From 7264b9df8fd2cfae2db4aca82ac737f47fdd5936 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 1 May 2003 14:08:00 +0000 Subject: [PATCH] proper wellknown sids initialization at startup (This used to be commit 568feee8977ee1be210344c8ab1896512894cba2) --- source3/nsswitch/winbindd.c | 3 ++ source3/passdb/passdb.c | 6 ++-- source3/passdb/pdb_guest.c | 70 ++++++++++++++++++++++----------------------- source3/sam/idmap_util.c | 46 +++++++++++++++++++++++++++++ source3/smbd/server.c | 5 +++- 5 files changed, 90 insertions(+), 40 deletions(-) diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 1be5a18c7c3..da2540f5d98 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -757,6 +757,9 @@ BOOL winbind_setup_common(void) if (!idmap_init()) return False; + if (!idmap_init_wellknown_sids()) + return False; + /* Unblock all signals we are interested in as they may have been blocked by the parent process. */ diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 8631888fafb..bb40e38d0bd 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -37,7 +37,7 @@ Fill the SAM_ACCOUNT with default values. ***********************************************************/ -static void pdb_fill_default_sam(SAM_ACCOUNT *user) +void pdb_fill_default_sam(SAM_ACCOUNT *user) { ZERO_STRUCT(user->private); /* Don't touch the talloc context */ @@ -296,7 +296,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username) /* set Domain Users by default ! */ sid_copy(&g_sid, get_global_sam_sid()); - sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS); + sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS); pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET); } return NT_STATUS_OK; @@ -671,7 +671,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use GROUP_MAP map; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ - DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", + DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n", sid_string_static(&map.sid))); return False; } diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 7ecfa7d4c3c..9bcdccc7e7b 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -24,11 +24,16 @@ Lookup a name in the SAM database ******************************************************************/ -static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname) +static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname) { NTSTATUS nt_status; - struct passwd *pass; const char *guest_account = lp_guestaccount(); + + if (!sam_account || !sname) { + DEBUG(0,("invalid name specified")); + return NT_STATUS_UNSUCCESSFUL; + } + if (!(guest_account && *guest_account)) { DEBUG(1, ("NULL guest account!?!?\n")); return NT_STATUS_UNSUCCESSFUL; @@ -38,21 +43,31 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT * DEBUG(0,("invalid methods\n")); return NT_STATUS_UNSUCCESSFUL; } - if (!sname) { - DEBUG(0,("invalid name specified")); - return NT_STATUS_UNSUCCESSFUL; - } - if (!strequal(guest_account, sname)) { return NT_STATUS_NO_SUCH_USER; } - pass = getpwnam_alloc(guest_account); - - nt_status = pdb_fill_sam_pw(user, pass); + pdb_fill_default_sam(sam_account); + + if (!pdb_set_username(sam_account, guest_account, PDB_SET)) + return NT_STATUS_UNSUCCESSFUL; + + if (!pdb_set_fullname(sam_account, guest_account, PDB_SET)) + return NT_STATUS_UNSUCCESSFUL; + + if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT)) + return NT_STATUS_UNSUCCESSFUL; + + if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) + return NT_STATUS_UNSUCCESSFUL; + + if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) + return NT_STATUS_UNSUCCESSFUL; + + if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) + return NT_STATUS_UNSUCCESSFUL; - passwd_free(&pass); - return nt_status; + return NT_STATUS_OK; } @@ -61,35 +76,17 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT * **************************************************************************/ static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *user, uint32 rid) + SAM_ACCOUNT *sam_account, uint32 rid) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct passwd *pass = NULL; - const char *guest_account = lp_guestaccount(); - if (!(guest_account && *guest_account)) { - DEBUG(1, ("NULL guest account!?!?\n")); - return nt_status; - } - - if (!methods) { - DEBUG(0,("invalid methods\n")); - return nt_status; - } - - if (rid == DOMAIN_USER_RID_GUEST) { - pass = getpwnam_alloc(guest_account); - if (!pass) { - DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); - return NT_STATUS_NO_SUCH_USER; - } - } else { + if (rid != DOMAIN_USER_RID_GUEST) { return NT_STATUS_NO_SUCH_USER; } - nt_status = pdb_fill_sam_pw(user, pass); - passwd_free(&pass); + if (!sam_account) { + return NT_STATUS_INVALID_PARAMETER; + } - return nt_status; + return guestsam_getsampwnam (methods, sam_account, lp_guestaccount()); } static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) @@ -97,6 +94,7 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT uint32 rid; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) return NT_STATUS_NO_SUCH_USER; + return guestsam_getsampwrid(my_methods, user, rid); } diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c index 5d089d3bafb..92cbb103db3 100644 --- a/source3/sam/idmap_util.c +++ b/source3/sam/idmap_util.c @@ -298,3 +298,49 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid) return ret; } + +/* Initialize idmap withWellknown SIDs like Guest, that are necessary + * to make samba run properly */ +BOOL idmap_init_wellknown_sids(void) +{ + const char *guest_account = lp_guestaccount(); + struct passwd *pass; + DOM_SID sid; + unid_t id; + int flags; + + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return False; + } + + pass = getpwnam_alloc(guest_account); + if (!pass) { + return False; + } + + flags = ID_USERID; + id.uid = pass->pw_uid; + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, DOMAIN_USER_RID_GUEST); + if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) { + passwd_free(&pass); + return False; + } + + /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the + * guest account gid as mapping */ + flags = ID_GROUPID | ID_NOMAP; + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS); + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &flags, &sid))) { + flags = ID_GROUPID; + id.gid = pass->pw_gid; + if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) { + passwd_free(&pass); + return False; + } + } + + return True; +} diff --git a/source3/smbd/server.c b/source3/smbd/server.c index b1b9192c096..ef27f0b7a4b 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -833,10 +833,13 @@ static BOOL init_structs(void ) if (!init_registry()) exit(1); + if(!initialize_password_db(False)) + exit(1); + if (!idmap_init()) exit(1); - if(!initialize_password_db(False)) + if (!idmap_init_wellknown_sids()) exit(1); static_init_rpc; -- 2.11.4.GIT