diff options
author | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
commit | 9fede0dc0dbad51528cd1384023d24549c3f0ba4 (patch) | |
tree | 0f3a045da16581462aa3dce6e7221ee12924954b /source3/rpc_server | |
parent | 8f338ee3dd5d3b68b36c021a22b624678ea116f6 (diff) | |
download | samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.gz samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.bz2 samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.zip |
Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lookup.c | 14 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 177 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 33 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 279 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 8 |
5 files changed, 234 insertions, 277 deletions
diff --git a/source3/rpc_server/srv_lookup.c b/source3/rpc_server/srv_lookup.c index e81f3051f3..8b29be62e7 100644 --- a/source3/rpc_server/srv_lookup.c +++ b/source3/rpc_server/srv_lookup.c @@ -532,19 +532,19 @@ uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type) uint32 lookup_added_user_rids(char *user_name, uint32 *usr_rid, uint32 *grp_rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*usr_rid) = 0; (*grp_rid) = 0; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*usr_rid) = sam_pass->user_rid ; - (*grp_rid) = sam_pass->group_rid; + (*usr_rid) = pdb_get_user_rid(sam_pass); + (*grp_rid) = pdb_get_group_rid(sam_pass); return 0x0; } @@ -556,18 +556,18 @@ uint32 lookup_added_user_rids(char *user_name, ********************************************************************/ uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*rid) = 0; (*type) = SID_NAME_USER; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*rid) = sam_pass->user_rid; + (*rid) = pdb_get_user_rid(sam_pass); return 0x0; } diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 9f5d84ee1f..8e2b3819cb 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -264,7 +264,8 @@ static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata, static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass = NULL; + BYTE *pass = NULL; #if 0 /* @@ -285,13 +286,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) #endif /* 0 */ become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) && - (smb_pass->smb_nt_passwd != NULL)) + if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { - memcpy(md4pw, smb_pass->smb_nt_passwd, 16); + memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); return True; @@ -425,7 +426,7 @@ static BOOL api_net_srv_pwset(pipes_struct *p) uint32 status = NT_STATUS_WRONG_PASSWORD; DOM_CRED srv_cred; pstring mach_acct; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass; BOOL ret; user_struct *vuser; prs_struct *data = &p->in_data.data; @@ -454,10 +455,10 @@ static BOOL api_net_srv_pwset(pipes_struct *p) DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (smb_pass != NULL) { + if (sampass != NULL) { unsigned char pwd[16]; int i; @@ -469,12 +470,12 @@ static BOOL api_net_srv_pwset(pipes_struct *p) cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ - smb_pass->smb_passwd = pwd; - smb_pass->smb_nt_passwd = pwd; - smb_pass->acct_ctrl = ACB_WSTRUST; + pdb_set_lanman_passwd (sampass, pwd); + pdb_set_nt_passwd (sampass, pwd); + pdb_set_acct_ctrl (sampass, ACB_WSTRUST); - become_root(); - ret = mod_smbpwd_entry(smb_pass,False); + become_root(); + ret = pdb_update_sam_account (sampass,False); unbecome_root(); if (ret) { @@ -542,8 +543,8 @@ static BOOL api_net_sam_logoff(pipes_struct *p) net_login_interactive: *************************************************************************/ -static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass, - user_struct *vuser) +static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, + user_struct *vuser) { uint32 status = 0x0; @@ -579,8 +580,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p dump_data(100, nt_pwd, 16); #endif - if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 || - memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) + if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 || + memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0) { status = NT_STATUS_WRONG_PASSWORD; } @@ -592,8 +593,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p net_login_network: *************************************************************************/ -static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) +static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) { + BYTE *nt_pwd, *lanman_pwd; + DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, id2->hdr_nt_chal_resp.str_str_len)); @@ -601,11 +604,12 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) /* JRA. Check the NT password first if it exists - this is a higher quality password, if it exists and it doesn't match - fail. */ + nt_pwd = pdb_get_nt_passwd (sampass); + lanman_pwd = pdb_get_lanman_passwd (sampass); if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) + nt_pwd != NULL) { - if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, + if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd, id2->lm_chal)) return 0x0; else @@ -622,8 +626,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) if (id2->hdr_lm_chal_resp.str_str_len == 24 && smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) + lanman_pwd, id2->lm_chal)) { return 0x0; } @@ -646,21 +649,20 @@ static BOOL api_net_sam_logon(pipes_struct *p) NET_USER_INFO_3 usr_info; uint32 status = 0x0; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; + SAM_ACCOUNT *sampass = NULL; + uint16 acct_ctrl; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; - struct passwd *pw; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; user_struct *vuser = NULL; if ((vuser = get_valid_user_struct(vuid)) == NULL) return False; - memset(&q_l, '\0', sizeof(q_l)); - memset(&ctr, '\0', sizeof(ctr)); - memset(&usr_info, '\0', sizeof(usr_info)); + ZERO_STRUCT(q_l); + ZERO_STRUCT(ctr); + ZERO_STRUCT(usr_info); q_l.sam_id.ctr = &ctr; @@ -682,8 +684,7 @@ static BOOL api_net_sam_logon(pipes_struct *p) case INTERACTIVE_LOGON_TYPE: uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name; - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", - lp_workgroup())); + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); break; case NET_LOGON_TYPE: uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name; @@ -699,7 +700,8 @@ static BOOL api_net_sam_logon(pipes_struct *p) /* check username exists */ - if (status == 0) { + if (status == 0) + { pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer, uni_samlogon_user->uni_str_len)); @@ -709,40 +711,37 @@ static BOOL api_net_sam_logon(pipes_struct *p) * Convert to a UNIX username. */ map_username(nt_username); - - /* - * Do any case conversions. - */ - pw=Get_Pwnam(nt_username, True); + /* get the account information */ become_root(); - smb_pass = getsmbpwnam(nt_username); + sampass = pdb_getsampwnam(nt_username); unbecome_root(); - if (smb_pass == NULL) + acct_ctrl = pdb_get_acct_ctrl(sampass); + if (sampass == NULL) status = NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_PWNOTREQ) + else if (acct_ctrl & ACB_PWNOTREQ) status = 0; - else if (smb_pass->acct_ctrl & ACB_DISABLED) + else if (acct_ctrl & ACB_DISABLED) status = NT_STATUS_ACCOUNT_DISABLED; } /* Validate password - if required. */ - if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) { + if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) { switch (q_l.sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: /* interactive login. */ status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, - smb_pass, vuser); + sampass, vuser); break; case NET_LOGON_TYPE: /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); + status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass); break; } } - + /* lkclXXXX this is the point at which, if the login was successful, that the SAM Local Security Authority should record that the user is logged in to the domain. @@ -753,49 +752,47 @@ static BOOL api_net_sam_logon(pipes_struct *p) if (status == 0) { DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; pstring my_name; pstring my_workgroup; pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - fstring full_name; /* set up pointer indicating user/password failed to be found */ usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - + /* XXXX hack to get standard_sub_basic() to use sam logon username */ /* possibly a better way would be to do a become_user() call */ + + /* + * All this information should be filled in from the + * passdb information + */ sam_logon_in_ssb = True; pstrcpy(samlogon_user, nt_username); - pstrcpy(logon_script, lp_logon_script()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script); +#if 0 + gid = pdb_get_gid(sampass); - pstrcpy(profile_path, lp_logon_path()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path); - - pstrcpy(my_workgroup, lp_workgroup()); + pstrcpy(str, pdb_get_logon_script(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_logon_script(sampass, str); + + pstrcpy(str, pdb_get_profile_path(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_profile_path(sampass, str); + + pstrcpy(str, pdb_get_homedir(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_homedir(sampass, str); - pstrcpy(home_drive, lp_logon_drive()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive); + fstrcpy(full_name, "<Full Name>"); + if (lp_unix_realname()) + fstrcpy(full_name, pdb_get_fullname(sampass)); +#endif - pstrcpy(home_dir, lp_logon_home()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir); - + pstrcpy(my_workgroup, lp_workgroup()); pstrcpy(my_name, global_myname); strupper(my_name); - fstrcpy(full_name, "<Full Name>"); - if (lp_unix_realname()) - fstrcpy(full_name, pw->pw_gecos); /* * This is the point at which we get the group @@ -815,40 +812,32 @@ static BOOL api_net_sam_logon(pipes_struct *p) sam_logon_in_ssb = False; + /* + * This next call is where the 'domain admin users' parameter + * gets mapped. I'm leaving it out for now. The user and group rid + * has already been mapped into the SAM_ACCOUNT struct. I don't + * think this should be overridden here. The correct solution + * is proper group memberships and mapping. --jerry + */ +#if 0 if (pdb_name_to_rid(nt_username, &r_uid, &r_gid)) - init_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - full_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - +#endif + init_net_user_info3(&usr_info, sampass, 0, /* logon_count */ 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ - NULL, /* char sess_key[16] */ - my_name , /* char *logon_srv */ my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ + +#if 0 else status = NT_STATUS_NO_SUCH_USER; +#endif /* Free any allocated groups array. */ if(gids) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4cb57c69d8..d15f045252 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -270,10 +270,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm fstring domain; fstring wks; BOOL guest_user = False; - struct smb_passwd *smb_pass = NULL; - struct passwd *pass = NULL; - uchar null_smb_passwd[16]; - uchar *smb_passwd_ptr = NULL; + SAM_ACCOUNT *sam_pass = NULL; + BYTE null_smb_passwd[16]; + BYTE *smb_passwd_ptr = NULL; DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -359,7 +358,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return False; } - +/* unnecessary as the passdb validates the user before returning --jerry */ +#if 0 /* * Find the user in the unix password db. */ @@ -369,6 +369,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return(False); } +#endif /* 0 */ + if(!guest_user) { become_root(); @@ -381,8 +383,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name return False; } - if(!(smb_pass = getsmbpwnam(pipe_user_name))) { - DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", + if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) { + DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n", pipe_user_name)); unbecome_root(); return False; @@ -390,24 +392,24 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name unbecome_root(); - if (smb_pass == NULL) { - DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n", + if (sam_pass == NULL) { + DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n", pipe_user_name)); return(False); } /* Quit if the account was disabled. */ - if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) { + if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); return(False); } - if(!smb_pass->smb_nt_passwd) { + if(!pdb_get_nt_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); return(False); } - smb_passwd_ptr = smb_pass->smb_passwd; + smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass); } /* @@ -457,9 +459,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - - p->pipe_user.uid = pass->pw_uid; - p->pipe_user.gid = pass->pw_gid; + p->pipe_user.uid = pdb_get_uid(sam_pass); + p->pipe_user.gid = pdb_get_gid(sam_pass); /* Set up pipe user group membership. */ initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); @@ -467,7 +468,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* Create an NT_USER_TOKEN struct for this user. */ p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups); + p->pipe_user.ngroups, p->pipe_user.groups); p->ntlmssp_auth_validated = True; return True; diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 72a86c8d80..dcb5b9c9e3 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -40,27 +40,26 @@ extern rid_name builtin_alias_rids[]; dynamically returns the correct user info..... JRA. ********************************************************************/ -static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, - int start_idx, +static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, int *total_entries, int *num_entries, - int max_num_entries, - uint16 acb_mask) + int max_num_entries, uint16 acb_mask) { - void *vp = NULL; - struct sam_passwd *pwd = NULL; + SAM_ACCOUNT *pwd = NULL; (*num_entries) = 0; (*total_entries) = 0; - if (pw_buf == NULL) return False; + if (pw_buf == NULL) + return False; - vp = startsmbpwent(False); - if (!vp) { - DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n")); + if (!pdb_setsampwent(False)) + { + DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); return False; } - while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) { + while ( ((pwd=pdb_getsampwent()) != NULL) && ((*num_entries) < max_num_entries) ) + { int user_name_len; if (start_idx > 0) { @@ -71,34 +70,38 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, continue; } - user_name_len = strlen(pwd->smb_name)+1; - init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); + user_name_len = strlen(pdb_get_username(pwd))+1; + init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pdb_get_username(pwd), user_name_len); init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); - pw_buf[(*num_entries)].user_rid = pwd->user_rid; + pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); /* Now check if the NT compatible password is available. */ - if (pwd->smb_nt_passwd != NULL) { - memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); + if (pdb_get_nt_passwd(pwd) != NULL) + { + memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); } - pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; + pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, - pwd->user_rid, pwd->acct_ctrl)); + (*num_entries), pdb_get_username(pwd), + pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd))); - if (acb_mask == 0 || (pwd->acct_ctrl & acb_mask)) { + if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask)) + { DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); (*num_entries)++; - } else { + } + else + { DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); } (*total_entries)++; } - endsmbpwent(vp); + pdb_endsampwent(); return (*num_entries) > 0; } @@ -1046,7 +1049,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, for (i = 0; i < num_rids && status == 0; i++) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; fstring user_name; @@ -1055,7 +1058,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, /* find the user account */ become_root(); - sam_pass = get_smb21pwd_entry(user_name, 0); + sam_pass = pdb_getsampwnam(user_name); unbecome_root(); if (sam_pass == NULL) @@ -1065,7 +1068,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, } else { - rid[i] = sam_pass->user_rid; + rid[i] = pdb_get_user_rid(sam_pass); } } #endif @@ -1379,7 +1382,7 @@ static BOOL api_samr_lookup_rids(pipes_struct *p) ********************************************************************/ static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY_HND *user_pol) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; DOM_SID sid; /* find the domain policy handle. */ @@ -1391,7 +1394,7 @@ static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY return NT_STATUS_OBJECT_NAME_NOT_FOUND; become_root(); - sam_pass = getsam21pwrid(user_rid); + sam_pass = pdb_getsampwrid(user_rid); unbecome_root(); /* check that the RID exists in our domain. */ @@ -1455,7 +1458,7 @@ static BOOL api_samr_open_user(pipes_struct *p) *************************************************************************/ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass; if (!pdb_rid_is_user(user_rid)) { @@ -1464,18 +1467,18 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) } become_root(); - smb_pass = getsmbpwrid(user_rid); + sampass = pdb_getsampwrid(user_rid); unbecome_root(); - if (smb_pass == NULL) + if (sampass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", smb_pass->smb_name)); + DEBUG(3,("User:[%s]\n", pdb_get_username(sampass))); - init_sam_user_info10(id10, smb_pass->acct_ctrl); + init_sam_user_info10(id10, pdb_get_acct_ctrl(sampass)); return True; } @@ -1485,10 +1488,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) *************************************************************************/ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { - NTTIME dummy_time; - struct sam_passwd *sam_pass; - LOGON_HRS hrs; - int i; + SAM_ACCOUNT *sam_pass; if (!pdb_rid_is_user(user_rid)) { @@ -1497,7 +1497,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) } become_root(); - sam_pass = getsam21pwrid(user_rid); + sam_pass = pdb_getsampwrid(user_rid); unbecome_root(); if (sam_pass == NULL) @@ -1506,50 +1506,9 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) return False; } - DEBUG(3,("User:[%s]\n", sam_pass->smb_name)); - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n")); + DEBUG(3,("User:[%s]\n", pdb_get_username(sam_pass))); - /* create a LOGON_HRS structure */ - hrs.len = sam_pass->hours_len; - SMB_ASSERT_ARRAY(hrs.hours, hrs.len); - for (i = 0; i < hrs.len; i++) - { - hrs.hours[i] = sam_pass->hours[i]; - } - - init_sam_user_info21(id21, - - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - sam_pass->smb_name, /* user_name */ - sam_pass->full_name, /* full_name */ - sam_pass->home_dir, /* home_dir */ - sam_pass->dir_drive, /* dir_drive */ - sam_pass->logon_script, /* logon_script */ - sam_pass->profile_path, /* profile_path */ - sam_pass->acct_desc, /* description */ - sam_pass->workstations, /* workstations user can log in from */ - sam_pass->unknown_str, /* don't know, yet */ - sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */ - - sam_pass->user_rid, /* RID user_id */ - sam_pass->group_rid, /* RID group_id */ - sam_pass->acct_ctrl, - - sam_pass->unknown_3, /* unknown_3 */ - sam_pass->logon_divs, /* divisions per week */ - &hrs, /* logon hours */ - sam_pass->unknown_5, - sam_pass->unknown_6); + init_sam_user_info21(id21, sam_pass); return True; } @@ -1670,7 +1629,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS r_u; uint32 status = 0x0; - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; DOM_GID *gids = NULL; int num_groups = 0; uint32 rid; @@ -1692,7 +1651,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { become_root(); - sam_pass = getsam21pwrid(rid); + sam_pass = pdb_getsampwrid(rid); unbecome_root(); if (sam_pass == NULL) @@ -1704,7 +1663,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { pstring groups; - get_domain_user_groups(groups, sam_pass->smb_name); + get_domain_user_groups(groups, pdb_get_username(sam_pass)); gids = NULL; num_groups = make_dom_gids(groups, &gids); } @@ -1828,7 +1787,7 @@ static BOOL api_samr_query_dom_info(pipes_struct *p) static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint32 acb_info, uint32 access_mask, POLICY_HND *user_pol, uint32 *unknown0, uint32 *user_rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; fstring mach_acct; pstring err_str; pstring msg_str; @@ -1849,9 +1808,10 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint strlower(mach_acct); become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (sam_pass != NULL) { + if (sam_pass != NULL) + { /* machine account exists: say so */ return NT_STATUS_USER_EXISTS; } @@ -1875,14 +1835,16 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint smb_create_user(mach_acct); /* add the user in the smbpasswd file or the Samba authority database */ - if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) { + if (!local_password_change(mach_acct, local_flags, NULL, err_str, + sizeof(err_str), msg_str, sizeof(msg_str))) + { DEBUG(0, ("%s\n", err_str)); close_lsa_policy_hnd(user_pol); return NT_STATUS_ACCESS_DENIED; } become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); if (sam_pass == NULL) { /* account doesn't exist: say so */ @@ -1909,8 +1871,8 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - *unknown0=0x000703ff; - *user_rid=sam_pass->user_rid; + *unknown0 = 0x000703ff; + *user_rid = pdb_get_user_rid(sam_pass); return NT_STATUS_NO_PROBLEMO; } @@ -2219,8 +2181,7 @@ static BOOL api_samr_open_alias(pipes_struct *p) ********************************************************************/ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); if (id10 == NULL) { DEBUG(5, ("set_user_info_10: NULL id10\n")); @@ -2230,11 +2191,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) if (pwd == NULL) return False; - copy_sam_passwd(&new_pwd, pwd); + pdb_set_acct_ctrl(pwd, id10->acb_info); - new_pwd.acct_ctrl = id10->acb_info; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2243,12 +2202,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) /******************************************************************* set_user_info_12 ********************************************************************/ -static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) +static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); if (pwd == NULL) return False; @@ -2258,16 +2214,10 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) return False; } - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - - memcpy(nt_hash, id12->nt_pwd, sizeof(nt_hash)); - memcpy(lm_hash, id12->lm_pwd, sizeof(lm_hash)); + pdb_set_lanman_passwd (pwd, id12->lm_pwd); + pdb_set_nt_passwd (pwd, id12->nt_pwd); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2278,10 +2228,8 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) ********************************************************************/ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; if (id21 == NULL) { DEBUG(5, ("set_user_info_21: NULL id21\n")); @@ -2291,25 +2239,34 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) if (pwd == NULL) return False; + /* Zero out struct and set a few initial items */ pdb_init_sam(&new_pwd); + + /* FIXME!! these two calls may need to be fixed. copy_sam_passwd() + uses static strings and copy_id21..() reassigns some + strings. Right now there is no memory leaks, but if + the internals of copy_sam_passwd() changes to use dynamically + allocated strings, this will need to be fixed --jerry */ copy_sam_passwd(&new_pwd, pwd); copy_id21_to_sam_passwd(&new_pwd, id21); - if (pwd->smb_nt_passwd != NULL) { - memcpy(nt_hash, pwd->smb_nt_passwd, 16); - new_pwd.smb_nt_passwd = nt_hash; - } else - new_pwd.smb_nt_passwd = NULL; + /* passwords are not copied as part of copy_sam_passwd() */ + if (pdb_get_nt_passwd(pwd) != NULL) + pdb_set_nt_passwd (&new_pwd, pdb_get_nt_passwd(pwd)); - if (pwd->smb_nt_passwd != NULL) { - memcpy(lm_hash, pwd->smb_passwd, 16); - new_pwd.smb_passwd = lm_hash; - } else - new_pwd.smb_passwd = NULL; + if (pdb_get_lanman_passwd(pwd) != NULL) + pdb_set_lanman_passwd (&new_pwd, pdb_get_lanman_passwd(pwd)); - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(&new_pwd, True)) return False; + /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam() + because copy_sam_passwd uses static arrays. Therefore, + we will manually free the password pointers here. This + needs to be fixed. ---jerry */ + if (new_pwd.nt_pw) free (new_pwd.nt_pw); + if (new_pwd.lm_pw) free (new_pwd.lm_pw); + return True; } @@ -2318,10 +2275,10 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) ********************************************************************/ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; + BYTE nt_hash[16]; + BYTE lm_hash[16]; pstring buf; uint32 len; @@ -2337,23 +2294,30 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) copy_sam_passwd(&new_pwd, pwd); copy_id23_to_sam_passwd(&new_pwd, id23); - if (!decode_pw_buffer((const char *)id23->pass, buf, 256, &len)) + if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len)) return False; nt_lm_owf_gen(buf, nt_hash, lm_hash); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; + pdb_set_lanman_passwd (&new_pwd, lm_hash); + pdb_set_nt_passwd (&new_pwd, nt_hash); /* update the UNIX password */ if (lp_unix_password_sync()) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True)) return False; memset(buf, 0, sizeof(buf)); - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(&new_pwd, True)) return False; + + /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam() + because copy_sam_passwd uses static arrays. Therefore, + we will manually free the password pointers here. This + needs to be fixed. ---jerry */ + if (new_pwd.nt_pw) free (new_pwd.nt_pw); + if (new_pwd.lm_pw) free (new_pwd.lm_pw); return True; } @@ -2363,40 +2327,38 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) ********************************************************************/ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + uchar nt_hash[16]; + uchar lm_hash[16]; uint32 len; pstring buf; if (pwd == NULL) return False; - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - memset(buf, 0, sizeof(buf)); - if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len)) + if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len)) return False; -DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); + DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); + nt_lm_owf_gen(buf, nt_hash, lm_hash); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; + pdb_set_lanman_passwd (pwd, lm_hash); + pdb_set_nt_passwd (pwd, nt_hash); /* update the UNIX password */ if (lp_unix_password_sync()) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) return False; memset(buf, 0, sizeof(buf)); -DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n")); + + DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n")); /* update the SAMBA password */ - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2405,19 +2367,23 @@ DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n")); /******************************************************************* samr_reply_set_userinfo ********************************************************************/ -static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR *ctr, pipes_struct *p) +static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, + SAM_USERINFO_CTR *ctr, pipes_struct *p) { uint32 rid = 0x0; DOM_SID sid; struct current_user user; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sam_pass; unsigned char sess_key[16]; DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); - if (p->ntlmssp_auth_validated) { + if (p->ntlmssp_auth_validated) + { memcpy(&user, &p->pipe_user, sizeof(user)); - } else { + } + else + { extern struct current_user current_user; memcpy(&user, ¤t_user, sizeof(user)); } @@ -2447,15 +2413,16 @@ static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERI */ become_root(); - smb_pass = getsmbpwuid(user.uid); + sam_pass = pdb_getsampwuid(user.uid); unbecome_root(); - if(smb_pass == NULL) { - DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid )); + if(sam_pass == NULL) { + DEBUG(0,("_samr_set_userinfo: Unable to get passdb entry for uid %u\n", + (unsigned int)pdb_get_uid(sam_pass) )); return NT_STATUS_ACCESS_DENIED; } memset(sess_key, '\0', 16); - mdfour(sess_key, smb_pass->smb_nt_passwd, 16); + mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index ba13f0ed7a..8349b7add6 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -271,7 +271,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) /* ok, it's a user. find the user account */ become_root(); - disp_info = getsamdisprid(rid); + disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid)); unbecome_root(); if (disp_info != NULL) @@ -328,17 +328,17 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid) ********************************************************************/ uint32 lookup_user_rid(char *user_name, uint32 *rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*rid) = 0; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = pdb_getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*rid) = sam_pass->user_rid; + *rid = pdb_get_user_rid(sam_pass); return 0x0; } |