diff options
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/ldap.c | 47 | ||||
-rw-r--r-- | source3/passdb/nispass.c | 260 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 293 | ||||
-rw-r--r-- | source3/passdb/smbpass.c | 33 |
4 files changed, 488 insertions, 145 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index f0848c2d57..3d584c1c0e 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -29,7 +29,7 @@ extern int DEBUGLEVEL; /******************************************************************* open a connection to the ldap serve. ******************************************************************/ -BOOL ldap_open_connection(LDAP **ldap_struct) +static BOOL ldap_open_connection(LDAP **ldap_struct) { if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) )== NULL) { @@ -59,7 +59,7 @@ static BOOL ldap_connect_anonymous(LDAP *ldap_struct) /******************************************************************* connect to the ldap server under system privileg. ******************************************************************/ -BOOL ldap_connect_system(LDAP *ldap_struct) +static BOOL ldap_connect_system(LDAP *ldap_struct) { if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS) { @@ -107,7 +107,7 @@ static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage ** /******************************************************************* run the search by name. ******************************************************************/ -BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result) +static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result) { pstring filter; /* @@ -127,7 +127,7 @@ BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **r /******************************************************************* run the search by uid. ******************************************************************/ -BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result) +static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result) { pstring filter; /* @@ -146,7 +146,7 @@ BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **resul /******************************************************************* search an attribute and return the first value found. ******************************************************************/ -void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value) +static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value) { char **valeurs; @@ -165,7 +165,7 @@ void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute /******************************************************************* check if the returned entry is a sambaAccount objectclass. ******************************************************************/ -BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry) +static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry) { BOOL sambaAccount=False; char **valeur; @@ -188,7 +188,7 @@ BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry) /******************************************************************* check if the returned entry is a sambaMachine objectclass. ******************************************************************/ -BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry) +static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry) { BOOL sambaMachine=False; char **valeur; @@ -235,10 +235,10 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #else get_single_attribute(ldap_struct, entry, "ntPasswordHash", temp); - gethexpwd(temp, user->smb_nt_passwd); + pdb_gethexpwd(temp, user->smb_nt_passwd); get_single_attribute(ldap_struct, entry, "lmPasswordHash", temp); - gethexpwd(temp, user->smb_passwd); + pdb_gethexpwd(temp, user->smb_passwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #endif @@ -379,6 +379,18 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, do not call this function directly. use passdb.c instead. *************************************************************************/ +BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd) +{ + DEBUG(0,("add_ldap21pwd_entry - currently not supported\n")); + return True; +} + +/************************************************************************ + Routine to add an entry to the ldap passwd file. + + do not call this function directly. use passdb.c instead. + +*************************************************************************/ BOOL add_ldappwd_entry(struct smb_passwd *newpwd) { DEBUG(0,("add_ldappwd_entry - currently not supported\n")); @@ -402,6 +414,23 @@ BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) return False; } +/************************************************************************ + Routine to search the ldap passwd file for an entry matching the username. + and then modify its password entry. We can't use the startldappwent()/ + getldappwent()/endldappwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out password or NO PASS + + do not call this function directly. use passdb.c instead. + +************************************************************************/ +BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override) +{ + DEBUG(0,("mod_ldap21pwd_entry - currently not supported\n")); + return False; +} + /*************************************************************** Start to enumerate the ldap passwd list. Returns a void pointer to ensure no modification outside this module. diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index 270ad8683e..1e0a09b4d9 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -19,14 +19,12 @@ * Mass Ave, Cambridge, MA 02139, USA. */ -#ifdef NISPLUS +#ifdef USE_NISPLUS_DB #include "includes.h" - -extern int DEBUGLEVEL; - #include <rpcsvc/nis.h> +extern int DEBUGLEVEL; static int gotalarm; @@ -48,6 +46,7 @@ static void gotalarm_sig(void) ****************************************************************/ void *startnisppwent(BOOL update) { + return NULL; } /*************************************************************** @@ -69,6 +68,7 @@ void endnisppwent(void *vp) *************************************************************************/ struct sam_passwd *getnisp21pwent(void *vp) { + return NULL; } /************************************************************************* @@ -113,9 +113,163 @@ BOOL setnisppwpos(void *vp, unsigned long tok) do not call this function directly. use passdb.c instead. *************************************************************************/ +BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) +{ +} + +/************************************************************************ + Routine to add an entry to the nisplus passwd file. + + do not call this function directly. use passdb.c instead. + +*************************************************************************/ BOOL add_nisppwd_entry(struct smb_passwd *newpwd) { - return False; + /* Static buffers we will return. */ + static pstring user_name; + + BOOL add_user = True; + char *pfile; + pstring nisname; + nis_result *nis_user; + nis_result *result = NULL, + *tblresult = NULL, + *addresult = NULL; + nis_object newobj, *obj, *user_obj; + char lmpwd[33], ntpwd[33]; + + pfile = lp_smb_passwd_file(); + + safe_strcpy(user_name, newpwd->smb_name, sizeof(user_name)); + + safe_strcpy(nisname, "[name=", sizeof(nisname)); + safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) -1); + safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1); + + safe_strcpy(nisname, "[uid=", sizeof(nisname)); + slprintf(nisname, sizeof(nisname), "%s%d", nisname, newpwd->smb_userid); + safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1); + + nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); + + if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0) + { + DEBUG(3, ("add_nisppwd_entry: Unable to get NIS+ passwd entry for user: %s.\n", + nis_sperrno(nis_user->status))); + return False; + } + + /* + * Calculate the SMB (lanman) hash functions of both old and new passwords. + */ + + user_obj = NIS_RES_OBJECT(nis_user); + + safe_strcpy(nisname, "[name=", sizeof(nisname)); + safe_strcat(nisname, ENTRY_VAL(user_obj,0),sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); + safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); + + result = nis_list(nisname, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL); + if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) + { + DEBUG(3, ( "add_nisppwd_entry: nis_list failure: %s: %s\n", + nisname, nis_sperrno(result->status))); + nis_freeresult(nis_user); + nis_freeresult(result); + return False; + } + + if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0) + { + DEBUG(3, ("add_nisppwd_entry: User already exists in NIS+ password db: %s\n", + pfile)); + nis_freeresult(result); + nis_freeresult(nis_user); + return False; + } + + /* User not found. */ + + if (!add_user) + { + DEBUG(3, ("add_nisppwd_entry: User not found in NIS+ password db: %s\n", + pfile)); + nis_freeresult(result); + nis_freeresult(nis_user); + return False; + } + + tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ); + if (tblresult->status != NIS_SUCCESS) + { + nis_freeresult(result); + nis_freeresult(nis_user); + nis_freeresult(tblresult); + DEBUG(3, ( "add_nisppwd_entry: nis_lookup failure: %s\n", + nis_sperrno(tblresult->status))); + return False; + } + + newobj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name; + newobj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain; + newobj.zo_owner = NIS_RES_OBJECT(nis_user)->zo_owner; + newobj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group; + newobj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access; + newobj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl; + + newobj.zo_data.zo_type = ENTRY_OBJ; + + newobj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type; + newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; + newobj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); + + ENTRY_VAL(&newobj, 0) = ENTRY_VAL(user_obj, 0); + ENTRY_LEN(&newobj, 0) = ENTRY_LEN(user_obj, 0); + + ENTRY_VAL(&newobj, 1) = ENTRY_VAL(user_obj, 2); + ENTRY_LEN(&newobj, 1) = ENTRY_LEN(user_obj, 2); + + ENTRY_VAL(&newobj, 2) = lmpwd; + ENTRY_LEN(&newobj, 2) = strlen(lmpwd); + newobj.EN_data.en_cols.en_cols_val[2].ec_flags = EN_CRYPT; + + ENTRY_VAL(&newobj, 3) = ntpwd; + ENTRY_LEN(&newobj, 3) = strlen(ntpwd); + newobj.EN_data.en_cols.en_cols_val[3].ec_flags = EN_CRYPT; + + ENTRY_VAL(&newobj, 4) = ENTRY_VAL(user_obj, 4); + ENTRY_LEN(&newobj, 4) = ENTRY_LEN(user_obj, 4); + + ENTRY_VAL(&newobj, 5) = ENTRY_VAL(user_obj, 5); + ENTRY_LEN(&newobj, 5) = ENTRY_LEN(user_obj, 5); + + ENTRY_VAL(&newobj, 6) = ENTRY_VAL(user_obj, 6); + ENTRY_LEN(&newobj, 6) = ENTRY_LEN(user_obj, 6); + + obj = &newobj; + + addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); + + nis_freeresult(nis_user); + if (tblresult) + { + nis_freeresult(tblresult); + } + + if (addresult->status != NIS_SUCCESS) + { + DEBUG(3, ( "add_nisppwd_entry: NIS+ table update failed: %s\n", + nisname, nis_sperrno(addresult->status))); + nis_freeresult(addresult); + nis_freeresult(result); + return False; + } + + nis_freeresult(addresult); + nis_freeresult(result); + + return True; } /************************************************************************ @@ -129,6 +283,22 @@ BOOL add_nisppwd_entry(struct smb_passwd *newpwd) do not call this function directly. use passdb.c instead. ************************************************************************/ +BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override) +{ + return False; +} + +/************************************************************************ + Routine to search the nisplus passwd file for an entry matching the username. + and then modify its password entry. We can't use the startnisppwent()/ + getnisppwent()/endnisppwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out password or NO PASS + + do not call this function directly. use passdb.c instead. + +************************************************************************/ BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) { return False; @@ -137,12 +307,14 @@ BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) /************************************************************************ makes a struct smb_passwd from a NIS+ result. ************************************************************************/ -BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result) +static BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result) { int uidval; static pstring user_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; + nis_object *obj; + uchar *p; if (pw_buf == NULL || result == NULL) return False; @@ -150,21 +322,21 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result) if (result->status != NIS_SUCCESS) { - DEBUG(0, ("make_smb_from_nisp: %s: NIS+ lookup failure: %s\n", - nisname, nis_sperrno(result->status))); + DEBUG(0, ("make_smb_from_nisp: NIS+ lookup failure: %s\n", + nis_sperrno(result->status))); return False; } /* User not found. */ if (NIS_RES_NUMOBJ(result) <= 0) { - DEBUG(10, ("make_smb_from_nisp: %s not found in NIS+\n", nisname)); + DEBUG(10, ("make_smb_from_nisp: user not found in NIS+\n")); return False; } if (NIS_RES_NUMOBJ(result) > 1) { - DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for %s in NIS+ table!\n", nisname)); + DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for user in NIS+ table!\n")); } /* Grab the first hit. */ @@ -172,7 +344,7 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result) /* Check the lanman password column. */ p = (uchar *)ENTRY_VAL(obj, 2); - if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbpwd)) + if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n")); return False; @@ -180,7 +352,7 @@ BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result) /* Check the NT password column. */ p = (uchar *)ENTRY_VAL(obj, 3); - if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbntpwd)) + if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n")); return False; @@ -204,39 +376,20 @@ struct smb_passwd *getnisppwnam(char *name) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - char linebuf[256]; - char readbuf[16 * 1024]; - unsigned char c; - unsigned char *p; - long uidval; - long linebuf_len; - FILE *fp; - int lockfd; - char *pfile = lp_smb_passwd_file(); nis_result *result; - nis_object *obj; - char *nisname, *nisnamefmt; + pstring nisname; BOOL ret; - if (!*pfile) + if (!*lp_smb_passwd_file()) { DEBUG(0, ("No SMB password file set\n")); - return (NULL); + return NULL; } DEBUG(10, ("getnisppwnam: search by name: %s\n", name)); - DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", pfile)); + DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", lp_smb_passwd_file())); - nisnamefmt = "[name=%s],%s"; - nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile) + strlen(name)); - - if (!nisname) - { - DEBUG(0,("getnisppwnam: Can't allocate nisname")); - return NULL; - } - - safe_sprintf(nisname, nisnamefmt, name, pfile); + slprintf(nisname, sizeof(nisname), "[name=%s],%s", name, lp_smb_passwd_file()); /* Search the table. */ gotalarm = 0; @@ -244,7 +397,6 @@ struct smb_passwd *getnisppwnam(char *name) alarm(5); result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - free(nisname); alarm(0); signal(SIGALRM, SIGNAL_CAST SIG_DFL); @@ -265,41 +417,24 @@ struct smb_passwd *getnisppwnam(char *name) /************************************************************************* Routine to search the nisplus passwd file for an entry matching the username *************************************************************************/ -struct smb_passwd *getnisppwnam(int uid) +struct smb_passwd *getnisppwuid(int smb_userid) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - char linebuf[256]; - char readbuf[16 * 1024]; - unsigned char c; - unsigned char *p; - long linebuf_len; - FILE *fp; - int lockfd; - char *pfile = lp_smb_passwd_file(); nis_result *result; - nis_object *obj; - char *nisname, *nisnamefmt; + pstring nisname; + BOOL ret; - if (!*pfile) + if (!*lp_smb_passwd_file()) { DEBUG(0, ("No SMB password file set\n")); return NULL; } - DEBUG(10, ("getnisppwuid: search by uid: %d\n", uid)); - DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", pfile)); - - nisnamefmt = "[uid=%d],%s"; - nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile)+ sizeof(smb_userid)); - - if (!nisname) - { - DEBUG(0,("getnisppwuid: Can't allocate nisname")); - return NULL; - } + DEBUG(10, ("getnisppwuid: search by uid: %d\n", smb_userid)); + DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", lp_smb_passwd_file())); - safe_sprintf(nisname, nisnamefmt, smb_userid, pfile); + slprintf(nisname, sizeof(nisname), "[uid=%d],%s", smb_userid, lp_smb_passwd_file()); /* Search the table. */ gotalarm = 0; @@ -307,7 +442,6 @@ struct smb_passwd *getnisppwnam(int uid) alarm(5); result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - free(nisname); alarm(0); signal(SIGALRM, SIGNAL_CAST SIG_DFL); @@ -327,4 +461,4 @@ struct smb_passwd *getnisppwnam(int uid) #else static void dummy_function(void) { } /* stop some compilers complaining */ -#endif /* NISPLUS */ +#endif /* USE_NISPLUS_DB */ diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index a31f54582a..9df88bf6d3 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -57,11 +57,17 @@ DOM_SID global_machine_sid; ****************************************************************/ void *startsampwent(BOOL update) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return startnisppwent(update); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return startldappwent(update); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return startsmbpwent(update); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /*************************************************************** @@ -69,11 +75,17 @@ void *startsampwent(BOOL update) ****************************************************************/ void endsampwent(void *vp) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + endnisppwent(vp); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB endldappwent(vp); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB endsmbpwent(vp); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************* @@ -81,11 +93,46 @@ void endsampwent(void *vp) *************************************************************************/ struct smb_passwd *getsampwent(void *vp) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return getnisppwent(vp); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return getldappwent(vp); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return getsmbpwent(vp); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ +} + +/************************************************************************* + Routine to return the next entry in the sam passwd list. + *************************************************************************/ +struct sam_disp_info *getsamdispent(void *vp) +{ + struct sam_passwd *pwd = NULL; + static struct sam_disp_info disp_info; + +#ifdef USE_NISPLUS_DB + pwd = getnisp21pwent(vp); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB + pwd = getldap21pwent(vp); +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB + pwd = getsmb21pwent(vp); +#endif /* USE_SMBPASS_DB */ + + if (pwd == NULL) return NULL; + + disp_info.smb_name = pwd->smb_name; + disp_info.full_name = pwd->full_name; + disp_info.user_rid = pwd->user_rid; + + return &disp_info; } /************************************************************************* @@ -93,11 +140,17 @@ struct smb_passwd *getsampwent(void *vp) *************************************************************************/ struct sam_passwd *getsam21pwent(void *vp) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return getnisp21pwent(vp); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return getldap21pwent(vp); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return getsmb21pwent(vp); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************* @@ -106,11 +159,17 @@ struct sam_passwd *getsam21pwent(void *vp) *************************************************************************/ unsigned long getsampwpos(void *vp) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return getnisppwpos(vp); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return getldappwpos(vp); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return getsmbpwpos(vp); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************* @@ -119,11 +178,17 @@ unsigned long getsampwpos(void *vp) *************************************************************************/ BOOL setsampwpos(void *vp, unsigned long tok) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return setnisppwpos(vp, tok); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return setldappwpos(vp, tok); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return setsmbpwpos(vp, tok); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -131,11 +196,17 @@ BOOL setsampwpos(void *vp, unsigned long tok) *************************************************************************/ BOOL add_sampwd_entry(struct smb_passwd *newpwd) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return add_nisppwd_entry(newpwd); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return add_ldappwd_entry(newpwd); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return add_smbpwd_entry(newpwd); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -143,16 +214,17 @@ BOOL add_sampwd_entry(struct smb_passwd *newpwd) *************************************************************************/ BOOL add_sam21pwd_entry(struct sam_passwd *newpwd) { -#if 0 -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return add_nisp21pwd_entry(newpwd); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return add_ldap21pwd_entry(newpwd); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return add_smb21pwd_entry(newpwd); -#endif /* USE_LDAP */ -#else - DEBUG(0,("add_sam21pwd_entry() - under development\n")); - return False; -#endif +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -165,11 +237,17 @@ BOOL add_sam21pwd_entry(struct sam_passwd *newpwd) ************************************************************************/ BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return mod_nisppwd_entry(pwd, override); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return mod_ldappwd_entry(pwd, override); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return mod_smbpwd_entry(pwd, override); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -182,16 +260,17 @@ BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override) ************************************************************************/ BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override) { -#if 0 -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return mod_nisp21pwd_entry(pwd, override); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return mod_ldap21pwd_entry(pwd, override); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return mod_smb21pwd_entry(pwd, override); -#endif /* USE_LDAP */ -#else - DEBUG(0,("mod_sam21pwd_entry() - under development\n")); - return False; -#endif +#endif /* USE_SMBPASS_DB */ } /********************************************************** @@ -242,11 +321,17 @@ static struct smb_passwd *_getsampwnam(char *name) *************************************************************************/ struct smb_passwd *getsampwnam(char *name) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return _getsampwnam(name); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return _getsampwnam(name); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return _getsampwnam(name); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -258,14 +343,14 @@ static struct sam_passwd *_getsam21pwnam(char *name) struct sam_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("getsam21pwnam: search by name: %s\n", name)); + DEBUG(10, ("_getsam21pwnam: search by name: %s\n", name)); /* Open the sam password file - not for update. */ fp = startsampwent(False); if (fp == NULL) { - DEBUG(0, ("getsam21pwnam: unable to open sam password database.\n")); + DEBUG(0, ("_getsam21pwnam: unable to open sam password database.\n")); return NULL; } @@ -273,7 +358,7 @@ static struct sam_passwd *_getsam21pwnam(char *name) if (pwd != NULL) { - DEBUG(10, ("getsam21pwnam: found by name: %s\n", name)); + DEBUG(10, ("_getsam21pwnam: found by name: %s\n", name)); } endsampwent(fp); @@ -285,11 +370,17 @@ static struct sam_passwd *_getsam21pwnam(char *name) *************************************************************************/ struct sam_passwd *getsam21pwnam(char *name) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB return _getsam21pwnam(name); -#else +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB + return _getsam21pwnam(name); +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return _getsam21pwnam(name); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } /************************************************************************ @@ -328,11 +419,17 @@ static struct smb_passwd *_getsampwuid(uid_t smb_userid) *************************************************************************/ struct smb_passwd *getsampwuid(uid_t smb_userid) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB + return _getsampwuid(smb_userid); +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return _getsampwuid(smb_userid); -#else +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB return _getsampwuid(smb_userid); -#endif /* USE_LDAP */ +#endif /* USE_SMBPASS_DB */ } @@ -340,19 +437,19 @@ struct smb_passwd *getsampwuid(uid_t smb_userid) Routine to search sam passwd by rid. use this if your database does not have search facilities. *************************************************************************/ -struct sam_passwd *_getsam21pwrid(uint32 rid) +static struct sam_passwd *_getsam21pwrid(uint32 rid) { struct sam_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("getsam21pwrid: search by rid: %x\n", rid)); + DEBUG(10, ("_getsam21pwrid: search by rid: %x\n", rid)); /* Open the sam password file - not for update. */ fp = startsampwent(False); if (fp == NULL) { - DEBUG(0, ("getsam21pwrid: unable to open sam password database.\n")); + DEBUG(0, ("_getsam21pwrid: unable to open sam password database.\n")); return NULL; } @@ -360,7 +457,7 @@ struct sam_passwd *_getsam21pwrid(uint32 rid) if (pwd != NULL) { - DEBUG(10, ("getsam21pwrid: found by smb_userid: %x\n", rid)); + DEBUG(10, ("_getsam21pwrid: found by smb_userid: %x\n", rid)); } endsmbpwent(fp); @@ -372,11 +469,17 @@ struct sam_passwd *_getsam21pwrid(uint32 rid) *************************************************************************/ struct sam_passwd *getsam21pwrid(uint32 rid) { -#ifdef USE_LDAP +#ifdef USE_NISPLUS_DB return _getsam21pwrid(rid); -#else +#endif /* USE_NISPLUS_DB */ + +#ifdef USE_LDAP_DB return _getsam21pwrid(rid); -#endif /* USE_LDAP */ +#endif /* USE_LDAP_DB */ + +#ifdef USE_SMBPASS_DB + return _getsam21pwrid(rid); +#endif /* USE_SMBPASS_DB */ } @@ -389,10 +492,62 @@ struct sam_passwd *getsam21pwrid(uint32 rid) ********************************************************** **********************************************************/ +/******************************************************************* + gets password-database-format time from a string. + ********************************************************************/ +static time_t get_time_from_string(char *p) +{ + int i; + + for (i = 0; i < 8; i++) + { + if (p[i] == '\0' || !isxdigit(p[i])) + break; + } + if (i == 8) + { + /* + * p points at 8 characters of hex digits - + * read into a time_t as the seconds since + * 1970 that the password was last changed. + */ + return (time_t)strtol((char *)p, NULL, 16); + } + return (time_t)-1; +} + +/******************************************************************* + gets password last set time + ********************************************************************/ +time_t pdb_get_last_set_time(char *p) +{ + if (*p && StrnCaseCmp((char *)p, "LCT-", 4)) + { + return get_time_from_string(p + 4); + } + return (time_t)-1; +} + + +/******************************************************************* + sets password-database-format time in a string. + ********************************************************************/ +static set_time_in_string(char *p, int max_len, char *type, time_t t) +{ + slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); +} + +/******************************************************************* + sets password last set time + ********************************************************************/ +void pdb_set_last_set_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LCT", t); +} /********************************************************** Encode the account control bits into a string. **********************************************************/ -char *encode_acct_ctrl(uint16 acct_ctrl) +char *pdb_encode_acct_ctrl(uint16 acct_ctrl) { static fstring acct_str; char *p = acct_str; @@ -421,7 +576,7 @@ char *encode_acct_ctrl(uint16 acct_ctrl) reason: vertical line-up code clarity - all case statements fit into 15 lines, which is more important. **********************************************************/ -uint16 decode_acct_ctrl(char *p) +uint16 pdb_decode_acct_ctrl(char *p) { uint16 acct_ctrl = 0; BOOL finished = False; @@ -471,7 +626,7 @@ uint16 decode_acct_ctrl(char *p) Routine to get the next 32 hex characters and turn them into a 16 byte array. **************************************************************/ -int gethexpwd(char *p, char *pwd) +int pdb_gethexpwd(char *p, char *pwd) { int i; unsigned char lonybble, hinybble; @@ -497,7 +652,7 @@ int gethexpwd(char *p, char *pwd) /******************************************************************* Group and User RID username mapping function ********************************************************************/ -BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) +BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) { struct passwd *pw = Get_Pwnam(user_name, False); @@ -536,7 +691,6 @@ BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) /**************************************************************************** Read the machine SID from a file. ****************************************************************************/ - static BOOL read_sid_from_file(int fd, char *sid_file) { fstring fline; @@ -564,8 +718,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file) Generate the global machine sid. Look for the MACHINE.SID file first, if not found then look in smb.conf and use it to create the MACHINE.SID file. ****************************************************************************/ - -BOOL generate_machine_sid(void) +BOOL pdb_generate_machine_sid(void) { int fd; char *p; @@ -722,7 +875,7 @@ Error was %s\n", sid_file, strerror(errno) )); /******************************************************************* converts NT User RID to a UNIX uid. ********************************************************************/ -uid_t user_rid_to_uid(uint32 u_rid) +uid_t pdb_user_rid_to_uid(uint32 u_rid) { return (uid_t)(u_rid - 1000); } @@ -730,7 +883,7 @@ uid_t user_rid_to_uid(uint32 u_rid) /******************************************************************* converts NT Group RID to a UNIX uid. ********************************************************************/ -uid_t group_rid_to_uid(uint32 u_gid) +uid_t pdb_group_rid_to_uid(uint32 u_gid) { return (uid_t)(u_gid - 1000); } @@ -738,7 +891,7 @@ uid_t group_rid_to_uid(uint32 u_gid) /******************************************************************* converts UNIX uid to an NT User RID. ********************************************************************/ -uint32 uid_to_user_rid(uint32 uid) +uint32 pdb_uid_to_user_rid(uint32 uid) { return (uint32)(uid + 1000); } @@ -746,7 +899,7 @@ uint32 uid_to_user_rid(uint32 uid) /******************************************************************* converts NT Group RID to a UNIX uid. ********************************************************************/ -uint32 gid_to_group_rid(uint32 gid) +uint32 pdb_gid_to_group_rid(uint32 gid) { return (uint32)(gid + 1000); } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 3b93b28a1e..faaf9c5ccb 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -416,7 +416,7 @@ struct smb_passwd *getsmbpwent(void *vp) pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_PWNOTREQ; } else { - if (!gethexpwd((char *)p, (char *)smbpwd)) { + if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) { DEBUG(0, ("getsmbpwent: Malformed Lanman password entry (non hex chars)\n")); continue; } @@ -433,7 +433,7 @@ struct smb_passwd *getsmbpwent(void *vp) the lanman password. */ if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { if (*p != '*' && *p != 'X') { - if(gethexpwd((char *)p,(char *)smbntpwd)) + if(pdb_gethexpwd((char *)p,(char *)smbntpwd)) pw_buf.smb_nt_passwd = smbntpwd; } p += 33; /* Move to the first character of the line after @@ -523,6 +523,17 @@ BOOL setsmbpwpos(void *vp, unsigned long tok) do not call this function directly. use passdb.c instead. *************************************************************************/ +BOOL add_smb21pwd_entry(struct sam_passwd *newpwd) +{ + return False; +} + +/************************************************************************ + Routine to add an entry to the smbpasswd file. + + do not call this function directly. use passdb.c instead. + +*************************************************************************/ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { char *pfile = lp_smb_passwd_file(); @@ -657,6 +668,22 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", do not call this function directly. use passdb.c instead. ************************************************************************/ +BOOL mod_smb21pwd_entry(struct sam_passwd* pwd, BOOL override) +{ + return False; +} + +/************************************************************************ + Routine to search the smbpasswd file for an entry matching the username. + and then modify its password entry. We can't use the startsmbpwent()/ + getsmbpwent()/endsmbpwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out password or NO PASS + + do not call this function directly. use passdb.c instead. + +************************************************************************/ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { /* Static buffers we will return. */ @@ -1140,7 +1167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t * Get the hex password. */ - if (!gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || + if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || strncmp(&linebuf[33], "TLC-", 4)) { DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); #ifdef DEBUG_PASSWORD |