summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c2
-rw-r--r--source3/passdb/passgrp.c6
-rw-r--r--source3/passdb/smbpass.c24
-rw-r--r--source3/passdb/smbpassgroup.c12
-rw-r--r--source3/passdb/smbpassgroupunix.c239
5 files changed, 263 insertions, 20 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index da45f15f5f..a7635308b7 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -69,7 +69,7 @@ BOOL initialise_password_db(void)
pwdb_ops = nisplus_initialise_password_db();
#elif defined(WITH_LDAP)
pwdb_ops = ldap_initialise_password_db();
-#else
+#elif defined(USE_SMBPASS_DB)
pwdb_ops = file_initialise_password_db();
#endif
diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c
index ded9ef33d2..f626dd978a 100644
--- a/source3/passdb/passgrp.c
+++ b/source3/passdb/passgrp.c
@@ -34,7 +34,7 @@ extern int DEBUGLEVEL;
*
*/
-static struct passgrp_ops *pwgrp_ops;
+static struct passgrp_ops *pwgrp_ops = NULL;
/***************************************************************
Initialise the passgrp operations.
@@ -51,7 +51,9 @@ BOOL initialise_passgrp_db(void)
pwgrp_ops = nisplus_initialise_password_grp();
#elif defined(WITH_LDAP)
pwgrp_ops = ldap_initialise_password_grp();
-#else
+#elif defined(USE_SMBUNIX_DB)
+ pwgrp_ops = unix_initialise_password_grp();
+#elif defined(USE_SMBPASS_DB)
pwgrp_ops = file_initialise_password_grp();
#endif
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 67f8ea6cfb..62fdabe7fe 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -33,7 +33,7 @@ static char s_readbuf[1024];
to ensure no modification outside this module.
****************************************************************/
-static void *startsmbfilepwent(BOOL update)
+void *startsmbfilepwent(BOOL update)
{
return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
&pw_file_lock_depth, update);
@@ -43,7 +43,7 @@ static void *startsmbfilepwent(BOOL update)
End enumeration of the smbpasswd list.
****************************************************************/
-static void endsmbfilepwent(void *vp)
+void endsmbfilepwent(void *vp)
{
endfilepwent(vp, &pw_file_lock_depth);
}
@@ -53,7 +53,7 @@ static void endsmbfilepwent(void *vp)
This must be treated as an opaque token.
*************************************************************************/
-static SMB_BIG_UINT getsmbfilepwpos(void *vp)
+SMB_BIG_UINT getsmbfilepwpos(void *vp)
{
return getfilepwpos(vp);
}
@@ -63,7 +63,7 @@ static SMB_BIG_UINT getsmbfilepwpos(void *vp)
This must be treated as an opaque token.
*************************************************************************/
-static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
+BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
{
return setfilepwpos(vp, tok);
}
@@ -71,7 +71,7 @@ static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
*************************************************************************/
-static struct smb_passwd *getsmbfilepwent(void *vp)
+struct smb_passwd *getsmbfilepwent(void *vp)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
@@ -80,7 +80,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
static unsigned char smbntpwd[16];
struct passwd *pwfile;
char linebuf[256];
- unsigned char *p;
+ char *p;
int uidval;
size_t linebuf_len;
@@ -118,14 +118,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- p = (unsigned char *)strncpyn(user_name, linebuf, sizeof(user_name), ':');
+ p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
/* Go past ':' */
p++;
/* Get smb uid. */
- p = (unsigned char *)Atoic((char *) p, &uidval, ":");
+ p = Atoic( p, &uidval, ":");
pw_buf.smb_name = user_name;
pw_buf.smb_userid = uidval;
@@ -161,14 +161,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
continue;
}
- if (!strncasecmp((char *) p, "NO PASSWORD", 11))
+ if (!strncasecmp( p, "NO PASSWORD", 11))
{
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_PWNOTREQ;
}
else
{
- if (!pwdb_gethexpwd((char *)p, (char *)smbpwd))
+ if (!pwdb_gethexpwd(p, (char *)smbpwd))
{
DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
continue;
@@ -188,7 +188,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
{
if (*p != '*' && *p != 'X')
{
- if(pwdb_gethexpwd((char *)p,(char *)smbntpwd))
+ if(pwdb_gethexpwd(p,(char *)smbntpwd))
{
pw_buf.smb_nt_passwd = smbntpwd;
}
@@ -218,7 +218,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
if (*p == ':')
{
p++;
- pw_buf.pass_last_set_time = pwdb_get_last_set_time((char *)p);
+ pw_buf.pass_last_set_time = pwdb_get_last_set_time(p);
}
}
else
diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c
index f3a0d4244b..8e92f0e831 100644
--- a/source3/passdb/smbpassgroup.c
+++ b/source3/passdb/smbpassgroup.c
@@ -19,7 +19,7 @@
#include "includes.h"
-#ifdef USE_SMBPASS_DB
+#ifdef USE_SMBGROUP_DB
static int grp_file_lock_depth = 0;
extern int DEBUGLEVEL;
@@ -96,7 +96,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
/*
* The line we have should be of the form :-
*
- * username:uid:domainrid1,domainrid2..:aliassid1,aliassid2..:
+ * username:uid:aliassid1,aliassid2..:domainrid1,domainrid2..:
*/
/*
@@ -116,9 +116,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
pw_buf.smb_userid = uidval;
/*
- * Now get the password value - this should be 32 hex digits
- * which are the ascii representations of a 16 byte string.
- * Get two at a time and put them into the password.
+ * Now get a list of alias RIDs
*/
/* Skip the ':' */
@@ -139,6 +137,10 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
}
}
+ /*
+ * Now get a list of group RIDs
+ */
+
/* Skip the ':' */
p++;
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
new file mode 100644
index 0000000000..438b9e2daf
--- /dev/null
+++ b/source3/passdb/smbpassgroupunix.c
@@ -0,0 +1,239 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBUNIX_DB
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_member_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startsmbfilegrpent(BOOL update)
+{
+ return startsmbfilepwent(False);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+static void endsmbfilegrpent(void *vp)
+{
+ endsmbfilepwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static SMB_BIG_UINT getsmbfilegrppos(void *vp)
+{
+ return getsmbfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok)
+{
+ return setsmbfilepwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next smbpassgroup entry
+ *************************************************************************/
+static struct smb_passwd *getsmbfilegrpent(void *vp,
+ uint32 **grp_rids, int *num_grps,
+ uint32 **als_rids, int *num_alss)
+{
+ /* Static buffers we will return. */
+ struct smb_passwd *pw_buf;
+ struct passwd *pw;
+ int i;
+ int unixgrps;
+ gid_t *grps;
+
+ if (vp == NULL)
+ {
+ DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n"));
+ return NULL;
+ }
+
+ pw_buf = getsmbfilepwent(vp);
+
+ if (grp_rids != NULL)
+ {
+ (*grp_rids) = NULL;
+ (*num_grps) = 0;
+ }
+
+ if (als_rids != NULL)
+ {
+ (*als_rids) = NULL;
+ (*num_alss) = 0;
+ }
+
+ if (als_rids == NULL && grp_rids == NULL)
+ {
+ return pw_buf;
+ }
+
+ /*
+ * find all unix groups
+ */
+
+ pw = Get_Pwnam(pw_buf->smb_name, False);
+
+ if (pw == NULL)
+ {
+ return NULL;
+ }
+
+ if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+ {
+ return NULL;
+ }
+
+ /*
+ * check each unix group for a mapping as an nt alias or an nt group
+ */
+
+ for (i = 0; i < unixgrps; i++)
+ {
+ DOM_SID sid;
+ uint8 type;
+ char *unix_grpname;
+ uint32 status;
+ uint32 rid;
+
+ /*
+ * find the unix name for each user's group.
+ * assume the unix group is an nt name (alias? group? user?)
+ * (user or not our own domain will be an error).
+ */
+
+ unix_grpname = gidtoname(grps[i]);
+ if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+ {
+ /*
+ * ok, the unix groupname is mapped to an alias.
+ * check that it is in our domain.
+ */
+
+ sid_split_rid(&sid, &rid);
+ if (!sid_equal(&sid, &global_member_sid))
+ {
+ pstring sid_str;
+ sid_to_string(sid_str, &sid);
+ DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+ pw_buf->smb_name, unix_grpname, rid, sid_str));
+ continue;
+ }
+
+ if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
+ {
+ /*
+ * ok, the unix groupname is mapped to a domain group.
+ * check that it is in our domain.
+ */
+
+ sid_split_rid(&sid, &rid);
+ if (!sid_equal(&sid, &global_member_sid))
+ {
+ pstring sid_str;
+ sid_to_string(sid_str, &sid);
+ DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+ pw_buf->smb_name, unix_grpname, rid, sid_str));
+ continue;
+ }
+
+ if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+ {
+ /*
+ * server is a member of a domain or stand-alone.
+ * name is not explicitly mapped
+ * so we are responsible for it.
+ * as a LOCAL group.
+ */
+
+ rid = pwdb_gid_to_alias_rid(grps[i]);
+ if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (lp_server_role() != ROLE_DOMAIN_NONE)
+ {
+ /*
+ * server is a PDC or BDC.
+ * name is explicitly mapped
+ * so we are responsible for it.
+ * as a DOMAIN group.
+ */
+
+ rid = pwdb_gid_to_group_rid(grps[i]);
+ if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ }
+
+ return pw_buf;
+}
+
+static struct passgrp_ops file_ops =
+{
+ startsmbfilegrpent,
+ endsmbfilegrpent,
+ getsmbfilegrppos,
+ setsmbfilegrppos,
+ iterate_getsmbgrpnam, /* In passgrp.c */
+ iterate_getsmbgrpuid, /* In passgrp.c */
+ iterate_getsmbgrprid, /* In passgrp.c */
+ getsmbfilegrpent,
+};
+
+struct passgrp_ops *unix_initialise_password_grp(void)
+{
+ return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void smbpass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */