From 30038de4623bc827ee8019c569faf00583d1fe58 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 29 Nov 1998 20:03:33 +0000 Subject: weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1) --- source3/passdb/smbpass.c | 225 ++++++----------------------------------------- 1 file changed, 29 insertions(+), 196 deletions(-) (limited to 'source3/passdb/smbpass.c') diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 262ffa3e2e..0de09e6085 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -23,8 +23,6 @@ static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; static char s_readbuf[1024]; @@ -33,7 +31,7 @@ static char s_readbuf[1024]; to ensure no modification outside this module. ****************************************************************/ -void *startsmbfilepwent(BOOL update) +static void *startsmbfilepwent(BOOL update) { return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), &pw_file_lock_depth, update); @@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update) End enumeration of the smbpasswd list. ****************************************************************/ -void endsmbfilepwent(void *vp) +static void endsmbfilepwent(void *vp) { endfilepwent(vp, &pw_file_lock_depth); } @@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp) This must be treated as an opaque token. *************************************************************************/ -SMB_BIG_UINT getsmbfilepwpos(void *vp) +static SMB_BIG_UINT getsmbfilepwpos(void *vp) { return getfilepwpos(vp); } @@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp) This must be treated as an opaque token. *************************************************************************/ -BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) { return setfilepwpos(vp, tok); } @@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) /************************************************************************* Routine to return the next entry in the smbpasswd list. *************************************************************************/ -struct smb_passwd *getsmbfilepwent(void *vp) +static struct smb_passwd *getsmbfilepwent(void *vp) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - static pstring user_name; + static pstring nt_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; - struct passwd *pwfile; char linebuf[256]; char *p; int uidval; @@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':'); /* Go past ':' */ p++; @@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p = Atoic( p, &uidval, ":"); - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; + pw_buf.nt_name = nt_name; + pw_buf.unix_uid = uidval; /* * Now get the password value - this should be 32 hex digits @@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) if (*p == '*' || *p == 'X') { /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name)); pw_buf.smb_nt_passwd = NULL; pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_DISABLED; @@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p += 33; } - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", - user_name, uidval)); + DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n", + nt_name, uidval)); if (*p == '[') { @@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp) * password file as 'normal accounts'. If this changes * we will have to fix this code. JRA. */ - if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$') { pw_buf.acct_ctrl &= ~ACB_NORMAL; pw_buf.acct_ctrl |= ACB_WSTRUST; } } - pwfile = Get_Pwnam(pw_buf.smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); - return NULL; - } - return &pw_buf; } @@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp) return NULL; } -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - this function is a nice, messy combination of reading: - - the smbpasswd file - - the unix password database - - smb.conf options (not done at present). - *************************************************************************/ - -static struct sam_passwd *getsmbfile21pwent(void *vp) -{ - struct smb_passwd *pw_buf = getsmbfilepwent(vp); - static struct sam_passwd user; - struct passwd *pwfile; -#if ARGH - uint32 status = 0x0; -#endif - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - - DEBUG(5,("getsmbfile21pwent\n")); - - if (pw_buf == NULL) return NULL; - - pwdb_init_sam(&user); - - pwfile = Get_Pwnam(pw_buf->smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name)); - return NULL; - } - - pstrcpy(samlogon_user, pw_buf->smb_name); - - if (samlogon_user[strlen(samlogon_user)-1] != '$') - { - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - -#if ARGH - status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid); -#else - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); -#endif - - pstrcpy(full_name , pwfile->pw_gecos ); - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - - sam_logon_in_ssb = False; - } - else - { - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - -#if ARGH - if (status != 0x0) - { - return NULL; - } -#endif - - user.smb_name = pw_buf->smb_name; - user.full_name = full_name; - user.home_dir = home_dir; - user.dir_drive = home_drive; - user.logon_script = logon_script; - user.profile_path = profile_path; - user.acct_desc = acct_desc; - user.workstations = workstations; - - user.unknown_str = NULL; /* don't know, yet! */ - user.munged_dial = NULL; /* "munged" dial-back telephone number */ - - user.smb_nt_passwd = pw_buf->smb_nt_passwd; - user.smb_passwd = pw_buf->smb_passwd; - - user.acct_ctrl = pw_buf->acct_ctrl; - - user.unknown_3 = 0xffffff; /* don't know */ - user.logon_divs = 168; /* hours per week */ - user.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user.hours, 0xff, user.hours_len); /* available at all hours */ - user.unknown_5 = 0x00020000; /* don't know */ - user.unknown_5 = 0x000004ec; /* don't know */ - - return &user; -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) */ while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->smb_name, pwd->smb_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); + if (strequal(newpwd->nt_name, pwd->nt_name)) { + DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name)); endsmbfilepwent(fp); return False; } @@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; + new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; if((new_entry = (char *)malloc( new_entry_length )) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid); p = &new_entry[strlen(new_entry)]; if(newpwd->smb_passwd != NULL) { @@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) { DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ -Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno))); /* Remove the entry we just wrote. */ if(sys_ftruncate(fd, offpos) == -1) { DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->smb_name, strerror(errno))); + newpwd->nt_name, strerror(errno))); } endsmbfilepwent(fp); @@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) { /* Static buffers we will return. */ - static pstring user_name; + static pstring nt_name; char linebuf[256]; char readbuf[1024]; @@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - if (strequal(user_name, pwd->smb_name)) { + strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf)); + nt_name[PTR_DIFF(p, linebuf)] = '\0'; + if (strequal(nt_name, pwd->nt_name)) { found_entry = True; break; } @@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name)); file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; @@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) return True; } -/* - * Stub functions - implemented in terms of others. - */ - -static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); -} - -static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) -{ - return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); -} - -static struct sam_disp_info *getsmbfiledispnam(const char *name) -{ - return pwdb_sam_to_dispinfo(getsam21pwnam(name)); -} - -static struct sam_disp_info *getsmbfiledisprid(uint32 rid) -{ - return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); -} - -static struct sam_disp_info *getsmbfiledispent(void *vp) -{ - return pwdb_sam_to_dispinfo(getsam21pwent(vp)); -} - -static struct passdb_ops file_ops = { +static struct smb_passdb_ops file_ops = { startsmbfilepwent, endsmbfilepwent, getsmbfilepwpos, setsmbfilepwpos, iterate_getsmbpwnam, /* In passdb.c */ iterate_getsmbpwuid, /* In passdb.c */ - iterate_getsmbpwrid, /* In passdb.c */ getsmbfilepwent, add_smbfilepwd_entry, - mod_smbfilepwd_entry, - getsmbfile21pwent, - iterate_getsam21pwnam, - iterate_getsam21pwuid, - iterate_getsam21pwrid, - add_smbfile21pwd_entry, - mod_smbfile21pwd_entry, - getsmbfiledispnam, - getsmbfiledisprid, - getsmbfiledispent + mod_smbfilepwd_entry }; -struct passdb_ops *file_initialise_password_db(void) +struct smb_passdb_ops *file_initialise_password_db(void) { return &file_ops; } -- cgit