From c5e739febe5ab3bcc5d147fe791c788ec72531a3 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 10 Oct 1997 14:48:05 +0000 Subject: Makefile: added credentials.c to smbd credentials.c: using credential structures instead of char* password.c uid.c server.c: added sid and attr to user_struct. smbdes.c: smbhash and str_to_key make public instead of private. pipes.c smb.h: lsa structures, sub-functions. proto.h: usual. (This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02) --- source3/smbd/password.c | 97 ++++++++++++++++++++++++++----------------------- 1 file changed, 52 insertions(+), 45 deletions(-) (limited to 'source3/smbd/password.c') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index f4d94791cf..af9be289c7 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -96,10 +96,10 @@ tell random client vuid's (normally zero) from valid vuids. ****************************************************************************/ user_struct *get_valid_user_struct(uint16 vuid) { - if(vuid == UID_FIELD_INVALID) + if (vuid == UID_FIELD_INVALID) return NULL; vuid -= VUID_OFFSET; - if((vuid >= (uint16)num_validated_users) || + if ((vuid >= (uint16)num_validated_users) || (validated_users[vuid].uid == -1) || (validated_users[vuid].gid == -1)) return NULL; return &validated_users[vuid]; @@ -111,19 +111,28 @@ invalidate a uid void invalidate_vuid(uint16 vuid) { user_struct *vuser = get_valid_user_struct(vuid); - if(vuser == 0) - return; + + if (vuser == NULL) return; vuser->uid = -1; vuser->gid = -1; - vuser->user_ngroups = 0; - if(vuser->user_groups && - (vuser->user_groups != (gid_t *)vuser->user_igroups)) - free(vuser->user_groups); - vuser->user_groups = NULL; - if(vuser->user_igroups) - free(vuser->user_igroups); - vuser->user_igroups = NULL; + + vuser->n_sids = 0; + + /* same number of igroups as groups as attrs */ + vuser->n_groups = 0; + + if (vuser->groups && (vuser->groups != (gid_t *)vuser->igroups)) + free(vuser->groups); + + if (vuser->igroups) free(vuser->igroups); + if (vuser->attrs ) free(vuser->attrs); + if (vuser->sids ) free(vuser->sids); + + vuser->attrs = NULL; + vuser->sids = NULL; + vuser->igroups = NULL; + vuser->groups = NULL; } @@ -133,7 +142,7 @@ return a validated username char *validated_username(uint16 vuid) { user_struct *vuser = get_valid_user_struct(vuid); - if(vuser == 0) + if (vuser == NULL) return 0; return(vuser->name); } @@ -156,12 +165,11 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) int home_server_len; #endif struct passwd *pwfile; /* for getting real name from passwd file */ - int real_name_len; #if 0 /* * After observing MS-Exchange services writing to a Samba share - * I belive this code is incorrect. Each service does it's own + * I belive this code is incorrect. Each service does its own * sessionsetup_and_X for the same user, and as each service shuts * down, it does a user_logoff_and_X. As we are consolidating multiple * sessionsetup_and_X's onto the same vuid here, when the first service @@ -174,7 +182,7 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) int i; for(i = 0; i < num_validated_users; i++) { vuser = &validated_users[i]; - if( vuser->uid == uid ) + if ( vuser->uid == uid ) return (uint16)(i + VUID_OFFSET); /* User already validated */ } #endif @@ -198,16 +206,21 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) vuser->guest = guest; strcpy(vuser->name,name); - vuser->user_ngroups = 0; - vuser->user_groups = NULL; - vuser->user_igroups = NULL; + vuser->n_sids = 0; + vuser->sids = NULL; + + vuser->n_groups = 0; + vuser->groups = NULL; + vuser->igroups = NULL; + vuser->attrs = NULL; /* Find all the groups this uid is in and store them. Used by become_user() */ setup_groups(name,uid,gid, - &vuser->user_ngroups, - &vuser->user_igroups, - &vuser->user_groups); + &vuser->n_groups, + &vuser->igroups, + &vuser->groups, + &vuser->attrs); DEBUG(3,("uid %d registered to name %s\n",uid,name)); @@ -215,14 +228,14 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) vuser->home_share = NULL; DEBUG(3, ("Setting default HOMESHR to: \\\\logon server\\HOMES\n")); vuser->home_share = Realloc(vuser->home_share, 32); - strcpy(vuser->home_share,"\\\\%L\\HOMES"); + strcpy(vuser->home_share,"\\\\%L\\%U"); - if (nis_error = yp_get_default_domain(&nis_domain)) + if ((nis_error = yp_get_default_domain(&nis_domain)) != 0) DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error))); DEBUG(3, ("NIS Domain: %s\n", nis_domain)); - if (nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name), - &nis_result, &nis_result_len)) + if ((nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name), + &nis_result, &nis_result_len)) != 0) DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error))); if (!nis_error && lp_nis_home_map()) { home_server_len = strcspn(nis_result,":"); @@ -237,19 +250,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) } #endif - vuser->real_name = NULL; DEBUG(3, ("Clearing default real name\n")); - vuser->real_name = Realloc(vuser->real_name, 15); - strcpy(vuser->real_name, "\0"); + fstrcpy(vuser->real_name, "\0"); if (lp_unix_realname()) { - if((pwfile=getpwnam(vuser->name))!= NULL) + if ((pwfile=getpwnam(vuser->name))!= NULL) { DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->name,pwfile->pw_gecos)); - real_name_len = strcspn(pwfile->pw_gecos, ","); - DEBUG(3, ("Real name length: %d\n", real_name_len)); - vuser->real_name = (char *)Realloc(vuser->real_name, real_name_len+1); - strncpy(vuser->real_name, pwfile->pw_gecos, real_name_len); - vuser->real_name[real_name_len]='\0'; + fstrcpy(vuser->real_name, pwfile->pw_gecos); } } @@ -702,7 +709,7 @@ static int linux_bigcrypt(char *password,char *salt1, char *crypted) for ( i=strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) { char * p = crypt(password,salt) + 2; - if(strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0) + if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0) return(0); password += LINUX_PASSWORD_SEG_CHARS; crypted += strlen(p); @@ -826,10 +833,10 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha unsigned char p21[21]; unsigned char p24[24]; - if(part_passwd == NULL) + if (part_passwd == NULL) DEBUG(10,("No password set - allowing access\n")); /* No password set - always true ! */ - if(part_passwd == NULL) + if (part_passwd == NULL) return 1; memset(p21,'\0',21); @@ -905,7 +912,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done)); - if((pwlen == 24) && challenge_done) + if ((pwlen == 24) && challenge_done) { DEBUG(4,("Checking SMB password for user %s (l=24)\n",user)); @@ -916,28 +923,28 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) } smb_pass = get_smbpwnam(user); - if(!smb_pass) + if (!smb_pass) { DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); return(False); } /* Ensure the uid's match */ - if(smb_pass->smb_userid != pass->pw_uid) + if (smb_pass->smb_userid != pass->pw_uid) { DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n")); return(False); } - if(Protocol >= PROTOCOL_NT1) + if (Protocol >= PROTOCOL_NT1) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ - if(smb_pass->smb_nt_passwd != NULL) + if (smb_pass->smb_nt_passwd != NULL) { DEBUG(4,("Checking NT MD4 password\n")); - if(smb_password_check(password, + if (smb_password_check(password, smb_pass->smb_nt_passwd, (unsigned char *)challenge)) { @@ -1080,7 +1087,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) } /* give up? */ - if(level < 1) + if (level < 1) { update_protected_database(user,False); -- cgit