summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-10-29 07:24:49 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-10-29 07:24:49 +0000
commit0db1899256517507fb5a441bd75725e3fcecc2e8 (patch)
treee18dd4aff4ca7c42fbad0d3f521974c329231040 /source3/passdb
parentab5d5cfbe0aee4387ec7ae8805c69b31a1696435 (diff)
downloadsamba-0db1899256517507fb5a441bd75725e3fcecc2e8.tar.gz
samba-0db1899256517507fb5a441bd75725e3fcecc2e8.tar.bz2
samba-0db1899256517507fb5a441bd75725e3fcecc2e8.zip
This commit is number 2 of 4.
In particular this commit focuses on: The guts of the moving about inside passdb. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for the introduction of a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username passdb/ - Kill off disp_info stuff, it isn't used any more - Kill off support for writing to the old smbpasswd format, it isn't relevent to Samba 3.0 - Move around and modify the pdb_...() helper functions, adding one that sets the last changed time to 'now' and that sets the must change time appropriately. - Remove the ugly forced update of the LCT- value in pdb_smbpasswd. - Remove the implicit modification of the ACB flags when both NT and LM passwords are set. - Removed substation in pdb_getsampwnam output, as a single password change will render them inoperable in any case (they will be substituted and stored) - Added a default RID to the init_sam_from_pw() function, based on our rid algorithm. - Added checks that an smbpasswd stored user has a uid-based RID. - Fail to store tdb based users without a RID lib/ - Change the substituion code to use global_myname if there is no connection (and therefore no called name) at the present time. (This used to be commit 8f607810eb24ed1157bbd2e896c2c167bc34d986)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c34
-rw-r--r--source3/passdb/pdb_smbpasswd.c84
-rw-r--r--source3/passdb/pdb_tdb.c27
3 files changed, 80 insertions, 65 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 634ea8fdac..671f18a7b0 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -130,6 +130,10 @@ BOOL pdb_init_sam(SAM_ACCOUNT **user)
BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
{
+ pstring str;
+ extern BOOL sam_logon_in_ssb;
+ extern pstring samlogon_user;
+
if (!pwd) {
new_sam_acct = NULL;
return False;
@@ -144,10 +148,32 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
pdb_set_uid(*new_sam_acct, pwd->pw_uid);
pdb_set_gid(*new_sam_acct, pwd->pw_gid);
- pdb_set_profile_path(*new_sam_acct, lp_logon_path());
- pdb_set_homedir(*new_sam_acct, lp_logon_home());
- pdb_set_dir_drive(*new_sam_acct, lp_logon_drive());
- pdb_set_logon_script(*new_sam_acct, lp_logon_script());
+
+ pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+ pdb_set_group_rid(*new_sam_acct, pdb_gid_to_group_rid(pwd->pw_gid));
+
+ /* UGLY, UGLY HACK!!! */
+ pstrcpy(samlogon_user, pwd->pw_name);
+
+ sam_logon_in_ssb = True;
+
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_profile_path(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_homedir(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_drive());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_dir_drive(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_logon_script(*new_sam_acct, str);
+
+ sam_logon_in_ssb = False;
return True;
}
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 45c983b1ca..85e91bc5ba 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -870,16 +870,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
p += 33; /* Move to the first character of the line after
the NT password. */
- /*
- * If both NT and lanman passwords are provided - reset password
- * not required flag.
- */
-
- if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
- /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
- pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
- }
-
if (*p == '[') {
i = 0;
@@ -898,15 +888,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
*/
fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
} else {
- /*
- * If using the old format and the ACB_DISABLED or
- * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
- * here as we have no space to encode the change.
- */
- if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
- pwd->smb_passwd = NULL;
- pwd->smb_nt_passwd = NULL;
- }
+ DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format. This is no longer supported.!\n"));
+ DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
+ return False;
}
/* Go past the ']' */
@@ -969,8 +953,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
/* Add on the account info bits and the time of last
password change. */
- pwd->pass_last_set_time = time(NULL);
-
if(got_pass_last_set_time) {
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
@@ -1151,7 +1133,7 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
We will not allocate any new memory. The smb_passwd struct
should only stay around as long as the SAM_ACCOUNT does.
********************************************************************/
-static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
if (sampass == NULL)
return False;
@@ -1167,13 +1149,23 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
+ if (smb_pw->smb_userid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+ return False;
+ }
+
+ if (pdb_get_gid(sampass) != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
+ return False;
+ }
+
return True;
}
/*********************************************************************
Create a SAM_ACCOUNT from a smb_passwd struct
********************************************************************/
-static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
+static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
{
struct passwd *pwfile;
@@ -1196,6 +1188,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
--jerry */
pstrcpy(samlogon_user, pw_buf->smb_name);
+ sam_logon_in_ssb = True;
+
pdb_set_uid (sam_pass, pwfile->pw_uid);
pdb_set_gid (sam_pass, pwfile->pw_gid);
pdb_set_fullname(sam_pass, pwfile->pw_gecos);
@@ -1225,27 +1219,29 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
if (samlogon_user[strlen(samlogon_user)-1] != '$')
{
pstring str;
- gid_t gid = getegid();
- sam_logon_in_ssb = True;
-
- pstrcpy(str, lp_logon_script());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
- pdb_set_logon_script(sam_pass, str);
-
- pstrcpy(str, lp_logon_path());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
pdb_set_profile_path(sam_pass, str);
-
- pstrcpy(str, lp_logon_home());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
pdb_set_homedir(sam_pass, str);
-
- sam_logon_in_ssb = False;
+
+ pstrcpy(str, lp_logon_drive());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ pdb_set_dir_drive(sam_pass, str);
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ pdb_set_logon_script(sam_pass, str);
+
} else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
}
+
+ sam_logon_in_ssb = False;
return True;
}
@@ -1481,21 +1477,24 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
return True;
}
-BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass)
+BOOL pdb_add_sam_account(const SAM_ACCOUNT *sampass)
{
struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
- build_smb_pass(&smb_pw, sampass);
+ if (!build_smb_pass(&smb_pw, sampass)) {
+ return False;
+ }
/* add the entry */
- if(!add_smbfilepwd_entry(&smb_pw))
+ if(!add_smbfilepwd_entry(&smb_pw)) {
return False;
-
+ }
+
return True;
}
-BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
+BOOL pdb_update_sam_account(const SAM_ACCOUNT *sampass, BOOL override)
{
struct smb_passwd smb_pw;
@@ -1518,3 +1517,4 @@ BOOL pdb_delete_sam_account (char* username)
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
void smbpass_dummy_function(void) { } /* stop some compilers complaining */
#endif /* WTH_SMBPASSWD_SAM*/
+
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 43eefa5c7a..95f66fc671 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -466,10 +466,6 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
pdb_set_uid (user, uid);
pdb_set_gid (user, gid);
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
/* increment to next in line */
global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
@@ -545,13 +541,6 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
pdb_set_uid (user, uid);
pdb_set_gid (user, gid);
- /* 21 days from present */
- pdb_set_pass_must_change_time(user, time(NULL)+1814400);
-
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
/* cleanup */
tdb_close (pwd_tdb);
@@ -720,7 +709,7 @@ BOOL pdb_delete_sam_account(char *sname)
Update the TDB SAM
****************************************************************************/
-static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
+static BOOL tdb_update_sam(const SAM_ACCOUNT* newpwd, BOOL override, int flag)
{
TDB_CONTEXT *pwd_tdb = NULL;
TDB_DATA key, data;
@@ -733,15 +722,15 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
get_private_directory(tdbfile);
pstrcat (tdbfile, PASSDB_FILE_NAME);
- if ( (!newpwd->uid) || (!newpwd->gid) )
+ if ( (!pdb_get_uid(newpwd)) || (!pdb_get_gid(newpwd)) )
DEBUG (0,("tdb_update_sam: Storing a SAM_ACCOUNT for [%s] with uid %d and gid %d!\n",
- newpwd->username, newpwd->uid, newpwd->gid));
+ pdb_get_username(newpwd), pdb_get_uid(newpwd), pdb_get_gid(newpwd)));
- /* if we don't have a RID, then generate one */
- if (!newpwd->user_rid)
- pdb_set_user_rid (newpwd, pdb_uid_to_user_rid (newpwd->uid));
- if (!newpwd->group_rid)
- pdb_set_group_rid (newpwd, pdb_gid_to_group_rid (newpwd->gid));
+ /* if we don't have a RID, then FAIL */
+ if (!pdb_get_user_rid(newpwd))
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+ if (!pdb_get_group_rid(newpwd))
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
/* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */
if ((data.dsize=init_buffer_from_sam (&buf, newpwd)) == -1) {