summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c186
-rw-r--r--source3/smbd/lanman.c12
-rw-r--r--source3/smbd/password.c104
-rw-r--r--source3/smbd/reply.c18
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/smbd/uid.c2
6 files changed, 168 insertions, 156 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 1f1ee96713..ba68557fdf 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -52,6 +52,7 @@
#include "includes.h"
extern int DEBUGLEVEL;
+extern struct passdb_ops pdb_ops;
#if ALLOW_CHANGE_PASSWORD
@@ -541,62 +542,64 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
************************************************************/
BOOL check_lanman_password(char *user, uchar * pass1,
- uchar * pass2, struct smb_passwd **psmbpw)
+ uchar * pass2, SAM_ACCOUNT **hnd)
{
static uchar null_pw[16];
uchar unenc_new_pw[16];
uchar unenc_old_pw[16];
- struct smb_passwd *smbpw;
-
- *psmbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ uint16 acct_ctrl;
+ BYTE *lanman_pw;
become_root();
- smbpw = getsmbpwnam(user);
+ sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("check_lanman_password: getsmbpwnam returned NULL\n"));
+ DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
return False;
}
+
+ acct_ctrl = pdb_get_acct_ctrl (sampass);
+ lanman_pw = pdb_get_lanman_passwd (sampass);
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("check_lanman_password: account %s disabled.\n",
+ DEBUG(0,("check_lanman_password: account %s disabled.\n",
user));
return False;
}
- if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
+ if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ))
{
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd (sampass, null_pw);
}
- else if (smbpw->smb_passwd == NULL)
+ else if (lanman_pw == NULL)
{
DEBUG(0, ("check_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
- D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+ D_P16(lanman_pw, pass2, unenc_new_pw);
/* Use this to get the old lanman hash. */
D_P16(unenc_new_pw, pass1, unenc_old_pw);
/* Check that the two old passwords match. */
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_lanman_password: old password doesn't match.\n"));
+ DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
- *psmbpw = smbpw;
+ /* this saves the pointer for the caller */
+ *hnd = sampass;
+
return True;
}
@@ -606,50 +609,52 @@ BOOL check_lanman_password(char *user, uchar * pass1,
no longer be valid.
************************************************************/
-BOOL change_lanman_password(struct smb_passwd *smbpw, uchar * pass1,
+BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1,
uchar * pass2)
{
static uchar null_pw[16];
uchar unenc_new_pw[16];
BOOL ret;
+ uint16 acct_ctrl;
+ BYTE *pwd;
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("change_lanman_password: no smb password entry.\n"));
+ DEBUG(0,("change_lanman_password: no smb password entry.\n"));
return False;
}
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ pwd = pdb_get_lanman_passwd(sampass);
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("change_lanman_password: account %s disabled.\n",
- smbpw->smb_name));
+ DEBUG(0,("change_lanman_password: account %s disabled.\n",
+ pdb_get_username(sampass)));
return False;
}
- if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
+ if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ))
{
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd(sampass, null_pw);
}
- else if (smbpw->smb_passwd == NULL)
+ else if (pwd == NULL)
{
- DEBUG(0, ("change_lanman_password: no lanman password !\n"));
+ DEBUG(0,("change_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
- D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+ D_P16(pwd, pass2, unenc_new_pw);
- smbpw->smb_passwd = unenc_new_pw;
- smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
+ pdb_set_lanman_passwd(sampass, unenc_new_pw);
+ pdb_set_nt_passwd (sampass, NULL); /* We lose the NT hash. Sorry. */
- /* Now write it into the file. */
+ /* Now flush the sam_passwd struct to persistent storage */
become_root();
- ret = mod_smbpwd_entry(smbpw, False);
+ ret = pdb_update_sam_account (sampass, False);
unbecome_root();
return ret;
@@ -663,10 +668,9 @@ BOOL pass_oem_change(char *user,
uchar * ntdata, uchar * nthash)
{
fstring new_passwd;
- struct smb_passwd *sampw;
+ SAM_ACCOUNT *sampass = NULL;
BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
- &sampw,
- new_passwd, sizeof(new_passwd));
+ &sampass, new_passwd, sizeof(new_passwd));
/*
* At this point we have the new case-sensitive plaintext
@@ -684,7 +688,7 @@ BOOL pass_oem_change(char *user,
if (ret)
{
- ret = change_oem_password(sampw, new_passwd, False);
+ ret = change_oem_password(sampass, new_passwd, False);
}
memset(new_passwd, 0, sizeof(new_passwd));
@@ -702,12 +706,14 @@ BOOL pass_oem_change(char *user,
BOOL check_oem_password(char *user,
uchar * lmdata, uchar * lmhash,
uchar * ntdata, uchar * nthash,
- struct smb_passwd **psmbpw, char *new_passwd,
+ SAM_ACCOUNT **hnd, char *new_passwd,
int new_passwd_size)
{
static uchar null_pw[16];
static uchar null_ntpw[16];
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ BYTE *lanman_pw, *nt_pw;
+ uint16 acct_ctrl;
int new_pw_len;
uchar new_ntp16[16];
uchar unenc_old_ntpw[16];
@@ -718,20 +724,19 @@ BOOL check_oem_password(char *user,
BOOL nt_pass_set = (ntdata != NULL && nthash != NULL);
become_root();
- *psmbpw = smbpw = getsmbpwnam(user);
+ *hnd = sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
return False;
}
-
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("check_lanman_password: account %s disabled.\n",
- user));
+ DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
@@ -740,31 +745,33 @@ BOOL check_oem_password(char *user,
no_pw[1] = 0;
nt_lm_owf_gen(no_pw, null_ntpw, null_pw);
+ /* save pointers to passwords so we don't have to keep looking them up */
+ lanman_pw = pdb_get_lanman_passwd(sampass);
+ nt_pw = pdb_get_nt_passwd (sampass);
+
/* check for null passwords */
- if (smbpw->smb_passwd == NULL)
+ if (lanman_pw == NULL)
{
- if (smbpw->acct_ctrl & ACB_PWNOTREQ)
+ if (acct_ctrl & ACB_PWNOTREQ)
{
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd(sampass, null_pw);
}
else
{
- DEBUG(0,
- ("check_oem_password: no lanman password !\n"));
+ DEBUG(0,("check_oem_password: no lanman password !\n"));
return False;
}
}
- if (smbpw->smb_nt_passwd == NULL && nt_pass_set)
+ if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set)
{
- if (smbpw->acct_ctrl & ACB_PWNOTREQ)
+ if (acct_ctrl & ACB_PWNOTREQ)
{
- smbpw->smb_nt_passwd = null_pw;
+ pdb_set_nt_passwd(sampass, null_pw);
}
else
{
- DEBUG(0,
- ("check_oem_password: no ntlm password !\n"));
+ DEBUG(0,("check_oem_password: no ntlm password !\n"));
return False;
}
}
@@ -772,7 +779,7 @@ BOOL check_oem_password(char *user,
/*
* Call the hash function to get the new password.
*/
- SamOEMhash((uchar *) lmdata, (uchar *) smbpw->smb_passwd, True);
+ SamOEMhash((uchar *) lmdata, (uchar *)lanman_pw, True);
/*
* The length of the new password is in the last 4 bytes of
@@ -782,8 +789,7 @@ BOOL check_oem_password(char *user,
new_pw_len = IVAL(lmdata, 512);
if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1)
{
- DEBUG(0,
- ("check_oem_password: incorrect password length (%d).\n",
+ DEBUG(0,("check_oem_password: incorrect password length (%d).\n",
new_pw_len));
return False;
}
@@ -796,9 +802,7 @@ BOOL check_oem_password(char *user,
int uni_pw_len = new_pw_len;
char *pw;
new_pw_len /= 2;
- pw =
- dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),
- new_pw_len);
+ pw = dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),new_pw_len);
memcpy(new_passwd, pw, new_pw_len + 1);
}
else
@@ -822,10 +826,9 @@ BOOL check_oem_password(char *user,
*/
D_P16(new_p16, lmhash, unenc_old_pw);
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_oem_password: old lm password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
return False;
}
@@ -843,17 +846,15 @@ BOOL check_oem_password(char *user,
D_P16(new_ntp16, lmhash, unenc_old_pw);
D_P16(new_ntp16, nthash, unenc_old_ntpw);
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_oem_password: old lm password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
return False;
}
- if (memcmp(smbpw->smb_nt_passwd, unenc_old_ntpw, 16))
+ if (memcmp(nt_pw, unenc_old_ntpw, 16))
{
- DEBUG(0,
- ("check_oem_password: old nt password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old nt password doesn't match.\n"));
return False;
}
#ifdef DEBUG_PASSWORD
@@ -869,7 +870,7 @@ BOOL check_oem_password(char *user,
override = True, override XXXXXXXXXX'd password
************************************************************/
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd,
+BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd,
BOOL override)
{
int ret;
@@ -878,12 +879,12 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd,
nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
- smbpw->smb_passwd = new_p16;
- smbpw->smb_nt_passwd = new_nt_p16;
+ pdb_set_lanman_passwd (hnd, new_p16);
+ pdb_set_nt_passwd (hnd, new_nt_p16);
/* Now write it into the file. */
become_root();
- ret = mod_smbpwd_entry(smbpw, override);
+ ret = pdb_update_sam_account (hnd, override);
unbecome_root();
memset(new_passwd, '\0', strlen(new_passwd));
@@ -896,45 +897,42 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd,
***********************************************************/
BOOL check_plaintext_password(char *user, char *old_passwd,
- int old_passwd_size, struct smb_passwd **psmbpw)
+ int old_passwd_size, SAM_ACCOUNT **hnd)
{
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
uchar old_pw[16], old_ntpw[16];
become_root();
- *psmbpw = smbpw = getsmbpwnam(user);
+ *hnd = sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("check_plaintext_password: getsmbpwnam returned NULL\n"));
+ DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n"));
return False;
}
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED)
{
- DEBUG(0,
- ("check_plaintext_password: account %s disabled.\n",
- user));
+ DEBUG(0,("check_plaintext_password: account %s disabled.\n", user));
return (False);
}
nt_lm_owf_gen(old_passwd, old_ntpw, old_pw);
#ifdef DEBUG_PASSWORD
- DEBUG(100, ("check_plaintext_password: smbpw->smb_nt_passwd \n"));
- dump_data(100, smbpw->smb_nt_passwd, 16);
+ DEBUG(100, ("check_plaintext_password: nt_passwd \n"));
+ dump_data(100, pdb_get_nt_passwd(sampass), 16);
DEBUG(100, ("check_plaintext_password: old_ntpw \n"));
dump_data(100, old_ntpw, 16);
- DEBUG(100, ("check_plaintext_password: smbpw->smb_passwd \n"));
- dump_data(100, smbpw->smb_passwd, 16);
+ DEBUG(100, ("check_plaintext_password: lanman_passwd \n"));
+ dump_data(100, pdb_get_lanman_passwd, 16);
DEBUG(100, ("check_plaintext_password: old_pw\n"));
dump_data(100, old_pw, 16);
#endif
- if (memcmp(smbpw->smb_nt_passwd, old_ntpw, 16)
- && memcmp(smbpw->smb_passwd, old_pw, 16))
+ if (memcmp(pdb_get_nt_passwd(sampass), old_ntpw, 16)
+ && memcmp(pdb_get_lanman_passwd(sampass), old_pw, 16))
return (False);
else
return (True);
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 944a187ccc..fe6b22a9bf 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1733,7 +1733,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
{
fstring saved_pass2;
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass;
/*
* Save the new password as change_oem_password overwrites it
@@ -1742,8 +1742,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
fstrcpy(saved_pass2, pass2);
- if (check_plaintext_password(user,pass1,strlen(pass1),&smbpw) &&
- change_oem_password(smbpw,pass2,False))
+ if (check_plaintext_password(user,pass1,strlen(pass1),&sampass) &&
+ change_oem_password(sampass,pass2,False))
{
SSVAL(*rparam,0,NERR_Success);
@@ -1784,10 +1784,10 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
if(SVAL(*rparam,0) != NERR_Success)
{
- struct smb_passwd *sampw = NULL;
+ SAM_ACCOUNT *hnd = NULL;
- if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) &&
- change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2))
+ if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) &&
+ change_lanman_password(hnd,(unsigned char *)pass1,(unsigned char *)pass2))
{
SSVAL(*rparam,0,NERR_Success);
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 55c7f0709b..934b3155f3 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -289,15 +289,15 @@ update the encrypted smbpasswd file from the plaintext username and password
*****************************************************************************/
static BOOL update_smbpassword_file(char *user, char *password)
{
- struct smb_passwd *smbpw;
- BOOL ret;
+ SAM_ACCOUNT *sampass = NULL;
+ BOOL ret;
become_root();
- smbpw = getsmbpwnam(user);
+ sampass = pdb_getsampwnam(user);
unbecome_root();
- if(smbpw == NULL) {
- DEBUG(0,("getsmbpwnam returned NULL\n"));
+ if(sampass == NULL) {
+ DEBUG(0,("pdb_getsampwnam returned NULL\n"));
return False;
}
@@ -305,11 +305,11 @@ static BOOL update_smbpassword_file(char *user, char *password)
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
- smbpw->acct_ctrl &= ~ACB_DISABLED;
+ pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED);
/* Here, the flag is one, because we want to ignore the
XXXXXXX'd out password */
- ret = change_oem_password( smbpw, password, True);
+ ret = change_oem_password( sampass, password, True);
if (ret == False) {
DEBUG(3,("change_oem_password returned False\n"));
}
@@ -317,10 +317,6 @@ static BOOL update_smbpassword_file(char *user, char *password)
return ret;
}
-
-
-
-
/****************************************************************************
core of smb password checking routine.
****************************************************************************/
@@ -367,19 +363,22 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
-BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
+BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8],
uchar lm_pass[24], uchar nt_pass[24])
{
uchar challenge[8];
+ char* user_name;
+ BYTE *nt_pw, *lm_pw;
- if (!lm_pass || !smb_pass) return(False);
+ if (!lm_pass || !sampass)
+ return(False);
- DEBUG(4,("Checking SMB password for user %s\n",
- smb_pass->smb_name));
+ user_name = pdb_get_username(sampass);
+
+ DEBUG(4,("Checking SMB password for user %s\n",user_name));
- if(smb_pass->acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("account for user %s was disabled.\n",
- smb_pass->smb_name));
+ if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
+ DEBUG(1,("account for user %s was disabled.\n", user_name));
return(False);
}
@@ -398,35 +397,36 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
memcpy(challenge, chal, 8);
}
- if ((Protocol >= PROTOCOL_NT1) && (smb_pass->smb_nt_passwd != NULL)) {
+ nt_pw = pdb_get_nt_passwd(sampass);
+
+ if ((Protocol >= PROTOCOL_NT1) && (nt_pw != NULL)) {
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
- if (smb_password_check((char *)nt_pass,
- (uchar *)smb_pass->smb_nt_passwd,
- challenge)) {
+ if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge))
+ {
DEBUG(4,("NT MD4 password check succeeded\n"));
return(True);
}
DEBUG(4,("NT MD4 password check failed\n"));
}
- /* Try against the lanman password. smb_pass->smb_passwd == NULL means
- no password, allow access. */
+ /* Try against the lanman password. pdb_get_lanman_passwd(sampass) == NULL
+ means no password, allow access. */
DEBUG(4,("Checking LM MD4 password\n"));
- if((smb_pass->smb_passwd == NULL) &&
- (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
- DEBUG(4,("no password required for user %s\n",
- smb_pass->smb_name));
+ lm_pw = pdb_get_lanman_passwd(sampass);
+
+ if((lm_pw == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
+ {
+ DEBUG(4,("no password required for user %s\n",user_name));
return True;
}
- if((smb_pass->smb_passwd != NULL) &&
- smb_password_check((char *)lm_pass,
- (uchar *)smb_pass->smb_passwd, challenge)) {
+ if((lm_pw != NULL) && smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge))
+ {
DEBUG(4,("LM MD4 password check succeeded\n"));
return(True);
}
@@ -443,18 +443,19 @@ SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
-BOOL pass_check_smb(char *user, char *domain,
- uchar *chal, uchar *lm_pwd, uchar *nt_pwd,
- struct passwd *pwd)
+BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+ uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd)
{
struct passwd *pass;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
if (!lm_pwd || !nt_pwd)
{
return(False);
}
+ /* FIXME! this code looks to be unnecessary now that the passdb
+ validates that the username exists and has a valid uid */
if (pwd != NULL && user == NULL)
{
pass = (struct passwd *) pwd;
@@ -462,6 +463,8 @@ BOOL pass_check_smb(char *user, char *domain,
}
else
{
+ /* I don't get this call here. I think it should be moved.
+ Need to check on it. --jerry */
pass = smb_getpwnam(user,True);
}
@@ -471,38 +474,45 @@ BOOL pass_check_smb(char *user, char *domain,
return(False);
}
- smb_pass = getsmbpwnam(user);
-
- if (smb_pass == NULL)
+ /* get the account information */
+ sampass = pdb_getsampwnam(user);
+ if (sampass == NULL)
{
- DEBUG(1,("Couldn't find user '%s' in smb_passwd file.\n", user));
+ DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user));
return(False);
}
/* Quit if the account was disabled. */
- if(smb_pass->acct_ctrl & ACB_DISABLED) {
+ if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
DEBUG(1,("Account for user '%s' was disabled.\n", user));
return(False);
}
- /* Ensure the uid's match */
+ /* Ensure the uid's match
+ FIXME! This also seems unnecessary --jerry */
+#if 0 /* GWC */
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(0,("Error : UNIX and SMB uids in password files do not match for user '%s'!\n", user));
return(False);
}
+#endif
- if (smb_pass->acct_ctrl & ACB_PWNOTREQ) {
- if (lp_null_passwords()) {
- DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name));
+ if (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)
+ {
+ if (lp_null_passwords())
+ {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user));
return(True);
- } else {
- DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", smb_pass->smb_name));
+ }
+ else
+ {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user));
return(False);
}
}
- if (smb_password_ok(smb_pass, chal, lm_pwd, nt_pwd))
+ if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd))
{
return(True);
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4fd9f9c42d..fa8aa11277 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -439,16 +439,19 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
char *smb_passwd, int smb_passlen,
char *smb_nt_passwd, int smb_nt_passlen)
{
- struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
+ /* check if trust account exists */
+ SAM_ACCOUNT *sam_trust_acct = NULL;
+ uint16 acct_ctrl;
+
if (lp_security() == SEC_USER) {
- smb_trust_acct = getsmbpwnam(user);
+ sam_trust_acct = pdb_getsampwnam(user);
} else {
DEBUG(0,("session_trust_account: Trust account %s only supported with security = user\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (smb_trust_acct == NULL) {
+ if (sam_trust_acct == NULL) {
/* lkclXXXX: workstation entry doesn't exist */
DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
@@ -460,25 +463,26 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (!smb_password_ok(smb_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) {
+ if (!smb_password_ok(sam_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) {
DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (smb_trust_acct->acct_ctrl & ACB_DOMTRUST) {
+ acct_ctrl = pdb_get_acct_ctrl(sam_trust_acct);
+ if (acct_ctrl & ACB_DOMTRUST) {
DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT));
}
- if (smb_trust_acct->acct_ctrl & ACB_SVRTRUST) {
+ if (acct_ctrl & ACB_SVRTRUST) {
DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT));
}
- if (smb_trust_acct->acct_ctrl & ACB_WSTRUST) {
+ if (acct_ctrl & ACB_WSTRUST) {
DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT));
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e4dd661ea5..823536f2ab 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -729,7 +729,7 @@ static void usage(char *pname)
exit(1);
}
- if(!initialize_password_db()) {
+ if(!initialize_password_db(False)) {
exit(1);
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index c181b9a00f..d82edcbfae 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -243,8 +243,8 @@ BOOL unbecome_authenticated_pipe_user(pipes_struct *p)
return pop_sec_ctx();
}
-/* Temporarily become a root user. Must match with unbecome_root(). */
+/* Temporarily become a root user. Must match with unbecome_root(). */
void become_root(void)
{
push_sec_ctx();
generated by cgit (git 2.34.1) at 2025-03-05 00:05:44 +0000