Makefile: Added ubi_sLinkList.o as the groupname.o file needs it. Added groupname.o

includes.h: Added ubi_sLinkList.h include.
loadparm.c: Added groupname map parameter.
password.c: Fix HPUX big_crypt.
username.c: New user_in_list() code. Moved groupname map code to groupname.c
lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name().

New groupname map stuff. Note that nothing currently uses this but at
compiles ok.

Jeremy.

source/include/includes.h

@@ -1219,6 +1219,7 @@ extern char *sys_errlist[];
 #endif
 
 /* Lists, trees, caching, datbase... */
+#include "ubi_sLinkList.h"
 #include "ubi_dLinkList.h"
 #ifndef UBI_BINTREE_H
 #include "ubi_Cache.h"

source/include/proto.h

@@ -200,6 +200,10 @@ void generate_random_buffer( unsigned char *out, int len, BOOL re_seed);
 
 char *getsmbpass(char *prompt)    ;
 
+/*The following definitions come from  groupname.c  */
+
+void load_groupname_map(void);
+
 /*The following definitions come from  interface.c  */
 
 void load_interfaces(void);
@@ -902,6 +906,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
 
 /*The following definitions come from  lib/rpc/server/srv_util.c  */
 
+BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid);
 int make_dom_gids(char *gids_str, DOM_GID **ppgids);
 BOOL create_rpc_reply(pipes_struct *p,
 				uint32 data_start, uint32 data_end);
@@ -941,6 +946,7 @@ char *lp_passwordserver(void);
 char *lp_name_resolve_order(void);
 char *lp_workgroup(void);
 char *lp_username_map(void);
+char *lp_groupname_map(void);
 char *lp_character_set(void);
 char *lp_logon_script(void);
 char *lp_logon_path(void);
@@ -1942,7 +1948,6 @@ char *get_home_dir(char *user);
 BOOL map_username(char *user);
 struct passwd *Get_Pwnam(char *user,BOOL allow_change);
 BOOL user_in_list(char *user,char *list);
-void load_groupname_map(void);
 
 /*The following definitions come from  util.c  */
 

source/lib/username.c

@@ -21,7 +21,6 @@
 
 #include "includes.h"
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
 
 /* internal functions */
 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N);
@@ -228,7 +227,70 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
 }
 
 /****************************************************************************
-check if a user is in a user list
+check if a user is in a netgroup user list
+****************************************************************************/
+static BOOL user_in_netgroup_list(char *user,char *ngname)
+{
+#ifdef NETGROUP
+  static char *mydomain = NULL;
+  if (mydomain == NULL)
+    yp_get_default_domain(&mydomain);
+
+  if(mydomain == NULL)
+  {
+    DEBUG(5,("Unable to get default yp domain\n"));
+  }
+  else
+  {
+    DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+          user, mydomain, ngname));
+    DEBUG(5,("innetgr is %s\n",
+          innetgr(ngname, NULL, user, mydomain)
+          ? "TRUE" : "FALSE"));
+
+    if (innetgr(ngname, NULL, user, mydomain))
+      return (True);
+  }
+#endif /* NETGROUP */
+  return False;
+}
+
+/****************************************************************************
+check if a user is in a UNIX user list
+****************************************************************************/
+static BOOL user_in_group_list(char *user,char *gname)
+{
+#if HAVE_GETGRNAM 
+  struct group *gptr;
+  char **member;  
+  struct passwd *pass = Get_Pwnam(user,False);
+
+  if (pass)
+  { 
+    gptr = getgrgid(pass->pw_gid);
+    if (gptr && strequal(gptr->gr_name,gname))
+      return(True); 
+  } 
+
+  gptr = (struct group *)getgrnam(gname);
+
+  if (gptr)
+  {
+    member = gptr->gr_mem;
+    while (member && *member)
+    {
+      if (strequal(*member,user))
+        return(True);
+      member++;
+    }
+  }
+#endif /* HAVE_GETGRNAM */
+  return False;
+}	      
+
+/****************************************************************************
+check if a user is in a user list - can check combinations of UNIX
+and netgroup lists.
 ****************************************************************************/
 BOOL user_in_list(char *user,char *list)
 {
@@ -236,65 +298,72 @@ BOOL user_in_list(char *user,char *list)
   char *p=list;
 
   while (next_token(&p,tok,LIST_SEP))
+  {
+    /*
+     * Check raw username.
+     */
+    if (strequal(user,tok))
+      return(True);
+
+    /*
+     * Now check to see if any combination
+     * of UNIX and netgroups has been specified.
+     */
+
+    if(*tok == '@')
     {
-      if (strequal(user,tok))
+      /*
-	return(True);
+       * Old behaviour. Check netgroup list
-
+       * followed by UNIX list.
-#ifdef NETGROUP
+       */
-      if (*tok == '@')
+      if(user_in_netgroup_list(user,&tok[1]))
-	{
+        return True;
-	  static char *mydomain = NULL;
+      if(user_in_group_list(user,&tok[1]))
-	  if (mydomain == 0)
+        return True;
-	    yp_get_default_domain(&mydomain);
-
-	  if(mydomain == 0)
-	    {
-              DEBUG(5,("Unable to get default yp domain\n"));
-            }
-          else
-	    {
-	  
-  	      DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
-		   user, mydomain, &tok[1]));
-	      DEBUG(5,("innetgr is %s\n",
-		   innetgr(&tok[1], (char *) 0, user, mydomain)
-		   ? "TRUE" : "FALSE"));
-	  
-  	      if (innetgr(&tok[1], (char *)0, user, mydomain))
-	        return (True);
-            }
-	}
-#endif
-
-
-#if HAVE_GETGRNAM 
-      if (*tok == '@')
-	{
-          struct group *gptr;
-          char **member;  
-	  struct passwd *pass = Get_Pwnam(user,False);
-
-	  if (pass) { 
-	    gptr = getgrgid(pass->pw_gid);
-	    if (gptr && strequal(gptr->gr_name,&tok[1]))
-	      return(True); 
-	  } 
-
-	  gptr = (struct group *)getgrnam(&tok[1]);
-
-	  if (gptr)
-	    {
-	      member = gptr->gr_mem;
-	      while (member && *member)
-		{
-		  if (strequal(*member,user))
-		    return(True);
-		  member++;
-		}
-	    }
-	}	      
-#endif
     }
+    else if (*tok == '+')
+    {
+      if(tok[1] == '&')
+      {
+        /*
+         * Search UNIX list followed by netgroup.
+         */
+        if(user_in_group_list(user,&tok[2]))
+          return True;
+        if(user_in_netgroup_list(user,&tok[2]))
+          return True;
+      }
+      else
+      {
+        /*
+         * Just search UNIX list.
+         */
+        if(user_in_group_list(user,&tok[1]))
+          return True;
+      }
+    }
+    else if (*tok == '&')
+    {
+      if(tok[1] == '&')
+      {
+        /*
+         * Search netgroup list followed by UNIX list.
+         */
+        if(user_in_netgroup_list(user,&tok[2]))
+          return True;
+        if(user_in_group_list(user,&tok[2]))
+          return True;
+      }
+      else
+      {
+        /*
+         * Just search netgroup list.
+         */
+        if(user_in_netgroup_list(user,&tok[1]))
+          return True;
+      }
+    }
+  }
   return(False);
 }
 
@@ -352,157 +421,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
   }
   return(NULL);
 }
-
-#if 0 
-/* JRATEST - under construction. */
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct groupname_map {
-   ubi_slNode next;
-
-   char *windows_name;
-   DOM_SID windows_sid;
-   char *unix_name;
-   gid_t unix_gid;
-} groupname_map_entry;
-
-static ubi_slList groupname_map_list;
-
-/**************************************************************************
- Delete all the entries in the groupname map list.
-***************************************************************************/
-
-static void delete_groupname_map_list(void)
-{
-  groupname_map_entry *gmep;
-
-  while((gmep = (groupname_map_entry *)ubi_slRemHead( groupname_map_list )) != NULL) {
-    if(gmep->windows_name)
-      free(gmep->windows_name);
-    if(gmep->unix_name)
-      free(gmep->unix_name);
-    free((char *)gmep);
-  }
-}
-
-/**************************************************************************
- Load a groupname map file. Sets last accessed timestamp.
-***************************************************************************/
-
-void load_groupname_map(void)
-{
-  static time_t groupmap_file_last_modified = (time_t)0;
-  static BOOL initialized = False;
-  char *groupname_map_file = lp_groupname_map();
-  struct stat st;
-  FILE *fp;
-  char *s;
-  pstring buf;
-
-  if(!initialized) {
-    ubi_slInsert( &groupname_map_list );
-    initialized = True;
-  }
-
-  if (!*groupname_map_file)
-    return;
-
-  if(stat(groupname_map_file, &st) != 0) {
-    DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n",
-               groupname_map_file, strerror(errno) ));
-    return;
-  }
-
-  /*
-   * Check if file has changed.
-   */
-  if( st.st_mtime <= groupmap_file_last_modified)
-    return;
-
-  groupmap_file_last_modified = st.st_mtime;
-
-  /*
-   * Load the file.
-   */
-
-  fp = fopen(groupname_map_file,"r");
-  if (!fp) {
-    DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n",
-          mapfile, strerror(errno)));
-    return;
-  }
-
-  /*
-   * Throw away any previous list.
-   */
-  delete_groupname_map_list();
-
-  DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file));
-
-  while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) {
-    pstring unixname;
-    pstring windows_name;
-    struct group *gptr;
-    DOM_SID tmp_sid;
-
-    DEBUG(10,("load_groupname_map: Read line |%s|\n", s);
-
-    if (!*s || strchr("#;",*s))
-      continue;
-
-    if(!next_token(&s,unixname, "\t\n\r="))
-      continue;
-
-    if(!next_token(&s,windows_name, "\t\n\r="))
-      continue;
-
-    trim_string(unixname, " ", " ");
-    trim_string(windows_name, " ", " ");
-
-    if (!*dosname)
-      continue;
-
-    if(!*unixname)
-      continue;
-
-    /*
-     * Attempt to get the unix gid_t for this name.
-     */
-
-    DEBUG(5,("load_groupname_map: Attempting to find unix group %s.\n",
-          unixname ));
-
-    if((gptr = (struct group *)getgrnam(unixname)) == NULL) {
-      DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\
-Error was %s.\n", unixname, strerror(errno) ));
-      continue;
-    }
-
-    /*
-     * Now map to an NT SID.
-     */
-
-    if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) {
-      /*
-       * It's not a well known name, convert the UNIX gid_t
-       * to a rid within this domain SID.
-       */
-      tmp_sid = global_machine_sid;
-      tmp_sid.sub_auths[tmp_sid.num_auths++] = 
-                    pdb_gid_to_group_rid((gid_t)gptr->gr_gid);
-    }
-
-    /*
-     * Create the list entry and add it onto the list.
-     */
-
-  }
-
-  fclose(fp);
-}
-#endif /* JRATEST */

source/param/loadparm.c

@@ -126,6 +126,7 @@ typedef struct
   char *szDomainHostsallow; 
   char *szDomainHostsdeny;
   char *szUsernameMap;
+  char *szGroupnameMap;
   char *szCharacterSet;
   char *szLogonScript;
   char *szLogonPath;
@@ -591,6 +592,7 @@ static struct parm_struct parm_table[] =
   {"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL,   NULL,  0},
   {"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL,   NULL,  0},
   {"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL,   NULL,  0},
+  {"groupname map",     P_STRING, P_GLOBAL, &Globals.szGroupnameMap,     NULL,   NULL,  0},
   {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout,  NULL,   NULL,  0},
 
   {"Logon Options", P_SEP, P_SEPARATOR},
@@ -967,6 +969,7 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer)
 FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder)
 FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
 FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
+FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
 FN_GLOBAL_STRING(lp_character_set,&Globals.szCharacterSet) 
 FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) 
 FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) 

source/rpc_server/srv_util.c

@@ -42,6 +42,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
+extern DOM_SID global_machine_sid;
 
 /*
  * A list of the rids of well known BUILTIN and Domain users
@@ -50,36 +51,74 @@ extern int DEBUGLEVEL;
 
 rid_name builtin_alias_rids[] =
 {  
-	{ BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
-	{ BUILTIN_ALIAS_RID_USERS        , "Users" },
+    { BUILTIN_ALIAS_RID_USERS        , "Users" },
-	{ BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
-	{ BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
    
-	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
-	{ BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
-	{ BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
-	{ BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
-	{ BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
+    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
-	{ 0                             , NULL }
+    { 0                             , NULL }
 };
 
 /* array lookup of well-known Domain RID users. */
 rid_name domain_user_rids[] =
 {  
-	{ DOMAIN_USER_RID_ADMIN         , "Administrator" },
+    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
-	{ DOMAIN_USER_RID_GUEST         , "Guest" },
+    { DOMAIN_USER_RID_GUEST         , "Guest" },
-	{ 0                             , NULL }
+    { 0                             , NULL }
 };
 
 /* array lookup of well-known Domain RID groups. */
 rid_name domain_group_rids[] =
 {  
-	{ DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
-	{ DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
-	{ DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
+    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
-	{ 0                             , NULL }
+    { 0                             , NULL }
 };
 
+/**************************************************************************
+ Check if a name matches any of the well known SID values.
+***************************************************************************/
+
+BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
+{
+  rid_name *rnp;
+  int i;
+
+  for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
+    rnp = &builtin_alias_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      string_to_sid( psid, "S-1-5-32" );
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
+    rnp = &domain_user_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      *psid = global_machine_sid;
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
+    rnp = &domain_group_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      *psid = global_machine_sid;
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  return False;
+}
 
 int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 {

source/smbd/password.c

@@ -961,7 +961,7 @@ Hence we make a direct return to avoid a second chance!!!
 #endif
 
 #ifdef HPUX_10_TRUSTED
-  return(bigcrypt(password,this_salt,this_crypted));
+  return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0);
 #endif
 
 #ifdef NO_CRYPT