summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-05-18 12:27:04 +0000
committerLuke Leighton <lkcl@samba.org>1998-05-18 12:27:04 +0000
commit39f3c0c25a289b0b255e104a0a0aaade557c84f4 (patch)
tree216e3cae15cf1231eba6d8120d7da75bfb1c3fe4 /source3/passdb
parenta85b42ff3720adb9adf10707cf54f8119cca4461 (diff)
downloadsamba-39f3c0c25a289b0b255e104a0a0aaade557c84f4.tar.gz
samba-39f3c0c25a289b0b255e104a0a0aaade557c84f4.tar.bz2
samba-39f3c0c25a289b0b255e104a0a0aaade557c84f4.zip
- renamed some of the passdb.c functions: they have a prefix pdb_ on them
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c6
-rw-r--r--source3/passdb/smbpass.c306
-rw-r--r--source3/passdb/smbpassfile.c307
3 files changed, 319 insertions, 300 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 9df88bf6d3..411b76d006 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -532,7 +532,7 @@ time_t pdb_get_last_set_time(char *p)
/*******************************************************************
sets password-database-format time in a string.
********************************************************************/
-static set_time_in_string(char *p, int max_len, char *type, time_t t)
+static void set_time_in_string(char *p, int max_len, char *type, time_t t)
{
slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
}
@@ -679,11 +679,11 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
- *u_rid = uid_to_user_rid(pw->pw_uid);
+ *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
}
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
- *g_rid = gid_to_group_rid(pw->pw_gid);
+ *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
return True;
}
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index faaf9c5ccb..a712092439 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -19,99 +19,15 @@
#include "includes.h"
+#ifdef USE_SMBPASS_DB
+
extern int DEBUGLEVEL;
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
-static int gotalarm;
static char s_readbuf[16 * 1024];
/***************************************************************
- Signal function to tell us we timed out.
-****************************************************************/
-
-static void gotalarm_sig(void)
-{
- gotalarm = 1;
-}
-
-/***************************************************************
- Lock or unlock a fd for a known lock type. Abandon after waitsecs
- seconds.
-****************************************************************/
-
-BOOL do_file_lock(int fd, int waitsecs, int type)
-{
- struct flock lock;
- int ret;
-
- gotalarm = 0;
- signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
-
- lock.l_type = type;
- lock.l_whence = SEEK_SET;
- lock.l_start = 0;
- lock.l_len = 1;
- lock.l_pid = 0;
-
- alarm(5);
- ret = fcntl(fd, F_SETLKW, &lock);
- alarm(0);
- signal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm) {
- DEBUG(0, ("do_file_lock: failed to %s file.\n",
- type == F_UNLCK ? "unlock" : "lock"));
- return False;
- }
-
- return (ret == 0);
-}
-
-static int pw_file_lock_depth;
-
-/***************************************************************
- Lock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
-{
- if (fd < 0)
- return False;
-
- (*plock_depth)++;
-
- if(pw_file_lock_depth == 0) {
- if (!do_file_lock(fd, secs, type)) {
- DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
- strerror(errno)));
- return False;
- }
- }
-
- return True;
-}
-
-/***************************************************************
- Unlock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-static BOOL pw_file_unlock(int fd, int *plock_depth)
-{
- BOOL ret=True;
-
- if(*plock_depth == 1)
- ret = do_file_lock(fd, 5, F_UNLCK);
-
- (*plock_depth)--;
-
- if(!ret)
- DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
- strerror(errno)));
- return ret;
-}
-
-/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module.
@@ -207,8 +123,8 @@ struct sam_passwd *getsmb21pwent(void *vp)
user.smb_userid = pw_buf->smb_userid;
user.smb_grpid = pwfile->pw_gid;
- user.user_rid = uid_to_user_rid (user.smb_userid);
- user.group_rid = gid_to_group_rid(user.smb_grpid );
+ user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
+ user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
pstrcpy(full_name , pwfile->pw_gecos );
pstrcpy(logon_script , lp_logon_script ());
@@ -445,7 +361,7 @@ struct smb_passwd *getsmbpwent(void *vp)
if (*p == '[')
{
- pw_buf.acct_ctrl = decode_acct_ctrl(p);
+ pw_buf.acct_ctrl = pdb_decode_acct_ctrl(p);
/* Must have some account type set. */
if(pw_buf.acct_ctrl == 0)
@@ -630,7 +546,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
/* Add the account encoding and the last change time. */
slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
- encode_acct_ctrl(newpwd->acct_ctrl),
+ pdb_encode_acct_ctrl(newpwd->acct_ctrl),
(uint32)time(NULL));
#ifdef DEBUG_PASSWORD
@@ -1025,210 +941,6 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
fclose(fp);
return True;
}
-
-static int mach_passwd_lock_depth;
-static FILE *mach_passwd_fp;
-
-/************************************************************************
- Routine to get the name for a trust account file.
-************************************************************************/
-
-static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
-{
- unsigned int mac_file_len;
- char *p;
-
- pstrcpy(mac_file, lp_smb_passwd_file());
- p = strrchr(mac_file, '/');
- if(p != NULL)
- *++p = '\0';
-
- mac_file_len = strlen(mac_file);
-
- if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
- {
- DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
- mac_file));
- return;
- }
-
- pstrcat(mac_file, domain);
- pstrcat(mac_file, ".");
- pstrcat(mac_file, name);
- pstrcat(mac_file, ".mac");
-}
-
-/************************************************************************
- Routine to lock the trust account password file for a domain.
-************************************************************************/
-
-BOOL trust_password_lock( char *domain, char *name, BOOL update)
-{
- pstring mac_file;
-
- if(mach_passwd_lock_depth == 0) {
-
- get_trust_account_file_name( domain, name, mac_file);
-
- if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
- if(errno == ENOENT && update) {
- mach_passwd_fp = fopen(mac_file, "w+b");
- }
-
- if(mach_passwd_fp == NULL) {
- DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n",
- mac_file, strerror(errno) ));
- return False;
- }
- }
-
- chmod(mac_file, 0600);
-
- if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
- 60, &mach_passwd_lock_depth))
- {
- DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
- fclose(mach_passwd_fp);
- return False;
- }
-
- }
-
- return True;
-}
-
-/************************************************************************
- Routine to unlock the trust account password file for a domain.
-************************************************************************/
-
-BOOL trust_password_unlock(void)
-{
- BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
- if(mach_passwd_lock_depth == 0)
- fclose(mach_passwd_fp);
- return ret;
-}
-
-/************************************************************************
- Routine to delete the trust account password file for a domain.
-************************************************************************/
-
-BOOL trust_password_delete( char *domain, char *name )
-{
- pstring mac_file;
-
- get_trust_account_file_name( domain, name, mac_file);
- return (unlink( mac_file ) == 0);
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
- The user of this function must have locked the trust password file.
-************************************************************************/
-
-BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
-{
- char linebuf[256];
- char *p;
- int i;
-
- linebuf[0] = '\0';
-
- *pass_last_set_time = (time_t)0;
- memset(ret_pwd, '\0', 16);
-
- if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n",
- strerror(errno) ));
- return False;
- }
-
- fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
- if(ferror(mach_passwd_fp)) {
- DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n",
- strerror(errno) ));
- return False;
- }
-
- /*
- * The length of the line read
- * must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678
- */
-
- if(strlen(linebuf) != 45) {
- DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
-#endif
- return False;
- }
-
- /*
- * Get the hex password.
- */
-
- if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
- strncmp(&linebuf[33], "TLC-", 4)) {
- DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
-#endif
- return False;
- }
-
- /*
- * Get the last changed time.
- */
- p = &linebuf[37];
-
- for(i = 0; i < 8; i++) {
- if(p[i] == '\0' || !isxdigit(p[i])) {
- DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
-#endif
- return False;
- }
- }
-
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
-
- *pass_last_set_time = (time_t)strtol(p, NULL, 16);
-
- return True;
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
- The user of this function must have locked the trust password file.
-************************************************************************/
-
-BOOL set_trust_account_password( unsigned char *md4_new_pwd)
-{
- char linebuf[64];
- int i;
-
- if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n",
- strerror(errno) ));
- return False;
- }
-
- for (i = 0; i < 16; i++)
- slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]);
-
- slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
-
- if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
- DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \
-account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
- return False;
- }
-
- fflush(mach_passwd_fp);
- return True;
-}
+#else
+static void dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
new file mode 100644
index 0000000000..dfd5931a72
--- /dev/null
+++ b/source3/passdb/smbpassfile.c
@@ -0,0 +1,307 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+static int gotalarm;
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+static void gotalarm_sig(void)
+{
+ gotalarm = 1;
+}
+
+/***************************************************************
+ Lock or unlock a fd for a known lock type. Abandon after waitsecs
+ seconds.
+****************************************************************/
+BOOL do_file_lock(int fd, int waitsecs, int type)
+{
+ struct flock lock;
+ int ret;
+
+ gotalarm = 0;
+ signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+
+ lock.l_type = type;
+ lock.l_whence = SEEK_SET;
+ lock.l_start = 0;
+ lock.l_len = 1;
+ lock.l_pid = 0;
+
+ alarm(5);
+ ret = fcntl(fd, F_SETLKW, &lock);
+ alarm(0);
+ signal(SIGALRM, SIGNAL_CAST SIG_DFL);
+
+ if (gotalarm) {
+ DEBUG(0, ("do_file_lock: failed to %s file.\n",
+ type == F_UNLCK ? "unlock" : "lock"));
+ return False;
+ }
+
+ return (ret == 0);
+}
+
+static int pw_file_lock_depth;
+
+/***************************************************************
+ Lock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
+{
+ if (fd < 0)
+ return False;
+
+ (*plock_depth)++;
+
+ if(pw_file_lock_depth == 0) {
+ if (!do_file_lock(fd, secs, type)) {
+ DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
+ strerror(errno)));
+ return False;
+ }
+ }
+
+ return True;
+}
+
+/***************************************************************
+ Unlock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+BOOL pw_file_unlock(int fd, int *plock_depth)
+{
+ BOOL ret=True;
+
+ if(*plock_depth == 1)
+ ret = do_file_lock(fd, 5, F_UNLCK);
+
+ (*plock_depth)--;
+
+ if(!ret)
+ DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
+ strerror(errno)));
+ return ret;
+}
+
+static int mach_passwd_lock_depth;
+static FILE *mach_passwd_fp;
+
+/************************************************************************
+ Routine to get the name for a trust account file.
+************************************************************************/
+static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
+{
+ unsigned int mac_file_len;
+ char *p;
+
+ pstrcpy(mac_file, lp_smb_passwd_file());
+ p = strrchr(mac_file, '/');
+ if(p != NULL)
+ *++p = '\0';
+
+ mac_file_len = strlen(mac_file);
+
+ if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
+ {
+ DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
+ mac_file));
+ return;
+ }
+
+ pstrcat(mac_file, domain);
+ pstrcat(mac_file, ".");
+ pstrcat(mac_file, name);
+ pstrcat(mac_file, ".mac");
+}
+
+/************************************************************************
+ Routine to lock the trust account password file for a domain.
+************************************************************************/
+BOOL trust_password_lock( char *domain, char *name, BOOL update)
+{
+ pstring mac_file;
+
+ if(mach_passwd_lock_depth == 0) {
+
+ get_trust_account_file_name( domain, name, mac_file);
+
+ if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
+ if(errno == ENOENT && update) {
+ mach_passwd_fp = fopen(mac_file, "w+b");
+ }
+
+ if(mach_passwd_fp == NULL) {
+ DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n",
+ mac_file, strerror(errno) ));
+ return False;
+ }
+ }
+
+ chmod(mac_file, 0600);
+
+ if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
+ 60, &mach_passwd_lock_depth))
+ {
+ DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
+ fclose(mach_passwd_fp);
+ return False;
+ }
+
+ }
+
+ return True;
+}
+
+/************************************************************************
+ Routine to unlock the trust account password file for a domain.
+************************************************************************/
+BOOL trust_password_unlock(void)
+{
+ BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
+ if(mach_passwd_lock_depth == 0)
+ fclose(mach_passwd_fp);
+ return ret;
+}
+
+/************************************************************************
+ Routine to delete the trust account password file for a domain.
+************************************************************************/
+BOOL trust_password_delete( char *domain, char *name )
+{
+ pstring mac_file;
+
+ get_trust_account_file_name( domain, name, mac_file);
+ return (unlink( mac_file ) == 0);
+}
+
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
+************************************************************************/
+BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
+{
+ char linebuf[256];
+ char *p;
+ int i;
+
+ linebuf[0] = '\0';
+
+ *pass_last_set_time = (time_t)0;
+ memset(ret_pwd, '\0', 16);
+
+ if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
+ DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n",
+ strerror(errno) ));
+ return False;
+ }
+
+ fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
+ if(ferror(mach_passwd_fp)) {
+ DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n",
+ strerror(errno) ));
+ return False;
+ }
+
+ /*
+ * The length of the line read
+ * must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678
+ */
+
+ if(strlen(linebuf) != 45) {
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n"));
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
+#endif
+ return False;
+ }
+
+ /*
+ * Get the hex password.
+ */
+
+ if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
+ strncmp(&linebuf[33], "TLC-", 4)) {
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
+#endif
+ return False;
+ }
+
+ /*
+ * Get the last changed time.
+ */
+ p = &linebuf[37];
+
+ for(i = 0; i < 8; i++) {
+ if(p[i] == '\0' || !isxdigit(p[i])) {
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n"));
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
+#endif
+ return False;
+ }
+ }
+
+ /*
+ * p points at 8 characters of hex digits -
+ * read into a time_t as the seconds since
+ * 1970 that the password was last changed.
+ */
+
+ *pass_last_set_time = (time_t)strtol(p, NULL, 16);
+
+ return True;
+}
+
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
+************************************************************************/
+BOOL set_trust_account_password( unsigned char *md4_new_pwd)
+{
+ char linebuf[64];
+ int i;
+
+ if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
+ DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n",
+ strerror(errno) ));
+ return False;
+ }
+
+ for (i = 0; i < 16; i++)
+ slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]);
+
+ slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
+
+ if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
+ DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \
+account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
+ return False;
+ }
+
+ fflush(mach_passwd_fp);
+ return True;
+}
+