sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

weekend work. user / group database API.

Browse Source 
- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7)
This commit is contained in:
Luke Leighton 1998-11-29 20:03:33 +00:00
parent 534e6a2e1b
commit 30038de462
40 changed files with 1484 additions and 1931 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
source3/groupdb/aliasdb.c
View File

@ -26,6 +26,7 @@
extern int DEBUGLEVEL;
extern fstring global_sam_name;
extern DOM_SID global_sam_sid;
/*
* NOTE. All these functions are abstracted into a structure
@ -67,7 +68,28 @@ BOOL initialise_alias_db(void)
*************************************************************************/
LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
{
return iterate_getaliasrid(pwdb_gid_to_alias_rid(gid), mem, num_mem);
DOM_NAME_MAP gmep;
uint32 rid;
if (!lookupsmbgrpgid(gid, &gmep))
{
DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid));
return NULL;
}
if (gmep.type != SID_NAME_ALIAS )
{
DEBUG(0,("iterate_getaliasgid: gid %d does not map to one of our Domain's Aliases\n", gid));
return NULL;
}
sid_split_rid(&gmep.sid, &rid);
if (!sid_equal(&gmep.sid, &global_sam_sid))
{
DEBUG(0,("iterate_getaliasgid: gid %d does not map into our Domain SID\n", gid));
return NULL;
}
return iterate_getaliasrid(rid, mem, num_mem);
}
/************************************************************************
@ -108,7 +130,7 @@ LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
Utility function to search alias database by name. use this if your database
does not have search facilities.
*************************************************************************/
LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
{
LOCAL_GRP *als = NULL;
void *fp = NULL;
@ -167,11 +189,11 @@ BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als)
/*************************************************************************
checks to see if a user is a member of a domain alias
*************************************************************************/
static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
static BOOL user_is_member(const char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
{
int i;
pstring name;
slprintf(name, sizeof(name)-1, "\\%s\\%s", global_sam_name, user_name);
slprintf(name, sizeof(name)-1, "%s\\%s", global_sam_name, user_name);
for (i = 0; i < num_mem; i++)
{
@ -190,7 +212,7 @@ static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
gets an array of aliases that a user is in. use this if your database
does not have search facilities
*************************************************************************/
BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss)
BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss)
{
LOCAL_GRP *als = NULL;
LOCAL_GRP_MEMBER *mem = NULL;
@ -347,9 +369,9 @@ BOOL mod_alias_entry(LOCAL_GRP* als)
Routine to search alias database by name.
*************************************************************************/
LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
{
return aldb_ops->getaliasnam(name, mem, num_mem);
return aldb_ops->getaliasntnam(name, mem, num_mem);
}
/************************************************************************
@ -373,9 +395,9 @@ LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
/*************************************************************************
gets an array of aliases that a user is in.
*************************************************************************/
BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss)
BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss)
{
return aldb_ops->getuseraliasnam(user_name, als, num_alss);
return aldb_ops->getuseraliasntnam(user_name, als, num_alss);
}
/*************************************************************

27
source3/groupdb/aliasfile.c
View File

@ -131,6 +131,7 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
pstring linebuf;
char *p;
uint8 type;
aldb_init_als(&al_buf);
@ -139,6 +140,8 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
*/
while (getfileline(vp, linebuf, sizeof(linebuf)) > 0)
{
DOM_NAME_MAP gmep;
/* get alias name */
p = strncpyn(al_buf.name, linebuf, sizeof(al_buf.name), ':');
@ -190,9 +193,25 @@ static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
}
}
/* ok, set up the static data structure and return it */
/*
* look up the gid, turn it into a rid. the _correct_ type of rid */
*/
al_buf.rid = pwdb_gid_to_alias_rid((gid_t)gidval);
if (!lookupsmbgrpgid((gid_t)gidval, &gmep))
{
continue;
}
if (gmep.type != SID_NAME_DOM_GRP &&
gmep.type != SID_NAME_WKN_GRP))
{
continue;
}
sid_split_rid(&gmep.sid, &gp_buf.rid);
if (!sid_equal(&gmep.sid, &global_sam_sid))
{
continue;
}
make_alias_line(linebuf, sizeof(linebuf), &al_buf, mem, num_mem);
DEBUG(10,("line: '%s'\n", linebuf));
@ -237,7 +256,7 @@ static struct aliasdb_ops file_ops =
getalsfilepwpos,
setalsfilepwpos,
iterate_getaliasnam, /* In aliasdb.c */
iterate_getaliasntnam, /* In aliasdb.c */
iterate_getaliasgid, /* In aliasdb.c */
iterate_getaliasrid, /* In aliasdb.c */
getalsfilepwent,
@ -245,7 +264,7 @@ static struct aliasdb_ops file_ops =
add_alsfileals_entry,
mod_alsfileals_entry,
iterate_getuseraliasnam /* in aliasdb.c */
iterate_getuseraliasntnam /* in aliasdb.c */
};
struct aliasdb_ops *file_initialise_alias_db(void)

142
source3/groupdb/aliasunix.c
View File

@ -65,63 +65,14 @@ static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok)
return False;
}
/*************************************************************************
maps a unix group to a domain sid and an nt alias name.
*************************************************************************/
static void map_unix_grp_to_nt_als(char *unix_name,
struct group *unix_grp, char *nt_name, DOM_SID *sid)
{
BOOL found = False;
uint32 rid;
fstring ntname;
fstring ntdomain;
if (isdigit(unix_name[0]))
{
unix_grp->gr_gid = get_number(unix_name);
unix_grp->gr_name = unix_name;
found = map_alias_gid(unix_grp->gr_gid, sid, ntname, ntdomain);
}
else
{
unix_grp->gr_name = unix_name;
found = map_unix_alias_name(unix_grp->gr_name, sid, ntname, ntdomain);
}
if (found)
{
/*
* find the NT name represented by this UNIX gid.
* then, only accept NT aliass that are in our domain
*/
sid_split_rid(sid, &rid);
}
else
{
/*
* assume that the UNIX group is an NT alias with
* the same name. convert gid to a alias rid.
*/
fstrcpy(ntdomain, global_sam_name);
fstrcpy(ntname, unix_grp->gr_name);
sid_copy(sid, &global_sam_sid);
}
slprintf(nt_name, sizeof(fstring)-1, "\\%s\\%s",
ntdomain, ntname);
}
/*************************************************************************
Routine to return the next entry in the smbdomainalias list.
*************************************************************************/
BOOL get_unixalias_members(struct group *als,
BOOL get_unixalias_members(struct group *grp,
int *num_mem, LOCAL_GRP_MEMBER **members)
{
int i;
char *unix_name;
fstring nt_name;
if (num_mem == NULL || members == NULL)
{
@ -131,28 +82,43 @@ BOOL get_unixalias_members(struct group *als,
(*num_mem) = 0;
(*members) = NULL;
for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++)
for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
{
DOM_SID sid;
struct group unix_grp;
fstring name;
DOM_NAME_MAP gmep;
LOCAL_GRP_MEMBER *mem;
map_unix_grp_to_nt_als(unix_name, &unix_grp, nt_name, &sid);
fstrcpy(name, unix_name);
if (!sid_equal(&sid, &global_sam_sid))
if (!lookupsmbgrpnam(name, &gmep) &&
!lookupsmbpwnam (name, &gmep))
{
DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
unix_name, global_sam_name));
continue;
}
(*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
if (!sid_front_equal(&global_sam_sid, &gmep.sid))
{
DEBUG(0,("alias database: could not resolve name %s (wrong Domain SID)\n",
name));
continue;
}
(*num_mem)++;
(*members) = Realloc((*members), (*num_mem) * sizeof(LOCAL_GRP_MEMBER));
if ((*members) == NULL)
{
DEBUG(0,("get_unixalias_members: could not realloc LOCAL_GRP_MEMBERs\n"));
return False;
}
fstrcpy((*members)[(*num_mem)].name, nt_name);
(*num_mem)++;
mem = &(*members)[(*num_mem)-1];
slprintf(mem->name, sizeof(mem->name)-1, "%s\\%s",
gmep.nt_domain, gmep.nt_name);
sid_copy(&mem->sid, &gmep.sid);
mem->sid_use = gmep.type;
DEBUG(10,("get_unixalias_members: adding alias %s\n",
mem->name));
}
return True;
}
@ -161,7 +127,7 @@ BOOL get_unixalias_members(struct group *als,
Routine to return the next entry in the domain alias list.
when we are a PDC or BDC, then unix groups that are explicitly NOT mapped
to aliases (map_alias_gid) are treated as DOMAIN groups (see groupunix.c).
to aliases are treated as DOMAIN groups (see groupunix.c).
when we are a member of a domain (not a PDC or BDC) then unix groups
that are explicitly NOT mapped to aliases (map_alias_gid) are treated
@ -190,36 +156,36 @@ static LOCAL_GRP *getalsunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
aldb_init_als(&gp_buf);
fstrcpy(gp_buf.comment, "");
/* cycle through unix groups */
while ((unix_grp = getgrent()) != NULL)
{
DOM_SID sid;
if (map_alias_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL))
{
/*
* find the NT name represented by this UNIX gid.
* then, only accept NT aliases that are in our domain
*/
sid_split_rid(&sid, &gp_buf.rid);
if (sid_equal(&sid, &global_sam_sid))
{
break; /* hooray. */
}
}
else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
{
/*
* if we are a member of a domain,
* assume that the UNIX alias is an NT alias with
* the same name. convert gid to a alias rid.
*/
DOM_NAME_MAP gmep;
fstring sid_str;
DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
unix_grp->gr_name));
fstrcpy(gp_buf.name, unix_grp->gr_name);
gp_buf.rid = pwdb_gid_to_alias_rid(unix_grp->gr_gid);
if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep))
{
continue;
}
sid_to_string(sid_str, &gmep.sid);
DEBUG(10,("group %s found, sid %s type %d\n",
gmep.nt_name, sid_str, gmep.type));
if (gmep.type != SID_NAME_ALIAS)
{
continue;
}
sid_split_rid(&gmep.sid, &gp_buf.rid);
if (!sid_equal(&global_sam_sid, &gmep.sid))
{
continue;
}
fstrcpy(gp_buf.name, gmep.nt_name);
break;
}
if (unix_grp == NULL)
@ -279,7 +245,7 @@ static struct aliasdb_ops unix_ops =
getalsunixpwpos,
setalsunixpwpos,
iterate_getaliasnam, /* In aliasdb.c */
iterate_getaliasntnam, /* In aliasdb.c */
iterate_getaliasgid, /* In aliasdb.c */
iterate_getaliasrid, /* In aliasdb.c */
getalsunixpwent,
@ -287,7 +253,7 @@ static struct aliasdb_ops unix_ops =
add_alsunixgrp_entry,
mod_alsunixgrp_entry,
iterate_getuseraliasnam /* in aliasdb.c */
iterate_getuseraliasntnam /* in aliasdb.c */
};
struct aliasdb_ops *unix_initialise_alias_db(void)

38
source3/groupdb/groupdb.c
View File

@ -24,6 +24,7 @@
#include "nterr.h"
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
/*
* NOTE. All these functions are abstracted into a structure
@ -65,7 +66,28 @@ BOOL initialise_group_db(void)
*************************************************************************/
DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
{
return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem);
DOM_NAME_MAP gmep;
uint32 rid;
if (!lookupsmbgrpgid(gid, &gmep))
{
DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
return NULL;
}
if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP)
{
DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
return NULL;
}
sid_split_rid(&gmep.sid, &rid);
if (!sid_equal(&gmep.sid, &global_sam_sid))
{
DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid));
return NULL;
}
return iterate_getgrouprid(rid, mem, num_mem);
}
/************************************************************************
@ -105,7 +127,7 @@ DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_me
Utility function to search group database by name. use this if your database
does not have search facilities.
*************************************************************************/
DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
{
DOMAIN_GRP *grp = NULL;
void *fp = NULL;
@ -165,7 +187,7 @@ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp)
/*************************************************************************
checks to see if a user is a member of a domain group
*************************************************************************/
static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
{
int i;
for (i = 0; i < num_mem; i++)
@ -185,7 +207,7 @@ static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
gets an array of groups that a user is in. use this if your database
does not have search facilities
*************************************************************************/
BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps)
BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps)
{
DOMAIN_GRP *grp = NULL;
DOMAIN_GRP_MEMBER *mem = NULL;
@ -342,9 +364,9 @@ BOOL mod_group_entry(DOMAIN_GRP* grp)
Routine to search group database by name.
*************************************************************************/
DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
{
return gpdb_ops->getgroupnam(name, mem, num_mem);
return gpdb_ops->getgroupntnam(name, mem, num_mem);
}
/************************************************************************
@ -368,9 +390,9 @@ DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
/*************************************************************************
gets an array of groups that a user is in.
*************************************************************************/
BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps)
BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps)
{
return gpdb_ops->getusergroupsnam(user_name, grp, num_grps);
return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps);
}
/*************************************************************

24
source3/groupdb/groupfile.c
View File

@ -105,7 +105,7 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member
if (!found)
{
DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
DEBUG(0,("group database: could not resolve name %s in domain %s\n",
name, global_sam_name));
continue;
}
@ -130,6 +130,7 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
{
/* Static buffers we will return. */
static DOMAIN_GRP gp_buf;
DOM_NAME_MAP gmep;
int gidval;
@ -196,7 +197,22 @@ static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
/* ok, set up the static data structure and return it */
gp_buf.rid = pwdb_gid_to_group_rid((gid_t)gidval);
if (!lookupsmbgrpgid((gid_t)gidval, &gmep))
{
continue;
}
if (gmep.type != SID_NAME_DOM_GRP &&
gmep.type != SID_NAME_WKN_GRP))
{
continue;
}
sid_split_rid(&gmep.sid, &gp_buf.rid);
if (!sid_equal(&gmep.sid, &global_sam_sid))
{
continue;
}
gp_buf.attr = 0x07;
make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem);
@ -242,7 +258,7 @@ static struct groupdb_ops file_ops =
getgrpfilepwpos,
setgrpfilepwpos,
iterate_getgroupnam, /* In groupdb.c */
iterate_getgroupntnam, /* In groupdb.c */
iterate_getgroupgid, /* In groupdb.c */
iterate_getgrouprid, /* In groupdb.c */
getgrpfilepwent,
@ -250,7 +266,7 @@ static struct groupdb_ops file_ops =
add_grpfilegrp_entry,
mod_grpfilegrp_entry,
iterate_getusergroupsnam /* in groupdb.c */
iterate_getusergroupntnam /* in groupdb.c */
};
struct groupdb_ops *file_initialise_group_db(void)

136
source3/groupdb/groupunix.c
View File

@ -25,7 +25,6 @@ extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
extern fstring global_sam_name;
/***************************************************************
Start to enumerate the grppasswd list. Returns a void pointer
@ -65,48 +64,6 @@ static BOOL setgrpunixpwpos(void *vp, SMB_BIG_UINT tok)
return False;
}
/*************************************************************************
maps a unix group to a domain sid and an nt group name.
*************************************************************************/
static void map_unix_grp_to_nt_grp(char *unix_name,
struct group *unix_grp, char *nt_name, DOM_SID *sid)
{
BOOL found = False;
uint32 rid;
if (isdigit(unix_name[0]))
{
unix_grp->gr_gid = get_number(unix_name);
unix_grp->gr_name = unix_name;
found = map_group_gid(unix_grp->gr_gid, sid, nt_name, NULL);
}
else
{
unix_grp->gr_name = unix_name;
found = map_unix_group_name(unix_grp->gr_name, sid, nt_name, NULL);
}
if (found)
{
/*
* find the NT name represented by this UNIX gid.
* then, only accept NT groups that are in our domain
*/
sid_split_rid(sid, &rid);
}
else
{
/*
* assume that the UNIX group is an NT group with
* the same name. convert gid to a group rid.
*/
fstrcpy(nt_name, unix_grp->gr_name);
sid_copy(sid, &global_sam_sid);
}
}
/*************************************************************************
Routine to return the next entry in the smbdomaingroup list.
*************************************************************************/
@ -115,7 +72,6 @@ BOOL get_unixgroup_members(struct group *grp,
{
int i;
char *unix_name;
fstring nt_name;
if (num_mem == NULL || members == NULL)
{
@ -127,15 +83,27 @@ BOOL get_unixgroup_members(struct group *grp,
for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
{
DOM_SID sid;
struct group unix_grp;
DOM_NAME_MAP gmep;
map_unix_grp_to_nt_grp(unix_name, &unix_grp, nt_name, &sid);
if (!sid_equal(&sid, &global_sam_sid))
if (!lookupsmbgrpnam(unix_name, &gmep) &&
!lookupsmbpwnam (unix_name, &gmep))
{
DEBUG(0,("group database: could not resolve name %s in domain %s\n",
unix_name, global_sam_name));
continue;
}
if (gmep.type != SID_NAME_DOM_GRP &&
gmep.type != SID_NAME_USER &&
gmep.type != SID_NAME_WKN_GRP)
{
DEBUG(0,("group database: name %s is not in a Domain Group\n",
unix_name));
continue;
}
if (!sid_front_equal(&global_sam_sid, &gmep.sid))
{
DEBUG(0,("group database: could not resolve name %s (wrong Domain SID)\n",
unix_name));
continue;
}
@ -145,7 +113,7 @@ BOOL get_unixgroup_members(struct group *grp,
return False;
}
fstrcpy((*members)[(*num_mem)].name, nt_name);
fstrcpy((*members)[(*num_mem)].name, gmep.nt_name);
(*members)[(*num_mem)].attr = 0x07;
(*num_mem)++;
}
@ -189,53 +157,29 @@ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m
/* cycle through unix groups */
while ((unix_grp = getgrent()) != NULL)
{
DOM_SID sid;
BOOL is_alias;
DOM_NAME_MAP gmep;
DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
unix_grp->gr_name));
is_alias = map_alias_gid(unix_grp->gr_gid, &sid, NULL, NULL);
if (is_alias)
{
sid_split_rid(&sid, NULL);
is_alias = sid_equal(&sid, &global_sam_sid);
}
if (map_group_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL))
{
fstring sid_str;
/*
* find the NT name represented by this UNIX gid.
* then, only accept NT groups that are in our domain
*/
sid_to_string(sid_str, &sid);
DEBUG(10,("getgrpunixpwent: entry %s mapped to name %s, SID %s\n",
unix_grp->gr_name, gp_buf.name, sid_str));
sid_split_rid(&sid, &gp_buf.rid);
if (sid_equal(&sid, &global_sam_sid))
{
if (!is_alias)
{
break; /* hooray. */
}
DEBUG(0,("configuration mistake: unix group %s is mapped to both an NT alias and an NT group\n",
gp_buf.name));
}
}
else if (!is_alias)
{
/*
* assume that the UNIX group is an NT group with
* the same name. convert gid to a group rid.
*/
fstrcpy(gp_buf.name, unix_grp->gr_name);
gp_buf.rid = pwdb_gid_to_group_rid(unix_grp->gr_gid);
break;
if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep))
{
continue;
}
if (gmep.type != SID_NAME_DOM_GRP &&
gmep.type != SID_NAME_WKN_GRP)
{
continue;
}
sid_split_rid(&gmep.sid, &gp_buf.rid);
if (!sid_equal(&gmep.sid, &global_sam_sid))
{
continue;
}
fstrcpy(gp_buf.name, gmep.nt_name);
break;
}
if (unix_grp == NULL)
@ -295,7 +239,7 @@ static struct groupdb_ops unix_ops =
getgrpunixpwpos,
setgrpunixpwpos,
iterate_getgroupnam, /* In groupdb.c */
iterate_getgroupntnam, /* In groupdb.c */
iterate_getgroupgid, /* In groupdb.c */
iterate_getgrouprid, /* In groupdb.c */
getgrpunixpwent,

2
source3/include/ntdomain.h
View File

@ -145,7 +145,7 @@ typedef struct
struct acct_info
{
fstring acct_name; /* account name */
uint32 smb_userid; /* domain-relative RID */
uint32 user_rid; /* domain-relative RID */
};
#endif /* _NT_DOMAIN_H */

215
source3/include/proto.h
View File

@ -22,19 +22,19 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
BOOL initialise_alias_db(void);
LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *iterate_getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als);
BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss);
BOOL iterate_getuseraliasntnam(const char *user_name, LOCAL_GRP **alss, int *num_alss);
BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss);
void *startaliasent(BOOL update);
void endaliasent(void *vp);
LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem);
BOOL add_alias_entry(LOCAL_GRP *newals);
BOOL mod_alias_entry(LOCAL_GRP* als);
LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss);
BOOL getuseraliasntnam(const char *user_name, LOCAL_GRP **als, int *num_alss);
void aldb_init_als(LOCAL_GRP *als);
BOOL make_alias_line(char *p, int max_len,
LOCAL_GRP *als,
@ -46,7 +46,7 @@ struct aliasdb_ops *file_initialise_alias_db(void);
/*The following definitions come from groupdb/aliasunix.c */
BOOL get_unixalias_members(struct group *als,
BOOL get_unixalias_members(struct group *grp,
int *num_mem, LOCAL_GRP_MEMBER **members);
struct aliasdb_ops *unix_initialise_alias_db(void);
@ -55,19 +55,19 @@ struct aliasdb_ops *unix_initialise_alias_db(void);
BOOL initialise_group_db(void);
DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp);
BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps);
BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps);
BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps);
void *startgroupent(BOOL update);
void endgroupent(void *vp);
DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem);
BOOL add_group_entry(DOMAIN_GRP *newgrp);
BOOL mod_group_entry(DOMAIN_GRP* grp);
DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem);
BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps);
BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps);
void gpdb_init_grp(DOMAIN_GRP *grp);
BOOL make_group_line(char *p, int max_len,
DOMAIN_GRP *grp,
@ -124,6 +124,23 @@ void force_check_log_size( void );
void dbgflush( void );
BOOL dbghdr( int level, char *file, char *func, int line );
/*The following definitions come from lib/domain_namemap.c */
BOOL pwdb_rid_is_user(uint32 rid);
BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info);
BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info);
BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info);
BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info);
BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info);
BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info);
BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp);
BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep);
BOOL lookupsmbpwntnam(char *fullntname, DOM_NAME_MAP *gmep);
BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep);
BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp);
BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep);
BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep);
/*The following definitions come from lib/doscalls.c */
int dos_unlink(char *fname);
@ -210,6 +227,16 @@ void pidfile_create(char *name);
char *rep_inet_ntoa(struct in_addr ip);
/*The following definitions come from lib/sids.c */
void get_sam_domain_name(void);
BOOL get_member_domain_sid(void);
void generate_wellknown_sids(void);
BOOL generate_sam_sid(void);
BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
BOOL split_domain_name(char *fullname, char *domain, char *name);
/*The following definitions come from lib/signal.c */
void BlockSignals(BOOL block,int signum);
@ -289,7 +316,7 @@ BOOL user_in_list(char *user,char *list);
char *tmpdir(void);
BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups);
int get_number(char *tmp);
int get_number(const char *tmp);
char *Atoic(char *p, int *n, char *c);
uint32 *add_num_to_list(uint32 **num, int *count, int val);
char *get_numlist(char *p, uint32 **num, int *count);
@ -343,7 +370,8 @@ struct hostent *Get_Hostbyname(const char *name);
BOOL process_exists(int pid);
char *uidtoname(uid_t uid);
char *gidtoname(gid_t gid);
uid_t nametouid(const char *name);
BOOL nametogid(const char *name, gid_t *gid);
BOOL nametouid(const char *name, uid_t *uid);
void smb_panic(char *why);
char *readdirname(DIR *p);
BOOL is_in_path(char *name, name_compare_entry *namelist);
@ -379,15 +407,37 @@ BOOL setfilepwpos(void *vp, SMB_BIG_UINT tok);
int getfileline(void *vp, char *linebuf, int linebuf_size);
char *fgets_slash(char *s2,int maxlen,FILE *f);
/*The following definitions come from lib/util_pwdb.c */
uint32 lookup_wk_group_name(const char *group_name, const char *domain,
DOM_SID *sid, uint8 *type);
uint32 lookup_wk_user_name(const char *user_name, const char *domain,
DOM_SID *sid, uint8 *type);
uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
DOM_SID *sid, uint8 *type);
char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
uint16 pwdb_decode_acct_ctrl(const char *p);
time_t pwdb_get_last_set_time(const char *p);
void pwdb_set_logon_time(char *p, int max_len, time_t t);
void pwdb_set_logoff_time(char *p, int max_len, time_t t);
void pwdb_set_kickoff_time(char *p, int max_len, time_t t);
void pwdb_set_can_change_time(char *p, int max_len, time_t t);
void pwdb_set_must_change_time(char *p, int max_len, time_t t);
void pwdb_set_last_set_time(char *p, int max_len, time_t t);
void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl);
BOOL pwdb_gethexpwd(const char *p, char *pwd);
BOOL pwdb_initialise(void);
/*The following definitions come from lib/util_sid.c */
char *sid_to_string(pstring sidstr_out, DOM_SID *sid);
BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
char *sid_to_string(pstring sidstr_out, const DOM_SID *sid);
BOOL string_to_sid(DOM_SID *sidout, const char *sidstr);
BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
void sid_copy(DOM_SID *sid1, DOM_SID *sid2);
BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2);
int sid_size(DOM_SID *sid);
void sid_copy(DOM_SID *sid1, const DOM_SID *sid2);
BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2);
BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);
int sid_size(const DOM_SID *sid);
/*The following definitions come from lib/util_sock.c */
@ -1058,6 +1108,8 @@ char *lp_workgroup(void);
char *lp_username_map(void);
char *lp_aliasname_map(void);
char *lp_groupname_map(void);
char *lp_builtinname_map(void);
char *lp_ntusrname_map(void);
char *lp_logon_script(void);
char *lp_logon_path(void);
char *lp_logon_drive(void);
@ -1275,47 +1327,19 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd,
/*The following definitions come from passdb/passdb.c */
BOOL initialise_password_db(void);
struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid);
struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid);
struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid);
struct smb_passwd *iterate_getsmbpwnam(const char *name);
void *startsmbpwent(BOOL update);
void endsmbpwent(void *vp);
SMB_BIG_UINT getsmbpwpos(void *vp);
BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok);
struct smb_passwd *getsmbpwent(void *vp);
BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
struct smb_passwd *getsmbpwnam(const char *name);
struct smb_passwd *getsmbpwrid(uint32 user_rid);
struct smb_passwd *getsmbpwuid(uid_t smb_userid);
struct sam_passwd *iterate_getsam21pwnam(const char *name);
struct sam_passwd *iterate_getsam21pwrid(uint32 rid);
struct sam_passwd *iterate_getsam21pwuid(uid_t uid);
struct sam_disp_info *getsamdisprid(uint32 rid);
struct sam_passwd *getsam21pwent(void *vp);
struct sam_passwd *getsam21pwnam(const char *name);
struct sam_passwd *getsam21pwrid(uint32 rid);
struct smb_passwd *getsmbpwuid(uid_t unix_uid);
void pwdb_init_smb(struct smb_passwd *user);
void pwdb_init_sam(struct sam_passwd *user);
struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user);
struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user);
struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user);
char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
uint16 pwdb_decode_acct_ctrl(const char *p);
time_t pwdb_get_last_set_time(const char *p);
void pwdb_set_logon_time(char *p, int max_len, time_t t);
void pwdb_set_logoff_time(char *p, int max_len, time_t t);
void pwdb_set_kickoff_time(char *p, int max_len, time_t t);
void pwdb_set_can_change_time(char *p, int max_len, time_t t);
void pwdb_set_must_change_time(char *p, int max_len, time_t t);
void pwdb_set_last_set_time(char *p, int max_len, time_t t);
void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl);
BOOL pwdb_gethexpwd(const char *p, char *pwd);
uid_t pwdb_user_rid_to_uid(uint32 user_rid);
uint32 pwdb_uid_to_user_rid(uid_t uid);
uint32 pwdb_gid_to_group_rid(gid_t gid);
gid_t pwdb_group_rid_to_gid(uint32 group_rid);
uint32 pwdb_gid_to_alias_rid(gid_t gid);
gid_t pwdb_alias_rid_to_gid(uint32 alias_rid);
BOOL pwdb_rid_is_user(uint32 rid);
struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb);
/*The following definitions come from passdb/passgrp.c */
@ -1323,10 +1347,10 @@ BOOL initialise_passgrp_db(void);
struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
struct smb_passwd *iterate_getsmbgrpnam(char *name,
struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
void *startsmbgrpent(BOOL update);
@ -1334,24 +1358,45 @@ void endsmbgrpent(void *vp);
struct smb_passwd *getsmbgrpent(void *vp,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
struct smb_passwd *getsmbgrpnam(char *name,
struct smb_passwd *getsmbgrpntnam(char *name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
struct smb_passwd *getsmbgrprid(uint32 user_rid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
struct smb_passwd *getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss);
/*The following definitions come from passdb/sampass.c */
void *startsamfilepwent(BOOL update);
void endsamfilepwent(void *vp);
SMB_BIG_UINT getsamfilepwpos(void *vp);
BOOL setsamfilepwpos(void *vp, SMB_BIG_UINT tok);
struct sam_passdb_ops *file_initialise_sam_password_db(void);
/*The following definitions come from passdb/sampassdb.c */
BOOL initialise_sam_password_db(void);
void *startsam21pwent(BOOL update);
void endsam21pwent(void *vp);
struct sam_passwd *getsam21pwent(void *vp);
struct sam_passwd *iterate_getsam21pwntnam(const char *name);
struct sam_passwd *iterate_getsam21pwrid(uint32 rid);
struct sam_passwd *iterate_getsam21pwuid(uid_t uid);
struct sam_disp_info *getsamdisprid(uint32 rid);
struct sam_passwd *getsam21pwntnam(const char *name);
struct sam_passwd *getsam21pwrid(uint32 rid);
void pwdb_init_sam(struct sam_passwd *user);
struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user);
struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user);
struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user);
struct sam_passwd *pwdb_sam_map_names(struct sam_passwd *sam);
/*The following definitions come from passdb/smbpass.c */
void *startsmbfilepwent(BOOL update);
void endsmbfilepwent(void *vp);
SMB_BIG_UINT getsmbfilepwpos(void *vp);
BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok);
struct smb_passwd *getsmbfilepwent(void *vp);
struct passdb_ops *file_initialise_password_db(void);
struct smb_passdb_ops *file_initialise_password_db(void);
/*The following definitions come from passdb/smbpasschange.c */
@ -1407,10 +1452,10 @@ void load_printers(void);
BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
uint32 smb_userid_low, char *password,
uint32 luid_low, char *password,
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
uint32 luid_low, char lm_chal[8], char lm_chal_resp[24],
char nt_chal_resp[24],
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
@ -1535,6 +1580,9 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli,
uint32 *num_aliases,
fstring als_names [MAX_LOOKUP_SIDS],
uint32 num_als_users[MAX_LOOKUP_SIDS]);
BOOL do_samr_query_useraliases(struct cli_state *cli,
POLICY_HND *pol, DOM_SID *sid,
uint32 *num_aliases, uint32 *rid);
BOOL do_samr_query_usergroups(struct cli_state *cli,
POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
BOOL do_samr_query_userinfo(struct cli_state *cli,
@ -1621,7 +1669,6 @@ uint32 get_enum_hnd(ENUM_HND *enh);
void make_enum_hnd(ENUM_HND *enh, uint32 hnd);
void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth);
void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth);
void make_dom_sid(DOM_SID *sid, char *str_sid);
void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid);
void smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth);
void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer);
@ -1986,6 +2033,9 @@ void make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u,
uint16 switch_value, char *acct_desc,
uint32 status);
void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_struct *ps, int depth);
void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
POLICY_HND *hnd,
DOM_SID *sid);
void samr_io_q_query_useraliases(char *desc, SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth);
void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
uint32 num_rids, uint32 *rid, uint32 status);
@ -2211,20 +2261,13 @@ uint32 lookup_wk_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type);
uint32 lookup_alias_sid(DOM_SID *sid, char *alias_name, uint8 *type);
uint32 lookup_wk_user_sid(DOM_SID *sid, char *user_name, uint8 *type);
uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type);
uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type);
uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type);
uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type);
uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type);
uint32 lookup_added_user_rids(char *user_name,
uint32 lookup_added_group_name(const char *grp_name, const char *domain,
DOM_SID *sid, uint8 *type);
uint32 lookup_added_alias_name(const char *als_name, const char *domain,
DOM_SID *sid, uint8 *type);
uint32 lookup_added_user_rids(char *nt_name,
uint32 *usr_rid, uint32 *grp_rid);
uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type);
uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type);
uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type);
uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type);
uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type);
uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type);
uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type);
uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid);
/*The following definitions come from rpc_server/srv_lsa.c */
@ -2278,16 +2321,6 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data);
BOOL api_samr_rpc(pipes_struct *p, prs_struct *data);
/*The following definitions come from rpc_server/srv_sid.c */
void get_sam_domain_name(void);
BOOL get_member_domain_sid(void);
void generate_wellknown_sids(void);
BOOL generate_sam_sid(void);
BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
BOOL split_domain_name(char *fullname, char *domain, char *name);
/*The following definitions come from rpc_server/srv_srvsvc.c */
BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
@ -2384,6 +2417,9 @@ void display_share2(FILE *out_hnd, enum action_type action,
char *path, char *passwd);
void display_name(FILE *out_hnd, enum action_type action,
char *sname);
void display_alias_rid_info(FILE *out_hnd, enum action_type action,
DOM_SID *sid,
uint32 num_rids, uint32 *rid);
void display_group_rid_info(FILE *out_hnd, enum action_type action,
uint32 num_gids, DOM_GID *gid);
void display_alias_name_info(FILE *out_hnd, enum action_type action,
@ -2530,17 +2566,6 @@ void file_chain_reset(void);
void file_chain_save(void);
void file_chain_restore(void);
/*The following definitions come from smbd/groupname.c */
BOOL map_group_sid(DOM_SID *psid, gid_t *gid, char *group_name, char *nt_domain);
BOOL map_alias_sid(DOM_SID *psid, gid_t *gid, char *alias_name, char *nt_domain);
BOOL map_unix_group_name(char *group_name, DOM_SID *psid, char *ntgroup_name, char *nt_domain);
BOOL map_unix_alias_name(char *alias_name, DOM_SID *psid, char *ntalias_name, char *nt_domain);
BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_SID *psid, char *group_name, gid_t *gid);
BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_SID *psid, char *alias_name, gid_t *gid);
BOOL map_alias_gid(gid_t gid, DOM_SID *psid, char *nt_als_name, char *nt_domain);
BOOL map_group_gid( gid_t gid, DOM_SID *psid, char *nt_grp_name, char *nt_domain);
/*The following definitions come from smbd/ipc.c */
int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize);

19
source3/include/rpc_misc.h
View File

@ -43,12 +43,10 @@
#define BUILTIN_ALIAS_RID_USERS (0x00000221L)
#define BUILTIN_ALIAS_RID_GUESTS (0x00000222L)
#define BUILTIN_ALIAS_RID_POWER_USERS (0x00000223L)
#define BUILTIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
#define BUILTIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
#define BUILTIN_ALIAS_RID_PRINT_OPS (0x00000226L)
#define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L)
/*
@ -61,9 +59,9 @@
#define RID_MULTIPLIER 4
/* The three common types. */
#define RID_TYPE_USER 0
#define RID_TYPE_GROUP 1
#define RID_TYPE_ALIAS 2
#define RID_TYPE_USER 0
#define RID_TYPE_GROUP 1
#define RID_TYPE_ALIAS 2
/* ENUM_HND */
typedef struct enum_hnd_info
@ -213,6 +211,17 @@ typedef struct domrid4_info
} DOM_RID4;
/* DOM_RID5 - rid, type & attributes */
typedef struct domrid5_info
{
uint32 ptr_unk; /* pointer to unk */
uint32 unk; /* value is 0x1 */
uint32 rid; /* RID */
uint8 type; /* SID_NAME_USE_ENUM */
uint16 attr;
} DOM_RID5;
/* DOM_CLNT_SRV - client / server names */
typedef struct clnt_srv_info
{

343
source3/include/rpc_samr.h
View File

@ -32,16 +32,16 @@
the following information comes from a QuickView on samsrv.dll,
and gives an idea of exactly what is needed:
SamrAddMemberToAlias
SamrAddMemberToGroup
x SamrAddMemberToAlias
x SamrAddMemberToGroup
SamrAddMultipleMembersToAlias
SamrChangePasswordUser
x SamrChangePasswordUser
x SamrCloseHandle
x SamrConnect
SamrCreateAliasInDomain
SamrCreateGroupInDomain
x SamrCreateAliasInDomain
x SamrCreateGroupInDomain
SamrCreateUserInDomain
SamrDeleteAlias
? SamrDeleteAlias
SamrDeleteGroup
SamrDeleteUser
x SamrEnumerateAliasesInDomain
@ -54,7 +54,7 @@ SamrLookupDomainInSamServer
x SamrLookupNamesInDomain
x SamrOpenAlias
x SamrOpenDomain
SamrOpenGroup
x SamrOpenGroup
x SamrOpenUser
x SamrQueryDisplayInformation
x SamrQueryInformationAlias
@ -65,9 +65,9 @@ SamrRemoveMemberFromAlias
SamrRemoveMemberFromForiegnDomain
SamrRemoveMemberFromGroup
SamrRemoveMultipleMembersFromAlias
SamrSetInformationAlias
x SamrSetInformationAlias
SamrSetInformationDomain
SamrSetInformationGroup
x SamrSetInformationGroup
SamrSetInformationUser
SamrSetMemberAttributesOfGroup
SamrSetSecurityObject
@ -77,30 +77,53 @@ SamrTestPrivateFunctionsUser
********************************************************************/
#define SAMR_CLOSE_HND 0x01
#define SAMR_OPEN_DOMAIN 0x07
#define SAMR_QUERY_DOMAIN_INFO 0x08
#define SAMR_QUERY_USERALIASES 0x10
#define SAMR_LOOKUP_NAMES 0x11
#define SAMR_UNKNOWN_3 0x03
#define SAMR_QUERY_DISPINFO 0x28
#define SAMR_OPEN_USER 0x22
#define SAMR_QUERY_USERINFO 0x24
#define SAMR_QUERY_USERGROUPS 0x27
#define SAMR_UNKNOWN_12 0x12
#define SAMR_UNKNOWN_21 0x21
#define SAMR_UNKNOWN_2C 0x2c
#define SAMR_UNKNOWN_32 0x32
#define SAMR_UNKNOWN_34 0x34
#define SAMR_CHGPASSWD_USER 0x37
#define SAMR_UNKNOWN_38 0x38
#define SAMR_CONNECT 0x39
#define SAMR_CONNECT_ANON 0x00
#define SAMR_CLOSE_HND 0x01
#define SAMR_UNKNOWN_3 0x03
#define SAMR_OPEN_DOMAIN 0x07
#define SAMR_QUERY_DOMAIN_INFO 0x08
#define SAMR_CREATE_DOM_GROUP 0x0a
#define SAMR_ENUM_DOM_USERS 0x0d
#define SAMR_CREATE_DOM_ALIAS 0x0e
#define SAMR_ENUM_DOM_ALIASES 0x0f
#define SAMR_QUERY_USERALIASES 0x10
#define SAMR_LOOKUP_NAMES 0x11
#define SAMR_UNKNOWN_12 0x12
#define SAMR_OPEN_GROUP 0x13
#define SAMR_QUERY_GROUPINFO 0x14
#define SAMR_SET_GROUPINFO 0x15
#define SAMR_ADD_GROUPMEM 0x16
#define SAMR_QUERY_GROUPMEM 0x19
#define SAMR_OPEN_ALIAS 0x1b
#define SAMR_QUERY_ALIASINFO 0x1c
#define SAMR_ENUM_DOM_USERS 0x0d
#define SAMR_ENUM_DOM_ALIASES 0x0f
#define SAMR_SET_ALIASINFO 0x1d
#define SAMR_DELETE_DOM_ALIAS 0x1e
#define SAMR_UNK_ALIAS 0x1f
#define SAMR_ADD_ALIASMEM 0x20
#define SAMR_QUERY_ALIASMEM 0x21
#define SAMR_UNKNOWN_21 0x21
#define SAMR_OPEN_USER 0x22
#define SAMR_QUERY_USERINFO 0x24
#define SAMR_QUERY_USERGROUPS 0x27
#define SAMR_QUERY_DISPINFO 0x28
#define SAMR_UNKNOWN_2C 0x2c
#define SAMR_ENUM_DOM_GROUPS 0x30
#define SAMR_UNKNOWN_32 0x32
#define SAMR_UNKNOWN_34 0x34
#define SAMR_CHGPASSWD_USER 0x37
#define SAMR_UNKNOWN_38 0x38
#define SAMR_CONNECT 0x39
typedef struct logon_hours_info
@ -228,7 +251,7 @@ typedef struct q_samr_close_hnd_info
/* SAMR_R_CLOSE_HND - probably a policy handle close */
typedef struct r_samr_close_hnd_info
{
POLICY_HND pol; /* policy handle */
POLICY_HND pol; /* policy handle */
uint32 status; /* return status */
} SAMR_R_CLOSE_HND;
@ -673,9 +696,143 @@ typedef struct r_samr_query_dispinfo_info
} SAMR_R_QUERY_DISPINFO;
#define SAMR_CREATE_DOM_GROUP 0x0a
/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */
typedef struct q_samr_create_dom_group_info
{
POLICY_HND pol; /* policy handle */
UNIHDR hdr_acct_desc;
UNISTR2 uni_acct_desc;
uint16 unknown_1; /* 0x0002 */
uint16 unknown_2; /* 0x0001 */
} SAMR_Q_CREATE_DOM_GROUP;
/* SAMR_R_CREATE_DOM_GROUP - SAM create group */
typedef struct r_samr_create_dom_group_info
{
POLICY_HND pol; /* policy handle */
uint32 rid;
uint32 status;
} SAMR_R_CREATE_DOM_GROUP;
/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */
typedef struct q_samr_query_group_info
{
POLICY_HND pol; /* policy handle */
uint16 switch_level; /* 0x0001 seen */
} SAMR_Q_QUERY_GROUPINFO;
typedef struct samr_group_info1
{
UNIHDR hdr_acct_name;
UNIHDR hdr_acct_desc;
uint32 unknown_1; /* 0x0000 0003 - number of group members? */
uint32 unknown_2; /* 0x0000 0001 - number of group members? */
UNISTR2 uni_acct_name;
UNISTR2 uni_acct_desc;
} GROUP_INFO1;
typedef struct samr_group_info4
{
UNIHDR hdr_acct_desc;
UNISTR2 uni_acct_desc;
} GROUP_INFO4;
/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */
typedef struct r_samr_query_groupinfo_info
{
uint32 ptr;
uint16 switch_value; /* 0x0001 seen */
/* uint8[2] padding */
union
{
GROUP_INFO1 info1;
} group;
uint32 status;
} SAMR_R_QUERY_GROUPINFO;
/* SAMR_Q_SET_GROUPINFO - SAM Group Info */
typedef struct q_samr_set_group_info
{
POLICY_HND pol; /* policy handle */
uint16 switch_value1; /* 0x0004 seen */
uint16 switch_value2; /* 0x0004 seen */
union
{
GROUP_INFO4 info4;
} group;
} SAMR_Q_SET_GROUPINFO;
/* SAMR_R_SET_GROUPINFO - SAM Group Info */
typedef struct r_samr_set_group_info
{
uint32 status;
} SAMR_R_SET_GROUPINFO;
/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */
typedef struct q_samr_delete_dom_alias_info
{
POLICY_HND pol; /* policy handle */
} SAMR_Q_DELETE_DOM_ALIAS;
/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */
typedef struct r_samr_delete_dom_alias_info
{
POLICY_HND pol; /* policy handle */
uint32 status; /* return status */
} SAMR_R_DELETE_DOM_ALIAS;
/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */
typedef struct q_samr_create_dom_alias_info
{
POLICY_HND pol; /* policy handle */
UNIHDR hdr_acct_desc;
UNISTR2 uni_acct_desc;
uint16 unknown_1; /* 0x001f */
uint16 unknown_2; /* 0x000f */
} SAMR_Q_CREATE_DOM_ALIAS;
/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */
typedef struct r_samr_create_dom_alias_info
{
POLICY_HND pol; /* policy handle */
uint32 rid;
uint32 status;
} SAMR_R_CREATE_DOM_ALIAS;
/* SAMR_Q_QUERY_ALIASINFO - SAM Alias Info */
typedef struct q_samr_enum_alias_info
typedef struct q_samr_query_alias_info
{
POLICY_HND pol; /* policy handle */
@ -690,7 +847,7 @@ typedef struct samr_alias_info3
} ALIAS_INFO3;
/* SAMR_R_QUERY_ALIASINFO - SAM rids, names and descriptions */
/* SAMR_R_QUERY_ALIASINFO - SAM alias info */
typedef struct r_samr_query_aliasinfo_info
{
uint32 ptr;
@ -708,6 +865,30 @@ typedef struct r_samr_query_aliasinfo_info
} SAMR_R_QUERY_ALIASINFO;
/* SAMR_Q_SET_ALIASINFO - SAM Alias Info */
typedef struct q_samr_set_alias_info
{
POLICY_HND pol; /* policy handle */
uint16 switch_value1; /* 0x0003 */
uint16 switch_value2; /* 0x0003 */
union
{
ALIAS_INFO3 info3;
} alias;
} SAMR_Q_SET_ALIASINFO;
/* SAMR_R_SET_ALIASINFO - SAM alias info */
typedef struct r_samr_set_aliasinfo_info
{
uint32 status;
} SAMR_R_SET_ALIASINFO;
/* SAMR_Q_QUERY_USERGROUPS - */
typedef struct q_samr_query_usergroup_info
{
@ -788,7 +969,7 @@ typedef struct r_samr_query_useraliases_info
uint32 ptr; /* undocumented buffer pointer */
uint32 num_entries2;
uint32 rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
uint32 *rid; /* domain RIDs being looked up */
uint32 status; /* return code */
@ -911,17 +1092,6 @@ typedef struct q_samr_unknown_13_info
} SAMR_Q_UNKNOWN_13;
/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */
typedef struct q_samr_unknown_21_info
{
POLICY_HND group_pol; /* policy handle */
uint16 unknown_1; /* 16 bit unknown - 0x0477 */
uint16 unknown_2; /* 16 bit unknown - 0x0000 */
} SAMR_Q_UNKNOWN_21;
/* SAMR_Q_UNKNOWN_32 - probably a "create SAM entry" */
typedef struct q_samr_unknown_32_info
{
@ -950,6 +1120,91 @@ typedef struct r_samr_unknown_32_info
} SAMR_R_UNKNOWN_32;
/* SAMR_Q_ADD_GROUPMEM - probably an add group member */
typedef struct q_samr_add_group_mem_info
{
POLICY_HND pol; /* policy handle */
uint32 rid; /* rid */
uint32 unknown; /* 0x0000 0005 */
} SAMR_Q_ADD_GROUPMEM;
/* SAMR_R_ADD_GROUPMEM - probably an add group member */
typedef struct r_samr_add_group_mem_info
{
uint32 status; /* return status */
} SAMR_R_ADD_GROUPMEM;
/* SAMR_Q_OPEN_GROUP - probably an open */
typedef struct q_samr_open_group_info
{
uint32 unknown_0; /* 0x0000 0001, 0x0000 0003, 0x0000 001f */
uint32 rid_group; /* rid */
} SAMR_Q_OPEN_GROUP;
/* SAMR_R_OPEN_GROUP - probably an open */
typedef struct r_samr_open_group_info
{
POLICY_HND pol; /* policy handle */
uint32 status; /* return status */
} SAMR_R_OPEN_GROUP;
/* SAMR_Q_UNKNOWN_21 - probably an open group in domain */
typedef struct q_samr_unknown_21_info
{
POLICY_HND group_pol; /* policy handle */
uint16 unknown_1; /* 16 bit unknown - 0x0477 */
uint16 unknown_2; /* 16 bit unknown - 0x0000 */
} SAMR_Q_UNKNOWN_21;
/* SAMR_Q_UNK_ALIASMEM - don't know! */
typedef struct q_samr_unk_alias_mem_info
{
POLICY_HND pol; /* policy handle */
DOM_SID sid; /* member sid to be "something"ed to do with the alias */
} SAMR_Q_UNK_ALIASMEM;
/* SAMR_R_UNK_ALIASMEM - probably an open */
typedef struct r_samr_unk_alias_mem_info
{
uint32 status; /* return status */
} SAMR_R_UNK_ALIASMEM;
/* SAMR_Q_ADD_ALIASMEM - probably an add member */
typedef struct q_samr_add_alias_mem_info
{
POLICY_HND pol; /* policy handle */
DOM_SID sid; /* member sid to be added to alias */
} SAMR_Q_ADD_ALIASMEM;
/* SAMR_R_ADD_ALIASMEM - probably an open */
typedef struct r_samr_add_alias_mem_info
{
uint32 status; /* return status */
} SAMR_R_ADD_ALIASMEM;
/* SAMR_Q_OPEN_ALIAS - probably an open */
typedef struct q_samr_open_alias_info
{

200
source3/include/smb.h
View File

@ -357,14 +357,15 @@ typedef struct nttime_info
struct sam_passwd
{
time_t logon_time; /* logon time */
time_t logoff_time; /* logoff time */
time_t kickoff_time; /* kickoff time */
time_t pass_last_set_time; /* password last set time */
time_t pass_can_change_time; /* password can change time */
time_t pass_must_change_time; /* password must change time */
NTTIME logon_time; /* logon time */
NTTIME logoff_time; /* logoff time */
NTTIME kickoff_time; /* kickoff time */
NTTIME pass_last_set_time; /* password last set time */
NTTIME pass_can_change_time; /* password can change time */
NTTIME pass_must_change_time; /* password must change time */
char *smb_name; /* username string */
char *unix_name; /* unix username string */
char *nt_name; /* nt username string */
char *full_name; /* user's full name string */
char *home_dir; /* home directory string */
char *dir_drive; /* home directory drive string */
@ -375,8 +376,8 @@ struct sam_passwd
char *unknown_str ; /* don't know what this is, yet. */
char *munged_dial ; /* munged path name and dial-back tel number */
uid_t smb_userid; /* this is actually the unix uid_t */
gid_t smb_grpid; /* this is actually the unix gid_t */
uid_t unix_uid; /* this is actually the unix uid_t */
gid_t unix_gid; /* this is actually the unix gid_t */
uint32 user_rid; /* Primary User ID */
uint32 group_rid; /* Primary Group ID */
@ -396,8 +397,11 @@ struct sam_passwd
struct smb_passwd
{
uid_t smb_userid; /* this is actually the unix uid_t */
char *smb_name; /* username string */
uid_t unix_uid; /* unix userid */
char *unix_name; /* unix username string */
uint32 user_rid; /* Primary User ID */
char *nt_name; /* unix username string */
unsigned char *smb_passwd; /* Null if no password */
unsigned char *smb_nt_passwd; /* Null if no password */
@ -410,8 +414,8 @@ struct smb_passwd
struct sam_disp_info
{
uint32 user_rid; /* Primary User ID */
char *smb_name; /* username string */
char *full_name; /* user's full name string */
char *nt_name; /* username string */
char *full_name; /* user's full name string */
};
#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
@ -431,6 +435,28 @@ typedef struct sid_info
} DOM_SID;
typedef struct group_name_info
{
char *nt_name;
char *nt_domain;
char *unix_name;
DOM_SID sid;
uint8 type;
uint32 unix_id;
} DOM_NAME_MAP;
/* map either local aliases, domain groups or builtin aliases */
typedef enum
{
DOM_MAP_LOCAL,
DOM_MAP_DOMAIN,
DOM_MAP_USER,
} DOM_MAP_TYPE;
/*** query a local group, get a list of these: shows who is in that group ***/
/* local group member info */
@ -744,53 +770,28 @@ struct shmem_ops {
* to support the following operations.
*/
struct passdb_ops {
/*
* Password database ops.
*/
void *(*startsmbpwent)(BOOL);
void (*endsmbpwent)(void *);
SMB_BIG_UINT (*getsmbpwpos)(void *);
BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
struct smb_passdb_ops
{
/*
* Password database operations.
*/
void *(*startsmbpwent)(BOOL);
void (*endsmbpwent)(void *);
SMB_BIG_UINT (*getsmbpwpos)(void *);
BOOL (*setsmbpwpos)(void *, SMB_BIG_UINT);
/*
* smb password database query functions.
*/
struct smb_passwd *(*getsmbpwnam)(const char *);
struct smb_passwd *(*getsmbpwuid)(uid_t);
struct smb_passwd *(*getsmbpwrid)(uint32);
struct smb_passwd *(*getsmbpwent)(void *);
/*
* smb password database query functions.
*/
struct smb_passwd *(*getsmbpwnam)(const char *);
struct smb_passwd *(*getsmbpwuid)(uid_t);
struct smb_passwd *(*getsmbpwent)(void *);
/*
* smb password database modification functions.
*/
BOOL (*add_smbpwd_entry)(struct smb_passwd *);
BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
/*
* Functions that manupulate a struct sam_passwd.
*/
struct sam_passwd *(*getsam21pwent)(void *);
/*
* sam password database query functions.
*/
struct sam_passwd *(*getsam21pwnam)(const char *);
struct sam_passwd *(*getsam21pwuid)(uid_t);
struct sam_passwd *(*getsam21pwrid)(uint32);
/*
* sam password database modification functions.
*/
BOOL (*add_sam21pwd_entry)(struct sam_passwd *);
BOOL (*mod_sam21pwd_entry)(struct sam_passwd *, BOOL);
/*
* sam query display info functions.
*/
struct sam_disp_info *(*getsamdispnam)(const char *);
struct sam_disp_info *(*getsamdisprid)(uint32);
struct sam_disp_info *(*getsamdispent)(void *);
/*
* smb password database modification functions.
*/
BOOL (*add_smbpwd_entry)(struct smb_passwd *);
BOOL (*mod_smbpwd_entry)(struct smb_passwd *, BOOL);
#if 0
/*
@ -802,28 +803,65 @@ struct passdb_ops {
#endif
};
/*
* Each implementation of the password database code needs
* to support the following operations.
*/
struct sam_passdb_ops {
/*
* Password database operations.
*/
void *(*startsam21pwent)(BOOL);
void (*endsam21pwent)(void *);
SMB_BIG_UINT (*getsam21pwpos)(void *);
BOOL (*setsam21pwpos)(void *, SMB_BIG_UINT);
/*
* sam password database query functions.
*/
struct sam_passwd *(*getsam21pwntnam)(const char *);
struct sam_passwd *(*getsam21pwuid)(uid_t);
struct sam_passwd *(*getsam21pwrid)(uint32);
struct sam_passwd *(*getsam21pwent)(void *);
/*
* sam password database modification functions.
*/
BOOL (*add_sam21pwd_entry)(struct sam_passwd *);
BOOL (*mod_sam21pwd_entry)(struct sam_passwd *, BOOL);
/*
* sam query display info functions.
*/
struct sam_disp_info *(*getsamdispntnam)(const char *);
struct sam_disp_info *(*getsamdisprid)(uint32);
struct sam_disp_info *(*getsamdispent)(void *);
};
/*
* Each implementation of the passgrp database code needs
* to support the following operations.
*/
struct passgrp_ops {
/*
* Password database ops.
*/
void *(*startsmbgrpent)(BOOL);
void (*endsmbgrpent)(void *);
SMB_BIG_UINT (*getsmbgrppos)(void *);
BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
/*
* smb passgrp database query functions.
*/
struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
struct passgrp_ops
{
/*
* Password group database ops.
*/
void *(*startsmbgrpent)(BOOL);
void (*endsmbgrpent)(void *);
SMB_BIG_UINT (*getsmbgrppos)(void *);
BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT);
/*
* smb passgrp database query functions, by user attributes.
*/
struct smb_passwd *(*getsmbgrpntnam)(const char *, uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*);
struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*);
};
/*
@ -846,10 +884,9 @@ struct groupdb_ops
BOOL (*setgrouppos)(void *, SMB_BIG_UINT);
/*
* group database query functions. set the BOOL to Tru
* if you want the members in the group as well.
* group database query functions.
*/
DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *);
DOMAIN_GRP *(*getgroupntnam)(const char *, DOMAIN_GRP_MEMBER **, int *);
DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *);
DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *);
DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *);
@ -863,7 +900,7 @@ struct groupdb_ops
/*
* user group functions
*/
BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *);
BOOL (*getusergroupsntnam)(const char *, DOMAIN_GRP **, int *);
};
/*
@ -886,10 +923,9 @@ struct aliasdb_ops
BOOL (*setaliaspos)(void *, SMB_BIG_UINT);
/*
* alias database query functions. set the BOOL to Tru
* if you want the members in the alias as well.
* alias database query functions.
*/
LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *);
LOCAL_GRP *(*getaliasntnam)(const char *, LOCAL_GRP_MEMBER **, int *);
LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *);
LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *);
LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *);
@ -903,7 +939,7 @@ struct aliasdb_ops
/*
* user alias functions
*/
BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *);
BOOL (*getuseraliasntnam)(const char *, LOCAL_GRP **, int *);
};
/* this is used for smbstatus */

103
source3/lib/util.c
View File

@ -121,7 +121,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
/****************************************************************************
gets either a hex number (0xNNN) or decimal integer (NNN).
****************************************************************************/
int get_number(char *tmp)
int get_number(const char *tmp)
{
if (strnequal(tmp, "0x", 2))
{
@ -2185,33 +2185,18 @@ void standard_sub(connection_struct *conn,char *str)
{
char *p, *s, *home;
for (s=str; (p=strchr(s, '%'));s=p) {
switch (*(p+1)) {
case 'H':
if ((home = get_home_dir(conn->user))) {
string_sub(p,"%H",home);
} else {
p += 2;
}
break;
case 'P':
string_sub(p,"%P",conn->connectpath);
break;
case 'S':
string_sub(p,"%S",
lp_servicename(SNUM(conn)));
break;
case 'g':
string_sub(p,"%g",
gidtoname(conn->gid));
break;
case 'u':
string_sub(p,"%u",conn->user);
break;
for (s=str; (p=strchr(s, '%'));s=p)
{
switch (*(p+1))
{
case 'H':
if ((home = get_home_dir(conn->user)) != NULL) {
string_sub(p,"%H",home);
} else {
p += 2;
}
break;
/* Patch from jkf@soton.ac.uk Left the %N (NIS
* server name) in standard_sub_basic as it is
* a feature for logon servers, hence uses the
@ -2219,17 +2204,14 @@ void standard_sub(connection_struct *conn,char *str)
* here as it is used instead of the default
* "path =" string in [homes] and so needs the
* service name, not the username. */
case 'p':
string_sub(p,"%p",
automount_path(lp_servicename(SNUM(conn))));
break;
case '\0':
p++;
break; /* don't run off the end of the string
*/
default: p+=2;
break;
case 'p': string_sub(p,"%p", automount_path(lp_servicename(SNUM(conn)))); break;
case 'P': string_sub(p,"%P",conn->connectpath); break;
case 'S': string_sub(p,"%S", lp_servicename(SNUM(conn))); break;
case 'g': string_sub(p,"%g", gidtoname(conn->gid)); break;
case 'u': string_sub(p,"%u", conn->user); break;
case '\0': p++; break; /* don't run off the end of the string */
default : p+=2; break;
}
}
@ -2350,14 +2332,49 @@ char *gidtoname(gid_t gid)
return(name);
}
/*******************************************************************
turn a group name into a gid
********************************************************************/
BOOL nametogid(const char *name, gid_t *gid)
{
struct group *grp = getgrnam(name);
if (grp)
{
*gid = grp->gr_gid;
return True;
}
else if (isdigit(name[0]))
{
*gid = (gid_t)get_number(name);
return True;
}
else
{
return False;
}
}
/*******************************************************************
turn a user name into a uid
********************************************************************/
uid_t nametouid(const char *name)
BOOL nametouid(const char *name, uid_t *uid)
{
struct passwd *pass = getpwnam(name);
if (pass) return(pass->pw_uid);
return (uid_t)-1;
struct passwd *pass = Get_Pwnam(name, False);
if (pass)
{
*uid = pass->pw_uid;
return True;
}
else if (isdigit(name[0]))
{
*uid = (uid_t)get_number(name);
return True;
}
else
{
return False;
}
}
/*******************************************************************

37
source3/lib/util_sid.c
View File

@ -29,7 +29,7 @@ extern int DEBUGLEVEL;
Convert a SID to an ascii string.
*****************************************************************/
char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
char *sid_to_string(pstring sidstr_out, const DOM_SID *sid)
{
char subauth[16];
int i;
@ -55,10 +55,10 @@ char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
Convert a string to a SID. Returns True on success, False on fail.
*****************************************************************/
BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
{
pstring tok;
char *p = sidstr;
const char *p = sidstr;
/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
uint32 ia;
@ -146,7 +146,7 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
/*****************************************************************
copies a sid
*****************************************************************/
void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
void sid_copy(DOM_SID *sid1, const DOM_SID *sid2)
{
int i;
@ -163,10 +163,35 @@ void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
sid1->num_auths = sid2->num_auths;
sid1->sid_rev_num = sid2->sid_rev_num;
}
/*****************************************************************
compare two sids up to the auths of the first sid
*****************************************************************/
BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2)
{
int i;
/* compare most likely different rids, first: i.e start at end */
for (i = sid1->num_auths-1; i >= 0; --i)
{
if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
}
if (sid1->num_auths > sid2->num_auths ) return False;
if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
for (i = 0; i < 6; i++)
{
if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
}
return True;
}
/*****************************************************************
compare two sids
*****************************************************************/
BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
{
int i;
@ -191,7 +216,7 @@ BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
/*****************************************************************
calculates size of a sid
*****************************************************************/
int sid_size(DOM_SID *sid)
int sid_size(const DOM_SID *sid)
{
if (sid == NULL)
{

27
source3/nmbd/nmbd.c
View File

@ -1,7 +1,7 @@
/*
Unix SMB/Netbios implementation.
Unix SMB/NetBIOS implementation.
Version 1.9.
NBT netbios routines and daemon - version 2
NBT NetBIOS routines and daemon - version 2
Copyright (C) Andrew Tridgell 1994-1998
This program is free software; you can redistribute it and/or modify
@ -509,7 +509,7 @@ static BOOL init_structs(void)
*p = 0;
strlower( local_machine );
DEBUG( 5, ("Netbios name list:-\n") );
DEBUG( 5, ("NetBIOS name list:-\n") );
for( n=0; my_netbios_names[n]; n++ )
DEBUGADD( 5, ( "my_netbios_names[%d]=\"%s\"\n", n, my_netbios_names[n] ) );
@ -567,9 +567,6 @@ static void usage(char *pname)
charset_initialise();
if(!initialise_password_db())
exit(1);
#ifdef LMHOSTSFILE
pstrcpy( host_file, LMHOSTSFILE );
#endif
@ -661,7 +658,7 @@ static void usage(char *pname)
reopen_logs();
DEBUG( 1, ( "Netbios nameserver version %s started.\n", VERSION ) );
DEBUG( 1, ( "NetBIOS nameserver version %s started.\n", VERSION ) );
DEBUGADD( 1, ( "Copyright Andrew Tridgell 1994-1998\n" ) );
if( !get_myname( myhostname, NULL) )
@ -680,13 +677,17 @@ static void usage(char *pname)
reload_services( True );
fstrcpy( global_myworkgroup, lp_workgroup() );
if (!pwdb_initialise())
{
exit(1);
}
if (strequal(global_myworkgroup,"*"))
{
DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));
exit(1);
}
if (!get_member_domain_sid())
{
DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",
lp_passwordserver()));
exit(1);
}
set_samba_nb_type();

18
source3/param/loadparm.c
View File

@ -126,6 +126,8 @@ typedef struct
char *szUsernameMap;
char *szAliasnameMap;
char *szGroupnameMap;
char *szBuiltinnameMap;
char *szNTusernameMap;
char *szCharacterSet;
char *szLogonScript;
char *szLogonPath;
@ -517,9 +519,13 @@ static struct parm_struct parm_table[] =
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
#if USE_SMBFILE_DB
{"smb passgrp file", P_STRING, P_GLOBAL, &Globals.szSMBPassGroupFile, NULL, NULL, 0},
#endif
#if USE_SMBGROUP_DB
{"smb group file", P_STRING, P_GLOBAL, &Globals.szSMBGroupFile, NULL, NULL, 0},
{"smb alias file", P_STRING, P_GLOBAL, &Globals.szSMBAliasFile, NULL, NULL, 0},
#endif
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
@ -687,6 +693,8 @@ static struct parm_struct parm_table[] =
{"local group map", P_STRING, P_GLOBAL, &Globals.szAliasnameMap, NULL, NULL, 0},
{"domain group map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
{"builtin group map", P_STRING, P_GLOBAL, &Globals.szBuiltinnameMap, NULL, NULL, 0},
{"domain user map", P_STRING, P_GLOBAL, &Globals.szNTusernameMap, NULL, NULL, 0},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
@ -819,9 +827,13 @@ static void init_globals(void)
DEBUG(3,("Initialising global parameters\n"));
string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
#if USE_SMBFILE_DB
string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE);
#endif
#if USE_SMBGROUP_DB
string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE);
string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE);
#endif
string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*");
string_set(&Globals.szWorkGroup, WORKGROUP);
string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM);
@ -1101,9 +1113,13 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile)
FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun)
FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile)
FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile)
#if USE_SMBFILE_DB
FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile)
#endif
#if USE_SMBGROUP_DB
FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile)
FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile)
#endif
FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString)
FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname)
FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir)
@ -1120,6 +1136,8 @@ FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap)
FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
FN_GLOBAL_STRING(lp_builtinname_map,&Globals.szBuiltinnameMap)
FN_GLOBAL_STRING(lp_ntusrname_map,&Globals.szNTusernameMap)
FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript)
FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath)
FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive)

10
source3/passdb/ldap.c
View File

@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
get_single_attribute(ldap_struct, entry, "rid", temp);
/* the smb (unix) ids are not stored: they are created */
user->smb_userid = pwdb_user_rid_to_uid (atoi(temp));
user->unix_uid = pwdb_user_rid_to_uid (atoi(temp));
if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
{
@ -347,7 +347,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
user->group_rid = atoi(temp);
/* the smb (unix) ids are not stored: they are created */
user->smb_userid = pw_buf.smb_userid;
user->unix_uid = pw_buf.unix_uid;
user->smb_grpid = group_rid_to_uid(user->group_rid);
user->acct_ctrl = pw_buf.acct_ctrl;
@ -553,7 +553,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
}
slprintf(nthash, sizeof(nthash)-1, "%s", temp);
slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) );
slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->unix_uid) );
slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time);
mods = NULL;
@ -925,9 +925,9 @@ static struct smb_passwd *getldappwnam(char *name)
return pwdb_sam_to_smb(iterate_getsam21pwnam(name));
}
static struct smb_passwd *getldappwuid(uid_t smb_userid)
static struct smb_passwd *getldappwuid(uid_t unix_uid)
{
return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
return pwdb_sam_to_smb(iterate_getsam21pwuid(unix_uid));
}
static struct smb_passwd *getldappwrid(uint32 user_rid)

12
source3/passdb/nispass.c
View File

@ -371,7 +371,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time );
pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time);
slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid);
slprintf(uid, sizeof(uid), "%u", newpwd->unix_uid);
slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid);
slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid);
slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid);
@ -500,7 +500,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
uidval = atoi(ENTRY_VAL(obj, NPF_UID));
pw_buf->smb_name = user_name;
pw_buf->smb_userid = uidval;
pw_buf->unix_uid = uidval;
pw_buf->smb_passwd = smbpwd;
pw_buf->smb_nt_passwd = smbntpwd;
@ -621,9 +621,9 @@ static struct smb_passwd *getnisppwnam(char *name)
return pwdb_sam_to_smb(getnisp21pwnam(name));
}
static struct sam_passwd *getnisp21pwuid(uid_t smb_userid)
static struct sam_passwd *getnisp21pwuid(uid_t unix_uid)
{
return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid));
return getnisp21pwrid(pwdb_uid_to_user_rid(unix_uid));
}
static struct smb_passwd *getnisppwrid(uid_t user_rid)
@ -631,9 +631,9 @@ static struct smb_passwd *getnisppwrid(uid_t user_rid)
return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid)));
}
static struct smb_passwd *getnisppwuid(uid_t smb_userid)
static struct smb_passwd *getnisppwuid(uid_t unix_uid)
{
return pwdb_sam_to_smb(getnisp21pwuid(smb_userid));
return pwdb_sam_to_smb(getnisp21pwuid(unix_uid));
}
static struct sam_disp_info *getnispdispnam(char *name)

638
source3/passdb/passdb.c
View File

@ -24,6 +24,7 @@
#include "nterr.h"
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
/*
* NOTE. All these functions are abstracted into a structure
@ -52,7 +53,7 @@ extern int DEBUGLEVEL;
*
*/
static struct passdb_ops *pwdb_ops;
static struct smb_passdb_ops *pwdb_ops;
/***************************************************************
Initialise the password db operations.
@ -80,26 +81,17 @@ BOOL initialise_password_db(void)
* Functions that return/manipulate a struct smb_passwd.
*/
/************************************************************************
Utility function to search smb passwd by rid.
*************************************************************************/
struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid)
{
return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid));
}
/************************************************************************
Utility function to search smb passwd by uid. use this if your database
does not have search facilities.
*************************************************************************/
struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid)
{
struct smb_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
/* Open the smb password database - not for update. */
fp = startsmbpwent(False);
@ -110,13 +102,13 @@ struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
return NULL;
}
while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid)
while ((pwd = getsmbpwent(fp)) != NULL && pwd->unix_uid != unix_uid)
{
}
if (pwd != NULL)
{
DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
}
endsmbpwent(fp);
@ -144,9 +136,9 @@ struct smb_passwd *iterate_getsmbpwnam(const char *name)
return NULL;
}
while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name))
while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->unix_name, name))
{
DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->smb_userid));
DEBUG(10, ("iterate: %s 0x%x\n", pwd->unix_name, pwd->unix_uid));
}
if (pwd != NULL)
@ -189,13 +181,23 @@ void endsmbpwent(void *vp)
pwdb_ops->endsmbpwent(vp);
}
SMB_BIG_UINT getsmbpwpos(void *vp)
{
return pwdb_ops->getsmbpwpos(vp);
}
BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok)
{
return pwdb_ops->setsmbpwpos(vp, tok);
}
/*************************************************************************
Routine to return the next entry in the smb passwd list.
*************************************************************************/
struct smb_passwd *getsmbpwent(void *vp)
{
return pwdb_ops->getsmbpwent(vp);
return pwdb_smb_map_names(pwdb_ops->getsmbpwent(vp));
}
/************************************************************************
@ -204,7 +206,7 @@ struct smb_passwd *getsmbpwent(void *vp)
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
{
return pwdb_ops->add_smbpwd_entry(newpwd);
return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd));
}
/************************************************************************
@ -218,7 +220,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
{
return pwdb_ops->mod_smbpwd_entry(pwd, override);
return pwdb_ops->mod_smbpwd_entry(pwdb_smb_map_names(pwd), override);
}
/************************************************************************
@ -227,604 +229,94 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
struct smb_passwd *getsmbpwnam(const char *name)
{
return pwdb_ops->getsmbpwnam(name);
}
/************************************************************************
Routine to search smb passwd by user rid.
*************************************************************************/
struct smb_passwd *getsmbpwrid(uint32 user_rid)
{
return pwdb_ops->getsmbpwrid(user_rid);
return pwdb_smb_map_names(pwdb_ops->getsmbpwnam(name));
}
/************************************************************************
Routine to search smb passwd by uid.
*************************************************************************/
struct smb_passwd *getsmbpwuid(uid_t smb_userid)
struct smb_passwd *getsmbpwuid(uid_t unix_uid)
{
return pwdb_ops->getsmbpwuid(smb_userid);
}
/*
* Functions that manupulate a struct sam_passwd.
*/
/************************************************************************
Utility function to search sam passwd by name. use this if your database
does not have search facilities.
*************************************************************************/
struct sam_passwd *iterate_getsam21pwnam(const char *name)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by name: %s\n", name));
/* Open the smb password database - not for update. */
fp = startsmbpwent(False);
if (fp == NULL)
{
DEBUG(0, ("unable to open sam password database.\n"));
return NULL;
}
while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name))
{
DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
}
if (pwd != NULL)
{
DEBUG(10, ("found by name: %s\n", name));
}
endsmbpwent(fp);
return pwd;
}
/************************************************************************
Utility function to search sam passwd by rid. use this if your database
does not have search facilities.
search capability by both rid and uid are needed as the rid <-> uid
mapping may be non-monotonic.
*************************************************************************/
struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by rid: %x\n", rid));
/* Open the smb password file - not for update. */
fp = startsmbpwent(False);
if (fp == NULL)
{
DEBUG(0, ("unable to open sam password database.\n"));
return NULL;
}
while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
{
DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
}
if (pwd != NULL)
{
DEBUG(10, ("found by user_rid: %x\n", rid));
}
endsmbpwent(fp);
return pwd;
}
/************************************************************************
Utility function to search sam passwd by uid. use this if your database
does not have search facilities.
search capability by both rid and uid are needed as the rid <-> uid
mapping may be non-monotonic.
*************************************************************************/
struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by uid: %x\n", (int)uid));
/* Open the smb password file - not for update. */
fp = startsmbpwent(False);
if (fp == NULL)
{
DEBUG(0, ("unable to open sam password database.\n"));
return NULL;
}
while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid)
{
}
if (pwd != NULL)
{
DEBUG(10, ("found by smb_userid: %x\n", (int)uid));
}
endsmbpwent(fp);
return pwd;
}
/*************************************************************************
Routine to return a display info structure, by rid
*************************************************************************/
struct sam_disp_info *getsamdisprid(uint32 rid)
{
return pwdb_ops->getsamdisprid(rid);
}
/*************************************************************************
Routine to return the next entry in the sam passwd list.
*************************************************************************/
struct sam_passwd *getsam21pwent(void *vp)
{
return pwdb_ops->getsam21pwent(vp);
}
/************************************************************************
Routine to search sam passwd by name.
*************************************************************************/
struct sam_passwd *getsam21pwnam(const char *name)
{
return pwdb_ops->getsam21pwnam(name);
}
/************************************************************************
Routine to search sam passwd by rid.
*************************************************************************/
struct sam_passwd *getsam21pwrid(uint32 rid)
{
return pwdb_ops->getsam21pwrid(rid);
}
/**********************************************************
**********************************************************
utility routines which are likely to be useful to all password
databases
**********************************************************
**********************************************************/
/*************************************************************
initialises a struct sam_disp_info.
**************************************************************/
static void pwdb_init_dispinfo(struct sam_disp_info *user)
{
if (user == NULL) return;
bzero(user, sizeof(*user));
return pwdb_smb_map_names(pwdb_ops->getsmbpwuid(unix_uid));
}
/*************************************************************
initialises a struct smb_passwd.
**************************************************************/
void pwdb_init_smb(struct smb_passwd *user)
{
if (user == NULL) return;
bzero(user, sizeof(*user));
user->pass_last_set_time = (time_t)-1;
user->unix_uid = (uid_t)-1;
user->user_rid = 0xffffffff;
}
/*************************************************************
initialises a struct sam_passwd.
fills in missing details. one set of details _must_ exist.
**************************************************************/
void pwdb_init_sam(struct sam_passwd *user)
struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb)
{
if (user == NULL) return;
bzero(user, sizeof(*user));
user->logon_time = (time_t)-1;
user->logoff_time = (time_t)-1;
user->kickoff_time = (time_t)-1;
user->pass_last_set_time = (time_t)-1;
user->pass_can_change_time = (time_t)-1;
user->pass_must_change_time = (time_t)-1;
}
DOM_NAME_MAP gmep;
BOOL found = False;
DOM_SID sid;
static fstring unix_name;
static fstring nt_name;
/*************************************************************************
Routine to return the next entry in the sam passwd list.
*************************************************************************/
DEBUG(10,("pwdb_smb_map_names\n"));
struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
{
static struct sam_disp_info disp_info;
if (user == NULL) return NULL;
pwdb_init_dispinfo(&disp_info);
disp_info.smb_name = user->smb_name;
disp_info.full_name = user->full_name;
disp_info.user_rid = user->user_rid;
return &disp_info;
}
/*************************************************************
converts a sam_passwd structure to a smb_passwd structure.
**************************************************************/
struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
{
static struct smb_passwd pw_buf;
if (user == NULL) return NULL;
pwdb_init_smb(&pw_buf);
pw_buf.smb_userid = user->smb_userid;
pw_buf.smb_name = user->smb_name;
pw_buf.smb_passwd = user->smb_passwd;
pw_buf.smb_nt_passwd = user->smb_nt_passwd;
pw_buf.acct_ctrl = user->acct_ctrl;
pw_buf.pass_last_set_time = user->pass_last_set_time;
return &pw_buf;
}
/*************************************************************
converts a smb_passwd structure to a sam_passwd structure.
**************************************************************/
struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
{
static struct sam_passwd pw_buf;
if (user == NULL) return NULL;
pwdb_init_sam(&pw_buf);
pw_buf.smb_userid = user->smb_userid;
pw_buf.smb_name = user->smb_name;
pw_buf.smb_passwd = user->smb_passwd;
pw_buf.smb_nt_passwd = user->smb_nt_passwd;
pw_buf.acct_ctrl = user->acct_ctrl;
pw_buf.pass_last_set_time = user->pass_last_set_time;
return &pw_buf;
}
/**********************************************************
Encode the account control bits into a string.
length = length of string to encode into (including terminating
null). length *MUST BE MORE THAN 2* !
**********************************************************/
char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
{
static fstring acct_str;
size_t i = 0;
acct_str[i++] = '[';
if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
for ( ; i < length - 2 ; i++ )
if (smb == NULL)
{
acct_str[i] = ' ';
return NULL;
}
i = length - 2;
acct_str[i++] = ']';
acct_str[i++] = '\0';
return acct_str;
}
/**********************************************************
Decode the account control bits from a string.
this function breaks coding standards minimum line width of 80 chars.
reason: vertical line-up code clarity - all case statements fit into
15 lines, which is more important.
**********************************************************/
uint16 pwdb_decode_acct_ctrl(const char *p)
{
uint16 acct_ctrl = 0;
BOOL finished = False;
/*
* Check if the account type bits have been encoded after the
* NT password (in the form [NDHTUWSLXI]).
*/
if (*p != '[') return 0;
for (p++; *p && !finished; p++)
if (smb->unix_name == NULL && smb->nt_name == NULL &&
smb->unix_uid == (uid_t)-1 && smb->user_rid == 0xffffffff)
{
switch (*p)
{
case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
case ' ': { break; }
case ':':
case '\n':
case '\0':
case ']':
default: { finished = True; }
}
return NULL;
}
return acct_ctrl;
}
/*******************************************************************
gets password-database-format time from a string.
********************************************************************/
static time_t get_time_from_string(const char *p)
{
int i;
for (i = 0; i < 8; i++)
if (!found && smb->unix_name != NULL)
{
if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
{
break;
}
found = lookupsmbpwnam(smb->unix_name, &gmep);
}
if (i == 8)
if (!found && smb->unix_uid != (uid_t)-1)
{
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed.
*/
return (time_t)strtol(p, NULL, 16);
found = lookupsmbpwuid(smb->unix_uid , &gmep);
}
return (time_t)-1;
}
/*******************************************************************
gets password last set time
********************************************************************/
time_t pwdb_get_last_set_time(const char *p)
{
if (*p && StrnCaseCmp(p, "LCT-", 4))
if (!found)
{
return get_time_from_string(p + 4);
sid_copy(&sid, &global_sam_sid);
sid_append_rid(&sid, smb->user_rid);
}
return (time_t)-1;
}
/*******************************************************************
sets password-database-format time in a string.
********************************************************************/
static void set_time_in_string(char *p, int max_len, char *type, time_t t)
{
slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
}
/*******************************************************************
sets logon time
********************************************************************/
void pwdb_set_logon_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "LNT", t);
}
/*******************************************************************
sets logoff time
********************************************************************/
void pwdb_set_logoff_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "LOT", t);
}
/*******************************************************************
sets kickoff time
********************************************************************/
void pwdb_set_kickoff_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "KOT", t);
}
/*******************************************************************
sets password can change time
********************************************************************/
void pwdb_set_can_change_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "CCT", t);
}
/*******************************************************************
sets password last set time
********************************************************************/
void pwdb_set_must_change_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "MCT", t);
}
/*******************************************************************
sets password last set time
********************************************************************/
void pwdb_set_last_set_time(char *p, int max_len, time_t t)
{
set_time_in_string(p, max_len, "LCT", t);
}
/*************************************************************
Routine to set 32 hex password characters from a 16 byte array.
**************************************************************/
void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl)
{
if (pwd != NULL)
if (!found && smb->user_rid != 0xffffffff)
{
int i;
for (i = 0; i < 16; i++)
{
slprintf(&p[i*2], 33, "%02X", pwd[i]);
}
found = lookupsmbpwsid (&sid , &gmep);
}
else
if (!found && smb->nt_name != NULL)
{
if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ))
{
safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
}
else
{
safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
}
found = lookupsmbpwntnam(smb->nt_name, &gmep);
}
}
/*************************************************************
Routine to get the 32 hex characters and turn them
into a 16 byte array.
**************************************************************/
BOOL pwdb_gethexpwd(const char *p, char *pwd)
{
return strhex_to_str(pwd, 32, p) == 16;
}
/*******************************************************************
converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
uid_t pwdb_user_rid_to_uid(uint32 user_rid)
{
uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER);
return uid;
}
/*******************************************************************
converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
uint32 pwdb_uid_to_user_rid(uid_t uid)
{
uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
return user_rid;
}
/*******************************************************************
converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
uint32 pwdb_gid_to_group_rid(gid_t gid)
{
uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
return grp_rid;
}
/*******************************************************************
converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
gid_t pwdb_group_rid_to_gid(uint32 group_rid)
{
gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER);
return gid;
}
/*******************************************************************
converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
uint32 pwdb_gid_to_alias_rid(gid_t gid)
{
uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
return alias_rid;
}
/*******************************************************************
converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
gid_t pwdb_alias_rid_to_gid(uint32 alias_rid)
{
gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER);
return gid;
}
/*******************************************************************
Decides if a RID is a well known RID.
********************************************************************/
static BOOL pwdb_rid_is_well_known(uint32 rid)
{
return (rid < 1000);
}
/*******************************************************************
determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
static uint32 pwdb_rid_type(uint32 rid)
{
/* lkcl i understand that NT attaches an enumeration to a RID
* such that it can be identified as either a user, group etc
* type: SID_ENUM_TYPE.
*/
if (pwdb_rid_is_well_known(rid))
if (!found)
{
/*
* The only well known user RIDs are DOMAIN_USER_RID_ADMIN
* and DOMAIN_USER_RID_GUEST.
*/
if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
{
return RID_TYPE_USER;
}
if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
{
return RID_TYPE_GROUP;
}
if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
{
return RID_TYPE_ALIAS;
}
return NULL;
}
return (rid & RID_TYPE_MASK);
}
/*******************************************************************
checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
********************************************************************/
BOOL pwdb_rid_is_user(uint32 rid)
{
return pwdb_rid_type(rid) == RID_TYPE_USER;
}
if (!sid_front_equal(&global_sam_sid, &gmep.sid))
{
return NULL;
}
fstrcpy(unix_name, gmep.unix_name);
fstrcpy(nt_name , gmep.nt_name );
if (smb->unix_name == NULL ) smb->unix_name = unix_name;
if (smb->nt_name == NULL ) smb->nt_name = nt_name ;
if (smb->unix_uid == (uid_t)-1 ) smb->unix_uid = (uid_t)gmep.unix_id;
if (smb->user_rid == 0xffffffff) sid_split_rid(&gmep.sid, &smb->user_rid);
return smb;
}

68
source3/passdb/passgrp.c
View File

@ -71,24 +71,11 @@ BOOL initialise_passgrp_db(void)
struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid),
grps, num_grps, alss, num_alss);
}
/************************************************************************
Utility function to search smb passwd by uid. use this if your database
does not have search facilities.
*************************************************************************/
struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
struct smb_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
DEBUG(10, ("search by user_rid: 0x%x\n", user_rid));
/* Open the smb password database - not for update. */
fp = startsmbgrpent(False);
@ -99,12 +86,47 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
return NULL;
}
while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid)
while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->user_rid != user_rid)
;
if (pwd != NULL)
{
DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
DEBUG(10, ("found by user_rid: 0x%x\n", user_rid));
}
endsmbgrpent(fp);
return pwd;
}
/************************************************************************
Utility function to search smb passwd by uid. use this if your database
does not have search facilities.
*************************************************************************/
struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
struct smb_passwd *pwd = NULL;
void *fp = NULL;
DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
/* Open the smb password database - not for update. */
fp = startsmbgrpent(False);
if (fp == NULL)
{
DEBUG(0, ("unable to open smb passgrp database.\n"));
return NULL;
}
while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->unix_uid != unix_uid)
;
if (pwd != NULL)
{
DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
}
endsmbgrpent(fp);
@ -116,12 +138,14 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
does not have search facilities.
*************************************************************************/
struct smb_passwd *iterate_getsmbgrpnam(char *name,
struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
struct smb_passwd *pwd = NULL;
fstring name;
void *fp = NULL;
fstrcpy(name, nt_name);
DEBUG(10, ("search by name: %s\n", name));
@ -134,7 +158,7 @@ struct smb_passwd *iterate_getsmbgrpnam(char *name,
return NULL;
}
while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name))
while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->nt_name, name))
;
if (pwd != NULL)
@ -192,11 +216,11 @@ struct smb_passwd *getsmbgrpent(void *vp,
Routine to search smb passwd by name.
*************************************************************************/
struct smb_passwd *getsmbgrpnam(char *name,
struct smb_passwd *getsmbgrpntnam(char *name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss);
return pwgrp_ops->getsmbgrpntnam(name, grps, num_grps, alss, num_alss);
}
/************************************************************************
@ -214,10 +238,10 @@ struct smb_passwd *getsmbgrprid(uint32 user_rid,
Routine to search smb passwd by uid.
*************************************************************************/
struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
struct smb_passwd *getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss);
return pwgrp_ops->getsmbgrpuid(unix_uid, grps, num_grps, alss, num_alss);
}

225
source3/passdb/smbpass.c
View File

@ -23,8 +23,6 @@
static int pw_file_lock_depth = 0;
extern int DEBUGLEVEL;
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
static char s_readbuf[1024];
@ -33,7 +31,7 @@ static char s_readbuf[1024];
to ensure no modification outside this module.
****************************************************************/
void *startsmbfilepwent(BOOL update)
static void *startsmbfilepwent(BOOL update)
{
return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
&pw_file_lock_depth, update);
@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update)
End enumeration of the smbpasswd list.
****************************************************************/
void endsmbfilepwent(void *vp)
static void endsmbfilepwent(void *vp)
{
endfilepwent(vp, &pw_file_lock_depth);
}
@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp)
This must be treated as an opaque token.
*************************************************************************/
SMB_BIG_UINT getsmbfilepwpos(void *vp)
static SMB_BIG_UINT getsmbfilepwpos(void *vp)
{
return getfilepwpos(vp);
}
@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp)
This must be treated as an opaque token.
*************************************************************************/
BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
{
return setfilepwpos(vp, tok);
}
@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
*************************************************************************/
struct smb_passwd *getsmbfilepwent(void *vp)
static struct smb_passwd *getsmbfilepwent(void *vp)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
static pstring user_name;
static pstring nt_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
struct passwd *pwfile;
char linebuf[256];
char *p;
int uidval;
@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
/* Go past ':' */
p++;
@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
p = Atoic( p, &uidval, ":");
pw_buf.smb_name = user_name;
pw_buf.smb_userid = uidval;
pw_buf.nt_name = nt_name;
pw_buf.unix_uid = uidval;
/*
* Now get the password value - this should be 32 hex digits
@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
if (*p == '*' || *p == 'X')
{
/* Password deliberately invalid - end here. */
DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
pw_buf.smb_nt_passwd = NULL;
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_DISABLED;
@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
p += 33;
}
DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n",
user_name, uidval));
DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
nt_name, uidval));
if (*p == '[')
{
@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp)
* password file as 'normal accounts'. If this changes
* we will have to fix this code. JRA.
*/
if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$')
if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')
{
pw_buf.acct_ctrl &= ~ACB_NORMAL;
pw_buf.acct_ctrl |= ACB_WSTRUST;
}
}
pwfile = Get_Pwnam(pw_buf.smb_name, False);
if (pwfile == NULL)
{
DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n"));
DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name));
return NULL;
}
return &pw_buf;
}
@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp)
return NULL;
}
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
this function is a nice, messy combination of reading:
- the smbpasswd file
- the unix password database
- smb.conf options (not done at present).
*************************************************************************/
static struct sam_passwd *getsmbfile21pwent(void *vp)
{
struct smb_passwd *pw_buf = getsmbfilepwent(vp);
static struct sam_passwd user;
struct passwd *pwfile;
#if ARGH
uint32 status = 0x0;
#endif
static pstring full_name;
static pstring home_dir;
static pstring home_drive;
static pstring logon_script;
static pstring profile_path;
static pstring acct_desc;
static pstring workstations;
DEBUG(5,("getsmbfile21pwent\n"));
if (pw_buf == NULL) return NULL;
pwdb_init_sam(&user);
pwfile = Get_Pwnam(pw_buf->smb_name, False);
if (pwfile == NULL)
{
DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
return NULL;
}
pstrcpy(samlogon_user, pw_buf->smb_name);
if (samlogon_user[strlen(samlogon_user)-1] != '$')
{
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
sam_logon_in_ssb = True;
user.smb_userid = pw_buf->smb_userid;
user.smb_grpid = pwfile->pw_gid;
#if ARGH
status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid);
#else
user.user_rid = pwdb_uid_to_user_rid (user.smb_userid);
user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid );
#endif
pstrcpy(full_name , pwfile->pw_gecos );
pstrcpy(logon_script , lp_logon_script ());
pstrcpy(profile_path , lp_logon_path ());
pstrcpy(home_drive , lp_logon_drive ());
pstrcpy(home_dir , lp_logon_home ());
pstrcpy(acct_desc , "");
pstrcpy(workstations , "");
sam_logon_in_ssb = False;
}
else
{
user.smb_userid = pw_buf->smb_userid;
user.smb_grpid = pwfile->pw_gid;
user.user_rid = pwdb_uid_to_user_rid (user.smb_userid);
user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pstrcpy(full_name , "");
pstrcpy(logon_script , "");
pstrcpy(profile_path , "");
pstrcpy(home_drive , "");
pstrcpy(home_dir , "");
pstrcpy(acct_desc , "");
pstrcpy(workstations , "");
}
#if ARGH
if (status != 0x0)
{
return NULL;
}
#endif
user.smb_name = pw_buf->smb_name;
user.full_name = full_name;
user.home_dir = home_dir;
user.dir_drive = home_drive;
user.logon_script = logon_script;
user.profile_path = profile_path;
user.acct_desc = acct_desc;
user.workstations = workstations;
user.unknown_str = NULL; /* don't know, yet! */
user.munged_dial = NULL; /* "munged" dial-back telephone number */
user.smb_nt_passwd = pw_buf->smb_nt_passwd;
user.smb_passwd = pw_buf->smb_passwd;
user.acct_ctrl = pw_buf->acct_ctrl;
user.unknown_3 = 0xffffff; /* don't know */
user.logon_divs = 168; /* hours per week */
user.hours_len = 21; /* 21 times 8 bits = 168 */
memset(user.hours, 0xff, user.hours_len); /* available at all hours */
user.unknown_5 = 0x00020000; /* don't know */
user.unknown_5 = 0x000004ec; /* don't know */
return &user;
}
/************************************************************************
Routine to add an entry to the smbpasswd file.
*************************************************************************/
@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
*/
while ((pwd = getsmbfilepwent(fp)) != NULL) {
if (strequal(newpwd->smb_name, pwd->smb_name)) {
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
if (strequal(newpwd->nt_name, pwd->nt_name)) {
DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
endsmbfilepwent(fp);
return False;
}
@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
p = &new_entry[strlen(new_entry)];
if(newpwd->smb_passwd != NULL) {
@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
/* Remove the entry we just wrote. */
if(sys_ftruncate(fd, offpos) == -1) {
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
newpwd->smb_name, strerror(errno)));
newpwd->nt_name, strerror(errno)));
}
endsmbfilepwent(fp);
@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
static pstring user_name;
static pstring nt_name;
char linebuf[256];
char readbuf[1024];
@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
user_name[PTR_DIFF(p, linebuf)] = '\0';
if (strequal(user_name, pwd->smb_name)) {
strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
nt_name[PTR_DIFF(p, linebuf)] = '\0';
if (strequal(nt_name, pwd->nt_name)) {
found_entry = True;
break;
}
@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
if (!override && (*p == '*' || *p == 'X')) {
/* Password deliberately invalid - end here. */
DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
return True;
}
/*
* Stub functions - implemented in terms of others.
*/
static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
{
return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override);
}
static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
{
return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd));
}
static struct sam_disp_info *getsmbfiledispnam(const char *name)
{
return pwdb_sam_to_dispinfo(getsam21pwnam(name));
}
static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
{
return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
}
static struct sam_disp_info *getsmbfiledispent(void *vp)
{
return pwdb_sam_to_dispinfo(getsam21pwent(vp));
}
static struct passdb_ops file_ops = {
static struct smb_passdb_ops file_ops = {
startsmbfilepwent,
endsmbfilepwent,
getsmbfilepwpos,
setsmbfilepwpos,
iterate_getsmbpwnam, /* In passdb.c */
iterate_getsmbpwuid, /* In passdb.c */
iterate_getsmbpwrid, /* In passdb.c */
getsmbfilepwent,
add_smbfilepwd_entry,
mod_smbfilepwd_entry,
getsmbfile21pwent,
iterate_getsam21pwnam,
iterate_getsam21pwuid,
iterate_getsam21pwrid,
add_smbfile21pwd_entry,
mod_smbfile21pwd_entry,
getsmbfiledispnam,
getsmbfiledisprid,
getsmbfiledispent
mod_smbfilepwd_entry
};
struct passdb_ops *file_initialise_password_db(void)
struct smb_passdb_ops *file_initialise_password_db(void)
{
return &file_ops;
}

6
source3/passdb/smbpasschange.c
View File

@ -31,9 +31,11 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
{
struct smb_passwd new_smb_pwent;
pwdb_init_smb(&new_smb_pwent);
/* Create a new smb passwd entry and set it to the given password. */
new_smb_pwent.smb_userid = uid;
new_smb_pwent.smb_name = user_name;
new_smb_pwent.unix_uid = uid;
new_smb_pwent.nt_name = user_name;
new_smb_pwent.smb_passwd = NULL;
new_smb_pwent.smb_nt_passwd = NULL;
new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL);

2
source3/passdb/smbpassgroup.c
View File

@ -113,7 +113,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
p = Atoic((char *) p, &uidval, ":");
pw_buf.smb_name = user_name;
pw_buf.smb_userid = uidval;
pw_buf.unix_uid = uidval;
/*
* Now get a list of alias RIDs

158
source3/passdb/smbpassgroupunix.c
View File

@ -22,7 +22,7 @@
#ifdef USE_SMBUNIX_DB
extern int DEBUGLEVEL;
extern DOM_SID global_member_sid;
extern DOM_SID global_sam_sid;
/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
@ -31,7 +31,7 @@ extern DOM_SID global_member_sid;
static void *startsmbunixgrpent(BOOL update)
{
return startsmbfilepwent(False);
return startsmbpwent(False);
}
/***************************************************************
@ -40,7 +40,7 @@ static void *startsmbunixgrpent(BOOL update)
static void endsmbunixgrpent(void *vp)
{
endsmbfilepwent(vp);
endsmbpwent(vp);
}
/*************************************************************************
@ -50,7 +50,7 @@ static void endsmbunixgrpent(void *vp)
static SMB_BIG_UINT getsmbunixgrppos(void *vp)
{
return getsmbfilepwpos(vp);
return getsmbpwpos(vp);
}
/*************************************************************************
@ -60,7 +60,7 @@ static SMB_BIG_UINT getsmbunixgrppos(void *vp)
static BOOL setsmbunixgrppos(void *vp, SMB_BIG_UINT tok)
{
return setsmbfilepwpos(vp, tok);
return setsmbpwpos(vp, tok);
}
/*************************************************************************
@ -71,11 +71,12 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
uint32 **als_rids, int *num_alss)
{
/* Static buffers we will return. */
struct smb_passwd *pw_buf;
struct passwd *pw;
struct sam_passwd *pw_buf;
fstring unix_name;
int i;
int unixgrps;
gid_t *grps;
BOOL failed = False;
if (vp == NULL)
{
@ -83,8 +84,15 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
return NULL;
}
pw_buf = getsmbfilepwent(vp);
pw_buf = getsam21pwent(vp);
if (pw_buf == NULL)
{
return NULL;
}
fstrcpy(unix_name, pw_buf->unix_name);
if (grp_rids != NULL)
{
(*grp_rids) = NULL;
@ -99,21 +107,14 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
if (als_rids == NULL && grp_rids == NULL)
{
return pw_buf;
return pwdb_sam_to_smb(pw_buf);
}
/*
* find all unix groups
*/
pw = Get_Pwnam(pw_buf->smb_name, False);
if (pw == NULL)
{
return NULL;
}
if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
if (get_unixgroups(unix_name, pw_buf->unix_uid, pw_buf->unix_gid, &unixgrps, &grps))
{
return NULL;
}
@ -122,10 +123,8 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
* check each unix group for a mapping as an nt alias or an nt group
*/
for (i = 0; i < unixgrps; i++)
for (i = 0; i < unixgrps && !failed; i++)
{
DOM_SID sid;
char *unix_grpname;
uint32 rid;
/*
@ -134,101 +133,80 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
* (user or not our own domain will be an error).
*/
unix_grpname = gidtoname(grps[i]);
if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
DOM_NAME_MAP gmep;
if (!lookupsmbgrpgid(grps[i], &gmep))
{
/*
* ok, the unix groupname is mapped to an alias.
* check that it is in our domain.
*/
sid_split_rid(&sid, &rid);
if (!sid_equal(&sid, &global_member_sid))
{
pstring sid_str;
sid_to_string(sid_str, &sid);
DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Alias RID (0x%x) in another domain (%s)\n",
pw_buf->smb_name, unix_grpname, rid, sid_str));
continue;
}
if (add_num_to_list(als_rids, num_alss, rid) == NULL)
{
return NULL;
}
continue;
}
else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
sid_split_rid(&gmep.sid, &rid);
if (!sid_equal(&global_sam_sid, &gmep.sid))
{
/*
* ok, the unix groupname is mapped to a domain group.
* check that it is in our domain.
*/
sid_split_rid(&sid, &rid);
if (!sid_equal(&sid, &global_member_sid))
{
pstring sid_str;
sid_to_string(sid_str, &sid);
DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Group RID (0x%x) in another domain (%s)\n",
pw_buf->smb_name, unix_grpname, rid, sid_str));
continue;
}
if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
{
return NULL;
}
continue;
}
else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
{
/*
* server is a member of a domain or stand-alone.
* name is not explicitly mapped
* so we are responsible for it.
* as a LOCAL group.
*/
rid = pwdb_gid_to_alias_rid(grps[i]);
if (add_num_to_list(als_rids, num_alss, rid) == NULL)
switch (gmep.type)
{
case SID_NAME_ALIAS:
{
return NULL;
if (als_rids != NULL && add_num_to_list(als_rids, num_alss, rid) == NULL)
{
failed = True;
}
break;
}
}
else if (lp_server_role() != ROLE_DOMAIN_NONE)
{
/*
* server is a PDC or BDC.
* name is explicitly mapped
* so we are responsible for it.
* as a DOMAIN group.
*/
rid = pwdb_gid_to_group_rid(grps[i]);
if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
case SID_NAME_DOM_GRP:
case SID_NAME_WKN_GRP:
{
return NULL;
if (grp_rids != NULL && add_num_to_list(grp_rids, num_grps, rid) == NULL)
{
failed = True;
}
break;
}
default:
{
break;
}
}
}
return pw_buf;
if (failed)
{
if (grp_rids != NULL && (*grp_rids) != NULL)
{
free(*grp_rids);
(*num_grps) = 0;
}
if (als_rids != NULL && (*als_rids) != NULL)
{
free(*als_rids);
(*num_alss) = 0;
}
return NULL;
}
return pwdb_sam_to_smb(pw_buf);
}
static struct passgrp_ops file_ops =
static struct passgrp_ops smbunixgrp_ops =
{
startsmbunixgrpent,
endsmbunixgrpent,
getsmbunixgrppos,
setsmbunixgrppos,
iterate_getsmbgrpnam, /* In passgrp.c */
iterate_getsmbgrpntnam, /* In passgrp.c */
iterate_getsmbgrpuid, /* In passgrp.c */
iterate_getsmbgrprid, /* In passgrp.c */
getsmbunixgrpent,
getsmbunixgrpent
};
struct passgrp_ops *unix_initialise_password_grp(void)
{
return &file_ops;
return &smbunixgrp_ops;
}
#else

8
source3/rpc_client/cli_login.c
View File

@ -101,7 +101,7 @@ password equivalents, protected by the session key) is inherently insecure
given the current design of the NT Domain system. JRA.
****************************************************************************/
BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
uint32 smb_userid_low, char *password,
uint32 luid_low, char *password,
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
{
uchar lm_owf_user_pwd[16];
@ -129,7 +129,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
/* Create the structure needed for SAM logon. */
make_id_info1(&ctr->auth.id1, domain, 0,
smb_userid_low, 0,
luid_low, 0,
username, cli->clnt_name_slash,
(char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
@ -154,7 +154,7 @@ password equivalents over the network. JRA.
****************************************************************************/
BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
uint32 luid_low, char lm_chal[8], char lm_chal_resp[24],
char nt_chal_resp[24],
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
{
@ -165,7 +165,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
/* Create the structure needed for SAM logon. */
make_id_info2(&ctr->auth.id2, domain, 0,
smb_userid_low, 0,
luid_low, 0,
username, cli->clnt_name_slash,
(uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);

2
source3/rpc_client/cli_lsarpc.c
View File

@ -309,7 +309,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
fstrcpy(name , unistr2(t_names.uni_name[i].buffer));
slprintf(full_name, sizeof(full_name), "\\%s\\%s",
slprintf(full_name, sizeof(full_name), "%s\\%s",
dom_name, name);
(*names)[i] = strdup(full_name);

67
source3/rpc_client/cli_samr.c
View File

@ -334,7 +334,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
for (i = 0; i < *num_sam_users; i++)
{
(*sam)[i].smb_userid = r_e.sam[i].rid;
(*sam)[i].user_rid = r_e.sam[i].rid;
if (r_e.sam[i].hdr_name.buffer)
{
char *acct_name = unistrn2(r_e.uni_acct_name[name_idx].buffer,
@ -347,7 +347,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
bzero((*sam)[i].acct_name, sizeof((*sam)[i].acct_name));
}
DEBUG(5,("do_samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n",
i, (*sam)[i].smb_userid, (*sam)[i].acct_name));
i, (*sam)[i].user_rid, (*sam)[i].acct_name));
}
valid_pol = True;
}
@ -618,6 +618,67 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli,
return valid_query;
}
/****************************************************************************
do a SAMR Query User Aliases
****************************************************************************/
BOOL do_samr_query_useraliases(struct cli_state *cli,
POLICY_HND *pol, DOM_SID *sid,
uint32 *num_aliases, uint32 *rid)
{
prs_struct data;
prs_struct rdata;
SAMR_Q_QUERY_USERALIASES q_o;
BOOL valid_query = False;
/* create and send a MSRPC command with api SAMR_QUERY_USERALIASES */
prs_init(&data , 1024, 4, SAFETY_MARGIN, False);
prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True );
DEBUG(4,("SAMR Query User Aliases.\n"));
if (pol == NULL || sid == NULL || rid == NULL || num_aliases == 0) return False;
/* store the parameters */
make_samr_q_query_useraliases(&q_o, pol, sid);
/* turn parameters into data stream */
samr_io_q_query_useraliases("", &q_o, &data, 0);
/* send the data on \PIPE\ */
if (rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &data, &rdata))
{
SAMR_R_QUERY_USERALIASES r_o;
BOOL p;
/* get user info */
r_o.rid = rid;
samr_io_r_query_useraliases("", &r_o, &rdata, 0);
p = rdata.offset != 0;
if (p && r_o.status != 0)
{
/* report error code */
DEBUG(0,("SAMR_R_QUERY_USERALIASES: %s\n", get_nt_error_msg(r_o.status)));
p = False;
}
if (p && r_o.ptr != 0)
{
valid_query = True;
*num_aliases = r_o.num_entries;
}
}
prs_mem_free(&data );
prs_mem_free(&rdata );
return valid_query;
}
/****************************************************************************
do a SAMR Query User Groups
****************************************************************************/
@ -628,7 +689,7 @@ BOOL do_samr_query_usergroups(struct cli_state *cli,
prs_struct rdata;
SAMR_Q_QUERY_USERGROUPS q_o;
BOOL valid_query = False;
BOOL valid_query = False;
/* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */

54
source3/rpc_parse/parse_misc.c
View File

@ -145,60 +145,6 @@ void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth)
prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths);
}
/*******************************************************************
creates a DOM_SID structure.
BIG NOTE: this function only does SIDS where the identauth is not >= 2^32
identauth >= 2^32 can be detected because it will be specified in hex
********************************************************************/
void make_dom_sid(DOM_SID *sid, char *str_sid)
{
pstring domsid;
int identauth;
char *p;
if (sid == NULL) return;
if (domsid == NULL)
{
DEBUG(4,("netlogon domain SID: none\n"));
sid->sid_rev_num = 0;
sid->num_auths = 0;
return;
}
pstrcpy(domsid, str_sid);
DEBUG(4,("make_dom_sid %d SID: %s\n", __LINE__, domsid));
/* assume, but should check, that domsid starts "S-" */
p = strtok(domsid+2,"-");
sid->sid_rev_num = atoi(p);
/* identauth in decimal should be < 2^32 */
/* identauth in hex should be >= 2^32 */
identauth = atoi(strtok(0,"-"));
DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
DEBUG(4,("netlogon %s ia %d\n", p, identauth));
sid->id_auth[0] = 0;
sid->id_auth[1] = 0;
sid->id_auth[2] = (identauth & 0xff000000) >> 24;
sid->id_auth[3] = (identauth & 0x00ff0000) >> 16;
sid->id_auth[4] = (identauth & 0x0000ff00) >> 8;
sid->id_auth[5] = (identauth & 0x000000ff);
sid->num_auths = 0;
while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS)
{
sid->sub_auths[sid->num_auths++] = atoi(p);
}
DEBUG(4,("make_dom_sid: %d SID: %s\n", __LINE__, domsid));
}
/*******************************************************************
creates a DOM_SID2 structure.
********************************************************************/

34
source3/rpc_parse/parse_samr.c
View File

@ -1645,6 +1645,30 @@ void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_str
prs_uint32("status", ps, depth, &(r_u->status));
}
/*******************************************************************
makes a SAMR_Q_QUERY_USERALIASES structure.
********************************************************************/
void make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
POLICY_HND *hnd,
DOM_SID *sid)
{
if (q_u == NULL || hnd == NULL) return;
DEBUG(5,("make_samr_q_query_useraliases\n"));
memcpy(&(q_u->pol), hnd, sizeof(q_u->pol));
q_u->num_sids1 = 1;
q_u->ptr = 0;
q_u->num_sids2 = 1;
{
q_u->ptr_sid[0] = 1;
make_dom_sid2(&q_u->sid[0], sid);
}
}
/*******************************************************************
reads or writes a SAMR_Q_QUERY_USERALIASES structure.
********************************************************************/
@ -1695,7 +1719,6 @@ makes a SAMR_R_QUERY_USERALIASES structure.
void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
uint32 num_rids, uint32 *rid, uint32 status)
{
int i;
if (r_u == NULL) return;
DEBUG(5,("make_samr_r_query_useraliases\n"));
@ -1706,12 +1729,7 @@ void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
r_u->ptr = 1;
r_u->num_entries2 = num_rids;
SMB_ASSERT_ARRAY(r_u->rid, num_rids);
for (i = 0; i < num_rids; i++)
{
r_u->rid[i] = rid[i];
}
r_u->rid = rid;
}
else
{
@ -1743,8 +1761,6 @@ void samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES *r_u, prs
if (r_u->num_entries != 0)
{
SMB_ASSERT_ARRAY(r_u->rid, r_u->num_entries2);
for (i = 0; i < r_u->num_entries2; i++)
{
slprintf(tmp, sizeof(tmp)-1, "rid[%02d]", i);

288
source3/rpc_server/srv_lookup.c
View File

@ -52,43 +52,9 @@ extern fstring global_sam_name;
extern DOM_SID global_sam_sid;
extern DOM_SID global_sid_S_1_5_20;
/*
* A list of the rids of well known BUILTIN and Domain users
* and groups.
*/
rid_name builtin_alias_rids[] =
{
{ BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
{ BUILTIN_ALIAS_RID_USERS , "Users" },
{ BUILTIN_ALIAS_RID_GUESTS , "Guests" },
{ BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
{ BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
{ BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
{ BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
{ BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
{ BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
{ 0 , NULL }
};
/* array lookup of well-known Domain RID users. */
rid_name domain_user_rids[] =
{
{ DOMAIN_USER_RID_ADMIN , "Administrator" },
{ DOMAIN_USER_RID_GUEST , "Guest" },
{ 0 , NULL }
};
/* array lookup of well-known Domain RID groups. */
rid_name domain_group_rids[] =
{
{ DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
{ DOMAIN_GROUP_RID_USERS , "Domain Users" },
{ DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
{ 0 , NULL }
};
extern rid_name builtin_alias_rids[];
extern rid_name domain_user_rids[];
extern rid_name domain_group_rids[];
int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
{
@ -117,13 +83,20 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
char *name = mem[count].name;
become_root(True);
status = lookup_group_name(name, &sid, &type);
status = lookup_name(name, &sid, &type);
unbecome_root(True);
sid_split_rid(&sid, &rid);
if (status == 0x0 && sid_equal(&sid, &global_sam_sid))
if (status == 0x0 && !sid_front_equal(&global_sam_sid, &sid))
{
fstring sid_str;
sid_to_string(sid_str, &sid);
DEBUG(1,("make_dom_gids: unknown sid %s for groupname %s\n",
sid_str, name));
}
else if (status == 0x0)
{
sid_split_rid(&sid, &rid);
gids = (DOM_GID *)Realloc( gids, sizeof(DOM_GID) * (count+1) );
if (gids == NULL)
@ -141,7 +114,7 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
}
else
{
DEBUG(1,("make_dom_gids: unknown group name %s\n", name));
DEBUG(1,("make_dom_gids: unknown groupname %s\n", name));
}
}
@ -428,7 +401,7 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type)
if (disp_info != NULL)
{
fstrcpy(user_name, disp_info->smb_name);
fstrcpy(user_name, disp_info->nt_name);
DEBUG(5,(" = %s\n", user_name));
return 0x0;
}
@ -442,14 +415,21 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type)
/*******************************************************************
lookup_group_rid
********************************************************************/
uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type)
uint32 lookup_added_group_name(const char *grp_name, const char *domain,
DOM_SID *sid, uint8 *type)
{
DOMAIN_GRP *grp = NULL;
(*type) = SID_NAME_DOM_GRP;
DEBUG(5,("lookup_group_name: name: %s", grp_name));
DEBUG(5,("lookup_added_group_name: name: %s", grp_name));
grp = getgroupnam(grp_name, NULL, NULL);
if (!strequal(domain, global_sam_name))
{
DEBUG(5,(" not our domain\n"));
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
grp = getgroupntnam(grp_name, NULL, NULL);
if (grp != NULL)
{
@ -465,45 +445,23 @@ uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type)
}
/*******************************************************************
lookup_wk_group_name
lookup_added_alias_name
********************************************************************/
uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type)
{
char *grp_name;
int i = -1; /* start do loop at -1 */
uint32 rid;
(*type) = SID_NAME_WKN_GRP;
do /* find, if it exists, a group rid for the group name */
{
i++;
rid = domain_group_rids[i].rid;
grp_name = domain_group_rids[i].name;
if (strequal(grp_name, group_name))
{
sid_copy(sid, &global_sam_sid);
sid_append_rid(sid, rid);
return 0x0;
}
} while (grp_name != NULL);
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
lookup_alias_name
********************************************************************/
uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type)
uint32 lookup_added_alias_name(const char *als_name, const char *domain,
DOM_SID *sid, uint8 *type)
{
LOCAL_GRP *als = NULL;
(*type) = SID_NAME_ALIAS;
DEBUG(5,("lookup_alias_name: name: %s", als_name));
DEBUG(5,("lookup_added_alias_name: name: %s\%s", domain, als_name));
als = getaliasnam(als_name, NULL, NULL);
if (!strequal(domain, global_sam_name))
{
DEBUG(5,(" not our domain\n"));
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
als = getaliasntnam(als_name, NULL, NULL);
if (als != NULL)
{
@ -518,40 +476,10 @@ uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type)
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
lookup_wk_alias_name
********************************************************************/
uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type)
{
char *als_name;
int i = 0;
uint32 rid;
(*type) = SID_NAME_ALIAS;
do /* find, if it exists, a alias rid for the alias name*/
{
rid = builtin_alias_rids[i].rid;
als_name = builtin_alias_rids[i].name;
i++;
if (strequal(als_name, alias_name))
{
sid_copy(sid, &global_sid_S_1_5_20);
sid_append_rid(sid, rid);
return 0x0;
}
} while (als_name != NULL);
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
lookup_added_user_rid
********************************************************************/
uint32 lookup_added_user_rids(char *user_name,
uint32 lookup_added_user_rids(char *nt_name,
uint32 *usr_rid, uint32 *grp_rid)
{
struct sam_passwd *sam_pass;
@ -560,7 +488,7 @@ uint32 lookup_added_user_rids(char *user_name,
/* find the user account */
become_root(True);
sam_pass = getsam21pwnam(user_name);
sam_pass = getsam21pwntnam(nt_name);
unbecome_root(True);
if (sam_pass != NULL)
@ -576,14 +504,20 @@ uint32 lookup_added_user_rids(char *user_name,
/*******************************************************************
lookup_added_user_name
********************************************************************/
uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type)
static uint32 lookup_added_user_name(const char *nt_name, const char *domain,
DOM_SID *sid, uint8 *type)
{
struct sam_passwd *sam_pass;
(*type) = SID_NAME_USER;
if (!strequal(domain, global_sam_name))
{
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/* find the user account */
become_root(True);
sam_pass = getsam21pwnam(user_name);
sam_pass = getsam21pwntnam(nt_name);
unbecome_root(True);
if (sam_pass != NULL)
@ -597,67 +531,18 @@ uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type)
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
lookup_wk_user_name
********************************************************************/
uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type)
{
char *usr_name;
int i = -1; /* start do loop at -1 */
(*type) = SID_NAME_USER;
do /* find, if it exists, a alias rid for the alias name*/
{
i++;
usr_name = domain_user_rids[i].name;
} while (usr_name != NULL && !strequal(usr_name, user_name));
if (usr_name != NULL)
{
sid_copy(sid, &global_sid_S_1_5_20);
sid_append_rid(sid, domain_user_rids[i].rid);
return 0;
}
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
lookup_added_grp_name
********************************************************************/
uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type)
{
uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
status = (status != 0x0) ? lookup_group_name(name, sid, type) : status;
status = (status != 0x0) ? lookup_alias_name(name, sid, type) : status;
return status;
}
/*******************************************************************
lookup_builtin_grp_name
********************************************************************/
uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type)
{
uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
status = (status != 0x0) ? lookup_wk_group_name(name, sid, type) : status;
status = (status != 0x0) ? lookup_wk_alias_name(name, sid, type) : status;
return status;
}
/*******************************************************************
lookup_grp_name
********************************************************************/
uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type)
static uint32 lookup_grp_name(const char *name, const char *domain,
DOM_SID *sid, uint8 *type)
{
uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
status = (status != 0x0) ? lookup_builtin_grp_name(name, sid, type) : status;
status = (status != 0x0) ? lookup_added_grp_name (name, sid, type) : status;
status = (status != 0x0) ? lookup_wk_group_name (name, domain, sid, type) : status;
status = (status != 0x0) ? lookup_builtin_alias_name(name, domain, sid, type) : status;
status = (status != 0x0) ? lookup_added_group_name (name, domain, sid, type) : status;
status = (status != 0x0) ? lookup_added_alias_name (name, domain, sid, type) : status;
return status;
}
@ -665,12 +550,13 @@ uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type)
/*******************************************************************
lookup_user_name
********************************************************************/
uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type)
static uint32 lookup_user_name(const char *name, const char *domain,
DOM_SID *sid, uint8 *type)
{
uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
status = (status != 0x0) ? lookup_wk_user_name (name, sid, type) : status;
status = (status != 0x0) ? lookup_added_user_name(name, sid, type) : status;
status = (status != 0x0) ? lookup_wk_user_name (name, domain, sid, type) : status;
status = (status != 0x0) ? lookup_added_user_name(name, domain, sid, type) : status;
return status;
}
@ -692,66 +578,12 @@ uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)
return status;
}
status = (status != 0x0) ? lookup_wk_alias_name(user, sid, type) : status;
status = (status != 0x0) ? lookup_alias_name (user, sid, type) : status;
status = (status != 0x0) ? lookup_user_name (name, sid, type) : status;
status = (status != 0x0) ? lookup_grp_name (name, sid, type) : status;
status = (status != 0x0) ? lookup_user_name (name, domain, sid, type) : status;
status = (status != 0x0) ? lookup_grp_name (name, domain, sid, type) : status;
#if 0
status = (status != 0x0) ? lookup_domain_name (user, sid, type) : status;
status = (status != 0x0) ? lookup_domain_name (domain, sid, type) : status;
#endif
return status;
}
/*******************************************************************
lookup_user_rids
********************************************************************/
uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid)
{
uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
uint8 type;
DOM_SID sid;
/*
* try an ordinary user lookup
*/
status = lookup_added_user_rids(name, usr_rid, grp_rid);
if (status == 0)
{
return status;
}
/*
* hm. must be a well-known user, in a well-known group.
*/
status = lookup_wk_user_name(name, &sid, &type);
sid_split_rid(&sid, usr_rid);
if (status != 0 || type != SID_NAME_USER)
{
return status; /* ok, maybe not! */
}
if (type != SID_NAME_USER)
{
return 0xC0000000 | NT_STATUS_NONE_MAPPED; /* users only... */
}
/*
* ok, got the user rid: now try the group rid
*/
status = lookup_builtin_grp_name(name, &sid, &type);
sid_split_rid(&sid, usr_rid);
if (type == SID_NAME_DOM_GRP ||
type == SID_NAME_ALIAS ||
type == SID_NAME_WKN_GRP)
{
status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
return status;
}

121
source3/rpc_server/srv_netlog.c
View File

@ -28,10 +28,9 @@
extern int DEBUGLEVEL;
extern BOOL sam_logon_in_ssb;
extern pstring samlogon_user;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
extern fstring global_sam_name;
/*************************************************************************
make_net_r_req_chal:
@ -493,7 +492,7 @@ static void api_net_sam_logoff( uint16 vuid,
net_login_interactive:
*************************************************************************/
static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
struct smb_passwd *smb_pass,
struct sam_passwd *smb_pass,
user_struct *vuser)
{
uint32 status = 0x0;
@ -543,7 +542,7 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
net_login_network:
*************************************************************************/
static uint32 net_login_network(NET_ID_INFO_2 *id2,
struct smb_passwd *smb_pass,
struct sam_passwd *smb_pass,
user_struct *vuser)
{
DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
@ -598,7 +597,7 @@ static void api_net_sam_logon( uint16 vuid,
NET_USER_INFO_3 usr_info;
uint32 status = 0x0;
DOM_CRED srv_cred;
struct smb_passwd *smb_pass = NULL;
struct sam_passwd *sam_pass = NULL;
UNISTR2 *uni_samlogon_user = NULL;
fstring nt_username;
@ -632,14 +631,14 @@ static void api_net_sam_logon( uint16 vuid,
{
uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", global_sam_name));
break;
}
case NET_LOGON_TYPE:
{
uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", global_sam_name));
break;
}
default:
@ -660,26 +659,16 @@ static void api_net_sam_logon( uint16 vuid,
DEBUG(3,("User:[%s]\n", nt_username));
/*
* Convert to a UNIX username.
*/
map_username(nt_username);
/*
* Do any case conversions.
*/
(void)Get_Pwnam(nt_username, True);
become_root(True);
smb_pass = getsmbpwnam(nt_username);
sam_pass = getsam21pwntnam(nt_username);
unbecome_root(True);
if (smb_pass == NULL)
if (sam_pass == NULL)
{
status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
}
else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) &&
IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))
else if (IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_DISABLED) &&
IS_BITS_CLR_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ))
{
status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
}
@ -687,20 +676,20 @@ static void api_net_sam_logon( uint16 vuid,
/* validate password - if required */
if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)))
if (status == 0 && !(IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ)))
{
switch (q_l.sam_id.logon_level)
{
case INTERACTIVE_LOGON_TYPE:
{
/* interactive login. */
status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, sam_pass, vuser);
break;
}
case NET_LOGON_TYPE:
{
/* network login. lm challenge and 24 byte responses */
status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
status = net_login_network(&q_l.sam_id.ctr->auth.id2, sam_pass, vuser);
break;
}
}
@ -715,88 +704,60 @@ static void api_net_sam_logon( uint16 vuid,
if (status == 0)
{
DOM_GID *gids = NULL;
int num_gids = 0;
NTTIME dummy_time;
pstring logon_script;
pstring profile_path;
pstring home_dir;
pstring home_drive;
pstring my_name;
pstring my_workgroup;
DOMAIN_GRP *grp_mem;
uint32 r_uid;
uint32 r_gid;
/* set up pointer indicating user/password failed to be found */
usr_info.ptr_user_info = 0;
dummy_time.low = 0xffffffff;
dummy_time.high = 0x7fffffff;
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
sam_logon_in_ssb = True;
pstrcpy(samlogon_user, nt_username);
pstrcpy(logon_script, lp_logon_script());
pstrcpy(profile_path, lp_logon_path());
pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(home_drive, lp_logon_drive());
pstrcpy(home_dir, lp_logon_home());
pstrcpy(my_name, global_myname);
strupper(my_name);
status = lookup_user_rids(nt_username, &r_uid, &r_gid);
status = getusergroupsnam(nt_username, &grp_mem, &num_gids) ? 0 : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
sam_logon_in_ssb = False;
if (!getusergroupsntnam(nt_username, &grp_mem, &num_gids))
{
status = 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
}
if (status == 0x0)
{
gids = NULL;
DOM_GID *gids = NULL;
num_gids = make_dom_gids(grp_mem, num_gids, &gids);
make_net_user_info3(&usr_info,
&dummy_time, /* logon_time */
&dummy_time, /* logoff_time */
&dummy_time, /* kickoff_time */
&dummy_time, /* pass_last_set_time */
&dummy_time, /* pass_can_change_time */
&dummy_time, /* pass_must_change_time */
&sam_pass->logon_time,
&sam_pass->logoff_time,
&sam_pass->kickoff_time,
&sam_pass->pass_last_set_time,
&sam_pass->pass_can_change_time,
&sam_pass->pass_must_change_time,
nt_username , /* user_name */
vuser->real_name, /* full_name */
logon_script , /* logon_script */
profile_path , /* profile_path */
home_dir , /* home_dir */
home_drive , /* dir_drive */
sam_pass->nt_name , /* user_name */
sam_pass->full_name , /* full_name */
sam_pass->logon_script , /* logon_script */
sam_pass->profile_path , /* profile_path */
sam_pass->home_dir , /* home_dir */
sam_pass->dir_drive , /* dir_drive */
0, /* logon_count */
0, /* bad_pw_count */
r_uid , /* RID user_id */
r_gid , /* RID group_id */
sam_pass->user_rid , /* RID user_id */
sam_pass->group_rid , /* RID group_id */
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
NULL, /* char sess_key[16] */
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
&global_sam_sid, /* DOM_SID *dom_sid */
global_myname , /* char *logon_srv */
global_sam_name, /* char *logon_dom */
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
/* Free any allocated groups array. */
if (gids)
{
free((char *)gids);
}
}
/* Free any allocated groups array. */
if (gids)
{
free((char *)gids);
}
}
net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);

179
source3/rpc_server/srv_samr.c
View File

@ -28,8 +28,6 @@
extern int DEBUGLEVEL;
extern BOOL sam_logon_in_ssb;
extern pstring samlogon_user;
extern fstring global_sam_name;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
@ -79,8 +77,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
continue;
}
user_name_len = strlen(pwd->smb_name);
make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
user_name_len = strlen(pwd->nt_name);
make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
user_name_len, 1);
pw_buf[(*num_entries)].user_rid = pwd->user_rid;
@ -95,7 +93,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
(*num_entries), pwd->smb_name,
(*num_entries), pwd->nt_name,
pwd->user_rid, pwd->acct_ctrl));
if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
@ -401,7 +399,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
SAMR_R_ENUM_DOM_GROUPS r_e;
DOMAIN_GRP *grps = NULL;
int num_entries = 0;
BOOL got_grps;
BOOL got_grps = False;
DOM_SID sid;
fstring sid_str;
@ -418,39 +416,29 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
/* well-known groups */
if (sid_equal(&sid, &global_sid_S_1_5_20))
{
char *name;
got_grps = True;
while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
{
DOMAIN_GRP tmp_grp;
fstrcpy(tmp_grp.name , name);
fstrcpy(tmp_grp.comment, "");
tmp_grp.rid = domain_group_rids[num_entries].rid;
tmp_grp.attr = 0x7;
if (!add_domain_group(&grps, &num_entries, &tmp_grp))
{
r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
break;
}
}
}
else if (sid_equal(&sid, &global_sam_sid))
if (sid_equal(&sid, &global_sam_sid))
{
BOOL ret;
char *name;
int i = 0;
got_grps = True;
become_root(True);
ret = enumdomgroups(&grps, &num_entries);
unbecome_root(True);
if (!ret)
{
r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
}
}
if (r_e.status == 0x0 &&
(sid_equal(&sid, &global_sam_sid) ||
sid_equal(&sid, &global_sid_S_1_5_20)))
{
char *name;
int i = 0;
got_grps = True;
while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL))
{
DOMAIN_GRP tmp_grp;
@ -468,11 +456,6 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
i++;
}
if (!ret)
{
r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
}
}
if (r_e.status == 0 && got_grps)
@ -747,10 +730,10 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct
static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
prs_struct *rdata)
{
uint32 rid[MAX_SAM_ENTRIES];
uint32 status = 0;
uint32 status = 0;
uint32 *rid = NULL;
int num_rids = 0;
int i;
struct sam_passwd *sam_pass;
DOM_SID usr_sid;
DOM_SID dom_sid;
@ -774,12 +757,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
sid_to_string(sam_sid_str, &global_sam_sid);
}
if (num_rids > MAX_SAM_ENTRIES)
{
num_rids = MAX_SAM_ENTRIES;
DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids));
}
if (status == 0x0)
{
usr_sid = q_u->sid[0].sid;
@ -811,17 +788,18 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
else if (sid_equal(&dom_sid, &usr_sid))
{
LOCAL_GRP *mem_grp = NULL;
num_rids = 0;
DEBUG(10,("lookup on Domain SID\n"));
become_root(True);
getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids);
getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
unbecome_root(True);
num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
if (mem_grp != NULL)
rid = malloc(num_rids * sizeof(uint32));
if (mem_grp != NULL && rid != NULL)
{
int i;
for (i = 0; i < num_rids; i++)
{
rid[i] = mem_grp[i].rid;
@ -840,6 +818,11 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
/* store the response in the SMB stream */
samr_io_r_query_useraliases("", &r_u, rdata, 0);
if (rid != NULL)
{
free(rid);
}
DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
}
@ -1150,46 +1133,7 @@ static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata
*************************************************************************/
static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
{
struct smb_passwd *smb_pass;
if (!pwdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
}
become_root(True);
smb_pass = getsmbpwrid(user_rid);
unbecome_root(True);
if (smb_pass == NULL)
{
DEBUG(4,("User 0x%x not found\n", user_rid));
return False;
}
DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
make_sam_user_info10(id10, smb_pass->acct_ctrl);
return True;
}
/*************************************************************************
get_user_info_21
*************************************************************************/
static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
{
NTTIME dummy_time;
struct sam_passwd *sam_pass;
LOGON_HRS hrs;
int i;
if (!pwdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
}
become_root(True);
sam_pass = getsam21pwrid(user_rid);
@ -1201,12 +1145,33 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
return False;
}
DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
dummy_time.low = 0xffffffff;
dummy_time.high = 0x7fffffff;
make_sam_user_info10(id10, sam_pass->acct_ctrl);
DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
return True;
}
/*************************************************************************
get_user_info_21
*************************************************************************/
static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
{
struct sam_passwd *sam_pass;
LOGON_HRS hrs;
int i;
become_root(True);
sam_pass = getsam21pwrid(user_rid);
unbecome_root(True);
if (sam_pass == NULL)
{
DEBUG(4,("User 0x%x not found\n", user_rid));
return False;
}
DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
/* create a LOGON_HRS structure */
hrs.len = sam_pass->hours_len;
@ -1218,14 +1183,14 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
make_sam_user_info21(id21,
&dummy_time, /* logon_time */
&dummy_time, /* logoff_time */
&dummy_time, /* kickoff_time */
&dummy_time, /* pass_last_set_time */
&dummy_time, /* pass_can_change_time */
&dummy_time, /* pass_must_change_time */
&sam_pass->logon_time,
&sam_pass->logoff_time,
&sam_pass->kickoff_time,
&sam_pass->pass_last_set_time,
&sam_pass->pass_can_change_time,
&sam_pass->pass_must_change_time,
sam_pass->smb_name, /* user_name */
sam_pass->nt_name, /* user_name */
sam_pass->full_name, /* full_name */
sam_pass->home_dir, /* home_dir */
sam_pass->dir_drive, /* dir_drive */
@ -1238,13 +1203,13 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
sam_pass->user_rid, /* RID user_id */
sam_pass->group_rid, /* RID group_id */
sam_pass->acct_ctrl,
sam_pass->acct_ctrl,
sam_pass->unknown_3, /* unknown_3 */
sam_pass->logon_divs, /* divisions per week */
&hrs, /* logon hours */
sam_pass->unknown_5,
sam_pass->unknown_6);
sam_pass->unknown_3, /* unknown_3 */
sam_pass->logon_divs, /* divisions per week */
&hrs, /* logon hours */
sam_pass->unknown_5,
sam_pass->unknown_6);
return True;
}
@ -1393,7 +1358,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
DOMAIN_GRP *mem_grp = NULL;
become_root(True);
getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
unbecome_root(True);
gids = NULL;
@ -1559,7 +1524,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat
q_u.uni_mach_acct.uni_str_len));
become_root(True);
sam_pass = getsam21pwnam(mach_acct);
sam_pass = getsam21pwntnam(mach_acct);
unbecome_root(True);
if (sam_pass != NULL)

2
source3/rpcclient/cmd_lsarpc.c
View File

@ -252,7 +252,7 @@ void cmd_lsa_lookup_sids(struct client_info *info)
fstrcat(sid_name, "-");
fstrcat(sid_name, temp);
}
make_dom_sid(&sid[num_sids], sid_name);
string_to_sid(&sid[num_sids], sid_name);
sids[num_sids] = &sid[num_sids];
num_sids++;
}

60
source3/rpcclient/cmd_samr.c
View File

@ -185,39 +185,39 @@ void cmd_sam_enum_users(struct client_info *info)
BOOL res = True;
BOOL request_user_info = False;
BOOL request_group_info = False;
BOOL request_alias_info = False;
uint16 num_entries = 0;
uint16 unk_0 = 0x0;
uint16 acb_mask = 0;
uint16 unk_1 = 0x0;
uint32 admin_rid = 0x304; /* absolutely no idea. */
fstring tmp;
int i;
sid_to_string(sid, &info->dom.level5_sid);
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (strlen(sid) == 0)
if (sid1.num_auths == 0)
{
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
make_dom_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
/* a bad way to do token parsing... */
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
for (i = 0; i < 3; i++)
{
request_user_info |= strequal(tmp, "-u");
request_group_info |= strequal(tmp, "-g");
}
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
request_user_info |= strequal(tmp, "-u");
request_group_info |= strequal(tmp, "-g");
/* a bad way to do token parsing... */
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
request_user_info |= strequal(tmp, "-u");
request_group_info |= strequal(tmp, "-g");
request_alias_info |= strequal(tmp, "-a");
}
}
#ifdef DEBUG_TESTING
@ -275,14 +275,14 @@ void cmd_sam_enum_users(struct client_info *info)
fprintf(out_hnd, "No users\n");
}
if (request_user_info || request_group_info)
if (request_user_info || request_group_info || request_alias_info)
{
/* query all the users */
user_idx = 0;
while (res && user_idx < info->dom.num_sam_entries)
{
uint32 user_rid = info->dom.sam[user_idx].smb_userid;
uint32 user_rid = info->dom.sam[user_idx].user_rid;
SAM_USER_INFO_21 usr;
fprintf(out_hnd, "User RID: %8x User Name: %s\n",
@ -318,6 +318,26 @@ void cmd_sam_enum_users(struct client_info *info)
}
}
if (request_alias_info)
{
uint32 num_aliases;
uint32 rid[LSA_MAX_GROUPS];
DOM_SID als_sid;
sid_copy(&als_sid, &sid1);
sid_append_rid(&als_sid, user_rid);
/* send user alias query */
if (do_samr_query_useraliases(smb_cli,
&info->dom.samr_pol_open_domain,
&als_sid, &num_aliases, rid))
{
display_alias_rid_info(out_hnd, ACTION_HEADER , &als_sid, num_aliases, rid);
display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid);
display_alias_rid_info(out_hnd, ACTION_FOOTER , &als_sid, num_aliases, rid);
}
}
user_idx++;
}
}
@ -375,7 +395,7 @@ void cmd_sam_query_user(struct client_info *info)
return;
}
make_dom_sid(&sid1, sid);
string_to_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
@ -466,7 +486,7 @@ void cmd_sam_query_groups(struct client_info *info)
return;
}
make_dom_sid(&sid1, sid);
string_to_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
@ -549,7 +569,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
return;
}
make_dom_sid(&sid1, sid);
string_to_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
@ -585,7 +605,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
&info->dom.samr_pol_connect, admin_rid, &sid1,
&info->dom.samr_pol_open_domain) : False;
/* send a query on the aliase */
/* send a query on the aliases */
res = res ? do_samr_query_unknown_12(smb_cli,
&info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
&num_aliases, alias_names, num_als_usrs) : False;
@ -617,7 +637,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
while (res && user_idx < info->dom.num_sam_entries)
{
uint32 user_rid = info->dom.sam[user_idx].smb_userid;
uint32 user_rid = info->dom.sam[user_idx].user_rid;
SAM_USER_INFO_21 usr;
fprintf(out_hnd, "User RID: %8x User Name: %s\n",

44
source3/rpcclient/display.c
View File

@ -866,6 +866,50 @@ void display_name(FILE *out_hnd, enum action_type action,
}
/****************************************************************************
display alias rid info
****************************************************************************/
void display_alias_rid_info(FILE *out_hnd, enum action_type action,
DOM_SID *sid,
uint32 num_rids, uint32 *rid)
{
switch (action)
{
case ACTION_HEADER:
{
fstring sid_str;
sid_to_string(sid_str, sid);
if (num_rids == 0)
{
fprintf(out_hnd, "\tNo Aliases: Sid %s\n", sid_str);
}
else
{
fprintf(out_hnd, "\tAlias Info: Sid %s\n", sid_str);
fprintf(out_hnd, "\t----------\n");
}
break;
}
case ACTION_ENUMERATE:
{
int i;
for (i = 0; i < num_rids; i++)
{
fprintf(out_hnd, "\tAlias RID: %8x\n", rid[i]);
}
break;
}
case ACTION_FOOTER:
{
fprintf(out_hnd, "\n");
break;
}
}
}
/****************************************************************************
display group rid info
****************************************************************************/

2
source3/smbd/chgpasswd.c
View File

@ -529,7 +529,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, uchar *pass1, uchar *pass2
if (smbpw->acct_ctrl & ACB_DISABLED)
{
DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name));
DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->unix_name));
return False;
}

12
source3/smbd/password.c
View File

@ -391,11 +391,11 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
if (!lm_pass || !smb_pass) return(False);
DEBUG(4,("Checking SMB password for user %s\n",
smb_pass->smb_name));
smb_pass->unix_name));
if(smb_pass->acct_ctrl & ACB_DISABLED) {
DEBUG(3,("account for user %s was disabled.\n",
smb_pass->smb_name));
smb_pass->unix_name));
return(False);
}
@ -436,7 +436,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
if((smb_pass->smb_passwd == NULL) &&
(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
DEBUG(4,("no password required for user %s\n",
smb_pass->smb_name));
smb_pass->unix_name));
return True;
}
@ -502,7 +502,7 @@ BOOL pass_check_smb(char *user, char *domain,
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid)
if (smb_pass->unix_uid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
@ -510,7 +510,7 @@ BOOL pass_check_smb(char *user, char *domain,
if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
{
DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name));
DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->unix_name));
return(True);
}
@ -587,7 +587,7 @@ validate a group username entry. Return the username or NULL
****************************************************************************/
static char *validate_group(char *group,char *password,int pwlen,int snum)
{
#ifdef HAVE_NETGROUP
#if defined(HAVE_NETGROUP) && defined(HAVE_GETNETGRENT) && defined(HAVE_SETNETGRENT) && defined(HAVE_ENDNETGRENT)
{
char *host, *user, *domain;
setnetgrent(group);

43
source3/smbd/server.c
View File

@ -651,15 +651,28 @@ static void usage(char *pname)
codepage_initialise(lp_client_code_page());
fstrcpy(global_myworkgroup, lp_workgroup());
get_sam_domain_name();
generate_wellknown_sids();
if (!generate_sam_sid())
if (!pwdb_initialise())
{
exit(1);
}
if(!initialise_sam_password_db())
{
exit(1);
}
if(!initialise_passgrp_db())
{
exit(1);
}
if(!initialise_group_db())
{
exit(1);
}
if(!initialise_alias_db())
{
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);
}
@ -700,7 +713,7 @@ static void usage(char *pname)
become_daemon();
}
check_kernel_oplocks();
check_kernel_oplocks();
if (!directory_exist(lp_lockdir(), NULL)) {
mkdir(lp_lockdir(), 0755);
@ -716,18 +729,6 @@ static void usage(char *pname)
if (!locking_init(0))
exit(1);
if(!initialise_passgrp_db())
exit(1);
if(!initialise_password_db())
exit(1);
if(!initialise_group_db())
exit(1);
if(!initialise_alias_db())
exit(1);
/* possibly reload the services file. */
reload_services(True);

3
source3/smbwrapper/smbw_dir.c
View File

@ -146,7 +146,8 @@ static void smbw_printjob_add(struct print_job_info *job)
finfo.mtime = job->t;
finfo.atime = job->t;
finfo.ctime = job->t;
finfo.uid = nametouid(job->user);
finfo.uid = (uid_t)-1;
nametouid(job->user, finfo.uid);
finfo.mode = aRONLY;
finfo.size = job->size;

3
source3/utils/smbpasswd.c
View File

@ -548,7 +548,8 @@ int main(int argc, char **argv)
charset_initialise();
if(!initialise_password_db()) {
if(!pwdb_initialise())
{
fprintf(stderr, "Can't setup password database vectors.\n");
exit(1);
}

3
source3/web/swat.c
View File

@ -600,7 +600,8 @@ static BOOL change_password(const char *remote_machine, char *user_name,
return ret;
}
if(!initialise_password_db()) {
if (!pwdb_initialise())
{
printf("Can't setup password database vectors.\n<p>");
return False;
}