Index: samba/source/utils/pdbedit.c =================================================================== RCS file: /cvs/root/samba/samba/source/utils/pdbedit.c,v retrieving revision 1.10 diff -u -d -b -r1.10 pdbedit.c --- samba/source/utils/pdbedit.c.orig 2004/08/26 22:07:38 1.10 +++ samba/source/utils/pdbedit.c 2004/11/19 23:09:40 @@ -529,7 +529,7 @@ fstrcat(machineaccount, "$"); if ((pwd = getpwnam_alloc(machineaccount))) { - if (!NT_STATUS_IS_OK(pdb_init_sam_pw( &sam_pwent, pwd))) { + if (!NT_STATUS_IS_OK(pdb_init_sam_pw( &sam_pwent, pwd, False))) { fprintf(stderr, "Could not init sam from pw\n"); passwd_free(&pwd); return -1; Index: samba/source/auth/auth_util.c =================================================================== RCS file: /cvs/root/samba/samba/source/auth/auth_util.c,v retrieving revision 1.1.1.10 diff -u -d -b -r1.1.1.10 auth_util.c --- samba/source/auth/auth_util.c.orig 2004/08/26 21:35:08 1.1.1.10 +++ samba/source/auth/auth_util.c 2004/09/14 00:29:48 @@ -107,7 +107,7 @@ if (!pass) return NT_STATUS_NO_SUCH_USER; - if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass, True))) { return nt_status; } } @@ -660,7 +660,11 @@ /* Try winbind first */ +#ifdef WITH_OPENDIRECTORY + if ( strchr(username, *lp_winbind_separator()) && !lp_opendirectory()) { +#else if ( strchr(username, *lp_winbind_separator()) ) { +#endif n_unix_groups = winbind_getgroups( username, unix_groups ); DEBUG(10,("get_user_groups: winbind_getgroups(%s): result = %s\n", username, @@ -857,7 +861,7 @@ { NTSTATUS nt_status; SAM_ACCOUNT *sampass = NULL; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd, True))) { return nt_status; } if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info))) { @@ -959,7 +963,7 @@ DEBUG(5,("fill_sam_account: located username was [%s]\n", *found_username)); - return pdb_init_sam_pw(sam_account, passwd); + return pdb_init_sam_pw(sam_account, passwd, True); } /**************************************************************************** Index: samba/source/passdb/passdb.c =================================================================== RCS file: /cvs/root/samba/samba/source/passdb/passdb.c,v retrieving revision 1.1.1.14 diff -u -d -b -r1.1.1.14 passdb.c --- samba/source/passdb/passdb.c.orig 2004/08/26 21:35:12 1.1.1.14 +++ samba/source/passdb/passdb.c 2004/09/13 21:13:47 @@ -185,12 +185,15 @@ * SSS ***************************************************************************/ -static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd) +static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd, BOOL idmap) { const char *guest_account = lp_guestaccount(); GROUP_MAP map; BOOL ret; + DOM_SID user_sid; + DOM_SID group_sid; + if (!account_data || !pwd) { return NT_STATUS_INVALID_PARAMETER; } @@ -213,7 +216,12 @@ } } - if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { + if (idmap && NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) { + if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) { + DEBUG(0,("Can't set User SID from mapped UID\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; } @@ -230,7 +238,12 @@ } } else { - if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { + if (idmap && NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) { + if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) { + DEBUG(0,("Can't set Group SID from mapped GID\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { DEBUG(0,("Can't set Group SID\n")); return NT_STATUS_INVALID_PARAMETER; } @@ -241,9 +254,12 @@ /************************************************************* Initialises a struct sam_passwd with sane values. + + The idmap parameter determines whether non-algorithmic (eg. + winbindd) mapping is done of the user's primary UID/GID. ************************************************************/ -NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) +NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd, BOOL idmap) { NTSTATUS ret; @@ -270,7 +286,7 @@ -- abartlet 11-May-02 */ - ret = pdb_set_sam_sids(sam_account, pwd); + ret = pdb_set_sam_sids(sam_account, pwd, idmap); if (!NT_STATUS_IS_OK(ret)) return ret; /* check if this is a user account or a machine account */ @@ -321,7 +337,7 @@ Initialises a struct sam_passwd with sane values. ************************************************************/ -NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) +NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd, BOOL idmap) { NTSTATUS nt_status; @@ -335,7 +351,7 @@ return nt_status; } - if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd, idmap))) { pdb_free_sam(new_sam_acct); new_sam_acct = NULL; return nt_status; @@ -357,12 +373,25 @@ struct passwd *pwd; BOOL ret; + if (lp_opendirectory()) /* computer accounts not available via getpwnam */ + { + pdb_init_sam(new_sam_acct); + become_root(); + ret = pdb_getsampwnam(*new_sam_acct, username); + unbecome_root(); + + if (ret != True) { + pdb_free_sam(new_sam_acct); + *new_sam_acct = NULL; + DEBUG(0, ("could not find new user/computer %s in passdb.\n", username)); + } + } else { pwd = Get_Pwnam(username); if (!pwd) return NT_STATUS_NO_SUCH_USER; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd, False))) { *new_sam_acct = NULL; return nt_status; } @@ -376,6 +405,7 @@ /* set the new SID */ ret = pdb_set_user_sid_from_rid( *new_sam_acct, rid, PDB_SET ); + } return (ret ? NT_STATUS_OK : NT_STATUS_NO_SUCH_USER); } Index: samba/source/passdb/pdb_smbpasswd.c =================================================================== RCS file: /cvs/root/samba/samba/source/passdb/pdb_smbpasswd.c,v retrieving revision 1.1.1.8 diff -u -d -b -r1.1.1.8 pdb_smbpasswd.c --- samba/source/passdb/pdb_smbpasswd.c.orig 2004/08/26 21:35:12 1.1.1.8 +++ samba/source/passdb/pdb_smbpasswd.c 2004/09/13 21:14:44 @@ -1184,7 +1184,7 @@ return False; } - if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) + if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile, False))) return False; passwd_free(&pwfile); Index: samba/source/lib/username.c =================================================================== RCS file: /cvs/root/samba/samba/source/lib/username.c,v retrieving revision 1.1.1.12 diff -u -d -b -r1.1.1.12 username.c --- samba/source/lib/username.c.orig 2004/08/26 21:35:09 1.1.1.12 +++ samba/source/lib/username.c 2004/09/10 23:08:27 @@ -217,18 +217,18 @@ if (!user || !(*user)) return(NULL); + /* Try as given, if username wasn't originally lowercase */ + DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user)); + ret = getpwnam_alloc(user); + if(ret) + goto done; + /* Try in all lower case first as this is the most common case on UNIX systems */ strlower_m(user2); + if(strcmp(user, user2) != 0) { DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2)); ret = getpwnam_alloc(user2); - if(ret) - goto done; - - /* Try as given, if username wasn't originally lowercase */ - if(strcmp(user, user2) != 0) { - DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user)); - ret = getpwnam_alloc(user); if(ret) goto done; } Index: samba/source/passdb/lookup_sid.c =================================================================== RCS file: /cvs/root/samba/samba/source/passdb/lookup_sid.c,v retrieving revision 1.1.1.4 diff -d -u -b -r1.1.1.4 lookup_sid.c --- samba/source/passdb/lookup_sid.c.orig 2004/08/26 21:35:12 1.1.1.4 +++ samba/source/passdb/lookup_sid.c 2004/09/13 23:27:04 @@ -304,7 +304,7 @@ if ( lp_server_role()==ROLE_DOMAIN_MEMBER || (lp_idmap_uid(&low, &high) && uid >= low && uid <= high) ) { - if (winbind_uid_to_sid(psid, uid)) { + if (!lp_opendirectory() && winbind_uid_to_sid(psid, uid)) { DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));