diff options
| author | Luke Leighton <lkcl@samba.org> | 1999-03-09 01:21:57 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1999-03-09 01:21:57 +0000 |
| commit | a3c6e96a22bfaaa5a2993e85327555266476013d (patch) | |
| tree | d18c6f1a16ab14ab17d1e4157198a941e667931b /source3/passdb | |
| parent | aecbc5b5d37690f145c42ed834a58565c12db6d3 (diff) | |
| download | samba-a3c6e96a22bfaaa5a2993e85327555266476013d.tar.gz samba-a3c6e96a22bfaaa5a2993e85327555266476013d.tar.bz2 samba-a3c6e96a22bfaaa5a2993e85327555266476013d.zip | |
mods to allow inter-domain trust accounts to be added to SAM database
using smbpasswd command.
(This used to be commit 62d499f83256c6e8b3308dc4bd8e9f5df873b14b)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/smbpass.c | 32 | ||||
| -rw-r--r-- | source3/passdb/smbpasschange.c | 99 |
2 files changed, 77 insertions, 54 deletions
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 2686f1d68f..2985af1ff8 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -139,16 +139,6 @@ struct smb_passwd *getsmbfilepwent(void *vp) /* Skip the ':' */ p++; - if (*p == '*' || *p == 'X') - { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name)); - pw_buf.smb_nt_passwd = NULL; - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_DISABLED; - return &pw_buf; - } - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); @@ -240,6 +230,18 @@ struct smb_passwd *getsmbfilepwent(void *vp) } } + if (*p == '*' || *p == 'X') + { + /* Password deliberately invalid - end here. */ + DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name)); + pw_buf.smb_nt_passwd = NULL; + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_DISABLED; + } + + DEBUG(6,("unixuser:%s uid:%d acb:%x\n", + pw_buf.unix_name, pw_buf.unix_uid, pw_buf.acct_ctrl)); + return &pw_buf; } @@ -410,8 +412,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) #ifdef DEBUG_PASSWORD DEBUG(100,("mod_smbfilepwd_entry: password entries\n")); - dump_data(100, pwd->smb_passwd, 16); - dump_data(100, pwd->smb_nt_passwd, 16); + if (pwd->smb_passwd != NULL) + { + dump_data(100, pwd->smb_passwd, 16); + } + if (pwd->smb_nt_passwd != NULL) + { + dump_data(100, pwd->smb_nt_passwd, 16); + } #endif if (!*pfile) { DEBUG(0, ("No SMB password file set\n")); diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c index f001040682..27bb26e0b3 100644 --- a/source3/passdb/smbpasschange.c +++ b/source3/passdb/smbpasschange.c @@ -25,9 +25,9 @@ /************************************************************* add a new user to the local smbpasswd file *************************************************************/ -static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, - BOOL disable_user, BOOL set_no_password, - uchar *new_p16, uchar *new_nt_p16) +static BOOL add_new_user(char *user_name, uid_t uid, + uint16 acb_info, + uchar *new_p16, uchar *new_nt_p16) { struct smb_passwd new_smb_pwent; @@ -38,13 +38,10 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, new_smb_pwent.nt_name = user_name; new_smb_pwent.smb_passwd = NULL; new_smb_pwent.smb_nt_passwd = NULL; - new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL); + new_smb_pwent.acct_ctrl = acb_info; - if(disable_user) { - new_smb_pwent.acct_ctrl |= ACB_DISABLED; - } else if (set_no_password) { - new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ; - } else { + if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ)) + { new_smb_pwent.smb_passwd = new_p16; new_smb_pwent.smb_nt_passwd = new_nt_p16; } @@ -54,16 +51,27 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, /************************************************************* -change a password entry in the local smbpasswd file +change a password entry in the local smbpasswd file. + +when modifying an account, set acb_mask to those bits that +require changing (to zero or one) and set acb_info to the +value required in those bits. all bits NOT set in acb_mask +will NOT be modified. + +when _adding_ an account, acb_mask must be set to 0xFFFF and +it is ignored, btw :-) + *************************************************************/ -BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, - BOOL enable_user, BOOL disable_user, BOOL set_no_password, - char *new_passwd, - char *err_str, size_t err_str_len, - char *msg_str, size_t msg_str_len) +BOOL local_password_change(char *user_name, + BOOL add_user, + uint16 acb_info, uint16 acb_mask, + char *new_passwd, + char *err_str, size_t err_str_len, + char *msg_str, size_t msg_str_len) { struct passwd *pwd; struct smb_passwd *smb_pwent; + struct smb_passwd new_pwent; uchar new_p16[16]; uchar new_nt_p16[16]; fstring unix_name; @@ -75,16 +83,21 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, pwd = getpwnam(user_name); /* - * Check for a machine account. + * Check for a trust account. */ + if ((acb_info & acb_mask) != acb_info) + { + slprintf(err_str, err_str_len - 1, "programmer error: acb_info (%x) requests bits to be set outside of acb_mask (%x) range\n", acb_info, acb_mask); + } + if (pwd == NULL) { - if (trust_account) + if (!IS_BITS_SET_ALL(acb_info, ACB_NORMAL)) { slprintf(err_str, err_str_len - 1, "User %s does not \ exist in system password file (usually /etc/passwd). \ -Cannot add machine account without a valid system user.\n", user_name); +Cannot add trust account without a valid system user.\n", user_name); } else { @@ -102,22 +115,29 @@ exist in system password file (usually /etc/passwd).\n", user_name); /* Get the smb passwd entry for this user */ smb_pwent = getsmbpwnam(user_name); - if (smb_pwent == NULL) { - if(add_user == False) { + if (smb_pwent == NULL) + { + if (!add_user) + { slprintf(err_str, err_str_len-1, "Failed to find entry for user %s.\n", unix_name); return False; } - if (add_new_user(user_name, unix_uid, trust_account, disable_user, - set_no_password, new_p16, new_nt_p16)) { + if (add_new_user(user_name, unix_uid, acb_info, + new_p16, new_nt_p16)) + { slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); return True; - } else { + } + else + { slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); return False; } - } else { + } + else + { /* the entry already existed */ add_user = False; } @@ -127,26 +147,21 @@ exist in system password file (usually /etc/passwd).\n", user_name); * and the valid last change time. */ - if(disable_user) { - smb_pwent->acct_ctrl |= ACB_DISABLED; - } else if (enable_user) { - if(smb_pwent->smb_passwd == NULL) { - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; - } - smb_pwent->acct_ctrl &= ~ACB_DISABLED; - } else if (set_no_password) { - smb_pwent->acct_ctrl |= ACB_PWNOTREQ; - /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ - smb_pwent->smb_passwd = NULL; - smb_pwent->smb_nt_passwd = NULL; - } else { - smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ; - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; + memcpy(&new_pwent, smb_pwent, sizeof(new_pwent)); + new_pwent.nt_name = user_name; + new_pwent.acct_ctrl &= ~acb_mask; + new_pwent.acct_ctrl |= (acb_info & acb_mask); + new_pwent.smb_passwd = NULL; + new_pwent.smb_nt_passwd = NULL; + + if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ)) + { + new_pwent.smb_passwd = new_p16; + new_pwent.smb_nt_passwd = new_nt_p16; } - if(mod_smbpwd_entry(smb_pwent,True) == False) { + if (!mod_smbpwd_entry(&new_pwent, True)) + { slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", unix_name); return False; |