diff options
| -rw-r--r-- | source3/pam_smbpass/pam_smb_acct.c | 1 | ||||
| -rw-r--r-- | source3/pam_smbpass/pam_smb_auth.c | 1 | ||||
| -rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 6 | ||||
| -rw-r--r-- | source3/passdb/pdb_interface.c | 6 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 14 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 212 |
6 files changed, 215 insertions, 25 deletions
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index cf53e04d7e..8970ffa8ed 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -51,6 +51,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, extern BOOL in_client; /* Samba initialization. */ + load_case_tables(); setup_logging( "pam_smbpass", False ); in_client = True; diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index f7980e2bb2..15726aa855 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -75,6 +75,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* Samba initialization. */ + load_case_tables(); setup_logging("pam_smbpass",False); in_client = True; diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 8eca1d6aa9..79bcfb6ff0 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -103,6 +103,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, char *pass_new; /* Samba initialization. */ + load_case_tables(); setup_logging( "pam_smbpass", False ); in_client = True; @@ -128,7 +129,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, from a SIGPIPE it's not expecting */ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); - if (!initialize_password_db(True)) { + if (!initialize_password_db(False)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; @@ -145,6 +146,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; } + if (on( SMB_DEBUG, ctrl )) { + _log_err( LOG_DEBUG, "Located account for %s", user ); + } if (flags & PAM_PRELIM_CHECK) { /* diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 82890fee2d..7ff0214c72 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -273,15 +273,15 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username) return False; } - if (csamuser != NULL) { + if ( csamuser ) { TALLOC_FREE(csamuser); - csamuser = NULL; } pdb_force_pw_initialization( sam_acct ); - if ( (csamuser = samu_new( NULL )) != NULL ) + if ( (csamuser = samu_new( NULL )) != NULL ) { pdb_copy_sam_account(csamuser, sam_acct); + } return True; } diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 0bab02343e..b7161ff589 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -1006,7 +1006,6 @@ static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu * static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, struct samu *user, const char *sname) { - NTSTATUS result; TDB_DATA data, key; fstring keystr; fstring name; @@ -1039,8 +1038,8 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, struct samu DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n")); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); DEBUGADD(5, (" Key: %s\n", keystr)); - result = NT_STATUS_NO_SUCH_USER; - goto done; + tdbsam_close(); + return NT_STATUS_NO_SUCH_USER; } /* unpack the buffer */ @@ -1048,17 +1047,16 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, struct samu if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) { DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); SAFE_FREE(data.dptr); - result = NT_STATUS_NO_MEMORY; - goto done; + tdbsam_close(); + return NT_STATUS_NO_MEMORY; } - result = NT_STATUS_OK; + /* success */ - done: SAFE_FREE(data.dptr); tdbsam_close(); - return result; + return NT_STATUS_OK; } /*************************************************************************** diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index d34c23193c..7d95d15bf2 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -55,6 +55,108 @@ #define MASK_USER_GOOD 0x00405FE0 /********************************************************* + Add all currently available users to another db + ********************************************************/ + +static int export_database (struct pdb_methods *in, + struct pdb_methods *out, + const char *username) +{ + struct samu *user = NULL; + NTSTATUS status; + + DEBUG(3, ("export_database: username=\"%s\"\n", username ? username : "(NULL)")); + + status = in->setsampwent(in, 0, 0); + if ( NT_STATUS_IS_ERR(status) ) { + fprintf(stderr, "Unable to set account database iterator for %s!\n", + in->name); + return 1; + } + + if ( ( user = samu_new( NULL ) ) == NULL ) { + fprintf(stderr, "export_database: Memory allocation failure!\n"); + return 1; + } + + while ( NT_STATUS_IS_OK(in->getsampwent(in, user)) ) + { + DEBUG(4, ("Processing account %s\n", user->username)); + + /* If we don't have a specific user or if we do and + the login name matches */ + + if ( !username || (strcmp(username, user->username) == 0)) { + struct samu *account; + + if ( (account = samu_new( NULL )) == NULL ) { + fprintf(stderr, "export_database: Memory allocation failure!\n"); + TALLOC_FREE( user ); + in->endsampwent( in ); + return 1; + } + + printf("Importing accout for %s...", user->username); + if ( !NT_STATUS_IS_OK(out->getsampwnam( out, account, user->username )) ) { + status = out->add_sam_account(out, user); + } else { + status = out->update_sam_account( out, user ); + } + + if ( NT_STATUS_IS_OK(status) ) { + printf( "ok\n"); + } else { + printf( "failed\n"); + } + + TALLOC_FREE( account ); + } + + /* clean up and get ready for another run */ + + TALLOC_FREE( user ); + + if ( ( user = samu_new( NULL ) ) == NULL ) { + fprintf(stderr, "export_database: Memory allocation failure!\n"); + return 1; + } + } + + TALLOC_FREE( user ); + + in->endsampwent(in); + + return 0; +} + +/********************************************************* + Add all currently available group mappings to another db + ********************************************************/ + +static int export_groups (struct pdb_methods *in, struct pdb_methods *out) +{ + GROUP_MAP *maps = NULL; + size_t i, entries = 0; + NTSTATUS status; + + status = in->enum_group_mapping(in, get_global_sam_sid(), + SID_NAME_DOM_GRP, &maps, &entries, False); + + if ( NT_STATUS_IS_ERR(status) ) { + fprintf(stderr, "Unable to enumerate group map entries.\n"); + return 1; + } + + for (i=0; i<entries; i++) { + out->add_group_mapping_entry(out, &(maps[i])); + } + + SAFE_FREE( maps ); + + return 0; +} + +/********************************************************* Reset account policies to their default values and remove marker ********************************************************/ @@ -82,6 +184,45 @@ static int reinit_account_policies (void) return 0; } + +/********************************************************* + Add all currently available account policy from tdb to one backend + ********************************************************/ + +static int export_account_policies (struct pdb_methods *in, struct pdb_methods *out) +{ + int i; + + if (!account_policy_migrated(True)) { + fprintf(stderr, "Unable to set account policy marker in tdb\n"); + return -1; + } + + for ( i=1; decode_account_policy_name(i) != NULL; i++ ) { + uint32 policy_value; + NTSTATUS status; + + status = in->get_account_policy(in, i, &policy_value); + + if ( NT_STATUS_IS_ERR(status) ) { + fprintf(stderr, "Unable to get account policy from %s\n", in->name); + remove_account_policy_migrated(); + return -1; + } + + status = out->set_account_policy(out, i, policy_value); + + if ( NT_STATUS_IS_ERR(status) ) { + fprintf(stderr, "Unable to migrate account policy to %s\n", out->name); + remove_account_policy_migrated(); + return -1; + } + } + + return 0; +} + + /********************************************************* Print info from sam structure **********************************************************/ @@ -175,7 +316,7 @@ static int print_user_info (struct pdb_methods *in, const char *username, BOOL v struct samu *sam_pwent=NULL; BOOL ret; - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { return -1; } @@ -207,7 +348,7 @@ static int print_users_list (struct pdb_methods *in, BOOL verbosity, BOOL smbpwd } check = True; - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { return 1; } @@ -217,7 +358,7 @@ static int print_users_list (struct pdb_methods *in, BOOL verbosity, BOOL smbpwd print_sam_info (sam_pwent, verbosity, smbpwdstyle); TALLOC_FREE(sam_pwent); - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { check = False; } } @@ -242,7 +383,7 @@ static int fix_users_list (struct pdb_methods *in) } check = True; - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { return 1; } @@ -253,7 +394,7 @@ static int fix_users_list (struct pdb_methods *in) printf("Update of user %s failed!\n", pdb_get_username(sam_pwent)); } TALLOC_FREE(sam_pwent); - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { check = False; } if (!check) { @@ -285,7 +426,7 @@ static int set_user_info (struct pdb_methods *in, const char *username, struct samu *sam_pwent=NULL; BOOL ret; - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { return 1; } @@ -405,7 +546,7 @@ static int new_user (struct pdb_methods *in, const char *username, return -1; } - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { DEBUG(0, ("Memory allocation failure!\n")); return -1; } @@ -500,7 +641,7 @@ static int new_machine (struct pdb_methods *in, const char *machine_in) if ((pwd = getpwnam_alloc(NULL, machineaccount))) { - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { fprintf(stderr, "Memory allocation error!\n"); TALLOC_FREE(pwd); return -1; @@ -514,7 +655,7 @@ static int new_machine (struct pdb_methods *in, const char *machine_in) TALLOC_FREE(pwd); } else { - if ( !(sam_pwent = samu_new( NULL )) ) { + if ( (sam_pwent = samu_new( NULL )) == NULL ) { fprintf(stderr, "Could not init sam from pw\n"); return -1; } @@ -543,7 +684,7 @@ static int delete_user_entry (struct pdb_methods *in, const char *username) { struct samu *samaccount = NULL; - if ( !(samaccount = samu_new( NULL )) ) { + if ( (samaccount = samu_new( NULL )) == NULL ) { return -1; } @@ -573,7 +714,7 @@ static int delete_machine_entry (struct pdb_methods *in, const char *machinename if (name[strlen(name)-1] != '$') fstrcat (name, "$"); - if ( !(samaccount = samu_new( NULL )) ) { + if ( (samaccount = samu_new( NULL )) == NULL ) { return -1; } @@ -631,8 +772,7 @@ int main (int argc, char **argv) static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; static BOOL pw_from_stdin = False; - - struct pdb_methods *bdef = NULL; + struct pdb_methods *bin, *bout, *bdef; poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP @@ -672,6 +812,8 @@ int main (int argc, char **argv) POPT_TABLEEND }; + bin = bout = bdef = NULL; + load_case_tables(); setup_logging("pdbedit", True); @@ -790,6 +932,50 @@ int main (int argc, char **argv) exit(0); } + /* import and export operations */ + + if ( ((checkparms & BIT_IMPORT) + || (checkparms & BIT_EXPORT)) + && !(checkparms & ~(BIT_IMPORT +BIT_EXPORT +BIT_USER)) ) + { + NTSTATUS status; + + bin = bout = bdef; + + if (backend_in) { + status = make_pdb_method_name(&bin, backend_in); + + if ( !NT_STATUS_IS_OK(status) ) { + fprintf(stderr, "Unable to initialize %s.\n", backend_in); + return 1; + } + } + + if (backend_out) { + status = make_pdb_method_name(&bout, backend_out); + + if ( !NT_STATUS_IS_OK(status) ) { + fprintf(stderr, "Unable to initialize %s.\n", backend_out); + return 1; + } + } + + if (transfer_account_policies) { + + if (!(checkparms & BIT_USER)) + return export_account_policies(bin, bout); + + } else if (transfer_groups) { + + if (!(checkparms & BIT_USER)) + return export_groups(bin, bout); + + } else { + return export_database(bin, bout, + (checkparms & BIT_USER) ? user_name : NULL ); + } + } + /* if BIT_USER is defined but nothing else then threat it as -l -u for compatibility */ /* fake up BIT_LIST if only BIT_USER is defined */ if ((checkparms & BIT_USER) && !(checkparms & ~BIT_USER)) { |