summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/sampass.c198
-rw-r--r--source3/passdb/sampassdb.c515
2 files changed, 713 insertions, 0 deletions
diff --git a/source3/passdb/sampass.c b/source3/passdb/sampass.c
new file mode 100644
index 0000000000..967e0502e3
--- /dev/null
+++ b/source3/passdb/sampass.c
@@ -0,0 +1,198 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBPASS_DB
+
+extern int DEBUGLEVEL;
+extern pstring samlogon_user;
+extern BOOL sam_logon_in_ssb;
+
+extern DOM_SID global_sam_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+void *startsamfilepwent(BOOL update)
+{
+ return startsmbpwent(update);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+void endsamfilepwent(void *vp)
+{
+ endsmbpwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+SMB_BIG_UINT getsamfilepwpos(void *vp)
+{
+ return getsmbpwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+BOOL setsamfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+ return setsmbpwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbpasswd list.
+ this function is a nice, messy combination of reading:
+ - the smbpasswd file
+ - the unix password database
+ - smb.conf options (not done at present).
+ *************************************************************************/
+
+static struct sam_passwd *getsamfile21pwent(void *vp)
+{
+ struct sam_passwd *user;
+
+ static pstring full_name;
+ static pstring home_dir;
+ static pstring home_drive;
+ static pstring logon_script;
+ static pstring profile_path;
+ static pstring acct_desc;
+ static pstring workstations;
+
+ DEBUG(5,("getsamfile21pwent\n"));
+
+ user = pwdb_smb_to_sam(getsmbpwent(vp));
+ if (user == NULL)
+ {
+ return NULL;
+ }
+
+ /*
+ * get all the other gubbins we need
+ */
+
+ pstrcpy(samlogon_user, user->nt_name);
+
+ if (samlogon_user[strlen(samlogon_user)-1] == '$' &&
+ user->group_rid != DOMAIN_GROUP_RID_USERS)
+ {
+ DEBUG(0,("trust account %s should be in DOMAIN_GROUP_RID_USERS\n",
+ samlogon_user));
+ }
+
+ /* XXXX hack to get standard_sub_basic() to use sam logon username */
+ /* possibly a better way would be to do a become_user() call */
+ sam_logon_in_ssb = True;
+
+ pstrcpy(full_name , "");
+ pstrcpy(logon_script , lp_logon_script ());
+ pstrcpy(profile_path , lp_logon_path ());
+ pstrcpy(home_drive , lp_logon_drive ());
+ pstrcpy(home_dir , lp_logon_home ());
+ pstrcpy(acct_desc , "");
+ pstrcpy(workstations , "");
+
+ sam_logon_in_ssb = False;
+
+ user->full_name = full_name;
+ user->home_dir = home_dir;
+ user->dir_drive = home_drive;
+ user->logon_script = logon_script;
+ user->profile_path = profile_path;
+ user->acct_desc = acct_desc;
+ user->workstations = workstations;
+
+ user->unknown_str = NULL; /* don't know, yet! */
+ user->munged_dial = NULL; /* "munged" dial-back telephone number */
+
+ user->unknown_3 = 0xffffff; /* don't know */
+ user->logon_divs = 168; /* hours per week */
+ user->hours_len = 21; /* 21 times 8 bits = 168 */
+ memset(user->hours, 0xff, user->hours_len); /* available at all hours */
+ user->unknown_5 = 0x00020000; /* don't know */
+ user->unknown_6 = 0x000004ec; /* don't know */
+
+ return user;
+}
+
+/*
+ * Stub functions - implemented in terms of others.
+ */
+
+static BOOL mod_samfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+ return mod_smbpwd_entry(pwdb_sam_to_smb(pwd), override);
+}
+
+static BOOL add_samfile21pwd_entry(struct sam_passwd *newpwd)
+{
+ return add_smbpwd_entry(pwdb_sam_to_smb(newpwd));
+}
+
+static struct sam_disp_info *getsamfiledispntnam(const char *name)
+{
+ return pwdb_sam_to_dispinfo(getsam21pwntnam(name));
+}
+
+static struct sam_disp_info *getsamfiledisprid(uint32 rid)
+{
+ return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
+}
+
+static struct sam_disp_info *getsamfiledispent(void *vp)
+{
+ return pwdb_sam_to_dispinfo(getsam21pwent(vp));
+}
+
+static struct sam_passdb_ops file_ops = {
+ startsamfilepwent,
+ endsamfilepwent,
+ getsamfilepwpos,
+ setsamfilepwpos,
+ iterate_getsam21pwntnam,
+ iterate_getsam21pwuid,
+ iterate_getsam21pwrid,
+ getsamfile21pwent,
+ add_samfile21pwd_entry,
+ mod_samfile21pwd_entry,
+ getsamfiledispntnam,
+ getsamfiledisprid,
+ getsamfiledispent
+};
+
+struct sam_passdb_ops *file_initialise_sam_password_db(void)
+{
+ return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void sampass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
diff --git a/source3/passdb/sampassdb.c b/source3/passdb/sampassdb.c
new file mode 100644
index 0000000000..95055ed298
--- /dev/null
+++ b/source3/passdb/sampassdb.c
@@ -0,0 +1,515 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ Password and authentication handling
+ Copyright (C) Jeremy Allison 1996-1998
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
+
+/*
+ * NOTE. All these functions are abstracted into a structure
+ * that points to the correct function for the selected database. JRA.
+ *
+ * NOTE. for the get/mod/add functions, there are two sets of functions.
+ * one supports struct sam_passwd, the other supports struct smb_passwd.
+ * for speed optimisation it is best to support both these sets.
+ *
+ * it is, however, optional to support one set but not the other: there
+ * is conversion-capability built in to passdb.c, and run-time error
+ * detection for when neither are supported.
+ *
+ * password database writers are recommended to implement the sam_passwd
+ * functions in a first pass, as struct sam_passwd contains more
+ * information, needed by the NT Domain support.
+ *
+ * an API writer is expected to create either one set (struct smb_passwd) or
+ * the other (struct sam_passwd) OR both, and optionally also to write display
+ * info routines * (struct sam_disp_info). functions which the API writer
+ * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y)
+ * such that API users can call any function and still get valid results.
+ *
+ * the password API does NOT fill in the gaps if you set an API function
+ * to NULL: it will deliberately attempt to call the NULL function.
+ *
+ */
+
+static struct sam_passdb_ops *pwdb_ops;
+
+/***************************************************************
+ Initialise the password db operations.
+***************************************************************/
+
+BOOL initialise_sam_password_db(void)
+{
+ if (pwdb_ops)
+ {
+ return True;
+ }
+
+#ifdef WITH_NISPLUS
+ pwdb_ops = nisplus_initialise_sam_password_db();
+#elif defined(WITH_LDAP)
+ pwdb_ops = ldap_initialise_sam_password_db();
+#elif defined(USE_SMBPASS_DB)
+ pwdb_ops = file_initialise_sam_password_db();
+#endif
+
+ return (pwdb_ops != NULL);
+}
+
+/*
+ * Functions that return/manipulate a struct sam_passwd.
+ */
+
+/***************************************************************
+ Start to enumerate the smb or sam passwd list. Returns a void pointer
+ to ensure no modification outside this module.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void *startsam21pwent(BOOL update)
+{
+ return pwdb_ops->startsam21pwent(update);
+}
+
+/***************************************************************
+ End enumeration of the sam passwd list.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void endsam21pwent(void *vp)
+{
+ pwdb_ops->endsam21pwent(vp);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smb passwd list.
+ *************************************************************************/
+
+struct sam_passwd *getsam21pwent(void *vp)
+{
+ return pwdb_sam_map_names(pwdb_ops->getsam21pwent(vp));
+}
+
+/************************************************************************
+ Utility function to search sam passwd by name. use this if your database
+ does not have search facilities.
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwntnam(const char *name)
+{
+ struct sam_passwd *pwd = NULL;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by name: %s\n", name));
+
+ /* Open the smb password database - not for update. */
+ fp = startsmbpwent(False);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open sam password database.\n"));
+ return NULL;
+ }
+
+ while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->nt_name, name))
+ {
+ DEBUG(10, ("iterate: %s 0x%x\n", pwd->nt_name, pwd->user_rid));
+ }
+
+ if (pwd != NULL)
+ {
+ DEBUG(10, ("found by name: %s\n", name));
+ }
+
+ endsmbpwent(fp);
+ return pwd;
+}
+
+/************************************************************************
+ Utility function to search sam passwd by rid. use this if your database
+ does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.
+
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
+{
+ struct sam_passwd *pwd = NULL;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by rid: %x\n", rid));
+
+ /* Open the smb password file - not for update. */
+ fp = startsmbpwent(False);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open sam password database.\n"));
+ return NULL;
+ }
+
+ while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
+ {
+ DEBUG(10, ("iterate: %s 0x%x\n", pwd->nt_name, pwd->user_rid));
+ }
+
+ if (pwd != NULL)
+ {
+ DEBUG(10, ("found by user_rid: %x\n", rid));
+ }
+
+ endsmbpwent(fp);
+ return pwd;
+}
+
+/************************************************************************
+ Utility function to search sam passwd by uid. use this if your database
+ does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.
+
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
+{
+ struct sam_passwd *pwd = NULL;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by uid: %x\n", (int)uid));
+
+ /* Open the smb password file - not for update. */
+ fp = startsmbpwent(False);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open sam password database.\n"));
+ return NULL;
+ }
+
+ while ((pwd = getsam21pwent(fp)) != NULL && pwd->unix_uid != uid)
+ {
+ }
+
+ if (pwd != NULL)
+ {
+ DEBUG(10, ("found by unix_uid: %x\n", (int)uid));
+ }
+
+ endsmbpwent(fp);
+ return pwd;
+}
+
+/*************************************************************************
+ Routine to return a display info structure, by rid
+ *************************************************************************/
+struct sam_disp_info *getsamdisprid(uint32 rid)
+{
+ return pwdb_ops->getsamdisprid(rid);
+}
+
+/************************************************************************
+ Routine to search sam passwd by name.
+*************************************************************************/
+
+struct sam_passwd *getsam21pwntnam(const char *name)
+{
+ return pwdb_sam_map_names(pwdb_ops->getsam21pwntnam(name));
+}
+
+/************************************************************************
+ Routine to search sam passwd by rid.
+*************************************************************************/
+
+struct sam_passwd *getsam21pwrid(uint32 rid)
+{
+ return pwdb_sam_map_names(pwdb_ops->getsam21pwrid(rid));
+}
+
+
+/**********************************************************
+ **********************************************************
+
+ utility routines which are likely to be useful to all password
+ databases
+
+ **********************************************************
+ **********************************************************/
+
+/*************************************************************
+ initialises a struct sam_disp_info.
+ **************************************************************/
+
+static void pwdb_init_dispinfo(struct sam_disp_info *user)
+{
+ if (user == NULL) return;
+ bzero(user, sizeof(*user));
+ user->user_rid = 0xffffffff;
+}
+
+/*************************************************************
+ initialises a struct sam_passwd.
+ **************************************************************/
+void pwdb_init_sam(struct sam_passwd *user)
+{
+ if (user == NULL) return;
+ bzero(user, sizeof(*user));
+ unix_to_nt_time(&user->logon_time , (time_t)-1);
+ unix_to_nt_time(&user->logoff_time , (time_t)-1);
+ unix_to_nt_time(&user->kickoff_time , (time_t)-1);
+ unix_to_nt_time(&user->pass_last_set_time , (time_t)-1);
+ unix_to_nt_time(&user->pass_can_change_time , (time_t)-1);
+ unix_to_nt_time(&user->pass_must_change_time , (time_t)-1);
+
+ user->unix_uid = (uid_t)-1;
+ user->unix_gid = (gid_t)-1;
+ user->user_rid = 0xffffffff;
+ user->group_rid = 0xffffffff;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
+
+struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
+{
+ static struct sam_disp_info disp_info;
+
+ if (user == NULL) return NULL;
+
+ pwdb_init_dispinfo(&disp_info);
+
+ disp_info.nt_name = user->nt_name;
+ disp_info.full_name = user->full_name;
+ disp_info.user_rid = user->user_rid;
+
+ return &disp_info;
+}
+
+/*************************************************************
+ converts a sam_passwd structure to a smb_passwd structure.
+ **************************************************************/
+
+struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
+{
+ static struct smb_passwd pw_buf;
+ static fstring nt_name;
+ static fstring unix_name;
+
+ if (user == NULL) return NULL;
+
+ pwdb_init_smb(&pw_buf);
+
+ fstrcpy(nt_name , user->nt_name);
+ fstrcpy(unix_name, user->unix_name);
+ pw_buf.nt_name = nt_name;
+ pw_buf.unix_name = unix_name;
+ pw_buf.unix_uid = user->unix_uid;
+ pw_buf.user_rid = user->user_rid;
+ pw_buf.smb_passwd = user->smb_passwd;
+ pw_buf.smb_nt_passwd = user->smb_nt_passwd;
+ pw_buf.acct_ctrl = user->acct_ctrl;
+ pw_buf.pass_last_set_time = nt_time_to_unix(&user->pass_last_set_time);
+
+ return &pw_buf;
+}
+
+
+/*************************************************************
+ converts a smb_passwd structure to a sam_passwd structure.
+ **************************************************************/
+
+struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
+{
+ static struct sam_passwd pw_buf;
+ static fstring nt_name;
+ static fstring unix_name;
+
+ if (user == NULL) return NULL;
+
+ pwdb_init_sam(&pw_buf);
+
+ fstrcpy(nt_name , user->nt_name);
+ fstrcpy(unix_name, user->unix_name);
+ pw_buf.nt_name = nt_name;
+ pw_buf.unix_name = unix_name;
+ pw_buf.unix_uid = user->unix_uid;
+ pw_buf.user_rid = user->user_rid;
+ pw_buf.smb_passwd = user->smb_passwd;
+ pw_buf.smb_nt_passwd = user->smb_nt_passwd;
+ pw_buf.acct_ctrl = user->acct_ctrl;
+ unix_to_nt_time(&pw_buf.pass_last_set_time, user->pass_last_set_time);
+
+ return &pw_buf;
+}
+
+static BOOL trust_account_warning_done = False;
+
+/*************************************************************
+ fills in missing details. one set of details _must_ exist.
+ **************************************************************/
+struct sam_passwd *pwdb_sam_map_names(struct sam_passwd *sam)
+{
+ DOM_NAME_MAP gmep;
+ BOOL found = False;
+ DOM_SID sid;
+ static fstring unix_name;
+ static fstring nt_name;
+
+ DEBUG(10,("pwdb_sam_map_names\n"));
+
+ /*
+ * name details
+ */
+
+ if (sam == NULL)
+ {
+ return NULL;
+ }
+
+ if (!found && sam->unix_name != NULL)
+ {
+ found = lookupsmbpwnam(sam->unix_name, &gmep);
+ }
+ if (!found && sam->unix_uid != (uid_t)-1)
+ {
+ found = lookupsmbpwuid(sam->unix_uid , &gmep);
+ }
+ if (!found && sam->user_rid != 0xffffffff)
+ {
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, sam->user_rid);
+ found = lookupsmbpwsid (&sid , &gmep);
+ }
+ if (!found && sam->nt_name != NULL)
+ {
+ found = lookupsmbpwntnam(sam->nt_name, &gmep);
+ }
+
+ if (!found)
+ {
+ return NULL;
+ }
+
+ if (!sid_front_equal(&global_sam_sid, &gmep.sid))
+ {
+ return NULL;
+ }
+
+ fstrcpy(unix_name, gmep.unix_name);
+ fstrcpy(nt_name , gmep.nt_name );
+ if (sam->unix_name == NULL ) sam->unix_name = unix_name;
+ if (sam->nt_name == NULL ) sam->nt_name = nt_name ;
+ if (sam->unix_uid == (uid_t)-1 ) sam->unix_uid = (uid_t)gmep.unix_id;
+ if (sam->user_rid == 0xffffffff) sid_split_rid(&gmep.sid, &sam->user_rid);
+
+ /*
+ * group details
+ */
+
+ found = False;
+
+ if (sam->unix_gid != (gid_t)-1 && sam->group_rid != 0xffffffff)
+ {
+ return sam;
+ }
+
+ if (sam->unix_gid == (gid_t)-1 && sam->group_rid == 0xffffffff)
+ {
+ struct passwd *pass = getpwnam(unix_name);
+ if (pass != NULL)
+ {
+ sam->unix_gid = pass->pw_gid;
+ }
+ else
+ {
+ DEBUG(0,("pwdb_sam_map_names: no unix password entry for %s\n",
+ unix_name));
+ }
+ }
+
+ if (!found && sam->unix_gid != (gid_t)-1)
+ {
+ found = lookupsmbgrpgid(sam->unix_gid , &gmep);
+ }
+ if (!found && sam->group_rid != 0xffffffff)
+ {
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, sam->group_rid);
+ found = lookupsmbgrpsid(&sid , &gmep);
+ }
+
+ if (!found)
+ {
+ if (IS_BITS_SET_SOME(sam->acct_ctrl, ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST))
+ {
+ if (!trust_account_warning_done)
+ {
+ trust_account_warning_done = True;
+ DEBUG(0, ("\
+pwdb_sam_map_names: your unix password database appears to have difficulties\n\
+resolving trust account %s, probably because it ends in a '$'.\n\
+you will get this warning only once (for all trust accounts)\n", unix_name));
+ }
+ /*
+ * oh, dear.
+ */
+ if (sam->unix_gid != (gid_t)-1)
+ {
+ sam->unix_gid = (gid_t)-1;
+ }
+ sam->group_rid = DOMAIN_GROUP_RID_USERS;
+
+ return sam;
+ }
+ else
+ {
+ DEBUG(0, ("pwdb_sam_map_names: could not find Primary Group for %s\n",
+ unix_name));
+ return NULL;
+ }
+ }
+
+ if (!sid_front_equal(&global_sam_sid, &gmep.sid))
+ {
+ return NULL;
+ }
+
+ if (sam->unix_gid == (gid_t)-1 ) sam->unix_gid = (gid_t)gmep.unix_id;
+ if (sam->group_rid == 0xffffffff) sid_split_rid(&gmep.sid, &sam->group_rid);
+
+ return sam;
+}