diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-11-17 16:19:04 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-11-17 16:19:04 +0000 |
| commit | 74d539f5573a3ed3ff1b96c54752a389da4c3e14 (patch) | |
| tree | cc4cee5bc8c5ff3e7ebfef04c4ed3ff6a199df48 /source3/passdb | |
| parent | b7c4cd9fc6460c2138750237ee4525f929e93a76 (diff) | |
| download | samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.gz samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.bz2 samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.zip | |
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/ldap.c | 36 | ||||
| -rw-r--r-- | source3/passdb/nispass.c | 44 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 456 | ||||
| -rw-r--r-- | source3/passdb/smbpass.c | 520 | ||||
| -rw-r--r-- | source3/passdb/smbpassfile.c | 51 |
5 files changed, 388 insertions, 719 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index ed275c4a88..af48ebbdc0 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -223,7 +223,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, static unsigned char smblmpwd[16]; static unsigned char smbntpwd[16]; - pdb_init_smb(user); + pwdb_init_smb(user); bzero(smblmpwd, sizeof(smblmpwd)); bzero(smbntpwd, sizeof(smbntpwd)); @@ -237,16 +237,16 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #else get_single_attribute(ldap_struct, entry, "unicodePwd", temp); - pdb_gethexpwd(temp, smbntpwd); + pwdb_gethexpwd(temp, smbntpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ get_single_attribute(ldap_struct, entry, "dBCSPwd", temp); - pdb_gethexpwd(temp, smblmpwd); + pwdb_gethexpwd(temp, smblmpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #endif get_single_attribute(ldap_struct, entry, "userAccountControl", temp); - user->acct_ctrl = pdb_decode_acct_ctrl(temp); + user->acct_ctrl = pwdb_decode_acct_ctrl(temp); get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); @@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, get_single_attribute(ldap_struct, entry, "rid", temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pdb_user_rid_to_uid (atoi(temp)); + user->smb_userid = pwdb_user_rid_to_uid (atoi(temp)); if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) { @@ -288,7 +288,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, static pstring temp; static struct smb_passwd pw_buf; - pdb_init_sam(user); + pwdb_init_sam(user); ldap_get_smb_passwd(ldap_struct, entry, &pw_buf); @@ -576,7 +576,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); switch(flag) { @@ -708,7 +708,7 @@ static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); ldap_modify_s(ldap_struct, dn, mods); @@ -922,52 +922,52 @@ static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok) static struct smb_passwd *getldappwnam(char *name) { - return pdb_sam_to_smb(iterate_getsam21pwnam(name)); + return pwdb_sam_to_smb(iterate_getsam21pwnam(name)); } static struct smb_passwd *getldappwuid(uid_t smb_userid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); + return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); } static struct smb_passwd *getldappwrid(uint32 user_rid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(iterate_getsam21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getldappwent(void *vp) { - return pdb_sam_to_smb(getldap21pwent(vp)); + return pwdb_sam_to_smb(getldap21pwent(vp)); } static BOOL add_ldappwd_entry(struct smb_passwd *newpwd) { - return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_ldap21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_ldap21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct sam_disp_info *getldapdispnam(char *name) { - return pdb_sam_to_dispinfo(getldap21pwnam(name)); + return pwdb_sam_to_dispinfo(getldap21pwnam(name)); } static struct sam_disp_info *getldapdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getldap21pwrid(rid)); + return pwdb_sam_to_dispinfo(getldap21pwrid(rid)); } static struct sam_disp_info *getldapdispent(void *vp) { - return pdb_sam_to_dispinfo(getldap21pwent(vp)); + return pwdb_sam_to_dispinfo(getldap21pwent(vp)); } static struct sam_passwd *getldap21pwuid(uid_t uid) { - return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid))); + return pwdb_smb_to_sam(iterate_getsam21pwuid(pwdb_uid_to_user_rid(uid))); } static struct passdb_ops ldap_ops = diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index e750fec1a1..489ccbf25f 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -361,22 +361,22 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); - pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); - pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); + pwdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); + pwdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - pdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); - pdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); - pdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); - pdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); - pdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); - pdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); + pwdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); + pwdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); + pwdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); + pwdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); + pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); + pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid); slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid); slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); - safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); + safe_strcpy(acb, pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); @@ -456,7 +456,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) if (pw_buf == NULL || result == NULL) return False; - pdb_init_sam(pw_buf); + pwdb_init_sam(pw_buf); if (result->status != NIS_SUCCESS) { @@ -482,7 +482,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the lanman password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_LMPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n")); return False; @@ -490,7 +490,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the NT password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_NTPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbntpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n")); return False; @@ -603,52 +603,52 @@ static struct sam_passwd *getnisp21pwrid(uint32 rid) static struct smb_passwd *getnisppwent(void *vp) { - return pdb_sam_to_smb(getnisp21pwent(vp)); + return pwdb_sam_to_smb(getnisp21pwent(vp)); } static BOOL add_nisppwd_entry(struct smb_passwd *newpwd) { - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_nisp21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_nisp21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct smb_passwd *getnisppwnam(char *name) { - return pdb_sam_to_smb(getnisp21pwnam(name)); + return pwdb_sam_to_smb(getnisp21pwnam(name)); } static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) { - return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid)); + return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid)); } static struct smb_passwd *getnisppwrid(uid_t user_rid) { - return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getnisppwuid(uid_t smb_userid) { - return pdb_sam_to_smb(getnisp21pwuid(smb_userid)); + return pwdb_sam_to_smb(getnisp21pwuid(smb_userid)); } static struct sam_disp_info *getnispdispnam(char *name) { - return pdb_sam_to_dispinfo(getnisp21pwnam(name)); + return pwdb_sam_to_dispinfo(getnisp21pwnam(name)); } static struct sam_disp_info *getnispdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getnisp21pwrid(rid)); + return pwdb_sam_to_dispinfo(getnisp21pwrid(rid)); } static struct sam_disp_info *getnispdispent(void *vp) { - return pdb_sam_to_dispinfo(getnisp21pwent(vp)); + return pwdb_sam_to_dispinfo(getnisp21pwent(vp)); } static struct passdb_ops nispasswd_ops = { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index f29a9ff570..a4c663e388 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -26,14 +26,6 @@ extern int DEBUGLEVEL; /* - * This is set on startup - it defines the SID for this - * machine, and therefore the SAM database for which it is - * responsible. - */ - -DOM_SID global_sam_sid; - -/* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. * @@ -49,36 +41,39 @@ DOM_SID global_sam_sid; * functions in a first pass, as struct sam_passwd contains more * information, needed by the NT Domain support. * - * a full example set of derivative functions are listed below. an API - * writer is expected to cut/paste these into their module, replace - * either one set (struct smb_passwd) or the other (struct sam_passwd) - * OR both, and optionally also to write display info routines - * (struct sam_disp_info). lkcl + * an API writer is expected to create either one set (struct smb_passwd) or + * the other (struct sam_passwd) OR both, and optionally also to write display + * info routines * (struct sam_disp_info). functions which the API writer + * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y) + * such that API users can call any function and still get valid results. + * + * the password API does NOT fill in the gaps if you set an API function + * to NULL: it will deliberately attempt to call the NULL function. * */ -static struct passdb_ops *pdb_ops; +static struct passdb_ops *pwdb_ops; /*************************************************************** - Initialize the password db operations. + Initialise the password db operations. ***************************************************************/ -BOOL initialize_password_db(void) +BOOL initialise_password_db(void) { - if (pdb_ops) + if (pwdb_ops) { return True; } #ifdef WITH_NISPLUS - pdb_ops = nisplus_initialize_password_db(); + pwdb_ops = nisplus_initialise_password_db(); #elif defined(WITH_LDAP) - pdb_ops = ldap_initialize_password_db(); + pwdb_ops = ldap_initialise_password_db(); #else - pdb_ops = file_initialize_password_db(); + pwdb_ops = file_initialise_password_db(); #endif - return (pdb_ops != NULL); + return (pwdb_ops != NULL); } /* @@ -91,7 +86,7 @@ BOOL initialize_password_db(void) struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) { - return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid)); + return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid)); } /************************************************************************ @@ -173,7 +168,7 @@ struct smb_passwd *iterate_getsmbpwnam(char *name) void *startsmbpwent(BOOL update) { - return pdb_ops->startsmbpwent(update); + return pwdb_ops->startsmbpwent(update); } /*************************************************************** @@ -188,7 +183,7 @@ void *startsmbpwent(BOOL update) void endsmbpwent(void *vp) { - pdb_ops->endsmbpwent(vp); + pwdb_ops->endsmbpwent(vp); } /************************************************************************* @@ -197,7 +192,7 @@ void endsmbpwent(void *vp) struct smb_passwd *getsmbpwent(void *vp) { - return pdb_ops->getsmbpwent(vp); + return pwdb_ops->getsmbpwent(vp); } /************************************************************************ @@ -206,7 +201,7 @@ struct smb_passwd *getsmbpwent(void *vp) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pdb_ops->add_smbpwd_entry(newpwd); + return pwdb_ops->add_smbpwd_entry(newpwd); } /************************************************************************ @@ -220,7 +215,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pdb_ops->mod_smbpwd_entry(pwd, override); + return pwdb_ops->mod_smbpwd_entry(pwd, override); } /************************************************************************ @@ -229,7 +224,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(char *name) { - return pdb_ops->getsmbpwnam(name); + return pwdb_ops->getsmbpwnam(name); } /************************************************************************ @@ -238,7 +233,7 @@ struct smb_passwd *getsmbpwnam(char *name) struct smb_passwd *getsmbpwrid(uint32 user_rid) { - return pdb_ops->getsmbpwrid(user_rid); + return pwdb_ops->getsmbpwrid(user_rid); } /************************************************************************ @@ -247,7 +242,7 @@ struct smb_passwd *getsmbpwrid(uint32 user_rid) struct smb_passwd *getsmbpwuid(uid_t smb_userid) { - return pdb_ops->getsmbpwuid(smb_userid); + return pwdb_ops->getsmbpwuid(smb_userid); } /* @@ -370,7 +365,7 @@ struct sam_passwd *iterate_getsam21pwuid(uid_t uid) *************************************************************************/ struct sam_disp_info *getsamdisprid(uint32 rid) { - return pdb_ops->getsamdisprid(rid); + return pwdb_ops->getsamdisprid(rid); } /************************************************************************* @@ -379,7 +374,7 @@ struct sam_disp_info *getsamdisprid(uint32 rid) struct sam_passwd *getsam21pwent(void *vp) { - return pdb_ops->getsam21pwent(vp); + return pwdb_ops->getsam21pwent(vp); } @@ -389,7 +384,7 @@ struct sam_passwd *getsam21pwent(void *vp) struct sam_passwd *getsam21pwnam(char *name) { - return pdb_ops->getsam21pwnam(name); + return pwdb_ops->getsam21pwnam(name); } /************************************************************************ @@ -398,7 +393,7 @@ struct sam_passwd *getsam21pwnam(char *name) struct sam_passwd *getsam21pwrid(uint32 rid) { - return pdb_ops->getsam21pwrid(rid); + return pwdb_ops->getsam21pwrid(rid); } @@ -415,7 +410,7 @@ struct sam_passwd *getsam21pwrid(uint32 rid) initialises a struct sam_disp_info. **************************************************************/ -static void pdb_init_dispinfo(struct sam_disp_info *user) +static void pwdb_init_dispinfo(struct sam_disp_info *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -425,7 +420,7 @@ static void pdb_init_dispinfo(struct sam_disp_info *user) initialises a struct smb_passwd. **************************************************************/ -void pdb_init_smb(struct smb_passwd *user) +void pwdb_init_smb(struct smb_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -435,7 +430,7 @@ void pdb_init_smb(struct smb_passwd *user) /************************************************************* initialises a struct sam_passwd. **************************************************************/ -void pdb_init_sam(struct sam_passwd *user) +void pwdb_init_sam(struct sam_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -451,13 +446,13 @@ void pdb_init_sam(struct sam_passwd *user) Routine to return the next entry in the sam passwd list. *************************************************************************/ -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user) { static struct sam_disp_info disp_info; if (user == NULL) return NULL; - pdb_init_dispinfo(&disp_info); + pwdb_init_dispinfo(&disp_info); disp_info.smb_name = user->smb_name; disp_info.full_name = user->full_name; @@ -470,13 +465,13 @@ struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) converts a sam_passwd structure to a smb_passwd structure. **************************************************************/ -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user) { static struct smb_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_smb(&pw_buf); + pwdb_init_smb(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -493,13 +488,13 @@ struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) converts a smb_passwd structure to a sam_passwd structure. **************************************************************/ -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user) { static struct sam_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_sam(&pw_buf); + pwdb_init_sam(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -517,7 +512,7 @@ struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) null). length *MUST BE MORE THAN 2* ! **********************************************************/ -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) { static fstring acct_str; size_t i = 0; @@ -553,7 +548,7 @@ char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) 15 lines, which is more important. **********************************************************/ -uint16 pdb_decode_acct_ctrl(char *p) +uint16 pwdb_decode_acct_ctrl(char *p) { uint16 acct_ctrl = 0; BOOL finished = False; @@ -603,7 +598,9 @@ static time_t get_time_from_string(char *p) for (i = 0; i < 8; i++) { if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - break; + { + break; + } } if (i == 8) { @@ -621,7 +618,7 @@ static time_t get_time_from_string(char *p) gets password last set time ********************************************************************/ -time_t pdb_get_last_set_time(char *p) +time_t pwdb_get_last_set_time(char *p) { if (*p && StrnCaseCmp((char *)p, "LCT-", 4)) { @@ -642,7 +639,7 @@ static void set_time_in_string(char *p, int max_len, char *type, time_t t) /******************************************************************* sets logon time ********************************************************************/ -void pdb_set_logon_time(char *p, int max_len, time_t t) +void pwdb_set_logon_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LNT", t); } @@ -650,7 +647,7 @@ void pdb_set_logon_time(char *p, int max_len, time_t t) /******************************************************************* sets logoff time ********************************************************************/ -void pdb_set_logoff_time(char *p, int max_len, time_t t) +void pwdb_set_logoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LOT", t); } @@ -658,7 +655,7 @@ void pdb_set_logoff_time(char *p, int max_len, time_t t) /******************************************************************* sets kickoff time ********************************************************************/ -void pdb_set_kickoff_time(char *p, int max_len, time_t t) +void pwdb_set_kickoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "KOT", t); } @@ -666,7 +663,7 @@ void pdb_set_kickoff_time(char *p, int max_len, time_t t) /******************************************************************* sets password can change time ********************************************************************/ -void pdb_set_can_change_time(char *p, int max_len, time_t t) +void pwdb_set_can_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "CCT", t); } @@ -674,7 +671,7 @@ void pdb_set_can_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_must_change_time(char *p, int max_len, time_t t) +void pwdb_set_must_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "MCT", t); } @@ -682,7 +679,7 @@ void pdb_set_must_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_last_set_time(char *p, int max_len, time_t t) +void pwdb_set_last_set_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LCT", t); } @@ -691,7 +688,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t) /************************************************************* Routine to set 32 hex password characters from a 16 byte array. **************************************************************/ -void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) +void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) { if (pwd != NULL) { @@ -713,327 +710,114 @@ void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) } } } + /************************************************************* Routine to get the 32 hex characters and turn them into a 16 byte array. **************************************************************/ -BOOL pdb_gethexpwd(char *p, char *pwd) +BOOL pwdb_gethexpwd(char *p, char *pwd) { - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - for (i = 0; i < 32; i += 2) - { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - { - return (False); - } - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); + return strhex_to_str(pwd, 32, p) == 16; } /******************************************************************* - Group and User RID username mapping function + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) +uid_t pwdb_user_rid_to_uid(uint32 user_rid) { - struct passwd *pw = Get_Pwnam(user_name, False); - - if (u_rid == NULL || g_rid == NULL || user_name == NULL) - { - return False; - } - - if (!pw) - { - DEBUG(1,("Username %s is invalid on this system\n", user_name)); - return False; - } - - if (user_in_list(user_name, lp_domain_guest_users())) - { - *u_rid = DOMAIN_USER_RID_GUEST; - } - else if (user_in_list(user_name, lp_domain_admin_users())) - { - *u_rid = DOMAIN_USER_RID_ADMIN; - } - else - { - /* turn the unix UID into a Domain RID. this is what the posix - sub-system does (adds 1000 to the uid) */ - *u_rid = pdb_uid_to_user_rid(pw->pw_uid); - } - - /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - *g_rid = pdb_gid_to_group_rid(pw->pw_gid); - - return True; + uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER); + return uid; } -/**************************************************************************** - Read the machine SID from a file. -****************************************************************************/ - -static BOOL read_sid_from_file(int fd, char *sid_file) -{ - fstring fline; - - memset(fline, '\0', sizeof(fline)); - - if(read(fd, fline, sizeof(fline) -1 ) < 0) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Convert to the machine SID. - */ - - fline[sizeof(fline)-1] = '\0'; - if(!string_to_sid( &global_sam_sid, fline)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - return True; +/******************************************************************* + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_uid_to_user_rid(uid_t uid) +{ + uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); + return user_rid; } -/**************************************************************************** - Generate the global machine sid. Look for the MACHINE.SID file first, if - not found then look in smb.conf and use it to create the MACHINE.SID file. -****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +/******************************************************************* + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_gid_to_group_rid(gid_t gid) { - int fd; - char *p; - pstring sid_file; - fstring sid_string; - SMB_STRUCT_STAT st; - uchar raw_sid_data[12]; - - pstrcpy(sid_file, lp_smb_passwd_file()); - p = strrchr(sid_file, '/'); - if(p != NULL) { - *++p = '\0'; - } - - if (!directory_exist(sid_file, NULL)) { - if (dos_mkdir(sid_file, 0700) != 0) { - DEBUG(0,("can't create private directory %s : %s\n", - sid_file, strerror(errno))); - return False; - } - } - - pstrcat(sid_file, "MACHINE.SID"); - - if((fd = open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { - DEBUG(0,("unable to open or create file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Check if the file contains data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * We have a valid SID - read it. - */ - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file contains no data - we need to generate our - * own sid. - */ - - { - /* - * Generate the new sid data & turn it into a string. - */ - int i; - generate_random_buffer( raw_sid_data, 12, True); - - fstrcpy( sid_string, "S-1-5-21"); - for( i = 0; i < 3; i++) { - fstring tmp_string; - slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4)); - fstrcat( sid_string, tmp_string); - } - } - - fstrcat(sid_string, "\n"); - - /* - * Ensure our new SID is valid. - */ - - if(!string_to_sid( &global_sam_sid, sid_string)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - /* - * Do an exclusive blocking lock on the file. - */ - - if(!do_file_lock( fd, 60, F_WRLCK)) { - DEBUG(0,("unable to lock file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * At this point we have a blocking lock on the SID - * file - check if in the meantime someone else wrote - * SID data into the file. If so - they were here first, - * use their data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * Unlock as soon as possible to reduce - * contention on the exclusive lock. - */ - do_file_lock( fd, 60, F_UNLCK); - - /* - * We have a valid SID - read it. - */ - - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file is still empty and we have an exlusive lock on it. - * Write out out SID data into the file. - */ - - if(fchmod(fd, 0644) < 0) { - DEBUG(0,("unable to set correct permissions on file %s. \ -Error was %s\n", sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { - DEBUG(0,("unable to write file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * Unlock & exit. - */ - - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return True; -} + uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); + return grp_rid; +} /******************************************************************* - converts UNIX uid to an NT User RID. + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uid_t pdb_user_rid_to_uid(uint32 user_rid) +gid_t pwdb_group_rid_to_gid(uint32 group_rid) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); + gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* - converts UNIX uid to an NT User RID. + converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_uid_to_user_rid(uid_t uid) +uint32 pwdb_gid_to_alias_rid(gid_t gid) { - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); + return alias_rid; } /******************************************************************* - converts NT Group RID to a UNIX uid. + converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_gid_to_group_rid(gid_t gid) +gid_t pwdb_alias_rid_to_gid(uint32 alias_rid) { - return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE); + gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* Decides if a RID is a well known RID. ********************************************************************/ +static BOOL pwdb_rid_is_well_known(uint32 rid) +{ + return (rid < 1000); +} -static BOOL pdb_rid_is_well_known(uint32 rid) +/******************************************************************* + determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +static uint32 pwdb_rid_type(uint32 rid) { - return (rid < 1000); + /* lkcl i understand that NT attaches an enumeration to a RID + * such that it can be identified as either a user, group etc + * type: SID_ENUM_TYPE. + */ + if (pwdb_rid_is_well_known(rid)) + { + /* + * The only well known user RIDs are DOMAIN_USER_RID_ADMIN + * and DOMAIN_USER_RID_GUEST. + */ + if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) + { + return RID_TYPE_USER; + } + if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) + { + return RID_TYPE_GROUP; + } + if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) + { + return RID_TYPE_ALIAS; + } + } + return (rid & RID_TYPE_MASK); } /******************************************************************* - Decides if a RID is a user or group RID. + checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_rid_is_user(uint32 rid) +BOOL pwdb_rid_is_user(uint32 rid) { - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type. there are 5 such categories, and they are documented. - */ - if(pdb_rid_is_well_known(rid)) { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - return True; - } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { - return True; - } - return False; + return pwdb_rid_type(rid) == RID_TYPE_USER; } + diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index c8d817dc40..bdf01ee6a8 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -21,7 +21,7 @@ #ifdef USE_SMBPASS_DB -extern int pw_file_lock_depth; +static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; @@ -35,37 +35,8 @@ static char s_readbuf[1024]; static void *startsmbfilepwent(BOOL update) { - FILE *fp = NULL; - char *pfile = lp_smb_passwd_file(); - - if (!*pfile) { - DEBUG(0, ("startsmbfilepwent: No SMB password file set\n")); - return (NULL); - } - DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile)); - - fp = fopen(pfile, update ? "r+b" : "rb"); - - if (fp == NULL) { - DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile)); - return NULL; - } - - /* Set a buffer to do more efficient reads */ - setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf)); - - if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth)) - { - DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile)); - fclose(fp); - return NULL; - } - - /* Make sure it is only rw by the owner */ - chmod(pfile, 0600); - - /* We have a lock on the file. */ - return (void *)fp; + return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), + &pw_file_lock_depth, update); } /*************************************************************** @@ -74,11 +45,27 @@ static void *startsmbfilepwent(BOOL update) static void endsmbfilepwent(void *vp) { - FILE *fp = (FILE *)vp; + endfilepwent(vp, &pw_file_lock_depth); +} - pw_file_unlock(fileno(fp), &pw_file_lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent: closed password file.\n")); +/************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static SMB_BIG_UINT getsmbfilepwpos(void *vp) +{ + return getfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +{ + return setfilepwpos(vp, tok); } /************************************************************************* @@ -86,219 +73,182 @@ static void endsmbfilepwent(void *vp) *************************************************************************/ static struct smb_passwd *getsmbfilepwent(void *vp) { - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - FILE *fp = (FILE *)vp; - char linebuf[256]; - unsigned char c; - unsigned char *p; - long uidval; - size_t linebuf_len; - - if(fp == NULL) { - DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); - return NULL; - } - - pdb_init_smb(&pw_buf); - - pw_buf.acct_ctrl = ACB_NORMAL; - - /* - * Scan the file, a line at a time and check if the name matches. - */ - while (!feof(fp)) { - linebuf[0] = '\0'; - - fgets(linebuf, 256, fp); - if (ferror(fp)) { - return NULL; - } - - /* - * Check if the string is terminated with a newline - if not - * then we must keep reading and discard until we get one. - */ - linebuf_len = strlen(linebuf); - if (linebuf[linebuf_len - 1] != '\n') { - c = '\0'; - while (!ferror(fp) && !feof(fp)) { - c = fgetc(fp); - if (c == '\n') - break; - } - } else - linebuf[linebuf_len - 1] = '\0'; - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf)); -#endif - if ((linebuf[0] == 0) && feof(fp)) { - DEBUG(4, ("getsmbfilepwent: end of file reached\n")); - break; - } - /* - * The line we have should be of the form :- - * - * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently - * ignored.... - * - * or, - * - * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... - * - * if Windows NT compatible passwords are also present. - * [Account type] is an ascii encoding of the type of account. - * LCT-(8 hex digits) is the time_t value of the last change time. - */ - - if (linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n")); - continue; - } - p = (unsigned char *) strchr(linebuf, ':'); - if (p == NULL) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n")); - continue; - } - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - - /* Get smb uid. */ - - p++; /* Go past ':' */ - if (!isdigit(*p)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n")); - continue; - } - - uidval = atoi((char *) p); - - while (*p && isdigit(*p)) - p++; - - if (*p != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n")); - continue; - } - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf.smb_nt_passwd = NULL; - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_DISABLED; - return &pw_buf; - } - - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); - continue; - } - - if (p[32] != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); - continue; - } + /* Static buffers we will return. */ + static struct smb_passwd pw_buf; + static pstring user_name; + static unsigned char smbpwd[16]; + static unsigned char smbntpwd[16]; + struct passwd *pwfile; + char linebuf[256]; + unsigned char *p; + int uidval; + size_t linebuf_len; - if (!strncasecmp((char *) p, "NO PASSWORD", 11)) { - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_PWNOTREQ; - } else { - if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); - continue; - } - pw_buf.smb_passwd = smbpwd; - } + if (vp == NULL) + { + DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); + return NULL; + } - /* - * Now check if the NT compatible password is - * available. - */ - pw_buf.smb_nt_passwd = NULL; - - p += 33; /* Move to the first character of the line after - the lanman password. */ - if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { - if (*p != '*' && *p != 'X') { - if(pdb_gethexpwd((char *)p,(char *)smbntpwd)) - pw_buf.smb_nt_passwd = smbntpwd; - } - p += 33; /* Move to the first character of the line after - the NT password. */ - } + pwdb_init_smb(&pw_buf); - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n", - user_name, uidval)); + pw_buf.acct_ctrl = ACB_NORMAL; - if (*p == '[') + /* + * Scan the file, a line at a time. + */ + while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) { - pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p); - - /* Must have some account type set. */ - if(pw_buf.acct_ctrl == 0) - pw_buf.acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(*p == ']') - p++; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') { - pw_buf.acct_ctrl &= ~ACB_NORMAL; - pw_buf.acct_ctrl |= ACB_WSTRUST; - } - } - - return &pw_buf; - } + /* + * The line we have should be of the form :- + * + * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently + * ignored.... + * + * or, + * + * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... + * + * if Windows NT compatible passwords are also present. + * [Account type] is an ascii encoding of the type of account. + * LCT-(8 hex digits) is the time_t value of the last change time. + */ + + /* + * As 256 is shorter than a pstring we don't need to check + * length here - if this ever changes.... + */ + p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + + /* Go past ':' */ + p++; + + /* Get smb uid. */ + + p = Atoic((char *) p, &uidval, ":"); + + pw_buf.smb_name = user_name; + pw_buf.smb_userid = uidval; + + /* + * Now get the password value - this should be 32 hex digits + * which are the ascii representations of a 16 byte string. + * Get two at a time and put them into the password. + */ + + /* Skip the ':' */ + p++; + + if (*p == '*' || *p == 'X') + { + /* Password deliberately invalid - end here. */ + DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + pw_buf.smb_nt_passwd = NULL; + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_DISABLED; + return &pw_buf; + } + + if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); + continue; + } + + if (p[32] != ':') + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); + continue; + } + + if (!strncasecmp((char *) p, "NO PASSWORD", 11)) + { + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_PWNOTREQ; + } + else + { + if (!pwdb_gethexpwd((char *)p, (char *)smbpwd)) + { + DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); + continue; + } + pw_buf.smb_passwd = smbpwd; + } + + /* + * Now check if the NT compatible password is + * available. + */ + pw_buf.smb_nt_passwd = NULL; + + /* Move to the first character of the line after the lanman password. */ + p += 33; + if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) + { + if (*p != '*' && *p != 'X') + { + if(pwdb_gethexpwd((char *)p,(char *)smbntpwd)) + { + pw_buf.smb_nt_passwd = smbntpwd; + } + } + /* Move to the first character of the line after the NT password. */ + p += 33; + } + + DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", + user_name, uidval)); + + if (*p == '[') + { + pw_buf.acct_ctrl = pwdb_decode_acct_ctrl((char*)p); + + /* Must have some account type set. */ + if (pw_buf.acct_ctrl == 0) + { + pw_buf.acct_ctrl = ACB_NORMAL; + } + + /* Now try and get the last change time. */ + if (*p == ']') + { + p++; + } + if (*p == ':') + { + p++; + pw_buf.pass_last_set_time = pwdb_get_last_set_time(p); + } + } + else + { + /* 'Old' style file. Fake up based on user name. */ + /* + * Currently trust accounts are kept in the same + * password file as 'normal accounts'. If this changes + * we will have to fix this code. JRA. + */ + if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + { + pw_buf.acct_ctrl &= ~ACB_NORMAL; + pw_buf.acct_ctrl |= ACB_WSTRUST; + } + } + + pwfile = Get_Pwnam(pw_buf.smb_name, False); + if (pwfile == NULL) + { + DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); + DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); + return NULL; + } + + return &pw_buf; + } - DEBUG(5,("getsmbfilepwent: end of file reached.\n")); - return NULL; + DEBUG(5,("getsmbfilepwent: end of file reached.\n")); + return NULL; } /************************************************************************* @@ -327,7 +277,9 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) if (pw_buf == NULL) return NULL; - pwfile = getpwnam(pw_buf->smb_name); + pwdb_init_sam(&user); + + pwfile = Get_Pwnam(pw_buf->smb_name, False); if (pwfile == NULL) { DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); @@ -335,8 +287,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return NULL; } - pdb_init_sam(&user); - pstrcpy(samlogon_user, pw_buf->smb_name); if (samlogon_user[strlen(samlogon_user)-1] != '$') @@ -348,8 +298,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); + user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); pstrcpy(full_name , pwfile->pw_gecos ); pstrcpy(logon_script , lp_logon_script ()); @@ -366,7 +316,7 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pstrcpy(full_name , ""); @@ -405,26 +355,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return &user; } -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilepwpos(void *vp) -{ - return (SMB_BIG_UINT)sys_ftell((FILE *)vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) -{ - return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET); -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -525,7 +455,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); + pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); #ifdef DEBUG_PASSWORD DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|", @@ -603,7 +533,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) lockfd = fileno(fp); - if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { + if (!file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile)); fclose(fp); return False; @@ -623,7 +553,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) fgets(linebuf, sizeof(linebuf), fp); if (ferror(fp)) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -692,7 +622,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) } if (!found_entry) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -704,7 +634,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!isdigit(*p)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -713,7 +643,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) p++; if (*p != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -731,27 +661,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (!override && (*p == '*' || *p == 'X')) { - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -762,14 +692,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) the lanman password. */ if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -807,7 +737,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * acct ctrl field. Encode the given acct ctrl * bits into it. */ - fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + fstrcpy(encode_bits, pwdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } else { /* * If using the old format and the ACB_DISABLED or @@ -897,7 +827,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if(wr_len > sizeof(linebuf)) { DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } @@ -915,7 +845,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -923,33 +853,33 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) /* Sanity check - ensure the areas we are writing are framed by ':' */ if (read(fd, linebuf, wr_len+1) != wr_len+1) { DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) { DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (write(fd, ascii_p16, wr_len) != wr_len) { DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return True; } @@ -960,27 +890,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) { - return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override); + return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); } static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) { - return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd)); + return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); } static struct sam_disp_info *getsmbfiledispnam(char *name) { - return pdb_sam_to_dispinfo(getsam21pwnam(name)); + return pwdb_sam_to_dispinfo(getsam21pwnam(name)); } static struct sam_disp_info *getsmbfiledisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getsam21pwrid(rid)); + return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); } static struct sam_disp_info *getsmbfiledispent(void *vp) { - return pdb_sam_to_dispinfo(getsam21pwent(vp)); + return pwdb_sam_to_dispinfo(getsam21pwent(vp)); } static struct passdb_ops file_ops = { @@ -1005,7 +935,7 @@ static struct passdb_ops file_ops = { getsmbfiledispent }; -struct passdb_ops *file_initialize_password_db(void) +struct passdb_ops *file_initialise_password_db(void) { return &file_ops; } diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index 0d4f9d3203..a50bc93eac 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -21,52 +21,7 @@ extern int DEBUGLEVEL; -int pw_file_lock_depth = 0; - BOOL global_machine_password_needs_changing = False; - - -/*************************************************************** - Lock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) -{ - if (fd < 0) - return False; - - (*plock_depth)++; - - if(pw_file_lock_depth == 0) { - if (!do_file_lock(fd, secs, type)) { - DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", - strerror(errno))); - return False; - } - } - - return True; -} - -/*************************************************************** - Unlock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_unlock(int fd, int *plock_depth) -{ - BOOL ret=True; - - if(*plock_depth == 1) - ret = do_file_lock(fd, 5, F_UNLCK); - - (*plock_depth)--; - - if(!ret) - DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", - strerror(errno))); - return ret; -} - static int mach_passwd_lock_depth; static FILE *mach_passwd_fp; @@ -125,7 +80,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) chmod(mac_file, 0600); - if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), + if(!file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 60, &mach_passwd_lock_depth)) { DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file)); @@ -144,7 +99,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) BOOL trust_password_unlock(void) { - BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); + BOOL ret = file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); if(mach_passwd_lock_depth == 0) fclose(mach_passwd_fp); return ret; @@ -212,7 +167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t * Get the hex password. */ - if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || + if (!pwdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || strncmp(&linebuf[33], "TLC-", 4)) { DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); #ifdef DEBUG_PASSWORD |