BOOL (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
- uid_t (*pdb_user_rid_to_uid)(struct pdb_context *, uint32 user_rid);
-
- uint32 (*pdb_uid_to_user_rid)(struct pdb_context *, uid_t uid);
-
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass);
BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username);
-
- uid_t (*user_rid_to_uid)(struct pdb_context *, uint32 user_rid);
-
- uint32 (*uid_to_user_rid)(struct pdb_context *, uid_t uid);
void *private_data; /* Private data of some kind */
/* RIDs - Well-known users ... */
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
/* RIDs - well-known groups ... */
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
+#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
+
+#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
+#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
+#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
+#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
+
+/* is the following the right number? I bet it is --simo
+#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
+*/
/* RIDs - well-known aliases ... */
#define BUILTIN_ALIAS_RID_ADMINS (0x00000220L)
#define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L)
+#define BUILTIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
/*
* Masks for mappings between unix uid and gid types and
* NT RIDS.
*/
+
+#define BASE_RID (0x000003E8L)
+
/* Take the bottom bit. */
#define RID_TYPE_MASK 1
#define RID_MULTIPLIER 2
pdb_set_uid(*new_sam_acct, pwd->pw_uid);
pdb_set_gid(*new_sam_acct, pwd->pw_gid);
+ /* let the backends set the rid!!
pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+ -- simo */
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
return (True);
}
+#if 0 /* seem it is not used by anyone */
/*******************************************************************
Group and User RID username mapping function
********************************************************************/
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
- *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
+ *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
/* map it ! */
return True;
}
+#endif /* seem it is not used by anyone */
/*******************************************************************
Converts NT user RID to a UNIX uid.
********************************************************************/
-uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
+static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
{
return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
}
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
+static uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
{
return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
}
return True;
}
- uid = pdb_user_rid_to_uid(rid);
+ uid = fallback_pdb_user_rid_to_uid(rid);
pass = getpwuid_alloc(uid);
*psid_name_use = SID_NAME_USER;
pdb_free_sam(&sam_account);
if (!found && (pass = Get_Pwnam(user))) {
- sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
+ sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid));
*psid_name_use = SID_NAME_USER;
pdb_free_sam(&sam_account);
DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
extern DOM_SID global_sam_sid;
+ struct passwd *pass;
+ SAM_ACCOUNT *sam_user;
sid_copy(psid, &global_sam_sid);
- sid_append_rid(psid, pdb_uid_to_user_rid(uid));
+
+ if(!(pass = getpwuid_alloc(uid)))
+ return NULL;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return NULL;
+
+ if (!pdb_getsampwnam(sam_user, pass->pw_name)) {
+ pdb_free_sam(&sam_user);
+ return NULL;
+ }
+
+ passwd_free(&pass);
+
+ sid_append_rid(psid, pdb_get_user_rid(sam_user));
+
+ pdb_free_sam(&sam_user);
return psid;
}
uint32 rid;
fstring str;
struct passwd *pass;
+ SAM_ACCOUNT *sam_user;
*name_type = SID_NAME_UNKNOWN;
if (!sid_equal(&global_sam_sid, &dom_sid))
return False;
- *puid = pdb_user_rid_to_uid(rid);
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return False;
+
+ if (!pdb_getsampwrid(sam_user, rid)) {
+ pdb_free_sam(&sam_user);
+ return False;
+ }
+
+ *puid = pdb_get_uid(sam_user);
+ if (*puid == -1)
+ return False;
+
+ pdb_free_sam(&sam_user);
/*
* Ensure this uid really does exist.
return context->pdb_selected->delete_sam_account(context, sam_acct);
}
-static uint32 context_uid_to_user_rid(struct pdb_context *context, uid_t uid)
-{
- if ((!context) || (!context->pdb_selected)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return False;
- }
-
- return context->pdb_selected->uid_to_user_rid(context, uid);
-}
-
-static uid_t context_user_rid_to_uid(struct pdb_context *context, uint32 rid)
-{
- if ((!context) || (!context->pdb_selected)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return False;
- }
-
- return context->pdb_selected->user_rid_to_uid(context, rid);
-}
-
-static void free_pdb_context(struct pdb_context **context)
+static void free_pdb_context(struct pdb_context **context)
{
if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) {
(*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data);
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
- (*context)->pdb_uid_to_user_rid = context_uid_to_user_rid;
- (*context)->pdb_user_rid_to_uid = context_user_rid_to_uid;
(*context)->free_fn = free_pdb_context;
return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct);
}
-uid_t pdb_user_rid_to_uid(uint32 rid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return pdb_context->pdb_user_rid_to_uid(pdb_context, rid);
-}
-
-uint32 pdb_uid_to_user_rid(uid_t uid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return pdb_context->pdb_uid_to_user_rid(pdb_context, uid);
-}
-
#endif /* !defined(WITH_NISPLUS_SAM) */
/***************************************************************
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state);
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/*******************************************************************
find the ldap password
******************************************************************/
#endif
-
#define NPF_WORKSTATIONS 20
#define NPF_HOURS 21
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
return True;
}
-/**********************************************************************
- get rid by uid
-*********************************************************************/
-
-static uint32 smbpasswd_uid_to_rid(struct pdb_context *context, uid_t uid)
-{
- return fallback_pdb_uid_to_user_rid(uid);
-}
-
-/**********************************************************************
- get uid by rid
-*********************************************************************/
-
-static uid_t smbpasswd_rid_to_uid(struct pdb_context *context, uint32 rid)
-{
- return fallback_pdb_user_rid_to_uid(rid);
-}
-
-
static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
- (*pdb_method)->uid_to_user_rid = smbpasswd_uid_to_rid;
- (*pdb_method)->user_rid_to_uid = smbpasswd_rid_to_uid;
/* Setup private data and free function */
#define USERPREFIX "USER_"
#define RIDPREFIX "RID_"
-#define BASE_RID 0x200
-
struct tdbsam_privates {
TDB_CONTEXT *passwd_tdb;
TDB_DATA key;
BOOL permit_non_unix_accounts;
- uint32 low_nua_rid;
- uint32 high_nua_rid;
+/* uint32 low_nua_rid;
+ uint32 high_nua_rid; */
};
/**********************************************************************
fullname_len, homedir_len, logon_script_len,
profile_path_len, acct_desc_len, workstations_len;
- uint32 /* uid, gid,*/ user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
+ uint32 user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
uint16 acct_ctrl, logon_divs;
uint8 *hours;
static uint8 *lm_pw_ptr, *nt_pw_ptr;
uint32 lmpwlen, ntpwlen, hourslen;
BOOL ret = True;
BOOL setflag;
- gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
pstring sub_buffer;
+ struct passwd *pw;
+ uid_t uid;
+ gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
if(sampass == NULL || buf == NULL) {
DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
goto done;
}
- if ((tdb_state->permit_non_unix_accounts)
- && (user_rid >= tdb_state->low_nua_rid)
- && (user_rid <= tdb_state->high_nua_rid)) {
-
- } else {
- struct passwd *pw;
- uid_t uid;
- /* validate the account and fill in UNIX uid and gid. Standard
- * getpwnam() is used instead of Get_Pwnam() as we do not need
- * to try case permutations
- */
- if (!username || !(pw = getpwnam_alloc(username))) {
- DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username?username:"NULL"));
+ /* validate the account and fill in UNIX uid and gid. Standard
+ * getpwnam() is used instead of Get_Pwnam() as we do not need
+ * to try case permutations
+ */
+ if (!username || !(pw = getpwnam_alloc(username))) {
+ if (!(tdb_state->permit_non_unix_accounts)) {
+ DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username));
ret = False;
goto done;
}
+ }
+
+ if (pw) {
uid = pw->pw_uid;
gid = pw->pw_gid;
return tdbsam_getsampwnam (context, user, name);
}
-/***************************************************************************
- Search by rid and give back the uid!
- **************************************************************************/
-
-uid_t tdbsam_rid_to_uid (struct pdb_context *context, uint32 rid)
-{
- uid_t ret;
- SAM_ACCOUNT *sa;
-
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return -1;
- if (!tdbsam_getsampwrid (context, sa, rid)) {
- ret = -1;
- goto done;
- }
- else {
- ret = pdb_get_uid(sa);
- }
-done:
- pdb_free_sam(&sa);
- return ret;
-}
-
-/***************************************************************************
- Search by uid and give back the rid!
- **************************************************************************/
-
-uint32 tdbsam_uid_to_rid (struct pdb_context *context, uid_t uid)
-{
- uint32 ret;
- char *name;
- struct passwd *pw;
- SAM_ACCOUNT *sa;
-
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return 0;
- pw = getpwuid(uid);
- if (!pw) return 0;
- name = strdup(pw->pw_name);
- if (!tdbsam_getsampwnam (context, sa, name)) {
- ret = 0;
- goto done;
- }
- else {
- ret = pdb_get_user_rid(sa);
- }
-done:
- SAFE_FREE(name);
- pdb_free_sam(&sa);
- return ret;
-}
-
/***************************************************************************
Delete a SAM_ACCOUNT
****************************************************************************/
}
/* if flag == TDB_INSERT then make up a new RID else throw an error. */
- if (!pdb_get_user_rid(newpwd)) {
+ if (!(user_rid = pdb_get_user_rid(newpwd))) {
if (flag & TDB_INSERT) {
user_rid = BASE_RID;
tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
- (*pdb_method)->uid_to_user_rid = tdbsam_uid_to_rid;
- (*pdb_method)->user_rid_to_uid = tdbsam_rid_to_uid;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
return NT_STATUS_UNSUCCESSFUL;
}
- tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+/* tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
-
+*/
return NT_STATUS_OK;
}
fstring alias_sid_str;
DOM_SID temp_sid;
+ SAM_ACCOUNT *sam_user;
+ BOOL check;
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid))
return NT_STATUS_NO_MEMORY;
for (i = 0; i < num_uids; i++) {
+ struct passwd *pass;
+ uint32 rid;
+
sid_copy(&temp_sid, &global_sam_sid);
- sid_append_rid(&temp_sid, pdb_uid_to_user_rid(uid[i]));
+
+ pass = getpwuid_alloc(uid[i]);
+ if (!pass) continue;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+ passwd_free(&pass);
+ continue;
+ }
+
+ become_root();
+ check = pdb_getsampwnam(sam_user, pass->pw_name);
+ unbecome_root();
+
+ if (check != True) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ rid = pdb_get_user_rid(sam_user);
+ if (rid == 0) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+
+ sid_append_rid(&temp_sid, rid);
init_dom_sid2(&sid[i], &temp_sid);
}
uint32 *rid=NULL;
uint32 *attr=NULL;
+ SAM_ACCOUNT *sam_user;
+ BOOL check;
+
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid))
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_uids; i++) {
- rid[i]=pdb_uid_to_user_rid(uid[i]);
+ struct passwd *pass;
+ uint32 urid;
+
+ pass = getpwuid_alloc(uid[i]);
+ if (!pass) continue;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+ passwd_free(&pass);
+ continue;
+ }
+
+ become_root();
+ check = pdb_getsampwnam(sam_user, pass->pw_name);
+ unbecome_root();
+
+ if (check != True) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ urid = pdb_get_user_rid(sam_user);
+ if (urid == 0) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+
+ rid[i] = urid;
attr[i] = SID_NAME_USER;
}
if (NT_STATUS_IS_ERR(ret))
return ret;
- become_root();
check = pdb_getsampwrid(sam_user, rid);
- unbecome_root();
- if (check != True)
+ if (check != True) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
uid = pdb_get_uid(sam_user);
- if (uid == -1)
+ if (uid == -1) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
pdb_free_sam(&sam_user);
if (NT_STATUS_IS_ERR(ret))
return ret;
- become_root();
check = pdb_getsampwrid(sam_user, q_u->rid);
- unbecome_root();
- if (check != True)
+ if (check != True) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
uid = pdb_get_uid(sam_user);
- if (uid == -1)
+ if (uid == -1) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
pdb_free_sam(&sam_user);
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+ pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+
if (pdb_add_sam_account (sam_pwent)) {
print_user_info (name, True, False);
} else {