libcli/security Provide a common, top level libcli/security/security.h
[kai/samba.git] / source3 / passdb / passdb.c
index 3ced15080373246e514df81d768e2412c0330a1c..dafe55eef756fa3cbb77b8d59888e9e57e594cfd 100644 (file)
@@ -24,6 +24,8 @@
 
 #include "includes.h"
 #include "../libcli/auth/libcli_auth.h"
+#include "secrets.h"
+#include "../libcli/security/security.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -122,6 +124,18 @@ struct samu *samu_new( TALLOC_CTX *ctx )
        return user;
 }
 
+static int count_commas(const char *str)
+{
+       int num_commas = 0;
+       const char *comma = str;
+
+       while ((comma = strchr(comma, ',')) != NULL) {
+               comma += 1;
+               num_commas += 1;
+       }
+       return num_commas;
+}
+
 /*********************************************************************
  Initialize a struct samu from a struct passwd including the user 
  and group SIDs.  The *user structure is filled out with the Unix
@@ -132,7 +146,8 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
 {
        const char *guest_account = lp_guestaccount();
        const char *domain = global_myname();
-       uint32 urid;
+       char *fullname;
+       uint32_t urid;
 
        if ( !pwd ) {
                return NT_STATUS_NO_SUCH_USER;
@@ -141,7 +156,27 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
        /* Basic properties based upon the Unix account information */
 
        pdb_set_username(user, pwd->pw_name, PDB_SET);
-       pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
+
+       fullname = NULL;
+
+       if (count_commas(pwd->pw_gecos) == 3) {
+               /*
+                * Heuristic: This seems to be a gecos field that has been
+                * edited by chfn(1). Only use the part before the first
+                * comma. Fixes bug 5198.
+                */
+               fullname = talloc_strndup(
+                       talloc_tos(), pwd->pw_gecos,
+                       strchr(pwd->pw_gecos, ',') - pwd->pw_gecos);
+       }
+
+       if (fullname != NULL) {
+               pdb_set_fullname(user, fullname, PDB_SET);
+       } else {
+               pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
+       }
+       TALLOC_FREE(fullname);
+
        pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT);
 #if 0
        /* This can lead to a primary group of S-1-22-2-XX which 
@@ -160,7 +195,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
        /* Special case for the guest account which must have a RID of 501 */
 
        if ( strequal( pwd->pw_name, guest_account ) ) {
-               if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+               if ( !pdb_set_user_sid_from_rid(user, DOMAIN_RID_GUEST, PDB_DEFAULT)) {
                        return NT_STATUS_NO_SUCH_USER;
                }
                return NT_STATUS_OK;
@@ -208,8 +243,8 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
           netr_SamInfo3 structure) */
 
        if ( create && (pdb_capabilities() & PDB_CAP_STORE_RIDS)) {
-               uint32 user_rid;
-               DOM_SID user_sid;
+               uint32_t user_rid;
+               struct dom_sid user_sid;
 
                if ( !pdb_new_rid( &user_rid ) ) {
                        DEBUG(3, ("Could not allocate a new RID\n"));
@@ -338,7 +373,7 @@ uint32_t pdb_decode_acct_ctrl(const char *p)
  Routine to set 32 hex password characters from a 16 byte array.
 **************************************************************/
 
-void pdb_sethexpwd(char p[33], const unsigned char *pwd, uint32 acct_ctrl)
+void pdb_sethexpwd(char p[33], const unsigned char *pwd, uint32_t acct_ctrl)
 {
        if (pwd != NULL) {
                int i;
@@ -462,7 +497,7 @@ int algorithmic_rid_base(void)
  Converts NT user RID to a UNIX uid.
  ********************************************************************/
 
-uid_t algorithmic_pdb_user_rid_to_uid(uint32 user_rid)
+uid_t algorithmic_pdb_user_rid_to_uid(uint32_t user_rid)
 {
        int rid_offset = algorithmic_rid_base();
        return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
@@ -477,17 +512,17 @@ uid_t max_algorithmic_uid(void)
  converts UNIX uid to an NT User RID.
  ********************************************************************/
 
-uint32 algorithmic_pdb_uid_to_user_rid(uid_t uid)
+uint32_t algorithmic_pdb_uid_to_user_rid(uid_t uid)
 {
        int rid_offset = algorithmic_rid_base();
-       return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
+       return (((((uint32_t)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
 }
 
 /*******************************************************************
  Converts NT group RID to a UNIX gid.
  ********************************************************************/
 
-gid_t pdb_group_rid_to_gid(uint32 group_rid)
+gid_t pdb_group_rid_to_gid(uint32_t group_rid)
 {
        int rid_offset = algorithmic_rid_base();
        return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
@@ -506,17 +541,17 @@ gid_t max_algorithmic_gid(void)
  there is not anymore a direct link between the gid and the rid.
  ********************************************************************/
 
-uint32 algorithmic_pdb_gid_to_group_rid(gid_t gid)
+uint32_t algorithmic_pdb_gid_to_group_rid(gid_t gid)
 {
        int rid_offset = algorithmic_rid_base();
-       return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE);
+       return (((((uint32_t)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE);
 }
 
 /*******************************************************************
  Decides if a RID is a well known RID.
  ********************************************************************/
 
-static bool rid_is_well_known(uint32 rid)
+static bool rid_is_well_known(uint32_t rid)
 {
        /* Not using rid_offset here, because this is the actual
           NT fixed value (1000) */
@@ -528,14 +563,14 @@ static bool rid_is_well_known(uint32 rid)
  Decides if a RID is a user or group RID.
  ********************************************************************/
 
-bool algorithmic_pdb_rid_is_user(uint32 rid)
+bool algorithmic_pdb_rid_is_user(uint32_t rid)
 {
        if ( rid_is_well_known(rid) ) {
                /*
-                * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
-                * and DOMAIN_USER_RID_GUEST.
+                * The only well known user RIDs are DOMAIN_RID_ADMINISTRATOR
+                * and DOMAIN_RID_GUEST.
                 */
-               if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+               if(rid == DOMAIN_RID_ADMINISTRATOR || rid == DOMAIN_RID_GUEST)
                        return True;
        } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
                return True;
@@ -559,7 +594,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
           the group already exists. */
 
        if ( strequal( name, "None" ) ) {
-               *rid = DOMAIN_GROUP_RID_USERS;
+               *rid = DOMAIN_RID_USERS;
                *type = SID_NAME_DOM_GRP;
 
                return True;
@@ -571,7 +606,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
 
        if ((flags & LOOKUP_NAME_GROUP) == 0) {
                struct samu *sam_account = NULL;
-               DOM_SID user_sid;
+               struct dom_sid user_sid;
 
                if ( !(sam_account = samu_new( NULL )) ) {
                        return False;
@@ -892,13 +927,13 @@ done:
 /*********************************************************************
 *********************************************************************/
 
-static bool init_samu_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buflen)
+static bool init_samu_from_buffer_v0(struct samu *sampass, uint8_t *buf, uint32_t buflen)
 {
 
        /* times are stored as 32bit integer
           take care on system with 64bit wide time_t
           --SSS */
-       uint32  logon_time,
+       uint32_t        logon_time,
                logoff_time,
                kickoff_time,
                pass_last_set_time,
@@ -916,18 +951,18 @@ static bool init_samu_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 bu
        char *profile_path = NULL;
        char *acct_desc = NULL;
        char *workstations = NULL;
-       uint32  username_len, domain_len, nt_username_len,
+       uint32_t        username_len, domain_len, nt_username_len,
                dir_drive_len, unknown_str_len, munged_dial_len,
                fullname_len, homedir_len, logon_script_len,
                profile_path_len, acct_desc_len, workstations_len;
 
-       uint32  user_rid, group_rid, remove_me, hours_len, unknown_6;
-       uint16  acct_ctrl, logon_divs;
-       uint16  bad_password_count, logon_count;
-       uint8   *hours = NULL;
-       uint8   *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
-       uint32          len = 0;
-       uint32          lm_pw_len, nt_pw_len, hourslen;
+       uint32_t        user_rid, group_rid, remove_me, hours_len, unknown_6;
+       uint16_t        acct_ctrl, logon_divs;
+       uint16_t        bad_password_count, logon_count;
+       uint8_t *hours = NULL;
+       uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
+       uint32_t                len = 0;
+       uint32_t                lm_pw_len, nt_pw_len, hourslen;
        bool ret = True;
 
        if(sampass == NULL || buf == NULL) {
@@ -970,7 +1005,7 @@ static bool init_samu_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 bu
                &logon_count,                                           /* w */
                &unknown_6);                                            /* d */
 
-       if (len == (uint32) -1)  {
+       if (len == (uint32_t) -1)  {
                ret = False;
                goto done;
        }
@@ -1077,13 +1112,13 @@ done:
 /*********************************************************************
 *********************************************************************/
 
-static bool init_samu_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buflen)
+static bool init_samu_from_buffer_v1(struct samu *sampass, uint8_t *buf, uint32_t buflen)
 {
 
        /* times are stored as 32bit integer
           take care on system with 64bit wide time_t
           --SSS */
-       uint32  logon_time,
+       uint32_t        logon_time,
                logoff_time,
                kickoff_time,
                bad_password_time,
@@ -1102,18 +1137,18 @@ static bool init_samu_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 bu
        char *profile_path = NULL;
        char *acct_desc = NULL;
        char *workstations = NULL;
-       uint32  username_len, domain_len, nt_username_len,
+       uint32_t        username_len, domain_len, nt_username_len,
                dir_drive_len, unknown_str_len, munged_dial_len,
                fullname_len, homedir_len, logon_script_len,
                profile_path_len, acct_desc_len, workstations_len;
 
-       uint32  user_rid, group_rid, remove_me, hours_len, unknown_6;
-       uint16  acct_ctrl, logon_divs;
-       uint16  bad_password_count, logon_count;
-       uint8   *hours = NULL;
-       uint8   *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
-       uint32          len = 0;
-       uint32          lm_pw_len, nt_pw_len, hourslen;
+       uint32_t        user_rid, group_rid, remove_me, hours_len, unknown_6;
+       uint16_t        acct_ctrl, logon_divs;
+       uint16_t        bad_password_count, logon_count;
+       uint8_t *hours = NULL;
+       uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
+       uint32_t                len = 0;
+       uint32_t                lm_pw_len, nt_pw_len, hourslen;
        bool ret = True;
 
        if(sampass == NULL || buf == NULL) {
@@ -1158,7 +1193,7 @@ static bool init_samu_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 bu
                &logon_count,                                           /* w */
                &unknown_6);                                            /* d */
 
-       if (len == (uint32) -1)  {
+       if (len == (uint32_t) -1)  {
                ret = False;
                goto done;
        }
@@ -1266,13 +1301,13 @@ done:
        return ret;
 }
 
-static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
+static bool init_samu_from_buffer_v2(struct samu *sampass, uint8_t *buf, uint32_t buflen)
 {
 
        /* times are stored as 32bit integer
           take care on system with 64bit wide time_t
           --SSS */
-       uint32  logon_time,
+       uint32_t        logon_time,
                logoff_time,
                kickoff_time,
                bad_password_time,
@@ -1291,19 +1326,19 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
        char *profile_path = NULL;
        char *acct_desc = NULL;
        char *workstations = NULL;
-       uint32  username_len, domain_len, nt_username_len,
+       uint32_t        username_len, domain_len, nt_username_len,
                dir_drive_len, unknown_str_len, munged_dial_len,
                fullname_len, homedir_len, logon_script_len,
                profile_path_len, acct_desc_len, workstations_len;
 
-       uint32  user_rid, group_rid, hours_len, unknown_6;
-       uint16  acct_ctrl, logon_divs;
-       uint16  bad_password_count, logon_count;
-       uint8   *hours = NULL;
-       uint8   *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
-       uint32          len = 0;
-       uint32          lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
-       uint32 pwHistLen = 0;
+       uint32_t        user_rid, group_rid, hours_len, unknown_6;
+       uint16_t        acct_ctrl, logon_divs;
+       uint16_t        bad_password_count, logon_count;
+       uint8_t *hours = NULL;
+       uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
+       uint32_t                len = 0;
+       uint32_t                lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
+       uint32_t pwHistLen = 0;
        bool ret = True;
        fstring tmp_string;
        bool expand_explicit = lp_passdb_expand_explicit();
@@ -1351,7 +1386,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
                &logon_count,                                           /* w */
                &unknown_6);                                            /* d */
 
-       if (len == (uint32) -1)  {
+       if (len == (uint32_t) -1)  {
                ret = False;
                goto done;
        }
@@ -1440,7 +1475,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
        /* Change from V1 is addition of password history field. */
        pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
        if (pwHistLen) {
-               uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
+               uint8_t *pw_hist = SMB_MALLOC_ARRAY(uint8_t, pwHistLen * PW_HISTORY_ENTRY_LEN);
                if (!pw_hist) {
                        ret = False;
                        goto done;
@@ -1501,13 +1536,13 @@ done:
 /*********************************************************************
 *********************************************************************/
 
-static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
+static bool init_samu_from_buffer_v3(struct samu *sampass, uint8_t *buf, uint32_t buflen)
 {
 
        /* times are stored as 32bit integer
           take care on system with 64bit wide time_t
           --SSS */
-       uint32  logon_time,
+       uint32_t        logon_time,
                logoff_time,
                kickoff_time,
                bad_password_time,
@@ -1526,19 +1561,19 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
        char *profile_path = NULL;
        char *acct_desc = NULL;
        char *workstations = NULL;
-       uint32  username_len, domain_len, nt_username_len,
+       uint32_t        username_len, domain_len, nt_username_len,
                dir_drive_len, comment_len, munged_dial_len,
                fullname_len, homedir_len, logon_script_len,
                profile_path_len, acct_desc_len, workstations_len;
 
-       uint32  user_rid, group_rid, hours_len, unknown_6, acct_ctrl;
-       uint16  logon_divs;
-       uint16  bad_password_count, logon_count;
-       uint8   *hours = NULL;
-       uint8   *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
-       uint32          len = 0;
-       uint32          lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
-       uint32 pwHistLen = 0;
+       uint32_t        user_rid, group_rid, hours_len, unknown_6, acct_ctrl;
+       uint16_t  logon_divs;
+       uint16_t        bad_password_count, logon_count;
+       uint8_t *hours = NULL;
+       uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
+       uint32_t                len = 0;
+       uint32_t                lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
+       uint32_t pwHistLen = 0;
        bool ret = True;
        fstring tmp_string;
        bool expand_explicit = lp_passdb_expand_explicit();
@@ -1577,7 +1612,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
                &nt_pw_len, &nt_pw_ptr,                                 /* B */
                /* Change from V1 is addition of password history field. */
                &nt_pw_hist_len, &nt_pw_hist_ptr,                       /* B */
-               /* Change from V2 is the uint32 acb_mask */
+               /* Change from V2 is the uint32_t acb_mask */
                &acct_ctrl,                                             /* d */
                /* Also "remove_me" field was removed. */
                &logon_divs,                                            /* w */
@@ -1587,18 +1622,18 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
                &logon_count,                                           /* w */
                &unknown_6);                                            /* d */
 
-       if (len == (uint32) -1)  {
+       if (len == (uint32_t) -1)  {
                ret = False;
                goto done;
        }
 
-       pdb_set_logon_time(sampass, convert_uint32_to_time_t(logon_time), PDB_SET);
-       pdb_set_logoff_time(sampass, convert_uint32_to_time_t(logoff_time), PDB_SET);
-       pdb_set_kickoff_time(sampass, convert_uint32_to_time_t(kickoff_time), PDB_SET);
-       pdb_set_bad_password_time(sampass, convert_uint32_to_time_t(bad_password_time), PDB_SET);
-       pdb_set_pass_can_change_time(sampass, convert_uint32_to_time_t(pass_can_change_time), PDB_SET);
-       pdb_set_pass_must_change_time(sampass, convert_uint32_to_time_t(pass_must_change_time), PDB_SET);
-       pdb_set_pass_last_set_time(sampass, convert_uint32_to_time_t(pass_last_set_time), PDB_SET);
+       pdb_set_logon_time(sampass, convert_uint32_t_to_time_t(logon_time), PDB_SET);
+       pdb_set_logoff_time(sampass, convert_uint32_t_to_time_t(logoff_time), PDB_SET);
+       pdb_set_kickoff_time(sampass, convert_uint32_t_to_time_t(kickoff_time), PDB_SET);
+       pdb_set_bad_password_time(sampass, convert_uint32_t_to_time_t(bad_password_time), PDB_SET);
+       pdb_set_pass_can_change_time(sampass, convert_uint32_t_to_time_t(pass_can_change_time), PDB_SET);
+       pdb_set_pass_must_change_time(sampass, convert_uint32_t_to_time_t(pass_must_change_time), PDB_SET);
+       pdb_set_pass_last_set_time(sampass, convert_uint32_t_to_time_t(pass_last_set_time), PDB_SET);
 
        pdb_set_username(sampass, username, PDB_SET); 
        pdb_set_domain(sampass, domain, PDB_SET);
@@ -1675,7 +1710,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
 
        pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
        if (pwHistLen) {
-               uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
+               uint8_t *pw_hist = (uint8_t *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
                if (!pw_hist) {
                        ret = False;
                        goto done;
@@ -1706,7 +1741,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
        pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
        pdb_set_logon_count(sampass, logon_count, PDB_SET);
        pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
-       /* Change from V2 is the uint32 acct_ctrl */
+       /* Change from V2 is the uint32_t acct_ctrl */
        pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
        pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
        pdb_set_hours(sampass, hours, PDB_SET);
@@ -1736,14 +1771,14 @@ done:
 /*********************************************************************
 *********************************************************************/
 
-static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool size_only)
+static uint32_t init_buffer_from_samu_v3 (uint8_t **buf, struct samu *sampass, bool size_only)
 {
        size_t len, buflen;
 
        /* times are stored as 32bit integer
           take care on system with 64bit wide time_t
           --SSS */
-       uint32  logon_time,
+       uint32_t        logon_time,
                logoff_time,
                kickoff_time,
                bad_password_time,
@@ -1751,7 +1786,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
                pass_can_change_time,
                pass_must_change_time;
 
-       uint32  user_rid, group_rid;
+       uint32_t  user_rid, group_rid;
 
        const char *username;
        const char *domain;
@@ -1765,29 +1800,29 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
        const char *profile_path;
        const char *acct_desc;
        const char *workstations;
-       uint32  username_len, domain_len, nt_username_len,
+       uint32_t        username_len, domain_len, nt_username_len,
                dir_drive_len, comment_len, munged_dial_len,
                fullname_len, homedir_len, logon_script_len,
                profile_path_len, acct_desc_len, workstations_len;
 
-       const uint8 *lm_pw;
-       const uint8 *nt_pw;
-       const uint8 *nt_pw_hist;
-       uint32  lm_pw_len = 16;
-       uint32  nt_pw_len = 16;
-       uint32  nt_pw_hist_len;
-       uint32 pwHistLen = 0;
+       const uint8_t *lm_pw;
+       const uint8_t *nt_pw;
+       const uint8_t *nt_pw_hist;
+       uint32_t        lm_pw_len = 16;
+       uint32_t        nt_pw_len = 16;
+       uint32_t  nt_pw_hist_len;
+       uint32_t pwHistLen = 0;
 
        *buf = NULL;
        buflen = 0;
 
-       logon_time = convert_time_t_to_uint32(pdb_get_logon_time(sampass));
-       logoff_time = convert_time_t_to_uint32(pdb_get_logoff_time(sampass));
-       kickoff_time = convert_time_t_to_uint32(pdb_get_kickoff_time(sampass));
-       bad_password_time = convert_time_t_to_uint32(pdb_get_bad_password_time(sampass));
-       pass_can_change_time = convert_time_t_to_uint32(pdb_get_pass_can_change_time_noncalc(sampass));
-       pass_must_change_time = convert_time_t_to_uint32(pdb_get_pass_must_change_time(sampass));
-       pass_last_set_time = convert_time_t_to_uint32(pdb_get_pass_last_set_time(sampass));
+       logon_time = convert_time_t_to_uint32_t(pdb_get_logon_time(sampass));
+       logoff_time = convert_time_t_to_uint32_t(pdb_get_logoff_time(sampass));
+       kickoff_time = convert_time_t_to_uint32_t(pdb_get_kickoff_time(sampass));
+       bad_password_time = convert_time_t_to_uint32_t(pdb_get_bad_password_time(sampass));
+       pass_can_change_time = convert_time_t_to_uint32_t(pdb_get_pass_can_change_time_noncalc(sampass));
+       pass_must_change_time = convert_time_t_to_uint32_t(pdb_get_pass_must_change_time(sampass));
+       pass_last_set_time = convert_time_t_to_uint32_t(pdb_get_pass_last_set_time(sampass));
 
        user_rid = pdb_get_user_rid(sampass);
        group_rid = pdb_get_group_rid(sampass);
@@ -1955,7 +1990,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
        }
 
        /* malloc the space needed */
-       if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) {
+       if ( (*buf=(uint8_t*)SMB_MALLOC(len)) == NULL) {
                DEBUG(0,("init_buffer_from_samu_v3: Unable to malloc() memory for buffer!\n"));
                return (-1);
        }
@@ -2006,13 +2041,13 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
        return (buflen);
 }
 
-static bool init_samu_from_buffer_v4(struct samu *sampass, uint8 *buf, uint32 buflen)
+static bool init_samu_from_buffer_v4(struct samu *sampass, uint8_t *buf, uint32_t buflen)
 {
        /* nothing changed between V3 and V4 */
        return init_samu_from_buffer_v3(sampass, buf, buflen);
 }
 
-static uint32 init_buffer_from_samu_v4(uint8 **buf, struct samu *sampass, bool size_only)
+static uint32_t init_buffer_from_samu_v4(uint8_t **buf, struct samu *sampass, bool size_only)
 {
        /* nothing changed between V3 and V4 */
        return init_buffer_from_samu_v3(buf, sampass, size_only);
@@ -2023,7 +2058,7 @@ static uint32 init_buffer_from_samu_v4(uint8 **buf, struct samu *sampass, bool s
  *********************************************************************/
 
 bool init_samu_from_buffer(struct samu *sampass, uint32_t level,
-                          uint8 *buf, uint32 buflen)
+                          uint8_t *buf, uint32_t buflen)
 {
        switch (level) {
        case SAMU_BUFFER_V0:
@@ -2045,7 +2080,7 @@ bool init_samu_from_buffer(struct samu *sampass, uint32_t level,
  Intialize a BYTE buffer from a struct samu struct
  *********************************************************************/
 
-uint32 init_buffer_from_samu (uint8 **buf, struct samu *sampass, bool size_only)
+uint32_t init_buffer_from_samu (uint8_t **buf, struct samu *sampass, bool size_only)
 {
        return init_buffer_from_samu_v4(buf, sampass, size_only);
 }
@@ -2055,7 +2090,7 @@ uint32 init_buffer_from_samu (uint8 **buf, struct samu *sampass, bool size_only)
 
 bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
 {
-       uint8 *buf = NULL;
+       uint8_t *buf = NULL;
        int len;
 
        len = init_buffer_from_samu(&buf, src, False);
@@ -2079,6 +2114,10 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
                }
        }
 
+       if (src->group_sid) {
+               pdb_set_group_sid(dst, src->group_sid, PDB_SET);
+       }
+
        free(buf);
        return True;
 }
@@ -2090,8 +2129,8 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
 bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 {
        time_t LastBadPassword;
-       uint16 BadPasswordCount;
-       uint32 resettime; 
+       uint16_t BadPasswordCount;
+       uint32_t resettime;
        bool res;
 
        BadPasswordCount = pdb_get_bad_password_count(sampass);
@@ -2110,15 +2149,15 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
        }
 
        /* First, check if there is a reset time to compare */
-       if ((resettime == (uint32) -1) || (resettime == 0)) {
+       if ((resettime == (uint32_t) -1) || (resettime == 0)) {
                DEBUG(9, ("No reset time, can't reset bad pw count\n"));
                return True;
        }
 
        LastBadPassword = pdb_get_bad_password_time(sampass);
        DEBUG(7, ("LastBadPassword=%d, resettime=%d, current time=%d.\n", 
-                  (uint32) LastBadPassword, resettime, (uint32)time(NULL)));
-       if (time(NULL) > (LastBadPassword + convert_uint32_to_time_t(resettime)*60)){
+                  (uint32_t) LastBadPassword, resettime, (uint32_t)time(NULL)));
+       if (time(NULL) > (LastBadPassword + convert_uint32_t_to_time_t(resettime)*60)){
                pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
                pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
                if (updated) {
@@ -2135,7 +2174,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 
 bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
 {
-       uint32 duration;
+       uint32_t duration;
        time_t LastBadPassword;
        bool res;
 
@@ -2155,14 +2194,14 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
        }
 
        /* First, check if there is a duration to compare */
-       if ((duration == (uint32) -1)  || (duration == 0)) {
+       if ((duration == (uint32_t) -1)  || (duration == 0)) {
                DEBUG(9, ("pdb_update_autolock_flag: No reset duration, can't reset autolock\n"));
                return True;
        }
 
        LastBadPassword = pdb_get_bad_password_time(sampass);
        DEBUG(7, ("pdb_update_autolock_flag: Account %s, LastBadPassword=%d, duration=%d, current time =%d.\n",
-                 pdb_get_username(sampass), (uint32)LastBadPassword, duration*60, (uint32)time(NULL)));
+                 pdb_get_username(sampass), (uint32_t)LastBadPassword, duration*60, (uint32_t)time(NULL)));
 
        if (LastBadPassword == (time_t)0) {
                DEBUG(1,("pdb_update_autolock_flag: Account %s "
@@ -2172,7 +2211,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
                return True;
        }
 
-       if ((time(NULL) > (LastBadPassword + convert_uint32_to_time_t(duration) * 60))) {
+       if ((time(NULL) > (LastBadPassword + convert_uint32_t_to_time_t(duration) * 60))) {
                pdb_set_acct_ctrl(sampass,
                                  pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK,
                                  PDB_CHANGED);
@@ -2192,7 +2231,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
 
 bool pdb_increment_bad_password_count(struct samu *sampass)
 {
-       uint32 account_policy_lockout;
+       uint32_t account_policy_lockout;
        bool autolock_updated = False, badpw_updated = False;
        bool ret;
 
@@ -2328,7 +2367,7 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
  appropriate account name is stored in account_name.
 *******************************************************************/
 
-bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
+bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
                       const char **account_name,
                       enum netr_SchannelType *channel)
 {
@@ -2360,26 +2399,3 @@ bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
                "password for domain %s\n", domain));
        return False;
 }
-
-struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx,
-                                               struct samu *pw)
-{
-       struct samr_LogonHours hours;
-       const int units_per_week = 168;
-
-       ZERO_STRUCT(hours);
-       hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
-       if (!hours.bits) {
-               return hours;
-       }
-
-       hours.units_per_week = units_per_week;
-       memset(hours.bits, 0xFF, units_per_week);
-
-       if (pdb_get_hours(pw)) {
-               memcpy(hours.bits, pdb_get_hours(pw),
-                      MIN(pdb_get_hours_len(pw), units_per_week));
-       }
-
-       return hours;
-}