diff options
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/machine_sid.c | 11 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 70 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 25 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 5 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 290 | ||||
-rw-r--r-- | source3/passdb/pdb_nisplus.c | 2493 | ||||
-rw-r--r-- | source3/passdb/pdb_plugin.c | 4 | ||||
-rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 13 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 94 |
9 files changed, 1653 insertions, 1352 deletions
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index e1f7dec2a9..e1a1de83a6 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -80,7 +80,6 @@ static BOOL pdb_generate_sam_sid(void) { char *fname = NULL; extern pstring global_myname; - extern fstring global_myworkgroup; BOOL is_dc = False; if(global_sam_sid==NULL) @@ -106,11 +105,11 @@ static BOOL pdb_generate_sam_sid(void) if (!is_dc) return True; - if (!secrets_fetch_domain_sid(global_myworkgroup, &domain_sid)) { + if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { /* No domain sid and we're a pdc/bdc. Store it */ - if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { + if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n")); return False; } @@ -122,7 +121,7 @@ static BOOL pdb_generate_sam_sid(void) /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */ DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); - if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { + if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n")); return False; } @@ -145,7 +144,7 @@ static BOOL pdb_generate_sam_sid(void) } unlink(fname); if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { + if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n")); SAFE_FREE(fname); return False; @@ -168,7 +167,7 @@ static BOOL pdb_generate_sam_sid(void) return False; } if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { + if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n")); return False; } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index a9c6f0729b..b78f26a8e8 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -75,11 +75,19 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user) user->private.workstations = ""; user->private.unknown_str = ""; user->private.munged_dial = ""; + + user->private.plaintext_pw = NULL; + } static void destroy_pdb_talloc(SAM_ACCOUNT **user) { if (*user) { + data_blob_clear_free(&((*user)->private.lm_pw)); + data_blob_clear_free(&((*user)->private.nt_pw)); + + if((*user)->private.plaintext_pw!=NULL) + memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw)); talloc_destroy((*user)->mem_ctx); *user = NULL; } @@ -251,6 +259,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) pwd->pw_name, global_myname, pwd->pw_uid, pwd->pw_gid), False); + if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) { + DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name)); + return NT_STATUS_UNSUCCESSFUL; + } + } else { + if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) { + DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name)); + return NT_STATUS_UNSUCCESSFUL; + } } return NT_STATUS_OK; } @@ -301,7 +318,8 @@ static void pdb_free_sam_contents(SAM_ACCOUNT *user) data_blob_clear_free(&(user->private.lm_pw)); data_blob_clear_free(&(user->private.nt_pw)); - data_blob_clear_free(&(user->private.plaintext_pw)); + if (user->private.plaintext_pw!=NULL) + memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw)); } @@ -823,11 +841,14 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ return False; if (pdb_getsampwsid(sam_user, psid)) { - *puid = pdb_get_uid(sam_user); - if (*puid == -1) { + + if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) { pdb_free_sam(&sam_user); return False; } + + *puid = pdb_get_uid(sam_user); + DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid), (unsigned int)*puid, pdb_get_username(sam_user))); pdb_free_sam(&sam_user); @@ -982,6 +1003,7 @@ BOOL local_password_change(const char *user_name, int local_flags, { struct passwd *pwd = NULL; SAM_ACCOUNT *sam_pass=NULL; + uint16 other_acb; *err_str = '\0'; *msg_str = '\0'; @@ -1021,31 +1043,33 @@ BOOL local_password_change(const char *user_name, int local_flags, return False; } } - if (local_flags & LOCAL_TRUST_ACCOUNT) { - if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) { - slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { - if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) { - slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - } else { - if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) { - slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - } - } else { /* the entry already existed */ local_flags &= ~LOCAL_ADD_USER; } + /* the 'other' acb bits not being changed here */ + other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL))); + if (local_flags & LOCAL_TRUST_ACCOUNT) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) { + slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } + } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) { + slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } + } else { + if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) { + slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } + } + /* * We are root - just write the new password * and the valid last change time. diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 2da6de7270..0c338f317e 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -151,7 +151,7 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass) const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass) { if (sampass) { - return ((char*)sampass->private.plaintext_pw.data); + return (sampass->private.plaintext_pw); } else return (NULL); @@ -956,14 +956,24 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16]) below) ********************************************************************/ -BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len) +BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password) { if (!sampass) return False; - data_blob_clear_free(&sampass->private.plaintext_pw); - - sampass->private.plaintext_pw = data_blob(password, len); + if (password) { + if (sampass->private.plaintext_pw!=NULL) + memset(sampass->private.plaintext_pw,'\0',strlen(sampass->private.plaintext_pw)+1); + sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, password); + + if (!sampass->private.plaintext_pw) { + DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n")); + return False; + } + + } else { + sampass->private.plaintext_pw = NULL; + } return True; } @@ -1062,7 +1072,10 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext) if (!pdb_set_lanman_passwd (sampass, new_lanman_p16)) return False; - + + if (!pdb_set_plaintext_pw_only (sampass, plaintext)) + return False; + if (!pdb_set_pass_changed_now (sampass)) return False; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index f311223d77..f965dd727c 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -34,13 +34,14 @@ const struct pdb_init_function_entry builtin_pdb_init_functions[] = { { "ldapsam", pdb_init_ldapsam }, { "ldapsam_nua", pdb_init_ldapsam_nua }, { "unixsam", pdb_init_unixsam }, + { "nisplussam", pdb_init_nisplussam }, { "plugin", pdb_init_plugin }, { NULL, NULL} }; static BOOL context_setsampwent(struct pdb_context *context, BOOL update) { - if ((!context) || (!context->pdb_methods) || (!context->pdb_methods->setsampwent)) { + if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); return False; } @@ -52,7 +53,7 @@ static BOOL context_setsampwent(struct pdb_context *context, BOOL update) return True; } - while (!(context->pwent_methods->setsampwent(context->pwent_methods, update))) { + while (!(context->pwent_methods->setsampwent) || !(context->pwent_methods->setsampwent(context->pwent_methods, update))) { context->pwent_methods = context->pwent_methods->next; if (context->pwent_methods == NULL) return False; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index f82cb4488f..71a8c256a3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1,11 +1,11 @@ /* Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jean François Micouleau 1998 + Copyright (C) Gerald Carter 2001 + Copyright (C) Shahms King 2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -273,7 +273,8 @@ static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP * a rebind function for authenticated referrals This version takes a void* that we can shove useful stuff in :-) ******************************************************************/ - +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, int *methodp, int freeit, void *arg) { @@ -304,13 +305,14 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, } return 0; } +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ /******************************************************************* a rebind function for authenticated referrals This version takes a void* that we can shove useful stuff in :-) and actually does the connection. ******************************************************************/ - +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) static int rebindproc_connect_with_state (LDAP *ldap_struct, LDAP_CONST char *url, ber_tag_t request, @@ -329,11 +331,14 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, return rc; } +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ /******************************************************************* Add a rebind function for authenticated referrals ******************************************************************/ - +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +# if LDAP_SET_REBIND_PROC_ARGS == 2 static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, int *method, int freeit ) { @@ -341,19 +346,23 @@ static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, method, freeit, static_ldap_state); } +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ /******************************************************************* a rebind function for authenticated referrals this also does the connection, but no void*. ******************************************************************/ - +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, ber_int_t msgid) { return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid, static_ldap_state); } - +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ /******************************************************************* connect to the ldap server under system privilege. @@ -391,18 +400,18 @@ static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * l # if LDAP_SET_REBIND_PROC_ARGS == 3 ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state); # endif -#else +#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ # if LDAP_SET_REBIND_PROC_ARGS == 2 ldap_set_rebind_proc(ldap_struct, &rebindproc); # endif # if LDAP_SET_REBIND_PROC_ARGS == 3 ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); # endif -#endif +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); - if (rc != LDAP_SUCCESS) - { + if (rc != LDAP_SUCCESS) { DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc))); return False; } @@ -421,7 +430,7 @@ static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter)); - rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, attr, 0, result); + rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result); if (rc != LDAP_SUCCESS) { DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n", @@ -944,9 +953,6 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, slprintf(temp, sizeof(temp) - 1, "%i", rid); make_a_mod(mods, ldap_op, "primaryGroupID", temp); - slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass)); - make_a_mod(mods, ldap_op, "pwdLastSet", temp); - /* displayName, cn, and gecos should all be the same * most easily accomplished by giving them the same OID * gecos isn't set here b/c it should be handled by the @@ -989,6 +995,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, make_a_mod(mods, ldap_op, "kickoffTime", temp); } + if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) { slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass)); make_a_mod(mods, ldap_op, "pwdCanChange", temp); @@ -999,13 +1006,22 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, make_a_mod(mods, ldap_op, "pwdMustChange", temp); } - /* FIXME: Hours stuff goes in LDAP */ - pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass)); - make_a_mod (mods, ldap_op, "lmPassword", temp); + if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))|| + (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) { + + pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass)); + make_a_mod (mods, ldap_op, "lmPassword", temp); - pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass)); - make_a_mod (mods, ldap_op, "ntPassword", temp); + pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass)); + make_a_mod (mods, ldap_op, "ntPassword", temp); + slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass)); + make_a_mod(mods, ldap_op, "pwdLastSet", temp); + + } + + /* FIXME: Hours stuff goes in LDAP */ + make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN)); @@ -1030,18 +1046,18 @@ static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) { DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid)); - final_rid = 0; ldap_msgfree(result); + return 0; } - if (ldap_count_entries(ldap_struct, result) != 0) - { + if (ldap_count_entries(ldap_struct, result) != 0) { DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid)); - final_rid = 0; ldap_msgfree(result); + return 0; } DEBUG(5, ("NUA RID %d (0x%x), declared valid\n", final_rid, final_rid)); + ldap_msgfree(result); return final_rid; } @@ -1093,12 +1109,10 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter)); rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, final_filter, attr, 0, + LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0, &result); - if (rc != LDAP_SUCCESS) - { - + if (rc != LDAP_SUCCESS) { DEBUG(3, ("LDAP search failed! cannot find base for NUA RIDs: %s\n", ldap_err2string(rc))); DEBUGADD(3, ("Query was: %s, %s\n", lp_ldap_suffix(), final_filter)); @@ -1149,12 +1163,10 @@ static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_s uint32 next_nua_rid; uint32 top_nua_rid; - if (!ldapsam_open_connection(ldap_state, &ldap_struct)) - { + if (!ldapsam_open_connection(ldap_state, &ldap_struct)) { return 0; } - if (!ldapsam_connect_system(ldap_state, ldap_struct)) - { + if (!ldapsam_connect_system(ldap_state, ldap_struct)) { ldap_unbind(ldap_struct); return 0; } @@ -1177,12 +1189,10 @@ static BOOL ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) int rc; pstring filter; - if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) - { + if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) { return False; } - if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) - { + if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) { ldap_unbind(ldap_state->ldap_struct); return False; } @@ -1191,11 +1201,10 @@ static BOOL ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) all_string_sub(filter, "%u", "*", sizeof(pstring)); rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, filter, attr, 0, + LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0, &ldap_state->result); - if (rc != LDAP_SUCCESS) - { + if (rc != LDAP_SUCCESS) { DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc))); DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter)); ldap_msgfree(ldap_state->result); @@ -1222,8 +1231,7 @@ End enumeration of the LDAP password list static void ldapsam_endsampwent(struct pdb_methods *my_methods) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - if (ldap_state->ldap_struct && ldap_state->result) - { + if (ldap_state->ldap_struct && ldap_state->result) { ldap_msgfree(ldap_state->result); ldap_unbind(ldap_state->ldap_struct); ldap_state->ldap_struct = NULL; @@ -1234,7 +1242,7 @@ static void ldapsam_endsampwent(struct pdb_methods *my_methods) /********************************************************************** Get the next entry in the LDAP password database *********************************************************************/ -static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * user) +static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; BOOL ret = False; @@ -1252,8 +1260,7 @@ static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * us ldap_state->entry); ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct, - ldap_state->entry); - + ldap_state->entry); } return True; @@ -1262,7 +1269,7 @@ static BOOL ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * us /********************************************************************** Get SAM_ACCOUNT entry from LDAP by username *********************************************************************/ -static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const char *sname) +static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; @@ -1271,18 +1278,15 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (!ldapsam_open_connection(ldap_state, &ldap_struct)) return False; - if (!ldapsam_connect_system(ldap_state, ldap_struct)) - { + if (!ldapsam_connect_system(ldap_state, ldap_struct)) { ldap_unbind(ldap_struct); return False; } - if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) - { + if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) { ldap_unbind(ldap_struct); return False; } - if (ldap_count_entries(ldap_struct, result) < 1) - { + if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(4, ("We don't find this user [%s] count=%d\n", sname, ldap_count_entries(ldap_struct, result))); @@ -1290,8 +1294,7 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us return False; } entry = ldap_first_entry(ldap_struct, result); - if (entry) - { + if (entry) { if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) { DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname)); ldap_msgfree(result); @@ -1301,9 +1304,7 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us ldap_msgfree(result); ldap_unbind(ldap_struct); return True; - } - else - { + } else { ldap_msgfree(result); ldap_unbind(ldap_struct); return False; @@ -1313,7 +1314,7 @@ static BOOL ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT * us /********************************************************************** Get SAM_ACCOUNT entry from LDAP by rid *********************************************************************/ -static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, uint32 rid) +static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAP *ldap_struct; @@ -1323,20 +1324,17 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us if (!ldapsam_open_connection(ldap_state, &ldap_struct)) return False; - if (!ldapsam_connect_system(ldap_state, ldap_struct)) - { + if (!ldapsam_connect_system(ldap_state, ldap_struct)) { ldap_unbind(ldap_struct); return False; } if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) != - LDAP_SUCCESS) - { + LDAP_SUCCESS) { ldap_unbind(ldap_struct); return False; } - if (ldap_count_entries(ldap_struct, result) < 1) - { + if (ldap_count_entries(ldap_struct, result) < 1) { DEBUG(4, ("We don't find this rid [%i] count=%d\n", rid, ldap_count_entries(ldap_struct, result))); @@ -1345,8 +1343,7 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us } entry = ldap_first_entry(ldap_struct, result); - if (entry) - { + if (entry) { if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) { DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n")); ldap_msgfree(result); @@ -1356,9 +1353,7 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us ldap_msgfree(result); ldap_unbind(ldap_struct); return True; - } - else - { + } else { ldap_msgfree(result); ldap_unbind(ldap_struct); return False; @@ -1373,6 +1368,95 @@ static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * us return ldapsam_getsampwrid(my_methods, user, rid); } +static BOOL ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op) +{ + int version; + int rc; + + switch(ldap_op) + { + case LDAP_MOD_ADD: + make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account"); + if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) { + char *ld_error; + ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(0, + ("failed to add user with uid = %s with: %s\n\t%s\n", + pdb_get_username(newpwd), ldap_err2string(rc), + ld_error)); + free(ld_error); + return False; + } + break; + case LDAP_MOD_REPLACE: + if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) { + char *ld_error; + ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(0, + ("failed to modify user with uid = %s with: %s\n\t%s\n", + pdb_get_username(newpwd), ldap_err2string(rc), + ld_error)); + free(ld_error); + return False; + } + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op)); + return False; + } + +#ifdef LDAP_EXOP_X_MODIFY_PASSWD + if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))&& + (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&& + (pdb_get_plaintext_passwd(newpwd)!=NULL)) { + BerElement *ber; + struct berval *bv; + char *retoid; + struct berval *retdata; + + if (ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { + if (version != LDAP_VERSION3) { + version = LDAP_VERSION3; + ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); + } + } + + if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) { + DEBUG(0,("ber_alloc_t returns NULL\n")); + return False; + } + ber_printf (ber, "{"); + ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn); + ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, pdb_get_plaintext_passwd(newpwd)); + ber_printf (ber, "N}"); + + if ((rc = ber_flatten (ber, &bv))<0) { + DEBUG(0,("ber_flatten returns a value <0\n")); + return False; + } + + ber_free(ber,1); + + if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD, + bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) { + DEBUG(0,("LDAP Password could not be changed for user %s: %s\n", + pdb_get_username(newpwd),ldap_err2string(rc))); + } else { + DEBUG(3,("LDAP Password changed for user %s\n",pdb_get_username(newpwd))); + + ber_bvfree(retdata); + ber_memfree(retoid); + } + ber_bvfree(bv); + } +#else + DEBUG(10,("LDAP PASSWORD SYNC is not supported!\n")); +#endif /* LDAP_EXOP_X_MODIFY_PASSWD */ + return True; +} + /********************************************************************** Delete entry from LDAP for username *********************************************************************/ @@ -1414,7 +1498,8 @@ static BOOL ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOU entry = ldap_first_entry (ldap_struct, result); dn = ldap_get_dn (ldap_struct, entry); - + ldap_msgfree(result); + rc = ldap_delete_s (ldap_struct, dn); ldap_memfree (dn); @@ -1449,8 +1534,7 @@ static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOU if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */ return False; - if (!ldapsam_connect_system(ldap_state, ldap_struct)) /* connect as system account */ - { + if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */ ldap_unbind(ldap_struct); return False; } @@ -1458,8 +1542,7 @@ static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOU rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, pdb_get_username(newpwd), &result); - if (ldap_count_entries(ldap_struct, result) == 0) - { + if (ldap_count_entries(ldap_struct, result) == 0) { DEBUG(0, ("No user to modify!\n")); ldap_msgfree(result); ldap_unbind(ldap_struct); @@ -1475,23 +1558,17 @@ static BOOL ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOU entry = ldap_first_entry(ldap_struct, result); dn = ldap_get_dn(ldap_struct, entry); - - rc = ldap_modify_s(ldap_struct, dn, mods); - - if (rc != LDAP_SUCCESS) - { - char *ld_error; - ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING, - &ld_error); - DEBUG(0, - ("failed to modify user with uid = %s with: %s\n\t%s\n", - pdb_get_username(newpwd), ldap_err2string(rc), - ld_error)); - free(ld_error); + ldap_msgfree(result); + + if (!ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE)) { + DEBUG(0,("failed to modify user with uid = %s\n", + pdb_get_username(newpwd))); + ldap_mods_free(mods,1); ldap_unbind(ldap_struct); return False; } + DEBUG(2, ("successfully modified uid = %s in the LDAP database\n", pdb_get_username(newpwd))); @@ -1514,7 +1591,7 @@ static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT LDAPMod **mods = NULL; int ldap_op; uint32 num_result; - + const char *username = pdb_get_username(newpwd); if (!username || !*username) { DEBUG(0, ("Cannot add user without a username!\n")); @@ -1522,20 +1599,16 @@ static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT } if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */ - { return False; - } - if (!ldapsam_connect_system(ldap_state, ldap_struct)) /* connect as system account */ - { + if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */ ldap_unbind(ldap_struct); return False; } rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result); - if (ldap_count_entries(ldap_struct, result) != 0) - { + if (ldap_count_entries(ldap_struct, result) != 0) { DEBUG(0,("User already in the base, with samba properties\n")); ldap_msgfree(result); ldap_unbind(ldap_struct); @@ -1564,8 +1637,7 @@ static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT tmp = ldap_get_dn (ldap_struct, entry); slprintf (dn, sizeof (dn) - 1, "%s", tmp); ldap_memfree (tmp); - } - else { + } else { /* Check if we need to add an entry */ DEBUG(3,("Adding new user\n")); ldap_op = LDAP_MOD_ADD; @@ -1586,26 +1658,14 @@ static BOOL ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT } make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount"); - if (ldap_op == LDAP_MOD_REPLACE) { - rc = ldap_modify_s(ldap_struct, dn, mods); - } - else { - rc = ldap_add_s(ldap_struct, dn, mods); - } - - if (rc != LDAP_SUCCESS) - { - char *ld_error; - - ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0,("failed to modify/add user with uid = %s (dn = %s) with: %s\n\t%s\n", - pdb_get_username(newpwd), dn, ldap_err2string (rc), ld_error)); - free(ld_error); - ldap_mods_free(mods, 1); + if (!ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op)) { + DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n", + pdb_get_username(newpwd),dn)); + ldap_mods_free(mods,1); ldap_unbind(ldap_struct); return False; } - + DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd))); ldap_mods_free(mods, 1); ldap_unbind(ldap_struct); diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 2d37c3b8fb..484e8986e4 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -1,10 +1,11 @@ + /* - * Unix SMB/CIFS implementation. - * SMB parameters and setup + * NIS+ Passdb Backend * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. * Copyright (C) Benny Holmgren 1998 <bigfoot@astrakan.hgs.se> * Copyright (C) Luke Kenneth Casson Leighton 1996-1998. * Copyright (C) Toomas Soome <tsoome@ut.ee> 2001 + * Copyright (C) Jelmer Vernooij 2002 * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free @@ -35,6 +36,7 @@ * an enum in /usr/include/rpcsvc/nis.h. */ + #if defined(GROUP) #undef GROUP #endif @@ -47,31 +49,20 @@ #include <rpcsvc/nis.h> -extern int DEBUGLEVEL; - -struct nisp_enum_info -{ - nis_result *result; - int enum_entry; -}; - -static struct nisp_enum_info global_nisp_ent; -static SIG_ATOMIC_T gotalarm; - /*************************************************************** the fields for the NIS+ table, generated from mknissmbpwtbl.sh, are: - name=S,nogw=r - uid=S,nogw=r + name=S,nogw=r + uid=S,nogw=r user_rid=S,nogw=r smb_grpid=,nw+r group_rid=,nw+r acb=,nw+r - - lmpwd=C,nw=,g=r,o=rm - ntpwd=C,nw=,g=r,o=rm - + + lmpwd=C,nw=,g=r,o=rm + ntpwd=C,nw=,g=r,o=rm + logon_t=,nw+r logoff_t=,nw+r kick_t=,nw+r @@ -114,59 +105,576 @@ static SIG_ATOMIC_T gotalarm; #define NPF_WORKSTATIONS 20 #define NPF_HOURS 21 +struct nisplus_private_info { + nis_result *result; + int enum_entry; + char *location; +}; + +static char *make_nisname_from_user_rid (uint32 rid, char *pfile); +static char *make_nisname_from_name (const char *user_name, char *pfile); +static void get_single_attribute (const nis_object * new_obj, int col, + char *val, int len);; +static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, + const nis_object * obj); +static BOOL make_sam_from_nisresult (SAM_ACCOUNT * pw_buf, + const nis_result * result);; +static void set_single_attribute (nis_object * new_obj, int col, + const char *val, int len, int flags); +static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, + nis_object * old); +static nis_result *nisp_get_nis_list (const char *nisname, + unsigned int flags); -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ +/*************************************************************** + Start enumeration of the passwd list. +****************************************************************/ -static uid_t pdb_user_rid_to_uid(uint32 user_rid) +static BOOL nisplussam_setsampwent (struct pdb_methods *methods, BOOL update) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); -} + struct nisplus_private_info *private = + (struct nisplus_private_info *) methods->private_data; -/******************************************************************* - converts UNIX uid to an NT User RID. - ********************************************************************/ + char *sp; + pstring pfiletmp; -static uint32 pdb_uid_to_user_rid(uid_t uid) -{ - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + if ((sp = strrchr (private->location, '/'))) + safe_strcpy (pfiletmp, sp + 1, sizeof (pfiletmp) - 1); + else + safe_strcpy (pfiletmp, p, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".org_dir", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + + pdb_endsampwent (); /* just in case */ + global_nisp_ent->result = nisp_get_nis_list (pfiletmp, 0); + global_nisp_ent->enum_entry = 0; + return global_nisp_ent->result != NULL ? True : False; } /*************************************************************** - Signal function to tell us we timed out. + End enumeration of the passwd list. ****************************************************************/ -static void gotalarm_sig(void) + +static void nisplussam_endsampwent (struct pdb_methods *methods) { - gotalarm = 1; + struct nisplus_private_info *global_nisp_ent = + (struct nisplus_private_info *) methods->private_data; + if (global_nisp_ent->result) + nis_freeresult (global_nisp_ent->result); + global_nisp_ent->result = NULL; + global_nisp_ent->enum_entry = 0; } -/*************************************************************** - make_nisname_from_user_rid - ****************************************************************/ -static char *make_nisname_from_user_rid(uint32 rid, char *pfile) +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) +*****************************************************************/ + +static BOOL nisplussam_getsampwent (struct pdb_methods *methods, + SAM_ACCOUNT * user) { - static pstring nisname; - safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); + struct nisplus_private_info *global_nisp_ent = + (struct nisplus_private_info *) methods->private_data; + int enum_entry = (int) (global_nisp_ent->enum_entry); + nis_result *result = global_nisp_ent->result; - return nisname; + if (user == NULL) { + DEBUG (0, ("SAM_ACCOUNT is NULL.\n")); + return False; + } + + if (result == NULL || + enum_entry < 0 || enum_entry >= (NIS_RES_NUMOBJ (result) - 1)) { + return False; + } + + if (!make_sam_from_nisp_object + (user, &NIS_RES_OBJECT (result)[enum_entry])) { + DEBUG (0, ("Bad SAM_ACCOUNT entry returned from NIS+!\n")); + return False; + } + (int) (global_nisp_ent->enum_entry)++; + return True; + DEBUG (10, ("nisplussam_getsampwent called\n")); + return False; +} + +/****************************************************************** + Lookup a name in the SAM database +******************************************************************/ + +static BOOL nisplussam_getsampwnam (struct pdb_methods *methods, + SAM_ACCOUNT * user, const char *sname) +{ + /* Static buffers we will return. */ + nis_result *result = NULL; + pstring nisname; + BOOL ret; + struct nisplus_private_info *private = + (struct nisplus_private_info *) methods->private_data; + + if (!private->location || !(*private->location)) { + DEBUG (0, ("No SMB password file set\n")); + return False; + } + if (strrchr (private->location, '/')) + private->location = strrchr (private->location, '/') + 1; + + slprintf (nisname, sizeof (nisname) - 1, "[name=%s],%s.org_dir", + sname, private->location); + DEBUG (10, ("search by nisname: %s\n", nisname)); + + /* Search the table. */ + + if (!(result = nisp_get_nis_list (nisname, 0))) { + return False; + } + + ret = make_sam_from_nisresult (user, result); + nis_freeresult (result); + + return ret; + + DEBUG (10, ("nisplussam_getsampwnam called\n")); + return False; +} + +/*************************************************************************** + Search by sid + **************************************************************************/ + +static BOOL nisplussam_getsampwrid (struct pdb_methods *methods, + SAM_ACCOUNT * user, uint32 rid) +{ + nis_result *result; + char *nisname; + BOOL ret; + char *sp; + pstring pfiletmp; + struct nisplus_private_info *private = + (struct nisplus_private_info *) methods->private_data; + + if (!private->location || !(*private->location)) { + DEBUG (0, ("no SMB password file set\n")); + return False; + } + + if ((sp = strrchr (private->location, '/'))) + safe_strcpy (pfiletmp, sp + 1, sizeof (pfiletmp) - 1); + else + safe_strcpy (pfiletmp, private->location, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".org_dir", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + + nisname = make_nisname_from_user_rid (rid, pfiletmp); + + DEBUG (10, ("search by rid: %s\n", nisname)); + + /* Search the table. */ + + if (!(result = nisp_get_nis_list (nisname, 0))) { + return False; + } + + ret = make_sam_from_nisresult (user, result); + nis_freeresult (result); + + return ret; +} + +static BOOL nisplussam_getsampwsid (struct pdb_methods *methods, + SAM_ACCOUNT * user, const DOM_SID * sid) +{ + uint32 rid; + + if (!sid_peek_check_rid (get_global_sam_sid (), sid, &rid)) + return False; + return nisplussam_getsampwrid (methods, user, rid); +} + + + +/*************************************************************************** + Delete a SAM_ACCOUNT +****************************************************************************/ + +static BOOL nisplussam_delete_sam_account (struct pdb_methods *methods, + SAM_ACCOUNT * user) +{ + const char *sname; + pstring nisname; + nis_result *result, *delresult; + nis_object *obj; + struct nisplus_private_info *private = + (struct nisplus_private_info *) methods->private_data; + + if (!user) { + DEBUG (0, ("no SAM_ACCOUNT specified!\n")); + return False; + } + + sname = pdb_get_username (user); + + if (!private->location || !(*private->location)) { + DEBUG (0, ("no SMB password file set\n")); + return False; + } + + if (strrchr (private->location, '/')) + private->location = strrchr (private->location, '/') + 1; + + slprintf (nisname, sizeof (nisname) - 1, "[name=%s],%s.org_dir", + sname, private->location); + + /* Search the table. */ + + if (!(result = nisp_get_nis_list (nisname, + MASTER_ONLY | FOLLOW_LINKS | + FOLLOW_PATH | EXPAND_NAME | + HARD_LOOKUP))) { + return False; + } + + if (result->status != NIS_SUCCESS || NIS_RES_NUMOBJ (result) <= 0) { + /* User not found. */ + DEBUG (0, ("user not found in NIS+\n")); + nis_freeresult (result); + return False; + } + + obj = NIS_RES_OBJECT (result); + slprintf (nisname, sizeof (nisname) - 1, "[name=%s],%s.%s", sname, + obj->zo_name, obj->zo_domain); + + DEBUG (10, ("removing name: %s\n", nisname)); + delresult = nis_remove_entry (nisname, obj, + MASTER_ONLY | REM_MULTIPLE | ALL_RESULTS + | FOLLOW_PATH | EXPAND_NAME | + HARD_LOOKUP); + + nis_freeresult (result); + + if (delresult->status != NIS_SUCCESS) { + DEBUG (0, ("NIS+ table update failed: %s %s\n", + nisname, nis_sperrno (delresult->status))); + nis_freeresult (delresult); + return False; + } + nis_freeresult (delresult); + return True; + DEBUG (10, ("nisplussam_delete_sam_account called\n")); + return False; +} + +/*************************************************************************** + Modifies an existing SAM_ACCOUNT +****************************************************************************/ + +static BOOL nisplussam_update_sam_account (struct pdb_methods *methods, + SAM_ACCOUNT * newpwd) +{ + nis_result *result, *addresult; + nis_object *obj; + nis_object new_obj; + entry_col *ecol; + int ta_maxcol; + struct nisplus_private_info *private = + (struct nisplus_private_info *) methods->private_data; + pstring nisname; + + if (!private->location || !(*private->location)) { + DEBUG (0, ("no SMB password file set\n")); + return False; + } + if (strrchr (private->location, '/')) + private->location = strrchr (private->location, '/') + 1; + + slprintf (nisname, sizeof (nisname) - 1, "[name=%s],%s.org_dir", + pdb_get_username (newpwd), private->location); + + DEBUG (10, ("search by name: %s\n", nisname)); + + /* Search the table. */ + + if (! + (result = + nisp_get_nis_list (nisname, + MASTER_ONLY | FOLLOW_LINKS | FOLLOW_PATH | + EXPAND_NAME | HARD_LOOKUP))) { + return False; + } + + if (result->status != NIS_SUCCESS || NIS_RES_NUMOBJ (result) <= 0) { + /* User not found. */ + DEBUG (0, ("user not found in NIS+\n")); + nis_freeresult (result); + return False; + } + + obj = NIS_RES_OBJECT (result); + DEBUG (6, ("entry found in %s\n", obj->zo_domain)); + + /* we must create new stub object with EN_MODIFIED flag. + this is because obj from result is going to be freed and + we do not want to break it or cause memory leaks or corruption. + */ + + memmove ((char *) &new_obj, obj, sizeof (new_obj)); + ta_maxcol = obj->TA_data.ta_maxcol; + + if (!(ecol = (entry_col *) malloc (ta_maxcol * sizeof (entry_col)))) { + DEBUG (0, ("memory allocation failure\n")); + nis_freeresult (result); + return False; + } + + memmove ((char *) ecol, obj->EN_data.en_cols.en_cols_val, + ta_maxcol * sizeof (entry_col)); + new_obj.EN_data.en_cols.en_cols_val = ecol; + new_obj.EN_data.en_cols.en_cols_len = ta_maxcol; + + if (init_nisp_from_sam (&new_obj, newpwd, obj) == True) { + slprintf (nisname, sizeof (nisname) - 1, "[name=%s],%s.%s", + pdb_get_username (newpwd), private->location, obj->zo_domain); + + DEBUG (10, ("NIS+ table update: %s\n", nisname)); + addresult = + nis_modify_entry (nisname, &new_obj, + MOD_SAMEOBJ | FOLLOW_PATH | + EXPAND_NAME | HARD_LOOKUP); + + if (addresult->status != NIS_SUCCESS) { + DEBUG (0, ("NIS+ table update failed: %s %s\n", + nisname, nis_sperrno (addresult->status))); + nis_freeresult (addresult); + nis_freeresult (result); + free (ecol); + return False; + } + + DEBUG (6, ("password changed\n")); + nis_freeresult (addresult); + } else { + DEBUG (6, ("nothing to change!\n")); + } + + free (ecol); + nis_freeresult (result); + + return True; +} + +/*************************************************************************** + Adds an existing SAM_ACCOUNT +****************************************************************************/ + +static BOOL nisplussam_add_sam_account (struct pdb_methods *methods, + SAM_ACCOUNT * newpwd) +{ + int local_user = 0; + char *pfile; + pstring pfiletmp; + char *nisname; + nis_result *result = NULL, *tblresult = NULL; + nis_object new_obj; + entry_col *ecol; + int ta_maxcol; + + /* + * 1. find user domain. + * a. try nis search in passwd.org_dir - if found use domain from result. + * b. try getpwnam. this may be needed if user is defined + * in /etc/passwd file (or elsewere) and not in passwd.org_dir. + * if found, use host default domain. + * c. exit with False - no such user. + * + * 2. add user + * a. find smbpasswd table + * search pfile in user domain if not found, try host default + * domain. + * b. smbpasswd domain is found, fill data and add entry. + * + * pfile should contain ONLY table name, org_dir will be concated. + * so, at first we will clear path prefix from pfile, and + * then we will use pfiletmp as playground to put together full + * nisname string. + * such approach will make it possible to specify samba private dir + * AND still use NIS+ table. as all domain related data is normally + * stored in org_dir.DOMAIN, this should be ok do do. + */ + + pfile = private->location; + if (strrchr (pfile, '/')) + pfile = strrchr (pfile, '/') + 1; + + /* + * Check if user is already there. + */ + safe_strcpy (pfiletmp, pfile, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".org_dir", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + + if (pdb_get_username (newpwd) != NULL) { + nisname = make_nisname_from_name (pdb_get_username (newpwd), + pfiletmp); + } else { + return False; + } + + if (! + (result = + nisp_get_nis_list (nisname, + MASTER_ONLY | FOLLOW_LINKS | FOLLOW_PATH | + EXPAND_NAME | HARD_LOOKUP))) { + return False; + } + if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) { + DEBUG (3, ("nis_list failure: %s: %s\n", + nisname, nis_sperrno (result->status))); + nis_freeresult (result); + return False; + } + + if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ (result) > 0) { + DEBUG (3, ("User already exists in NIS+ password db: %s\n", + pfile)); + nis_freeresult (result); + return False; + } + + nis_freeresult (result); /* no such user, free results */ + + /* + * check for user in unix password database. we need this to get + * domain, where smbpasswd entry should be stored. + */ + + nisname = make_nisname_from_name (pdb_get_username (newpwd), + "passwd.org_dir"); + + result = nisp_get_nis_list (nisname, + MASTER_ONLY | FOLLOW_LINKS | FOLLOW_PATH | + EXPAND_NAME | HARD_LOOKUP); + + if (result->status != NIS_SUCCESS || NIS_RES_NUMOBJ (result) <= 0) { + struct passwd *passwd; + + DEBUG (3, ("nis_list failure: %s: %s\n", + nisname, nis_sperrno (result->status))); + nis_freeresult (result); + + if (!(passwd = getpwnam_alloc (pdb_get_username (newpwd)))) { + /* no such user in system! */ + return False; + } + passwd_free (&passwd); + + /* + * user is defined, but not in passwd.org_dir. + */ + local_user = 1; + } else { + safe_strcpy (pfiletmp, pfile, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + safe_strcat (pfiletmp, NIS_RES_OBJECT (result)->zo_domain, + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + nis_freeresult (result); /* not needed any more */ + + tblresult = nisp_get_nis_list (pfiletmp, + MASTER_ONLY | FOLLOW_LINKS | + FOLLOW_PATH | EXPAND_NAME | + HARD_LOOKUP); + } + + if (local_user || tblresult->status != NIS_SUCCESS) { + /* + * no user domain or + * smbpasswd table not found in user domain, fallback to + * default domain. + */ + if (!local_user) /* free previous failed search result */ + nis_freeresult (tblresult); + + safe_strcpy (pfiletmp, pfile, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".org_dir", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + tblresult = nis_lookup (pfiletmp, MASTER_ONLY | FOLLOW_LINKS | + FOLLOW_PATH | EXPAND_NAME | + HARD_LOOKUP); + if (tblresult->status != NIS_SUCCESS) { + /* still nothing. bail out */ + nis_freeresult (tblresult); + DEBUG (3, ("nis_lookup failure: %s\n", + nis_sperrno (tblresult->status))); + return False; + } + /* we need full name for nis_add_entry() */ + safe_strcpy (pfiletmp, pfile, sizeof (pfiletmp) - 1); + safe_strcat (pfiletmp, ".", + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + safe_strcat (pfiletmp, NIS_RES_OBJECT (tblresult)->zo_domain, + sizeof (pfiletmp) - strlen (pfiletmp) - 1); + } + + memset ((char *) &new_obj, 0, sizeof (new_obj)); + /* fill entry headers */ + /* we do not free these. */ + new_obj.zo_name = NIS_RES_OBJECT (tblresult)->zo_name; + new_obj.zo_owner = NIS_RES_OBJECT (tblresult)->zo_owner; + new_obj.zo_group = NIS_RES_OBJECT (tblresult)->zo_group; + new_obj.zo_domain = NIS_RES_OBJECT (tblresult)->zo_domain; + /* uints */ + new_obj.zo_access = NIS_RES_OBJECT (tblresult)->zo_access; + new_obj.zo_ttl = NIS_RES_OBJECT (tblresult)->zo_ttl; + + new_obj.zo_data.zo_type = ENTRY_OBJ; + new_obj.EN_data.en_type = NIS_RES_OBJECT (tblresult)->TA_data.ta_type; + + ta_maxcol = NIS_RES_OBJECT (tblresult)->TA_data.ta_maxcol; + + if (!(ecol = (entry_col *) malloc (ta_maxcol * sizeof (entry_col)))) { + DEBUG (0, ("memory allocation failure\n")); + nis_freeresult (tblresult); + return False; + } + + memset ((char *) ecol, 0, ta_maxcol * sizeof (entry_col)); + new_obj.EN_data.en_cols.en_cols_val = ecol; + new_obj.EN_data.en_cols.en_cols_len = ta_maxcol; + + init_nisp_from_sam (&new_obj, newpwd, NULL); + + DEBUG (10, ("add NIS+ entry: %s\n", nisname)); + result = nis_add_entry (pfiletmp, &new_obj, 0); + + free (ecol); /* free allocated entry space */ + + if (result->status != NIS_SUCCESS) { + DEBUG (3, ("NIS+ table update failed: %s,%s\n", + nisname, nis_sperrno (result->status))); + nis_freeresult (tblresult); + nis_freeresult (result); + return False; + } + + nis_freeresult (tblresult); + nis_freeresult (result); + + return True; } /*************************************************************** - make_nisname_from_uid + make_nisname_from_user_rid ****************************************************************/ -static char *make_nisname_from_uid(int uid, char *pfile) +static char *make_nisname_from_user_rid (uint32 rid, char *pfile) { static pstring nisname; - safe_strcpy(nisname, "[uid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); + safe_strcpy (nisname, "[user_rid=", sizeof (nisname) - 1); + slprintf (nisname, sizeof (nisname) - 1, "%s%d", nisname, rid); + safe_strcat (nisname, "],", sizeof (nisname) - strlen (nisname) - 1); + safe_strcat (nisname, pfile, sizeof (nisname) - strlen (nisname) - 1); return nisname; } @@ -174,14 +682,15 @@ static char *make_nisname_from_uid(int uid, char *pfile) /*************************************************************** make_nisname_from_name ****************************************************************/ -static char *make_nisname_from_name(const char *user_name, char *pfile) +static char *make_nisname_from_name (const char *user_name, char *pfile) { static pstring nisname; - safe_strcpy(nisname, "[name=", sizeof(nisname)-1); - safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); + safe_strcpy (nisname, "[name=", sizeof (nisname) - 1); + safe_strcat (nisname, user_name, + sizeof (nisname) - strlen (nisname) - 1); + safe_strcat (nisname, "],", sizeof (nisname) - strlen (nisname) - 1); + safe_strcat (nisname, pfile, sizeof (nisname) - strlen (nisname) - 1); return nisname; } @@ -189,297 +698,323 @@ static char *make_nisname_from_name(const char *user_name, char *pfile) /************************************************************************* gets a NIS+ attribute *************************************************************************/ -static void get_single_attribute(const nis_object *new_obj, int col, - char *val, int len) +static void get_single_attribute (const nis_object * new_obj, int col, + char *val, int len) { int entry_len; - if (new_obj == NULL || val == NULL) return; - - entry_len = ENTRY_LEN(new_obj, col); - if (len > entry_len) - { + if (new_obj == NULL || val == NULL) + return; + + entry_len = ENTRY_LEN (new_obj, col); + if (len > entry_len) { len = entry_len; } - safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1); + safe_strcpy (val, ENTRY_VAL (new_obj, col), len - 1); } /************************************************************************ makes a struct sam_passwd from a NIS+ object. ************************************************************************/ -static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj) +static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, + const nis_object * obj) { - char *ptr; - pstring full_name; /* this must be translated to dos code page */ - pstring acct_desc; /* this must be translated to dos code page */ - pstring home_dir; /* set default value from smb.conf for user */ - pstring home_drive; /* set default value from smb.conf for user */ - pstring logon_script; /* set default value from smb.conf for user */ - pstring profile_path; /* set default value from smb.conf for user */ - pstring hours; - int hours_len; - unsigned char smbpwd[16]; - unsigned char smbntpwd[16]; - - - /* - * time values. note: this code assumes 32bit time_t! - */ - - /* Don't change these timestamp settings without a good reason. They are - important for NT member server compatibility. */ - - pdb_set_logon_time(pw_buf, (time_t)0, True); - ptr = (uchar *)ENTRY_VAL(obj, NPF_LOGON_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "LNT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_logon_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True); - } - } - - pdb_set_logoff_time(pw_buf, get_time_t_max(), True); - ptr = (uchar *)ENTRY_VAL(obj, NPF_LOGOFF_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "LOT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_logoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True); - } - } - - pdb_set_kickoff_time(pw_buf, get_time_t_max(), True); - ptr = (uchar *)ENTRY_VAL(obj, NPF_KICK_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "KOT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_kickoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True); - } - } - - pdb_set_pass_last_set_time(pw_buf, (time_t)0); - ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDLSET_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "LCT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_pass_last_set_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); - } - } - - pdb_set_pass_can_change_time(pw_buf, (time_t)0, True); - ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDCCHG_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "CCT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_pass_can_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True); - } - } - - pdb_set_pass_must_change_time(pw_buf, get_time_t_max(), True); /* Password never expires. */ - ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDMCHG_T); - if(ptr && *ptr && (StrnCaseCmp(ptr, "MCT-", 4)==0)) { - int i; - ptr += 4; - for(i = 0; i < 8; i++) { - if(ptr[i] == '\0' || !isxdigit(ptr[i])) - break; - } - if(i == 8) { - pdb_set_pass_must_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True); - } - } - - /* string values */ - pdb_set_username(pw_buf, ENTRY_VAL(obj, NPF_NAME)); - pdb_set_domain(pw_buf, lp_workgroup()); - /* pdb_set_nt_username() -- cant set it here... */ - - get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring)); + char *ptr; + pstring full_name; /* this must be translated to dos code page */ + pstring acct_desc; /* this must be translated to dos code page */ + pstring home_dir; /* set default value from smb.conf for user */ + pstring home_drive; /* set default value from smb.conf for user */ + pstring logon_script; /* set default value from smb.conf for user */ + pstring profile_path; /* set default value from smb.conf for user */ + pstring hours; + int hours_len; + unsigned char smbpwd[16]; + unsigned char smbntpwd[16]; + + + /* + * time values. note: this code assumes 32bit time_t! + */ + + /* Don't change these timestamp settings without a good reason. They are + important for NT member server compatibility. */ + + pdb_set_logon_time (pw_buf, (time_t) 0, True); + ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGON_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "LNT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_logon_time (pw_buf, + (time_t) strtol (ptr, NULL, 16), + True); + } + } + + pdb_set_logoff_time (pw_buf, get_time_t_max (), True); + ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGOFF_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "LOT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_logoff_time (pw_buf, + (time_t) strtol (ptr, NULL, 16), + True); + } + } + + pdb_set_kickoff_time (pw_buf, get_time_t_max (), True); + ptr = (uchar *) ENTRY_VAL (obj, NPF_KICK_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "KOT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_kickoff_time (pw_buf, + (time_t) strtol (ptr, NULL, 16), + True); + } + } + + pdb_set_pass_last_set_time (pw_buf, (time_t) 0); + ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDLSET_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "LCT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_pass_last_set_time (pw_buf, + (time_t) strtol (ptr, + NULL, + 16)); + } + } + + pdb_set_pass_can_change_time (pw_buf, (time_t) 0, True); + ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDCCHG_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "CCT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_pass_can_change_time (pw_buf, + (time_t) strtol (ptr, + NULL, + 16), + True); + } + } + + pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), True); /* Password never expires. */ + ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDMCHG_T); + if (ptr && *ptr && (StrnCaseCmp (ptr, "MCT-", 4) == 0)) { + int i; + + ptr += 4; + for (i = 0; i < 8; i++) { + if (ptr[i] == '\0' || !isxdigit (ptr[i])) + break; + } + if (i == 8) { + pdb_set_pass_must_change_time (pw_buf, + (time_t) strtol (ptr, + NULL, + 16), + True); + } + } + + /* string values */ + pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME)); + pdb_set_domain (pw_buf, lp_workgroup ()); + /* pdb_set_nt_username() -- cant set it here... */ + + get_single_attribute (obj, NPF_FULL_NAME, full_name, + sizeof (pstring)); #if 0 - unix_to_dos(full_name, True); + unix_to_dos (full_name, True); #endif - pdb_set_fullname(pw_buf, full_name); + pdb_set_fullname (pw_buf, full_name); - pdb_set_acct_ctrl(pw_buf, pdb_decode_acct_ctrl(ENTRY_VAL(obj, - NPF_ACB))); + pdb_set_acct_ctrl (pw_buf, pdb_decode_acct_ctrl (ENTRY_VAL (obj, + NPF_ACB))); - get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring)); + get_single_attribute (obj, NPF_ACCT_DESC, acct_desc, + sizeof (pstring)); #if 0 - unix_to_dos(acct_desc, True); + unix_to_dos (acct_desc, True); #endif - pdb_set_acct_desc(pw_buf, acct_desc); - - pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS)); - pdb_set_munged_dial(pw_buf, NULL); - - pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); - pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); - pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); - pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); - - /* values, must exist for user */ - if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { - - get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); - if( !(home_dir && *home_dir) ) { - pstrcpy(home_dir, lp_logon_home()); - pdb_set_homedir(pw_buf, home_dir, False); - } - else - pdb_set_homedir(pw_buf, home_dir, True); - - get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring)); - if( !(home_drive && *home_drive) ) { - pstrcpy(home_drive, lp_logon_drive()); - pdb_set_dir_drive(pw_buf, home_drive, False); - } - else - pdb_set_dir_drive(pw_buf, home_drive, True); - - get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, - sizeof(pstring)); - if( !(logon_script && *logon_script) ) { - pstrcpy(logon_script, lp_logon_script()); - } - else - pdb_set_logon_script(pw_buf, logon_script, True); - - get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring)); - if( !(profile_path && *profile_path) ) { - pstrcpy(profile_path, lp_logon_path()); - pdb_set_profile_path(pw_buf, profile_path, False); - } - else - pdb_set_profile_path(pw_buf, profile_path, True); - - } - else - { - /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); - } - - /* Check the lanman password column. */ - ptr = (char *)ENTRY_VAL(obj, NPF_LMPWD); - if (!pdb_set_lanman_passwd(pw_buf, NULL)) - return False; + pdb_set_acct_desc (pw_buf, acct_desc); + + pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS)); + pdb_set_munged_dial (pw_buf, NULL); + + pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID))); + pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID))); + pdb_set_user_sid_from_rid (pw_buf, + atoi (ENTRY_VAL (obj, NPF_USER_RID))); + pdb_set_group_sid_from_rid (pw_buf, + atoi (ENTRY_VAL (obj, NPF_GROUP_RID))); + + /* values, must exist for user */ + if (!(pdb_get_acct_ctrl (pw_buf) & ACB_WSTRUST)) { + + get_single_attribute (obj, NPF_HOME_DIR, home_dir, + sizeof (pstring)); + if (!(home_dir && *home_dir)) { + pstrcpy (home_dir, lp_logon_home ()); + pdb_set_homedir (pw_buf, home_dir, False); + } else + pdb_set_homedir (pw_buf, home_dir, True); + + get_single_attribute (obj, NPF_DIR_DRIVE, home_drive, + sizeof (pstring)); + if (!(home_drive && *home_drive)) { + pstrcpy (home_drive, lp_logon_drive ()); + pdb_set_dir_drive (pw_buf, home_drive, False); + } else + pdb_set_dir_drive (pw_buf, home_drive, True); + + get_single_attribute (obj, NPF_LOGON_SCRIPT, logon_script, + sizeof (pstring)); + if (!(logon_script && *logon_script)) { + pstrcpy (logon_script, lp_logon_script ()); + } else + pdb_set_logon_script (pw_buf, logon_script, True); + + get_single_attribute (obj, NPF_PROFILE_PATH, profile_path, + sizeof (pstring)); + if (!(profile_path && *profile_path)) { + pstrcpy (profile_path, lp_logon_path ()); + pdb_set_profile_path (pw_buf, profile_path, False); + } else + pdb_set_profile_path (pw_buf, profile_path, True); + + } else { + /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ + pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); + } - if (!strncasecmp(ptr, "NO PASSWORD", 11)) { - pdb_set_acct_ctrl(pw_buf, pdb_get_acct_ctrl(pw_buf) | ACB_PWNOTREQ); - } else { - if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbpwd)) { - DEBUG(0, ("malformed LM pwd entry: %s.\n", - pdb_get_username(pw_buf))); - return False; - } - if (!pdb_set_lanman_passwd(pw_buf, smbpwd)) + /* Check the lanman password column. */ + ptr = (char *) ENTRY_VAL (obj, NPF_LMPWD); + if (!pdb_set_lanman_passwd (pw_buf, NULL)) return False; - } - - /* Check the NT password column. */ - ptr = ENTRY_VAL(obj, NPF_NTPWD); - if (!pdb_set_nt_passwd(pw_buf, NULL)) - return False; - - if (!(pdb_get_acct_ctrl(pw_buf) & ACB_PWNOTREQ) && - strncasecmp(ptr, "NO PASSWORD", 11)) { - if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbntpwd)) { - DEBUG(0, ("malformed NT pwd entry:\ - uid = %d.\n", - pdb_get_uid(pw_buf))); - return False; - } - if (!pdb_set_nt_passwd(pw_buf, smbntpwd)) + + if (!strncasecmp (ptr, "NO PASSWORD", 11)) { + pdb_set_acct_ctrl (pw_buf, + pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ); + } else { + if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbpwd)) { + DEBUG (0, ("malformed LM pwd entry: %s.\n", + pdb_get_username (pw_buf))); + return False; + } + if (!pdb_set_lanman_passwd (pw_buf, smbpwd)) + return False; + } + + /* Check the NT password column. */ + ptr = ENTRY_VAL (obj, NPF_NTPWD); + if (!pdb_set_nt_passwd (pw_buf, NULL)) return False; - } - - pdb_set_unknown_3(pw_buf, 0xffffff); /* don't know */ - pdb_set_logon_divs(pw_buf, 168); /* hours per week */ - - if( (hours_len = ENTRY_LEN(obj, NPF_HOURS)) == 21 ) { - memcpy(hours, ENTRY_VAL(obj, NPF_HOURS), hours_len); - } else { - hours_len = 21; /* 21 times 8 bits = 168 */ - /* available at all hours */ - memset(hours, 0xff, hours_len); - } - pdb_set_hours_len(pw_buf, hours_len); - pdb_set_hours(pw_buf, hours); - - pdb_set_unknown_5(pw_buf, 0x00020000); /* don't know */ - pdb_set_unknown_6(pw_buf, 0x000004ec); /* don't know */ - - return True; + + if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) && + strncasecmp (ptr, "NO PASSWORD", 11)) { + if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) { + DEBUG (0, ("malformed NT pwd entry:\ + uid = %d.\n", pdb_get_uid (pw_buf))); + return False; + } + if (!pdb_set_nt_passwd (pw_buf, smbntpwd)) + return False; + } + + pdb_set_unknown_3 (pw_buf, 0xffffff); /* don't know */ + pdb_set_logon_divs (pw_buf, 168); /* hours per week */ + + if ((hours_len = ENTRY_LEN (obj, NPF_HOURS)) == 21) { + memcpy (hours, ENTRY_VAL (obj, NPF_HOURS), hours_len); + } else { + hours_len = 21; /* 21 times 8 bits = 168 */ + /* available at all hours */ + memset (hours, 0xff, hours_len); + } + pdb_set_hours_len (pw_buf, hours_len); + pdb_set_hours (pw_buf, hours); + + pdb_set_unknown_5 (pw_buf, 0x00020000); /* don't know */ + pdb_set_unknown_6 (pw_buf, 0x000004ec); /* don't know */ + + return True; } /************************************************************************ makes a struct sam_passwd from a NIS+ result. ************************************************************************/ -static BOOL make_sam_from_nisresult(SAM_ACCOUNT *pw_buf, const nis_result *result) +static BOOL make_sam_from_nisresult (SAM_ACCOUNT * pw_buf, + const nis_result * result) { - if (pw_buf == NULL || result == NULL) return False; + if (pw_buf == NULL || result == NULL) + return False; - if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) - { - DEBUG(0, ("NIS+ lookup failure: %s\n", - nis_sperrno(result->status))); + if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) { + DEBUG (0, ("NIS+ lookup failure: %s\n", + nis_sperrno (result->status))); return False; } /* User not found. */ - if (NIS_RES_NUMOBJ(result) <= 0) - { - DEBUG(10, ("user not found in NIS+\n")); + if (NIS_RES_NUMOBJ (result) <= 0) { + DEBUG (10, ("user not found in NIS+\n")); return False; } - if (NIS_RES_NUMOBJ(result) > 1) - { - DEBUG(10, ("WARNING: Multiple entries for user in NIS+ table!\n")); + if (NIS_RES_NUMOBJ (result) > 1) { + DEBUG (10, + ("WARNING: Multiple entries for user in NIS+ table!\n")); } /* Grab the first hit. */ - return make_sam_from_nisp_object(pw_buf, &NIS_RES_OBJECT(result)[0]); + return make_sam_from_nisp_object (pw_buf, + &NIS_RES_OBJECT (result)[0]); } /************************************************************************* sets a NIS+ attribute *************************************************************************/ -static void set_single_attribute(nis_object *new_obj, int col, - const char *val, int len, int flags) +static void set_single_attribute (nis_object * new_obj, int col, + const char *val, int len, int flags) { - if (new_obj == NULL) return; + if (new_obj == NULL) + return; - ENTRY_VAL(new_obj, col) = val; - ENTRY_LEN(new_obj, col) = len+1; + ENTRY_VAL (new_obj, col) = val; + ENTRY_LEN (new_obj, col) = len + 1; - if (flags != 0) - { + if (flags != 0) { new_obj->EN_data.en_cols.en_cols_val[col].ec_flags = flags; } } @@ -488,951 +1023,523 @@ static void set_single_attribute(nis_object *new_obj, int col, copy or modify nis object. this object is used to add or update nisplus table entry. ****************************************************************/ -static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass, - nis_object *old) +static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, + nis_object * old) { - /* - * Fill nis_object for entry add or update. - * if we are updateing, we have to find out differences and set - * EN_MODIFIED flag. also set need_to_modify to trigger - * nis_modify_entry() call in pdb_update_sam_account(). - * - * TODO: - * get data from SAM - * if (modify) get data from nis_object, compare and store if - * different + set EN_MODIFIED and need_to_modify - * else - * store - */ - BOOL need_to_modify = False; - const char *name = pdb_get_username(sampass); /* from SAM */ - /* these must be static or allocate and free entry columns! */ - static fstring uid; /* from SAM */ - static fstring user_rid; /* from SAM */ - static fstring gid; /* from SAM */ - static fstring group_rid; /* from SAM */ - char *acb; /* from SAM */ - static fstring smb_passwd; /* from SAM */ - static fstring smb_nt_passwd; /* from SAM */ - static fstring logon_t; /* from SAM */ - static fstring logoff_t; /* from SAM */ - static fstring kickoff_t; /* from SAM */ - static fstring pwdlset_t; /* from SAM */ - static fstring pwdlchg_t; /* from SAM */ - static fstring pwdmchg_t; /* from SAM */ - static fstring full_name; /* from SAM */ - static fstring acct_desc; /* from SAM */ - static char empty[1]; /* just an empty string */ - - slprintf(uid, sizeof(uid)-1, "%u", pdb_get_uid(sampass)); - slprintf(user_rid, sizeof(user_rid)-1, "%u", - pdb_get_user_rid(sampass)? pdb_get_user_rid(sampass): - pdb_uid_to_user_rid(pdb_get_uid(sampass))); - slprintf(gid, sizeof(gid)-1, "%u", pdb_get_gid(sampass)); + /* + * Fill nis_object for entry add or update. + * if we are updateing, we have to find out differences and set + * EN_MODIFIED flag. also set need_to_modify to trigger + * nis_modify_entry() call in pdb_update_sam_account(). + * + * TODO: + * get data from SAM + * if (modify) get data from nis_object, compare and store if + * different + set EN_MODIFIED and need_to_modify + * else + * store + */ + BOOL need_to_modify = False; + const char *name = pdb_get_username (sampass); /* from SAM */ + + /* these must be static or allocate and free entry columns! */ + static fstring uid; /* from SAM */ + static fstring user_rid; /* from SAM */ + static fstring gid; /* from SAM */ + static fstring group_rid; /* from SAM */ + char *acb; /* from SAM */ + static fstring smb_passwd; /* from SAM */ + static fstring smb_nt_passwd; /* from SAM */ + static fstring logon_t; /* from SAM */ + static fstring logoff_t; /* from SAM */ + static fstring kickoff_t; /* from SAM */ + static fstring pwdlset_t; /* from SAM */ + static fstring pwdlchg_t; /* from SAM */ + static fstring pwdmchg_t; /* from SAM */ + static fstring full_name; /* from SAM */ + static fstring acct_desc; /* from SAM */ + static char empty[1]; /* just an empty string */ + + slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass)); + slprintf (user_rid, sizeof (user_rid) - 1, "%u", + pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) : + fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass))); + slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass)); { uint32 rid; GROUP_MAP map; - - rid=pdb_get_group_rid(sampass); - if (rid==0) { - if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) { - if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) + rid = pdb_get_group_rid (sampass); + + if (rid == 0) { + if (get_group_map_from_gid + (pdb_get_gid (sampass), &map, + MAPPING_WITHOUT_PRIV)) { + if (!sid_peek_check_rid + (get_global_sam_sid (), &map.sid, &rid)) return False; - } else - rid=pdb_gid_to_group_rid(pdb_get_gid(sampass)); + } else + rid = pdb_gid_to_group_rid (pdb_get_gid + (sampass)); } - slprintf(group_rid, sizeof(group_rid)-1, "%u", rid); + slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid); } - - acb = pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sampass), - NEW_PW_FORMAT_SPACE_PADDED_LEN); - pdb_sethexpwd (smb_passwd, pdb_get_lanman_passwd(sampass), - pdb_get_acct_ctrl(sampass)); - pdb_sethexpwd (smb_nt_passwd, pdb_get_nt_passwd(sampass), - pdb_get_acct_ctrl(sampass)); - slprintf(logon_t, 13, "LNT-%08X", - (uint32)pdb_get_logon_time(sampass)); - slprintf(logoff_t, 13, "LOT-%08X", - (uint32)pdb_get_logoff_time(sampass)); - slprintf(kickoff_t, 13, "KOT-%08X", - (uint32)pdb_get_kickoff_time(sampass)); - slprintf(pwdlset_t, 13, "LCT-%08X", - (uint32)pdb_get_pass_last_set_time(sampass)); - slprintf(pwdlchg_t, 13, "CCT-%08X", - (uint32)pdb_get_pass_can_change_time(sampass)); - slprintf(pwdmchg_t, 13, "MCT-%08X", - (uint32)pdb_get_pass_must_change_time(sampass)); - safe_strcpy(full_name, pdb_get_fullname(sampass), sizeof(full_name)-1); - safe_strcpy(acct_desc, pdb_get_acct_desc(sampass), sizeof(acct_desc)-1); + + acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass), + NEW_PW_FORMAT_SPACE_PADDED_LEN); + pdb_sethexpwd (smb_passwd, pdb_get_lanman_passwd (sampass), + pdb_get_acct_ctrl (sampass)); + pdb_sethexpwd (smb_nt_passwd, pdb_get_nt_passwd (sampass), + pdb_get_acct_ctrl (sampass)); + slprintf (logon_t, 13, "LNT-%08X", + (uint32) pdb_get_logon_time (sampass)); + slprintf (logoff_t, 13, "LOT-%08X", + (uint32) pdb_get_logoff_time (sampass)); + slprintf (kickoff_t, 13, "KOT-%08X", + (uint32) pdb_get_kickoff_time (sampass)); + slprintf (pwdlset_t, 13, "LCT-%08X", + (uint32) pdb_get_pass_last_set_time (sampass)); + slprintf (pwdlchg_t, 13, "CCT-%08X", + (uint32) pdb_get_pass_can_change_time (sampass)); + slprintf (pwdmchg_t, 13, "MCT-%08X", + (uint32) pdb_get_pass_must_change_time (sampass)); + safe_strcpy (full_name, pdb_get_fullname (sampass), + sizeof (full_name) - 1); + safe_strcpy (acct_desc, pdb_get_acct_desc (sampass), + sizeof (acct_desc) - 1); #if 0 - /* Not sure what to do with these guys. -tpot */ + /* Not sure what to do with these guys. -tpot */ - dos_to_unix(full_name, True); - dos_to_unix(acct_desc, True); + dos_to_unix (full_name, True); + dos_to_unix (acct_desc, True); #endif - if( old ) { - /* name */ - if(strcmp(ENTRY_VAL(old, NPF_NAME), name)) - { - need_to_modify = True; - set_single_attribute(obj, NPF_NAME, name, strlen(name), - EN_MODIFIED); - } + if (old) { + /* name */ + if (strcmp (ENTRY_VAL (old, NPF_NAME), name)) { + need_to_modify = True; + set_single_attribute (obj, NPF_NAME, name, + strlen (name), EN_MODIFIED); + } - /* uid */ - if(pdb_get_uid(sampass) != -1) { - if(!ENTRY_VAL(old, NPF_UID) || strcmp(ENTRY_VAL(old, NPF_UID), uid)) - { - need_to_modify = True; - set_single_attribute(obj, NPF_UID, uid, - strlen(uid), EN_MODIFIED); - } - } - - /* user_rid */ - if (pdb_get_user_rid(sampass)) { - if(!ENTRY_VAL(old, NPF_USER_RID) || - strcmp(ENTRY_VAL(old, NPF_USER_RID), user_rid) ) { - need_to_modify = True; - set_single_attribute(obj, NPF_USER_RID, user_rid, - strlen(user_rid), EN_MODIFIED); - } - } - - /* smb_grpid */ - if (pdb_get_gid(sampass) != -1) { - if(!ENTRY_VAL(old, NPF_SMB_GRPID) || - strcmp(ENTRY_VAL(old, NPF_SMB_GRPID), gid) ) { - need_to_modify = True; - set_single_attribute(obj, NPF_SMB_GRPID, gid, - strlen(gid), EN_MODIFIED); - } - } - - /* group_rid */ - if (pdb_get_group_rid(sampass)) { - if(!ENTRY_VAL(old, NPF_GROUP_RID) || - strcmp(ENTRY_VAL(old, NPF_GROUP_RID), group_rid) ) { - need_to_modify = True; - set_single_attribute(obj, NPF_GROUP_RID, group_rid, - strlen(group_rid), EN_MODIFIED); - } - } - - /* acb */ - if (!ENTRY_VAL(old, NPF_ACB) || - strcmp(ENTRY_VAL(old, NPF_ACB), acb)) { - need_to_modify = True; - set_single_attribute(obj, NPF_ACB, acb, strlen(acb), EN_MODIFIED); - } - - /* lmpwd */ - if(!ENTRY_VAL(old, NPF_LMPWD) || - strcmp(ENTRY_VAL(old, NPF_LMPWD), smb_passwd) ) { - need_to_modify = True; - set_single_attribute(obj, NPF_LMPWD, smb_passwd, - strlen(smb_passwd), EN_CRYPT|EN_MODIFIED); - } - - /* ntpwd */ - if(!ENTRY_VAL(old, NPF_NTPWD) || - strcmp(ENTRY_VAL(old, NPF_NTPWD), smb_nt_passwd) ) { - need_to_modify = True; - set_single_attribute(obj, NPF_NTPWD, smb_nt_passwd, - strlen(smb_nt_passwd), EN_CRYPT|EN_MODIFIED); - } - - /* logon_t */ - if( pdb_get_logon_time(sampass) && - (!ENTRY_VAL(old, NPF_LOGON_T) || - strcmp(ENTRY_VAL(old, NPF_LOGON_T), logon_t ))) { - need_to_modify = True; - set_single_attribute(obj, NPF_LOGON_T, logon_t, - strlen(logon_t), EN_MODIFIED); - } - - /* logoff_t */ - if( pdb_get_logoff_time(sampass) && - (!ENTRY_VAL(old, NPF_LOGOFF_T) || - strcmp(ENTRY_VAL(old, NPF_LOGOFF_T), logoff_t))) { - need_to_modify = True; - set_single_attribute(obj, NPF_LOGOFF_T, logoff_t, - strlen(logoff_t), EN_MODIFIED); - } - - /* kick_t */ - if( pdb_get_kickoff_time(sampass) && - (!ENTRY_VAL(old, NPF_KICK_T) || - strcmp(ENTRY_VAL(old, NPF_KICK_T), kickoff_t))) { - need_to_modify = True; - set_single_attribute(obj, NPF_KICK_T, kickoff_t, - strlen(kickoff_t), EN_MODIFIED); - } - - /* pwdlset_t */ - if( pdb_get_pass_last_set_time(sampass) && - (!ENTRY_VAL(old, NPF_PWDLSET_T) || - strcmp(ENTRY_VAL(old, NPF_PWDLSET_T), pwdlset_t))) { - need_to_modify = True; - set_single_attribute(obj, NPF_PWDLSET_T, pwdlset_t, - strlen(pwdlset_t), EN_MODIFIED); - } - - /* pwdlchg_t */ - if( pdb_get_pass_can_change_time(sampass) && - (!ENTRY_VAL(old, NPF_PWDCCHG_T) || - strcmp(ENTRY_VAL(old, NPF_PWDCCHG_T), pwdlchg_t))) { - need_to_modify = True; - set_single_attribute(obj, NPF_PWDCCHG_T, pwdlchg_t, - strlen(pwdlchg_t), EN_MODIFIED); - } - - /* pwdmchg_t */ - if( pdb_get_pass_must_change_time(sampass) && - (!ENTRY_VAL(old, NPF_PWDMCHG_T) || - strcmp(ENTRY_VAL(old, NPF_PWDMCHG_T), pwdmchg_t))) { - need_to_modify = True; - set_single_attribute(obj, NPF_PWDMCHG_T, pwdmchg_t, - strlen(pwdmchg_t), EN_MODIFIED); - } - - /* full_name */ - /* must support set, unset and change */ - if ( (pdb_get_fullname(sampass) && - !ENTRY_VAL(old, NPF_FULL_NAME)) || - (ENTRY_VAL(old, NPF_FULL_NAME) && - !pdb_get_fullname(sampass)) || - (ENTRY_VAL(old, NPF_FULL_NAME) && - pdb_get_fullname(sampass) && - strcmp( ENTRY_VAL(old, NPF_FULL_NAME), full_name ))) { - need_to_modify = True; - set_single_attribute(obj, NPF_FULL_NAME, full_name, - strlen(full_name), EN_MODIFIED); - } - - /* home_dir */ - /* must support set, unset and change */ - if( (pdb_get_homedir(sampass) && - !ENTRY_VAL(old, NPF_HOME_DIR)) || - (ENTRY_VAL(old, NPF_HOME_DIR) && - !pdb_get_homedir(sampass)) || - (ENTRY_VAL(old, NPF_HOME_DIR) && - pdb_get_homedir(sampass) && - strcmp( ENTRY_VAL(old, NPF_HOME_DIR), - pdb_get_homedir(sampass)))) { - need_to_modify = True; - set_single_attribute(obj, NPF_HOME_DIR, pdb_get_homedir(sampass), - strlen(pdb_get_homedir(sampass)), EN_MODIFIED); - } - - /* dir_drive */ - /* must support set, unset and change */ - if( (pdb_get_dir_drive(sampass) && - !ENTRY_VAL(old, NPF_DIR_DRIVE)) || - (ENTRY_VAL(old, NPF_DIR_DRIVE) && - !pdb_get_dir_drive(sampass)) || - (ENTRY_VAL(old, NPF_DIR_DRIVE) && - pdb_get_dir_drive(sampass) && - strcmp( ENTRY_VAL(old, NPF_DIR_DRIVE), - pdb_get_dir_drive(sampass)))) { - need_to_modify = True; - set_single_attribute(obj, NPF_DIR_DRIVE, pdb_get_dir_drive(sampass), - strlen(pdb_get_dir_drive(sampass)), EN_MODIFIED); - } - - /* logon_script */ - /* must support set, unset and change */ - if( (pdb_get_logon_script(sampass) && - !ENTRY_VAL(old, NPF_LOGON_SCRIPT) || - (ENTRY_VAL(old, NPF_LOGON_SCRIPT) && - !pdb_get_logon_script(sampass)) || - ( ENTRY_VAL(old, NPF_LOGON_SCRIPT) && - pdb_get_logon_script(sampass) && - strcmp( ENTRY_VAL(old, NPF_LOGON_SCRIPT), - pdb_get_logon_script(sampass))))) { - need_to_modify = True; - set_single_attribute(obj, NPF_LOGON_SCRIPT, - pdb_get_logon_script(sampass), - strlen(pdb_get_logon_script(sampass)), - EN_MODIFIED); - } - - /* profile_path */ - /* must support set, unset and change */ - if( (pdb_get_profile_path(sampass) && - !ENTRY_VAL(old, NPF_PROFILE_PATH)) || - (ENTRY_VAL(old, NPF_PROFILE_PATH) && - !pdb_get_profile_path(sampass)) || - (ENTRY_VAL(old, NPF_PROFILE_PATH) && - pdb_get_profile_path(sampass) && - strcmp( ENTRY_VAL(old, NPF_PROFILE_PATH), - pdb_get_profile_path(sampass) ) )) { - need_to_modify = True; - set_single_attribute(obj, NPF_PROFILE_PATH, - pdb_get_profile_path(sampass), - strlen(pdb_get_profile_path(sampass)), - EN_MODIFIED); - } - - /* acct_desc */ - /* must support set, unset and change */ - if( (pdb_get_acct_desc(sampass) && - !ENTRY_VAL(old, NPF_ACCT_DESC)) || - (ENTRY_VAL(old, NPF_ACCT_DESC) && - !pdb_get_acct_desc(sampass)) || - (ENTRY_VAL(old, NPF_ACCT_DESC) && - pdb_get_acct_desc(sampass) && - strcmp( ENTRY_VAL(old, NPF_ACCT_DESC), acct_desc ) )) { - need_to_modify = True; - set_single_attribute(obj, NPF_ACCT_DESC, acct_desc, - strlen(acct_desc), EN_MODIFIED); - } - - /* workstations */ - /* must support set, unset and change */ - if ( (pdb_get_workstations(sampass) && - !ENTRY_VAL(old, NPF_WORKSTATIONS) ) || - (ENTRY_VAL(old, NPF_WORKSTATIONS) && - !pdb_get_workstations(sampass)) || - (ENTRY_VAL(old, NPF_WORKSTATIONS) && - pdb_get_workstations(sampass)) && - strcmp( ENTRY_VAL(old, NPF_WORKSTATIONS), - pdb_get_workstations(sampass))) { - need_to_modify = True; - set_single_attribute(obj, NPF_WORKSTATIONS, - pdb_get_workstations(sampass), - strlen(pdb_get_workstations(sampass)), - EN_MODIFIED); - } - - /* hours */ - if ((pdb_get_hours_len(sampass) != ENTRY_LEN(old, NPF_HOURS)) || - memcmp(pdb_get_hours(sampass), ENTRY_VAL(old, NPF_HOURS), - ENTRY_LEN(old, NPF_HOURS))) { - need_to_modify = True; - /* set_single_attribute will add 1 for len ... */ - set_single_attribute(obj, NPF_HOURS, pdb_get_hours(sampass), - pdb_get_hours_len(sampass)-1, EN_MODIFIED); - } - } else { - const char *homedir, *dirdrive, *logon_script, *profile_path, *workstations; - - *empty = '\0'; /* empty string */ - - set_single_attribute(obj, NPF_NAME, name, strlen(name), 0); - set_single_attribute(obj, NPF_UID, uid, strlen(uid), 0); - set_single_attribute(obj, NPF_USER_RID, user_rid, - strlen(user_rid), 0); - set_single_attribute(obj, NPF_SMB_GRPID, gid, strlen(gid), 0); - set_single_attribute(obj, NPF_GROUP_RID, group_rid, - strlen(group_rid), 0); - set_single_attribute(obj, NPF_ACB, acb, strlen(acb), 0); - set_single_attribute(obj, NPF_LMPWD, smb_passwd, - strlen(smb_passwd), EN_CRYPT); - set_single_attribute(obj, NPF_NTPWD, smb_nt_passwd, - strlen(smb_nt_passwd), EN_CRYPT); - set_single_attribute(obj, NPF_LOGON_T, logon_t, - strlen(logon_t), 0); - set_single_attribute(obj, NPF_LOGOFF_T, logoff_t, - strlen(logoff_t), 0); - set_single_attribute(obj, NPF_KICK_T, kickoff_t, - strlen(kickoff_t),0); - set_single_attribute(obj, NPF_PWDLSET_T, pwdlset_t, - strlen(pwdlset_t), 0); - set_single_attribute(obj, NPF_PWDCCHG_T, pwdlchg_t, - strlen(pwdlchg_t), 0); - set_single_attribute(obj, NPF_PWDMCHG_T, pwdmchg_t, - strlen(pwdmchg_t), 0); - set_single_attribute(obj, NPF_FULL_NAME , - full_name, strlen(full_name), 0); - - if(!(homedir = pdb_get_homedir(sampass))) - homedir = empty; - - set_single_attribute(obj, NPF_HOME_DIR, - homedir, strlen(homedir), 0); - - if(!(dirdrive = pdb_get_dir_drive(sampass))) - dirdrive = empty; - - set_single_attribute(obj, NPF_DIR_DRIVE, - dirdrive, strlen(dirdrive), 0); - - if(!(logon_script = pdb_get_logon_script(sampass))) - logon_script = empty; - - set_single_attribute(obj, NPF_LOGON_SCRIPT, - logon_script, strlen(logon_script), 0); - - if(!(profile_path = pdb_get_profile_path(sampass))) - profile_path = empty; - - set_single_attribute(obj, NPF_PROFILE_PATH, - profile_path, strlen(profile_path), 0); - - set_single_attribute(obj, NPF_ACCT_DESC, - acct_desc, strlen(acct_desc), 0); - - if(!(workstations = pdb_get_workstations(sampass))) - workstations = empty; - - set_single_attribute(obj, NPF_WORKSTATIONS, - workstations, strlen(workstations), 0); - - /* set_single_attribute will add 1 for len ... */ - set_single_attribute(obj, NPF_HOURS, - pdb_get_hours(sampass), - pdb_get_hours_len(sampass)-1, 0); - } - - return need_to_modify; -} + /* uid */ + if (pdb_get_uid (sampass) != -1) { + if (!ENTRY_VAL (old, NPF_UID) + || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { + need_to_modify = True; + set_single_attribute (obj, NPF_UID, uid, + strlen (uid), + EN_MODIFIED); + } + } -/*************************************************************** - calls nis_list, returns results. - ****************************************************************/ -static nis_result *nisp_get_nis_list(const char *nis_name, unsigned int flags) -{ - nis_result *result; - int i; + /* user_rid */ + if (pdb_get_user_rid (sampass)) { + if (!ENTRY_VAL (old, NPF_USER_RID) || + strcmp (ENTRY_VAL (old, NPF_USER_RID), + user_rid)) { + need_to_modify = True; + set_single_attribute (obj, NPF_USER_RID, + user_rid, + strlen (user_rid), + EN_MODIFIED); + } + } - if( ! flags) - flags = FOLLOW_LINKS|FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP; - - for(i = 0; i<2;i++ ) { - alarm(60); /* hopefully ok for long searches */ - result = nis_list(nis_name, flags,NULL,NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - if( !(flags & MASTER_ONLY) && NIS_RES_NUMOBJ(result) <= 0 ) { - /* nis replicas are not in sync perhaps? - * this can happen, if account was just added. - */ - DEBUG(10,("will try master only\n")); - nis_freeresult(result); - flags |= MASTER_ONLY; - } else - break; - } - return result; -} + /* smb_grpid */ + if (pdb_get_gid (sampass) != -1) { + if (!ENTRY_VAL (old, NPF_SMB_GRPID) || + strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { + need_to_modify = True; + set_single_attribute (obj, NPF_SMB_GRPID, gid, + strlen (gid), + EN_MODIFIED); + } + } -/*************************************************************** - Start to enumerate the nisplus passwd list. - ****************************************************************/ -BOOL pdb_setsampwent(BOOL update) -{ - char *sp, * p = lp_smb_passwd_file(); - pstring pfiletmp; + /* group_rid */ + if (pdb_get_group_rid (sampass)) { + if (!ENTRY_VAL (old, NPF_GROUP_RID) || + strcmp (ENTRY_VAL (old, NPF_GROUP_RID), + group_rid)) { + need_to_modify = True; + set_single_attribute (obj, NPF_GROUP_RID, + group_rid, + strlen (group_rid), + EN_MODIFIED); + } + } - if( (sp = strrchr( p, '/' )) ) - safe_strcpy(pfiletmp, sp+1, sizeof(pfiletmp)-1); - else - safe_strcpy(pfiletmp, p, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".org_dir", sizeof(pfiletmp)-strlen(pfiletmp)-1); + /* acb */ + if (!ENTRY_VAL (old, NPF_ACB) || + strcmp (ENTRY_VAL (old, NPF_ACB), acb)) { + need_to_modify = True; + set_single_attribute (obj, NPF_ACB, acb, strlen (acb), + EN_MODIFIED); + } - pdb_endsampwent(); /* just in case */ - global_nisp_ent.result = nisp_get_nis_list( pfiletmp, 0 ); - global_nisp_ent.enum_entry = 0; - return global_nisp_ent.result != NULL ? True : False; -} + /* lmpwd */ + if (!ENTRY_VAL (old, NPF_LMPWD) || + strcmp (ENTRY_VAL (old, NPF_LMPWD), smb_passwd)) { + need_to_modify = True; + set_single_attribute (obj, NPF_LMPWD, smb_passwd, + strlen (smb_passwd), + EN_CRYPT | EN_MODIFIED); + } -/*************************************************************** - End enumeration of the nisplus passwd list. -****************************************************************/ -void pdb_endsampwent(void) -{ - if( global_nisp_ent.result ) - nis_freeresult(global_nisp_ent.result); - global_nisp_ent.result = NULL; - global_nisp_ent.enum_entry = 0; -} + /* ntpwd */ + if (!ENTRY_VAL (old, NPF_NTPWD) || + strcmp (ENTRY_VAL (old, NPF_NTPWD), smb_nt_passwd)) { + need_to_modify = True; + set_single_attribute (obj, NPF_NTPWD, smb_nt_passwd, + strlen (smb_nt_passwd), + EN_CRYPT | EN_MODIFIED); + } -/************************************************************************* - Routine to return the next entry in the nisplus passwd list. - *************************************************************************/ -BOOL pdb_getsampwent(SAM_ACCOUNT *user) -{ - int enum_entry = (int)(global_nisp_ent.enum_entry); - nis_result *result = global_nisp_ent.result; - - if (user==NULL) { - DEBUG(0,("SAM_ACCOUNT is NULL.\n")); - return False; - } + /* logon_t */ + if (pdb_get_logon_time (sampass) && + (!ENTRY_VAL (old, NPF_LOGON_T) || + strcmp (ENTRY_VAL (old, NPF_LOGON_T), logon_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_LOGON_T, logon_t, + strlen (logon_t), EN_MODIFIED); + } - if (result == NULL || - enum_entry < 0 || enum_entry >= (NIS_RES_NUMOBJ(result) - 1)) - { - return False; - } + /* logoff_t */ + if (pdb_get_logoff_time (sampass) && + (!ENTRY_VAL (old, NPF_LOGOFF_T) || + strcmp (ENTRY_VAL (old, NPF_LOGOFF_T), logoff_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_LOGOFF_T, logoff_t, + strlen (logoff_t), EN_MODIFIED); + } - if(!make_sam_from_nisp_object(user, &NIS_RES_OBJECT(result)[enum_entry]) ) - { - DEBUG(0,("Bad SAM_ACCOUNT entry returned from NIS+!\n")); - return False; - } - (int)(global_nisp_ent.enum_entry)++; - return True; -} + /* kick_t */ + if (pdb_get_kickoff_time (sampass) && + (!ENTRY_VAL (old, NPF_KICK_T) || + strcmp (ENTRY_VAL (old, NPF_KICK_T), kickoff_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_KICK_T, kickoff_t, + strlen (kickoff_t), + EN_MODIFIED); + } -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) -{ - /* Static buffers we will return. */ - nis_result *result = NULL; - pstring nisname; - BOOL ret; - char *pfile = lp_smb_passwd_file(); - int i; + /* pwdlset_t */ + if (pdb_get_pass_last_set_time (sampass) && + (!ENTRY_VAL (old, NPF_PWDLSET_T) || + strcmp (ENTRY_VAL (old, NPF_PWDLSET_T), pwdlset_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_PWDLSET_T, pwdlset_t, + strlen (pwdlset_t), + EN_MODIFIED); + } - if (!*pfile) - { - DEBUG(0, ("No SMB password file set\n")); - return False; - } - if( strrchr( pfile, '/') ) - pfile = strrchr( pfile, '/') + 1; + /* pwdlchg_t */ + if (pdb_get_pass_can_change_time (sampass) && + (!ENTRY_VAL (old, NPF_PWDCCHG_T) || + strcmp (ENTRY_VAL (old, NPF_PWDCCHG_T), pwdlchg_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_PWDCCHG_T, pwdlchg_t, + strlen (pwdlchg_t), + EN_MODIFIED); + } - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir", sname, pfile); - DEBUG(10, ("search by nisname: %s\n", nisname)); + /* pwdmchg_t */ + if (pdb_get_pass_must_change_time (sampass) && + (!ENTRY_VAL (old, NPF_PWDMCHG_T) || + strcmp (ENTRY_VAL (old, NPF_PWDMCHG_T), pwdmchg_t))) { + need_to_modify = True; + set_single_attribute (obj, NPF_PWDMCHG_T, pwdmchg_t, + strlen (pwdmchg_t), + EN_MODIFIED); + } - /* Search the table. */ + /* full_name */ + /* must support set, unset and change */ + if ((pdb_get_fullname (sampass) && + !ENTRY_VAL (old, NPF_FULL_NAME)) || + (ENTRY_VAL (old, NPF_FULL_NAME) && + !pdb_get_fullname (sampass)) || + (ENTRY_VAL (old, NPF_FULL_NAME) && + pdb_get_fullname (sampass) && + strcmp (ENTRY_VAL (old, NPF_FULL_NAME), full_name))) { + need_to_modify = True; + set_single_attribute (obj, NPF_FULL_NAME, full_name, + strlen (full_name), + EN_MODIFIED); + } - if(!(result = nisp_get_nis_list(nisname, 0))) - { - return False; - } + /* home_dir */ + /* must support set, unset and change */ + if ((pdb_get_homedir (sampass) && + !ENTRY_VAL (old, NPF_HOME_DIR)) || + (ENTRY_VAL (old, NPF_HOME_DIR) && + !pdb_get_homedir (sampass)) || + (ENTRY_VAL (old, NPF_HOME_DIR) && + pdb_get_homedir (sampass) && + strcmp (ENTRY_VAL (old, NPF_HOME_DIR), + pdb_get_homedir (sampass)))) { + need_to_modify = True; + set_single_attribute (obj, NPF_HOME_DIR, + pdb_get_homedir (sampass), + strlen (pdb_get_homedir + (sampass)), + EN_MODIFIED); + } - ret = make_sam_from_nisresult(user, result); - nis_freeresult(result); + /* dir_drive */ + /* must support set, unset and change */ + if ((pdb_get_dir_drive (sampass) && + !ENTRY_VAL (old, NPF_DIR_DRIVE)) || + (ENTRY_VAL (old, NPF_DIR_DRIVE) && + !pdb_get_dir_drive (sampass)) || + (ENTRY_VAL (old, NPF_DIR_DRIVE) && + pdb_get_dir_drive (sampass) && + strcmp (ENTRY_VAL (old, NPF_DIR_DRIVE), + pdb_get_dir_drive (sampass)))) { + need_to_modify = True; + set_single_attribute (obj, NPF_DIR_DRIVE, + pdb_get_dir_drive (sampass), + strlen (pdb_get_dir_drive + (sampass)), + EN_MODIFIED); + } - return ret; -} + /* logon_script */ + /* must support set, unset and change */ + if (((pdb_get_logon_script (sampass) && + !ENTRY_VAL (old, NPF_LOGON_SCRIPT)) || + ((ENTRY_VAL (old, NPF_LOGON_SCRIPT) && + (!pdb_get_logon_script (sampass)))) || + ((ENTRY_VAL (old, NPF_LOGON_SCRIPT) && + pdb_get_logon_script (sampass) && + strcmp (ENTRY_VAL (old, NPF_LOGON_SCRIPT), + pdb_get_logon_script (sampass)))))) { + need_to_modify = True; + set_single_attribute (obj, NPF_LOGON_SCRIPT, + pdb_get_logon_script (sampass), + strlen (pdb_get_logon_script + (sampass)), + EN_MODIFIED); + } -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ + /* profile_path */ + /* must support set, unset and change */ + if ((pdb_get_profile_path (sampass) && + !ENTRY_VAL (old, NPF_PROFILE_PATH)) || + (ENTRY_VAL (old, NPF_PROFILE_PATH) && + !pdb_get_profile_path (sampass)) || + (ENTRY_VAL (old, NPF_PROFILE_PATH) && + pdb_get_profile_path (sampass) && + strcmp (ENTRY_VAL (old, NPF_PROFILE_PATH), + pdb_get_profile_path (sampass)))) { + need_to_modify = True; + set_single_attribute (obj, NPF_PROFILE_PATH, + pdb_get_profile_path (sampass), + strlen (pdb_get_profile_path + (sampass)), + EN_MODIFIED); + } -BOOL pdb_getsampwsid(SAM_ACCOUNT * user, const DOM_SID *sid) -{ - uint32 rid; - if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) - return False; - return pdb_getsampwrid(user, rid); + /* acct_desc */ + /* must support set, unset and change */ + if ((pdb_get_acct_desc (sampass) && + !ENTRY_VAL (old, NPF_ACCT_DESC)) || + (ENTRY_VAL (old, NPF_ACCT_DESC) && + !pdb_get_acct_desc (sampass)) || + (ENTRY_VAL (old, NPF_ACCT_DESC) && + pdb_get_acct_desc (sampass) && + strcmp (ENTRY_VAL (old, NPF_ACCT_DESC), acct_desc))) { + need_to_modify = True; + set_single_attribute (obj, NPF_ACCT_DESC, acct_desc, + strlen (acct_desc), + EN_MODIFIED); + } + + /* workstations */ + /* must support set, unset and change */ + if ((pdb_get_workstations (sampass) && + !ENTRY_VAL (old, NPF_WORKSTATIONS)) || + (ENTRY_VAL (old, NPF_WORKSTATIONS) && + !pdb_get_workstations (sampass)) || + (ENTRY_VAL (old, NPF_WORKSTATIONS) && + (pdb_get_workstations (sampass)) && + strcmp (ENTRY_VAL (old, NPF_WORKSTATIONS), + pdb_get_workstations (sampass)))) { + need_to_modify = True; + set_single_attribute (obj, NPF_WORKSTATIONS, + pdb_get_workstations (sampass), + strlen (pdb_get_workstations + (sampass)), + EN_MODIFIED); + } + + /* hours */ + if ((pdb_get_hours_len (sampass) != + ENTRY_LEN (old, NPF_HOURS)) + || memcmp (pdb_get_hours (sampass), + ENTRY_VAL (old, NPF_HOURS), ENTRY_LEN (old, + NPF_HOURS))) + { + need_to_modify = True; + /* set_single_attribute will add 1 for len ... */ + set_single_attribute (obj, NPF_HOURS, + pdb_get_hours (sampass), + pdb_get_hours_len (sampass) - 1, + EN_MODIFIED); + } + } else { + const char *homedir, *dirdrive, *logon_script, *profile_path, + *workstations; + + *empty = '\0'; /* empty string */ + + set_single_attribute (obj, NPF_NAME, name, strlen (name), 0); + set_single_attribute (obj, NPF_UID, uid, strlen (uid), 0); + set_single_attribute (obj, NPF_USER_RID, user_rid, + strlen (user_rid), 0); + set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), + 0); + set_single_attribute (obj, NPF_GROUP_RID, group_rid, + strlen (group_rid), 0); + set_single_attribute (obj, NPF_ACB, acb, strlen (acb), 0); + set_single_attribute (obj, NPF_LMPWD, smb_passwd, + strlen (smb_passwd), EN_CRYPT); + set_single_attribute (obj, NPF_NTPWD, smb_nt_passwd, + strlen (smb_nt_passwd), EN_CRYPT); + set_single_attribute (obj, NPF_LOGON_T, logon_t, + strlen (logon_t), 0); + set_single_attribute (obj, NPF_LOGOFF_T, logoff_t, + strlen (logoff_t), 0); + set_single_attribute (obj, NPF_KICK_T, kickoff_t, + strlen (kickoff_t), 0); + set_single_attribute (obj, NPF_PWDLSET_T, pwdlset_t, + strlen (pwdlset_t), 0); + set_single_attribute (obj, NPF_PWDCCHG_T, pwdlchg_t, + strlen (pwdlchg_t), 0); + set_single_attribute (obj, NPF_PWDMCHG_T, pwdmchg_t, + strlen (pwdmchg_t), 0); + set_single_attribute (obj, NPF_FULL_NAME, + full_name, strlen (full_name), 0); + + if (!(homedir = pdb_get_homedir (sampass))) + homedir = empty; + + set_single_attribute (obj, NPF_HOME_DIR, + homedir, strlen (homedir), 0); + + if (!(dirdrive = pdb_get_dir_drive (sampass))) + dirdrive = empty; + + set_single_attribute (obj, NPF_DIR_DRIVE, + dirdrive, strlen (dirdrive), 0); + + if (!(logon_script = pdb_get_logon_script (sampass))) + logon_script = empty; + + set_single_attribute (obj, NPF_LOGON_SCRIPT, + logon_script, strlen (logon_script), 0); + + if (!(profile_path = pdb_get_profile_path (sampass))) + profile_path = empty; + + set_single_attribute (obj, NPF_PROFILE_PATH, + profile_path, strlen (profile_path), 0); + + set_single_attribute (obj, NPF_ACCT_DESC, + acct_desc, strlen (acct_desc), 0); + + if (!(workstations = pdb_get_workstations (sampass))) + workstations = empty; + + set_single_attribute (obj, NPF_WORKSTATIONS, + workstations, strlen (workstations), 0); + + /* set_single_attribute will add 1 for len ... */ + set_single_attribute (obj, NPF_HOURS, + pdb_get_hours (sampass), + pdb_get_hours_len (sampass) - 1, 0); + } + + return need_to_modify; } -static BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) +/*************************************************************** + calls nis_list, returns results. + ****************************************************************/ +static nis_result *nisp_get_nis_list (const char *nisname, unsigned int flags) { nis_result *result; - char *nisname; - BOOL ret; - char *sp, *p = lp_smb_passwd_file(); - pstring pfiletmp; + int i; - if (!*p) - { - DEBUG(0, ("no SMB password file set\n")); - return False; + if (!flags) + flags = FOLLOW_LINKS | FOLLOW_PATH | EXPAND_NAME | + HARD_LOOKUP; + + for (i = 0; i < 2; i++) { + alarm (60); /* hopefully ok for long searches */ + result = nis_list (nisname, flags, NULL, NULL); + + alarm (0); + CatchSignal (SIGALRM, SIGNAL_CAST SIG_DFL); + + if (!(flags & MASTER_ONLY) && NIS_RES_NUMOBJ (result) <= 0) { + /* nis replicas are not in sync perhaps? + * this can happen, if account was just added. + */ + DEBUG (10, ("will try master only\n")); + nis_freeresult (result); + flags |= MASTER_ONLY; + } else + break; } + return result; +} - if( (sp = strrchr( p, '/' )) ) - safe_strcpy(pfiletmp, sp+1, sizeof(pfiletmp)-1); - else - safe_strcpy(pfiletmp, p, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".org_dir", sizeof(pfiletmp)-strlen(pfiletmp)-1); - - nisname = make_nisname_from_user_rid(rid, pfiletmp); - - DEBUG(10, ("search by rid: %s\n", nisname)); +NTSTATUS pdb_init_nisplussam (PDB_CONTEXT * pdb_context, + PDB_METHODS ** pdb_method, const char *location) +{ + NTSTATUS nt_status; + struct nisplus_private_info *private = malloc (sizeof (struct nisplus_private_info)); - /* Search the table. */ + ZERO_STRUCT(private); + p->location = talloc_strdup(pdb_context->mem_ctx, location); - if(!(result = nisp_get_nis_list(nisname, 0))) - { - return False; + if (!NT_STATUS_IS_OK + (nt_status = + make_pdb_methods (pdb_context->mem_ctx, pdb_method))) { + return nt_status; } - ret = make_sam_from_nisresult(user, result); - nis_freeresult(result); + (*pdb_method)->name = "nisplussam"; - return ret; -} - -/************************************************************************* - Routine to remove entry from the nisplus smbpasswd table - *************************************************************************/ -BOOL pdb_delete_sam_account(SAM_ACCOUNT * user) -{ - const char *sname; - char *pfile = lp_smb_passwd_file(); - pstring nisname; - nis_result *result, *delresult; - nis_object *obj; - int i; - - if (!user) { - DEBUG(0, ("no SAM_ACCOUNT specified!\n")); - return False; - } - - sname = pdb_get_username(user); - - if (!*pfile) - { - DEBUG(0, ("no SMB password file set\n")); - return False; - } - if( strrchr( pfile, '/') ) - pfile = strrchr( pfile, '/') + 1; - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir", sname, pfile); - - /* Search the table. */ - - if( !(result = nisp_get_nis_list(nisname, - MASTER_ONLY|FOLLOW_LINKS|FOLLOW_PATH|\ - EXPAND_NAME|HARD_LOOKUP))) { - return False; - } - - if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) { - /* User not found. */ - DEBUG(0,("user not found in NIS+\n")); - nis_freeresult(result); - return False; - } - - obj = NIS_RES_OBJECT(result); - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.%s", sname, obj->zo_name, - obj->zo_domain); - - DEBUG(10, ("removing name: %s\n", nisname)); - delresult = nis_remove_entry(nisname, obj, - MASTER_ONLY|REM_MULTIPLE|ALL_RESULTS|FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP); - - nis_freeresult(result); - - if(delresult->status != NIS_SUCCESS) { - DEBUG(0, ("NIS+ table update failed: %s %s\n", - nisname, nis_sperrno(delresult->status))); - nis_freeresult(delresult); - return False; - } - nis_freeresult(delresult); - return True; -} + /* Functions your pdb module doesn't provide should be set + * to NULL */ -/************************************************************************ - Routine to add an entry to the nisplus passwd file. -*************************************************************************/ -BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd) -{ - int local_user = 0; - char *pfile; - pstring pfiletmp; - char *nisname; - nis_result *result = NULL, - *tblresult = NULL; - nis_object new_obj; - entry_col *ecol; - int ta_maxcol; - - /* - * 1. find user domain. - * a. try nis search in passwd.org_dir - if found use domain from result. - * b. try getpwnam. this may be needed if user is defined - * in /etc/passwd file (or elsewere) and not in passwd.org_dir. - * if found, use host default domain. - * c. exit with False - no such user. - * - * 2. add user - * a. find smbpasswd table - * search pfile in user domain if not found, try host default - * domain. - * b. smbpasswd domain is found, fill data and add entry. - * - * pfile should contain ONLY table name, org_dir will be concated. - * so, at first we will clear path prefix from pfile, and - * then we will use pfiletmp as playground to put together full - * nisname string. - * such approach will make it possible to specify samba private dir - * AND still use NIS+ table. as all domain related data is normally - * stored in org_dir.DOMAIN, this should be ok do do. - */ - - pfile = lp_smb_passwd_file(); - if( strrchr( pfile, '/') ) - pfile = strrchr( pfile, '/') + 1; - - /* - * Check if user is already there. - */ - safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".org_dir", - sizeof(pfiletmp)-strlen(pfiletmp)-1); - - if(pdb_get_username(newpwd) != NULL) { - nisname = make_nisname_from_name(pdb_get_username(newpwd), - pfiletmp); - } else { - return False; - } - - if(!(result = nisp_get_nis_list(nisname, MASTER_ONLY|FOLLOW_LINKS|\ - FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP))) { - return False; - } - if (result->status != NIS_SUCCESS && - result->status != NIS_NOTFOUND) { - DEBUG(3, ( "nis_list failure: %s: %s\n", - nisname, nis_sperrno(result->status))); - nis_freeresult(result); - return False; - } - - if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0) - { - DEBUG(3, ("User already exists in NIS+ password db: %s\n", - pfile)); - nis_freeresult(result); - return False; - } - - nis_freeresult(result); /* no such user, free results */ - - /* - * check for user in unix password database. we need this to get - * domain, where smbpasswd entry should be stored. - */ - - nisname = make_nisname_from_name(pdb_get_username(newpwd), - "passwd.org_dir"); - - result = nisp_get_nis_list(nisname, - MASTER_ONLY|FOLLOW_LINKS|FOLLOW_PATH|\ - EXPAND_NAME|HARD_LOOKUP); - - if (result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) - { - struct passwd *passwd; - DEBUG(3, ("nis_list failure: %s: %s\n", - nisname, nis_sperrno(result->status))); - nis_freeresult(result); - - if (!(passwd = getpwnam_alloc(pdb_get_username(newpwd)))) { - /* no such user in system! */ - return False; - } - passwd_free(&passwd); + (*pdb_method)->setsampwent = nisplussam_setsampwent; + (*pdb_method)->endsampwent = nisplussam_endsampwent; + (*pdb_method)->getsampwent = nisplussam_getsampwent; + (*pdb_method)->getsampwnam = nisplussam_getsampwnam; + (*pdb_method)->getsampwsid = nisplussam_getsampwsid; + (*pdb_method)->add_sam_account = nisplussam_add_sam_account; + (*pdb_method)->update_sam_account = nisplussam_update_sam_account; + (*pdb_method)->delete_sam_account = nisplussam_delete_sam_account; + (*pdb_method)->private_data = private; - /* - * user is defined, but not in passwd.org_dir. - */ - local_user = 1; - } else { - safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".", sizeof(pfiletmp)-strlen(pfiletmp)-1); - safe_strcat(pfiletmp, NIS_RES_OBJECT(result)->zo_domain, - sizeof(pfiletmp)-strlen(pfiletmp)-1); - nis_freeresult(result); /* not needed any more */ - - tblresult = nisp_get_nis_list(pfiletmp, - MASTER_ONLY|FOLLOW_LINKS|\ - FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP); - } - - if (local_user || tblresult->status != NIS_SUCCESS) - { - /* - * no user domain or - * smbpasswd table not found in user domain, fallback to - * default domain. - */ - if (!local_user) /* free previous failed search result */ - nis_freeresult(tblresult); - - safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".org_dir", - sizeof(pfiletmp)-strlen(pfiletmp)-1); - tblresult = nis_lookup(pfiletmp, MASTER_ONLY|FOLLOW_LINKS|\ - FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP); - if (tblresult->status != NIS_SUCCESS) - { - /* still nothing. bail out */ - nis_freeresult(tblresult); - DEBUG(3, ( "nis_lookup failure: %s\n", - nis_sperrno(tblresult->status))); - return False; - } - /* we need full name for nis_add_entry() */ - safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".", sizeof(pfiletmp)-strlen(pfiletmp)-1); - safe_strcat(pfiletmp, NIS_RES_OBJECT(tblresult)->zo_domain, - sizeof(pfiletmp)-strlen(pfiletmp)-1); - } - - memset((char *)&new_obj, 0, sizeof (new_obj)); - /* fill entry headers */ - /* we do not free these. */ - new_obj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name; - new_obj.zo_owner = NIS_RES_OBJECT(tblresult)->zo_owner; - new_obj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group; - new_obj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain; - /* uints */ - new_obj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access; - new_obj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl; - - new_obj.zo_data.zo_type = ENTRY_OBJ; - new_obj.EN_data.en_type = - NIS_RES_OBJECT(tblresult)->TA_data.ta_type; - - ta_maxcol = NIS_RES_OBJECT(tblresult)->TA_data.ta_maxcol; - - if(!(ecol = (entry_col*)malloc(ta_maxcol*sizeof(entry_col)))) { - DEBUG(0, ("memory allocation failure\n")); - nis_freeresult(tblresult); - return False; - } - - memset((char *)ecol, 0, ta_maxcol*sizeof (entry_col)); - new_obj.EN_data.en_cols.en_cols_val = ecol; - new_obj.EN_data.en_cols.en_cols_len = ta_maxcol; - - init_nisp_from_sam(&new_obj, newpwd, NULL); - - DEBUG(10, ( "add NIS+ entry: %s\n", nisname)); - result = nis_add_entry(pfiletmp, &new_obj, 0); - - free(ecol); /* free allocated entry space */ - - if (result->status != NIS_SUCCESS) - { - DEBUG(3, ( "NIS+ table update failed: %s\n", - nisname, nis_sperrno(result->status))); - nis_freeresult(tblresult); - nis_freeresult(result); - return False; - } - - nis_freeresult(tblresult); - nis_freeresult(result); - - return True; + return NT_STATUS_OK; } -/************************************************************************ - Routine to modify the nisplus passwd entry. -************************************************************************/ -BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd) +#else +NTSTATUS pdb_init_nisplussam (PDB_CONTEXT * c, PDB_METHODS ** m, + const char *l) { - nis_result *result, *addresult; - nis_object *obj; - nis_object new_obj; - entry_col *ecol; - int ta_maxcol; - char *pfile = lp_smb_passwd_file(); - pstring nisname; - int i; - - if (!*pfile) - { - DEBUG(0, ("no SMB password file set\n")); - return False; - } - if( strrchr( pfile, '/') ) - pfile = strrchr( pfile, '/') + 1; - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir", - pdb_get_username(newpwd), pfile); - - DEBUG(10, ("search by name: %s\n", nisname)); - - /* Search the table. */ - - if( !(result = nisp_get_nis_list(nisname, MASTER_ONLY|FOLLOW_LINKS|\ - FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP))) { - return False; - } - - if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) { - /* User not found. */ - DEBUG(0,("user not found in NIS+\n")); - nis_freeresult(result); - return False; - } - - obj = NIS_RES_OBJECT(result); - DEBUG(6,("entry found in %s\n", obj->zo_domain)); - - /* we must create new stub object with EN_MODIFIED flag. - this is because obj from result is going to be freed and - we do not want to break it or cause memory leaks or corruption. - */ - - memmove((char *)&new_obj, obj, sizeof (new_obj)); - ta_maxcol = obj->TA_data.ta_maxcol; - - if(!(ecol = (entry_col*)malloc(ta_maxcol*sizeof(entry_col)))) { - DEBUG(0, ("memory allocation failure\n")); - nis_freeresult(result); - return False; - } - - memmove((char *)ecol, obj->EN_data.en_cols.en_cols_val, - ta_maxcol*sizeof (entry_col)); - new_obj.EN_data.en_cols.en_cols_val = ecol; - new_obj.EN_data.en_cols.en_cols_len = ta_maxcol; - - if ( init_nisp_from_sam(&new_obj, newpwd, obj) == True ) { - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.%s", - pdb_get_username(newpwd), pfile, obj->zo_domain); - - DEBUG(10, ("NIS+ table update: %s\n", nisname)); - addresult = - nis_modify_entry(nisname, &new_obj, - MOD_SAMEOBJ | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); - - if(addresult->status != NIS_SUCCESS) { - DEBUG(0, ("NIS+ table update failed: %s %s\n", - nisname, nis_sperrno(addresult->status))); - nis_freeresult(addresult); - nis_freeresult(result); - free(ecol); - return False; - } - - DEBUG(6,("password changed\n")); - nis_freeresult(addresult); - } else { - DEBUG(6,("nothing to change!\n")); - } - - free(ecol); - nis_freeresult(result); - - return True; + DEBUG (0, ("nisplus sam not compiled in!\n")); + return NT_STATUS_UNSUCCESSFUL; } - -#else - void nisplus_dummy_function(void); - void nisplus_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* WITH_NISPLUSSAM */ +#endif /* WITH_NISPLUS_SAM */ diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c index 1a246631fe..ea67da23a5 100644 --- a/source3/passdb/pdb_plugin.c +++ b/source3/passdb/pdb_plugin.c @@ -46,7 +46,7 @@ NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con trim_string(plugin_name, " ", " "); DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name)); - dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL ); + dl_handle = sys_dlopen(plugin_name, RTLD_NOW ); if (!dl_handle) { DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; @@ -59,7 +59,7 @@ NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con return NT_STATUS_UNSUCCESSFUL; } - if (plugin_version()!=PASSDB_INTERFACE_VERSION) { + if (plugin_version() != PASSDB_INTERFACE_VERSION) { sys_dlclose(dl_handle); DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", plugin_version(),PASSDB_INTERFACE_VERSION)); diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index d40ea03511..04c0d333e4 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1327,7 +1327,8 @@ static BOOL smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *u call getpwnam() for unix account information until we have found the correct entry ***************************************************************/ -static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const char *username) +static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, + SAM_ACCOUNT *sam_acct, const char *username) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; @@ -1381,6 +1382,16 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s DEBUG(10, ("pdb_getsampwrid: search by rid: %d\n", rid)); + /* More special case 'guest account' hacks... */ + if (rid == DOMAIN_USER_RID_GUEST) { + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("Guest account not specfied!\n")); + return False; + } + return smbpasswd_getsampwnam(my_methods, sam_acct, guest_account); + } + /* Open the sam password file - not for update. */ fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth)); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index ec67b74390..08a0e9c9ac 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -68,7 +68,7 @@ void *secrets_fetch(const char *key, size_t *size) /* store a secrets entry */ -BOOL secrets_store(const char *key, void *data, size_t size) +BOOL secrets_store(const char *key, const void *data, size_t size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -95,7 +95,7 @@ BOOL secrets_delete(const char *key) return tdb_delete(tdb, kbuf) == 0; } -BOOL secrets_store_domain_sid(char *domain, DOM_SID *sid) +BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid) { fstring key; @@ -148,7 +148,7 @@ BOOL secrets_fetch_domain_guid(char *domain, GUID *guid) strupper(key); dyn_guid = (GUID *)secrets_fetch(key, &size); - DEBUG(6,("key is %s, guid is at %x, size is %d\n", key, dyn_guid, size)); + DEBUG(6,("key is %s, size is %d\n", key, (int)size)); if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) { uuid_generate_random(&new_guid); @@ -206,8 +206,27 @@ char *trustdom_keystr(const char *domain) } /************************************************************************ - Routine to get the machine trust account password for a domain. + Lock the trust password entry. ************************************************************************/ + +BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock) +{ + if (!tdb) + return False; + + if (dolock) + return (tdb_lock_bystring(tdb, trust_keystr(domain)) == 0); + else + tdb_unlock_bystring(tdb, trust_keystr(domain)); + return True; +} + +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above call. +************************************************************************/ + BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], time_t *pass_last_set_time) { @@ -243,6 +262,7 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], /************************************************************************ Routine to get account password to trusted domain ************************************************************************/ + BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, DOM_SID *sid, time_t *pass_last_set_time) { @@ -559,3 +579,69 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, int max_num return status; } +static SIG_ATOMIC_T gotalarm; + +/*************************************************************** + Signal function to tell us we timed out. +****************************************************************/ + +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + +/* + lock the secrets tdb based on a string - this is used as a primitive form of mutex + between smbd instances. +*/ +BOOL secrets_named_mutex(const char *name, unsigned int timeout) +{ + TDB_DATA key; + int ret; + + if (!message_init()) + return False; + + key.dptr = (char *)name; + key.dsize = strlen(name)+1; + + /* Allow tdb_chainlock to be interrupted by an alarm. */ + gotalarm = 0; + tdb_set_lock_alarm(&gotalarm); + + if (timeout) { + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(timeout); + } + + ret = tdb_chainlock(tdb, key); + + /* Prevent tdb_chainlock from being interrupted by an alarm. */ + tdb_set_lock_alarm(NULL); + + if (timeout) { + alarm(0); + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + if (gotalarm) + return False; + } + + if (ret == 0) + DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name )); + + return (ret == 0); +} + +/* + unlock a named mutex +*/ +void secrets_named_mutex_release(char *name) +{ + TDB_DATA key; + + key.dptr = name; + key.dsize = strlen(name)+1; + + tdb_chainunlock(tdb, key); + DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name )); +} |