diff options
| -rw-r--r-- | source3/include/smb.h | 7 | ||||
| -rw-r--r-- | source3/lib/substitute.c | 17 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 34 | ||||
| -rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 84 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 27 |
5 files changed, 94 insertions, 75 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 8fcbe60646..16f90d0333 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -254,13 +254,6 @@ typedef uint32 WERROR; #define MAX_HOURS_LEN 32 -struct sam_disp_info -{ - uint32 user_rid; /* Primary User ID */ - char *smb_name; /* username string */ - char *full_name; /* user's full name string */ -}; - typedef struct { uint32 pid; diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 9b2713a674..5336eb947f 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -29,6 +29,7 @@ pstring samlogon_user=""; BOOL sam_logon_in_ssb = False; fstring remote_proto="UNKNOWN"; fstring remote_machine=""; +extern pstring global_myname; /******************************************************************* Given a pointer to a %$(NAME) expand it as an environment variable. @@ -136,8 +137,12 @@ static char *automount_server(char *user_name) /* use the local machine name as the default */ /* this will be the default if WITH_AUTOMOUNT is not used or fails */ - pstrcpy(server_name, local_machine); - + if (*local_machine) { + pstrcpy(server_name, local_machine); + } else { + pstrcpy(server_name, global_myname); + } + #if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT)) if (lp_nis_home_map()) @@ -193,7 +198,13 @@ void standard_sub_basic(char *str) string_sub(p,"%D", tmp_str,l); break; case 'I' : string_sub(p,"%I", client_addr(),l); break; - case 'L' : string_sub(p,"%L", local_machine,l); break; + case 'L' : + if (*local_machine) { + string_sub(p,"%L", local_machine,l); + } else { + string_sub(p,"%L", global_myname,l); + } + break; case 'M' : string_sub(p,"%M", client_name(),l); break; case 'R' : string_sub(p,"%R", remote_proto,l); break; case 'T' : string_sub(p,"%T", timestring(False),l); break; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 634ea8fdac..671f18a7b0 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -130,6 +130,10 @@ BOOL pdb_init_sam(SAM_ACCOUNT **user) BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd) { + pstring str; + extern BOOL sam_logon_in_ssb; + extern pstring samlogon_user; + if (!pwd) { new_sam_acct = NULL; return False; @@ -144,10 +148,32 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd) pdb_set_fullname(*new_sam_acct, pwd->pw_gecos); pdb_set_uid(*new_sam_acct, pwd->pw_uid); pdb_set_gid(*new_sam_acct, pwd->pw_gid); - pdb_set_profile_path(*new_sam_acct, lp_logon_path()); - pdb_set_homedir(*new_sam_acct, lp_logon_home()); - pdb_set_dir_drive(*new_sam_acct, lp_logon_drive()); - pdb_set_logon_script(*new_sam_acct, lp_logon_script()); + + pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid)); + pdb_set_group_rid(*new_sam_acct, pdb_gid_to_group_rid(pwd->pw_gid)); + + /* UGLY, UGLY HACK!!! */ + pstrcpy(samlogon_user, pwd->pw_name); + + sam_logon_in_ssb = True; + + pstrcpy(str, lp_logon_path()); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + pdb_set_profile_path(*new_sam_acct, str); + + pstrcpy(str, lp_logon_home()); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + pdb_set_homedir(*new_sam_acct, str); + + pstrcpy(str, lp_logon_drive()); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + pdb_set_dir_drive(*new_sam_acct, str); + + pstrcpy(str, lp_logon_script()); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + pdb_set_logon_script(*new_sam_acct, str); + + sam_logon_in_ssb = False; return True; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 45c983b1ca..85e91bc5ba 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -870,16 +870,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) p += 33; /* Move to the first character of the line after the NT password. */ - /* - * If both NT and lanman passwords are provided - reset password - * not required flag. - */ - - if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) { - /* Reqiure password in the future (should ACB_DISABLED also be reset?) */ - pwd->acct_ctrl &= ~(ACB_PWNOTREQ); - } - if (*p == '[') { i = 0; @@ -898,15 +888,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) */ fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } else { - /* - * If using the old format and the ACB_DISABLED or - * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL - * here as we have no space to encode the change. - */ - if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) { - pwd->smb_passwd = NULL; - pwd->smb_nt_passwd = NULL; - } + DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format. This is no longer supported.!\n")); + DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n")); + return False; } /* Go past the ']' */ @@ -969,8 +953,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) /* Add on the account info bits and the time of last password change. */ - pwd->pass_last_set_time = time(NULL); - if(got_pass_last_set_time) { slprintf(&ascii_p16[strlen(ascii_p16)], sizeof(ascii_p16)-(strlen(ascii_p16)+1), @@ -1151,7 +1133,7 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); We will not allocate any new memory. The smb_passwd struct should only stay around as long as the SAM_ACCOUNT does. ********************************************************************/ -static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass) +static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass) { if (sampass == NULL) return False; @@ -1167,13 +1149,23 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass) smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass); smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass); + if (smb_pw->smb_userid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) { + DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); + return False; + } + + if (pdb_get_gid(sampass) != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) { + DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n")); + return False; + } + return True; } /********************************************************************* Create a SAM_ACCOUNT from a smb_passwd struct ********************************************************************/ -static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf) +static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf) { struct passwd *pwfile; @@ -1196,6 +1188,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf) --jerry */ pstrcpy(samlogon_user, pw_buf->smb_name); + sam_logon_in_ssb = True; + pdb_set_uid (sam_pass, pwfile->pw_uid); pdb_set_gid (sam_pass, pwfile->pw_gid); pdb_set_fullname(sam_pass, pwfile->pw_gecos); @@ -1225,27 +1219,29 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf) if (samlogon_user[strlen(samlogon_user)-1] != '$') { pstring str; - gid_t gid = getegid(); - sam_logon_in_ssb = True; - - pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); - pdb_set_logon_script(sam_pass, str); - - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); + pstrcpy(str, lp_logon_path()); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); pdb_set_profile_path(sam_pass, str); - - pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); + + pstrcpy(str, lp_logon_home()); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); pdb_set_homedir(sam_pass, str); - - sam_logon_in_ssb = False; + + pstrcpy(str, lp_logon_drive()); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + pdb_set_dir_drive(sam_pass, str); + + pstrcpy(str, lp_logon_script()); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + pdb_set_logon_script(sam_pass, str); + } else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); } + + sam_logon_in_ssb = False; return True; } @@ -1481,21 +1477,24 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid) return True; } -BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass) +BOOL pdb_add_sam_account(const SAM_ACCOUNT *sampass) { struct smb_passwd smb_pw; /* convert the SAM_ACCOUNT */ - build_smb_pass(&smb_pw, sampass); + if (!build_smb_pass(&smb_pw, sampass)) { + return False; + } /* add the entry */ - if(!add_smbfilepwd_entry(&smb_pw)) + if(!add_smbfilepwd_entry(&smb_pw)) { return False; - + } + return True; } -BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override) +BOOL pdb_update_sam_account(const SAM_ACCOUNT *sampass, BOOL override) { struct smb_passwd smb_pw; @@ -1518,3 +1517,4 @@ BOOL pdb_delete_sam_account (char* username) /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ void smbpass_dummy_function(void) { } /* stop some compilers complaining */ #endif /* WTH_SMBPASSWD_SAM*/ + diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 43eefa5c7a..95f66fc671 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -466,10 +466,6 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user) pdb_set_uid (user, uid); pdb_set_gid (user, gid); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user)); - /* increment to next in line */ global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key); @@ -545,13 +541,6 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname) pdb_set_uid (user, uid); pdb_set_gid (user, gid); - /* 21 days from present */ - pdb_set_pass_must_change_time(user, time(NULL)+1814400); - - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user)); - /* cleanup */ tdb_close (pwd_tdb); @@ -720,7 +709,7 @@ BOOL pdb_delete_sam_account(char *sname) Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag) +static BOOL tdb_update_sam(const SAM_ACCOUNT* newpwd, BOOL override, int flag) { TDB_CONTEXT *pwd_tdb = NULL; TDB_DATA key, data; @@ -733,15 +722,15 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag) get_private_directory(tdbfile); pstrcat (tdbfile, PASSDB_FILE_NAME); - if ( (!newpwd->uid) || (!newpwd->gid) ) + if ( (!pdb_get_uid(newpwd)) || (!pdb_get_gid(newpwd)) ) DEBUG (0,("tdb_update_sam: Storing a SAM_ACCOUNT for [%s] with uid %d and gid %d!\n", - newpwd->username, newpwd->uid, newpwd->gid)); + pdb_get_username(newpwd), pdb_get_uid(newpwd), pdb_get_gid(newpwd))); - /* if we don't have a RID, then generate one */ - if (!newpwd->user_rid) - pdb_set_user_rid (newpwd, pdb_uid_to_user_rid (newpwd->uid)); - if (!newpwd->group_rid) - pdb_set_group_rid (newpwd, pdb_gid_to_group_rid (newpwd->gid)); + /* if we don't have a RID, then FAIL */ + if (!pdb_get_user_rid(newpwd)) + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); + if (!pdb_get_group_rid(newpwd)) + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); /* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */ if ((data.dsize=init_buffer_from_sam (&buf, newpwd)) == -1) { |