From 533c7c81fe9c5ca9f8936e1e6f2eb7502cbd653f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 24 Dec 2007 12:58:40 +0100 Subject: Add tdbsam_search_users (This used to be commit 02f0b0bd393bd942fc934f251bd6afed8e5424b0) --- source3/passdb/pdb_tdb.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index b4282b1278..1c2278ba7d 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -1592,6 +1592,139 @@ static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) return ret; } +struct tdbsam_search_state { + struct pdb_methods *methods; + uint32_t acct_flags; + + uint32_t *rids; + uint32_t num_rids; + ssize_t array_size; + uint32_t current; +}; + +static int tdbsam_collect_rids(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, + void *private_data) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + private_data, struct tdbsam_search_state); + size_t prefixlen = strlen(RIDPREFIX); + uint32 rid; + + if ((key.dsize < prefixlen) + || (strncmp((char *)key.dptr, RIDPREFIX, prefixlen))) { + return 0; + } + + rid = strtoul((char *)key.dptr+prefixlen, NULL, 16); + + ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids, + &state->array_size); + + return 0; +} + +static void tdbsam_search_end(struct pdb_search *search) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + TALLOC_FREE(state); +} + +static bool tdbsam_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + struct samu *user = NULL; + NTSTATUS status; + uint32_t rid; + + again: + TALLOC_FREE(user); + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + return false; + } + + if (state->current == state->num_rids) { + return false; + } + + rid = state->rids[state->current++]; + + status = tdbsam_getsampwrid(state->methods, user, rid); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + /* + * Someone has deleted that user since we listed the RIDs + */ + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("tdbsam_getsampwrid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(user); + return false; + } + + if ((state->acct_flags != 0) && + ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) { + goto again; + } + + entry->acct_flags = pdb_get_acct_ctrl(user); + entry->rid = rid; + entry->account_name = talloc_strdup( + search->mem_ctx, pdb_get_username(user)); + entry->fullname = talloc_strdup( + search->mem_ctx, pdb_get_fullname(user)); + entry->description = talloc_strdup( + search->mem_ctx, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); + + if ((entry->account_name == NULL) || (entry->fullname == NULL) + || (entry->description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + return false; + } + + return true; +} + +static bool tdbsam_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32 acct_flags) +{ + struct tdbsam_search_state *state; + + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + state = TALLOC_ZERO_P(search->mem_ctx, struct tdbsam_search_state); + if (state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + state->acct_flags = acct_flags; + state->methods = methods; + + tdb_traverse(tdbsam, tdbsam_collect_rids, state); + + tdbsam_close(); + + search->private_data = state; + search->next_entry = tdbsam_search_next_entry; + search->search_end = tdbsam_search_end; + + return true; +} + /********************************************************************* Initialize the tdb sam backend. Setup the dispath table of methods, open the tdb, etc... @@ -1618,6 +1751,7 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account; + (*pdb_method)->search_users = tdbsam_search_users; (*pdb_method)->rid_algorithm = tdbsam_rid_algorithm; (*pdb_method)->new_rid = tdbsam_new_rid; -- cgit From f633d348d70525b856aaae586626decfbc024db9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 25 Dec 2007 00:04:39 +0100 Subject: smbpasswd_search_users (This used to be commit 84af4fb65677cf137f14f57c8820c77c9d006d89) --- source3/passdb/pdb_smbpasswd.c | 114 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 6a3bdb80a2..21cd988cff 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1606,6 +1606,119 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } +struct smbpasswd_search_state { + uint32_t acct_flags; + + struct samr_displayentry *entries; + uint32_t num_entries; + ssize_t array_size; + uint32_t current; +}; + +static void smbpasswd_search_end(struct pdb_search *search) +{ + struct smbpasswd_search_state *state = talloc_get_type_abort( + search->private_data, struct smbpasswd_search_state); + TALLOC_FREE(state); +} + +static bool smbpasswd_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) +{ + struct smbpasswd_search_state *state = talloc_get_type_abort( + search->private_data, struct smbpasswd_search_state); + + if (state->current == state->num_entries) { + return false; + } + + *entry = state->entries[state->current++]; + + return true; +} + +static bool smbpasswd_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32_t acct_flags) +{ + struct smbpasswd_privates *smbpasswd_state = + (struct smbpasswd_privates*)methods->private_data; + + struct smbpasswd_search_state *search_state; + struct smb_passwd *pwd; + FILE *fp; + + search_state = TALLOC_ZERO_P(search->mem_ctx, + struct smbpasswd_search_state); + if (search_state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + search_state->acct_flags = acct_flags; + + fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, + &smbpasswd_state->pw_file_lock_depth); + + if (fp == NULL) { + DEBUG(10, ("Unable to open smbpasswd file.\n")); + TALLOC_FREE(search_state); + return false; + } + + while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) { + struct samr_displayentry entry; + struct samu *user; + + if ((acct_flags != 0) + && ((acct_flags & pwd->acct_ctrl) == 0)) { + continue; + } + + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + break; + } + + if (!build_sam_account(smbpasswd_state, user, pwd)) { + /* Already got debug msgs... */ + break; + } + + ZERO_STRUCT(entry); + + entry.acct_flags = pdb_get_acct_ctrl(user); + sid_peek_rid(pdb_get_user_sid(user), &entry.rid); + entry.account_name = talloc_strdup( + search_state, pdb_get_username(user)); + entry.fullname = talloc_strdup( + search_state, pdb_get_fullname(user)); + entry.description = talloc_strdup( + search_state, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); + + if ((entry.account_name == NULL) || (entry.fullname == NULL) + || (entry.description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + break; + } + + ADD_TO_LARGE_ARRAY(search_state, struct samr_displayentry, + entry, &search_state->entries, + &search_state->num_entries, + &search_state->array_size); + } + + endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth)); + + search->private_data = search_state; + search->next_entry = smbpasswd_search_next_entry; + search->search_end = smbpasswd_search_end; + + return true; +} + static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char *location ) { NTSTATUS nt_status; @@ -1626,6 +1739,7 @@ static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; (*pdb_method)->rename_sam_account = smbpasswd_rename_sam_account; + (*pdb_method)->search_users = smbpasswd_search_users; (*pdb_method)->rid_algorithm = smbpasswd_rid_algorithm; -- cgit From e70c97ef85b309d6e005c07e16a003725d21ffc8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Dec 2007 17:58:55 +0100 Subject: Remove the sampwent interface (This used to be commit 9e80b969fb40766de2c9b1a05d16bf4d4c6e46f7) --- source3/passdb/pdb_interface.c | 123 +--------------------------------- source3/passdb/pdb_ldap.c | 102 ---------------------------- source3/passdb/pdb_smbpasswd.c | 76 --------------------- source3/passdb/pdb_tdb.c | 146 ----------------------------------------- 4 files changed, 1 insertion(+), 446 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 198960550b..2102b579ec 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -208,33 +208,6 @@ static struct pdb_methods *pdb_get_methods(void) return pdb_get_methods_reload(False); } -/****************************************************************** - Backward compatibility functions for the original passdb interface -*******************************************************************/ - -bool pdb_setsampwent(bool update, uint16 acb_mask) -{ - struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask)); -} - -void pdb_endsampwent(void) -{ - struct pdb_methods *pdb = pdb_get_methods(); - pdb->endsampwent(pdb); -} - -bool pdb_getsampwent(struct samu *user) -{ - struct pdb_methods *pdb = pdb_get_methods(); - - if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) { - return False; - } - - return True; -} - bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); @@ -1181,21 +1154,6 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, return NT_STATUS_NOT_IMPLEMENTED; } -static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, bool update, uint32 acb_mask) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, struct samu *user) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static void pdb_default_endsampwent(struct pdb_methods *methods) -{ - return; /* NT_STATUS_NOT_IMPLEMENTED; */ -} - static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) { return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; @@ -1738,7 +1696,7 @@ static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, } #endif -static struct pdb_search *pdb_search_init(enum pdb_search_type type) +struct pdb_search *pdb_search_init(enum pdb_search_type type) { TALLOC_CTX *mem_ctx; struct pdb_search *result; @@ -1795,81 +1753,6 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid, entry->description = ""; } -static bool user_search_in_progress = False; -struct user_search { - uint16 acct_flags; -}; - -static bool next_entry_users(struct pdb_search *s, - struct samr_displayentry *entry) -{ - struct user_search *state = (struct user_search *)s->private_data; - struct samu *user = NULL; - - next: - if ( !(user = samu_new( NULL )) ) { - DEBUG(0, ("next_entry_users: samu_new() failed!\n")); - return False; - } - - if (!pdb_getsampwent(user)) { - TALLOC_FREE(user); - return False; - } - - if ((state->acct_flags != 0) && - ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) { - TALLOC_FREE(user); - goto next; - } - - fill_displayentry(s->mem_ctx, pdb_get_user_rid(user), - pdb_get_acct_ctrl(user), pdb_get_username(user), - pdb_get_fullname(user), pdb_get_acct_desc(user), - entry); - - TALLOC_FREE(user); - return True; -} - -static void search_end_users(struct pdb_search *search) -{ - pdb_endsampwent(); - user_search_in_progress = False; -} - -static bool pdb_default_search_users(struct pdb_methods *methods, - struct pdb_search *search, - uint32 acct_flags) -{ - struct user_search *state; - - if (user_search_in_progress) { - DEBUG(1, ("user search in progress\n")); - return False; - } - - if (!pdb_setsampwent(False, acct_flags)) { - DEBUG(5, ("Could not start search\n")); - return False; - } - - user_search_in_progress = True; - - state = TALLOC_P(search->mem_ctx, struct user_search); - if (state == NULL) { - DEBUG(0, ("talloc failed\n")); - return False; - } - - state->acct_flags = acct_flags; - - search->private_data = state; - search->next_entry = next_entry_users; - search->search_end = search_end_users; - return True; -} - struct group_search { GROUP_MAP *groups; size_t num_groups, current_group; @@ -2136,9 +2019,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) return NT_STATUS_NO_MEMORY; } - (*methods)->setsampwent = pdb_default_setsampwent; - (*methods)->endsampwent = pdb_default_endsampwent; - (*methods)->getsampwent = pdb_default_getsampwent; (*methods)->getsampwnam = pdb_default_getsampwnam; (*methods)->getsampwsid = pdb_default_getsampwsid; (*methods)->create_user = pdb_default_create_user; @@ -2180,7 +2060,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->gid_to_sid = pdb_default_gid_to_sid; (*methods)->sid_to_id = pdb_default_sid_to_id; - (*methods)->search_users = pdb_default_search_users; (*methods)->search_groups = pdb_default_search_groups; (*methods)->search_aliases = pdb_default_search_aliases; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index bc912ada29..b638219466 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1453,79 +1453,6 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state, return True; } -/********************************************************************** - Connect to LDAP server for password enumeration. -*********************************************************************/ - -static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - int rc; - char *filter = NULL; - const char *suffix; - const char **attr_list; - bool machine_mask = False, user_mask = False; - NTSTATUS status = NT_STATUS_OK; - TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent"); - - if (!ctx) { - return NT_STATUS_NO_MEMORY; - } - filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)", - get_objclass_filter(ldap_state->schema_ver)); - if (!filter) { - status = NT_STATUS_NO_MEMORY; - goto out; - } - - filter = talloc_all_string_sub(ctx, filter, "%u", "*"); - if (!filter) { - status = NT_STATUS_NO_MEMORY; - goto out; - } - - machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))); - user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL)); - - if (machine_mask) { - suffix = lp_ldap_machine_suffix(); - } else if (user_mask) { - suffix = lp_ldap_user_suffix(); - } else { - suffix = lp_ldap_suffix(); - } - - DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n", - acb_mask, suffix)); - - attr_list = get_userattr_list(NULL, ldap_state->schema_ver); - rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - TALLOC_FREE( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - status = NT_STATUS_UNSUCCESSFUL; - goto out; - } - - DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - ldap_state->result), suffix)); - - ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - ldap_state->result); - ldap_state->index = 0; - - out: - - TALLOC_FREE(ctx); - return status; -} - /********************************************************************** End enumeration of the LDAP password list. *********************************************************************/ @@ -1539,32 +1466,6 @@ static void ldapsam_endsampwent(struct pdb_methods *my_methods) } } -/********************************************************************** -Get the next entry in the LDAP password database. -*********************************************************************/ - -static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, - struct samu *user) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)my_methods->private_data; - bool bret = False; - - while (!bret) { - if (!ldap_state->entry) - return ret; - - ldap_state->index++; - bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry); - - ldap_state->entry = ldap_next_entry(priv2ld(ldap_state), - ldap_state->entry); - } - - return NT_STATUS_OK; -} - static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list, const char *new_attr) { @@ -6172,9 +6073,6 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c (*pdb_method)->name = "ldapsam"; - (*pdb_method)->setsampwent = ldapsam_setsampwent; - (*pdb_method)->endsampwent = ldapsam_endsampwent; - (*pdb_method)->getsampwent = ldapsam_getsampwent; (*pdb_method)->getsampwnam = ldapsam_getsampwnam; (*pdb_method)->getsampwsid = ldapsam_getsampwsid; (*pdb_method)->add_sam_account = ldapsam_add_sam_account; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 21cd988cff..6cf54fbdf6 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1264,79 +1264,6 @@ static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state, Functions to be implemented by the new passdb API ****************************************************************/ -static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - - smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, - update ? PWF_UPDATE : PWF_READ, - &(smbpasswd_state->pw_file_lock_depth)); - - /* did we fail? Should we try to create it? */ - if (!smbpasswd_state->pw_file && update && errno == ENOENT) { - FILE *fp; - /* slprintf(msg_str,msg_str_len-1, - "smbpasswd file did not exist - attempting to create it.\n"); */ - DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n")); - fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w"); - if (fp) { - fprintf(fp, "# Samba SMB password file\n"); - fclose(fp); - } - - smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, - update ? PWF_UPDATE : PWF_READ, - &(smbpasswd_state->pw_file_lock_depth)); - } - - if (smbpasswd_state->pw_file != NULL) - return NT_STATUS_OK; - else - return NT_STATUS_UNSUCCESSFUL; -} - -static void smbpasswd_endsampwent (struct pdb_methods *my_methods) -{ - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth)); -} - -/***************************************************************** - ****************************************************************/ - -static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, struct samu *user) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - struct smb_passwd *pw_buf=NULL; - bool done = False; - - DEBUG(5,("pdb_getsampwent\n")); - - if ( !user ) { - DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n")); - return nt_status; - } - - while (!done) { - /* do we have an entry? */ - pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file); - if (pw_buf == NULL) - return nt_status; - - /* build the struct samu entry from the smb_passwd struct. - We loop in case the user in the pdb does not exist in - the local system password file */ - if (build_sam_account(smbpasswd_state, user, pw_buf)) - done = True; - } - - DEBUG(5,("getsampwent (smbpasswd): done\n")); - - /* success */ - return NT_STATUS_OK; -} - /**************************************************************** Search smbpasswd file by iterating over the entries. Do not call getpwnam() for unix account information until we have found @@ -1730,9 +1657,6 @@ static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char (*pdb_method)->name = "smbpasswd"; - (*pdb_method)->setsampwent = smbpasswd_setsampwent; - (*pdb_method)->endsampwent = smbpasswd_endsampwent; - (*pdb_method)->getsampwent = smbpasswd_getsampwent; (*pdb_method)->getsampwnam = smbpasswd_getsampwnam; (*pdb_method)->getsampwsid = smbpasswd_getsampwsid; (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 1c2278ba7d..1277b9c395 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -44,13 +44,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define RIDPREFIX "RID_" #define PRIVPREFIX "PRIV_" -struct pwent_list { - struct pwent_list *prev, *next; - TDB_DATA key; -}; -static struct pwent_list *tdbsam_pwent_list; -static bool pwent_initialized; - /* GLOBAL TDB SAM CONTEXT */ static TDB_CONTEXT *tdbsam; @@ -891,134 +884,6 @@ void tdbsam_close( void ) return; } -/**************************************************************************** - creates a list of user keys -****************************************************************************/ - -static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - const char *prefix = USERPREFIX; - int prefixlen = strlen (prefix); - struct pwent_list *ptr; - - if ( strncmp((const char *)key.dptr, prefix, prefixlen) == 0 ) { - if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) { - DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n")); - - /* just return 0 and let the traversal continue */ - return 0; - } - ZERO_STRUCTP(ptr); - - /* save a copy of the key */ - - ptr->key.dptr = (uint8 *)memdup( key.dptr, key.dsize ); - if (!ptr->key.dptr) { - DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n")); - /* just return 0 and let the traversal continue */ - SAFE_FREE(ptr); - return 0; - } - - ptr->key.dsize = key.dsize; - - DLIST_ADD( tdbsam_pwent_list, ptr ); - - } - - return 0; -} - -/*************************************************************** - Open the TDB passwd database for SAM account enumeration. - Save a list of user keys for iteration. -****************************************************************/ - -static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - if ( !tdbsam_open( tdbsam_filename ) ) { - DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); - return NT_STATUS_ACCESS_DENIED; - } - - tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL ); - pwent_initialized = True; - - return NT_STATUS_OK; -} - - -/*************************************************************** - End enumeration of the TDB passwd list. -****************************************************************/ - -static void tdbsam_endsampwent(struct pdb_methods *my_methods) -{ - struct pwent_list *ptr, *ptr_next; - - /* close the tdb only if we have a valid pwent state */ - - if ( pwent_initialized ) { - DEBUG(7, ("endtdbpwent: closed sam database.\n")); - tdbsam_close(); - } - - /* clear out any remaining entries in the list */ - - for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { - ptr_next = ptr->next; - DLIST_REMOVE( tdbsam_pwent_list, ptr ); - SAFE_FREE( ptr->key.dptr); - SAFE_FREE( ptr ); - } - - pwent_initialized = False; -} - -/***************************************************************** - Get one struct samu from the TDB (next in line) -*****************************************************************/ - -static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu *user) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data; - struct pwent_list *pkey; - - if ( !user ) { - DEBUG(0,("tdbsam_getsampwent: struct samu is NULL.\n")); - return nt_status; - } - - if ( !tdbsam_pwent_list ) { - DEBUG(4,("tdbsam_getsampwent: end of list\n")); - return nt_status; - } - - /* pull the next entry */ - - pkey = tdbsam_pwent_list; - DLIST_REMOVE( tdbsam_pwent_list, pkey ); - - data = tdb_fetch(tdbsam, pkey->key); - - SAFE_FREE( pkey->key.dptr); - SAFE_FREE( pkey); - - if ( !data.dptr ) { - DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n")); - return nt_status; - } - - if ( !init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize) ) { - DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); - } - - SAFE_FREE( data.dptr ); - - return NT_STATUS_OK; -} - /****************************************************************** Lookup a name in the SAM TDB ******************************************************************/ @@ -1306,10 +1171,6 @@ static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd, { bool result = True; - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); - #if 0 if ( !pdb_get_group_rid(newpwd) ) { DEBUG (0,("tdb_update_sam: Failing to store a struct samu for [%s] " @@ -1396,10 +1257,6 @@ static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods, return NT_STATUS_ACCESS_DENIED; } - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); - if ( !(new_acct = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; } @@ -1742,9 +1599,6 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc (*pdb_method)->name = "tdbsam"; - (*pdb_method)->setsampwent = tdbsam_setsampwent; - (*pdb_method)->endsampwent = tdbsam_endsampwent; - (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; -- cgit From 3c99b7773ef62d13a7e3611be0603a5807315d9d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Dec 2007 13:13:29 +0100 Subject: Convert csamuser to memcache (This used to be commit 476d3abf9c6142d99822212141fc3d843aca4798) --- source3/passdb/pdb_interface.c | 53 +++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 27 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 2102b579ec..0ab45bafc3 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -25,10 +25,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -/* Cache of latest SAM lookup query */ - -static struct samu *csamuser = NULL; - static_decl_pdb; static struct pdb_init_function_entry *backends = NULL; @@ -211,25 +207,29 @@ static struct pdb_methods *pdb_get_methods(void) bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); + struct samu *cache_copy; + const struct dom_sid *user_sid; if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { return False; } - if ( csamuser ) { - TALLOC_FREE(csamuser); - } - - csamuser = samu_new( NULL ); - if (!csamuser) { + cache_copy = samu_new(NULL); + if (cache_copy == NULL) { return False; } - if (!pdb_copy_sam_account(csamuser, sam_acct)) { - TALLOC_FREE(csamuser); + if (!pdb_copy_sam_account(cache_copy, sam_acct)) { + TALLOC_FREE(cache_copy); return False; } + user_sid = pdb_get_user_sid(cache_copy); + + memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, + data_blob_const(user_sid, sizeof(*user_sid)), + cache_copy); + return True; } @@ -262,6 +262,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); uint32 rid; + void *cache_data; /* hard code the Guest RID of 501 */ @@ -274,9 +275,16 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) } /* check the cache first */ - - if ( csamuser && sid_equal(sid, pdb_get_user_sid(csamuser) ) ) - return pdb_copy_sam_account(sam_acct, csamuser); + + cache_data = memcache_lookup_talloc( + NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid))); + + if (cache_data != NULL) { + struct samu *cache_copy = talloc_get_type_abort( + cache_data, struct samu); + + return pdb_copy_sam_account(sam_acct, cache_copy); + } return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); } @@ -471,10 +479,7 @@ NTSTATUS pdb_update_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); return pdb->update_sam_account(pdb, sam_acct); } @@ -483,10 +488,7 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); return pdb->delete_sam_account(pdb, sam_acct); } @@ -497,10 +499,7 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname) uid_t uid; NTSTATUS status; - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); /* sanity check to make sure we don't rename root */ -- cgit From 40bf6730aaca0409d17619c49e9eea59d68a6f10 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 24 Dec 2007 14:12:54 +0100 Subject: passdb.tdb is located in the private directory Jerry, as part of d6cdbfd87 the default location of passdb.tdb has changed from the private directory to the state directory. I think because passdb.tdb holds the password hashes, it is reasonable to keep this next to the smbpasswd file. Please review and potentially push. Thanks, Volker (This used to be commit c9c7607c402c0a9df9796c767b689d207d67d8e4) --- source3/passdb/pdb_tdb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 1277b9c395..5e21c46abf 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -1613,7 +1613,8 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc /* save the path for later */ if (!location) { - if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(), PASSDB_FILE_NAME) < 0) { + if (asprintf(&tdbfile, "%s/%s", get_dyn_PRIVATE_DIR(), + PASSDB_FILE_NAME) < 0) { return NT_STATUS_NO_MEMORY; } pfile = tdbfile; -- cgit From df450fc090071b3645ecede5d15685e68e209d99 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Dec 2007 03:12:11 +0100 Subject: Make pdb_tdb honour a private dir overridden in smb.conf. One lp_private_dir() has to be used instead of get_dyn_PRIVATE_DIR() to determine the location of the passdb.tdb. I noticed this when running make test as a "normal user" from a build, where I had done "make install" as root before, and so the passdb.tdb could not be accessed during the startup phase "CREATE TEST ENVIRONMENT IN ./st ..." in selftest.sh. Michael (This used to be commit 1f96389afa7250af7393489fb538b8aed93d815c) --- source3/passdb/pdb_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 5e21c46abf..5ee1cdc0c0 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -1613,7 +1613,7 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc /* save the path for later */ if (!location) { - if (asprintf(&tdbfile, "%s/%s", get_dyn_PRIVATE_DIR(), + if (asprintf(&tdbfile, "%s/%s", lp_private_dir(), PASSDB_FILE_NAME) < 0) { return NT_STATUS_NO_MEMORY; } -- cgit From cfcdeb52bf0184874980aebaea602bd2ee5ee411 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 2 Jan 2008 18:20:23 -0800 Subject: Fix for bug #5163 from Laurent Pinchart Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally. Jeremy. (This used to be commit 9369d6e907a49da1fbf2a5690118412b8d1a0383) --- source3/passdb/pdb_ldap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index b638219466..205b178a93 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1768,6 +1768,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); ber_bvfree(bv); +#if defined(LDAP_CONSTRAINT_VIOLATION) + if (rc == LDAP_CONSTRAINT_VIOLATION) + return NT_STATUS_PASSWORD_RESTRICTION; +#endif return NT_STATUS_UNSUCCESSFUL; } else { DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd))); -- cgit