summaryrefslogtreecommitdiff
path: root/source3/passdb/smbpass.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb/smbpass.c')
-rw-r--r--source3/passdb/smbpass.c233
1 files changed, 34 insertions, 199 deletions
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index cb75d62e42..3f6ce8aaef 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -336,78 +336,9 @@ struct smb_passwd *getsmbpwent(void *vp)
DEBUG(5, ("getsmbpwent: returning passwd entry for user %s, uid %d\n",
user_name, uidval));
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p == '[') {
- BOOL finished = False;
-
- pw_buf.acct_ctrl = 0;
-
- for(p++;*p && !finished; p++) {
- switch (*p) {
-#if 0
- /*
- * Hmmm. Don't allow these to be set/read independently
- * of the actual password fields. We don't want a mismatch.
- * JRA.
- */
- case 'N':
- /* 'N'o password. */
- pw_buf.acct_ctrl |= ACB_PWNOTREQ;
- break;
- case 'D':
- /* 'D'isabled. */
- pw_buf.acct_ctrl |= ACB_DISABLED;
- break;
-#endif
- case 'H':
- /* 'H'omedir required. */
- pw_buf.acct_ctrl |= ACB_HOMDIRREQ;
- break;
- case 'T':
- /* 'T'emp account. */
- pw_buf.acct_ctrl |= ACB_TEMPDUP;
- break;
- case 'U':
- /* 'U'ser account (normal). */
- pw_buf.acct_ctrl |= ACB_NORMAL;
- break;
- case 'M':
- /* 'M'NS logon user account. What is this ? */
- pw_buf.acct_ctrl |= ACB_MNS;
- break;
- case 'W':
- /* 'W'orkstation account. */
- pw_buf.acct_ctrl |= ACB_WSTRUST;
- break;
- case 'S':
- /* 'S'erver account. */
- pw_buf.acct_ctrl |= ACB_SVRTRUST;
- break;
- case 'L':
- /* 'L'ocked account. */
- pw_buf.acct_ctrl |= ACB_AUTOLOCK;
- break;
- case 'X':
- /* No 'X'piry. */
- pw_buf.acct_ctrl |= ACB_PWNOEXP;
- break;
- case 'I':
- /* 'I'nterdomain trust account. */
- pw_buf.acct_ctrl |= ACB_DOMTRUST;
- break;
-
- case ':':
- case '\n':
- case '\0':
- case ']':
- default:
- finished = True;
- }
- }
+ if (*p == '[')
+ {
+ pw_buf.acct_ctrl = decode_acct_ctrl(p);
/* Must have some account type set. */
if(pw_buf.acct_ctrl == 0)
@@ -438,7 +369,7 @@ struct smb_passwd *getsmbpwent(void *vp)
} else {
/* 'Old' style file. Fake up based on user name. */
/*
- * Currently machine accounts are kept in the same
+ * Currently trust accounts are kept in the same
* password file as 'normal accounts'. If this changes
* we will have to fix this code. JRA.
*/
@@ -479,107 +410,12 @@ BOOL setsmbpwpos(void *vp, unsigned long tok)
return !fseek((FILE *)vp, tok, SEEK_SET);
}
-/*************************************************************************
- Routine to search the smbpasswd file for an entry matching the username
- or user id. if the name is NULL, then the smb_uid is used instead.
- *************************************************************************/
-static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
-{
- struct smb_passwd *pwd = NULL;
- FILE *fp = NULL;
-
- if (name != NULL) {
- DEBUG(10, ("get_smbpwd_entry: search by name: %s\n", name));
- } else {
- DEBUG(10, ("get_smbpwd_entry: search by smb_userid: %x\n", smb_userid));
- }
-
- /* Open the smbpassword file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL) {
- DEBUG(0, ("get_smbpwd_entry: unable to open password file.\n"));
- return NULL;
- }
-
- /*
- * Scan the file, a line at a time and check if the name
- * or uid matches.
- */
-
- while ((pwd = getsmbpwent(fp)) != NULL) {
- if (name != NULL) {
- /* Search is by user name */
- if (!strequal(pwd->smb_name, name))
- continue;
- DEBUG(10, ("get_smbpwd_entry: found by name: %s\n", name));
- break;
- } else {
- /* Search is by user id */
- if (pwd->smb_userid != smb_userid)
- continue;
- DEBUG(10, ("get_smbpwd_entry: found by smb_userid: %x\n", smb_userid));
- break;
- }
- }
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Routine to search smb passwd by name.
-*************************************************************************/
-
-struct smb_passwd *getsmbpwnam(char *name)
-{
- return get_smbpwd_entry(name, 0);
-}
-
-
-/************************************************************************
- Routine to search smb passwd by uid.
-*************************************************************************/
-
-struct smb_passwd *getsmbpwuid(unsigned int uid)
-{
- return get_smbpwd_entry(NULL, uid);
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
-**********************************************************/
-
-char *encode_acct_ctrl(uint16 acct_ctrl)
-{
- static fstring acct_str;
- char *p = acct_str;
-
- *p++ = '[';
-
- if (acct_ctrl & ACB_HOMDIRREQ) *p++ = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) *p++ = 'T';
- if (acct_ctrl & ACB_NORMAL ) *p++ = 'U';
- if (acct_ctrl & ACB_MNS ) *p++ = 'M';
- if (acct_ctrl & ACB_WSTRUST ) *p++ = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) *p++ = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) *p++ = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) *p++ = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) *p++ = 'I';
-
- *p++ = ']';
- *p = '\0';
- return acct_str;
-}
-
/************************************************************************
Routine to add an entry to the smbpasswd file.
do not call this function directly. use passdb.c instead.
*************************************************************************/
-
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
{
char *pfile = lp_smb_passwd_file();
@@ -713,7 +549,6 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
do not call this function directly. use passdb.c instead.
************************************************************************/
-
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
@@ -1060,10 +895,10 @@ static int mach_passwd_lock_depth;
static FILE *mach_passwd_fp;
/************************************************************************
- Routine to get the name for a machine account file.
+ Routine to get the name for a trust account file.
************************************************************************/
-static void get_machine_account_file_name( char *domain, char *name, char *mac_file)
+static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
{
unsigned int mac_file_len;
char *p;
@@ -1077,7 +912,7 @@ static void get_machine_account_file_name( char *domain, char *name, char *mac_f
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
- DEBUG(0,("machine_password_lock: path %s too long to add machine details.\n",
+ DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
mac_file));
return;
}
@@ -1089,16 +924,16 @@ static void get_machine_account_file_name( char *domain, char *name, char *mac_f
}
/************************************************************************
- Routine to lock the machine account password file for a domain.
+ Routine to lock the trust account password file for a domain.
************************************************************************/
-BOOL machine_password_lock( char *domain, char *name, BOOL update)
+BOOL trust_password_lock( char *domain, char *name, BOOL update)
{
pstring mac_file;
if(mach_passwd_lock_depth == 0) {
- get_machine_account_file_name( domain, name, mac_file);
+ get_trust_account_file_name( domain, name, mac_file);
if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
if(errno == ENOENT && update) {
@@ -1106,7 +941,7 @@ BOOL machine_password_lock( char *domain, char *name, BOOL update)
}
if(mach_passwd_fp == NULL) {
- DEBUG(0,("machine_password_lock: cannot open file %s - Error was %s.\n",
+ DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n",
mac_file, strerror(errno) ));
return False;
}
@@ -1117,7 +952,7 @@ BOOL machine_password_lock( char *domain, char *name, BOOL update)
if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
60, &mach_passwd_lock_depth))
{
- DEBUG(0,("machine_password_lock: cannot lock file %s\n", mac_file));
+ DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
fclose(mach_passwd_fp);
return False;
}
@@ -1128,10 +963,10 @@ BOOL machine_password_lock( char *domain, char *name, BOOL update)
}
/************************************************************************
- Routine to unlock the machine account password file for a domain.
+ Routine to unlock the trust account password file for a domain.
************************************************************************/
-BOOL machine_password_unlock(void)
+BOOL trust_password_unlock(void)
{
BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
if(mach_passwd_lock_depth == 0)
@@ -1140,23 +975,23 @@ BOOL machine_password_unlock(void)
}
/************************************************************************
- Routine to delete the machine account password file for a domain.
+ Routine to delete the trust account password file for a domain.
************************************************************************/
-BOOL machine_password_delete( char *domain, char *name )
+BOOL trust_password_delete( char *domain, char *name )
{
pstring mac_file;
- get_machine_account_file_name( domain, name, mac_file);
+ get_trust_account_file_name( domain, name, mac_file);
return (unlink( mac_file ) == 0);
}
/************************************************************************
- Routine to get the machine account password for a domain.
- The user of this function must have locked the machine password file.
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
************************************************************************/
-BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
+BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
{
char linebuf[256];
char *p;
@@ -1168,14 +1003,14 @@ BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set
memset(ret_pwd, '\0', 16);
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("get_machine_account_password: Failed to seek to start of file. Error was %s.\n",
+ DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
if(ferror(mach_passwd_fp)) {
- DEBUG(0,("get_machine_account_password: Failed to read password. Error was %s.\n",
+ DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n",
strerror(errno) ));
return False;
}
@@ -1186,9 +1021,9 @@ BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set
*/
if(strlen(linebuf) != 45) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (wrong length).\n"));
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n"));
#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
@@ -1199,9 +1034,9 @@ BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set
if (!gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
strncmp(&linebuf[33], "TLC-", 4)) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (incorrect format).\n"));
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
@@ -1213,9 +1048,9 @@ BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (no timestamp).\n"));
+ DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n"));
#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
+ DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
@@ -1233,17 +1068,17 @@ BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set
}
/************************************************************************
- Routine to get the machine account password for a domain.
- The user of this function must have locked the machine password file.
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
************************************************************************/
-BOOL set_machine_account_password( unsigned char *md4_new_pwd)
+BOOL set_trust_account_password( unsigned char *md4_new_pwd)
{
char linebuf[64];
int i;
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("set_machine_account_password: Failed to seek to start of file. Error was %s.\n",
+ DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
@@ -1254,8 +1089,8 @@ BOOL set_machine_account_password( unsigned char *md4_new_pwd)
sprintf(&linebuf[32], ":TLC-%08X\n", (unsigned)time(NULL));
if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
- DEBUG(0,("set_machine_account_password: Failed to write file. Warning - the machine \
-machine account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
+ DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \
+account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
return False;
}