summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c173
-rw-r--r--source3/passdb/pdb_tdb.c3
2 files changed, 111 insertions, 65 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index b3efebe5ff..75f2d432f2 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -160,7 +160,7 @@ static BOOL pdb_free_sam_contents(SAM_ACCOUNT *user)
if (user == NULL) {
DEBUG(0,("pdb_free_sam_contents: SAM_ACCOUNT was NULL\n"));
#if 0
- smb_panic("NULL pointer passed to pdb_free_sam\n");
+ smb_panic("NULL pointer passed to pdb_free_sam_contents\n");
#endif
return False;
}
@@ -184,6 +184,9 @@ BOOL pdb_reset_sam(SAM_ACCOUNT *user)
{
if (user == NULL) {
DEBUG(0,("pdb_reset_sam: SAM_ACCOUNT was NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_free_sam\n");
+#endif
return False;
}
@@ -203,9 +206,9 @@ BOOL pdb_reset_sam(SAM_ACCOUNT *user)
Free the SAM_ACCOUNT and the NT/LM hashes.
***********************************************************/
-BOOL pdb_free_sam(SAM_ACCOUNT *user)
+BOOL pdb_free_sam(SAM_ACCOUNT **user)
{
- if (user == NULL) {
+ if (*user == NULL) {
DEBUG(0,("pdb_free_sam: SAM_ACCOUNT was NULL\n"));
#if 0
smb_panic("NULL pointer passed to pdb_free_sam\n");
@@ -213,11 +216,11 @@ BOOL pdb_free_sam(SAM_ACCOUNT *user)
return False;
}
- if (!pdb_free_sam_contents(user)) {
+ if (!pdb_free_sam_contents(*user)) {
return False;
}
- SAFE_FREE(user);
+ SAFE_FREE(*user);
return True;
}
@@ -835,7 +838,8 @@ void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from)
FIXME!! The function needs to be abstracted into the
passdb interface or something. It is currently being called
- by _api_samr_create_user() in rpc_server/srv_samr.c
+ by _api_samr_create_user() in rpc_server/srv_samr.c,
+ in SWAT and by smbpasswd/pdbedit.
--jerry
*************************************************************/
@@ -851,55 +855,36 @@ BOOL local_password_change(char *user_name, int local_flags,
*err_str = '\0';
*msg_str = '\0';
- if (local_flags & LOCAL_ADD_USER) {
-
- /*
- * Check for a local account - if we're adding only.
- */
-
- if(!(pwd = sys_getpwnam(user_name))) {
- slprintf(err_str, err_str_len - 1, "User %s does not \
-exist in system password file (usually /etc/passwd). Cannot add \
-account without a valid local system user.\n", user_name);
- return False;
- }
- }
-
/* Get the smb passwd entry for this user */
pdb_init_sam(&sam_pass);
if(!pdb_getsampwnam(sam_pass, user_name)) {
- pdb_free_sam(sam_pass);
+ pdb_free_sam(&sam_pass);
- if(!(local_flags & LOCAL_ADD_USER)) {
+ if (local_flags & LOCAL_ADD_USER) {
+ /*
+ * Check for a local account - if we're adding only.
+ */
+
+ if(!(pwd = sys_getpwnam(user_name))) {
+ slprintf(err_str, err_str_len - 1, "User %s does not \
+exist in system password file (usually /etc/passwd). Cannot add \
+account without a valid local system user.\n", user_name);
+ return False;
+ }
+ } else {
slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
return False;
}
if (!pdb_init_sam_pw(&sam_pass, pwd)) {
+ slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
return False;
}
/* set account flags */
- pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
-
- if (local_flags & LOCAL_DISABLE_USER)
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
-
- if (local_flags & LOCAL_SET_NO_PASSWORD) {
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
- } else {
- /* set the passwords here. if we get to here it means
- we have a valid, active account */
- pdb_set_plaintext_passwd (sam_pass, new_passwd);
- }
-
- if (pdb_add_sam_account(sam_pass)) {
- slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
- pdb_free_sam(sam_pass);
- return True;
- } else {
- slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
- pdb_free_sam(sam_pass);
+ if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) )) {
+ slprintf(err_str, err_str_len-1, "Failed to set 'trust account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
return False;
}
} else {
@@ -912,19 +897,45 @@ account without a valid local system user.\n", user_name);
* and the valid last change time.
*/
- if(local_flags & LOCAL_DISABLE_USER) {
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
+ if (local_flags & LOCAL_DISABLE_USER) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+ slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
} else if (local_flags & LOCAL_ENABLE_USER) {
- if(pdb_get_lanman_passwd(sam_pass) == NULL) {
- pdb_set_plaintext_passwd (sam_pass, new_passwd);
+ if (pdb_get_lanman_passwd(sam_pass) == NULL) {
+ if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
+ slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ }
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ }
+
+ if (local_flags & LOCAL_SET_NO_PASSWORD) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+ slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
}
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
- } else if (local_flags & LOCAL_SET_NO_PASSWORD) {
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
/* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
- pdb_set_lanman_passwd (sam_pass, NULL);
- pdb_set_nt_passwd (sam_pass, NULL);
+ if (!pdb_set_lanman_passwd (sam_pass, NULL)) {
+ slprintf(err_str, err_str_len-1, "Failed to set NULL lanman password for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ if (!pdb_set_nt_passwd (sam_pass, NULL)) {
+ slprintf(err_str, err_str_len-1, "Failed to set NULL NT password for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
} else {
/*
* If we're dealing with setting a completely empty user account
@@ -935,23 +946,47 @@ account without a valid local system user.\n", user_name);
* and the decision hasn't really been made to disable them (ie.
* don't create them disabled). JRA.
*/
- if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED))
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
- pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ));
- pdb_set_plaintext_passwd (sam_pass, new_passwd);
- }
-
- if(local_flags & LOCAL_DELETE_USER) {
+ if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ }
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+ slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+
+ if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
+ slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ }
+
+ if (local_flags & LOCAL_ADD_USER) {
+ if (pdb_add_sam_account(sam_pass)) {
+ slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return True;
+ } else {
+ slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ } else if (local_flags & LOCAL_DELETE_USER) {
if (!pdb_delete_sam_account(user_name)) {
slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
- pdb_free_sam(sam_pass);
+ pdb_free_sam(&sam_pass);
return False;
}
slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
} else {
if(!pdb_update_sam_account(sam_pass, True)) {
slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
- pdb_free_sam(sam_pass);
+ pdb_free_sam(&sam_pass);
return False;
}
if(local_flags & LOCAL_DISABLE_USER)
@@ -962,7 +997,7 @@ account without a valid local system user.\n", user_name);
slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
}
- pdb_free_sam(sam_pass);
+ pdb_free_sam(&sam_pass);
return True;
}
@@ -1528,9 +1563,15 @@ BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, char *munged_dial)
BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
{
- if (!sampass || !pwd)
+ if (!sampass)
return False;
+ if (!pwd) {
+ /* Allow setting to NULL */
+ SAFE_FREE(sampass->nt_pw);
+ return True;
+ }
+
if (sampass->nt_pw!=NULL)
DEBUG(4,("pdb_set_nt_passwd: NT hash non NULL overwritting ?\n"));
else
@@ -1550,9 +1591,15 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
{
- if (!sampass || !pwd)
+ if (!sampass)
return False;
+ if (!pwd) {
+ /* Allow setting to NULL */
+ SAFE_FREE(sampass->lm_pw);
+ return True;
+ }
+
if (sampass->lm_pw!=NULL)
DEBUG(4,("pdb_set_lanman_passwd: LM hash non NULL overwritting ?\n"));
else
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 990d0077b2..9b932b7821 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -689,7 +689,7 @@ BOOL pdb_delete_sam_account(char *sname)
rid = pdb_get_user_rid(sam_pass);
- pdb_free_sam (sam_pass);
+ pdb_free_sam (&sam_pass);
/* it's outaa here! 8^) */
if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) {
@@ -732,7 +732,6 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
pstring tdbfile;
fstring name;
BOOL ret = True;
- int newtdb = FALSE;
get_private_directory(tdbfile);
pstrcat (tdbfile, PASSDB_FILE_NAME);