diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/ldap.c | 1017 | ||||
-rw-r--r-- | source3/passdb/nispass.c | 1083 | ||||
-rw-r--r-- | source3/passdb/smbpasschange.c | 25 | ||||
-rw-r--r-- | source3/passdb/smbpassgroup.c | 195 |
4 files changed, 0 insertions, 2320 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c deleted file mode 100644 index e0ac013fc8..0000000000 --- a/source3/passdb/ldap.c +++ /dev/null @@ -1,1017 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#ifdef WITH_LDAP - -#include "includes.h" - -#include <lber.h> -#include <ldap.h> - -#define ADD_USER 1 -#define MODIFY_USER 2 - -/******************************************************************* - open a connection to the ldap serve. -******************************************************************/ -static BOOL ldap_open_connection(LDAP **ldap_struct) -{ - if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) ) == NULL) - { - DEBUG( 0, ( "The LDAP server is not responding !\n" ) ); - return( False ); - } - DEBUG(2,("ldap_open_connection: connection opened\n")); - return (True); -} - - -/******************************************************************* - connect anonymously to the ldap server. - FIXME: later (jfm) -******************************************************************/ -static BOOL ldap_connect_anonymous(LDAP *ldap_struct) -{ - if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS) - { - DEBUG( 0, ( "Couldn't bind to the LDAP server !\n" ) ); - return(False); - } - return (True); -} - - -/******************************************************************* - connect to the ldap server under system privileg. -******************************************************************/ -static BOOL ldap_connect_system(LDAP *ldap_struct) -{ - if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS) - { - DEBUG( 0, ( "Couldn't bind to the LDAP server!\n" ) ); - return(False); - } - DEBUG(2,("ldap_connect_system: succesful connection to the LDAP server\n")); - return (True); -} - -/******************************************************************* - connect to the ldap server under a particular user. -******************************************************************/ -static BOOL ldap_connect_user(LDAP *ldap_struct, const char *user, const char *password) -{ - if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS) - { - DEBUG( 0, ( "Couldn't bind to the LDAP server !\n" ) ); - return(False); - } - DEBUG(2,("ldap_connect_user: succesful connection to the LDAP server\n")); - return (True); -} - -/******************************************************************* - run the search by name. -******************************************************************/ -static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage **result) -{ - int scope = LDAP_SCOPE_ONELEVEL; - int rc; - - DEBUG(2,("ldap_search_one_user: searching for:[%s]\n", filter)); - - rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, result); - - if (rc ! = LDAP_SUCCESS ) - { - DEBUG( 0, ( "Problem during the LDAP search\n" ) ); - return(False); - } - return (True); -} - -/******************************************************************* - run the search by name. -******************************************************************/ -static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, const char *user, LDAPMessage **result) -{ - pstring filter; - /* - in the filter expression, replace %u with the real name - so in ldap filter, %u MUST exist :-) - */ - pstrcpy(filter,lp_ldap_filter()); - pstring_sub(filter,"%u",user); - - if ( !ldap_search_one_user(ldap_struct, filter, result) ) - { - return(False); - } - return (True); -} - -/******************************************************************* - run the search by uid. -******************************************************************/ -static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result) -{ - pstring filter; - - slprintf(filter, sizeof(pstring)-1, "uidAccount = %d", uid); - - if ( !ldap_search_one_user(ldap_struct, filter, result) ) - { - return(False); - } - return (True); -} - -/******************************************************************* - search an attribute and return the first value found. -******************************************************************/ -static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value) -{ - char **valeurs; - - if ( (valeurs = ldap_get_values(ldap_struct, entry, attribute)) ! = NULL) - { - pstrcpy(value, valeurs[0]); - ldap_value_free(valeurs); - DEBUG(3,("get_single_attribute: [%s] = [%s]\n", attribute, value)); - } - else - { - value = NULL; - } -} - -/******************************************************************* - check if the returned entry is a sambaAccount objectclass. -******************************************************************/ -static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry) -{ - BOOL sambaAccount = False; - char **valeur; - int i; - - DEBUG(2,("ldap_check_user: ")); - valeur = ldap_get_values(ldap_struct, entry, "objectclass"); - if (valeur! = NULL) - { - for (i = 0;valeur[i]! = NULL;i++) - { - if (!strcmp(valeur[i],"sambaAccount")) sambaAccount = True; - } - } - DEBUG(2,("%s\n",sambaAccount?"yes":"no")); - ldap_value_free(valeur); - return (sambaAccount); -} - -/******************************************************************* - check if the returned entry is a sambaTrust objectclass. -******************************************************************/ -static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry) -{ - BOOL sambaTrust = False; - char **valeur; - int i; - - DEBUG(2,("ldap_check_trust: ")); - valeur = ldap_get_values(ldap_struct, entry, "objectclass"); - if (valeur! = NULL) - { - for (i = 0;valeur[i]! = NULL;i++) - { - if (!strcmp(valeur[i],"sambaTrust")) sambaTrust = True; - } - } - DEBUG(2,("%s\n",sambaTrust?"yes":"no")); - ldap_value_free(valeur); - return (sambaTrust); -} - -/******************************************************************* - retrieve the user's info and contruct a smb_passwd structure. -******************************************************************/ -static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, - struct smb_passwd *user) -{ - static pstring user_name; - static pstring user_pass; - static pstring temp; - static unsigned char smblmpwd[16]; - static unsigned char smbntpwd[16]; - - pdb_init_smb(user); - - memset((char *)smblmpwd, '\0', sizeof(smblmpwd)); - memset((char *)smbntpwd, '\0', sizeof(smbntpwd)); - - get_single_attribute(ldap_struct, entry, "cn", user_name); - DEBUG(2,("ldap_get_smb_passwd: user: %s\n",user_name)); - -#ifdef LDAP_PLAINTEXT_PASSWORD - get_single_attribute(ldap_struct, entry, "userPassword", temp); - nt_lm_owf_gen(temp, user->smb_nt_passwd, user->smb_passwd); - memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */ -#else - get_single_attribute(ldap_struct, entry, "unicodePwd", temp); - pdb_gethexpwd(temp, smbntpwd); - memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */ - - get_single_attribute(ldap_struct, entry, "dBCSPwd", temp); - pdb_gethexpwd(temp, smblmpwd); - memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */ -#endif - - get_single_attribute(ldap_struct, entry, "userAccountControl", temp); - user->acct_ctrl = pdb_decode_acct_ctrl(temp); - - get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "rid", temp); - - /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pdb_user_rid_to_uid (atoi(temp)); - - if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) - { - DEBUG(0,("Inconsistency in the LDAP database\n")); - } - if (user->acct_ctrl & ACB_NORMAL) - { - user->smb_name = user_name; - user->smb_passwd = smblmpwd; - user->smb_nt_passwd = smbntpwd; - } -} - -/******************************************************************* - retrieve the user's info and contruct a sam_passwd structure. - - calls ldap_get_smb_passwd function first, though, to save code duplication. - -******************************************************************/ -static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, - struct sam_passwd *user) -{ - static pstring user_name; - static pstring fullname; - static pstring home_dir; - static pstring dir_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - static pstring temp; - static struct smb_passwd pw_buf; - - pdb_init_sam(user); - - ldap_get_smb_passwd(ldap_struct, entry, &pw_buf); - - user->pass_last_set_time = pw_buf.pass_last_set_time; - - get_single_attribute(ldap_struct, entry, "logonTime", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "logoffTime", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "kickoffTime", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "pwdCanChange", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - get_single_attribute(ldap_struct, entry, "pwdMustChange", temp); - user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); - - user->smb_name = pw_buf.smb_name; - - DEBUG(2,("ldap_get_sam_passwd: user: %s\n", user_name)); - - get_single_attribute(ldap_struct, entry, "userFullName", fullname); - user->full_name = fullname; - - get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir); - user->home_dir = home_dir; - - get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive); - user->dir_drive = dir_drive; - - get_single_attribute(ldap_struct, entry, "scriptPath", logon_script); - user->logon_script = logon_script; - - get_single_attribute(ldap_struct, entry, "profilePath", profile_path); - user->profile_path = profile_path; - - get_single_attribute(ldap_struct, entry, "comment", acct_desc); - user->acct_desc = acct_desc; - - get_single_attribute(ldap_struct, entry, "userWorkstations", workstations); - user->workstations = workstations; - - user->unknown_str = NULL; /* don't know, yet! */ - user->munged_dial = NULL; /* "munged" dial-back telephone number */ - - get_single_attribute(ldap_struct, entry, "rid", temp); - user->user_rid = atoi(temp); - - get_single_attribute(ldap_struct, entry, "primaryGroupID", temp); - user->group_rid = atoi(temp); - - /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pw_buf.smb_userid; - user->smb_grpid = group_rid_to_uid(user->group_rid); - - user->acct_ctrl = pw_buf.acct_ctrl; - - user->unknown_3 = 0xffffff; /* don't know */ - user->logon_divs = 168; /* hours per week */ - user->hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user->hours, 0xff, user->hours_len); /* available at all hours */ - user->unknown_5 = 0x00000000; /* don't know */ - user->unknown_6 = 0x000004ec; /* don't know */ - - if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) - { - DEBUG(0,("Inconsistency in the LDAP database\n")); - } - - if (!(user->acct_ctrl & ACB_NORMAL)) - { - DEBUG(0,("User's acct_ctrl bits not set to ACT_NORMAL in LDAP database\n")); - return; - } -} - -/************************************************************************ - Routine to manage the LDAPMod structure array - manage memory used by the array, by each struct, and values - -************************************************************************/ -static void make_a_mod(LDAPMod ***modlist,int modop, const char *attribute, const char *value) -{ - LDAPMod **mods, **tmods; - int i; - int j; - - mods = *modlist; - - if (mods == NULL) - { - tmods = (LDAPMod **)malloc( sizeof(LDAPMod *) ); - if (tmods == NULL) - { - DEBUG(0,("make_a_mod: out of memory!\n")); - return; - } - mods = tmods; - mods[0] = NULL; - } - - for ( i = 0; mods[ i ] ! = NULL; ++i ) - { - if ( mods[ i ]->mod_op == modop && - !strcasecmp( mods[ i ]->mod_type, attribute ) ) - { - break; - } - } - - if (mods[i] == NULL) - { - tmods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) ); - if (tmods == NULL) - { - DEBUG(0,("make_a_mod: out of memory!\n")); - return; - } - mods = tmods; - mods[i] = (LDAPMod *)malloc( sizeof( LDAPMod ) ); - if (mods[i] == NULL) - { - DEBUG(0,("make_a_mod: out of memory!\n")); - return; - } - mods[i]->mod_op = modop; - mods[i]->mod_values = NULL; - mods[i]->mod_type = strdup( attribute ); - mods[i+1] = NULL; - } - - if (value ! = NULL ) - { - char **tmval; - - j = 0; - if ( mods[ i ]->mod_values ! = NULL ) - { - for ( ; mods[ i ]->mod_values[ j ] ! = NULL; j++ ); - } - tmval = (char **)Realloc(mods[ i ]->mod_values, - (j+2) * sizeof( char * )); - if ( tmval == NULL) - { - DEBUG(0, "make_a_mod: Memory allocation failure!\n"); - return; - } - mods[ i ]->mod_values = tmval; - mods[ i ]->mod_values[ j ] = strdup(value); - mods[ i ]->mod_values[ j + 1 ] = NULL; - } - *modlist = mods; -} - -/************************************************************************ - Add or modify an entry. Only the smb struct values - -*************************************************************************/ -static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) -{ - - /* assume the struct is correct and filled - that's the job of passdb.c to check */ - int scope = LDAP_SCOPE_ONELEVEL; - int rc; - char *smb_name; - int trust = False; - int ldap_state; - pstring filter; - pstring dn; - pstring lmhash; - pstring nthash; - pstring rid; - pstring lst; - pstring temp; - - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMod **mods; - - smb_name = newpwd->smb_name; - - if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */ - { - return False; - } - - if (!ldap_connect_system(ldap_struct)) /* connect as system account */ - { - ldap_unbind(ldap_struct); - return False; - } - - if (smb_name[strlen(smb_name)-1] == '$' ) - { - smb_name[strlen(smb_name)-1] = '\0'; - trust = True; - } - - slprintf(filter, sizeof(filter)-1, - "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))", - smb_name); - - rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result); - - switch (flag) - { - case ADD_USER: - { - if (ldap_count_entries(ldap_struct, result) ! = 0) - { - DEBUG(0,("User already in the base, with samba properties\n")); - ldap_unbind(ldap_struct); - return False; - } - ldap_state = LDAP_MOD_ADD; - break; - } - case MODIFY_USER: - { - if (ldap_count_entries(ldap_struct, result) ! = 1) - { - DEBUG(0,("No user to modify !\n")); - ldap_unbind(ldap_struct); - return False; - } - ldap_state = LDAP_MOD_REPLACE; - break; - } - default: - { - DEBUG(0,("How did you come here? \n")); - ldap_unbind(ldap_struct); - return False; - break; - } - } - slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() ); - - if (newpwd->smb_passwd ! = NULL) - { - int i; - for( i = 0; i < 16; i++) - { - slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_passwd[i]); - } - - } - else - { - if (newpwd->acct_ctrl & ACB_PWNOTREQ) - { - slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - } - else - { - slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - } - slprintf(lmhash, sizeof(lmhash)-1, "%s", temp); - - if (newpwd->smb_nt_passwd ! = NULL) - { - int i; - for( i = 0; i < 16; i++) - { - slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_nt_passwd[i]); - } - - } - else - { - if (newpwd->acct_ctrl & ACB_PWNOTREQ) - { - slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - } - else - { - slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - } - slprintf(nthash, sizeof(nthash)-1, "%s", temp); - - slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) ); - slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time); - - mods = NULL; - - if (trust) - { - make_a_mod(&mods, ldap_state, "objectclass", "sambaTrust"); - make_a_mod(&mods, ldap_state, "netbiosTrustName", smb_name); - make_a_mod(&mods, ldap_state, "trustPassword", nthash); - } - else - { - make_a_mod(&mods, ldap_state, "objectclass", "sambaAccount"); - make_a_mod(&mods, ldap_state, "dBCSPwd", lmhash); - make_a_mod(&mods, ldap_state, "uid", smb_name); - make_a_mod(&mods, ldap_state, "unicodePwd", nthash); - } - - make_a_mod(&mods, ldap_state, "cn", smb_name); - - make_a_mod(&mods, ldap_state, "rid", rid); - make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", - smbpasswd_encode_acb_info(newpwd->acct_ctrl)); - - switch(flag) - { - case ADD_USER: - { - ldap_add_s(ldap_struct, dn, mods); - DEBUG(2,("modadd_ldappwd_entry: added: cn = %s in the LDAP database\n",smb_name)); - break; - } - case MODIFY_USER: - { - ldap_modify_s(ldap_struct, dn, mods); - DEBUG(2,("modadd_ldappwd_entry: changed: cn = %s in the LDAP database_n",smb_name)); - break; - } - default: - { - DEBUG(2,("modadd_ldappwd_entry: How did you come here? \n")); - ldap_unbind(ldap_struct); - return False; - break; - } - } - - ldap_mods_free(mods, 1); - - ldap_unbind(ldap_struct); - - return True; -} - -/************************************************************************ - Add or modify an entry. everything except the smb struct - -*************************************************************************/ -static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag) -{ - - /* assume the struct is correct and filled - that's the job of passdb.c to check */ - int scope = LDAP_SCOPE_ONELEVEL; - int rc; - char *smb_name; - int trust = False; - int ldap_state; - pstring filter; - pstring dn; - pstring lmhash; - pstring nthash; - pstring rid; - pstring lst; - pstring temp; - - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMod **mods; - - smb_name = newpwd->smb_name; - - if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */ - { - return False; - } - - if (!ldap_connect_system(ldap_struct)) /* connect as system account */ - { - ldap_unbind(ldap_struct); - return False; - } - - if (smb_name[strlen(smb_name)-1] == '$' ) - { - smb_name[strlen(smb_name)-1] = '\0'; - trust = True; - } - - slprintf(filter, sizeof(filter)-1, - "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))", - smb_name); - - rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result); - - switch (flag) - { - case ADD_USER: - { - if (ldap_count_entries(ldap_struct, result) ! = 1) - { - DEBUG(2,("User already in the base, with samba properties\n")); - ldap_unbind(ldap_struct); - return False; - } - ldap_state = LDAP_MOD_ADD; - break; - } - - case MODIFY_USER: - { - if (ldap_count_entries(ldap_struct, result) ! = 1) - { - DEBUG(2,("No user to modify !\n")); - ldap_unbind(ldap_struct); - return False; - } - ldap_state = LDAP_MOD_REPLACE; - break; - } - - default: - { - DEBUG(2,("How did you come here? \n")); - ldap_unbind(ldap_struct); - return False; - break; - } - } - slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() ); - - mods = NULL; - - if (trust) - { - } - else - { - } - - make_a_mod(&mods, ldap_state, "cn", smb_name); - - make_a_mod(&mods, ldap_state, "rid", rid); - make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", - smbpasswd_encode_acct_ctrl(newpwd->acct_ctrl)); - - ldap_modify_s(ldap_struct, dn, mods); - - ldap_mods_free(mods, 1); - - ldap_unbind(ldap_struct); - - return True; -} - -/************************************************************************ - Routine to add an entry to the ldap passwd file. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL add_ldappwd_entry(struct smb_passwd *newpwd) -{ - return (modadd_ldappwd_entry(newpwd, ADD_USER) ); -} - -/************************************************************************ - Routine to search the ldap passwd file for an entry matching the username. - and then modify its password entry. We can't use the startldappwent()/ - getldappwent()/endldappwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS - - do not call this function directly. use passdb.c instead. - -************************************************************************/ -static BOOL mod_ldappwd_entry(struct smb_passwd *pwd, BOOL override) -{ - return (modadd_ldappwd_entry(pwd, MODIFY_USER) ); -} - -/************************************************************************ - Routine to add an entry to the ldap passwd file. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL add_ldap21pwd_entry(struct sam_passwd *newpwd) -{ - return( modadd_ldappwd_entry(newpwd, ADD_USER)? - modadd_ldap21pwd_entry(newpwd, ADD_USER):False); -} - -/************************************************************************ - Routine to search the ldap passwd file for an entry matching the username. - and then modify its password entry. We can't use the startldappwent()/ - getldappwent()/endldappwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS - - do not call this function directly. use passdb.c instead. - -************************************************************************/ -static BOOL mod_ldap21pwd_entry(struct sam_passwd *pwd, BOOL override) -{ - return( modadd_ldappwd_entry(pwd, MODIFY_USER)? - modadd_ldap21pwd_entry(pwd, MODIFY_USER):False); -} - -struct ldap_enum_info -{ - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMessage *entry; -}; - -static struct ldap_enum_info ldap_ent; - -/*************************************************************** - Start to enumerate the ldap passwd list. Returns a void pointer - to ensure no modification outside this module. - - do not call this function directly. use passdb.c instead. - - ****************************************************************/ -static void *startldappwent(BOOL update) -{ - int scope = LDAP_SCOPE_ONELEVEL; - int rc; - - pstring filter; - - if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */ - { - return NULL; - } - - if (!ldap_connect_system(ldap_ent.ldap_struct)) /* connect as system account */ - { - return NULL; - } - - /* when the class is known the search is much faster */ - switch (0) - { - case 1: - { - pstrcpy(filter, "objectclass = sambaAccount"); - break; - } - case 2: - { - pstrcpy(filter, "objectclass = sambaTrust"); - break; - } - default: - { - pstrcpy(filter, "(|(objectclass = sambaTrust)(objectclass = sambaAccount))"); - break; - } - } - - rc = ldap_search_s(ldap_ent.ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &ldap_ent.result); - - DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_ent.ldap_struct, ldap_ent.result) )); - - ldap_ent.entry = ldap_first_entry(ldap_ent.ldap_struct, ldap_ent.result); - - return &ldap_ent; -} - -/************************************************************************* - Routine to return the next entry in the ldap passwd list. - - do not call this function directly. use passdb.c instead. - - *************************************************************************/ -static struct smb_passwd *getldappwent(void *vp) -{ - static struct smb_passwd user; - struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp; - - ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry); - - if (ldap_vp->entry ! = NULL) - { - ldap_get_smb_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user); - return &user; - } - return NULL; -} - -/************************************************************************* - Routine to return the next entry in the ldap passwd list. - - do not call this function directly. use passdb.c instead. - - *************************************************************************/ -static struct sam_passwd *getldap21pwent(void *vp) -{ - static struct sam_passwd user; - struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp; - - ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry); - - if (ldap_vp->entry ! = NULL) - { - ldap_get_sam_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user); - return &user; - } - return NULL; -} - -/*************************************************************** - End enumeration of the ldap passwd list. - - do not call this function directly. use passdb.c instead. - -****************************************************************/ -static void endldappwent(void *vp) -{ - struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp; - ldap_msgfree(ldap_vp->result); - ldap_unbind(ldap_vp->ldap_struct); -} - -/************************************************************************* - Return the current position in the ldap passwd list as an SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static SMB_BIG_UINT getldappwpos(void *vp) -{ - return (SMB_BIG_UINT)0; -} - -/************************************************************************* - Set the current position in the ldap passwd list from SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok) -{ - return False; -} - -/* - * Ldap derived functions. - */ - -static struct smb_passwd *getldappwnam(char *name) -{ - return pdb_sam_to_smb(iterate_getsam21pwnam(name)); -} - -static struct smb_passwd *getldappwuid(uid_t smb_userid) -{ - return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); -} - -static struct smb_passwd *getldappwrid(uint32 user_rid) -{ - return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid))); -} - -static struct smb_passwd *getldappwent(void *vp) -{ - return pdb_sam_to_smb(getldap21pwent(vp)); -} - -static BOOL add_ldappwd_entry(struct smb_passwd *newpwd) -{ - return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd)); -} - -static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) -{ - return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override); -} - -static BOOL del_ldappwd_entry(const char *name) -{ - return False; /* Dummy... */ -} - -static struct sam_passwd *getldap21pwuid(uid_t uid) -{ - return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid))); -} - -static struct passdb_ops ldap_ops = -{ - startldappwent, - endldappwent, - getldappwpos, - setldappwpos, - getldappwnam, - getldappwuid, - getldappwrid, - getldappwent, - add_ldappwd_entry, - mod_ldappwd_entry, - del_ldappwd_entry, - getldap21pwent, - iterate_getsam21pwnam, /* From passdb.c */ - iterate_getsam21pwuid, /* From passdb.c */ - iterate_getsam21pwrid, /* From passdb.c */ - add_ldap21pwd_entry, - mod_ldap21pwd_entry -}; - -struct passdb_ops *ldap_initialize_password_db(void) -{ - return &ldap_ops; -} - -#else - void dummy_function(void); - void dummy_function(void) { } /* stop some compilers complaining */ -#endif diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c deleted file mode 100644 index 2b1f6b5492..0000000000 --- a/source3/passdb/nispass.c +++ /dev/null @@ -1,1083 +0,0 @@ -/* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - * Copyright (C) Benny Holmgren 1998 <bigfoot@astrakan.hgs.se> - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#ifdef WITH_NISPLUS - -#ifdef BROKEN_NISPLUS_INCLUDE_FILES - -/* - * The following lines are needed due to buggy include files - * in Solaris 2.6 which define GROUP in both /usr/include/sys/acl.h and - * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA. - * Also GROUP_OBJ is defined as 0x4 in /usr/include/sys/acl.h and as - * an enum in /usr/include/rpcsvc/nis.h. - */ - -#if defined(GROUP) -#undef GROUP -#endif - -#if defined(GROUP_OBJ) -#undef GROUP_OBJ -#endif - -#endif - -#include <rpcsvc/nis.h> - -extern int DEBUGLEVEL; - -static VOLATILE sig_atomic_t gotalarm; - -/*************************************************************** - - the fields for the NIS+ table, generated from mknissmbpwtbl.sh, are: - - name=S,nogw=r - uid=S,nogw=r - user_rid=S,nogw=r - smb_grpid=,nw+r - group_rid=,nw+r - acb=,nw+r - - lmpwd=C,nw=,g=r,o=rm - ntpwd=C,nw=,g=r,o=rm - - logon_t=,nw+r - logoff_t=,nw+r - kick_t=,nw+r - pwdlset_t=,nw+r - pwdlchg_t=,nw+r - pwdmchg_t=,nw+r - - full_name=,nw+r - home_dir=,nw+r - dir_drive=,nw+r - logon_script=,nw+r - profile_path=,nw+r - acct_desc=,nw+r - workstations=,nw+r - - hours=,nw+r - -****************************************************************/ - -#define NPF_NAME 0 -#define NPF_UID 1 -#define NPF_USER_RID 2 -#define NPF_SMB_GRPID 3 -#define NPF_GROUP_RID 4 -#define NPF_ACB 5 -#define NPF_LMPWD 6 -#define NPF_NTPWD 7 -#define NPF_LOGON_T 8 -#define NPF_LOGOFF_T 9 -#define NPF_KICK_T 10 -#define NPF_PWDLSET_T 11 -#define NPF_PWDLCHG_T 12 -#define NPF_PWDMCHG_T 13 -#define NPF_FULL_NAME 14 -#define NPF_HOME_DIR 15 -#define NPF_DIR_DRIVE 16 -#define NPF_LOGON_SCRIPT 17 -#define NPF_PROFILE_PATH 18 -#define NPF_ACCT_DESC 19 -#define NPF_WORKSTATIONS 20 -#define NPF_HOURS 21 - -/*************************************************************** - Signal function to tell us we timed out. -****************************************************************/ -static void gotalarm_sig(void) -{ - gotalarm = 1; -} - -/*************************************************************** - make_nisname_from_user_rid - ****************************************************************/ -static char *make_nisname_from_user_rid(uint32 rid, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/*************************************************************** - make_nisname_from_uid - ****************************************************************/ -static char *make_nisname_from_uid(int uid, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[uid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/*************************************************************** - make_nisname_from_name - ****************************************************************/ -static char *make_nisname_from_name(char *user_name, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[name=", sizeof(nisname)-1); - safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/************************************************************************* - gets a NIS+ attribute - *************************************************************************/ -static void get_single_attribute(nis_object *new_obj, int col, - char *val, int len) -{ - int entry_len; - - if (new_obj == NULL || val == NULL) return; - - entry_len = ENTRY_LEN(new_obj, col); - if (len > entry_len) - { - DEBUG(10,("get_single_attribute: entry length truncated\n")); - len = entry_len; - } - - safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1); -} - -/************************************************************************ - makes a struct sam_passwd from a NIS+ object. - ************************************************************************/ -static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj) -{ - int uidval; - static pstring user_name; - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - static pstring temp; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - - char *p; - - pdb_init_sam(pw_buf); - pw_buf->acct_ctrl = ACB_NORMAL; - - pstrcpy(user_name, ENTRY_VAL(obj, NPF_NAME)); - pw_buf->smb_name = user_name; - - uidval = atoi(ENTRY_VAL(obj, NPF_UID)); - pw_buf->smb_userid = uidval; - - /* Check the lanman password column. */ - p = (char *)ENTRY_VAL(obj, NPF_LMPWD); - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("make_sam_from_nisp_object: entry invalidated for user %s\n", user_name)); - pw_buf->smb_nt_passwd = NULL; - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_DISABLED; - return True; - } - if (!strncasecmp(p, "NO PASSWORD", 11)) { - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_PWNOTREQ; - } else { - if (strlen(p) != 32 || !pdb_gethexpwd(p, smbpwd)) - { - DEBUG(0, ("make_sam_from_nisp_object: malformed LM pwd entry.\n")); - return False; - } - } - - pw_buf->smb_passwd = smbpwd; - - /* Check the NT password column. */ - p = ENTRY_VAL(obj, NPF_NTPWD); - if (*p != '*' && *p != 'X') { - if (strlen(p) != 32 || !pdb_gethexpwd(p, smbntpwd)) - { - DEBUG(0, ("make_smb_from_nisp_object: malformed NT pwd entry\n")); - return False; - } - pw_buf->smb_nt_passwd = smbntpwd; - } - - p = (char *)ENTRY_VAL(obj, NPF_ACB); - if (*p == '[') - { - pw_buf->acct_ctrl = pdb_decode_acct_ctrl(p); - - /* Must have some account type set. */ - if(pw_buf->acct_ctrl == 0) - pw_buf->acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(*p == ']') - p++; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp(p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf->pass_last_set_time = (time_t)strtol(p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') { - pw_buf->acct_ctrl &= ~ACB_NORMAL; - pw_buf->acct_ctrl |= ACB_WSTRUST; - } - } - - get_single_attribute(obj, NPF_SMB_GRPID, temp, sizeof(pstring)); - pw_buf->smb_grpid = atoi(temp); - - get_single_attribute(obj, NPF_USER_RID, temp, sizeof(pstring)); - pw_buf->user_rid = (strlen(temp) > 0) ? - strtol(temp, NULL, 16) : pdb_uid_to_user_rid (pw_buf->smb_userid); - - if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') { - - get_single_attribute(obj, NPF_GROUP_RID, temp, sizeof(pstring)); - - if (strlen(temp) > 0) - pw_buf->group_rid = strtol(temp, NULL, 16); - else { - GROUP_MAP map; - - if (get_group_map_from_gid(pw_buf->smb_grpid, &map, MAPPING_WITHOUT_PRIV)) { - pw_buf->group_rid = map.rid; - } - else - pw_buf->group_rid = pdb_gid_to_group_rid(pw_buf->smb_grpid); - } - - get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring)); -#if 1 - /* It seems correct to use the global values - but in that case why - * do we want these NIS+ entries anyway ?? - */ - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); -#else - get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, sizeof(pstring)); - get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring)); - get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring)); - get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); -#endif - get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring)); - get_single_attribute(obj, NPF_WORKSTATIONS, workstations, sizeof(pstring)); - - } else { - - pw_buf->group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - - pw_buf->full_name = full_name; - pw_buf->home_dir = home_dir; - pw_buf->dir_drive = home_drive; - pw_buf->logon_script = logon_script; - pw_buf->profile_path = profile_path; - pw_buf->acct_desc = acct_desc; - pw_buf->workstations = workstations; - - pw_buf->unknown_str = NULL; /* don't know, yet! */ - pw_buf->munged_dial = NULL; /* "munged" dial-back telephone number */ - - pw_buf->unknown_3 = 0xffffff; /* don't know */ - pw_buf->logon_divs = 168; /* hours per week */ - pw_buf->hours_len = 21; /* 21 times 8 bits = 168 */ - memset(pw_buf->hours, 0xff, pw_buf->hours_len); /* available at all hours */ - pw_buf->unknown_5 = 0x00000000; /* don't know */ - pw_buf->unknown_6 = 0x000004ec; /* don't know */ - - return True; -} - -/************************************************************************ - makes a struct sam_passwd from a NIS+ result. - ************************************************************************/ -static BOOL make_sam_from_nisresult(struct sam_passwd *pw_buf, nis_result *result) -{ - if (pw_buf == NULL || result == NULL) return False; - - if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) - { - DEBUG(0, ("make_sam_from_nisresult: NIS+ lookup failure: %s\n", - nis_sperrno(result->status))); - return False; - } - - /* User not found. */ - if (NIS_RES_NUMOBJ(result) <= 0) - { - DEBUG(10, ("make_sam_from_nisresult: user not found in NIS+\n")); - return False; - } - - if (NIS_RES_NUMOBJ(result) > 1) - { - DEBUG(10, ("make_sam_from_nisresult: WARNING: Multiple entries for user in NIS+ table!\n")); - } - - /* Grab the first hit. */ - return make_sam_from_nisp_object(pw_buf, &NIS_RES_OBJECT(result)[0]); - } - -/*************************************************************** - calls nis_list, returns results. - ****************************************************************/ -static nis_result *nisp_get_nis_list(char *nis_name) -{ - nis_result *result; - result = nis_list(nis_name, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("nisp_get_nis_list: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - return result; -} - - - -struct nisp_enum_info -{ - nis_result *result; - int enum_entry; -}; - -/*************************************************************** - Start to enumerate the nisplus passwd list. Returns a void pointer - to ensure no modification outside this module. - - do not call this function directly. use passdb.c instead. - - ****************************************************************/ -static void *startnisppwent(BOOL update) -{ - static struct nisp_enum_info res; - res.result = nisp_get_nis_list(lp_smb_passwd_file()); - res.enum_entry = 0; - return res.result != NULL ? &res : NULL; -} - -/*************************************************************** - End enumeration of the nisplus passwd list. -****************************************************************/ -static void endnisppwent(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - nis_freeresult(res->result); - DEBUG(7,("endnisppwent: freed enumeration list\n")); -} - -/************************************************************************* - Routine to return the next entry in the nisplus passwd list. - - do not call this function directly. use passdb.c instead. - - *************************************************************************/ -static struct sam_passwd *getnisp21pwent(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - static struct sam_passwd pw_buf; - int which; - BOOL ret; - - if (res == NULL || (int)(res->enum_entry) < 0 || - (int)(res->enum_entry) > (NIS_RES_NUMOBJ(res->result) - 1)) { - ret = False; - } else { - which = (int)(res->enum_entry); - ret = make_sam_from_nisp_object(&pw_buf, - &NIS_RES_OBJECT(res->result)[which]); - if (ret && which < (NIS_RES_NUMOBJ(res->result) - 1)) - (int)(res->enum_entry)++; - } - - return ret ? &pw_buf : NULL; -} - -/************************************************************************* - Return the current position in the nisplus passwd list as an SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static SMB_BIG_UINT getnisppwpos(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - return (SMB_BIG_UINT)(res->enum_entry); -} - -/************************************************************************* - Set the current position in the nisplus passwd list from SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL setnisppwpos(void *vp, SMB_BIG_UINT tok) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - if (tok < (NIS_RES_NUMOBJ(res->result) - 1)) { - res->enum_entry = tok; - return True; - } else { - return False; - } -} - -/************************************************************************* - sets a NIS+ attribute - *************************************************************************/ -static void set_single_attribute(nis_object *new_obj, int col, - const char *val, int len, int flags) -{ - if (new_obj == NULL) return; - - ENTRY_VAL(new_obj, col) = val; - ENTRY_LEN(new_obj, col) = len+1; - - if (flags != 0) - { - new_obj->EN_data.en_cols.en_cols_val[col].ec_flags = flags; - } -} - -/************************************************************************ - Routine to add an entry to the nisplus passwd file. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) -{ - char *pfile; - char *nisname; - nis_result *nis_user; - nis_result *result = NULL, - *tblresult = NULL, - *addresult = NULL; - nis_object new_obj, *obj; - - fstring uid; - fstring user_rid; - fstring smb_grpid; - fstring group_rid; - fstring acb; - - fstring smb_passwd; - fstring smb_nt_passwd; - - fstring logon_t; - fstring logoff_t; - fstring kickoff_t; - fstring pwdlset_t; - fstring pwdlchg_t; - fstring pwdmchg_t; - - memset((char *)logon_t , '\0', sizeof(logon_t )); - memset((char *)logoff_t , '\0', sizeof(logoff_t )); - memset((char *)kickoff_t, '\0', sizeof(kickoff_t)); - memset((char *)pwdlset_t, '\0', sizeof(pwdlset_t)); - memset((char *)pwdlchg_t, '\0', sizeof(pwdlchg_t)); - memset((char *)pwdmchg_t, '\0', sizeof(pwdmchg_t)); - - pfile = lp_smb_passwd_file(); - - nisname = make_nisname_from_name(newpwd->smb_name, pfile); - result = nisp_get_nis_list(nisname); - if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) - { - DEBUG(3, ( "add_nis21ppwd_entry: nis_list failure: %s: %s\n", - nisname, nis_sperrno(result->status))); - nis_freeresult(result); - return False; - } - - if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0) - { - DEBUG(3, ("add_nisp21pwd_entry: User already exists in NIS+ password db: %s\n", - pfile)); - nis_freeresult(result); - return False; - } - -#if 0 - /* User not found. */ - if (!add_user) - { - DEBUG(3, ("add_nisp21pwd_entry: User not found in NIS+ password db: %s\n", - pfile)); - nis_freeresult(result); - return False; - } - -#endif - - tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ); - if (tblresult->status != NIS_SUCCESS) - { - nis_freeresult(result); - nis_freeresult(tblresult); - DEBUG(3, ( "add_nisp21pwd_entry: nis_lookup failure: %s\n", - nis_sperrno(tblresult->status))); - return False; - } - - new_obj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name; - new_obj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain; - new_obj.zo_owner = NIS_RES_OBJECT(tblresult)->zo_owner; - new_obj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group; - new_obj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access; - new_obj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl; - - new_obj.zo_data.zo_type = ENTRY_OBJ; - - new_obj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type; - new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; - new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); - - if (new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val == NULL) - { - DEBUG(0, ("add_nisp21pwd_entry: memory allocation failure\n")); - nis_freeresult(result); - nis_freeresult(tblresult); - return False; - } - - pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); - pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - - newpwd->pass_last_set_time = (time_t)time(NULL); - newpwd->logon_time = (time_t)-1; - newpwd->logoff_time = (time_t)-1; - newpwd->kickoff_time = (time_t)-1; - newpwd->pass_can_change_time = (time_t)-1; - newpwd->pass_must_change_time = (time_t)-1; - - slprintf(logon_t, 13, "LNT-%08X", (uint32)newpwd->logon_time); - slprintf(logoff_t, 13, "LOT-%08X", (uint32)newpwd->logoff_time); - slprintf(kickoff_t, 13, "KOT-%08X", (uint32)newpwd->kickoff_time); - slprintf(pwdlset_t, 13, "LCT-%08X", (uint32)newpwd->pass_last_set_time); - slprintf(pwdlchg_t, 13, "CCT-%08X", (uint32)newpwd->pass_can_change_time); - slprintf(pwdmchg_t, 13, "MCT-%08X", (uint32)newpwd->pass_must_change_time); - - slprintf(uid, sizeof(uid)-1, "%u", newpwd->smb_userid); - slprintf(user_rid, sizeof(user_rid)-1, "0x%x", newpwd->user_rid); - slprintf(smb_grpid, sizeof(smb_grpid)-1, "%u", newpwd->smb_grpid); - slprintf(group_rid, sizeof(group_rid)-1, "0x%x", newpwd->group_rid); - - safe_strcpy(acb, smbpasswd_encode_acct_ctrl(newpwd->acct_ctrl), - sizeof(acb)-1); - - set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); - set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); - set_single_attribute(&new_obj, NPF_USER_RID , user_rid , strlen(user_rid) , 0); - set_single_attribute(&new_obj, NPF_SMB_GRPID , smb_grpid , strlen(smb_grpid) , 0); - set_single_attribute(&new_obj, NPF_GROUP_RID , group_rid , strlen(group_rid) , 0); - set_single_attribute(&new_obj, NPF_ACB , acb , strlen(acb) , 0); - set_single_attribute(&new_obj, NPF_LMPWD , smb_passwd , strlen(smb_passwd) , EN_CRYPT); - set_single_attribute(&new_obj, NPF_NTPWD , smb_nt_passwd , strlen(smb_nt_passwd) , EN_CRYPT); - set_single_attribute(&new_obj, NPF_LOGON_T , logon_t , strlen(logon_t) , 0); - set_single_attribute(&new_obj, NPF_LOGOFF_T , logoff_t , strlen(logoff_t) , 0); - set_single_attribute(&new_obj, NPF_KICK_T , kickoff_t , strlen(kickoff_t) , 0); - set_single_attribute(&new_obj, NPF_PWDLSET_T , pwdlset_t , strlen(pwdlset_t) , 0); - set_single_attribute(&new_obj, NPF_PWDLCHG_T , pwdlchg_t , strlen(pwdlchg_t) , 0); - set_single_attribute(&new_obj, NPF_PWDMCHG_T , pwdmchg_t , strlen(pwdmchg_t) , 0); -#if 0 - set_single_attribute(&new_obj, NPF_FULL_NAME , newpwd->full_name , strlen(newpwd->full_name) , 0); - set_single_attribute(&new_obj, NPF_HOME_DIR , newpwd->home_dir , strlen(newpwd->home_dir) , 0); - set_single_attribute(&new_obj, NPF_DIR_DRIVE , newpwd->dir_drive , strlen(newpwd->dir_drive) , 0); - set_single_attribute(&new_obj, NPF_LOGON_SCRIPT , newpwd->logon_script , strlen(newpwd->logon_script) , 0); - set_single_attribute(&new_obj, NPF_PROFILE_PATH , newpwd->profile_path , strlen(newpwd->profile_path) , 0); - set_single_attribute(&new_obj, NPF_ACCT_DESC , newpwd->acct_desc , strlen(newpwd->acct_desc) , 0); - set_single_attribute(&new_obj, NPF_WORKSTATIONS , newpwd->workstations , strlen(newpwd->workstations) , 0); - set_single_attribute(&new_obj, NPF_HOURS , newpwd->hours , newpwd->hours_len , 0); -#endif - - obj = &new_obj; - - addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); - - - if (addresult->status != NIS_SUCCESS) - { - DEBUG(3, ( "add_nisp21pwd_entry: NIS+ table update failed: %s\n", - nisname, nis_sperrno(addresult->status))); - nis_freeresult(tblresult); - nis_freeresult(addresult); - nis_freeresult(result); - return False; - } - - nis_freeresult(tblresult); - nis_freeresult(addresult); - nis_freeresult(result); - - return True; -} - -/************************************************************************ - Routine to search the nisplus passwd file for an entry matching the username. - and then modify its password entry. We can't use the startnisppwent()/ - getnisppwent()/endnisppwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS - - do not call this function directly. use passdb.c instead. - -************************************************************************/ -static BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - char *oldnislmpwd, *oldnisntpwd, *oldnisacb, *oldnislct, *user_name; - char lmpwd[33], ntpwd[33], lct[13]; - nis_result *result, *addresult; - nis_object *obj; - fstring acb; - pstring nisname; - BOOL got_pass_last_set_time, ret; - int i; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("mod_getnisp21pwd_entry: no SMB password file set\n")); - return False; - } - - DEBUG(10, ("mod_getnisp21pwd_entry: search by name: %s\n", pwd->smb_name)); - DEBUG(10, ("mod_getnisp21pwd_entry: using NIS+ table %s\n", lp_smb_passwd_file())); - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", pwd->smb_name, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("mod_getnisp21pwd_entry: NIS+ lookup time out\n")); - nis_freeresult(result); - return False; - } - - if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) { - /* User not found. */ - DEBUG(0,("mod_getnisp21pwd_entry: user not found in NIS+\n")); - nis_freeresult(result); - return False; - } - - DEBUG(6,("mod_getnisp21pwd_entry: entry exists\n")); - - obj = NIS_RES_OBJECT(result); - - user_name = ENTRY_VAL(obj, NPF_NAME); - oldnislmpwd = ENTRY_VAL(obj, NPF_LMPWD); - oldnisntpwd = ENTRY_VAL(obj, NPF_NTPWD); - oldnisacb = ENTRY_VAL(obj, NPF_ACB); - oldnislct = ENTRY_VAL(obj, NPF_PWDLSET_T); - - - if (!override && (*oldnislmpwd == '*' || *oldnislmpwd == 'X' || - *oldnisntpwd == '*' || *oldnisntpwd == 'X')) { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_nisp21pwd_entry: entry invalidated for user %s\n", user_name)); - nis_freeresult(result); - return False; - } - - if (strlen(oldnislmpwd) != 32 || strlen(oldnisntpwd) != 32) { - DEBUG(0, ("mod_nisp21pwd_entry: malformed password entry (incorrect length)\n")); - nis_freeresult(result); - return False; - } - - - - /* - * Now check if the account info and the password last - * change time is available. - */ - - /* - * If both NT and lanman passwords are provided - reset password - * not required flag. - */ - - if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) { - /* Require password in the future (should ACB_DISABLED also be reset?) */ - pwd->acct_ctrl &= ~(ACB_PWNOTREQ); - } - - if (*oldnisacb == '[') { - - i = 0; - acb[i++] = oldnisacb[i]; - while(i < (sizeof(fstring) - 2) && (oldnisacb[i] != ']')) - acb[i] = oldnisacb[i++]; - - acb[i++] = ']'; - acb[i++] = '\0'; - - if (i == NEW_PW_FORMAT_SPACE_PADDED_LEN) { - /* - * We are using a new format, space padded - * acct ctrl field. Encode the given acct ctrl - * bits into it. - */ - fstrcpy(acb, smbpasswd_encode_acct_ctrl(pwd->acct_ctrl)); - } else { - /* - * If using the old format and the ACB_DISABLED or - * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL - * here as we have no space to encode the change. - */ - if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) { - pwd->smb_passwd = NULL; - pwd->smb_nt_passwd = NULL; - } - } - - /* Now do the LCT stuff. */ - if (StrnCaseCmp(oldnislct, "LCT-", 4) == 0) { - - for(i = 0; i < 8; i++) { - if(oldnislct[i+4] == '\0' || !isxdigit(oldnislct[i+4])) - break; - } - if (i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - got_pass_last_set_time = True; - } /* i == 8 */ - } /* StrnCaseCmp() */ - - } /* p == '[' */ - - /* Entry is correctly formed. */ - - - - /* Create the 32 byte representation of the new p16 */ - if(pwd->smb_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&lmpwd[i*2], 32, "%02X", (uchar) pwd->smb_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(lmpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(lmpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - - /* Add on the NT md4 hash */ - if (pwd->smb_nt_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ntpwd[i*2], 32, "%02X", (uchar) pwd->smb_nt_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(ntpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(ntpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - - pwd->pass_last_set_time = time(NULL); - - if(got_pass_last_set_time) { - slprintf(lct, 13, "LCT-%08X", (uint32)pwd->pass_last_set_time); - } - - set_single_attribute(obj, NPF_LMPWD, lmpwd, strlen(lmpwd), EN_CRYPT); - set_single_attribute(obj, NPF_NTPWD, ntpwd, strlen(ntpwd), EN_CRYPT); - set_single_attribute(obj, NPF_ACB, acb, strlen(acb), 0); - set_single_attribute(obj, NPF_PWDLSET_T, lct, strlen(lct), 0); - - addresult = - nis_add_entry(lp_smb_passwd_file(), obj, - ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); - - if(addresult->status != NIS_SUCCESS) { - DEBUG(0, ("mod_nisp21pwd_entry: NIS+ table update failed: %s %s\n", nisname, nis_sperrno(addresult->status))); - nis_freeresult(addresult); - nis_freeresult(result); - return False; - } - - DEBUG(6,("mod_nisp21pwd_entry: password changed\n")); - - nis_freeresult(addresult); - nis_freeresult(result); - - return True; -} - - -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -static struct sam_passwd *getnisp21pwnam(char *name) -{ - /* Static buffers we will return. */ - static struct sam_passwd pw_buf; - nis_result *result; - pstring nisname; - BOOL ret; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("No SMB password file set\n")); - return NULL; - } - - DEBUG(10, ("getnisp21pwnam: search by name: %s\n", name)); - DEBUG(10, ("getnisp21pwnam: using NIS+ table %s\n", lp_smb_passwd_file())); - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", name, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("getnisp21pwnam: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - - ret = make_sam_from_nisresult(&pw_buf, result); - nis_freeresult(result); - - return ret ? &pw_buf : NULL; -} - -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -static struct sam_passwd *getnisp21pwrid(uint32 rid) -{ - /* Static buffers we will return. */ - static struct sam_passwd pw_buf; - nis_result *result; - char *nisname; - BOOL ret; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("getnisp21pwrid: no SMB password file set\n")); - return NULL; - } - - DEBUG(10, ("getnisp21pwrid: search by rid: %x\n", rid)); - DEBUG(10, ("getnisp21pwrid: using NIS+ table %s\n", lp_smb_passwd_file())); - - nisname = make_nisname_from_user_rid(rid, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("getnisp21pwrid: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - - ret = make_sam_from_nisresult(&pw_buf, result); - nis_freeresult(result); - - return ret ? &pw_buf : NULL; -} - -/* - * Derived functions for NIS+. - */ - -static struct smb_passwd *getnisppwent(void *vp) -{ - return pdb_sam_to_smb(getnisp21pwent(vp)); -} - -static BOOL add_nisppwd_entry(struct smb_passwd *newpwd) -{ - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); -} - -static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) -{ - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); -} - -static BOOL del_nisppwd_entry(const char *name) -{ - return False; /* Dummy. */ -} - -static struct smb_passwd *getnisppwnam(char *name) -{ - return pdb_sam_to_smb(getnisp21pwnam(name)); -} - -static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) -{ - return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid)); -} - -static struct smb_passwd *getnisppwrid(uint32 user_rid) -{ - return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid))); -} - -static struct smb_passwd *getnisppwuid(uid_t smb_userid) -{ - return pdb_sam_to_smb(getnisp21pwuid(smb_userid)); -} - -static struct passdb_ops nispasswd_ops = { - startnisppwent, - endnisppwent, - getnisppwpos, - setnisppwpos, - getnisppwnam, - getnisppwuid, - getnisppwrid, - getnisppwent, - add_nisppwd_entry, - mod_nisppwd_entry, - del_nisppwd_entry, - getnisp21pwent, - getnisp21pwnam, - getnisp21pwuid, - getnisp21pwrid, - add_nisp21pwd_entry, - mod_nisp21pwd_entry -}; - -struct passdb_ops *nisplus_initialize_password_db(void) -{ - return &nispasswd_ops; -} - -#else - void nisplus_dummy_function(void); - void nisplus_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* WITH_NISPLUS */ - -/* useful code i can't bring myself to delete */ -#if 0 -static void useful_code(void) { - /* checks user in unix password database. don't want to do that, here. */ - nisname = make_nisname_from_name(newpwd->smb_name, "passwd.org_dir"); - - nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0) - { - DEBUG(3, ("useful_code: Unable to get NIS+ passwd entry for user: %s.\n", - nis_sperrno(nis_user->status))); - return False; - } - - user_obj = NIS_RES_OBJECT(nis_user); - make_nisname_from_name(ENTRY_VAL(user_obj,0), pfile); -} -#endif diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c deleted file mode 100644 index f4af6e8745..0000000000 --- a/source3/passdb/smbpasschange.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - change a password in a local smbpasswd file - Copyright (C) Andrew Tridgell 1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - - diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c deleted file mode 100644 index 808abde661..0000000000 --- a/source3/passdb/smbpassgroup.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#ifdef USE_SMBPASS_DB - -static int grp_file_lock_depth = 0; - -/*************************************************************** - Start to enumerate the smbpasswd list. Returns a void pointer - to ensure no modification outside this module. -****************************************************************/ - -static void *startsmbfilegrpent(BOOL update) -{ - static char s_readbuf[1024]; - return startfilepwent(lp_smb_passgrp_file(), s_readbuf, sizeof(s_readbuf), - &grp_file_lock_depth, update); -} - -/*************************************************************** - End enumeration of the smbpasswd list. -****************************************************************/ - -static void endsmbfilegrpent(void *vp) -{ - endfilepwent(vp, &grp_file_lock_depth); -} - -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilegrppos(void *vp) -{ - return getfilepwpos(vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok) -{ - return setfilepwpos(vp, tok); -} - -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - *************************************************************************/ -static struct smb_passwd *getsmbfilegrpent(void *vp, - uint32 **grp_rids, int *num_grps, - uint32 **als_rids, int *num_alss) -{ - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - struct passwd *pwfile; - pstring linebuf; - unsigned char *p; - int uidval; - size_t linebuf_len; - - if (vp == NULL) - { - DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n")); - return NULL; - } - - pwdb_init_smb(&pw_buf); - - /* - * Scan the file, a line at a time. - */ - while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) - { - /* - * The line we have should be of the form :- - * - * username:uid:domainrid1,domainrid2..:aliasrid1,aliasrid2..: - */ - - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); - - /* Go past ':' */ - p++; - - /* Get smb uid. */ - - p = Atoic((char *) p, &uidval, ":"); - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (grp_rids != NULL && num_grps != NULL) - { - int i; - p = get_numlist(p, grp_rids, num_grps); - if (p == NULL) - { - DEBUG(0,("getsmbfilegrpent: invalid line\n")); - return NULL; - } - for (i = 0; i < (*num_grps); i++) - { - (*grp_rids)[i] = pwdb_gid_to_group_rid((*grp_rids)[i]); - } - } - - /* Skip the ':' */ - p++; - - if (als_rids != NULL && num_alss != NULL) - { - int i; - p = get_numlist(p, als_rids, num_alss); - if (p == NULL) - { - DEBUG(0,("getsmbfilegrpent: invalid line\n")); - return NULL; - } - for (i = 0; i < (*num_alss); i++) - { - (*als_rids)[i] = pwdb_gid_to_alias_rid((*als_rids)[i]); - } - } - - pwfile = Get_Pwnam(pw_buf.smb_name); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfilegrpent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfilegrpent: username %s not in unix passwd database!\n", pw_buf.smb_name)); - return NULL; - } - - return &pw_buf; - } - - DEBUG(5,("getsmbfilegrpent: end of file reached.\n")); - return NULL; -} - -static struct passgrp_ops file_ops = -{ - startsmbfilegrpent, - endsmbfilegrpent, - getsmbfilegrppos, - setsmbfilegrppos, - iterate_getsmbgrpnam, /* In passgrp.c */ - iterate_getsmbgrpuid, /* In passgrp.c */ - iterate_getsmbgrprid, /* In passgrp.c */ - getsmbfilegrpent, -}; - -struct passgrp_ops *file_initialise_password_grp(void) -{ - return &file_ops; -} - -#else - /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ - void smbpass_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* USE_SMBPASS_DB */ |