passdb/nispass.c: Fixed compile --with-nisplus (I now have access to a Solaris 2.6 box:-).

passdb/passdb.c: Fixed reading of machine sid so that we correctly change the (decimal)21 to hex 0x21 to be in line with NT. Jeremy.
author: Jeremy Allison <jra@samba.org> 1998-12-29 01:33:33 +0000
committer: Jeremy Allison <jra@samba.org> 1998-12-29 01:33:33 +0000
commit: 507f86b2baa702a0cd73f70d8da9227d47a9c019 (patch)
tree: 04cbbe9c86b1c7735ed988ff89847b844c81dfe6 /source
parent: 18697e90d06518a9a5fd6cf47b59d2e3b7eca0ff (diff)
download: samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.tar.gz
samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.tar.xz
samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.zip
2 files changed, 103 insertions, 52 deletions
diff --git a/source/passdb/nispass.c b/source/passdb/nispass.c
index 0204a7b308d..3e6e27af5f2 100644
--- a/source/passdb/nispass.c
+++ b/source/passdb/nispass.c
@@ -19,9 +19,26 @@
  * Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include "includes.h"
+
 #ifdef WITH_NISPLUS
 
-#include "includes.h"
+/*
+ * The following lines are needed due to buggy include files
+ * in Solaris 2.6 which define GROUP in both /usr/include/acl.h and
+ * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA.
+ * Also GROUP_OBJ is defined as 0x4 in /usr/include/acl.h and as
+ * an enum in /usr/include/rpcsvc/nis.h.
+ */
+
+#if defined(GROUP)
+#undef GROUP
+#endif
+
+#if defined(GROUP_OBJ)
+#undef GROUP_OBJ
+#endif
+
 #include <rpcsvc/nis.h>
 
 extern int      DEBUGLEVEL;
@@ -154,7 +171,7 @@ static void get_single_attribute(nis_object *new_obj, int col,
 		len = entry_len;
 	}
 
-	safe_strcpy(val, len, ENTRY_VAL(new_obj, col));
+	safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1);
 }
 
 /***************************************************************
@@ -376,7 +393,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
 	slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid);
 	slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid);
 
-	safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); 
+	safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)-1); 
 
 	set_single_attribute(&new_obj, NPF_NAME          , newpwd->smb_name     , strlen(newpwd->smb_name)     , 0);
 	set_single_attribute(&new_obj, NPF_UID           , uid                  , strlen(uid)                  , 0);
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 621ec213b26..0d343464369 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -825,7 +825,7 @@ BOOL pdb_generate_sam_sid(void)
 	pstring sid_file;
 	fstring sid_string;
 	SMB_STRUCT_STAT st;
-	uchar raw_sid_data[12];
+	BOOL overwrite_bad_sid = False;
 
 	pstrcpy(sid_file, lp_smb_passwd_file());
 	p = strrchr(sid_file, '/');
@@ -870,28 +870,57 @@ BOOL pdb_generate_sam_sid(void)
 			close(fd);
 			return False;
 		}
-		close(fd);
-		return True;
-	} 
-  
-	/*
-	 * The file contains no data - we need to generate our
-	 * own sid.
-	 */
-	
-	{
 		/*
+		 * Check for a previous bug where we were writing
+		 * a machine SID with an incorrect id_auth[5] of *decimal*
+		 * 21 which should have been hex 21. If so then fix it now...
+		 */
+		if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 21) {
+			/*
+			 * Fix and re-write...
+			 */
+			overwrite_bad_sid = True;
+			global_sam_sid.sub_auths[0] = 0x21;
+			DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of decimal 21 \
+detected - re-writing to be hex 0x21 instead.\n" ));
+			sid_to_string(sid_string, &global_sam_sid);
+			if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) {
+				DEBUG(0,("unable to seek file file %s. Error was %s\n",
+                 sid_file, strerror(errno) ));
+				close(fd);
+				return False;
+	        }
+		} else {
+			close(fd);
+			return True;
+		}
+	} else {
+		/*
+		 * The file contains no data - we need to generate our
+		 * own sid.
 		 * Generate the new sid data & turn it into a string.
 		 */
 		int i;
-		generate_random_buffer( raw_sid_data, 12, True);
-		
+		uchar raw_sid_data[12];
+		DOM_SID mysid;
+
+		memset((char *)&mysid, '\0', sizeof(DOM_SID));
+		mysid.sid_rev_num = 1;
+		mysid.id_auth[5] = 5;
+		mysid.num_auths = 0;
+		mysid.sub_auths[mysid.num_auths++] = 0x21;
+
+#if 0
+		/* NB. This replaces this older code : */
 		fstrcpy( sid_string, "S-1-5-21");
-		for( i = 0; i < 3; i++) {
-			fstring tmp_string;
-			slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4));
-			fstrcat( sid_string, tmp_string);
-		}
+		/* which was incorrect - the 21 shoud have been 33 !. JRA. */
+#endif
+
+		generate_random_buffer( raw_sid_data, 12, True);
+		for( i = 0; i < 3; i++)
+			mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4);
+
+		sid_to_string(sid_string, &mysid);
 	} 
 	
 	fstrcat(sid_string, "\n");
@@ -915,44 +944,47 @@ BOOL pdb_generate_sam_sid(void)
 		close(fd);
 		return False;
 	} 
-  
-	/*
-	 * At this point we have a blocking lock on the SID
-	 * file - check if in the meantime someone else wrote
-	 * SID data into the file. If so - they were here first,
-	 * use their data.
-	 */
-	
-	if(sys_fstat( fd, &st) < 0) {
-		DEBUG(0,("unable to stat file %s. Error was %s\n",
-			 sid_file, strerror(errno) ));
-		close(fd);
-		return False;
-	} 
-  
-	if(st.st_size > 0) {
+ 
+	if(!overwrite_bad_sid) {
 		/*
-		 * Unlock as soon as possible to reduce
-		 * contention on the exclusive lock.
-		 */ 
-		do_file_lock( fd, 60, F_UNLCK);
-		
-		/*
-		 * We have a valid SID - read it.
+		 * At this point we have a blocking lock on the SID
+		 * file - check if in the meantime someone else wrote
+		 * SID data into the file. If so - they were here first,
+		 * use their data.
 		 */
-		
-		if(!read_sid_from_file( fd, sid_file)) {
-			DEBUG(0,("unable to read file %s. Error was %s\n",
+	
+		if(sys_fstat( fd, &st) < 0) {
+			DEBUG(0,("unable to stat file %s. Error was %s\n",
 				 sid_file, strerror(errno) ));
 			close(fd);
 			return False;
-		}
-		close(fd);
-		return True;
-	} 
+		} 
+  
+		if(st.st_size > 0) {
+			/*
+			 * Unlock as soon as possible to reduce
+			 * contention on the exclusive lock.
+			 */ 
+			do_file_lock( fd, 60, F_UNLCK);
+		
+			/*
+			 * We have a valid SID - read it.
+			 */
+		
+			if(!read_sid_from_file( fd, sid_file)) {
+				DEBUG(0,("unable to read file %s. Error was %s\n",
+					 sid_file, strerror(errno) ));
+				close(fd);
+				return False;
+			}
+			close(fd);
+			return True;
+		} 
+	}
 	
 	/*
-	 * The file is still empty and we have an exlusive lock on it.
+	 * The file is still empty and we have an exlusive lock on it,
+	 * or we're fixing an earlier mistake.
 	 * Write out out SID data into the file.
 	 */
 
@@ -964,6 +996,7 @@ BOOL pdb_generate_sam_sid(void)
 	if(chmod(sid_file, 0644) < 0) {
 		DEBUG(0,("unable to set correct permissions on file %s. \
 Error was %s\n", sid_file, strerror(errno) ));
+		do_file_lock( fd, 60, F_UNLCK);
 		close(fd);
 		return False;
 	} 
@@ -971,6 +1004,7 @@ Error was %s\n", sid_file, strerror(errno) ));
 	if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
 		DEBUG(0,("unable to write file %s. Error was %s\n",
 			 sid_file, strerror(errno) ));
+		do_file_lock( fd, 60, F_UNLCK);
 		close(fd);
 		return False;
 	}
author	Jeremy Allison <jra@samba.org>	1998-12-29 01:33:33 +0000
committer	Jeremy Allison <jra@samba.org>	1998-12-29 01:33:33 +0000
commit	507f86b2baa702a0cd73f70d8da9227d47a9c019 (patch)
tree	04cbbe9c86b1c7735ed988ff89847b844c81dfe6 /source
parent	18697e90d06518a9a5fd6cf47b59d2e3b7eca0ff (diff)
download	samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.tar.gz samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.tar.xz samba-507f86b2baa702a0cd73f70d8da9227d47a9c019.zip