weekend work. user / group database API.

- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...

2 files changed, 91 insertions, 49 deletions

diff --git a/source/lib/util.c b/source/lib/util.c
index 757abc81751..8bc75e1137e 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -121,7 +121,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
 /****************************************************************************
 gets either a hex number (0xNNN) or decimal integer (NNN).
 ****************************************************************************/
-int get_number(char *tmp)
+int get_number(const char *tmp)
 {
 	if (strnequal(tmp, "0x", 2))
 	{
@@ -2185,33 +2185,18 @@ void standard_sub(connection_struct *conn,char *str)
 {
 	char *p, *s, *home;
 
-	for (s=str; (p=strchr(s, '%'));s=p) {
-		switch (*(p+1)) {
-		case 'H': 
-			if ((home = get_home_dir(conn->user))) {
-				string_sub(p,"%H",home);
-			} else {
-				p += 2;
-			}
-			break;
-			
-		case 'P': 
-			string_sub(p,"%P",conn->connectpath); 
-			break;
-			
-		case 'S': 
-			string_sub(p,"%S",
-				   lp_servicename(SNUM(conn))); 
-			break;
-			
-		case 'g': 
-			string_sub(p,"%g",
-				   gidtoname(conn->gid)); 
-			break;
-		case 'u': 
-			string_sub(p,"%u",conn->user); 
-			break;
-			
+	for (s=str; (p=strchr(s, '%'));s=p)
+	{
+		switch (*(p+1))
+		{
+			case 'H': 
+				if ((home = get_home_dir(conn->user)) != NULL) {
+					string_sub(p,"%H",home);
+				} else {
+					p += 2;
+				}
+				break;
+				
 			/* Patch from jkf@soton.ac.uk Left the %N (NIS
 			 * server name) in standard_sub_basic as it is
 			 * a feature for logon servers, hence uses the
@@ -2219,17 +2204,14 @@ void standard_sub(connection_struct *conn,char *str)
 			 * here as it is used instead of the default
 			 * "path =" string in [homes] and so needs the
 			 * service name, not the username.  */
-		case 'p': 
-			string_sub(p,"%p",
-				   automount_path(lp_servicename(SNUM(conn)))); 
-			break;
-		case '\0': 
-			p++; 
-			break; /* don't run off the end of the string 
-				*/
-			
-		default: p+=2; 
-			break;
+			case 'p': string_sub(p,"%p", automount_path(lp_servicename(SNUM(conn)))); break;
+			case 'P': string_sub(p,"%P",conn->connectpath); break; 
+			case 'S': string_sub(p,"%S", lp_servicename(SNUM(conn))); break; 
+			case 'g': string_sub(p,"%g", gidtoname(conn->gid)); break;
+			case 'u': string_sub(p,"%u", conn->user); break;
+				
+			case '\0': p++; break; /* don't run off the end of the string */ 
+			default  : p+=2; break;
 		}
 	}
 	
@@ -2351,13 +2333,48 @@ char *gidtoname(gid_t gid)
 }
 
 /*******************************************************************
+turn a group name into a gid
+********************************************************************/
+
+BOOL nametogid(const char *name, gid_t *gid)
+{
+	struct group *grp = getgrnam(name);
+	if (grp)
+	{
+		*gid = grp->gr_gid;
+		return True;
+	}
+	else if (isdigit(name[0]))
+	{
+		*gid = (gid_t)get_number(name);
+		return True;
+	}
+	else
+	{
+		return False;
+	}
+}
+
+/*******************************************************************
 turn a user name into a uid
 ********************************************************************/
-uid_t nametouid(const char *name)
+BOOL nametouid(const char *name, uid_t *uid)
 {
-	struct passwd *pass = getpwnam(name);
-	if (pass) return(pass->pw_uid);
-	return (uid_t)-1;
+	struct passwd *pass = Get_Pwnam(name, False);
+	if (pass)
+	{
+		*uid = pass->pw_uid;
+		return True;
+	}
+	else if (isdigit(name[0]))
+	{
+		*uid = (uid_t)get_number(name);
+		return True;
+	}
+	else
+	{
+		return False;
+	}
 }
 
 /*******************************************************************
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 87414790672..48c092ecf7d 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -29,7 +29,7 @@ extern int DEBUGLEVEL;
  Convert a SID to an ascii string.
 *****************************************************************/
 
-char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
+char *sid_to_string(pstring sidstr_out, const DOM_SID *sid)
 {
   char subauth[16];
   int i;
@@ -55,10 +55,10 @@ char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
  Convert a string to a SID. Returns True on success, False on fail.
 *****************************************************************/  
    
-BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
+BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 {
   pstring tok;
-  char *p = sidstr;
+  const char *p = sidstr;
   /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
   uint32 ia;
 
@@ -146,7 +146,7 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
 /*****************************************************************
  copies a sid
 *****************************************************************/  
-void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
+void sid_copy(DOM_SID *sid1, const DOM_SID *sid2)
 {
 	int i;
 
@@ -163,10 +163,35 @@ void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
 	sid1->num_auths   = sid2->num_auths;
 	sid1->sid_rev_num = sid2->sid_rev_num;
 }
+
+/*****************************************************************
+ compare two sids up to the auths of the first sid
+*****************************************************************/  
+BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+	int i;
+
+	/* compare most likely different rids, first: i.e start at end */
+	for (i = sid1->num_auths-1; i >= 0; --i)
+	{
+		if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
+	}
+
+	if (sid1->num_auths   >  sid2->num_auths  ) return False;
+	if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
+
+	for (i = 0; i < 6; i++)
+	{
+		if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
+	}
+
+	return True;
+}
+
 /*****************************************************************
  compare two sids
 *****************************************************************/  
-BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
+BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	int i;
 
@@ -191,7 +216,7 @@ BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
 /*****************************************************************
  calculates size of a sid
 *****************************************************************/  
-int sid_size(DOM_SID *sid)
+int sid_size(const DOM_SID *sid)
 {
 	if (sid == NULL)
 	{