diff options
author | Jeremy Allison <jra@samba.org> | 2006-06-15 01:54:09 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:27 -0500 |
commit | f9147c4e408d316d194c4e367dfccbf433cb8ec9 (patch) | |
tree | c706add179942ab8c6b54cda49e9b0a47fc69bca | |
parent | a1e0a0e9286fbe90ca04cda9df38e72d8d18b0c1 (diff) | |
download | samba-f9147c4e408d316d194c4e367dfccbf433cb8ec9.tar.gz samba-f9147c4e408d316d194c4e367dfccbf433cb8ec9.tar.bz2 samba-f9147c4e408d316d194c4e367dfccbf433cb8ec9.zip |
r16241: Fix Klocwork #106 and others like it.
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
-rw-r--r-- | source3/auth/auth_util.c | 40 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_acct.c | 140 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_auth.c | 160 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 41 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 327 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 259 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 24 | ||||
-rw-r--r-- | source3/smbd/lanman.c | 11 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 33 |
9 files changed, 385 insertions, 650 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fb21d424c5..9427c7681e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1085,6 +1085,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, const DOM_SID *gr_sid = NULL; if ( !(sam_acct = samu_new( tmp_ctx )) ) { + result = NT_STATUS_NO_MEMORY; goto done; } @@ -1347,25 +1348,44 @@ static auth_serversupplied_info *copy_serverinfo(auth_serversupplied_info *src) dst->uid = src->uid; dst->gid = src->gid; dst->n_groups = src->n_groups; - if (src->n_groups != 0) + if (src->n_groups != 0) { dst->groups = talloc_memdup(dst, src->groups, sizeof(gid_t)*dst->n_groups); - else + } else { dst->groups = NULL; - - dst->ptok = dup_nt_token(dst, src->ptok); + } + + if (src->ptok) { + dst->ptok = dup_nt_token(dst, src->ptok); + if (!dst->ptok) { + TALLOC_FREE(dst); + return NULL; + } + } dst->user_session_key = data_blob_talloc( dst, src->user_session_key.data, - src->user_session_key.length); - + src->user_session_key.length); + dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data, - src->lm_session_key.length); - - if ( (dst->sam_account = samu_new( NULL )) != NULL ) - pdb_copy_sam_account(dst->sam_account, src->sam_account); + src->lm_session_key.length); + + dst->sam_account = samu_new(NULL); + if (!dst->sam_account) { + TALLOC_FREE(dst); + return NULL; + } + + if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) { + TALLOC_FREE(dst); + return NULL; + } dst->pam_handle = NULL; dst->unix_name = talloc_strdup(dst, src->unix_name); + if (!dst->unix_name) { + TALLOC_FREE(dst); + return NULL; + } return dst; } diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index 8970ffa8ed..47bf059479 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -42,72 +42,80 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, int argc, const char **argv ) { - unsigned int ctrl; - int retval; - - const char *name; - struct samu *sampass = NULL; - void (*oldsig_handler)(int); - extern BOOL in_client; - - /* Samba initialization. */ - load_case_tables(); - setup_logging( "pam_smbpass", False ); - in_client = True; - - ctrl = set_ctrl( flags, argc, argv ); - - /* get the username */ - - retval = pam_get_user( pamh, &name, "Username: " ); - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "acct: could not identify user" ); - } - return retval; - } - if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); - } - - /* Getting into places that might use LDAP -- protect the app - from a SIGPIPE it's not expecting */ - oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); - if (!initialize_password_db(True)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_AUTHINFO_UNAVAIL; - } - - /* Get the user's record. */ - - if ( (sampass = samu_new( NULL )) != NULL ) { - pdb_getsampwnam(sampass, name ); - } - - /* check for lookup failure */ - if ( !sampass || !strlen(pdb_get_username(sampass)) ) { - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_USER_UNKNOWN; - } - - if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { - if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG - , "acct: account %s is administratively disabled", name ); - } - make_remark( pamh, ctrl, PAM_ERROR_MSG - , "Your account has been disabled; " - "please see your system administrator." ); - - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_ACCT_EXPIRED; - } - - /* TODO: support for expired passwords. */ - - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_SUCCESS; + unsigned int ctrl; + int retval; + + const char *name; + struct samu *sampass = NULL; + void (*oldsig_handler)(int); + extern BOOL in_client; + + /* Samba initialization. */ + load_case_tables(); + setup_logging( "pam_smbpass", False ); + in_client = True; + + ctrl = set_ctrl( flags, argc, argv ); + + /* get the username */ + + retval = pam_get_user( pamh, &name, "Username: " ); + if (retval != PAM_SUCCESS) { + if (on( SMB_DEBUG, ctrl )) { + _log_err( LOG_DEBUG, "acct: could not identify user" ); + } + return retval; + } + if (on( SMB_DEBUG, ctrl )) { + _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); + } + + /* Getting into places that might use LDAP -- protect the app + from a SIGPIPE it's not expecting */ + oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); + if (!initialize_password_db(True)) { + _log_err( LOG_ALERT, "Cannot access samba password database" ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + return PAM_AUTHINFO_UNAVAIL; + } + + /* Get the user's record. */ + + if (!(sampass = samu_new( NULL ))) { + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + /* malloc fail. */ + return nt_status_to_pam(NT_STATUS_NO_MEMORY); + } + + if (!pdb_getsampwnam(sampass, name )) { + _log_err( LOG_DEBUG, "acct: could not identify user" ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + return PAM_USER_UNKNOWN; + } + + /* check for lookup failure */ + if (!strlen(pdb_get_username(sampass)) ) { + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + return PAM_USER_UNKNOWN; + } + + if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { + if (on( SMB_DEBUG, ctrl )) { + _log_err( LOG_DEBUG + , "acct: account %s is administratively disabled", name ); + } + make_remark( pamh, ctrl, PAM_ERROR_MSG + , "Your account has been disabled; " + "please see your system administrator." ); + + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + return PAM_ACCT_EXPIRED; + } + + /* TODO: support for expired passwords. */ + + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); + return PAM_SUCCESS; } /* static module data */ diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index 15726aa855..df6d20e01a 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -62,94 +62,97 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { - unsigned int ctrl; - int retval, *ret_data = NULL; - struct samu *sampass = NULL; - extern BOOL in_client; - const char *name; - void (*oldsig_handler)(int) = NULL; - BOOL found; - - /* Points to memory managed by the PAM library. Do not free. */ - char *p = NULL; - - - /* Samba initialization. */ - load_case_tables(); - setup_logging("pam_smbpass",False); - in_client = True; - - ctrl = set_ctrl(flags, argc, argv); - - /* Get a few bytes so we can pass our return value to - pam_sm_setcred(). */ - ret_data = SMB_MALLOC_P(int); - - /* we need to do this before we call AUTH_RETURN */ - /* Getting into places that might use LDAP -- protect the app - from a SIGPIPE it's not expecting */ - oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); - - /* get the username */ - retval = pam_get_user( pamh, &name, "Username: " ); - if ( retval != PAM_SUCCESS ) { - if (on( SMB_DEBUG, ctrl )) { - _log_err(LOG_DEBUG, "auth: could not identify user"); - } - AUTH_RETURN; - } - if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "username [%s] obtained", name ); - } + unsigned int ctrl; + int retval, *ret_data = NULL; + struct samu *sampass = NULL; + extern BOOL in_client; + const char *name; + void (*oldsig_handler)(int) = NULL; + BOOL found; + + /* Points to memory managed by the PAM library. Do not free. */ + char *p = NULL; + + /* Samba initialization. */ + load_case_tables(); + setup_logging("pam_smbpass",False); + in_client = True; + + ctrl = set_ctrl(flags, argc, argv); + + /* Get a few bytes so we can pass our return value to + pam_sm_setcred(). */ + ret_data = SMB_MALLOC_P(int); + + /* we need to do this before we call AUTH_RETURN */ + /* Getting into places that might use LDAP -- protect the app + from a SIGPIPE it's not expecting */ + oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); + + /* get the username */ + retval = pam_get_user( pamh, &name, "Username: " ); + if ( retval != PAM_SUCCESS ) { + if (on( SMB_DEBUG, ctrl )) { + _log_err(LOG_DEBUG, "auth: could not identify user"); + } + AUTH_RETURN; + } + if (on( SMB_DEBUG, ctrl )) { + _log_err( LOG_DEBUG, "username [%s] obtained", name ); + } - if (!initialize_password_db(True)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); - retval = PAM_AUTHINFO_UNAVAIL; - AUTH_RETURN; - } + if (!initialize_password_db(True)) { + _log_err( LOG_ALERT, "Cannot access samba password database" ); + retval = PAM_AUTHINFO_UNAVAIL; + AUTH_RETURN; + } - sampass = samu_new( NULL ); - - found = pdb_getsampwnam( sampass, name ); + sampass = samu_new( NULL ); + if (!sampass) { + _log_err( LOG_ALERT, "Cannot talloc a samu struct" ); + retval = nt_status_to_pam(NT_STATUS_NO_MEMORY); + AUTH_RETURN; + } - if (on( SMB_MIGRATE, ctrl )) { - retval = _smb_add_user(pamh, ctrl, name, sampass, found); - TALLOC_FREE(sampass); - AUTH_RETURN; - } + found = pdb_getsampwnam( sampass, name ); - if (!found) { - _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); - retval = PAM_USER_UNKNOWN; - TALLOC_FREE(sampass); - sampass = NULL; - AUTH_RETURN; - } + if (on( SMB_MIGRATE, ctrl )) { + retval = _smb_add_user(pamh, ctrl, name, sampass, found); + TALLOC_FREE(sampass); + AUTH_RETURN; + } + + if (!found) { + _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); + retval = PAM_USER_UNKNOWN; + TALLOC_FREE(sampass); + sampass = NULL; + AUTH_RETURN; + } - /* if this user does not have a password... */ + /* if this user does not have a password... */ - if (_smb_blankpasswd( ctrl, sampass )) { - TALLOC_FREE(sampass); - retval = PAM_SUCCESS; - AUTH_RETURN; - } + if (_smb_blankpasswd( ctrl, sampass )) { + TALLOC_FREE(sampass); + retval = PAM_SUCCESS; + AUTH_RETURN; + } - /* get this user's authentication token */ + /* get this user's authentication token */ - retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p); - if (retval != PAM_SUCCESS ) { - _log_err(LOG_CRIT, "auth: no password provided for [%s]" - , name); - TALLOC_FREE(sampass); - AUTH_RETURN; - } + retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p); + if (retval != PAM_SUCCESS ) { + _log_err(LOG_CRIT, "auth: no password provided for [%s]", name); + TALLOC_FREE(sampass); + AUTH_RETURN; + } - /* verify the password of this user */ + /* verify the password of this user */ - retval = _smb_verify_password( pamh, sampass, p, ctrl ); - TALLOC_FREE(sampass); - p = NULL; - AUTH_RETURN; + retval = _smb_verify_password( pamh, sampass, p, ctrl ); + TALLOC_FREE(sampass); + p = NULL; + AUTH_RETURN; } /* @@ -255,4 +258,3 @@ struct pam_module _pam_smbpass_auth_modstruct = { NULL }; #endif - diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 43171df8b0..d4e788ff68 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -67,7 +67,7 @@ static int samu_destroy(void *p) generate a new struct samuser ***********************************************************************/ -struct samu* samu_new( TALLOC_CTX *ctx ) +struct samu *samu_new( TALLOC_CTX *ctx ) { struct samu *user; @@ -634,7 +634,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, char *err_str, size_t err_str_len, char *msg_str, size_t msg_str_len) { - struct samu *sam_pass=NULL; + struct samu *sam_pass=NULL; uint32 other_acb; NTSTATUS result; @@ -1094,12 +1094,6 @@ uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_onl uint32 nt_pw_hist_len; uint32 pwHistLen = 0; - /* do we have a valid struct samu pointer? */ - if (sampass == NULL) { - DEBUG(0, ("init_buffer_from_sam: struct samu is NULL!\n")); - return -1; - } - *buf = NULL; buflen = 0; @@ -1330,27 +1324,31 @@ uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_onl BOOL pdb_copy_sam_account(struct samu *dst, struct samu *src ) { - BOOL result; - uint8 *buf; + uint8 *buf = NULL; int len; - if ( !dst ) - return False; - len = init_buffer_from_sam_v3(&buf, src, False); + if (len == -1 || !buf) { + return False; + } - if (len == -1) + if (!init_sam_from_buffer_v3( dst, buf, len )) { + free(buf); return False; + } - result = init_sam_from_buffer_v3( dst, buf, len ); dst->methods = src->methods; - if ( src->unix_pw ) + if ( src->unix_pw ) { dst->unix_pw = tcopy_passwd( dst, src->unix_pw ); + if (!dst->unix_pw) { + free(buf); + return False; + } + } free(buf); - - return result; + return True; } /********************************************************************* @@ -1363,8 +1361,6 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) uint16 BadPasswordCount; uint32 resettime; - if (!sampass) return False; - BadPasswordCount = pdb_get_bad_password_count(sampass); if (!BadPasswordCount) { DEBUG(9, ("No bad password attempts.\n")); @@ -1405,8 +1401,6 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) uint32 duration; time_t LastBadPassword; - if (!sampass) return False; - if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) { DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n", pdb_get_username(sampass))); @@ -1459,9 +1453,6 @@ BOOL pdb_increment_bad_password_count(struct samu *sampass) BOOL autolock_updated = False, badpw_updated = False; BOOL ret; - if (!sampass) - return False; - /* Retrieve the account lockout policy */ become_root(); ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 0b93c42a41..831ddefa13 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -40,127 +40,81 @@ Collection of get...() functions for struct samu. ********************************************************************/ -uint32 pdb_get_acct_ctrl (const struct samu *sampass) +uint32 pdb_get_acct_ctrl(const struct samu *sampass) { - if (sampass) - return (sampass->acct_ctrl); - else - return (ACB_DISABLED); + return sampass->acct_ctrl; } -time_t pdb_get_logon_time (const struct samu *sampass) +time_t pdb_get_logon_time(const struct samu *sampass) { - if (sampass) - return (sampass->logon_time); - else - return (0); + return sampass->logon_time; } -time_t pdb_get_logoff_time (const struct samu *sampass) +time_t pdb_get_logoff_time(const struct samu *sampass) { - if (sampass) - return (sampass->logoff_time); - else - return (-1); + return sampass->logoff_time; } -time_t pdb_get_kickoff_time (const struct samu *sampass) +time_t pdb_get_kickoff_time(const struct samu *sampass) { - if (sampass) - return (sampass->kickoff_time); - else - return (-1); + return sampass->kickoff_time; } -time_t pdb_get_bad_password_time (const struct samu *sampass) +time_t pdb_get_bad_password_time(const struct samu *sampass) { - if (sampass) - return (sampass->bad_password_time); - else - return (-1); + return sampass->bad_password_time; } -time_t pdb_get_pass_last_set_time (const struct samu *sampass) +time_t pdb_get_pass_last_set_time(const struct samu *sampass) { - if (sampass) - return (sampass->pass_last_set_time); - else - return (-1); + return sampass->pass_last_set_time; } -time_t pdb_get_pass_can_change_time (const struct samu *sampass) +time_t pdb_get_pass_can_change_time(const struct samu *sampass) { - if (sampass) - return (sampass->pass_can_change_time); - else - return (-1); + return sampass->pass_can_change_time; } -time_t pdb_get_pass_must_change_time (const struct samu *sampass) +time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - if (sampass) - return (sampass->pass_must_change_time); - else - return (-1); + return sampass->pass_must_change_time; } -uint16 pdb_get_logon_divs (const struct samu *sampass) +uint16 pdb_get_logon_divs(const struct samu *sampass) { - if (sampass) - return (sampass->logon_divs); - else - return (-1); + return sampass->logon_divs; } -uint32 pdb_get_hours_len (const struct samu *sampass) +uint32 pdb_get_hours_len(const struct samu *sampass) { - if (sampass) - return (sampass->hours_len); - else - return (-1); + return sampass->hours_len; } -const uint8* pdb_get_hours (const struct samu *sampass) +const uint8 *pdb_get_hours(const struct samu *sampass) { - if (sampass) - return (sampass->hours); - else - return (NULL); + return (sampass->hours); } -const uint8* pdb_get_nt_passwd (const struct samu *sampass) +const uint8 *pdb_get_nt_passwd(const struct samu *sampass) { - if (sampass) { - SMB_ASSERT((!sampass->nt_pw.data) - || sampass->nt_pw.length == NT_HASH_LEN); - return ((uint8*)sampass->nt_pw.data); - } - else - return (NULL); + SMB_ASSERT((!sampass->nt_pw.data) + || sampass->nt_pw.length == NT_HASH_LEN); + return (uint8 *)sampass->nt_pw.data; } -const uint8* pdb_get_lanman_passwd (const struct samu *sampass) +const uint8 *pdb_get_lanman_passwd(const struct samu *sampass) { - if (sampass) { - SMB_ASSERT((!sampass->lm_pw.data) - || sampass->lm_pw.length == LM_HASH_LEN); - return ((uint8*)sampass->lm_pw.data); - } - else - return (NULL); + SMB_ASSERT((!sampass->lm_pw.data) + || sampass->lm_pw.length == LM_HASH_LEN); + return (uint8 *)sampass->lm_pw.data; } -const uint8* pdb_get_pw_history (const struct samu *sampass, uint32 *current_hist_len) +const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len) { - if (sampass) { - SMB_ASSERT((!sampass->nt_pw_his.data) - || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0)); - *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN; - return ((uint8*)sampass->nt_pw_his.data); - } else { - *current_hist_len = 0; - return (NULL); - } + SMB_ASSERT((!sampass->nt_pw_his.data) + || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0)); + *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN; + return (uint8 *)sampass->nt_pw_his.data; } /* Return the plaintext password if known. Most of the time @@ -169,20 +123,14 @@ const uint8* pdb_get_pw_history (const struct samu *sampass, uint32 *current_his Used to pass the plaintext to passdb backends that might want to store more than just the NTLM hashes. */ -const char* pdb_get_plaintext_passwd (const struct samu *sampass) +const char *pdb_get_plaintext_passwd(const struct samu *sampass) { - if (sampass) { - return (sampass->plaintext_pw); - } - else - return (NULL); + return sampass->plaintext_pw; } + const DOM_SID *pdb_get_user_sid(const struct samu *sampass) { - if (sampass) - return &sampass->user_sid; - - return NULL; + return &sampass->user_sid; } const DOM_SID *pdb_get_group_sid(struct samu *sampass) @@ -190,14 +138,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) DOM_SID *gsid; struct passwd *pwd; - /* sanity check */ - - if ( !sampass ) { - return NULL; - } - /* Return the cached group SID if we have that */ - if ( sampass->group_sid ) { return sampass->group_sid; } @@ -213,10 +154,11 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) be a newly allocated one. We rely on the user's Unix primary gid. We have no choice but to fail if we can't find it. */ - if ( sampass->unix_pw ) + if ( sampass->unix_pw ) { pwd = sampass->unix_pw; - else + } else { pwd = getpwnam_alloc( sampass, pdb_get_username(sampass) ); + } if ( !pwd ) { DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) )); @@ -264,11 +206,11 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) * @return the flags indicating the members initialised in the struct. **/ -enum pdb_value_state pdb_get_init_flags (const struct samu *sampass, enum pdb_elements element) +enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element) { enum pdb_value_state ret = PDB_DEFAULT; - if (!sampass || !sampass->change_flags || !sampass->set_flags) + if (!sampass->change_flags || !sampass->set_flags) return ret; if (bitmap_query(sampass->set_flags, element)) { @@ -288,147 +230,103 @@ enum pdb_value_state pdb_get_init_flags (const struct samu *sampass, enum pdb_el return ret; } -const char* pdb_get_username (const struct samu *sampass) +const char *pdb_get_username(const struct samu *sampass) { - if (sampass) - return (sampass->username); - else - return (NULL); + return sampass->username; } -const char* pdb_get_domain (const struct samu *sampass) +const char *pdb_get_domain(const struct samu *sampass) { - if (sampass) - return (sampass->domain); - else - return (NULL); + return sampass->domain; } -const char* pdb_get_nt_username (const struct samu *sampass) +const char *pdb_get_nt_username(const struct samu *sampass) { - if (sampass) - return (sampass->nt_username); - else - return (NULL); + return sampass->nt_username; } -const char* pdb_get_fullname (const struct samu *sampass) +const char *pdb_get_fullname(const struct samu *sampass) { - if (sampass) - return (sampass->full_name); - else - return (NULL); + return sampass->full_name; } -const char* pdb_get_homedir (const struct samu *sampass) +const char *pdb_get_homedir(const struct samu *sampass) { - if (sampass) - return (sampass->home_dir); - else - return (NULL); + return sampass->home_dir; } -const char* pdb_get_unix_homedir (const struct samu *sampass) +const char *pdb_get_unix_homedir(const struct samu *sampass) { - if ( sampass && sampass->unix_pw ) - return ( sampass->unix_pw->pw_dir ); - - return (NULL); + if (sampass->unix_pw ) { + return sampass->unix_pw->pw_dir; + } + return NULL; } -const char* pdb_get_dir_drive (const struct samu *sampass) +const char *pdb_get_dir_drive(const struct samu *sampass) { - if (sampass) - return (sampass->dir_drive); - else - return (NULL); + return sampass->dir_drive; } -const char* pdb_get_logon_script (const struct samu *sampass) +const char *pdb_get_logon_script(const struct samu *sampass) { - if (sampass) - return (sampass->logon_script); - else - return (NULL); + return sampass->logon_script; } -const char* pdb_get_profile_path (const struct samu *sampass) +const char *pdb_get_profile_path(const struct samu *sampass) { - if (sampass) - return (sampass->profile_path); - else - return (NULL); + return sampass->profile_path; } -const char* pdb_get_acct_desc (const struct samu *sampass) +const char *pdb_get_acct_desc(const struct samu *sampass) { - if (sampass) - return (sampass->acct_desc); - else - return (NULL); + return sampass->acct_desc; } -const char* pdb_get_workstations (const struct samu *sampass) +const char *pdb_get_workstations(const struct samu *sampass) { - if (sampass) - return (sampass->workstations); - else - return (NULL); + return sampass->workstations; } -const char* pdb_get_unknown_str (const struct samu *sampass) +const char *pdb_get_unknown_str(const struct samu *sampass) { - if (sampass) - return (sampass->unknown_str); - else - return (NULL); + return sampass->unknown_str; } -const char* pdb_get_munged_dial (const struct samu *sampass) +const char *pdb_get_munged_dial(const struct samu *sampass) { - if (sampass) - return (sampass->munged_dial); - else - return (NULL); + return sampass->munged_dial; } uint16 pdb_get_bad_password_count(const struct samu *sampass) { - if (sampass) - return (sampass->bad_password_count); - else - return 0; + return sampass->bad_password_count; } uint16 pdb_get_logon_count(const struct samu *sampass) { - if (sampass) - return (sampass->logon_count); - else - return 0; + return sampass->logon_count; } -uint32 pdb_get_unknown_6 (const struct samu *sampass) +uint32 pdb_get_unknown_6(const struct samu *sampass) { - if (sampass) - return (sampass->unknown_6); - else - return (-1); + return sampass->unknown_6; } -void *pdb_get_backend_private_data (const struct samu *sampass, const struct pdb_methods *my_methods) +void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods) { - if (sampass && my_methods == sampass->backend_private_methods) + if (my_methods == sampass->backend_private_methods) { return sampass->backend_private_data; - else + } else { return NULL; + } } /********************************************************************* Collection of set...() functions for struct samu. ********************************************************************/ -BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag) +BOOL pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag) { if (!sampass) return False; @@ -438,7 +336,7 @@ BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_s return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag); } -BOOL pdb_set_logon_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -448,7 +346,7 @@ BOOL pdb_set_logon_time (struct samu *sampass, time_t mytime, enum pdb_value_sta return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag); } -BOOL pdb_set_logoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -458,7 +356,7 @@ BOOL pdb_set_logoff_time (struct samu *sampass, time_t mytime, enum pdb_value_st return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag); } -BOOL pdb_set_kickoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -468,8 +366,7 @@ BOOL pdb_set_kickoff_time (struct samu *sampass, time_t mytime, enum pdb_value_s return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag); } -BOOL pdb_set_bad_password_time (struct samu *sampass, time_t mytime, - enum pdb_value_state flag) +BOOL pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -479,7 +376,7 @@ BOOL pdb_set_bad_password_time (struct samu *sampass, time_t mytime, return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag); } -BOOL pdb_set_pass_can_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -489,7 +386,7 @@ BOOL pdb_set_pass_can_change_time (struct samu *sampass, time_t mytime, enum pdb return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag); } -BOOL pdb_set_pass_must_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -499,7 +396,7 @@ BOOL pdb_set_pass_must_change_time (struct samu *sampass, time_t mytime, enum pd return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag); } -BOOL pdb_set_pass_last_set_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag) +BOOL pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag) { if (!sampass) return False; @@ -509,7 +406,7 @@ BOOL pdb_set_pass_last_set_time (struct samu *sampass, time_t mytime, enum pdb_v return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag); } -BOOL pdb_set_hours_len (struct samu *sampass, uint32 len, enum pdb_value_state flag) +BOOL pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag) { if (!sampass) return False; @@ -519,7 +416,7 @@ BOOL pdb_set_hours_len (struct samu *sampass, uint32 len, enum pdb_value_state f return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag); } -BOOL pdb_set_logon_divs (struct samu *sampass, uint16 hours, enum pdb_value_state flag) +BOOL pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag) { if (!sampass) return False; @@ -536,7 +433,7 @@ BOOL pdb_set_logon_divs (struct samu *sampass, uint16 hours, enum pdb_value_stat * this flag is only added. **/ -BOOL pdb_set_init_flags (struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag) +BOOL pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag) { if (!sampass || !sampass) return False; @@ -598,7 +495,7 @@ BOOL pdb_set_init_flags (struct samu *sampass, enum pdb_elements element, enum p return True; } -BOOL pdb_set_user_sid (struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag) +BOOL pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag) { if (!sampass || !u_sid) return False; @@ -611,7 +508,7 @@ BOOL pdb_set_user_sid (struct samu *sampass, const DOM_SID *u_sid, enum pdb_valu return pdb_set_init_flags(sampass, PDB_USERSID, flag); } -BOOL pdb_set_user_sid_from_string (struct samu *sampass, fstring u_sid, enum pdb_value_state flag) +BOOL pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag) { DOM_SID new_sid; @@ -642,7 +539,7 @@ BOOL pdb_set_user_sid_from_string (struct samu *sampass, fstring u_sid, enum pdb have to allow the explicitly setting of a group SID here. ********************************************************************/ -BOOL pdb_set_group_sid (struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag) +BOOL pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag) { gid_t gid; @@ -808,7 +705,7 @@ BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum p Set the user's profile path. ********************************************************************/ -BOOL pdb_set_profile_path (struct samu *sampass, const char *profile_path, enum pdb_value_state flag) +BOOL pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag) { if (!sampass) return False; @@ -835,7 +732,7 @@ BOOL pdb_set_profile_path (struct samu *sampass, const char *profile_path, enum Set the user's directory drive. ********************************************************************/ -BOOL pdb_set_dir_drive (struct samu *sampass, const char *dir_drive, enum pdb_value_state flag) +BOOL pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag) { if (!sampass) return False; @@ -862,7 +759,7 @@ BOOL pdb_set_dir_drive (struct samu *sampass, const char *dir_drive, enum pdb_va Set the user's home directory. ********************************************************************/ -BOOL pdb_set_homedir (struct samu *sampass, const char *home_dir, enum pdb_value_state flag) +BOOL pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag) { if (!sampass) return False; @@ -889,7 +786,7 @@ BOOL pdb_set_homedir (struct samu *sampass, const char *home_dir, enum pdb_value Set the user's account description. ********************************************************************/ -BOOL pdb_set_acct_desc (struct samu *sampass, const char *acct_desc, enum pdb_value_state flag) +BOOL pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag) { if (!sampass) return False; @@ -913,7 +810,7 @@ BOOL pdb_set_acct_desc (struct samu *sampass, const char *acct_desc, enum pdb_va Set the user's workstation allowed list. ********************************************************************/ -BOOL pdb_set_workstations (struct samu *sampass, const char *workstations, enum pdb_value_state flag) +BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag) { if (!sampass) return False; @@ -940,7 +837,7 @@ BOOL pdb_set_workstations (struct samu *sampass, const char *workstations, enum Set the user's 'unknown_str', whatever the heck this actually is... ********************************************************************/ -BOOL pdb_set_unknown_str (struct samu *sampass, const char *unknown_str, enum pdb_value_state flag) +BOOL pdb_set_unknown_str(struct samu *sampass, const char *unknown_str, enum pdb_value_state flag) { if (!sampass) return False; @@ -964,7 +861,7 @@ BOOL pdb_set_unknown_str (struct samu *sampass, const char *unknown_str, enum pd Set the user's dial string. ********************************************************************/ -BOOL pdb_set_munged_dial (struct samu *sampass, const char *munged_dial, enum pdb_value_state flag) +BOOL pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag) { if (!sampass) return False; @@ -988,7 +885,7 @@ BOOL pdb_set_munged_dial (struct samu *sampass, const char *munged_dial, enum pd Set the user's NT hash. ********************************************************************/ -BOOL pdb_set_nt_passwd (struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag) +BOOL pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag) { if (!sampass) return False; @@ -1009,7 +906,7 @@ BOOL pdb_set_nt_passwd (struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum Set the user's LM hash. ********************************************************************/ -BOOL pdb_set_lanman_passwd (struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag) +BOOL pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag) { if (!sampass) return False; @@ -1034,7 +931,7 @@ BOOL pdb_set_lanman_passwd (struct samu *sampass, const uint8 pwd[LM_HASH_LEN], in pwd. ********************************************************************/ -BOOL pdb_set_pw_history (struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag) +BOOL pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag) { if (!sampass) return False; @@ -1058,7 +955,7 @@ BOOL pdb_set_pw_history (struct samu *sampass, const uint8 *pwd, uint32 historyL below) ********************************************************************/ -BOOL pdb_set_plaintext_pw_only (struct samu *sampass, const char *password, enum pdb_value_state flag) +BOOL pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag) { if (!sampass) return False; @@ -1101,7 +998,7 @@ BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_valu return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag); } -BOOL pdb_set_unknown_6 (struct samu *sampass, uint32 unkn, enum pdb_value_state flag) +BOOL pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag) { if (!sampass) return False; @@ -1111,7 +1008,7 @@ BOOL pdb_set_unknown_6 (struct samu *sampass, uint32 unkn, enum pdb_value_state return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag); } -BOOL pdb_set_hours (struct samu *sampass, const uint8 *hours, enum pdb_value_state flag) +BOOL pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag) { if (!sampass) return False; @@ -1126,7 +1023,7 @@ BOOL pdb_set_hours (struct samu *sampass, const uint8 *hours, enum pdb_value_sta return pdb_set_init_flags(sampass, PDB_HOURS, flag); } -BOOL pdb_set_backend_private_data (struct samu *sampass, void *private_data, +BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data, void (*free_fn)(void **), const struct pdb_methods *my_methods, enum pdb_value_state flag) @@ -1155,7 +1052,7 @@ BOOL pdb_set_backend_private_data (struct samu *sampass, void *private_data, password change. ********************************************************************/ -BOOL pdb_set_pass_changed_now (struct samu *sampass) +BOOL pdb_set_pass_changed_now(struct samu *sampass) { uint32 expire; uint32 min_age; @@ -1195,7 +1092,7 @@ BOOL pdb_set_pass_changed_now (struct samu *sampass) Also sets the last change time to NOW. ********************************************************************/ -BOOL pdb_set_plaintext_passwd (struct samu *sampass, const char *plaintext) +BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) { uchar new_lanman_p16[LM_HASH_LEN]; uchar new_nt_p16[NT_HASH_LEN]; @@ -1294,7 +1191,7 @@ BOOL pdb_set_plaintext_passwd (struct samu *sampass, const char *plaintext) } /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */ -uint32 pdb_build_fields_present (struct samu *sampass) +uint32 pdb_build_fields_present(struct samu *sampass) { /* value set to all for testing */ return 0x00ffffff; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 393b60516c..94adebe232 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -37,7 +37,9 @@ static struct pdb_init_function_entry *backends = NULL; static void lazy_initialize_passdb(void) { static BOOL initialized = False; - if(initialized)return; + if(initialized) { + return; + } static_init_pdb; initialized = True; } @@ -201,13 +203,19 @@ static struct pdb_methods *pdb_get_methods_reload( BOOL reload ) if ( pdb && reload ) { pdb->free_private_data( &(pdb->private_data) ); if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { - return NULL; + pstring msg; + slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n", + lp_passdb_backend() ); + smb_panic(msg); } } if ( !pdb ) { if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { - return NULL; + pstring msg; + slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n", + lp_passdb_backend() ); + smb_panic(msg); } } @@ -226,22 +234,12 @@ static struct pdb_methods *pdb_get_methods(void) BOOL pdb_setsampwent(BOOL update, uint16 acb_mask) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask)); } void pdb_endsampwent(void) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return; - } - pdb->endsampwent(pdb); } @@ -249,16 +247,10 @@ BOOL pdb_getsampwent(struct samu *user) { struct pdb_methods *pdb = pdb_get_methods(); - if ( !pdb ) { - return False; - } - if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) { return False; } - pdb_force_pw_initialization( user ); - return True; } @@ -266,10 +258,6 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); - if ( !pdb ) { - return False; - } - if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { return False; } @@ -280,8 +268,14 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username) pdb_force_pw_initialization( sam_acct ); - if ( (csamuser = samu_new( NULL )) != NULL ) { - pdb_copy_sam_account(csamuser, sam_acct); + csamuser = samu_new( NULL ); + if (!csamuser) { + return False; + } + + if (!pdb_copy_sam_account(csamuser, sam_acct)) { + TALLOC_FREE(csamuser); + return False; } return True; @@ -314,13 +308,9 @@ BOOL guest_user_info( struct samu *user ) BOOL pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) { - struct pdb_methods *pdb; + struct pdb_methods *pdb = pdb_get_methods(); uint32 rid; - if ( !(pdb = pdb_get_methods()) ) { - return False; - } - /* hard code the Guest RID of 501 */ if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) ) @@ -410,11 +400,6 @@ NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags, uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->create_user(pdb, mem_ctx, name, flags, rid); } @@ -472,10 +457,6 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct) struct pdb_methods *pdb = pdb_get_methods(); uid_t uid = -1; - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - /* sanity check to make sure we don't delete root */ if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) { @@ -492,11 +473,6 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct) NTSTATUS pdb_add_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->add_sam_account(pdb, sam_acct); } @@ -504,10 +480,6 @@ NTSTATUS pdb_update_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - if (csamuser != NULL) { TALLOC_FREE(csamuser); csamuser = NULL; @@ -520,10 +492,6 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - if (csamuser != NULL) { TALLOC_FREE(csamuser); csamuser = NULL; @@ -537,10 +505,6 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname) struct pdb_methods *pdb = pdb_get_methods(); uid_t uid; - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - if (csamuser != NULL) { TALLOC_FREE(csamuser); csamuser = NULL; @@ -562,44 +526,24 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname) NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, BOOL success) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - return pdb->update_login_attempts(pdb, sam_acct, success); } BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid)); } BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid)); } BOOL pdb_getgrnam(GROUP_MAP *map, const char *name) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name)); } @@ -645,11 +589,6 @@ NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->create_dom_group(pdb, mem_ctx, name, rid); } @@ -704,44 +643,24 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->delete_dom_group(pdb, mem_ctx, rid); } NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->add_group_mapping_entry(pdb, map); } NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->update_group_mapping_entry(pdb, map); } NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->delete_group_mapping_entry(pdb, sid); } @@ -749,11 +668,6 @@ BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, size_t *p_num_entries, BOOL unix_only) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use, pp_rmap, p_num_entries, unix_only)); } @@ -766,10 +680,6 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, struct pdb_methods *pdb = pdb_get_methods(); NTSTATUS result; - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - result = pdb->enum_group_members(pdb, mem_ctx, sid, pp_member_rids, p_num_members); @@ -796,11 +706,6 @@ NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user, size_t *p_num_groups) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->enum_group_memberships( pdb, mem_ctx, user, pp_sids, pp_gids, p_num_groups); @@ -829,11 +734,6 @@ static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods, NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->set_unix_primary_group(pdb, mem_ctx, user); } @@ -923,11 +823,6 @@ NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 member_rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid); } @@ -990,44 +885,24 @@ NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 member_rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid); } BOOL pdb_find_alias(const char *name, DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->find_alias(pdb, name, sid)); } NTSTATUS pdb_create_alias(const char *name, uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - return pdb->create_alias(pdb, name, rid); } BOOL pdb_delete_alias(const DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->delete_alias(pdb, sid)); } @@ -1035,44 +910,24 @@ BOOL pdb_delete_alias(const DOM_SID *sid) BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->get_aliasinfo(pdb, sid, info)); } BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->set_aliasinfo(pdb, sid, info)); } NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->add_aliasmem(pdb, alias, member); } NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - return pdb->del_aliasmem(pdb, alias, member); } @@ -1080,13 +935,7 @@ NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias, DOM_SID **pp_members, size_t *p_num_members) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_UNSUCCESSFUL; - } - - return pdb->enum_aliasmem(pdb, alias, - pp_members, p_num_members); + return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members); } NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, @@ -1096,11 +945,6 @@ NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, size_t *p_num_alias_rids) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - return pdb->enum_alias_memberships(pdb, mem_ctx, domain_sid, members, num_members, @@ -1115,11 +959,6 @@ NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid, uint32 *attrs) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs); } @@ -1131,11 +970,6 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, uint32 *attrs) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return NT_STATUS_NOT_IMPLEMENTED; - } - return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs); } @@ -1143,55 +977,30 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value)); } BOOL pdb_set_account_policy(int policy_index, uint32 value) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value)); } BOOL pdb_get_seq_num(time_t *seq_num) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num)); } BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return pdb->uid_to_rid(pdb, uid, rid); } BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return pdb->gid_to_sid(pdb, gid, sid); } @@ -1199,22 +1008,12 @@ BOOL pdb_sid_to_id(const DOM_SID *sid, union unid_t *id, enum SID_NAME_USE *type) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return pdb->sid_to_id(pdb, sid, id, type); } BOOL pdb_rid_algorithm(void) { struct pdb_methods *pdb = pdb_get_methods(); - - if ( !pdb ) { - return False; - } - return pdb->rid_algorithm(pdb); } @@ -1234,10 +1033,6 @@ BOOL pdb_new_rid(uint32 *rid) int i; TALLOC_CTX *ctx; - if ( !pdb ) { - return False; - } - if (pdb_rid_algorithm()) { DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs " "are active\n")); @@ -2079,10 +1874,10 @@ struct pdb_search *pdb_search_users(uint32 acct_flags) struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; - if (pdb == NULL) return NULL; - result = pdb_search_init(PDB_USER_SEARCH); - if (result == NULL) return NULL; + if (result == NULL) { + return NULL; + } if (!pdb->search_users(pdb, result, acct_flags)) { talloc_destroy(result->mem_ctx); @@ -2096,10 +1891,10 @@ struct pdb_search *pdb_search_groups(void) struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; - if (pdb == NULL) return NULL; - result = pdb_search_init(PDB_GROUP_SEARCH); - if (result == NULL) return NULL; + if (result == NULL) { + return NULL; + } if (!pdb->search_groups(pdb, result)) { talloc_destroy(result->mem_ctx); diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index d512115e83..10cd5c82ba 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -238,7 +238,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type) ret = pdb_getsampwnam(sampass, mach_acct); unbecome_root(); - if (ret == False) { + if (!ret) { DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); TALLOC_FREE(sampass); return NT_STATUS_ACCESS_DENIED; @@ -562,26 +562,30 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * } /* We must store the creds state after an update. */ + sampass = samu_new( NULL ); + if (!sampass) { + return NT_STATUS_NO_MEMORY; + } + become_root(); secrets_store_schannel_session_info(p->pipe_state_mem_ctx, remote_machine, p->dc); - if ( (sampass = samu_new( NULL )) != NULL ) { - ret = pdb_getsampwnam(sampass, p->dc->mach_acct); - } + ret = pdb_getsampwnam(sampass, p->dc->mach_acct); unbecome_root(); - if ( !sampass ) - return NT_STATUS_NO_MEMORY; + if (!ret) { + TALLOC_FREE(sampass); + return NT_STATUS_ACCESS_DENIED; + } /* Ensure the account exists and is a machine account. */ acct_ctrl = pdb_get_acct_ctrl(sampass); - if (!(ret - && (acct_ctrl & ACB_WSTRUST || + if (!(acct_ctrl & ACB_WSTRUST || acct_ctrl & ACB_SVRTRUST || - acct_ctrl & ACB_DOMTRUST))) { + acct_ctrl & ACB_DOMTRUST)) { TALLOC_FREE(sampass); return NT_STATUS_NO_SUCH_USER; } @@ -626,7 +630,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * } become_root(); - r_u->status = pdb_update_sam_account (sampass); + r_u->status = pdb_update_sam_account(sampass); unbecome_root(); } diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 7d1a2ade54..e4531d8ae9 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -2010,6 +2010,12 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para return False; } + if ( !(sampw = samu_new(mem_ctx)) ) { + DEBUG(0, ("samu_new() failed!\n")); + TALLOC_FREE(mem_ctx); + return False; + } + /* Lookup the user information; This should only be one of our accounts (not remote domains) */ @@ -2027,11 +2033,6 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para goto done; } - if ( !(sampw = samu_new(mem_ctx)) ) { - DEBUG(0, ("samu_new() failed!\n")); - goto done; - } - if ( !pdb_getsampwsid(sampw, &user_sid) ) { DEBUG(10, ("pdb_getsampwsid(%s) failed for user %s\n", sid_string_static(&user_sid), UserName)); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 24b3759605..fc339ffaa9 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -403,12 +403,19 @@ static int process_root(int local_flags) if(local_flags & LOCAL_ENABLE_USER) { struct samu *sampass = NULL; - BOOL ret; sampass = samu_new( NULL ); - ret = pdb_getsampwnam(sampass, user_name); - if((ret) && - (pdb_get_nt_passwd(sampass) == NULL)) { + if (!sampass) { + fprintf(stderr, "talloc fail for struct samu.\n"); + exit(1); + } + if (!pdb_getsampwnam(sampass, user_name)) { + fprintf(stderr, "Failed to find user %s in passdb backend.\n", + user_name ); + exit(1); + } + + if(pdb_get_nt_passwd(sampass) == NULL) { local_flags |= LOCAL_SET_PASSWORD; } TALLOC_FREE(sampass); @@ -437,16 +444,26 @@ static int process_root(int local_flags) printf("Password changed for user %s on %s.\n", user_name, remote_machine ); } else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) { struct samu *sampass = NULL; - BOOL ret; sampass = samu_new( NULL ); - ret = pdb_getsampwnam(sampass, user_name); + if (!samu_new) { + fprintf(stderr, "talloc fail for struct samu.\n"); + exit(1); + } + + if (!pdb_getsampwnam(sampass, user_name)) { + fprintf(stderr, "Failed to find user %s in passdb backend.\n", + user_name ); + exit(1); + } printf("Password changed for user %s.", user_name ); - if( (ret != False) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) ) + if(pdb_get_acct_ctrl(sampass)&ACB_DISABLED) { printf(" User has disabled flag set."); - if((ret != False) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) ) + } + if(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) { printf(" User has no password flag set."); + } printf("\n"); TALLOC_FREE(sampass); } |