summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lookup.c14
-rw-r--r--source3/rpc_server/srv_netlog.c177
-rw-r--r--source3/rpc_server/srv_pipe.c33
-rw-r--r--source3/rpc_server/srv_samr.c279
-rw-r--r--source3/rpc_server/srv_util.c8
5 files changed, 234 insertions, 277 deletions
diff --git a/source3/rpc_server/srv_lookup.c b/source3/rpc_server/srv_lookup.c
index e81f3051f3..8b29be62e7 100644
--- a/source3/rpc_server/srv_lookup.c
+++ b/source3/rpc_server/srv_lookup.c
@@ -532,19 +532,19 @@ uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type)
uint32 lookup_added_user_rids(char *user_name,
uint32 *usr_rid, uint32 *grp_rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*usr_rid) = 0;
(*grp_rid) = 0;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*usr_rid) = sam_pass->user_rid ;
- (*grp_rid) = sam_pass->group_rid;
+ (*usr_rid) = pdb_get_user_rid(sam_pass);
+ (*grp_rid) = pdb_get_group_rid(sam_pass);
return 0x0;
}
@@ -556,18 +556,18 @@ uint32 lookup_added_user_rids(char *user_name,
********************************************************************/
uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*rid) = 0;
(*type) = SID_NAME_USER;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*rid) = sam_pass->user_rid;
+ (*rid) = pdb_get_user_rid(sam_pass);
return 0x0;
}
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 9f5d84ee1f..8e2b3819cb 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -264,7 +264,8 @@ static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata,
static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass = NULL;
+ BYTE *pass = NULL;
#if 0
/*
@@ -285,13 +286,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
#endif /* 0 */
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) &&
- (smb_pass->smb_nt_passwd != NULL))
+ if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
+ ((pass=pdb_get_nt_passwd(sampass)) != NULL))
{
- memcpy(md4pw, smb_pass->smb_nt_passwd, 16);
+ memcpy(md4pw, pass, 16);
dump_data(5, md4pw, 16);
return True;
@@ -425,7 +426,7 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
uint32 status = NT_STATUS_WRONG_PASSWORD;
DOM_CRED srv_cred;
pstring mach_acct;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
BOOL ret;
user_struct *vuser;
prs_struct *data = &p->in_data.data;
@@ -454,10 +455,10 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if (smb_pass != NULL) {
+ if (sampass != NULL) {
unsigned char pwd[16];
int i;
@@ -469,12 +470,12 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
- smb_pass->smb_passwd = pwd;
- smb_pass->smb_nt_passwd = pwd;
- smb_pass->acct_ctrl = ACB_WSTRUST;
+ pdb_set_lanman_passwd (sampass, pwd);
+ pdb_set_nt_passwd (sampass, pwd);
+ pdb_set_acct_ctrl (sampass, ACB_WSTRUST);
- become_root();
- ret = mod_smbpwd_entry(smb_pass,False);
+ become_root();
+ ret = pdb_update_sam_account (sampass,False);
unbecome_root();
if (ret) {
@@ -542,8 +543,8 @@ static BOOL api_net_sam_logoff(pipes_struct *p)
net_login_interactive:
*************************************************************************/
-static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass,
- user_struct *vuser)
+static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass,
+ user_struct *vuser)
{
uint32 status = 0x0;
@@ -579,8 +580,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
dump_data(100, nt_pwd, 16);
#endif
- if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 ||
- memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0)
+ if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 ||
+ memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0)
{
status = NT_STATUS_WRONG_PASSWORD;
}
@@ -592,8 +593,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
net_login_network:
*************************************************************************/
-static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
+static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
{
+ BYTE *nt_pwd, *lanman_pwd;
+
DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
id2->hdr_lm_chal_resp.str_str_len,
id2->hdr_nt_chal_resp.str_str_len));
@@ -601,11 +604,12 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
/* JRA. Check the NT password first if it exists - this is a higher quality
password, if it exists and it doesn't match - fail. */
+ nt_pwd = pdb_get_nt_passwd (sampass);
+ lanman_pwd = pdb_get_lanman_passwd (sampass);
if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
- smb_pass->smb_nt_passwd != NULL)
+ nt_pwd != NULL)
{
- if(smb_password_check((char *)id2->nt_chal_resp.buffer,
- smb_pass->smb_nt_passwd,
+ if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd,
id2->lm_chal))
return 0x0;
else
@@ -622,8 +626,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
smb_password_check((char *)id2->lm_chal_resp.buffer,
- smb_pass->smb_passwd,
- id2->lm_chal))
+ lanman_pwd, id2->lm_chal))
{
return 0x0;
}
@@ -646,21 +649,20 @@ static BOOL api_net_sam_logon(pipes_struct *p)
NET_USER_INFO_3 usr_info;
uint32 status = 0x0;
DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ uint16 acct_ctrl;
UNISTR2 *uni_samlogon_user = NULL;
fstring nt_username;
- struct passwd *pw;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
user_struct *vuser = NULL;
if ((vuser = get_valid_user_struct(vuid)) == NULL)
return False;
- memset(&q_l, '\0', sizeof(q_l));
- memset(&ctr, '\0', sizeof(ctr));
- memset(&usr_info, '\0', sizeof(usr_info));
+ ZERO_STRUCT(q_l);
+ ZERO_STRUCT(ctr);
+ ZERO_STRUCT(usr_info);
q_l.sam_id.ctr = &ctr;
@@ -682,8 +684,7 @@ static BOOL api_net_sam_logon(pipes_struct *p)
case INTERACTIVE_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name;
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ",
- lp_workgroup()));
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
break;
case NET_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name;
@@ -699,7 +700,8 @@ static BOOL api_net_sam_logon(pipes_struct *p)
/* check username exists */
- if (status == 0) {
+ if (status == 0)
+ {
pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer,
uni_samlogon_user->uni_str_len));
@@ -709,40 +711,37 @@ static BOOL api_net_sam_logon(pipes_struct *p)
* Convert to a UNIX username.
*/
map_username(nt_username);
-
- /*
- * Do any case conversions.
- */
- pw=Get_Pwnam(nt_username, True);
+ /* get the account information */
become_root();
- smb_pass = getsmbpwnam(nt_username);
+ sampass = pdb_getsampwnam(nt_username);
unbecome_root();
- if (smb_pass == NULL)
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ if (sampass == NULL)
status = NT_STATUS_NO_SUCH_USER;
- else if (smb_pass->acct_ctrl & ACB_PWNOTREQ)
+ else if (acct_ctrl & ACB_PWNOTREQ)
status = 0;
- else if (smb_pass->acct_ctrl & ACB_DISABLED)
+ else if (acct_ctrl & ACB_DISABLED)
status = NT_STATUS_ACCOUNT_DISABLED;
}
/* Validate password - if required. */
- if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
+ if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) {
switch (q_l.sam_id.logon_level) {
case INTERACTIVE_LOGON_TYPE:
/* interactive login. */
status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
- smb_pass, vuser);
+ sampass, vuser);
break;
case NET_LOGON_TYPE:
/* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass);
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass);
break;
}
}
-
+
/* lkclXXXX this is the point at which, if the login was
successful, that the SAM Local Security Authority should
record that the user is logged in to the domain.
@@ -753,49 +752,47 @@ static BOOL api_net_sam_logon(pipes_struct *p)
if (status == 0) {
DOM_GID *gids = NULL;
int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
pstring my_name;
pstring my_workgroup;
pstring domain_groups;
- uint32 r_uid;
- uint32 r_gid;
- fstring full_name;
/* set up pointer indicating user/password failed to be found */
usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
+
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
+
+ /*
+ * All this information should be filled in from the
+ * passdb information
+ */
sam_logon_in_ssb = True;
pstrcpy(samlogon_user, nt_username);
- pstrcpy(logon_script, lp_logon_script());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script);
+#if 0
+ gid = pdb_get_gid(sampass);
- pstrcpy(profile_path, lp_logon_path());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path);
-
- pstrcpy(my_workgroup, lp_workgroup());
+ pstrcpy(str, pdb_get_logon_script(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_logon_script(sampass, str);
+
+ pstrcpy(str, pdb_get_profile_path(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_profile_path(sampass, str);
+
+ pstrcpy(str, pdb_get_homedir(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_homedir(sampass, str);
- pstrcpy(home_drive, lp_logon_drive());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive);
+ fstrcpy(full_name, "<Full Name>");
+ if (lp_unix_realname())
+ fstrcpy(full_name, pdb_get_fullname(sampass));
+#endif
- pstrcpy(home_dir, lp_logon_home());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir);
-
+ pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(my_name, global_myname);
strupper(my_name);
- fstrcpy(full_name, "<Full Name>");
- if (lp_unix_realname())
- fstrcpy(full_name, pw->pw_gecos);
/*
* This is the point at which we get the group
@@ -815,40 +812,32 @@ static BOOL api_net_sam_logon(pipes_struct *p)
sam_logon_in_ssb = False;
+ /*
+ * This next call is where the 'domain admin users' parameter
+ * gets mapped. I'm leaving it out for now. The user and group rid
+ * has already been mapped into the SAM_ACCOUNT struct. I don't
+ * think this should be overridden here. The correct solution
+ * is proper group memberships and mapping. --jerry
+ */
+#if 0
if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
- init_net_user_info3(&usr_info,
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- nt_username , /* user_name */
- full_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
+#endif
+ init_net_user_info3(&usr_info, sampass,
0, /* logon_count */
0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
-
NULL, /* char sess_key[16] */
-
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
-
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
+
+#if 0
else
status = NT_STATUS_NO_SUCH_USER;
+#endif
/* Free any allocated groups array. */
if(gids)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 4cb57c69d8..d15f045252 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -270,10 +270,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
fstring domain;
fstring wks;
BOOL guest_user = False;
- struct smb_passwd *smb_pass = NULL;
- struct passwd *pass = NULL;
- uchar null_smb_passwd[16];
- uchar *smb_passwd_ptr = NULL;
+ SAM_ACCOUNT *sam_pass = NULL;
+ BYTE null_smb_passwd[16];
+ BYTE *smb_passwd_ptr = NULL;
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
@@ -359,7 +358,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
return False;
}
-
+/* unnecessary as the passdb validates the user before returning --jerry */
+#if 0
/*
* Find the user in the unix password db.
*/
@@ -369,6 +369,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
return(False);
}
+#endif /* 0 */
+
if(!guest_user) {
become_root();
@@ -381,8 +383,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
return False;
}
- if(!(smb_pass = getsmbpwnam(pipe_user_name))) {
- DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
+ if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n",
pipe_user_name));
unbecome_root();
return False;
@@ -390,24 +392,24 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
unbecome_root();
- if (smb_pass == NULL) {
- DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n",
+ if (sam_pass == NULL) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n",
pipe_user_name));
return(False);
}
/* Quit if the account was disabled. */
- if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) {
+ if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) {
DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
return(False);
}
- if(!smb_pass->smb_nt_passwd) {
+ if(!pdb_get_nt_passwd(sam_pass)) {
DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
return(False);
}
- smb_passwd_ptr = smb_pass->smb_passwd;
+ smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass);
}
/*
@@ -457,9 +459,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
/*
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
-
- p->pipe_user.uid = pass->pw_uid;
- p->pipe_user.gid = pass->pw_gid;
+ p->pipe_user.uid = pdb_get_uid(sam_pass);
+ p->pipe_user.gid = pdb_get_gid(sam_pass);
/* Set up pipe user group membership. */
initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
@@ -467,7 +468,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
/* Create an NT_USER_TOKEN struct for this user. */
p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
- p->pipe_user.ngroups, p->pipe_user.groups);
+ p->pipe_user.ngroups, p->pipe_user.groups);
p->ntlmssp_auth_validated = True;
return True;
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 72a86c8d80..dcb5b9c9e3 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -40,27 +40,26 @@ extern rid_name builtin_alias_rids[];
dynamically returns the correct user info..... JRA.
********************************************************************/
-static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
- int start_idx,
+static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
int *total_entries, int *num_entries,
- int max_num_entries,
- uint16 acb_mask)
+ int max_num_entries, uint16 acb_mask)
{
- void *vp = NULL;
- struct sam_passwd *pwd = NULL;
+ SAM_ACCOUNT *pwd = NULL;
(*num_entries) = 0;
(*total_entries) = 0;
- if (pw_buf == NULL) return False;
+ if (pw_buf == NULL)
+ return False;
- vp = startsmbpwent(False);
- if (!vp) {
- DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
+ if (!pdb_setsampwent(False))
+ {
+ DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
return False;
}
- while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) {
+ while ( ((pwd=pdb_getsampwent()) != NULL) && ((*num_entries) < max_num_entries) )
+ {
int user_name_len;
if (start_idx > 0) {
@@ -71,34 +70,38 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
continue;
}
- user_name_len = strlen(pwd->smb_name)+1;
- init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
+ user_name_len = strlen(pdb_get_username(pwd))+1;
+ init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pdb_get_username(pwd), user_name_len);
init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
- pw_buf[(*num_entries)].user_rid = pwd->user_rid;
+ pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd);
memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
/* Now check if the NT compatible password is available. */
- if (pwd->smb_nt_passwd != NULL) {
- memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
+ if (pdb_get_nt_passwd(pwd) != NULL)
+ {
+ memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
}
- pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
+ pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd);
DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
- (*num_entries), pwd->smb_name,
- pwd->user_rid, pwd->acct_ctrl));
+ (*num_entries), pdb_get_username(pwd),
+ pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)));
- if (acb_mask == 0 || (pwd->acct_ctrl & acb_mask)) {
+ if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask))
+ {
DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
(*num_entries)++;
- } else {
+ }
+ else
+ {
DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
}
(*total_entries)++;
}
- endsmbpwent(vp);
+ pdb_endsampwent();
return (*num_entries) > 0;
}
@@ -1046,7 +1049,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
for (i = 0; i < num_rids && status == 0; i++)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
fstring user_name;
@@ -1055,7 +1058,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
/* find the user account */
become_root();
- sam_pass = get_smb21pwd_entry(user_name, 0);
+ sam_pass = pdb_getsampwnam(user_name);
unbecome_root();
if (sam_pass == NULL)
@@ -1065,7 +1068,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
}
else
{
- rid[i] = sam_pass->user_rid;
+ rid[i] = pdb_get_user_rid(sam_pass);
}
}
#endif
@@ -1379,7 +1382,7 @@ static BOOL api_samr_lookup_rids(pipes_struct *p)
********************************************************************/
static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY_HND *user_pol)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
DOM_SID sid;
/* find the domain policy handle. */
@@ -1391,7 +1394,7 @@ static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
become_root();
- sam_pass = getsam21pwrid(user_rid);
+ sam_pass = pdb_getsampwrid(user_rid);
unbecome_root();
/* check that the RID exists in our domain. */
@@ -1455,7 +1458,7 @@ static BOOL api_samr_open_user(pipes_struct *p)
*************************************************************************/
static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
if (!pdb_rid_is_user(user_rid))
{
@@ -1464,18 +1467,18 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
}
become_root();
- smb_pass = getsmbpwrid(user_rid);
+ sampass = pdb_getsampwrid(user_rid);
unbecome_root();
- if (smb_pass == NULL)
+ if (sampass == NULL)
{
DEBUG(4,("User 0x%x not found\n", user_rid));
return False;
}
- DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(sampass)));
- init_sam_user_info10(id10, smb_pass->acct_ctrl);
+ init_sam_user_info10(id10, pdb_get_acct_ctrl(sampass));
return True;
}
@@ -1485,10 +1488,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
*************************************************************************/
static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
{
- NTTIME dummy_time;
- struct sam_passwd *sam_pass;
- LOGON_HRS hrs;
- int i;
+ SAM_ACCOUNT *sam_pass;
if (!pdb_rid_is_user(user_rid))
{
@@ -1497,7 +1497,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
}
become_root();
- sam_pass = getsam21pwrid(user_rid);
+ sam_pass = pdb_getsampwrid(user_rid);
unbecome_root();
if (sam_pass == NULL)
@@ -1506,50 +1506,9 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
return False;
}
- DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
- DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(sam_pass)));
- /* create a LOGON_HRS structure */
- hrs.len = sam_pass->hours_len;
- SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
- for (i = 0; i < hrs.len; i++)
- {
- hrs.hours[i] = sam_pass->hours[i];
- }
-
- init_sam_user_info21(id21,
-
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- sam_pass->smb_name, /* user_name */
- sam_pass->full_name, /* full_name */
- sam_pass->home_dir, /* home_dir */
- sam_pass->dir_drive, /* dir_drive */
- sam_pass->logon_script, /* logon_script */
- sam_pass->profile_path, /* profile_path */
- sam_pass->acct_desc, /* description */
- sam_pass->workstations, /* workstations user can log in from */
- sam_pass->unknown_str, /* don't know, yet */
- sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */
-
- sam_pass->user_rid, /* RID user_id */
- sam_pass->group_rid, /* RID group_id */
- sam_pass->acct_ctrl,
-
- sam_pass->unknown_3, /* unknown_3 */
- sam_pass->logon_divs, /* divisions per week */
- &hrs, /* logon hours */
- sam_pass->unknown_5,
- sam_pass->unknown_6);
+ init_sam_user_info21(id21, sam_pass);
return True;
}
@@ -1670,7 +1629,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
SAMR_R_QUERY_USERGROUPS r_u;
uint32 status = 0x0;
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
DOM_GID *gids = NULL;
int num_groups = 0;
uint32 rid;
@@ -1692,7 +1651,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
if (status == 0x0)
{
become_root();
- sam_pass = getsam21pwrid(rid);
+ sam_pass = pdb_getsampwrid(rid);
unbecome_root();
if (sam_pass == NULL)
@@ -1704,7 +1663,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
if (status == 0x0)
{
pstring groups;
- get_domain_user_groups(groups, sam_pass->smb_name);
+ get_domain_user_groups(groups, pdb_get_username(sam_pass));
gids = NULL;
num_groups = make_dom_gids(groups, &gids);
}
@@ -1828,7 +1787,7 @@ static BOOL api_samr_query_dom_info(pipes_struct *p)
static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint32 acb_info, uint32 access_mask,
POLICY_HND *user_pol, uint32 *unknown0, uint32 *user_rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
fstring mach_acct;
pstring err_str;
pstring msg_str;
@@ -1849,9 +1808,10 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint
strlower(mach_acct);
become_root();
- sam_pass = getsam21pwnam(mach_acct);
+ sam_pass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if (sam_pass != NULL) {
+ if (sam_pass != NULL)
+ {
/* machine account exists: say so */
return NT_STATUS_USER_EXISTS;
}
@@ -1875,14 +1835,16 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint
smb_create_user(mach_acct);
/* add the user in the smbpasswd file or the Samba authority database */
- if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) {
+ if (!local_password_change(mach_acct, local_flags, NULL, err_str,
+ sizeof(err_str), msg_str, sizeof(msg_str)))
+ {
DEBUG(0, ("%s\n", err_str));
close_lsa_policy_hnd(user_pol);
return NT_STATUS_ACCESS_DENIED;
}
become_root();
- sam_pass = getsam21pwnam(mach_acct);
+ sam_pass = pdb_getsampwnam(mach_acct);
unbecome_root();
if (sam_pass == NULL) {
/* account doesn't exist: say so */
@@ -1909,8 +1871,8 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- *unknown0=0x000703ff;
- *user_rid=sam_pass->user_rid;
+ *unknown0 = 0x000703ff;
+ *user_rid = pdb_get_user_rid(sam_pass);
return NT_STATUS_NO_PROBLEMO;
}
@@ -2219,8 +2181,7 @@ static BOOL api_samr_open_alias(pipes_struct *p)
********************************************************************/
static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
if (id10 == NULL) {
DEBUG(5, ("set_user_info_10: NULL id10\n"));
@@ -2230,11 +2191,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
if (pwd == NULL)
return False;
- copy_sam_passwd(&new_pwd, pwd);
+ pdb_set_acct_ctrl(pwd, id10->acb_info);
- new_pwd.acct_ctrl = id10->acb_info;
-
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
@@ -2243,12 +2202,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
/*******************************************************************
set_user_info_12
********************************************************************/
-static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid)
+static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
if (pwd == NULL)
return False;
@@ -2258,16 +2214,10 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid)
return False;
}
- pdb_init_sam(&new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
-
- memcpy(nt_hash, id12->nt_pwd, sizeof(nt_hash));
- memcpy(lm_hash, id12->lm_pwd, sizeof(lm_hash));
+ pdb_set_lanman_passwd (pwd, id12->lm_pwd);
+ pdb_set_nt_passwd (pwd, id12->nt_pwd);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
-
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
@@ -2278,10 +2228,8 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid)
********************************************************************/
static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT new_pwd;
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
@@ -2291,25 +2239,34 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid)
if (pwd == NULL)
return False;
+ /* Zero out struct and set a few initial items */
pdb_init_sam(&new_pwd);
+
+ /* FIXME!! these two calls may need to be fixed. copy_sam_passwd()
+ uses static strings and copy_id21..() reassigns some
+ strings. Right now there is no memory leaks, but if
+ the internals of copy_sam_passwd() changes to use dynamically
+ allocated strings, this will need to be fixed --jerry */
copy_sam_passwd(&new_pwd, pwd);
copy_id21_to_sam_passwd(&new_pwd, id21);
- if (pwd->smb_nt_passwd != NULL) {
- memcpy(nt_hash, pwd->smb_nt_passwd, 16);
- new_pwd.smb_nt_passwd = nt_hash;
- } else
- new_pwd.smb_nt_passwd = NULL;
+ /* passwords are not copied as part of copy_sam_passwd() */
+ if (pdb_get_nt_passwd(pwd) != NULL)
+ pdb_set_nt_passwd (&new_pwd, pdb_get_nt_passwd(pwd));
- if (pwd->smb_nt_passwd != NULL) {
- memcpy(lm_hash, pwd->smb_passwd, 16);
- new_pwd.smb_passwd = lm_hash;
- } else
- new_pwd.smb_passwd = NULL;
+ if (pdb_get_lanman_passwd(pwd) != NULL)
+ pdb_set_lanman_passwd (&new_pwd, pdb_get_lanman_passwd(pwd));
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(&new_pwd, True))
return False;
+ /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam()
+ because copy_sam_passwd uses static arrays. Therefore,
+ we will manually free the password pointers here. This
+ needs to be fixed. ---jerry */
+ if (new_pwd.nt_pw) free (new_pwd.nt_pw);
+ if (new_pwd.lm_pw) free (new_pwd.lm_pw);
+
return True;
}
@@ -2318,10 +2275,10 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid)
********************************************************************/
static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT new_pwd;
+ BYTE nt_hash[16];
+ BYTE lm_hash[16];
pstring buf;
uint32 len;
@@ -2337,23 +2294,30 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
copy_sam_passwd(&new_pwd, pwd);
copy_id23_to_sam_passwd(&new_pwd, id23);
- if (!decode_pw_buffer((const char *)id23->pass, buf, 256, &len))
+ if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len))
return False;
nt_lm_owf_gen(buf, nt_hash, lm_hash);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
+ pdb_set_lanman_passwd (&new_pwd, lm_hash);
+ pdb_set_nt_passwd (&new_pwd, nt_hash);
/* update the UNIX password */
if (lp_unix_password_sync())
- if(!chgpasswd(new_pwd.smb_name, "", buf, True))
+ if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True))
return False;
memset(buf, 0, sizeof(buf));
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(&new_pwd, True))
return False;
+
+ /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam()
+ because copy_sam_passwd uses static arrays. Therefore,
+ we will manually free the password pointers here. This
+ needs to be fixed. ---jerry */
+ if (new_pwd.nt_pw) free (new_pwd.nt_pw);
+ if (new_pwd.lm_pw) free (new_pwd.lm_pw);
return True;
}
@@ -2363,40 +2327,38 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
********************************************************************/
static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ uchar nt_hash[16];
+ uchar lm_hash[16];
uint32 len;
pstring buf;
if (pwd == NULL)
return False;
- pdb_init_sam(&new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
-
memset(buf, 0, sizeof(buf));
- if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len))
+ if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len))
return False;
-DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n"));
+ DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n"));
+
nt_lm_owf_gen(buf, nt_hash, lm_hash);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
+ pdb_set_lanman_passwd (pwd, lm_hash);
+ pdb_set_nt_passwd (pwd, nt_hash);
/* update the UNIX password */
if (lp_unix_password_sync())
- if(!chgpasswd(new_pwd.smb_name, "", buf, True))
+ if(!chgpasswd(pdb_get_username(pwd), "", buf, True))
return False;
memset(buf, 0, sizeof(buf));
-DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n"));
+
+ DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n"));
/* update the SAMBA password */
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
@@ -2405,19 +2367,23 @@ DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n"));
/*******************************************************************
samr_reply_set_userinfo
********************************************************************/
-static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR *ctr, pipes_struct *p)
+static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value,
+ SAM_USERINFO_CTR *ctr, pipes_struct *p)
{
uint32 rid = 0x0;
DOM_SID sid;
struct current_user user;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sam_pass;
unsigned char sess_key[16];
DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
- if (p->ntlmssp_auth_validated) {
+ if (p->ntlmssp_auth_validated)
+ {
memcpy(&user, &p->pipe_user, sizeof(user));
- } else {
+ }
+ else
+ {
extern struct current_user current_user;
memcpy(&user, &current_user, sizeof(user));
}
@@ -2447,15 +2413,16 @@ static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERI
*/
become_root();
- smb_pass = getsmbpwuid(user.uid);
+ sam_pass = pdb_getsampwuid(user.uid);
unbecome_root();
- if(smb_pass == NULL) {
- DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid ));
+ if(sam_pass == NULL) {
+ DEBUG(0,("_samr_set_userinfo: Unable to get passdb entry for uid %u\n",
+ (unsigned int)pdb_get_uid(sam_pass) ));
return NT_STATUS_ACCESS_DENIED;
}
memset(sess_key, '\0', 16);
- mdfour(sess_key, smb_pass->smb_nt_passwd, 16);
+ mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16);
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index ba13f0ed7a..8349b7add6 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -271,7 +271,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
/* ok, it's a user. find the user account */
become_root();
- disp_info = getsamdisprid(rid);
+ disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid));
unbecome_root();
if (disp_info != NULL)
@@ -328,17 +328,17 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
********************************************************************/
uint32 lookup_user_rid(char *user_name, uint32 *rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*rid) = 0;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = pdb_getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*rid) = sam_pass->user_rid;
+ *rid = pdb_get_user_rid(sam_pass);
return 0x0;
}
generated by cgit (git 2.34.1) at 2024-09-11 00:14:55 +0000