diff options
author | Luke Leighton <lkcl@samba.org> | 2000-04-04 06:37:27 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-04-04 06:37:27 +0000 |
commit | 8503fdf95337d5b06ab28e93976893b161ca7b7d (patch) | |
tree | 249e5ab6e603624a1b0f06ed371c4cb8e1498755 | |
parent | cbe9ba57b11b47dc8460da3662d1a6f685c60cea (diff) | |
download | samba-8503fdf95337d5b06ab28e93976893b161ca7b7d.tar.gz |
Bruce Tenison <btenison@dibbs.net> wrote a patch for the delete user
functionality from cvs main.
THANK YOU!! :)
-rw-r--r-- | source/Makefile.in | 4 | ||||
-rw-r--r-- | source/include/proto.h | 52 | ||||
-rw-r--r-- | source/include/smb.h | 2 | ||||
-rw-r--r-- | source/lib/domain_namemap.c | 401 | ||||
-rw-r--r-- | source/lib/util_file.c | 147 | ||||
-rw-r--r-- | source/passdb/passdb.c | 9 | ||||
-rw-r--r-- | source/passdb/smbpass.c | 246 | ||||
-rw-r--r-- | source/samrd/srv_samr_passdb.c | 27 |
8 files changed, 613 insertions, 275 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index 844011e314f..71d8c442e7f 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -32,7 +32,7 @@ BASEDIR= @prefix@ BINDIR = @bindir@ # we don't use sbindir because we want full compatibility with # the previous releases of Samba -SBINDIR = @bindir@ +SBINDIR = @sbindir@ LIBDIR = @libdir@ VARDIR = @localstatedir@ MANDIR = @mandir@ @@ -254,7 +254,7 @@ UNIXPASSDB_OBJ = passdb/pass_check.o PASSDB_OBJ = passdb/passdb.o passdb/smbpass.o \ passdb/ldap.o passdb/ldapdb.o passdb/nt5ldap.o passdb/nispass.o \ passdb/smbpasschange.o passdb/mysqlpass.o passdb/smbpassnt5ldap.o \ - lib/util_pwdb.o lib/domain_namemap.o + passdb/smbpassfile.o lib/util_pwdb.o lib/domain_namemap.o SIDDB_OBJ = lib/sids.o lib/util_seaccess.o diff --git a/source/include/proto.h b/source/include/proto.h index 88f59c01e7b..cce4227acd6 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -208,22 +208,24 @@ dbg_Token dbg_char2token( dbg_Token *state, int c ); /*The following definitions come from lib/domain_namemap.c */ -BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info); -BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info); -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info); -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info); -BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info); -BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info); -BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp); -BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep); -BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep); -BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep); -BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp); -BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep); -BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep); +BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP * grp_info); +BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP * grp_info); +BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, + DOM_NAME_MAP * grp_info); +BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, + DOM_NAME_MAP * grp_info); +BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP * grp_info); +BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP * grp_info); +BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP * grp); +BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP * gmep); +BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP * gmep); +BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP * gmep); +BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP * grp); +BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP * gmep); +BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP * gmep); const struct passwd *map_nt_and_unix_username(const char *domain, - const char *ntuser, - char *unix_user, char *nt_user); + const char *ntuser, + char *unix_user, char *nt_user); /*The following definitions come from lib/doscalls.c */ @@ -942,6 +944,8 @@ char *fgets_slash(char *s2,int maxlen,FILE *f); BOOL file_modified(const char *filename, time_t *lastmodified); void *open_file_if_modified(const char *filename, char *mode, time_t *lastmodified); SMB_OFF_T get_file_size(char *file_name); +void *startfilepw_race_condition_avoid(const char *pfile, enum pwf_access_type type, int *lock_depth); +void endfilepw_race_condition_avoid(void *vp, int *lock_depth); /*The following definitions come from lib/util_hnd.c */ @@ -2153,6 +2157,7 @@ BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok); struct smb_passwd *getsmbpwent(void *vp); BOOL add_smbpwd_entry(struct smb_passwd *newpwd); BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override); +BOOL del_smbpwd_entry(uint32 rid); struct smb_passwd *getsmbpwnam(const char *name); struct smb_passwd *getsmbpwuid(uid_t unix_uid); void pwdb_init_smb(struct smb_passwd *user); @@ -2230,6 +2235,7 @@ struct sam_passdb_ops *ldap_initialise_sam_password_db(void); /*The following definitions come from passdb/smbpass.c */ struct smb_passwd *getsmbfilepwent(void *vp); +char *format_new_smbpasswd_entry(struct smb_passwd *newpwd); struct smb_passdb_ops *file_initialise_password_db(void); /*The following definitions come from passdb/smbpasschange.c */ @@ -2241,6 +2247,20 @@ BOOL local_password_change(char *user_name, char *err_str, size_t err_str_len, char *msg_str, size_t msg_str_len); +/*The following definitions come from passdb/smbpassfile.c */ + +BOOL trust_password_lock( const char *domain, const char *name, BOOL update); +BOOL trust_password_unlock(void); +BOOL trust_password_delete( char *domain, char *name ); +BOOL get_trust_account_password( uchar *ret_pwd, time_t *pass_last_set_time); +BOOL set_trust_account_password( uchar *md4_new_pwd); +BOOL trust_get_passwd_time( uchar trust_passwd[16], + const char *domain, const char *myname, + NTTIME *modtime); +BOOL trust_get_passwd( uchar trust_passwd[16], + const char *domain, const char *myname); +BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]); + /*The following definitions come from passdb/smbpassgroup.c */ struct passgrp_ops *file_initialise_password_grp(void); @@ -4199,7 +4219,7 @@ uint32 _samr_query_dispinfo(const POLICY_HND * domain_pol, uint16 level, uint32 max_size, uint32 * data_size, uint32 * num_entries, SAM_DISPINFO_CTR * ctr); -uint32 _samr_delete_dom_user(POLICY_HND * user_pol); +uint32 _samr_delete_dom_user(POLICY_HND *user_pol); uint32 _samr_delete_dom_group(POLICY_HND * group_pol); uint32 _samr_query_groupmem(const POLICY_HND * group_pol, uint32 * num_mem, uint32 ** rid, uint32 ** attr); diff --git a/source/include/smb.h b/source/include/smb.h index b69249d91a9..d484bd1e663 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -364,6 +364,7 @@ struct smb_passwd time_t pass_last_set_time; /* password last set time */ }; +enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; struct sam_disp_info { @@ -763,6 +764,7 @@ struct smb_passdb_ops */ BOOL (*add_smbpwd_entry) (struct smb_passwd *); BOOL (*mod_smbpwd_entry) (struct smb_passwd *, BOOL); + BOOL (*del_smbpwd_entry) (uint32); #if 0 /* diff --git a/source/lib/domain_namemap.c b/source/lib/domain_namemap.c index 699fb8a79d3..33e7fd41589 100644 --- a/source/lib/domain_namemap.c +++ b/source/lib/domain_namemap.c @@ -66,13 +66,14 @@ typedef struct name_map ubi_slNode next; DOM_NAME_MAP grp; -} name_map_entry; +} +name_map_entry; static ubi_slList groupname_map_list; static ubi_slList aliasname_map_list; static ubi_slList ntusrname_map_list; -static void delete_name_entry(name_map_entry *gmep) +static void delete_name_entry(name_map_entry * gmep) { if (gmep->grp.nt_name) { @@ -86,18 +87,18 @@ static void delete_name_entry(name_map_entry *gmep) { free(gmep->grp.unix_name); } - free((char*)gmep); + free((char *)gmep); } /************************************************************************** Delete all the entries in the name map list. ***************************************************************************/ -static void delete_map_list(ubi_slList *map_list) +static void delete_map_list(ubi_slList * map_list) { name_map_entry *gmep; - while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) + while ((gmep = (name_map_entry *) ubi_slRemHead(map_list)) != NULL) { delete_name_entry(gmep); } @@ -107,14 +108,14 @@ static void delete_map_list(ubi_slList *map_list) /************************************************************************** makes a group sid out of a domain sid and a _unix_ gid. ***************************************************************************/ -static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) +static BOOL make_mydomain_sid(DOM_NAME_MAP * grp, DOM_MAP_TYPE type) { int ret = False; fstring sid_str; if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) { - DEBUG(0,("make_mydomain_sid: unknown domain %s\n", + DEBUG(0, ("make_mydomain_sid: unknown domain %s\n", grp->nt_domain)); return False; } @@ -124,33 +125,39 @@ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) /* * only builtin aliases are recognised in S-1-5-20 */ - DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n", - grp->nt_name)); + DEBUG(10, ("make_mydomain_sid: group %s in builtin domain\n", + grp->nt_name)); - if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) + if (lookup_builtin_alias_name + (grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) { - DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", - grp->unix_name, grp->nt_name)); + DEBUG(0, + ("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", + grp->unix_name, grp->nt_name)); return False; } ret = True; } - else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) + else if (lookup_wk_user_name + (grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) { if (type != DOM_MAP_USER) { - DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); + DEBUG(0, + ("well-known NT user %s\\%s listed in wrong map file\n", + grp->nt_domain, grp->nt_name)); return False; } ret = True; } - else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) + else if (lookup_wk_group_name + (grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) { if (type != DOM_MAP_DOMAIN) { - DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); + DEBUG(0, + ("well-known NT group %s\\%s listed in wrong map file\n", + grp->nt_domain, grp->nt_name)); return False; } ret = True; @@ -186,29 +193,32 @@ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) } sid_to_string(sid_str, &grp->sid); - DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n", - grp->nt_domain, grp->nt_name, grp->unix_id, sid_str)); + DEBUG(10, ("nt name %s\\%s gid %d mapped to %s\n", + grp->nt_domain, grp->nt_name, grp->unix_id, sid_str)); return ret; } /************************************************************************** makes a group sid out of an nt domain, nt group name or a unix group name. ***************************************************************************/ -static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type) +static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP * map, DOM_MAP_TYPE type) { /* * Attempt to get the unix gid_t for this name. */ - DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name)); + DEBUG(5, + ("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name)); if (type == DOM_MAP_USER) { const struct passwd *pwptr = Get_Pwnam(map->unix_name, False); if (pwptr == NULL) { - DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); + DEBUG(0, + ("unix_name_to_nt_name_info: Get_Pwnam for user %s\ +failed. Error was %s.\n", + map->unix_name, strerror(errno))); return False; } @@ -219,21 +229,24 @@ failed. Error was %s.\n", map->unix_name, strerror(errno) )); struct group *gptr = getgrnam(map->unix_name); if (gptr == NULL) { - DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); + DEBUG(0, + ("unix_name_to_nt_name_info: getgrnam for group %s\ +failed. Error was %s.\n", + map->unix_name, strerror(errno))); return False; } map->unix_id = (uint32)gptr->gr_gid; } - DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id)); + DEBUG(5, ("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id)); /* * Now map the name to an NT SID+RID. */ - if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name)) + if (map->nt_domain != NULL + && !strequal(map->nt_domain, global_sam_name)) { /* Must add client-call lookup code here, to * resolve remote domain's sid and the group's rid, @@ -251,8 +264,9 @@ failed. Error was %s.\n", map->unix_name, strerror(errno) )); if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain))) { - DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n", - map->nt_domain)); + DEBUG(0, + ("unix_name_to_nt_name_info: no known sid for %s\n", + map->nt_domain)); return False; } } @@ -260,33 +274,37 @@ failed. Error was %s.\n", map->unix_name, strerror(errno) )); return make_mydomain_sid(map, type); } -static BOOL make_name_entry(name_map_entry **new_ep, - char *nt_domain, char *nt_group, char *unix_group, - DOM_MAP_TYPE type) +static BOOL make_name_entry(name_map_entry ** new_ep, + char *nt_domain, char *nt_group, char *unix_group, + DOM_MAP_TYPE type) { /* * Create the list entry and add it onto the list. */ - DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); + DEBUG(5, + ("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, + unix_group)); - (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); + (*new_ep) = (name_map_entry *) malloc(sizeof(name_map_entry)); if ((*new_ep) == NULL) { - DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); + DEBUG(0, + ("make_name_entry: malloc fail for name_map_entry.\n")); return False; - } + } ZERO_STRUCTP(*new_ep); - (*new_ep)->grp.nt_name = strdup(nt_group ); - (*new_ep)->grp.nt_domain = strdup(nt_domain ); + (*new_ep)->grp.nt_name = strdup(nt_group); + (*new_ep)->grp.nt_domain = strdup(nt_domain); (*new_ep)->grp.unix_name = strdup(unix_group); - if ((*new_ep)->grp.nt_name == NULL || + if ((*new_ep)->grp.nt_name == NULL || (*new_ep)->grp.unix_name == NULL) { - DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); + DEBUG(0, + ("make_name_entry: malloc fail for names in name_map_entry.\n")); delete_name_entry((*new_ep)); return False; } @@ -294,7 +312,7 @@ static BOOL make_name_entry(name_map_entry **new_ep, /* * look up the group names, make the Group-SID and unix gid */ - + if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type)) { delete_name_entry((*new_ep)); @@ -309,12 +327,12 @@ static BOOL make_name_entry(name_map_entry **new_ep, ***************************************************************************/ static ubi_slList *load_name_map(DOM_MAP_TYPE type) { - static time_t groupmap_file_last_modified = (time_t)0; - static time_t aliasmap_file_last_modified = (time_t)0; - static time_t ntusrmap_file_last_modified = (time_t)0; + static time_t groupmap_file_last_modified = (time_t) 0; + static time_t aliasmap_file_last_modified = (time_t) 0; + static time_t ntusrmap_file_last_modified = (time_t) 0; static BOOL initialised_group = False; static BOOL initialised_alias = False; - static BOOL initialised_ntusr = False; + static BOOL initialised_ntusr = False; char *groupname_map_file = lp_groupname_map(); char *aliasname_map_file = lp_aliasname_map(); char *ntusrname_map_file = lp_ntusrname_map(); @@ -325,8 +343,8 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) name_map_entry *new_ep; time_t *file_last_modified = NULL; - int *initialised = NULL; - char *map_file = NULL; + int *initialised = NULL; + char *map_file = NULL; ubi_slList *map_list = NULL; switch (type) @@ -334,27 +352,27 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) case DOM_MAP_DOMAIN: { file_last_modified = &groupmap_file_last_modified; - initialised = &initialised_group; - map_file = groupname_map_file; - map_list = &groupname_map_list; + initialised = &initialised_group; + map_file = groupname_map_file; + map_list = &groupname_map_list; break; } case DOM_MAP_LOCAL: { file_last_modified = &aliasmap_file_last_modified; - initialised = &initialised_alias; - map_file = aliasname_map_file; - map_list = &aliasname_map_list; + initialised = &initialised_alias; + map_file = aliasname_map_file; + map_list = &aliasname_map_list; break; } case DOM_MAP_USER: { file_last_modified = &ntusrmap_file_last_modified; - initialised = &initialised_ntusr; - map_file = ntusrname_map_file; - map_list = &ntusrname_map_list; + initialised = &initialised_ntusr; + map_file = ntusrname_map_file; + map_list = &ntusrname_map_list; break; } @@ -362,7 +380,7 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) if (!(*initialised)) { - DEBUG(10,("initialising map %s\n", map_file)); + DEBUG(10, ("initialising map %s\n", map_file)); ubi_slInitList(map_list); (*initialised) = True; } @@ -387,7 +405,7 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) */ delete_map_list(map_list); - DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); + DEBUG(4, ("load_name_map: Scanning name map %s\n", map_file)); while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) { @@ -397,17 +415,17 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) fstring ntname; char *p; - DEBUG(10,("Read line |%s|\n", s)); + DEBUG(10, ("Read line |%s|\n", s)); memset(nt_name, 0, sizeof(nt_name)); - if (!*s || strchr("#;",*s)) + if (!*s || strchr("#;", *s)) continue; - if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) + if (!next_token(&s, unixname, "\t\n\r=", sizeof(unixname))) continue; - if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) + if (!next_token(&s, nt_name, "\t\n\r=", sizeof(nt_name))) continue; trim_string(unixname, " ", " "); @@ -431,36 +449,36 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) *p = 0; p++; fstrcpy(nt_domain, nt_name); - fstrcpy(ntname , p); + fstrcpy(ntname, p); } - if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type)) + if (make_name_entry + (&new_ep, nt_domain, ntname, unixname, type)) { - ubi_slAddTail(map_list, (ubi_slNode *)new_ep); - DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n", - new_ep->grp.unix_name, - new_ep->grp.nt_domain, - new_ep->grp.nt_name, - new_ep->grp.type)); + ubi_slAddTail(map_list, (ubi_slNode *) new_ep); + DEBUG(5, + ("unixname = %s, ntname = %s\\%s type = %d\n", + new_ep->grp.unix_name, new_ep->grp.nt_domain, + new_ep->grp.nt_name, new_ep->grp.type)); } } - DEBUG(10,("load_name_map: Added %ld entries to name map.\n", - ubi_slCount(map_list))); + DEBUG(10, ("load_name_map: Added %ld entries to name map.\n", + ubi_slCount(map_list))); fclose(fp); return map_list; } -static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from) +static void copy_grp_map_entry(DOM_NAME_MAP * grp, const DOM_NAME_MAP * from) { sid_copy(&grp->sid, &from->sid); - grp->unix_id = from->unix_id; - grp->nt_name = from->nt_name; + grp->unix_id = from->unix_id; + grp->nt_name = from->nt_name; grp->nt_domain = from->nt_domain; grp->unix_name = from->unix_name; - grp->type = from->type; + grp->type = from->type; } #if 0 @@ -468,7 +486,7 @@ static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from) Lookup unix name. ************************************************************/ static BOOL map_unixname(DOM_MAP_TYPE type, - char *unixname, DOM_NAME_MAP *grp_info) + char *unixname, DOM_NAME_MAP * grp_info) { name_map_entry *gmep; ubi_slList *map_list; @@ -478,15 +496,15 @@ static BOOL map_unixname(DOM_MAP_TYPE type, */ map_list = load_name_map(type); - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) + for (gmep = (name_map_entry *) ubi_slFirst(map_list); + gmep != NULL; gmep = (name_map_entry *) ubi_slNext(gmep)) { if (strequal(gmep->grp.unix_name, unixname)) { copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); + DEBUG(7, + ("map_unixname: Mapping unix name %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name)); return True; } } @@ -500,7 +518,7 @@ static BOOL map_unixname(DOM_MAP_TYPE type, Lookup nt name. ************************************************************/ static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, - DOM_NAME_MAP *grp_info) + DOM_NAME_MAP * grp_info) { name_map_entry *gmep; ubi_slList *map_list; @@ -510,16 +528,16 @@ static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, */ map_list = load_name_map(type); - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) + for (gmep = (name_map_entry *) ubi_slFirst(map_list); + gmep != NULL; gmep = (name_map_entry *) ubi_slNext(gmep)) { - if (strequal(gmep->grp.nt_name , ntname) && + if (strequal(gmep->grp.nt_name, ntname) && strequal(gmep->grp.nt_domain, ntdomain)) { copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); + DEBUG(7, + ("map_ntname: Mapping unix name %s to nt name %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name)); return True; } } @@ -531,8 +549,7 @@ static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, /*********************************************************** Lookup by SID ************************************************************/ -static BOOL map_sid(DOM_MAP_TYPE type, - DOM_SID *psid, DOM_NAME_MAP *grp_info) +static BOOL map_sid(DOM_MAP_TYPE type, DOM_SID *psid, DOM_NAME_MAP * grp_info) { name_map_entry *gmep; ubi_slList *map_list; @@ -542,15 +559,15 @@ static BOOL map_sid(DOM_MAP_TYPE type, */ map_list = load_name_map(type); - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) + for (gmep = (name_map_entry *) ubi_slFirst(map_list); + gmep != NULL; gmep = (name_map_entry *) ubi_slNext(gmep)) { if (sid_equal(&gmep->grp.sid, psid)) { copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); + DEBUG(7, + ("map_sid: Mapping unix name %s to nt name %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name)); return True; } } @@ -561,7 +578,8 @@ static BOOL map_sid(DOM_MAP_TYPE type, /*********************************************************** Lookup by gid_t. ************************************************************/ -static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info) +static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, + DOM_NAME_MAP * grp_info) { name_map_entry *gmep; ubi_slList *map_list; @@ -571,19 +589,22 @@ static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info */ map_list = load_name_map(type); - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) + for (gmep = (name_map_entry *) ubi_slFirst(map_list); + gmep != NULL; gmep = (name_map_entry *) ubi_slNext(gmep)) { fstring sid_str; sid_to_string(sid_str, &gmep->grp.sid); - DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n", - gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str)); + DEBUG(10, + ("map_unixid: enum entry unix group %s %d nt %s %s\n", + gmep->grp.unix_name, gmep->grp.unix_id, + gmep->grp.nt_name, sid_str)); if (gmep->grp.unix_id == unix_id) { copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n", - gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type)); + DEBUG(7, + ("map_unixid: Mapping unix name %s to nt name %s type %d\n", + gmep->grp.unix_name, gmep->grp.nt_name, + gmep->grp.type)); return True; } } @@ -609,7 +630,7 @@ static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info /*********************************************************** Lookup a UNIX Group entry by name. ************************************************************/ -BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info) +BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP * grp_info) { return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info); } @@ -617,7 +638,7 @@ BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup a UNIX Alias entry by name. ************************************************************/ -BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info) +BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP * grp_info) { return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info); } @@ -625,7 +646,8 @@ BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup an Alias name entry ************************************************************/ -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info) +BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, + DOM_NAME_MAP * grp_info) { return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info); } @@ -633,7 +655,8 @@ BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_in /*********************************************************** Lookup a Group entry ************************************************************/ -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info) +BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, + DOM_NAME_MAP * grp_info) { return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info); } @@ -643,7 +666,8 @@ BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_in /*********************************************************** Lookup a Username entry by name. ************************************************************/ -static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info) +static BOOL map_nt_username(char *nt_name, char *nt_domain, + DOM_NAME_MAP * grp_info) { return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info); } @@ -651,7 +675,7 @@ static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_in /*********************************************************** Lookup a Username entry by SID. ************************************************************/ -static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info) +static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP * grp_info) { return map_sid(DOM_MAP_USER, sid, grp_info); } @@ -659,7 +683,7 @@ static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup a Username SID entry by uid. ************************************************************/ -static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info) +static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP * grp_info) { return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info); } @@ -667,7 +691,7 @@ static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup an Alias SID entry by name. ************************************************************/ -BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) +BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP * grp_info) { return map_sid(DOM_MAP_LOCAL, psid, grp_info); } @@ -675,7 +699,7 @@ BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup a Group entry by sid. ************************************************************/ -BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) +BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP * grp_info) { return map_sid(DOM_MAP_DOMAIN, psid, grp_info); } @@ -683,7 +707,7 @@ BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup an Alias SID entry by gid_t. ************************************************************/ -static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info) +static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP * grp_info) { return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info); } @@ -691,7 +715,7 @@ static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info) /*********************************************************** Lookup a Group SID entry by gid_t. ************************************************************/ -static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info) +static BOOL map_group_gid(gid_t gid, DOM_NAME_MAP * grp_info) { return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info); } @@ -700,10 +724,10 @@ static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info) /************************************************************************ Routine to look up User details by UNIX name *************************************************************************/ -BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp) +BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP * grp) { uid_t uid; - DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name)); + DEBUG(10, ("lookupsmbpwnam: unix user name %s\n", unix_usr_name)); if (nametouid(unix_usr_name, &uid)) { return lookupsmbpwuid(uid, grp); @@ -717,11 +741,13 @@ BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp) /************************************************************************ Routine to look up a remote nt name *************************************************************************/ -static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint32 *type) +static BOOL lookup_remote_ntname(const char *ntdomain, + const char *ntname, DOM_SID *sid, + uint32 *type) { - struct cli_state cli; POLICY_HND lsa_pol; fstring srv_name; + fstring full_nt_name; BOOL res3 = True; BOOL res4 = True; @@ -730,26 +756,25 @@ static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint32 *type) uint32 *types; char *names[1]; - DEBUG(5,("lookup_remote_ntname: %s\n", ntname)); + DEBUG(5, ("lookup_remote_ntname: %s\n", ntname)); - if (!cli_connect_serverlist(&cli, lp_passwordserver())) + if (!get_any_dc_name(ntname, srv_name)) { return False; } - names[0] = ntname; + slprintf(full_nt_name, sizeof(full_nt_name) - 1, "%s\\%s", ntdomain, + ntname); - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, cli.desthost); - strupper(srv_name); + names[0] = full_nt_name; /* lookup domain controller; receive a policy handle */ - res3 = res3 ? lsa_open_policy( srv_name, - &lsa_pol, True, 0x02000000) : False; + res3 = res3 ? lsa_open_policy(srv_name, + &lsa_pol, True, 0x02000000) : False; /* send lsa lookup sids call */ - res4 = res3 ? lsa_lookup_names( &lsa_pol, - 1, names, + res4 = res3 ? lsa_lookup_names(&lsa_pol, + 1, names, &sids, &types, &num_sids) : False; res3 = res3 ? lsa_close(&lsa_pol) : False; @@ -767,20 +792,21 @@ static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint32 *type) { free(types); } - + if (sids != NULL) { free(sids); } - + return res3 && res4; } /************************************************************************ Routine to look up a remote nt name *************************************************************************/ -static BOOL get_sid_and_type(const char *fullntname, uint32 expected_type, - DOM_NAME_MAP *gmep) +static BOOL get_sid_and_type(const char *ntdomain, + const char *ntname, uint32 expected_type, + DOM_NAME_MAP * gmep) { POSIX_ID id; @@ -791,7 +817,8 @@ static BOOL get_sid_and_type(const char *fullntname, uint32 expected_type, if (lp_server_role() == ROLE_DOMAIN_MEMBER) { - if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type)) + if (lookup_remote_ntname + (ntdomain, ntname, &gmep->sid, &gmep->type)) { if (sid_front_equal(&gmep->sid, &global_member_sid) && strequal(gmep->nt_domain, global_myworkgroup) && @@ -845,9 +872,9 @@ static BOOL get_sid_and_type(const char *fullntname, uint32 expected_type, /************************************************************************* looks up a uid, returns User Information. *************************************************************************/ -BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) +BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP * gmep) { - DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid)); + DEBUG(10, ("lookupsmbpwuid: unix uid %d\n", uid)); if (map_username_uid(uid, gmep)) { return True; @@ -859,7 +886,7 @@ BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) static fstring unix_name; static fstring nt_domain; - gmep->nt_name = nt_name; + gmep->nt_name = nt_name; gmep->unix_name = unix_name; gmep->nt_domain = nt_domain; @@ -883,7 +910,8 @@ BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) if (lp_server_role() == ROLE_DOMAIN_MEMBER) { #if 0 - lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); + lsa_lookup_names(global_myworkgroup, gmep->nt_name, + &gmep->sid...); #endif } @@ -927,13 +955,13 @@ BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) /************************************************************************* looks up by NT name, returns User Information. *************************************************************************/ -BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) +BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP * gmep) { static fstring nt_name; static fstring unix_name; static fstring nt_domain; - DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname)); + DEBUG(10, ("lookupsmbpwntnam: nt user name %s\n", fullntname)); if (!split_domain_name(fullntname, nt_domain, nt_name)) { @@ -947,7 +975,7 @@ BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) if (lp_server_role() != ROLE_DOMAIN_NONE) { uid_t uid; - gmep->nt_name = nt_name; + gmep->nt_name = nt_name; gmep->unix_name = unix_name; gmep->nt_domain = nt_domain; @@ -966,7 +994,7 @@ BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) } gmep->unix_id = (uint32)uid; - return get_sid_and_type(fullntname, gmep->type, gmep); + return get_sid_and_type(nt_name, nt_domain, gmep->type, gmep); } /* oops. */ @@ -977,11 +1005,11 @@ BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) /************************************************************************* looks up by RID, returns User Information. *************************************************************************/ -BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) +BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP * gmep) { fstring sid_str; sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str)); + DEBUG(10, ("lookupsmbpwsid: nt sid %s\n", sid_str)); if (map_username_sid(sid, gmep)) { @@ -994,7 +1022,7 @@ BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) static fstring unix_name; static fstring nt_domain; - gmep->nt_name = nt_name; + gmep->nt_name = nt_name; gmep->unix_name = unix_name; gmep->nt_domain = nt_domain; @@ -1006,9 +1034,6 @@ BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) if (lp_server_role() == ROLE_DOMAIN_MEMBER) { -#if 0 - if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif } /* @@ -1020,37 +1045,34 @@ BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) gmep->type = SID_NAME_USER; sid_copy(&gmep->sid, sid); - if (!surs_sam_sid_to_unixid(&gmep->sid, &id, False)) { return False; } gmep->unix_id = id.id; - switch (id.type) { case SURS_POSIX_UID_AS_USR: { - gmep->type= SID_NAME_USER; + gmep->type = SID_NAME_USER; break; } case SURS_POSIX_GID_AS_GRP: { - gmep->type= SID_NAME_DOM_GRP; + gmep->type = SID_NAME_DOM_GRP; break; } case SURS_POSIX_GID_AS_ALS: { - gmep->type= SID_NAME_ALIAS; + gmep->type = SID_NAME_ALIAS; break; } } - fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id)); + fstrcpy(gmep->nt_name, uidtoname((uid_t) gmep->unix_id)); fstrcpy(gmep->unix_name, gmep->nt_name); gmep->nt_domain = global_sam_name; - return True; } @@ -1062,10 +1084,10 @@ BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) /************************************************************************ Routine to look up group / alias / well-known group RID by UNIX name *************************************************************************/ -BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp) +BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP * grp) { gid_t gid; - DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name)); + DEBUG(10, ("lookupsmbgrpnam: unix user group %s\n", unix_grp_name)); if (nametogid(unix_grp_name, &gid)) { return lookupsmbgrpgid(gid, grp); @@ -1079,12 +1101,11 @@ BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp) /************************************************************************* looks up a SID, returns name map entry *************************************************************************/ -BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) +BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP * gmep) { fstring sid_str; sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str)); - + DEBUG(10, ("lookupsmbgrpsid: nt sid %s\n", sid_str)); if (map_alias_sid(sid, gmep)) { return True; @@ -1099,21 +1120,19 @@ BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) static fstring nt_name; static fstring unix_name; static fstring nt_domain; - - gmep->nt_name = nt_name; + gmep->nt_name = nt_name; gmep->unix_name = unix_name; gmep->nt_domain = nt_domain; - /* * here we should do a LsaLookupNames() call * to check the status of the name with the PDC. * if the PDC know nothing of the name, it's ours. */ - if (lp_server_role() == ROLE_DOMAIN_MEMBER) { #if 0 - lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); + lsa_lookup_sids(global_myworkgroup, gmep->sid, + gmep->nt_name, gmep->nt_domain...); #endif } @@ -1131,12 +1150,12 @@ BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) if (lp_server_role() == ROLE_DOMAIN_MEMBER) { - /* ... as a LOCAL group. */ + /* ... as a LOCAL group. */ gmep->type = SID_NAME_ALIAS; } else { - /* ... as a DOMAIN group. */ + /* ... as a DOMAIN group. */ gmep->type = SID_NAME_DOM_GRP; } @@ -1147,30 +1166,28 @@ BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) } gmep->unix_id = id.id; - switch (id.type) { case SURS_POSIX_UID_AS_USR: { - gmep->type= SID_NAME_USER; + gmep->type = SID_NAME_USER; break; } case SURS_POSIX_GID_AS_GRP: { - gmep->type= SID_NAME_DOM_GRP; + gmep->type = SID_NAME_DOM_GRP; break; } case SURS_POSIX_GID_AS_ALS: { - gmep->type= SID_NAME_ALIAS; + gmep->type = SID_NAME_ALIAS; break; } } - fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id)); + fstrcpy(gmep->nt_name, gidtoname((gid_t) gmep->unix_id)); fstrcpy(gmep->unix_name, gmep->nt_name); gmep->nt_domain = global_sam_name; - return True; } @@ -1181,9 +1198,9 @@ BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) /************************************************************************* looks up a gid, returns RID and type local, domain or well-known domain group *************************************************************************/ -BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) +BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP * gmep) { - DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid)); + DEBUG(10, ("lookupsmbgrpgid: unix gid %d\n", (int)gid)); if (map_alias_gid(gid, gmep)) { return True; @@ -1197,27 +1214,17 @@ BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) static fstring nt_name; static fstring unix_name; static fstring nt_domain; - - gmep->nt_name = nt_name; + gmep->nt_name = nt_name; gmep->unix_name = unix_name; gmep->nt_domain = nt_domain; - gmep->unix_id = (uint32)gid; - /* * here we should do a LsaLookupNames() call * to check the status of the name with the PDC. * if the PDC know nothing of the name, it's ours. */ - if (lp_server_role() == ROLE_DOMAIN_MEMBER) { -#if 0 - if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); - { - return True; - } -#endif } /* @@ -1234,19 +1241,19 @@ BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) if (lp_server_role() == ROLE_DOMAIN_MEMBER) { - /* ... as a LOCAL group. */ + /* ... as a LOCAL group. */ gmep->type = SID_NAME_ALIAS; } else { - /* ... as a DOMAIN group. */ + /* ... as a DOMAIN group. */ gmep->type = SID_NAME_DOM_GRP; } fstrcpy(gmep->nt_domain, global_sam_name); fstrcpy(gmep->nt_name, gidtoname(gid)); fstrcpy(gmep->unix_name, gmep->nt_name); - - return get_sid_and_type(gmep->nt_name, gmep->type, gmep); + return get_sid_and_type(gmep->nt_domain, + gmep->nt_name, gmep->type, gmep); } /* oops */ @@ -1258,12 +1265,11 @@ BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) does _both_ nt->unix and unix->unix username remappings. ****************************************************************************/ const struct passwd *map_nt_and_unix_username(const char *domain, - const char *ntuser, - char *unix_user, char *nt_user) + const char *ntuser, + char *unix_user, char *nt_user) { DOM_NAME_MAP gmep; fstring nt_username; - if (nt_user == NULL) { nt_user = nt_username; @@ -1272,8 +1278,7 @@ const struct passwd *map_nt_and_unix_username(const char *domain, memset(nt_user, 0, sizeof(nt_user)); if (domain != NULL) { - slprintf(nt_user, sizeof(fstring), "%s\\%s", - domain, ntuser); + slprintf(nt_user, sizeof(fstring), "%s\\%s", domain, ntuser); } else { @@ -1300,10 +1305,8 @@ const struct passwd *map_nt_and_unix_username(const char *domain, */ (void)map_username(unix_user); - /* * Do any UNIX username case mangling. */ - return Get_Pwnam( unix_user, True); + return Get_Pwnam(unix_user, True); } - diff --git a/source/lib/util_file.c b/source/lib/util_file.c index 47069463ff4..ae0f7bde5d9 100644 --- a/source/lib/util_file.c +++ b/source/lib/util_file.c @@ -805,3 +805,150 @@ SMB_OFF_T get_file_size(char *file_name) return (buf.st_size); } + +/*************************************************************** + Internal fn to enumerate the smbpasswd list. Returns a void pointer + to ensure no modification outside this module. Checks for atomic + rename of smbpasswd file on update or create once the lock has + been granted to prevent race conditions. JRA. +****************************************************************/ + +void *startfilepw_race_condition_avoid(const char *pfile, enum pwf_access_type type, int *lock_depth) +{ + FILE *fp = NULL; + const char *open_mode = NULL; + int race_loop = 0; + int lock_type; + + if (!*pfile) { + DEBUG(0, ("startfilepw_race_condition_avoid: No SMB password file set\n")); + return (NULL); + } + + switch(type) { + case PWF_READ: + open_mode = "rb"; + lock_type = F_RDLCK; + break; + case PWF_UPDATE: + open_mode = "r+b"; + lock_type = F_WRLCK; + break; + case PWF_CREATE: + /* + * Ensure atomic file creation. + */ + { + int i, fd = -1; + + for(i = 0; i < 5; i++) { + if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) + break; + sys_usleep(200); /* Spin, spin... */ + } + if(fd == -1) { + DEBUG(0,("startfilepw_race_condition_avoid: too many race conditions creating file %s\n", pfile)); + return NULL; + } + close(fd); + open_mode = "r+b"; + lock_type = F_WRLCK; + break; + } + } + + for(race_loop = 0; race_loop < 5; race_loop++) { + DEBUG(10, ("startfilepw_race_condition_avoid: opening file %s\n", pfile)); + + if((fp = sys_fopen(pfile, open_mode)) == NULL) { + DEBUG(0, ("startfilepw_race_condition_avoid: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); + return NULL; + } + + if (!file_lock(fileno(fp), lock_type, 5, lock_depth)) { + DEBUG(0, ("startfilepw_race_condition_avoid: unable to lock file %s. Error was %s\n", pfile, strerror(errno) )); + fclose(fp); + return NULL; + } + + /* + * Only check for replacement races on update or create. + * For read we don't mind if the data is one record out of date. + */ + + if(type == PWF_READ) { + break; + } else { + SMB_STRUCT_STAT sbuf1, sbuf2; + + /* + * Avoid the potential race condition between the open and the lock + * by doing a stat on the filename and an fstat on the fd. If the + * two inodes differ then someone did a rename between the open and + * the lock. Back off and try the open again. Only do this 5 times to + * prevent infinate loops. JRA. + */ + + if (sys_stat(pfile,&sbuf1) != 0) { + DEBUG(0, ("startfilepw_race_condition_avoid: unable to stat file %s. Error was %s\n", pfile, strerror(errno))); + file_unlock(fileno(fp), lock_depth); + fclose(fp); + return NULL; + } + + if (sys_fstat(fileno(fp),&sbuf2) != 0) { + DEBUG(0, ("startfilepw_race_condition_avoid: unable to fstat file %s. Error was %s\n", pfile, strerror(errno))); + file_unlock(fileno(fp), lock_depth); + fclose(fp); + return NULL; + } + + if( sbuf1.st_ino == sbuf2.st_ino) { + /* No race. */ + break; + } + + /* + * Race occurred - back off and try again... + */ + + file_unlock(fileno(fp), lock_depth); + fclose(fp); + } + } + + if(race_loop == 5) { + DEBUG(0, ("startfilepw_race_condition_avoid: too many race conditions opening file %s\n", pfile)); + return NULL; + } + + /* Set a buffer to do more efficient reads */ + setvbuf(fp, (char *)NULL, _IOFBF, 1024); + + /* Make sure it is only rw by the owner */ + if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) { + DEBUG(0, ("startfilepw_race_condition_avoid: failed to set 0600 permissions on password file %s. \ +Error was %s\n.", pfile, strerror(errno) )); + file_unlock(fileno(fp), lock_depth); + fclose(fp); + return NULL; + } + + /* We have a lock on the file. */ + return (void *)fp; +} + + +/*************************************************************** + End enumeration of the smbpasswd list. +****************************************************************/ + +void endfilepw_race_condition_avoid(void *vp, int *lock_depth) +{ + FILE *fp = (FILE *)vp; + + file_unlock(fileno(fp), lock_depth); + fclose(fp); + DEBUG(7, ("endfilepw_race_condition_avoid: closed password file.\n")); +} + diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 498e61acdc0..bd5d51647da 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -238,6 +238,15 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) } /************************************************************************ + Routine to del an entry from the smb passwd file. +*************************************************************************/ + +BOOL del_smbpwd_entry(uint32 rid) +{ + return pwdb_ops->del_smbpwd_entry(rid); +} + +/************************************************************************ Routine to search smb passwd by name. *************************************************************************/ diff --git a/source/passdb/smbpass.c b/source/passdb/smbpass.c index e3c6a5da441..5256769b4a1 100644 --- a/source/passdb/smbpass.c +++ b/source/passdb/smbpass.c @@ -256,6 +256,66 @@ struct smb_passwd *getsmbfilepwent(void *vp) } /************************************************************************ + Create a new smbpasswd entry - malloced space returned. +*************************************************************************/ + +char *format_new_smbpasswd_entry(struct smb_passwd *newpwd) +{ + int new_entry_length; + char *new_entry; + char *p; + int i; + + new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; + + if((new_entry = (char *)malloc( new_entry_length )) == NULL) { + DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->unix_name )); + return NULL; + } + + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid); + p = &new_entry[strlen(new_entry)]; + + if(newpwd->smb_passwd != NULL) { + for( i = 0; i < 16; i++) { + slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); + } + } else { + i=0; + if(newpwd->acct_ctrl & ACB_PWNOTREQ) + safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); + else + safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); + } + + p += 32; + + *p++ = ':'; + + if(newpwd->smb_nt_passwd != NULL) { + for( i = 0; i < 16; i++) { + slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); + } + } else { + if(newpwd->acct_ctrl & ACB_PWNOTREQ) + safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); + else + safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); + } + + p += 32; + + *p++ = ':'; + + /* Add the account encoding and the last change time. */ + slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", + pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), + (uint32)newpwd->pass_last_set_time); + + return new_entry; +} + +/************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -264,15 +324,11 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) char *pfile = lp_smb_passwd_file(); struct smb_passwd *pwd = NULL; FILE *fp = NULL; - - int i; int wr_len; - int fd; - int new_entry_length; + size_t new_entry_length; char *new_entry; SMB_OFF_T offpos; - char *p; /* Open the smbpassword file - for update. */ fp = startsmbfilepwent(True); @@ -288,7 +344,7 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) while ((pwd = getsmbfilepwent(fp)) != NULL) { if (strequal(newpwd->unix_name, pwd->unix_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name)); + DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->unix_name)); endsmbfilepwent(fp); return False; } @@ -297,8 +353,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) /* Ok - entry doesn't exist. We can add it */ /* Create a new smb passwd entry and set it to the given password. */ - /* - * The add user write needs to be atomic - so get the fd from + /* + * The add user write needs to be atomic - so get the fd from * the fp and do a raw write() call. */ fd = fileno(fp); @@ -310,66 +366,28 @@ Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); return False; } - new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; - - if((new_entry = (char *)malloc( new_entry_length )) == NULL) { + if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid); - p = &new_entry[strlen(new_entry)]; - - if(newpwd->smb_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); - } - } else { - i=0; - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } - - p += 32; - - *p++ = ':'; - - if(newpwd->smb_nt_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); - } - } else { - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } - - p += 32; - - *p++ = ':'; - - /* Add the account encoding and the last change time. */ - slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); + new_entry_length = strlen(new_entry); #ifdef DEBUG_PASSWORD - DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|", - fd, new_entry_length, strlen(new_entry), new_entry)); + DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|", + fd, new_entry_length, new_entry)); #endif - if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) { + if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) { DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno))); /* Remove the entry we just wrote. */ if(sys_ftruncate(fd, offpos) == -1) { DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ -Error was %s. Password file may be corrupt ! Please examine by hand !\n", +Error was %s. Password file may be corrupt ! Please examine by hand !\n", newpwd->unix_name, strerror(errno))); } @@ -795,6 +813,127 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) return True; } +/************************************************************************ + Routine to delete an entry in the smbpasswd file by rid. +*************************************************************************/ + +static BOOL del_smbfilepwd_entry(uint32 user_rid) +{ + char *pfile = lp_smb_passwd_file(); + pstring pfile2; + struct smb_passwd *pwd = NULL; + FILE *fp = NULL; + FILE *fp_write = NULL; + int pfile2_lockdepth = 0; + struct sam_passwd *sam_pass; + fstring name; + + DEBUG(0, ("del_smbfilepwd_entry\n")); + + become_root(True); + sam_pass = getsam21pwrid(user_rid); + unbecome_root(True); + + if (sam_pass == NULL) + { + DEBUG(0, ("User 0x%x not found\n", user_rid)); + return False; + } + + DEBUG(0, ("del_smbfilepwd_entry: User:[%s]\n", sam_pass->nt_name)); + +// unistr2_to_ascii(name, sam_pass->nt_name, sizeof(name) - 1); + fstrcpy(name, sam_pass->nt_name); + + DEBUG(0, ("del_smbfilepwd_entry: user: %s\n", name)); + + slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)getpid() ); + + /* + * Open the smbpassword file - for update. It needs to be update + * as we need any other processes to wait until we have replaced + * it. + */ + + if((fp = startsmbfilepwent(True)) == NULL) { + DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); + return False; + } + + /* + * Create the replacement password file. + */ + if((fp_write = startfilepw_race_condition_avoid(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) { + DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); + endsmbfilepwent(fp); + return False; + } + + /* + * Scan the file, a line at a time and check if the name matches. + */ + + while ((pwd = getsmbfilepwent(fp)) != NULL) { + char *new_entry; + size_t new_entry_length; + + if (strequal(name, pwd->unix_name)) { + DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name)); + continue; + } + + /* + * We need to copy the entry out into the second file. + */ + + if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) { + DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \ +Error was %s\n", pwd->unix_name, pfile2, strerror(errno))); + unlink(pfile2); + endsmbfilepwent(fp); + endfilepw_race_condition_avoid(fp_write,&pfile2_lockdepth); + return False; + } + + new_entry_length = strlen(new_entry); + + if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) { + DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \ +Error was %s\n", pwd->unix_name, pfile2, strerror(errno))); + unlink(pfile2); + endsmbfilepwent(fp); + endfilepw_race_condition_avoid(fp_write,&pfile2_lockdepth); + free(new_entry); + return False; + } + + free(new_entry); + } + + /* + * Ensure pfile2 is flushed before rename. + */ + + if(fflush(fp_write) != 0) { + DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno))); + endsmbfilepwent(fp); + endfilepw_race_condition_avoid(fp_write,&pfile2_lockdepth); + return False; + } + + /* + * Do an atomic rename - then release the locks. + */ + + if(rename(pfile2,pfile) != 0) { + unlink(pfile2); + } + endsmbfilepwent(fp); + endfilepw_race_condition_avoid(fp_write,&pfile2_lockdepth); + return True; +} + + static struct smb_passdb_ops file_ops = { startsmbfilepwent, endsmbfilepwent, @@ -804,7 +943,8 @@ static struct smb_passdb_ops file_ops = { iterate_getsmbpwuid, /* In passdb.c */ getsmbfilepwent, add_smbfilepwd_entry, - mod_smbfilepwd_entry + mod_smbfilepwd_entry, + del_smbfilepwd_entry }; struct smb_passdb_ops *file_initialise_password_db(void) diff --git a/source/samrd/srv_samr_passdb.c b/source/samrd/srv_samr_passdb.c index 275a6150911..dade2fa0df6 100644 --- a/source/samrd/srv_samr_passdb.c +++ b/source/samrd/srv_samr_passdb.c @@ -985,14 +985,31 @@ uint32 _samr_query_dispinfo(const POLICY_HND * domain_pol, uint16 level, /******************************************************************* - samr_reply_delete_dom_user + samr_delete_dom_user ********************************************************************/ -uint32 _samr_delete_dom_user(POLICY_HND * user_pol) +uint32 _samr_delete_dom_user(POLICY_HND *user_pol) { - DEBUG(0, ("samr_delete_dom_user: not implemented\n")); - return NT_STATUS_ACCESS_DENIED; -} + fstring user_name; + uint32 user_rid = 0x0; + DOM_SID user_sid; + struct sam_passwd *sam_pass; + + /* find the policy handle. open a policy on it. */ + if (!get_policy_samr_sid(get_global_hnd_cache(), user_pol, &user_sid)) + { + return NT_STATUS_INVALID_HANDLE; + } + sid_split_rid(&user_sid, &user_rid); + DEBUG(0, ("_samr_delete_dom_user: user_rid:0x%x\n", user_rid)); + + if (!del_smbpwd_entry(user_rid)) + { + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_NOPROBLEMO; +} /******************************************************************* samr_reply_delete_dom_group |