summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h7
-rw-r--r--source3/lib/substitute.c17
-rw-r--r--source3/passdb/passdb.c34
-rw-r--r--source3/passdb/pdb_smbpasswd.c84
-rw-r--r--source3/passdb/pdb_tdb.c27
5 files changed, 94 insertions, 75 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8fcbe60646..16f90d0333 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -254,13 +254,6 @@ typedef uint32 WERROR;
#define MAX_HOURS_LEN 32
-struct sam_disp_info
-{
- uint32 user_rid; /* Primary User ID */
- char *smb_name; /* username string */
- char *full_name; /* user's full name string */
-};
-
typedef struct
{
uint32 pid;
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 9b2713a674..5336eb947f 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -29,6 +29,7 @@ pstring samlogon_user="";
BOOL sam_logon_in_ssb = False;
fstring remote_proto="UNKNOWN";
fstring remote_machine="";
+extern pstring global_myname;
/*******************************************************************
Given a pointer to a %$(NAME) expand it as an environment variable.
@@ -136,8 +137,12 @@ static char *automount_server(char *user_name)
/* use the local machine name as the default */
/* this will be the default if WITH_AUTOMOUNT is not used or fails */
- pstrcpy(server_name, local_machine);
-
+ if (*local_machine) {
+ pstrcpy(server_name, local_machine);
+ } else {
+ pstrcpy(server_name, global_myname);
+ }
+
#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
if (lp_nis_home_map())
@@ -193,7 +198,13 @@ void standard_sub_basic(char *str)
string_sub(p,"%D", tmp_str,l);
break;
case 'I' : string_sub(p,"%I", client_addr(),l); break;
- case 'L' : string_sub(p,"%L", local_machine,l); break;
+ case 'L' :
+ if (*local_machine) {
+ string_sub(p,"%L", local_machine,l);
+ } else {
+ string_sub(p,"%L", global_myname,l);
+ }
+ break;
case 'M' : string_sub(p,"%M", client_name(),l); break;
case 'R' : string_sub(p,"%R", remote_proto,l); break;
case 'T' : string_sub(p,"%T", timestring(False),l); break;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 634ea8fdac..671f18a7b0 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -130,6 +130,10 @@ BOOL pdb_init_sam(SAM_ACCOUNT **user)
BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
{
+ pstring str;
+ extern BOOL sam_logon_in_ssb;
+ extern pstring samlogon_user;
+
if (!pwd) {
new_sam_acct = NULL;
return False;
@@ -144,10 +148,32 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
pdb_set_uid(*new_sam_acct, pwd->pw_uid);
pdb_set_gid(*new_sam_acct, pwd->pw_gid);
- pdb_set_profile_path(*new_sam_acct, lp_logon_path());
- pdb_set_homedir(*new_sam_acct, lp_logon_home());
- pdb_set_dir_drive(*new_sam_acct, lp_logon_drive());
- pdb_set_logon_script(*new_sam_acct, lp_logon_script());
+
+ pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+ pdb_set_group_rid(*new_sam_acct, pdb_gid_to_group_rid(pwd->pw_gid));
+
+ /* UGLY, UGLY HACK!!! */
+ pstrcpy(samlogon_user, pwd->pw_name);
+
+ sam_logon_in_ssb = True;
+
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_profile_path(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_homedir(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_drive());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_dir_drive(*new_sam_acct, str);
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+ pdb_set_logon_script(*new_sam_acct, str);
+
+ sam_logon_in_ssb = False;
return True;
}
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 45c983b1ca..85e91bc5ba 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -870,16 +870,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
p += 33; /* Move to the first character of the line after
the NT password. */
- /*
- * If both NT and lanman passwords are provided - reset password
- * not required flag.
- */
-
- if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
- /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
- pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
- }
-
if (*p == '[') {
i = 0;
@@ -898,15 +888,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
*/
fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
} else {
- /*
- * If using the old format and the ACB_DISABLED or
- * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
- * here as we have no space to encode the change.
- */
- if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
- pwd->smb_passwd = NULL;
- pwd->smb_nt_passwd = NULL;
- }
+ DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format. This is no longer supported.!\n"));
+ DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
+ return False;
}
/* Go past the ']' */
@@ -969,8 +953,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
/* Add on the account info bits and the time of last
password change. */
- pwd->pass_last_set_time = time(NULL);
-
if(got_pass_last_set_time) {
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
@@ -1151,7 +1133,7 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
We will not allocate any new memory. The smb_passwd struct
should only stay around as long as the SAM_ACCOUNT does.
********************************************************************/
-static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
if (sampass == NULL)
return False;
@@ -1167,13 +1149,23 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
+ if (smb_pw->smb_userid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+ return False;
+ }
+
+ if (pdb_get_gid(sampass) != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
+ return False;
+ }
+
return True;
}
/*********************************************************************
Create a SAM_ACCOUNT from a smb_passwd struct
********************************************************************/
-static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
+static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
{
struct passwd *pwfile;
@@ -1196,6 +1188,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
--jerry */
pstrcpy(samlogon_user, pw_buf->smb_name);
+ sam_logon_in_ssb = True;
+
pdb_set_uid (sam_pass, pwfile->pw_uid);
pdb_set_gid (sam_pass, pwfile->pw_gid);
pdb_set_fullname(sam_pass, pwfile->pw_gecos);
@@ -1225,27 +1219,29 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
if (samlogon_user[strlen(samlogon_user)-1] != '$')
{
pstring str;
- gid_t gid = getegid();
- sam_logon_in_ssb = True;
-
- pstrcpy(str, lp_logon_script());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
- pdb_set_logon_script(sam_pass, str);
-
- pstrcpy(str, lp_logon_path());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
pdb_set_profile_path(sam_pass, str);
-
- pstrcpy(str, lp_logon_home());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
pdb_set_homedir(sam_pass, str);
-
- sam_logon_in_ssb = False;
+
+ pstrcpy(str, lp_logon_drive());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ pdb_set_dir_drive(sam_pass, str);
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+ pdb_set_logon_script(sam_pass, str);
+
} else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
}
+
+ sam_logon_in_ssb = False;
return True;
}
@@ -1481,21 +1477,24 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
return True;
}
-BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass)
+BOOL pdb_add_sam_account(const SAM_ACCOUNT *sampass)
{
struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
- build_smb_pass(&smb_pw, sampass);
+ if (!build_smb_pass(&smb_pw, sampass)) {
+ return False;
+ }
/* add the entry */
- if(!add_smbfilepwd_entry(&smb_pw))
+ if(!add_smbfilepwd_entry(&smb_pw)) {
return False;
-
+ }
+
return True;
}
-BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
+BOOL pdb_update_sam_account(const SAM_ACCOUNT *sampass, BOOL override)
{
struct smb_passwd smb_pw;
@@ -1518,3 +1517,4 @@ BOOL pdb_delete_sam_account (char* username)
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
void smbpass_dummy_function(void) { } /* stop some compilers complaining */
#endif /* WTH_SMBPASSWD_SAM*/
+
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 43eefa5c7a..95f66fc671 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -466,10 +466,6 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
pdb_set_uid (user, uid);
pdb_set_gid (user, gid);
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
/* increment to next in line */
global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
@@ -545,13 +541,6 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
pdb_set_uid (user, uid);
pdb_set_gid (user, gid);
- /* 21 days from present */
- pdb_set_pass_must_change_time(user, time(NULL)+1814400);
-
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
- standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
/* cleanup */
tdb_close (pwd_tdb);
@@ -720,7 +709,7 @@ BOOL pdb_delete_sam_account(char *sname)
Update the TDB SAM
****************************************************************************/
-static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
+static BOOL tdb_update_sam(const SAM_ACCOUNT* newpwd, BOOL override, int flag)
{
TDB_CONTEXT *pwd_tdb = NULL;
TDB_DATA key, data;
@@ -733,15 +722,15 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
get_private_directory(tdbfile);
pstrcat (tdbfile, PASSDB_FILE_NAME);
- if ( (!newpwd->uid) || (!newpwd->gid) )
+ if ( (!pdb_get_uid(newpwd)) || (!pdb_get_gid(newpwd)) )
DEBUG (0,("tdb_update_sam: Storing a SAM_ACCOUNT for [%s] with uid %d and gid %d!\n",
- newpwd->username, newpwd->uid, newpwd->gid));
+ pdb_get_username(newpwd), pdb_get_uid(newpwd), pdb_get_gid(newpwd)));
- /* if we don't have a RID, then generate one */
- if (!newpwd->user_rid)
- pdb_set_user_rid (newpwd, pdb_uid_to_user_rid (newpwd->uid));
- if (!newpwd->group_rid)
- pdb_set_group_rid (newpwd, pdb_gid_to_group_rid (newpwd->gid));
+ /* if we don't have a RID, then FAIL */
+ if (!pdb_get_user_rid(newpwd))
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+ if (!pdb_get_group_rid(newpwd))
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
/* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */
if ((data.dsize=init_buffer_from_sam (&buf, newpwd)) == -1) {