summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/ldap.c1017
-rw-r--r--source3/passdb/nispass.c1083
-rw-r--r--source3/passdb/smbpasschange.c25
-rw-r--r--source3/passdb/smbpassgroup.c195
4 files changed, 0 insertions, 2320 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
deleted file mode 100644
index e0ac013fc8..0000000000
--- a/source3/passdb/ldap.c
+++ /dev/null
@@ -1,1017 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Jean François Micouleau 1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#ifdef WITH_LDAP
-
-#include "includes.h"
-
-#include <lber.h>
-#include <ldap.h>
-
-#define ADD_USER 1
-#define MODIFY_USER 2
-
-/*******************************************************************
- open a connection to the ldap serve.
-******************************************************************/
-static BOOL ldap_open_connection(LDAP **ldap_struct)
-{
- if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) ) == NULL)
- {
- DEBUG( 0, ( "The LDAP server is not responding !\n" ) );
- return( False );
- }
- DEBUG(2,("ldap_open_connection: connection opened\n"));
- return (True);
-}
-
-
-/*******************************************************************
- connect anonymously to the ldap server.
- FIXME: later (jfm)
-******************************************************************/
-static BOOL ldap_connect_anonymous(LDAP *ldap_struct)
-{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
- {
- DEBUG( 0, ( "Couldn't bind to the LDAP server !\n" ) );
- return(False);
- }
- return (True);
-}
-
-
-/*******************************************************************
- connect to the ldap server under system privileg.
-******************************************************************/
-static BOOL ldap_connect_system(LDAP *ldap_struct)
-{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
- {
- DEBUG( 0, ( "Couldn't bind to the LDAP server!\n" ) );
- return(False);
- }
- DEBUG(2,("ldap_connect_system: succesful connection to the LDAP server\n"));
- return (True);
-}
-
-/*******************************************************************
- connect to the ldap server under a particular user.
-******************************************************************/
-static BOOL ldap_connect_user(LDAP *ldap_struct, const char *user, const char *password)
-{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
- {
- DEBUG( 0, ( "Couldn't bind to the LDAP server !\n" ) );
- return(False);
- }
- DEBUG(2,("ldap_connect_user: succesful connection to the LDAP server\n"));
- return (True);
-}
-
-/*******************************************************************
- run the search by name.
-******************************************************************/
-static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage **result)
-{
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
-
- DEBUG(2,("ldap_search_one_user: searching for:[%s]\n", filter));
-
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, result);
-
- if (rc ! = LDAP_SUCCESS )
- {
- DEBUG( 0, ( "Problem during the LDAP search\n" ) );
- return(False);
- }
- return (True);
-}
-
-/*******************************************************************
- run the search by name.
-******************************************************************/
-static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, const char *user, LDAPMessage **result)
-{
- pstring filter;
- /*
- in the filter expression, replace %u with the real name
- so in ldap filter, %u MUST exist :-)
- */
- pstrcpy(filter,lp_ldap_filter());
- pstring_sub(filter,"%u",user);
-
- if ( !ldap_search_one_user(ldap_struct, filter, result) )
- {
- return(False);
- }
- return (True);
-}
-
-/*******************************************************************
- run the search by uid.
-******************************************************************/
-static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
-{
- pstring filter;
-
- slprintf(filter, sizeof(pstring)-1, "uidAccount = %d", uid);
-
- if ( !ldap_search_one_user(ldap_struct, filter, result) )
- {
- return(False);
- }
- return (True);
-}
-
-/*******************************************************************
- search an attribute and return the first value found.
-******************************************************************/
-static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
-{
- char **valeurs;
-
- if ( (valeurs = ldap_get_values(ldap_struct, entry, attribute)) ! = NULL)
- {
- pstrcpy(value, valeurs[0]);
- ldap_value_free(valeurs);
- DEBUG(3,("get_single_attribute: [%s] = [%s]\n", attribute, value));
- }
- else
- {
- value = NULL;
- }
-}
-
-/*******************************************************************
- check if the returned entry is a sambaAccount objectclass.
-******************************************************************/
-static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
-{
- BOOL sambaAccount = False;
- char **valeur;
- int i;
-
- DEBUG(2,("ldap_check_user: "));
- valeur = ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur! = NULL)
- {
- for (i = 0;valeur[i]! = NULL;i++)
- {
- if (!strcmp(valeur[i],"sambaAccount")) sambaAccount = True;
- }
- }
- DEBUG(2,("%s\n",sambaAccount?"yes":"no"));
- ldap_value_free(valeur);
- return (sambaAccount);
-}
-
-/*******************************************************************
- check if the returned entry is a sambaTrust objectclass.
-******************************************************************/
-static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
-{
- BOOL sambaTrust = False;
- char **valeur;
- int i;
-
- DEBUG(2,("ldap_check_trust: "));
- valeur = ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur! = NULL)
- {
- for (i = 0;valeur[i]! = NULL;i++)
- {
- if (!strcmp(valeur[i],"sambaTrust")) sambaTrust = True;
- }
- }
- DEBUG(2,("%s\n",sambaTrust?"yes":"no"));
- ldap_value_free(valeur);
- return (sambaTrust);
-}
-
-/*******************************************************************
- retrieve the user's info and contruct a smb_passwd structure.
-******************************************************************/
-static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
- struct smb_passwd *user)
-{
- static pstring user_name;
- static pstring user_pass;
- static pstring temp;
- static unsigned char smblmpwd[16];
- static unsigned char smbntpwd[16];
-
- pdb_init_smb(user);
-
- memset((char *)smblmpwd, '\0', sizeof(smblmpwd));
- memset((char *)smbntpwd, '\0', sizeof(smbntpwd));
-
- get_single_attribute(ldap_struct, entry, "cn", user_name);
- DEBUG(2,("ldap_get_smb_passwd: user: %s\n",user_name));
-
-#ifdef LDAP_PLAINTEXT_PASSWORD
- get_single_attribute(ldap_struct, entry, "userPassword", temp);
- nt_lm_owf_gen(temp, user->smb_nt_passwd, user->smb_passwd);
- memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */
-#else
- get_single_attribute(ldap_struct, entry, "unicodePwd", temp);
- pdb_gethexpwd(temp, smbntpwd);
- memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */
-
- get_single_attribute(ldap_struct, entry, "dBCSPwd", temp);
- pdb_gethexpwd(temp, smblmpwd);
- memset((char *)temp, '\0', sizeof(temp)); /* destroy local copy of the password */
-#endif
-
- get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
- user->acct_ctrl = pdb_decode_acct_ctrl(temp);
-
- get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "rid", temp);
-
- /* the smb (unix) ids are not stored: they are created */
- user->smb_userid = pdb_user_rid_to_uid (atoi(temp));
-
- if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
- {
- DEBUG(0,("Inconsistency in the LDAP database\n"));
- }
- if (user->acct_ctrl & ACB_NORMAL)
- {
- user->smb_name = user_name;
- user->smb_passwd = smblmpwd;
- user->smb_nt_passwd = smbntpwd;
- }
-}
-
-/*******************************************************************
- retrieve the user's info and contruct a sam_passwd structure.
-
- calls ldap_get_smb_passwd function first, though, to save code duplication.
-
-******************************************************************/
-static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
- struct sam_passwd *user)
-{
- static pstring user_name;
- static pstring fullname;
- static pstring home_dir;
- static pstring dir_drive;
- static pstring logon_script;
- static pstring profile_path;
- static pstring acct_desc;
- static pstring workstations;
- static pstring temp;
- static struct smb_passwd pw_buf;
-
- pdb_init_sam(user);
-
- ldap_get_smb_passwd(ldap_struct, entry, &pw_buf);
-
- user->pass_last_set_time = pw_buf.pass_last_set_time;
-
- get_single_attribute(ldap_struct, entry, "logonTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "logoffTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "kickoffTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "pwdCanChange", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- get_single_attribute(ldap_struct, entry, "pwdMustChange", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
-
- user->smb_name = pw_buf.smb_name;
-
- DEBUG(2,("ldap_get_sam_passwd: user: %s\n", user_name));
-
- get_single_attribute(ldap_struct, entry, "userFullName", fullname);
- user->full_name = fullname;
-
- get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir);
- user->home_dir = home_dir;
-
- get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive);
- user->dir_drive = dir_drive;
-
- get_single_attribute(ldap_struct, entry, "scriptPath", logon_script);
- user->logon_script = logon_script;
-
- get_single_attribute(ldap_struct, entry, "profilePath", profile_path);
- user->profile_path = profile_path;
-
- get_single_attribute(ldap_struct, entry, "comment", acct_desc);
- user->acct_desc = acct_desc;
-
- get_single_attribute(ldap_struct, entry, "userWorkstations", workstations);
- user->workstations = workstations;
-
- user->unknown_str = NULL; /* don't know, yet! */
- user->munged_dial = NULL; /* "munged" dial-back telephone number */
-
- get_single_attribute(ldap_struct, entry, "rid", temp);
- user->user_rid = atoi(temp);
-
- get_single_attribute(ldap_struct, entry, "primaryGroupID", temp);
- user->group_rid = atoi(temp);
-
- /* the smb (unix) ids are not stored: they are created */
- user->smb_userid = pw_buf.smb_userid;
- user->smb_grpid = group_rid_to_uid(user->group_rid);
-
- user->acct_ctrl = pw_buf.acct_ctrl;
-
- user->unknown_3 = 0xffffff; /* don't know */
- user->logon_divs = 168; /* hours per week */
- user->hours_len = 21; /* 21 times 8 bits = 168 */
- memset(user->hours, 0xff, user->hours_len); /* available at all hours */
- user->unknown_5 = 0x00000000; /* don't know */
- user->unknown_6 = 0x000004ec; /* don't know */
-
- if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
- {
- DEBUG(0,("Inconsistency in the LDAP database\n"));
- }
-
- if (!(user->acct_ctrl & ACB_NORMAL))
- {
- DEBUG(0,("User's acct_ctrl bits not set to ACT_NORMAL in LDAP database\n"));
- return;
- }
-}
-
-/************************************************************************
- Routine to manage the LDAPMod structure array
- manage memory used by the array, by each struct, and values
-
-************************************************************************/
-static void make_a_mod(LDAPMod ***modlist,int modop, const char *attribute, const char *value)
-{
- LDAPMod **mods, **tmods;
- int i;
- int j;
-
- mods = *modlist;
-
- if (mods == NULL)
- {
- tmods = (LDAPMod **)malloc( sizeof(LDAPMod *) );
- if (tmods == NULL)
- {
- DEBUG(0,("make_a_mod: out of memory!\n"));
- return;
- }
- mods = tmods;
- mods[0] = NULL;
- }
-
- for ( i = 0; mods[ i ] ! = NULL; ++i )
- {
- if ( mods[ i ]->mod_op == modop &&
- !strcasecmp( mods[ i ]->mod_type, attribute ) )
- {
- break;
- }
- }
-
- if (mods[i] == NULL)
- {
- tmods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) );
- if (tmods == NULL)
- {
- DEBUG(0,("make_a_mod: out of memory!\n"));
- return;
- }
- mods = tmods;
- mods[i] = (LDAPMod *)malloc( sizeof( LDAPMod ) );
- if (mods[i] == NULL)
- {
- DEBUG(0,("make_a_mod: out of memory!\n"));
- return;
- }
- mods[i]->mod_op = modop;
- mods[i]->mod_values = NULL;
- mods[i]->mod_type = strdup( attribute );
- mods[i+1] = NULL;
- }
-
- if (value ! = NULL )
- {
- char **tmval;
-
- j = 0;
- if ( mods[ i ]->mod_values ! = NULL )
- {
- for ( ; mods[ i ]->mod_values[ j ] ! = NULL; j++ );
- }
- tmval = (char **)Realloc(mods[ i ]->mod_values,
- (j+2) * sizeof( char * ));
- if ( tmval == NULL)
- {
- DEBUG(0, "make_a_mod: Memory allocation failure!\n");
- return;
- }
- mods[ i ]->mod_values = tmval;
- mods[ i ]->mod_values[ j ] = strdup(value);
- mods[ i ]->mod_values[ j + 1 ] = NULL;
- }
- *modlist = mods;
-}
-
-/************************************************************************
- Add or modify an entry. Only the smb struct values
-
-*************************************************************************/
-static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
-{
-
- /* assume the struct is correct and filled
- that's the job of passdb.c to check */
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
- char *smb_name;
- int trust = False;
- int ldap_state;
- pstring filter;
- pstring dn;
- pstring lmhash;
- pstring nthash;
- pstring rid;
- pstring lst;
- pstring temp;
-
- LDAP *ldap_struct;
- LDAPMessage *result;
- LDAPMod **mods;
-
- smb_name = newpwd->smb_name;
-
- if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */
- {
- return False;
- }
-
- if (!ldap_connect_system(ldap_struct)) /* connect as system account */
- {
- ldap_unbind(ldap_struct);
- return False;
- }
-
- if (smb_name[strlen(smb_name)-1] == '$' )
- {
- smb_name[strlen(smb_name)-1] = '\0';
- trust = True;
- }
-
- slprintf(filter, sizeof(filter)-1,
- "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))",
- smb_name);
-
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result);
-
- switch (flag)
- {
- case ADD_USER:
- {
- if (ldap_count_entries(ldap_struct, result) ! = 0)
- {
- DEBUG(0,("User already in the base, with samba properties\n"));
- ldap_unbind(ldap_struct);
- return False;
- }
- ldap_state = LDAP_MOD_ADD;
- break;
- }
- case MODIFY_USER:
- {
- if (ldap_count_entries(ldap_struct, result) ! = 1)
- {
- DEBUG(0,("No user to modify !\n"));
- ldap_unbind(ldap_struct);
- return False;
- }
- ldap_state = LDAP_MOD_REPLACE;
- break;
- }
- default:
- {
- DEBUG(0,("How did you come here? \n"));
- ldap_unbind(ldap_struct);
- return False;
- break;
- }
- }
- slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() );
-
- if (newpwd->smb_passwd ! = NULL)
- {
- int i;
- for( i = 0; i < 16; i++)
- {
- slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_passwd[i]);
- }
-
- }
- else
- {
- if (newpwd->acct_ctrl & ACB_PWNOTREQ)
- {
- slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
- }
- else
- {
- slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
- }
- }
- slprintf(lmhash, sizeof(lmhash)-1, "%s", temp);
-
- if (newpwd->smb_nt_passwd ! = NULL)
- {
- int i;
- for( i = 0; i < 16; i++)
- {
- slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_nt_passwd[i]);
- }
-
- }
- else
- {
- if (newpwd->acct_ctrl & ACB_PWNOTREQ)
- {
- slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
- }
- else
- {
- slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
- }
- }
- slprintf(nthash, sizeof(nthash)-1, "%s", temp);
-
- slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) );
- slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time);
-
- mods = NULL;
-
- if (trust)
- {
- make_a_mod(&mods, ldap_state, "objectclass", "sambaTrust");
- make_a_mod(&mods, ldap_state, "netbiosTrustName", smb_name);
- make_a_mod(&mods, ldap_state, "trustPassword", nthash);
- }
- else
- {
- make_a_mod(&mods, ldap_state, "objectclass", "sambaAccount");
- make_a_mod(&mods, ldap_state, "dBCSPwd", lmhash);
- make_a_mod(&mods, ldap_state, "uid", smb_name);
- make_a_mod(&mods, ldap_state, "unicodePwd", nthash);
- }
-
- make_a_mod(&mods, ldap_state, "cn", smb_name);
-
- make_a_mod(&mods, ldap_state, "rid", rid);
- make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
- make_a_mod(&mods, ldap_state, "userAccountControl",
- smbpasswd_encode_acb_info(newpwd->acct_ctrl));
-
- switch(flag)
- {
- case ADD_USER:
- {
- ldap_add_s(ldap_struct, dn, mods);
- DEBUG(2,("modadd_ldappwd_entry: added: cn = %s in the LDAP database\n",smb_name));
- break;
- }
- case MODIFY_USER:
- {
- ldap_modify_s(ldap_struct, dn, mods);
- DEBUG(2,("modadd_ldappwd_entry: changed: cn = %s in the LDAP database_n",smb_name));
- break;
- }
- default:
- {
- DEBUG(2,("modadd_ldappwd_entry: How did you come here? \n"));
- ldap_unbind(ldap_struct);
- return False;
- break;
- }
- }
-
- ldap_mods_free(mods, 1);
-
- ldap_unbind(ldap_struct);
-
- return True;
-}
-
-/************************************************************************
- Add or modify an entry. everything except the smb struct
-
-*************************************************************************/
-static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag)
-{
-
- /* assume the struct is correct and filled
- that's the job of passdb.c to check */
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
- char *smb_name;
- int trust = False;
- int ldap_state;
- pstring filter;
- pstring dn;
- pstring lmhash;
- pstring nthash;
- pstring rid;
- pstring lst;
- pstring temp;
-
- LDAP *ldap_struct;
- LDAPMessage *result;
- LDAPMod **mods;
-
- smb_name = newpwd->smb_name;
-
- if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */
- {
- return False;
- }
-
- if (!ldap_connect_system(ldap_struct)) /* connect as system account */
- {
- ldap_unbind(ldap_struct);
- return False;
- }
-
- if (smb_name[strlen(smb_name)-1] == '$' )
- {
- smb_name[strlen(smb_name)-1] = '\0';
- trust = True;
- }
-
- slprintf(filter, sizeof(filter)-1,
- "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))",
- smb_name);
-
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result);
-
- switch (flag)
- {
- case ADD_USER:
- {
- if (ldap_count_entries(ldap_struct, result) ! = 1)
- {
- DEBUG(2,("User already in the base, with samba properties\n"));
- ldap_unbind(ldap_struct);
- return False;
- }
- ldap_state = LDAP_MOD_ADD;
- break;
- }
-
- case MODIFY_USER:
- {
- if (ldap_count_entries(ldap_struct, result) ! = 1)
- {
- DEBUG(2,("No user to modify !\n"));
- ldap_unbind(ldap_struct);
- return False;
- }
- ldap_state = LDAP_MOD_REPLACE;
- break;
- }
-
- default:
- {
- DEBUG(2,("How did you come here? \n"));
- ldap_unbind(ldap_struct);
- return False;
- break;
- }
- }
- slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() );
-
- mods = NULL;
-
- if (trust)
- {
- }
- else
- {
- }
-
- make_a_mod(&mods, ldap_state, "cn", smb_name);
-
- make_a_mod(&mods, ldap_state, "rid", rid);
- make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
- make_a_mod(&mods, ldap_state, "userAccountControl",
- smbpasswd_encode_acct_ctrl(newpwd->acct_ctrl));
-
- ldap_modify_s(ldap_struct, dn, mods);
-
- ldap_mods_free(mods, 1);
-
- ldap_unbind(ldap_struct);
-
- return True;
-}
-
-/************************************************************************
- Routine to add an entry to the ldap passwd file.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
-{
- return (modadd_ldappwd_entry(newpwd, ADD_USER) );
-}
-
-/************************************************************************
- Routine to search the ldap passwd file for an entry matching the username.
- and then modify its password entry. We can't use the startldappwent()/
- getldappwent()/endldappwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out password or NO PASS
-
- do not call this function directly. use passdb.c instead.
-
-************************************************************************/
-static BOOL mod_ldappwd_entry(struct smb_passwd *pwd, BOOL override)
-{
- return (modadd_ldappwd_entry(pwd, MODIFY_USER) );
-}
-
-/************************************************************************
- Routine to add an entry to the ldap passwd file.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static BOOL add_ldap21pwd_entry(struct sam_passwd *newpwd)
-{
- return( modadd_ldappwd_entry(newpwd, ADD_USER)?
- modadd_ldap21pwd_entry(newpwd, ADD_USER):False);
-}
-
-/************************************************************************
- Routine to search the ldap passwd file for an entry matching the username.
- and then modify its password entry. We can't use the startldappwent()/
- getldappwent()/endldappwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out password or NO PASS
-
- do not call this function directly. use passdb.c instead.
-
-************************************************************************/
-static BOOL mod_ldap21pwd_entry(struct sam_passwd *pwd, BOOL override)
-{
- return( modadd_ldappwd_entry(pwd, MODIFY_USER)?
- modadd_ldap21pwd_entry(pwd, MODIFY_USER):False);
-}
-
-struct ldap_enum_info
-{
- LDAP *ldap_struct;
- LDAPMessage *result;
- LDAPMessage *entry;
-};
-
-static struct ldap_enum_info ldap_ent;
-
-/***************************************************************
- Start to enumerate the ldap passwd list. Returns a void pointer
- to ensure no modification outside this module.
-
- do not call this function directly. use passdb.c instead.
-
- ****************************************************************/
-static void *startldappwent(BOOL update)
-{
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
-
- pstring filter;
-
- if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */
- {
- return NULL;
- }
-
- if (!ldap_connect_system(ldap_ent.ldap_struct)) /* connect as system account */
- {
- return NULL;
- }
-
- /* when the class is known the search is much faster */
- switch (0)
- {
- case 1:
- {
- pstrcpy(filter, "objectclass = sambaAccount");
- break;
- }
- case 2:
- {
- pstrcpy(filter, "objectclass = sambaTrust");
- break;
- }
- default:
- {
- pstrcpy(filter, "(|(objectclass = sambaTrust)(objectclass = sambaAccount))");
- break;
- }
- }
-
- rc = ldap_search_s(ldap_ent.ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &ldap_ent.result);
-
- DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_ent.ldap_struct, ldap_ent.result) ));
-
- ldap_ent.entry = ldap_first_entry(ldap_ent.ldap_struct, ldap_ent.result);
-
- return &ldap_ent;
-}
-
-/*************************************************************************
- Routine to return the next entry in the ldap passwd list.
-
- do not call this function directly. use passdb.c instead.
-
- *************************************************************************/
-static struct smb_passwd *getldappwent(void *vp)
-{
- static struct smb_passwd user;
- struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp;
-
- ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry);
-
- if (ldap_vp->entry ! = NULL)
- {
- ldap_get_smb_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user);
- return &user;
- }
- return NULL;
-}
-
-/*************************************************************************
- Routine to return the next entry in the ldap passwd list.
-
- do not call this function directly. use passdb.c instead.
-
- *************************************************************************/
-static struct sam_passwd *getldap21pwent(void *vp)
-{
- static struct sam_passwd user;
- struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp;
-
- ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry);
-
- if (ldap_vp->entry ! = NULL)
- {
- ldap_get_sam_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user);
- return &user;
- }
- return NULL;
-}
-
-/***************************************************************
- End enumeration of the ldap passwd list.
-
- do not call this function directly. use passdb.c instead.
-
-****************************************************************/
-static void endldappwent(void *vp)
-{
- struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp;
- ldap_msgfree(ldap_vp->result);
- ldap_unbind(ldap_vp->ldap_struct);
-}
-
-/*************************************************************************
- Return the current position in the ldap passwd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static SMB_BIG_UINT getldappwpos(void *vp)
-{
- return (SMB_BIG_UINT)0;
-}
-
-/*************************************************************************
- Set the current position in the ldap passwd list from SMB_BIG_UINT.
- This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok)
-{
- return False;
-}
-
-/*
- * Ldap derived functions.
- */
-
-static struct smb_passwd *getldappwnam(char *name)
-{
- return pdb_sam_to_smb(iterate_getsam21pwnam(name));
-}
-
-static struct smb_passwd *getldappwuid(uid_t smb_userid)
-{
- return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
-}
-
-static struct smb_passwd *getldappwrid(uint32 user_rid)
-{
- return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid)));
-}
-
-static struct smb_passwd *getldappwent(void *vp)
-{
- return pdb_sam_to_smb(getldap21pwent(vp));
-}
-
-static BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
-{
- return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd));
-}
-
-static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
-{
- return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override);
-}
-
-static BOOL del_ldappwd_entry(const char *name)
-{
- return False; /* Dummy... */
-}
-
-static struct sam_passwd *getldap21pwuid(uid_t uid)
-{
- return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid)));
-}
-
-static struct passdb_ops ldap_ops =
-{
- startldappwent,
- endldappwent,
- getldappwpos,
- setldappwpos,
- getldappwnam,
- getldappwuid,
- getldappwrid,
- getldappwent,
- add_ldappwd_entry,
- mod_ldappwd_entry,
- del_ldappwd_entry,
- getldap21pwent,
- iterate_getsam21pwnam, /* From passdb.c */
- iterate_getsam21pwuid, /* From passdb.c */
- iterate_getsam21pwrid, /* From passdb.c */
- add_ldap21pwd_entry,
- mod_ldap21pwd_entry
-};
-
-struct passdb_ops *ldap_initialize_password_db(void)
-{
- return &ldap_ops;
-}
-
-#else
- void dummy_function(void);
- void dummy_function(void) { } /* stop some compilers complaining */
-#endif
diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c
deleted file mode 100644
index 2b1f6b5492..0000000000
--- a/source3/passdb/nispass.c
+++ /dev/null
@@ -1,1083 +0,0 @@
-/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
- * Copyright (C) Benny Holmgren 1998 <bigfoot@astrakan.hgs.se>
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1998.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef WITH_NISPLUS
-
-#ifdef BROKEN_NISPLUS_INCLUDE_FILES
-
-/*
- * The following lines are needed due to buggy include files
- * in Solaris 2.6 which define GROUP in both /usr/include/sys/acl.h and
- * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA.
- * Also GROUP_OBJ is defined as 0x4 in /usr/include/sys/acl.h and as
- * an enum in /usr/include/rpcsvc/nis.h.
- */
-
-#if defined(GROUP)
-#undef GROUP
-#endif
-
-#if defined(GROUP_OBJ)
-#undef GROUP_OBJ
-#endif
-
-#endif
-
-#include <rpcsvc/nis.h>
-
-extern int DEBUGLEVEL;
-
-static VOLATILE sig_atomic_t gotalarm;
-
-/***************************************************************
-
- the fields for the NIS+ table, generated from mknissmbpwtbl.sh, are:
-
- name=S,nogw=r
- uid=S,nogw=r
- user_rid=S,nogw=r
- smb_grpid=,nw+r
- group_rid=,nw+r
- acb=,nw+r
-
- lmpwd=C,nw=,g=r,o=rm
- ntpwd=C,nw=,g=r,o=rm
-
- logon_t=,nw+r
- logoff_t=,nw+r
- kick_t=,nw+r
- pwdlset_t=,nw+r
- pwdlchg_t=,nw+r
- pwdmchg_t=,nw+r
-
- full_name=,nw+r
- home_dir=,nw+r
- dir_drive=,nw+r
- logon_script=,nw+r
- profile_path=,nw+r
- acct_desc=,nw+r
- workstations=,nw+r
-
- hours=,nw+r
-
-****************************************************************/
-
-#define NPF_NAME 0
-#define NPF_UID 1
-#define NPF_USER_RID 2
-#define NPF_SMB_GRPID 3
-#define NPF_GROUP_RID 4
-#define NPF_ACB 5
-#define NPF_LMPWD 6
-#define NPF_NTPWD 7
-#define NPF_LOGON_T 8
-#define NPF_LOGOFF_T 9
-#define NPF_KICK_T 10
-#define NPF_PWDLSET_T 11
-#define NPF_PWDLCHG_T 12
-#define NPF_PWDMCHG_T 13
-#define NPF_FULL_NAME 14
-#define NPF_HOME_DIR 15
-#define NPF_DIR_DRIVE 16
-#define NPF_LOGON_SCRIPT 17
-#define NPF_PROFILE_PATH 18
-#define NPF_ACCT_DESC 19
-#define NPF_WORKSTATIONS 20
-#define NPF_HOURS 21
-
-/***************************************************************
- Signal function to tell us we timed out.
-****************************************************************/
-static void gotalarm_sig(void)
-{
- gotalarm = 1;
-}
-
-/***************************************************************
- make_nisname_from_user_rid
- ****************************************************************/
-static char *make_nisname_from_user_rid(uint32 rid, char *pfile)
-{
- static pstring nisname;
-
- safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1);
- slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid);
- safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
- safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
-
- return nisname;
-}
-
-/***************************************************************
- make_nisname_from_uid
- ****************************************************************/
-static char *make_nisname_from_uid(int uid, char *pfile)
-{
- static pstring nisname;
-
- safe_strcpy(nisname, "[uid=", sizeof(nisname)-1);
- slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid);
- safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
- safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
-
- return nisname;
-}
-
-/***************************************************************
- make_nisname_from_name
- ****************************************************************/
-static char *make_nisname_from_name(char *user_name, char *pfile)
-{
- static pstring nisname;
-
- safe_strcpy(nisname, "[name=", sizeof(nisname)-1);
- safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1);
- safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
- safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
-
- return nisname;
-}
-
-/*************************************************************************
- gets a NIS+ attribute
- *************************************************************************/
-static void get_single_attribute(nis_object *new_obj, int col,
- char *val, int len)
-{
- int entry_len;
-
- if (new_obj == NULL || val == NULL) return;
-
- entry_len = ENTRY_LEN(new_obj, col);
- if (len > entry_len)
- {
- DEBUG(10,("get_single_attribute: entry length truncated\n"));
- len = entry_len;
- }
-
- safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1);
-}
-
-/************************************************************************
- makes a struct sam_passwd from a NIS+ object.
- ************************************************************************/
-static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj)
-{
- int uidval;
- static pstring user_name;
- static pstring full_name;
- static pstring home_dir;
- static pstring home_drive;
- static pstring logon_script;
- static pstring profile_path;
- static pstring acct_desc;
- static pstring workstations;
- static pstring temp;
- static unsigned char smbpwd[16];
- static unsigned char smbntpwd[16];
-
- char *p;
-
- pdb_init_sam(pw_buf);
- pw_buf->acct_ctrl = ACB_NORMAL;
-
- pstrcpy(user_name, ENTRY_VAL(obj, NPF_NAME));
- pw_buf->smb_name = user_name;
-
- uidval = atoi(ENTRY_VAL(obj, NPF_UID));
- pw_buf->smb_userid = uidval;
-
- /* Check the lanman password column. */
- p = (char *)ENTRY_VAL(obj, NPF_LMPWD);
- if (*p == '*' || *p == 'X') {
- /* Password deliberately invalid - end here. */
- DEBUG(10, ("make_sam_from_nisp_object: entry invalidated for user %s\n", user_name));
- pw_buf->smb_nt_passwd = NULL;
- pw_buf->smb_passwd = NULL;
- pw_buf->acct_ctrl |= ACB_DISABLED;
- return True;
- }
- if (!strncasecmp(p, "NO PASSWORD", 11)) {
- pw_buf->smb_passwd = NULL;
- pw_buf->acct_ctrl |= ACB_PWNOTREQ;
- } else {
- if (strlen(p) != 32 || !pdb_gethexpwd(p, smbpwd))
- {
- DEBUG(0, ("make_sam_from_nisp_object: malformed LM pwd entry.\n"));
- return False;
- }
- }
-
- pw_buf->smb_passwd = smbpwd;
-
- /* Check the NT password column. */
- p = ENTRY_VAL(obj, NPF_NTPWD);
- if (*p != '*' && *p != 'X') {
- if (strlen(p) != 32 || !pdb_gethexpwd(p, smbntpwd))
- {
- DEBUG(0, ("make_smb_from_nisp_object: malformed NT pwd entry\n"));
- return False;
- }
- pw_buf->smb_nt_passwd = smbntpwd;
- }
-
- p = (char *)ENTRY_VAL(obj, NPF_ACB);
- if (*p == '[')
- {
- pw_buf->acct_ctrl = pdb_decode_acct_ctrl(p);
-
- /* Must have some account type set. */
- if(pw_buf->acct_ctrl == 0)
- pw_buf->acct_ctrl = ACB_NORMAL;
-
- /* Now try and get the last change time. */
- if(*p == ']')
- p++;
- if(*p == ':') {
- p++;
- if(*p && (StrnCaseCmp(p, "LCT-", 4)==0)) {
- int i;
- p += 4;
- for(i = 0; i < 8; i++) {
- if(p[i] == '\0' || !isxdigit(p[i]))
- break;
- }
- if(i == 8) {
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
- pw_buf->pass_last_set_time = (time_t)strtol(p, NULL, 16);
- }
- }
- }
- } else {
- /* 'Old' style file. Fake up based on user name. */
- /*
- * Currently trust accounts are kept in the same
- * password file as 'normal accounts'. If this changes
- * we will have to fix this code. JRA.
- */
- if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
- pw_buf->acct_ctrl &= ~ACB_NORMAL;
- pw_buf->acct_ctrl |= ACB_WSTRUST;
- }
- }
-
- get_single_attribute(obj, NPF_SMB_GRPID, temp, sizeof(pstring));
- pw_buf->smb_grpid = atoi(temp);
-
- get_single_attribute(obj, NPF_USER_RID, temp, sizeof(pstring));
- pw_buf->user_rid = (strlen(temp) > 0) ?
- strtol(temp, NULL, 16) : pdb_uid_to_user_rid (pw_buf->smb_userid);
-
- if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') {
-
- get_single_attribute(obj, NPF_GROUP_RID, temp, sizeof(pstring));
-
- if (strlen(temp) > 0)
- pw_buf->group_rid = strtol(temp, NULL, 16);
- else {
- GROUP_MAP map;
-
- if (get_group_map_from_gid(pw_buf->smb_grpid, &map, MAPPING_WITHOUT_PRIV)) {
- pw_buf->group_rid = map.rid;
- }
- else
- pw_buf->group_rid = pdb_gid_to_group_rid(pw_buf->smb_grpid);
- }
-
- get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring));
-#if 1
- /* It seems correct to use the global values - but in that case why
- * do we want these NIS+ entries anyway ??
- */
- pstrcpy(logon_script , lp_logon_script ());
- pstrcpy(profile_path , lp_logon_path ());
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
-#else
- get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, sizeof(pstring));
- get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring));
- get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring));
- get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring));
-#endif
- get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring));
- get_single_attribute(obj, NPF_WORKSTATIONS, workstations, sizeof(pstring));
-
- } else {
-
- pw_buf->group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-
- pstrcpy(full_name , "");
- pstrcpy(logon_script , "");
- pstrcpy(profile_path , "");
- pstrcpy(home_drive , "");
- pstrcpy(home_dir , "");
- pstrcpy(acct_desc , "");
- pstrcpy(workstations , "");
- }
-
- pw_buf->full_name = full_name;
- pw_buf->home_dir = home_dir;
- pw_buf->dir_drive = home_drive;
- pw_buf->logon_script = logon_script;
- pw_buf->profile_path = profile_path;
- pw_buf->acct_desc = acct_desc;
- pw_buf->workstations = workstations;
-
- pw_buf->unknown_str = NULL; /* don't know, yet! */
- pw_buf->munged_dial = NULL; /* "munged" dial-back telephone number */
-
- pw_buf->unknown_3 = 0xffffff; /* don't know */
- pw_buf->logon_divs = 168; /* hours per week */
- pw_buf->hours_len = 21; /* 21 times 8 bits = 168 */
- memset(pw_buf->hours, 0xff, pw_buf->hours_len); /* available at all hours */
- pw_buf->unknown_5 = 0x00000000; /* don't know */
- pw_buf->unknown_6 = 0x000004ec; /* don't know */
-
- return True;
-}
-
-/************************************************************************
- makes a struct sam_passwd from a NIS+ result.
- ************************************************************************/
-static BOOL make_sam_from_nisresult(struct sam_passwd *pw_buf, nis_result *result)
-{
- if (pw_buf == NULL || result == NULL) return False;
-
- if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND)
- {
- DEBUG(0, ("make_sam_from_nisresult: NIS+ lookup failure: %s\n",
- nis_sperrno(result->status)));
- return False;
- }
-
- /* User not found. */
- if (NIS_RES_NUMOBJ(result) <= 0)
- {
- DEBUG(10, ("make_sam_from_nisresult: user not found in NIS+\n"));
- return False;
- }
-
- if (NIS_RES_NUMOBJ(result) > 1)
- {
- DEBUG(10, ("make_sam_from_nisresult: WARNING: Multiple entries for user in NIS+ table!\n"));
- }
-
- /* Grab the first hit. */
- return make_sam_from_nisp_object(pw_buf, &NIS_RES_OBJECT(result)[0]);
- }
-
-/***************************************************************
- calls nis_list, returns results.
- ****************************************************************/
-static nis_result *nisp_get_nis_list(char *nis_name)
-{
- nis_result *result;
- result = nis_list(nis_name, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL);
-
- alarm(0);
- CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm)
- {
- DEBUG(0,("nisp_get_nis_list: NIS+ lookup time out\n"));
- nis_freeresult(result);
- return NULL;
- }
- return result;
-}
-
-
-
-struct nisp_enum_info
-{
- nis_result *result;
- int enum_entry;
-};
-
-/***************************************************************
- Start to enumerate the nisplus passwd list. Returns a void pointer
- to ensure no modification outside this module.
-
- do not call this function directly. use passdb.c instead.
-
- ****************************************************************/
-static void *startnisppwent(BOOL update)
-{
- static struct nisp_enum_info res;
- res.result = nisp_get_nis_list(lp_smb_passwd_file());
- res.enum_entry = 0;
- return res.result != NULL ? &res : NULL;
-}
-
-/***************************************************************
- End enumeration of the nisplus passwd list.
-****************************************************************/
-static void endnisppwent(void *vp)
-{
- struct nisp_enum_info *res = (struct nisp_enum_info *)vp;
- nis_freeresult(res->result);
- DEBUG(7,("endnisppwent: freed enumeration list\n"));
-}
-
-/*************************************************************************
- Routine to return the next entry in the nisplus passwd list.
-
- do not call this function directly. use passdb.c instead.
-
- *************************************************************************/
-static struct sam_passwd *getnisp21pwent(void *vp)
-{
- struct nisp_enum_info *res = (struct nisp_enum_info *)vp;
- static struct sam_passwd pw_buf;
- int which;
- BOOL ret;
-
- if (res == NULL || (int)(res->enum_entry) < 0 ||
- (int)(res->enum_entry) > (NIS_RES_NUMOBJ(res->result) - 1)) {
- ret = False;
- } else {
- which = (int)(res->enum_entry);
- ret = make_sam_from_nisp_object(&pw_buf,
- &NIS_RES_OBJECT(res->result)[which]);
- if (ret && which < (NIS_RES_NUMOBJ(res->result) - 1))
- (int)(res->enum_entry)++;
- }
-
- return ret ? &pw_buf : NULL;
-}
-
-/*************************************************************************
- Return the current position in the nisplus passwd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static SMB_BIG_UINT getnisppwpos(void *vp)
-{
- struct nisp_enum_info *res = (struct nisp_enum_info *)vp;
- return (SMB_BIG_UINT)(res->enum_entry);
-}
-
-/*************************************************************************
- Set the current position in the nisplus passwd list from SMB_BIG_UINT.
- This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static BOOL setnisppwpos(void *vp, SMB_BIG_UINT tok)
-{
- struct nisp_enum_info *res = (struct nisp_enum_info *)vp;
- if (tok < (NIS_RES_NUMOBJ(res->result) - 1)) {
- res->enum_entry = tok;
- return True;
- } else {
- return False;
- }
-}
-
-/*************************************************************************
- sets a NIS+ attribute
- *************************************************************************/
-static void set_single_attribute(nis_object *new_obj, int col,
- const char *val, int len, int flags)
-{
- if (new_obj == NULL) return;
-
- ENTRY_VAL(new_obj, col) = val;
- ENTRY_LEN(new_obj, col) = len+1;
-
- if (flags != 0)
- {
- new_obj->EN_data.en_cols.en_cols_val[col].ec_flags = flags;
- }
-}
-
-/************************************************************************
- Routine to add an entry to the nisplus passwd file.
-
- do not call this function directly. use passdb.c instead.
-
-*************************************************************************/
-static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
-{
- char *pfile;
- char *nisname;
- nis_result *nis_user;
- nis_result *result = NULL,
- *tblresult = NULL,
- *addresult = NULL;
- nis_object new_obj, *obj;
-
- fstring uid;
- fstring user_rid;
- fstring smb_grpid;
- fstring group_rid;
- fstring acb;
-
- fstring smb_passwd;
- fstring smb_nt_passwd;
-
- fstring logon_t;
- fstring logoff_t;
- fstring kickoff_t;
- fstring pwdlset_t;
- fstring pwdlchg_t;
- fstring pwdmchg_t;
-
- memset((char *)logon_t , '\0', sizeof(logon_t ));
- memset((char *)logoff_t , '\0', sizeof(logoff_t ));
- memset((char *)kickoff_t, '\0', sizeof(kickoff_t));
- memset((char *)pwdlset_t, '\0', sizeof(pwdlset_t));
- memset((char *)pwdlchg_t, '\0', sizeof(pwdlchg_t));
- memset((char *)pwdmchg_t, '\0', sizeof(pwdmchg_t));
-
- pfile = lp_smb_passwd_file();
-
- nisname = make_nisname_from_name(newpwd->smb_name, pfile);
- result = nisp_get_nis_list(nisname);
- if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND)
- {
- DEBUG(3, ( "add_nis21ppwd_entry: nis_list failure: %s: %s\n",
- nisname, nis_sperrno(result->status)));
- nis_freeresult(result);
- return False;
- }
-
- if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0)
- {
- DEBUG(3, ("add_nisp21pwd_entry: User already exists in NIS+ password db: %s\n",
- pfile));
- nis_freeresult(result);
- return False;
- }
-
-#if 0
- /* User not found. */
- if (!add_user)
- {
- DEBUG(3, ("add_nisp21pwd_entry: User not found in NIS+ password db: %s\n",
- pfile));
- nis_freeresult(result);
- return False;
- }
-
-#endif
-
- tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP );
- if (tblresult->status != NIS_SUCCESS)
- {
- nis_freeresult(result);
- nis_freeresult(tblresult);
- DEBUG(3, ( "add_nisp21pwd_entry: nis_lookup failure: %s\n",
- nis_sperrno(tblresult->status)));
- return False;
- }
-
- new_obj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name;
- new_obj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain;
- new_obj.zo_owner = NIS_RES_OBJECT(tblresult)->zo_owner;
- new_obj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group;
- new_obj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access;
- new_obj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl;
-
- new_obj.zo_data.zo_type = ENTRY_OBJ;
-
- new_obj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type;
- new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol;
- new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col));
-
- if (new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val == NULL)
- {
- DEBUG(0, ("add_nisp21pwd_entry: memory allocation failure\n"));
- nis_freeresult(result);
- nis_freeresult(tblresult);
- return False;
- }
-
- pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl);
- pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
-
- newpwd->pass_last_set_time = (time_t)time(NULL);
- newpwd->logon_time = (time_t)-1;
- newpwd->logoff_time = (time_t)-1;
- newpwd->kickoff_time = (time_t)-1;
- newpwd->pass_can_change_time = (time_t)-1;
- newpwd->pass_must_change_time = (time_t)-1;
-
- slprintf(logon_t, 13, "LNT-%08X", (uint32)newpwd->logon_time);
- slprintf(logoff_t, 13, "LOT-%08X", (uint32)newpwd->logoff_time);
- slprintf(kickoff_t, 13, "KOT-%08X", (uint32)newpwd->kickoff_time);
- slprintf(pwdlset_t, 13, "LCT-%08X", (uint32)newpwd->pass_last_set_time);
- slprintf(pwdlchg_t, 13, "CCT-%08X", (uint32)newpwd->pass_can_change_time);
- slprintf(pwdmchg_t, 13, "MCT-%08X", (uint32)newpwd->pass_must_change_time);
-
- slprintf(uid, sizeof(uid)-1, "%u", newpwd->smb_userid);
- slprintf(user_rid, sizeof(user_rid)-1, "0x%x", newpwd->user_rid);
- slprintf(smb_grpid, sizeof(smb_grpid)-1, "%u", newpwd->smb_grpid);
- slprintf(group_rid, sizeof(group_rid)-1, "0x%x", newpwd->group_rid);
-
- safe_strcpy(acb, smbpasswd_encode_acct_ctrl(newpwd->acct_ctrl),
- sizeof(acb)-1);
-
- set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0);
- set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0);
- set_single_attribute(&new_obj, NPF_USER_RID , user_rid , strlen(user_rid) , 0);
- set_single_attribute(&new_obj, NPF_SMB_GRPID , smb_grpid , strlen(smb_grpid) , 0);
- set_single_attribute(&new_obj, NPF_GROUP_RID , group_rid , strlen(group_rid) , 0);
- set_single_attribute(&new_obj, NPF_ACB , acb , strlen(acb) , 0);
- set_single_attribute(&new_obj, NPF_LMPWD , smb_passwd , strlen(smb_passwd) , EN_CRYPT);
- set_single_attribute(&new_obj, NPF_NTPWD , smb_nt_passwd , strlen(smb_nt_passwd) , EN_CRYPT);
- set_single_attribute(&new_obj, NPF_LOGON_T , logon_t , strlen(logon_t) , 0);
- set_single_attribute(&new_obj, NPF_LOGOFF_T , logoff_t , strlen(logoff_t) , 0);
- set_single_attribute(&new_obj, NPF_KICK_T , kickoff_t , strlen(kickoff_t) , 0);
- set_single_attribute(&new_obj, NPF_PWDLSET_T , pwdlset_t , strlen(pwdlset_t) , 0);
- set_single_attribute(&new_obj, NPF_PWDLCHG_T , pwdlchg_t , strlen(pwdlchg_t) , 0);
- set_single_attribute(&new_obj, NPF_PWDMCHG_T , pwdmchg_t , strlen(pwdmchg_t) , 0);
-#if 0
- set_single_attribute(&new_obj, NPF_FULL_NAME , newpwd->full_name , strlen(newpwd->full_name) , 0);
- set_single_attribute(&new_obj, NPF_HOME_DIR , newpwd->home_dir , strlen(newpwd->home_dir) , 0);
- set_single_attribute(&new_obj, NPF_DIR_DRIVE , newpwd->dir_drive , strlen(newpwd->dir_drive) , 0);
- set_single_attribute(&new_obj, NPF_LOGON_SCRIPT , newpwd->logon_script , strlen(newpwd->logon_script) , 0);
- set_single_attribute(&new_obj, NPF_PROFILE_PATH , newpwd->profile_path , strlen(newpwd->profile_path) , 0);
- set_single_attribute(&new_obj, NPF_ACCT_DESC , newpwd->acct_desc , strlen(newpwd->acct_desc) , 0);
- set_single_attribute(&new_obj, NPF_WORKSTATIONS , newpwd->workstations , strlen(newpwd->workstations) , 0);
- set_single_attribute(&new_obj, NPF_HOURS , newpwd->hours , newpwd->hours_len , 0);
-#endif
-
- obj = &new_obj;
-
- addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP);
-
-
- if (addresult->status != NIS_SUCCESS)
- {
- DEBUG(3, ( "add_nisp21pwd_entry: NIS+ table update failed: %s\n",
- nisname, nis_sperrno(addresult->status)));
- nis_freeresult(tblresult);
- nis_freeresult(addresult);
- nis_freeresult(result);
- return False;
- }
-
- nis_freeresult(tblresult);
- nis_freeresult(addresult);
- nis_freeresult(result);
-
- return True;
-}
-
-/************************************************************************
- Routine to search the nisplus passwd file for an entry matching the username.
- and then modify its password entry. We can't use the startnisppwent()/
- getnisppwent()/endnisppwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out password or NO PASS
-
- do not call this function directly. use passdb.c instead.
-
-************************************************************************/
-static BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override)
-{
- char *oldnislmpwd, *oldnisntpwd, *oldnisacb, *oldnislct, *user_name;
- char lmpwd[33], ntpwd[33], lct[13];
- nis_result *result, *addresult;
- nis_object *obj;
- fstring acb;
- pstring nisname;
- BOOL got_pass_last_set_time, ret;
- int i;
-
- if (!*lp_smb_passwd_file())
- {
- DEBUG(0, ("mod_getnisp21pwd_entry: no SMB password file set\n"));
- return False;
- }
-
- DEBUG(10, ("mod_getnisp21pwd_entry: search by name: %s\n", pwd->smb_name));
- DEBUG(10, ("mod_getnisp21pwd_entry: using NIS+ table %s\n", lp_smb_passwd_file()));
-
- slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", pwd->smb_name, lp_smb_passwd_file());
-
- /* Search the table. */
- gotalarm = 0;
- CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
- alarm(5);
-
- result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
-
- alarm(0);
- CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm)
- {
- DEBUG(0,("mod_getnisp21pwd_entry: NIS+ lookup time out\n"));
- nis_freeresult(result);
- return False;
- }
-
- if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) {
- /* User not found. */
- DEBUG(0,("mod_getnisp21pwd_entry: user not found in NIS+\n"));
- nis_freeresult(result);
- return False;
- }
-
- DEBUG(6,("mod_getnisp21pwd_entry: entry exists\n"));
-
- obj = NIS_RES_OBJECT(result);
-
- user_name = ENTRY_VAL(obj, NPF_NAME);
- oldnislmpwd = ENTRY_VAL(obj, NPF_LMPWD);
- oldnisntpwd = ENTRY_VAL(obj, NPF_NTPWD);
- oldnisacb = ENTRY_VAL(obj, NPF_ACB);
- oldnislct = ENTRY_VAL(obj, NPF_PWDLSET_T);
-
-
- if (!override && (*oldnislmpwd == '*' || *oldnislmpwd == 'X' ||
- *oldnisntpwd == '*' || *oldnisntpwd == 'X')) {
- /* Password deliberately invalid - end here. */
- DEBUG(10, ("mod_nisp21pwd_entry: entry invalidated for user %s\n", user_name));
- nis_freeresult(result);
- return False;
- }
-
- if (strlen(oldnislmpwd) != 32 || strlen(oldnisntpwd) != 32) {
- DEBUG(0, ("mod_nisp21pwd_entry: malformed password entry (incorrect length)\n"));
- nis_freeresult(result);
- return False;
- }
-
-
-
- /*
- * Now check if the account info and the password last
- * change time is available.
- */
-
- /*
- * If both NT and lanman passwords are provided - reset password
- * not required flag.
- */
-
- if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
- /* Require password in the future (should ACB_DISABLED also be reset?) */
- pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
- }
-
- if (*oldnisacb == '[') {
-
- i = 0;
- acb[i++] = oldnisacb[i];
- while(i < (sizeof(fstring) - 2) && (oldnisacb[i] != ']'))
- acb[i] = oldnisacb[i++];
-
- acb[i++] = ']';
- acb[i++] = '\0';
-
- if (i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
- /*
- * We are using a new format, space padded
- * acct ctrl field. Encode the given acct ctrl
- * bits into it.
- */
- fstrcpy(acb, smbpasswd_encode_acct_ctrl(pwd->acct_ctrl));
- } else {
- /*
- * If using the old format and the ACB_DISABLED or
- * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
- * here as we have no space to encode the change.
- */
- if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
- pwd->smb_passwd = NULL;
- pwd->smb_nt_passwd = NULL;
- }
- }
-
- /* Now do the LCT stuff. */
- if (StrnCaseCmp(oldnislct, "LCT-", 4) == 0) {
-
- for(i = 0; i < 8; i++) {
- if(oldnislct[i+4] == '\0' || !isxdigit(oldnislct[i+4]))
- break;
- }
- if (i == 8) {
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
- got_pass_last_set_time = True;
- } /* i == 8 */
- } /* StrnCaseCmp() */
-
- } /* p == '[' */
-
- /* Entry is correctly formed. */
-
-
-
- /* Create the 32 byte representation of the new p16 */
- if(pwd->smb_passwd != NULL) {
- for (i = 0; i < 16; i++) {
- slprintf(&lmpwd[i*2], 32, "%02X", (uchar) pwd->smb_passwd[i]);
- }
- } else {
- if(pwd->acct_ctrl & ACB_PWNOTREQ)
- fstrcpy(lmpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
- else
- fstrcpy(lmpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
- }
-
- /* Add on the NT md4 hash */
- if (pwd->smb_nt_passwd != NULL) {
- for (i = 0; i < 16; i++) {
- slprintf(&ntpwd[i*2], 32, "%02X", (uchar) pwd->smb_nt_passwd[i]);
- }
- } else {
- if(pwd->acct_ctrl & ACB_PWNOTREQ)
- fstrcpy(ntpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
- else
- fstrcpy(ntpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
- }
-
- pwd->pass_last_set_time = time(NULL);
-
- if(got_pass_last_set_time) {
- slprintf(lct, 13, "LCT-%08X", (uint32)pwd->pass_last_set_time);
- }
-
- set_single_attribute(obj, NPF_LMPWD, lmpwd, strlen(lmpwd), EN_CRYPT);
- set_single_attribute(obj, NPF_NTPWD, ntpwd, strlen(ntpwd), EN_CRYPT);
- set_single_attribute(obj, NPF_ACB, acb, strlen(acb), 0);
- set_single_attribute(obj, NPF_PWDLSET_T, lct, strlen(lct), 0);
-
- addresult =
- nis_add_entry(lp_smb_passwd_file(), obj,
- ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP);
-
- if(addresult->status != NIS_SUCCESS) {
- DEBUG(0, ("mod_nisp21pwd_entry: NIS+ table update failed: %s %s\n", nisname, nis_sperrno(addresult->status)));
- nis_freeresult(addresult);
- nis_freeresult(result);
- return False;
- }
-
- DEBUG(6,("mod_nisp21pwd_entry: password changed\n"));
-
- nis_freeresult(addresult);
- nis_freeresult(result);
-
- return True;
-}
-
-
-/*************************************************************************
- Routine to search the nisplus passwd file for an entry matching the username
- *************************************************************************/
-static struct sam_passwd *getnisp21pwnam(char *name)
-{
- /* Static buffers we will return. */
- static struct sam_passwd pw_buf;
- nis_result *result;
- pstring nisname;
- BOOL ret;
-
- if (!*lp_smb_passwd_file())
- {
- DEBUG(0, ("No SMB password file set\n"));
- return NULL;
- }
-
- DEBUG(10, ("getnisp21pwnam: search by name: %s\n", name));
- DEBUG(10, ("getnisp21pwnam: using NIS+ table %s\n", lp_smb_passwd_file()));
-
- slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", name, lp_smb_passwd_file());
-
- /* Search the table. */
- gotalarm = 0;
- CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
- alarm(5);
-
- result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
-
- alarm(0);
- CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm)
- {
- DEBUG(0,("getnisp21pwnam: NIS+ lookup time out\n"));
- nis_freeresult(result);
- return NULL;
- }
-
- ret = make_sam_from_nisresult(&pw_buf, result);
- nis_freeresult(result);
-
- return ret ? &pw_buf : NULL;
-}
-
-/*************************************************************************
- Routine to search the nisplus passwd file for an entry matching the username
- *************************************************************************/
-static struct sam_passwd *getnisp21pwrid(uint32 rid)
-{
- /* Static buffers we will return. */
- static struct sam_passwd pw_buf;
- nis_result *result;
- char *nisname;
- BOOL ret;
-
- if (!*lp_smb_passwd_file())
- {
- DEBUG(0, ("getnisp21pwrid: no SMB password file set\n"));
- return NULL;
- }
-
- DEBUG(10, ("getnisp21pwrid: search by rid: %x\n", rid));
- DEBUG(10, ("getnisp21pwrid: using NIS+ table %s\n", lp_smb_passwd_file()));
-
- nisname = make_nisname_from_user_rid(rid, lp_smb_passwd_file());
-
- /* Search the table. */
- gotalarm = 0;
- CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
- alarm(5);
-
- result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
-
- alarm(0);
- CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm)
- {
- DEBUG(0,("getnisp21pwrid: NIS+ lookup time out\n"));
- nis_freeresult(result);
- return NULL;
- }
-
- ret = make_sam_from_nisresult(&pw_buf, result);
- nis_freeresult(result);
-
- return ret ? &pw_buf : NULL;
-}
-
-/*
- * Derived functions for NIS+.
- */
-
-static struct smb_passwd *getnisppwent(void *vp)
-{
- return pdb_sam_to_smb(getnisp21pwent(vp));
-}
-
-static BOOL add_nisppwd_entry(struct smb_passwd *newpwd)
-{
- return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd));
-}
-
-static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override)
-{
- return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override);
-}
-
-static BOOL del_nisppwd_entry(const char *name)
-{
- return False; /* Dummy. */
-}
-
-static struct smb_passwd *getnisppwnam(char *name)
-{
- return pdb_sam_to_smb(getnisp21pwnam(name));
-}
-
-static struct sam_passwd *getnisp21pwuid(uid_t smb_userid)
-{
- return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid));
-}
-
-static struct smb_passwd *getnisppwrid(uint32 user_rid)
-{
- return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid)));
-}
-
-static struct smb_passwd *getnisppwuid(uid_t smb_userid)
-{
- return pdb_sam_to_smb(getnisp21pwuid(smb_userid));
-}
-
-static struct passdb_ops nispasswd_ops = {
- startnisppwent,
- endnisppwent,
- getnisppwpos,
- setnisppwpos,
- getnisppwnam,
- getnisppwuid,
- getnisppwrid,
- getnisppwent,
- add_nisppwd_entry,
- mod_nisppwd_entry,
- del_nisppwd_entry,
- getnisp21pwent,
- getnisp21pwnam,
- getnisp21pwuid,
- getnisp21pwrid,
- add_nisp21pwd_entry,
- mod_nisp21pwd_entry
-};
-
-struct passdb_ops *nisplus_initialize_password_db(void)
-{
- return &nispasswd_ops;
-}
-
-#else
- void nisplus_dummy_function(void);
- void nisplus_dummy_function(void) { } /* stop some compilers complaining */
-#endif /* WITH_NISPLUS */
-
-/* useful code i can't bring myself to delete */
-#if 0
-static void useful_code(void) {
- /* checks user in unix password database. don't want to do that, here. */
- nisname = make_nisname_from_name(newpwd->smb_name, "passwd.org_dir");
-
- nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
-
- if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0)
- {
- DEBUG(3, ("useful_code: Unable to get NIS+ passwd entry for user: %s.\n",
- nis_sperrno(nis_user->status)));
- return False;
- }
-
- user_obj = NIS_RES_OBJECT(nis_user);
- make_nisname_from_name(ENTRY_VAL(user_obj,0), pfile);
-}
-#endif
diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c
deleted file mode 100644
index f4af6e8745..0000000000
--- a/source3/passdb/smbpasschange.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- change a password in a local smbpasswd file
- Copyright (C) Andrew Tridgell 1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-
diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c
deleted file mode 100644
index 808abde661..0000000000
--- a/source3/passdb/smbpassgroup.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef USE_SMBPASS_DB
-
-static int grp_file_lock_depth = 0;
-
-/***************************************************************
- Start to enumerate the smbpasswd list. Returns a void pointer
- to ensure no modification outside this module.
-****************************************************************/
-
-static void *startsmbfilegrpent(BOOL update)
-{
- static char s_readbuf[1024];
- return startfilepwent(lp_smb_passgrp_file(), s_readbuf, sizeof(s_readbuf),
- &grp_file_lock_depth, update);
-}
-
-/***************************************************************
- End enumeration of the smbpasswd list.
-****************************************************************/
-
-static void endsmbfilegrpent(void *vp)
-{
- endfilepwent(vp, &grp_file_lock_depth);
-}
-
-/*************************************************************************
- Return the current position in the smbpasswd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static SMB_BIG_UINT getsmbfilegrppos(void *vp)
-{
- return getfilepwpos(vp);
-}
-
-/*************************************************************************
- Set the current position in the smbpasswd list from an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok)
-{
- return setfilepwpos(vp, tok);
-}
-
-/*************************************************************************
- Routine to return the next entry in the smbpasswd list.
- *************************************************************************/
-static struct smb_passwd *getsmbfilegrpent(void *vp,
- uint32 **grp_rids, int *num_grps,
- uint32 **als_rids, int *num_alss)
-{
- /* Static buffers we will return. */
- static struct smb_passwd pw_buf;
- static pstring user_name;
- struct passwd *pwfile;
- pstring linebuf;
- unsigned char *p;
- int uidval;
- size_t linebuf_len;
-
- if (vp == NULL)
- {
- DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n"));
- return NULL;
- }
-
- pwdb_init_smb(&pw_buf);
-
- /*
- * Scan the file, a line at a time.
- */
- while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0)
- {
- /*
- * The line we have should be of the form :-
- *
- * username:uid:domainrid1,domainrid2..:aliasrid1,aliasrid2..:
- */
-
- /*
- * As 256 is shorter than a pstring we don't need to check
- * length here - if this ever changes....
- */
- p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
-
- /* Go past ':' */
- p++;
-
- /* Get smb uid. */
-
- p = Atoic((char *) p, &uidval, ":");
-
- pw_buf.smb_name = user_name;
- pw_buf.smb_userid = uidval;
-
- /*
- * Now get the password value - this should be 32 hex digits
- * which are the ascii representations of a 16 byte string.
- * Get two at a time and put them into the password.
- */
-
- /* Skip the ':' */
- p++;
-
- if (grp_rids != NULL && num_grps != NULL)
- {
- int i;
- p = get_numlist(p, grp_rids, num_grps);
- if (p == NULL)
- {
- DEBUG(0,("getsmbfilegrpent: invalid line\n"));
- return NULL;
- }
- for (i = 0; i < (*num_grps); i++)
- {
- (*grp_rids)[i] = pwdb_gid_to_group_rid((*grp_rids)[i]);
- }
- }
-
- /* Skip the ':' */
- p++;
-
- if (als_rids != NULL && num_alss != NULL)
- {
- int i;
- p = get_numlist(p, als_rids, num_alss);
- if (p == NULL)
- {
- DEBUG(0,("getsmbfilegrpent: invalid line\n"));
- return NULL;
- }
- for (i = 0; i < (*num_alss); i++)
- {
- (*als_rids)[i] = pwdb_gid_to_alias_rid((*als_rids)[i]);
- }
- }
-
- pwfile = Get_Pwnam(pw_buf.smb_name);
- if (pwfile == NULL)
- {
- DEBUG(0,("getsmbfilegrpent: smbpasswd database is corrupt!\n"));
- DEBUG(0,("getsmbfilegrpent: username %s not in unix passwd database!\n", pw_buf.smb_name));
- return NULL;
- }
-
- return &pw_buf;
- }
-
- DEBUG(5,("getsmbfilegrpent: end of file reached.\n"));
- return NULL;
-}
-
-static struct passgrp_ops file_ops =
-{
- startsmbfilegrpent,
- endsmbfilegrpent,
- getsmbfilegrppos,
- setsmbfilegrppos,
- iterate_getsmbgrpnam, /* In passgrp.c */
- iterate_getsmbgrpuid, /* In passgrp.c */
- iterate_getsmbgrprid, /* In passgrp.c */
- getsmbfilegrpent,
-};
-
-struct passgrp_ops *file_initialise_password_grp(void)
-{
- return &file_ops;
-}
-
-#else
- /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
- void smbpass_dummy_function(void) { } /* stop some compilers complaining */
-#endif /* USE_SMBPASS_DB */