LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
-PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o passdb/secrets.o \
- passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o \
- passdb/tdbpass.o
+PASSDB_OBJ = passdb/passdb.o passdb/secrets.o \
+ passdb/pass_check.o passdb/smbpassfile.o \
+ passdb/machine_sid.o passdb/pdb_smbpasswd.o
+
+# passdb/smbpass.o passdb/ldap.o passdb/nispass.o
PROFILE_OBJ = profile/profile.o
$(LIBSMB_OBJ) $(PASSDB_OBJ) \
$(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ)
+TDBEDIT_OBJ = utils/tdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
+ $(UBIQX_OBJ) $(LIB_OBJ)
+
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o \
lib/cmd_interp.o lib/util_list.o \
lib/msrpc-client.o \
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS)
+bin/tdbedit: $(TDBEDIT_OBJ) bin/.dummy
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(TDBEDIT_OBJ) $(LDFLAGS) $(LIBS)
+
bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS)
char *lp_configfile(void);
char *lp_tdb_passwd_file(void);
char *lp_smb_passwd_file(void);
+char *lp_passdb_module_path(void);
char *lp_serverstring(void);
char *lp_printcapname(void);
char *lp_enumports_cmd(void);
BOOL (*sfunc)(char *),
BOOL (*pfunc)(char *, char *) );
-/*The following definitions come from passdb/ldap.c */
+/*The following definitions come from passdb/machine_sid.c */
-struct passdb_ops *ldap_initialize_password_db(void);
-
-/*The following definitions come from passdb/nispass.c */
-
-struct passdb_ops *nisplus_initialize_password_db(void);
+BOOL pdb_generate_sam_sid(void);
/*The following definitions come from passdb/pass_check.c */
/*The following definitions come from passdb/passdb.c */
-BOOL initialize_password_db(void);
-struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid);
-struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid);
-struct smb_passwd *iterate_getsmbpwnam(char *name);
-void *startsmbpwent(BOOL update);
-void endsmbpwent(void *vp);
-struct smb_passwd *getsmbpwent(void *vp);
-BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
-BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
-BOOL del_smbpwd_entry(const char *name);
-struct smb_passwd *getsmbpwnam(char *name);
-struct smb_passwd *getsmbpwrid(uint32 user_rid);
-struct smb_passwd *getsmbpwuid(uid_t smb_userid);
-struct sam_passwd *iterate_getsam21pwnam(char *name);
-struct sam_passwd *iterate_getsam21pwrid(uint32 rid);
-struct sam_passwd *iterate_getsam21pwuid(uid_t uid);
-struct sam_disp_info *getsamdisprid(uint32 rid);
-struct sam_passwd *getsam21pwent(void *vp);
-struct sam_passwd *getsam21pwnam(char *name);
-struct sam_passwd *getsam21pwrid(uint32 rid);
-BOOL add_sam21pwd_entry(struct sam_passwd *pwd);
-BOOL mod_sam21pwd_entry(struct sam_passwd *pwd, BOOL override);
-void pdb_init_smb(struct smb_passwd *user);
-void pdb_init_sam(struct sam_passwd *user);
-struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user);
-struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user);
-struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user);
-void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from);
-void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from);
-void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from);
+BOOL initialize_password_db(BOOL reload);
+void pdb_init_sam(SAM_ACCOUNT *user);
+void pdb_clear_sam(SAM_ACCOUNT *user);
+struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user);
char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length);
uint16 pdb_decode_acct_ctrl(const char *p);
-time_t pdb_get_last_set_time(const char *p);
-void pdb_set_logon_time(char *p, int max_len, time_t t);
-void pdb_set_logoff_time(char *p, int max_len, time_t t);
-void pdb_set_kickoff_time(char *p, int max_len, time_t t);
-void pdb_set_can_change_time(char *p, int max_len, time_t t);
-void pdb_set_must_change_time(char *p, int max_len, time_t t);
-void pdb_set_last_set_time(char *p, int max_len, time_t t);
void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl);
BOOL pdb_gethexpwd(char *p, unsigned char *pwd);
BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
-BOOL pdb_generate_sam_sid(void);
uid_t pdb_user_rid_to_uid(uint32 user_rid);
gid_t pdb_user_rid_to_gid(uint32 user_rid);
uint32 pdb_uid_to_user_rid(uid_t uid);
BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type);
DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid);
BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type);
+void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from);
+void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from);
+void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from);
+BOOL local_password_change(char *user_name, int local_flags,
+ char *new_passwd,
+ char *err_str, size_t err_str_len,
+ char *msg_str, size_t msg_str_len);
+uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass);
+time_t pdb_get_logon_time (SAM_ACCOUNT *sampass);
+time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass);
+time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass);
+time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass);
+time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass);
+time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass);
+uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass);
+uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass);
+uint8* pdb_get_hours (SAM_ACCOUNT *sampass);
+BYTE* pdb_get_nt_passwd (SAM_ACCOUNT *sampass);
+BYTE* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass);
+uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass);
+uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass);
+uid_t pdb_get_uid (SAM_ACCOUNT *sampass);
+gid_t pdb_get_gid (SAM_ACCOUNT *sampass);
+char* pdb_get_username (SAM_ACCOUNT *sampass);
+char* pdb_get_domain (SAM_ACCOUNT *sampass);
+char* pdb_get_nt_username (SAM_ACCOUNT *sampass);
+char* pdb_get_fullname (SAM_ACCOUNT *sampass);
+char* pdb_get_homedir (SAM_ACCOUNT *sampass);
+char* pdb_get_dirdrive (SAM_ACCOUNT *sampass);
+char* pdb_get_logon_script (SAM_ACCOUNT *sampass);
+char* pdb_get_profile_path (SAM_ACCOUNT *sampass);
+char* pdb_get_acct_desc (SAM_ACCOUNT *sampass);
+char* pdb_get_workstations (SAM_ACCOUNT *sampass);
+char* pdb_get_munged_dial (SAM_ACCOUNT *sampass);
+uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass);
+uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass);
+uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass);
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags);
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t time);
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len);
+BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours);
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid);
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid);
+BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid);
+BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid);
+BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username);
+BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain);
+BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username);
+BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname);
+BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script);
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path);
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive);
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir);
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, BYTE *pwd);
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, BYTE *pwd);
+
+/*The following definitions come from passdb/pdb_smbpasswd.c */
+
+BOOL pdb_setsampwent (BOOL update);
+void pdb_endsampwent (void);
+SAM_ACCOUNT* pdb_getsampwent (void);
+SAM_ACCOUNT* pdb_getsampwnam (char *username);
+SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
+SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
+BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
+BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
+BOOL pdb_delete_sam_account (char* username);
/*The following definitions come from passdb/secrets.c */
time_t *pass_last_set_time);
BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]);
-/*The following definitions come from passdb/smbpass.c */
-
-char *format_new_smbpasswd_entry(struct smb_passwd *newpwd);
-struct passdb_ops *file_initialize_password_db(void);
-
-/*The following definitions come from passdb/smbpasschange.c */
-
-BOOL local_password_change(char *user_name, int local_flags,
- char *new_passwd,
- char *err_str, size_t err_str_len,
- char *msg_str, size_t msg_str_len);
-
/*The following definitions come from passdb/smbpassfile.c */
-BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth);
-BOOL pw_file_unlock(int fd, int *plock_depth);
BOOL trust_password_delete(char *domain);
-/*The following definitions come from passdb/tdbpass.c */
-
-struct passdb_ops *tdb_initialize_password_db(void);
-
/*The following definitions come from printing/load.c */
void add_all_printers(void);
int get_ntdrivers(fstring **list, char *architecture, uint32 version);
BOOL get_short_archi(char *short_archi, char *long_archi);
uint32 clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level);
-BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user, uint32 *perr);
+BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
+ uint32 level, struct current_user *user, uint32 *perr);
uint32 get_a_printer_driver_9x_compatible(pstring line, fstring model);
uint32 del_a_printer(char *sharename);
BOOL add_a_specific_param(NT_PRINTER_INFO_LEVEL_2 *info_2, NT_PRINTER_PARAM *param);
/*The following definitions come from profile/profile.c */
void profile_message(int msg_type, pid_t src, void *buf, size_t len);
+void reqprofile_message(int msg_type, pid_t src, void *buf, size_t len);
BOOL profile_setup(BOOL rdonly);
/*The following definitions come from rpc_client/cli_connect.c */
char *logon_srv, char *comp_name, DOM_CRED *clnt_cred,
DOM_CRED *rtn_cred, uint16 logon_level,
NET_ID_INFO_CTR *ctr);
-void init_net_user_info3(NET_USER_INFO_3 *usr,
-
- NTTIME *logon_time,
- NTTIME *logoff_time,
- NTTIME *kickoff_time,
- NTTIME *pass_last_set_time,
- NTTIME *pass_can_change_time,
- NTTIME *pass_must_change_time,
-
- char *user_name,
- char *full_name,
- char *logon_script,
- char *profile_path,
- char *home_dir,
- char *dir_drive,
-
- uint16 logon_count,
- uint16 bad_pw_count,
-
- uint32 user_id,
- uint32 group_id,
- uint32 num_groups,
- DOM_GID *gids,
- uint32 user_flgs,
-
- char *sess_key,
-
- char *logon_srv,
- char *logon_dom,
-
- DOM_SID *dom_sid,
- char *other_sids);
+void init_net_user_info3(NET_USER_INFO_3 *usr, SAM_ACCOUNT *sampw,
+ uint16 logon_count, uint16 bad_pw_count,
+ uint32 num_groups, DOM_GID *gids,
+ uint32 user_flgs, char *sess_key,
+ char *logon_srv, char *logon_dom,
+ DOM_SID *dom_sid, char *other_sids);
void free_user_info3(NET_USER_INFO_3 *usr);
BOOL net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth);
BOOL net_io_r_sam_logon(char *desc, NET_R_SAM_LOGON *r_l, prs_struct *ps, int depth);
uint32 rid_group,
uint16 acct_ctrl);
BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 *usr, prs_struct *ps, int depth);
-void init_sam_user_info21(SAM_USER_INFO_21 *usr,
- NTTIME *logon_time,
- NTTIME *logoff_time,
- NTTIME *kickoff_time,
- NTTIME *pass_last_set_time,
- NTTIME *pass_can_change_time,
- NTTIME *pass_must_change_time,
-
- char *user_name,
- char *full_name,
- char *home_dir,
- char *dir_drive,
- char *logon_script,
- char *profile_path,
- char *description,
- char *workstations,
- char *unknown_str,
- char *munged_dial,
-
- uint32 user_rid,
- uint32 group_rid,
- uint16 acb_info,
-
- uint32 unknown_3,
- uint16 logon_divs,
- LOGON_HRS *hrs,
- uint32 unknown_5,
- uint32 unknown_6);
+void init_sam_user_info21(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw);
void init_samr_r_query_userinfo(SAMR_R_QUERY_USERINFO *r_u,
uint16 switch_value, void *info, uint32 status);
BOOL samr_io_r_query_userinfo(char *desc, SAMR_R_QUERY_USERINFO *r_u, prs_struct *ps, int depth);
NEW_BUFFER *buffer, uint32 offered,
uint32 *needed, uint32 *returned);
uint32 _spoolss_schedulejob( POLICY_HND *handle, uint32 jobid);
-uint32 _spoolss_setjob( POLICY_HND *handle,
- uint32 jobid,
- uint32 level,
- pipes_struct *p,
- JOB_INFO *ctr,
- uint32 command);
+uint32 _spoolss_setjob(POLICY_HND *handle, uint32 jobid, uint32 level,
+ pipes_struct *p, JOB_INFO *ctr, uint32 command);
uint32 _spoolss_enumprinterdrivers( UNISTR2 *name, UNISTR2 *environment, uint32 level,
NEW_BUFFER *buffer, uint32 offered,
uint32 *needed, uint32 *returned);
BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root);
BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root);
BOOL check_lanman_password(char *user, uchar * pass1,
- uchar * pass2, struct smb_passwd **psmbpw);
-BOOL change_lanman_password(struct smb_passwd *smbpw, uchar * pass1,
+ uchar * pass2, SAM_ACCOUNT **hnd);
+BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1,
uchar * pass2);
BOOL pass_oem_change(char *user,
uchar * lmdata, uchar * lmhash,
BOOL check_oem_password(char *user,
uchar * lmdata, uchar * lmhash,
uchar * ntdata, uchar * nthash,
- struct smb_passwd **psmbpw, char *new_passwd,
+ SAM_ACCOUNT **hnd, char *new_passwd,
int new_passwd_size);
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd,
+BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd,
BOOL override);
BOOL check_plaintext_password(char *user, char *old_passwd,
- int old_passwd_size, struct smb_passwd **psmbpw);
+ int old_passwd_size, SAM_ACCOUNT **hnd);
#endif
/*The following definitions come from smbd/close.c */
char *domain,BOOL guest);
void add_session_user(char *user);
BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
-BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
+BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8],
uchar lm_pass[24], uchar nt_pass[24]);
-BOOL pass_check_smb(char *user, char *domain,
- uchar *chal, uchar *lm_pwd, uchar *nt_pwd,
- struct passwd *pwd);
+BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+ uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd);
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd);
BOOL user_ok(char *user,int snum);
BOOL authorise_login(int snum,char *user,char *password, int pwlen,
uint32 high;
} UINT64_S;
+
#endif /* _RPC_MISC_H */
#define True (1)
#define Auto (2)
+typedef unsigned char BYTE;
+
#ifndef _BOOL
typedef int BOOL;
#define _BOOL /* So we don't typedef BOOL again in vfs.h */
#define MAX_HOURS_LEN 32
-struct sam_passwd
-{
- time_t logon_time; /* logon time */
- time_t logoff_time; /* logoff time */
- time_t kickoff_time; /* kickoff time */
- time_t pass_last_set_time; /* password last set time */
- time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
-
- char *smb_name; /* username string */
- char *full_name; /* user's full name string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc ; /* user description string */
- char *workstations; /* login from workstations string */
- char *unknown_str ; /* don't know what this is, yet. */
- char *munged_dial ; /* munged path name and dial-back tel number */
-
- uid_t smb_userid; /* this is actually the unix uid_t */
- gid_t smb_grpid; /* this is actually the unix gid_t */
- uint32 user_rid; /* Primary User ID */
- uint32 group_rid; /* Primary Group ID */
-
- unsigned char *smb_passwd; /* Null if no password */
- unsigned char *smb_nt_passwd; /* Null if no password */
-
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-};
-
-struct smb_passwd
-{
- uid_t smb_userid; /* this is actually the unix uid_t */
- char *smb_name; /* username string */
-
- unsigned char *smb_passwd; /* Null if no password */
- unsigned char *smb_nt_passwd; /* Null if no password */
-
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- time_t pass_last_set_time; /* password last set time */
-};
-
-
struct sam_disp_info
{
uint32 user_rid; /* Primary User ID */
#define SHAREMODE_FN(fn) \
void (*fn)(share_mode_entry *, char*)
+typedef struct sam_passwd
+{
+ time_t logon_time; /* logon time */
+ time_t logoff_time; /* logoff time */
+ time_t kickoff_time; /* kickoff time */
+ time_t pass_last_set_time; /* password last set time */
+ time_t pass_can_change_time; /* password can change time */
+ time_t pass_must_change_time; /* password must change time */
+
+ char *username; /* UNIX username string */
+ char *domain; /* Windows Domain name */
+ char *nt_username; /* Windows username string */
+ char *full_name; /* user's full name string */
+ char *home_dir; /* home directory string */
+ char *dir_drive; /* home directory drive string */
+ char *logon_script; /* logon script string */
+ char *profile_path; /* profile path string */
+ char *acct_desc ; /* user description string */
+ char *workstations; /* login from workstations string */
+ char *unknown_str ; /* don't know what this is, yet. */
+ char *munged_dial ; /* munged path name and dial-back tel number */
+
+ uid_t uid; /* this is actually the unix uid_t */
+ gid_t gid; /* this is actually the unix gid_t */
+ uint32 user_rid; /* Primary User ID */
+ uint32 group_rid; /* Primary Group ID */
+
+ unsigned char *lm_pw; /* Null if no password */
+ unsigned char *nt_pw; /* Null if no password */
+
+ uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ uint32 unknown_3; /* 0x00ff ffff */
+
+ uint16 logon_divs; /* 168 - number of hours in a week */
+ uint32 hours_len; /* normally 21 bytes */
+ uint8 hours[MAX_HOURS_LEN];
+
+ uint32 unknown_5; /* 0x0002 0000 */
+ uint32 unknown_6; /* 0x0000 04ec */
+
+} SAM_ACCOUNT;
+
+#if 0 /* GWC */
/*
* Each implementation of the password database code needs
* to support the following operations.
struct sam_disp_info *(*getsamdisprid)(uint32);
struct sam_disp_info *(*getsamdispent)(void *);
-#if 0
/*
* password checking functions
*/
struct smb_passwd *(*smb_password_chal )(char *username, char lm_pass[24], char nt_pass[24], char chal[8]);
struct smb_passwd *(*smb_password_check )(char *username, char lm_hash[16], char nt_hash[16]);
struct passwd *(*unix_password_check)(char *username, char *pass, int pass_len);
-#endif
};
+#endif /* 0 */
+
/*
* Flags for local user manipulation.
*/
};
#include "rpc_creds.h"
+#include "rpc_misc.h"
#include "rpc_secdes.h"
#include "nt_printing.h"
return True;
}
+/* -------------------------------------------------------------
+ Functions to implement the RpcHandle list
+ -------------------------------------------------------------- */
+
+
+
/***************************************************************
Return True if the to RPC_HND_NODEs are eqivalent in value.
Return False if they are not. Since a POLICY_HND is really
return located->cli;
}
+
char *szPasswdChat;
char *szLogFile;
char *szConfigFile;
-/*#ifdef WITH_TDBPWD
+#ifdef WITH_TDBPWD
char *szTDBPasswdFile;
-#else*/
+#else
char *szSMBPasswdFile;
-/* #endif */
+#endif
+ char *szPassdbModulePath;
char *szPasswordServer;
char *szSocketOptions;
char *szValidChars;
#else */
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
/* #endif */
+ {"passdb module path", P_STRING, P_GLOBAL, &Globals.szPassdbModulePath, NULL, NULL, 0},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
DEBUG(3, ("Initialising global parameters\n"));
-/* #ifdef WITH_TDBPWD
- string_set(&Globals.szTDBPasswdFile, TDB_PASSWD_FILE);
-#else */
#ifdef WITH_TDBPWD
- string_set(&Globals.szSMBPasswdFile, TDB_PASSWD_FILE);
+ string_set(&Globals.szTDBPasswdFile, TDB_PASSWD_FILE);
#else
string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
#endif
+ string_set(&Globals.szPassdbModulePath, "");
+
/*
* Allow the default PASSWD_CHAT to be overridden in local.h.
*/
Globals.sslCompatibility = False;
#endif /* WITH_SSL */
-/* these parameters are set to defaults that are more appropriate
+/*
+ these parameters are set to defaults that are more appropriate
for the increasing samba install base:
as a member of the workgroup, that will possibly become a
doesn't provide WINS server service by default (wsupp = False),
and doesn't provide domain master browser services by default, either.
-
*/
Globals.bMsAddPrinterWizard = True;
FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
FN_GLOBAL_STRING(lp_smbrun, &Globals.szSmbrun)
FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
-/* #ifdef WITH_TDBPWD
+#ifdef WITH_TDBPWD
FN_GLOBAL_STRING(lp_tdb_passwd_file, &Globals.szTDBPasswdFile)
-#else */
+#else
FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
-/* #endif */
+#endif
+FN_GLOBAL_STRING(lp_passdb_module_path, &Globals.szPassdbModulePath)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname)
FN_GLOBAL_STRING(lp_enumports_cmd, &Globals.szEnumPortsCommand)
--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ Password and authentication handling
+ Copyright (C) Jeremy Allison 1996-1998
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+ Copyright (C) Gerald (Jerry) Carter 2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Read the machine SID from a file.
+****************************************************************************/
+
+static BOOL read_sid_from_file(int fd, char *sid_file)
+{
+ fstring fline;
+
+ memset(fline, '\0', sizeof(fline));
+
+ if(read(fd, fline, sizeof(fline) -1 ) < 0) {
+ DEBUG(0,("unable to read file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ return False;
+ }
+
+ /*
+ * Convert to the machine SID.
+ */
+
+ fline[sizeof(fline)-1] = '\0';
+ if(!string_to_sid( &global_sam_sid, fline)) {
+ DEBUG(0,("unable to generate machine SID.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+/****************************************************************************
+ Generate the global machine sid. Look for the MACHINE.SID file first, if
+ not found then look in smb.conf and use it to create the MACHINE.SID file.
+ Note this function will be replaced soon. JRA.
+****************************************************************************/
+
+BOOL pdb_generate_sam_sid(void)
+{
+ int fd;
+ char *p;
+ pstring sid_file;
+ fstring sid_string;
+ SMB_STRUCT_STAT st;
+ BOOL overwrite_bad_sid = False;
+
+ generate_wellknown_sids();
+
+ pstrcpy(sid_file, lp_smb_passwd_file());
+ p = strrchr(sid_file, '/');
+ if(p != NULL) {
+ *++p = '\0';
+ }
+
+ if (!directory_exist(sid_file, NULL)) {
+ if (mkdir(sid_file, 0700) != 0) {
+ DEBUG(0,("can't create private directory %s : %s\n",
+ sid_file, strerror(errno)));
+ return False;
+ }
+ }
+
+ pstrcat(sid_file, "MACHINE.SID");
+
+ if((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
+ DEBUG(0,("unable to open or create file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ return False;
+ }
+
+ /*
+ * Check if the file contains data.
+ */
+
+ if(sys_fstat( fd, &st) < 0) {
+ DEBUG(0,("unable to stat file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+
+ if(st.st_size > 0) {
+ /*
+ * We have a valid SID - read it.
+ */
+ if(!read_sid_from_file( fd, sid_file)) {
+ DEBUG(0,("unable to read file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+
+ /*
+ * JRA. Reversed the sense of this test now that I have
+ * actually done this test *personally*. One more reason
+ * to never trust third party information you have not
+ * independently verified.... sigh. JRA.
+ */
+
+ if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 0x21) {
+ /*
+ * Fix and re-write...
+ */
+ overwrite_bad_sid = True;
+ global_sam_sid.sub_auths[0] = 21;
+ DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of hex 21 \
+detected - re-writing to be decimal 21 instead.\n" ));
+ sid_to_string(sid_string, &global_sam_sid);
+ if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) {
+ DEBUG(0,("unable to seek file file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+ } else {
+ close(fd);
+ return True;
+ }
+ } else {
+ /*
+ * The file contains no data - we need to generate our
+ * own sid.
+ * Generate the new sid data & turn it into a string.
+ */
+ int i;
+ uchar raw_sid_data[12];
+ DOM_SID mysid;
+
+ memset((char *)&mysid, '\0', sizeof(DOM_SID));
+ mysid.sid_rev_num = 1;
+ mysid.id_auth[5] = 5;
+ mysid.num_auths = 0;
+ mysid.sub_auths[mysid.num_auths++] = 21;
+
+ generate_random_buffer( raw_sid_data, 12, True);
+ for( i = 0; i < 3; i++)
+ mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4);
+
+ sid_to_string(sid_string, &mysid);
+ }
+
+ fstrcat(sid_string, "\n");
+
+ /*
+ * Ensure our new SID is valid.
+ */
+
+ if(!string_to_sid( &global_sam_sid, sid_string)) {
+ DEBUG(0,("unable to generate machine SID.\n"));
+ return False;
+ }
+
+ /*
+ * Do an exclusive blocking lock on the file.
+ */
+
+ if(!do_file_lock( fd, 60, F_WRLCK)) {
+ DEBUG(0,("unable to lock file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+
+ if(!overwrite_bad_sid) {
+ /*
+ * At this point we have a blocking lock on the SID
+ * file - check if in the meantime someone else wrote
+ * SID data into the file. If so - they were here first,
+ * use their data.
+ */
+
+ if(sys_fstat( fd, &st) < 0) {
+ DEBUG(0,("unable to stat file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+
+ if(st.st_size > 0) {
+ /*
+ * Unlock as soon as possible to reduce
+ * contention on the exclusive lock.
+ */
+ do_file_lock( fd, 60, F_UNLCK);
+
+ /*
+ * We have a valid SID - read it.
+ */
+
+ if(!read_sid_from_file( fd, sid_file)) {
+ DEBUG(0,("unable to read file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ close(fd);
+ return False;
+ }
+ close(fd);
+ return True;
+ }
+ }
+
+ /*
+ * The file is still empty and we have an exlusive lock on it,
+ * or we're fixing an earlier mistake.
+ * Write out out SID data into the file.
+ */
+
+ /*
+ * Use chmod here as some (strange) UNIX's don't
+ * have fchmod. JRA.
+ */
+
+ if(chmod(sid_file, 0644) < 0) {
+ DEBUG(0,("unable to set correct permissions on file %s. \
+Error was %s\n", sid_file, strerror(errno) ));
+ do_file_lock( fd, 60, F_UNLCK);
+ close(fd);
+ return False;
+ }
+
+ if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
+ DEBUG(0,("unable to write file %s. Error was %s\n",
+ sid_file, strerror(errno) ));
+ do_file_lock( fd, 60, F_UNLCK);
+ close(fd);
+ return False;
+ }
+
+ /*
+ * Unlock & exit.
+ */
+
+ do_file_lock( fd, 60, F_UNLCK);
+ close(fd);
+ return True;
+}
+
+
Unix SMB/Netbios implementation.
Version 1.9.
Password and authentication handling
- Copyright (C) Jeremy Allison 1996-1998
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+ Copyright (C) Jeremy Allison 1996-1998
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+ Copyright (C) Gerald (Jerry) Carter 2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include <dlfcn.h>
#include "includes.h"
extern int DEBUGLEVEL;
*
*/
-static struct passdb_ops *pdb_ops;
+struct passdb_ops *pdb_ops;
+
+static void* pdb_handle = NULL;
/***************************************************************
Initialize the password db operations.
***************************************************************/
-
-BOOL initialize_password_db(void)
-{
- if (pdb_ops)
- {
- return True;
- }
-
-#ifdef WITH_NISPLUS
- pdb_ops = nisplus_initialize_password_db();
-#elif defined(WITH_LDAP)
- pdb_ops = ldap_initialize_password_db();
-#elif defined(WITH_TDBPWD)
- pdb_ops = tdb_initialize_password_db();
-#else
- pdb_ops = file_initialize_password_db();
-#endif
-
- return (pdb_ops != NULL);
-}
-
-/*
- * Functions that return/manipulate a struct smb_passwd.
- */
-
-/************************************************************************
- Utility function to search smb passwd by rid.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid)
-{
- return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid));
-}
-
-/************************************************************************
- Utility function to search smb passwd by uid. use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
+BOOL initialize_password_db(BOOL reload)
{
- struct smb_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
- /* Open the smb password database - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open smb password database.\n"));
- return NULL;
- }
-
- while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid)
- ;
-
- if (pwd != NULL)
+ char* modulename = lp_passdb_module_path();
+
+ return True;
+
+ /* load another module? */
+ if (reload && pdb_handle)
{
- DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+ dlclose (pdb_handle);
+ pdb_handle = NULL;
}
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Utility function to search smb passwd by name. use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbpwnam(char *name)
-{
- struct smb_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by name: %s\n", name));
-
- /* Open the sam password file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
+
+ /* do we have a module defined or use the default? */
+ if (strlen (modulename) != 0)
{
- DEBUG(0, ("unable to open smb password database.\n"));
- return NULL;
- }
-
- while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name))
- ;
-
- if (pwd != NULL)
+ if ((pdb_handle=dlopen (modulename, RTLD_LAZY)) == NULL)
+ {
+ DEBUG(0,("initialize_password_db: ERROR - Unable to open passdb module \"%s\"!\n%s\n",
+ modulename, dlerror()));
+ }
+ else
+ DEBUG(1,("initialize_password_db: passdb module \"%s\" loaded successfully\n", modulename));
+ }
+
+ /* either no module name defined or the one that was failed
+ to open. Let's try the default */
+ if (pdb_handle == NULL)
{
- DEBUG(10, ("found by name: %s\n", name));
+ if ((pdb_handle=dlopen ("libpdbfile.so", RTLD_LAZY)) == NULL)
+ {
+ DEBUG(0,("initialize_password_db: ERROR - Unable to open \"libpdbfile.so\" passdb module! No user authentication possible!\n%s\n",
+ dlerror()));
+ return False;
+ }
+ else
+ DEBUG(1,("initialize_password_db: passdb module \"libpdbfile.so\" loaded successfully\n"));
}
+
- endsmbpwent(fp);
- return pwd;
-}
-
-/***************************************************************
- Start to enumerate the smb or sam passwd list. Returns a void pointer
- to ensure no modification outside this module.
-
- Note that currently it is being assumed that a pointer returned
- from this function may be used to enumerate struct sam_passwd
- entries as well as struct smb_passwd entries. This may need
- to change. JRA.
-
-****************************************************************/
-
-void *startsmbpwent(BOOL update)
-{
- return pdb_ops->startsmbpwent(update);
+ return (pdb_handle != NULL);
}
-/***************************************************************
- End enumeration of the smb or sam passwd list.
-
- Note that currently it is being assumed that a pointer returned
- from this function may be used to enumerate struct sam_passwd
- entries as well as struct smb_passwd entries. This may need
- to change. JRA.
-
-****************************************************************/
-
-void endsmbpwent(void *vp)
+/*************************************************************
+ initialises a struct sam_disp_info.
+ **************************************************************/
+static void pdb_init_dispinfo(struct sam_disp_info *user)
{
- pdb_ops->endsmbpwent(vp);
+ if (user == NULL)
+ return;
+ ZERO_STRUCTP(user);
}
-/*************************************************************************
- Routine to return the next entry in the smb passwd list.
- *************************************************************************/
-
-struct smb_passwd *getsmbpwent(void *vp)
+/*************************************************************
+ initialises a struct sam_passwd.
+ ************************************************************/
+void pdb_init_sam(SAM_ACCOUNT *user)
{
- return pdb_ops->getsmbpwent(vp);
-}
-
-/************************************************************************
- Routine to add an entry to the smb passwd file.
-*************************************************************************/
+ if (user == NULL)
+ return;
+
+ ZERO_STRUCTP(user);
+
+ user->logon_time = (time_t)-1;
+ user->logoff_time = (time_t)-1;
+ user->kickoff_time = (time_t)-1;
+ user->pass_last_set_time = (time_t)-1;
+ user->pass_can_change_time = (time_t)-1;
+ user->pass_must_change_time = (time_t)-1;
-BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
-{
- return pdb_ops->add_smbpwd_entry(newpwd);
+ user->unknown_3 = 0x00ffffff; /* don't know */
+ user->logon_divs = 168; /* hours per week */
+ user->hours_len = 21; /* 21 times 8 bits = 168 */
+ memset(user->hours, 0xff, user->hours_len); /* available at all hours */
+ user->unknown_5 = 0x00020000; /* don't know */
+ user->unknown_5 = 0x000004ec; /* don't know */
+
}
-/************************************************************************
- Routine to search the smb passwd file for an entry matching the username.
- and then modify its password entry. We can't use the startsampwent()/
- getsampwent()/endsampwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out password or NO PASS
-************************************************************************/
-
-BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
+/************************************************************
+ free all pointer members and then reinit the SAM_ACCOUNT
+ ***********************************************************/
+void pdb_clear_sam(SAM_ACCOUNT *user)
{
- return pdb_ops->mod_smbpwd_entry(pwd, override);
+ if (user == NULL)
+ return;
+
+ /* clear all pointer members */
+ if (user->username)
+ free(user->username);
+ if (user->full_name)
+ free(user->full_name);
+ if (user->home_dir)
+ free(user->home_dir);
+ if (user->dir_drive)
+ free(user->dir_drive);
+ if (user->logon_script)
+ free(user->logon_script);
+ if (user->profile_path)
+ free(user->profile_path);
+ if (user->acct_desc)
+ free(user->acct_desc);
+ if (user->workstations)
+ free(user->workstations);
+ if (user->unknown_str)
+ free(user->unknown_str);
+ if (user->munged_dial)
+ free(user->munged_dial);
+
+ if (user->lm_pw)
+ free(user->lm_pw);
+ if (user->nt_pw)
+ free(user->nt_pw);
+
+
+ /* now initialize */
+ pdb_init_sam(user);
+
}
-/************************************************************************
- Routine to delete an entry from the smb passwd file.
-*************************************************************************/
-BOOL del_smbpwd_entry(const char *name)
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
+struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user)
{
- return pdb_ops->del_smbpwd_entry(name);
-}
+ static struct sam_disp_info disp_info;
-/************************************************************************
- Routine to search smb passwd by name.
-*************************************************************************/
+ if (user == NULL)
+ return NULL;
-struct smb_passwd *getsmbpwnam(char *name)
-{
- return pdb_ops->getsmbpwnam(name);
-}
+ pdb_init_dispinfo(&disp_info);
-/************************************************************************
- Routine to search smb passwd by user rid.
-*************************************************************************/
+ disp_info.smb_name = user->username;
+ disp_info.full_name = user->full_name;
+ disp_info.user_rid = user->user_rid;
-struct smb_passwd *getsmbpwrid(uint32 user_rid)
-{
- return pdb_ops->getsmbpwrid(user_rid);
+ return &disp_info;
}
-/************************************************************************
- Routine to search smb passwd by uid.
-*************************************************************************/
-struct smb_passwd *getsmbpwuid(uid_t smb_userid)
+/**********************************************************
+ Encode the account control bits into a string.
+ length = length of string to encode into (including terminating
+ null). length *MUST BE MORE THAN 2* !
+ **********************************************************/
+char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
{
- return pdb_ops->getsmbpwuid(smb_userid);
-}
+ static fstring acct_str;
+ size_t i = 0;
+
+ acct_str[i++] = '[';
+
+ if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+ if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
+ if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+ if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
+ if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
+ if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
+ if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
+ if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
+ if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+ if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
+ if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+ for ( ; i < length - 2 ; i++ ) { acct_str[i] = ' '; }
+
+ i = length - 2;
+ acct_str[i++] = ']';
+ acct_str[i++] = '\0';
+
+ return acct_str;
+}
-/*
- * Functions that manupulate a struct sam_passwd.
- */
+/**********************************************************
+ Decode the account control bits from a string.
-/************************************************************************
- Utility function to search sam passwd by name. use this if your database
- does not have search facilities.
-*************************************************************************/
+ this function breaks coding standards minimum line width of 80 chars.
+ reason: vertical line-up code clarity - all case statements fit into
+ 15 lines, which is more important.
+ **********************************************************/
-struct sam_passwd *iterate_getsam21pwnam(char *name)
+uint16 pdb_decode_acct_ctrl(const char *p)
{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
+ uint16 acct_ctrl = 0;
+ BOOL finished = False;
- DEBUG(10, ("search by name: %s\n", name));
+ /*
+ * Check if the account type bits have been encoded after the
+ * NT password (in the form [NDHTUWSLXI]).
+ */
- /* Open the smb password database - not for update. */
- fp = startsmbpwent(False);
+ if (*p != '[') return 0;
- if (fp == NULL)
+ for (p++; *p && !finished; p++)
{
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
+ switch (*p)
+ {
+ case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
+ case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
+ case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
+ case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
+ case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
+ case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
+ case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
+ case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
+ case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
+ case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
+ case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
+ case ' ': { break; }
+ case ':':
+ case '\n':
+ case '\0':
+ case ']':
+ default: { finished = True; }
+ }
}
- while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name))
- {
- DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
- }
+ return acct_ctrl;
+}
- if (pwd != NULL)
- {
- DEBUG(10, ("found by name: %s\n", name));
+/*************************************************************
+ Routine to set 32 hex password characters from a 16 byte array.
+**************************************************************/
+void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl)
+{
+ if (pwd != NULL) {
+ int i;
+ for (i = 0; i < 16; i++)
+ slprintf(&p[i*2], 3, "%02X", pwd[i]);
+ } else {
+ if (acct_ctrl & ACB_PWNOTREQ)
+ safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+ else
+ safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
}
-
- endsmbpwent(fp);
- return pwd;
}
-/************************************************************************
- Utility function to search sam passwd by rid. use this if your database
- does not have search facilities.
+/*************************************************************
+ Routine to get the 32 hex characters and turn them
+ into a 16 byte array.
+**************************************************************/
+BOOL pdb_gethexpwd(char *p, unsigned char *pwd)
+{
+ int i;
+ unsigned char lonybble, hinybble;
+ char *hexchars = "0123456789ABCDEF";
+ char *p1, *p2;
+
+ for (i = 0; i < 32; i += 2)
+ {
+ hinybble = toupper(p[i]);
+ lonybble = toupper(p[i + 1]);
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.
+ p1 = strchr(hexchars, hinybble);
+ p2 = strchr(hexchars, lonybble);
-*************************************************************************/
+ if (!p1 || !p2)
+ {
+ return (False);
+ }
-struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
-{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
+ hinybble = PTR_DIFF(p1, hexchars);
+ lonybble = PTR_DIFF(p2, hexchars);
- DEBUG(10, ("search by rid: %x\n", rid));
+ pwd[i / 2] = (hinybble << 4) | lonybble;
+ }
+ return (True);
+}
- /* Open the smb password file - not for update. */
- fp = startsmbpwent(False);
+/*******************************************************************
+ Group and User RID username mapping function
+ ********************************************************************/
+BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+{
+ struct passwd *pw = Get_Pwnam(user_name, False);
- if (fp == NULL)
+ if (u_rid == NULL || g_rid == NULL || user_name == NULL)
{
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
+ return False;
}
- while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
+ if (!pw)
{
- DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
+ DEBUG(1,("Username %s is invalid on this system\n", user_name));
+ return False;
}
- if (pwd != NULL)
+ if (user_in_list(user_name, lp_domain_guest_users()))
{
- DEBUG(10, ("found by user_rid: %x\n", rid));
+ *u_rid = DOMAIN_USER_RID_GUEST;
}
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Utility function to search sam passwd by uid. use this if your database
- does not have search facilities.
-
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.
-
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
-{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by uid: %x\n", (int)uid));
-
- /* Open the smb password file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
+ else if (user_in_list(user_name, lp_domain_admin_users()))
{
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
+ *u_rid = DOMAIN_USER_RID_ADMIN;
}
-
- while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid)
- ;
-
- if (pwd != NULL)
+ else
{
- DEBUG(10, ("found by smb_userid: %x\n", (int)uid));
+ /* turn the unix UID into a Domain RID. this is what the posix
+ sub-system does (adds 1000 to the uid) */
+ *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
}
- endsmbpwent(fp);
- return pwd;
-}
+ /* absolutely no idea what to do about the unix GID to Domain RID mapping */
+ *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
-/*************************************************************************
- Routine to return a display info structure, by rid
- *************************************************************************/
-struct sam_disp_info *getsamdisprid(uint32 rid)
-{
- return pdb_ops->getsamdisprid(rid);
+ return True;
}
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-
-struct sam_passwd *getsam21pwent(void *vp)
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+uid_t pdb_user_rid_to_uid(uint32 user_rid)
{
- return pdb_ops->getsam21pwent(vp);
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
}
+/*******************************************************************
+ Converts NT user RID to a UNIX gid.
+ ********************************************************************/
-/************************************************************************
- Routine to search sam passwd by name.
-*************************************************************************/
-
-struct sam_passwd *getsam21pwnam(char *name)
+gid_t pdb_user_rid_to_gid(uint32 user_rid)
{
- return pdb_ops->getsam21pwnam(name);
+ return (uid_t)(((user_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
}
-/************************************************************************
- Routine to search sam passwd by rid.
-*************************************************************************/
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
-struct sam_passwd *getsam21pwrid(uint32 rid)
+uint32 pdb_uid_to_user_rid(uid_t uid)
{
- return pdb_ops->getsam21pwrid(rid);
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
}
-/************************************************************************
- Routine to add a SAM entry to the smb passwd file.
-*************************************************************************/
+/*******************************************************************
+ converts NT Group RID to a UNIX uid.
+ ********************************************************************/
-BOOL add_sam21pwd_entry(struct sam_passwd *pwd)
+uint32 pdb_gid_to_group_rid(gid_t gid)
{
- return pdb_ops->add_sam21pwd_entry(pwd);
+ return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
}
-/************************************************************************
- Routine to modify a SAM entry to the smb passwd file.
-*************************************************************************/
-
-BOOL mod_sam21pwd_entry(struct sam_passwd *pwd, BOOL override)
+/*******************************************************************
+ Decides if a RID is a well known RID.
+ ********************************************************************/
+
+static BOOL pdb_rid_is_well_known(uint32 rid)
{
- return pdb_ops->mod_sam21pwd_entry(pwd, override);
+ return (rid < 1000);
}
-/**********************************************************
- **********************************************************
+/*******************************************************************
+ Decides if a RID is a user or group RID.
+ ********************************************************************/
+BOOL pdb_rid_is_user(uint32 rid)
+{
+ /* lkcl i understand that NT attaches an enumeration to a RID
+ * such that it can be identified as either a user, group etc
+ * type. there are 5 such categories, and they are documented.
+ */
+ if(pdb_rid_is_well_known(rid)) {
+ /*
+ * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+ * and DOMAIN_USER_RID_GUEST.
+ */
+ if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+ return True;
+ } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
+ return True;
+ }
+ return False;
+}
+
+/*******************************************************************
+ Convert a rid into a name. Used in the lookup SID rpc.
+ ********************************************************************/
+BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+{
- utility routines which are likely to be useful to all password
- databases
+ BOOL is_user = pdb_rid_is_user(rid);
- **********************************************************
- **********************************************************/
+ DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
+ "group", (unsigned int)rid));
-/*************************************************************
- initialises a struct sam_disp_info.
- **************************************************************/
+ if(is_user) {
+ if(rid == DOMAIN_USER_RID_ADMIN) {
+ pstring admin_users;
+ char *p = admin_users;
+ pstrcpy( admin_users, lp_domain_admin_users());
+ if(!next_token(&p, name, NULL, sizeof(fstring)))
+ fstrcpy(name, "Administrator");
+ } else if (rid == DOMAIN_USER_RID_GUEST) {
+ pstring guest_users;
+ char *p = guest_users;
+ pstrcpy( guest_users, lp_domain_guest_users());
+ if(!next_token(&p, name, NULL, sizeof(fstring)))
+ fstrcpy(name, "Guest");
+ } else {
+ uid_t uid = pdb_user_rid_to_uid(rid);
+ struct passwd *pass = sys_getpwuid(uid);
-static void pdb_init_dispinfo(struct sam_disp_info *user)
-{
- if (user == NULL) return;
- memset((char *)user, '\0', sizeof(*user));
+ *psid_name_use = SID_NAME_USER;
+
+ DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
+ pass ? "succeeded" : "failed" ));
+
+ if(!pass) {
+ slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
+ return True;
+ }
+
+ fstrcpy(name, pass->pw_name);
+
+ DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
+ (unsigned int)rid ));
+ }
+
+ } else {
+ gid_t gid = pdb_user_rid_to_gid(rid);
+ struct group *gr = getgrgid(gid);
+
+ *psid_name_use = SID_NAME_ALIAS;
+
+ DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
+ gr ? "succeeded" : "failed" ));
+
+ if(!gr) {
+ slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
+ return True;
+ }
+
+ fstrcpy( name, gr->gr_name);
+
+ DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
+ (unsigned int)rid ));
+ }
+
+ return True;
}
-/*************************************************************
- initialises a struct smb_passwd.
- **************************************************************/
+/*******************************************************************
+ Convert a name into a SID. Used in the lookup name rpc.
+ ********************************************************************/
-void pdb_init_smb(struct smb_passwd *user)
+BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
{
- if (user == NULL) return;
- memset((char *)user, '\0', sizeof(*user));
- user->pass_last_set_time = (time_t)-1;
+ extern DOM_SID global_sid_World_Domain;
+ struct passwd *pass = NULL;
+ DOM_SID local_sid;
+
+ sid_copy(&local_sid, &global_sam_sid);
+
+ if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain))
+ return False;
+
+ /*
+ * Special case for MACHINE\Everyone. Map to the world_sid.
+ */
+
+ if(strequal(user, "Everyone")) {
+ sid_copy( psid, &global_sid_World_Domain);
+ sid_append_rid(psid, 0);
+ *psid_name_use = SID_NAME_ALIAS;
+ return True;
+ }
+
+ (void)map_username(user);
+
+ if(!(pass = Get_Pwnam(user, False))) {
+ /*
+ * Maybe it was a group ?
+ */
+ struct group *grp = getgrnam(user);
+
+ if(!grp)
+ return False;
+
+ sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
+ *psid_name_use = SID_NAME_ALIAS;
+ } else {
+
+ sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
+ *psid_name_use = SID_NAME_USER;
+ }
+
+ sid_copy( psid, &local_sid);
+
+ return True;
}
-/*************************************************************
- initialises a struct sam_passwd.
- **************************************************************/
-void pdb_init_sam(struct sam_passwd *user)
+/****************************************************************************
+ Convert a uid to SID - locally.
+****************************************************************************/
+DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
- if (user == NULL) return;
- memset((char *)user, '\0', sizeof(*user));
- user->logon_time = (time_t)-1;
- user->logoff_time = (time_t)-1;
- user->kickoff_time = (time_t)-1;
- user->pass_last_set_time = (time_t)-1;
- user->pass_can_change_time = (time_t)-1;
- user->pass_must_change_time = (time_t)-1;
+ extern DOM_SID global_sam_sid;
+
+ sid_copy(psid, &global_sam_sid);
+ sid_append_rid(psid, pdb_uid_to_user_rid(uid));
+
+ return psid;
}
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user)
+/****************************************************************************
+ Convert a SID to uid - locally.
+****************************************************************************/
+BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- static struct sam_disp_info disp_info;
+ extern DOM_SID global_sam_sid;
- if (user == NULL) return NULL;
+ DOM_SID dom_sid;
+ uint32 rid;
- pdb_init_dispinfo(&disp_info);
+ *name_type = SID_NAME_UNKNOWN;
- disp_info.smb_name = user->smb_name;
- disp_info.full_name = user->full_name;
- disp_info.user_rid = user->user_rid;
+ sid_copy(&dom_sid, psid);
+ sid_split_rid(&dom_sid, &rid);
- return &disp_info;
-}
+ /*
+ * We can only convert to a uid if this is our local
+ * Domain SID (ie. we are the controling authority).
+ */
+ if (!sid_equal(&global_sam_sid, &dom_sid))
+ return False;
-/*************************************************************
- converts a sam_passwd structure to a smb_passwd structure.
- **************************************************************/
+ *puid = pdb_user_rid_to_uid(rid);
-struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user)
-{
- static struct smb_passwd pw_buf;
+ /*
+ * Ensure this uid really does exist.
+ */
+ if(!sys_getpwuid(*puid))
+ return False;
- if (user == NULL) return NULL;
+ return True;
+}
- pdb_init_smb(&pw_buf);
+/****************************************************************************
+ Convert a gid to SID - locally.
+****************************************************************************/
+DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+ extern DOM_SID global_sam_sid;
- pw_buf.smb_userid = user->smb_userid;
- pw_buf.smb_name = user->smb_name;
- pw_buf.smb_passwd = user->smb_passwd;
- pw_buf.smb_nt_passwd = user->smb_nt_passwd;
- pw_buf.acct_ctrl = user->acct_ctrl;
- pw_buf.pass_last_set_time = user->pass_last_set_time;
+ sid_copy(psid, &global_sam_sid);
+ sid_append_rid(psid, pdb_gid_to_group_rid(gid));
- return &pw_buf;
+ return psid;
}
+/****************************************************************************
+ Convert a SID to gid - locally.
+****************************************************************************/
+BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+ extern DOM_SID global_sam_sid;
+ DOM_SID dom_sid;
+ uint32 rid;
+
+ *name_type = SID_NAME_UNKNOWN;
-/*************************************************************
- converts a smb_passwd structure to a sam_passwd structure.
- **************************************************************/
+ sid_copy(&dom_sid, psid);
+ sid_split_rid(&dom_sid, &rid);
-struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user)
-{
- static struct sam_passwd pw_buf;
+ /*
+ * We can only convert to a gid if this is our local
+ * Domain SID (ie. we are the controling authority).
+ */
+
+ if (!sid_equal(&global_sam_sid, &dom_sid))
+ return False;
- if (user == NULL) return NULL;
+ *pgid = pdb_user_rid_to_gid(rid);
- pdb_init_sam(&pw_buf);
+ /*
+ * Ensure this gid really does exist.
+ */
- pw_buf.smb_userid = user->smb_userid;
- pw_buf.smb_name = user->smb_name;
- pw_buf.smb_passwd = user->smb_passwd;
- pw_buf.smb_nt_passwd = user->smb_nt_passwd;
- pw_buf.acct_ctrl = user->acct_ctrl;
- pw_buf.pass_last_set_time = user->pass_last_set_time;
+ if(!getgrgid(*pgid))
+ return False;
- return &pw_buf;
+ return True;
}
static void select_name(fstring *string, char **name, const UNISTR2 *from)
to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
- select_name(&smb_name , &to->smb_name , &from->uni_user_name );
+ select_name(&smb_name , &to->username , &from->uni_user_name );
select_name(&full_name , &to->full_name , &from->uni_full_name );
select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
- to->smb_userid = (uid_t)-1;
- to->smb_grpid = (gid_t)-1;
+ to->uid = (uid_t)-1;
+ to->gid = (gid_t)-1;
to->user_rid = from->user_rid;
to->group_rid = from->group_rid;
- to->smb_passwd = NULL;
- to->smb_nt_passwd = NULL;
+ to->lm_pw = NULL;
+ to->nt_pw = NULL;
to->acct_ctrl = from->acb_info;
to->unknown_3 = from->unknown_3;
to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
- select_name(&smb_name , &to->smb_name , &from->uni_user_name );
+ select_name(&smb_name , &to->username , &from->uni_user_name );
select_name(&full_name , &to->full_name , &from->uni_full_name );
select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
- to->smb_userid = (uid_t)-1;
- to->smb_grpid = (gid_t)-1;
+ to->uid = (uid_t)-1;
+ to->gid = (gid_t)-1;
to->user_rid = from->user_rid;
to->group_rid = from->group_rid;
- to->smb_passwd = NULL;
- to->smb_nt_passwd = NULL;
+ to->lm_pw = NULL;
+ to->nt_pw = NULL;
to->acct_ctrl = from->acb_info;
to->unknown_3 = from->unknown_3;
/*************************************************************
copies a sam passwd.
+
+ FIXME! Do we need to use dynamically allocated strings
+ here instead of static strings?
+
+ Why are password hashes not also copied? --jerry
**************************************************************/
void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from)
{
memcpy(to, from, sizeof(*from));
- if (from->smb_name != NULL) {
- fstrcpy(smb_name , from->smb_name);
- to->smb_name = smb_name;
+ if (from->username != NULL) {
+ fstrcpy(smb_name , from->username);
+ to->username = smb_name;
}
if (from->full_name != NULL) {
}
}
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
+/*************************************************************
+ change a password entry in the local smbpasswd file
-char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
+ FIXME!! The function needs to be abstracted into the
+ passdb interface or something. It is currently being called
+ by _api_samr_create_user() in rpc_server/srv_samr.c
+
+ --jerry
+ *************************************************************/
- acct_str[i++] = '[';
+BOOL local_password_change(char *user_name, int local_flags,
+ char *new_passwd,
+ char *err_str, size_t err_str_len,
+ char *msg_str, size_t msg_str_len)
+{
+ struct passwd *pwd = NULL;
+ SAM_ACCOUNT *sam_pass;
+ SAM_ACCOUNT new_sam_acct;
+ uchar new_p16[16];
+ uchar new_nt_p16[16];
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+ *err_str = '\0';
+ *msg_str = '\0';
- for ( ; i < length - 2 ; i++ ) { acct_str[i] = ' '; }
+ if (local_flags & LOCAL_ADD_USER) {
+
+ /*
+ * Check for a local account - if we're adding only.
+ */
+
+ if(!(pwd = sys_getpwnam(user_name))) {
+ slprintf(err_str, err_str_len - 1, "User %s does not \
+exist in system password file (usually /etc/passwd). Cannot add \
+account without a valid local system user.\n", user_name);
+ return False;
+ }
+ }
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
+ /* Calculate the MD4 hash (NT compatible) of the new password. */
+ nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
+ /* Get the smb passwd entry for this user */
+ sam_pass = pdb_getsampwnam(user_name);
+ if (sam_pass == NULL)
+ {
+ if(!(local_flags & LOCAL_ADD_USER))
+ {
+ slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+ return False;
+ }
- this function breaks coding standards minimum line width of 80 chars.
- reason: vertical line-up code clarity - all case statements fit into
- 15 lines, which is more important.
- **********************************************************/
+ /* create the SAM_ACCOUNT struct and call pdb_add_sam_account */
+ pdb_init_sam (&new_sam_acct);
+ pdb_set_username (&new_sam_acct, user_name);
+ pdb_set_uid (&new_sam_acct, pwd->pw_uid);
+ pdb_set_pass_last_set_time(&new_sam_acct, time(NULL));
-uint16 pdb_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
+ /* set account flags */
+ pdb_set_acct_ctrl(&new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
+ if (local_flags & LOCAL_DISABLE_USER)
+ {
+ pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_DISABLED);
+ }
+ if (local_flags & LOCAL_SET_NO_PASSWORD)
+ {
+ pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_PWNOTREQ);
+ }
+ else
+ {
+ /* set the passwords here. if we get to here it means
+ we have a valid, active account */
+ pdb_set_lanman_passwd (&new_sam_acct, new_p16);
+ pdb_set_nt_passwd (&new_sam_acct, new_nt_p16);
+ }
+
+
+ if (pdb_add_sam_account(&new_sam_acct))
+ {
+ slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
+ pdb_clear_sam (&new_sam_acct);
+ return True;
+ }
+ else
+ {
+ slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
+ return False;
+ }
+ }
+ else
+ {
+ /* the entry already existed */
+ local_flags &= ~LOCAL_ADD_USER;
+ }
/*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
+ * We are root - just write the new password
+ * and the valid last change time.
*/
- if (*p != '[') return 0;
-
- for (p++; *p && !finished; p++)
+ if(local_flags & LOCAL_DISABLE_USER)
{
- switch (*p)
+ pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
+ }
+ else if (local_flags & LOCAL_ENABLE_USER)
+ {
+ if(pdb_get_lanman_passwd(sam_pass) == NULL)
{
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
+ pdb_set_lanman_passwd (sam_pass, new_p16);
+ pdb_set_nt_passwd (sam_pass, new_nt_p16);
}
- }
-
- return acct_ctrl;
-}
-
-/*******************************************************************
- gets password-database-format time from a string.
- ********************************************************************/
-
-static time_t get_time_from_string(const char *p)
-{
- int i;
-
- for (i = 0; i < 8; i++)
+ pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
+ } else if (local_flags & LOCAL_SET_NO_PASSWORD)
{
- if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
- break;
- }
- if (i == 8)
+ pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
+
+ /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
+ pdb_set_lanman_passwd (sam_pass, NULL);
+ pdb_set_nt_passwd (sam_pass, NULL);
+ }
+ else
{
/*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
+ * If we're dealing with setting a completely empty user account
+ * ie. One with a password of 'XXXX', but not set disabled (like
+ * an account created from scratch) then if the old password was
+ * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
+ * We remove that as we're giving this user their first password
+ * and the decision hasn't really been made to disable them (ie.
+ * don't create them disabled). JRA.
*/
- return (time_t)strtol(p, NULL, 16);
+ if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED))
+ pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
+ pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ));
+ pdb_set_lanman_passwd (sam_pass, new_p16);
+ pdb_set_nt_passwd (sam_pass, new_nt_p16);
}
- return (time_t)-1;
-}
-
-/*******************************************************************
- gets password last set time
- ********************************************************************/
-
-time_t pdb_get_last_set_time(const char *p)
-{
- if (*p && StrnCaseCmp(p, "LCT-", 4))
+
+ if(local_flags & LOCAL_DELETE_USER)
+ {
+ if (!pdb_delete_sam_account(user_name))
+ {
+ slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
+ return False;
+ }
+ slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
+ }
+ else
{
- return get_time_from_string(p + 4);
+ if(!pdb_update_sam_account(sam_pass, True))
+ {
+ slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
+ return False;
+ }
+ if(local_flags & LOCAL_DISABLE_USER)
+ slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
+ else if (local_flags & LOCAL_ENABLE_USER)
+ slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
+ else if (local_flags & LOCAL_SET_NO_PASSWORD)
+ slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
}
- return (time_t)-1;
+
+ return True;
}
-/*******************************************************************
- sets password-database-format time in a string.
+/*********************************************************************
+ collection of get...() functions for SAM_ACCOUNT_INFO
********************************************************************/
-static void set_time_in_string(char *p, int max_len, char *type, time_t t)
+uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass)
{
- slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
+ if (sampass)
+ return (sampass->acct_ctrl);
+ else
+ return (ACB_DISABLED);
}
-/*******************************************************************
- sets logon time
- ********************************************************************/
-void pdb_set_logon_time(char *p, int max_len, time_t t)
+time_t pdb_get_logon_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "LNT", t);
+ if (sampass)
+ return (sampass->logon_time);
+ else
+ return (-1);
}
-/*******************************************************************
- sets logoff time
- ********************************************************************/
-void pdb_set_logoff_time(char *p, int max_len, time_t t)
+time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "LOT", t);
+ if (sampass)
+ return (sampass->logoff_time);
+ else
+ return (-1);
}
-/*******************************************************************
- sets kickoff time
- ********************************************************************/
-void pdb_set_kickoff_time(char *p, int max_len, time_t t)
+time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "KOT", t);
+ if (sampass)
+ return (sampass->kickoff_time);
+ else
+ return (-1);
}
-/*******************************************************************
- sets password can change time
- ********************************************************************/
-void pdb_set_can_change_time(char *p, int max_len, time_t t)
+time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "CCT", t);
+ if (sampass)
+ return (sampass->pass_last_set_time);
+ else
+ return (-1);
}
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pdb_set_must_change_time(char *p, int max_len, time_t t)
+time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "MCT", t);
+ if (sampass)
+ return (sampass->pass_can_change_time);
+ else
+ return (-1);
}
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pdb_set_last_set_time(char *p, int max_len, time_t t)
+time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass)
{
- set_time_in_string(p, max_len, "LCT", t);
+ if (sampass)
+ return (sampass->pass_must_change_time);
+ else
+ return (-1);
}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl)
+uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass)
{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
+ if (sampass)
+ return (sampass->logon_divs);
+ else
+ return (-1);
}
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-BOOL pdb_gethexpwd(char *p, unsigned char *pwd)
+
+uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass)
{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
+ if (sampass)
+ return (sampass->hours_len);
+ else
+ return (-1);
+}
- for (i = 0; i < 32; i += 2)
- {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
+uint8* pdb_get_hours (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->hours);
+ else
+ return (NULL);
+}
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
+BYTE* pdb_get_nt_passwd (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->nt_pw);
+ else
+ return (NULL);
+}
- if (!p1 || !p2)
- {
- return (False);
- }
+BYTE* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->lm_pw);
+ else
+ return (NULL);
+}
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
+uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->user_rid);
+ else
+ return (-1);
}
-/*******************************************************************
- Group and User RID username mapping function
- ********************************************************************/
+uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->group_rid);
+ else
+ return (-1);
+}
-BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+uid_t pdb_get_uid (SAM_ACCOUNT *sampass)
{
- struct passwd *pw = Get_Pwnam(user_name, False);
+ if (sampass)
+ return (sampass->uid);
+ else
+ return ((uid_t)-1);
+}
- if (u_rid == NULL || g_rid == NULL || user_name == NULL)
- {
- return False;
- }
+gid_t pdb_get_gid (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->gid);
+ else
+ return ((gid_t)-1);
+}
- if (!pw)
- {
- DEBUG(1,("Username %s is invalid on this system\n", user_name));
- return False;
- }
+char* pdb_get_username (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->username);
+ else
+ return (NULL);
+}
- if (user_in_list(user_name, lp_domain_guest_users()))
- {
- *u_rid = DOMAIN_USER_RID_GUEST;
- }
- else if (user_in_list(user_name, lp_domain_admin_users()))
- {
- *u_rid = DOMAIN_USER_RID_ADMIN;
- }
+char* pdb_get_domain (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->domain);
else
- {
- /* turn the unix UID into a Domain RID. this is what the posix
- sub-system does (adds 1000 to the uid) */
- *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
- }
+ return (NULL);
+}
- /* absolutely no idea what to do about the unix GID to Domain RID mapping */
- *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
+char* pdb_get_nt_username (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->nt_username);
+ else
+ return (NULL);
+}
- return True;
+char* pdb_get_fullname (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->full_name);
+ else
+ return (NULL);
}
-/****************************************************************************
- Read the machine SID from a file.
-****************************************************************************/
+char* pdb_get_homedir (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->home_dir);
+ else
+ return (NULL);
+}
-static BOOL read_sid_from_file(int fd, char *sid_file)
+char* pdb_get_dirdrive (SAM_ACCOUNT *sampass)
{
- fstring fline;
+ if (sampass)
+ return (sampass->dir_drive);
+ else
+ return (NULL);
+}
- memset(fline, '\0', sizeof(fline));
+char* pdb_get_logon_script (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->logon_script);
+ else
+ return (NULL);
+}
- if(read(fd, fline, sizeof(fline) -1 ) < 0) {
- DEBUG(0,("unable to read file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- return False;
- }
+char* pdb_get_profile_path (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->profile_path);
+ else
+ return (NULL);
+}
- /*
- * Convert to the machine SID.
- */
+char* pdb_get_acct_desc (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->acct_desc);
+ else
+ return (NULL);
+}
- fline[sizeof(fline)-1] = '\0';
- if(!string_to_sid( &global_sam_sid, fline)) {
- DEBUG(0,("unable to generate machine SID.\n"));
- return False;
- }
+char* pdb_get_workstations (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->workstations);
+ else
+ return (NULL);
+}
- return True;
+char* pdb_get_munged_dial (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->munged_dial);
+ else
+ return (NULL);
}
-/****************************************************************************
- Generate the global machine sid. Look for the MACHINE.SID file first, if
- not found then look in smb.conf and use it to create the MACHINE.SID file.
- Note this function will be replaced soon. JRA.
-****************************************************************************/
+uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->unknown_3);
+ else
+ return (-1);
+}
-BOOL pdb_generate_sam_sid(void)
+uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass)
{
- int fd;
- char *p;
- pstring sid_file;
- fstring sid_string;
- SMB_STRUCT_STAT st;
- BOOL overwrite_bad_sid = False;
+ if (sampass)
+ return (sampass->unknown_5);
+ else
+ return (-1);
+}
- generate_wellknown_sids();
+uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->unknown_6);
+ else
+ return (-1);
+}
- pstrcpy(sid_file, lp_smb_passwd_file());
- p = strrchr(sid_file, '/');
- if(p != NULL) {
- *++p = '\0';
+/*********************************************************************
+ collection of set...() functions for SAM_ACCOUNT_INFO
+ ********************************************************************/
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
+{
+ if (sampass)
+ {
+ sampass->acct_ctrl = flags;
+ return True;
}
+
+ return False;
+}
- if (!directory_exist(sid_file, NULL)) {
- if (mkdir(sid_file, 0700) != 0) {
- DEBUG(0,("can't create private directory %s : %s\n",
- sid_file, strerror(errno)));
- return False;
- }
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t time)
+{
+ if (sampass)
+ {
+ sampass->logon_time = time;
+ return True;
}
+
+ return False;
+}
- pstrcat(sid_file, "MACHINE.SID");
-
- if((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
- DEBUG(0,("unable to open or create file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- return False;
- }
-
- /*
- * Check if the file contains data.
- */
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t time)
+{
+ if (sampass)
+ {
+ sampass->logoff_time = time;
+ return True;
+ }
- if(sys_fstat( fd, &st) < 0) {
- DEBUG(0,("unable to stat file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
-
- if(st.st_size > 0) {
- /*
- * We have a valid SID - read it.
- */
- if(!read_sid_from_file( fd, sid_file)) {
- DEBUG(0,("unable to read file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
-
- /*
- * JRA. Reversed the sense of this test now that I have
- * actually done this test *personally*. One more reason
- * to never trust third party information you have not
- * independently verified.... sigh. JRA.
- */
-
- if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 0x21) {
- /*
- * Fix and re-write...
- */
- overwrite_bad_sid = True;
- global_sam_sid.sub_auths[0] = 21;
- DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of hex 21 \
-detected - re-writing to be decimal 21 instead.\n" ));
- sid_to_string(sid_string, &global_sam_sid);
- if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) {
- DEBUG(0,("unable to seek file file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
- } else {
- close(fd);
- return True;
- }
- } else {
- /*
- * The file contains no data - we need to generate our
- * own sid.
- * Generate the new sid data & turn it into a string.
- */
- int i;
- uchar raw_sid_data[12];
- DOM_SID mysid;
-
- memset((char *)&mysid, '\0', sizeof(DOM_SID));
- mysid.sid_rev_num = 1;
- mysid.id_auth[5] = 5;
- mysid.num_auths = 0;
- mysid.sub_auths[mysid.num_auths++] = 21;
-
- generate_random_buffer( raw_sid_data, 12, True);
- for( i = 0; i < 3; i++)
- mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4);
+ return False;
+}
- sid_to_string(sid_string, &mysid);
- }
-
- fstrcat(sid_string, "\n");
-
- /*
- * Ensure our new SID is valid.
- */
-
- if(!string_to_sid( &global_sam_sid, sid_string)) {
- DEBUG(0,("unable to generate machine SID.\n"));
- return False;
- }
-
- /*
- * Do an exclusive blocking lock on the file.
- */
-
- if(!do_file_lock( fd, 60, F_WRLCK)) {
- DEBUG(0,("unable to lock file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
-
- if(!overwrite_bad_sid) {
- /*
- * At this point we have a blocking lock on the SID
- * file - check if in the meantime someone else wrote
- * SID data into the file. If so - they were here first,
- * use their data.
- */
-
- if(sys_fstat( fd, &st) < 0) {
- DEBUG(0,("unable to stat file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
-
- if(st.st_size > 0) {
- /*
- * Unlock as soon as possible to reduce
- * contention on the exclusive lock.
- */
- do_file_lock( fd, 60, F_UNLCK);
-
- /*
- * We have a valid SID - read it.
- */
-
- if(!read_sid_from_file( fd, sid_file)) {
- DEBUG(0,("unable to read file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- close(fd);
- return False;
- }
- close(fd);
- return True;
- }
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t time)
+{
+ if (sampass)
+ {
+ sampass->kickoff_time = time;
+ return True;
}
- /*
- * The file is still empty and we have an exlusive lock on it,
- * or we're fixing an earlier mistake.
- * Write out out SID data into the file.
- */
+ return False;
+}
- /*
- * Use chmod here as some (strange) UNIX's don't
- * have fchmod. JRA.
- */
-
- if(chmod(sid_file, 0644) < 0) {
- DEBUG(0,("unable to set correct permissions on file %s. \
-Error was %s\n", sid_file, strerror(errno) ));
- do_file_lock( fd, 60, F_UNLCK);
- close(fd);
- return False;
- }
-
- if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) {
- DEBUG(0,("unable to write file %s. Error was %s\n",
- sid_file, strerror(errno) ));
- do_file_lock( fd, 60, F_UNLCK);
- close(fd);
- return False;
- }
-
- /*
- * Unlock & exit.
- */
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t time)
+{
+ if (sampass)
+ {
+ sampass->pass_can_change_time = time;
+ return True;
+ }
- do_file_lock( fd, 60, F_UNLCK);
- close(fd);
- return True;
-}
-/*******************************************************************
- Converts NT user RID to a UNIX uid.
- ********************************************************************/
+ return False;
+}
-uid_t pdb_user_rid_to_uid(uint32 user_rid)
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t time)
{
- return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+ if (sampass)
+ {
+ sampass->pass_must_change_time = time;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- Converts NT user RID to a UNIX gid.
- ********************************************************************/
-
-gid_t pdb_user_rid_to_gid(uint32 user_rid)
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t time)
{
- return (uid_t)(((user_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
+ if (sampass)
+ {
+ sampass->pass_last_set_time = time;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- converts UNIX uid to an NT User RID.
- ********************************************************************/
-
-uint32 pdb_uid_to_user_rid(uid_t uid)
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
{
- return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+ if (sampass)
+ {
+ sampass->hours_len = len;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- converts NT Group RID to a UNIX uid.
- ********************************************************************/
-
-uint32 pdb_gid_to_group_rid(gid_t gid)
+BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours)
{
- return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
+ if (sampass)
+ {
+ sampass->logon_divs = hours;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-
-static BOOL pdb_rid_is_well_known(uint32 rid)
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid)
{
- return (rid < 1000);
+ if (sampass)
+ {
+ sampass->uid = uid;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- Decides if a RID is a user or group RID.
- ********************************************************************/
-
-BOOL pdb_rid_is_user(uint32 rid)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid)
{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type. there are 5 such categories, and they are documented.
- */
- if(pdb_rid_is_well_known(rid)) {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- return True;
- } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
- return True;
- }
- return False;
+ if (sampass)
+ {
+ sampass->gid = gid;
+ return True;
+ }
+
+ return False;
}
-/*******************************************************************
- Convert a rid into a name. Used in the lookup SID rpc.
- ********************************************************************/
-
-BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
{
-
- BOOL is_user = pdb_rid_is_user(rid);
-
- DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
- "group", (unsigned int)rid));
-
- if(is_user) {
- if(rid == DOMAIN_USER_RID_ADMIN) {
- pstring admin_users;
- char *p = admin_users;
- pstrcpy( admin_users, lp_domain_admin_users());
- if(!next_token(&p, name, NULL, sizeof(fstring)))
- fstrcpy(name, "Administrator");
- } else if (rid == DOMAIN_USER_RID_GUEST) {
- pstring guest_users;
- char *p = guest_users;
- pstrcpy( guest_users, lp_domain_guest_users());
- if(!next_token(&p, name, NULL, sizeof(fstring)))
- fstrcpy(name, "Guest");
- } else {
- uid_t uid = pdb_user_rid_to_uid(rid);
- struct passwd *pass = sys_getpwuid(uid);
-
- *psid_name_use = SID_NAME_USER;
-
- DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
- pass ? "succeeded" : "failed" ));
-
- if(!pass) {
- slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
- return True;
- }
-
- fstrcpy(name, pass->pw_name);
-
- DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
- (unsigned int)rid ));
- }
-
- } else {
- gid_t gid = pdb_user_rid_to_gid(rid);
- struct group *gr = getgrgid(gid);
-
- *psid_name_use = SID_NAME_ALIAS;
-
- DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
- gr ? "succeeded" : "failed" ));
-
- if(!gr) {
- slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
- return True;
- }
-
- fstrcpy( name, gr->gr_name);
-
- DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
- (unsigned int)rid ));
+ if (sampass)
+ {
+ sampass->user_rid = rid;
+ return True;
}
-
- return True;
+
+ return False;
}
-/*******************************************************************
- Convert a name into a SID. Used in the lookup name rpc.
- ********************************************************************/
-
-BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
+BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
{
- extern DOM_SID global_sid_World_Domain;
- struct passwd *pass = NULL;
- DOM_SID local_sid;
-
- sid_copy(&local_sid, &global_sam_sid);
-
- if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain))
- return False;
-
- /*
- * Special case for MACHINE\Everyone. Map to the world_sid.
- */
-
- if(strequal(user, "Everyone")) {
- sid_copy( psid, &global_sid_World_Domain);
- sid_append_rid(psid, 0);
- *psid_name_use = SID_NAME_ALIAS;
+ if (sampass)
+ {
+ sampass->group_rid = grid;
return True;
}
+
+ return False;
+}
- (void)map_username(user);
-
- if(!(pass = Get_Pwnam(user, False))) {
- /*
- * Maybe it was a group ?
- */
- struct group *grp = getgrnam(user);
-
- if(!grp)
- return False;
-
- sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
- *psid_name_use = SID_NAME_ALIAS;
- } else {
-
- sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
- *psid_name_use = SID_NAME_USER;
+BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username)
+{
+ if (sampass)
+ {
+ sampass->username = strdup(username);
+ return True;
}
-
- sid_copy( psid, &local_sid);
-
- return True;
+
+ return False;
}
-/****************************************************************************
- Convert a uid to SID - locally.
-****************************************************************************/
-
-DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
+BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain)
{
- extern DOM_SID global_sam_sid;
-
- sid_copy(psid, &global_sam_sid);
- sid_append_rid(psid, pdb_uid_to_user_rid(uid));
-
- return psid;
+ if (sampass)
+ {
+ sampass->username = strdup(domain);
+ return True;
+ }
+
+ return False;
}
-
-/****************************************************************************
- Convert a SID to uid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username)
{
- extern DOM_SID global_sam_sid;
- DOM_SID dom_sid;
- uint32 rid;
-
- *name_type = SID_NAME_UNKNOWN;
-
- sid_copy(&dom_sid, psid);
- sid_split_rid(&dom_sid, &rid);
-
- /*
- * We can only convert to a uid if this is our local
- * Domain SID (ie. we are the controling authority).
- */
+ if (sampass)
+ {
+ sampass->username = strdup(nt_username);
+ return True;
+ }
+
+ return False;
+}
- if (!sid_equal(&global_sam_sid, &dom_sid))
- return False;
+BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname)
+{
+ if (sampass)
+ {
+ sampass->full_name = strdup(fullname);
+ return True;
+ }
+
+ return False;
+}
- *puid = pdb_user_rid_to_uid(rid);
+BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script)
+{
+ if (sampass)
+ {
+ sampass->logon_script = strdup(logon_script);
+ return True;
+ }
+
+ return False;
+}
- /*
- * Ensure this uid really does exist.
- */
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path)
+{
+ if (sampass)
+ {
+ sampass->profile_path = strdup(profile_path);
+ return True;
+ }
+
+ return False;
+}
- if(!sys_getpwuid(*puid))
- return False;
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive)
+{
+ if (sampass)
+ {
+ sampass->dir_drive = strdup(dir_drive);
+ return True;
+ }
+
+ return False;
+}
- return True;
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir)
+{
+ if (sampass)
+ {
+ sampass->home_dir = strdup(homedir);
+ return True;
+ }
+
+ return False;
}
-/****************************************************************************
- Convert a gid to SID - locally.
-****************************************************************************/
-DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, BYTE *pwd)
{
- extern DOM_SID global_sam_sid;
- sid_copy(psid, &global_sam_sid);
- sid_append_rid(psid, pdb_gid_to_group_rid(gid));
+ if (pwd == NULL)
+ return False;
+
+ /* allocate space for the password and make a copy of it */
+ if (sampass)
+ {
+ if ((sampass->nt_pw=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
+ {
+ DEBUG(0,("pdb_set_nt_passwd: ERROR - out of memory for nt_pw!\n"));
+ return False;
+ }
+ if (memcpy(sampass->nt_pw, pwd, 16))
+ return True;
+ }
- return psid;
+ return False;
}
-/****************************************************************************
- Convert a SID to gid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, BYTE *pwd)
{
- extern DOM_SID global_sam_sid;
- DOM_SID dom_sid;
- uint32 rid;
-
- *name_type = SID_NAME_UNKNOWN;
-
- sid_copy(&dom_sid, psid);
- sid_split_rid(&dom_sid, &rid);
+ if (pwd == NULL)
+ return False;
+
+ /* allocate space for the password and make a copy of it */
+ if (sampass)
+ {
+ if ((sampass->lm_pw=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
+ {
+ DEBUG(0,("pdb_set_lanman_passwd: ERROR - out of memory for lm_pw!\n"));
+ return False;
+ }
+ if (memcpy(sampass->lm_pw, pwd, 16))
+ return True;
+ }
- /*
- * We can only convert to a gid if this is our local
- * Domain SID (ie. we are the controling authority).
- */
+ return False;
+}
- if (!sid_equal(&global_sam_sid, &dom_sid))
- return False;
- *pgid = pdb_user_rid_to_gid(rid);
- /*
- * Ensure this gid really does exist.
- */
- if(!getgrgid(*pgid))
- return False;
- return True;
-}
/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * Unix SMB/Netbios implementation.
+ * Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Modified by Jeremy Allison 1995.
+ * Modified by Gerald (Jerry) Carter 2000
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
#ifdef USE_SMBPASS_DB
+
+/*
+ smb_passwd is analogous to sam_passwd used everywhere
+ else. However, smb_passwd is limited to the information
+ stored by an smbpasswd entry
+ */
+
+struct smb_passwd
+{
+ uid_t smb_userid; /* this is actually the unix uid_t */
+ char *smb_name; /* username string */
+
+ unsigned char *smb_passwd; /* Null if no password */
+ unsigned char *smb_nt_passwd; /* Null if no password */
+
+ uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ time_t pass_last_set_time; /* password last set time */
+};
+
+
extern int DEBUGLEVEL;
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
+extern struct passdb_ops pdb_ops;
+
-static int pw_file_lock_depth;
+/* used for maintain locks on the smbpasswd file */
+static int pw_file_lock_depth;
+static void *global_vp;
+
+/* static memory area used by all passdb search functions
+ in this module */
+static SAM_ACCOUNT global_sam_pass;
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
+/***************************************************************
+ Lock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
+{
+ if (fd < 0)
+ return False;
+
+ if(*plock_depth == 0) {
+ if (!do_file_lock(fd, secs, type)) {
+ DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
+ strerror(errno)));
+ return False;
+ }
+ }
+
+ (*plock_depth)++;
+
+ return True;
+}
+
+/***************************************************************
+ Unlock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+static BOOL pw_file_unlock(int fd, int *plock_depth)
+{
+ BOOL ret=True;
+
+ if(*plock_depth == 1)
+ ret = do_file_lock(fd, 5, F_UNLCK);
+
+ if (*plock_depth > 0)
+ (*plock_depth)--;
+
+ if(!ret)
+ DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
+ strerror(errno)));
+ return ret;
+}
+
+
+/**************************************************************
+ Intialize a smb_passwd struct
+ *************************************************************/
+static void pdb_init_smb(struct smb_passwd *user)
+{
+ if (user == NULL)
+ return;
+ ZERO_STRUCTP (user);
+
+ user->pass_last_set_time = (time_t)-1;
+}
+
+
+
/***************************************************************
Internal fn to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module. Checks for atomic
been granted to prevent race conditions. JRA.
****************************************************************/
-static void *startsmbfilepwent_internal(const char *pfile, enum pwf_access_type type, int *lock_depth)
+static void *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
{
FILE *fp = NULL;
const char *open_mode = NULL;
return (void *)fp;
}
-/***************************************************************
- Start to enumerate the smbpasswd list. Returns a void pointer
- to ensure no modification outside this module.
-****************************************************************/
-
-static void *startsmbfilepwent(BOOL update)
-{
- return startsmbfilepwent_internal(lp_smb_passwd_file(), update ? PWF_UPDATE : PWF_READ, &pw_file_lock_depth);
-}
-
/***************************************************************
End enumeration of the smbpasswd list.
****************************************************************/
-
-static void endsmbfilepwent_internal(void *vp, int *lock_depth)
+static void endsmbfilepwent(void *vp, int *lock_depth)
{
FILE *fp = (FILE *)vp;
DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
}
-/***************************************************************
- End enumeration of the smbpasswd list - operate on the default
- lock_depth.
-****************************************************************/
-
-static void endsmbfilepwent(void *vp)
-{
- endsmbfilepwent_internal(vp, &pw_file_lock_depth);
-}
-
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
*************************************************************************/
return NULL;
}
-/*************************************************************************
- Routine to return the next entry in the smbpasswd list.
- this function is a nice, messy combination of reading:
- - the smbpasswd file
- - the unix password database
- - smb.conf options (not done at present).
- *************************************************************************/
-
-static struct sam_passwd *getsmbfile21pwent(void *vp)
-{
- struct smb_passwd *pw_buf = getsmbfilepwent(vp);
- static struct sam_passwd user;
- struct passwd *pwfile;
-
- static pstring full_name;
- static pstring home_dir;
- static pstring home_drive;
- static pstring logon_script;
- static pstring profile_path;
- static pstring acct_desc;
- static pstring workstations;
-
- DEBUG(5,("getsmbfile21pwent\n"));
-
- if (pw_buf == NULL) return NULL;
-
- pwfile = sys_getpwnam(pw_buf->smb_name);
- if (pwfile == NULL)
- {
- DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
- DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
- return NULL;
- }
-
- pdb_init_sam(&user);
-
- pstrcpy(samlogon_user, pw_buf->smb_name);
-
- if (samlogon_user[strlen(samlogon_user)-1] != '$')
- {
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a become_user() call */
- sam_logon_in_ssb = True;
-
- user.smb_userid = pw_buf->smb_userid;
- user.smb_grpid = pwfile->pw_gid;
-
- user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
- user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
-
- pstrcpy(full_name , pwfile->pw_gecos );
- pstrcpy(logon_script , lp_logon_script ());
- pstrcpy(profile_path , lp_logon_path ());
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
- pstrcpy(acct_desc , "");
- pstrcpy(workstations , "");
-
- sam_logon_in_ssb = False;
- }
- else
- {
- user.smb_userid = pw_buf->smb_userid;
- user.smb_grpid = pwfile->pw_gid;
-
- user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
- user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-
- pstrcpy(full_name , "");
- pstrcpy(logon_script , "");
- pstrcpy(profile_path , "");
- pstrcpy(home_drive , "");
- pstrcpy(home_dir , "");
- pstrcpy(acct_desc , "");
- pstrcpy(workstations , "");
- }
-
- user.smb_name = pw_buf->smb_name;
- user.full_name = full_name;
- user.home_dir = home_dir;
- user.dir_drive = home_drive;
- user.logon_script = logon_script;
- user.profile_path = profile_path;
- user.acct_desc = acct_desc;
- user.workstations = workstations;
-
- user.unknown_str = NULL; /* don't know, yet! */
- user.munged_dial = NULL; /* "munged" dial-back telephone number */
-
- user.smb_nt_passwd = pw_buf->smb_nt_passwd;
- user.smb_passwd = pw_buf->smb_passwd;
-
- user.acct_ctrl = pw_buf->acct_ctrl;
-
- user.unknown_3 = 0xffffff; /* don't know */
- user.logon_divs = 168; /* hours per week */
- user.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(user.hours, 0xff, user.hours_len); /* available at all hours */
- user.unknown_5 = 0x00020000; /* don't know */
- user.unknown_5 = 0x000004ec; /* don't know */
-
- return &user;
-}
-
-/*************************************************************************
- Return the current position in the smbpasswd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static SMB_BIG_UINT getsmbfilepwpos(void *vp)
-{
- return (SMB_BIG_UINT)sys_ftell((FILE *)vp);
-}
-
-/*************************************************************************
- Set the current position in the smbpasswd list from an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-
-static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
-{
- return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET);
-}
-
/************************************************************************
Create a new smbpasswd entry - malloced space returned.
*************************************************************************/
-char *format_new_smbpasswd_entry(struct smb_passwd *newpwd)
+static char *format_new_smbpasswd_entry(struct smb_passwd *newpwd)
{
int new_entry_length;
char *new_entry;
SMB_OFF_T offpos;
/* Open the smbpassword file - for update. */
- fp = startsmbfilepwent(True);
+ fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth);
if (fp == NULL) {
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
* Scan the file, a line at a time and check if the name matches.
*/
- while ((pwd = getsmbfilepwent(fp)) != NULL) {
- if (strequal(newpwd->smb_name, pwd->smb_name)) {
- DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
- endsmbfilepwent(fp);
- return False;
+ while ((pwd = getsmbfilepwent(fp)) != NULL)
+ {
+ if (strequal(newpwd->smb_name, pwd->smb_name))
+ {
+ DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ return False;
}
}
*/
fd = fileno(fp);
- if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
- DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
+ if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1)
+ {
+ DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbfilepwent(fp);
- return False;
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ return False;
}
- if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) {
- DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
+ if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL)
+ {
+ DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbfilepwent(fp);
- return False;
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ return False;
}
new_entry_length = strlen(new_entry);
fd, new_entry_length, new_entry));
#endif
- if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) {
- DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
+ if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length)
+ {
+ DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
- /* Remove the entry we just wrote. */
- if(sys_ftruncate(fd, offpos) == -1) {
- DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
+ /* Remove the entry we just wrote. */
+ if(sys_ftruncate(fd, offpos) == -1)
+ {
+ DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
- newpwd->smb_name, strerror(errno)));
- }
+ newpwd->smb_name, strerror(errno)));
+ }
- endsmbfilepwent(fp);
- free(new_entry);
- return False;
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ free(new_entry);
+ return False;
}
free(new_entry);
- endsmbfilepwent(fp);
+ endsmbfilepwent(fp, &pw_file_lock_depth);
return True;
}
* it.
*/
- if((fp = startsmbfilepwent(True)) == NULL) {
+ if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
return False;
}
/*
* Create the replacement password file.
*/
- if((fp_write = startsmbfilepwent_internal(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
+ if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
- endsmbfilepwent(fp);
+ endsmbfilepwent(fp, &pw_file_lock_depth);
return False;
}
* We need to copy the entry out into the second file.
*/
- if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) {
- DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
+ if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL)
+ {
+ DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
- unlink(pfile2);
- endsmbfilepwent(fp);
- endsmbfilepwent_internal(fp_write,&pfile2_lockdepth);
- return False;
+ unlink(pfile2);
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp_write, &pfile2_lockdepth);
+ return False;
}
new_entry_length = strlen(new_entry);
- if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) {
- DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
+ if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length)
+ {
+ DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
- unlink(pfile2);
- endsmbfilepwent(fp);
- endsmbfilepwent_internal(fp_write,&pfile2_lockdepth);
- free(new_entry);
- return False;
+ unlink(pfile2);
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp_write, &pfile2_lockdepth);
+ free(new_entry);
+ return False;
}
free(new_entry);
* Ensure pfile2 is flushed before rename.
*/
- if(fflush(fp_write) != 0) {
- DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
- endsmbfilepwent(fp);
- endsmbfilepwent_internal(fp_write,&pfile2_lockdepth);
- return False;
+ if(fflush(fp_write) != 0)
+ {
+ DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp_write,&pfile2_lockdepth);
+ return False;
}
/*
if(rename(pfile2,pfile) != 0) {
unlink(pfile2);
}
- endsmbfilepwent(fp);
- endsmbfilepwent_internal(fp_write,&pfile2_lockdepth);
+
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp_write,&pfile2_lockdepth);
return True;
}
+
+/*********************************************************************
+ Create a SAM_ACCOUNT from a smb_passwd struct
+ ********************************************************************/
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
+{
+ BYTE *ptr;
+
+ if (sampass == NULL)
+ return False;
+
+ ZERO_STRUCTP (smb_pw);
+
+ smb_pw->smb_userid = pdb_get_uid(sampass);
+ smb_pw->smb_name = strdup(pdb_get_username(sampass));
+
+ if ((ptr=pdb_get_lanman_passwd(sampass)) != NULL)
+ {
+ if ((smb_pw->smb_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
+ {
+ DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
+ return False;
+ }
+ memcpy (smb_pw->smb_passwd, ptr, sizeof(BYTE)*16);
+ }
+
+ if ((ptr=pdb_get_nt_passwd(sampass)) != NULL)
+ {
+ if ((smb_pw->smb_nt_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
+ {
+ DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
+ return False;
+ }
+ memcpy (smb_pw->smb_nt_passwd, ptr, sizeof(BYTE)*16);
+ }
+
+ smb_pw->acct_ctrl = pdb_get_acct_ctrl(sampass);
+ smb_pw->pass_last_set_time = pdb_get_pass_last_set_time(sampass);
+
+ return True;
+
+}
+
+/********************************************************************
+ clear out memory allocated for pointer members
+ *******************************************************************/
+static void clear_smb_pass (struct smb_passwd *smb_pw)
+{
+
+ /* valid poiner to begin with? */
+ if (smb_pw == NULL)
+ return;
+
+ /* clear out members */
+ if (smb_pw->smb_name)
+ free (smb_pw->smb_name);
+
+ if (smb_pw->smb_passwd)
+ free(smb_pw->smb_passwd);
+
+ if (smb_pw->smb_nt_passwd)
+ free(smb_pw->smb_nt_passwd);
+
+ return;
+}
-/*
- * Stub functions - implemented in terms of others.
- */
-static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
+/*********************************************************************
+ Create a SAM_ACCOUNT from a smb_passwd struct
+ ********************************************************************/
+static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
+ struct smb_passwd *pw_buf)
{
- return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override);
+
+ struct passwd *pwfile;
+
+ /* is the user valid? Verify in system password file...
+
+ FIXME!!! This is where we should look up an internal
+ mapping of allocated uid for machine accounts as well
+ --jerry */
+ pwfile = sys_getpwnam(pw_buf->smb_name);
+ if (pwfile == NULL)
+ {
+ DEBUG(0,("build_sam_account: smbpasswd database is corrupt!\n"));
+ DEBUG(0,("build_sam_account: username %s not in unix passwd database!\n", pw_buf->smb_name));
+ return False;
+ }
+
+ pstrcpy(samlogon_user, pw_buf->smb_name);
+
+ pdb_set_uid (sam_pass, pwfile->pw_uid);
+ pdb_set_gid (sam_pass, pwfile->pw_gid);
+ pdb_set_user_rid (sam_pass, pdb_uid_to_user_rid (pdb_get_uid(sam_pass)) );
+ pdb_set_username (sam_pass, pw_buf->smb_name);
+ pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
+ pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
+ pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
+ pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
+ pdb_set_domain (sam_pass, lp_workgroup());
+
+ /* FIXME!! What should this be set to? New smb.conf parameter maybe?
+ max password age? For now, we'll use the current time + 21 days.
+ --jerry */
+ pdb_set_pass_must_change_time (sam_pass, time(NULL)+1814400);
+
+ /* check if this is a user account or a machine account */
+ if (samlogon_user[strlen(samlogon_user)-1] != '$')
+ {
+ pstring str;
+ gid_t gid;
+
+ sam_logon_in_ssb = True;
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+ pdb_set_logon_script(sam_pass, str);
+
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+ pdb_set_profile_path(sam_pass, str);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+ pdb_set_homedir(sam_pass, str);
+
+ if (lp_unix_realname())
+ pdb_set_fullname(sam_pass, pwfile->pw_gecos);
+ else
+ pdb_set_fullname(sam_pass, "<Full Name>");
+
+
+ /* set other user information that we have */
+ pdb_set_group_rid (sam_pass, pdb_gid_to_group_rid(pdb_get_gid(&global_sam_pass)) );
+ pdb_set_dir_drive (sam_pass, lp_logon_drive());
+
+ sam_logon_in_ssb = False;
+ }
+ else
+ {
+ /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
+ pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
+ }
+
+ return True;
+}
+/*****************************************************************
+ Functions to be implemented by the new passdb API
+ ****************************************************************/
+BOOL pdb_setsampwent (BOOL update)
+{
+ global_vp = startsmbfilepwent(lp_smb_passwd_file(),
+ update ? PWF_UPDATE : PWF_READ,
+ &pw_file_lock_depth);
+
+ /* did we fail? Should we try to create it? */
+ if (!global_vp && update && errno == ENOENT)
+ {
+ FILE *fp;
+ /* slprintf(msg_str,msg_str_len-1,
+ "smbpasswd file did not exist - attempting to create it.\n"); */
+ DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
+ fp = sys_fopen(lp_smb_passwd_file(), "w");
+ if (fp)
+ {
+ fprintf(fp, "# Samba SMB password file\n");
+ fclose(fp);
+ }
+
+ global_vp = startsmbfilepwent(lp_smb_passwd_file(),
+ update ? PWF_UPDATE : PWF_READ,
+ &pw_file_lock_depth);
+ }
+
+ return (global_vp != NULL);
+}
+
+void pdb_endsampwent (void)
+{
+ endsmbfilepwent(global_vp, &pw_file_lock_depth);
+}
+
+/*****************************************************************
+ pdb_getsampwent() uses a static memory ares (returning a pointer
+ to this) for all instances. This is identical behavior to the
+ getpwnam() call. If the caller wishes to save the SAM_ACCOUNT
+ struct, it should make a copy immediately after calling this
+ function.
+ ****************************************************************/
+SAM_ACCOUNT* pdb_getsampwent (void)
+{
+ struct smb_passwd *pw_buf;
+
+
+ DEBUG(5,("pdb_getsampwent\n"));
+
+ /* do we have an entry? */
+ pw_buf = getsmbfilepwent(global_vp);
+ if (pw_buf == NULL)
+ return NULL;
+
+ /* clear out any preexisting information from the last call */
+ pdb_clear_sam (&global_sam_pass);
+
+ /* build the SAM_ACCOUNT entry from the smb_passwd struct */
+ if (!build_sam_account (&global_sam_pass, pw_buf))
+ return NULL;
+
+ /* success */
+ return &global_sam_pass;
}
-static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
+
+/****************************************************************
+ Search smbpasswd file by iterating over the entries. Do not
+ call getpwnam() for unix account information until we have found
+ the correct entry
+ ***************************************************************/
+SAM_ACCOUNT* pdb_getsampwnam (char *username)
{
- return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd));
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
+ char *domain = NULL;
+ char *user = NULL;
+ fstring name;
+
+ DEBUG(10, ("search by name: %s\n", username));
+
+ /* break the username from the domain if we have
+ been given a string in the form 'DOMAIN\user' */
+ fstrcpy (name, username);
+ if ((user=strchr(name, '\\')) != NULL)
+ {
+ domain = name;
+ *user = '\0';
+ user++;
+ }
+
+ /* if a domain was specified and it wasn't ours
+ then there is no chance of matching */
+ if ( (domain) && (!StrCaseCmp(domain, lp_workgroup())) )
+ return (NULL);
+
+ /* startsmbfilepwent() is used here as we don't want to lookup
+ the UNIX account in the local system password file until
+ we have a match. */
+ fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open passdb database.\n"));
+ return NULL;
+ }
+
+ /* if we have a domain name, then we should map it to a UNIX
+ username first */
+ if ( domain )
+ map_username(user);
+
+ while ( ((smb_pw=getsmbfilepwent(fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
+ /* do nothing....another loop */ ;
+
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+
+
+ /* did we locate the username in smbpasswd */
+ if (smb_pw == NULL)
+ {
+ return (NULL);
+ }
+
+ DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
+
+ /* now build the SAM_ACCOUNT */
+ pdb_clear_sam (&global_sam_pass);
+ if (!build_sam_account (&global_sam_pass, smb_pw))
+ return NULL;
+
+ /* success */
+ return (&global_sam_pass);
}
-static struct sam_disp_info *getsmbfiledispnam(char *name)
+
+SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
{
- return pdb_sam_to_dispinfo(getsam21pwnam(name));
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by uid: %d\n", uid));
+
+ /* Open the sam password file - not for update. */
+ fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open passdb database.\n"));
+ return NULL;
+ }
+
+ while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) )
+ /* do nothing */ ;
+
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+
+
+ /* did we locate the username in smbpasswd */
+ if (smb_pw == NULL)
+ {
+ return (NULL);
+ }
+
+ DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
+
+ /* now build the SAM_ACCOUNT */
+ pdb_clear_sam (&global_sam_pass);
+ if (!build_sam_account (&global_sam_pass, smb_pw))
+ return NULL;
+
+ /* success */
+ return (&global_sam_pass);
}
-static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
+SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
{
- return pdb_sam_to_dispinfo(getsam21pwrid(rid));
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by rid: %d\n", rid));
+
+ /* Open the sam password file - not for update. */
+ fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open passdb database.\n"));
+ return NULL;
+ }
+
+ while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
+ /* do nothing */ ;
+
+ endsmbfilepwent(fp, &pw_file_lock_depth);
+
+
+ /* did we locate the username in smbpasswd */
+ if (smb_pw == NULL)
+ {
+ return (NULL);
+ }
+
+ DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
+
+ /* now build the SAM_ACCOUNT */
+ pdb_clear_sam (&global_sam_pass);
+ if (!build_sam_account (&global_sam_pass, smb_pw))
+ return NULL;
+
+ /* success */
+ return (&global_sam_pass);
}
-static struct sam_disp_info *getsmbfiledispent(void *vp)
+BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass)
{
- return pdb_sam_to_dispinfo(getsam21pwent(vp));
+ struct smb_passwd smb_pw;
+ BOOL ret;
+
+ /* convert the SAM_ACCOUNT */
+ build_smb_pass(&smb_pw, sampass);
+
+ /* add the entry */
+ ret = add_smbfilepwd_entry(&smb_pw);
+
+ /* clear memory from smb_passwd */
+ clear_smb_pass (&smb_pw);
+
+ return (ret);
}
-static struct passdb_ops file_ops = {
- startsmbfilepwent,
- endsmbfilepwent,
- getsmbfilepwpos,
- setsmbfilepwpos,
- iterate_getsmbpwnam, /* In passdb.c */
- iterate_getsmbpwuid, /* In passdb.c */
- iterate_getsmbpwrid, /* In passdb.c */
- getsmbfilepwent,
- add_smbfilepwd_entry,
- mod_smbfilepwd_entry,
- del_smbfilepwd_entry,
- getsmbfile21pwent,
- iterate_getsam21pwnam,
- iterate_getsam21pwuid,
- iterate_getsam21pwrid,
- add_smbfile21pwd_entry,
- mod_smbfile21pwd_entry,
- getsmbfiledispnam,
- getsmbfiledisprid,
- getsmbfiledispent
-};
+BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override)
+{
+ struct smb_passwd smb_pw;
+ BOOL ret;
+
+ /* convert the SAM_ACCOUNT */
+ build_smb_pass(&smb_pw, sampass);
+
+ /* update the entry */
+ ret = mod_smbfilepwd_entry(&smb_pw, override);
+
+ /* clear memory from smb_passwd */
+ clear_smb_pass (&smb_pw);
+
+ return (ret);
+}
-struct passdb_ops *file_initialize_password_db(void)
-{
- return &file_ops;
+BOOL pdb_delete_sam_account (char* username)
+{
+ return ( del_smbfilepwd_entry(username) );
}
#else
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
+#if 0 /* GWC */
struct tdb_sam_entry
{
time_t logon_time; /* logon time */
char strings[1];
};
+#endif
+
struct tdb_enum_info
{
TDB_CONTEXT *passwd_tdb;
static void *startsamtdbpwent(BOOL update)
{
- /* Open tdb passwd */
- if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600)))
- {
- DEBUG(0, ("Unable to open TDB passwd, trying create new!\n"));
- if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600)))
- {
- DEBUG(0, ("Unable to creat TDB passwd (smbpasswd.tdb) !!!"));
- return NULL;
- }
- return &tdb_ent;
- }
- tdb_ent.key = tdb_firstkey(tdb_ent.passwd_tdb);
- return &tdb_ent;
+ /* Open tdb passwd */
+ if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600)))
+ {
+ DEBUG(0, ("Unable to open TDB passwd, trying create new!\n"));
+ if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600)))
+ {
+ DEBUG(0, ("Unable to creat TDB passwd (smbpasswd.tdb) !!!"));
+ return NULL;
+ }
+ return &tdb_ent;
+ }
+
+ tdb_ent.key = tdb_firstkey(tdb_ent.passwd_tdb);
+ return &tdb_ent;
}
/***************************************************************
#include "includes.h"
-/*************************************************************
-add a new user to the local smbpasswd file
-*************************************************************/
-static BOOL add_new_user(char *user_name, uid_t uid, int local_flags,
- uchar *new_p16, uchar *new_nt_p16)
-{
- struct smb_passwd new_smb_pwent;
-
- /* Create a new smb passwd entry and set it to the given password. */
- new_smb_pwent.smb_userid = uid;
- new_smb_pwent.smb_name = user_name;
- new_smb_pwent.smb_passwd = NULL;
- new_smb_pwent.smb_nt_passwd = NULL;
- new_smb_pwent.pass_last_set_time = time(NULL);
- new_smb_pwent.acct_ctrl = ((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL);
-
- if(local_flags & LOCAL_DISABLE_USER) {
- new_smb_pwent.acct_ctrl |= ACB_DISABLED;
- }
-
- if (local_flags & LOCAL_SET_NO_PASSWORD) {
- new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ;
- } else {
- new_smb_pwent.smb_passwd = new_p16;
- new_smb_pwent.smb_nt_passwd = new_nt_p16;
- }
-
-
- return add_smbpwd_entry(&new_smb_pwent);
-}
-
-
-/*************************************************************
-change a password entry in the local smbpasswd file
-*************************************************************/
-
-BOOL local_password_change(char *user_name, int local_flags,
- char *new_passwd,
- char *err_str, size_t err_str_len,
- char *msg_str, size_t msg_str_len)
-{
- struct passwd *pwd = NULL;
- void *vp;
- struct smb_passwd *smb_pwent;
- uchar new_p16[16];
- uchar new_nt_p16[16];
-
- *err_str = '\0';
- *msg_str = '\0';
-
- if (local_flags & LOCAL_ADD_USER) {
-
- /*
- * Check for a local account - if we're adding only.
- */
-
- if(!(pwd = sys_getpwnam(user_name))) {
- slprintf(err_str, err_str_len - 1, "User %s does not \
-exist in system password file (usually /etc/passwd). Cannot add \
-account without a valid local system user.\n", user_name);
- return False;
- }
- }
-
- /* Calculate the MD4 hash (NT compatible) of the new password. */
- nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
-
- /*
- * Open the smbpaswd file.
- */
- vp = startsmbpwent(True);
- if (!vp && errno == ENOENT) {
- FILE *fp;
- slprintf(msg_str,msg_str_len-1,
- "smbpasswd file did not exist - attempting to create it.\n");
- fp = sys_fopen(lp_smb_passwd_file(), "w");
- if (fp) {
- fprintf(fp, "# Samba SMB password file\n");
- fclose(fp);
- vp = startsmbpwent(True);
- }
- }
-
- if (!vp) {
- slprintf(err_str, err_str_len-1, "Cannot open file %s. Error was %s\n",
- lp_smb_passwd_file(), strerror(errno) );
- return False;
- }
-
- /* Get the smb passwd entry for this user */
- smb_pwent = getsmbpwnam(user_name);
- if (smb_pwent == NULL) {
- if(!(local_flags & LOCAL_ADD_USER)) {
- slprintf(err_str, err_str_len-1,
- "Failed to find entry for user %s.\n", user_name);
- endsmbpwent(vp);
- return False;
- }
-
- if (add_new_user(user_name, pwd->pw_uid, local_flags, new_p16, new_nt_p16)) {
- slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
- endsmbpwent(vp);
- return True;
- } else {
- slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
- endsmbpwent(vp);
- return False;
- }
- } else {
- /* the entry already existed */
- local_flags &= ~LOCAL_ADD_USER;
- }
-
- /*
- * We are root - just write the new password
- * and the valid last change time.
- */
-
- if(local_flags & LOCAL_DISABLE_USER) {
- smb_pwent->acct_ctrl |= ACB_DISABLED;
- } else if (local_flags & LOCAL_ENABLE_USER) {
- if(smb_pwent->smb_passwd == NULL) {
- smb_pwent->smb_passwd = new_p16;
- smb_pwent->smb_nt_passwd = new_nt_p16;
- }
- smb_pwent->acct_ctrl &= ~ACB_DISABLED;
- } else if (local_flags & LOCAL_SET_NO_PASSWORD) {
- smb_pwent->acct_ctrl |= ACB_PWNOTREQ;
- /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
- smb_pwent->smb_passwd = NULL;
- smb_pwent->smb_nt_passwd = NULL;
- } else {
- /*
- * If we're dealing with setting a completely empty user account
- * ie. One with a password of 'XXXX', but not set disabled (like
- * an account created from scratch) then if the old password was
- * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
- * We remove that as we're giving this user their first password
- * and the decision hasn't really been made to disable them (ie.
- * don't create them disabled). JRA.
- */
- if((smb_pwent->smb_passwd == NULL) && (smb_pwent->acct_ctrl & ACB_DISABLED))
- smb_pwent->acct_ctrl &= ~ACB_DISABLED;
- smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ;
- smb_pwent->smb_passwd = new_p16;
- smb_pwent->smb_nt_passwd = new_nt_p16;
- }
-
- if(local_flags & LOCAL_DELETE_USER) {
- if (del_smbpwd_entry(user_name)==False) {
- slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
- endsmbpwent(vp);
- return False;
- }
- slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
- } else {
- if(mod_smbpwd_entry(smb_pwent,True) == False) {
- slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
- endsmbpwent(vp);
- return False;
- }
- if(local_flags & LOCAL_DISABLE_USER)
- slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
- else if (local_flags & LOCAL_ENABLE_USER)
- slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
- else if (local_flags & LOCAL_SET_NO_PASSWORD)
- slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
- }
-
- endsmbpwent(vp);
-
- return True;
-}
BOOL global_machine_password_needs_changing = False;
+
+static int mach_passwd_lock_depth;
+static FILE *mach_passwd_fp;
+
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
-BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
+static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
{
if (fd < 0)
return False;
Unlock an fd. Abandon after waitsecs seconds.
****************************************************************/
-BOOL pw_file_unlock(int fd, int *plock_depth)
+static BOOL pw_file_unlock(int fd, int *plock_depth)
{
BOOL ret=True;
return ret;
}
-static int mach_passwd_lock_depth;
-static FILE *mach_passwd_fp;
-
/************************************************************************
Routine to get the name for an old trust account file.
************************************************************************/
/****************************************************************************
****************************************************************************/
-BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user, uint32 *perr)
+BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
+ uint32 level, struct current_user *user, uint32 *perr)
{
NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver;
NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver;
Init
*************************************************************************/
-void init_net_user_info3(NET_USER_INFO_3 *usr,
-
- NTTIME *logon_time,
- NTTIME *logoff_time,
- NTTIME *kickoff_time,
- NTTIME *pass_last_set_time,
- NTTIME *pass_can_change_time,
- NTTIME *pass_must_change_time,
-
- char *user_name,
- char *full_name,
- char *logon_script,
- char *profile_path,
- char *home_dir,
- char *dir_drive,
-
- uint16 logon_count,
- uint16 bad_pw_count,
-
- uint32 user_id,
- uint32 group_id,
- uint32 num_groups,
- DOM_GID *gids,
- uint32 user_flgs,
-
- char *sess_key,
-
- char *logon_srv,
- char *logon_dom,
-
- DOM_SID *dom_sid,
- char *other_sids)
+void init_net_user_info3(NET_USER_INFO_3 *usr, SAM_ACCOUNT *sampw,
+ uint16 logon_count, uint16 bad_pw_count,
+ uint32 num_groups, DOM_GID *gids,
+ uint32 user_flgs, char *sess_key,
+ char *logon_srv, char *logon_dom,
+ DOM_SID *dom_sid, char *other_sids)
{
/* only cope with one "other" sid, right now. */
/* need to count the number of space-delimited sids */
int i;
int num_other_sids = 0;
-
- int len_user_name = strlen(user_name );
- int len_full_name = strlen(full_name );
- int len_logon_script = strlen(logon_script);
- int len_profile_path = strlen(profile_path);
- int len_home_dir = strlen(home_dir );
- int len_dir_drive = strlen(dir_drive );
+
+ NTTIME logon_time, logoff_time, kickoff_time,
+ pass_last_set_time, pass_can_change_time,
+ pass_must_change_time;
+
+ int len_user_name, len_full_name, len_home_dir,
+ len_dir_drive, len_logon_script, len_profile_path;
+
+ char* user_name = pdb_get_username(sampw);
+ char* full_name = pdb_get_fullname(sampw);
+ char* home_dir = pdb_get_homedir(sampw);
+ char* dir_drive = pdb_get_dirdrive(sampw);
+ char* logon_script = pdb_get_logon_script(sampw);
+ char* profile_path = pdb_get_profile_path(sampw);
int len_logon_srv = strlen(logon_srv);
int len_logon_dom = strlen(logon_dom);
- memset(usr, '\0', sizeof(*usr));
+ len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
+ len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
+ len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
+ len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0;
+ len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
+ len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
+
+
+ ZERO_STRUCTP(usr);
usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */
- usr->logon_time = *logon_time;
- usr->logoff_time = *logoff_time;
- usr->kickoff_time = *kickoff_time;
- usr->pass_last_set_time = *pass_last_set_time;
- usr->pass_can_change_time = *pass_can_change_time;
- usr->pass_must_change_time = *pass_must_change_time;
+
+ /* Create NTTIME structs */
+ unix_to_nt_time (&logon_time, pdb_get_logon_time(sampw));
+ unix_to_nt_time (&logoff_time, pdb_get_logoff_time(sampw));
+ unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(sampw));
+ unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(sampw));
+ unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(sampw));
+ unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(sampw));
+
+ usr->logon_time = logon_time;
+ usr->logoff_time = logoff_time;
+ usr->kickoff_time = kickoff_time;
+ usr->pass_last_set_time = pass_last_set_time;
+ usr->pass_can_change_time = pass_can_change_time;
+ usr->pass_must_change_time = pass_must_change_time;
init_uni_hdr(&usr->hdr_user_name, len_user_name);
init_uni_hdr(&usr->hdr_full_name, len_full_name);
usr->logon_count = logon_count;
usr->bad_pw_count = bad_pw_count;
- usr->user_id = user_id;
- usr->group_id = group_id;
+ usr->user_id = pdb_get_user_rid(sampw);
+ usr->group_id = pdb_get_group_rid(sampw);
usr->num_groups = num_groups;
usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
usr->user_flgs = user_flgs;
/*******************************************************************
Inits a SAMR_R_LOOKUP_NAMES structure.
********************************************************************/
-
void init_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
uint32 num_rids, uint32 *rid, enum SID_NAME_USE *type, uint32 status)
{
unknown_3 = 0x00ff ffff
unknown_5 = 0x0002 0000
unknown_6 = 0x0000 04ec
-
*************************************************************************/
-void init_sam_user_info21(SAM_USER_INFO_21 *usr,
- NTTIME *logon_time,
- NTTIME *logoff_time,
- NTTIME *kickoff_time,
- NTTIME *pass_last_set_time,
- NTTIME *pass_can_change_time,
- NTTIME *pass_must_change_time,
-
- char *user_name,
- char *full_name,
- char *home_dir,
- char *dir_drive,
- char *logon_script,
- char *profile_path,
- char *description,
- char *workstations,
- char *unknown_str,
- char *munged_dial,
-
- uint32 user_rid,
- uint32 group_rid,
- uint16 acb_info,
-
- uint32 unknown_3,
- uint16 logon_divs,
- LOGON_HRS *hrs,
- uint32 unknown_5,
- uint32 unknown_6)
-{
- int len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
- int len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
- int len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
- int len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0;
- int len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
- int len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
- int len_description = description != NULL ? strlen(description )+1 : 0;
- int len_workstations = workstations != NULL ? strlen(workstations)+1 : 0;
- int len_unknown_str = unknown_str != NULL ? strlen(unknown_str )+1 : 0;
- int len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0;
-
- usr->logon_time = *logon_time;
- usr->logoff_time = *logoff_time;
- usr->kickoff_time = *kickoff_time;
- usr->pass_last_set_time = *pass_last_set_time;
- usr->pass_can_change_time = *pass_can_change_time;
- usr->pass_must_change_time = *pass_must_change_time;
+void init_sam_user_info21(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
+{
+ NTTIME logon_time, logoff_time, kickoff_time,
+ pass_last_set_time, pass_can_change_time,
+ pass_must_change_time;
+
+ int len_user_name, len_full_name, len_home_dir,
+ len_dir_drive, len_logon_script, len_profile_path,
+ len_description, len_workstations, len_unknown_str,
+ len_munged_dial;
+
+ char* user_name = pdb_get_username(pw);
+ char* full_name = pdb_get_fullname(pw);
+ char* home_dir = pdb_get_homedir(pw);
+ char* dir_drive = pdb_get_dirdrive(pw);
+ char* logon_script = pdb_get_logon_script(pw);
+ char* profile_path = pdb_get_profile_path(pw);
+ char* description = pdb_get_acct_desc(pw);
+ char* workstations = pdb_get_workstations(pw);
+ char* munged_dial = pdb_get_munged_dial(pw);
+
+ len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
+ len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
+ len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
+ len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0;
+ len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
+ len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
+ len_description = description != NULL ? strlen(description )+1 : 0;
+ len_workstations = workstations != NULL ? strlen(workstations)+1 : 0;
+ len_unknown_str = 0;
+ len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0;
+
+
+ /* Create NTTIME structs */
+ unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
+ unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
+ unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw));
+ unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw));
+ unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
+
+ /* structure assignment */
+ usr->logon_time = logon_time;
+ usr->logoff_time = logoff_time;
+ usr->kickoff_time = kickoff_time;
+ usr->pass_last_set_time = pass_last_set_time;
+ usr->pass_can_change_time = pass_can_change_time;
+ usr->pass_must_change_time = pass_must_change_time;
init_uni_hdr(&usr->hdr_user_name, len_user_name);
init_uni_hdr(&usr->hdr_full_name, len_full_name);
memset((char *)usr->nt_pwd, '\0', sizeof(usr->nt_pwd));
memset((char *)usr->lm_pwd, '\0', sizeof(usr->lm_pwd));
- usr->user_rid = user_rid;
- usr->group_rid = group_rid;
- usr->acb_info = acb_info;
- usr->unknown_3 = unknown_3; /* 0x00ff ffff */
+ usr->user_rid = pdb_get_user_rid(pw);
+ usr->group_rid = pdb_get_group_rid(pw);
+ usr->acb_info = pdb_get_acct_ctrl(pw);
+ usr->unknown_3 = pdb_get_unknown3(pw);
- usr->logon_divs = logon_divs; /* should be 168 (hours/week) */
- usr->ptr_logon_hrs = hrs ? 1 : 0;
- usr->unknown_5 = unknown_5; /* 0x0002 0000 */
+ usr->logon_divs = pdb_get_logon_divs(pw);
+ usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
+ usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
memset((char *)usr->padding1, '\0', sizeof(usr->padding1));
init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path);
init_unistr2(&usr->uni_acct_desc, description, len_description);
init_unistr2(&usr->uni_workstations, workstations, len_workstations);
- init_unistr2(&usr->uni_unknown_str, unknown_str, len_unknown_str);
+ init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
- usr->unknown_6 = unknown_6; /* 0x0000 04ec */
+ usr->unknown_6 = pdb_get_unknown6(pw);
usr->padding4 = 0;
- if (hrs)
- memcpy(&(usr->logon_hrs), hrs, sizeof(usr->logon_hrs));
+ if (pdb_get_hours(pw))
+ {
+ usr->logon_hrs.len = pdb_get_hours_len(pw);
+ memcpy(&(usr->logon_hrs.hours), pdb_get_hours(pw), MAX_HOURS_LEN);
+ }
else
memset(&(usr->logon_hrs), 0xff, sizeof(usr->logon_hrs));
}
uint32 lookup_added_user_rids(char *user_name,
uint32 *usr_rid, uint32 *grp_rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*usr_rid) = 0;
(*grp_rid) = 0;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*usr_rid) = sam_pass->user_rid ;
- (*grp_rid) = sam_pass->group_rid;
+ (*usr_rid) = pdb_get_user_rid(sam_pass);
+ (*grp_rid) = pdb_get_group_rid(sam_pass);
return 0x0;
}
********************************************************************/
uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*rid) = 0;
(*type) = SID_NAME_USER;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*rid) = sam_pass->user_rid;
+ (*rid) = pdb_get_user_rid(sam_pass);
return 0x0;
}
static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass = NULL;
+ BYTE *pass = NULL;
#if 0
/*
#endif /* 0 */
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) &&
- (smb_pass->smb_nt_passwd != NULL))
+ if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
+ ((pass=pdb_get_nt_passwd(sampass)) != NULL))
{
- memcpy(md4pw, smb_pass->smb_nt_passwd, 16);
+ memcpy(md4pw, pass, 16);
dump_data(5, md4pw, 16);
return True;
uint32 status = NT_STATUS_WRONG_PASSWORD;
DOM_CRED srv_cred;
pstring mach_acct;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
BOOL ret;
user_struct *vuser;
prs_struct *data = &p->in_data.data;
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if (smb_pass != NULL) {
+ if (sampass != NULL) {
unsigned char pwd[16];
int i;
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
- smb_pass->smb_passwd = pwd;
- smb_pass->smb_nt_passwd = pwd;
- smb_pass->acct_ctrl = ACB_WSTRUST;
+ pdb_set_lanman_passwd (sampass, pwd);
+ pdb_set_nt_passwd (sampass, pwd);
+ pdb_set_acct_ctrl (sampass, ACB_WSTRUST);
- become_root();
- ret = mod_smbpwd_entry(smb_pass,False);
+ become_root();
+ ret = pdb_update_sam_account (sampass,False);
unbecome_root();
if (ret) {
net_login_interactive:
*************************************************************************/
-static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass,
- user_struct *vuser)
+static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass,
+ user_struct *vuser)
{
uint32 status = 0x0;
dump_data(100, nt_pwd, 16);
#endif
- if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 ||
- memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0)
+ if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 ||
+ memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0)
{
status = NT_STATUS_WRONG_PASSWORD;
}
net_login_network:
*************************************************************************/
-static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
+static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
{
+ BYTE *nt_pwd, *lanman_pwd;
+
DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
id2->hdr_lm_chal_resp.str_str_len,
id2->hdr_nt_chal_resp.str_str_len));
/* JRA. Check the NT password first if it exists - this is a higher quality
password, if it exists and it doesn't match - fail. */
+ nt_pwd = pdb_get_nt_passwd (sampass);
+ lanman_pwd = pdb_get_lanman_passwd (sampass);
if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
- smb_pass->smb_nt_passwd != NULL)
+ nt_pwd != NULL)
{
- if(smb_password_check((char *)id2->nt_chal_resp.buffer,
- smb_pass->smb_nt_passwd,
+ if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd,
id2->lm_chal))
return 0x0;
else
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
smb_password_check((char *)id2->lm_chal_resp.buffer,
- smb_pass->smb_passwd,
- id2->lm_chal))
+ lanman_pwd, id2->lm_chal))
{
return 0x0;
}
NET_USER_INFO_3 usr_info;
uint32 status = 0x0;
DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ uint16 acct_ctrl;
UNISTR2 *uni_samlogon_user = NULL;
fstring nt_username;
- struct passwd *pw;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
user_struct *vuser = NULL;
if ((vuser = get_valid_user_struct(vuid)) == NULL)
return False;
- memset(&q_l, '\0', sizeof(q_l));
- memset(&ctr, '\0', sizeof(ctr));
- memset(&usr_info, '\0', sizeof(usr_info));
+ ZERO_STRUCT(q_l);
+ ZERO_STRUCT(ctr);
+ ZERO_STRUCT(usr_info);
q_l.sam_id.ctr = &ctr;
case INTERACTIVE_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name;
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ",
- lp_workgroup()));
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
break;
case NET_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name;
/* check username exists */
- if (status == 0) {
+ if (status == 0)
+ {
pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer,
uni_samlogon_user->uni_str_len));
* Convert to a UNIX username.
*/
map_username(nt_username);
-
- /*
- * Do any case conversions.
- */
- pw=Get_Pwnam(nt_username, True);
+ /* get the account information */
become_root();
- smb_pass = getsmbpwnam(nt_username);
+ sampass = pdb_getsampwnam(nt_username);
unbecome_root();
- if (smb_pass == NULL)
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ if (sampass == NULL)
status = NT_STATUS_NO_SUCH_USER;
- else if (smb_pass->acct_ctrl & ACB_PWNOTREQ)
+ else if (acct_ctrl & ACB_PWNOTREQ)
status = 0;
- else if (smb_pass->acct_ctrl & ACB_DISABLED)
+ else if (acct_ctrl & ACB_DISABLED)
status = NT_STATUS_ACCOUNT_DISABLED;
}
/* Validate password - if required. */
- if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
+ if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) {
switch (q_l.sam_id.logon_level) {
case INTERACTIVE_LOGON_TYPE:
/* interactive login. */
status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
- smb_pass, vuser);
+ sampass, vuser);
break;
case NET_LOGON_TYPE:
/* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass);
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass);
break;
}
}
-
+
/* lkclXXXX this is the point at which, if the login was
successful, that the SAM Local Security Authority should
record that the user is logged in to the domain.
if (status == 0) {
DOM_GID *gids = NULL;
int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
pstring my_name;
pstring my_workgroup;
pstring domain_groups;
- uint32 r_uid;
- uint32 r_gid;
- fstring full_name;
/* set up pointer indicating user/password failed to be found */
usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
+
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
+
+ /*
+ * All this information should be filled in from the
+ * passdb information
+ */
sam_logon_in_ssb = True;
pstrcpy(samlogon_user, nt_username);
- pstrcpy(logon_script, lp_logon_script());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script);
+#if 0
+ gid = pdb_get_gid(sampass);
- pstrcpy(profile_path, lp_logon_path());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path);
-
- pstrcpy(my_workgroup, lp_workgroup());
+ pstrcpy(str, pdb_get_logon_script(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_logon_script(sampass, str);
+
+ pstrcpy(str, pdb_get_profile_path(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_profile_path(sampass, str);
+
+ pstrcpy(str, pdb_get_homedir(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_homedir(sampass, str);
- pstrcpy(home_drive, lp_logon_drive());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive);
+ fstrcpy(full_name, "<Full Name>");
+ if (lp_unix_realname())
+ fstrcpy(full_name, pdb_get_fullname(sampass));
+#endif
- pstrcpy(home_dir, lp_logon_home());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir);
-
+ pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(my_name, global_myname);
strupper(my_name);
- fstrcpy(full_name, "<Full Name>");
- if (lp_unix_realname())
- fstrcpy(full_name, pw->pw_gecos);
/*
* This is the point at which we get the group
sam_logon_in_ssb = False;
+ /*
+ * This next call is where the 'domain admin users' parameter
+ * gets mapped. I'm leaving it out for now. The user and group rid
+ * has already been mapped into the SAM_ACCOUNT struct. I don't
+ * think this should be overridden here. The correct solution
+ * is proper group memberships and mapping. --jerry
+ */
+#if 0
if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
- init_net_user_info3(&usr_info,
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- nt_username , /* user_name */
- full_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
+#endif
+ init_net_user_info3(&usr_info, sampass,
0, /* logon_count */
0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
-
NULL, /* char sess_key[16] */
-
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
-
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
+
+#if 0
else
status = NT_STATUS_NO_SUCH_USER;
+#endif
/* Free any allocated groups array. */
if(gids)
fstring domain;
fstring wks;
BOOL guest_user = False;
- struct smb_passwd *smb_pass = NULL;
- struct passwd *pass = NULL;
- uchar null_smb_passwd[16];
- uchar *smb_passwd_ptr = NULL;
+ SAM_ACCOUNT *sam_pass = NULL;
+ BYTE null_smb_passwd[16];
+ BYTE *smb_passwd_ptr = NULL;
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
return False;
}
-
+/* unnecessary as the passdb validates the user before returning --jerry */
+#if 0
/*
* Find the user in the unix password db.
*/
return(False);
}
+#endif /* 0 */
+
if(!guest_user) {
become_root();
return False;
}
- if(!(smb_pass = getsmbpwnam(pipe_user_name))) {
- DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
+ if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n",
pipe_user_name));
unbecome_root();
return False;
unbecome_root();
- if (smb_pass == NULL) {
- DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n",
+ if (sam_pass == NULL) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n",
pipe_user_name));
return(False);
}
/* Quit if the account was disabled. */
- if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) {
+ if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) {
DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
return(False);
}
- if(!smb_pass->smb_nt_passwd) {
+ if(!pdb_get_nt_passwd(sam_pass)) {
DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
return(False);
}
- smb_passwd_ptr = smb_pass->smb_passwd;
+ smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass);
}
/*
/*
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
-
- p->pipe_user.uid = pass->pw_uid;
- p->pipe_user.gid = pass->pw_gid;
+ p->pipe_user.uid = pdb_get_uid(sam_pass);
+ p->pipe_user.gid = pdb_get_gid(sam_pass);
/* Set up pipe user group membership. */
initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
/* Create an NT_USER_TOKEN struct for this user. */
p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
- p->pipe_user.ngroups, p->pipe_user.groups);
+ p->pipe_user.ngroups, p->pipe_user.groups);
p->ntlmssp_auth_validated = True;
return True;
dynamically returns the correct user info..... JRA.
********************************************************************/
-static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
- int start_idx,
+static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
int *total_entries, int *num_entries,
- int max_num_entries,
- uint16 acb_mask)
+ int max_num_entries, uint16 acb_mask)
{
- void *vp = NULL;
- struct sam_passwd *pwd = NULL;
+ SAM_ACCOUNT *pwd = NULL;
(*num_entries) = 0;
(*total_entries) = 0;
- if (pw_buf == NULL) return False;
+ if (pw_buf == NULL)
+ return False;
- vp = startsmbpwent(False);
- if (!vp) {
- DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
+ if (!pdb_setsampwent(False))
+ {
+ DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
return False;
}
- while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) {
+ while ( ((pwd=pdb_getsampwent()) != NULL) && ((*num_entries) < max_num_entries) )
+ {
int user_name_len;
if (start_idx > 0) {
continue;
}
- user_name_len = strlen(pwd->smb_name)+1;
- init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
+ user_name_len = strlen(pdb_get_username(pwd))+1;
+ init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pdb_get_username(pwd), user_name_len);
init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
- pw_buf[(*num_entries)].user_rid = pwd->user_rid;
+ pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd);
memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
/* Now check if the NT compatible password is available. */
- if (pwd->smb_nt_passwd != NULL) {
- memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
+ if (pdb_get_nt_passwd(pwd) != NULL)
+ {
+ memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
}
- pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
+ pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd);
DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
- (*num_entries), pwd->smb_name,
- pwd->user_rid, pwd->acct_ctrl));
+ (*num_entries), pdb_get_username(pwd),
+ pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)));
- if (acb_mask == 0 || (pwd->acct_ctrl & acb_mask)) {
+ if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask))
+ {
DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
(*num_entries)++;
- } else {
+ }
+ else
+ {
DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
}
(*total_entries)++;
}
- endsmbpwent(vp);
+ pdb_endsampwent();
return (*num_entries) > 0;
}
for (i = 0; i < num_rids && status == 0; i++)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
fstring user_name;
/* find the user account */
become_root();
- sam_pass = get_smb21pwd_entry(user_name, 0);
+ sam_pass = pdb_getsampwnam(user_name);
unbecome_root();
if (sam_pass == NULL)
}
else
{
- rid[i] = sam_pass->user_rid;
+ rid[i] = pdb_get_user_rid(sam_pass);
}
}
#endif
********************************************************************/
static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY_HND *user_pol)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
DOM_SID sid;
/* find the domain policy handle. */
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
become_root();
- sam_pass = getsam21pwrid(user_rid);
+ sam_pass = pdb_getsampwrid(user_rid);
unbecome_root();
/* check that the RID exists in our domain. */
*************************************************************************/
static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
if (!pdb_rid_is_user(user_rid))
{
}
become_root();
- smb_pass = getsmbpwrid(user_rid);
+ sampass = pdb_getsampwrid(user_rid);
unbecome_root();
- if (smb_pass == NULL)
+ if (sampass == NULL)
{
DEBUG(4,("User 0x%x not found\n", user_rid));
return False;
}
- DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(sampass)));
- init_sam_user_info10(id10, smb_pass->acct_ctrl);
+ init_sam_user_info10(id10, pdb_get_acct_ctrl(sampass));
return True;
}
*************************************************************************/
static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
{
- NTTIME dummy_time;
- struct sam_passwd *sam_pass;
- LOGON_HRS hrs;
- int i;
+ SAM_ACCOUNT *sam_pass;
if (!pdb_rid_is_user(user_rid))
{
}
become_root();
- sam_pass = getsam21pwrid(user_rid);
+ sam_pass = pdb_getsampwrid(user_rid);
unbecome_root();
if (sam_pass == NULL)
return False;
}
- DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
- DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(sam_pass)));
- /* create a LOGON_HRS structure */
- hrs.len = sam_pass->hours_len;
- SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
- for (i = 0; i < hrs.len; i++)
- {
- hrs.hours[i] = sam_pass->hours[i];
- }
-
- init_sam_user_info21(id21,
-
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- sam_pass->smb_name, /* user_name */
- sam_pass->full_name, /* full_name */
- sam_pass->home_dir, /* home_dir */
- sam_pass->dir_drive, /* dir_drive */
- sam_pass->logon_script, /* logon_script */
- sam_pass->profile_path, /* profile_path */
- sam_pass->acct_desc, /* description */
- sam_pass->workstations, /* workstations user can log in from */
- sam_pass->unknown_str, /* don't know, yet */
- sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */
-
- sam_pass->user_rid, /* RID user_id */
- sam_pass->group_rid, /* RID group_id */
- sam_pass->acct_ctrl,
-
- sam_pass->unknown_3, /* unknown_3 */
- sam_pass->logon_divs, /* divisions per week */
- &hrs, /* logon hours */
- sam_pass->unknown_5,
- sam_pass->unknown_6);
+ init_sam_user_info21(id21, sam_pass);
return True;
}
SAMR_R_QUERY_USERGROUPS r_u;
uint32 status = 0x0;
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
DOM_GID *gids = NULL;
int num_groups = 0;
uint32 rid;
if (status == 0x0)
{
become_root();
- sam_pass = getsam21pwrid(rid);
+ sam_pass = pdb_getsampwrid(rid);
unbecome_root();
if (sam_pass == NULL)
if (status == 0x0)
{
pstring groups;
- get_domain_user_groups(groups, sam_pass->smb_name);
+ get_domain_user_groups(groups, pdb_get_username(sam_pass));
gids = NULL;
num_groups = make_dom_gids(groups, &gids);
}
static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint32 acb_info, uint32 access_mask,
POLICY_HND *user_pol, uint32 *unknown0, uint32 *user_rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
fstring mach_acct;
pstring err_str;
pstring msg_str;
strlower(mach_acct);
become_root();
- sam_pass = getsam21pwnam(mach_acct);
+ sam_pass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if (sam_pass != NULL) {
+ if (sam_pass != NULL)
+ {
/* machine account exists: say so */
return NT_STATUS_USER_EXISTS;
}
smb_create_user(mach_acct);
/* add the user in the smbpasswd file or the Samba authority database */
- if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) {
+ if (!local_password_change(mach_acct, local_flags, NULL, err_str,
+ sizeof(err_str), msg_str, sizeof(msg_str)))
+ {
DEBUG(0, ("%s\n", err_str));
close_lsa_policy_hnd(user_pol);
return NT_STATUS_ACCESS_DENIED;
}
become_root();
- sam_pass = getsam21pwnam(mach_acct);
+ sam_pass = pdb_getsampwnam(mach_acct);
unbecome_root();
if (sam_pass == NULL) {
/* account doesn't exist: say so */
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- *unknown0=0x000703ff;
- *user_rid=sam_pass->user_rid;
+ *unknown0 = 0x000703ff;
+ *user_rid = pdb_get_user_rid(sam_pass);
return NT_STATUS_NO_PROBLEMO;
}
********************************************************************/
static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
if (id10 == NULL) {
DEBUG(5, ("set_user_info_10: NULL id10\n"));
if (pwd == NULL)
return False;
- copy_sam_passwd(&new_pwd, pwd);
+ pdb_set_acct_ctrl(pwd, id10->acb_info);
- new_pwd.acct_ctrl = id10->acb_info;
-
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
/*******************************************************************
set_user_info_12
********************************************************************/
-static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid)
+static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
if (pwd == NULL)
return False;
return False;
}
- pdb_init_sam(&new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
-
- memcpy(nt_hash, id12->nt_pwd, sizeof(nt_hash));
- memcpy(lm_hash, id12->lm_pwd, sizeof(lm_hash));
+ pdb_set_lanman_passwd (pwd, id12->lm_pwd);
+ pdb_set_nt_passwd (pwd, id12->nt_pwd);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
-
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
********************************************************************/
static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT new_pwd;
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
if (pwd == NULL)
return False;
+ /* Zero out struct and set a few initial items */
pdb_init_sam(&new_pwd);
+
+ /* FIXME!! these two calls may need to be fixed. copy_sam_passwd()
+ uses static strings and copy_id21..() reassigns some
+ strings. Right now there is no memory leaks, but if
+ the internals of copy_sam_passwd() changes to use dynamically
+ allocated strings, this will need to be fixed --jerry */
copy_sam_passwd(&new_pwd, pwd);
copy_id21_to_sam_passwd(&new_pwd, id21);
- if (pwd->smb_nt_passwd != NULL) {
- memcpy(nt_hash, pwd->smb_nt_passwd, 16);
- new_pwd.smb_nt_passwd = nt_hash;
- } else
- new_pwd.smb_nt_passwd = NULL;
+ /* passwords are not copied as part of copy_sam_passwd() */
+ if (pdb_get_nt_passwd(pwd) != NULL)
+ pdb_set_nt_passwd (&new_pwd, pdb_get_nt_passwd(pwd));
- if (pwd->smb_nt_passwd != NULL) {
- memcpy(lm_hash, pwd->smb_passwd, 16);
- new_pwd.smb_passwd = lm_hash;
- } else
- new_pwd.smb_passwd = NULL;
+ if (pdb_get_lanman_passwd(pwd) != NULL)
+ pdb_set_lanman_passwd (&new_pwd, pdb_get_lanman_passwd(pwd));
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(&new_pwd, True))
return False;
+ /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam()
+ because copy_sam_passwd uses static arrays. Therefore,
+ we will manually free the password pointers here. This
+ needs to be fixed. ---jerry */
+ if (new_pwd.nt_pw) free (new_pwd.nt_pw);
+ if (new_pwd.lm_pw) free (new_pwd.lm_pw);
+
return True;
}
********************************************************************/
static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ SAM_ACCOUNT new_pwd;
+ BYTE nt_hash[16];
+ BYTE lm_hash[16];
pstring buf;
uint32 len;
copy_sam_passwd(&new_pwd, pwd);
copy_id23_to_sam_passwd(&new_pwd, id23);
- if (!decode_pw_buffer((const char *)id23->pass, buf, 256, &len))
+ if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len))
return False;
nt_lm_owf_gen(buf, nt_hash, lm_hash);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
+ pdb_set_lanman_passwd (&new_pwd, lm_hash);
+ pdb_set_nt_passwd (&new_pwd, nt_hash);
/* update the UNIX password */
if (lp_unix_password_sync())
- if(!chgpasswd(new_pwd.smb_name, "", buf, True))
+ if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True))
return False;
memset(buf, 0, sizeof(buf));
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(&new_pwd, True))
return False;
+
+ /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam()
+ because copy_sam_passwd uses static arrays. Therefore,
+ we will manually free the password pointers here. This
+ needs to be fixed. ---jerry */
+ if (new_pwd.nt_pw) free (new_pwd.nt_pw);
+ if (new_pwd.lm_pw) free (new_pwd.lm_pw);
return True;
}
********************************************************************/
static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid)
{
- struct sam_passwd *pwd = getsam21pwrid(rid);
- struct sam_passwd new_pwd;
- static uchar nt_hash[16];
- static uchar lm_hash[16];
+ SAM_ACCOUNT *pwd = pdb_getsampwrid(rid);
+ uchar nt_hash[16];
+ uchar lm_hash[16];
uint32 len;
pstring buf;
if (pwd == NULL)
return False;
- pdb_init_sam(&new_pwd);
- copy_sam_passwd(&new_pwd, pwd);
-
memset(buf, 0, sizeof(buf));
- if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len))
+ if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len))
return False;
-DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n"));
+ DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n"));
+
nt_lm_owf_gen(buf, nt_hash, lm_hash);
- new_pwd.smb_passwd = lm_hash;
- new_pwd.smb_nt_passwd = nt_hash;
+ pdb_set_lanman_passwd (pwd, lm_hash);
+ pdb_set_nt_passwd (pwd, nt_hash);
/* update the UNIX password */
if (lp_unix_password_sync())
- if(!chgpasswd(new_pwd.smb_name, "", buf, True))
+ if(!chgpasswd(pdb_get_username(pwd), "", buf, True))
return False;
memset(buf, 0, sizeof(buf));
-DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n"));
+
+ DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n"));
/* update the SAMBA password */
- if(!mod_sam21pwd_entry(&new_pwd, True))
+ if(!pdb_update_sam_account(pwd, True))
return False;
return True;
/*******************************************************************
samr_reply_set_userinfo
********************************************************************/
-static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR *ctr, pipes_struct *p)
+static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value,
+ SAM_USERINFO_CTR *ctr, pipes_struct *p)
{
uint32 rid = 0x0;
DOM_SID sid;
struct current_user user;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sam_pass;
unsigned char sess_key[16];
DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
- if (p->ntlmssp_auth_validated) {
+ if (p->ntlmssp_auth_validated)
+ {
memcpy(&user, &p->pipe_user, sizeof(user));
- } else {
+ }
+ else
+ {
extern struct current_user current_user;
memcpy(&user, ¤t_user, sizeof(user));
}
*/
become_root();
- smb_pass = getsmbpwuid(user.uid);
+ sam_pass = pdb_getsampwuid(user.uid);
unbecome_root();
- if(smb_pass == NULL) {
- DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid ));
+ if(sam_pass == NULL) {
+ DEBUG(0,("_samr_set_userinfo: Unable to get passdb entry for uid %u\n",
+ (unsigned int)pdb_get_uid(sam_pass) ));
return NT_STATUS_ACCESS_DENIED;
}
memset(sess_key, '\0', 16);
- mdfour(sess_key, smb_pass->smb_nt_passwd, 16);
+ mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16);
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
/* ok, it's a user. find the user account */
become_root();
- disp_info = getsamdisprid(rid);
+ disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid));
unbecome_root();
if (disp_info != NULL)
********************************************************************/
uint32 lookup_user_rid(char *user_name, uint32 *rid)
{
- struct sam_passwd *sam_pass;
+ SAM_ACCOUNT *sam_pass;
(*rid) = 0;
/* find the user account */
become_root();
- sam_pass = getsam21pwnam(user_name);
+ sam_pass = pdb_getsampwnam(user_name);
unbecome_root();
if (sam_pass != NULL)
{
- (*rid) = sam_pass->user_rid;
+ *rid = pdb_get_user_rid(sam_pass);
return 0x0;
}
gotstart = 1;
}
- if( $0 ~ /^vuser_key|^UNISTR2|^LOCAL_GRP|^DOMAIN_GRP|^SMB_STRUCT_DIRENT|^SEC_ACL|^SEC_DESC|^SEC_DESC_BUF|^DOM_SID|^RPC_HND_NODE/ ) {
+ if( $0 ~ /^vuser_key|^UNISTR2|^LOCAL_GRP|^DOMAIN_GRP|^SMB_STRUCT_DIRENT|^SEC_ACL|^SEC_DESC|^SEC_DESC_BUF|^DOM_SID|^RPC_HND_NODE|^BYTE/ ) {
gotstart = 1;
}
- if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN/ ) {
+ if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
gotstart = 1;
}
if( $0 ~ /^long|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ ) {
gotstart = 1;
}
+
+ if( $0 ~ /^SAM_ACCT_INFO_NODE/ ) {
+ gotstart = 1;
+ }
+
if(!gotstart) {
next;
}
#include "includes.h"
extern int DEBUGLEVEL;
+extern struct passdb_ops pdb_ops;
#if ALLOW_CHANGE_PASSWORD
************************************************************/
BOOL check_lanman_password(char *user, uchar * pass1,
- uchar * pass2, struct smb_passwd **psmbpw)
+ uchar * pass2, SAM_ACCOUNT **hnd)
{
static uchar null_pw[16];
uchar unenc_new_pw[16];
uchar unenc_old_pw[16];
- struct smb_passwd *smbpw;
-
- *psmbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ uint16 acct_ctrl;
+ BYTE *lanman_pw;
become_root();
- smbpw = getsmbpwnam(user);
+ sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("check_lanman_password: getsmbpwnam returned NULL\n"));
+ DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
return False;
}
+
+ acct_ctrl = pdb_get_acct_ctrl (sampass);
+ lanman_pw = pdb_get_lanman_passwd (sampass);
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("check_lanman_password: account %s disabled.\n",
+ DEBUG(0,("check_lanman_password: account %s disabled.\n",
user));
return False;
}
- if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
+ if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ))
{
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd (sampass, null_pw);
}
- else if (smbpw->smb_passwd == NULL)
+ else if (lanman_pw == NULL)
{
DEBUG(0, ("check_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
- D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+ D_P16(lanman_pw, pass2, unenc_new_pw);
/* Use this to get the old lanman hash. */
D_P16(unenc_new_pw, pass1, unenc_old_pw);
/* Check that the two old passwords match. */
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_lanman_password: old password doesn't match.\n"));
+ DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
- *psmbpw = smbpw;
+ /* this saves the pointer for the caller */
+ *hnd = sampass;
+
return True;
}
no longer be valid.
************************************************************/
-BOOL change_lanman_password(struct smb_passwd *smbpw, uchar * pass1,
+BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1,
uchar * pass2)
{
static uchar null_pw[16];
uchar unenc_new_pw[16];
BOOL ret;
+ uint16 acct_ctrl;
+ BYTE *pwd;
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("change_lanman_password: no smb password entry.\n"));
+ DEBUG(0,("change_lanman_password: no smb password entry.\n"));
return False;
}
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ pwd = pdb_get_lanman_passwd(sampass);
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("change_lanman_password: account %s disabled.\n",
- smbpw->smb_name));
+ DEBUG(0,("change_lanman_password: account %s disabled.\n",
+ pdb_get_username(sampass)));
return False;
}
- if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
+ if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ))
{
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd(sampass, null_pw);
}
- else if (smbpw->smb_passwd == NULL)
+ else if (pwd == NULL)
{
- DEBUG(0, ("change_lanman_password: no lanman password !\n"));
+ DEBUG(0,("change_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
- D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+ D_P16(pwd, pass2, unenc_new_pw);
- smbpw->smb_passwd = unenc_new_pw;
- smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
+ pdb_set_lanman_passwd(sampass, unenc_new_pw);
+ pdb_set_nt_passwd (sampass, NULL); /* We lose the NT hash. Sorry. */
- /* Now write it into the file. */
+ /* Now flush the sam_passwd struct to persistent storage */
become_root();
- ret = mod_smbpwd_entry(smbpw, False);
+ ret = pdb_update_sam_account (sampass, False);
unbecome_root();
return ret;
uchar * ntdata, uchar * nthash)
{
fstring new_passwd;
- struct smb_passwd *sampw;
+ SAM_ACCOUNT *sampass = NULL;
BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
- &sampw,
- new_passwd, sizeof(new_passwd));
+ &sampass, new_passwd, sizeof(new_passwd));
/*
* At this point we have the new case-sensitive plaintext
if (ret)
{
- ret = change_oem_password(sampw, new_passwd, False);
+ ret = change_oem_password(sampass, new_passwd, False);
}
memset(new_passwd, 0, sizeof(new_passwd));
BOOL check_oem_password(char *user,
uchar * lmdata, uchar * lmhash,
uchar * ntdata, uchar * nthash,
- struct smb_passwd **psmbpw, char *new_passwd,
+ SAM_ACCOUNT **hnd, char *new_passwd,
int new_passwd_size)
{
static uchar null_pw[16];
static uchar null_ntpw[16];
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ BYTE *lanman_pw, *nt_pw;
+ uint16 acct_ctrl;
int new_pw_len;
uchar new_ntp16[16];
uchar unenc_old_ntpw[16];
BOOL nt_pass_set = (ntdata != NULL && nthash != NULL);
become_root();
- *psmbpw = smbpw = getsmbpwnam(user);
+ *hnd = sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
return False;
}
-
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+
+ if (acct_ctrl & ACB_DISABLED)
{
- DEBUG(0,
- ("check_lanman_password: account %s disabled.\n",
- user));
+ DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
no_pw[1] = 0;
nt_lm_owf_gen(no_pw, null_ntpw, null_pw);
+ /* save pointers to passwords so we don't have to keep looking them up */
+ lanman_pw = pdb_get_lanman_passwd(sampass);
+ nt_pw = pdb_get_nt_passwd (sampass);
+
/* check for null passwords */
- if (smbpw->smb_passwd == NULL)
+ if (lanman_pw == NULL)
{
- if (smbpw->acct_ctrl & ACB_PWNOTREQ)
+ if (acct_ctrl & ACB_PWNOTREQ)
{
- smbpw->smb_passwd = null_pw;
+ pdb_set_lanman_passwd(sampass, null_pw);
}
else
{
- DEBUG(0,
- ("check_oem_password: no lanman password !\n"));
+ DEBUG(0,("check_oem_password: no lanman password !\n"));
return False;
}
}
- if (smbpw->smb_nt_passwd == NULL && nt_pass_set)
+ if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set)
{
- if (smbpw->acct_ctrl & ACB_PWNOTREQ)
+ if (acct_ctrl & ACB_PWNOTREQ)
{
- smbpw->smb_nt_passwd = null_pw;
+ pdb_set_nt_passwd(sampass, null_pw);
}
else
{
- DEBUG(0,
- ("check_oem_password: no ntlm password !\n"));
+ DEBUG(0,("check_oem_password: no ntlm password !\n"));
return False;
}
}
/*
* Call the hash function to get the new password.
*/
- SamOEMhash((uchar *) lmdata, (uchar *) smbpw->smb_passwd, True);
+ SamOEMhash((uchar *) lmdata, (uchar *)lanman_pw, True);
/*
* The length of the new password is in the last 4 bytes of
new_pw_len = IVAL(lmdata, 512);
if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1)
{
- DEBUG(0,
- ("check_oem_password: incorrect password length (%d).\n",
+ DEBUG(0,("check_oem_password: incorrect password length (%d).\n",
new_pw_len));
return False;
}
int uni_pw_len = new_pw_len;
char *pw;
new_pw_len /= 2;
- pw =
- dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),
- new_pw_len);
+ pw = dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),new_pw_len);
memcpy(new_passwd, pw, new_pw_len + 1);
}
else
*/
D_P16(new_p16, lmhash, unenc_old_pw);
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_oem_password: old lm password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
return False;
}
D_P16(new_ntp16, lmhash, unenc_old_pw);
D_P16(new_ntp16, nthash, unenc_old_ntpw);
- if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+ if (memcmp(lanman_pw, unenc_old_pw, 16))
{
- DEBUG(0,
- ("check_oem_password: old lm password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
return False;
}
- if (memcmp(smbpw->smb_nt_passwd, unenc_old_ntpw, 16))
+ if (memcmp(nt_pw, unenc_old_ntpw, 16))
{
- DEBUG(0,
- ("check_oem_password: old nt password doesn't match.\n"));
+ DEBUG(0,("check_oem_password: old nt password doesn't match.\n"));
return False;
}
#ifdef DEBUG_PASSWORD
override = True, override XXXXXXXXXX'd password
************************************************************/
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd,
+BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd,
BOOL override)
{
int ret;
nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
- smbpw->smb_passwd = new_p16;
- smbpw->smb_nt_passwd = new_nt_p16;
+ pdb_set_lanman_passwd (hnd, new_p16);
+ pdb_set_nt_passwd (hnd, new_nt_p16);
/* Now write it into the file. */
become_root();
- ret = mod_smbpwd_entry(smbpw, override);
+ ret = pdb_update_sam_account (hnd, override);
unbecome_root();
memset(new_passwd, '\0', strlen(new_passwd));
***********************************************************/
BOOL check_plaintext_password(char *user, char *old_passwd,
- int old_passwd_size, struct smb_passwd **psmbpw)
+ int old_passwd_size, SAM_ACCOUNT **hnd)
{
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass = NULL;
uchar old_pw[16], old_ntpw[16];
become_root();
- *psmbpw = smbpw = getsmbpwnam(user);
+ *hnd = sampass = pdb_getsampwnam(user);
unbecome_root();
- if (smbpw == NULL)
+ if (sampass == NULL)
{
- DEBUG(0,
- ("check_plaintext_password: getsmbpwnam returned NULL\n"));
+ DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n"));
return False;
}
- if (smbpw->acct_ctrl & ACB_DISABLED)
+ if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED)
{
- DEBUG(0,
- ("check_plaintext_password: account %s disabled.\n",
- user));
+ DEBUG(0,("check_plaintext_password: account %s disabled.\n", user));
return (False);
}
nt_lm_owf_gen(old_passwd, old_ntpw, old_pw);
#ifdef DEBUG_PASSWORD
- DEBUG(100, ("check_plaintext_password: smbpw->smb_nt_passwd \n"));
- dump_data(100, smbpw->smb_nt_passwd, 16);
+ DEBUG(100, ("check_plaintext_password: nt_passwd \n"));
+ dump_data(100, pdb_get_nt_passwd(sampass), 16);
DEBUG(100, ("check_plaintext_password: old_ntpw \n"));
dump_data(100, old_ntpw, 16);
- DEBUG(100, ("check_plaintext_password: smbpw->smb_passwd \n"));
- dump_data(100, smbpw->smb_passwd, 16);
+ DEBUG(100, ("check_plaintext_password: lanman_passwd \n"));
+ dump_data(100, pdb_get_lanman_passwd, 16);
DEBUG(100, ("check_plaintext_password: old_pw\n"));
dump_data(100, old_pw, 16);
#endif
- if (memcmp(smbpw->smb_nt_passwd, old_ntpw, 16)
- && memcmp(smbpw->smb_passwd, old_pw, 16))
+ if (memcmp(pdb_get_nt_passwd(sampass), old_ntpw, 16)
+ && memcmp(pdb_get_lanman_passwd(sampass), old_pw, 16))
return (False);
else
return (True);
{
fstring saved_pass2;
- struct smb_passwd *smbpw = NULL;
+ SAM_ACCOUNT *sampass;
/*
* Save the new password as change_oem_password overwrites it
fstrcpy(saved_pass2, pass2);
- if (check_plaintext_password(user,pass1,strlen(pass1),&smbpw) &&
- change_oem_password(smbpw,pass2,False))
+ if (check_plaintext_password(user,pass1,strlen(pass1),&sampass) &&
+ change_oem_password(sampass,pass2,False))
{
SSVAL(*rparam,0,NERR_Success);
if(SVAL(*rparam,0) != NERR_Success)
{
- struct smb_passwd *sampw = NULL;
+ SAM_ACCOUNT *hnd = NULL;
- if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) &&
- change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2))
+ if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) &&
+ change_lanman_password(hnd,(unsigned char *)pass1,(unsigned char *)pass2))
{
SSVAL(*rparam,0,NERR_Success);
}
*****************************************************************************/
static BOOL update_smbpassword_file(char *user, char *password)
{
- struct smb_passwd *smbpw;
- BOOL ret;
+ SAM_ACCOUNT *sampass = NULL;
+ BOOL ret;
become_root();
- smbpw = getsmbpwnam(user);
+ sampass = pdb_getsampwnam(user);
unbecome_root();
- if(smbpw == NULL) {
- DEBUG(0,("getsmbpwnam returned NULL\n"));
+ if(sampass == NULL) {
+ DEBUG(0,("pdb_getsampwnam returned NULL\n"));
return False;
}
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
- smbpw->acct_ctrl &= ~ACB_DISABLED;
+ pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED);
/* Here, the flag is one, because we want to ignore the
XXXXXXX'd out password */
- ret = change_oem_password( smbpw, password, True);
+ ret = change_oem_password( sampass, password, True);
if (ret == False) {
DEBUG(3,("change_oem_password returned False\n"));
}
return ret;
}
-
-
-
-
/****************************************************************************
core of smb password checking routine.
****************************************************************************/
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
-BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
+BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8],
uchar lm_pass[24], uchar nt_pass[24])
{
uchar challenge[8];
+ char* user_name;
+ BYTE *nt_pw, *lm_pw;
- if (!lm_pass || !smb_pass) return(False);
+ if (!lm_pass || !sampass)
+ return(False);
- DEBUG(4,("Checking SMB password for user %s\n",
- smb_pass->smb_name));
+ user_name = pdb_get_username(sampass);
+
+ DEBUG(4,("Checking SMB password for user %s\n",user_name));
- if(smb_pass->acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("account for user %s was disabled.\n",
- smb_pass->smb_name));
+ if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
+ DEBUG(1,("account for user %s was disabled.\n", user_name));
return(False);
}
memcpy(challenge, chal, 8);
}
- if ((Protocol >= PROTOCOL_NT1) && (smb_pass->smb_nt_passwd != NULL)) {
+ nt_pw = pdb_get_nt_passwd(sampass);
+
+ if ((Protocol >= PROTOCOL_NT1) && (nt_pw != NULL)) {
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
- if (smb_password_check((char *)nt_pass,
- (uchar *)smb_pass->smb_nt_passwd,
- challenge)) {
+ if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge))
+ {
DEBUG(4,("NT MD4 password check succeeded\n"));
return(True);
}
DEBUG(4,("NT MD4 password check failed\n"));
}
- /* Try against the lanman password. smb_pass->smb_passwd == NULL means
- no password, allow access. */
+ /* Try against the lanman password. pdb_get_lanman_passwd(sampass) == NULL
+ means no password, allow access. */
DEBUG(4,("Checking LM MD4 password\n"));
- if((smb_pass->smb_passwd == NULL) &&
- (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
- DEBUG(4,("no password required for user %s\n",
- smb_pass->smb_name));
+ lm_pw = pdb_get_lanman_passwd(sampass);
+
+ if((lm_pw == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
+ {
+ DEBUG(4,("no password required for user %s\n",user_name));
return True;
}
- if((smb_pass->smb_passwd != NULL) &&
- smb_password_check((char *)lm_pass,
- (uchar *)smb_pass->smb_passwd, challenge)) {
+ if((lm_pw != NULL) && smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge))
+ {
DEBUG(4,("LM MD4 password check succeeded\n"));
return(True);
}
return True if the password is correct, False otherwise
****************************************************************************/
-BOOL pass_check_smb(char *user, char *domain,
- uchar *chal, uchar *lm_pwd, uchar *nt_pwd,
- struct passwd *pwd)
+BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+ uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd)
{
struct passwd *pass;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
if (!lm_pwd || !nt_pwd)
{
return(False);
}
+ /* FIXME! this code looks to be unnecessary now that the passdb
+ validates that the username exists and has a valid uid */
if (pwd != NULL && user == NULL)
{
pass = (struct passwd *) pwd;
}
else
{
+ /* I don't get this call here. I think it should be moved.
+ Need to check on it. --jerry */
pass = smb_getpwnam(user,True);
}
return(False);
}
- smb_pass = getsmbpwnam(user);
-
- if (smb_pass == NULL)
+ /* get the account information */
+ sampass = pdb_getsampwnam(user);
+ if (sampass == NULL)
{
- DEBUG(1,("Couldn't find user '%s' in smb_passwd file.\n", user));
+ DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user));
return(False);
}
/* Quit if the account was disabled. */
- if(smb_pass->acct_ctrl & ACB_DISABLED) {
+ if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
DEBUG(1,("Account for user '%s' was disabled.\n", user));
return(False);
}
- /* Ensure the uid's match */
+ /* Ensure the uid's match
+ FIXME! This also seems unnecessary --jerry */
+#if 0 /* GWC */
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(0,("Error : UNIX and SMB uids in password files do not match for user '%s'!\n", user));
return(False);
}
+#endif
- if (smb_pass->acct_ctrl & ACB_PWNOTREQ) {
- if (lp_null_passwords()) {
- DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name));
+ if (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)
+ {
+ if (lp_null_passwords())
+ {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user));
return(True);
- } else {
- DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", smb_pass->smb_name));
+ }
+ else
+ {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user));
return(False);
}
}
- if (smb_password_ok(smb_pass, chal, lm_pwd, nt_pwd))
+ if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd))
{
return(True);
}
char *smb_passwd, int smb_passlen,
char *smb_nt_passwd, int smb_nt_passlen)
{
- struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
+ /* check if trust account exists */
+ SAM_ACCOUNT *sam_trust_acct = NULL;
+ uint16 acct_ctrl;
+
if (lp_security() == SEC_USER) {
- smb_trust_acct = getsmbpwnam(user);
+ sam_trust_acct = pdb_getsampwnam(user);
} else {
DEBUG(0,("session_trust_account: Trust account %s only supported with security = user\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (smb_trust_acct == NULL) {
+ if (sam_trust_acct == NULL) {
/* lkclXXXX: workstation entry doesn't exist */
DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (!smb_password_ok(smb_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) {
+ if (!smb_password_ok(sam_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) {
DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_LOGON_FAILURE));
}
- if (smb_trust_acct->acct_ctrl & ACB_DOMTRUST) {
+ acct_ctrl = pdb_get_acct_ctrl(sam_trust_acct);
+ if (acct_ctrl & ACB_DOMTRUST) {
DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT));
}
- if (smb_trust_acct->acct_ctrl & ACB_SVRTRUST) {
+ if (acct_ctrl & ACB_SVRTRUST) {
DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT));
}
- if (smb_trust_acct->acct_ctrl & ACB_WSTRUST) {
+ if (acct_ctrl & ACB_WSTRUST) {
DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT));
exit(1);
}
- if(!initialize_password_db()) {
+ if(!initialize_password_db(False)) {
exit(1);
}
return pop_sec_ctx();
}
-/* Temporarily become a root user. Must match with unbecome_root(). */
+/* Temporarily become a root user. Must match with unbecome_root(). */
void become_root(void)
{
push_sec_ctx();
if (remote_machine != NULL) {
if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
- LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
+ LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD))
+ {
/* these things can't be done remotely yet */
return False;
}
- ret = remote_password_change(remote_machine, user_name,
- old_passwd, new_passwd, err_str, sizeof(err_str));
+ ret = remote_password_change(remote_machine, user_name, old_passwd,
+ new_passwd, err_str, sizeof(err_str));
if(*err_str)
fprintf(stderr, err_str);
return ret;
* smbpasswd file) then we need to prompt for a new password.
*/
- if(local_flags & LOCAL_ENABLE_USER) {
- struct smb_passwd *smb_pass = getsmbpwnam(user_name);
- if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL)) {
+ if(local_flags & LOCAL_ENABLE_USER)
+ {
+ SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name);
+ if((sampass != NULL) && (pdb_get_lanman_passwd(sampass) != NULL))
+ {
new_passwd = xstrdup("XXXX"); /* Don't care. */
}
}
}
}
- if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags)) {
+ if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags))
+ {
fprintf(stderr,"Failed to modify password entry for user %s\n", user_name);
result = 1;
goto done;
}
- if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) {
- struct smb_passwd *smb_pass = getsmbpwnam(user_name);
+ if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD)))
+ {
+ SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name);
printf("Password changed for user %s.", user_name );
- if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_DISABLED ))
+ if( (sampass != NULL) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) )
printf(" User has disabled flag set.");
- if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ))
+ if((sampass != NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) )
printf(" User has no password flag set.");
printf("\n");
}
charset_initialise();
- if(!initialize_password_db()) {
+ if(!initialize_password_db(True)) {
fprintf(stderr, "Can't setup password database vectors.\n");
exit(1);
}
return ret;
}
- if(!initialize_password_db()) {
- printf("Can't
setup password database vectors.\n<p>");
+ if(!initialize_password_db(True)) {
+ printf("Can't
initialize passdb!\n<p>");
return False;
}
git.samba.org / samba.git / commitdiff