BOOL global_machine_password_needs_changing = False;
extern pstring global_myname;
+extern userdom_struct current_user_info;
/***********************************************************************
Connect to a remote machine for domain security authentication
fstrcpy(remote_machine, server);
}
- standard_sub_basic(remote_machine);
+ standard_sub_basic(current_user_info.smb_name, remote_machine);
strupper(remote_machine);
if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
#include "includes.h"
extern pstring global_myname;
+extern userdom_struct current_user_info;
/****************************************************************************
Support for server level security.
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
- standard_sub_basic(desthost);
+ standard_sub_basic(current_user_info.smb_name, desthost);
strupper(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
fstring local_machine="";
fstring remote_arch="UNKNOWN";
userdom_struct current_user_info;
-pstring samlogon_user="";
-BOOL sam_logon_in_ssb = False;
fstring remote_proto="UNKNOWN";
fstring remote_machine="";
extern pstring global_myname;
/****************************************************************************
Do some standard substitutions in a string.
****************************************************************************/
-void standard_sub_basic(char *str)
+void standard_sub_basic(char *smb_name, char *str)
{
char *p, *s;
fstring pidstr;
switch (*(p+1)) {
case 'U' :
- fstrcpy(tmp_str, sam_logon_in_ssb?samlogon_user:current_user_info.smb_name);
+ fstrcpy(tmp_str, smb_name);
strlower(tmp_str);
string_sub(p,"%U",tmp_str,l);
break;
case 'G' :
- fstrcpy(tmp_str, sam_logon_in_ssb?samlogon_user:current_user_info.smb_name);
+ fstrcpy(tmp_str, smb_name);
if ((pass = Get_Pwnam(tmp_str))!=NULL) {
string_sub(p,"%G",gidtoname(pass->pw_gid),l);
} else {
/****************************************************************************
Do some standard substitutions in a string.
****************************************************************************/
-void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, char *str)
+void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, char *smb_name, char *str)
{
char *p, *s, *home;
}
}
- standard_sub_basic(str);
+ standard_sub_basic(smb_name, str);
}
/****************************************************************************
****************************************************************************/
void standard_sub_conn(connection_struct *conn, char *str)
{
- standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, str);
+ standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str);
}
/****************************************************************************
cached_uid = current_user.uid;
}
- standard_sub_advanced(snum, cached_user, "", -1, str);
+ standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str);
}
/*******************************************************************
********************************************************************/
void standard_sub_vuser(char *str, user_struct *vuser)
{
- standard_sub_advanced(-1, vuser->user.unix_name, "", -1, str);
+ standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
}
/*******************************************************************
********************************************************************/
void standard_sub_vsnum(char *str, user_struct *vuser, int snum)
{
- standard_sub_advanced(snum, vuser->user.unix_name, "", -1, str);
+ standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
}
BOOL in_client = False; /* Not in the client by default */
BOOL bLoaded = False;
+extern userdom_struct current_user_info;
extern int DEBUGLEVEL_CLASS[DBGC_LAST];
extern pstring user_socket_options;
extern pstring global_myname;
char *szWorkGroup;
char *szRealm;
char *szADSserver;
- char **szDomainAdminGroup;
- char **szDomainGuestGroup;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
{"Domain Options", P_SEP, P_SEPARATOR},
- {"domain admin group", P_LIST, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0},
- {"domain guest group", P_LIST, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0},
-
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
-
+
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0},
trim_string(ret, "\"", "\"");
- standard_sub_basic(ret);
+ standard_sub_basic(current_user_info.smb_name,ret);
return (ret);
}
FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript)
FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
-FN_GLOBAL_LIST(lp_domain_admin_group, &Globals.szDomainAdminGroup)
-FN_GLOBAL_LIST(lp_domain_guest_group, &Globals.szDomainGuestGroup)
FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
time_t mod_time;
pstrcpy(n2, f->name);
- standard_sub_basic(n2);
+ standard_sub_basic(current_user_info.smb_name, n2);
DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
f->name, n2, ctime(&f->modtime)));
pstrcpy(netbios_name, pszParmValue);
- standard_sub_basic(netbios_name);
+ standard_sub_basic(current_user_info.smb_name, netbios_name);
strupper(netbios_name);
pstrcpy(global_myname, netbios_name);
pstrcpy(fname, pszParmValue);
- standard_sub_basic(fname);
+ standard_sub_basic(current_user_info.smb_name, fname);
string_set(ptr, pszParmValue);
pstring fname;
pstrcpy(fname, pszParmValue);
- standard_sub_basic(fname);
+ standard_sub_basic(current_user_info.smb_name, fname);
add_to_file_list(pszParmValue, fname);
BOOL bRetval;
pstrcpy(n2, pszFname);
- standard_sub_basic(n2);
+ standard_sub_basic(current_user_info.smb_name, n2);
add_to_file_list(pszFname, n2);
* service names
*/
fstrcpy(serviceName, ServicePtrs[iService]->szService);
- standard_sub_basic(serviceName);
+ standard_sub_basic(current_user_info.smb_name, serviceName);
if (strequal(serviceName, pszServiceName))
break;
}
#include <rpcsvc/nis.h>
extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
static VOLATILE sig_atomic_t gotalarm;
strtol(temp, NULL, 16) : pdb_uid_to_user_rid (pw_buf->smb_userid);
if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') {
-
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a change_to_user() call */
- pstrcpy(samlogon_user, pw_buf->smb_name);
- sam_logon_in_ssb = True;
-
+
get_single_attribute(obj, NPF_GROUP_RID, temp, sizeof(pstring));
if (strlen(temp) > 0)
#endif
get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring));
get_single_attribute(obj, NPF_WORKSTATIONS, workstations, sizeof(pstring));
-
- sam_logon_in_ssb = False;
} else {
pstring str;
GROUP_MAP map;
uint32 rid;
- extern BOOL sam_logon_in_ssb;
- extern pstring samlogon_user;
if (!pwd) {
new_sam_acct = NULL;
rid=pdb_gid_to_group_rid(pwd->pw_gid);
pdb_set_group_rid(*new_sam_acct, rid);
- /* UGLY, UGLY HACK!!! */
- pstrcpy(samlogon_user, pwd->pw_name);
-
- sam_logon_in_ssb = True;
-
pstrcpy(str, lp_logon_path());
- standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
pdb_set_profile_path(*new_sam_acct, str);
pstrcpy(str, lp_logon_home());
- standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
pdb_set_homedir(*new_sam_acct, str);
pstrcpy(str, lp_logon_drive());
- standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
pdb_set_dir_drive(*new_sam_acct, str);
pstrcpy(str, lp_logon_script());
- standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
pdb_set_logon_script(*new_sam_acct, str);
- sam_logon_in_ssb = False;
return True;
}
#include <rpcsvc/nis.h>
extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
struct nisp_enum_info
{
/* values, must exist for user */
if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
- /* FIXME!! This doesn't belong here.
- Should be set in net_sam_logon()
- --jerry */
- pstrcpy(samlogon_user, pdb_get_username(pw_buf));
get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring));
if( !(home_dir && *home_dir) )
};
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
extern struct passdb_ops pdb_ops;
/* used for maintain locks on the smbpasswd file */
pdb_set_uid (sam_pass, &pwfile->pw_uid);
pdb_set_gid (sam_pass, &pwfile->pw_gid);
-
- /* FIXME!! This doesn't belong here. Should be set in net_sam_logon()
- --jerry */
-
- pstrcpy(samlogon_user, pw_buf->smb_name);
- sam_logon_in_ssb = True;
pdb_set_fullname(sam_pass, pwfile->pw_gecos);
pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
/* check if this is a user account or a machine account */
- if (samlogon_user[strlen(samlogon_user)-1] != '$')
+ if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$')
{
pstring str;
pstrcpy(str, lp_logon_path());
- standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
pdb_set_profile_path(sam_pass, str);
pstrcpy(str, lp_logon_home());
- standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
pdb_set_homedir(sam_pass, str);
pstrcpy(str, lp_logon_drive());
- standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
pdb_set_dir_drive(sam_pass, str);
pstrcpy(str, lp_logon_script());
- standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
pdb_set_logon_script(sam_pass, str);
} else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
/*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */
}
-
- sam_logon_in_ssb = False;
return True;
}
#define RIDPREFIX "RID_"
extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
struct tdb_enum_info {
TDB_CONTEXT *passwd_tdb;
usr->user_rid = pdb_get_user_rid(sampw);
usr->group_rid = pdb_get_group_rid(sampw);
- usr->num_groups = num_groups+1;
+ usr->num_groups = num_groups;
usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
usr->user_flgs = user_flgs;
init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
- /* always have at least one group == the user's primary group */
- usr->num_groups2 = num_groups+1;
+ usr->num_groups2 = num_groups;
- usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups+1));
+ usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups));
if (usr->gids == NULL)
return;
- /* primary group **MUST** go first. NT4's winmsd.exe will give
- "The Network statistics are currently not available. 9-5"
- What the heck is this? -- jerry */
- usr->gids[0].g_rid = usr->group_rid;
- usr->gids[0].attr = 0x07;
for (i = 0; i < num_groups; i++)
- usr->gids[i+1] = gids[i];
+ usr->gids[i] = gids[i];
init_unistr2(&usr->uni_logon_srv, logon_srv, len_logon_srv);
init_unistr2(&usr->uni_logon_dom, logon_dom, len_logon_dom);
if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
+ if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
+ if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
+ if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
+ if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
+ if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
+ if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
return False;
if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count)) /* logon count */
if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
+ if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
return False;
- if(!smb_io_unihdr("unihdr", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
+ if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
return False;
if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
}
}
- if(!smb_io_unistr2("unistr2", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
+ if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
+ if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
+ if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
+ if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
+ if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
+ if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
return False;
if(!prs_align(ps))
return False;
}
- if(!smb_io_unistr2("unistr2", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
+ if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
return False;
- if(!smb_io_unistr2("unistr2", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
+ if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
return False;
if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */
#include "includes.h"
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
int num_gids = 0;
pstring my_name;
pstring my_workgroup;
- pstring domain_groups;
/* set up pointer indicating user/password failed to be found */
usr_info->ptr_user_info = 0;
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a change_to_user() call */
- sam_logon_in_ssb = True;
- pstrcpy(samlogon_user, nt_username);
-
pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(my_name, global_myname);
strupper(my_name);
* JRA.
*/
- *domain_groups = 0;
-
- get_domain_user_groups(domain_groups, nt_username);
-
- /*
- * make_dom_gids allocates the gids array. JRA.
- */
- gids = NULL;
- num_gids = make_dom_gids(p->mem_ctx, domain_groups, &gids);
-
- sam_logon_in_ssb = False;
+ gids = NULL;
+ get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
init_net_user_info3(p->mem_ctx, usr_info, server_info->sam_account,
0, /* logon_count */
my_workgroup, /* char *logon_dom */
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
+
}
free_server_info(&server_info);
return status;
if (ret == False) {
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
- if(!new_get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) {
+ if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) {
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_GROUP;
}
DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return r_u->status;
}
for (i=0; i<q_u->num_sids1; i++) {
- r_u->status=new_get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid));
+ r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid));
/*
* if there is an error, we just continue as
{ 0 , NULL }
};
-int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
-{
- char *ptr;
- pstring s2;
- int count;
- DOM_GID *gids;
-
- *ppgids = NULL;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0)
- return 0;
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2));
- count++)
- ;
-
- gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count );
- if(!gids)
- {
- DEBUG(0,("make_dom_gids: talloc fail !\n"));
- return 0;
- }
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2)) &&
- count < LSA_MAX_GROUPS;
- count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr_m(s2,'/');
- if (attr)
- *attr++ = 0;
-
- if (!attr || !*attr)
- attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; builtin_alias_rids[i].name != NULL; i++)
- {
- if (strequal(builtin_alias_rids[i].name, s2))
- {
- rid = builtin_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0)
- rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
- }
- }
-
- *ppgids = gids;
- return count;
-}
-
/*******************************************************************
gets a domain user's groups
********************************************************************/
-NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
{
SAM_ACCOUNT *sam_pass=NULL;
char *sep;
sep = lp_winbind_separator();
- DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
+ DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
sid_peek_rid(q_sid, &rid);
become_root();
ret = pdb_getsampwrid(sam_pass, rid);
unbecome_root();
- if (ret == False)
+ if (ret == False) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
+ }
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
gid=pdb_get_gid(sam_pass);
grp = glist = getgrent_list();
- if (grp == NULL)
+ if (grp == NULL) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
-
+ }
for (; grp != NULL; grp = grp->next) {
if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+ DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
continue;
}
/* if it's not an alias, continue */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
continue;
}
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
continue;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
continue;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
continue;
}
/* the group is fine, we can check if there is the user we're looking for */
- DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
for(num=0; grp->gr_mem[num]!=NULL; num++) {
if(strcmp(grp->gr_mem[num], user_name)==0) {
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
sid_peek_rid(&map.sid, &(rids[cur_rid]));
- DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
cur_rid++;
break;
}
}
-
}
-
+
grent_free(glist);
-
+
/* now check for the user's gid (the primary group rid) */
for (i=0; i<cur_rid && grid!=rids[i]; i++)
;
-
+
/* the user's gid is already there */
if (i!=cur_rid) {
- DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n"));
+ DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
goto done;
}
-
- DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
-
+
+ DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+
if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+ DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
-
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
goto done;
}
sid_copy(&tmp_sid, &map.sid);
sid_split_rid(&tmp_sid, &rid);
-
+
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
goto done;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
goto done;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
goto done;
}
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
done:
*prids=rids;
*numgroups=cur_rid;
-
+ pdb_free_sam(&sam_pass);
+
return NT_STATUS_OK;
}
/*******************************************************************
gets a domain user's groups
********************************************************************/
-BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
{
GROUP_MAP *map=NULL;
int i, num, num_entries, cur_gid=0;
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
- DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries));
-
+ DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
/*
* alloc memory. In the worse case, we alloc memory for nothing.
for(i=0; i<num_entries; i++) {
if ((grp=getgrgid(map[i].gid)) == NULL) {
/* very weird !!! */
- DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+ DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
continue;
}
if(strcmp(grp->gr_mem[num], user_name)==0) {
/* we found the user, add the group to the list */
sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
cur_gid++;
break;
}
/* the user's gid is already there */
if (i!=cur_gid) {
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[i].g_rid=gids[0].g_rid;
+ gids[0].g_rid=grid;
goto done;
}
for(i=0; i<num_entries; i++) {
sid_peek_rid(&map[i].sid, &tmp_rid);
if (tmp_rid==grid) {
- gids[cur_gid].g_rid=tmp_rid;
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[cur_gid].g_rid=gids[0].g_rid;
+ gids[0].g_rid=tmp_rid;
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
cur_gid++;
goto done; /* leave the loop early */
}
}
+ DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+ DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
done:
- *pgids=gids;
+ *pgids=gids;
*numgroups=cur_gid;
safe_free(map);
return True;
}
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, const char *user)
-{
- pstring tmp;
-
- if (domain_groups == NULL || user == NULL) return;
-
- /* can only be a user or a guest. cannot be guest _and_ admin */
- if (user_in_list(user, lp_domain_guest_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain guest group access %s granted\n", tmp));
- }
- else
- {
- slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain group access %s granted\n", tmp));
-
- if (user_in_list(user, lp_domain_admin_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain admin group access %s granted\n", tmp));
- }
- }
-}
-
/*******************************************************************
Look up a local (domain) rid and return a name and type.
********************************************************************/
#include "includes.h"
+extern userdom_struct current_user_info;
+
/* look in server.c for some explanation of these variables */
static char msgbuf[1600];
static int msgpos;
pstrcpy(s,lp_msg_command());
pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom)));
pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto)));
- standard_sub_basic(s);
+ standard_sub_basic(current_user_info.smb_name, s);
pstring_sub(s,"%s",name);
smbrun(s,NULL);
}
git.samba.org / samba.git / commitdiff