diff options
| author | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
| commit | 9fede0dc0dbad51528cd1384023d24549c3f0ba4 (patch) | |
| tree | 0f3a045da16581462aa3dce6e7221ee12924954b /source3/rpc_server/srv_pipe.c | |
| parent | 8f338ee3dd5d3b68b36c021a22b624678ea116f6 (diff) | |
| download | samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.gz samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.bz2 samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.zip | |
Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
Diffstat (limited to 'source3/rpc_server/srv_pipe.c')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4cb57c69d8..d15f045252 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -270,10 +270,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm fstring domain; fstring wks; BOOL guest_user = False; - struct smb_passwd *smb_pass = NULL; - struct passwd *pass = NULL; - uchar null_smb_passwd[16]; - uchar *smb_passwd_ptr = NULL; + SAM_ACCOUNT *sam_pass = NULL; + BYTE null_smb_passwd[16]; + BYTE *smb_passwd_ptr = NULL; DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -359,7 +358,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return False; } - +/* unnecessary as the passdb validates the user before returning --jerry */ +#if 0 /* * Find the user in the unix password db. */ @@ -369,6 +369,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return(False); } +#endif /* 0 */ + if(!guest_user) { become_root(); @@ -381,8 +383,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name return False; } - if(!(smb_pass = getsmbpwnam(pipe_user_name))) { - DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", + if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) { + DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n", pipe_user_name)); unbecome_root(); return False; @@ -390,24 +392,24 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name unbecome_root(); - if (smb_pass == NULL) { - DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n", + if (sam_pass == NULL) { + DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n", pipe_user_name)); return(False); } /* Quit if the account was disabled. */ - if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) { + if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); return(False); } - if(!smb_pass->smb_nt_passwd) { + if(!pdb_get_nt_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); return(False); } - smb_passwd_ptr = smb_pass->smb_passwd; + smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass); } /* @@ -457,9 +459,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - - p->pipe_user.uid = pass->pw_uid; - p->pipe_user.gid = pass->pw_gid; + p->pipe_user.uid = pdb_get_uid(sam_pass); + p->pipe_user.gid = pdb_get_gid(sam_pass); /* Set up pipe user group membership. */ initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); @@ -467,7 +468,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* Create an NT_USER_TOKEN struct for this user. */ p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups); + p->pipe_user.ngroups, p->pipe_user.groups); p->ntlmssp_auth_validated = True; return True; |