summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-05-04 15:44:27 +0000
committerJean-François Micouleau <jfm@samba.org>2001-05-04 15:44:27 +0000
commitf35157f39293f9fa240a28642c41708b55d301c8 (patch)
treecd0eb02e9b316899d2cfb9b8cc2784ad739c60a5
parent1f7a451c1e059b5a86e1e78debd582579aa7bcb7 (diff)
downloadsamba-f35157f39293f9fa240a28642c41708b55d301c8.tar.gz
samba-f35157f39293f9fa240a28642c41708b55d301c8.tar.bz2
samba-f35157f39293f9fa240a28642c41708b55d301c8.zip
Big cleanup of passdb and backends.
I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
-rw-r--r--source3/Makefile.in12
-rw-r--r--source3/groupdb/mapping.c37
-rw-r--r--source3/include/mapping.h4
-rw-r--r--source3/include/proto.h37
-rw-r--r--source3/include/smb.h41
-rw-r--r--source3/passdb/passdb.c733
-rw-r--r--source3/passdb/pdb_smbpasswd.c222
-rw-r--r--source3/passdb/pdb_tdb.c97
-rw-r--r--source3/rpc_server/srv_netlog_nt.c90
-rw-r--r--source3/rpc_server/srv_pipe.c29
-rw-r--r--source3/rpc_server/srv_samr.c129
-rw-r--r--source3/rpc_server/srv_samr_nt.c782
-rw-r--r--source3/rpc_server/srv_util.c29
-rw-r--r--source3/smbd/chgpasswd.c98
-rw-r--r--source3/smbd/lanman.c8
-rw-r--r--source3/smbd/password.c24
-rw-r--r--source3/smbd/reply.c14
-rw-r--r--source3/utils/pdbedit.c93
-rw-r--r--source3/utils/smbgroupedit.c9
-rw-r--r--source3/utils/smbpasswd.c21
20 files changed, 1271 insertions, 1238 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index a62886246a..2b31ace4c3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -156,7 +156,7 @@ LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
PASSDB_OBJ = passdb/passdb.o passdb/secrets.o \
passdb/pass_check.o passdb/smbpassfile.o \
passdb/machine_sid.o passdb/pdb_smbpasswd.o \
- passdb/pdb_tdb.o passdb/pampass.o
+ passdb/pampass.o passdb/pdb_tdb.o
GROUPDB_OBJ = groupdb/mapping.o
@@ -214,7 +214,7 @@ NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
web/swat.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \
$(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ)
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -241,11 +241,11 @@ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
$(LIB_OBJ)
SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
- $(LIBSMB_OBJ) $(PASSDB_OBJ) \
+ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
$(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ)
SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -256,7 +256,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
- $(READLINE_OBJ)
+ $(READLINE_OBJ) $(GROUPDB_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po
@@ -304,7 +304,7 @@ LOCKTEST_OBJ = utils/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
- $(LIBMSRPC_OBJ)
+ $(LIBMSRPC_OBJ) $(GROUPDB_OBJ)
LOCKTEST2_OBJ = utils/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 435d315518..bc5ac3e9eb 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -388,7 +388,8 @@ BOOL group_map_remove(DOM_SID sid)
/****************************************************************************
enumerate the group mapping
****************************************************************************/
-BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries)
+BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
+ int *num_entries, BOOL unix_only)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
@@ -405,10 +406,12 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *n
kbuf.dptr;
newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
- if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
+ if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
+ continue;
dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr) continue;
+ if (!dbuf.dptr)
+ continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
@@ -416,10 +419,15 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *n
&map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege);
safe_free(dbuf.dptr);
- if (ret != dbuf.dsize) continue;
+ if (ret != dbuf.dsize)
+ continue;
/* list only the type or everything if UNKNOWN */
- if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) continue;
+ if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use)
+ continue;
+
+ if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1)
+ continue;
string_to_sid(&map.sid, string_sid);
@@ -513,19 +521,29 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
{
struct group *grp;
+ DEBUG(10, ("get_domain_group_from_sid\n"));
+
/* if the group is NOT in the database, it CAN NOT be a domain group */
if(!get_group_map_from_sid(sid, map))
return False;
+ DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
+
/* if it's not a domain group, continue */
if (map->sid_name_use!=SID_NAME_DOM_GRP)
return False;
+
+ DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
if (map->gid==-1)
return False;
+ DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid));
+
if ( (grp=getgrgid(map->gid)) == NULL)
- return False;
+ return False;
+
+ DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
return True;
}
@@ -599,8 +617,6 @@ Returns a GROUP_MAP struct based on the gid.
BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
{
struct group *grp;
- DOM_SID sid;
- uint32 rid;
if ( (grp=getgrgid(gid)) == NULL)
return False;
@@ -613,9 +629,8 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
map->sid_name_use=SID_NAME_ALIAS;
map->privilege=SE_PRIV_NONE;
- rid=pdb_gid_to_group_rid(gid);
- sid_copy(&sid, &global_sam_sid);
- sid_append_rid(&sid, rid);
+ sid_copy(&map->sid, &global_sam_sid);
+ sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
fstrcpy(map->nt_name, grp->gr_name);
fstrcpy(map->comment, "Local Unix Group");
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index 2543f6e42a..f3e0be6e4a 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -42,3 +42,7 @@ typedef struct _PRIVS {
#define SE_PRIV_ALL 0xffff
#define PRIV_ALL_INDEX 4
+
+
+#define ENUM_ONLY_MAPPED True
+#define ENUM_ALL_MAPPED False
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 98922a06f9..daa393e0e1 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -29,7 +29,8 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map);
BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map);
BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map);
BOOL group_map_remove(DOM_SID sid);
-BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries);
+BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
+ int *num_entries, BOOL unix_only);
void convert_priv_from_text(uint32 *se_priv, char *privilege);
void convert_priv_to_text(uint32 se_priv, char *privilege);
BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map);
@@ -2051,8 +2052,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
/*The following definitions come from passdb/passdb.c */
BOOL initialize_password_db(BOOL reload);
-void pdb_init_sam(SAM_ACCOUNT *user);
-void pdb_clear_sam(SAM_ACCOUNT *user);
+BOOL pdb_init_sam(SAM_ACCOUNT **user);
+BOOL pdb_clear_sam(SAM_ACCOUNT *user);
struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user);
char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
uint16 pdb_decode_acct_ctrl(const char *p);
@@ -2120,11 +2121,11 @@ BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid);
BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid);
BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid);
BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid);
-BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username);
-BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain);
-BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username);
-BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname);
-BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script);
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, char *username);
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, char *domain);
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, char *nt_username);
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, char *fullname);
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script);
BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path);
BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive);
BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir);
@@ -2142,22 +2143,22 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours);
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
-SAM_ACCOUNT* pdb_getsampwent (void);
-SAM_ACCOUNT* pdb_getsampwnam (char *username);
-SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
-SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
-BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
-BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
+BOOL pdb_getsampwent(SAM_ACCOUNT *user);
+BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, char *username);
+BOOL pdb_getsampwuid (SAM_ACCOUNT *sam_acct, uid_t uid);
+BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid);
+BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass);
+BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
/*The following definitions come from passdb/pdb_tdb.c */
BOOL pdb_setsampwent(BOOL update);
void pdb_endsampwent(void);
-SAM_ACCOUNT* pdb_getsampwent(void);
-SAM_ACCOUNT* pdb_getsampwnam (char *sname);
-SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
-SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
+BOOL pdb_getsampwent(SAM_ACCOUNT *user);
+BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname);
+BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid);
+BOOL pdb_getsampwrid (SAM_ACCOUNT *user, uint32 rid);
BOOL pdb_delete_sam_account(char *sname);
BOOL pdb_update_sam_account (SAM_ACCOUNT *newpwd, BOOL override);
BOOL pdb_add_sam_account (SAM_ACCOUNT *newpwd);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 7f4825b501..0993d349a2 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -644,28 +644,25 @@ typedef struct
typedef struct sam_passwd
{
- TALLOC_CTX *mem_ctx; /* used for all dynamically allocated
- memory in this struct*/
-
- time_t logon_time; /* logon time */
- time_t logoff_time; /* logoff time */
- time_t kickoff_time; /* kickoff time */
- time_t pass_last_set_time; /* password last set time */
- time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
-
- char *username; /* UNIX username string */
- char *domain; /* Windows Domain name */
- char *nt_username; /* Windows username string */
- char *full_name; /* user's full name string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc ; /* user description string */
- char *workstations; /* login from workstations string */
- char *unknown_str ; /* don't know what this is, yet. */
- char *munged_dial ; /* munged path name and dial-back tel number */
+ time_t logon_time; /* logon time */
+ time_t logoff_time; /* logoff time */
+ time_t kickoff_time; /* kickoff time */
+ time_t pass_last_set_time; /* password last set time */
+ time_t pass_can_change_time; /* password can change time */
+ time_t pass_must_change_time; /* password must change time */
+
+ pstring username; /* UNIX username string */
+ pstring domain; /* Windows Domain name */
+ pstring nt_username; /* Windows username string */
+ pstring full_name; /* user's full name string */
+ pstring home_dir; /* home directory string */
+ pstring dir_drive; /* home directory drive string */
+ pstring logon_script; /* logon script string */
+ pstring profile_path; /* profile path string */
+ pstring acct_desc ; /* user description string */
+ pstring workstations; /* login from workstations string */
+ pstring unknown_str ; /* don't know what this is, yet. */
+ pstring munged_dial ; /* munged path name and dial-back tel number */
uid_t uid; /* this is actually the unix uid_t */
gid_t gid; /* this is actually the unix gid_t */
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 50bf5e73f3..3df58b2e7a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -98,49 +98,66 @@ static void pdb_init_dispinfo(struct sam_disp_info *user)
}
/*************************************************************
- initialises a struct sam_passwd.
+ alloc memory and initialises a struct sam_passwd.
************************************************************/
-void pdb_init_sam(SAM_ACCOUNT *user)
+BOOL pdb_init_sam(SAM_ACCOUNT **user)
{
- if (user == NULL)
- return;
+ if (*user != NULL) {
+ DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_init_sam\n");
+#endif
+ return False;
+ }
- ZERO_STRUCTP(user);
-
- user->mem_ctx = talloc_init();
- DEBUG(10, ("pdb_init_sam: obtained a talloc context of 0x%x\n",
- (unsigned)user->mem_ctx));
-
- user->logon_time = (time_t)0;
- user->logoff_time = (time_t)-1;
- user->kickoff_time = (time_t)-1;
- user->pass_last_set_time = (time_t)-1;
- user->pass_can_change_time = (time_t)-1;
- user->pass_must_change_time = (time_t)-1;
-
- user->unknown_3 = 0x00ffffff; /* don't know */
- user->logon_divs = 168; /* hours per week */
- user->hours_len = 21; /* 21 times 8 bits = 168 */
- memset(user->hours, 0xff, user->hours_len); /* available at all hours */
- user->unknown_5 = 0x00000000; /* don't know */
- user->unknown_6 = 0x000004ec; /* don't know */
+ *user=(SAM_ACCOUNT *)malloc(sizeof(SAM_ACCOUNT));
+
+ if (*user==NULL) {
+ DEBUG(0,("pdb_init_sam: error while allocating memory\n"));
+ return False;
+ }
+
+ ZERO_STRUCTP(*user);
+
+ (*user)->logon_time = (time_t)0;
+ (*user)->logoff_time = (time_t)-1;
+ (*user)->kickoff_time = (time_t)-1;
+ (*user)->pass_last_set_time = (time_t)-1;
+ (*user)->pass_can_change_time = (time_t)-1;
+ (*user)->pass_must_change_time = (time_t)-1;
+
+ (*user)->unknown_3 = 0x00ffffff; /* don't know */
+ (*user)->logon_divs = 168; /* hours per week */
+ (*user)->hours_len = 21; /* 21 times 8 bits = 168 */
+ memset((*user)->hours, 0xff, (*user)->hours_len); /* available at all hours */
+ (*user)->unknown_5 = 0x00000000; /* don't know */
+ (*user)->unknown_6 = 0x000004ec; /* don't know */
+
+ return True;
}
/************************************************************
- free all pointer members and then reinit the SAM_ACCOUNT
+ free the SAM_ACCOUNT and the NT/LM hashes.
***********************************************************/
-void pdb_clear_sam(SAM_ACCOUNT *user)
+BOOL pdb_clear_sam(SAM_ACCOUNT *user)
{
- if (user == NULL)
- return;
+ if (user == NULL) {
+ DEBUG(0,("pdb_clear_sam: SAM_ACCOUNT was NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_clear_sam\n");
+#endif
+ return False;
+ }
- /* free upany memory used */
- DEBUG(10, ("pdb_clear_sam: releasing memory. talloc context is 0x%x\n",(unsigned)user->mem_ctx));
- talloc_destroy (user->mem_ctx);
-
- /* now initialize */
- pdb_init_sam(user);
+ if (user->nt_pw)
+ free(user->nt_pw);
+
+ if (user->lm_pw)
+ free(user->lm_pw);
+
+ free(user);
+ return True;
}
@@ -455,9 +472,10 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
}
} else {
- gid_t gid;
+ gid_t gid=-1;
struct group *gr;
-
+ GROUP_MAP map;
+ DOM_SID sid;
/*
* Don't try to convert the rid to a name if running
* in appliance mode
@@ -466,11 +484,30 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
if (lp_hide_local_users())
return False;
- gid = pdb_user_rid_to_gid(rid);
- gr = getgrgid(gid);
+ /*
+ * First try the TDB. If the RID exists and is mapped to a unix group,
+ * return the NT name and the type.
+ */
+
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, rid);
+ if (get_group_map_from_sid(sid, &map) && map.gid!=-1) {
+ *psid_name_use = map.sid_name_use;
+ fstrcpy(name, map.nt_name);
- *psid_name_use = SID_NAME_ALIAS;
+ DEBUG(5,("local_lookup_rid: found NT group %s mapped to Unix gid %u for rid %u\n",
+ name, (unsigned int)map.gid, (unsigned int)rid ));
+ if(!getgrgid(gid))
+ return False;
+ else
+ return True;
+ }
+
+ *psid_name_use = SID_NAME_ALIAS;
+ gid = pdb_user_rid_to_gid(rid);
+
+ gr = getgrgid(gid);
DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
gr ? "succeeded" : "failed" ));
@@ -481,8 +518,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
fstrcpy( name, gr->gr_name);
- DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
- (unsigned int)rid ));
+ DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name, (unsigned int)rid ));
}
return True;
@@ -529,21 +565,34 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
(void)map_username(user);
- if(!(pass = Get_Pwnam(user, True))) {
+ if((pass = Get_Pwnam(user, True))) {
+ sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
+ *psid_name_use = SID_NAME_USER;
+ } else {
/*
* Maybe it was a group ?
*/
- struct group *grp = getgrnam(user);
+ GROUP_MAP map;
+ struct group *grp = NULL;
- if(!grp)
- return False;
+ /* It can be a mapped group */
+ if (get_group_map_from_ntname(user, &map) && map.gid!=-1) {
- sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
- *psid_name_use = SID_NAME_ALIAS;
- } else {
+ grp=getgrgid(map.gid);
+ if (!grp)
+ return False;
- sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
- *psid_name_use = SID_NAME_USER;
+ sid_copy(&local_sid, &map.sid);
+ *psid_name_use = map.sid_name_use;
+ } else {
+ /* It wasn't mapped, it can be a Unix group */
+ grp=getgrnam(user);
+ if(!grp)
+ return False;
+
+ sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
+ *psid_name_use = SID_NAME_ALIAS;
+ }
}
sid_copy( psid, &local_sid);
@@ -661,13 +710,10 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
return True;
}
-static void select_name(fstring *string, char **name, const UNISTR2 *from)
+static void select_name(pstring string, const UNISTR2 *from)
{
if (from->buffer != 0)
- {
- unistr2_to_ascii(*string, from, sizeof(*string));
- *name = *string;
- }
+ unistr2_to_ascii(string, from, sizeof(*string));
}
/*************************************************************
@@ -675,16 +721,6 @@ static void select_name(fstring *string, char **name, const UNISTR2 *from)
**************************************************************/
void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
{
- static fstring smb_name;
- static fstring full_name;
- static fstring home_dir;
- static fstring dir_drive;
- static fstring logon_script;
- static fstring profile_path;
- static fstring acct_desc;
- static fstring workstations;
- static fstring unknown_str;
- static fstring munged_dial;
if (from == NULL || to == NULL)
return;
@@ -696,16 +732,16 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
- select_name(&smb_name , &to->username , &from->uni_user_name );
- select_name(&full_name , &to->full_name , &from->uni_full_name );
- select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
- select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
- select_name(&logon_script, &to->logon_script, &from->uni_logon_script);
- select_name(&profile_path, &to->profile_path, &from->uni_profile_path);
- select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc );
- select_name(&workstations, &to->workstations, &from->uni_workstations);
- select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
- select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
+ select_name(to->username , &from->uni_user_name );
+ select_name(to->full_name , &from->uni_full_name );
+ select_name(to->home_dir , &from->uni_home_dir );
+ select_name(to->dir_drive , &from->uni_dir_drive );
+ select_name(to->logon_script, &from->uni_logon_script);
+ select_name(to->profile_path, &from->uni_profile_path);
+ select_name(to->acct_desc , &from->uni_acct_desc );
+ select_name(to->workstations, &from->uni_workstations);
+ select_name(to->unknown_str , &from->uni_unknown_str );
+ select_name(to->munged_dial , &from->uni_munged_dial );
to->user_rid = from->user_rid;
to->group_rid = from->group_rid;
@@ -726,17 +762,6 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
**************************************************************/
void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
{
- static fstring smb_name;
- static fstring full_name;
- static fstring home_dir;
- static fstring dir_drive;
- static fstring logon_script;
- static fstring profile_path;
- static fstring acct_desc;
- static fstring workstations;
- static fstring unknown_str;
- static fstring munged_dial;
-
if (from == NULL || to == NULL)
return;
@@ -747,16 +772,16 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
- select_name(&smb_name , &to->username , &from->uni_user_name );
- select_name(&full_name , &to->full_name , &from->uni_full_name );
- select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
- select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
- select_name(&logon_script, &to->logon_script, &from->uni_logon_script);
- select_name(&profile_path, &to->profile_path, &from->uni_profile_path);
- select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc );
- select_name(&workstations, &to->workstations, &from->uni_workstations);
- select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
- select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
+ select_name(to->username , &from->uni_user_name );
+ select_name(to->full_name , &from->uni_full_name );
+ select_name(to->home_dir , &from->uni_home_dir );
+ select_name(to->dir_drive , &from->uni_dir_drive );
+ select_name(to->logon_script, &from->uni_logon_script);
+ select_name(to->profile_path, &from->uni_profile_path);
+ select_name(to->acct_desc , &from->uni_acct_desc );
+ select_name(to->workstations, &from->uni_workstations);
+ select_name(to->unknown_str , &from->uni_unknown_str );
+ select_name(to->munged_dial , &from->uni_munged_dial );
to->user_rid = from->user_rid;
to->group_rid = from->group_rid;
@@ -781,93 +806,9 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
**************************************************************/
void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from)
{
- int len;
-
if (!from || !to) return;
- pdb_clear_sam (to);
-
- /* copy all non-pointers */
- memcpy(to, from, sizeof(*from));
-
- if (from->username) {
- len=strlen(from->username)+1;
- to->username = talloc(to->mem_ctx, len);
- StrnCpy (to->username, from->username, len-1);
- }
-
- if (from->full_name) {
- len=strlen(from->full_name)+1;
- to->full_name = talloc(to->mem_ctx, len);
- StrnCpy (to->full_name, from->full_name, len-1);
- }
-
- if (from->nt_username) {
- len=strlen(from->nt_username)+1;
- to->nt_username = talloc(to->mem_ctx, len);
- StrnCpy (to->nt_username, from->nt_username, len-1);
- }
-
- if (from->profile_path) {
- len=strlen(from->profile_path)+1;
- to->profile_path = talloc(to->mem_ctx, len);
- StrnCpy (to->profile_path, from->profile_path, len-1);
- }
-
- if (from->logon_script) {
- len=strlen(from->logon_script)+1;
- to->logon_script = talloc(to->mem_ctx, len);
- StrnCpy (to->logon_script, from->logon_script, len-1);
- }
-
- if (from->home_dir) {
- len=strlen(from->home_dir)+1;
- to->home_dir = talloc(to->mem_ctx, len);
- StrnCpy (to->home_dir, from->home_dir, len-1);
- }
-
- if (from->dir_drive) {
- len=strlen(from->dir_drive)+1;
- to->dir_drive = talloc(to->mem_ctx, len);
- StrnCpy (to->dir_drive, from->dir_drive, len-1);
- }
-
- if (from->workstations) {
- len=strlen(from->workstations)+1;
- to->workstations = talloc(to->mem_ctx, len);
- StrnCpy (to->workstations, from->workstations, len-1);
- }
-
- if (from->acct_desc) {
- len=strlen(from->acct_desc)+1;
- to->acct_desc = talloc(to->mem_ctx, len);
- StrnCpy (to->acct_desc, from->acct_desc, len-1);
- }
-
- if (from->munged_dial) {
- len=strlen(from->munged_dial)+1;
- to->munged_dial = talloc(to->mem_ctx, len);
- StrnCpy (to->munged_dial, from->munged_dial, len);
- }
-
- if (from->unknown_str) {
- len=strlen(from->unknown_str)+1;
- to->unknown_str = talloc(to->mem_ctx, len);
- StrnCpy (to->unknown_str, from->unknown_str, len-1);
- }
-
-
- if (from->nt_pw) {
- to->nt_pw = talloc(to->mem_ctx, 16);
- memcpy (to->nt_pw, from->nt_pw, 16);
- }
-
- if (from->lm_pw) {
- to->lm_pw = talloc(to->mem_ctx, 16);
- memcpy (to->lm_pw, from->lm_pw, 16);
- }
-
- return;
+ memcpy(to, from, sizeof(SAM_ACCOUNT));
}
/*************************************************************
@@ -886,8 +827,8 @@ BOOL local_password_change(char *user_name, int local_flags,
char *msg_str, size_t msg_str_len)
{
struct passwd *pwd = NULL;
- SAM_ACCOUNT *sam_pass;
- SAM_ACCOUNT new_sam_acct;
+ SAM_ACCOUNT *sam_pass=NULL;
+ SAM_ACCOUNT *new_sam_acct=NULL;
uchar new_p16[16];
uchar new_nt_p16[16];
@@ -912,62 +853,60 @@ account without a valid local system user.\n", user_name);
nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
/* Get the smb passwd entry for this user */
- sam_pass = pdb_getsampwnam(user_name);
- if (sam_pass == NULL)
- {
- if(!(local_flags & LOCAL_ADD_USER))
- {
+ pdb_init_sam(&sam_pass);
+ if(!pdb_getsampwnam(sam_pass, user_name)) {
+ pdb_clear_sam(sam_pass);
+ return False;
+ }
+
+ if (sam_pass == NULL) {
+ if(!(local_flags & LOCAL_ADD_USER)) {
slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+ pdb_clear_sam(sam_pass);
return False;
}
/* create the SAM_ACCOUNT struct and call pdb_add_sam_account.
Because the new_sam_pwd only exists in the scope of this function
we will not allocate memory for members */
- pdb_init_sam (&new_sam_acct);
- pdb_set_username (&new_sam_acct, user_name);
- pdb_set_fullname (&new_sam_acct, pwd->pw_gecos);
- pdb_set_uid (&new_sam_acct, pwd->pw_uid);
- pdb_set_gid (&new_sam_acct, pwd->pw_gid);
- pdb_set_pass_last_set_time(&new_sam_acct, time(NULL));
- pdb_set_profile_path (&new_sam_acct, lp_logon_path());
- pdb_set_homedir (&new_sam_acct, lp_logon_home());
- pdb_set_dir_drive (&new_sam_acct, lp_logon_drive());
- pdb_set_logon_script (&new_sam_acct, lp_logon_script());
+ pdb_init_sam(&new_sam_acct);
+ pdb_set_username(new_sam_acct, user_name);
+ pdb_set_fullname(new_sam_acct, pwd->pw_gecos);
+ pdb_set_uid(new_sam_acct, pwd->pw_uid);
+ pdb_set_gid(new_sam_acct, pwd->pw_gid);
+ pdb_set_pass_last_set_time(new_sam_acct, time(NULL));
+ pdb_set_profile_path(new_sam_acct, lp_logon_path());
+ pdb_set_homedir(new_sam_acct, lp_logon_home());
+ pdb_set_dir_drive(new_sam_acct, lp_logon_drive());
+ pdb_set_logon_script(new_sam_acct, lp_logon_script());
/* set account flags */
- pdb_set_acct_ctrl(&new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
+ pdb_set_acct_ctrl(new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
+
if (local_flags & LOCAL_DISABLE_USER)
- {
- pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_DISABLED);
- }
+ pdb_set_acct_ctrl (new_sam_acct, pdb_get_acct_ctrl(new_sam_acct)|ACB_DISABLED);
+
if (local_flags & LOCAL_SET_NO_PASSWORD)
- {
- pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_PWNOTREQ);
- }
- else
- {
+ pdb_set_acct_ctrl (new_sam_acct, pdb_get_acct_ctrl(new_sam_acct)|ACB_PWNOTREQ);
+ else {
/* set the passwords here. if we get to here it means
we have a valid, active account */
- pdb_set_lanman_passwd (&new_sam_acct, new_p16);
- pdb_set_nt_passwd (&new_sam_acct, new_nt_p16);
+ pdb_set_lanman_passwd (new_sam_acct, new_p16);
+ pdb_set_nt_passwd (new_sam_acct, new_nt_p16);
}
-
-
- if (pdb_add_sam_account(&new_sam_acct))
- {
+
+ pdb_clear_sam(sam_pass);
+
+ if (pdb_add_sam_account(new_sam_acct)) {
slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
- pdb_clear_sam (&new_sam_acct);
+ pdb_clear_sam(new_sam_acct);
return True;
- }
- else
- {
+ } else {
slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
+ pdb_clear_sam(new_sam_acct);
return False;
}
- }
- else
- {
+ } else {
/* the entry already existed */
local_flags &= ~LOCAL_ADD_USER;
}
@@ -978,25 +917,21 @@ account without a valid local system user.\n", user_name);
*/
if(local_flags & LOCAL_DISABLE_USER)
- {
pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
- }
else if (local_flags & LOCAL_ENABLE_USER)
- {
- if(pdb_get_lanman_passwd(sam_pass) == NULL)
{
+ if(pdb_get_lanman_passwd(sam_pass) == NULL) {
pdb_set_lanman_passwd (sam_pass, new_p16);
pdb_set_nt_passwd (sam_pass, new_nt_p16);
}
pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
- } else if (local_flags & LOCAL_SET_NO_PASSWORD)
- {
+ } else if (local_flags & LOCAL_SET_NO_PASSWORD) {
pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
/* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
pdb_set_lanman_passwd (sam_pass, NULL);
pdb_set_nt_passwd (sam_pass, NULL);
- }
+ }
else
{
/*
@@ -1015,20 +950,19 @@ account without a valid local system user.\n", user_name);
pdb_set_nt_passwd (sam_pass, new_nt_p16);
}
- if(local_flags & LOCAL_DELETE_USER)
- {
- if (!pdb_delete_sam_account(user_name))
- {
+ if(local_flags & LOCAL_DELETE_USER) {
+ if (!pdb_delete_sam_account(user_name)) {
slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
+ pdb_clear_sam(sam_pass);
return False;
}
slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
}
else
{
- if(!pdb_update_sam_account(sam_pass, True))
- {
+ if(!pdb_update_sam_account(sam_pass, True)) {
slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
+ pdb_clear_sam(sam_pass);
return False;
}
if(local_flags & LOCAL_DISABLE_USER)
@@ -1039,6 +973,7 @@ account without a valid local system user.\n", user_name);
slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
}
+ pdb_clear_sam(sam_pass);
return True;
}
@@ -1412,333 +1347,182 @@ BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
return True;
}
-BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username)
-{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!username)
- {
- sampass->username = NULL;
- return True;
- }
-
- len = strlen(username)+1;
- sampass->username = (char*)talloc(sampass->mem_ctx, len);
-
- if (sampass->username == NULL )
- {
- DEBUG (0,("pdb_set_username: ERROR - Unable to talloc memory for [%s]\n", username));
+/*********************************************************************
+ set the user's UNIX name
+ ********************************************************************/
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, char *username)
+{
+ if (!sampass || !username)
return False;
- }
-
- StrnCpy (sampass->username, username, len-1);
+
+ StrnCpy (sampass->username, username, strlen(username));
return True;
}
-BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain)
-{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!domain)
- {
- sampass->domain = NULL;
- return True;
- }
-
- len = strlen(domain)+1;
- sampass->domain = talloc (sampass->mem_ctx, len);
-
- if (sampass->domain == NULL )
- {
- DEBUG (0,("pdb_set_domain: ERROR - Unable to talloc memory for [%s]\n", domain));
+/*********************************************************************
+ set the domain name
+ ********************************************************************/
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, char *domain)
+{
+ if (!sampass || !domain)
return False;
- }
-
- StrnCpy (sampass->domain, domain, len-1);
+
+ StrnCpy (sampass->domain, domain, strlen(domain));
return True;
}
-BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username)
+/*********************************************************************
+ set the user's NT name
+ ********************************************************************/
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, char *nt_username)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!nt_username)
- {
- sampass->nt_username = NULL;
- return True;
- }
-
- len = strlen(nt_username)+1;
- sampass->nt_username = talloc (sampass->mem_ctx, len);
-
- if (sampass->nt_username == NULL )
- {
- DEBUG (0,("pdb_set_nt_username: ERROR - Unable to talloc memory for [%s]\n", nt_username));
+ if (!sampass || !nt_username)
return False;
- }
-
- StrnCpy (sampass->nt_username, nt_username, len-1);
+
+ StrnCpy (sampass->nt_username, nt_username, strlen(nt_username));
return True;
}
-BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname)
+/*********************************************************************
+ set the user's full name
+ ********************************************************************/
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, char *fullname)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!fullname)
- {
- sampass->full_name = NULL;
- return True;
- }
-
- len = strlen(fullname)+1;
- sampass->full_name = talloc (sampass->mem_ctx, len);
-
- if (sampass->full_name == NULL )
- {
- DEBUG (0,("pdb_set_fullname: ERROR - Unable to talloc memory for [%s]\n", fullname));
+ if (!sampass || !fullname)
return False;
- }
-
- StrnCpy (sampass->full_name, fullname, len-1);
+
+ StrnCpy (sampass->full_name, fullname, strlen(fullname));
return True;
}
-BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script)
+/*********************************************************************
+ set the user's logon script
+ ********************************************************************/
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!logon_script)
- {
- sampass->logon_script = NULL;
- return True;
- }
-
- len = strlen(logon_script)+1;
- sampass->logon_script = talloc (sampass->mem_ctx, len);
-
- if (sampass->logon_script == NULL )
- {
- DEBUG (0,("pdb_set_logon_script: ERROR - Unable to talloc memory for [%s]\n", logon_script));
+ if (!sampass || !logon_script)
return False;
- }
-
- StrnCpy (sampass->logon_script, logon_script, len-1);
+
+ StrnCpy (sampass->logon_script, logon_script, strlen(logon_script));
return True;
}
+/*********************************************************************
+ set the user's profile path
+ ********************************************************************/
BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!profile_path)
- {
- sampass->profile_path = NULL;
- return True;
- }
-
- len = strlen(profile_path)+1;
- sampass->profile_path = talloc (sampass->mem_ctx, len);
-
- if (!sampass->profile_path)
- {
- DEBUG (0,("pdb_set_profile_path: ERROR - Unable to talloc memory for [%s]\n", profile_path));
+ if (!sampass || !profile_path)
return False;
- }
- StrnCpy (sampass->profile_path, profile_path, len-1);
+ StrnCpy (sampass->profile_path, profile_path, strlen(profile_path));
return True;
}
+/*********************************************************************
+ set the user's directory drive
+ ********************************************************************/
BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!dir_drive)
- {
- sampass->dir_drive = NULL;
- return True;
- }
-
- len = strlen(dir_drive)+1;
- sampass->dir_drive = talloc (sampass->mem_ctx, len);
-
- if (sampass->dir_drive == NULL )
- {
- DEBUG (0,("pdb_set_dir_drive: ERROR - Unable to talloc memory for [%s]\n", dir_drive));
+ if (!sampass || !dir_drive)
return False;
- }
-
- StrnCpy (sampass->dir_drive, dir_drive, len-1);
+
+ StrnCpy (sampass->dir_drive, dir_drive, strlen(dir_drive));
return True;
}
+/*********************************************************************
+ set the user's home directory
+ ********************************************************************/
BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!homedir)
- {
- sampass->home_dir = NULL;
- return True;
- }
-
- len = strlen(homedir)+1;
- sampass->home_dir = talloc (sampass->mem_ctx, len);
-
- if (sampass->home_dir == NULL )
- {
- DEBUG (0,("pdb_set_homedir: ERROR - Unable to talloc memory for [%s]\n", homedir));
+ if (!sampass || !homedir)
return False;
- }
- StrnCpy (sampass->home_dir, homedir, len-1);
+ StrnCpy (sampass->home_dir, homedir, strlen(homedir));
return True;
}
+/*********************************************************************
+ set the user's account description
+ ********************************************************************/
BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, char *acct_desc)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!acct_desc)
- {
- sampass->acct_desc = NULL;
- return True;
- }
-
- len = strlen(acct_desc)+1;
- sampass->acct_desc = talloc (sampass->mem_ctx, len);
-
- if (sampass->acct_desc == NULL )
- {
- DEBUG (0,("pdb_set_acct_desc: ERROR - Unable to talloc memory for [%s]\n", acct_desc));
+ if (!sampass || !acct_desc)
return False;
- }
- StrnCpy (sampass->acct_desc, acct_desc, len-1);
+ StrnCpy (sampass->acct_desc, acct_desc, strlen(acct_desc));
return True;
}
+/*********************************************************************
+ set the user's workstation allowed list
+ ********************************************************************/
BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, char *workstations)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
+ if (!sampass || !workstations) return False;
- if (!workstations)
- {
- sampass->workstations = NULL;
- return True;
- }
-
- len = strlen(workstations)+1;
- sampass->workstations = talloc (sampass->mem_ctx, len);
-
- if (sampass->workstations == NULL )
- {
- DEBUG (0,("pdb_set_workstations: ERROR - Unable to talloc memory for [%s]\n", workstations));
- return False;
- }
-
- StrnCpy (sampass->workstations, workstations, len-1);
+ StrnCpy (sampass->workstations, workstations, strlen(workstations));
return True;
}
+/*********************************************************************
+ set the user's dial string
+ ********************************************************************/
BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, char *munged_dial)
{
- int len;
-
- if (!sampass || !sampass->mem_ctx) return False;
+ if (!sampass || !munged_dial) return False;
- if (!munged_dial)
- {
- sampass->munged_dial = NULL;
- return True;
- }
-
- len = strlen(munged_dial)+1;
- sampass->munged_dial = talloc (sampass->mem_ctx, len);
-
- if (sampass->munged_dial == NULL )
- {
- DEBUG (0,("pdb_set_munged_dial: ERROR - Unable to talloc memory for [%s]\n", munged_dial));
- return False;
- }
-
- StrnCpy (sampass->munged_dial, munged_dial, len-1);
+ StrnCpy (sampass->munged_dial, munged_dial, strlen(munged_dial));
return True;
}
+/*********************************************************************
+ set the user's NT hash
+ ********************************************************************/
BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
{
- if (!sampass || !sampass->mem_ctx) return False;
-
- if (!pwd)
- {
- sampass->nt_pw = NULL;
- return True;
- }
+ if (!sampass || !pwd) return False;
- sampass->nt_pw = talloc (sampass->mem_ctx, 16);
-
- if (sampass->nt_pw == NULL )
- {
- DEBUG (0,("pdb_set_nt_passwd: ERROR - Unable to talloc memory for [%s]\n", pwd));
- return False;
- }
+ if (sampass->nt_pw!=NULL)
+ DEBUG(0,("pdb_set_nt_passwd: NT hash non NULL overwritting ?\n"));
+ else
+ sampass->nt_pw=(unsigned char *)malloc(sizeof(unsigned char)*16);
+ if (sampass->nt_pw==NULL)
+ return False;
+
memcpy (sampass->nt_pw, pwd, 16);
return True;
}
+/*********************************************************************
+ set the user's LM hash
+ ********************************************************************/
BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
{
- if (!sampass || !sampass->mem_ctx) return False;
+ if (!sampass || !*pwd) return False;
- if (!pwd)
- {
- sampass->lm_pw = NULL;
- return True;
- }
-
- sampass->lm_pw = talloc (sampass->mem_ctx, 16);
-
- if (sampass->lm_pw == NULL )
- {
- DEBUG (0,("pdb_set_lanman_passwd: ERROR - Unable to talloc memory for [%s]\n", pwd));
- return False;
- }
+ if (sampass->lm_pw!=NULL)
+ DEBUG(0,("pdb_set_nt_passwd: LM hash non NULL overwritting ?\n"));
+ else
+ sampass->lm_pw=(unsigned char *)malloc(sizeof(unsigned char)*16);
+ if (sampass->lm_pw==NULL)
+ return False;
+
memcpy (sampass->lm_pw, pwd, 16);
return True;
@@ -1773,7 +1557,7 @@ BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours)
{
- if (!sampass || !sampass->mem_ctx) return False;
+ if (!sampass) return False;
if (!hours)
{
@@ -1785,4 +1569,3 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours)
return True;
}
-
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 57253d9b78..3679bd1319 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -56,7 +56,7 @@ static void *global_vp;
/* static memory area used by all passdb search functions
in this module */
-static SAM_ACCOUNT global_sam_pass;
+/*static SAM_ACCOUNT global_sam_pass;*/
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
@@ -1163,16 +1163,16 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
if (sampass == NULL)
return False;
- ZERO_STRUCTP (smb_pw);
+ ZERO_STRUCTP(smb_pw);
- smb_pw->smb_userid = pdb_get_uid(sampass);
- smb_pw->smb_name = pdb_get_username(sampass);
+ smb_pw->smb_userid=pdb_get_uid(sampass);
+ smb_pw->smb_name=pdb_get_username(sampass);
- smb_pw->smb_passwd = pdb_get_lanman_passwd(sampass);
- smb_pw->smb_nt_passwd = pdb_get_nt_passwd(sampass);
+ smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
+ smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
- smb_pw->acct_ctrl = pdb_get_acct_ctrl(sampass);
- smb_pw->pass_last_set_time = pdb_get_pass_last_set_time(sampass);
+ smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
+ smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
return True;
@@ -1181,23 +1181,21 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
/*********************************************************************
Create a SAM_ACCOUNT from a smb_passwd struct
********************************************************************/
-static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
- struct smb_passwd *pw_buf)
+static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
{
- struct passwd *pwfile;
+ struct passwd *pwfile;
- if (!sam_pass)
- return (False);
-
- pdb_clear_sam (sam_pass);
+ if (sam_pass==NULL) {
+ DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
+ return False;
+ }
/* Verify in system password file...
FIXME!!! This is where we should look up an internal
mapping of allocated uid for machine accounts as well
--jerry */
pwfile = sys_getpwnam(pw_buf->smb_name);
- if (pwfile == NULL)
- {
+ if (pwfile == NULL) {
DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s not in unix passwd database!\n", pw_buf->smb_name));
return False;
}
@@ -1206,17 +1204,25 @@ static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
--jerry */
pstrcpy(samlogon_user, pw_buf->smb_name);
- pdb_set_uid (sam_pass, pwfile->pw_uid);
- pdb_set_gid (sam_pass, pwfile->pw_gid);
- pdb_set_user_rid (sam_pass, pdb_uid_to_user_rid (pdb_get_uid(sam_pass)) );
- pdb_set_username (sam_pass, pw_buf->smb_name);
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
+ pdb_set_uid (sam_pass, pwfile->pw_uid);
+ pdb_set_gid (sam_pass, pwfile->pw_gid);
+ pdb_set_fullname(sam_pass, pwfile->pw_gecos);
+
+ pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid));
+
+ /* should check the group mapping here instead of static mappig. JFM */
+ pdb_set_group_rid(sam_pass, pdb_gid_to_group_rid(pwfile->pw_gid));
+
+ pdb_set_username (sam_pass, pw_buf->smb_name);
+ pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
- pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
+ pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time);
- pdb_set_domain (sam_pass, lp_workgroup());
+ pdb_set_domain (sam_pass, lp_workgroup());
+ pdb_set_dir_drive (sam_pass, lp_logon_drive());
+
/* FIXME!! What should this be set to? New smb.conf parameter maybe?
max password age? For now, we'll use the current time + 21 days.
--jerry */
@@ -1241,17 +1247,9 @@ static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
pstrcpy(str, lp_logon_home());
standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
pdb_set_homedir(sam_pass, str);
-
- pdb_set_fullname(sam_pass, pwfile->pw_gecos);
-
- /* set other user information that we have */
- pdb_set_group_rid (sam_pass, pdb_gid_to_group_rid(pdb_get_gid(&global_sam_pass)) );
- pdb_set_dir_drive (sam_pass, lp_logon_drive());
-
+
sam_logon_in_ssb = False;
- }
- else
- {
+ } else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
}
@@ -1295,31 +1293,34 @@ void pdb_endsampwent (void)
}
/*****************************************************************
- pdb_getsampwent() uses a static memory ares (returning a pointer
- to this) for all instances. This is identical behavior to the
- getpwnam() call. If the caller wishes to save the SAM_ACCOUNT
- struct, it should make a copy immediately after calling this
- function.
****************************************************************/
-SAM_ACCOUNT* pdb_getsampwent (void)
+BOOL pdb_getsampwent(SAM_ACCOUNT *user)
{
- struct smb_passwd *pw_buf;
-
-
+ struct smb_passwd *pw_buf=NULL;
+
DEBUG(5,("pdb_getsampwent\n"));
+ if (user==NULL) {
+ DEBUG(5,("pdb_getsampwent: user is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwent\n");
+#endif
+ return False;
+ }
+
/* do we have an entry? */
pw_buf = getsmbfilepwent(global_vp);
if (pw_buf == NULL)
- return NULL;
+ return False;
- /* build the SAM_ACCOUNT entry from the smb_passwd struct.
- This will also clear out the previous SAM_ACCOUNT fields */
- if (!build_sam_account (&global_sam_pass, pw_buf))
- return NULL;
+ /* build the SAM_ACCOUNT entry from the smb_passwd struct. */
+ if (!build_sam_account(user, pw_buf))
+ return False;
+
+ DEBUG(5,("pdb_getsampwent:done\n"));
/* success */
- return &global_sam_pass;
+ return True;
}
@@ -1328,13 +1329,13 @@ SAM_ACCOUNT* pdb_getsampwent (void)
call getpwnam() for unix account information until we have found
the correct entry
***************************************************************/
-SAM_ACCOUNT* pdb_getsampwnam (char *username)
+BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, char *username)
{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
- char *domain = NULL;
- char *user = NULL;
- fstring name;
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
+ char *domain = NULL;
+ char *user = NULL;
+ fstring name;
DEBUG(10, ("pdb_getsampwnam: search by name: %s\n", username));
@@ -1345,8 +1346,7 @@ SAM_ACCOUNT* pdb_getsampwnam (char *username)
/* break the username from the domain if we have
been given a string in the form 'DOMAIN\user' */
fstrcpy (name, username);
- if ((user=strchr(name, '\\')) != NULL)
- {
+ if ((user=strchr(name, '\\')) != NULL) {
domain = name;
*user = '\0';
user++;
@@ -1354,18 +1354,17 @@ SAM_ACCOUNT* pdb_getsampwnam (char *username)
/* if a domain was specified and it wasn't ours
then there is no chance of matching */
- if ( (domain) && (!StrCaseCmp(domain, lp_workgroup())) )
- return (NULL);
+ if ( domain && !StrCaseCmp(domain, lp_workgroup()) )
+ return False;
/* startsmbfilepwent() is used here as we don't want to lookup
the UNIX account in the local system password file until
we have a match. */
fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
- if (fp == NULL)
- {
+ if (fp == NULL) {
DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ return False;
}
/* if we have a domain name, then we should map it to a UNIX
@@ -1381,35 +1380,40 @@ SAM_ACCOUNT* pdb_getsampwnam (char *username)
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
- {
- return (NULL);
- }
+ return False;
DEBUG(10, ("pdb_getsampwnam: found by name: %s\n", smb_pw->smb_name));
+
+ if (!sam_acct) {
+ DEBUG(10,("pdb_getsampwnam:SAM_ACCOUNT is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwnam\n");
+#endif
+ return False;
+ }
/* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
+ if (!build_sam_account(sam_acct, smb_pw))
+ return False;
/* success */
- return (&global_sam_pass);
+ return True;
}
-SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
+BOOL pdb_getsampwuid (SAM_ACCOUNT *sam_acct, uid_t uid)
{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
DEBUG(10, ("pdb_getsampwuid: search by uid: %d\n", uid));
/* Open the sam password file - not for update. */
fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
- if (fp == NULL)
- {
+ if (fp == NULL) {
DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ return False;
}
while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) )
@@ -1417,37 +1421,41 @@ SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
endsmbfilepwent(fp, &pw_file_lock_depth);
-
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
- {
- return (NULL);
- }
+ return False;
DEBUG(10, ("pdb_getsampwuid: found by name: %s\n", smb_pw->smb_name));
+ if (!sam_acct) {
+ DEBUG(10,("pdb_getsampwuid:SAM_ACCOUNT is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwuid\n");
+#endif
+ return False;
+ }
+
/* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
+ if (!build_sam_account(sam_acct, smb_pw))
+ return False;
/* success */
- return (&global_sam_pass);
+ return True;
}
-SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
+BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
DEBUG(10, ("pdb_getsampwrid: search by rid: %d\n", rid));
/* Open the sam password file - not for update. */
fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
- if (fp == NULL)
- {
+ if (fp == NULL) {
DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ return False;
}
while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
@@ -1458,51 +1466,57 @@ SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
- {
- return (NULL);
- }
+ return False;
DEBUG(10, ("pdb_getsampwrid: found by name: %s\n", smb_pw->smb_name));
+ if (!sam_acct) {
+ DEBUG(10,("pdb_getsampwrid:SAM_ACCOUNT is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwrid\n");
+#endif
+ return False;
+ }
+
/* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
+ if (!build_sam_account (sam_acct, smb_pw))
+ return False;
/* success */
- return (&global_sam_pass);
+ return True;
}
-BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass)
+BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass)
{
- struct smb_passwd smb_pw;
- BOOL ret;
+ struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
build_smb_pass(&smb_pw, sampass);
/* add the entry */
- ret = add_smbfilepwd_entry(&smb_pw);
+ if(!add_smbfilepwd_entry(&smb_pw))
+ return False;
- return (ret);
+ return True;
}
-BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override)
+BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
{
- struct smb_passwd smb_pw;
- BOOL ret;
+ struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
build_smb_pass(&smb_pw, sampass);
/* update the entry */
- ret = mod_smbfilepwd_entry(&smb_pw, override);
+ if(!mod_smbfilepwd_entry(&smb_pw, override))
+ return False;
- return (ret);
+ return True;
}
BOOL pdb_delete_sam_account (char* username)
{
- return ( del_smbfilepwd_entry(username) );
+ return del_smbfilepwd_entry(username);
}
#else
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 8db8b2e60d..0bf8ca2da5 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -40,7 +40,7 @@ struct tdb_enum_info
};
static struct tdb_enum_info global_tdb_ent;
-static SAM_ACCOUNT global_sam_pass;
+/*static SAM_ACCOUNT global_sam_pass;*/
/**********************************************************************
Intialize a SAM_ACCOUNT struct from a BYTE buffer of size len
@@ -79,7 +79,6 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf,
*nt_pw_ptr;
uint32 len = 0;
uint32 lmpwlen, ntpwlen, hourslen;
-
/* unpack the buffer into variables */
len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING,
@@ -376,7 +375,7 @@ void pdb_endsampwent(void)
/*****************************************************************
Get one SAM_ACCOUNT from the TDB (next in line)
*****************************************************************/
-SAM_ACCOUNT* pdb_getsampwent(void)
+BOOL pdb_getsampwent(SAM_ACCOUNT *user)
{
TDB_DATA data;
struct passwd *pw;
@@ -385,6 +384,11 @@ SAM_ACCOUNT* pdb_getsampwent(void)
char *prefix = USERPREFIX;
int prefixlen = strlen (prefix);
+ if (user==NULL) {
+ DEBUG(0,("pdb_get_sampwent: SAM_ACCOUNT is NULL.\n"));
+ return False;
+ }
+
/* skip all RID entries */
while ((global_tdb_ent.key.dsize != 0) && (strncmp (global_tdb_ent.key.dptr, prefix, prefixlen)))
/* increment to next in line */
@@ -394,56 +398,55 @@ SAM_ACCOUNT* pdb_getsampwent(void)
if(global_tdb_ent.passwd_tdb == NULL)
{
DEBUG(0,("pdb_get_sampwent: Bad TDB Context pointer.\n"));
- return NULL;
+ return False;
}
data = tdb_fetch (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
if (!data.dptr)
{
DEBUG(5,("pdb_getsampwent: database entry not found.\n"));
- return NULL;
+ return False;
}
/* unpack the buffer */
- pdb_clear_sam (&global_sam_pass);
- if (!init_sam_from_buffer (&global_sam_pass, data.dptr, data.dsize))
+ if (!init_sam_from_buffer (user, data.dptr, data.dsize))
{
DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
- return NULL;
+ return False;
}
/* validate the account and fill in UNIX uid and gid. sys_getpwnam()
is used instaed of Get_Pwnam() as we do not need to try case
permutations */
- if ((pw=sys_getpwnam(pdb_get_username(&global_sam_pass))) == NULL)
+ if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL)
{
DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n",
- pdb_get_username(&global_sam_pass)));
- return NULL;
+ pdb_get_username(user)));
+ return False;
}
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (&global_sam_pass, uid);
- pdb_set_gid (&global_sam_pass, gid);
+ pdb_set_uid (user, uid);
+ pdb_set_gid (user, gid);
/* 21 days from present */
- pdb_set_pass_must_change_time(&global_sam_pass, time(NULL)+1814400);
+ pdb_set_pass_must_change_time(user, time(NULL)+1814400);
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_logon_script(&global_sam_pass));
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_profile_path(&global_sam_pass));
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_homedir(&global_sam_pass));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
/* increment to next in line */
global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
- return (&global_sam_pass);
+ return True;
}
/******************************************************************
Lookup a name in the SAM TDB
******************************************************************/
-SAM_ACCOUNT* pdb_getsampwnam (char *sname)
+BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
{
TDB_CONTEXT *pwd_tdb;
TDB_DATA data, key;
@@ -453,7 +456,13 @@ SAM_ACCOUNT* pdb_getsampwnam (char *sname)
fstring name;
uid_t uid;
gid_t gid;
-
+
+
+ if (user==NULL) {
+ DEBUG(0,("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n"));
+ return False;
+ }
+
fstrcpy (name, sname);
strlower (name);
pstrcpy (tdbfile, lp_private_dir());
@@ -478,53 +487,58 @@ SAM_ACCOUNT* pdb_getsampwnam (char *sname)
DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
tdb_close (pwd_tdb);
- return NULL;
+ return False;
}
/* unpack the buffer */
- pdb_clear_sam (&global_sam_pass);
- if (!init_sam_from_buffer (&global_sam_pass, data.dptr, data.dsize))
+ /*pdb_clear_sam (&global_sam_pass);*/
+ if (!init_sam_from_buffer (user, data.dptr, data.dsize))
{
DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
- return NULL;
+ return False;
}
/* validate the account and fill in UNIX uid and gid. sys_getpwnam()
is used instaed of Get_Pwnam() as we do not need to try case
permutations */
- if ((pw=sys_getpwnam(pdb_get_username(&global_sam_pass))) == NULL)
+ if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL)
{
DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n",
- pdb_get_username(&global_sam_pass)));
- return NULL;
+ pdb_get_username(user)));
+ return False;
}
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_uid (&global_sam_pass, uid);
- pdb_set_gid (&global_sam_pass, gid);
+ pdb_set_uid (user, uid);
+ pdb_set_gid (user, gid);
/* 21 days from present */
- pdb_set_pass_must_change_time(&global_sam_pass, time(NULL)+1814400);
+ pdb_set_pass_must_change_time(user, time(NULL)+1814400);
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_logon_script(&global_sam_pass));
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_profile_path(&global_sam_pass));
- standard_sub_advanced(-1, pdb_get_username(&global_sam_pass), "", gid, pdb_get_homedir(&global_sam_pass));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
+ standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
/* cleanup */
tdb_close (pwd_tdb);
- return (&global_sam_pass);
+ return True;
}
/***************************************************************************
Search by uid
**************************************************************************/
-SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
+BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
{
struct passwd *pw;
fstring name;
+ if (user==NULL) {
+ DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n"));
+ return False;
+ }
+
pw = sys_getpwuid(uid);
if (pw == NULL)
{
@@ -533,14 +547,14 @@ SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
}
fstrcpy (name, pw->pw_name);
- return pdb_getsampwnam (name);
+ return pdb_getsampwnam (user, name);
}
/***************************************************************************
Search by rid
**************************************************************************/
-SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
+BOOL pdb_getsampwrid (SAM_ACCOUNT *user, uint32 rid)
{
TDB_CONTEXT *pwd_tdb;
TDB_DATA data, key;
@@ -548,6 +562,11 @@ SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
pstring tdbfile;
fstring name;
+ if (user==NULL) {
+ DEBUG(0,("pdb_getsampwrid: SAM_ACCOUNT is NULL.\n"));
+ return False;
+ }
+
pstrcpy (tdbfile, lp_private_dir());
pstrcat (tdbfile, PASSDB_FILE_NAME);
@@ -570,14 +589,14 @@ SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
DEBUG(5,("pdb_getsampwrid (TDB): error fetching database.\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
tdb_close (pwd_tdb);
- return NULL;
+ return False;
}
fstrcpy (name, data.dptr);
tdb_close (pwd_tdb);
- return pdb_getsampwnam (name);
+ return pdb_getsampwnam (user, name);
}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 6b1fe64ddc..2047aaf255 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -119,6 +119,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
{
SAM_ACCOUNT *sampass = NULL;
uint8 *pass;
+ BOOL ret;
#if 0
/*
@@ -138,23 +139,31 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
}
#endif /* 0 */
- /* JRA. This is ok as it is only used for generating the challenge. */
+ if(!pdb_init_sam(&sampass))
+ return False;
+ /* JRA. This is ok as it is only used for generating the challenge. */
become_root();
- sampass = pdb_getsampwnam(mach_acct);
+ ret=pdb_getsampwnam(sampass, mach_acct);
unbecome_root();
- if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
- ((pass=pdb_get_nt_passwd(sampass)) != NULL))
- {
+ if (ret==False) {
+ DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
+ pdb_clear_sam(sampass);
+ return False;
+ }
+
+ if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
memcpy(md4pw, pass, 16);
dump_data(5, md4pw, 16);
-
+ pdb_clear_sam(sampass);
return True;
}
-
+
DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
+ pdb_clear_sam(sampass);
return False;
+
}
/*************************************************************************
@@ -308,7 +317,7 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
uint32 status = NT_STATUS_WRONG_PASSWORD;
DOM_CRED srv_cred;
pstring mach_acct;
- SAM_ACCOUNT *sampass;
+ SAM_ACCOUNT *sampass=NULL;
BOOL ret = False;
unsigned char pwd[16];
int i;
@@ -328,15 +337,19 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
q_u->clnt_id.login.uni_acct_name.uni_str_len));
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
+
+ pdb_init_sam(&sampass);
become_root();
- sampass = pdb_getsampwnam(mach_acct);
+ ret=pdb_getsampwnam(sampass, mach_acct);
unbecome_root();
/* Ensure the account exists and is a machine account. */
- if (sampass == NULL || !(pdb_get_acct_ctrl(sampass) & ACB_WSTRUST))
+ if (ret==False || !(pdb_get_acct_ctrl(sampass) & ACB_WSTRUST)) {
+ pdb_clear_sam(sampass);
return NT_STATUS_NO_SUCH_USER;
+ }
/*
* Check the machine account name we're changing is the same
@@ -344,8 +357,10 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
* machines changing other machine account passwords.
*/
- if (!strequal(mach_acct, p->dc.mach_acct))
+ if (!strequal(mach_acct, p->dc.mach_acct)) {
+ pdb_clear_sam(sampass);
return NT_STATUS_ACCESS_DENIED;
+ }
DEBUG(100,("Server password set : new given value was :\n"));
@@ -370,6 +385,7 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
/* set up the LSA Server Password Set response */
init_net_r_srv_pwset(r_u, &srv_cred, status);
+ pdb_clear_sam(sampass);
return r_u->status;
}
@@ -500,26 +516,28 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
{
uint32 status = NT_STATUS_NOPROBLEMO;
- NET_USER_INFO_3 *usr_info = NULL;
- DOM_CRED srv_cred;
- SAM_ACCOUNT *sampass = NULL;
+ NET_USER_INFO_3 *usr_info = NULL;
+ DOM_CRED srv_cred;
+ SAM_ACCOUNT *sampass = NULL;
uint16 acct_ctrl;
- UNISTR2 *uni_samlogon_user = NULL;
- fstring nt_username;
+ UNISTR2 *uni_samlogon_user = NULL;
+ fstring nt_username;
+ BOOL ret;
usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
if (!usr_info)
return NT_STATUS_NO_MEMORY;
+
ZERO_STRUCTP(usr_info);
- if (!get_valid_user_struct(p->vuid))
- return NT_STATUS_NO_SUCH_USER;
+ if (!get_valid_user_struct(p->vuid))
+ return NT_STATUS_NO_SUCH_USER;
- /* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))
- return NT_STATUS_INVALID_HANDLE;
- else
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+ /* checks and updates credentials. creates reply credentials */
+ if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))
+ return NT_STATUS_INVALID_HANDLE;
+ else
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
r_u->buffer_creds = 1; /* yes, we have valid server credentials */
memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
@@ -530,7 +548,7 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
r_u->auth_resp = 1; /* authoritative response */
r_u->switch_value = 3; /* indicates type of validation user info */
- /* find the username */
+ /* find the username */
switch (q_u->sam_id.logon_level) {
case INTERACTIVE_LOGON_TYPE:
@@ -560,18 +578,24 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
map_username(nt_username);
+ pdb_init_sam(&sampass);
+
/* get the account information */
become_root();
- sampass = pdb_getsampwnam(nt_username);
+ ret = pdb_getsampwnam(sampass, nt_username);
unbecome_root();
- if (sampass == NULL)
+ if (ret == False){
+ pdb_clear_sam(sampass);
return NT_STATUS_NO_SUCH_USER;
+ }
acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (acct_ctrl & ACB_DISABLED)
+ if (acct_ctrl & ACB_DISABLED) {
+ pdb_clear_sam(sampass);
return NT_STATUS_ACCOUNT_DISABLED;
+ }
/* Validate password - if required. */
@@ -588,8 +612,10 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
}
}
- if (status != NT_STATUS_NOPROBLEMO)
+ if (status != NT_STATUS_NOPROBLEMO) {
+ pdb_clear_sam(sampass);
return status;
+ }
/* lkclXXXX this is the point at which, if the login was
successful, that the SAM Local Security Authority should
@@ -633,7 +659,7 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
sam_logon_in_ssb = False;
- init_net_user_info3(p->mem_ctx, usr_info, sampass,
+ init_net_user_info3(p->mem_ctx, usr_info, sampass,
0, /* logon_count */
0, /* bad_pw_count */
num_gids, /* uint32 num_groups */
@@ -644,7 +670,7 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
my_workgroup, /* char *logon_dom */
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
- }
-
- return status;
+ }
+ pdb_clear_sam(sampass);
+ return status;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0654f24493..7060979ce4 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -370,27 +370,32 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
return False;
}
- if(!(sampass = pdb_getsampwnam(pipe_user_name))) {
+ pdb_init_sam(&sampass);
+
+ if(!pdb_getsampwnam(sampass, pipe_user_name)) {
DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
pipe_user_name));
+ pdb_clear_sam(sampass);
unbecome_root();
return False;
}
unbecome_root();
- /* Quit if the account was disabled. */
- if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) {
- DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
- return(False);
- }
+ /* Quit if the account was disabled. */
+ if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) {
+ DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
+ pdb_clear_sam(sampass);
+ return False;
+ }
- if(!pdb_get_nt_passwd(sampass)) {
- DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
- return(False);
- }
+ if(!pdb_get_nt_passwd(sampass)) {
+ DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
+ pdb_clear_sam(sampass);
+ return False;
+ }
- smb_passwd_ptr = pdb_get_lanman_passwd(sampass);
+ smb_passwd_ptr = pdb_get_lanman_passwd(sampass);
}
/*
@@ -454,6 +459,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
guest_user);
p->ntlmssp_auth_validated = True;
+
+ pdb_clear_sam(sampass);
return True;
}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index ca7be9831a..5012f0c483 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1284,86 +1284,55 @@ static BOOL api_samr_unknown_2d(pipes_struct *p)
static struct api_struct api_samr_cmds [] =
{
- {"SAMR_CLOSE_HND", SAMR_CLOSE_HND, api_samr_close_hnd},
- {"SAMR_CONNECT", SAMR_CONNECT, api_samr_connect},
- {"SAMR_CONNECT_ANON", SAMR_CONNECT_ANON, api_samr_connect_anon},
- {"SAMR_ENUM_DOMAINS", SAMR_ENUM_DOMAINS, api_samr_enum_domains},
- {"SAMR_ENUM_DOM_USERS", SAMR_ENUM_DOM_USERS, api_samr_enum_dom_users},
-
- {"SAMR_ENUM_DOM_GROUPS", SAMR_ENUM_DOM_GROUPS, api_samr_enum_dom_groups},
- {"SAMR_ENUM_DOM_ALIASES", SAMR_ENUM_DOM_ALIASES, api_samr_enum_dom_aliases},
- {"SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
- {"SAMR_QUERY_ALIASMEM", SAMR_QUERY_ALIASMEM, api_samr_query_aliasmem},
- {"SAMR_QUERY_GROUPMEM", SAMR_QUERY_GROUPMEM, api_samr_query_groupmem},
- {"SAMR_ADD_ALIASMEM", SAMR_ADD_ALIASMEM, api_samr_add_aliasmem},
- {"SAMR_DEL_ALIASMEM", SAMR_DEL_ALIASMEM, api_samr_del_aliasmem},
- {"SAMR_ADD_GROUPMEM", SAMR_ADD_GROUPMEM, api_samr_add_groupmem},
- {"SAMR_DEL_GROUPMEM", SAMR_DEL_GROUPMEM, api_samr_del_groupmem},
-
- {"SAMR_DELETE_DOM_USER", SAMR_DELETE_DOM_USER, api_samr_delete_dom_user},
- {"SAMR_DELETE_DOM_GROUP", SAMR_DELETE_DOM_GROUP, api_samr_delete_dom_group},
- {"SAMR_DELETE_DOM_ALIAS", SAMR_DELETE_DOM_ALIAS, api_samr_delete_dom_alias},
- {"SAMR_CREATE_DOM_GROUP", SAMR_CREATE_DOM_GROUP, api_samr_create_dom_group},
- {"SAMR_CREATE_DOM_ALIAS", SAMR_CREATE_DOM_ALIAS, api_samr_create_dom_alias},
- {"SAMR_LOOKUP_NAMES", SAMR_LOOKUP_NAMES, api_samr_lookup_names},
- {"SAMR_OPEN_USER", SAMR_OPEN_USER, api_samr_open_user},
- {"SAMR_QUERY_USERINFO", SAMR_QUERY_USERINFO, api_samr_query_userinfo},
- {"SAMR_SET_USERINFO", SAMR_SET_USERINFO, api_samr_set_userinfo},
- {"SAMR_SET_USERINFO2", SAMR_SET_USERINFO2, api_samr_set_userinfo2},
-
- {"SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info},
- {"SAMR_QUERY_USERGROUPS", SAMR_QUERY_USERGROUPS, api_samr_query_usergroups},
- {"SAMR_QUERY_DISPINFO", SAMR_QUERY_DISPINFO, api_samr_query_dispinfo},
- {"SAMR_QUERY_DISPINFO3", SAMR_QUERY_DISPINFO3, api_samr_query_dispinfo},
- {"SAMR_QUERY_DISPINFO4", SAMR_QUERY_DISPINFO4, api_samr_query_dispinfo},
-
- {"SAMR_QUERY_ALIASINFO", SAMR_QUERY_ALIASINFO, api_samr_query_aliasinfo},
- {"SAMR_QUERY_GROUPINFO", SAMR_QUERY_GROUPINFO, api_samr_query_groupinfo},
- {"SAMR_SET_GROUPINFO", SAMR_SET_GROUPINFO, api_samr_set_groupinfo},
- {"SAMR_CREATE_USER", SAMR_CREATE_USER, api_samr_create_user},
- {"SAMR_LOOKUP_RIDS", SAMR_LOOKUP_RIDS, api_samr_lookup_rids},
- {"SAMR_GET_DOM_PWINFO", SAMR_GET_DOM_PWINFO, api_samr_get_dom_pwinfo},
- {"SAMR_CHGPASSWD_USER", SAMR_CHGPASSWD_USER, api_samr_chgpasswd_user},
- {"SAMR_OPEN_ALIAS", SAMR_OPEN_ALIAS, api_samr_open_alias},
- {"SAMR_OPEN_GROUP", SAMR_OPEN_GROUP, api_samr_open_group},
- {"SAMR_OPEN_DOMAIN", SAMR_OPEN_DOMAIN, api_samr_open_domain},
- {"SAMR_UNKNOWN_2D", SAMR_UNKNOWN_2D, api_samr_unknown_2d},
- {"SAMR_LOOKUP_DOMAIN", SAMR_LOOKUP_DOMAIN, api_samr_lookup_domain},
-
- {"SAMR_QUERY_SEC_OBJECT", SAMR_QUERY_SEC_OBJECT, api_samr_query_sec_obj},
- {"SAMR_GET_USRDOM_PWINFO", SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
- {NULL, 0, NULL}
-
-#if 0
-
- { "SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd },
- { "SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect },
- { "SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon },
- { "SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users },
- { "SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
- { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
- { "SAMR_LOOKUP_IDS" , SAMR_LOOKUP_IDS , api_samr_lookup_ids },
- { "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
- { "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
- { "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
- { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info },
- { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
- { "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
- { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
- { "SAMR_CREATE_USER" , SAMR_CREATE_USER , api_samr_create_user },
- { "SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids },
- { "SAMR_UNKNOWN_38" , SAMR_UNKNOWN_38 , api_samr_unknown_38 },
- { "SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user },
- { "SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
- { "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
- { "SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
- { "SAMR_GET_USRDOM_PWINFO", SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
- { "SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
- { "SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains },
- { "SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo },
- { "SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 },
- { NULL , 0 , NULL }
-#endif
+ {"SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd },
+ {"SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect },
+ {"SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon },
+ {"SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains },
+ {"SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users },
+
+ {"SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
+ {"SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
+ {"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
+ {"SAMR_QUERY_ALIASMEM" , SAMR_QUERY_ALIASMEM , api_samr_query_aliasmem },
+ {"SAMR_QUERY_GROUPMEM" , SAMR_QUERY_GROUPMEM , api_samr_query_groupmem },
+ {"SAMR_ADD_ALIASMEM" , SAMR_ADD_ALIASMEM , api_samr_add_aliasmem },
+ {"SAMR_DEL_ALIASMEM" , SAMR_DEL_ALIASMEM , api_samr_del_aliasmem },
+ {"SAMR_ADD_GROUPMEM" , SAMR_ADD_GROUPMEM , api_samr_add_groupmem },
+ {"SAMR_DEL_GROUPMEM" , SAMR_DEL_GROUPMEM , api_samr_del_groupmem },
+
+ {"SAMR_DELETE_DOM_USER" , SAMR_DELETE_DOM_USER , api_samr_delete_dom_user },
+ {"SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
+ {"SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
+ {"SAMR_CREATE_DOM_GROUP" , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
+ {"SAMR_CREATE_DOM_ALIAS" , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
+ {"SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
+ {"SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
+ {"SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
+ {"SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo },
+ {"SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 },
+
+ {"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info },
+ {"SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
+ {"SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
+ {"SAMR_QUERY_DISPINFO3" , SAMR_QUERY_DISPINFO3 , api_samr_query_dispinfo },
+ {"SAMR_QUERY_DISPINFO4" , SAMR_QUERY_DISPINFO4 , api_samr_query_dispinfo },
+
+ {"SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
+ {"SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo },
+ {"SAMR_SET_GROUPINFO" , SAMR_SET_GROUPINFO , api_samr_set_groupinfo },
+ {"SAMR_CREATE_USER" , SAMR_CREATE_USER , api_samr_create_user },
+ {"SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids },
+ {"SAMR_GET_DOM_PWINFO" , SAMR_GET_DOM_PWINFO , api_samr_get_dom_pwinfo },
+ {"SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user },
+ {"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
+ {"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group },
+ {"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
+ {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d },
+ {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
+
+ {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
+ {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
+ {NULL , 0 , NULL }
};
/*******************************************************************
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7054f85ff9..38b4bbd0a9 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -74,15 +74,13 @@ static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int num_entries)
}
}
-static void samr_clear_sam_passwd( SAM_ACCOUNT *sam_pass)
+static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
{
if (!sam_pass)
return;
- if (sam_pass->lm_pw)
- memset(sam_pass->lm_pw, '\0', 16);
- if (sam_pass->nt_pw)
- memset(sam_pass->nt_pw, '\0', 16);
+ memset(sam_pass->lm_pw, '\0', 16);
+ memset(sam_pass->nt_pw, '\0', 16);
}
/*******************************************************************
@@ -94,20 +92,24 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
int *total_entries, int *num_entries,
int max_num_entries, uint16 acb_mask)
{
- SAM_ACCOUNT *pwd = NULL;
+ SAM_ACCOUNT *pwd = NULL;
+ BOOL ret;
+
+ (*num_entries) = 0;
+ (*total_entries) = 0;
- (*num_entries) = 0;
- (*total_entries) = 0;
+ if (pw_buf == NULL)
+ return False;
- if (pw_buf == NULL)
- return False;
+ pdb_init_sam(&pwd);
if (!pdb_setsampwent(False)) {
- DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
- return False;
- }
+ DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
+ pdb_clear_sam(pwd);
+ return False;
+ }
- while (((pwd = pdb_getsampwent()) != NULL) && (*num_entries) < max_num_entries) {
+ while (((ret = pdb_getsampwent(pwd)) != False) && (*num_entries) < max_num_entries) {
int user_name_len;
if (start_idx > 0) {
@@ -143,29 +145,35 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
(*total_entries)++;
}
- pdb_endsampwent();
+ pdb_endsampwent();
+ pdb_clear_sam(pwd);
- return (*num_entries) > 0;
+ return (*num_entries) > 0;
}
static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
int *total_entries, uint32 *num_entries,
int max_num_entries, uint16 acb_mask)
{
- SAM_ACCOUNT *pwd = NULL;
+ SAM_ACCOUNT *pwd = NULL;
*num_entries = 0;
*total_entries = 0;
if (pw_buf == NULL)
return False;
+
+ DEBUG(10,("jf_get_sampwd_entries: start index:%d, max entries:%d, mask:%d\n",
+ start_idx, max_num_entries, acb_mask));
if (!pdb_setsampwent(False)) {
- DEBUG(0, ("jf_get_sampwd_entries: Unable to open passdb.\n"));
- return False;
- }
+ DEBUG(0, ("jf_get_sampwd_entries: Unable to open passdb.\n"));
+ return False;
+ }
+
+ pdb_init_sam(&pwd);
- while (((pwd = pdb_getsampwent()) != NULL) && (*num_entries) < max_num_entries) {
+ while ((pdb_getsampwent(pwd) != False) && (*num_entries) < max_num_entries) {
int user_name_len;
int full_name_len;
@@ -194,19 +202,23 @@ static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
/* Now check if the NT compatible password is available. */
- if (pdb_get_nt_passwd(pwd))
- memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
+ if (pdb_get_nt_passwd(pwd))
+ memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd);
DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x\n", (*num_entries),
pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) ));
+
(*num_entries)++;
}
- pdb_endsampwent();
+ pdb_endsampwent();
*total_entries = *num_entries;
+
+ pdb_clear_sam(pwd);
+
return True;
}
@@ -756,35 +768,42 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
Get the group entries - similar to get_sampwd_entries().
********************************************************************/
-static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 start_idx,
+static BOOL get_group_alias_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries)
{
fstring sid_str;
- fstring sam_sid_str;
uint32 num_entries = 0;
+ int i;
+ GROUP_MAP smap;
+ GROUP_MAP *map;
sid_to_string(sid_str, sid);
- sid_to_string(sam_sid_str, &global_sam_sid);
+ DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str));
*p_num_entries = 0;
/* well-known aliases */
- if (strequal(sid_str, "S-1-5-32")) {
- char *name;
- while (!lp_hide_local_users() &&
- num_entries < max_entries &&
- ((name = builtin_alias_rids[num_entries].name) != NULL)) {
-
- fstrcpy(d_grp[num_entries].name, name);
- d_grp[num_entries].rid = builtin_alias_rids[num_entries].rid;
+ if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
+
+ enum_group_mapping(SID_NAME_WKN_GRP, &map, &num_entries, ENUM_ONLY_MAPPED);
+
+ *d_grp=(DOMAIN_GRP *)malloc(num_entries*sizeof(DOMAIN_GRP));
+ if (*d_grp==NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ for(i=0; i<num_entries && i<max_entries; i++) {
+ fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
+ sid_split_rid(&map[i].sid, &(*d_grp)[i].rid);
- num_entries++;
}
- } else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users()) {
- char *name;
+
+ safe_free(map);
+
+ } else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) {
char *sep;
struct group *grp;
-
+ fstring sid_string;
+
sep = lp_winbind_separator();
/* local aliases */
@@ -796,26 +815,29 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
while (num_entries < max_entries && ((grp = getgrent()) != NULL)) {
int i;
uint32 trid;
- name = grp->gr_name;
+
+ if(!get_group_from_gid(grp->gr_gid, &smap))
+ continue;
+
+ if (smap.sid_name_use!=SID_NAME_ALIAS)
+ continue;
- DEBUG(10,("get_group_alias_entries: got group %s\n", name ));
+ sid_split_rid(&smap.sid, &trid);
/* Don't return winbind groups as they are not local! */
-
- if (strchr(name, *sep) != NULL) {
- DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", name ));
+ if (strchr(smap.nt_name, *sep) != NULL) {
+ DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
continue;
}
/* Don't return user private groups... */
- if (Get_Pwnam(name, False) != 0) {
- DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", name ));
- continue;
+ if (Get_Pwnam(smap.nt_name, False) != 0) {
+ DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
+ continue;
}
- trid = pdb_gid_to_group_rid(grp->gr_gid);
for( i = 0; i < num_entries; i++)
- if ( d_grp[i].rid == trid ) break;
+ if ( (*d_grp)[i].rid == trid ) break;
if ( i < num_entries )
continue; /* rid was there, dup! */
@@ -830,8 +852,12 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
continue;
}
- fstrcpy(d_grp[num_entries].name, name);
- d_grp[num_entries].rid = trid;
+ *d_grp=Realloc(*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
+ if (*d_grp==NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ fstrcpy((*d_grp)[num_entries].name, smap.nt_name);
+ (*d_grp)[num_entries].rid = trid;
num_entries++;
}
@@ -847,31 +873,29 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
Get the group entries - similar to get_sampwd_entries().
********************************************************************/
-static BOOL get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 start_idx,
+static BOOL get_group_domain_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries)
{
- fstring sid_str;
- fstring sam_sid_str;
+ GROUP_MAP *map=NULL;
+ int i;
uint32 num_entries = 0;
- fstring name="Domain Admins";
- fstring comment="Just to make it work !";
-
- sid_to_string(sid_str, sid);
- sid_to_string(sam_sid_str, &global_sam_sid);
*p_num_entries = 0;
- fstrcpy(d_grp[0].name, name);
- fstrcpy(d_grp[0].comment, comment);
- d_grp[0].rid = DOMAIN_GROUP_RID_ADMINS;
- d_grp[0].attr=SID_NAME_DOM_GRP;
+ enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED);
- fstrcpy(d_grp[1].name, "Domain Users");
- fstrcpy(d_grp[1].comment, "Just to make it work !");
- d_grp[1].rid = DOMAIN_GROUP_RID_USERS;
- d_grp[1].attr=SID_NAME_DOM_GRP;
+ *d_grp=(DOMAIN_GRP *)malloc(num_entries*sizeof(DOMAIN_GRP));
+ if (*d_grp==NULL)
+ return False;
+
+ for (i=0; i<num_entries; i++) {
+ fstrcpy((*d_grp)[i].name, map[i].nt_name);
+ fstrcpy((*d_grp)[i].comment, map[i].comment);
+ sid_split_rid(&map[i].sid, &(*d_grp)[i].rid);
+ (*d_grp)[i].attr=SID_NAME_DOM_GRP;
+ }
- num_entries = 2;
+ safe_free(map);
*p_num_entries = num_entries;
@@ -886,7 +910,7 @@ static BOOL get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 sta
uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u)
{
- DOMAIN_GRP grp[2];
+ DOMAIN_GRP *grp=NULL;
uint32 num_entries;
DOM_SID sid;
@@ -897,10 +921,13 @@ uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_
DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
- get_group_domain_entries(grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
+ /* the domain group array is being allocated in the function below */
+ get_group_domain_entries(&grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp);
+ safe_free(grp);
+
init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_entries);
DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
@@ -915,7 +942,7 @@ uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_
uint32 _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u)
{
- DOMAIN_GRP grp[MAX_SAM_ENTRIES];
+ DOMAIN_GRP *grp=NULL;
uint32 num_entries = 0;
fstring sid_str;
DOM_SID sid;
@@ -928,11 +955,13 @@ uint32 _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAM
sid_to_string(sid_str, &sid);
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
- if (!get_group_alias_entries(grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES))
+ if (!get_group_alias_entries(&grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES))
return NT_STATUS_ACCESS_DENIED;
make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp);
+ safe_free(grp);
+
init_samr_r_enum_dom_aliases(r_u, q_u->start_idx, num_entries);
DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
@@ -947,12 +976,12 @@ uint32 _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAM
uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_QUERY_DISPINFO *r_u)
{
SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
- DOMAIN_GRP grps[MAX_SAM_ENTRIES];
+ DOMAIN_GRP *grps=NULL;
uint16 acb_mask = ACB_NORMAL;
- uint32 num_entries = 0;
- int orig_num_entries = 0;
- int total_entries = 0;
- uint32 data_size = 0;
+ uint32 num_entries = 0;
+ int orig_num_entries = 0;
+ int total_entries = 0;
+ uint32 data_size = 0;
DOM_SID sid;
BOOL ret;
SAM_DISPINFO_CTR *ctr;
@@ -1001,7 +1030,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
break;
case 0x3:
case 0x5:
- ret = get_group_domain_entries(grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
+ ret = get_group_domain_entries(&grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
if (!ret)
return NT_STATUS_ACCESS_DENIED;
break;
@@ -1040,6 +1069,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
case 0x3:
ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_3));
init_sam_dispinfo_3(ctr->sam.info3, &num_entries, &data_size, q_u->start_idx, grps);
+ safe_free(grps);
break;
case 0x4:
ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_4));
@@ -1048,6 +1078,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
case 0x5:
ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_5));
init_sam_dispinfo_5(ctr->sam.info5, &num_entries, &data_size, q_u->start_idx, grps);
+ safe_free(grps);
break;
default:
ctr->sam.info = NULL;
@@ -1368,49 +1399,53 @@ uint32 _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP
uint32 _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u)
{
- SAM_ACCOUNT *sampass;
- DOM_SID sid;
- POLICY_HND domain_pol = q_u->domain_pol;
- uint32 user_rid = q_u->user_rid;
- POLICY_HND *user_pol = &r_u->user_pol;
+ SAM_ACCOUNT *sampass=NULL;
+ DOM_SID sid;
+ POLICY_HND domain_pol = q_u->domain_pol;
+ uint32 user_rid = q_u->user_rid;
+ POLICY_HND *user_pol = &r_u->user_pol;
struct samr_info *info = NULL;
+ BOOL ret;
- r_u->status = NT_STATUS_NO_PROBLEMO;
+ r_u->status = NT_STATUS_NO_PROBLEMO;
- /* find the domain policy handle. */
- if (!find_policy_by_hnd(p, &domain_pol, NULL))
- return NT_STATUS_INVALID_HANDLE;
+ /* find the domain policy handle. */
+ if (!find_policy_by_hnd(p, &domain_pol, NULL))
+ return NT_STATUS_INVALID_HANDLE;
- become_root();
- sampass = pdb_getsampwrid(user_rid);
- unbecome_root();
+ become_root();
+ ret=pdb_getsampwrid(sampass, user_rid);
+ unbecome_root();
- /* check that the RID exists in our domain. */
- if (sampass == NULL)
- return NT_STATUS_NO_SUCH_USER;
+ /* check that the RID exists in our domain. */
+ if (ret == False) {
+ pdb_clear_sam(sampass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
samr_clear_sam_passwd(sampass);
+ pdb_clear_sam(sampass);
- /* Get the domain SID stored in the domain policy */
- if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
- return NT_STATUS_INVALID_HANDLE;
+ /* Get the domain SID stored in the domain policy */
+ if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
+ return NT_STATUS_INVALID_HANDLE;
- /* append the user's RID to it */
- if(!sid_append_rid(&sid, user_rid))
- return NT_STATUS_NO_SUCH_USER;
+ /* append the user's RID to it */
+ if(!sid_append_rid(&sid, user_rid))
+ return NT_STATUS_NO_SUCH_USER;
- /* associate the user's SID with the new handle. */
- if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
- return NT_STATUS_NO_MEMORY;
+ /* associate the user's SID with the new handle. */
+ if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
+ return NT_STATUS_NO_MEMORY;
- ZERO_STRUCTP(info);
- info->sid = sid;
+ ZERO_STRUCTP(info);
+ info->sid = sid;
- /* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ /* get a (unique) handle. open a policy on it. */
+ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return r_u->status;
}
/*************************************************************************
@@ -1419,27 +1454,34 @@ uint32 _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_U
static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
{
- SAM_ACCOUNT *smbpass;
+ SAM_ACCOUNT *smbpass=NULL;
+ BOOL ret;
- if (!pdb_rid_is_user(user_rid)) {
- DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
- return False;
- }
+ if (!pdb_rid_is_user(user_rid)) {
+ DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
+ return False;
+ }
- become_root();
- smbpass = pdb_getsampwrid(user_rid);
- unbecome_root();
+ pdb_init_sam(&smbpass);
- if (smbpass == NULL) {
- DEBUG(4,("User 0x%x not found\n", user_rid));
- return False;
- }
+ become_root();
+ ret = pdb_getsampwrid(smbpass, user_rid);
+ unbecome_root();
+
+ if (ret==False) {
+ DEBUG(4,("User 0x%x not found\n", user_rid));
+ pdb_clear_sam(smbpass);
+ return False;
+ }
+
+ DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
- DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+ init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) );
- init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) );
+ samr_clear_sam_passwd(smbpass);
+ pdb_clear_sam(smbpass);
- return True;
+ return True;
}
/*************************************************************************
@@ -1450,7 +1492,8 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
static uint32 get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32 user_rid)
{
- SAM_ACCOUNT *smbpass;
+ SAM_ACCOUNT *smbpass=NULL;
+ BOOL ret;
if (!p->ntlmssp_auth_validated)
return NT_STATUS_ACCESS_DENIED;
@@ -1461,20 +1504,26 @@ static uint32 get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32
/*
* Do *NOT* do become_root()/unbecome_root() here ! JRA.
*/
+ pdb_init_sam(&smbpass);
- smbpass = pdb_getsampwrid(user_rid);
+ ret = pdb_getsampwrid(smbpass, user_rid);
- if (smbpass == NULL) {
+ if (ret == False) {
DEBUG(4, ("User 0x%x not found\n", user_rid));
+ pdb_clear_sam(smbpass);
return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
}
- DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) ));
+ DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) ));
- if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED)
- return NT_STATUS_ACCOUNT_DISABLED;
+ if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) {
+ pdb_clear_sam(smbpass);
+ return NT_STATUS_ACCOUNT_DISABLED;
+ }
init_sam_user_info12(id12, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
+
+ pdb_clear_sam(smbpass);
return NT_STATUS_NOPROBLEMO;
}
@@ -1485,29 +1534,33 @@ static uint32 get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32
static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
{
- SAM_ACCOUNT *sampass;
+ SAM_ACCOUNT *sampass=NULL;
+ BOOL ret;
- if (!pdb_rid_is_user(user_rid)) {
- DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
- return False;
- }
+ if (!pdb_rid_is_user(user_rid)) {
+ DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
+ return False;
+ }
- become_root();
- sampass = pdb_getsampwrid(user_rid);
- unbecome_root();
+ become_root();
+ ret = pdb_getsampwrid(sampass, user_rid);
+ unbecome_root();
- if (sampass == NULL) {
- DEBUG(4,("User 0x%x not found\n", user_rid));
- return False;
- }
+ if (ret == False) {
+ DEBUG(4,("User 0x%x not found\n", user_rid));
+ pdb_clear_sam(sampass);
+ return False;
+ }
samr_clear_sam_passwd(sampass);
- DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
init_sam_user_info21A(id21, sampass);
+
+ pdb_clear_sam(sampass);
- return True;
+ return True;
}
/*******************************************************************
@@ -1610,44 +1663,49 @@ uint32 _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_
uint32 _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
{
- struct sam_passwd *sam_pass;
- DOM_GID *gids = NULL;
- int num_groups = 0;
- pstring groups;
- uint32 rid;
+ struct sam_passwd *sam_pass=NULL;
+ DOM_GID *gids = NULL;
+ int num_groups = 0;
+ pstring groups;
+ uint32 rid;
struct samr_info *info = NULL;
+ BOOL ret;
- r_u->status = NT_STATUS_NO_PROBLEMO;
+ r_u->status = NT_STATUS_NO_PROBLEMO;
- DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+ DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
- /* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
+ /* find the policy handle. open a policy on it. */
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
- /* find the user's rid */
- if ((rid = get_lsa_policy_samr_rid(info)) == 0xffffffff)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ /* find the user's rid */
+ if ((rid = get_lsa_policy_samr_rid(info)) == 0xffffffff)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
- become_root();
- sam_pass = pdb_getsampwrid(rid);
- unbecome_root();
+ pdb_init_sam(&sam_pass);
- if (sam_pass == NULL)
- return NT_STATUS_NO_SUCH_USER;
+ become_root();
+ ret = pdb_getsampwrid(sam_pass, rid);
+ unbecome_root();
- samr_clear_sam_passwd(sam_pass);
+ if (ret == False) {
+ samr_clear_sam_passwd(sam_pass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
- get_domain_user_groups(groups, pdb_get_username(sam_pass));
- gids = NULL;
- num_groups = make_dom_gids(p->mem_ctx, groups, &gids);
+ get_domain_user_groups(groups, pdb_get_username(sam_pass));
+ gids = NULL;
+ num_groups = make_dom_gids(p->mem_ctx, groups, &gids);
- /* construct the response. lkclXXXX: gids are not copied! */
- init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status);
+ /* construct the response. lkclXXXX: gids are not copied! */
+ init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status);
- DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+ DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+
+ samr_clear_sam_passwd(sam_pass);
- return r_u->status;
+ return r_u->status;
}
/*******************************************************************
@@ -1708,111 +1766,124 @@ uint32 _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR
uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u)
{
- SAM_ACCOUNT *sam_pass;
- fstring mach_acct;
- pstring err_str;
- pstring msg_str;
- int local_flags=0;
- DOM_SID sid;
- pstring add_script;
- POLICY_HND dom_pol = q_u->domain_pol;
- UNISTR2 user_account = q_u->uni_name;
- uint16 acb_info = q_u->acb_info;
- POLICY_HND *user_pol = &r_u->user_pol;
+ SAM_ACCOUNT *sam_pass=NULL;
+ fstring mach_acct;
+ pstring err_str;
+ pstring msg_str;
+ int local_flags=0;
+ DOM_SID sid;
+ pstring add_script;
+ POLICY_HND dom_pol = q_u->domain_pol;
+ UNISTR2 user_account = q_u->uni_name;
+ uint16 acb_info = q_u->acb_info;
+ POLICY_HND *user_pol = &r_u->user_pol;
struct samr_info *info = NULL;
+ BOOL ret;
- /* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &dom_pol, NULL))
- return NT_STATUS_INVALID_HANDLE;
+ /* find the policy handle. open a policy on it. */
+ if (!find_policy_by_hnd(p, &dom_pol, NULL))
+ return NT_STATUS_INVALID_HANDLE;
- /* find the machine account: tell the caller if it exists.
- lkclXXXX i have *no* idea if this is a problem or not
- or even if you are supposed to construct a different
- reply if the account already exists...
- */
-
- fstrcpy(mach_acct, dos_unistrn2(user_account.buffer, user_account.uni_str_len));
- strlower(mach_acct);
-
- become_root();
- sam_pass = pdb_getsampwnam(mach_acct);
- unbecome_root();
- if (sam_pass != NULL) {
- /* machine account exists: say so */
- return NT_STATUS_USER_EXISTS;
- }
+ /* find the machine account: tell the caller if it exists.
+ lkclXXXX i have *no* idea if this is a problem or not
+ or even if you are supposed to construct a different
+ reply if the account already exists...
+ */
- local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD;
- local_flags|= (acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0;
-
- /*
- * NB. VERY IMPORTANT ! This call must be done as the current pipe user,
- * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures
- * that only people with write access to the smbpasswd file will be able
- * to create a user. JRA.
- */
-
- /*
- * add the user in the /etc/passwd file or the unix authority system.
- * We don't check if the smb_create_user() function succed or not for 2 reasons:
- * a) local_password_change() checks for us if the /etc/passwd account really exists
- * b) smb_create_user() would return an error if the account already exists
- * and as it could return an error also if it can't create the account, it would be tricky.
- *
- * So we go the easy way, only check after if the account exists.
- * JFM (2/3/2001), to clear any possible bad understanding (-:
- */
-
- pstrcpy(add_script, lp_adduser_script());
-
- if(*add_script)
- smb_create_user(mach_acct, NULL);
-
- /* add the user in the smbpasswd file or the Samba authority database */
- if (!local_password_change(mach_acct, local_flags, NULL, err_str,
- sizeof(err_str), msg_str, sizeof(msg_str)))
- {
- DEBUG(0, ("%s\n", err_str));
- close_policy_hnd(p, user_pol);
- return NT_STATUS_ACCESS_DENIED;
- }
+ fstrcpy(mach_acct, dos_unistrn2(user_account.buffer, user_account.uni_str_len));
+ strlower(mach_acct);
- become_root();
- sam_pass = pdb_getsampwnam(mach_acct);
- unbecome_root();
- if (sam_pass == NULL) {
- /* account doesn't exist: say so */
- close_policy_hnd(p, user_pol);
- return NT_STATUS_ACCESS_DENIED;
- }
+ pdb_init_sam(&sam_pass);
- /* Get the domain SID stored in the domain policy */
- if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
- close_policy_hnd(p, user_pol);
- return NT_STATUS_INVALID_HANDLE;
- }
+ become_root();
+ ret = pdb_getsampwnam(sam_pass, mach_acct);
+ unbecome_root();
+ if (ret == True) {
+ /* machine account exists: say so */
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_USER_EXISTS;
+ }
- /* append the user's RID to it */
- if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
- close_policy_hnd(p, user_pol);
- return NT_STATUS_NO_SUCH_USER;
- }
+ local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD;
+ local_flags|= (acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0;
- /* associate the user's SID with the new handle. */
- if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
- return NT_STATUS_NO_MEMORY;
+ /*
+ * NB. VERY IMPORTANT ! This call must be done as the current pipe user,
+ * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures
+ * that only people with write access to the smbpasswd file will be able
+ * to create a user. JRA.
+ */
- ZERO_STRUCTP(info);
- info->sid = sid;
+ /*
+ * add the user in the /etc/passwd file or the unix authority system.
+ * We don't check if the smb_create_user() function succed or not for 2 reasons:
+ * a) local_password_change() checks for us if the /etc/passwd account really exists
+ * b) smb_create_user() would return an error if the account already exists
+ * and as it could return an error also if it can't create the account, it would be tricky.
+ *
+ * So we go the easy way, only check after if the account exists.
+ * JFM (2/3/2001), to clear any possible bad understanding (-:
+ */
- /* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ pstrcpy(add_script, lp_adduser_script());
+
+ if(*add_script)
+ smb_create_user(mach_acct, NULL);
+
+ /* add the user in the smbpasswd file or the Samba authority database */
+ if (!local_password_change(mach_acct, local_flags, NULL, err_str,
+ sizeof(err_str), msg_str, sizeof(msg_str))) {
+ DEBUG(0, ("%s\n", err_str));
+ close_policy_hnd(p, user_pol);
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ become_root();
+ ret = pdb_getsampwnam(sam_pass, mach_acct);
+ unbecome_root();
+ if (ret == False) {
+ /* account doesn't exist: say so */
+ close_policy_hnd(p, user_pol);
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /* Get the domain SID stored in the domain policy */
+ if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
+ close_policy_hnd(p, user_pol);
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* append the user's RID to it */
+ if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
+ close_policy_hnd(p, user_pol);
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* associate the user's SID with the new handle. */
+ if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) {
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(info);
+ info->sid = sid;
+
+ /* get a (unique) handle. open a policy on it. */
+ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) {
+ pdb_clear_sam(sam_pass);
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
- r_u->user_rid=sam_pass->user_rid;
- r_u->unknown_0 = 0x000703ff;
+ r_u->user_rid=sam_pass->user_rid;
+ r_u->unknown_0 = 0x000703ff;
- return NT_STATUS_NO_PROBLEMO;
+ pdb_clear_sam(sam_pass);
+
+ return NT_STATUS_NO_PROBLEMO;
}
/*******************************************************************
@@ -1998,21 +2069,32 @@ uint32 _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN
static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
{
- SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT *pwd =NULL;
+ BOOL ret;
+
+ pdb_init_sam(&pwd);
+
+ ret = pdb_getsampwrid(pwd, rid);
+
+ if(ret==False) {
+ pdb_clear_sam(pwd);
+ return False;
+ }
if (id10 == NULL) {
DEBUG(5, ("set_user_info_10: NULL id10\n"));
+ pdb_clear_sam(pwd);
return False;
}
- pwd = pdb_getsampwrid(rid);
- if (!pwd)
- return False;
-
pdb_set_acct_ctrl(pwd, id10->acb_info);
- if(!pdb_update_sam_account(pwd, True))
+ if(!pdb_update_sam_account(pwd, True)) {
+ pdb_clear_sam(pwd);
return False;
+ }
+
+ pdb_clear_sam(pwd);
return True;
}
@@ -2023,22 +2105,31 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
{
- SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
-
- if (pwd == NULL)
+ SAM_ACCOUNT *pwd = NULL;
+ BOOL ret;
+
+ pdb_init_sam(&pwd);
+
+ if(!pdb_getsampwrid(pwd, rid)) {
+ pdb_clear_sam(pwd);
return False;
-
+ }
+
if (id12 == NULL) {
DEBUG(2, ("set_user_info_12: id12 is NULL\n"));
+ pdb_clear_sam(pwd);
return False;
}
pdb_set_lanman_passwd (pwd, id12->lm_pwd);
pdb_set_nt_passwd (pwd, id12->nt_pwd);
- if(!pdb_update_sam_account(pwd, True))
+ if(!pdb_update_sam_account(pwd, True)) {
+ pdb_clear_sam(pwd);
return False;
-
+ }
+
+ pdb_clear_sam(pwd);
return True;
}
@@ -2048,21 +2139,26 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
{
- SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
- SAM_ACCOUNT new_pwd;
+ SAM_ACCOUNT *pwd = NULL;
+ SAM_ACCOUNT *new_pwd = NULL;
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
return False;
}
- if (pwd == NULL)
+ pdb_init_sam(&pwd);
+ pdb_init_sam(&new_pwd);
+
+ if (!pdb_getsampwrid(pwd, rid)) {
+ pdb_clear_sam(pwd);
+ pdb_clear_sam(new_pwd);
return False;
+ }
/* we make a copy so that we can modify stuff */
- ZERO_STRUCT(new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
- copy_id21_to_sam_passwd(&new_pwd, id21);
+ copy_sam_passwd(new_pwd, pwd);
+ copy_id21_to_sam_passwd(new_pwd, id21);
/*
* The funny part about the previous two calls is
@@ -2072,9 +2168,15 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
*/
/* write the change out */
- if(!pdb_update_sam_account(&new_pwd, True))
+ if(!pdb_update_sam_account(new_pwd, True)) {
+ pdb_clear_sam(pwd);
+ pdb_clear_sam(new_pwd);
return False;
-
+ }
+
+ pdb_clear_sam(pwd);
+ pdb_clear_sam(new_pwd);
+
return True;
}
@@ -2084,33 +2186,42 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
{
- SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
- SAM_ACCOUNT new_pwd;
- uint8 nt_hash[16];
- uint8 lm_hash[16];
- pstring buf;
- uint32 len;
+ SAM_ACCOUNT *pwd = NULL;
+ SAM_ACCOUNT *new_pwd = NULL;
+ uint8 nt_hash[16];
+ uint8 lm_hash[16];
+ pstring buf;
+ uint32 len;
uint16 acct_ctrl;
- if (id23 == NULL) {
- DEBUG(5, ("set_user_info_23: NULL id23\n"));
- return False;
- }
+ if (id23 == NULL) {
+ DEBUG(5, ("set_user_info_23: NULL id23\n"));
+ return False;
+ }
- if (pwd == NULL)
- return False;
+ pdb_init_sam(&pwd);
+ pdb_init_sam(&new_pwd);
- acct_ctrl = pdb_get_acct_ctrl(pwd);
+ if (pdb_getsampwrid(pwd, rid)) {
+ pdb_clear_sam(pwd);
+ pdb_clear_sam(new_pwd);
+ return False;
+ }
- ZERO_STRUCT (new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
- copy_id23_to_sam_passwd(&new_pwd, id23);
+ acct_ctrl = pdb_get_acct_ctrl(pwd);
+
+ copy_sam_passwd(new_pwd, pwd);
+ pdb_clear_sam(pwd);
+
+ copy_id23_to_sam_passwd(new_pwd, id23);
- if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len, nt_hash, lm_hash))
- return False;
+ if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len, nt_hash, lm_hash)) {
+ pdb_clear_sam(new_pwd);
+ return False;
+ }
- pdb_set_lanman_passwd (&new_pwd, lm_hash);
- pdb_set_nt_passwd (&new_pwd, nt_hash);
+ pdb_set_lanman_passwd (new_pwd, lm_hash);
+ pdb_set_nt_passwd (new_pwd, nt_hash);
/* if it's a trust account, don't update /etc/passwd */
if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
@@ -2118,19 +2229,24 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account password, not updating /etc/passwd\n"));
} else {
- /* update the UNIX password */
/* update the UNIX password */
if (lp_unix_password_sync() )
- if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True))
+ if(!chgpasswd(pdb_get_username(new_pwd), "", buf, True)) {
+ pdb_clear_sam(new_pwd);
return False;
+ }
}
- memset(buf, 0, sizeof(buf));
+ memset(buf, 0, sizeof(buf));
- if(!pdb_update_sam_account(&new_pwd, True))
- return False;
+ if(!pdb_update_sam_account(new_pwd, True)) {
+ pdb_clear_sam(new_pwd);
+ return False;
+ }
- return True;
+ pdb_clear_sam(new_pwd);
+
+ return True;
}
/*******************************************************************
@@ -2139,23 +2255,29 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
{
- SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT *pwd = NULL;
uchar nt_hash[16];
uchar lm_hash[16];
uint32 len;
pstring buf;
uint16 acct_ctrl;
- if (pwd == NULL)
- return False;
+ pdb_init_sam(&pwd);
+ if (!pdb_getsampwrid(pwd, rid)) {
+ pdb_clear_sam(pwd);
+ return False;
+ }
+
acct_ctrl = pdb_get_acct_ctrl(pwd);
memset(buf, 0, sizeof(buf));
- if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len, nt_hash, lm_hash))
+ if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len, nt_hash, lm_hash)) {
+ pdb_clear_sam(pwd);
return False;
-
+ }
+
pdb_set_lanman_passwd (pwd, lm_hash);
pdb_set_nt_passwd (pwd, nt_hash);
@@ -2167,19 +2289,25 @@ static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
} else {
/* update the UNIX password */
if (lp_unix_password_sync())
- if(!chgpasswd(pdb_get_username(pwd), "", buf, True))
+ if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) {
+ pdb_clear_sam(pwd);
return False;
+ }
}
- memset(buf, 0, sizeof(buf));
-
- DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n"));
+ memset(buf, 0, sizeof(buf));
- /* update the SAMBA password */
- if(!pdb_update_sam_account(pwd, True))
- return False;
+ DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n"));
- return True;
+ /* update the SAMBA password */
+ if(!pdb_update_sam_account(pwd, True)) {
+ pdb_clear_sam(pwd);
+ return False;
+ }
+
+ pdb_clear_sam(pwd);
+
+ return True;
}
/*******************************************************************
@@ -2191,11 +2319,12 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_
uint32 rid = 0x0;
DOM_SID sid;
struct current_user user;
- SAM_ACCOUNT *sam_pass;
+ SAM_ACCOUNT *sam_pass=NULL;
unsigned char sess_key[16];
POLICY_HND *pol = &q_u->pol;
uint16 switch_value = q_u->switch_value;
SAM_USERINFO_CTR *ctr = q_u->ctr;
+ BOOL ret;
DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
@@ -2222,6 +2351,8 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_
}
+ pdb_init_sam(&sam_pass);
+
/*
* We need the NT hash of the user who is changing the user's password.
* This NT hash is used to generate a "user session key"
@@ -2229,16 +2360,19 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_
*/
become_root();
- sam_pass = pdb_getsampwuid(user.uid);
+ ret = pdb_getsampwuid(sam_pass, user.uid);
unbecome_root();
- if(sam_pass == NULL) {
+ if(ret == False) {
DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid ));
+ pdb_clear_sam(sam_pass);
return NT_STATUS_ACCESS_DENIED;
}
memset(sess_key, '\0', 16);
mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16);
+ pdb_clear_sam(sam_pass);
+
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
case 0x12:
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 82125a7085..b4472671fc 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -247,8 +247,10 @@ uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
********************************************************************/
uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
{
- SAM_ACCOUNT *sampwd;
+ SAM_ACCOUNT *sampwd=NULL;
int i = 0;
+ BOOL ret;
+
(*type) = SID_NAME_USER;
DEBUG(5,("lookup_user_name: rid: %d", rid));
@@ -259,26 +261,28 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
i++;
}
- if (domain_user_rids[i].rid != 0)
- {
+ if (domain_user_rids[i].rid != 0) {
fstrcpy(user_name, domain_user_rids[i].name);
DEBUG(5,(" = %s\n", user_name));
return 0x0;
}
+ pdb_init_sam(&sampwd);
+
/* ok, it's a user. find the user account */
become_root();
- sampwd = pdb_getsampwrid(rid);
+ ret = pdb_getsampwrid(sampwd, rid);
unbecome_root();
- if (sampwd != NULL)
- {
+ if (ret == True) {
fstrcpy(user_name, pdb_get_username(sampwd) );
DEBUG(5,(" = %s\n", user_name));
+ pdb_clear_sam(sampwd);
return 0x0;
}
DEBUG(5,(" none mapped\n"));
+ pdb_clear_sam(sampwd);
return NT_STATUS_NONE_MAPPED;
}
@@ -325,19 +329,24 @@ uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid)
********************************************************************/
uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
{
- SAM_ACCOUNT *sampass;
+ SAM_ACCOUNT *sampass=NULL;
+ BOOL ret;
+
(*rid) = 0;
+ pdb_init_sam(&sampass);
+
/* find the user account */
become_root();
- sampass = pdb_getsampwnam(user_name);
+ ret = pdb_getsampwnam(sampass, user_name);
unbecome_root();
- if (sampass != NULL)
- {
+ if (ret == True) {
(*rid) = pdb_get_user_rid(sampass);
+ pdb_clear_sam(sampass);
return 0x0;
}
+ pdb_clear_sam(sampass);
return NT_STATUS_NONE_MAPPED;
}
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index d503e65897..2b4676eb33 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -557,37 +557,36 @@ BOOL check_lanman_password(char *user, uchar * pass1,
SAM_ACCOUNT *sampass = NULL;
uint16 acct_ctrl;
uint8 *lanman_pw;
-
+ BOOL ret;
+
become_root();
- sampass = pdb_getsampwnam(user);
+ ret = pdb_getsampwnam(sampass, user);
unbecome_root();
- if (sampass == NULL)
- {
+ if (ret == False) {
DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
+ pdb_clear_sam(sampass);
return False;
}
acct_ctrl = pdb_get_acct_ctrl (sampass);
lanman_pw = pdb_get_lanman_passwd (sampass);
- if (acct_ctrl & ACB_DISABLED)
- {
- DEBUG(0,("check_lanman_password: account %s disabled.\n",
- user));
+ if (acct_ctrl & ACB_DISABLED) {
+ DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
+ pdb_clear_sam(sampass);
return False;
}
- if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ))
- {
+ if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ)) {
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
pdb_set_lanman_passwd (sampass, null_pw);
}
- else if (lanman_pw == NULL)
- {
+ else if (lanman_pw == NULL) {
DEBUG(0, ("check_lanman_password: no lanman password !\n"));
+ pdb_clear_sam(sampass);
return False;
}
@@ -598,9 +597,9 @@ BOOL check_lanman_password(char *user, uchar * pass1,
D_P16(unenc_new_pw, pass1, unenc_old_pw);
/* Check that the two old passwords match. */
- if (memcmp(lanman_pw, unenc_old_pw, 16))
- {
+ if (memcmp(lanman_pw, unenc_old_pw, 16)) {
DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
+ pdb_clear_sam(sampass);
return False;
}
@@ -625,30 +624,27 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1,
uint16 acct_ctrl;
uint8 *pwd;
- if (sampass == NULL)
- {
+ if (sampass == NULL) {
DEBUG(0,("change_lanman_password: no smb password entry.\n"));
return False;
}
+
acct_ctrl = pdb_get_acct_ctrl(sampass);
pwd = pdb_get_lanman_passwd(sampass);
- if (acct_ctrl & ACB_DISABLED)
- {
+ if (acct_ctrl & ACB_DISABLED) {
DEBUG(0,("change_lanman_password: account %s disabled.\n",
pdb_get_username(sampass)));
return False;
}
- if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ))
- {
+ if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ)) {
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
pdb_set_lanman_passwd(sampass, null_pw);
}
- else if (pwd == NULL)
- {
+ else if (pwd == NULL) {
DEBUG(0,("change_lanman_password: no lanman password !\n"));
return False;
}
@@ -689,17 +685,15 @@ BOOL pass_oem_change(char *user,
*/
if (ret && lp_unix_password_sync())
- {
ret = chgpasswd(user, "", new_passwd, True);
- }
if (ret)
- {
ret = change_oem_password(sampass, new_passwd, False);
- }
memset(new_passwd, 0, sizeof(new_passwd));
+ pdb_clear_sam(sampass);
+
return ret;
}
@@ -727,22 +721,26 @@ BOOL check_oem_password(char *user,
uchar new_p16[16];
uchar unenc_old_pw[16];
char no_pw[2];
+ BOOL ret;
BOOL nt_pass_set = (ntdata != NULL && nthash != NULL);
+ pdb_init_sam(&sampass);
+
become_root();
- *hnd = sampass = pdb_getsampwnam(user);
+ ret = pdb_getsampwnam(sampass, user);
unbecome_root();
- if (sampass == NULL)
- {
+ if (ret == False) {
DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
return False;
}
+
+ *hnd = sampass;
+
acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (acct_ctrl & ACB_DISABLED)
- {
+ if (acct_ctrl & ACB_DISABLED) {
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
@@ -757,27 +755,19 @@ BOOL check_oem_password(char *user,
nt_pw = pdb_get_nt_passwd (sampass);
/* check for null passwords */
- if (lanman_pw == NULL)
- {
+ if (lanman_pw == NULL) {
if (acct_ctrl & ACB_PWNOTREQ)
- {
pdb_set_lanman_passwd(sampass, null_pw);
- }
- else
- {
+ else {
DEBUG(0,("check_oem_password: no lanman password !\n"));
return False;
}
}
- if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set)
- {
+ if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set) {
if (acct_ctrl & ACB_PWNOTREQ)
- {
pdb_set_nt_passwd(sampass, null_pw);
- }
- else
- {
+ else {
DEBUG(0,("check_oem_password: no ntlm password !\n"));
return False;
}
@@ -794,15 +784,12 @@ BOOL check_oem_password(char *user,
*/
new_pw_len = IVAL(lmdata, 512);
- if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1)
- {
- DEBUG(0,("check_oem_password: incorrect password length (%d).\n",
- new_pw_len));
+ if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1) {
+ DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len));
return False;
}
- if (nt_pass_set)
- {
+ if (nt_pass_set) {
/*
* nt passwords are in unicode
*/
@@ -811,9 +798,7 @@ BOOL check_oem_password(char *user,
new_pw_len /= 2;
pw = dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),new_pw_len);
memcpy(new_passwd, pw, new_pw_len + 1);
- }
- else
- {
+ } else {
memcpy(new_passwd, &lmdata[512 - new_pw_len], new_pw_len);
new_passwd[new_pw_len] = '\0';
}
@@ -908,12 +893,17 @@ BOOL check_plaintext_password(char *user, char *old_passwd,
{
SAM_ACCOUNT *sampass = NULL;
uchar old_pw[16], old_ntpw[16];
+ BOOL ret;
+
+ pdb_init_sam(&sampass);
become_root();
- *hnd = sampass = pdb_getsampwnam(user);
+ ret = pdb_getsampwnam(sampass, user);
unbecome_root();
- if (sampass == NULL)
+ *hnd = sampass;
+
+ if (ret == False)
{
DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n"));
return False;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 8dc3d8308a..d5dd876670 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1765,7 +1765,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
{
fstring saved_pass2;
- SAM_ACCOUNT *sampass;
+ SAM_ACCOUNT *sampass=NULL;
/*
* Save the new password as change_oem_password overwrites it
@@ -1788,7 +1788,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False))
SSVAL(*rparam,0,NERR_badpass);
}
- }
+ pdb_clear_sam(sampass);
+ }
+
/*
* If the above failed, attempt the plaintext password change.
@@ -1823,8 +1825,10 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
{
SSVAL(*rparam,0,NERR_Success);
}
+ pdb_clear_sam(hnd);
}
+
memset((char *)pass1,'\0',sizeof(fstring));
memset((char *)pass2,'\0',sizeof(fstring));
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 5820afacc8..f42451dceb 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -368,12 +368,15 @@ static BOOL update_smbpassword_file(char *user, char *password)
SAM_ACCOUNT *sampass = NULL;
BOOL ret;
+ pdb_init_sam(&sampass);
+
become_root();
- sampass = pdb_getsampwnam(user);
+ ret = pdb_getsampwnam(sampass, user);
unbecome_root();
- if(sampass == NULL) {
+ if(ret == False) {
DEBUG(0,("pdb_getsampwnam returned NULL\n"));
+ pdb_clear_sam(sampass);
return False;
}
@@ -390,6 +393,7 @@ static BOOL update_smbpassword_file(char *user, char *password)
DEBUG(3,("change_oem_password returned False\n"));
}
+ pdb_clear_sam(sampass);
return ret;
}
@@ -519,7 +523,8 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd)
{
struct passwd *pass;
- SAM_ACCOUNT *sampass;
+ SAM_ACCOUNT *sampass=NULL;
+ BOOL ret;
if (!lm_pwd || !nt_pwd)
{
@@ -546,17 +551,21 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
return(False);
}
+ pdb_init_sam(&sampass);
+
/* get the account information */
- sampass = pdb_getsampwnam(user);
- if (sampass == NULL)
+ ret = pdb_getsampwnam(sampass, user);
+ if (ret == False)
{
DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user));
+ pdb_clear_sam(sampass);
return(False);
}
/* Quit if the account was disabled. */
if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
DEBUG(1,("Account for user '%s' was disabled.\n", user));
+ pdb_clear_sam(sampass);
return(False);
}
@@ -566,6 +575,7 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(0,("Error : UNIX and SMB uids in password files do not match for user '%s'!\n", user));
+ pdb_clear_sam(sampass);
return(False);
}
#endif
@@ -575,21 +585,25 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
if (lp_null_passwords())
{
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user));
+ pdb_clear_sam(sampass);
return(True);
}
else
{
DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user));
+ pdb_clear_sam(sampass);
return(False);
}
}
if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd))
{
+ pdb_clear_sam(sampass);
return(True);
}
DEBUG(2,("pass_check_smb failed - invalid password for user [%s]\n", user));
+ pdb_clear_sam(sampass);
return False;
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 61b9390d08..c9ef881b59 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -427,34 +427,42 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
/* check if trust account exists */
SAM_ACCOUNT *sam_trust_acct = NULL;
uint16 acct_ctrl;
+ BOOL ret;
+
+ pdb_init_sam(&sam_trust_acct);
if (lp_security() == SEC_USER) {
- sam_trust_acct = pdb_getsampwnam(user);
+ ret = pdb_getsampwnam(sam_trust_acct, user);
} else {
DEBUG(0,("session_trust_account: Trust account %s only supported with security = user\n", user));
SSVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+ pdb_clear_sam(sam_trust_acct);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (sam_trust_acct == NULL) {
+ if (ret == False) {
/* lkclXXXX: workstation entry doesn't exist */
DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user));
SSVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+ pdb_clear_sam(sam_trust_acct);
return(ERROR(0, NT_STATUS_NO_SUCH_USER));
} else {
if ((smb_passlen != 24) || (smb_nt_passlen != 24)) {
DEBUG(0,("session_trust_account: Trust account %s - password length wrong.\n", user));
SSVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
- return(ERROR(0, NT_STATUS_LOGON_FAILURE));
+ pdb_clear_sam(sam_trust_acct);
+ return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
if (!smb_password_ok(sam_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) {
DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user));
SSVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+ pdb_clear_sam(sam_trust_acct);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
acct_ctrl = pdb_get_acct_ctrl(sam_trust_acct);
+ pdb_clear_sam(sam_trust_acct);
if (acct_ctrl & ACB_DOMTRUST) {
DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 6022f9aef2..9a545fbb45 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -113,12 +113,23 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
**********************************************************/
static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle)
{
- SAM_ACCOUNT *sam_pwent;
+ SAM_ACCOUNT *sam_pwent=NULL;
+ BOOL ret;
+
+ pdb_init_sam(&sam_pwent);
- sam_pwent = pdb_getsampwnam (username);
- if (sam_pwent) return print_sam_info (sam_pwent, verbosity, smbpwdstyle);
- else fprintf (stderr, "Username not found!\n");
- return -1;
+ ret = pdb_getsampwnam (sam_pwent, username);
+
+ if (ret==False) {
+ fprintf (stderr, "Username not found!\n");
+ pdb_clear_sam(sam_pwent);
+ return -1;
+ }
+
+ ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
+ pdb_clear_sam(sam_pwent);
+
+ return ret;
}
/*********************************************************
@@ -126,22 +137,26 @@ static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle)
**********************************************************/
static int print_users_list (BOOL verbosity, BOOL smbpwdstyle)
{
- SAM_ACCOUNT *sam_pwent;
+ SAM_ACCOUNT *sam_pwent=NULL;
BOOL ret;
+ pdb_init_sam(&sam_pwent);
+
ret = pdb_setsampwent(False);
if (ret && errno == ENOENT) {
fprintf (stderr,"Password database not found!\n");
+ pdb_clear_sam(sam_pwent);
exit(1);
}
- while ((sam_pwent = pdb_getsampwent ()))
+ while ((ret = pdb_getsampwent (sam_pwent)))
{
if (verbosity) printf ("---------------\n");
print_sam_info (sam_pwent, verbosity, smbpwdstyle);
}
pdb_endsampwent ();
+ pdb_clear_sam(sam_pwent);
return 0;
}
@@ -150,27 +165,33 @@ static int print_users_list (BOOL verbosity, BOOL smbpwdstyle)
**********************************************************/
static int set_user_info (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
{
- SAM_ACCOUNT *sam_pwent;
+ SAM_ACCOUNT *sam_pwent=NULL;
+ BOOL ret;
+
+ pdb_init_sam(&sam_pwent);
- sam_pwent = pdb_getsampwnam (username);
- if (!sam_pwent)
+ ret = pdb_getsampwnam (sam_pwent, username);
+ if (ret==False)
{
fprintf (stderr, "Username not found!\n");
+ pdb_clear_sam(sam_pwent);
return -1;
}
- if (fullname) sam_pwent->full_name = fullname;
- if (homedir) sam_pwent->home_dir = homedir;
- if (drive) sam_pwent->dir_drive = drive;
- if (script) sam_pwent->logon_script = script;
- if (profile) sam_pwent->profile_path = profile;
+ if (fullname) pdb_set_fullname(sam_pwent, fullname);
+ if (homedir) pdb_set_homedir(sam_pwent, homedir);
+ if (drive) pdb_set_dir_drive(sam_pwent,drive);
+ if (script) pdb_set_logon_script(sam_pwent, script);
+ if (profile) pdb_set_profile_path (sam_pwent, profile);
if (pdb_update_sam_account (sam_pwent, TRUE)) print_user_info (username, TRUE, FALSE);
else
{
fprintf (stderr, "Unable to modify entry!\n");
+ pdb_clear_sam(sam_pwent);
return -1;
}
+ pdb_clear_sam(sam_pwent);
return 0;
}
@@ -180,6 +201,7 @@ static int set_user_info (char *username, char *fullname, char *homedir, char *d
static int new_user (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
{
SAM_ACCOUNT sam_pwent;
+ BOOL ret;
struct passwd *pwd = NULL;
uchar new_p16[16];
uchar new_nt_p16[16];
@@ -187,7 +209,7 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive,
ZERO_STRUCT(sam_pwent);
- if (pdb_getsampwnam (username))
+ if (pdb_getsampwnam (&sam_pwent, username))
{
fprintf (stderr, "Username already exist in database!\n");
return -1;
@@ -208,12 +230,12 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive,
}
nt_lm_owf_gen (password1, new_nt_p16, new_p16);
- sam_pwent.username = username;
- if (fullname) sam_pwent.full_name = fullname;
- if (homedir) sam_pwent.home_dir = homedir;
- if (drive) sam_pwent.dir_drive = drive;
- if (script) sam_pwent.logon_script = script;
- if (profile) sam_pwent.profile_path = profile;
+ pdb_set_username(&sam_pwent, username);
+ if (fullname) pdb_set_fullname(&sam_pwent, fullname);
+ if (homedir) pdb_set_homedir (&sam_pwent, homedir);
+ if (drive) pdb_set_dir_drive (&sam_pwent, drive);
+ if (script) pdb_set_logon_script(&sam_pwent, script);
+ if (profile) pdb_set_profile_path (&sam_pwent, profile);
/* TODO: Check uid not being in MACHINE UID range!! */
sam_pwent.uid = pwd->pw_uid;
@@ -239,6 +261,7 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive,
static int new_machine (char *machinename)
{
SAM_ACCOUNT sam_pwent;
+ SAM_ACCOUNT sam_trust;
uchar new_p16[16];
uchar new_nt_p16[16];
char name[16];
@@ -254,14 +277,17 @@ static int new_machine (char *machinename)
strlower(password);
nt_lm_owf_gen (password, new_nt_p16, new_p16);
- sam_pwent.username = name;
+ pdb_set_username(&sam_pwent, name);
+
+ for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++)
+ if (!(pdb_getsampwuid (&sam_trust, uid)))
+ break;
- for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++) if (!(pdb_getsampwuid (uid))) break;
- if (uid>MAX_MACHINE_UID)
- {
+ if (uid>MAX_MACHINE_UID) {
fprintf (stderr, "No more free UIDs available to Machine accounts!\n");
return -1;
}
+
sam_pwent.uid = uid;
sam_pwent.gid = BASE_MACHINE_UID; /* TODO: set there more appropriate value!! */
sam_pwent.user_rid = pdb_uid_to_user_rid (uid);
@@ -270,9 +296,9 @@ static int new_machine (char *machinename)
sam_pwent.nt_pw = new_nt_p16;
sam_pwent.acct_ctrl = ACB_WSTRUST;
- if (pdb_add_sam_account (&sam_pwent)) print_user_info (name, TRUE, FALSE);
- else
- {
+ if (pdb_add_sam_account (&sam_pwent))
+ print_user_info (name, TRUE, FALSE);
+ else {
fprintf (stderr, "Unable to add machine!\n");
return -1;
}
@@ -309,6 +335,7 @@ static int import_users (char *filename)
{
FILE *fp = NULL;
SAM_ACCOUNT sam_pwent;
+ SAM_ACCOUNT sam_test;
static pstring user_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
@@ -360,7 +387,7 @@ static int import_users (char *filename)
line++;
if (linebuf[0] == '#' || linebuf[0] == '\0') continue;
- pdb_init_sam (&sam_pwent);
+ /*pdb_init_sam (&sam_pwent);*/
sam_pwent.acct_ctrl = ACB_NORMAL;
/* Get user name */
@@ -393,8 +420,8 @@ static int import_users (char *filename)
continue;
}
- sam_pwent.username = user_name;
- sam_pwent.uid = uidval;
+ pdb_set_username(&sam_pwent, user_name);
+ pdb_set_uid (&sam_pwent, uidval);
/* Get passwords */
p++;
@@ -503,7 +530,7 @@ static int import_users (char *filename)
{
struct passwd *pwd = NULL;
- if (pdb_getsampwnam (user_name))
+ if (pdb_getsampwnam (&sam_test,user_name))
{
fprintf (stderr, "Error: Username already exist in database!\n");
continue;
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
index 01ae7091b3..76624312d5 100644
--- a/source3/utils/smbgroupedit.c
+++ b/source3/utils/smbgroupedit.c
@@ -48,7 +48,8 @@ static void usage(void)
printf(" -n group NT group name\n");
printf(" -p privilege only local\n");
printf(" -v list groups\n");
- printf(" -c SID change group\n");
+ printf(" -c SID change group\n");
+ printf(" -u unix group\n");
printf(" -x group delete this group\n");
printf("\n");
printf(" -t[b|d|l] type: builtin, domain, local \n");
@@ -68,7 +69,7 @@ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcom
/* convert_priv_from_text(&se_priv, privilege);*/
- se_priv=0xff;
+ se_priv=0x0;
gid=nametogid(group);
if (gid==-1)
@@ -87,7 +88,7 @@ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcom
else
fstrcpy(comment, ntcomment);
- if(!add_initial_entry(gid, string_sid, sid_type, group, comment, se_priv))
+ if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv))
return -1;
return 0;
@@ -176,7 +177,7 @@ int listgroup(enum SID_NAME_USE sid_type)
printf("Unix\tSID\ttype\tnt name\tnt comment\tprivilege\n");
- if (!enum_group_mapping(sid_type, &map, &entries))
+ if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED))
return -1;
for (i=0; i<entries; i++) {
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 8ddd07a4c5..2131ea0d8f 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -412,10 +412,15 @@ static int process_root(int argc, char *argv[])
*/
if(local_flags & LOCAL_ENABLE_USER) {
- SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name);
- if((sampass != NULL) && (pdb_get_lanman_passwd(sampass) != NULL)) {
+ SAM_ACCOUNT *sampass = NULL;
+ BOOL ret;
+
+ pdb_init_sam(&sampass);
+ ret = pdb_getsampwnam(sampass, user_name);
+ if((sampass != False) && (pdb_get_lanman_passwd(sampass) != NULL)) {
new_passwd = xstrdup("XXXX"); /* Don't care. */
}
+ pdb_clear_sam(sampass);
}
if(!new_passwd)
@@ -434,13 +439,19 @@ static int process_root(int argc, char *argv[])
}
if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) {
- SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name);
+ SAM_ACCOUNT *sampass = NULL;
+ BOOL ret;
+
+ pdb_init_sam(&sampass);
+ ret = pdb_getsampwnam(sampass, user_name);
+
printf("Password changed for user %s.", user_name );
- if( (sampass != NULL) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) )
+ if( (ret != False) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) )
printf(" User has disabled flag set.");
- if((sampass != NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) )
+ if((ret != False) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) )
printf(" User has no password flag set.");
printf("\n");
+ pdb_clear_sam(sampass);
}
done: