A nice *big* change to the fundemental way we do things.

Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...

This adds a getpwnam_alloc and a getpwuid_alloc to the collection.

These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).

This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.

With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code.  This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).

The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups.  In this case we are getting
groups from the new group mapping DB.  Do we still need to check for private
groups?  I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.

I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided.  As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).

The matching case for getpwent() is dealt with already, in lib/util_getent.c

Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup.  (This picks
up the SPNEGO cases).  The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.

TODO:  Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.

Andrew Bartlett

4 files changed, 25 insertions, 18 deletions

diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index 741f5ef0aa1..b22ccacbf1e 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -732,6 +732,7 @@ BOOL pass_oem_change(char *user,
 		     uchar * ntdata, uchar * nthash)
 {
 	fstring new_passwd;
+	const char *unix_user;
 	SAM_ACCOUNT *sampass = NULL;
 	BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
 				      &sampass, new_passwd, sizeof(new_passwd));
@@ -745,8 +746,10 @@ BOOL pass_oem_change(char *user,
 	 * available. JRA.
 	 */
 
-	if ((ret) && lp_unix_password_sync())
-		ret = chgpasswd(user, "", new_passwd, True);
+	unix_user = pdb_get_username(sampass);
+
+	if ((ret) && (unix_user) && (*unix_user) && lp_unix_password_sync())
+		ret = chgpasswd(unix_user, "", new_passwd, True);
 
 	if (ret)
 		ret = change_oem_password(sampass, new_passwd);
diff --git a/source/smbd/password.c b/source/smbd/password.c
index a9d80d36fda..3e942e6f995 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -64,6 +64,8 @@ void invalidate_vuid(uint16 vuid)
 	if (vuser == NULL)
 		return;
 
+	SAFE_FREE(vuser->homedir);
+
 	session_yield(vuser);
 
 	DLIST_REMOVE(validated_users, vuser);
@@ -255,6 +257,14 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
 	fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
 	fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account));
 
+	{
+		/* Keep the homedir handy */
+		const char *homedir = pdb_get_homedir(server_info->sam_account);
+		if (homedir) {
+			vuser->homedir = smb_xstrdup(homedir);
+		}
+	}
+
 	DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", 
 		  (unsigned int)vuser->uid, 
 		  (unsigned int)vuser->gid,
@@ -289,6 +299,12 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
 		return -1;
 	}
 
+	/* Register a home dir service for this user */
+	if ((!vuser->guest) && vuser->homedir && *(vuser->homedir)
+		&& (lp_servicenumber(vuser->user.unix_name) < 0)) {
+		add_home_service(vuser->user.unix_name, vuser->homedir);	  
+	}
+	
 	return vuser->vuid;
 }
 
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 519817432df..0e5830fc24b 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -782,13 +782,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 	
 	if (server_info->guest) {
 		SSVAL(outbuf,smb_vwv2,1);
-	} else {
-		const char *home_dir = pdb_get_homedir(server_info->sam_account);
-		const char *username = pdb_get_username(server_info->sam_account);
-		if ((home_dir && *home_dir)
-		    && (lp_servicenumber(username) < 0)) {
-			add_home_service(username, home_dir);	  
-		}
 	}
 
 	/* register the name and uid as being validated, so further connections
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index 650d9270cbb..8df08a0e72e 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -31,26 +31,21 @@ extern struct current_user current_user;
 BOOL change_to_guest(void)
 {
 	static struct passwd *pass=NULL;
-	static uid_t guest_uid = (uid_t)-1;
-	static gid_t guest_gid = (gid_t)-1;
-	static fstring guest_name;
 
 	if (!pass) {
-		pass = sys_getpwnam(lp_guestaccount());
+		/* Don't need to free() this as its stored in a static */
+		pass = getpwnam_alloc(lp_guestaccount());
 		if (!pass)
 			return(False);
-		guest_uid = pass->pw_uid;
-		guest_gid = pass->pw_gid;
-		fstrcpy(guest_name, pass->pw_name);
 	}
 	
 #ifdef AIX
 	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before 
 	   setting IDs */
-	initgroups(guest_name, guest_gid);
+	initgroups(pass->pw_name, pass->pw_gid);
 #endif
 	
-	set_sec_ctx(guest_uid, guest_gid, 0, NULL, NULL);
+	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
 	
 	current_user.conn = NULL;
 	current_user.vuid = UID_FIELD_INVALID;