summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/ldap.c47
-rw-r--r--source3/passdb/nispass.c260
-rw-r--r--source3/passdb/passdb.c293
-rw-r--r--source3/passdb/smbpass.c33
4 files changed, 488 insertions, 145 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index f0848c2d57..3d584c1c0e 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -29,7 +29,7 @@ extern int DEBUGLEVEL;
/*******************************************************************
open a connection to the ldap serve.
******************************************************************/
-BOOL ldap_open_connection(LDAP **ldap_struct)
+static BOOL ldap_open_connection(LDAP **ldap_struct)
{
if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) )== NULL)
{
@@ -59,7 +59,7 @@ static BOOL ldap_connect_anonymous(LDAP *ldap_struct)
/*******************************************************************
connect to the ldap server under system privileg.
******************************************************************/
-BOOL ldap_connect_system(LDAP *ldap_struct)
+static BOOL ldap_connect_system(LDAP *ldap_struct)
{
if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
{
@@ -107,7 +107,7 @@ static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage **
/*******************************************************************
run the search by name.
******************************************************************/
-BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result)
+static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result)
{
pstring filter;
/*
@@ -127,7 +127,7 @@ BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **r
/*******************************************************************
run the search by uid.
******************************************************************/
-BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
+static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
{
pstring filter;
/*
@@ -146,7 +146,7 @@ BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **resul
/*******************************************************************
search an attribute and return the first value found.
******************************************************************/
-void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
+static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
{
char **valeurs;
@@ -165,7 +165,7 @@ void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute
/*******************************************************************
check if the returned entry is a sambaAccount objectclass.
******************************************************************/
-BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
+static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
{
BOOL sambaAccount=False;
char **valeur;
@@ -188,7 +188,7 @@ BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
/*******************************************************************
check if the returned entry is a sambaMachine objectclass.
******************************************************************/
-BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
+static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
{
BOOL sambaMachine=False;
char **valeur;
@@ -235,10 +235,10 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#else
get_single_attribute(ldap_struct, entry, "ntPasswordHash", temp);
- gethexpwd(temp, user->smb_nt_passwd);
+ pdb_gethexpwd(temp, user->smb_nt_passwd);
get_single_attribute(ldap_struct, entry, "lmPasswordHash", temp);
- gethexpwd(temp, user->smb_passwd);
+ pdb_gethexpwd(temp, user->smb_passwd);
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#endif
@@ -379,6 +379,18 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
do not call this function directly. use passdb.c instead.
*************************************************************************/
+BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd)
+{
+ DEBUG(0,("add_ldap21pwd_entry - currently not supported\n"));
+ return True;
+}
+
+/************************************************************************
+ Routine to add an entry to the ldap passwd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
{
DEBUG(0,("add_ldappwd_entry - currently not supported\n"));
@@ -402,6 +414,23 @@ BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
return False;
}
+/************************************************************************
+ Routine to search the ldap passwd file for an entry matching the username.
+ and then modify its password entry. We can't use the startldappwent()/
+ getldappwent()/endldappwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
+BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override)
+{
+ DEBUG(0,("mod_ldap21pwd_entry - currently not supported\n"));
+ return False;
+}
+
/***************************************************************
Start to enumerate the ldap passwd list. Returns a void pointer
to ensure no modification outside this module.
diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c
index 270ad8683e..1e0a09b4d9 100644
--- a/source3/passdb/nispass.c
+++ b/source3/passdb/nispass.c
@@ -19,14 +19,12 @@
* Mass Ave, Cambridge, MA 02139, USA.
*/
-#ifdef NISPLUS
+#ifdef USE_NISPLUS_DB
#include "includes.h"
-
-extern int DEBUGLEVEL;
-
#include <rpcsvc/nis.h>
+extern int DEBUGLEVEL;
static int gotalarm;
@@ -48,6 +46,7 @@ static void gotalarm_sig(void)
****************************************************************/
void *startnisppwent(BOOL update)
{
+ return NULL;
}
/***************************************************************
@@ -69,6 +68,7 @@ void endnisppwent(void *vp)
*************************************************************************/
struct sam_passwd *getnisp21pwent(void *vp)
{
+ return NULL;
}
/*************************************************************************
@@ -113,9 +113,163 @@ BOOL setnisppwpos(void *vp, unsigned long tok)
do not call this function directly. use passdb.c instead.
*************************************************************************/
+BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
+{
+}
+
+/************************************************************************
+ Routine to add an entry to the nisplus passwd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
BOOL add_nisppwd_entry(struct smb_passwd *newpwd)
{
- return False;
+ /* Static buffers we will return. */
+ static pstring user_name;
+
+ BOOL add_user = True;
+ char *pfile;
+ pstring nisname;
+ nis_result *nis_user;
+ nis_result *result = NULL,
+ *tblresult = NULL,
+ *addresult = NULL;
+ nis_object newobj, *obj, *user_obj;
+ char lmpwd[33], ntpwd[33];
+
+ pfile = lp_smb_passwd_file();
+
+ safe_strcpy(user_name, newpwd->smb_name, sizeof(user_name));
+
+ safe_strcpy(nisname, "[name=", sizeof(nisname));
+ safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) -1);
+ safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1);
+
+ safe_strcpy(nisname, "[uid=", sizeof(nisname));
+ slprintf(nisname, sizeof(nisname), "%s%d", nisname, newpwd->smb_userid);
+ safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1);
+
+ nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
+
+ if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0)
+ {
+ DEBUG(3, ("add_nisppwd_entry: Unable to get NIS+ passwd entry for user: %s.\n",
+ nis_sperrno(nis_user->status)));
+ return False;
+ }
+
+ /*
+ * Calculate the SMB (lanman) hash functions of both old and new passwords.
+ */
+
+ user_obj = NIS_RES_OBJECT(nis_user);
+
+ safe_strcpy(nisname, "[name=", sizeof(nisname));
+ safe_strcat(nisname, ENTRY_VAL(user_obj,0),sizeof(nisname)-strlen(nisname)-1);
+ safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
+ safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
+
+ result = nis_list(nisname, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL);
+ if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND)
+ {
+ DEBUG(3, ( "add_nisppwd_entry: nis_list failure: %s: %s\n",
+ nisname, nis_sperrno(result->status)));
+ nis_freeresult(nis_user);
+ nis_freeresult(result);
+ return False;
+ }
+
+ if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0)
+ {
+ DEBUG(3, ("add_nisppwd_entry: User already exists in NIS+ password db: %s\n",
+ pfile));
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ return False;
+ }
+
+ /* User not found. */
+
+ if (!add_user)
+ {
+ DEBUG(3, ("add_nisppwd_entry: User not found in NIS+ password db: %s\n",
+ pfile));
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ return False;
+ }
+
+ tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP );
+ if (tblresult->status != NIS_SUCCESS)
+ {
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ nis_freeresult(tblresult);
+ DEBUG(3, ( "add_nisppwd_entry: nis_lookup failure: %s\n",
+ nis_sperrno(tblresult->status)));
+ return False;
+ }
+
+ newobj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name;
+ newobj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain;
+ newobj.zo_owner = NIS_RES_OBJECT(nis_user)->zo_owner;
+ newobj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group;
+ newobj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access;
+ newobj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl;
+
+ newobj.zo_data.zo_type = ENTRY_OBJ;
+
+ newobj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type;
+ newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol;
+ newobj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col));
+
+ ENTRY_VAL(&newobj, 0) = ENTRY_VAL(user_obj, 0);
+ ENTRY_LEN(&newobj, 0) = ENTRY_LEN(user_obj, 0);
+
+ ENTRY_VAL(&newobj, 1) = ENTRY_VAL(user_obj, 2);
+ ENTRY_LEN(&newobj, 1) = ENTRY_LEN(user_obj, 2);
+
+ ENTRY_VAL(&newobj, 2) = lmpwd;
+ ENTRY_LEN(&newobj, 2) = strlen(lmpwd);
+ newobj.EN_data.en_cols.en_cols_val[2].ec_flags = EN_CRYPT;
+
+ ENTRY_VAL(&newobj, 3) = ntpwd;
+ ENTRY_LEN(&newobj, 3) = strlen(ntpwd);
+ newobj.EN_data.en_cols.en_cols_val[3].ec_flags = EN_CRYPT;
+
+ ENTRY_VAL(&newobj, 4) = ENTRY_VAL(user_obj, 4);
+ ENTRY_LEN(&newobj, 4) = ENTRY_LEN(user_obj, 4);
+
+ ENTRY_VAL(&newobj, 5) = ENTRY_VAL(user_obj, 5);
+ ENTRY_LEN(&newobj, 5) = ENTRY_LEN(user_obj, 5);
+
+ ENTRY_VAL(&newobj, 6) = ENTRY_VAL(user_obj, 6);
+ ENTRY_LEN(&newobj, 6) = ENTRY_LEN(user_obj, 6);
+
+ obj = &newobj;
+
+ addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP);
+
+ nis_freeresult(nis_user);
+ if (tblresult)
+ {
+ nis_freeresult(tblresult);
+ }
+
+ if (addresult->status != NIS_SUCCESS)
+ {
+ DEBUG(3, ( "add_nisppwd_entry: NIS+ table update failed: %s\n",
+ nisname, nis_sperrno(addresult->status)));
+ nis_freeresult(addresult);
+ nis_freeresult(result);
+ return False;
+ }
+
+ nis_freeresult(addresult);
+ nis_freeresult(result);
+
+ return True;
}
/************************************************************************
@@ -129,6 +283,22 @@ BOOL add_nisppwd_entry(struct smb_passwd *newpwd)
do not call this function directly. use passdb.c instead.
************************************************************************/
+BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+ return False;
+}
+
+/************************************************************************
+ Routine to search the nisplus passwd file for an entry matching the username.
+ and then modify its password entry. We can't use the startnisppwent()/
+ getnisppwent()/endnisppwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override)
{
return False;
@@ -137,12 +307,14 @@ BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override)
/************************************************************************
makes a struct smb_passwd from a NIS+ result.
************************************************************************/
-BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
+static BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
{
int uidval;
static pstring user_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
+ nis_object *obj;
+ uchar *p;
if (pw_buf == NULL || result == NULL) return False;
@@ -150,21 +322,21 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
if (result->status != NIS_SUCCESS)
{
- DEBUG(0, ("make_smb_from_nisp: %s: NIS+ lookup failure: %s\n",
- nisname, nis_sperrno(result->status)));
+ DEBUG(0, ("make_smb_from_nisp: NIS+ lookup failure: %s\n",
+ nis_sperrno(result->status)));
return False;
}
/* User not found. */
if (NIS_RES_NUMOBJ(result) <= 0)
{
- DEBUG(10, ("make_smb_from_nisp: %s not found in NIS+\n", nisname));
+ DEBUG(10, ("make_smb_from_nisp: user not found in NIS+\n"));
return False;
}
if (NIS_RES_NUMOBJ(result) > 1)
{
- DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for %s in NIS+ table!\n", nisname));
+ DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for user in NIS+ table!\n"));
}
/* Grab the first hit. */
@@ -172,7 +344,7 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
/* Check the lanman password column. */
p = (uchar *)ENTRY_VAL(obj, 2);
- if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbpwd))
+ if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd))
{
DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n"));
return False;
@@ -180,7 +352,7 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
/* Check the NT password column. */
p = (uchar *)ENTRY_VAL(obj, 3);
- if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbntpwd))
+ if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd))
{
DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n"));
return False;
@@ -204,39 +376,20 @@ struct smb_passwd *getnisppwnam(char *name)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- char linebuf[256];
- char readbuf[16 * 1024];
- unsigned char c;
- unsigned char *p;
- long uidval;
- long linebuf_len;
- FILE *fp;
- int lockfd;
- char *pfile = lp_smb_passwd_file();
nis_result *result;
- nis_object *obj;
- char *nisname, *nisnamefmt;
+ pstring nisname;
BOOL ret;
- if (!*pfile)
+ if (!*lp_smb_passwd_file())
{
DEBUG(0, ("No SMB password file set\n"));
- return (NULL);
+ return NULL;
}
DEBUG(10, ("getnisppwnam: search by name: %s\n", name));
- DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", pfile));
+ DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", lp_smb_passwd_file()));
- nisnamefmt = "[name=%s],%s";
- nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile) + strlen(name));
-
- if (!nisname)
- {
- DEBUG(0,("getnisppwnam: Can't allocate nisname"));
- return NULL;
- }
-
- safe_sprintf(nisname, nisnamefmt, name, pfile);
+ slprintf(nisname, sizeof(nisname), "[name=%s],%s", name, lp_smb_passwd_file());
/* Search the table. */
gotalarm = 0;
@@ -244,7 +397,6 @@ struct smb_passwd *getnisppwnam(char *name)
alarm(5);
result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
- free(nisname);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
@@ -265,41 +417,24 @@ struct smb_passwd *getnisppwnam(char *name)
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-struct smb_passwd *getnisppwnam(int uid)
+struct smb_passwd *getnisppwuid(int smb_userid)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- char linebuf[256];
- char readbuf[16 * 1024];
- unsigned char c;
- unsigned char *p;
- long linebuf_len;
- FILE *fp;
- int lockfd;
- char *pfile = lp_smb_passwd_file();
nis_result *result;
- nis_object *obj;
- char *nisname, *nisnamefmt;
+ pstring nisname;
+ BOOL ret;
- if (!*pfile)
+ if (!*lp_smb_passwd_file())
{
DEBUG(0, ("No SMB password file set\n"));
return NULL;
}
- DEBUG(10, ("getnisppwuid: search by uid: %d\n", uid));
- DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", pfile));
-
- nisnamefmt = "[uid=%d],%s";
- nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile)+ sizeof(smb_userid));
-
- if (!nisname)
- {
- DEBUG(0,("getnisppwuid: Can't allocate nisname"));
- return NULL;
- }
+ DEBUG(10, ("getnisppwuid: search by uid: %d\n", smb_userid));
+ DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", lp_smb_passwd_file()));
- safe_sprintf(nisname, nisnamefmt, smb_userid, pfile);
+ slprintf(nisname, sizeof(nisname), "[uid=%d],%s", smb_userid, lp_smb_passwd_file());
/* Search the table. */
gotalarm = 0;
@@ -307,7 +442,6 @@ struct smb_passwd *getnisppwnam(int uid)
alarm(5);
result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
- free(nisname);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
@@ -327,4 +461,4 @@ struct smb_passwd *getnisppwnam(int uid)
#else
static void dummy_function(void) { } /* stop some compilers complaining */
-#endif /* NISPLUS */
+#endif /* USE_NISPLUS_DB */
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index a31f54582a..9df88bf6d3 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -57,11 +57,17 @@ DOM_SID global_machine_sid;
****************************************************************/
void *startsampwent(BOOL update)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return startnisppwent(update);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return startldappwent(update);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return startsmbpwent(update);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/***************************************************************
@@ -69,11 +75,17 @@ void *startsampwent(BOOL update)
****************************************************************/
void endsampwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ endnisppwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
endldappwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
endsmbpwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
@@ -81,11 +93,46 @@ void endsampwent(void *vp)
*************************************************************************/
struct smb_passwd *getsampwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisppwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldappwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmbpwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
+}
+
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
+struct sam_disp_info *getsamdispent(void *vp)
+{
+ struct sam_passwd *pwd = NULL;
+ static struct sam_disp_info disp_info;
+
+#ifdef USE_NISPLUS_DB
+ pwd = getnisp21pwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
+ pwd = getldap21pwent(vp);
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
+ pwd = getsmb21pwent(vp);
+#endif /* USE_SMBPASS_DB */
+
+ if (pwd == NULL) return NULL;
+
+ disp_info.smb_name = pwd->smb_name;
+ disp_info.full_name = pwd->full_name;
+ disp_info.user_rid = pwd->user_rid;
+
+ return &disp_info;
}
/*************************************************************************
@@ -93,11 +140,17 @@ struct smb_passwd *getsampwent(void *vp)
*************************************************************************/
struct sam_passwd *getsam21pwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisp21pwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldap21pwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmb21pwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
@@ -106,11 +159,17 @@ struct sam_passwd *getsam21pwent(void *vp)
*************************************************************************/
unsigned long getsampwpos(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisppwpos(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldappwpos(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmbpwpos(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
@@ -119,11 +178,17 @@ unsigned long getsampwpos(void *vp)
*************************************************************************/
BOOL setsampwpos(void *vp, unsigned long tok)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return setnisppwpos(vp, tok);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return setldappwpos(vp, tok);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return setsmbpwpos(vp, tok);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -131,11 +196,17 @@ BOOL setsampwpos(void *vp, unsigned long tok)
*************************************************************************/
BOOL add_sampwd_entry(struct smb_passwd *newpwd)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return add_nisppwd_entry(newpwd);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return add_ldappwd_entry(newpwd);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return add_smbpwd_entry(newpwd);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -143,16 +214,17 @@ BOOL add_sampwd_entry(struct smb_passwd *newpwd)
*************************************************************************/
BOOL add_sam21pwd_entry(struct sam_passwd *newpwd)
{
-#if 0
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return add_nisp21pwd_entry(newpwd);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return add_ldap21pwd_entry(newpwd);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return add_smb21pwd_entry(newpwd);
-#endif /* USE_LDAP */
-#else
- DEBUG(0,("add_sam21pwd_entry() - under development\n"));
- return False;
-#endif
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -165,11 +237,17 @@ BOOL add_sam21pwd_entry(struct sam_passwd *newpwd)
************************************************************************/
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return mod_nisppwd_entry(pwd, override);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return mod_ldappwd_entry(pwd, override);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return mod_smbpwd_entry(pwd, override);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -182,16 +260,17 @@ BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override)
************************************************************************/
BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override)
{
-#if 0
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return mod_nisp21pwd_entry(pwd, override);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return mod_ldap21pwd_entry(pwd, override);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return mod_smb21pwd_entry(pwd, override);
-#endif /* USE_LDAP */
-#else
- DEBUG(0,("mod_sam21pwd_entry() - under development\n"));
- return False;
-#endif
+#endif /* USE_SMBPASS_DB */
}
/**********************************************************
@@ -242,11 +321,17 @@ static struct smb_passwd *_getsampwnam(char *name)
*************************************************************************/
struct smb_passwd *getsampwnam(char *name)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return _getsampwnam(name);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsampwnam(name);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsampwnam(name);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -258,14 +343,14 @@ static struct sam_passwd *_getsam21pwnam(char *name)
struct sam_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("getsam21pwnam: search by name: %s\n", name));
+ DEBUG(10, ("_getsam21pwnam: search by name: %s\n", name));
/* Open the sam password file - not for update. */
fp = startsampwent(False);
if (fp == NULL)
{
- DEBUG(0, ("getsam21pwnam: unable to open sam password database.\n"));
+ DEBUG(0, ("_getsam21pwnam: unable to open sam password database.\n"));
return NULL;
}
@@ -273,7 +358,7 @@ static struct sam_passwd *_getsam21pwnam(char *name)
if (pwd != NULL)
{
- DEBUG(10, ("getsam21pwnam: found by name: %s\n", name));
+ DEBUG(10, ("_getsam21pwnam: found by name: %s\n", name));
}
endsampwent(fp);
@@ -285,11 +370,17 @@ static struct sam_passwd *_getsam21pwnam(char *name)
*************************************************************************/
struct sam_passwd *getsam21pwnam(char *name)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
return _getsam21pwnam(name);
-#else
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
+ return _getsam21pwnam(name);
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsam21pwnam(name);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
@@ -328,11 +419,17 @@ static struct smb_passwd *_getsampwuid(uid_t smb_userid)
*************************************************************************/
struct smb_passwd *getsampwuid(uid_t smb_userid)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return _getsampwuid(smb_userid);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsampwuid(smb_userid);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsampwuid(smb_userid);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
@@ -340,19 +437,19 @@ struct smb_passwd *getsampwuid(uid_t smb_userid)
Routine to search sam passwd by rid. use this if your database
does not have search facilities.
*************************************************************************/
-struct sam_passwd *_getsam21pwrid(uint32 rid)
+static struct sam_passwd *_getsam21pwrid(uint32 rid)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("getsam21pwrid: search by rid: %x\n", rid));
+ DEBUG(10, ("_getsam21pwrid: search by rid: %x\n", rid));
/* Open the sam password file - not for update. */
fp = startsampwent(False);
if (fp == NULL)
{
- DEBUG(0, ("getsam21pwrid: unable to open sam password database.\n"));
+ DEBUG(0, ("_getsam21pwrid: unable to open sam password database.\n"));
return NULL;
}
@@ -360,7 +457,7 @@ struct sam_passwd *_getsam21pwrid(uint32 rid)
if (pwd != NULL)
{
- DEBUG(10, ("getsam21pwrid: found by smb_userid: %x\n", rid));
+ DEBUG(10, ("_getsam21pwrid: found by smb_userid: %x\n", rid));
}
endsmbpwent(fp);
@@ -372,11 +469,17 @@ struct sam_passwd *_getsam21pwrid(uint32 rid)
*************************************************************************/
struct sam_passwd *getsam21pwrid(uint32 rid)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
return _getsam21pwrid(rid);
-#else
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsam21pwrid(rid);
-#endif /* USE_LDAP */
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
+ return _getsam21pwrid(rid);
+#endif /* USE_SMBPASS_DB */
}
@@ -389,10 +492,62 @@ struct sam_passwd *getsam21pwrid(uint32 rid)
**********************************************************
**********************************************************/
+/*******************************************************************
+ gets password-database-format time from a string.
+ ********************************************************************/
+static time_t get_time_from_string(char *p)
+{
+ int i;
+
+ for (i = 0; i < 8; i++)
+ {
+ if (p[i] == '\0' || !isxdigit(p[i]))
+ break;
+ }
+ if (i == 8)
+ {
+ /*
+ * p points at 8 characters of hex digits -
+ * read into a time_t as the seconds since
+ * 1970 that the password was last changed.
+ */
+ return (time_t)strtol((char *)p, NULL, 16);
+ }
+ return (time_t)-1;
+}
+
+/*******************************************************************
+ gets password last set time
+ ********************************************************************/
+time_t pdb_get_last_set_time(char *p)
+{
+ if (*p && StrnCaseCmp((char *)p, "LCT-", 4))
+ {
+ return get_time_from_string(p + 4);
+ }
+ return (time_t)-1;
+}
+
+
+/*******************************************************************
+ sets password-database-format time in a string.
+ ********************************************************************/
+static set_time_in_string(char *p, int max_len, char *type, time_t t)
+{
+ slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
+}
+
+/*******************************************************************
+ sets password last set time
+ ********************************************************************/
+void pdb_set_last_set_time(char *p, int max_len, time_t t)
+{
+ set_time_in_string(p, max_len, "LCT", t);
+}
/**********************************************************
Encode the account control bits into a string.
**********************************************************/
-char *encode_acct_ctrl(uint16 acct_ctrl)
+char *pdb_encode_acct_ctrl(uint16 acct_ctrl)
{
static fstring acct_str;
char *p = acct_str;
@@ -421,7 +576,7 @@ char *encode_acct_ctrl(uint16 acct_ctrl)
reason: vertical line-up code clarity - all case statements fit into
15 lines, which is more important.
**********************************************************/
-uint16 decode_acct_ctrl(char *p)
+uint16 pdb_decode_acct_ctrl(char *p)
{
uint16 acct_ctrl = 0;
BOOL finished = False;
@@ -471,7 +626,7 @@ uint16 decode_acct_ctrl(char *p)
Routine to get the next 32 hex characters and turn them
into a 16 byte array.
**************************************************************/
-int gethexpwd(char *p, char *pwd)
+int pdb_gethexpwd(char *p, char *pwd)
{
int i;
unsigned char lonybble, hinybble;
@@ -497,7 +652,7 @@ int gethexpwd(char *p, char *pwd)
/*******************************************************************
Group and User RID username mapping function
********************************************************************/
-BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
struct passwd *pw = Get_Pwnam(user_name, False);
@@ -536,7 +691,6 @@ BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
/****************************************************************************
Read the machine SID from a file.
****************************************************************************/
-
static BOOL read_sid_from_file(int fd, char *sid_file)
{
fstring fline;
@@ -564,8 +718,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file)
Generate the global machine sid. Look for the MACHINE.SID file first, if
not found then look in smb.conf and use it to create the MACHINE.SID file.
****************************************************************************/
-
-BOOL generate_machine_sid(void)
+BOOL pdb_generate_machine_sid(void)
{
int fd;
char *p;
@@ -722,7 +875,7 @@ Error was %s\n", sid_file, strerror(errno) ));
/*******************************************************************
converts NT User RID to a UNIX uid.
********************************************************************/
-uid_t user_rid_to_uid(uint32 u_rid)
+uid_t pdb_user_rid_to_uid(uint32 u_rid)
{
return (uid_t)(u_rid - 1000);
}
@@ -730,7 +883,7 @@ uid_t user_rid_to_uid(uint32 u_rid)
/*******************************************************************
converts NT Group RID to a UNIX uid.
********************************************************************/
-uid_t group_rid_to_uid(uint32 u_gid)
+uid_t pdb_group_rid_to_uid(uint32 u_gid)
{
return (uid_t)(u_gid - 1000);
}
@@ -738,7 +891,7 @@ uid_t group_rid_to_uid(uint32 u_gid)
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 uid_to_user_rid(uint32 uid)
+uint32 pdb_uid_to_user_rid(uint32 uid)
{
return (uint32)(uid + 1000);
}
@@ -746,7 +899,7 @@ uint32 uid_to_user_rid(uint32 uid)
/*******************************************************************
converts NT Group RID to a UNIX uid.
********************************************************************/
-uint32 gid_to_group_rid(uint32 gid)
+uint32 pdb_gid_to_group_rid(uint32 gid)
{
return (uint32)(gid + 1000);
}
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 3b93b28a1e..faaf9c5ccb 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -416,7 +416,7 @@ struct smb_passwd *getsmbpwent(void *vp)
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_PWNOTREQ;
} else {
- if (!gethexpwd((char *)p, (char *)smbpwd)) {
+ if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) {
DEBUG(0, ("getsmbpwent: Malformed Lanman password entry (non hex chars)\n"));
continue;
}
@@ -433,7 +433,7 @@ struct smb_passwd *getsmbpwent(void *vp)
the lanman password. */
if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
if (*p != '*' && *p != 'X') {
- if(gethexpwd((char *)p,(char *)smbntpwd))
+ if(pdb_gethexpwd((char *)p,(char *)smbntpwd))
pw_buf.smb_nt_passwd = smbntpwd;
}
p += 33; /* Move to the first character of the line after
@@ -523,6 +523,17 @@ BOOL setsmbpwpos(void *vp, unsigned long tok)
do not call this function directly. use passdb.c instead.
*************************************************************************/
+BOOL add_smb21pwd_entry(struct sam_passwd *newpwd)
+{
+ return False;
+}
+
+/************************************************************************
+ Routine to add an entry to the smbpasswd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
{
char *pfile = lp_smb_passwd_file();
@@ -657,6 +668,22 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
do not call this function directly. use passdb.c instead.
************************************************************************/
+BOOL mod_smb21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+ return False;
+}
+
+/************************************************************************
+ Routine to search the smbpasswd file for an entry matching the username.
+ and then modify its password entry. We can't use the startsmbpwent()/
+ getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
@@ -1140,7 +1167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t
* Get the hex password.
*/
- if (!gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
+ if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
strncmp(&linebuf[33], "TLC-", 4)) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
#ifdef DEBUG_PASSWORD