summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-02-08 11:59:55 +0000
committerAndrew Bartlett <abartlet@samba.org>2004-02-08 11:59:55 +0000
commit9b586b5a645c27d48d3cf8eb788e297ba83114d6 (patch)
tree7fff83e3eba138fe392a41ed9b6bb0f5348c8643
parentf7c1c68e19c00c3b107d4fd08401ed8aeb09bbaa (diff)
downloadsamba-9b586b5a645c27d48d3cf8eb788e297ba83114d6.tar.gz
samba-9b586b5a645c27d48d3cf8eb788e297ba83114d6.tar.bz2
samba-9b586b5a645c27d48d3cf8eb788e297ba83114d6.zip
(merge from 3.0)
Make more functions static, and remove duplication in the use of functions in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). This also includes some >14 character password changes, and the start of a move away from using 'admin user' to determine if the user is root (as root can login without setting 'admin user'). Andrew Bartlett (This used to be commit be0704abb919152c359a735023283acbf9be3076)
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/lib/iconv.c2
-rw-r--r--source3/lib/smbpasswd.c200
-rw-r--r--source3/nsswitch/winbindd_rpc.c2
-rw-r--r--source3/passdb/pdb_get_set.c17
-rw-r--r--source3/rpc_parse/parse_misc.c2
-rw-r--r--source3/smbd/nttrans.c5
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/utils/net_rpc_join.c2
-rw-r--r--source3/utils/net_rpc_samsync.c12
-rw-r--r--source3/web/cgi.c2
11 files changed, 30 insertions, 218 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1c8341a139..7fa0c14bd0 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -180,7 +180,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
lib/ms_fnmatch.o lib/select.o lib/messages.o \
lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
- lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
+ lib/md5.o lib/hmacmd5.o lib/iconv.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
index d0d2dcd1c4..7df73192f2 100644
--- a/source3/lib/iconv.c
+++ b/source3/lib/iconv.c
@@ -105,7 +105,7 @@ NTSTATUS smb_register_charset(struct charset_functions *funcs)
return NT_STATUS_OK;
}
-void lazy_initialize_iconv(void)
+static void lazy_initialize_iconv(void)
{
static BOOL initialized;
int i;
diff --git a/source3/lib/smbpasswd.c b/source3/lib/smbpasswd.c
index 92ae1ffea2..e69de29bb2 100644
--- a/source3/lib/smbpasswd.c
+++ b/source3/lib/smbpasswd.c
@@ -1,200 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- smbpasswd file format routines
-
- Copyright (C) Andrew Tridgell 1992-1998
- Modified by Jeremy Allison 1995.
- Modified by Gerald (Jerry) Carter 2000-2001
- Copyright (C) Tim Potter 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*! \file lib/smbpasswd.c
-
- The smbpasswd file is used to store encrypted passwords in a similar
- fashion to the /etc/passwd file. The format is colon separated fields
- with one user per line like so:
-
- <username>:<uid>:<lanman hash>:<nt hash>:<acb info>:<last change time>
-
- The username and uid must correspond to an entry in the /etc/passwd
- file. The lanman and nt password hashes are 32 hex digits corresponding
- to the 16-byte lanman and nt hashes respectively.
-
- The password last change time is stored as a string of the format
- LCD-<change time> where the change time is expressed as an
-
- 'N' No password
- 'D' Disabled
- 'H' Homedir required
- 'T' Temp account.
- 'U' User account (normal)
- 'M' MNS logon user account - what is this ?
- 'W' Workstation account
- 'S' Server account
- 'L' Locked account
- 'X' No Xpiry on password
- 'I' Interdomain trust account
-
-*/
-
-#include "includes.h"
-
-/*! Convert 32 hex characters into a 16 byte array. */
-
-BOOL smbpasswd_gethexpwd(char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- const char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p) return (False);
-
- for (i = 0; i < 32; i += 2)
- {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr_m(hexchars, hinybble);
- p2 = strchr_m(hexchars, lonybble);
-
- if (!p1 || !p2)
- {
- return (False);
- }
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
-
-/*! Convert a 16-byte array into 32 hex characters. */
-
-void smbpasswd_sethexpwd(fstring p, unsigned char *pwd, uint16 acb_info)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acb_info & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*! Decode the account control bits (ACB) info from a string. */
-
-uint16 smbpasswd_decode_acb_info(const char *p)
-{
- uint16 acb_info = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[') return 0;
-
- for (p++; *p && !finished; p++)
- {
- switch (*p) {
- case 'N': /* 'N'o password. */
- acb_info |= ACB_PWNOTREQ;
- break;
- case 'D': /* 'D'isabled. */
- acb_info |= ACB_DISABLED;
- break;
- case 'H': /* 'H'omedir required. */
- acb_info |= ACB_HOMDIRREQ;
- break;
- case 'T': /* 'T'emp account. */
- acb_info |= ACB_TEMPDUP;
- break;
- case 'U': /* 'U'ser account (normal). */
- acb_info |= ACB_NORMAL;
- break;
- case 'M': /* 'M'NS logon user account. What is this ? */
- acb_info |= ACB_MNS;
- break;
- case 'W': /* 'W'orkstation account. */
- acb_info |= ACB_WSTRUST;
- break;
- case 'S': /* 'S'erver account. */
- acb_info |= ACB_SVRTRUST;
- break;
- case 'L': /* 'L'ocked account. */
- acb_info |= ACB_AUTOLOCK;
- break;
- case 'X': /* No 'X'piry on password */
- acb_info |= ACB_PWNOEXP;
- break;
- case 'I': /* 'I'nterdomain trust account. */
- acb_info |= ACB_DOMTRUST;
- break;
-
- case ' ':
- break;
- case ':':
- case '\n':
- case '\0':
- case ']':
- default:
- finished = True;
- break;
- }
- }
-
- return acb_info;
-}
-
-/*! Encode account control bits (ACBs) into a string. */
-
-char *smbpasswd_encode_acb_info(uint16 acb_info)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acb_info & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acb_info & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acb_info & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acb_info & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acb_info & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acb_info & ACB_MNS ) acct_str[i++] = 'M';
- if (acb_info & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acb_info & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acb_info & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acb_info & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acb_info & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < NEW_PW_FORMAT_SPACE_PADDED_LEN - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = NEW_PW_FORMAT_SPACE_PADDED_LEN - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 21e0c3092e..d4428a2f59 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -792,7 +792,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
LDAP queries
**********************************************************************/
-int get_ldap_sequence_number( const char* domain, uint32 *seq)
+static int get_ldap_sequence_number( const char* domain, uint32 *seq)
{
int ret = -1;
int i, port = LDAP_PORT;
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 869165f1dc..be03157636 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1102,13 +1102,24 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
if (!sampass || !plaintext)
return False;
- nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
+ /* Calculate the MD4 hash (NT compatible) of the password */
+ E_md4hash(plaintext, new_nt_p16);
if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
return False;
- if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
- return False;
+ if (!E_deshash(plaintext, new_lanman_p16)) {
+ /* E_deshash returns false for 'long' passwords (> 14
+ DOS chars). This allows us to match Win2k, which
+ does not store a LM hash for these passwords (which
+ would reduce the effective password length to 14 */
+
+ if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
+ return False;
+ } else {
+ if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
+ return False;
+ }
if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
return False;
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index b34efa6667..cea31c88a8 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -32,7 +32,7 @@
static TALLOC_CTX *current_rpc_talloc = NULL;
-TALLOC_CTX *get_current_rpc_talloc(void)
+static TALLOC_CTX *get_current_rpc_talloc(void)
{
return current_rpc_talloc;
}
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 25721d99a8..0a2843629e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -56,7 +56,7 @@ struct generic_mapping file_generic_mapping = {
FILE_GENERIC_ALL
};
-char *nttrans_realloc(char **ptr, size_t size)
+static char *nttrans_realloc(char **ptr, size_t size)
{
char *tptr = NULL;
if (ptr==NULL)
@@ -2022,11 +2022,12 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf,
SMB_NTQUOTA_STRUCT qt;
SMB_NTQUOTA_LIST *tmp_list;
SMB_NTQUOTA_HANDLE *qt_handle = NULL;
+ extern struct current_user current_user;
ZERO_STRUCT(qt);
/* access check */
- if (conn->admin_user != True) {
+ if (current_user.uid != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),conn->user));
return ERROR_DOS(ERRDOS,ERRnoaccess);
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e7aa41e343..26e4021443 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -145,7 +145,7 @@ static void msg_exit_server(int msg_type, pid_t src, void *buf, size_t len)
Have we reached the process limit ?
****************************************************************************/
-BOOL allowable_number_of_smbd_processes(void)
+static BOOL allowable_number_of_smbd_processes(void)
{
int max_processes = lp_max_smbd_processes();
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 6bfeedc8a0..52e295949e 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -42,7 +42,7 @@
* @return A shell status integer (0 for success)
*
**/
-int net_rpc_join_ok(const char *domain)
+static int net_rpc_join_ok(const char *domain)
{
struct cli_state *cli;
uchar stored_md4_trust_password[16];
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index e97a362acc..cb395de828 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -62,21 +62,21 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) {
sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
- smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
+ pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
} else {
- smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0);
+ pdb_sethexpwd(hex_lm_passwd, NULL, 0);
}
if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) {
sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
- smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
+ pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
} else {
- smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0);
+ pdb_sethexpwd(hex_nt_passwd, NULL, 0);
}
printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
a->user_rid, hex_lm_passwd, hex_nt_passwd,
- smbpasswd_encode_acb_info(a->acb_info));
+ pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
}
static void display_domain_info(SAM_DOMAIN_INFO *a)
@@ -432,7 +432,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
pstrcpy(add_script, lp_addmachine_script());
} else {
DEBUG(1, ("Unknown user type: %s\n",
- smbpasswd_encode_acb_info(delta->acb_info)));
+ pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
nt_ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 8a103fa57f..aac009893c 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -91,7 +91,7 @@ static char *grab_line(FILE *f, int *cl)
(This was in rfc1738_unescape(), but that broke the squid helper)
**/
-void plus_to_space_unescape(char *buf)
+static void plus_to_space_unescape(char *buf)
{
char *p=buf;