup\n"));
                        if (do_shutdown)
-              cli_shutdown(cli);
+                       {
+                               cli_shutdown(cli);
+                       }
                        return False;
                }
 
@@ -2682,19 +2698,104 @@ BOOL cli_establish_connection(struct cli_state *cli,
                        {
                                DEBUG(1,("failed tcon_X\n"));
                                if (do_shutdown)
-                  cli_shutdown(cli);
+                               {
+                                       cli_shutdown(cli);
+                               }
                                return False;
                        }
                }
        }
 
        if (do_shutdown)
-      cli_shutdown(cli);
+       {
+               cli_shutdown(cli);
+       }
 
        return True;
 }
 
 
+/****************************************************************************
+ connect to one of multiple servers: don't care which
+****************************************************************************/
+BOOL cli_connect_serverlist(struct cli_state *cli, char *p)
+{
+       extern pstring global_myname;
+       extern pstring scope;
+       fstring remote_machine;
+       struct in_addr dest_ip;
+       struct nmb_name calling, called;
+       BOOL connected_ok = True;
+
+       ZERO_STRUCT(cli);
+
+       if (!cli_initialise(cli))
+       {
+               DEBUG(0,("cli_connect_serverlist: unable to initialize client connection.\n"));
+               return False;
+       }
+
+       /*
+       * Treat each name in the 'password server =' line as a potential
+       * PDC/BDC. Contact each in turn and try and authenticate.
+       */
+
+       while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine)))
+       {
+               standard_sub_basic(remote_machine);
+               strupper(remote_machine);
+
+               if (!resolve_name( remote_machine, &dest_ip, 0x20))
+               {
+                       DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_machine));
+                       continue;
+               }   
+
+               if (ismyip(dest_ip))
+               {
+                       DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine));
+                       continue;
+               }
+
+               make_nmb_name(&calling, global_myname , 0x0 , scope);
+               make_nmb_name(&called , remote_machine, 0x20, scope);
+
+               pwd_set_nullpwd(&cli->pwd);
+
+               if (!cli_establish_connection(cli, remote_machine, &dest_ip,
+                                             &calling, &called,
+                                             "IPC$", "IPC", 
+                                             False, True))
+               {
+                       cli_shutdown(cli);
+                       continue;
+               }      
+
+               if (!IS_BITS_SET_ALL(cli->sec_mode, 1))
+               {
+                       DEBUG(1,("cli_connect_serverlist: machine %s isn't in user level security mode\n",
+                                 remote_machine));
+                       cli_shutdown(cli);
+                       continue;
+               }
+
+               /*
+                * We have an anonymous connection to IPC$.
+                */
+
+               connected_ok = True;
+               break;
+       }
+
+       if (!connected_ok)
+       {
+               DEBUG(0,("cli_connect_serverlist: Domain password server not available.\n"));
+               cli_shutdown(cli);
+       }
+
+       return connected_ok;
+}
+
 /****************************************************************************
   cancel a print job
   ****************************************************************************/
@@ -2826,7 +2927,7 @@ BOOL cli_chkpath(struct cli_state *cli, char *path)
        *p++ = 4;
        fstrcpy(p,path2);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
@@ -2862,7 +2963,7 @@ BOOL cli_message_start(struct cli_state *cli, char *host, char *username,
        
        set_message(cli->outbuf,0,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
        
-       cli_send_smb(cli);      
+       cli_send_smb(cli, True);        
        
        if (!cli_receive_smb(cli)) {
                return False;
@@ -2895,7 +2996,7 @@ BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp)
        *p = 1;
        SSVAL(p,1,len);
        memcpy(p+3,msg,len);
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 
        if (!cli_receive_smb(cli)) {
                return False;
@@ -2920,7 +3021,7 @@ BOOL cli_message_end(struct cli_state *cli, int grp)
 
        cli_setup_packet(cli);
        
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
 
        if (!cli_receive_smb(cli)) {
                return False;
@@ -2943,7 +3044,7 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail)
        SSVAL(cli->outbuf,smb_tid,cli->cnum);
        cli_setup_packet(cli);
 
-       cli_send_smb(cli);
+       cli_send_smb(cli, True);
        if (!cli_receive_smb(cli)) {
                return False;
        }
index 5e6e101883c35a59700dd651bf0d5c872cc50842..51b6e8d25b389d61bf9ea56e91448d0c8fdbd7e7 100644 (file)
 
 extern int DEBUGLEVEL;
 extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+extern DOM_SID global_member_sid;
+extern fstring global_myworkgroup;
+extern DOM_SID global_sid_S_1_1;
+extern DOM_SID global_sid_S_1_3;
+extern DOM_SID global_sid_S_1_5;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
        d_q->uni_dom_max_len = domlen * 2;
        d_q->uni_dom_str_len = domlen * 2;
 
-       d_q->buffer_dom_name = 4; /* domain buffer pointer */
-       d_q->buffer_dom_sid  = 2; /* domain sid pointer */
+       d_q->buffer_dom_name = domlen  != 0    ? 1 : 0; /* domain buffer pointer */
+       d_q->buffer_dom_sid  = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
 
        /* this string is supposed to be character short */
        make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
@@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
 
 
 /***************************************************************************
-make_dom_ref
+make_dom_ref - adds a domain if it's not already in, returns the index
  ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, int num_domains,
-                               char **dom_names, DOM_SID **dom_sids)
+static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
                          
 {
-       int i;
+       int num = 0;
+       int len;
 
-       if (num_domains > MAX_REF_DOMAINS)
+       if (dom_name != NULL)
        {
-               num_domains = MAX_REF_DOMAINS;
+               for (num = 0; num < ref->num_ref_doms_1; num++)
+               {
+                       fstring domname;
+                       fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
+                       if (strequal(domname, dom_name))
+                       {       
+                               return num;
+                       }
+               }
+
+       }
+       else
+       {
+               num = ref->num_ref_doms_1;
+       }
+
+       if (num >= MAX_REF_DOMAINS)
+       {
+               /* index not found, already at maximum domain limit */
+               return -1;
        }
 
        ref->undoc_buffer = 1;
-       ref->num_ref_doms_1 = num_domains;
+       ref->num_ref_doms_1 = num+1;
        ref->undoc_buffer2 = 1;
        ref->max_entries = MAX_REF_DOMAINS;
-       ref->num_ref_doms_2 = num_domains;
+       ref->num_ref_doms_2 = num+1;
 
-       for (i = 0; i < num_domains; i++)
-       {
-               int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+       len = dom_name != NULL ? strlen(dom_name) : 0;
 
-               make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
-               ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+       make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0);
+       ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
 
-               make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
-               make_dom_sid2(&(ref->ref_dom[i].ref_dom     ), dom_sids [i]);
-       }
+       make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len);
+       make_dom_sid2(&(ref->ref_dom[num].ref_dom     ), dom_sid );
 
+       return num;
 }
 
 /***************************************************************************
 make_reply_lookup_rids
  ***************************************************************************/
 static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
-                               int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               int num_entries,
+                               uint32 dom_rids[MAX_LOOKUP_SIDS],
+                               uint8  dom_types[MAX_LOOKUP_SIDS])
 {
        int i;
 
-       make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
+       r_l->num_entries = 0;
+       r_l->undoc_buffer = 0;
+       r_l->num_entries2 = 0;
 
+#if 0
        r_l->num_entries = num_entries;
        r_l->undoc_buffer = 1;
        r_l->num_entries2 = num_entries;
@@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
 
        for (i = 0; i < num_entries; i++)
        {
-               make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
+               make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid);
+               make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]);
        }
 
        r_l->num_entries3 = num_entries;
+#endif
 }
 
 /***************************************************************************
 make_lsa_trans_names
  ***************************************************************************/
-static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
+static void make_lsa_trans_names(DOM_R_REF *ref,
+                               LSA_TRANS_NAME_ENUM *trn,
                                int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               uint32 *total)
+                               uint32 *mapped_count)
 {
-       uint32 status = 0x0;
        int i;
-       (*total) = 0;
+       int total = 0;
+       (*mapped_count) = 0;
 
        SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
 
        for (i = 0; i < num_entries; i++)
        {
+               uint32 status = 0x0;
+               DOM_SID find_sid = sid[i].sid;
+               DOM_SID tmp      = sid[i].sid;
                uint32 rid = 0xffffffff;
-               uint8 num_auths = sid[i].sid.num_auths;
+               int dom_idx = -1;
                fstring name;
-               uint32 type;
+               fstring dom_name;
+               uint8 sid_name_use = 0;
                
-               SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
+               memset(dom_name, 0, sizeof(dom_name));
+               memset(name    , 0, sizeof(name    ));
 
-               /* find the rid to look up */
-               if (num_auths != 0)
+               if (map_domain_sid_to_name(&find_sid, dom_name))
+               {
+                       sid_name_use = SID_NAME_DOMAIN;
+                       dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+               }
+               else if (sid_split_rid         (&find_sid, &rid) &&
+                        map_domain_sid_to_name(&find_sid, dom_name))
+               {
+                       if (sid_equal(&find_sid, &global_sam_sid))
+                       {
+                               status = lookup_name(&tmp, name, &sid_name_use);
+                       }
+                       else
+                       {
+                               status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+                       }
+               }
+               else
                {
-                       rid = sid[i].sid.sub_auths[num_auths-1];
-
                        status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
-                       status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
-                       status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
-                       status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
                }
 
+               dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+
                if (status == 0x0)
                {
-                       make_lsa_trans_name(&(trn->name    [(*total)]),
-                                           &(trn->uni_name[(*total)]),
-                                           type, name, (*total));
-                       (*total)++;
+                       (*mapped_count)++;
+               }
+               else
+               {
+                       snprintf(name, sizeof(name), "%08x", rid);
+                       sid_name_use = SID_NAME_UNKNOWN;
+
                }
+               make_lsa_trans_name(&(trn->name    [total]),
+                                   &(trn->uni_name[total]),
+                                   sid_name_use, name, dom_idx);
+               total++;
        }
 
-       trn->num_entries = (*total);
+       trn->num_entries = total;
        trn->ptr_trans_names = 1;
-       trn->num_entries2 = (*total);
+       trn->num_entries2 = total;
 }
 
 /***************************************************************************
@@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
 lsa_reply_lookup_sids
  ***************************************************************************/
 static void lsa_reply_lookup_sids(prs_struct *rdata,
-                               int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               DOM_SID2 *sid, int num_entries)
 {
        LSA_R_LOOKUP_SIDS r_l;
        DOM_R_REF ref;
@@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
        ZERO_STRUCT(names);
 
        /* set up the LSA Lookup SIDs response */
-       make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
-       make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
+       make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
        make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
 
        /* store the response in the SMB stream */
@@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
 lsa_reply_lookup_rids
  ***************************************************************************/
 static void lsa_reply_lookup_rids(prs_struct *rdata,
-                               int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               int num_entries,
+                               uint32 dom_rids[MAX_LOOKUP_SIDS],
+                               uint8  dom_types[MAX_LOOKUP_SIDS])
 {
        LSA_R_LOOKUP_RIDS r_l;
 
        ZERO_STRUCT(r_l);
 
        /* set up the LSA Lookup RIDs response */
-       make_reply_lookup_rids(&r_l, num_entries, dom_rids,
-                               num_ref_doms, dom_names, dom_sids);
+       make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types);
+
        r_l.status = 0x0;
 
        /* store the response in the SMB stream */
@@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
                                 prs_struct *rdata )
 {
        LSA_Q_QUERY_INFO q_i;
-       pstring dom_name;
+       fstring name;
+       DOM_SID *sid = NULL;
+       memset(name, 0, sizeof(name));
 
        ZERO_STRUCT(q_i);
 
        /* grab the info class and policy handle */
        lsa_io_q_query("", &q_i, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
+       switch (q_i.info_class)
+       {
+               case 0x03:
+               {
+                       fstrcpy(name, global_myworkgroup);
+                       sid = &global_member_sid;
+                       break;
+               }
+               case 0x05:
+               {
+                       fstrcpy(name, global_sam_name);
+                       sid = &global_sam_sid;
+                       break;
+               }
+               default:
+               {
+                       DEBUG(5,("unknown info level in Lsa Query: %d\n",
+                                 q_i.info_class));
+                       break;
+               }
+       }
 
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
+       lsa_reply_query_info(&q_i, rdata, name, sid);
 }
 
 /***************************************************************************
@@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
                                  prs_struct *rdata )
 {
        LSA_Q_LOOKUP_SIDS q_l;
-       pstring dom_name;
-       DOM_SID sid_S_1_1;
-       DOM_SID sid_S_1_3;
-       DOM_SID sid_S_1_5;
-
-       DOM_SID *sid_array[4];
-       char    *dom_names[4];
-
        ZERO_STRUCT(q_l);
-       ZERO_STRUCT(sid_S_1_1);
-       ZERO_STRUCT(sid_S_1_3);
-       ZERO_STRUCT(sid_S_1_5);
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_sids("", &q_l, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
-
-       string_to_sid(&sid_S_1_1, "S-1-1");
-        string_to_sid(&sid_S_1_3, "S-1-3");
-        string_to_sid(&sid_S_1_5, "S-1-5");
-
-       dom_names[0] = dom_name;
-       sid_array[0] = &global_sam_sid;
-
-       dom_names[1] = "Everyone";
-       sid_array[1] = &sid_S_1_1;
-
-       dom_names[2] = "don't know";
-       sid_array[2] = &sid_S_1_3;
-
-       dom_names[3] = "NT AUTHORITY";
-       sid_array[3] = &sid_S_1_5;
-
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_lookup_sids(rdata,
-                              q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
-                              4, dom_names, sid_array);
+       lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries);
 }
 
 /***************************************************************************
@@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 {
        int i;
        LSA_Q_LOOKUP_RIDS q_l;
-       pstring dom_name;
        uint32 dom_rids[MAX_LOOKUP_SIDS];
-       uint32 dummy_g_rid;
-
-       DOM_SID sid_S_1_1;
-       DOM_SID sid_S_1_3;
-       DOM_SID sid_S_1_5;
-
-       DOM_SID *sid_array[4];
-       char    *dom_names[4];
+       uint8  dom_types[MAX_LOOKUP_SIDS];
 
        ZERO_STRUCT(q_l);
-       ZERO_STRUCT(sid_S_1_1);
-       ZERO_STRUCT(sid_S_1_3);
-       ZERO_STRUCT(sid_S_1_5);
        ZERO_ARRAY(dom_rids);   
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_rids("", &q_l, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
-
-       string_to_sid(&sid_S_1_1, "S-1-1");
-        string_to_sid(&sid_S_1_3, "S-1-3");
-        string_to_sid(&sid_S_1_5, "S-1-5");
-
-       dom_names[0] = dom_name;
-       sid_array[0] = &global_sam_sid;
-
-       dom_names[1] = "Everyone";
-       sid_array[1] = &sid_S_1_1;
-
-       dom_names[2] = "don't know";
-       sid_array[2] = &sid_S_1_3;
-
-       dom_names[3] = "NT AUTHORITY";
-       sid_array[3] = &sid_S_1_5;
-
        SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
 
        /* convert received RIDs to strings, so we can do them. */
        for (i = 0; i < q_l.num_entries; i++)
        {
-               fstring user_name;
-               fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
-
-               /*
-                * Map to the UNIX username.
-                */
-               map_username(user_name);
-
-               /*
-                * Do any case conversions.
-                */
-               (void)Get_Pwnam(user_name, True);
+               fstring name;
+               fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer));
 
-               if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
+               if (lookup_rid(name, &dom_rids[i], &dom_types[i]))
                {
                        /* WHOOPS!  we should really do something about this... */
                        dom_rids[i] = 0;
@@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_rids(rdata,
-                              q_l.num_entries, dom_rids, /* text-converted SIDs */
-                              4, dom_names, sid_array);
+                              q_l.num_entries,
+                             dom_rids, /* text-converted SIDs */
+                             dom_types); /* SID_NAME_USE types */
 }
 
 /***************************************************************************
index 758fac438657dd43dab4bc2acac14b7794617ef2..34ae6fd43c126b03cf35a9a57977f06d8159e925 100644 (file)
@@ -501,8 +501,9 @@ int smb_mem_free(void *ptr,char *file,int line)
 static void mem_write_Index_info(int Index,FILE *outfile)
 {
   if (memory_blocks[Index].status != S_UNALLOCATED)
-    fprintf(outfile,"block %d file %s(%d) : size %d, alloc size %d, status %s\n",
+    fprintf(outfile,"block %d file %s(%d) : ptr: %p size %d, alloc size %d, status %s\n",
            Index,memory_blocks[Index].file,memory_blocks[Index].line,
+           memory_blocks[Index].pointer,
            memory_blocks[Index].present_size,
            memory_blocks[Index].allocated_size,
            status_to_str(memory_blocks[Index].status));
index 60e31e6d44295fb8fcc6de7dc7876fc791a4e526..eef281b2f91590e390d71fc80e99db65c57a9e5f 100644 (file)
@@ -1,4 +1,4 @@
-#if  (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN))
+#if  (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN) && defined(HAVE_MALLOC_H))
 #include <malloc.h>
 #else
 
index d7ce42dae2422fc10555632f6249c960f2fe5184..2c9dd1327454b368135bbbdbe2c03ff019746a8f 100644 (file)
@@ -567,7 +567,7 @@ static void usage(char *pname)
 
   charset_initialise();
 
-  if(!initialize_password_db())
+  if(!initialise_password_db())
     exit(1);
 
 #ifdef LMHOSTSFILE
@@ -593,11 +593,11 @@ static void usage(char *pname)
      SIGUSR1 and SIGUSR2 to do debug level changes. */
 #ifndef MEM_MAN
 #if defined(SIGUSR1)
-  CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 );
+       CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 );
 #endif /* SIGUSR1 */
 
 #if defined(SIGUSR2)
-  CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 );
+       CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 );
 #endif /* SIGUSR2 */
 #endif /* MEM_MAN */
 
index 8b351168586905c79911dbd53c160335d043842b..7a28d3418f4de13b962ac2fbfa522a27ce1fcf06 100644 (file)
@@ -116,20 +116,16 @@ typedef struct
   char *szLogFile;
   char *szConfigFile;
   char *szSMBPasswdFile;
+  char *szSMBPassGroupFile;
+  char *szSMBGroupFile;
+  char *szSMBAliasFile;
   char *szPasswordServer;
   char *szSocketOptions;
   char *szValidChars;
   char *szWorkGroup;
-  char *szDomainAdminGroup;
-  char *szDomainGuestGroup;
-  char *szDomainAdminUsers;
-  char *szDomainGuestUsers;
-  char *szDomainHostsallow; 
-  char *szDomainHostsdeny;
   char *szUsernameMap;
-#ifdef USING_GROUPNAME_MAP
+  char *szAliasnameMap;
   char *szGroupnameMap;
-#endif /* USING_GROUPNAME_MAP */
   char *szCharacterSet;
   char *szLogonScript;
   char *szLogonPath;
@@ -146,7 +142,6 @@ typedef struct
   char *szAnnounceVersion; /* This is initialised in init_globals */
   char *szNetbiosAliases;
   char *szDomainOtherSIDs;
-  char *szDomainGroups;
   char *szDriverFile;
   char *szNameResolveOrder;
   char *szLdapServer;
@@ -501,6 +496,7 @@ static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3,
 static struct parm_struct parm_table[] =
 {
   {"Base Options", P_SEP, P_SEPARATOR},
+
   {"comment",          P_STRING,  P_LOCAL,  &sDefault.comment,          NULL,   NULL,  FLAG_BASIC|FLAG_PRINT},
   {"path",             P_STRING,  P_LOCAL,  &sDefault.szPath,           NULL,   NULL,  FLAG_BASIC|FLAG_PRINT},
   {"directory",        P_STRING,  P_LOCAL,  &sDefault.szPath,           NULL,   NULL,  0},
@@ -512,6 +508,7 @@ static struct parm_struct parm_table[] =
   {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL,   NULL,  0},
 
   {"Security Options", P_SEP, P_SEPARATOR},
+
   {"security",         P_ENUM,    P_GLOBAL, &Globals.security,          NULL,   enum_security, FLAG_BASIC},
   {"encrypt passwords",P_BOOL,    P_GLOBAL, &Globals.bEncryptPasswords, NULL,   NULL,  FLAG_BASIC},
   {"update encrypted", P_BOOL,    P_GLOBAL, &Globals.bUpdateEncrypt,    NULL,   NULL,  FLAG_BASIC},
@@ -520,6 +517,9 @@ static struct parm_struct parm_table[] =
   {"null passwords",   P_BOOL,    P_GLOBAL, &Globals.bNullPasswords,    NULL,   NULL,  0},
   {"password server",  P_STRING,  P_GLOBAL, &Globals.szPasswordServer,  NULL,   NULL,  0},
   {"smb passwd file",  P_STRING,  P_GLOBAL, &Globals.szSMBPasswdFile,   NULL,   NULL,  0},
+  {"smb passgrp file", P_STRING,  P_GLOBAL, &Globals.szSMBPassGroupFile, NULL,   NULL,  0},
+  {"smb group file",   P_STRING,  P_GLOBAL, &Globals.szSMBGroupFile,    NULL,   NULL,  0},
+  {"smb alias file",   P_STRING,  P_GLOBAL, &Globals.szSMBAliasFile,    NULL,   NULL,  0},
   {"hosts equiv",      P_STRING,  P_GLOBAL, &Globals.szHostsEquiv,      NULL,   NULL,  0},
   {"root directory",   P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL,   NULL,  0},
   {"root dir",         P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL,   NULL,  0},
@@ -567,6 +567,7 @@ static struct parm_struct parm_table[] =
 
 #ifdef WITH_SSL
   {"Secure Socket Layer Options", P_SEP, P_SEPARATOR},
+
   {"ssl",              P_BOOL,    P_GLOBAL, &Globals.sslEnabled,        NULL,   NULL,  0 },
   {"ssl hosts",        P_STRING,  P_GLOBAL, &Globals.sslHostsRequire,   NULL,   NULL,  0 },
   {"ssl hosts resign", P_STRING,  P_GLOBAL, &Globals.sslHostsResign,   NULL,   NULL,  0} ,
@@ -584,6 +585,7 @@ static struct parm_struct parm_table[] =
 #endif        /* WITH_SSL */
 
   {"Logging Options", P_SEP, P_SEPARATOR},
+
   {"log level",        P_INTEGER, P_GLOBAL, &DEBUGLEVEL,                NULL,   NULL,  FLAG_BASIC},
   {"debuglevel",       P_INTEGER, P_GLOBAL, &DEBUGLEVEL,                NULL,   NULL,  0},
   {"syslog",           P_INTEGER, P_GLOBAL, &Globals.syslog,            NULL,   NULL,  0},
@@ -595,6 +597,7 @@ static struct parm_struct parm_table[] =
   {"status",           P_BOOL,    P_LOCAL,  &sDefault.status,           NULL,   NULL,  FLAG_GLOBAL},
 
   {"Protocol Options", P_SEP, P_SEPARATOR},
+
   {"protocol",         P_ENUM,    P_GLOBAL, &Globals.maxprotocol,       NULL,   enum_protocol, 0},
   {"read bmpx",        P_BOOL,    P_GLOBAL, &Globals.bReadbmpx,         NULL,   NULL,  0},
   {"read raw",         P_BOOL,    P_GLOBAL, &Globals.bReadRaw,          NULL,   NULL,  0},
@@ -614,6 +617,7 @@ static struct parm_struct parm_table[] =
   {"time server",      P_BOOL,    P_GLOBAL, &Globals.bTimeServer,      NULL,   NULL,  0},
 
   {"Tuning Options", P_SEP, P_SEPARATOR},
+
   {"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL,   NULL,  0},
   {"deadtime",         P_INTEGER, P_GLOBAL, &Globals.deadtime,          NULL,   NULL,  0},
   {"getwd cache",      P_BOOL,    P_GLOBAL, &use_getwd_cache,           NULL,   NULL,  0},
@@ -632,6 +636,7 @@ static struct parm_struct parm_table[] =
   {"sync always",      P_BOOL,    P_LOCAL,  &sDefault.bSyncAlways,      NULL,   NULL,  0},
 
   {"Printing Options", P_SEP, P_SEPARATOR},
+
   {"load printers",    P_BOOL,    P_GLOBAL, &Globals.bLoadPrinters,     NULL,   NULL,  0},
   {"printcap name",    P_STRING,  P_GLOBAL, &Globals.szPrintcapname,    NULL,   NULL,  0},
   {"printcap",         P_STRING,  P_GLOBAL, &Globals.szPrintcapname,    NULL,   NULL,  0},
@@ -653,7 +658,6 @@ static struct parm_struct parm_table[] =
   {"printer driver",   P_STRING,  P_LOCAL,  &sDefault.szPrinterDriver,  NULL,   NULL,  0},
   {"printer driver location",   P_STRING,  P_LOCAL,  &sDefault.szPrinterDriverLocation,  NULL,   NULL,  FLAG_GLOBAL},
 
-
   {"Filename Handling", P_SEP, P_SEPARATOR},
   {"strip dot",        P_BOOL,    P_GLOBAL, &Globals.bStripDot,         NULL,   NULL,  0},
   {"character set",    P_STRING,  P_GLOBAL, &Globals.szCharacterSet,    handle_character_set, NULL,  0},
@@ -680,17 +684,13 @@ static struct parm_struct parm_table[] =
   {"stat cache",       P_BOOL,    P_GLOBAL, &Globals.bStatCache,        NULL,   NULL,  0},
 
   {"Domain Options", P_SEP, P_SEPARATOR},
-  {"domain groups",    P_STRING,  P_GLOBAL, &Globals.szDomainGroups,    NULL,   NULL,  0},
-  {"domain admin group",P_STRING, P_GLOBAL, &Globals.szDomainAdminGroup, NULL,   NULL,  0},
-  {"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL,   NULL,  0},
-  {"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL,   NULL,  0},
-  {"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL,   NULL,  0},
-#ifdef USING_GROUPNAME_MAP
-  {"groupname map",     P_STRING, P_GLOBAL, &Globals.szGroupnameMap,     NULL,   NULL,  0},
-#endif /* USING_GROUPNAME_MAP */
+
+  {"local group map",   P_STRING, P_GLOBAL, &Globals.szAliasnameMap,     NULL,   NULL,  0},
+  {"domain group map",  P_STRING, P_GLOBAL, &Globals.szGroupnameMap,     NULL,   NULL,  0},
   {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout,  NULL,   NULL,  0},
 
   {"Logon Options", P_SEP, P_SEPARATOR},
+
   {"logon script",     P_STRING,  P_GLOBAL, &Globals.szLogonScript,     NULL,   NULL,  0},
   {"logon path",       P_STRING,  P_GLOBAL, &Globals.szLogonPath,       NULL,   NULL,  0},
   {"logon drive",      P_STRING,  P_GLOBAL, &Globals.szLogonDrive,      NULL,   NULL,  0},
@@ -698,6 +698,7 @@ static struct parm_struct parm_table[] =
   {"domain logons",    P_BOOL,    P_GLOBAL, &Globals.bDomainLogons,     NULL,   NULL,  0},
 
   {"Browse Options", P_SEP, P_SEPARATOR},
+
   {"os level",         P_INTEGER, P_GLOBAL, &Globals.os_level,          NULL,   NULL,  FLAG_BASIC},
   {"lm announce",      P_ENUM,    P_GLOBAL, &Globals.lm_announce,       NULL,   enum_lm_announce, 0},
   {"lm interval",      P_INTEGER, P_GLOBAL, &Globals.lm_interval,       NULL,   NULL,  0},
@@ -710,12 +711,14 @@ static struct parm_struct parm_table[] =
   {"browsable",        P_BOOL,    P_LOCAL,  &sDefault.bBrowseable,      NULL,   NULL,  0},
 
   {"WINS Options", P_SEP, P_SEPARATOR},
+
   {"dns proxy",        P_BOOL,    P_GLOBAL, &Globals.bDNSproxy,         NULL,   NULL,  0},
   {"wins proxy",       P_BOOL,    P_GLOBAL, &Globals.bWINSproxy,        NULL,   NULL,  0},
   {"wins server",      P_STRING,  P_GLOBAL, &Globals.szWINSserver,      NULL,   NULL,  FLAG_BASIC},
   {"wins support",     P_BOOL,    P_GLOBAL, &Globals.bWINSsupport,      NULL,   NULL,  FLAG_BASIC},
 
   {"Locking Options", P_SEP, P_SEPARATOR},
+
   {"blocking locks",   P_BOOL,    P_LOCAL,  &sDefault.bBlockingLocks,    NULL,   NULL,  0},
   {"fake oplocks",     P_BOOL,    P_LOCAL,  &sDefault.bFakeOplocks,     NULL,   NULL,  0},
   {"kernel oplocks",   P_BOOL,    P_GLOBAL, &Globals.bKernelOplocks,    NULL,   NULL,  FLAG_GLOBAL},
@@ -727,6 +730,7 @@ static struct parm_struct parm_table[] =
 
 #ifdef WITH_LDAP
   {"Ldap Options", P_SEP, P_SEPARATOR},
+
   {"ldap server",      P_STRING,  P_GLOBAL, &Globals.szLdapServer,      NULL,   NULL,  0},
   {"ldap port",        P_INTEGER, P_GLOBAL, &Globals.ldap_port,         NULL,   NULL,  0},
   {"ldap suffix",      P_STRING,  P_GLOBAL, &Globals.szLdapSuffix,      NULL,   NULL,  0},
@@ -737,6 +741,7 @@ static struct parm_struct parm_table[] =
 
 
   {"Miscellaneous Options", P_SEP, P_SEPARATOR},
+
   {"smbrun",           P_STRING,  P_GLOBAL, &Globals.szSmbrun,          NULL,   NULL,  0},
   {"config file",      P_STRING,  P_GLOBAL, &Globals.szConfigFile,      NULL,   NULL,  FLAG_HIDE},
   {"preload",          P_STRING,  P_GLOBAL, &Globals.szAutoServices,    NULL,   NULL,  0},
@@ -814,6 +819,9 @@ static void init_globals(void)
   DEBUG(3,("Initialising global parameters\n"));
 
   string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
+  string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE);
+  string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE);
+  string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE);
   string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*");
   string_set(&Globals.szWorkGroup, WORKGROUP);
   string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM);
@@ -1093,6 +1101,9 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile)
 FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun)
 FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile)
 FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile)
+FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile)
+FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile)
+FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile)
 FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString)
 FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname)
 FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir)
@@ -1107,9 +1118,8 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer)
 FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder)
 FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
 FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
-#ifdef USING_GROUPNAME_MAP
+FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap)
 FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
-#endif /* USING_GROUPNAME_MAP */
 FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) 
 FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) 
 FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive) 
@@ -1125,12 +1135,6 @@ FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases)
 FN_GLOBAL_STRING(lp_driverfile,&Globals.szDriverFile)
 FN_GLOBAL_STRING(lp_panic_action,&Globals.szPanicAction)
 
-FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups)
-FN_GLOBAL_STRING(lp_domain_admin_group,&Globals.szDomainAdminGroup)
-FN_GLOBAL_STRING(lp_domain_guest_group,&Globals.szDomainGuestGroup)
-FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers)
-FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers)
-
 #ifdef WITH_LDAP
 FN_GLOBAL_STRING(lp_ldap_server,&Globals.szLdapServer);
 FN_GLOBAL_STRING(lp_ldap_suffix,&Globals.szLdapSuffix);
index ed275c4a88f9fd099fe4c90f72e3f9afbebab0d8..af48ebbdc05ef13f7513c60be49930e916d166f8 100644 (file)
@@ -223,7 +223,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
        static unsigned char smblmpwd[16];
        static unsigned char smbntpwd[16];
 
-       pdb_init_smb(user);
+       pwdb_init_smb(user);
 
        bzero(smblmpwd, sizeof(smblmpwd));
        bzero(smbntpwd, sizeof(smbntpwd));
@@ -237,16 +237,16 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
        bzero(temp, sizeof(temp)); /* destroy local copy of the password */
 #else
        get_single_attribute(ldap_struct, entry, "unicodePwd", temp);
-       pdb_gethexpwd(temp, smbntpwd);          
+       pwdb_gethexpwd(temp, smbntpwd);         
        bzero(temp, sizeof(temp)); /* destroy local copy of the password */
 
        get_single_attribute(ldap_struct, entry, "dBCSPwd", temp);
-       pdb_gethexpwd(temp, smblmpwd);          
+       pwdb_gethexpwd(temp, smblmpwd);         
        bzero(temp, sizeof(temp)); /* destroy local copy of the password */
 #endif
        
        get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
-       user->acct_ctrl = pdb_decode_acct_ctrl(temp);
+       user->acct_ctrl = pwdb_decode_acct_ctrl(temp);
 
        get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
        user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
@@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
        get_single_attribute(ldap_struct, entry, "rid", temp);
 
        /* the smb (unix) ids are not stored: they are created */
-       user->smb_userid = pdb_user_rid_to_uid (atoi(temp));
+       user->smb_userid = pwdb_user_rid_to_uid (atoi(temp));
 
        if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
        {
@@ -288,7 +288,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
        static pstring temp;
        static struct smb_passwd pw_buf;
 
-       pdb_init_sam(user);
+       pwdb_init_sam(user);
 
        ldap_get_smb_passwd(ldap_struct, entry, &pw_buf);
        
@@ -576,7 +576,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
        
        make_a_mod(&mods, ldap_state, "rid", rid);
        make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
-       make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+       make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
        
        switch(flag)
        {
@@ -708,7 +708,7 @@ static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag)
        
        make_a_mod(&mods, ldap_state, "rid", rid);
        make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
-       make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN));
+       make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN));
        
        ldap_modify_s(ldap_struct, dn, mods);
        
@@ -922,52 +922,52 @@ static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok)
 
 static struct smb_passwd *getldappwnam(char *name)
 {
-  return pdb_sam_to_smb(iterate_getsam21pwnam(name));
+  return pwdb_sam_to_smb(iterate_getsam21pwnam(name));
 }
 
 static struct smb_passwd *getldappwuid(uid_t smb_userid)
 {
-  return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
+  return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
 }
 
 static struct smb_passwd *getldappwrid(uint32 user_rid)
 {
-  return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid)));
+  return pwdb_sam_to_smb(iterate_getsam21pwuid(pwdb_user_rid_to_uid(user_rid)));
 }
 
 static struct smb_passwd *getldappwent(void *vp)
 {
-  return pdb_sam_to_smb(getldap21pwent(vp));
+  return pwdb_sam_to_smb(getldap21pwent(vp));
 }
 
 static BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
 {
-  return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd));
+  return add_ldap21pwd_entry(pwdb_smb_to_sam(newpwd));
 }
 
 static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
 {
-  return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override);
+  return mod_ldap21pwd_entry(pwdb_smb_to_sam(pwd), override);
 }
 
 static struct sam_disp_info *getldapdispnam(char *name)
 {
-       return pdb_sam_to_dispinfo(getldap21pwnam(name));
+       return pwdb_sam_to_dispinfo(getldap21pwnam(name));
 }
 
 static struct sam_disp_info *getldapdisprid(uint32 rid)
 {
-       return pdb_sam_to_dispinfo(getldap21pwrid(rid));
+       return pwdb_sam_to_dispinfo(getldap21pwrid(rid));
 }
 
 static struct sam_disp_info *getldapdispent(void *vp)
 {
-       return pdb_sam_to_dispinfo(getldap21pwent(vp));
+       return pwdb_sam_to_dispinfo(getldap21pwent(vp));
 }
 
 static struct sam_passwd *getldap21pwuid(uid_t uid)
 {
-       return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid)));
+       return pwdb_smb_to_sam(iterate_getsam21pwuid(pwdb_uid_to_user_rid(uid)));
 }
 
 static struct passdb_ops ldap_ops =
index e750fec1a1e0bd2e5a8604ba9ec13ff5bfcb9cef..489ccbf25f4e008be98299e984ec7649462c8113 100644 (file)
@@ -361,22 +361,22 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
        new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol;
        new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col));
 
-       pdb_sethexpwd(smb_passwd   , newpwd->smb_passwd   , newpwd->acct_ctrl);
-       pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
+       pwdb_sethexpwd(smb_passwd   , newpwd->smb_passwd   , newpwd->acct_ctrl);
+       pwdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
 
-       pdb_set_logon_time      (logon_t  , sizeof(logon_t  ), newpwd->logon_time           );
-       pdb_set_logoff_time     (logoff_t , sizeof(logoff_t ), newpwd->logoff_time          );
-       pdb_set_kickoff_time    (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time         );
-       pdb_set_last_set_time   (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time   ); 
-       pdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); 
-       pdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); 
+       pwdb_set_logon_time      (logon_t  , sizeof(logon_t  ), newpwd->logon_time           );
+       pwdb_set_logoff_time     (logoff_t , sizeof(logoff_t ), newpwd->logoff_time          );
+       pwdb_set_kickoff_time    (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time         );
+       pwdb_set_last_set_time   (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time   ); 
+       pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); 
+       pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); 
 
        slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid);
        slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid);
        slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid);
        slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid);
 
-       safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); 
+       safe_strcpy(acb, pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); 
 
        set_single_attribute(&new_obj, NPF_NAME          , newpwd->smb_name     , strlen(newpwd->smb_name)     , 0);
        set_single_attribute(&new_obj, NPF_UID           , uid                  , strlen(uid)                  , 0);
@@ -456,7 +456,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
 
        if (pw_buf == NULL || result == NULL) return False;
 
-       pdb_init_sam(pw_buf);
+       pwdb_init_sam(pw_buf);
 
        if (result->status != NIS_SUCCESS)
        {
@@ -482,7 +482,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
 
        /* Check the lanman password column. */
        p = (uchar *)ENTRY_VAL(obj, NPF_LMPWD);
-       if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd))
+       if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbpwd))
        {
                DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n"));
                return False;
@@ -490,7 +490,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
 
        /* Check the NT password column. */
        p = (uchar *)ENTRY_VAL(obj, NPF_NTPWD);
-       if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd))
+       if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbntpwd))
        {
                DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n"));
                return False;
@@ -603,52 +603,52 @@ static struct sam_passwd *getnisp21pwrid(uint32 rid)
 
 static struct smb_passwd *getnisppwent(void *vp)
 {
-       return pdb_sam_to_smb(getnisp21pwent(vp));
+       return pwdb_sam_to_smb(getnisp21pwent(vp));
 }
 
 static BOOL add_nisppwd_entry(struct smb_passwd *newpwd)
 {
-       return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd));
+       return add_nisp21pwd_entry(pwdb_smb_to_sam(newpwd));
 }
 
 static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override)
 {
-       return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override);
+       return mod_nisp21pwd_entry(pwdb_smb_to_sam(pwd), override);
 }
 
 static struct smb_passwd *getnisppwnam(char *name)
 {
-       return pdb_sam_to_smb(getnisp21pwnam(name));
+       return pwdb_sam_to_smb(getnisp21pwnam(name));
 }
 
 static struct sam_passwd *getnisp21pwuid(uid_t smb_userid)
 {
-       return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid));
+       return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid));
 }
 
 static struct smb_passwd *getnisppwrid(uid_t user_rid)
 {
-       return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid)));
+       return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid)));
 }
 
 static struct smb_passwd *getnisppwuid(uid_t smb_userid)
 {
-       return pdb_sam_to_smb(getnisp21pwuid(smb_userid));
+       return pwdb_sam_to_smb(getnisp21pwuid(smb_userid));
 }
 
 static struct sam_disp_info *getnispdispnam(char *name)
 {
-       return pdb_sam_to_dispinfo(getnisp21pwnam(name));
+       return pwdb_sam_to_dispinfo(getnisp21pwnam(name));
 }
 
 static struct sam_disp_info *getnispdisprid(uint32 rid)
 {
-       return pdb_sam_to_dispinfo(getnisp21pwrid(rid));
+       return pwdb_sam_to_dispinfo(getnisp21pwrid(rid));
 }
 
 static struct sam_disp_info *getnispdispent(void *vp)
 {
-       return pdb_sam_to_dispinfo(getnisp21pwent(vp));
+       return pwdb_sam_to_dispinfo(getnisp21pwent(vp));
 }
 
 static struct passdb_ops nispasswd_ops = {
index f29a9ff570749853e7c3983fc63aec3642db43ff..a4c663e388264395c33e7f24a6658d0d380dc330 100644 (file)
 
 extern int DEBUGLEVEL;
 
-/*
- * This is set on startup - it defines the SID for this
- * machine, and therefore the SAM database for which it is
- * responsible.
- */
-
-DOM_SID global_sam_sid;
-
 /*
  * NOTE. All these functions are abstracted into a structure
  * that points to the correct function for the selected database. JRA.
@@ -49,36 +41,39 @@ DOM_SID global_sam_sid;
  * functions in a first pass, as struct sam_passwd contains more
  * information, needed by the NT Domain support.
  * 
- * a full example set of derivative functions are listed below.  an API
- * writer is expected to cut/paste these into their module, replace
- * either one set (struct smb_passwd) or the other (struct sam_passwd)
- * OR both, and optionally also to write display info routines
- * (struct sam_disp_info).  lkcl
+ * an API writer is expected to create either one set (struct smb_passwd) or
+ * the other (struct sam_passwd) OR both, and optionally also to write display
+ * info routines * (struct sam_disp_info).  functions which the API writer
+ * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y)
+ * such that API users can call any function and still get valid results.
+ *
+ * the password API does NOT fill in the gaps if you set an API function
+ * to NULL: it will deliberately attempt to call the NULL function.
  *
  */
 
-static struct passdb_ops *pdb_ops;
+static struct passdb_ops *pwdb_ops;
 
 /***************************************************************
- Initialize the password db operations.
+ Initialise the password db operations.
 ***************************************************************/
 
-BOOL initialize_password_db(void)
+BOOL initialise_password_db(void)
 {
-  if (pdb_ops)
+  if (pwdb_ops)
   {
     return True;
   }
 
 #ifdef WITH_NISPLUS
-  pdb_ops =  nisplus_initialize_password_db();
+  pwdb_ops =  nisplus_initialise_password_db();
 #elif defined(WITH_LDAP)
-  pdb_ops = ldap_initialize_password_db();
+  pwdb_ops = ldap_initialise_password_db();
 #else 
-  pdb_ops = file_initialize_password_db();
+  pwdb_ops = file_initialise_password_db();
 #endif 
 
-  return (pdb_ops != NULL);
+  return (pwdb_ops != NULL);
 }
 
 /*
@@ -91,7 +86,7 @@ BOOL initialize_password_db(void)
 
 struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid)
 {
-       return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid));
+       return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid));
 }
 
 /************************************************************************
@@ -173,7 +168,7 @@ struct smb_passwd *iterate_getsmbpwnam(char *name)
 
 void *startsmbpwent(BOOL update)
 {
-  return pdb_ops->startsmbpwent(update);
+  return pwdb_ops->startsmbpwent(update);
 }
 
 /***************************************************************
@@ -188,7 +183,7 @@ void *startsmbpwent(BOOL update)
 
 void endsmbpwent(void *vp)
 {
-  pdb_ops->endsmbpwent(vp);
+  pwdb_ops->endsmbpwent(vp);
 }
 
 /*************************************************************************
@@ -197,7 +192,7 @@ void endsmbpwent(void *vp)
 
 struct smb_passwd *getsmbpwent(void *vp)
 {
-       return pdb_ops->getsmbpwent(vp);
+       return pwdb_ops->getsmbpwent(vp);
 }
 
 /************************************************************************
@@ -206,7 +201,7 @@ struct smb_passwd *getsmbpwent(void *vp)
 
 BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
 {
-       return pdb_ops->add_smbpwd_entry(newpwd);
+       return pwdb_ops->add_smbpwd_entry(newpwd);
 }
 
 /************************************************************************
@@ -220,7 +215,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
 
 BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
 {
-       return pdb_ops->mod_smbpwd_entry(pwd, override);
+       return pwdb_ops->mod_smbpwd_entry(pwd, override);
 }
 
 /************************************************************************
@@ -229,7 +224,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
 
 struct smb_passwd *getsmbpwnam(char *name)
 {
-       return pdb_ops->getsmbpwnam(name);
+       return pwdb_ops->getsmbpwnam(name);
 }
 
 /************************************************************************
@@ -238,7 +233,7 @@ struct smb_passwd *getsmbpwnam(char *name)
 
 struct smb_passwd *getsmbpwrid(uint32 user_rid)
 {
-       return pdb_ops->getsmbpwrid(user_rid);
+       return pwdb_ops->getsmbpwrid(user_rid);
 }
 
 /************************************************************************
@@ -247,7 +242,7 @@ struct smb_passwd *getsmbpwrid(uint32 user_rid)
 
 struct smb_passwd *getsmbpwuid(uid_t smb_userid)
 {
-       return pdb_ops->getsmbpwuid(smb_userid);
+       return pwdb_ops->getsmbpwuid(smb_userid);
 }
 
 /*
@@ -370,7 +365,7 @@ struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
  *************************************************************************/
 struct sam_disp_info *getsamdisprid(uint32 rid)
 {
-       return pdb_ops->getsamdisprid(rid);
+       return pwdb_ops->getsamdisprid(rid);
 }
 
 /*************************************************************************
@@ -379,7 +374,7 @@ struct sam_disp_info *getsamdisprid(uint32 rid)
 
 struct sam_passwd *getsam21pwent(void *vp)
 {
-       return pdb_ops->getsam21pwent(vp);
+       return pwdb_ops->getsam21pwent(vp);
 }
 
 
@@ -389,7 +384,7 @@ struct sam_passwd *getsam21pwent(void *vp)
 
 struct sam_passwd *getsam21pwnam(char *name)
 {
-       return pdb_ops->getsam21pwnam(name);
+       return pwdb_ops->getsam21pwnam(name);
 }
 
 /************************************************************************
@@ -398,7 +393,7 @@ struct sam_passwd *getsam21pwnam(char *name)
 
 struct sam_passwd *getsam21pwrid(uint32 rid)
 {
-       return pdb_ops->getsam21pwrid(rid);
+       return pwdb_ops->getsam21pwrid(rid);
 }
 
 
@@ -415,7 +410,7 @@ struct sam_passwd *getsam21pwrid(uint32 rid)
  initialises a struct sam_disp_info.
  **************************************************************/
 
-static void pdb_init_dispinfo(struct sam_disp_info *user)
+static void pwdb_init_dispinfo(struct sam_disp_info *user)
 {
        if (user == NULL) return;
        bzero(user, sizeof(*user));
@@ -425,7 +420,7 @@ static void pdb_init_dispinfo(struct sam_disp_info *user)
  initialises a struct smb_passwd.
  **************************************************************/
 
-void pdb_init_smb(struct smb_passwd *user)
+void pwdb_init_smb(struct smb_passwd *user)
 {
        if (user == NULL) return;
        bzero(user, sizeof(*user));
@@ -435,7 +430,7 @@ void pdb_init_smb(struct smb_passwd *user)
 /*************************************************************
  initialises a struct sam_passwd.
  **************************************************************/
-void pdb_init_sam(struct sam_passwd *user)
+void pwdb_init_sam(struct sam_passwd *user)
 {
        if (user == NULL) return;
        bzero(user, sizeof(*user));
@@ -451,13 +446,13 @@ void pdb_init_sam(struct sam_passwd *user)
  Routine to return the next entry in the sam passwd list.
  *************************************************************************/
 
-struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user)
+struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
 {
        static struct sam_disp_info disp_info;
 
        if (user == NULL) return NULL;
 
-       pdb_init_dispinfo(&disp_info);
+       pwdb_init_dispinfo(&disp_info);
 
        disp_info.smb_name  = user->smb_name;
        disp_info.full_name = user->full_name;
@@ -470,13 +465,13 @@ struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user)
  converts a sam_passwd structure to a smb_passwd structure.
  **************************************************************/
 
-struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user)
+struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
 {
        static struct smb_passwd pw_buf;
 
        if (user == NULL) return NULL;
 
-       pdb_init_smb(&pw_buf);
+       pwdb_init_smb(&pw_buf);
 
        pw_buf.smb_userid         = user->smb_userid;
        pw_buf.smb_name           = user->smb_name;
@@ -493,13 +488,13 @@ struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user)
  converts a smb_passwd structure to a sam_passwd structure.
  **************************************************************/
 
-struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user)
+struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
 {
        static struct sam_passwd pw_buf;
 
        if (user == NULL) return NULL;
 
-       pdb_init_sam(&pw_buf);
+       pwdb_init_sam(&pw_buf);
 
        pw_buf.smb_userid         = user->smb_userid;
        pw_buf.smb_name           = user->smb_name;
@@ -517,7 +512,7 @@ struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user)
  null). length *MUST BE MORE THAN 2* !
  **********************************************************/
 
-char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
 {
   static fstring acct_str;
   size_t i = 0;
@@ -553,7 +548,7 @@ char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
  15 lines, which is more important.
  **********************************************************/
 
-uint16 pdb_decode_acct_ctrl(char *p)
+uint16 pwdb_decode_acct_ctrl(char *p)
 {
        uint16 acct_ctrl = 0;
        BOOL finished = False;
@@ -603,7 +598,9 @@ static time_t get_time_from_string(char *p)
        for (i = 0; i < 8; i++)
        {
                if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
-               break;
+               {
+                       break;
+               }
        }
        if (i == 8)
        {
@@ -621,7 +618,7 @@ static time_t get_time_from_string(char *p)
  gets password last set time
  ********************************************************************/
 
-time_t pdb_get_last_set_time(char *p)
+time_t pwdb_get_last_set_time(char *p)
 {
        if (*p && StrnCaseCmp((char *)p, "LCT-", 4))
        {
@@ -642,7 +639,7 @@ static void set_time_in_string(char *p, int max_len, char *type, time_t t)
 /*******************************************************************
  sets logon time
  ********************************************************************/
-void pdb_set_logon_time(char *p, int max_len, time_t t)
+void pwdb_set_logon_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "LNT", t);
 }
@@ -650,7 +647,7 @@ void pdb_set_logon_time(char *p, int max_len, time_t t)
 /*******************************************************************
  sets logoff time
  ********************************************************************/
-void pdb_set_logoff_time(char *p, int max_len, time_t t)
+void pwdb_set_logoff_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "LOT", t);
 }
@@ -658,7 +655,7 @@ void pdb_set_logoff_time(char *p, int max_len, time_t t)
 /*******************************************************************
  sets kickoff time
  ********************************************************************/
-void pdb_set_kickoff_time(char *p, int max_len, time_t t)
+void pwdb_set_kickoff_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "KOT", t);
 }
@@ -666,7 +663,7 @@ void pdb_set_kickoff_time(char *p, int max_len, time_t t)
 /*******************************************************************
  sets password can change time
  ********************************************************************/
-void pdb_set_can_change_time(char *p, int max_len, time_t t)
+void pwdb_set_can_change_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "CCT", t);
 }
@@ -674,7 +671,7 @@ void pdb_set_can_change_time(char *p, int max_len, time_t t)
 /*******************************************************************
  sets password last set time
  ********************************************************************/
-void pdb_set_must_change_time(char *p, int max_len, time_t t)
+void pwdb_set_must_change_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "MCT", t);
 }
@@ -682,7 +679,7 @@ void pdb_set_must_change_time(char *p, int max_len, time_t t)
 /*******************************************************************
  sets password last set time
  ********************************************************************/
-void pdb_set_last_set_time(char *p, int max_len, time_t t)
+void pwdb_set_last_set_time(char *p, int max_len, time_t t)
 {
        set_time_in_string(p, max_len, "LCT", t);
 }
@@ -691,7 +688,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t)
 /*************************************************************
  Routine to set 32 hex password characters from a 16 byte array.
 **************************************************************/
-void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl)
+void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl)
 {
        if (pwd != NULL)
        {
@@ -713,327 +710,114 @@ void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl)
                }
        }
 }
+
 /*************************************************************
  Routine to get the 32 hex characters and turn them
  into a 16 byte array.
 **************************************************************/
-BOOL pdb_gethexpwd(char *p, char *pwd)
+BOOL pwdb_gethexpwd(char *p, char *pwd)
 {
-       int i;
-       unsigned char   lonybble, hinybble;
-       char           *hexchars = "0123456789ABCDEF";
-       char           *p1, *p2;
-
-       for (i = 0; i < 32; i += 2)
-       {
-               hinybble = toupper(p[i]);
-               lonybble = toupper(p[i + 1]);
-
-               p1 = strchr(hexchars, hinybble);
-               p2 = strchr(hexchars, lonybble);
-
-               if (!p1 || !p2)
-               {
-                       return (False);
-               }
-
-               hinybble = PTR_DIFF(p1, hexchars);
-               lonybble = PTR_DIFF(p2, hexchars);
-
-               pwd[i / 2] = (hinybble << 4) | lonybble;
-       }
-       return (True);
+       return strhex_to_str(pwd, 32, p) == 16;
 }
 
 /*******************************************************************
- Group and User RID username mapping function
+ converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
  ********************************************************************/
-
-BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+uid_t pwdb_user_rid_to_uid(uint32 user_rid)
 {
-    struct passwd *pw = Get_Pwnam(user_name, False);
-
-       if (u_rid == NULL || g_rid == NULL || user_name == NULL)
-       {
-               return False;
-       }
-
-       if (!pw)
-       {
-               DEBUG(1,("Username %s is invalid on this system\n", user_name));
-               return False;
-       }
-
-       if (user_in_list(user_name, lp_domain_guest_users()))
-       {
-               *u_rid = DOMAIN_USER_RID_GUEST;
-       }
-       else if (user_in_list(user_name, lp_domain_admin_users()))
-       {
-               *u_rid = DOMAIN_USER_RID_ADMIN;
-       }
-       else
-       {
-               /* turn the unix UID into a Domain RID.  this is what the posix
-                  sub-system does (adds 1000 to the uid) */
-               *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
-       }
-
-       /* absolutely no idea what to do about the unix GID to Domain RID mapping */
-       *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
-
-       return True;
+       uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER);
+       return uid;
 }
 
-/****************************************************************************
- Read the machine SID from a file.
-****************************************************************************/
-
-static BOOL read_sid_from_file(int fd, char *sid_file)
-{   
-  fstring fline;
-    
-  memset(fline, '\0', sizeof(fline));
-
-  if(read(fd, fline, sizeof(fline) -1 ) < 0) {
-    DEBUG(0,("unable to read file %s. Error was %s\n",
-           sid_file, strerror(errno) ));
-    return False;
-  }
-
-  /*
-   * Convert to the machine SID.
-   */
-
-  fline[sizeof(fline)-1] = '\0';
-  if(!string_to_sid( &global_sam_sid, fline)) {
-    DEBUG(0,("unable to generate machine SID.\n"));
-    return False;
-  }
-
-  return True;
+/*******************************************************************
+ converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+uint32 pwdb_uid_to_user_rid(uid_t uid)
+{
+       uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
+       return user_rid;
 }
 
-/****************************************************************************
- Generate the global machine sid. Look for the MACHINE.SID file first, if
- not found then look in smb.conf and use it to create the MACHINE.SID file.
-****************************************************************************/
-BOOL pdb_generate_sam_sid(void)
+/*******************************************************************
+ converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+uint32 pwdb_gid_to_group_rid(gid_t gid)
 {
-       int fd;
-       char *p;
-       pstring sid_file;
-       fstring sid_string;
-       SMB_STRUCT_STAT st;
-       uchar raw_sid_data[12];
-
-       pstrcpy(sid_file, lp_smb_passwd_file());
-       p = strrchr(sid_file, '/');
-       if(p != NULL) {
-               *++p = '\0';
-       }
-
-       if (!directory_exist(sid_file, NULL)) {
-               if (dos_mkdir(sid_file, 0700) != 0) {
-                       DEBUG(0,("can't create private directory %s : %s\n",
-                                sid_file, strerror(errno)));
-                       return False;
-               }
-       }
-
-       pstrcat(sid_file, "MACHINE.SID");
-    
-       if((fd = open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
-               DEBUG(0,("unable to open or create file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               return False;
-       } 
-  
-       /*
-        * Check if the file contains data.
-        */
-       
-       if(sys_fstat( fd, &st) < 0) {
-               DEBUG(0,("unable to stat file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       if(st.st_size > 0) {
-               /*
-                * We have a valid SID - read it.
-                */
-               if(!read_sid_from_file( fd, sid_file)) {
-                       DEBUG(0,("unable to read file %s. Error was %s\n",
-                                sid_file, strerror(errno) ));
-                       close(fd);
-                       return False;
-               }
-               close(fd);
-               return True;
-       } 
-  
-       /*
-        * The file contains no data - we need to generate our
-        * own sid.
-        */
-       
-       {
-               /*
-                * Generate the new sid data & turn it into a string.
-                */
-               int i;
-               generate_random_buffer( raw_sid_data, 12, True);
-               
-               fstrcpy( sid_string, "S-1-5-21");
-               for( i = 0; i < 3; i++) {
-                       fstring tmp_string;
-                       slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4));
-                       fstrcat( sid_string, tmp_string);
-               }
-       } 
-       
-       fstrcat(sid_string, "\n");
-       
-       /*
-        * Ensure our new SID is valid.
-        */
-       
-       if(!string_to_sid( &global_sam_sid, sid_string)) {
-               DEBUG(0,("unable to generate machine SID.\n"));
-               return False;
-       } 
-  
-       /*
-        * Do an exclusive blocking lock on the file.
-        */
-       
-       if(!do_file_lock( fd, 60, F_WRLCK)) {
-               DEBUG(0,("unable to lock file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       /*
-        * At this point we have a blocking lock on the SID
-        * file - check if in the meantime someone else wrote
-        * SID data into the file. If so - they were here first,
-        * use their data.
-        */
-       
-       if(sys_fstat( fd, &st) < 0) {
-               DEBUG(0,("unable to stat file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-  
-       if(st.st_size > 0) {
-               /*
-                * Unlock as soon as possible to reduce
-                * contention on the exclusive lock.
-                */ 
-               do_file_lock( fd, 60, F_UNLCK);
-               
-               /*
-                * We have a valid SID - read it.
-                */
-               
-               if(!read_sid_from_file( fd, sid_file)) {
-                       DEBUG(0,("unable to read file %s. Error was %s\n",
-                                sid_file, strerror(errno) ));
-                       close(fd);
-                       return False;
-               }
-               close(fd);
-               return True;
-       } 
-       
-       /*
-        * The file is still empty and we have an exlusive lock on it.
-        * Write out out SID data into the file.
-        */
-       
-       if(fchmod(fd, 0644) < 0) {
-               DEBUG(0,("unable to set correct permissions on file %s. \
-Error was %s\n", sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-       
-       if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
-               DEBUG(0,("unable to write file %s. Error was %s\n",
-                        sid_file, strerror(errno) ));
-               close(fd);
-               return False;
-       } 
-       
-       /*
-        * Unlock & exit.
-        */
-       
-       do_file_lock( fd, 60, F_UNLCK);
-       close(fd);
-       return True;
-}   
+       uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
+       return grp_rid;
+}
 
 /*******************************************************************
- converts UNIX uid to an NT User RID.
+ converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
  ********************************************************************/
-
-uid_t pdb_user_rid_to_uid(uint32 user_rid)
+gid_t pwdb_group_rid_to_gid(uint32 group_rid)
 {
-       return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+       gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER);
+       return gid;
 }
 
 /*******************************************************************
- converts UNIX uid to an NT User RID.
+ converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
  ********************************************************************/
-
-uint32 pdb_uid_to_user_rid(uid_t uid)
+uint32 pwdb_gid_to_alias_rid(gid_t gid)
 {
-       return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+       uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
+       return alias_rid;
 }
 
 /*******************************************************************
- converts NT Group RID to a UNIX uid.
+ converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
  ********************************************************************/
-
-uint32 pdb_gid_to_group_rid(gid_t gid)
+gid_t pwdb_alias_rid_to_gid(uint32 alias_rid)
 {
-  return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
+       gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER);
+       return gid;
 }
 
 /*******************************************************************
  Decides if a RID is a well known RID.
  ********************************************************************/
+static BOOL pwdb_rid_is_well_known(uint32 rid)
+{
+       return (rid < 1000);
+}
 
-static BOOL pdb_rid_is_well_known(uint32 rid)
+/*******************************************************************
+ determines a rid's type.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
+ ********************************************************************/
+static uint32 pwdb_rid_type(uint32 rid)
 {
-  return (rid < 1000);
+       /* lkcl i understand that NT attaches an enumeration to a RID
+        * such that it can be identified as either a user, group etc
+        * type: SID_ENUM_TYPE.
+        */
+       if (pwdb_rid_is_well_known(rid))
+       {
+               /*
+                * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+                * and DOMAIN_USER_RID_GUEST.
+                */
+               if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+               {
+                       return RID_TYPE_USER;
+               }
+               if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
+               {
+                       return RID_TYPE_GROUP;
+               }
+               if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
+               {
+                       return RID_TYPE_ALIAS;
+               }
+       }
+       return (rid & RID_TYPE_MASK);
 }
 
 /*******************************************************************
- Decides if a RID is a user or group RID.
+ checks whether rid is a user rid.  NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
  ********************************************************************/
-  
-BOOL pdb_rid_is_user(uint32 rid)
+BOOL pwdb_rid_is_user(uint32 rid)
 {
-  /* lkcl i understand that NT attaches an enumeration to a RID
-   * such that it can be identified as either a user, group etc
-   * type.  there are 5 such categories, and they are documented.
-   */
-   if(pdb_rid_is_well_known(rid)) {
-      /*
-       * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
-       * and DOMAIN_USER_RID_GUEST.
-       */
-     if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
-       return True;
-   } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
-     return True;
-   }
-   return False;
+       return pwdb_rid_type(rid) == RID_TYPE_USER;
 }
+
index c8d817dc4013c0561d734656eb19da4203a021f0..bdf01ee6a8bfc01c37d7314a20f6b335c6c3f287 100644 (file)
@@ -21,7 +21,7 @@
 
 #ifdef USE_SMBPASS_DB
 
-extern int pw_file_lock_depth;
+static int pw_file_lock_depth = 0;
 extern int DEBUGLEVEL;
 extern pstring samlogon_user;
 extern BOOL sam_logon_in_ssb;
@@ -35,37 +35,8 @@ static char s_readbuf[1024];
 
 static void *startsmbfilepwent(BOOL update)
 {
-  FILE *fp = NULL;
-  char *pfile = lp_smb_passwd_file();
-
-  if (!*pfile) {
-    DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
-    return (NULL);
-  }
-  DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile));
-
-  fp = fopen(pfile, update ? "r+b" : "rb");
-
-  if (fp == NULL) {
-    DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile));
-    return NULL;
-  }
-
-  /* Set a buffer to do more efficient reads */
-  setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf));
-
-  if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth))
-  {
-    DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile));
-    fclose(fp);
-    return NULL;
-  }
-
-  /* Make sure it is only rw by the owner */
-  chmod(pfile, 0600);
-
-  /* We have a lock on the file. */
-  return (void *)fp;
+       return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
+                             &pw_file_lock_depth, update);
 }
 
 /***************************************************************
@@ -74,11 +45,27 @@ static void *startsmbfilepwent(BOOL update)
 
 static void endsmbfilepwent(void *vp)
 {
-  FILE *fp = (FILE *)vp;
+       endfilepwent(vp, &pw_file_lock_depth);
+}
 
-  pw_file_unlock(fileno(fp), &pw_file_lock_depth);
-  fclose(fp);
-  DEBUG(7, ("endsmbfilepwent: closed password file.\n"));
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static SMB_BIG_UINT getsmbfilepwpos(void *vp)
+{
+       return getfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+       return setfilepwpos(vp, tok);
 }
 
 /*************************************************************************
@@ -86,219 +73,182 @@ static void endsmbfilepwent(void *vp)
  *************************************************************************/
 static struct smb_passwd *getsmbfilepwent(void *vp)
 {
-  /* Static buffers we will return. */
-  static struct smb_passwd pw_buf;
-  static pstring  user_name;
-  static unsigned char smbpwd[16];
-  static unsigned char smbntpwd[16];
-  FILE *fp = (FILE *)vp;
-  char            linebuf[256];
-  unsigned char   c;
-  unsigned char  *p;
-  long            uidval;
-  size_t            linebuf_len;
-
-  if(fp == NULL) {
-    DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
-    return NULL;
-  }
-
-  pdb_init_smb(&pw_buf);
-
-  pw_buf.acct_ctrl = ACB_NORMAL;  
-
-  /*
-   * Scan the file, a line at a time and check if the name matches.
-   */
-  while (!feof(fp)) {
-    linebuf[0] = '\0';
-
-    fgets(linebuf, 256, fp);
-    if (ferror(fp)) {
-      return NULL;
-    }
-
-    /*
-     * Check if the string is terminated with a newline - if not
-     * then we must keep reading and discard until we get one.
-     */
-    linebuf_len = strlen(linebuf);
-    if (linebuf[linebuf_len - 1] != '\n') {
-      c = '\0';
-      while (!ferror(fp) && !feof(fp)) {
-        c = fgetc(fp);
-        if (c == '\n')
-          break;
-      }
-    } else
-      linebuf[linebuf_len - 1] = '\0';
-
-#ifdef DEBUG_PASSWORD
-    DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
-#endif
-    if ((linebuf[0] == 0) && feof(fp)) {
-      DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
-      break;
-    }
-    /*
-     * The line we have should be of the form :-
-     * 
-     * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
-     * ignored....
-     * 
-     * or,
-     *
-     * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
-     *
-     * if Windows NT compatible passwords are also present.
-     * [Account type] is an ascii encoding of the type of account.
-     * LCT-(8 hex digits) is the time_t value of the last change time.
-     */
-
-    if (linebuf[0] == '#' || linebuf[0] == '\0') {
-      DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
-      continue;
-    }
-    p = (unsigned char *) strchr(linebuf, ':');
-    if (p == NULL) {
-      DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
-      continue;
-    }
-    /*
-     * As 256 is shorter than a pstring we don't need to check
-     * length here - if this ever changes....
-     */
-    strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
-    user_name[PTR_DIFF(p, linebuf)] = '\0';
-
-    /* Get smb uid. */
-
-    p++;               /* Go past ':' */
-    if (!isdigit(*p)) {
-      DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
-      continue;
-    }
-
-    uidval = atoi((char *) p);
-
-    while (*p && isdigit(*p))
-      p++;
-
-    if (*p != ':') {
-      DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
-      continue;
-    }
-
-    pw_buf.smb_name = user_name;
-    pw_buf.smb_userid = uidval;
-
-    /*
-     * Now get the password value - this should be 32 hex digits
-     * which are the ascii representations of a 16 byte string.
-     * Get two at a time and put them into the password.
-     */
-
-    /* Skip the ':' */
-    p++;
-
-    if (*p == '*' || *p == 'X') {
-      /* Password deliberately invalid - end here. */
-      DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
-      pw_buf.smb_nt_passwd = NULL;
-      pw_buf.smb_passwd = NULL;
-      pw_buf.acct_ctrl |= ACB_DISABLED;
-      return &pw_buf;
-    }
-
-    if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
-      DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
-      continue;
-    }
-
-    if (p[32] != ':') {
-      DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
-      continue;
-    }
+       /* Static buffers we will return. */
+       static struct smb_passwd pw_buf;
+       static pstring  user_name;
+       static unsigned char smbpwd[16];
+       static unsigned char smbntpwd[16];
+       struct passwd *pwfile;
+       char            linebuf[256];
+       unsigned char  *p;
+       int            uidval;
+       size_t            linebuf_len;
 
-    if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
-      pw_buf.smb_passwd = NULL;
-      pw_buf.acct_ctrl |= ACB_PWNOTREQ;
-    } else {
-      if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) {
-        DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
-        continue;
-      }
-      pw_buf.smb_passwd = smbpwd;
-    }
+       if (vp == NULL)
+       {
+               DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
+               return NULL;
+       }
 
-    /* 
-     * Now check if the NT compatible password is
-     * available.
-     */
-    pw_buf.smb_nt_passwd = NULL;
-
-    p += 33; /* Move to the first character of the line after
-                the lanman password. */
-    if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
-      if (*p != '*' && *p != 'X') {
-        if(pdb_gethexpwd((char *)p,(char *)smbntpwd))
-          pw_buf.smb_nt_passwd = smbntpwd;
-      }
-      p += 33; /* Move to the first character of the line after
-                  the NT password. */
-    }
+       pwdb_init_smb(&pw_buf);
 
-    DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
-            user_name, uidval));
+       pw_buf.acct_ctrl = ACB_NORMAL;  
 
-    if (*p == '[')
+       /*
+        * Scan the file, a line at a time.
+        */
+       while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0)
        {
-      pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p);
-
-      /* Must have some account type set. */
-      if(pw_buf.acct_ctrl == 0)
-        pw_buf.acct_ctrl = ACB_NORMAL;
-
-      /* Now try and get the last change time. */
-      if(*p == ']')
-        p++;
-      if(*p == ':') {
-        p++;
-        if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
-          int i;
-          p += 4;
-          for(i = 0; i < 8; i++) {
-            if(p[i] == '\0' || !isxdigit(p[i]))
-              break;
-          }
-          if(i == 8) {
-            /*
-             * p points at 8 characters of hex digits - 
-             * read into a time_t as the seconds since
-             * 1970 that the password was last changed.
-             */
-            pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
-          }
-        }
-      }
-    } else {
-      /* 'Old' style file. Fake up based on user name. */
-      /*
-       * Currently trust accounts are kept in the same
-       * password file as 'normal accounts'. If this changes
-       * we will have to fix this code. JRA.
-       */
-      if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
-        pw_buf.acct_ctrl &= ~ACB_NORMAL;
-        pw_buf.acct_ctrl |= ACB_WSTRUST;
-      }
-    }
-
-    return &pw_buf;
-  }
+               /*
+                * The line we have should be of the form :-
+                * 
+                * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
+                * ignored....
+                * 
+                * or,
+                *
+                * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
+                *
+                * if Windows NT compatible passwords are also present.
+                * [Account type] is an ascii encoding of the type of account.
+                * LCT-(8 hex digits) is the time_t value of the last change time.
+                */
+
+               /*
+                * As 256 is shorter than a pstring we don't need to check
+                * length here - if this ever changes....
+                */
+               p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
+
+               /* Go past ':' */
+               p++;
+
+               /* Get smb uid. */
+
+               p = Atoic((char *) p, &uidval, ":");
+
+               pw_buf.smb_name = user_name;
+               pw_buf.smb_userid = uidval;
+
+               /*
+                * Now get the password value - this should be 32 hex digits
+                * which are the ascii representations of a 16 byte string.
+                * Get two at a time and put them into the password.
+                */
+
+               /* Skip the ':' */
+               p++;
+
+               if (*p == '*' || *p == 'X')
+               {
+                       /* Password deliberately invalid - end here. */
+                       DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
+                       pw_buf.smb_nt_passwd = NULL;
+                       pw_buf.smb_passwd = NULL;
+                       pw_buf.acct_ctrl |= ACB_DISABLED;
+                       return &pw_buf;
+               }
+
+               if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
+               {
+                       DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
+                       continue;
+               }
+
+               if (p[32] != ':')
+               {
+                       DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
+                       continue;
+               }
+
+               if (!strncasecmp((char *) p, "NO PASSWORD", 11))
+               {
+                       pw_buf.smb_passwd = NULL;
+                       pw_buf.acct_ctrl |= ACB_PWNOTREQ;
+               }
+               else
+               {
+                       if (!pwdb_gethexpwd((char *)p, (char *)smbpwd))
+                       {
+                               DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
+                               continue;
+                       }
+                       pw_buf.smb_passwd = smbpwd;
+               }
+
+               /* 
+                * Now check if the NT compatible password is
+                * available.
+                */
+               pw_buf.smb_nt_passwd = NULL;
+
+               /* Move to the first character of the line after the lanman password. */
+               p += 33;
+               if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':'))
+               {
+                       if (*p != '*' && *p != 'X')
+                       {
+                               if(pwdb_gethexpwd((char *)p,(char *)smbntpwd))
+                               {
+                                       pw_buf.smb_nt_passwd = smbntpwd;
+                               }
+                       }
+                       /* Move to the first character of the line after the NT password. */
+                       p += 33;
+               }
+
+               DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n",
+                         user_name, uidval));
+
+               if (*p == '[')
+               {
+                       pw_buf.acct_ctrl = pwdb_decode_acct_ctrl((char*)p);
+
+                       /* Must have some account type set. */
+                       if (pw_buf.acct_ctrl == 0)
+                       {
+                               pw_buf.acct_ctrl = ACB_NORMAL;
+                       }
+
+                       /* Now try and get the last change time. */
+                       if (*p == ']')
+                       {
+                               p++;
+                       }
+                       if (*p == ':')
+                       {
+                               p++;
+                               pw_buf.pass_last_set_time = pwdb_get_last_set_time(p);
+                       }
+               }
+               else
+               {
+                       /* 'Old' style file. Fake up based on user name. */
+                       /*
+                        * Currently trust accounts are kept in the same
+                        * password file as 'normal accounts'. If this changes
+                        * we will have to fix this code. JRA.
+                        */
+                       if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$')        
+                       {
+                               pw_buf.acct_ctrl &= ~ACB_NORMAL;
+                               pw_buf.acct_ctrl |= ACB_WSTRUST;
+                       }
+               }
+
+               pwfile = Get_Pwnam(pw_buf.smb_name, False);
+               if (pwfile == NULL)
+               {
+                       DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n"));
+                       DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name));
+                       return NULL;
+               }
+
+               return &pw_buf;
+       }
 
-  DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
-  return NULL;
+       DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
+       return NULL;
 }
 
 /*************************************************************************
@@ -327,7 +277,9 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
 
        if (pw_buf == NULL) return NULL;
 
-       pwfile = getpwnam(pw_buf->smb_name);
+       pwdb_init_sam(&user);
+
+       pwfile = Get_Pwnam(pw_buf->smb_name, False);
        if (pwfile == NULL)
        {
                DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
@@ -335,8 +287,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
                return NULL;
        }
 
-       pdb_init_sam(&user);
-
        pstrcpy(samlogon_user, pw_buf->smb_name);
 
        if (samlogon_user[strlen(samlogon_user)-1] != '$')
@@ -348,8 +298,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
                user.smb_userid    = pw_buf->smb_userid;
                user.smb_grpid     = pwfile->pw_gid;
 
-               user.user_rid  = pdb_uid_to_user_rid (user.smb_userid);
-               user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
+               user.user_rid  = pwdb_uid_to_user_rid (user.smb_userid);
+               user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid );
 
                pstrcpy(full_name    , pwfile->pw_gecos        );
                pstrcpy(logon_script , lp_logon_script       ());
@@ -366,7 +316,7 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
                user.smb_userid    = pw_buf->smb_userid;
                user.smb_grpid     = pwfile->pw_gid;
 
-               user.user_rid  = pdb_uid_to_user_rid (user.smb_userid);
+               user.user_rid  = pwdb_uid_to_user_rid (user.smb_userid);
                user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
 
                pstrcpy(full_name    , "");
@@ -405,26 +355,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
        return &user;
 }
 
-/*************************************************************************
- Return the current position in the smbpasswd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static SMB_BIG_UINT getsmbfilepwpos(void *vp)
-{
-  return (SMB_BIG_UINT)sys_ftell((FILE *)vp);
-}
-
-/*************************************************************************
- Set the current position in the smbpasswd list from an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
-{
-  return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET);
-}
-
 /************************************************************************
  Routine to add an entry to the smbpasswd file.
 *************************************************************************/
@@ -525,7 +455,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
 
   /* Add the account encoding and the last change time. */
   slprintf((char *)p, new_entry_length - 1 - (p - new_entry),  "%s:LCT-%08X:\n",
-           pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL));
+           pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL));
 
 #ifdef DEBUG_PASSWORD
   DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|", 
@@ -603,7 +533,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   lockfd = fileno(fp);
 
-  if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
+  if (!file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
     DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
     fclose(fp);
     return False;
@@ -623,7 +553,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
     fgets(linebuf, sizeof(linebuf), fp);
     if (ferror(fp)) {
-      pw_file_unlock(lockfd, &pw_file_lock_depth);
+      file_unlock(lockfd, &pw_file_lock_depth);
       fclose(fp);
       return False;
     }
@@ -692,7 +622,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   }
 
   if (!found_entry) {
-    pw_file_unlock(lockfd, &pw_file_lock_depth);
+    file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -704,7 +634,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if (!isdigit(*p)) {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
-    pw_file_unlock(lockfd, &pw_file_lock_depth);
+    file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -713,7 +643,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
     p++;
   if (*p != ':') {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
-    pw_file_unlock(lockfd, &pw_file_lock_depth);
+    file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -731,27 +661,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   if (!override && (*p == '*' || *p == 'X')) {
     /* Password deliberately invalid - end here. */
     DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
-    pw_file_unlock(lockfd, &pw_file_lock_depth);
+    file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
   }
 
   if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return (False);
   }
 
   if (p[32] != ':') {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
 
   if (!override && (*p == '*' || *p == 'X')) {
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -762,14 +692,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
               the lanman password. */
   if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return (False);
   }
 
   if (p[32] != ':') {
     DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -807,7 +737,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
        * acct ctrl field. Encode the given acct ctrl
        * bits into it.
        */
-      fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+      fstrcpy(encode_bits, pwdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
     } else {
       /*
        * If using the old format and the ACB_DISABLED or
@@ -897,7 +827,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if(wr_len > sizeof(linebuf)) {
     DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return (False);
   }
@@ -915,7 +845,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
     DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
@@ -923,33 +853,33 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   /* Sanity check - ensure the areas we are writing are framed by ':' */
   if (read(fd, linebuf, wr_len+1) != wr_len+1) {
     DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
 
   if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
     DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
  
   if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
     DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
 
   if (write(fd, ascii_p16, wr_len) != wr_len) {
     DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
-    pw_file_unlock(lockfd,&pw_file_lock_depth);
+    file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
   }
 
-  pw_file_unlock(lockfd,&pw_file_lock_depth);
+  file_unlock(lockfd,&pw_file_lock_depth);
   fclose(fp);
   return True;
 }
@@ -960,27 +890,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
 static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
 {
-       return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override);
+       return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override);
 }
 
 static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
 {
-       return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd));
+       return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd));
 }
 
 static struct sam_disp_info *getsmbfiledispnam(char *name)
 {
-       return pdb_sam_to_dispinfo(getsam21pwnam(name));
+       return pwdb_sam_to_dispinfo(getsam21pwnam(name));
 }
 
 static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
 {
-       return pdb_sam_to_dispinfo(getsam21pwrid(rid));
+       return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
 }
 
 static struct sam_disp_info *getsmbfiledispent(void *vp)
 {
-       return pdb_sam_to_dispinfo(getsam21pwent(vp));
+       return pwdb_sam_to_dispinfo(getsam21pwent(vp));
 }
 
 static struct passdb_ops file_ops = {
@@ -1005,7 +935,7 @@ static struct passdb_ops file_ops = {
   getsmbfiledispent
 };
 
-struct passdb_ops *file_initialize_password_db(void)
+struct passdb_ops *file_initialise_password_db(void)
 {    
   return &file_ops;
 }
index 0d4f9d32033bb8868ed40edc0d41f4cab90605e2..a50bc93eacce0e24ef2827ec3d249c8a835b0082 100644 (file)
 
 extern int DEBUGLEVEL;
 
-int pw_file_lock_depth = 0;
-
 BOOL global_machine_password_needs_changing = False;
-
-
-/***************************************************************
- Lock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
-{
-  if (fd < 0)
-    return False;
-
-  (*plock_depth)++;
-
-  if(pw_file_lock_depth == 0) {
-    if (!do_file_lock(fd, secs, type)) {
-      DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
-                 strerror(errno)));
-      return False;
-    }
-  }
-
-  return True;
-}
-
-/***************************************************************
- Unlock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-BOOL pw_file_unlock(int fd, int *plock_depth)
-{
-  BOOL ret=True;
-
-  if(*plock_depth == 1)
-    ret = do_file_lock(fd, 5, F_UNLCK);
-
-  (*plock_depth)--;
-
-  if(!ret)
-    DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
-                 strerror(errno)));
-  return ret;
-}
-
 static int mach_passwd_lock_depth;
 static FILE *mach_passwd_fp;
 
@@ -125,7 +80,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update)
 
     chmod(mac_file, 0600);
 
-    if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 
+    if(!file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 
                                       60, &mach_passwd_lock_depth))
     {
       DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
@@ -144,7 +99,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update)
 
 BOOL trust_password_unlock(void)
 {
-  BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
+  BOOL ret = file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
   if(mach_passwd_lock_depth == 0)
     fclose(mach_passwd_fp);
   return ret;
@@ -212,7 +167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t
    * Get the hex password.
    */
 
-  if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || 
+  if (!pwdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || 
          strncmp(&linebuf[33], "TLC-", 4)) {
     DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
 #ifdef DEBUG_PASSWORD
index e18062220b8d0526ea7410206c30ba668999f881..3ce22fd854284f776e5d9556b0708663544f8a2f 100644 (file)
@@ -24,8 +24,6 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern fstring global_myworkgroup;
-extern pstring global_myname;
 
 /****************************************************************************
 Initialize domain session credentials.
index 5255732c5dd03712ce99c2ab89b979a67c322825..a43b65ad64e4d6a42495d928a9735ad8317469fe 100644 (file)
@@ -193,7 +193,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
                                fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
                                fstrcpy(name    , unistr2(t_names.uni_name[i].buffer));
                                
-                               slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s",
+                               slprintf(full_name, sizeof(full_name), "\\%s\\%s",
                                         dom_name, name);
 
                                (*names)[i] = strdup(full_name);
index d75ad6947fc3080ff59f3f09912d2e72597067f7..ed2f391256e078e251ce26e8cc10716e02798865 100644 (file)
@@ -32,7 +32,6 @@
 extern int DEBUGLEVEL;
 extern pstring scope;
 extern pstring global_myname;
-extern fstring global_myworkgroup;
 
 /****************************************************************************
 Generate the next creds to use.
index 579eeebdac1abdbfb8ec707b6c13cbee6f45acd5..712e6088476c56798a612ac15054dbeb74b0382f 100644 (file)
@@ -31,7 +31,6 @@
 
 extern int DEBUGLEVEL;
 extern struct pipe_id_info pipe_names[];
-extern fstring global_myworkgroup;
 extern pstring global_myname;
 
 /********************************************************************
index a5c523fdb66e59cbc88bb1e32a5b7ac3697ed1e2..818e7a0baf5cca7d7fe1be221709c3e399cdaa35 100644 (file)
@@ -37,7 +37,7 @@ void make_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name,
        int len_name = strlen(name);
 
        trn->sid_name_use = sid_name_use;
-       make_uni_hdr(&(trn->hdr_name), len_name, len_name, len_name != 0);
+       make_uni_hdr(&(trn->hdr_name), len_name, len_name, 1);
        make_unistr2(uni_name, name, len_name);
        trn->domain_idx = idx;
 }
@@ -692,7 +692,7 @@ void lsa_io_q_lookup_rids(char *desc,  LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, i
 
        for (i = 0; i < q_r->num_entries; i++)
        {
-               smb_io_unistr3("", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */
+               smb_io_unistr3("dom_name", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */
        }
 
        prs_uint8s (False, "undoc          ", ps, depth, q_r->undoc, UNKNOWN_LEN);
index 57fc73e516ef5cf5149b5ce57f1c7fa630762e68..ce573c7bf2d7d259fa38e3a8839316428b29c39b 100644 (file)
@@ -665,8 +665,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name,
        int len_domain_name = strlen(domain_name);
        int len_user_name   = strlen(user_name  );
        int len_wksta_name  = strlen(wksta_name );
-    int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0);
-    int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0);
+       int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0);
+       int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0);
        unsigned char lm_owf[24];
        unsigned char nt_owf[24];
 
index 3bf017d25e03d495419b4266fece22be975a74a3..5059ca222bfdfc493a04ba28a31973f466bbde0e 100644 (file)
@@ -122,17 +122,6 @@ interface/version dce/rpc pipe identification
        }, 0x00                       \
 }                                 \
 
-/* pipe string names */
-#define PIPE_SRVSVC   "\\PIPE\\srvsvc"
-#define PIPE_SAMR     "\\PIPE\\samr"
-#define PIPE_WINREG   "\\PIPE\\winreg"
-#define PIPE_WKSSVC   "\\PIPE\\wkssvc"
-#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
-#define PIPE_NTLSA    "\\PIPE\\ntlsa"
-#define PIPE_NTSVCS   "\\PIPE\\ntsvcs"
-#define PIPE_LSASS    "\\PIPE\\lsass"
-#define PIPE_LSARPC   "\\PIPE\\lsarpc"
-
 struct pipe_id_info pipe_names [] =
 {
        /* client pipe , abstract syntax , server pipe   , transfer syntax */
index ec4411b783b157bb312c0f2c6e539151029c19ad..e7f4f0547ca0509cd57757d36a374896e79a7394 100644 (file)
@@ -993,7 +993,7 @@ void samr_io_q_enum_dom_aliases(char *desc,  SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_s
 makes a SAMR_R_ENUM_DOM_ALIASES structure.
 ********************************************************************/
 void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
-               uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES],
+               uint32 num_sam_entries, LOCAL_GRP *alss,
                uint32 status)
 {
        int i;
@@ -1022,11 +1022,13 @@ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
 
                for (i = 0; i < num_sam_entries; i++)
                {
+                       int acct_name_len = strlen(alss[i].name);
+
                        make_sam_entry(&(r_u->sam[i]),
-                                      grps[i].uni_user_name.uni_str_len,
-                                      grps[i].user_rid);
+                                       acct_name_len,
+                                       alss[i].rid);
 
-                       copy_unistr2(&(r_u->uni_grp_name[i]), &(grps[i].uni_user_name));
+                       make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name   , acct_name_len);
                }
 
                r_u->num_entries4 = num_sam_entries;
@@ -1415,7 +1417,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure.
 ********************************************************************/
 void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
                uint32 start_idx, uint32 num_sam_entries,
-               SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES],
+               DOMAIN_GRP *grp,
                uint32 status)
 {
        int i;
@@ -1436,14 +1438,17 @@ void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
        {
                for (i = start_idx, entries_added = 0; i < num_sam_entries; i++)
                {
+                       int acct_name_len = strlen(grp[i].name);
+                       int acct_desc_len = strlen(grp[i].comment);
+
                        make_sam_entry3(&(r_u->sam[entries_added]),
                                        start_idx + entries_added + 1,
-                                       pass[i].uni_user_name.uni_str_len,
-                                       pass[i].uni_acct_desc.uni_str_len,
-                                       pass[i].user_rid);
+                                       acct_name_len,
+                                       acct_desc_len,
+                                       grp[i].rid);
 
-                       copy_unistr2(&(r_u->str[entries_added].uni_grp_name), &(pass[i].uni_user_name));
-                       copy_unistr2(&(r_u->str[entries_added].uni_grp_desc), &(pass[i].uni_acct_desc));
+                       make_unistr2(&(r_u->str[entries_added].uni_grp_name), grp[i].name   , acct_name_len);
+                       make_unistr2(&(r_u->str[entries_added].uni_grp_desc), grp[i].comment, acct_desc_len);
 
                        entries_added++;
                }
@@ -1793,7 +1798,7 @@ void samr_io_q_lookup_names(char *desc,  SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *p
 makes a SAMR_R_LOOKUP_NAMES structure.
 ********************************************************************/
 void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
-               uint32 num_rids, uint32 *rid, uint32 status)
+               uint32 num_rids, uint32 *rid, uint8 *type, uint32 status)
 {
        int i;
        if (r_u == NULL) return;
@@ -1810,7 +1815,7 @@ void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
 
                for (i = 0; i < num_rids; i++)
                {
-                       make_dom_rid3(&(r_u->dom_rid[i]), rid[i], 0x01);
+                       make_dom_rid3(&(r_u->dom_rid[i]), rid[i], type[i]);
                }
 
                r_u->num_entries3 = num_rids;
@@ -2100,7 +2105,7 @@ void make_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS *r_u,
        {
                r_u->ptr_0        = 1;
                r_u->num_entries  = num_gids;
-               r_u->ptr_1        = 1;
+               r_u->ptr_1        = (num_gids != 0) ? 1 : 0;
                r_u->num_entries2 = num_gids;
 
                r_u->gid = gid;
index 5e6e101883c35a59700dd651bf0d5c872cc50842..51b6e8d25b389d61bf9ea56e91448d0c8fdbd7e7 100644 (file)
 
 extern int DEBUGLEVEL;
 extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+extern DOM_SID global_member_sid;
+extern fstring global_myworkgroup;
+extern DOM_SID global_sid_S_1_1;
+extern DOM_SID global_sid_S_1_3;
+extern DOM_SID global_sid_S_1_5;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
        d_q->uni_dom_max_len = domlen * 2;
        d_q->uni_dom_str_len = domlen * 2;
 
-       d_q->buffer_dom_name = 4; /* domain buffer pointer */
-       d_q->buffer_dom_sid  = 2; /* domain sid pointer */
+       d_q->buffer_dom_name = domlen  != 0    ? 1 : 0; /* domain buffer pointer */
+       d_q->buffer_dom_sid  = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
 
        /* this string is supposed to be character short */
        make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
@@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
 
 
 /***************************************************************************
-make_dom_ref
+make_dom_ref - adds a domain if it's not already in, returns the index
  ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, int num_domains,
-                               char **dom_names, DOM_SID **dom_sids)
+static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
                          
 {
-       int i;
+       int num = 0;
+       int len;
 
-       if (num_domains > MAX_REF_DOMAINS)
+       if (dom_name != NULL)
        {
-               num_domains = MAX_REF_DOMAINS;
+               for (num = 0; num < ref->num_ref_doms_1; num++)
+               {
+                       fstring domname;
+                       fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
+                       if (strequal(domname, dom_name))
+                       {       
+                               return num;
+                       }
+               }
+
+       }
+       else
+       {
+               num = ref->num_ref_doms_1;
+       }
+
+       if (num >= MAX_REF_DOMAINS)
+       {
+               /* index not found, already at maximum domain limit */
+               return -1;
        }
 
        ref->undoc_buffer = 1;
-       ref->num_ref_doms_1 = num_domains;
+       ref->num_ref_doms_1 = num+1;
        ref->undoc_buffer2 = 1;
        ref->max_entries = MAX_REF_DOMAINS;
-       ref->num_ref_doms_2 = num_domains;
+       ref->num_ref_doms_2 = num+1;
 
-       for (i = 0; i < num_domains; i++)
-       {
-               int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+       len = dom_name != NULL ? strlen(dom_name) : 0;
 
-               make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
-               ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+       make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0);
+       ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
 
-               make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
-               make_dom_sid2(&(ref->ref_dom[i].ref_dom     ), dom_sids [i]);
-       }
+       make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len);
+       make_dom_sid2(&(ref->ref_dom[num].ref_dom     ), dom_sid );
 
+       return num;
 }
 
 /***************************************************************************
 make_reply_lookup_rids
  ***************************************************************************/
 static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
-                               int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               int num_entries,
+                               uint32 dom_rids[MAX_LOOKUP_SIDS],
+                               uint8  dom_types[MAX_LOOKUP_SIDS])
 {
        int i;
 
-       make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
+       r_l->num_entries = 0;
+       r_l->undoc_buffer = 0;
+       r_l->num_entries2 = 0;
 
+#if 0
        r_l->num_entries = num_entries;
        r_l->undoc_buffer = 1;
        r_l->num_entries2 = num_entries;
@@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
 
        for (i = 0; i < num_entries; i++)
        {
-               make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
+               make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid);
+               make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]);
        }
 
        r_l->num_entries3 = num_entries;
+#endif
 }
 
 /***************************************************************************
 make_lsa_trans_names
  ***************************************************************************/
-static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
+static void make_lsa_trans_names(DOM_R_REF *ref,
+                               LSA_TRANS_NAME_ENUM *trn,
                                int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               uint32 *total)
+                               uint32 *mapped_count)
 {
-       uint32 status = 0x0;
        int i;
-       (*total) = 0;
+       int total = 0;
+       (*mapped_count) = 0;
 
        SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
 
        for (i = 0; i < num_entries; i++)
        {
+               uint32 status = 0x0;
+               DOM_SID find_sid = sid[i].sid;
+               DOM_SID tmp      = sid[i].sid;
                uint32 rid = 0xffffffff;
-               uint8 num_auths = sid[i].sid.num_auths;
+               int dom_idx = -1;
                fstring name;
-               uint32 type;
+               fstring dom_name;
+               uint8 sid_name_use = 0;
                
-               SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
+               memset(dom_name, 0, sizeof(dom_name));
+               memset(name    , 0, sizeof(name    ));
 
-               /* find the rid to look up */
-               if (num_auths != 0)
+               if (map_domain_sid_to_name(&find_sid, dom_name))
+               {
+                       sid_name_use = SID_NAME_DOMAIN;
+                       dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+               }
+               else if (sid_split_rid         (&find_sid, &rid) &&
+                        map_domain_sid_to_name(&find_sid, dom_name))
+               {
+                       if (sid_equal(&find_sid, &global_sam_sid))
+                       {
+                               status = lookup_name(&tmp, name, &sid_name_use);
+                       }
+                       else
+                       {
+                               status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+                       }
+               }
+               else
                {
-                       rid = sid[i].sid.sub_auths[num_auths-1];
-
                        status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
-                       status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
-                       status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
-                       status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
                }
 
+               dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+
                if (status == 0x0)
                {
-                       make_lsa_trans_name(&(trn->name    [(*total)]),
-                                           &(trn->uni_name[(*total)]),
-                                           type, name, (*total));
-                       (*total)++;
+                       (*mapped_count)++;
+               }
+               else
+               {
+                       snprintf(name, sizeof(name), "%08x", rid);
+                       sid_name_use = SID_NAME_UNKNOWN;
+
                }
+               make_lsa_trans_name(&(trn->name    [total]),
+                                   &(trn->uni_name[total]),
+                                   sid_name_use, name, dom_idx);
+               total++;
        }
 
-       trn->num_entries = (*total);
+       trn->num_entries = total;
        trn->ptr_trans_names = 1;
-       trn->num_entries2 = (*total);
+       trn->num_entries2 = total;
 }
 
 /***************************************************************************
@@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
 lsa_reply_lookup_sids
  ***************************************************************************/
 static void lsa_reply_lookup_sids(prs_struct *rdata,
-                               int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               DOM_SID2 *sid, int num_entries)
 {
        LSA_R_LOOKUP_SIDS r_l;
        DOM_R_REF ref;
@@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
        ZERO_STRUCT(names);
 
        /* set up the LSA Lookup SIDs response */
-       make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
-       make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
+       make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
        make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
 
        /* store the response in the SMB stream */
@@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
 lsa_reply_lookup_rids
  ***************************************************************************/
 static void lsa_reply_lookup_rids(prs_struct *rdata,
-                               int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               int num_ref_doms,
-                               char **dom_names, DOM_SID **dom_sids)
+                               int num_entries,
+                               uint32 dom_rids[MAX_LOOKUP_SIDS],
+                               uint8  dom_types[MAX_LOOKUP_SIDS])
 {
        LSA_R_LOOKUP_RIDS r_l;
 
        ZERO_STRUCT(r_l);
 
        /* set up the LSA Lookup RIDs response */
-       make_reply_lookup_rids(&r_l, num_entries, dom_rids,
-                               num_ref_doms, dom_names, dom_sids);
+       make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types);
+
        r_l.status = 0x0;
 
        /* store the response in the SMB stream */
@@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
                                 prs_struct *rdata )
 {
        LSA_Q_QUERY_INFO q_i;
-       pstring dom_name;
+       fstring name;
+       DOM_SID *sid = NULL;
+       memset(name, 0, sizeof(name));
 
        ZERO_STRUCT(q_i);
 
        /* grab the info class and policy handle */
        lsa_io_q_query("", &q_i, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
+       switch (q_i.info_class)
+       {
+               case 0x03:
+               {
+                       fstrcpy(name, global_myworkgroup);
+                       sid = &global_member_sid;
+                       break;
+               }
+               case 0x05:
+               {
+                       fstrcpy(name, global_sam_name);
+                       sid = &global_sam_sid;
+                       break;
+               }
+               default:
+               {
+                       DEBUG(5,("unknown info level in Lsa Query: %d\n",
+                                 q_i.info_class));
+                       break;
+               }
+       }
 
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
+       lsa_reply_query_info(&q_i, rdata, name, sid);
 }
 
 /***************************************************************************
@@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
                                  prs_struct *rdata )
 {
        LSA_Q_LOOKUP_SIDS q_l;
-       pstring dom_name;
-       DOM_SID sid_S_1_1;
-       DOM_SID sid_S_1_3;
-       DOM_SID sid_S_1_5;
-
-       DOM_SID *sid_array[4];
-       char    *dom_names[4];
-
        ZERO_STRUCT(q_l);
-       ZERO_STRUCT(sid_S_1_1);
-       ZERO_STRUCT(sid_S_1_3);
-       ZERO_STRUCT(sid_S_1_5);
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_sids("", &q_l, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
-
-       string_to_sid(&sid_S_1_1, "S-1-1");
-        string_to_sid(&sid_S_1_3, "S-1-3");
-        string_to_sid(&sid_S_1_5, "S-1-5");
-
-       dom_names[0] = dom_name;
-       sid_array[0] = &global_sam_sid;
-
-       dom_names[1] = "Everyone";
-       sid_array[1] = &sid_S_1_1;
-
-       dom_names[2] = "don't know";
-       sid_array[2] = &sid_S_1_3;
-
-       dom_names[3] = "NT AUTHORITY";
-       sid_array[3] = &sid_S_1_5;
-
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_lookup_sids(rdata,
-                              q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
-                              4, dom_names, sid_array);
+       lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries);
 }
 
 /***************************************************************************
@@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 {
        int i;
        LSA_Q_LOOKUP_RIDS q_l;
-       pstring dom_name;
        uint32 dom_rids[MAX_LOOKUP_SIDS];
-       uint32 dummy_g_rid;
-
-       DOM_SID sid_S_1_1;
-       DOM_SID sid_S_1_3;
-       DOM_SID sid_S_1_5;
-
-       DOM_SID *sid_array[4];
-       char    *dom_names[4];
+       uint8  dom_types[MAX_LOOKUP_SIDS];
 
        ZERO_STRUCT(q_l);
-       ZERO_STRUCT(sid_S_1_1);
-       ZERO_STRUCT(sid_S_1_3);
-       ZERO_STRUCT(sid_S_1_5);
        ZERO_ARRAY(dom_rids);   
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_rids("", &q_l, data, 0);
 
-       pstrcpy(dom_name, lp_workgroup());
-
-       string_to_sid(&sid_S_1_1, "S-1-1");
-        string_to_sid(&sid_S_1_3, "S-1-3");
-        string_to_sid(&sid_S_1_5, "S-1-5");
-
-       dom_names[0] = dom_name;
-       sid_array[0] = &global_sam_sid;
-
-       dom_names[1] = "Everyone";
-       sid_array[1] = &sid_S_1_1;
-
-       dom_names[2] = "don't know";
-       sid_array[2] = &sid_S_1_3;
-
-       dom_names[3] = "NT AUTHORITY";
-       sid_array[3] = &sid_S_1_5;
-
        SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
 
        /* convert received RIDs to strings, so we can do them. */
        for (i = 0; i < q_l.num_entries; i++)
        {
-               fstring user_name;
-               fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
-
-               /*
-                * Map to the UNIX username.
-                */
-               map_username(user_name);
-
-               /*
-                * Do any case conversions.
-                */
-               (void)Get_Pwnam(user_name, True);
+               fstring name;
+               fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer));
 
-               if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
+               if (lookup_rid(name, &dom_rids[i], &dom_types[i]))
                {
                        /* WHOOPS!  we should really do something about this... */
                        dom_rids[i] = 0;
@@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_rids(rdata,
-                              q_l.num_entries, dom_rids, /* text-converted SIDs */
-                              4, dom_names, sid_array);
+                              q_l.num_entries,
+                             dom_rids, /* text-converted SIDs */
+                             dom_types); /* SID_NAME_USE types */
 }
 
 /***************************************************************************
index b807c406044267ceb6a56b4cb6584b3934933861..dabc5520ff2c7136019eb0bb769d41eb2e6051c4 100644 (file)
@@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
 {
        struct policy *p = find_lsa_policy(hnd);
 
-       if (!p) {
+       if (!p)
+       {
                DEBUG(3,("Error closing policy\n"));
                return False;
        }
@@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
        bitmap_clear(bmap, p->pnum);
 
        ZERO_STRUCTP(p);
+       ZERO_STRUCTP(hnd);
 
        free(p);
 
index 04118800e2e7018e7b963acffae211e5f0aa7085..77b17dca2f574653edcfa44479beaa8c0f379c80 100644 (file)
@@ -1,4 +1,3 @@
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -544,7 +543,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
  net_login_network:
  *************************************************************************/
 static uint32 net_login_network(NET_ID_INFO_2 *id2,
-                               struct smb_passwd *smb_pass)
+                               struct smb_passwd *smb_pass,
+                               user_struct *vuser)
 {
        DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
                id2->hdr_lm_chal_resp.str_str_len, 
@@ -593,221 +593,213 @@ static void api_net_sam_logon( uint16 vuid,
                                prs_struct *data,
                                prs_struct *rdata)
 {
-  NET_Q_SAM_LOGON q_l;
-  NET_ID_INFO_CTR ctr; 
-  NET_USER_INFO_3 usr_info;
-  uint32 status = 0x0;
-  DOM_CRED srv_cred;
-  struct smb_passwd *smb_pass = NULL;
-  UNISTR2 *uni_samlogon_user = NULL;
-
-  user_struct *vuser = NULL;
-
-  if ((vuser = get_valid_user_struct(vuid)) == NULL)
-    return;
-
-  q_l.sam_id.ctr = &ctr;
-
-  net_io_q_sam_logon("", &q_l, data, 0);
-
-  /* checks and updates credentials.  creates reply credentials */
-  if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), 
-                       &(q_l.sam_id.client.cred), &srv_cred))
-  {
-    status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
-  }
-  else
-  {
-    memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
-  }
-
-  /* find the username */
-
-  if (status == 0)
-  {
-    switch (q_l.sam_id.logon_level)
-    {
-      case INTERACTIVE_LOGON_TYPE:
-      {
-        uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-
-        DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
-        break;
-      }
-      case NET_LOGON_TYPE:
-      {
-        uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-
-        DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
-        break;
-      }
-      default:
-      {
-        DEBUG(2,("SAM Logon: unsupported switch value\n"));
-        status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
-        break;
-      }
-    } /* end switch */
-  } /* end if status == 0 */
-
-  /* check username exists */
-
-  if (status == 0)
-  {
-    pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
-            uni_samlogon_user->uni_str_len));
-
-    DEBUG(3,("User:[%s]\n", samlogon_user));
+       NET_Q_SAM_LOGON q_l;
+       NET_ID_INFO_CTR ctr;    
+       NET_USER_INFO_3 usr_info;
+       uint32 status = 0x0;
+       DOM_CRED srv_cred;
+       struct smb_passwd *smb_pass = NULL;
+       UNISTR2 *uni_samlogon_user = NULL;
 
-    /*
-     * Convert to a UNIX username.
-     */
-    map_username(samlogon_user);
+       user_struct *vuser = NULL;
 
-    /*
-     * Do any case conversions.
-     */
-    (void)Get_Pwnam(samlogon_user, True);
-
-    become_root(True);
-    smb_pass = getsmbpwnam(samlogon_user);
-    unbecome_root(True);
-
-    if (smb_pass == NULL)
-      status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
-    else if (smb_pass->acct_ctrl & ACB_PWNOTREQ)
-      status = 0;
-    else if (smb_pass->acct_ctrl & ACB_DISABLED)
-      status =  0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
-  }
-
-  /* Validate password - if required. */
-
-  if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ))
-  {
-    switch (q_l.sam_id.logon_level)
-    {
-      case INTERACTIVE_LOGON_TYPE:
-      {
-        /* interactive login. */
-        status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
-        break;
-      }
-      case NET_LOGON_TYPE:
-      {
-        /* network login.  lm challenge and 24 byte responses */
-        status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass);
-        break;
-      }
-    }
-  }
-       
-  /* lkclXXXX this is the point at which, if the login was
-     successful, that the SAM Local Security Authority should
-     record that the user is logged in to the domain.
-   */
-
-  /* return the profile plus other bits :-) */
-
-  if (status == 0)
-  {
-    DOM_GID *gids = NULL;
-    int num_gids = 0;
-    NTTIME dummy_time;
-    pstring logon_script;
-    pstring profile_path;
-    pstring home_dir;
-    pstring home_drive;
-    pstring my_name;
-    pstring my_workgroup;
-    pstring domain_groups;
-    uint32 r_uid;
-    uint32 r_gid;
-
-    /* set up pointer indicating user/password failed to be found */
-    usr_info.ptr_user_info = 0;
-
-    dummy_time.low  = 0xffffffff;
-    dummy_time.high = 0x7fffffff;
-
-    /* XXXX hack to get standard_sub_basic() to use sam logon username */
-    /* possibly a better way would be to do a become_user() call */
-    sam_logon_in_ssb = True;
-
-    pstrcpy(logon_script, lp_logon_script());
-    pstrcpy(profile_path, lp_logon_path());
-
-    pstrcpy(my_workgroup, lp_workgroup());
-
-    pstrcpy(home_drive, lp_logon_drive());
-    pstrcpy(home_dir, lp_logon_home());
-
-    pstrcpy(my_name, global_myname);
-    strupper(my_name);
+       if ((vuser = get_valid_user_struct(vuid)) == NULL)
+       return;
 
-    /*
-     * This is the point at which we get the group
-     * database - we should be getting the gid_t list
-     * from /etc/group and then turning the uids into
-     * rids and then into machine sids for this user.
-     * JRA.
-     */
+       q_l.sam_id.ctr = &ctr;
 
-    get_domain_user_groups(domain_groups, samlogon_user);
+       net_io_q_sam_logon("", &q_l, data, 0);
 
-    /*
-     * make_dom_gids allocates the gids array. JRA.
-     */
-    gids = NULL;
-    num_gids = make_dom_gids(domain_groups, &gids);
-
-    sam_logon_in_ssb = False;
-
-    if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid))
-    {
-      make_net_user_info3(&usr_info,
-                          &dummy_time, /* logon_time */
-                          &dummy_time, /* logoff_time */
-                          &dummy_time, /* kickoff_time */
-                          &dummy_time, /* pass_last_set_time */
-                          &dummy_time, /* pass_can_change_time */
-                          &dummy_time, /* pass_must_change_time */
-
-                          samlogon_user   , /* user_name */
-                          vuser->real_name, /* full_name */
-                          logon_script    , /* logon_script */
-                          profile_path    , /* profile_path */
-                          home_dir        , /* home_dir */
-                          home_drive      , /* dir_drive */
-
-                          0, /* logon_count */
-                          0, /* bad_pw_count */
-
-                          r_uid   , /* RID user_id */
-                          r_gid   , /* RID group_id */
-                          num_gids,    /* uint32 num_groups */
-                          gids    , /* DOM_GID *gids */
-                          0x20    , /* uint32 user_flgs (?) */
-
-                          NULL, /* char sess_key[16] */
-
-                          my_name     , /* char *logon_srv */
-                          my_workgroup, /* char *logon_dom */
-
-                          &global_sam_sid,     /* DOM_SID *dom_sid */
-                          NULL); /* char *other_sids */
-    }
-    else
-    {
-      status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
-    }
-
-    /* Free any allocated groups array. */
-    if(gids)
-      free((char *)gids);
-  }
-
-  net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
+       /* checks and updates credentials.  creates reply credentials */
+       if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), 
+                            &(q_l.sam_id.client.cred), &srv_cred))
+       {
+               status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+       }
+       else
+       {
+               memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
+       }
+
+       /* find the username */
+
+       if (status == 0)
+       {
+               switch (q_l.sam_id.logon_level)
+               {
+                       case INTERACTIVE_LOGON_TYPE:
+                       {
+                               uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
+
+                               DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+                               break;
+                       }
+                       case NET_LOGON_TYPE:
+                       {
+                               uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
+
+                               DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+                               break;
+                       }
+                       default:
+                       {
+                               DEBUG(2,("SAM Logon: unsupported switch value\n"));
+                               status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+                               break;
+                       }
+               } /* end switch */
+       } /* end if status == 0 */
+
+       /* check username exists */
+
+       if (status == 0)
+       {
+               pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
+               uni_samlogon_user->uni_str_len));
+
+               DEBUG(3,("User:[%s]\n", samlogon_user));
+
+               /*
+                * Convert to a UNIX username.
+                */
+               map_username(samlogon_user);
+
+               /*
+                * Do any case conversions.
+                */
+               (void)Get_Pwnam(samlogon_user, True);
+
+               become_root(True);
+               smb_pass = getsmbpwnam(samlogon_user);
+               unbecome_root(True);
+
+               if (smb_pass == NULL)
+               {
+                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+               }
+               else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) &&
+                        IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))
+               {
+                       status =  0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
+               }
+       }
+
+       /* validate password - if required */
+
+       if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)))
+       {
+               switch (q_l.sam_id.logon_level)
+               {
+                       case INTERACTIVE_LOGON_TYPE:
+                       {
+                               /* interactive login. */
+                               status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+                               break;
+                       }
+                       case NET_LOGON_TYPE:
+                       {
+                               /* network login.  lm challenge and 24 byte responses */
+                               status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+                               break;
+                       }
+               }
+       }
+
+       /* lkclXXXX this is the point at which, if the login was
+       successful, that the SAM Local Security Authority should
+       record that the user is logged in to the domain.
+       */
+
+       /* return the profile plus other bits :-) */
+
+       if (status == 0)
+       {
+               DOM_GID *gids = NULL;
+               int num_gids = 0;
+               NTTIME dummy_time;
+               pstring logon_script;
+               pstring profile_path;
+               pstring home_dir;
+               pstring home_drive;
+               pstring my_name;
+               pstring my_workgroup;
+               DOMAIN_GRP *grp_mem;
+               uint32 r_uid;
+               uint32 r_gid;
+
+               /* set up pointer indicating user/password failed to be found */
+               usr_info.ptr_user_info = 0;
+
+               dummy_time.low  = 0xffffffff;
+               dummy_time.high = 0x7fffffff;
+
+               /* XXXX hack to get standard_sub_basic() to use sam logon username */
+               /* possibly a better way would be to do a become_user() call */
+               sam_logon_in_ssb = True;
+
+               pstrcpy(logon_script, lp_logon_script());
+               pstrcpy(profile_path, lp_logon_path());
+
+               pstrcpy(my_workgroup, lp_workgroup());
+
+               pstrcpy(home_drive, lp_logon_drive());
+               pstrcpy(home_dir, lp_logon_home());
+               pstrcpy(my_name, global_myname);
+               strupper(my_name);
+
+               status = lookup_user_rids(samlogon_user, &r_uid, &r_gid);
+               status = status == 0 ? getusergroupsnam(samlogon_user, &grp_mem, &num_gids) : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
+
+               if (status == 0x0)
+               {
+                       gids = NULL;
+                       num_gids = make_dom_gids(grp_mem, num_gids, &gids);
+
+                       make_net_user_info3(&usr_info,
+                               &dummy_time, /* logon_time */
+                               &dummy_time, /* logoff_time */
+                               &dummy_time, /* kickoff_time */
+                               &dummy_time, /* pass_last_set_time */
+                               &dummy_time, /* pass_can_change_time */
+                               &dummy_time, /* pass_must_change_time */
+
+                               samlogon_user   , /* user_name */
+                               vuser->real_name, /* full_name */
+                               logon_script    , /* logon_script */
+                               profile_path    , /* profile_path */
+                               home_dir        , /* home_dir */
+                               home_drive      , /* dir_drive */
+
+                               0, /* logon_count */
+                               0, /* bad_pw_count */
+
+                               r_uid   , /* RID user_id */
+                               r_gid   , /* RID group_id */
+                               num_gids,    /* uint32 num_groups */
+                               gids    , /* DOM_GID *gids */
+                               0x20    , /* uint32 user_flgs (?) */
+
+                               NULL, /* char sess_key[16] */
+
+                               my_name     , /* char *logon_srv */
+                               my_workgroup, /* char *logon_dom */
+
+                               &global_sam_sid,     /* DOM_SID *dom_sid */
+                               NULL); /* char *other_sids */
+               }
+               else
+               {
+                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+               }
+
+               /* Free any allocated groups array. */
+               if (gids)
+               {
+                       free((char *)gids);
+               }
+       }
+
+       net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
 }
 
 
index 323298ef7a4dadb9b441aeb3c0db2a38cbfe4b46..b70a71b5c0721498c1b00988f89cbd55b9f7970b 100644 (file)
@@ -30,9 +30,11 @@ extern int DEBUGLEVEL;
 
 extern BOOL sam_logon_in_ssb;
 extern pstring samlogon_user;
-extern fstring global_myworkgroup;
+extern fstring global_sam_name;
 extern pstring global_myname;
 extern DOM_SID global_sam_sid;
+extern DOM_SID global_sid_S_1_1;
+extern DOM_SID global_sid_S_1_5_20;
 
 extern rid_name domain_group_rids[];
 extern rid_name domain_alias_rids[];
@@ -79,8 +81,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
 
                user_name_len = strlen(pwd->smb_name);
                make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
-               make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, 
-                              user_name_len, 1);
+               make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1
+                              user_name_len-1, 1);
                pw_buf[(*num_entries)].user_rid = pwd->user_rid;
                bzero( pw_buf[(*num_entries)].nt_pwd , 16);
 
@@ -292,24 +294,21 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 
        if (status == 0x0)
        {
-               DOM_SID user_sid;
-               DOM_SID everyone_sid;
+               DOM_SID usr_sid;
 
-               user_sid = global_sam_sid;
+               usr_sid = global_sam_sid;
 
-               SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
+               SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
 
                /*
                 * Add the user RID.
                 */
-               user_sid.sub_auths[user_sid.num_auths++] = rid;
+               sid_append_rid(&usr_sid, rid);
                
-                       string_to_sid(&everyone_sid, "S-1-1");
-
-                       /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
-                       /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
-                       make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid);
-                       make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid);
+               /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
+               /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
+               make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
+               make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
        }
 
        make_samr_r_unknown_3(&r_u,
@@ -400,37 +399,92 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
                                prs_struct *rdata)
 {
        SAMR_R_ENUM_DOM_GROUPS r_e;
-       SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
-       int num_entries;
+       DOMAIN_GRP *grps = NULL;
+       int num_entries = 0;
        BOOL got_grps;
-       char *dummy_group = "Domain Admins";
+       DOM_SID sid;
+       fstring sid_str;
 
        r_e.status = 0x0;
        r_e.num_entries = 0;
 
        /* find the policy handle.  open a policy on it. */
-       if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+       if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
        {
                r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
        }
 
-       DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+       sid_to_string(sid_str, &sid);
+
+       DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
+
+       /* well-known groups */
+       if (sid_equal(&sid, &global_sid_S_1_5_20))
+       {
+               char *name;
+               got_grps = True;
+
+               while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
+               {
+                       DOMAIN_GRP tmp_grp;
+
+                       fstrcpy(tmp_grp.name   , name);
+                       fstrcpy(tmp_grp.comment, "");
+                       tmp_grp.rid = domain_group_rids[num_entries].rid;
+                       tmp_grp.attr = 0x7;
+
+                       if (!add_domain_group(&grps, &num_entries, &tmp_grp))
+                       {
+                               r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+                               break;
+                       }
+               }
+       }
+       else if (sid_equal(&sid, &global_sam_sid))
+       {
+               BOOL ret;
+               char *name;
+               got_grps = True;
+
+               while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
+               {
+                       DOMAIN_GRP tmp_grp;
+
+                       fstrcpy(tmp_grp.name   , name);
+                       fstrcpy(tmp_grp.comment, "");
+                       tmp_grp.rid = domain_group_rids[num_entries].rid;
+                       tmp_grp.attr = 0x7;
 
-       got_grps = True;
-       num_entries = 1;
-       make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
-       pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
+                       if (!add_domain_group(&grps, &num_entries, &tmp_grp))
+                       {
+                               r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+                               break;
+                       }
+               }
+
+               become_root(True);
+               ret = enumdomgroups(&grps, &num_entries);
+               unbecome_root(True);
+               if (!ret)
+               {
+                       r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+               }
+       }
 
        if (r_e.status == 0 && got_grps)
        {
-               make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status);
+               make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status);
        }
 
        /* store the response in the SMB stream */
        samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
 
-       DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+       if (grps != NULL)
+       {
+               free(grps);
+       }
 
+       DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
 }
 
 /*******************************************************************
@@ -455,11 +509,10 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
                                prs_struct *rdata)
 {
        SAMR_R_ENUM_DOM_ALIASES r_e;
-       SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
+       LOCAL_GRP *alss = NULL;
        int num_entries = 0;
        DOM_SID sid;
        fstring sid_str;
-       fstring sam_sid_str;
 
        r_e.status = 0x0;
        r_e.num_entries = 0;
@@ -471,34 +524,57 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
        }
 
        sid_to_string(sid_str, &sid);
-       sid_to_string(sam_sid_str, &global_sam_sid);
 
        DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
 
        /* well-known aliases */
-       if (strequal(sid_str, "S-1-5-32"))
+       if (sid_equal(&sid, &global_sid_S_1_5_20))
        {
                char *name;
-               while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+
+               while ((name = builtin_alias_rids[num_entries].name) != NULL)
                {
-                       make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
-                       pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
-                       num_entries++;
+                       LOCAL_GRP tmp_als;
+
+                       fstrcpy(tmp_als.name   , name);
+                       fstrcpy(tmp_als.comment, "");
+                       tmp_als.rid = builtin_alias_rids[num_entries].rid;
+
+                       if (!add_domain_alias(&alss, &num_entries, &tmp_als))
+                       {
+                               r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+                               break;
+                       }
                }
        }
-       else if (strequal(sid_str, sam_sid_str))
+       else if (sid_equal(&sid, &global_sam_sid))
        {
+               BOOL ret;
                /* local aliases */
-               /* oops!  there's no code to deal with this */
-               DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n"));
                num_entries = 0;
+
+               become_root(True);
+               ret = enumdomaliases(&alss, &num_entries);
+               unbecome_root(True);
+               if (!ret)
+               {
+                       r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+               }
        }
                
-       make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
+       if (r_e.status == 0x0)
+       {
+               make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status);
+       }
 
        /* store the response in the SMB stream */
        samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
 
+       if (alss != NULL)
+       {
+               free(alss);
+       }
+
        DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
 
 }
@@ -669,50 +745,92 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
 {
        uint32 rid[MAX_SAM_ENTRIES];
        uint32 status     = 0;
-       int num_rids = q_u->num_sids1;
+       int num_rids = 0;
+       int i;
+       struct sam_passwd *sam_pass;
+       DOM_SID usr_sid;
+       DOM_SID dom_sid;
+       uint32 user_rid;
+       fstring sam_sid_str;
+       fstring dom_sid_str;
+       fstring usr_sid_str;
 
        SAMR_R_LOOKUP_IDS r_u;
 
        DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
 
+       /* find the policy handle.  open a policy on it. */
+       if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
+       {
+               status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+       }
+       else
+       {
+               sid_to_string(dom_sid_str, &dom_sid       );
+               sid_to_string(sam_sid_str, &global_sam_sid);
+       }
+
        if (num_rids > MAX_SAM_ENTRIES)
        {
                num_rids = MAX_SAM_ENTRIES;
                DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids));
        }
 
-#if 0
-       int i;
-       SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
-
-       for (i = 0; i < num_rids && status == 0; i++)
+       if (status == 0x0)
        {
-               struct sam_passwd *sam_pass;
-               fstring user_name;
-
+               usr_sid = q_u->sid[0].sid;
+               sid_split_rid(&usr_sid, &user_rid);
+               sid_to_string(usr_sid_str, &usr_sid);
 
-               fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer,
-                                           q_u->uni_user_name[i].uni_str_len));
+       }
 
+       if (status == 0x0)
+       {
                /* find the user account */
                become_root(True);
-               sam_pass = get_smb21pwd_entry(user_name, 0);
+               sam_pass = getsam21pwrid(user_rid);
                unbecome_root(True);
 
                if (sam_pass == NULL)
                {
                        status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
-                       rid[i] = 0;
+                       num_rids = 0;
+               }
+       }
+
+       if (status == 0x0)
+       {
+               if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
+               {
+                       DEBUG(5,("lookup on S-1-5-20\n"));
+               }
+               else if (sid_equal(&dom_sid, &usr_sid))
+               {
+                       DOMAIN_GRP *mem_grp = NULL;
+                       BOOL ret;
+
+                       DEBUG(5,("lookup on Domain SID\n"));
+
+                       become_root(True);
+                       ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids);
+                       unbecome_root(True);
+
+                       num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
+
+                       if (mem_grp != NULL)
+                       {
+                               for (i = 0; i < num_rids; i++)
+                               {
+                                       rid[i] = mem_grp[i].rid;
+                               }
+                               free(mem_grp);
+                       }
                }
                else
                {
-                       rid[i] = sam_pass->user_rid;
+                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
                }
        }
-#endif
-
-       num_rids = 1;
-       rid[0] = BUILTIN_ALIAS_RID_USERS;
 
        make_samr_r_lookup_ids(&r_u, num_rids, rid, status);
 
@@ -743,7 +861,8 @@ static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdat
 static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
                                prs_struct *rdata)
 {
-       uint32 rid[MAX_SAM_ENTRIES];
+       uint32 rid [MAX_SAM_ENTRIES];
+       uint8  type[MAX_SAM_ENTRIES];
        uint32 status     = 0;
        int i;
        int num_rids = q_u->num_rids1;
@@ -763,17 +882,12 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
        for (i = 0; i < num_rids && status == 0; i++)
        {
                fstring name;
-
-               status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
                fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len));
 
-               status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status;
-               status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status;
-               status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status;
+               status = lookup_rid(name, &(rid[i]), &(type[i]));
        }
 
-       make_samr_r_lookup_names(&r_u, num_rids, rid, status);
+       make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
 
        /* store the response in the SMB stream */
        samr_io_r_lookup_names("", &r_u, rdata, 0);
@@ -1017,7 +1131,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
 {
        struct smb_passwd *smb_pass;
 
-       if (!pdb_rid_is_user(user_rid))
+       if (!pwdb_rid_is_user(user_rid))
        {
                DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
                return False;
@@ -1050,7 +1164,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
        LOGON_HRS hrs;
        int i;
 
-       if (!pdb_rid_is_user(user_rid))
+       if (!pwdb_rid_is_user(user_rid))
        {
                DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
                return False;
@@ -1255,10 +1369,20 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
 
        if (status == 0x0)
        {
-               pstring groups;
-               get_domain_user_groups(groups, sam_pass->smb_name);
+               DOMAIN_GRP *mem_grp = NULL;
+               BOOL ret;
+
+               become_root(True);
+               ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
+               unbecome_root(True);
+
                 gids = NULL;
-               num_groups = make_dom_gids(groups, &gids);
+               num_groups = make_dom_gids(mem_grp, num_groups, &gids);
+
+               if (mem_grp != NULL)
+               {
+                       free(mem_grp);
+               }
        }
 
        /* construct the response.  lkclXXXX: gids are not copied! */
@@ -1322,7 +1446,7 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
                        case 0x02:
                        {
                                switch_value = 0x2;
-                               make_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname);
+                               make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
 
                                break;
                        }
index 097ab92d76a2d4b072f74cb25e5b8f9946e2324d..25dceb41a0d25bbb7140aad6c8a6dc28732f5e49 100644 (file)
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-/*  this module apparently provides an implementation of DCE/RPC over a
- *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
- *  documentation are available (in on-line form) from the X-Open group.
- *
- *  this module should provide a level of abstraction between SMB
- *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
- *  data copies, and network traffic.
- *
- *  in this version, which takes a "let's learn what's going on and
- *  get something running" approach, there is additional network
- *  traffic generated, but the code should be easier to understand...
- *
- *  ... if you read the docs.  or stare at packets for weeks on end.
- *
- */
-
-#include "includes.h"
-#include "nterr.h"
-
-extern int DEBUGLEVEL;
-
-/*
- * A list of the rids of well known BUILTIN and Domain users
- * and groups.
- */
-
-rid_name builtin_alias_rids[] =
-{  
-    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
-    { BUILTIN_ALIAS_RID_USERS        , "Users" },
-    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
-    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
-   
-    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
-    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
-    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
-    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
-    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
-{  
-    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
-    { DOMAIN_USER_RID_GUEST         , "Guest" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
-{  
-    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
-    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
-    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
-    { 0                             , NULL }
-};
-
-int make_dom_gids(char *gids_str, DOM_GID **ppgids)
-{
-  char *ptr;
-  pstring s2;
-  int count;
-  DOM_GID *gids;
-
-  *ppgids = NULL;
-
-  DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
-  if (gids_str == NULL || *gids_str == 0)
-    return 0;
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)); 
-       count++)
-    ;
-
-  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
-  if(!gids)
-  {
-    DEBUG(0,("make_dom_gids: malloc fail !\n"));
-    return 0;
-  }
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)) && 
-              count < LSA_MAX_GROUPS; 
-       count++) 
-  {
-    /* the entries are of the form GID/ATTR, ATTR being optional.*/
-    char *attr;
-    uint32 rid = 0;
-    int i;
-
-    attr = strchr(s2,'/');
-    if (attr)
-      *attr++ = 0;
-
-    if (!attr || !*attr)
-      attr = "7"; /* default value for attribute is 7 */
-
-    /* look up the RID string and see if we can turn it into a rid number */
-    for (i = 0; builtin_alias_rids[i].name != NULL; i++)
-    {
-      if (strequal(builtin_alias_rids[i].name, s2))
-      {
-        rid = builtin_alias_rids[i].rid;
-        break;
-      }
-    }
-
-    if (rid == 0)
-      rid = atoi(s2);
-
-    if (rid == 0)
-    {
-      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
-      count--;
-    }
-    else
-    {
-      gids[count].g_rid = rid;
-      gids[count].attr  = atoi(attr);
-
-      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
-    }
-  }
-
-  *ppgids = gids;
-  return count;
-}
-
-
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
-{
-       pstring tmp;
-
-       if (domain_groups == NULL || user == NULL) return;
-
-       /* any additional groups this user is in.  e.g power users */
-       pstrcpy(domain_groups, lp_domain_groups());
-
-       /* can only be a user or a guest.  cannot be guest _and_ admin */
-       if (user_in_list(user, lp_domain_guest_group()))
-       {
-               slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-               pstrcat(domain_groups, tmp);
-
-               DEBUG(3,("domain guest group access %s granted\n", tmp));
-       }
-       else
-       {
-               slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-               pstrcat(domain_groups, tmp);
-
-               DEBUG(3,("domain group access %s granted\n", tmp));
-
-               if (user_in_list(user, lp_domain_admin_group()))
-               {
-                       slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-                       pstrcat(domain_groups, tmp);
-
-                       DEBUG(3,("domain admin group access %s granted\n", tmp));
-               }
-       }
-}
-
-
-/*******************************************************************
- lookup_group_name
- ********************************************************************/
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
-{
-       int i = 0; 
-       (*type) = SID_NAME_DOM_GRP;
-
-       DEBUG(5,("lookup_group_name: rid: %d", rid));
-
-       while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
-       {
-               i++;
-       }
-
-       if (domain_group_rids[i].rid != 0)
-       {
-               fstrcpy(group_name, domain_group_rids[i].name);
-               DEBUG(5,(" = %s\n", group_name));
-               return 0x0;
-       }
-
-       DEBUG(5,(" none mapped\n"));
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_name
- ********************************************************************/
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
-{
-       int i = 0; 
-       (*type) = SID_NAME_WKN_GRP;
-
-       DEBUG(5,("lookup_alias_name: rid: %d", rid));
-
-       while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
-       {
-               i++;
-       }
-
-       if (builtin_alias_rids[i].rid != 0)
-       {
-               fstrcpy(alias_name, builtin_alias_rids[i].name);
-               DEBUG(5,(" = %s\n", alias_name));
-               return 0x0;
-       }
-
-       DEBUG(5,(" none mapped\n"));
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_name
- ********************************************************************/
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
-{
-       struct sam_disp_info *disp_info;
-       int i = 0;
-       (*type) = SID_NAME_USER;
-
-       DEBUG(5,("lookup_user_name: rid: %d", rid));
-
-       /* look up the well-known domain user rids first */
-       while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
-       {
-               i++;
-       }
-
-       if (domain_user_rids[i].rid != 0)
-       {
-               fstrcpy(user_name, domain_user_rids[i].name);
-               DEBUG(5,(" = %s\n", user_name));
-               return 0x0;
-       }
-
-       /* ok, it's a user.  find the user account */
-       become_root(True);
-       disp_info = getsamdisprid(rid);
-       unbecome_root(True);
-
-       if (disp_info != NULL)
-       {
-               fstrcpy(user_name, disp_info->smb_name);
-               DEBUG(5,(" = %s\n", user_name));
-               return 0x0;
-       }
-
-       DEBUG(5,(" none mapped\n"));
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_group_rid
- ********************************************************************/
-uint32 lookup_group_rid(char *group_name, uint32 *rid)
-{
-       char *grp_name;
-       int i = -1; /* start do loop at -1 */
-
-       do /* find, if it exists, a group rid for the group name*/
-       {
-               i++;
-               (*rid) = domain_group_rids[i].rid;
-               grp_name = domain_group_rids[i].name;
-
-       } while (grp_name != NULL && !strequal(grp_name, group_name));
-
-       return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_rid
- ********************************************************************/
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
-{
-       char *als_name;
-       int i = -1; /* start do loop at -1 */
-
-       do /* find, if it exists, a alias rid for the alias name*/
-       {
-               i++;
-               (*rid) = builtin_alias_rids[i].rid;
-               als_name = builtin_alias_rids[i].name;
-
-       } while (als_name != NULL && !strequal(als_name, alias_name));
-
-       return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_rid
- ********************************************************************/
-uint32 lookup_user_rid(char *user_name, uint32 *rid)
-{
-       struct sam_passwd *sam_pass;
-       (*rid) = 0;
-
-       /* find the user account */
-       become_root(True);
-       sam_pass = getsam21pwnam(user_name);
-       unbecome_root(True);
-
-       if (sam_pass != NULL)
-       {
-               (*rid) = sam_pass->user_rid;
-               return 0x0;
-       }
-
-       return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
+/* retired module */
index 4afa9ece88a110fc5667e0987b1a8e92349aa724..2b87cad33094d035ed5d3d051eac8b99eead8db9 100644 (file)
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#ifdef USING_GROUPNAME_MAP
+/* 
+ * UNIX gid and Local or Domain SID resolution.  This module resolves
+ * only those entries in the map files, it is *NOT* responsible for
+ * resolving UNIX groups not listed: that is an entirely different
+ * matter, altogether...
+ */
+
+/*
+ *
+ *
+
+ format of the file is:
+
+ unixname      NT Group name
+ unixname      Domain Admins (well-known Domain Group)
+ unixname      DOMAIN_NAME\NT Group name
+ unixname      OTHER_DOMAIN_NAME\NT Group name
+ unixname      DOMAIN_NAME\Domain Admins (well-known Domain Group)
+ ....
+
+ if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
+
+ *
+ *
+ */
+
 
 #include "includes.h"
 extern int DEBUGLEVEL;
-extern DOM_SID global_sam_sid;
 
+/* we can map either local aliases or domain groups */
+typedef enum 
+{
+       GROUP_LOCAL,
+       GROUP_DOMAIN
+
+} GROUP_TYPE;
 
 /**************************************************************************
  Groupname map functionality. The code loads a groupname map file and
@@ -33,211 +64,543 @@ extern DOM_SID global_sam_sid;
  if the demands on it become excessive.
 ***************************************************************************/
 
-typedef struct groupname_map {
-   ubi_slNode next;
-
-   char *windows_name;
-   DOM_SID windows_sid;
+typedef struct group_name_info
+{
+   char *nt_name;
+   char *nt_domain;
    char *unix_name;
-   gid_t unix_gid;
-} groupname_map_entry;
+
+   DOM_SID sid;
+   gid_t  unix_gid;
+
+} GROUP_NAME_INFO;
+
+typedef struct name_map
+{
+       ubi_slNode next;
+       GROUP_NAME_INFO grp;
+
+} name_map_entry;
 
 static ubi_slList groupname_map_list;
+static ubi_slList aliasname_map_list;
+
+static void delete_name_entry(name_map_entry *gmep)
+{
+       if (gmep->grp.nt_name)
+       {
+               free(gmep->grp.nt_name);
+       }
+       if (gmep->grp.nt_domain)
+       {
+               free(gmep->grp.nt_domain);
+       }
+       if (gmep->grp.unix_name)
+       {
+               free(gmep->grp.unix_name);
+       }
+       free((char*)gmep);
+}
+
+/**************************************************************************
+ Delete all the entries in the name map list.
+***************************************************************************/
+
+static void delete_map_list(ubi_slList *map_list)
+{
+       name_map_entry *gmep;
+
+       while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
+       {
+               delete_name_entry(gmep);
+       }
+}
+
 
 /**************************************************************************
Delete all the entries in the groupname map list.
makes a group sid out of a domain sid and a _unix_ gid.
 ***************************************************************************/
+static BOOL make_mydomain_sid(GROUP_NAME_INFO *grp, GROUP_TYPE type)
+{
+       uint32 tmp_rid;
+       uint8  tmp_type;
+
+       DEBUG(10,("make_mydomain_sid\n"));
+
+       if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
+       {
+               DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
+                         grp->nt_domain));
+               return False;
+       }
+       else if (lookup_wk_group_rid(grp->nt_name, &tmp_rid, &tmp_type))
+       {
+               return sid_append_rid(&grp->sid, tmp_rid);
+       }
+       else
+       {
+               if (type == GROUP_DOMAIN)
+               {
+                       tmp_rid = pwdb_gid_to_group_rid(grp->unix_gid);
+               }
+               else
+               {
+                       tmp_rid = pwdb_gid_to_alias_rid(grp->unix_gid);
+               }
+               return sid_append_rid(&(grp->sid), tmp_rid);
+       }
+}
 
-static void delete_groupname_map_list(void)
+/**************************************************************************
+ makes a group sid out of an nt domain, nt group name or a unix group name.
+***************************************************************************/
+static BOOL unix_name_to_group_info(GROUP_NAME_INFO *grp, GROUP_TYPE type)
 {
-  groupname_map_entry *gmep;
+       extern fstring global_sam_name;
+       struct group *gptr = NULL;
+
+       /*
+        * Attempt to get the unix gid_t for this name.
+        */
+
+       DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name));
+
+       gptr = (struct group *)getgrnam(grp->unix_name);
+       if (gptr == NULL)
+       {
+               DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\
+failed. Error was %s.\n", grp->unix_name, strerror(errno) ));
+               return False;
+       }
+
+       grp->unix_gid = (gid_t)gptr->gr_gid;
+
+       DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_gid));
+
+       /*
+        * Now map the name to an NT SID+RID.
+        */
+
+       if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name))
+       {
+               /* Must add client-call lookup code here, to 
+                * resolve remote domain's sid and the group's rid,
+                * in that domain.
+                *
+                * NOTE: it is _incorrect_ to put code here that assumes
+                * that we can call pwdb_gid_to_group_rid() or _alias_rid():
+                * it is a totally different domain for which we are *NOT*
+                * responsible.
+                * for foriegn domains for which we are *NOT* the PDC, all
+                * we can be responsible for is the unix * gid_t to which
+                * the foriegn SID+rid maps to, on this _local_ machine.  
+                */
+
+               if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
+               {
+                       DEBUG(0,("unix_name_to_group_info: no known sid for %s\n",
+                                 grp->nt_domain));
+                       return False;
+               }
+
+               DEBUG(0,("unix_name_to_group_info: cannot resolve domain %s\n",
+                         grp->nt_domain));
+
+               return False;
+       }
+       else
+       {
+               return make_mydomain_sid(grp, type);
+       }
+}
 
-  while((gmep = (groupname_map_entry *)ubi_slRemHead( &groupname_map_list )) != NULL) {
-    if(gmep->windows_name)
-      free(gmep->windows_name);
-    if(gmep->unix_name)
-      free(gmep->unix_name);
-    free((char *)gmep);
-  }
+static BOOL make_name_entry(name_map_entry **new_ep,
+               char *nt_domain, char *nt_group, char *unix_group,
+               GROUP_TYPE type)
+{
+       /*
+        * Create the list entry and add it onto the list.
+        */
+
+       DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
+
+       (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
+       if ((*new_ep) == NULL)
+       {
+               DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
+               return False;
+       } 
+
+       ZERO_STRUCTP(*new_ep);
+
+       (*new_ep)->grp.nt_name   = strdup(nt_group  );
+       (*new_ep)->grp.nt_domain = strdup(nt_domain );
+       (*new_ep)->grp.unix_name = strdup(unix_group);
+
+       if ((*new_ep)->grp.nt_name   == NULL ||
+           (*new_ep)->grp.unix_name == NULL)
+       {
+               DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
+               delete_name_entry((*new_ep));
+               return False;
+       }
+
+       /*
+        * look up the group names, make the Group-SID and unix gid
+        */
+       if (!unix_name_to_group_info(&(*new_ep)->grp, type))
+       {
+               delete_name_entry((*new_ep));
+               return False;
+       }
+
+       return True;
 }
 
 /**************************************************************************
- Load a groupname map file. Sets last accessed timestamp.
+ Load a name map file. Sets last accessed timestamp.
 ***************************************************************************/
+static void load_name_map(GROUP_TYPE type)
+{
+       static time_t groupmap_file_last_modified = (time_t)0;
+       static time_t aliasmap_file_last_modified = (time_t)0;
+       static BOOL initialised_group = False;
+       static BOOL initialised_alias = False;
+       char *groupname_map_file = lp_groupname_map();
+       char *aliasname_map_file = lp_aliasname_map();
+
+       SMB_STRUCT_STAT st;
+       FILE *fp;
+       char *s;
+       pstring buf;
+       name_map_entry *new_ep;
+
+       time_t *file_last_modified;
+       int    *initialised;
+       char   *map_file;
+       ubi_slList *map_list;
+
+       if (type == GROUP_DOMAIN)
+       {
+               file_last_modified = &groupmap_file_last_modified;
+               initialised        = &initialised_group;
+               map_file           = groupname_map_file;
+               map_list           = &groupname_map_list;
+       }
+       else
+       {
+               file_last_modified = &aliasmap_file_last_modified;
+               initialised        = &initialised_alias;
+               map_file           = aliasname_map_file;
+               map_list           = &aliasname_map_list;
+       }
+
+       DEBUG(10,("load_name_map : %s\n", map_file));
+
+       if (!(*initialised))
+       {
+               ubi_slInitList(map_list);
+               (*initialised) = True;
+       }
+
+       if (!*map_file)
+       {
+               return;
+       }
+
+       if (sys_stat(map_file, &st) != 0)
+       {
+               DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n",
+                          map_file, strerror(errno) ));
+               return;
+       }
+
+       /*
+        * Check if file has changed.
+        */
+       if (st.st_mtime <= (*file_last_modified))
+       {
+               return;
+       }
+
+       (*file_last_modified) = st.st_mtime;
+
+       /*
+        * Load the file.
+        */
+
+       fp = fopen(map_file,"r");
+       if (!fp)
+       {
+               DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n",
+                         map_file, strerror(errno)));
+               return;
+       }
+
+       /*
+        * Throw away any previous list.
+        */
+       delete_map_list(map_list);
+
+       DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
+
+       while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
+       {
+               pstring unixname;
+               pstring nt_name;
+               fstring nt_domain;
+               fstring nt_group;
+               char *p;
+
+               DEBUG(10,("Read line |%s|\n", s));
+
+               memset(nt_name, 0, sizeof(nt_name));
+
+               if (!*s || strchr("#;",*s))
+                       continue;
+
+               if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
+                       continue;
+
+               if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
+                       continue;
+
+               trim_string(unixname, " ", " ");
+               trim_string(nt_name, " ", " ");
+
+               if (!*nt_name)
+                       continue;
+
+               if (!*unixname)
+                       continue;
+
+               DEBUG(5,("unixname = %s, ntname = %s.\n",
+                         unixname, nt_name));
+
+               p = strchr(nt_name, '\\');
+
+               if (p == NULL)
+               {
+                       memset(nt_domain, 0, sizeof(nt_domain));
+                       fstrcpy(nt_group, nt_name);
+               }
+               else
+               {
+                       *p = 0;
+                       p++;
+                       fstrcpy(nt_domain, nt_name);
+                       fstrcpy(nt_group , p);
+               }
+
+               if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type))
+               {
+                       ubi_slAddHead(map_list, (ubi_slNode *)new_ep);
+               }
+       }
+
+       DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
+       ubi_slCount(map_list)));
+
+       fclose(fp);
+}
+
+/***********************************************************
+ Lookup a gid_t by SID
+************************************************************/
+static BOOL map_sid_to_gid(GROUP_TYPE type, ubi_slList *map_list,
+               DOM_SID *psid, gid_t *gid)
+{
+       name_map_entry *gmep;
+
+       /*
+        * Initialize and load if not already loaded.
+        */
+       load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (sid_equal(&gmep->grp.sid, psid))
+               {
+                       *gid = gmep->grp.unix_gid;
+                       DEBUG(7,("map_sid_to_gid: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+/***********************************************************
+ Lookup a SID entry by nt name.
+************************************************************/
+static BOOL map_sid_to_ntname(GROUP_TYPE type, ubi_slList *map_list,
+               DOM_SID *psid, char *ntname, char *ntdomain)
+{
+       name_map_entry *gmep;
+
+       /*
+        * Initialize and load if not already loaded.
+        */
+       load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(&map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (sid_equal(&gmep->grp.sid, psid))
+               {
+                       if (ntname != NULL)
+                       {
+                               fstrcpy(ntname, gmep->grp.nt_name);
+                       }
+                       if (ntdomain != NULL)
+                       {
+                               fstrcpy(ntname, gmep->grp.nt_domain);
+                       }
+                       DEBUG(7,("map_sid_to_ntname: Mapping unix group %s to nt group \%s\%s\n",
+                              gmep->grp.unix_name,
+                              gmep->grp.nt_domain, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
 
-void load_groupname_map(void)
-{
-  static time_t groupmap_file_last_modified = (time_t)0;
-  static BOOL initialized = False;
-  char *groupname_map_file = lp_groupname_map();
-  SMB_STRUCT_STAT st;
-  FILE *fp;
-  char *s;
-  pstring buf;
-  groupname_map_entry *new_ep;
-
-  if(!initialized) {
-    ubi_slInitList( &groupname_map_list );
-    initialized = True;
-  }
-
-  if (!*groupname_map_file)
-    return;
-
-  if(sys_stat(groupname_map_file, &st) != 0) {
-    DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n",
-               groupname_map_file, strerror(errno) ));
-    return;
-  }
-
-  /*
-   * Check if file has changed.
-   */
-  if( st.st_mtime <= groupmap_file_last_modified)
-    return;
-
-  groupmap_file_last_modified = st.st_mtime;
-
-  /*
-   * Load the file.
-   */
-
-  fp = fopen(groupname_map_file,"r");
-  if (!fp) {
-    DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n",
-          groupname_map_file, strerror(errno)));
-    return;
-  }
-
-  /*
-   * Throw away any previous list.
-   */
-  delete_groupname_map_list();
-
-  DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file));
-
-  while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) {
-    pstring unixname;
-    pstring windows_name;
-    struct group *gptr;
-    DOM_SID tmp_sid;
-
-    DEBUG(10,("load_groupname_map: Read line |%s|\n", s));
-
-    if (!*s || strchr("#;",*s))
-      continue;
-
-    if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
-      continue;
-
-    if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name)))
-      continue;
-
-    trim_string(unixname, " ", " ");
-    trim_string(windows_name, " ", " ");
-
-    if (!*windows_name)
-      continue;
-
-    if(!*unixname)
-      continue;
-
-    DEBUG(5,("load_groupname_map: unixname = %s, windowsname = %s.\n",
-             unixname, windows_name));
-
-    /*
-     * Attempt to get the unix gid_t for this name.
-     */
-
-    if((gptr = (struct group *)getgrnam(unixname)) == NULL) {
-      DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\
-Error was %s.\n", unixname, strerror(errno) ));
-      continue;
-    }
-
-    /*
-     * Now map to an NT SID.
-     */
-
-    if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) {
-      /*
-       * It's not a well known name, convert the UNIX gid_t
-       * to a rid within this domain SID.
-       */
-      tmp_sid = global_sam_sid;
-      tmp_sid.sub_auths[tmp_sid.num_auths++] = 
-                    pdb_gid_to_group_rid((gid_t)gptr->gr_gid);
-    }
-
-    /*
-     * Create the list entry and add it onto the list.
-     */
-
-    if((new_ep = (groupname_map_entry *)malloc( sizeof(groupname_map_entry) ))== NULL) {
-      DEBUG(0,("load_groupname_map: malloc fail for groupname_map_entry.\n"));
-      fclose(fp);
-      return;
-    } 
-
-    new_ep->unix_gid = gptr->gr_gid;
-    new_ep->windows_sid = tmp_sid;
-    new_ep->windows_name = strdup( windows_name );
-    new_ep->unix_name = strdup( unixname );
-
-    if(new_ep->windows_name == NULL || new_ep->unix_name == NULL) {
-      DEBUG(0,("load_groupname_map: malloc fail for names in groupname_map_entry.\n"));
-      fclose(fp);
-      if(new_ep->windows_name != NULL)
-        free(new_ep->windows_name);
-      if(new_ep->unix_name != NULL)
-        free(new_ep->unix_name);
-      free((char *)new_ep);
-      return;
-    }
-    memset((char *)&new_ep->next, '\0', sizeof(new_ep->next) );
-
-    ubi_slAddHead( &groupname_map_list, (ubi_slNode *)new_ep);
-  }
-
-  DEBUG(10,("load_groupname_map: Added %ld entries to groupname map.\n",
-           ubi_slCount(&groupname_map_list)));
-           
-  fclose(fp);
+/***********************************************************
+ Lookup a SID entry by nt name.
+************************************************************/
+static BOOL map_ntname_to_sid(GROUP_TYPE type, ubi_slList *map_list,
+               char * ntname, DOM_SID *psid)
+{
+       name_map_entry *gmep;
+
+       /*
+        * Initialize and load if not already loaded.
+        */
+       load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(&map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (strequal(gmep->grp.nt_name, ntname))
+               {
+                       *psid = gmep->grp.sid;
+                       DEBUG(7,("map_ntname_to_sid: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
 }
 
 /***********************************************************
  Lookup a SID entry by gid_t.
 ************************************************************/
+static BOOL map_gid_to_sid(GROUP_TYPE type, ubi_slList *map_list,
+               gid_t gid, DOM_SID *psid)
+{
+       name_map_entry *gmep;
+
+       /*
+        * Initialize and load if not already loaded.
+        */
+       load_name_map(type);
+
+       for (gmep = (name_map_entry *)ubi_slFirst(&map_list);
+            gmep != NULL;
+            gmep = (name_map_entry *)ubi_slNext(gmep ))
+       {
+               if (gmep->grp.unix_gid == gid)
+               {
+                       *psid = gmep->grp.sid;
+                       DEBUG(7,("map_gid_to_sid: Mapping unix group %s to nt group %s.\n",
+                              gmep->grp.unix_name, gmep->grp.nt_name ));
+                       return True;
+               }
+       }
+
+       return False;
+}
+
+/*
+ * Call these four functions to resolve unix group ids and either
+ * local group SIDs or domain group SIDs listed in the local group
+ * or domain group map files.
+ *
+ * Note that it is *NOT* the responsibility of these functions to
+ * resolve entries that are not in the map files.
+ *
+ * Any SID can be in the map files (i.e from any Domain).
+ */
 
-void map_gid_to_sid( gid_t gid, DOM_SID *psid)
+/***********************************************************
+ Lookup a Group entry by sid.
+************************************************************/
+BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain)
+{
+       return map_sid_to_ntname(GROUP_DOMAIN, &groupname_map_list, psid, group_name, nt_domain);
+}
+
+/***********************************************************
+ Lookup an Alias SID entry by name.
+************************************************************/
+BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain)
+{
+       return map_sid_to_ntname(GROUP_LOCAL, &aliasname_map_list, psid, alias_name, nt_domain);
+}
+
+/***********************************************************
+ Lookup a Group SID entry by name.
+************************************************************/
+BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid)
 {
-  groupname_map_entry *gmep;
+       return map_ntname_to_sid(GROUP_DOMAIN, &groupname_map_list, group_name, psid);
+}
 
-  /*
-   * Initialize and load if not already loaded.
-   */
-  load_groupname_map();
+/***********************************************************
+ Lookup an Alias SID entry by name.
+************************************************************/
+BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid)
+{
+       return map_ntname_to_sid(GROUP_LOCAL, &aliasname_map_list, alias_name, psid);
+}
 
-  for( gmep = (groupname_map_entry *)ubi_slFirst( &groupname_map_list);
-       gmep; gmep = (groupname_map_entry *)ubi_slNext( gmep )) {
+/***********************************************************
+ Lookup an Alias SID entry by gid_t.
+************************************************************/
+BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid)
+{
+       return map_gid_to_sid(GROUP_LOCAL, &aliasname_map_list, gid, psid);
+}
 
-    if( gmep->unix_gid == gid) {
-      *psid = gmep->windows_sid;
-      DEBUG(7,("map_gid_to_sid: Mapping unix group %s to windows group %s.\n",
-               gmep->unix_name, gmep->windows_name ));
-      return;
-    }
-  }
+/***********************************************************
+ Lookup a Group SID entry by gid_t.
+************************************************************/
+BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid)
+{
+       return map_gid_to_sid(GROUP_DOMAIN, &groupname_map_list, gid, psid);
+}
 
-  /*
-   * If there's no map, convert the UNIX gid_t
-   * to a rid within this domain SID.
-   */
-  *psid = global_sam_sid;
-  psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid);
+/***********************************************************
+ Lookup a Group gid_t by SID
+************************************************************/
+BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid)
+{
+       return map_sid_to_gid(GROUP_DOMAIN, &groupname_map_list, psid, gid);
+}
 
-  return;
+/***********************************************************
+ Lookup an Alias gid_t by SID
+************************************************************/
+BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid)
+{
+       return map_sid_to_gid(GROUP_LOCAL, &aliasname_map_list, psid, gid);
 }
-#else /* USING_GROUPNAME_MAP */
- void load_groupname_map(void) {;}
-#endif /* USING_GROUPNAME_MAP */
+
index 8b4049cd962fdadda0b1f0acac4c892628bc7b2d..e4f0d2e2ecdf7a6ae50a356050d2bf5b30a7c5d2 100644 (file)
@@ -562,8 +562,8 @@ int reply_ntcreate_and_X(connection_struct *conn,
        
        /* If it's an IPC, use the pipe handler. */
 
-       if (IS_IPC(conn) && lp_nt_pipe_support()) {
-
+       if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE)
+       {
                int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum);
                if(ret != 0)
                        return ret;
index fb5acf156f3671d15492034312a9a3570e8ee8ce..0c8eb124ff5d6b854b5f92494c82f10c5db11042 100644 (file)
@@ -153,7 +153,7 @@ char *validated_username(uint16 vuid)
 /****************************************************************************
 Setup the groups a user belongs to.
 ****************************************************************************/
-int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups)
+int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups)
 {
        int i,ngroups;
        gid_t grp = 0;
@@ -180,7 +180,7 @@ int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_gro
 
        if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL)
        {
-               DEBUG(0,("setup_groups malloc fail !\n"));
+               DEBUG(0,("get_unixgroups malloc fail !\n"));
                return -1;
        }
 
@@ -263,7 +263,7 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
 
   /* Find all the groups this uid is in and store them. 
      Used by become_user() */
-  setup_groups(unix_name,uid,gid,
+  get_unixgroups(unix_name,uid,gid,
               &vuser->n_groups,
               &vuser->groups);
 
@@ -1142,15 +1142,10 @@ BOOL domain_client_validate( char *user, char *domain,
   unsigned char local_lm_response[24];
   unsigned char local_nt_reponse[24];
   unsigned char trust_passwd[16];
-  fstring remote_machine;
-  char *p;
-  struct in_addr dest_ip;
   NET_ID_INFO_CTR ctr;
   NET_USER_INFO_3 info3;
   struct cli_state cli;
   uint32 smb_uid_low;
-  BOOL connected_ok = False;
-  struct nmb_name calling, called;
 
   /* 
    * Check that the requested domain is not our own machine name.
@@ -1211,102 +1206,9 @@ BOOL domain_client_validate( char *user, char *domain,
    * see if they were valid.
    */
 
-  ZERO_STRUCT(cli);
-
-  if(cli_initialise(&cli) == False) {
-    DEBUG(0,("domain_client_validate: unable to initialize client connection.\n"));
-    return False;
-  }
-
-  /*
-   * Treat each name in the 'password server =' line as a potential
-   * PDC/BDC. Contact each in turn and try and authenticate.
-   */
-
-  p = lp_passwordserver();
-  while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
-
-    standard_sub_basic(remote_machine);
-    strupper(remote_machine);
-    if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
-      DEBUG(1,("domain_client_validate: Can't resolve address for %s\n", remote_machine));
-      continue;
-    }   
-    
-    if (ismyip(dest_ip)) {
-      DEBUG(1,("domain_client_validate: Password server loop - not using password server %s\n",remote_machine));
-      continue;
-    }
-      
-    if (!cli_connect(&cli, remote_machine, &dest_ip)) {
-      DEBUG(0,("domain_client_validate: unable to connect to SMB server on \
-machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
-      continue;
-    }
-    
-       make_nmb_name(&calling, global_myname , 0x0 , scope);
-       make_nmb_name(&called , remote_machine, 0x20, scope);
-
-       if (!cli_session_request(&cli, &calling, &called))
+       if (!cli_connect_serverlist(&cli, lp_passwordserver()))
        {
-      DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \
-Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
-      cli_shutdown(&cli);
-      continue;
-    }
-    
-    cli.protocol = PROTOCOL_NT1;
-
-    if (!cli_negprot(&cli)) {
-      DEBUG(0,("domain_client_validate: machine %s rejected the negotiate protocol. \
-Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
-      cli_shutdown(&cli);
-      continue;
-    }
-    
-    if (cli.protocol != PROTOCOL_NT1) {
-      DEBUG(0,("domain_client_validate: machine %s didn't negotiate NT protocol.\n",
-                     remote_machine));
-      cli_shutdown(&cli);
-      continue;
-    }
-
-    /* 
-     * Do an anonymous session setup.
-     */
-
-    if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
-      DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \
-Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
-      cli_shutdown(&cli);
-      continue;
-    }      
-
-    if (!(cli.sec_mode & 1)) {
-      DEBUG(1,("domain_client_validate: machine %s isn't in user level security mode\n",
-                 remote_machine));
-      cli_shutdown(&cli);
-      continue;
-    }
-
-    if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
-      DEBUG(0,("domain_client_validate: machine %s rejected the tconX on the IPC$ share. \
-Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
-      cli_shutdown(&cli);
-      continue;
-    }
-
-    /*
-     * We have an anonymous connection to IPC$.
-     */
-    connected_ok = True;
-    break;
-  }
-
-  if (!connected_ok) {
     DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
-    cli_shutdown(&cli);
     return False;
   }
 
@@ -1317,7 +1219,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
 
   if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) {
     DEBUG(0,("domain_client_validate: unable to open the domain client session to \
-machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
+machine %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli)));
     cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
@@ -1326,7 +1228,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
 
   if(cli_nt_setup_creds(&cli, trust_passwd) == False) {
     DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \
-%s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
+%s. Error was : %s.\n", cli.desthost, cli_errstr(&cli)));
     cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
@@ -1341,7 +1243,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
                           ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL),
                           &ctr, &info3) == False) {
     DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \
-%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));
+%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli)));
     cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
@@ -1361,7 +1263,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
 
   if(cli_nt_logoff(&cli, &ctr) == False) {
     DEBUG(0,("domain_client_validate: unable to log off user %s in domain \
-%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));        
+%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli)));        
     cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
index ee0053aed077b0e89824e81d2e9babf72cc90f10..78a09e46e704c573239fc2fd1697d5a1bd712395 100644 (file)
@@ -1403,8 +1403,10 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
   files_struct *fsp;
 
   /* If it's an IPC, pass off the pipe handler. */
-  if (IS_IPC(conn) && lp_nt_pipe_support())
+  if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE)
+  {
     return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
+  }
 
   /* XXXX we need to handle passed times, sattr and flags */
 
index 68f722ff51b0795dc37629dad5fe3b8f302b362f..49816e5d47f5af50bab15fd28bfdd1b140a9a06c 100644 (file)
@@ -25,6 +25,7 @@
 pstring servicesf = CONFIGFILE;
 extern pstring debugf;
 extern fstring global_myworkgroup;
+extern fstring global_sam_name;
 extern pstring global_myname;
 
 int am_parent = 1;
@@ -428,6 +429,13 @@ void exit_server(char *reason)
        locking_end();
 
        DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
+#ifdef MEM_MAN
+       {
+               extern FILE *dbf;
+               smb_mem_write_verbose(dbf);
+               dbgflush();
+       }
+#endif
        exit(0);
 }
 
@@ -644,12 +652,42 @@ static void usage(char *pname)
        codepage_initialise(lp_client_code_page());
 
        fstrcpy(global_myworkgroup, lp_workgroup());
+       memset(global_sam_name, 0, sizeof(global_sam_name));
+
+       if (lp_domain_logons())
+       {
+               if (lp_security() == SEC_USER)
+               {
+                       /* we are PDC (or BDC) for a Domain */
+                       fstrcpy(global_sam_name, lp_workgroup());
+               }
+               else if (lp_security() == SEC_DOMAIN)
+               {
+                       /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */
+                       fstrcpy(global_sam_name, global_myname);
+               }
+               else if (lp_security() == SEC_SHARE)
+               {
+                       DEBUG(0,("ERROR: no Domain functionality in security = share\n"));
+                       exit(1);
+               }
+       }
+
+       generate_wellknown_sids();
 
-       if(!pdb_generate_sam_sid()) {
+       if (!generate_sam_sid())
+       {
                DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
                exit(1);
        }
 
+       if (lp_security() == SEC_DOMAIN && !get_member_domain_sid())
+       {
+               DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",
+                         lp_passwordserver()));
+               exit(1);
+       }
+
        CatchSignal(SIGHUP,SIGNAL_CAST sig_hup);
        
        /* Setup the signals that allow the debug log level
@@ -696,7 +734,16 @@ static void usage(char *pname)
        if (!locking_init(0))
                exit(1);
 
-       if(!initialize_password_db())
+       if(!initialise_passgrp_db())
+               exit(1);
+
+       if(!initialise_password_db())
+               exit(1);
+
+       if(!initialise_group_db())
+               exit(1);
+
+       if(!initialise_alias_db())
                exit(1);
 
        /* possibly reload the services file. */
index ee195e12ec0cdd1c67ad37cf6339ced43c430635..cedac1c76f6796c6ebed65643c9f4d830425f544 100644 (file)
@@ -387,7 +387,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int
        if (!IS_IPC(conn)) {
                /* Find all the groups this uid is in and
                   store them. Used by become_user() */
-               setup_groups(conn->user,conn->uid,conn->gid,
+               get_unixgroups(conn->user,conn->uid,conn->gid,
                             &conn->ngroups,&conn->groups);
                
                /* check number of connections */
index 96d1181ca09832746872049c9ad1b7b6f365b751..dac64a22e3a854f9faa0b3ece9b0122968dad7f5 100644 (file)
@@ -49,7 +49,36 @@ struct cli_state *smb_cli = &smbcli;
 
 FILE *out_hnd;
 
+static pstring user_name; /* local copy only, if one is entered */
 static pstring password; /* local copy only, if one is entered */
+static pstring domain; /* local copy only, if one is entered */
+BOOL got_pass = False;
+
+static struct nmb_name calling;
+static struct nmb_name called;
+
+static void get_passwd(void)
+{
+       /* set the password cache info */
+       if (got_pass)
+       {
+               if (password[0] == 0)
+               {
+                       pwd_set_nullpwd(&(smb_cli->pwd));
+               }
+               else
+               {
+                       pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+               }
+       }
+       else 
+       {
+               char *pwd = getpass("Enter Password:");
+               safe_strcpy(password, pwd, sizeof(password));
+               pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+               got_pass = True;
+       }
+}
 
 /****************************************************************************
 initialise smb client structure
@@ -59,6 +88,23 @@ void rpcclient_init(void)
        bzero(smb_cli, sizeof(smb_cli));
        cli_initialise(smb_cli);
        smb_cli->capabilities |= CAP_NT_SMBS;
+       smb_cli->capabilities |= CAP_STATUS32;
+
+       pstrcpy(smb_cli->user_name, user_name);
+       smb_cli->nt_pipe_fnum   = 0xffff;
+
+       get_passwd();
+
+       if (*domain == 0)
+       {
+               pstrcpy(smb_cli->domain,lp_workgroup());
+       }
+       else
+       {
+               pstrcpy(smb_cli->domain, domain);
+       }
+
+       strupper(smb_cli->domain);
 }
 
 /****************************************************************************
@@ -66,11 +112,7 @@ make smb client connection
 ****************************************************************************/
 static BOOL rpcclient_connect(struct client_info *info)
 {
-       struct nmb_name calling;
-       struct nmb_name called;
-
-       make_nmb_name(&called , dns_to_netbios_name(info->dest_host ), info->name_type, scope);
-       make_nmb_name(&calling, dns_to_netbios_name(info->myhostname), 0x0            , scope);
+       rpcclient_init();
 
        if (!cli_establish_connection(smb_cli, 
                                  info->dest_host, &info->dest_ip, 
@@ -97,7 +139,7 @@ static void rpcclient_stop(void)
 /****************************************************************************
   log in as an nt user, log out again. 
 ****************************************************************************/
-void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state *cli)
+void run_enums_test(int num_ops, struct client_info *cli_info)
 {
        pstring cmd;
        int i;
@@ -105,8 +147,8 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state
        /* establish connections.  nothing to stop these being re-established. */
        rpcclient_connect(cli_info);
 
-       DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd));
-       if (cli->fd <= 0)
+       DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd));
+       if (smb_cli->fd <= 0)
        {
                fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n",
                                 cli_info->dest_host, cli_info->name_type);
@@ -141,7 +183,7 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state
 /****************************************************************************
   log in as an nt user, log out again. 
 ****************************************************************************/
-void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_state *cli)
+void run_ntlogin_test(int num_ops, struct client_info *cli_info)
 {
        pstring cmd;
        int i;
@@ -149,8 +191,8 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat
        /* establish connections.  nothing to stop these being re-established. */
        rpcclient_connect(cli_info);
 
-       DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd));
-       if (cli->fd <= 0)
+       DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd));
+       if (smb_cli->fd <= 0)
        {
                fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n",
                                 cli_info->dest_host, cli_info->name_type);
@@ -159,7 +201,7 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat
        
        for (i = 0; i < num_ops; i++)
        {
-               slprintf(cmd, sizeof(cmd)-1, "%s %s", cli->user_name, password);
+               slprintf(cmd, sizeof(cmd)-1, "%s %s", smb_cli->user_name, password);
                set_first_token(cmd);
 
                cmd_netlogon_login_test(cli_info);
@@ -169,12 +211,387 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat
 
 }
 
+/* generate a random buffer */
+static void rand_buf(char *buf, int len)
+{
+       while (len--) {
+               *buf = sys_random();
+               buf++;
+       }
+}
+
+/****************************************************************************
+do a random rpc command
+****************************************************************************/
+BOOL do_random_rpc(struct cli_state *cli, int max_len)
+{
+       prs_struct rbuf;
+       prs_struct buf; 
+       uint8 opcode;
+       int param_len;
+       BOOL response = False;
+
+       if ((sys_random() % 20) == 0)
+       {
+               param_len = (sys_random() % 256) + 4;
+       }
+       else
+       {
+               param_len = (sys_random() % max_len) + 4;
+       }
+
+       prs_init(&buf , param_len, 4, SAFETY_MARGIN, False);
+       prs_init(&rbuf, 0        , 4, SAFETY_MARGIN, True );
+
+       opcode = sys_random() % 256;
+
+       /* turn parameters into data stream */
+       rand_buf(mem_data(&buf.data, 0), param_len);
+       buf.offset = param_len;
+
+       /* send the data on \PIPE\ */
+       if (rpc_api_pipe_req(cli, opcode, &buf, &rbuf))
+       {
+               response = rbuf.offset != 0;
+
+               if (response)
+               {
+                       DEBUG(0,("response! opcode: 0x%x\n", opcode));
+                       DEBUG(0,("request: length %d\n", param_len));
+                       dump_data(0, mem_data(&buf.data , 0), MIN(param_len, 128));
+                       DEBUG(0,("response: length %d\n", rbuf.data->offset.end));
+                       dump_data(0, mem_data(&rbuf.data, 0), rbuf.data->offset.end);
+               }
+       }
+
+       prs_mem_free(&rbuf);
+       prs_mem_free(&buf );
+
+       return response;
+}
+
+
+/* send random IPC commands */
+static void random_rpc_pipe_enc(char *pipe_name, struct client_info *cli_info,
+               int numops)
+{
+       int i;
+
+       DEBUG(0,("starting random rpc test on %s (encryped)\n", pipe_name));
+
+       /* establish connections.  nothing to stop these being re-established. */
+       if (!rpcclient_connect(cli_info))
+       {
+               DEBUG(0,("random rpc test: connection failed\n"));
+               return;
+       }
+
+       cli_nt_set_ntlmssp_flgs(smb_cli,
+                                   NTLMSSP_NEGOTIATE_UNICODE |
+                                   NTLMSSP_NEGOTIATE_OEM |
+                                   NTLMSSP_NEGOTIATE_SIGN |
+                                   NTLMSSP_NEGOTIATE_SEAL |
+                                   NTLMSSP_NEGOTIATE_LM_KEY |
+                                   NTLMSSP_NEGOTIATE_NTLM |
+                                   NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+                                   NTLMSSP_NEGOTIATE_00001000 |
+                                   NTLMSSP_NEGOTIATE_00002000);
+
+       for (i = 1; i <= numops * 100; i++)
+       {
+               /* open session.  */
+               cli_nt_session_open(smb_cli, pipe_name);
+
+               do_random_rpc(smb_cli, 1024);
+               if (i % 500 == 0)
+               {
+                       DEBUG(0,("calls: %i\n", i));
+               }
+
+               /* close the session */
+               cli_nt_session_close(smb_cli);
+       }
+
+       /* close the rpc pipe */
+       rpcclient_stop();
+
+       DEBUG(0,("finished random rpc test on %s\n", pipe_name));
+}
+
+/* send random IPC commands */
+static void random_rpc_pipe(char *pipe_name, struct client_info *cli_info,
+               int numops)
+{
+       int i;
+
+       DEBUG(0,("starting random rpc test on %s\n", pipe_name));
+
+       /* establish connections.  nothing to stop these being re-established. */
+       if (!rpcclient_connect(cli_info))
+       {
+               DEBUG(0,("random rpc test: connection failed\n"));
+               return;
+       }
+
+       /* open session.  */
+       if (!cli_nt_session_open(smb_cli, pipe_name))
+       {
+               DEBUG(0,("random rpc test: session open failed\n"));
+               return;
+       }
+
+       for (i = 1; i <= numops * 100; i++)
+       {
+               do_random_rpc(smb_cli, 8192);
+               if (i % 500 == 0)
+               {
+                       DEBUG(0,("calls: %i\n", i));
+               }
+       }
+
+       /* close the session */
+       cli_nt_session_close(smb_cli);
+
+       /* close the rpc pipe */
+       rpcclient_stop();
+
+       DEBUG(0,("finished random rpc test on %s\n", pipe_name));
+}
+
+static void run_randomrpc(int numops, struct client_info *cli_info)
+{
+       char *pipes[] =
+       {
+               PIPE_SAMR     ,
+               PIPE_WINREG   ,
+               PIPE_SRVSVC   ,
+               PIPE_WKSSVC   ,
+               PIPE_NETLOGON ,
+               PIPE_NTSVCS   ,
+               PIPE_LSARPC   ,
+               NULL
+       };
+
+       int i = 0;
+
+       while (pipes[i] != NULL)
+       {
+               random_rpc_pipe(pipes[i], cli_info, numops);
+#if 0
+               random_rpc_pipe_enc(pipes[i], cli_info, numops);
+#endif
+
+               i++;
+       }
+}
+
+
+static void run_samhandles(int numops, struct client_info *cli_info)
+{
+       int i;
+       int count = 0;
+       int failed = 0;
+       int retry = 500;
+       fstring srv_name;
+       fstrcpy(srv_name, "\\\\");
+       fstrcat(srv_name, cli_info->dest_host);
+       strupper(srv_name);
+
+       DEBUG(0,("starting sam handle test\n"));
+
+       /* establish connections.  nothing to stop these being re-established. */
+       while (retry > 0 && !rpcclient_connect(cli_info))
+       {
+               retry--;
+       }
+
+       if (retry == 0)
+       {
+               DEBUG(0,("samhandle test: connection failed\n"));
+               return;
+       }
+
+       /* open session.  */
+       if (!cli_nt_session_open(smb_cli, PIPE_SAMR))
+       {
+               DEBUG(0,("samhandle test: session open failed\n"));
+               return;
+       }
+
+       for (i = 1; i <= numops * 100; i++)
+       {
+               POLICY_HND pol;
+               POLICY_HND dom;
+               if (!do_samr_connect(smb_cli, srv_name, 0x20, &pol))
+               {
+                       failed++;
+               }
+/*
+               if (!do_samr_open_domain(smb_cli, srv_name, 0x00000020, &pol))
+               {
+                       DEBUG(0,("samhandle domain open test (%i): failed\n", i));
+               }
+ */
+               if (i % 500 == 0)
+               {
+                       DEBUG(0,("calls: %i\n", i));
+               }
+               count++;
+       }
+
+       /* close the session */
+       cli_nt_session_close(smb_cli);
+
+       /* close the rpc pipe */
+       rpcclient_stop();
+
+       DEBUG(0,("finished samhandle test.  count: %d failed: %d\n", count, failed));
+}
+
+
+static void run_lsahandles(int numops, struct client_info *cli_info)
+{
+       int i;
+       int count = 0;
+       int failed = 0;
+       int retry = 500;
+       fstring srv_name;
+       fstrcpy(srv_name, "\\\\");
+       fstrcat(srv_name, cli_info->myhostname);
+       strupper(srv_name);
+
+       DEBUG(0,("starting lsa handle test\n"));
+
+       /* establish connections.  nothing to stop these being re-established. */
+       while (retry > 0 && !rpcclient_connect(cli_info))
+       {
+               retry--;
+       }
+
+       if (retry == 0)
+       {
+               DEBUG(0,("lsahandle test: connection failed\n"));
+               return;
+       }
+       /* open session.  */
+       if (!cli_nt_session_open(smb_cli, PIPE_LSARPC))
+       {
+               DEBUG(0,("lsahandle test: session open failed\n"));
+               return;
+       }
+
+       for (i = 1; i <= numops * 100; i++)
+       {
+               POLICY_HND pol;
+               if (!do_lsa_open_policy(smb_cli, srv_name, &pol, False))
+               {
+                       failed++;
+               }
+               if (i % 500 == 0)
+               {
+                       DEBUG(0,("calls: %i\n", i));
+               }
+               count++;
+       }
+
+       /* close the session */
+       cli_nt_session_close(smb_cli);
+
+       /* close the rpc pipe */
+       rpcclient_stop();
+
+       DEBUG(0,("finished lsahandle test.  count: %d failed: %d\n", count, failed));
+}
+
+
+static void run_pipegobble(int numops, struct client_info *cli_info, char *pipe_name)
+{
+       int i;
+       int count = 0;
+       int failed = 0;
+       int retry = 500;
+       fstring srv_name;
+       fstrcpy(srv_name, "\\\\");
+       fstrcat(srv_name, cli_info->myhostname);
+       strupper(srv_name);
+
+       DEBUG(0,("starting pipe gobble test (%s)\n", pipe_name));
+
+       /* establish connections.  nothing to stop these being re-established. */
+       while (retry > 0 && !rpcclient_connect(cli_info))
+       {
+               retry--;
+       }
+
+       if (retry == 0)
+       {
+               DEBUG(0,("pipe gobble test: connection failed\n"));
+               return;
+       }
+       for (i = 1; i <= numops * 100; i++)
+       {
+               /* open session.  */
+               if (!cli_nt_session_open(smb_cli, pipe_name))
+               {
+                       DEBUG(0,("pipe gobble test: session open failed\n"));
+               }
+
+               if (i % 500 == 0)
+               {
+                       DEBUG(0,("calls: %i\n", i));
+               }
+               count++;
+       }
+
+       rpcclient_stop();
+
+       DEBUG(0,("finished pipe gobble test (%s).  count: %d failed: %d\n",
+                 pipe_name, count, failed));
+}
+
+
+static void run_handles(int numops, struct client_info *cli_info)
+{
+       run_samhandles(numops, cli_info);
+       run_lsahandles(numops, cli_info);
+}
+
+static void run_pipegobbler(int numops, struct client_info *cli_info)
+{
+/*
+       run_pipegobble(numops, cli_info, PIPE_SAMR);
+*/
+       run_pipegobble(numops, cli_info, PIPE_LSARPC);
+}
+
+/****************************************************************************
+make tcp connection
+****************************************************************************/
+static void run_tcpconnect(int numops, struct client_info *info)
+{
+       int i;
+       int failed = 0;
+
+       for (i = 0; i < numops; i++)
+       {
+               rpcclient_init();
+
+               if (!cli_connect(smb_cli, info->dest_host, &info->dest_ip))
+               {
+                       failed++;
+               }
+               cli_shutdown(smb_cli);
+       }
+
+       DEBUG(0,("tcp connections: count: %d failed: %d\n", numops, failed));
+}
+
 /****************************************************************************
   runs n simultaneous functions.
 ****************************************************************************/
 static void create_procs(int nprocs, int numops, 
-               struct client_info *cli_info, struct cli_state *cli,
-               void (*fn)(int, struct client_info *, struct cli_state *))
+               struct client_info *cli_info,
+               void (*fn)(int, struct client_info *))
 {
        int i, status;
 
@@ -184,8 +601,8 @@ static void create_procs(int nprocs, int numops,
                {
                        int mypid = getpid();
                        sys_srandom(mypid ^ time(NULL));
-                       fn(numops, cli_info, cli);
-                       fflush(out_hnd);
+                       fn(numops, cli_info);
+                       dbgflush();
                        _exit(0);
                }
        }
@@ -195,6 +612,8 @@ static void create_procs(int nprocs, int numops,
                waitpid(0, &status, 0);
        }
 }
+
+
 /****************************************************************************
 usage on the program - OUT OF DATE!
 ****************************************************************************/
@@ -235,7 +654,6 @@ enum client_action
        extern int optind;
        static pstring servicesf = CONFIGFILE;
        pstring term_code;
-       BOOL got_pass = False;
        char *cmd_str="";
        mode_t myumask = 0755;
        enum client_action cli_action = CLIENT_NONE;
@@ -246,8 +664,6 @@ enum client_action
 
        out_hnd = stdout;
 
-       rpcclient_init();
-
 #ifdef KANJI
        pstrcpy(term_code, KANJI);
 #else /* KANJI */
@@ -285,8 +701,6 @@ enum client_action
        pstrcpy(cli_info.cur_dir , "\\");
        pstrcpy(cli_info.file_sel, "");
        pstrcpy(cli_info.base_dir, "");
-       pstrcpy(smb_cli->domain, "");
-       pstrcpy(smb_cli->user_name, "");
        pstrcpy(cli_info.myhostname, "");
        pstrcpy(cli_info.dest_host, "");
 
@@ -299,7 +713,6 @@ enum client_action
        ZERO_STRUCT(cli_info.dom.level5_sid);
        pstrcpy(cli_info.dom.level5_dom, "");
 
-       smb_cli->nt_pipe_fnum   = 0xffff;
 
        setup_logging(pname, True);
 
@@ -403,8 +816,8 @@ enum client_action
                        case 'U':
                        {
                                char *lp;
-                               pstrcpy(smb_cli->user_name,optarg);
-                               if ((lp=strchr(smb_cli->user_name,'%')))
+                               pstrcpy(user_name,optarg);
+                               if ((lp=strchr(user_name,'%')))
                                {
                                        *lp = 0;
                                        pstrcpy(password,lp+1);
@@ -416,7 +829,7 @@ enum client_action
 
                        case 'W':
                        {
-                               pstrcpy(smb_cli->domain,optarg);
+                               pstrcpy(domain,optarg);
                                break;
                        }
 
@@ -516,12 +929,6 @@ enum client_action
 
        DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION));
 
-       if (*smb_cli->domain == 0)
-       {
-               pstrcpy(smb_cli->domain,lp_workgroup());
-       }
-       strupper(smb_cli->domain);
-
        load_interfaces();
 
        if (cli_action == CLIENT_IPC)
@@ -534,31 +941,25 @@ enum client_action
        strupper(cli_info.mach_acct);
        fstrcat(cli_info.mach_acct, "$");
 
-       /* set the password cache info */
-       if (got_pass)
-       {
-               if (password[0] == 0)
-               {
-                       pwd_set_nullpwd(&(smb_cli->pwd));
-               }
-               else
-               {
-                       pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
-               }
-       }
-       else 
-       {
-               char *pwd = getpass("Enter Password:");
-               safe_strcpy(password, pwd, sizeof(password));
-               pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
-       }
+       make_nmb_name(&called , dns_to_netbios_name(cli_info.dest_host ), cli_info.name_type, scope);
+       make_nmb_name(&calling, dns_to_netbios_name(cli_info.myhostname), 0x0               , scope);
 
-       create_procs(nprocs, numops, &cli_info, smb_cli, run_enums_test);
+       get_passwd();
+/*
+       create_procs(nprocs, numops, &cli_info, run_enums_test);
 
        if (password[0] != 0)
        {
-               create_procs(nprocs, numops, &cli_info, smb_cli, run_ntlogin_test);
+               create_procs(nprocs, numops, &cli_info, run_ntlogin_test);
        }
+*/
+
+       create_procs(nprocs, numops, &cli_info, run_tcpconnect);
+/*
+       create_procs(nprocs, numops, &cli_info, run_pipegobbler);
+       create_procs(nprocs, numops, &cli_info, run_handles);
+       create_procs(nprocs, numops, &cli_info, run_randomrpc);
+*/
 
        fflush(out_hnd);
 
index 902f59b245bf0adcf613ae1dc312d5170f41aaca..3249103a27266e0809a6b3b72359c6a5d67877c8 100644 (file)
@@ -554,7 +554,7 @@ int main(int argc, char **argv)
        
        charset_initialise();
        
-       if(!initialize_password_db()) {
+       if(!initialise_password_db()) {
                fprintf(stderr, "Can't setup password database vectors.\n");
                exit(1);
        }
index 81fa33fc7503e0b7b258f6566e31bf8c3c8db5a7..fb09f515cf58022166de2e3a626c3be21b9355b0 100644 (file)
@@ -23,6 +23,9 @@
 
 #include "includes.h"
 
+extern int DEBUGLEVEL;
+extern pstring debugf;
+
 static fstring host, workgroup, share, password, username, myname;
 static int max_protocol = PROTOCOL_NT1;
 static char *sockops="";
@@ -42,8 +45,27 @@ static double end_timer(void)
               (tp2.tv_usec - tp1.tv_usec)*1.0e-6);
 }
 
+#define FAILED_NO_ERROR            0
+#define FAILED_TCP_CONNECT         1
+#define FAILED_SESSION_REQ         2
+#define FAILED_SMB_SESS_SETUP      3
+#define FAILED_SMB_TCON            4
+#define FAILED_SMB_NEGPROT         5
+#define FAILED_CLI_STATE_INIT      6
+#define NUM_ERR_STATES             7
 
-static BOOL open_connection(struct cli_state *c)
+static char *smb_messages[] =
+{
+       "No errors in connection",
+       "TCP connection         ",
+       "NetBIOS Session Request",
+       "SMB Session Setup      ",
+       "SMB Tcon               ",
+       "SMB Negprot            ",
+       "Client initialisation  "
+};
+
+static int open_connection(struct cli_state *c)
 {
        struct nmb_name called, calling;
 
@@ -52,48 +74,53 @@ static BOOL open_connection(struct cli_state *c)
        make_nmb_name(&calling, myname, 0x0, "");
        make_nmb_name(&called , host, 0x20, "");
 
-       if (!cli_initialise(c) || !cli_connect(c, host, NULL)) {
-               printf("Failed to connect with %s\n", host);
-               return False;
+       if (!cli_initialise(c))
+       {
+               DEBUG(0,("Failed to connect with %s\n", host));
+               return FAILED_CLI_STATE_INIT;
+       }
+
+       if (!cli_connect(c, host, NULL)) {
+               DEBUG(0,("Failed to connect with %s\n", host));
+               return FAILED_TCP_CONNECT;
        }