diff options
| author | Jeremy Allison <jra@samba.org> | 2002-02-01 22:18:53 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2002-02-01 22:18:53 +0000 |
| commit | dd6c9553603580d6c83be8183aca1eb21caa9168 (patch) | |
| tree | 10dbf795dd1e50ca231f78c566a07b929f49defb | |
| parent | 8d63a817bb04da3c7cc43e342a9034f5f23c5041 (diff) | |
| download | samba-dd6c9553603580d6c83be8183aca1eb21caa9168.tar.gz | |
Merging for release.
Jeremy.
| -rw-r--r-- | source/include/rpcclient.h | 32 | ||||
| -rw-r--r-- | source/lib/util_array.c | 196 | ||||
| -rw-r--r-- | source/lib/util_list.c | 323 | ||||
| -rw-r--r-- | source/nsswitch/winbindd_glue.c | 448 | ||||
| -rw-r--r-- | source/passdb/nispass.c | 1099 | ||||
| -rw-r--r-- | source/passdb/smbpass.c | 1429 | ||||
| -rw-r--r-- | source/passdb/smbpasschange.c | 198 | ||||
| -rw-r--r-- | source/passdb/smbpassgroup.c | 196 | ||||
| -rw-r--r-- | source/rpc_client/cli_connect.c | 397 | ||||
| -rw-r--r-- | source/rpc_client/cli_lsarpc.c | 698 | ||||
| -rw-r--r-- | source/rpc_client/cli_use.c | 450 | ||||
| -rw-r--r-- | source/rpc_client/ncacn_np_use.c | 460 | ||||
| -rw-r--r-- | source/rpc_parse/parse_creds.c | 633 | ||||
| -rwxr-xr-x | source/smbadduser | 73 |
14 files changed, 0 insertions, 6632 deletions
diff --git a/source/include/rpcclient.h b/source/include/rpcclient.h deleted file mode 100644 index f8e5d2d9b15..00000000000 --- a/source/include/rpcclient.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.2 - RPC pipe client - - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef RPCCLIENT_H -#define RPCCLIENT_H - -struct cmd_set { - char *name; - uint32 (*fn)(struct cli_state*, int argc, char **argv); - char *description; -}; - -#endif /* RPCCLIENT_H */ diff --git a/source/lib/util_array.c b/source/lib/util_array.c deleted file mode 100644 index dcb2a6b5f08..00000000000 --- a/source/lib/util_array.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Samba utility functions - Copyright (C) Andrew Tridgell 1992-1999 - Copyright (C) Luke Kenneth Casson Leighton 1996-1999 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -void free_void_array(uint32 num_entries, void **entries, - void(free_item)(void*)) -{ - uint32 i; - if (entries != NULL) - { - for (i = 0; i < num_entries; i++) - { - if (entries[i] != NULL) - { - free_item(entries[i]); - } - } - free(entries); - } -} - -void* add_copy_to_array(uint32 *len, void ***array, const void *item, - void*(item_dup)(const void*), BOOL alloc_anyway) -{ - void* copy = NULL; - if (len == NULL || array == NULL) - { - return NULL; - } - - if (item != NULL || alloc_anyway) - { - copy = item_dup(item); - return add_item_to_array(len, array, copy); - } - return copy; -} - -void* add_item_to_array(uint32 *len, void ***array, void *item) -{ - void **tary; - - if (len == NULL || array == NULL) - return NULL; - - tary = (void**)Realloc((*array), ((*len)+1)*sizeof((*array)[0])); - - if (tary != NULL) { - (*array) = tary; - (*array)[(*len)] = item; - (*len)++; - return item; - } else { - free((char *)*array); - } - return NULL; -} - -static void use_info_free(struct use_info *item) -{ - if (item != NULL) - { - if (item->srv_name != NULL) - { - free(item->srv_name); - } - if (item->user_name != NULL) - { - free(item->user_name); - } - if (item->domain != NULL) - { - free(item->domain); - } - free(item); - } -} - -static struct use_info *use_info_dup(const struct use_info *from) -{ - if (from != NULL) - { - struct use_info *copy = (struct use_info *) - malloc(sizeof(struct use_info)); - if (copy != NULL) - { - ZERO_STRUCTP(copy); - copy->connected = from->connected; - if (from->srv_name != NULL) - { - copy->srv_name = strdup(from->srv_name ); - } - if (from->user_name != NULL) - { - copy->user_name = strdup(from->user_name); - } - if (from->domain != NULL) - { - copy->domain = strdup(from->domain ); - } - } - return copy; - } - return NULL; -} - -void free_use_info_array(uint32 num_entries, struct use_info **entries) -{ - void(*fn)(void*) = (void(*)(void*))&use_info_free; - free_void_array(num_entries, (void**)entries, *fn); -} - -struct use_info* add_use_info_to_array(uint32 *len, struct use_info ***array, - const struct use_info *name) -{ - void*(*fn)(const void*) = (void*(*)(const void*))&use_info_dup; - return (struct use_info*)add_copy_to_array(len, - (void***)array, (const void*)name, *fn, False); - -} - -void free_char_array(uint32 num_entries, char **entries) -{ - void(*fn)(void*) = (void(*)(void*))&free; - free_void_array(num_entries, (void**)entries, *fn); -} - -char* add_chars_to_array(uint32 *len, char ***array, const char *name) -{ - void*(*fn)(const void*) = (void*(*)(const void*))&strdup; - return (char*)add_copy_to_array(len, - (void***)array, (const void*)name, *fn, False); - -} - -static uint32 *uint32_dup(const uint32* from) -{ - if (from != NULL) - { - uint32 *copy = (uint32 *)malloc(sizeof(uint32)); - if (copy != NULL) - { - memcpy(copy, from, sizeof(*copy)); - } - return copy; - } - return NULL; -} - -void free_uint32_array(uint32 num_entries, uint32 **entries) -{ - void(*fn)(void*) = (void(*)(void*))&free; - free_void_array(num_entries, (void**)entries, *fn); -} - -uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name) -{ - void*(*fn)(const void*) = (void*(*)(const void*))&uint32_dup; - return (uint32*)add_copy_to_array(len, - (void***)array, (const void*)name, *fn, False); - -} - -void free_sid_array(uint32 num_entries, DOM_SID **entries) -{ - void(*fn)(void*) = (void(*)(void*))&free; - free_void_array(num_entries, (void**)entries, *fn); -} - -DOM_SID* add_sid_to_array(uint32 *len, DOM_SID ***array, const DOM_SID *sid) -{ - void*(*fn)(const void*) = (void*(*)(const void*))&sid_dup; - return (DOM_SID*)add_copy_to_array(len, - (void***)array, (const void*)sid, *fn, False); -} - diff --git a/source/lib/util_list.c b/source/lib/util_list.c deleted file mode 100644 index 0175a7c8a16..00000000000 --- a/source/lib/util_list.c +++ /dev/null @@ -1,323 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Samba utility functions - Copyright (C) Andrew Tridgell 1992-1999 - Copyright (C) Gerald Carter <jerry@samba.org> 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/**************************************************************** - In order to make use of the GENERIC_LIST data structure, you - should create wrapper functions around: - - BOOL generic_list_insert() - void* generic_list_remove() - void* generic_list_locate() - - The reason this is necessary is that the GENERIC_LIST uses a - void pointer to store your data structure. This means that - you get no type checking and can create a hetergenous list. - However, you will need to have some way to determine the type - of your data. If you are using a homogenous list, then - wrapper functions are the easiest way. If you are creating - a hetergenous list, then you will need to use the type field - for your arbitrary identifiers. - - TODO: - If neccessary, you can add a few generic_list_*() to do things - like grab from the front (to implement a FIFO queue) or from - the tail (to implement a FILO stack) - ****************************************************************/ - -#include "includes.h" - - -/* - * list variables - */ -static GENERIC_LIST hnds; - - -/**************************************************************** - Initialize the list. This doesn't do much currently. Just make - sure that you call it so we can determine wether the list is - empty or not. - ****************************************************************/ -static void generic_list_init(GENERIC_LIST *l) -{ - - l->head = NULL; - l->tail = NULL; - l->length = 0; - l->initialized = True; - - return; -} - - -/***************************************************************** - Insert some data into the list (appended to the end of the list) - *****************************************************************/ -static BOOL generic_list_insert(GENERIC_LIST *l, - void *item, uint8 type) -{ - /* check for an emtpy list first */ - if (l->length == 0) - { - if ((l->head = malloc(sizeof(struct _list_node))) == NULL) - { - DEBUG(0, ("ERROR: out of memory! Cannot allocate a list node!\n")); - return False; - } - l->head->data = item; - l->head->type = type; - l->head->next = NULL; - l->length++; - l->tail = l->head; - } - - /* we already have an existing list */ - else - { - if ((l->tail->next = malloc(sizeof(struct _list_node))) == NULL) - { - DEBUG(0, ("ERROR: out of memory! Cannot allocate a list node!\n")); - return False; - } - l->tail = l->tail->next; - l->tail->next = NULL; - l->tail->data = item; - l->tail->type = type; - l->length++; - } - - /* return the list pointer in case this was the first node */ - return True; -} - -/**************************************************************** - In order to locate an item in the list we need a pointer to - a compare function for the data items. - - We will return the actual pointer to the item in the list. Not - a copy of the item. - ****************************************************************/ -static void* generic_list_locate (GENERIC_LIST *l, void *search, - BOOL(*cmp)(const void*,const void*)) -{ - struct _list_node *item; - - /* loop through the list in linear order */ - item = l->head; - while (item != NULL) - { - if (cmp(search, item->data)) - return item->data; - else - { - item = item->next; - } - } - - return NULL; -} - - -/*************************************************************** - In order to remove a node from the list, we will need a pointer - to a compare function. The function will return a pointer to - data in the removed node. - - **WARNING** It is the responsibility of the caller to save - the pointer and destroy the data. - ***************************************************************/ - static void* generic_list_remove(GENERIC_LIST *l, void *search, - BOOL(*cmp)(const void*,const void*)) -{ - struct _list_node *item, *tag; - void *data_ptr; - - /* loop through the list in linear order */ - tag = NULL; - item = l->head; - while (item != NULL) - { - /* did we find it? If so remove the node */ - if (cmp(search, item->data)) - { - /* found, so remove the node */ - - /* remove the first item in the list */ - if (item == l->head) - l->head = item->next; - /* remove from the middle or the end */ - else - tag->next = item->next; - - /* check to see if we need to update the tail */ - if (l->tail == item) - l->tail = tag; - - l->length--; - data_ptr = item->data; - free(item); - return data_ptr; - } - /* increment to the nbext node in the list */ - else - { - tag = item; - item = item->next; - } - } - - return NULL; -} - -/************************************************************** - copy a POLICY_HND - *************************************************************/ -BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src) -{ - /* if we have no destination, return an error */ - if (dest == NULL) - return False; - - /* if the src handle is NULL, then copy 0x00 to - the dest handle */ - if (src == NULL) - { - /* if POLICY_HND internals ever changes, - this will need to be fixed */ - ZERO_STRUCTP(dest); - return True; - } - - *dest = *src; - return True; -} - -/* ------------------------------------------------------------- - Functions to implement the RpcHandle list - -------------------------------------------------------------- */ - - - -/*************************************************************** - Return True if the to RPC_HND_NODEs are eqivalent in value. - Return False if they are not. Since a POLICY_HND is really - a UUID, two RPC_HND_NODES are considered to be the same if the - POLICY_HND value matches. - - No ordering betweeen the two is attempted. - **************************************************************/ -BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x, - const RPC_HND_NODE *y) -{ - /* only compare valid nodes */ - if (x==NULL || y==NULL) - return False; - - /* if the POLICY_HND field(s) are ever changed, this - will need to be updated. Probably should be a set of - support function for dealing with POLICY_HND */ - return (memcmp(&x->hnd, &y->hnd, sizeof(POLICY_HND)) == 0); -} - -/*************************************************************** - associate a POLICY_HND with a cli_connection - **************************************************************/ -BOOL RpcHndList_set_connection(const POLICY_HND *hnd, - struct cli_connection *con) -{ - - RPC_HND_NODE *node = NULL; - - /* initialize the list if necessary */ - if (!hnds.initialized) - generic_list_init(&hnds); - - /* allocate a node to insert */ - if ((node=(RPC_HND_NODE*)malloc(sizeof(RPC_HND_NODE))) == NULL) - { - DEBUG(0, ("ERROR: Unable to allocate memory for an RPC_HND_NODE!\n")); - return False; - } - - /* fill in the RPC_HND_NODE */ - copy_policy_hnd (&node->hnd, hnd); - node->cli = con; - - /* insert the node into the list: - The 3rd parameter is set to 0 since we don't care - anything about the type field */ - return (generic_list_insert(&hnds, (void*)node, 0)); -} - -/************************************************************************ - delete a POLICY_HND (and associated cli_connection) from the list - ***********************************************************************/ -BOOL RpcHndList_del_connection(const POLICY_HND *hnd) -{ - RPC_HND_NODE node, *located; - - /* return NULL if the list has not been initialized */ - if (!hnds.initialized) - return False; - - /* fill in the RPC_HND_NODE */ - copy_policy_hnd (&node.hnd, hnd); - node.cli = NULL; - - /* search for the POLICY_HND */ - located = (RPC_HND_NODE*)generic_list_remove(&hnds, &node, - (BOOL(*)(const void*, const void*))compare_rpc_hnd_node); - if (located == NULL) - return False; - - /* delete the information */ - cli_connection_free(located->cli); - free(located); - return True; -} - -/************************************************************************ - search for a POLICY_HND and return a pointer to the associated - cli_connection struct in the list - **********************************************************************/ -struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd) -{ - RPC_HND_NODE node, *located; - - /* return NULL if the list has not been initialized */ - if (!hnds.initialized) - return NULL; - - /* fill in the RPC_HND_NODE */ - copy_policy_hnd (&node.hnd, hnd); - node.cli = NULL; - - /* search for the POLICY_HND */ - located = (RPC_HND_NODE*)generic_list_locate(&hnds, &node, - (BOOL(*)(const void*, const void*))compare_rpc_hnd_node); - if (located == NULL) - return NULL; - else - return located->cli; -} - - diff --git a/source/nsswitch/winbindd_glue.c b/source/nsswitch/winbindd_glue.c deleted file mode 100644 index e9792c6d47c..00000000000 --- a/source/nsswitch/winbindd_glue.c +++ /dev/null @@ -1,448 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.0 - - Winbind daemon glue functions to connect new cli interface - to older style lsa_ and samr_ functions - - Copyright (C) tridge@samba.org 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ -BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access, - CLI_POLICY_HND *pol) -{ - struct nmb_name calling, called; - struct ntuser_creds creds; - struct in_addr dest_ip; - fstring dest_host; - uint32 result = NT_STATUS_UNSUCCESSFUL; - extern pstring global_myname; - - ZERO_STRUCTP(pol); - - pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state)); - pol->mem_ctx = talloc_init(); - - ZERO_STRUCTP(pol->cli); - - if (!pol->cli || !pol->mem_ctx) - return False; - - /* Initialise RPC connection */ - - if (!cli_initialise(pol->cli)) - goto done; - - ZERO_STRUCT(creds); - creds.pwd.null_pwd = 1; - - cli_init_creds(pol->cli, &creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(server, dest_host, &dest_ip)) { - goto done; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - goto done; - } - - if (!cli_nt_session_open (pol->cli, PIPE_LSARPC)) { - goto done; - } - - result = cli_lsa_open_policy(pol->cli, pol->mem_ctx, sec_qos, - des_access, &pol->handle); - - done: - if (result != NT_STATUS_OK && pol->cli) { - if (pol->cli->initialised) - cli_shutdown(pol->cli); - free(pol->cli); - } - - return (result == NT_STATUS_OK); -} - -/**************************************************************************** -do a LSA Enumerate Trusted Domain -****************************************************************************/ -BOOL wb_lsa_enum_trust_dom(CLI_POLICY_HND *hnd, uint32 *enum_ctx, - uint32 * num_doms, char ***names, DOM_SID **sids) -{ - uint32 ret; - - ret = cli_lsa_enum_trust_dom(hnd->cli, hnd->mem_ctx, &hnd->handle, - enum_ctx, num_doms, names, sids); - - return (ret == NT_STATUS_OK); -} - -/**************************************************************************** -do a LSA Query Info Policy -****************************************************************************/ -BOOL wb_lsa_query_info_pol(CLI_POLICY_HND *hnd, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid) -{ - uint32 ret; - - ret = cli_lsa_query_info_policy(hnd->cli, hnd->mem_ctx, &hnd->handle, - info_class, domain_name, domain_sid); - - return (ret == NT_STATUS_OK); -} - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -BOOL wb_lsa_lookup_names(CLI_POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) -{ - uint32 ret; - - ret = cli_lsa_lookup_names(hnd->cli, hnd->mem_ctx, &hnd->handle, - num_names, names, sids, types, num_sids); - - return (ret == NT_STATUS_OK); -} - -/**************************************************************************** -do a LSA Lookup SIDS -****************************************************************************/ -BOOL wb_lsa_lookup_sids(CLI_POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names) -{ - uint32 ret; - - ret = cli_lsa_lookup_sids(hnd->cli, hnd->mem_ctx, &hnd->handle, - num_sids, sids, names, types, num_names); - - return (ret == NT_STATUS_OK); -} - -/**************************************************************************** -lsa_close glue -****************************************************************************/ -BOOL wb_lsa_close(CLI_POLICY_HND *hnd) -{ - uint32 ret; - - ret = cli_lsa_close(hnd->cli, hnd->mem_ctx, &hnd->handle); - - return (ret == NT_STATUS_OK); -} - - -/**************************************************************************** -samr_close glue -****************************************************************************/ -BOOL wb_samr_close(CLI_POLICY_HND *hnd) -{ - uint32 ret; - - ret = cli_samr_close(hnd->cli, hnd->mem_ctx, &hnd->handle); - - return (ret == NT_STATUS_OK); -} - - -/**************************************************************************** -samr_connect glue -****************************************************************************/ -BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol) -{ - struct nmb_name calling, called; - struct ntuser_creds creds; - struct in_addr dest_ip; - fstring dest_host; - uint32 result = NT_STATUS_UNSUCCESSFUL; - extern pstring global_myname; - - ZERO_STRUCTP(pol); - - pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state)); - - ZERO_STRUCTP(pol->cli); - - pol->mem_ctx = talloc_init(); - - if (!pol->cli || !pol->mem_ctx) - return False; - - /* Initialise RPC connection */ - - if (!cli_initialise(pol->cli)) - goto done; - - ZERO_STRUCT(creds); - creds.pwd.null_pwd = 1; - - cli_init_creds(pol->cli, &creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(server, dest_host, &dest_ip)) { - goto done; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - goto done; - } - - if (!cli_nt_session_open (pol->cli, PIPE_SAMR)) { - goto done; - } - - result = cli_samr_connect(pol->cli, pol->mem_ctx, - access_mask, &pol->handle); - - done: - if (result != NT_STATUS_OK && pol->cli) { - if (pol->cli->initialised) - cli_shutdown(pol->cli); - free(pol->cli); - } - - return (result == NT_STATUS_OK); -} - - -/**************************************************************************** -samr_open_domain glue -****************************************************************************/ -BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms, - DOM_SID *sid, CLI_POLICY_HND *domain_pol) -{ - uint32 ret; - - ret = cli_samr_open_domain(connect_pol->cli, - connect_pol->mem_ctx, - &connect_pol->handle, - ace_perms, - sid, - &domain_pol->handle); - - if (ret == NT_STATUS_OK) { - domain_pol->cli = connect_pol->cli; - domain_pol->mem_ctx = connect_pol->mem_ctx; - return True; - } - - return False; -} - -/**************************************************************************** -do a SAMR enumerate groups -****************************************************************************/ -uint32 wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx, - uint32 size, struct acct_info **sam, - uint32 *num_sam_groups) -{ - uint32 ret; - - ret = cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle, - start_idx, size, sam, num_sam_groups); - - return (ret == NT_STATUS_OK); -} - -/**************************************************************************** -do a SAMR query userinfo -****************************************************************************/ -BOOL wb_get_samr_query_userinfo(CLI_POLICY_HND *pol, uint32 info_level, - uint32 user_rid, SAM_USERINFO_CTR **ctr) -{ - POLICY_HND user_pol; - BOOL got_user_pol = False; - uint32 result; - - if ((result = cli_samr_open_user(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - user_rid, &user_pol)) - != NT_STATUS_OK) - goto done; - - got_user_pol = True; - - if ((result = cli_samr_query_userinfo(pol->cli, pol->mem_ctx, - &user_pol, info_level, ctr)) - != NT_STATUS_OK) - goto done; - - done: - if (got_user_pol) cli_samr_close(pol->cli, pol->mem_ctx, &user_pol); - - return (result == NT_STATUS_OK); -} - -/**************************************************************************** -do a SAMR enumerate groups -****************************************************************************/ -BOOL wb_samr_open_user(CLI_POLICY_HND *pol, uint32 access_mask, uint32 rid, - POLICY_HND *user_pol) -{ - uint32 ret; - - ret = cli_samr_open_user(pol->cli, pol->mem_ctx, &pol->handle, - access_mask, rid, user_pol); - - return (ret == NT_STATUS_OK); -} - -BOOL wb_samr_query_usergroups(CLI_POLICY_HND *pol, uint32 *num_groups, - DOM_GID **gid) -{ - uint32 ret; - - ret = cli_samr_query_usergroups(pol->cli, pol->mem_ctx, &pol->handle, - num_groups, gid); - - return (ret == NT_STATUS_OK); -} - -BOOL wb_get_samr_query_groupinfo(CLI_POLICY_HND *pol, uint32 info_level, - uint32 group_rid, GROUP_INFO_CTR *ctr) -{ - POLICY_HND group_pol; - BOOL got_group_pol = False; - uint32 result; - - if ((result = cli_samr_open_group(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol)) - != NT_STATUS_OK) - goto done; - - got_group_pol = True; - - if ((result = cli_samr_query_groupinfo(pol->cli, pol->mem_ctx, - &group_pol, info_level, - ctr)) != NT_STATUS_OK) - goto done; - - done: - if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol); - - return (result == NT_STATUS_OK); -} - -BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, - uint32 *num_names, uint32 **rid_mem, - char ***names, uint32 **name_types) -{ - BOOL got_group_pol = False; - POLICY_HND group_pol; - uint32 result, i, total_names = 0; - - if ((result = cli_samr_open_group(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol)) - != NT_STATUS_OK) - goto done; - - got_group_pol = True; - - if ((result = cli_samr_query_groupmem(pol->cli, pol->mem_ctx, - &group_pol, num_names, rid_mem, - name_types)) - != NT_STATUS_OK) - goto done; - - /* Call cli_samr_lookup_rids() in bunches of ~1000 rids to avoid - crashing NT4. */ - -#define MAX_LOOKUP_RIDS 900 - - *names = talloc(pol->mem_ctx, *num_names * sizeof(char *)); - *name_types = talloc(pol->mem_ctx, *num_names * sizeof(uint32)); - - for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) { - int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS); - uint32 tmp_num_names = 0; - char **tmp_names = NULL; - uint32 *tmp_types = NULL; - - /* Lookup a chunk of rids */ - - result = cli_samr_lookup_rids(pol->cli, pol->mem_ctx, - &pol->handle, 1000, /* flags */ - num_lookup_rids, - &(*rid_mem)[i], - &tmp_num_names, - &tmp_names, &tmp_types); - - if (result != NT_STATUS_OK) - goto done; - - /* Copy result into array. The talloc system will take - care of freeing the temporary arrays later on. */ - - memcpy(&(*names)[i], tmp_names, sizeof(char *) * - tmp_num_names); - - memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) * - tmp_num_names); - - total_names += tmp_num_names; - } - - *num_names = total_names; - - done: - if (got_group_pol) - cli_samr_close(pol->cli, pol->mem_ctx, &group_pol); - - return (result == NT_STATUS_OK); -} - -BOOL wb_samr_query_dom_info(CLI_POLICY_HND *pol, uint16 switch_value, - SAM_UNK_CTR *ctr) -{ - uint32 ret; - - ret = cli_samr_query_dom_info(pol->cli, pol->mem_ctx, - &pol->handle, switch_value, ctr); - - return (ret == NT_STATUS_OK); -} - -/* Unlike all the others, the status code of this function is actually used - by winbindd. */ - -uint32 wb_samr_query_dispinfo(CLI_POLICY_HND *pol, uint32 *start_ndx, - uint16 info_level, uint32 *num_entries, - SAM_DISPINFO_CTR *ctr) -{ - return cli_samr_query_dispinfo(pol->cli, pol->mem_ctx, - &pol->handle, start_ndx, - info_level, num_entries, - 0xffff, ctr); -} diff --git a/source/passdb/nispass.c b/source/passdb/nispass.c deleted file mode 100644 index c1a867bc338..00000000000 --- a/source/passdb/nispass.c +++ /dev/null @@ -1,1099 +0,0 @@ -/* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - * Copyright (C) Benny Holmgren 1998 <bigfoot@astrakan.hgs.se> - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#ifdef WITH_NISPLUS - -#ifdef BROKEN_NISPLUS_INCLUDE_FILES - -/* - * The following lines are needed due to buggy include files - * in Solaris 2.6 which define GROUP in both /usr/include/sys/acl.h and - * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA. - * Also GROUP_OBJ is defined as 0x4 in /usr/include/sys/acl.h and as - * an enum in /usr/include/rpcsvc/nis.h. - */ - -#if defined(GROUP) -#undef GROUP -#endif - -#if defined(GROUP_OBJ) -#undef GROUP_OBJ -#endif - -#endif - -#include <rpcsvc/nis.h> - -extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; - -static VOLATILE sig_atomic_t gotalarm; - -/*************************************************************** - - the fields for the NIS+ table, generated from mknissmbpwtbl.sh, are: - - name=S,nogw=r - uid=S,nogw=r - user_rid=S,nogw=r - smb_grpid=,nw+r - group_rid=,nw+r - acb=,nw+r - - lmpwd=C,nw=,g=r,o=rm - ntpwd=C,nw=,g=r,o=rm - - logon_t=,nw+r - logoff_t=,nw+r - kick_t=,nw+r - pwdlset_t=,nw+r - pwdlchg_t=,nw+r - pwdmchg_t=,nw+r - - full_name=,nw+r - home_dir=,nw+r - dir_drive=,nw+r - logon_script=,nw+r - profile_path=,nw+r - acct_desc=,nw+r - workstations=,nw+r - - hours=,nw+r - -****************************************************************/ - -#define NPF_NAME 0 -#define NPF_UID 1 -#define NPF_USER_RID 2 -#define NPF_SMB_GRPID 3 -#define NPF_GROUP_RID 4 -#define NPF_ACB 5 -#define NPF_LMPWD 6 -#define NPF_NTPWD 7 -#define NPF_LOGON_T 8 -#define NPF_LOGOFF_T 9 -#define NPF_KICK_T 10 -#define NPF_PWDLSET_T 11 -#define NPF_PWDLCHG_T 12 -#define NPF_PWDMCHG_T 13 -#define NPF_FULL_NAME 14 -#define NPF_HOME_DIR 15 -#define NPF_DIR_DRIVE 16 -#define NPF_LOGON_SCRIPT 17 -#define NPF_PROFILE_PATH 18 -#define NPF_ACCT_DESC 19 -#define NPF_WORKSTATIONS 20 -#define NPF_HOURS 21 - -/*************************************************************** - Signal function to tell us we timed out. -****************************************************************/ -static void gotalarm_sig(void) -{ - gotalarm = 1; -} - -/*************************************************************** - make_nisname_from_user_rid - ****************************************************************/ -static char *make_nisname_from_user_rid(uint32 rid, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/*************************************************************** - make_nisname_from_uid - ****************************************************************/ -static char *make_nisname_from_uid(int uid, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[uid=", sizeof(nisname)-1); - slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/*************************************************************** - make_nisname_from_name - ****************************************************************/ -static char *make_nisname_from_name(char *user_name, char *pfile) -{ - static pstring nisname; - - safe_strcpy(nisname, "[name=", sizeof(nisname)-1); - safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1); - safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1); - safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1); - - return nisname; -} - -/************************************************************************* - gets a NIS+ attribute - *************************************************************************/ -static void get_single_attribute(nis_object *new_obj, int col, - char *val, int len) -{ - int entry_len; - - if (new_obj == NULL || val == NULL) return; - - entry_len = ENTRY_LEN(new_obj, col); - if (len > entry_len) - { - DEBUG(10,("get_single_attribute: entry length truncated\n")); - len = entry_len; - } - - safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1); -} - -/************************************************************************ - makes a struct sam_passwd from a NIS+ object. - ************************************************************************/ -static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj) -{ - int uidval; - static pstring user_name; - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - static pstring temp; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - - char *p; - - pdb_init_sam(pw_buf); - pw_buf->acct_ctrl = ACB_NORMAL; - - pstrcpy(user_name, ENTRY_VAL(obj, NPF_NAME)); - pw_buf->smb_name = user_name; - - uidval = atoi(ENTRY_VAL(obj, NPF_UID)); - pw_buf->smb_userid = uidval; - - /* Check the lanman password column. */ - p = (char *)ENTRY_VAL(obj, NPF_LMPWD); - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("make_sam_from_nisp_object: entry invalidated for user %s\n", user_name)); - pw_buf->smb_nt_passwd = NULL; - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_DISABLED; - return True; - } - if (!strncasecmp(p, "NO PASSWORD", 11)) { - pw_buf->smb_passwd = NULL; - pw_buf->acct_ctrl |= ACB_PWNOTREQ; - } else { - if (strlen(p) != 32 || !pdb_gethexpwd(p, smbpwd)) - { - DEBUG(0, ("make_sam_from_nisp_object: malformed LM pwd entry.\n")); - return False; - } - } - - pw_buf->smb_passwd = smbpwd; - - /* Check the NT password column. */ - p = ENTRY_VAL(obj, NPF_NTPWD); - if (*p != '*' && *p != 'X') { - if (strlen(p) != 32 || !pdb_gethexpwd(p, smbntpwd)) - { - DEBUG(0, ("make_smb_from_nisp_object: malformed NT pwd entry\n")); - return False; - } - pw_buf->smb_nt_passwd = smbntpwd; - } - - p = (char *)ENTRY_VAL(obj, NPF_ACB); - if (*p == '[') - { - pw_buf->acct_ctrl = pdb_decode_acct_ctrl(p); - - /* Must have some account type set. */ - if(pw_buf->acct_ctrl == 0) - pw_buf->acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(*p == ']') - p++; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp(p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf->pass_last_set_time = (time_t)strtol(p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') { - pw_buf->acct_ctrl &= ~ACB_NORMAL; - pw_buf->acct_ctrl |= ACB_WSTRUST; - } - } - - get_single_attribute(obj, NPF_SMB_GRPID, temp, sizeof(pstring)); - pw_buf->smb_grpid = atoi(temp); - - get_single_attribute(obj, NPF_USER_RID, temp, sizeof(pstring)); - pw_buf->user_rid = (strlen(temp) > 0) ? - strtol(temp, NULL, 16) : pdb_uid_to_user_rid (pw_buf->smb_userid); - - if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') { - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - pstrcpy(samlogon_user, pw_buf->smb_name); - sam_logon_in_ssb = True; - - get_single_attribute(obj, NPF_GROUP_RID, temp, sizeof(pstring)); - pw_buf->group_rid = (strlen(temp) > 0) ? - strtol(temp, NULL, 16) : pdb_gid_to_group_rid (pw_buf->smb_grpid); - - get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring)); -#if 1 - /* It seems correct to use the global values - but in that case why - * do we want these NIS+ entries anyway ?? - */ - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); -#else - get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, sizeof(pstring)); - get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring)); - get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring)); - get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); -#endif - get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring)); - get_single_attribute(obj, NPF_WORKSTATIONS, workstations, sizeof(pstring)); - - sam_logon_in_ssb = False; - - } else { - - pw_buf->group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - - pw_buf->full_name = full_name; - pw_buf->home_dir = home_dir; - pw_buf->dir_drive = home_drive; - pw_buf->logon_script = logon_script; - pw_buf->profile_path = profile_path; - pw_buf->acct_desc = acct_desc; - pw_buf->workstations = workstations; - - pw_buf->unknown_str = NULL; /* don't know, yet! */ - pw_buf->munged_dial = NULL; /* "munged" dial-back telephone number */ - - pw_buf->unknown_3 = 0xffffff; /* don't know */ - pw_buf->logon_divs = 168; /* hours per week */ - pw_buf->hours_len = 21; /* 21 times 8 bits = 168 */ - memset(pw_buf->hours, 0xff, pw_buf->hours_len); /* available at all hours */ - pw_buf->unknown_5 = 0x00020000; /* don't know */ - pw_buf->unknown_6 = 0x000004ec; /* don't know */ - - return True; -} - -/************************************************************************ - makes a struct sam_passwd from a NIS+ result. - ************************************************************************/ -static BOOL make_sam_from_nisresult(struct sam_passwd *pw_buf, nis_result *result) -{ - if (pw_buf == NULL || result == NULL) return False; - - if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) - { - DEBUG(0, ("make_sam_from_nisresult: NIS+ lookup failure: %s\n", - nis_sperrno(result->status))); - return False; - } - - /* User not found. */ - if (NIS_RES_NUMOBJ(result) <= 0) - { - DEBUG(10, ("make_sam_from_nisresult: user not found in NIS+\n")); - return False; - } - - if (NIS_RES_NUMOBJ(result) > 1) - { - DEBUG(10, ("make_sam_from_nisresult: WARNING: Multiple entries for user in NIS+ table!\n")); - } - - /* Grab the first hit. */ - return make_sam_from_nisp_object(pw_buf, &NIS_RES_OBJECT(result)[0]); - } - -/*************************************************************** - calls nis_list, returns results. - ****************************************************************/ -static nis_result *nisp_get_nis_list(char *nis_name) -{ - nis_result *result; - result = nis_list(nis_name, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("nisp_get_nis_list: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - return result; -} - - - -struct nisp_enum_info -{ - nis_result *result; - int enum_entry; -}; - -/*************************************************************** - Start to enumerate the nisplus passwd list. Returns a void pointer - to ensure no modification outside this module. - - do not call this function directly. use passdb.c instead. - - ****************************************************************/ -static void *startnisppwent(BOOL update) -{ - static struct nisp_enum_info res; - res.result = nisp_get_nis_list(lp_smb_passwd_file()); - res.enum_entry = 0; - return res.result != NULL ? &res : NULL; -} - -/*************************************************************** - End enumeration of the nisplus passwd list. -****************************************************************/ -static void endnisppwent(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - nis_freeresult(res->result); - DEBUG(7,("endnisppwent: freed enumeration list\n")); -} - -/************************************************************************* - Routine to return the next entry in the nisplus passwd list. - - do not call this function directly. use passdb.c instead. - - *************************************************************************/ -static struct sam_passwd *getnisp21pwent(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - static struct sam_passwd pw_buf; - int which; - BOOL ret; - - if (res == NULL || (int)(res->enum_entry) < 0 || - (int)(res->enum_entry) > (NIS_RES_NUMOBJ(res->result) - 1)) { - ret = False; - } else { - which = (int)(res->enum_entry); - ret = make_sam_from_nisp_object(&pw_buf, - &NIS_RES_OBJECT(res->result)[which]); - if (ret && which < (NIS_RES_NUMOBJ(res->result) - 1)) - (int)(res->enum_entry)++; - } - - return ret ? &pw_buf : NULL; -} - -/************************************************************************* - Return the current position in the nisplus passwd list as an SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static SMB_BIG_UINT getnisppwpos(void *vp) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - return (SMB_BIG_UINT)(res->enum_entry); -} - -/************************************************************************* - Set the current position in the nisplus passwd list from SMB_BIG_UINT. - This must be treated as an opaque token. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL setnisppwpos(void *vp, SMB_BIG_UINT tok) -{ - struct nisp_enum_info *res = (struct nisp_enum_info *)vp; - if (tok < (NIS_RES_NUMOBJ(res->result) - 1)) { - res->enum_entry = tok; - return True; - } else { - return False; - } -} - -/************************************************************************* - sets a NIS+ attribute - *************************************************************************/ -static void set_single_attribute(nis_object *new_obj, int col, - char *val, int len, int flags) -{ - if (new_obj == NULL) return; - - ENTRY_VAL(new_obj, col) = val; - ENTRY_LEN(new_obj, col) = len+1; - - if (flags != 0) - { - new_obj->EN_data.en_cols.en_cols_val[col].ec_flags = flags; - } -} - -/************************************************************************ - Routine to add an entry to the nisplus passwd file. - - do not call this function directly. use passdb.c instead. - -*************************************************************************/ -static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) -{ - char *pfile; - char *nisname; - nis_result *nis_user; - nis_result *result = NULL, - *tblresult = NULL, - *addresult = NULL; - nis_object new_obj, *obj; - - fstring uid; - fstring user_rid; - fstring smb_grpid; - fstring group_rid; - fstring acb; - - fstring smb_passwd; - fstring smb_nt_passwd; - - fstring logon_t; - fstring logoff_t; - fstring kickoff_t; - fstring pwdlset_t; - fstring pwdlchg_t; - fstring pwdmchg_t; - - memset((char *)logon_t , '\0', sizeof(logon_t )); - memset((char *)logoff_t , '\0', sizeof(logoff_t )); - memset((char *)kickoff_t, '\0', sizeof(kickoff_t)); - memset((char *)pwdlset_t, '\0', sizeof(pwdlset_t)); - memset((char *)pwdlchg_t, '\0', sizeof(pwdlchg_t)); - memset((char *)pwdmchg_t, '\0', sizeof(pwdmchg_t)); - - pfile = lp_smb_passwd_file(); - - nisname = make_nisname_from_name(newpwd->smb_name, pfile); - result = nisp_get_nis_list(nisname); - if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND) - { - DEBUG(3, ( "add_nis21ppwd_entry: nis_list failure: %s: %s\n", - nisname, nis_sperrno(result->status))); - nis_freeresult(result); - return False; - } - - if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0) - { - DEBUG(3, ("add_nisp21pwd_entry: User already exists in NIS+ password db: %s\n", - pfile)); - nis_freeresult(result); - return False; - } - -#if 0 - /* User not found. */ - if (!add_user) - { - DEBUG(3, ("add_nisp21pwd_entry: User not found in NIS+ password db: %s\n", - pfile)); - nis_freeresult(result); - return False; - } - -#endif - - tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ); - if (tblresult->status != NIS_SUCCESS) - { - nis_freeresult(result); - nis_freeresult(tblresult); - DEBUG(3, ( "add_nisp21pwd_entry: nis_lookup failure: %s\n", - nis_sperrno(tblresult->status))); - return False; - } - - new_obj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name; - new_obj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain; - new_obj.zo_owner = NIS_RES_OBJECT(tblresult)->zo_owner; - new_obj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group; - new_obj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access; - new_obj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl; - - new_obj.zo_data.zo_type = ENTRY_OBJ; - - new_obj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type; - new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; - new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); - - if (new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val == NULL) - { - DEBUG(0, ("add_nisp21pwd_entry: memory allocation failure\n")); - nis_freeresult(result); - nis_freeresult(tblresult); - return False; - } - - pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); - pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - - newpwd->pass_last_set_time = (time_t)time(NULL); - newpwd->logon_time = (time_t)-1; - newpwd->logoff_time = (time_t)-1; - newpwd->kickoff_time = (time_t)-1; - newpwd->pass_can_change_time = (time_t)-1; - newpwd->pass_must_change_time = (time_t)-1; - - slprintf(logon_t, 13, "LNT-%08X", (uint32)newpwd->logon_time); - slprintf(logoff_t, 13, "LOT-%08X", (uint32)newpwd->logoff_time); - slprintf(kickoff_t, 13, "KOT-%08X", (uint32)newpwd->kickoff_time); - slprintf(pwdlset_t, 13, "LCT-%08X", (uint32)newpwd->pass_last_set_time); - slprintf(pwdlchg_t, 13, "CCT-%08X", (uint32)newpwd->pass_can_change_time); - slprintf(pwdmchg_t, 13, "MCT-%08X", (uint32)newpwd->pass_must_change_time); - - slprintf(uid, sizeof(uid)-1, "%u", newpwd->smb_userid); - slprintf(user_rid, sizeof(user_rid)-1, "0x%x", newpwd->user_rid); - slprintf(smb_grpid, sizeof(smb_grpid)-1, "%u", newpwd->smb_grpid); - slprintf(group_rid, sizeof(group_rid)-1, "0x%x", newpwd->group_rid); - - safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)-1); - - set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); - set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); - set_single_attribute(&new_obj, NPF_USER_RID , user_rid , strlen(user_rid) , 0); - set_single_attribute(&new_obj, NPF_SMB_GRPID , smb_grpid , strlen(smb_grpid) , 0); - set_single_attribute(&new_obj, NPF_GROUP_RID , group_rid , strlen(group_rid) , 0); - set_single_attribute(&new_obj, NPF_ACB , acb , strlen(acb) , 0); - set_single_attribute(&new_obj, NPF_LMPWD , smb_passwd , strlen(smb_passwd) , EN_CRYPT); - set_single_attribute(&new_obj, NPF_NTPWD , smb_nt_passwd , strlen(smb_nt_passwd) , EN_CRYPT); - set_single_attribute(&new_obj, NPF_LOGON_T , logon_t , strlen(logon_t) , 0); - set_single_attribute(&new_obj, NPF_LOGOFF_T , logoff_t , strlen(logoff_t) , 0); - set_single_attribute(&new_obj, NPF_KICK_T , kickoff_t , strlen(kickoff_t) , 0); - set_single_attribute(&new_obj, NPF_PWDLSET_T , pwdlset_t , strlen(pwdlset_t) , 0); - set_single_attribute(&new_obj, NPF_PWDLCHG_T , pwdlchg_t , strlen(pwdlchg_t) , 0); - set_single_attribute(&new_obj, NPF_PWDMCHG_T , pwdmchg_t , strlen(pwdmchg_t) , 0); -#if 0 - set_single_attribute(&new_obj, NPF_FULL_NAME , newpwd->full_name , strlen(newpwd->full_name) , 0); - set_single_attribute(&new_obj, NPF_HOME_DIR , newpwd->home_dir , strlen(newpwd->home_dir) , 0); - set_single_attribute(&new_obj, NPF_DIR_DRIVE , newpwd->dir_drive , strlen(newpwd->dir_drive) , 0); - set_single_attribute(&new_obj, NPF_LOGON_SCRIPT , newpwd->logon_script , strlen(newpwd->logon_script) , 0); - set_single_attribute(&new_obj, NPF_PROFILE_PATH , newpwd->profile_path , strlen(newpwd->profile_path) , 0); - set_single_attribute(&new_obj, NPF_ACCT_DESC , newpwd->acct_desc , strlen(newpwd->acct_desc) , 0); - set_single_attribute(&new_obj, NPF_WORKSTATIONS , newpwd->workstations , strlen(newpwd->workstations) , 0); - set_single_attribute(&new_obj, NPF_HOURS , newpwd->hours , newpwd->hours_len , 0); -#endif - - obj = &new_obj; - - addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); - - - if (addresult->status != NIS_SUCCESS) - { - DEBUG(3, ( "add_nisp21pwd_entry: NIS+ table update failed: %s\n", - nisname, nis_sperrno(addresult->status))); - nis_freeresult(tblresult); - nis_freeresult(addresult); - nis_freeresult(result); - return False; - } - - nis_freeresult(tblresult); - nis_freeresult(addresult); - nis_freeresult(result); - - return True; -} - -/************************************************************************ - Routine to search the nisplus passwd file for an entry matching the username. - and then modify its password entry. We can't use the startnisppwent()/ - getnisppwent()/endnisppwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS - - do not call this function directly. use passdb.c instead. - -************************************************************************/ -static BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - char *oldnislmpwd, *oldnisntpwd, *oldnisacb, *oldnislct, *user_name; - char lmpwd[33], ntpwd[33], lct[13]; - nis_result *result, *addresult; - nis_object *obj; - fstring acb; - pstring nisname; - BOOL got_pass_last_set_time, ret; - int i; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("mod_getnisp21pwd_entry: no SMB password file set\n")); - return False; - } - - DEBUG(10, ("mod_getnisp21pwd_entry: search by name: %s\n", pwd->smb_name)); - DEBUG(10, ("mod_getnisp21pwd_entry: using NIS+ table %s\n", lp_smb_passwd_file())); - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", pwd->smb_name, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("mod_getnisp21pwd_entry: NIS+ lookup time out\n")); - nis_freeresult(result); - return False; - } - - if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) { - /* User not found. */ - DEBUG(0,("mod_getnisp21pwd_entry: user not found in NIS+\n")); - nis_freeresult(result); - return False; - } - - DEBUG(6,("mod_getnisp21pwd_entry: entry exists\n")); - - obj = NIS_RES_OBJECT(result); - - user_name = ENTRY_VAL(obj, NPF_NAME); - oldnislmpwd = ENTRY_VAL(obj, NPF_LMPWD); - oldnisntpwd = ENTRY_VAL(obj, NPF_NTPWD); - oldnisacb = ENTRY_VAL(obj, NPF_ACB); - oldnislct = ENTRY_VAL(obj, NPF_PWDLSET_T); - - - if (!override && (*oldnislmpwd == '*' || *oldnislmpwd == 'X' || - *oldnisntpwd == '*' || *oldnisntpwd == 'X')) { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_nisp21pwd_entry: entry invalidated for user %s\n", user_name)); - nis_freeresult(result); - return False; - } - - if (strlen(oldnislmpwd) != 32 || strlen(oldnisntpwd) != 32) { - DEBUG(0, ("mod_nisp21pwd_entry: malformed password entry (incorrect length)\n")); - nis_freeresult(result); - return False; - } - - - - /* - * Now check if the account info and the password last - * change time is available. - */ - - /* - * If both NT and lanman passwords are provided - reset password - * not required flag. - */ - - if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) { - /* Require password in the future (should ACB_DISABLED also be reset?) */ - pwd->acct_ctrl &= ~(ACB_PWNOTREQ); - } - - if (*oldnisacb == '[') { - - i = 0; - acb[i++] = oldnisacb[i]; - while(i < (sizeof(fstring) - 2) && (oldnisacb[i] != ']')) - acb[i] = oldnisacb[i++]; - - acb[i++] = ']'; - acb[i++] = '\0'; - - if (i == NEW_PW_FORMAT_SPACE_PADDED_LEN) { - /* - * We are using a new format, space padded - * acct ctrl field. Encode the given acct ctrl - * bits into it. - */ - fstrcpy(acb, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); - } else { - /* - * If using the old format and the ACB_DISABLED or - * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL - * here as we have no space to encode the change. - */ - if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) { - pwd->smb_passwd = NULL; - pwd->smb_nt_passwd = NULL; - } - } - - /* Now do the LCT stuff. */ - if (StrnCaseCmp(oldnislct, "LCT-", 4) == 0) { - - for(i = 0; i < 8; i++) { - if(oldnislct[i+4] == '\0' || !isxdigit(oldnislct[i+4])) - break; - } - if (i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - got_pass_last_set_time = True; - } /* i == 8 */ - } /* StrnCaseCmp() */ - - } /* p == '[' */ - - /* Entry is correctly formed. */ - - - - /* Create the 32 byte representation of the new p16 */ - if(pwd->smb_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&lmpwd[i*2], 32, "%02X", (uchar) pwd->smb_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(lmpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(lmpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - - /* Add on the NT md4 hash */ - if (pwd->smb_nt_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ntpwd[i*2], 32, "%02X", (uchar) pwd->smb_nt_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(ntpwd, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(ntpwd, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - - pwd->pass_last_set_time = time(NULL); - - if(got_pass_last_set_time) { - slprintf(lct, 13, "LCT-%08X", (uint32)pwd->pass_last_set_time); - } - - set_single_attribute(obj, NPF_LMPWD, lmpwd, strlen(lmpwd), EN_CRYPT); - set_single_attribute(obj, NPF_NTPWD, ntpwd, strlen(ntpwd), EN_CRYPT); - set_single_attribute(obj, NPF_ACB, acb, strlen(acb), 0); - set_single_attribute(obj, NPF_PWDLSET_T, lct, strlen(lct), 0); - - addresult = - nis_add_entry(lp_smb_passwd_file(), obj, - ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP); - - if(addresult->status != NIS_SUCCESS) { - DEBUG(0, ("mod_nisp21pwd_entry: NIS+ table update failed: %s %s\n", nisname, nis_sperrno(addresult->status))); - nis_freeresult(addresult); - nis_freeresult(result); - return False; - } - - DEBUG(6,("mod_nisp21pwd_entry: password changed\n")); - - nis_freeresult(addresult); - nis_freeresult(result); - - return True; -} - - -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -static struct sam_passwd *getnisp21pwnam(char *name) -{ - /* Static buffers we will return. */ - static struct sam_passwd pw_buf; - nis_result *result; - pstring nisname; - BOOL ret; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("No SMB password file set\n")); - return NULL; - } - - DEBUG(10, ("getnisp21pwnam: search by name: %s\n", name)); - DEBUG(10, ("getnisp21pwnam: using NIS+ table %s\n", lp_smb_passwd_file())); - - slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", name, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("getnisp21pwnam: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - - ret = make_sam_from_nisresult(&pw_buf, result); - nis_freeresult(result); - - return ret ? &pw_buf : NULL; -} - -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -static struct sam_passwd *getnisp21pwrid(uint32 rid) -{ - /* Static buffers we will return. */ - static struct sam_passwd pw_buf; - nis_result *result; - char *nisname; - BOOL ret; - - if (!*lp_smb_passwd_file()) - { - DEBUG(0, ("getnisp21pwrid: no SMB password file set\n")); - return NULL; - } - - DEBUG(10, ("getnisp21pwrid: search by rid: %x\n", rid)); - DEBUG(10, ("getnisp21pwrid: using NIS+ table %s\n", lp_smb_passwd_file())); - - nisname = make_nisname_from_user_rid(rid, lp_smb_passwd_file()); - - /* Search the table. */ - gotalarm = 0; - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(5); - - result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - alarm(0); - CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) - { - DEBUG(0,("getnisp21pwrid: NIS+ lookup time out\n")); - nis_freeresult(result); - return NULL; - } - - ret = make_sam_from_nisresult(&pw_buf, result); - nis_freeresult(result); - - return ret ? &pw_buf : NULL; -} - -/* - * Derived functions for NIS+. - */ - -static struct smb_passwd *getnisppwent(void *vp) -{ - return pdb_sam_to_smb(getnisp21pwent(vp)); -} - -static BOOL add_nisppwd_entry(struct smb_passwd *newpwd) -{ - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); -} - -static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) -{ - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); -} - -static BOOL del_nisppwd_entry(const char *name) -{ - return False; /* Dummy. */ -} - -static struct smb_passwd *getnisppwnam(char *name) -{ - return pdb_sam_to_smb(getnisp21pwnam(name)); -} - -static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) -{ - return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid)); -} - -static struct smb_passwd *getnisppwrid(uint32 user_rid) -{ - return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid))); -} - -static struct smb_passwd *getnisppwuid(uid_t smb_userid) -{ - return pdb_sam_to_smb(getnisp21pwuid(smb_userid)); -} - -static struct sam_disp_info *getnispdispnam(char *name) -{ - return pdb_sam_to_dispinfo(getnisp21pwnam(name)); -} - -static struct sam_disp_info *getnispdisprid(uint32 rid) -{ - return pdb_sam_to_dispinfo(getnisp21pwrid(rid)); -} - -static struct sam_disp_info *getnispdispent(void *vp) -{ - return pdb_sam_to_dispinfo(getnisp21pwent(vp)); -} - -static struct passdb_ops nispasswd_ops = { - startnisppwent, - endnisppwent, - getnisppwpos, - setnisppwpos, - getnisppwnam, - getnisppwuid, - getnisppwrid, - getnisppwent, - add_nisppwd_entry, - mod_nisppwd_entry, - del_nisppwd_entry, - getnisp21pwent, - getnisp21pwnam, - getnisp21pwuid, - getnisp21pwrid, - add_nisp21pwd_entry, - mod_nisp21pwd_entry, - getnispdispnam, - getnispdisprid, - getnispdispent -}; - -struct passdb_ops *nisplus_initialize_password_db(void) -{ - return &nispasswd_ops; -} - -#else - void nisplus_dummy_function(void); - void nisplus_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* WITH_NISPLUS */ - -/* useful code i can't bring myself to delete */ -#if 0 -static void useful_code(void) { - /* checks user in unix password database. don't want to do that, here. */ - nisname = make_nisname_from_name(newpwd->smb_name, "passwd.org_dir"); - - nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL); - - if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0) - { - DEBUG(3, ("useful_code: Unable to get NIS+ passwd entry for user: %s.\n", - nis_sperrno(nis_user->status))); - return False; - } - - user_obj = NIS_RES_OBJECT(nis_user); - make_nisname_from_name(ENTRY_VAL(user_obj,0), pfile); -} -#endif diff --git a/source/passdb/smbpass.c b/source/passdb/smbpass.c deleted file mode 100644 index ec28254c748..00000000000 --- a/source/passdb/smbpass.c +++ /dev/null @@ -1,1429 +0,0 @@ -/* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#ifdef USE_SMBPASS_DB - -extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; - -static int pw_file_lock_depth; - -enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; - -/*************************************************************** - Internal fn to enumerate the smbpasswd list. Returns a void pointer - to ensure no modification outside this module. Checks for atomic - rename of smbpasswd file on update or create once the lock has - been granted to prevent race conditions. JRA. -****************************************************************/ - -static void *startsmbfilepwent_internal(const char *pfile, enum pwf_access_type type, int *lock_depth) -{ - FILE *fp = NULL; - const char *open_mode = NULL; - int race_loop = 0; - int lock_type = F_RDLCK; - - if (!*pfile) { - DEBUG(0, ("startsmbfilepwent: No SMB password file set\n")); - return (NULL); - } - - switch(type) { - case PWF_READ: - open_mode = "rb"; - lock_type = F_RDLCK; - break; - case PWF_UPDATE: - open_mode = "r+b"; - lock_type = F_WRLCK; - break; - case PWF_CREATE: - /* - * Ensure atomic file creation. - */ - { - int i, fd = -1; - - for(i = 0; i < 5; i++) { - if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) - break; - sys_usleep(200); /* Spin, spin... */ - } - if(fd == -1) { - DEBUG(0,("startsmbfilepwent_internal: too many race conditions creating file %s\n", pfile)); - return NULL; - } - close(fd); - open_mode = "r+b"; - lock_type = F_WRLCK; - break; - } - } - - for(race_loop = 0; race_loop < 5; race_loop++) { - DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); - - if((fp = sys_fopen(pfile, open_mode)) == NULL) { - DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); - return NULL; - } - - if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) { - DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. Error was %s\n", pfile, strerror(errno) )); - fclose(fp); - return NULL; - } - - /* - * Only check for replacement races on update or create. - * For read we don't mind if the data is one record out of date. - */ - - if(type == PWF_READ) { - break; - } else { - SMB_STRUCT_STAT sbuf1, sbuf2; - - /* - * Avoid the potential race condition between the open and the lock - * by doing a stat on the filename and an fstat on the fd. If the - * two inodes differ then someone did a rename between the open and - * the lock. Back off and try the open again. Only do this 5 times to - * prevent infinate loops. JRA. - */ - - if (sys_stat(pfile,&sbuf1) != 0) { - DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. Error was %s\n", pfile, strerror(errno))); - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - return NULL; - } - - if (sys_fstat(fileno(fp),&sbuf2) != 0) { - DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. Error was %s\n", pfile, strerror(errno))); - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - return NULL; - } - - if( sbuf1.st_ino == sbuf2.st_ino) { - /* No race. */ - break; - } - - /* - * Race occurred - back off and try again... - */ - - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - } - } - - if(race_loop == 5) { - DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile)); - return NULL; - } - - /* Set a buffer to do more efficient reads */ - setvbuf(fp, (char *)NULL, _IOFBF, 1024); - - /* Make sure it is only rw by the owner */ - if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) { - DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \ -Error was %s\n.", pfile, strerror(errno) )); - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - return NULL; - } - - /* We have a lock on the file. */ - return (void *)fp; -} - -/*************************************************************** - Start to enumerate the smbpasswd list. Returns a void pointer - to ensure no modification outside this module. -****************************************************************/ - -static void *startsmbfilepwent(BOOL update) -{ - return startsmbfilepwent_internal(lp_smb_passwd_file(), update ? PWF_UPDATE : PWF_READ, &pw_file_lock_depth); -} - -/*************************************************************** - End enumeration of the smbpasswd list. -****************************************************************/ - -static void endsmbfilepwent_internal(void *vp, int *lock_depth) -{ - FILE *fp = (FILE *)vp; - - pw_file_unlock(fileno(fp), lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); -} - -/*************************************************************** - End enumeration of the smbpasswd list - operate on the default - lock_depth. -****************************************************************/ - -static void endsmbfilepwent(void *vp) -{ - endsmbfilepwent_internal(vp, &pw_file_lock_depth); -} - -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - *************************************************************************/ - -static struct smb_passwd *getsmbfilepwent(void *vp) -{ - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - FILE *fp = (FILE *)vp; - char linebuf[256]; - unsigned char c; - unsigned char *p; - long uidval; - size_t linebuf_len; - - if(fp == NULL) { - DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); - return NULL; - } - - pdb_init_smb(&pw_buf); - - pw_buf.acct_ctrl = ACB_NORMAL; - - /* - * Scan the file, a line at a time and check if the name matches. - */ - while (!feof(fp)) { - linebuf[0] = '\0'; - - fgets(linebuf, 256, fp); - if (ferror(fp)) { - return NULL; - } - - /* - * Check if the string is terminated with a newline - if not - * then we must keep reading and discard until we get one. - */ - if ((linebuf_len = strlen(linebuf)) == 0) - continue; - - if (linebuf[linebuf_len - 1] != '\n') { - c = '\0'; - while (!ferror(fp) && !feof(fp)) { - c = fgetc(fp); - if (c == '\n') - break; - } - } else - linebuf[linebuf_len - 1] = '\0'; - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf)); -#endif - if ((linebuf[0] == 0) && feof(fp)) { - DEBUG(4, ("getsmbfilepwent: end of file reached\n")); - break; - } - /* - * The line we have should be of the form :- - * - * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently - * ignored.... - * - * or, - * - * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... - * - * if Windows NT compatible passwords are also present. - * [Account type] is an ascii encoding of the type of account. - * LCT-(8 hex digits) is the time_t value of the last change time. - */ - - if (linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n")); - continue; - } - p = (unsigned char *) strchr(linebuf, ':'); - if (p == NULL) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n")); - continue; - } - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - - /* Get smb uid. */ - - p++; /* Go past ':' */ - - if(*p == '-') { - DEBUG(0, ("getsmbfilepwent: uids in the smbpasswd file must not be negative for user: %s.\n", user_name)); - continue; - } - - if (!isdigit(*p)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number) for user: %s.\n", user_name)); - continue; - } - - uidval = atoi((char *) p); - - while (*p && isdigit(*p)) - p++; - - if (*p != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid) for user: %s.\n", user_name)); - continue; - } - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf.smb_nt_passwd = NULL; - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_DISABLED; - return &pw_buf; - } - - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short) for user %s\n", user_name)); - continue; - } - - if (p[32] != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :) for user %s\n", user_name)); - continue; - } - - if (!strncasecmp((char *) p, "NO PASSWORD", 11)) { - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_PWNOTREQ; - } else { - if (!pdb_gethexpwd((char *)p, smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars) for user %s\n", user_name)); - continue; - } - pw_buf.smb_passwd = smbpwd; - } - - /* - * Now check if the NT compatible password is - * available. - */ - pw_buf.smb_nt_passwd = NULL; - - p += 33; /* Move to the first character of the line after - the lanman password. */ - if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { - if (*p != '*' && *p != 'X') { - if(pdb_gethexpwd((char *)p,smbntpwd)) - pw_buf.smb_nt_passwd = smbntpwd; - } - p += 33; /* Move to the first character of the line after - the NT password. */ - } - - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n", - user_name, uidval)); - - if (*p == '[') - { - unsigned char *end_p = (unsigned char *)strchr((char *)p, ']'); - pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p); - - /* Must have some account type set. */ - if(pw_buf.acct_ctrl == 0) - pw_buf.acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(end_p) - p = end_p + 1; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') { - pw_buf.acct_ctrl &= ~ACB_NORMAL; - pw_buf.acct_ctrl |= ACB_WSTRUST; - } - } - - return &pw_buf; - } - - DEBUG(5,("getsmbfilepwent: end of file reached.\n")); - return NULL; -} - -/************************************************************************* - build a fully populated struct sam_passwd given a struct smb_passwd - ************************************************************************/ -static struct sam_passwd* build_sampw_from_smbpw (struct smb_passwd *pw_buf) -{ - static struct sam_passwd user; - struct passwd *pwfile; - - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - - /* lookup in local system passwd file */ - if (pw_buf == NULL) return NULL; - - pwfile = sys_getpwnam(pw_buf->smb_name); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name)); - return NULL; - } - - /* init structure */ - ZERO_STRUCT (user); - pdb_init_sam (&user); - - - /* set data fields */ - pstrcpy(samlogon_user, pw_buf->smb_name); - - if (samlogon_user[strlen(samlogon_user)-1] != '$') - { - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - user.smb_userid = pwfile->pw_uid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); - - pstrcpy(full_name, pwfile->pw_gecos); - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - - standard_sub_advanced(-1, samlogon_user, "", user.smb_grpid, logon_script); - standard_sub_advanced(-1, samlogon_user, "", user.smb_grpid, profile_path); - standard_sub_advanced(-1, samlogon_user, "", user.smb_grpid, home_drive); - standard_sub_advanced(-1, samlogon_user, "", user.smb_grpid, home_dir); - sam_logon_in_ssb = False; - } - else - { - user.smb_userid = pwfile->pw_uid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - - user.smb_name = pw_buf->smb_name; - user.full_name = full_name; - user.home_dir = home_dir; - user.dir_drive = home_drive; - user.logon_script = logon_script; - user.profile_path = profile_path; - user.acct_desc = acct_desc; - user.workstations = workstations; - - user.unknown_str = NULL; /* don't know, yet! */ - user.munged_dial = NULL; /* "munged" dial-back telephone number */ - - user.smb_nt_passwd = pw_buf->smb_nt_passwd; - user.smb_passwd = pw_buf->smb_passwd; - - user.acct_ctrl = pw_buf->acct_ctrl; - - user.unknown_3 = 0xffffff; /* don't know */ - user.logon_divs = 168; /* hours per week */ - user.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user.hours, 0xff, user.hours_len); /* available at all hours */ - user.unknown_5 = 0x00000000; /* don't know */ - user.unknown_6 = 0x000004ec; /* don't know */ - - return &user; -} - - -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - this function is a nice, messy combination of reading: - - the smbpasswd file - - the unix password database - - smb.conf options (not done at present). - *************************************************************************/ - -static struct sam_passwd *getsmbfile21pwent(void *vp) -{ - struct smb_passwd *pw_buf = getsmbfilepwent(vp); - struct sam_passwd *user; - - - DEBUG(5,("getsmbfile21pwent\n")); - user = build_sampw_from_smbpw(pw_buf); - - return user; -} - -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilepwpos(void *vp) -{ - return (SMB_BIG_UINT)sys_ftell((FILE *)vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) -{ - return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET); -} - -/************************************************************************ - Create a new smbpasswd entry - malloced space returned. -*************************************************************************/ - -char *format_new_smbpasswd_entry(struct smb_passwd *newpwd) -{ - int new_entry_length; - char *new_entry; - char *p; - int i; - - new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; - - if((new_entry = (char *)malloc( new_entry_length )) == NULL) { - DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name )); - return NULL; - } - - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); - p = &new_entry[strlen(new_entry)]; - - if(newpwd->smb_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]); - } - } else { - i=0; - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } - - p += 32; - - *p++ = ':'; - - if(newpwd->smb_nt_passwd != NULL) { - for( i = 0; i < 16; i++) { - slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]); - } - } else { - if(newpwd->acct_ctrl & ACB_PWNOTREQ) - safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - else - safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry)); - } - - p += 32; - - *p++ = ':'; - - /* Add the account encoding and the last change time. */ - slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), - (uint32)newpwd->pass_last_set_time); - - return new_entry; -} - -/************************************************************************ - Routine to add an entry to the smbpasswd file. -*************************************************************************/ - -static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) -{ - char *pfile = lp_smb_passwd_file(); - struct smb_passwd *pwd = NULL; - FILE *fp = NULL; - int wr_len; - int fd; - size_t new_entry_length; - char *new_entry; - SMB_OFF_T offpos; - - /* Open the smbpassword file - for update. */ - fp = startsmbfilepwent(True); - - if (fp == NULL) { - DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n")); - return False; - } - - /* - * Scan the file, a line at a time and check if the name matches. - */ - - while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->smb_name, pwd->smb_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); - endsmbfilepwent(fp); - return False; - } - } - - /* Ok - entry doesn't exist. We can add it */ - - /* Create a new smb passwd entry and set it to the given password. */ - /* - * The add user write needs to be atomic - so get the fd from - * the fp and do a raw write() call. - */ - fd = fileno(fp); - - if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { - DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); - endsmbfilepwent(fp); - return False; - } - - if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) { - DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); - endsmbfilepwent(fp); - return False; - } - - new_entry_length = strlen(new_entry); - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|", - fd, new_entry_length, new_entry)); -#endif - - if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) { - DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ -Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); - - /* Remove the entry we just wrote. */ - if(sys_ftruncate(fd, offpos) == -1) { - DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ -Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->smb_name, strerror(errno))); - } - - endsmbfilepwent(fp); - free(new_entry); - return False; - } - - free(new_entry); - endsmbfilepwent(fp); - return True; -} - -/************************************************************************ - Routine to search the smbpasswd file for an entry matching the username. - and then modify its password entry. We can't use the startsmbpwent()/ - getsmbpwent()/endsmbpwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS -************************************************************************/ - -static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) -{ - /* Static buffers we will return. */ - static pstring user_name; - - char linebuf[256]; - char readbuf[1024]; - unsigned char c; - fstring ascii_p16; - fstring encode_bits; - unsigned char *p = NULL; - size_t linebuf_len = 0; - FILE *fp; - int lockfd; - char *pfile = lp_smb_passwd_file(); - BOOL found_entry = False; - BOOL got_pass_last_set_time = False; - - SMB_OFF_T pwd_seekpos = 0; - - int i; - int wr_len; - int fd; - - if (!*pfile) { - DEBUG(0, ("No SMB password file set\n")); - return False; - } - DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile)); - - fp = sys_fopen(pfile, "r+"); - - if (fp == NULL) { - DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile)); - return False; - } - /* Set a buffer to do more efficient reads */ - setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf)); - - lockfd = fileno(fp); - - if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { - DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile)); - fclose(fp); - return False; - } - - /* Make sure it is only rw by the owner */ - chmod(pfile, 0600); - - /* We have a write lock on the file. */ - /* - * Scan the file, a line at a time and check if the name matches. - */ - while (!feof(fp)) { - pwd_seekpos = sys_ftell(fp); - - linebuf[0] = '\0'; - - fgets(linebuf, sizeof(linebuf), fp); - if (ferror(fp)) { - pw_file_unlock(lockfd, &pw_file_lock_depth); - fclose(fp); - return False; - } - - /* - * Check if the string is terminated with a newline - if not - * then we must keep reading and discard until we get one. - */ - linebuf_len = strlen(linebuf); - if (linebuf[linebuf_len - 1] != '\n') { - c = '\0'; - while (!ferror(fp) && !feof(fp)) { - c = fgetc(fp); - if (c == '\n') { - break; - } - } - } else { - linebuf[linebuf_len - 1] = '\0'; - } - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf)); -#endif - - if ((linebuf[0] == 0) && feof(fp)) { - DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n")); - break; - } - - /* - * The line we have should be of the form :- - * - * username:uid:[32hex bytes]:....other flags presently - * ignored.... - * - * or, - * - * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored. - * - * if Windows NT compatible passwords are also present. - */ - - if (linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n")); - continue; - } - - p = (unsigned char *) strchr(linebuf, ':'); - - if (p == NULL) { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n")); - continue; - } - - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - if (strequal(user_name, pwd->smb_name)) { - found_entry = True; - break; - } - } - - if (!found_entry) { - pw_file_unlock(lockfd, &pw_file_lock_depth); - fclose(fp); - return False; - } - - DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n")); - - /* User name matches - get uid and password */ - p++; /* Go past ':' */ - - if (!isdigit(*p)) { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); - fclose(fp); - return False; - } - - while (*p && isdigit(*p)) - p++; - if (*p != ':') { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); - fclose(fp); - return False; - } - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - p++; - - /* Record exact password position */ - pwd_seekpos += PTR_DIFF(p, linebuf); - - if (!override && (*p == '*' || *p == 'X')) { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); - pw_file_unlock(lockfd, &pw_file_lock_depth); - fclose(fp); - return False; - } - - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return (False); - } - - if (p[32] != ':') { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - if (!override && (*p == '*' || *p == 'X')) { - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - /* Now check if the NT compatible password is - available. */ - p += 33; /* Move to the first character of the line after - the lanman password. */ - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return (False); - } - - if (p[32] != ':') { - DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - /* - * Now check if the account info and the password last - * change time is available. - */ - p += 33; /* Move to the first character of the line after - the NT password. */ - - /* - * If both NT and lanman passwords are provided - reset password - * not required flag. - */ - - if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) { - /* Reqiure password in the future (should ACB_DISABLED also be reset?) */ - pwd->acct_ctrl &= ~(ACB_PWNOTREQ); - } - - if (*p == '[') { - - i = 0; - encode_bits[i++] = *p++; - while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']')) - encode_bits[i++] = *p++; - - encode_bits[i++] = ']'; - encode_bits[i++] = '\0'; - - if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) { - /* - * We are using a new format, space padded - * acct ctrl field. Encode the given acct ctrl - * bits into it. - */ - fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); - } else { - /* - * If using the old format and the ACB_DISABLED or - * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL - * here as we have no space to encode the change. - */ - if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) { - pwd->smb_passwd = NULL; - pwd->smb_nt_passwd = NULL; - } - } - - /* Go past the ']' */ - if(linebuf_len > PTR_DIFF(p, linebuf)) - p++; - - if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) { - p++; - - /* We should be pointing at the LCT entry. */ - if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) { - - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - got_pass_last_set_time = True; - } /* i == 8 */ - } /* *p && StrnCaseCmp() */ - } /* p == ':' */ - } /* p == '[' */ - - /* Entry is correctly formed. */ - - /* Create the 32 byte representation of the new p16 */ - if(pwd->smb_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - - /* Add on the NT md4 hash */ - ascii_p16[32] = ':'; - wr_len = 66; - if (pwd->smb_nt_passwd != NULL) { - for (i = 0; i < 16; i++) { - slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]); - } - } else { - if(pwd->acct_ctrl & ACB_PWNOTREQ) - fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX"); - else - fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"); - } - ascii_p16[65] = ':'; - ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */ - - /* Add on the account info bits and the time of last - password change. */ - - pwd->pass_last_set_time = time(NULL); - - if(got_pass_last_set_time) { - slprintf(&ascii_p16[strlen(ascii_p16)], - sizeof(ascii_p16)-(strlen(ascii_p16)+1), - "%s:LCT-%08X:", - encode_bits, (uint32)pwd->pass_last_set_time ); - wr_len = strlen(ascii_p16); - } - -#ifdef DEBUG_PASSWORD - DEBUG(100,("mod_smbfilepwd_entry: ")); - dump_data(100, ascii_p16, wr_len); -#endif - - if(wr_len > sizeof(linebuf)) { - DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return (False); - } - - /* - * Do an atomic write into the file at the position defined by - * seekpos. - */ - - /* The mod user write needs to be atomic - so get the fd from - the fp and do a raw write() call. - */ - - fd = fileno(fp); - - if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) { - DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - /* Sanity check - ensure the areas we are writing are framed by ':' */ - if (read(fd, linebuf, wr_len+1) != wr_len+1) { - DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) { - DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) { - DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - if (write(fd, ascii_p16, wr_len) != wr_len) { - DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return False; - } - - pw_file_unlock(lockfd,&pw_file_lock_depth); - fclose(fp); - return True; -} - -/************************************************************************ - Routine to delete an entry in the smbpasswd file by name. -*************************************************************************/ - -static BOOL del_smbfilepwd_entry(const char *name) -{ - char *pfile = lp_smb_passwd_file(); - pstring pfile2; - struct smb_passwd *pwd = NULL; - FILE *fp = NULL; - FILE *fp_write = NULL; - int pfile2_lockdepth = 0; - - slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)sys_getpid() ); - - /* - * Open the smbpassword file - for update. It needs to be update - * as we need any other processes to wait until we have replaced - * it. - */ - - if((fp = startsmbfilepwent(True)) == NULL) { - DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); - return False; - } - - /* - * Create the replacement password file. - */ - if((fp_write = startsmbfilepwent_internal(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) { - DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); - endsmbfilepwent(fp); - return False; - } - - /* - * Scan the file, a line at a time and check if the name matches. - */ - - while ((pwd = getsmbfilepwent(fp)) != NULL) { - char *new_entry; - size_t new_entry_length; - - if (strequal(name, pwd->smb_name)) { - DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name)); - continue; - } - - /* - * We need to copy the entry out into the second file. - */ - - if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) { - DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \ -Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); - unlink(pfile2); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - return False; - } - - new_entry_length = strlen(new_entry); - - if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) { - DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \ -Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); - unlink(pfile2); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - free(new_entry); - return False; - } - - free(new_entry); - } - - /* - * Ensure pfile2 is flushed before rename. - */ - - if(fflush(fp_write) != 0) { - DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno))); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - return False; - } - - /* - * Do an atomic rename - then release the locks. - */ - - if(rename(pfile2,pfile) != 0) { - unlink(pfile2); - } - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - return True; -} - -/* - * Functions that return/manipulate a struct smb_passwd. - */ - -/************************************************************************ - Utility function to search smb passwd by uid. use this if your database - does not have search facilities. -*************************************************************************/ - -static struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); - - /* Open the smb password database - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb password database.\n")); - return NULL; - } - - while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search smb passwd by rid. -*************************************************************************/ - -static struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) -{ - return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid)); -} - -/************************************************************************ - Utility function to search smb passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -static struct smb_passwd *iterate_getsmbpwnam(char *name) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the sam password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb password database.\n")); - return NULL; - } - - while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name)) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbpwent(fp); - return pwd; -} - -/* - * Functions that manupulate a struct sam_passwd. - */ - -/************************************************************************ - Utility function to search sam passwd by name. -*************************************************************************/ - -static struct sam_passwd *smbiterate_getsam21pwnam(char *name) -{ - struct sam_passwd *pwd = NULL; - struct smb_passwd *smbpw = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - smbpw = getsmbpwnam(name); - - if (smbpw != NULL) - { - pwd = build_sampw_from_smbpw (smbpw); - DEBUG(10, ("found by name: %s\n", name)); - } - - return pwd; -} - - -/************************************************************************ - Utility function to search sam passwd by rid. -*************************************************************************/ -struct sam_passwd *smbiterate_getsam21pwrid(uint32 rid) -{ - struct sam_passwd *pwd = NULL; - struct smb_passwd *smbpw = NULL; - - DEBUG(10, ("search by rid: %x\n", rid)); - - smbpw = getsmbpwrid(rid); - - if (smbpw != NULL) - { - pwd = build_sampw_from_smbpw (smbpw); - DEBUG(10, ("found by user_rid: %x\n", rid)); - } - - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by uid. -*************************************************************************/ -struct sam_passwd *smbiterate_getsam21pwuid(uid_t uid) -{ - struct sam_passwd *pwd = NULL; - struct smb_passwd *smbpw = NULL; - - DEBUG(10, ("search by uid: %x\n", (int)uid)); - - - smbpw = getsmbpwuid(uid); - - if (smbpw != NULL) - { - pwd = build_sampw_from_smbpw (smbpw); - DEBUG(10, ("found by user_uid: %u\n", (unsigned int)uid)); - } - - return pwd; -} - - -/* - * Stub functions - implemented in terms of others. - */ - -static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override); -} - -static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) -{ - return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd)); -} - -static struct sam_disp_info *getsmbfiledispnam(char *name) -{ - return pdb_sam_to_dispinfo(getsam21pwnam(name)); -} - -static struct sam_disp_info *getsmbfiledisprid(uint32 rid) -{ - return pdb_sam_to_dispinfo(getsam21pwrid(rid)); -} - -static struct sam_disp_info *getsmbfiledispent(void *vp) -{ - return pdb_sam_to_dispinfo(getsam21pwent(vp)); -} - -static struct passdb_ops file_ops = { - startsmbfilepwent, - endsmbfilepwent, - getsmbfilepwpos, - setsmbfilepwpos, - iterate_getsmbpwnam, - iterate_getsmbpwuid, - iterate_getsmbpwrid, - getsmbfilepwent, - add_smbfilepwd_entry, - mod_smbfilepwd_entry, - del_smbfilepwd_entry, - getsmbfile21pwent, - smbiterate_getsam21pwnam, - smbiterate_getsam21pwuid, - smbiterate_getsam21pwrid, - add_smbfile21pwd_entry, - mod_smbfile21pwd_entry, - getsmbfiledispnam, - getsmbfiledisprid, - getsmbfiledispent -}; - -struct passdb_ops *file_initialize_password_db(void) -{ - return &file_ops; -} - -#else - /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ - void smbpass_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* USE_SMBPASS_DB */ diff --git a/source/passdb/smbpasschange.c b/source/passdb/smbpasschange.c deleted file mode 100644 index 0c30bbe4a56..00000000000 --- a/source/passdb/smbpasschange.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - change a password in a local smbpasswd file - Copyright (C) Andrew Tridgell 1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -/************************************************************* -add a new user to the local smbpasswd file -*************************************************************/ - -static BOOL add_new_user(char *user_name, uid_t uid, int local_flags, - uchar *new_p16, uchar *new_nt_p16) -{ - struct smb_passwd new_smb_pwent; - - /* Create a new smb passwd entry and set it to the given password. */ - new_smb_pwent.smb_userid = uid; - new_smb_pwent.smb_name = user_name; - new_smb_pwent.smb_passwd = NULL; - new_smb_pwent.smb_nt_passwd = NULL; - new_smb_pwent.pass_last_set_time = time(NULL); - new_smb_pwent.acct_ctrl = ((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL); - - if(local_flags & LOCAL_DISABLE_USER) { - new_smb_pwent.acct_ctrl |= ACB_DISABLED; - } - - if (local_flags & LOCAL_SET_NO_PASSWORD) { - new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ; - } else { - new_smb_pwent.smb_passwd = new_p16; - new_smb_pwent.smb_nt_passwd = new_nt_p16; - } - - - return add_smbpwd_entry(&new_smb_pwent); -} - - -/************************************************************* -change a password entry in the local smbpasswd file -*************************************************************/ - -BOOL local_password_change(char *user_name, int local_flags, - char *new_passwd, - char *err_str, size_t err_str_len, - char *msg_str, size_t msg_str_len) -{ - struct passwd *pwd = NULL; - void *vp; - struct smb_passwd *smb_pwent; - uchar new_p16[16]; - uchar new_nt_p16[16]; - - *err_str = '\0'; - *msg_str = '\0'; - - if (local_flags & LOCAL_ADD_USER) { - - /* - * Check for a local account - if we're adding only. - */ - - if(!(pwd = sys_getpwnam(user_name))) { - slprintf(err_str, err_str_len - 1, "User %s does not \ -exist in system password file (usually /etc/passwd). Cannot add \ -account without a valid local system user.\n", user_name); - return False; - } - } - - /* Calculate the MD4 hash (NT compatible) of the new password. */ - nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16); - - /* - * Open the smbpaswd file. - */ - vp = startsmbpwent(True); - if (!vp && errno == ENOENT) { - FILE *fp; - slprintf(msg_str,msg_str_len-1, - "smbpasswd file did not exist - attempting to create it.\n"); - fp = sys_fopen(lp_smb_passwd_file(), "w"); - if (fp) { - fprintf(fp, "# Samba SMB password file\n"); - fclose(fp); - vp = startsmbpwent(True); - } - } - - if (!vp) { - slprintf(err_str, err_str_len-1, "Cannot open file %s. Error was %s\n", - lp_smb_passwd_file(), strerror(errno) ); - return False; - } - - /* Get the smb passwd entry for this user */ - smb_pwent = getsmbpwnam(user_name); - if (smb_pwent == NULL) { - if(!(local_flags & LOCAL_ADD_USER)) { - slprintf(err_str, err_str_len-1, - "Failed to find entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - - if (add_new_user(user_name, pwd->pw_uid, local_flags, new_p16, new_nt_p16)) { - slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); - endsmbpwent(vp); - return True; - } else { - slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - } else { - /* the entry already existed */ - local_flags &= ~LOCAL_ADD_USER; - } - - /* - * We are root - just write the new password - * and the valid last change time. - */ - - if(local_flags & LOCAL_DISABLE_USER) { - smb_pwent->acct_ctrl |= ACB_DISABLED; - } else if (local_flags & LOCAL_ENABLE_USER) { - if(smb_pwent->smb_passwd == NULL) { - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; - } - smb_pwent->acct_ctrl &= ~ACB_DISABLED; - } else if (local_flags & LOCAL_SET_NO_PASSWORD) { - smb_pwent->acct_ctrl |= ACB_PWNOTREQ; - /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ - smb_pwent->smb_passwd = NULL; - smb_pwent->smb_nt_passwd = NULL; - } else { - /* - * If we're dealing with setting a completely empty user account - * ie. One with a password of 'XXXX', but not set disabled (like - * an account created from scratch) then if the old password was - * 'XX's then getsmbpwent will have set the ACB_DISABLED flag. - * We remove that as we're giving this user their first password - * and the decision hasn't really been made to disable them (ie. - * don't create them disabled). JRA. - */ - if((smb_pwent->smb_passwd == NULL) && (smb_pwent->acct_ctrl & ACB_DISABLED)) - smb_pwent->acct_ctrl &= ~ACB_DISABLED; - smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ; - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; - } - - if(local_flags & LOCAL_DELETE_USER) { - if (del_smbpwd_entry(user_name)==False) { - slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); - } else { - if(mod_smbpwd_entry(smb_pwent,True) == False) { - slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - if(local_flags & LOCAL_DISABLE_USER) - slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); - else if (local_flags & LOCAL_ENABLE_USER) - slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); - else if (local_flags & LOCAL_SET_NO_PASSWORD) - slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); - } - - endsmbpwent(vp); - - return True; -} diff --git a/source/passdb/smbpassgroup.c b/source/passdb/smbpassgroup.c deleted file mode 100644 index 4636c08c949..00000000000 --- a/source/passdb/smbpassgroup.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#ifdef USE_SMBPASS_DB - -static int grp_file_lock_depth = 0; -extern int DEBUGLEVEL; - -/*************************************************************** - Start to enumerate the smbpasswd list. Returns a void pointer - to ensure no modification outside this module. -****************************************************************/ - -static void *startsmbfilegrpent(BOOL update) -{ - static char s_readbuf[1024]; - return startfilepwent(lp_smb_passgrp_file(), s_readbuf, sizeof(s_readbuf), - &grp_file_lock_depth, update); -} - -/*************************************************************** - End enumeration of the smbpasswd list. -****************************************************************/ - -static void endsmbfilegrpent(void *vp) -{ - endfilepwent(vp, &grp_file_lock_depth); -} - -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilegrppos(void *vp) -{ - return getfilepwpos(vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok) -{ - return setfilepwpos(vp, tok); -} - -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - *************************************************************************/ -static struct smb_passwd *getsmbfilegrpent(void *vp, - uint32 **grp_rids, int *num_grps, - uint32 **als_rids, int *num_alss) -{ - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - struct passwd *pwfile; - pstring linebuf; - unsigned char *p; - int uidval; - size_t linebuf_len; - - if (vp == NULL) - { - DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n")); - return NULL; - } - - pwdb_init_smb(&pw_buf); - - /* - * Scan the file, a line at a time. - */ - while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) - { - /* - * The line we have should be of the form :- - * - * username:uid:domainrid1,domainrid2..:aliasrid1,aliasrid2..: - */ - - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); - - /* Go past ':' */ - p++; - - /* Get smb uid. */ - - p = Atoic((char *) p, &uidval, ":"); - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (grp_rids != NULL && num_grps != NULL) - { - int i; - p = get_numlist(p, grp_rids, num_grps); - if (p == NULL) - { - DEBUG(0,("getsmbfilegrpent: invalid line\n")); - return NULL; - } - for (i = 0; i < (*num_grps); i++) - { - (*grp_rids)[i] = pwdb_gid_to_group_rid((*grp_rids)[i]); - } - } - - /* Skip the ':' */ - p++; - - if (als_rids != NULL && num_alss != NULL) - { - int i; - p = get_numlist(p, als_rids, num_alss); - if (p == NULL) - { - DEBUG(0,("getsmbfilegrpent: invalid line\n")); - return NULL; - } - for (i = 0; i < (*num_alss); i++) - { - (*als_rids)[i] = pwdb_gid_to_alias_rid((*als_rids)[i]); - } - } - - pwfile = Get_Pwnam(pw_buf.smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfilegrpent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfilegrpent: username %s not in unix passwd database!\n", pw_buf.smb_name)); - return NULL; - } - - return &pw_buf; - } - - DEBUG(5,("getsmbfilegrpent: end of file reached.\n")); - return NULL; -} - -static struct passgrp_ops file_ops = -{ - startsmbfilegrpent, - endsmbfilegrpent, - getsmbfilegrppos, - setsmbfilegrppos, - iterate_getsmbgrpnam, /* In passgrp.c */ - iterate_getsmbgrpuid, /* In passgrp.c */ - iterate_getsmbgrprid, /* In passgrp.c */ - getsmbfilegrpent, -}; - -struct passgrp_ops *file_initialise_password_grp(void) -{ - return &file_ops; -} - -#else - /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ - void smbpass_dummy_function(void) { } /* stop some compilers complaining */ -#endif /* USE_SMBPASS_DB */ diff --git a/source/rpc_client/cli_connect.c b/source/rpc_client/cli_connect.c deleted file mode 100644 index c8021b97927..00000000000 --- a/source/rpc_client/cli_connect.c +++ /dev/null @@ -1,397 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - SMB client generic functions - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#define NO_SYSLOG - -#include "includes.h" -#include "rpc_parse.h" -#include "rpc_client.h" - - -static struct cli_connection **con_list = NULL; -static uint32 num_cons = 0; - -struct user_creds *usr_creds = NULL; -vuser_key *user_key = NULL; - -extern int DEBUGLEVEL; -extern pstring global_myname; -/* - * needed for the struct cli_connection - * none of these functions are implemented in HEAD currently - * rpc_client/cli_connect.c for details - * - * the 'typedef struct _cli_auth_fns cli_auth_fns;' is in - * rpc_misc.h - */ -struct _cli_auth_fns { - - /* these three will do for now. they *should* match with server-side */ - BOOL (*create_bind_req) (struct cli_connection *, prs_struct *, - uint32, RPC_IFACE *, RPC_IFACE *); - BOOL (*decode_bind_resp) (struct cli_connection *, prs_struct *); - BOOL (*create_bind_cont) (struct cli_connection *, prs_struct *, uint32); - - /* creates an authenticated PDU */ - BOOL (*cli_create_pdu) (struct cli_connection *, uint8, prs_struct *, - int, int *, prs_struct *, uint8 *); - - /* decodes an authenticated PDU */ - BOOL (*cli_decode_pdu) (struct cli_connection *, prs_struct *, int, int); - -}; - -cli_auth_fns cli_noauth_fns = -{ - NULL, - NULL, - NULL, - NULL, - NULL -}; - - - - -void init_connections(void) -{ - con_list = NULL; - num_cons = 0; - - init_cli_use(); -} - -static void free_con_array(uint32 num_entries, - struct cli_connection **entries) -{ - void (*fn) (void *) = (void (*)(void *))&cli_connection_free; - free_void_array(num_entries, (void **)entries, *fn); -} - - -static struct cli_connection *add_con_to_array(uint32 * len, - struct cli_connection ***array, - struct cli_connection *con) -{ - return (struct cli_connection *)add_item_to_array(len, - (void ***)array, - (void *)con); - -} - -void free_connections(void) -{ - DEBUG(3, ("free_connections: closing all MSRPC connections\n")); - free_con_array(num_cons, con_list); - free_cli_use(); - - init_connections(); -} - -static struct cli_connection *cli_con_get(const char *srv_name, - char *pipe_name, - cli_auth_fns * auth, - void *auth_creds, BOOL reuse) -{ - struct cli_connection *con = NULL; - BOOL is_new_connection = False; - CREDS_NT usr; - struct ntuser_creds *ntc = NULL; - struct ncacn_np *pNcacn; - - /* - * initialization stuff - */ - con = (struct cli_connection *)malloc(sizeof(*con)); - if (con == NULL) - { - return NULL; - } - memset(con, 0, sizeof(*con)); - - copy_user_creds(&con->usr_creds, NULL); - con->usr_creds.reuse = reuse; - - if (srv_name != NULL) - { - con->srv_name = strdup(srv_name); - } - if (pipe_name != NULL) - { - con->pipe_name = strdup(pipe_name); - } - if (usr_creds != NULL) - { - ntc = &usr_creds->ntc; - } - - /* fix me XXXX **WHAT** a hack. The cli_state* is malloc'd - deep within the call stack, so we can grab that pointer. - ncacn_np* is stored in an array which is currently handled - by underlying systems. --jerry */ - pNcacn = ncacn_np_use_add(pipe_name, user_key, srv_name, - ntc, reuse, - &is_new_connection); - if (pNcacn == NULL) - return NULL; - - con->pCli_state = pNcacn->smb; - - if (con->pCli_state == NULL) - return NULL; - - con->pCli_state->key.pid = 0; - con->pCli_state->key.vuid = UID_FIELD_INVALID; - create_ntc_from_cli_state ( &usr, con->pCli_state ); - copy_nt_creds(&con->usr_creds.ntc, &usr); - - if (is_new_connection) - { - con->auth_info = NULL; - con->auth_creds = auth_creds; - - if (auth != NULL) - { - con->auth = auth; - } - else - { - con->auth = &cli_noauth_fns; - } -#if 0 - if (!rpc_pipe_bind(con->pCli_state, pipe_name, global_myname)) - { - DEBUG(0, ("rpc_pipe_bind failed\n")); - cli_connection_free(con); - return NULL; - } -#endif - } - else - { - con->auth_info = cli_conn_get_auth_creds(con); - con->auth = cli_conn_get_authfns(con); - if (con->auth_info != NULL) - { - DEBUG(1,("cli_con_get: TODO: auth reuse\n")); - cli_connection_free(con); - return NULL; - } - else - { - con->auth = &cli_noauth_fns; - } - } - - add_con_to_array(&num_cons, &con_list, con); - return con; -} - - -/**************************************************************************** -terminate client connection -****************************************************************************/ -void cli_connection_free(struct cli_connection *con) -{ - BOOL closed = False; - struct cli_state *oldcli = NULL; - int i; - - DEBUG(10, ("cli_connection_free: %d\n", __LINE__)); - - if (con->pCli_state != NULL) - { - DEBUG(10, ("msrpc smb connection\n")); - ncacn_np_use_del(con->srv_name, con->pipe_name, - &con->pCli_state->key, False, &closed); - oldcli = con->pCli_state; - con->pCli_state = NULL; - } - - DEBUG(10, ("cli_connection_free: closed: %s\n", BOOLSTR(closed))); - - if (closed) - { - for (i = 0; i < num_cons; i++) - { - struct cli_connection *c = con_list[i]; - if (c != NULL && con != c && c->pCli_state == oldcli) - { - /* WHOOPS! fnum already open: too bad!!! - get rid of all other connections that - were using that connection - */ - c->pCli_state = NULL; - } - } - } - - /* don't free the cli_state since it is being handled - by the *clis list in rpc_client/cli_use.c. - This code needs to be fixed badly. It is **way** - to complicated. --jerry */ - /* if (oldcli != NULL) - { - free(oldcli); - } */ - - if (con->srv_name != NULL) - { - free(con->srv_name); - con->srv_name = NULL; - } - if (con->pipe_name != NULL) - { - free(con->pipe_name); - con->pipe_name = NULL; - } - - if (con->auth_info != NULL) - { - free(con->auth_info); - con->auth_info = NULL; - } - - memset(&con->usr_creds, 0, sizeof(con->usr_creds)); - - for (i = 0; i < num_cons; i++) - { - if (con == con_list[i]) - { - con_list[i] = NULL; - } - } - - free(con); -} - -void cli_connection_unlink(struct cli_connection *con) -{ - if (con != NULL) - { - cli_connection_free(con); - } - return; -} - -/**************************************************************************** -init client state -****************************************************************************/ -BOOL cli_connection_init(const char *srv_name, char *pipe_name, - struct cli_connection **con) -{ - return cli_connection_init_auth(srv_name, pipe_name, con, NULL, NULL); -} - -/**************************************************************************** -init client state -****************************************************************************/ -BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name, - struct cli_connection **con, - cli_auth_fns * auth, void *auth_creds) -{ - BOOL reuse = True; - - /* - * allocate - */ - - DEBUG(10, ("cli_connection_init_auth: %s %s\n", - srv_name != NULL ? srv_name : "<null>", pipe_name)); - - *con = cli_con_get(srv_name, pipe_name, auth, auth_creds, reuse); - - return (*con) != NULL; -} - -/**************************************************************************** - get auth functions associated with an msrpc session. -****************************************************************************/ -struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con) -{ - return con != NULL ? con->auth : NULL; -} - - -/**************************************************************************** - get auth info associated with an msrpc session. -****************************************************************************/ -void *cli_conn_get_auth_creds(struct cli_connection *con) -{ - return con != NULL ? con->auth_creds : NULL; -} - - -/**************************************************************************** - send a request on an rpc pipe. - ****************************************************************************/ -BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num, - prs_struct * data, prs_struct * rdata) -{ - struct cli_connection *con = NULL; - - /* we need this to locate the cli_connection associated - with the POLICY_HND */ - if ((con=RpcHndList_get_connection(hnd)) == NULL) - return False; - - if (!rpc_con_ok(con)) return False; - - return rpc_con_pipe_req(con, op_num, data, rdata); -} - -/**************************************************************************** - send a request on an rpc pipe. - ****************************************************************************/ -BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num, - prs_struct * data, prs_struct * rdata) -{ - BOOL ret; - DEBUG(10, ("rpc_con_pipe_req: op_num %d offset %d used: %d\n", - op_num, data->data_offset, data->buffer_size)); - prs_dump("in_rpcclient", (int)op_num, data); - - /* Why does this use prs->data_offset? --jerry */ - /* prs_realloc_data(data, data->data_offset); */ - - ret = rpc_api_pipe_req(con->pCli_state, op_num, data, rdata); - prs_dump("out_rpcclient", (int)op_num, rdata); - return ret; -} - -/**************************************************************************** - this allows us to detect dead servers. The cli->fd is set to -1 when - we get an error -*****************************************************************************/ -BOOL rpc_con_ok(struct cli_connection *con) -{ - if (!con) - return False; - - if (!con->pCli_state) - return False; - if (con->pCli_state->fd == -1) - return False; - - return True; -} - diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c deleted file mode 100644 index 29c6da172e3..00000000000 --- a/source/rpc_client/cli_lsarpc.c +++ /dev/null @@ -1,698 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1999. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -extern int DEBUGLEVEL; - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ - -BOOL do_lsa_open_policy(struct cli_state *cli, - char *system_name, POLICY_HND *hnd, - BOOL sec_qos) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - LSA_R_OPEN_POL r_o; - - if (hnd == NULL) - return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4,("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); - init_q_open_pol(&q_o, 0x5c, 0, 0, &qos); - } else { - init_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL); - } - - /* turn parameters into data stream */ - if(!lsa_io_q_open_pol("", &q_o, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_OPENPOLICY, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_open_pol("", &r_o, &rbuf, 0)) { - DEBUG(0,("do_lsa_open_policy: Failed to unmarshall LSA_R_OPEN_POL\n")); - prs_mem_free(&rbuf); - return False; - } - - if (r_o.status != 0) { - /* report error code */ - DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); - prs_mem_free(&rbuf); - return False; - } else { - /* ok, at last: we're happy. return the policy handle */ - *hnd = r_o.pol; - } - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -do a LSA Query Info Policy -****************************************************************************/ -BOOL do_lsa_query_info_pol(struct cli_state *cli, - POLICY_HND *hnd, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_QUERY_INFO q_q; - LSA_R_QUERY_INFO r_q; - fstring sid_str; - - ZERO_STRUCTP(domain_sid); - domain_name[0] = 0; - - if (hnd == NULL || domain_name == NULL || domain_sid == NULL) - return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ - - DEBUG(4,("LSA Query Info Policy\n")); - - /* store the parameters */ - init_q_query(&q_q, hnd, info_class); - - /* turn parameters into data stream */ - if(!lsa_io_q_query("", &q_q, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_query("", &r_q, &rbuf, 0)) { - prs_mem_free(&rbuf); - return False; - } - - if (r_q.status != 0) { - /* report error code */ - DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); - prs_mem_free(&rbuf); - return False; - } - - if (r_q.info_class != q_q.info_class) { - /* report different info classes */ - DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n", - q_q.info_class, r_q.info_class)); - prs_mem_free(&rbuf); - return False; - } - - /* ok, at last: we're happy. */ - switch (r_q.info_class) { - case 3: - if (r_q.dom.id3.buffer_dom_name != 0) { - char *dom_name = dos_unistrn2(r_q.dom.id3.uni_domain_name.buffer, - r_q.dom.id3.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); - } - if (r_q.dom.id3.buffer_dom_sid != 0) - *domain_sid = r_q.dom.id3.dom_sid.sid; - break; - case 5: - if (r_q.dom.id5.buffer_dom_name != 0) { - char *dom_name = dos_unistrn2(r_q.dom.id5.uni_domain_name.buffer, - r_q.dom.id5.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); - } - if (r_q.dom.id5.buffer_dom_sid != 0) - *domain_sid = r_q.dom.id5.dom_sid.sid; - break; - default: - DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); - domain_name[0] = 0; - - prs_mem_free(&rbuf); - return False; - } - - sid_to_string(sid_str, domain_sid); - DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", - r_q.info_class, domain_name, sid_str)); - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ - -BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - LSA_R_CLOSE r_c; - - if (hnd == NULL) - return False; - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - DEBUG(4,("LSA Close\n")); - - /* store the parameters */ - init_lsa_q_close(&q_c, hnd); - - /* turn parameters into data stream */ - if(!lsa_io_q_close("", &q_c, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_CLOSE, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_close("", &r_c, &rbuf, 0)) { - prs_mem_free(&rbuf); - return False; - } - - if (r_c.status != 0) { - /* report error code */ - DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); - prs_mem_free(&rbuf); - return False; - } - - /* check that the returned policy handle is all zeros */ - - if (IVAL(&r_c.pol.data1,0) || IVAL(&r_c.pol.data2,0) || SVAL(&r_c.pol.data3,0) || - SVAL(&r_c.pol.data4,0) || IVAL(r_c.pol.data5,0) || IVAL(r_c.pol.data5,4) ) { - DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -obtain a server's SAM SID and save it in the secrets database -****************************************************************************/ - -BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) -{ - fstring domain; - POLICY_HND pol; - DOM_SID sid; - BOOL res, res2, res3; - - res = cli_nt_session_open(cli, PIPE_LSARPC); - res2 = res ? do_lsa_open_policy(cli, server, &pol, 0) : False; - res3 = res2 ? do_lsa_query_info_pol(cli, &pol, 5, domain, &sid) : False; - - res3 = res3 ? secrets_store_domain_sid(domain, &sid) : False; - - res2 = res2 ? do_lsa_close(cli, &pol) : False; - cli_nt_session_close(cli); - - return res3; -} - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - struct cli_connection *con = NULL; - uint32 result = 0; - - if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; - - prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); - prs_init(&rbuf, 0, NULL, UNMARSHALL); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4, ("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, des_access); - init_q_open_pol(&q_o, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q_o, '\\', 0, des_access, NULL); - } - - /* turn parameters into data stream */ - if (lsa_io_q_open_pol("", &q_o, &buf, 0) && - rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { - LSA_R_OPEN_POL r_o; - BOOL p; - - lsa_io_r_open_pol("", &r_o, &rbuf, 0); - p = rbuf.data_offset != 0; - - result = r_o.status; - - if (p && r_o.status != 0) { - /* report error code */ - DEBUG(0, - ("LSA_OPENPOLICY: %s\n", - get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) { - - /* Return the policy handle */ - - *hnd = r_o.pol; - - if (!RpcHndList_set_connection(hnd, con)) { - result = NT_STATUS_NO_MEMORY; - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ -uint32 lsa_close(POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - uint32 result = 0; - - if (hnd == NULL) return False; - - /* Create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); - prs_init(&rbuf, 0, NULL, UNMARSHALL); - - DEBUG(4, ("LSA Close\n")); - - /* Store the parameters */ - - init_lsa_q_close(&q_c, hnd); - - /* Turn parameters into data stream */ - - if (lsa_io_q_close("", &q_c, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { - LSA_R_CLOSE r_c; - BOOL p; - - lsa_io_r_close("", &r_c, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_c.status; - - if (p && r_c.status != 0) { - - /* Report error code */ - - DEBUG(0, ("LSA_CLOSE: %s\n", - get_nt_error_msg(r_c.status))); - - p = False; - } - - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - TALLOC_CTX *ctx = talloc_init(); - uint32 result = 0; - - ZERO_STRUCT(q_l); - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - if (num_names != NULL) { - *num_names = 0; - } - - if (types != NULL) { - *types = NULL; - } - - if (names != NULL) { - *names = NULL; - } - - prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); - prs_init(&rbuf, 0, ctx, UNMARSHALL); - - /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4, ("LSA Lookup SIDs\n")); - - /* Store the parameters */ - - init_q_lookup_sids(ctx, &q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - BOOL p, valid_response = False; - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_l.status; - - if (p && r_l.status != 0 && - r_l.status != 0x107 && - r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { - - /* Report error code */ - - DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", - get_nt_error_msg(r_l.status))); - - return r_l.status; - } - - result = NT_STATUS_OK; - - if (p) { - if (t_names.ptr_trans_names != 0 - && r_l.ptr_dom_ref != 0) { - valid_response = True; - } - } - - if (num_names != NULL && valid_response) { - (*num_names) = t_names.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < t_names.num_entries; i++) { - if ((t_names.name[i].domain_idx >= - ref.num_ref_doms_1) - && (t_names.name[i].domain_idx != - 0xffffffff)) { - DEBUG(0, - ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && (*num_names) != 0) { - (*types) = (uint32 *) malloc((*num_names) * - sizeof(uint32)); - } - - if (names != NULL && valid_response && (*num_names) != 0) { - (*names) = (char **)malloc((*num_names) * - sizeof(char *)); - } - - if (names != NULL && (*names) != NULL) { - int i; - - /* Take each name, construct a \DOMAIN\name string */ - - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, - &ref. - ref_dom[dom_idx]. - uni_dom_name, - sizeof(dom_name) - - 1); - unistr2_to_ascii(name, - &t_names.uni_name[i], - sizeof(name) - 1); - - memset(full_name, 0, - sizeof(full_name)); - - slprintf(full_name, - sizeof(full_name) - 1, - "%s\\%s", dom_name, name); - - (*names)[i] = strdup(full_name); - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_names.name[i].sid_name_use; - } - } else { - (*names)[i] = NULL; - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_NAMES q_l; - BOOL valid_response = False; - TALLOC_CTX *ctx = talloc_init(); - uint32 result = 0; - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); - prs_init(&rbuf, 0, ctx, UNMARSHALL); - - /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ - - DEBUG(4, ("LSA Lookup NAMEs\n")); - - /* store the parameters */ - init_q_lookup_names(ctx, &q_l, hnd, num_names, names); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; - BOOL p; - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_rids); - - r_l.dom_ref = &ref; - r_l.dom_rid = t_rids; - - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - - if (p && r_l.status != 0) { - /* report error code */ - DEBUG(1, - ("LSA_LOOKUP_NAMES: %s\n", - get_nt_error_msg(r_l.status))); - p = False; - - return r_l.status; - } - - result = r_l.status; - - if (p) { - if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { - valid_response = True; - } - } - - if (num_sids != NULL && valid_response) { - (*num_sids) = r_l.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < r_l.num_entries; i++) { - if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && - t_rids[i].rid_idx != 0xffffffff) { - DEBUG(0, - ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", - t_rids[i].rid_idx)); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && r_l.num_entries != 0) { - (*types) = (uint32 *) malloc((*num_sids) * - sizeof(uint32)); - } - - if (sids != NULL && valid_response && r_l.num_entries != 0) { - (*sids) = (DOM_SID *) malloc((*num_sids) * - sizeof(DOM_SID)); - } - - if (sids != NULL && (*sids) != NULL) { - int i; - - /* Take each name, construct a SID */ - - for (i = 0; i < (*num_sids); i++) { - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - - if (dom_idx != 0xffffffff) { - - sid_copy(sid, - &ref.ref_dom[dom_idx]. - ref_dom.sid); - - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_rids[i].type; - } - - } else { - ZERO_STRUCTP(sid); - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} diff --git a/source/rpc_client/cli_use.c b/source/rpc_client/cli_use.c deleted file mode 100644 index 93560e9772b..00000000000 --- a/source/rpc_client/cli_use.c +++ /dev/null @@ -1,450 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - SMB client generic functions - Copyright (C) Andrew Tridgell 1994-1999 - Copyright (C) Luke Kenneth Casson Leighton 1996-1999 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#define NO_SYSLOG - -#include "includes.h" -#include "trans2.h" -#include "rpc_client.h" - -extern int DEBUGLEVEL; -extern pstring scope; -extern pstring global_myname; - -struct cli_use -{ - struct cli_state *cli; - uint32 num_users; -}; - -static struct cli_use **clis = NULL; -static uint32 num_clis = 0; - -/**************************************************************************** -terminate client connection -****************************************************************************/ -static void cli_use_free(struct cli_use *cli) -{ - if (cli->cli != NULL) - { - if (cli->cli->initialised) - { - /* only logoff if we have a valid socket */ - if (cli->cli->fd != -1) - cli_ulogoff(cli->cli); - cli_shutdown(cli->cli); - } - free(cli->cli); - } - - free(cli); -} - -/**************************************************************************** -free a client array -****************************************************************************/ -static void free_cli_array(uint32 num_entries, struct cli_use **entries) -{ - void (*fn) (void *) = (void (*)(void *))&cli_use_free; - free_void_array(num_entries, (void **)entries, *fn); -} - -/**************************************************************************** -add a client state to the array -****************************************************************************/ -static struct cli_use *add_cli_to_array(uint32 *len, - struct cli_use ***array, - struct cli_use *cli) -{ - int i; - for (i = 0; i < num_clis; i++) - { - if (clis[i] == NULL) - { - clis[i] = cli; - return cli; - } - } - - return (struct cli_use *)add_item_to_array(len, - (void ***)array, - (void *)cli); - -} - -/**************************************************************************** -initiate client array -****************************************************************************/ -void init_cli_use(void) -{ - clis = NULL; - num_clis = 0; -} - -/**************************************************************************** -terminate client array -****************************************************************************/ -void free_cli_use(void) -{ - free_cli_array(num_clis, clis); - init_cli_use(); -} - -/**************************************************************************** -find client state. server name, user name, domain name and password must all -match. -****************************************************************************/ -static struct cli_use *cli_find(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL reuse) -{ - int i; - const char *sv_name = srv_name; - struct ntuser_creds null_usr; - - if (usr_creds == NULL) - { - copy_nt_creds(&null_usr, usr_creds); - usr_creds = &null_usr; - } - - if (strnequal("\\\\", sv_name, 2)) - { - sv_name = &sv_name[2]; - } - - DEBUG(10, ("cli_find: %s %s %s reuse: %s\n", - srv_name, usr_creds->user_name, usr_creds->domain, - BOOLSTR(reuse))); - - - for (i = 0; i < num_clis; i++) - { - char *cli_name = NULL; - struct cli_use *c = clis[i]; - - if (c == NULL || !c->cli->initialised || c->cli->fd == -1) - { - continue; - } - - cli_name = c->cli->desthost; - - DEBUG(10, ("cli_find[%d]: %s %s %s\n", - i, cli_name, - c->cli->user_name, c->cli->domain)); - - if (strnequal("\\\\", cli_name, 2)) - { - cli_name = &cli_name[2]; - } - - if (!strequal(cli_name, sv_name)) - { - continue; - } - if (strequal(usr_creds->user_name, "") && - strequal(usr_creds->domain, "") && - pwd_is_nullpwd(&usr_creds->pwd)) - { - return c; - } - if (!strequal(usr_creds->user_name, c->cli->user_name)) - { - continue; - } - if (!reuse && !pwd_compare((struct pwd_info *)&usr_creds->pwd, &c->cli->pwd)) - { - DEBUG(100, ("password doesn't match\n")); - continue; - } - if (usr_creds->domain[0] == 0) - { - return c; - } - if (strequal(usr_creds->domain, c->cli->domain)) - { - return c; - } - } - - return NULL; -} - -/**************************************************************************** -create a new client state from user credentials -****************************************************************************/ -static struct cli_use *cli_use_get(const char *srv_name, - const struct ntuser_creds *usr_creds) -{ - struct cli_use *cli = (struct cli_use *)malloc(sizeof(*cli)); - - if (cli == NULL) - { - return NULL; - } - - memset(cli, 0, sizeof(*cli)); - - cli->cli = cli_initialise(NULL); - - if (cli->cli == NULL) - { - return NULL; - } - - cli_init_creds(cli->cli, usr_creds); - - return cli; -} - -/**************************************************************************** -init client state -****************************************************************************/ -struct cli_state *cli_net_use_add(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL reuse, BOOL *is_new) -{ - struct nmb_name calling; - struct nmb_name called; - struct in_addr *dest_ip = NULL; - fstring dest_host; - struct in_addr ip; - struct cli_use *cli; - - DEBUG(10, ("cli_net_use_add\n")); - - cli = cli_find(srv_name, usr_creds, reuse); - - if (cli != NULL) - { - cli->num_users++; - DEBUG(10, - ("cli_net_use_add: num_users: %d\n", cli->num_users)); - (*is_new) = False; - return cli->cli; - } - - /* reuse an existing connection requested, and one was not found */ - if (usr_creds != NULL && reuse) - { - return False; - } - - /* - * allocate - */ - - cli = cli_use_get(srv_name, usr_creds); - - if (resolve_srv_name(srv_name, dest_host, &ip)) - { - dest_ip = &ip; - } - else - { - cli_use_free(cli); - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - /* - * connect - */ - - if (!cli_establish_connection(cli->cli, - dest_host, dest_ip, - &calling, &called, - "IPC$", "IPC", False, True)) - { - DEBUG(0, ("cli_net_use_add: connection failed\n")); - cli_use_free(cli); - return NULL; - } - - add_cli_to_array(&num_clis, &clis, cli); - cli->num_users++; - - DEBUG(10, ("cli_net_use_add: num_users: %d\n", cli->num_users)); - - (*is_new) = True; - - return cli->cli; -} - -/**************************************************************************** -delete a client state -****************************************************************************/ -BOOL cli_net_use_del(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL force_close, BOOL *connection_closed) -{ - int i; - const char *sv_name = srv_name; - - DEBUG(10, ("cli_net_use_del: %s. %s. %s. force close: %s\n", - srv_name, - usr_creds ? usr_creds->user_name : "", - usr_creds ? usr_creds->domain : "", BOOLSTR(force_close))); - - if (strnequal("\\\\", sv_name, 2)) - { - sv_name = &sv_name[2]; - } - - if (connection_closed != NULL) - { - *connection_closed = False; - } - - for (i = 0; i < num_clis; i++) - { - char *cli_name = NULL; - - if (clis[i] == NULL) - continue; - if (clis[i]->cli == NULL) - continue; - - cli_name = clis[i]->cli->desthost; - - DEBUG(10, ("connection: %s %s %s\n", cli_name, - clis[i]->cli->user_name, - clis[i]->cli->domain)); - - if (strnequal("\\\\", cli_name, 2)) - { - cli_name = &cli_name[2]; - } - - if (!strequal(cli_name, sv_name)) - continue; - - if (strequal(usr_creds ? usr_creds->user_name : "", - clis[i]->cli->user_name) && - strequal(usr_creds ? usr_creds->domain : "", - clis[i]->cli->domain)) - { - /* decrement number of users */ - clis[i]->num_users--; - - DEBUG(10, ("idx: %i num_users now: %d\n", - i, clis[i]->num_users)); - - if (force_close || clis[i]->num_users == 0) - { - cli_use_free(clis[i]); - clis[i] = NULL; - if (connection_closed != NULL) - { - *connection_closed = True; - } - } - return True; - } - } - - return False; -} - -/**************************************************************************** -enumerate client states -****************************************************************************/ -void cli_net_use_enum(uint32 *num_cons, struct use_info ***use) -{ - int i; - - *num_cons = 0; - *use = NULL; - - for (i = 0; i < num_clis; i++) - { - struct use_info item; - - ZERO_STRUCT(item); - - if (clis[i] == NULL) - continue; - - item.connected = clis[i]->cli != NULL ? True : False; - - if (item.connected) - { - item.srv_name = clis[i]->cli->desthost; - item.user_name = clis[i]->cli->user_name; - item.key = clis[i]->cli->key; - item.domain = clis[i]->cli->domain; - } - - add_use_info_to_array(num_cons, use, &item); - } -} - - -/**************************************************************************** -wait for keyboard activity, swallowing network packets on all client states. -****************************************************************************/ -void cli_use_wait_keyboard(void) -{ - fd_set fds; - struct timeval timeout; - - while (1) - { - int i; - int maxfd = fileno(stdin); - FD_ZERO(&fds); - FD_SET(fileno(stdin), &fds); - for (i = 0; i < num_clis; i++) - { - if (clis[i] != NULL && clis[i]->cli != NULL) - { - int fd = clis[i]->cli->fd; - FD_SET(fd, &fds); - maxfd = MAX(fd, maxfd); - } - } - - timeout.tv_sec = 20; - timeout.tv_usec = 0; - sys_select(maxfd + 1, &fds, &timeout); - - if (FD_ISSET(fileno(stdin), &fds)) - return; - - /* We deliberately use receive_smb instead of - client_receive_smb as we want to receive - session keepalives and then drop them here. - */ - for (i = 0; i < num_clis; i++) - { - int fd; - if (clis[i] == NULL || clis[i]->cli == NULL) - continue; - fd = clis[i]->cli->fd; - if (FD_ISSET(fd, &fds)) - receive_smb(fd, clis[i]->cli->inbuf, 0); - } - } -} diff --git a/source/rpc_client/ncacn_np_use.c b/source/rpc_client/ncacn_np_use.c deleted file mode 100644 index 1a3938b6e9d..00000000000 --- a/source/rpc_client/ncacn_np_use.c +++ /dev/null @@ -1,460 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - SMB client generic functions - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - - -#define NO_SYSLOG - -#include "includes.h" -#include "rpc_parse.h" -#include "rpc_client.h" -#include "trans2.h" - -extern int DEBUGLEVEL; -extern pstring global_myname; - -struct ncacn_np_use -{ - struct ncacn_np *cli; - uint32 num_users; -}; - -static struct ncacn_np_use **msrpcs = NULL; -static uint32 num_msrpcs = 0; - -/**************************************************************************** -terminate client connection -****************************************************************************/ -static void ncacn_np_shutdown(struct ncacn_np *cli) -{ - struct ntuser_creds usr; - BOOL closed; - - if (cli != NULL) - { - if (cli->smb != NULL) - { - if (cli->smb->initialised) - { - /* cli_nt_session_close(cli->smb, cli->fnum); JERRY */ - cli_nt_session_close(cli->smb); - } - create_ntc_from_cli_state(&usr, cli->smb); - cli_net_use_del(cli->smb->desthost, &usr, False, &closed); - } - } -} - -static BOOL ncacn_np_establish_connection(struct ncacn_np *cli, - const char *srv_name, - const struct ntuser_creds *ntc, - const char *pipe_name, - BOOL reuse) -{ - BOOL new_smb_conn; - cli->smb = cli_net_use_add(srv_name, ntc, - True, &new_smb_conn); - if (cli->smb == NULL) - { - return False; - } - /* if (!cli_nt_session_open(cli->smb, pipe_name, &cli->fnum)) by JERRY */ - if (!cli_nt_session_open(cli->smb, (char *)pipe_name)) - { - cli_net_use_del(srv_name, ntc, False, NULL); - return False; - } - fstrcpy(cli->pipe_name, pipe_name); - return True; -} - - - -/**************************************************************************** -terminate client connection -****************************************************************************/ -static void ncacn_np_use_free(struct ncacn_np_use *cli) -{ - if (cli->cli != NULL) - { - if (cli->cli->initialised) - { - ncacn_np_shutdown(cli->cli); - } - ZERO_STRUCTP(cli->cli); - free(cli->cli); - } - ZERO_STRUCTP(cli); - free(cli); -} - -/**************************************************************************** -add a client state to the array -****************************************************************************/ -static struct ncacn_np_use *add_ncacn_np_to_array(uint32 * len, - struct ncacn_np_use - ***array, - struct ncacn_np_use *cli) -{ - - int i; - - /* traverse the list and try to find a previously - allocate spot that is not being used */ - for (i = 0; i < num_msrpcs; i++) - { - if (msrpcs[i] == NULL) - { - /* found and empty spot to - store the cli pointer */ - msrpcs[i] = cli; - return cli; - } - } - - return (struct ncacn_np_use *)add_item_to_array(len, - (void ***)array, - (void *)cli); - -} - - - -/**************************************************************************** -delete a client state -****************************************************************************/ -BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name, - const vuser_key * key, - BOOL force_close, BOOL *connection_closed) -{ - int i; - DEBUG(10, ("ncacn_np_net_use_del: %s. force close: %s ", - pipe_name, BOOLSTR(force_close))); - if (key != NULL) - { - DEBUG(10, ("[%d,%x]", key->pid, key->vuid)); - } - DEBUG(10, ("\n")); - - if (connection_closed != NULL) - { - *connection_closed = False; - } - - if (strnequal("\\PIPE\\", pipe_name, 6)) - { - pipe_name = &pipe_name[6]; - } - - if (strnequal("\\\\", srv_name, 2)) - { - srv_name = &srv_name[2]; - } - - for (i = 0; i < num_msrpcs; i++) - { - char *ncacn_np_name = NULL; - char *ncacn_np_srv_name = NULL; - struct ncacn_np_use *c = msrpcs[i]; - vuser_key k; - - if (c == NULL || c->cli == NULL || c->cli->smb == NULL) - continue; - - ncacn_np_name = c->cli->pipe_name; - ncacn_np_srv_name = c->cli->smb->desthost; - - k = c->cli->smb->key; - - DEBUG(10, ("use_del[%d]: %s %s %s %s [%d,%x]\n", - i, ncacn_np_name, ncacn_np_srv_name, - c->cli->smb->user_name, - c->cli->smb->domain, k.pid, k.vuid)); - - if (strnequal("\\PIPE\\", ncacn_np_name, 6)) - { - ncacn_np_name = &ncacn_np_name[6]; - } - if (!strequal(ncacn_np_name, pipe_name)) - { - continue; - } - if (strnequal("\\\\", ncacn_np_srv_name, 2)) - { - ncacn_np_srv_name = &ncacn_np_srv_name[2]; - } - if (!strequal(ncacn_np_srv_name, srv_name)) - { - continue; - } - if (key->pid != k.pid || key->vuid != k.vuid) - { - continue; - } - /* decrement number of users */ - c->num_users--; - DEBUG(10, ("idx: %i num_users now: %d\n", - i, c->num_users)); - if (force_close || c->num_users == 0) - { - ncacn_np_use_free(c); - msrpcs[i] = NULL; - if (connection_closed != NULL) - { - *connection_closed = True; - } - } - return True; - } - - return False; -} - -/**************************************************************************** -find client state. server name, user name, domain name and password must all -match. -****************************************************************************/ -static struct ncacn_np_use *ncacn_np_find(const char *srv_name, - const char *pipe_name, - const vuser_key * key, - const struct ntuser_creds - *usr_creds, BOOL reuse) -{ - int i; - const char *sv_name = srv_name; - - if (strnequal("\\PIPE\\", pipe_name, 6)) - { - pipe_name = &pipe_name[6]; - } - - if (strnequal("\\\\", sv_name, 2)) - { - sv_name = &sv_name[2]; - } - - if (usr_creds != NULL) - { - DEBUG(10, ("ncacn_np_find: %s %s %s", - srv_name, usr_creds->user_name, usr_creds->domain)); - } - else - { - DEBUG(10,("ncacn_np_find: %s (no creds)\n", srv_name)); - } - - if (key != NULL) - { - DEBUG(10, ("[%d,%x]", key->pid, key->vuid)); - } - DEBUG(10, ("\n")); - - for (i = 0; i < num_msrpcs; i++) - { - char *ncacn_np_srv_name = NULL; - struct ncacn_np_use *c = msrpcs[i]; - vuser_key k; - - char *ncacn_np_name = NULL; - - if (c == NULL || c->cli == NULL || c->cli->smb == NULL || - c->cli->smb->fd == -1 || - !c->cli->initialised) - { - continue; - } - - ncacn_np_name = c->cli->pipe_name; - ncacn_np_srv_name = c->cli->smb->desthost; - - k = c->cli->smb->key; - - DEBUG(10, ("ncacn_np_find[%d]: %s %s %s %s [%d,%x]\n", - i, ncacn_np_name, ncacn_np_srv_name, - c->cli->smb->user_name, - c->cli->smb->domain, k.pid, k.vuid)); - - if (strnequal("\\\\", ncacn_np_srv_name, 2)) - { - ncacn_np_srv_name = &ncacn_np_srv_name[2]; - } - - if (strnequal("\\PIPE\\", ncacn_np_name, 6)) - { - ncacn_np_name = &ncacn_np_name[6]; - } - - if (!strequal(ncacn_np_name, pipe_name)) - { - continue; - } - if (!strequal(ncacn_np_srv_name, sv_name)) - { - continue; - } - if (key != NULL && (k.pid != key->pid || k.vuid != key->vuid)) - { - continue; - } - if (usr_creds == NULL) - { - if (reuse) - { - return c; - } - else - { - continue; - } - } - if (!strequal - (usr_creds->user_name, c->cli->smb->user_name)) - { - continue; - } - if (!reuse - && !pwd_compare((struct pwd_info *)&usr_creds->pwd, &c->cli->smb->pwd)) - { - DEBUG(100, ("password doesn't match\n")); - continue; - } - if (usr_creds->domain[0] == 0) - { - return c; - } - if (strequal(usr_creds->domain, c->cli->smb->domain)) - { - return c; - } - } - - return NULL; -} - - -/**************************************************************************** -initialise a msrpcent structure -****************************************************************************/ -struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc, - const vuser_key * key) -{ - if (!msrpc) - { - msrpc = (struct ncacn_np *)malloc(sizeof(*msrpc)); - if (!msrpc) - return NULL; - ZERO_STRUCTP(msrpc); - } - - if (msrpc->initialised) - { - ncacn_np_shutdown(msrpc); - } - - ZERO_STRUCTP(msrpc); - - msrpc->fnum = -1; - msrpc->initialised = 1; - - return msrpc; -} - -/**************************************************************************** -create a new client state from user credentials -****************************************************************************/ -static struct ncacn_np_use *ncacn_np_use_get(const char *pipe_name, - const vuser_key * key) -{ - struct ncacn_np_use *cli = - (struct ncacn_np_use *)malloc(sizeof(*cli)); - - if (cli == NULL) - { - return NULL; - } - - memset(cli, 0, sizeof(*cli)); - - cli->cli = ncacn_np_initialise(NULL, key); - - if (cli->cli == NULL) - { - return NULL; - } - - return cli; -} - -/**************************************************************************** -init client state -****************************************************************************/ -struct ncacn_np *ncacn_np_use_add(const char *pipe_name, - const vuser_key * key, - const char *srv_name, - const struct ntuser_creds *ntc, - BOOL reuse, BOOL *is_new_connection) -{ - struct ncacn_np_use *cli; - DEBUG(10, ("ncacn_np_use_add: %s\n", pipe_name)); - - (*is_new_connection) = False; - cli = ncacn_np_find(srv_name, pipe_name, key, ntc, reuse); - - if (cli != NULL) - { - cli->num_users++; - return cli->cli; - } - - /* - * allocate - */ - - (*is_new_connection) = True; - - cli = ncacn_np_use_get(pipe_name, key); - - if (!ncacn_np_establish_connection - (cli->cli, srv_name, ntc, pipe_name, True)) - { - DEBUG(0, ("ncacn_np_use_add: connection failed\n")); - cli->cli = NULL; - ncacn_np_use_free(cli); - return NULL; - } - - if (key != NULL) - { - cli->cli->smb->key = *key; - } - else - { - cli->cli->smb->key.pid = sys_getpid(); - cli->cli->smb->key.vuid = UID_FIELD_INVALID; - } - - add_ncacn_np_to_array(&num_msrpcs, &msrpcs, cli); - cli->num_users++; - return cli->cli; -} - - - diff --git a/source/rpc_parse/parse_creds.c b/source/rpc_parse/parse_creds.c deleted file mode 100644 index fcc8e59d100..00000000000 --- a/source/rpc_parse/parse_creds.c +++ /dev/null @@ -1,633 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Paul Ashton 1997-1999. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambgrpsge, MA 02139, USA. - */ - - -#include "includes.h" - -extern int DEBUGLEVEL; - - -/******************************************************************* -makes a CREDS_UNIX structure. -********************************************************************/ -BOOL make_creds_unix(CREDS_UNIX *r_u, const char* user_name, - const char* requested_name, - const char* real_name, - BOOL guest) -{ - if (r_u == NULL) return False; - - DEBUG(5,("make_creds_unix\n")); - - fstrcpy(r_u->user_name , user_name); - fstrcpy(r_u->requested_name, requested_name); - fstrcpy(r_u->real_name , real_name); - r_u->guest = guest; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_unix(char *desc, CREDS_UNIX *r_u, prs_struct *ps, int depth) -{ - if (r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "creds_io_unix"); - depth++; - - prs_align(ps); - prs_string("user_name", ps, depth, r_u->user_name, strlen(r_u->user_name), sizeof(r_u->user_name)); - prs_align(ps); - prs_string("requested_name", ps, depth, r_u->requested_name, strlen(r_u->requested_name), sizeof(r_u->requested_name)); - prs_align(ps); - prs_string("real_name", ps, depth, r_u->real_name, strlen(r_u->real_name), sizeof(r_u->real_name)); - prs_align(ps); - prs_uint32("guest", ps, depth, (uint32 *)&(r_u->guest)); - return True; -} - - -/******************************************************************* -frees a structure. -********************************************************************/ -void creds_free_unix(CREDS_UNIX *r_u) -{ -} - -/******************************************************************* -makes a CREDS_UNIX_SEC structure. -********************************************************************/ -BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u, - uint32 uid, uint32 gid, uint32 num_grps, gid_t *grps) -{ - int i; - if (r_u == NULL) return False; - - DEBUG(5,("make_creds_unix_sec\n")); - - r_u->uid = uid; - r_u->gid = gid; - r_u->num_grps = num_grps; - r_u->grps = (uint32*)Realloc(NULL, sizeof(r_u->grps[0]) * - r_u->num_grps); - if (r_u->grps == NULL && num_grps != 0) - { - return False; - } - for (i = 0; i < num_grps; i++) - { - r_u->grps[i] = (gid_t)grps[i]; - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int depth) -{ - uint32 i; - - if (r_u == NULL) - return False; - - prs_debug(ps, depth, desc, "creds_io_unix_sec"); - depth++; - - prs_align(ps); - - prs_uint32("uid", ps, depth, &(r_u->uid)); - prs_uint32("gid", ps, depth, &(r_u->gid)); - prs_uint32("num_grps", ps, depth, (uint32 *)&(r_u->num_grps)); - if (r_u->num_grps != 0) { - uint32 *tgr; - - tgr = (uint32*)Realloc(r_u->grps, - sizeof(r_u->grps[0]) * - r_u->num_grps); - if (tgr == NULL) { - creds_free_unix_sec(r_u); - return False; - } else - r_u->grps = tgr; - } - - for (i = 0; i < r_u->num_grps; i++) - prs_uint32("", ps, depth, &(r_u->grps[i])); - return True; -} - - -/******************************************************************* -frees a structure. -********************************************************************/ -void creds_free_unix_sec(CREDS_UNIX_SEC *r_u) -{ - if (r_u->grps != NULL) - { - free(r_u->grps); - r_u->grps = NULL; - } -} - -/******************************************************************* -makes a CREDS_NT_SEC structure. -********************************************************************/ -BOOL make_creds_nt_sec(CREDS_NT_SEC *r_u, - DOM_SID *sid, uint32 num_grps, uint32 *grps) -{ - int i; - if (r_u == NULL) return False; - - DEBUG(5,("make_creds_unix_sec\n")); - - sid_copy(&r_u->sid, sid); - r_u->num_grps = num_grps; - r_u->grp_rids = (uint32*)Realloc(NULL, sizeof(r_u->grp_rids[0]) * - r_u->num_grps); - - if (r_u->grp_rids == NULL && num_grps != 0) - { - return False; - } - for (i = 0; i < num_grps; i++) - { - r_u->grp_rids[i] = grps[i]; - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth) -{ - int i; - if (r_u == NULL) return False; - - prs_debug(ps, depth, desc, "creds_io_nt"); - depth++; - - prs_align(ps); - - smb_io_dom_sid ("sid", &r_u->sid, ps, depth); - prs_align(ps); - - prs_uint32("num_grps", ps, depth, &(r_u->num_grps)); - if (r_u->num_grps != 0) { - uint32 *tgr; - - tgr = (uint32*)Realloc(r_u->grp_rids, - sizeof(r_u->grp_rids[0]) * - r_u->num_grps); - if (tgr == NULL) { - creds_free_nt_sec(r_u); - return False; - } else - r_u->grp_rids = tgr; - } - for (i = 0; i < r_u->num_grps; i++) - { - prs_uint32("", ps, depth, &(r_u->grp_rids[i])); - } - - return True; -} - -/******************************************************************* -frees a structure. -********************************************************************/ -void creds_free_nt_sec(CREDS_NT_SEC *r_u) -{ - if (r_u->grp_rids != NULL) - { - free(r_u->grp_rids); - r_u->grp_rids = NULL; - } -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_pwd_info(char *desc, struct pwd_info *pwd, prs_struct *ps, int depth) -{ - if (pwd == NULL) return False; - - prs_debug(ps, depth, desc, "creds_io_pwd_info"); - depth++; - - prs_align(ps); - - prs_uint32("nullpwd", ps, depth, (uint32 *)&(pwd->null_pwd)); - if (pwd->null_pwd) - { - return True; - } - - prs_uint32("cleartext", ps, depth, (uint32 *)&(pwd->cleartext)); - if (pwd->cleartext) - { - prs_string("password", ps, depth, pwd->password, strlen(pwd->password), sizeof(pwd->password)); - prs_align(ps); - return True; - } - prs_uint32("crypted", ps, depth, (uint32 *)&(pwd->crypted)); - - prs_uint8s(False, "smb_lm_pwd", ps, depth, (unsigned char*)&pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); - prs_align(ps); - prs_uint8s(False, "smb_nt_pwd", ps, depth, (unsigned char*)&pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); - prs_align(ps); - - prs_uint8s(False, "smb_lm_owf", ps, depth, (unsigned char*)&pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); - prs_align(ps); - prs_uint32("nt_owf_len", ps, depth, &(pwd->nt_owf_len)); - if (pwd->nt_owf_len > sizeof(pwd->smb_nt_owf)) - { - return False; - } - prs_uint8s(False, "smb_nt_owf", ps, depth, (unsigned char*)&pwd->smb_nt_owf, pwd->nt_owf_len); - prs_align(ps); - - prs_uint8s(False, "lm_cli_chal", ps, depth, (unsigned char*)&pwd->lm_cli_chal, sizeof(pwd->lm_cli_chal)); - prs_align(ps); - prs_uint32("nt_cli_chal_len", ps, depth, &(pwd->nt_cli_chal_len)); - - if (pwd->nt_cli_chal_len > sizeof(pwd->nt_cli_chal)) - { - return False; - } - prs_uint8s(False, "nt_cli_chal", ps, depth, (unsigned char*)&pwd->nt_cli_chal, pwd->nt_cli_chal_len); - prs_align(ps); - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_nt(char *desc, CREDS_NT *r_u, prs_struct *ps, int depth) -{ - if (r_u == NULL) return False; - - prs_debug(ps, depth, desc, "creds_io_nt"); - depth++; - - prs_align(ps); - - /* lkclXXXX CHEAT!!!!!!!! */ - prs_string("user_name", ps, depth, r_u->user_name, strlen(r_u->user_name), sizeof(r_u->user_name)); - prs_align(ps); - prs_string("domain", ps, depth, r_u->domain, strlen(r_u->domain), sizeof(r_u->domain)); - prs_align(ps); - - creds_io_pwd_info("pwd", &r_u->pwd, ps, depth); - prs_align(ps); - - prs_uint32("ntlmssp", ps, depth, &(r_u->ntlmssp_flags)); - - return True; -} - -/******************************************************************* -frees a structure. -********************************************************************/ -void creds_free_nt(CREDS_NT *r_u) -{ -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_hybrid(char *desc, CREDS_HYBRID *r_u, prs_struct *ps, int depth) -{ - if (r_u == NULL) return False; - - prs_debug(ps, depth, desc, "creds_io_hybrid"); - depth++; - - prs_align(ps); - - prs_uint32("reuse", ps, depth, (uint32 *)&(r_u->reuse)); - - prs_uint32("ptr_ntc", ps, depth, &(r_u->ptr_ntc)); - prs_uint32("ptr_uxc", ps, depth, &(r_u->ptr_uxc)); - prs_uint32("ptr_nts", ps, depth, &(r_u->ptr_nts)); - prs_uint32("ptr_uxs", ps, depth, &(r_u->ptr_uxs)); - prs_uint32("ptr_ssk", ps, depth, &(r_u->ptr_ssk)); - if (r_u->ptr_ntc != 0) - { - if (!creds_io_nt ("ntc", &r_u->ntc, ps, depth)) return False; - } - if (r_u->ptr_uxc != 0) - { - if (!creds_io_unix("uxc", &r_u->uxc, ps, depth)) return False; - } - if (r_u->ptr_nts != 0) - { - if (!creds_io_nt_sec ("nts", &r_u->nts, ps, depth)) return False; - } - if (r_u->ptr_uxs != 0) - { - if (!creds_io_unix_sec("uxs", &r_u->uxs, ps, depth)) return False; - } - if (r_u->ptr_ssk != 0) - { - prs_uint8s(False, "usr_sess_key", ps, depth, (unsigned char*)&r_u->usr_sess_key, sizeof(r_u->usr_sess_key)); - } - else - { - memset(r_u->usr_sess_key, 0, sizeof(r_u->usr_sess_key)); - } - return True; -} - -void copy_unix_creds(CREDS_UNIX *to, const CREDS_UNIX *from) -{ - if (from == NULL) - { - to->user_name[0] = 0; - return; - } - fstrcpy(to->user_name, from->user_name); -} - -void copy_nt_sec_creds(CREDS_NT_SEC *to, const CREDS_NT_SEC *from) -{ - if (from == NULL) - { - ZERO_STRUCTP(to); - return; - } - sid_copy(&to->sid, &from->sid); - to->num_grps = 0; - to->grp_rids = NULL; - - if (from->num_grps != 0) - { - size_t size = from->num_grps * sizeof(from->grp_rids[0]); - to->grp_rids = (uint32*)malloc(size); - if (to->grp_rids == NULL) - { - return; - } - to->num_grps = from->num_grps; - memcpy(to->grp_rids, from->grp_rids, size); - } -} - -void copy_unix_sec_creds(CREDS_UNIX_SEC *to, const CREDS_UNIX_SEC *from) -{ - if (from == NULL) - { - to->uid = -1; - to->gid = -1; - to->num_grps = 0; - to->grps = NULL; - return; - } - to->uid = from->uid; - to->gid = from->gid; - to->num_grps = 0; - to->grps = NULL; - - if (from->num_grps != 0) - { - size_t size = from->num_grps * sizeof(from->grps[0]); - to->grps = (uint32*)malloc(size); - if (to->grps == NULL) - { - return; - } - to->num_grps = from->num_grps; - memcpy(to->grps, from->grps, size); - } -} - -void create_ntc_from_cli_state (CREDS_NT *to, const struct cli_state *cli_from) -{ - /* - * NULL credentials -- - * if this gets executed, it is a programming error. - * fall through to copy_nt_creds() - */ - if (cli_from == NULL) - { - copy_nt_creds (to, NULL); - return; - } - - safe_strcpy(to->domain , cli_from->domain , sizeof(cli_from->domain )-1); - safe_strcpy(to->user_name, cli_from->user_name, sizeof(cli_from->user_name)-1); - memcpy(&to->pwd, &cli_from->pwd, sizeof(cli_from->pwd)); - to->ntlmssp_flags = cli_from->ntlmssp_flags; - DEBUG(10,("create_ntc_fromcli_state: user %s domain %s flgs: %x\n", - to->user_name, to->domain, - to->ntlmssp_flags)); - -} - - -void copy_nt_creds(struct ntuser_creds *to, - const struct ntuser_creds *from) -{ - if (from == NULL) - { - DEBUG(10,("copy_nt_creds: null creds\n")); - to->domain[0] = 0; - to->user_name[0] = 0; - pwd_set_nullpwd(&to->pwd); - to->ntlmssp_flags = 0; - - return; - } - safe_strcpy(to->domain , from->domain , sizeof(from->domain )-1); - safe_strcpy(to->user_name, from->user_name, sizeof(from->user_name)-1); - memcpy(&to->pwd, &from->pwd, sizeof(from->pwd)); - to->ntlmssp_flags = from->ntlmssp_flags; - DEBUG(10,("copy_nt_creds: user %s domain %s flgs: %x\n", - to->user_name, to->domain, - to->ntlmssp_flags)); -} - -void copy_user_creds(struct user_creds *to, - const struct user_creds *from) -{ - ZERO_STRUCTP(to); - if (from == NULL) - { - to->ptr_ntc = 0; - to->ptr_uxc = 0; - to->ptr_nts = 0; - to->ptr_uxs = 0; - to->ptr_ssk = 0; - copy_nt_creds(&to->ntc, NULL); - copy_unix_creds(&to->uxc, NULL); - copy_nt_sec_creds(&to->nts, NULL); - copy_unix_sec_creds(&to->uxs, NULL); - to->reuse = False; - return; - } - - to->reuse = from->reuse; - - to->ptr_nts = from->ptr_nts; - to->ptr_uxs = from->ptr_uxs; - to->ptr_ntc = from->ptr_ntc; - to->ptr_uxc = from->ptr_uxc; - to->ptr_ssk = from->ptr_ssk; - - if (to->ptr_ntc != 0) - { - copy_nt_creds(&to->ntc, &from->ntc); - } - if (to->ptr_uxc != 0) - { - copy_unix_creds(&to->uxc, &from->uxc); - } - if (to->ptr_nts != 0) - { - copy_nt_sec_creds(&to->nts, &from->nts); - } - if (to->ptr_uxs != 0) - { - copy_unix_sec_creds(&to->uxs, &from->uxs); - } - if (to->ptr_ssk != 0) - { - memcpy(to->usr_sess_key, from->usr_sess_key, - sizeof(to->usr_sess_key)); - } -} - -void free_user_creds(struct user_creds *creds) -{ - creds_free_unix(&creds->uxc); - creds_free_nt (&creds->ntc); - creds_free_unix_sec(&creds->uxs); - creds_free_nt_sec (&creds->nts); -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -BOOL creds_io_cmd(char *desc, CREDS_CMD *r_u, prs_struct *ps, int depth) -{ - if (r_u == NULL) return False; - - prs_debug(ps, depth, desc, "creds_io_cmd"); - depth++; - - prs_align(ps); - - prs_uint16("version", ps, depth, &(r_u->version)); - prs_uint16("command", ps, depth, &(r_u->command)); - prs_uint32("pid ", ps, depth, &(r_u->pid )); - - prs_string("name ", ps, depth, r_u->name, strlen(r_u->name), sizeof(r_u->name)); - prs_align(ps); - - prs_uint32("ptr_creds", ps, depth, &(r_u->ptr_creds)); - if (r_u->ptr_creds != 0) - { - if (!creds_io_hybrid("creds", r_u->cred, ps, depth)) - { - return False; - } - } - - - return True; -} - - -BOOL create_ntuser_creds( prs_struct *ps, - const char* name, - uint16 version, uint16 command, - uint32 pid, - const struct ntuser_creds *ntu, - BOOL reuse) -{ - CREDS_CMD cmd; - struct user_creds usr; - - ZERO_STRUCT(cmd); - ZERO_STRUCT(usr); - - DEBUG(10,("create_user_creds: %s %d %d\n", - name, version, command)); - - usr.reuse = reuse; - - fstrcpy(cmd.name, name); - cmd.version = version; - cmd.command = command; - cmd.pid = pid ; - cmd.ptr_creds = ntu != NULL ? 1 : 0; - cmd.cred = &usr; - - if (ntu != NULL) - { - copy_nt_creds(&usr.ntc, ntu); - usr.ptr_ntc = 1; - } - else - { - usr.ptr_ntc = 0; - } - - prs_init(ps, 1024, NULL, MARSHALL); - - ps->data_offset = 4; - return creds_io_cmd("creds", &cmd, ps, 0); -} - -BOOL create_user_creds( prs_struct *ps, - const char* name, - uint16 version, uint16 command, - uint32 pid, - struct user_creds *usr) -{ - CREDS_CMD cmd; - - ZERO_STRUCT(cmd); - - DEBUG(10,("create_user_creds: %s %d %d\n", - name, version, command)); - - fstrcpy(cmd.name, name); - cmd.version = version; - cmd.command = command; - cmd.pid = pid ; - cmd.ptr_creds = usr != NULL ? 1 : 0; - cmd.cred = usr; - - prs_init(ps, 1024, NULL, MARSHALL); - - ps->data_offset = 4; - return creds_io_cmd("creds", &cmd, ps, 0); -} diff --git a/source/smbadduser b/source/smbadduser deleted file mode 100755 index e4e1b273d14..00000000000 --- a/source/smbadduser +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/csh -# -# smbadduser - Written by Mike Zakharoff -# -unalias * -set path = ($path /usr/local/samba/bin) - -set smbpasswd = /usr/local/samba/private/smbpasswd -set user_map = /usr/local/samba/lib/users.map -# -# Set to site specific passwd command -# -#set passwd = "cat /etc/passwd" -#set passwd = "niscat passwd.org_dir" -set passwd = "ypcat passwd" - -set line = "----------------------------------------------------------" -if ($#argv == 0) then - echo $line - echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com" - echo "" - echo " 1) Updates $smbpasswd" - echo " 2) Updates $user_map" - echo " 3) Executes smbpasswd for each new user" - echo "" - echo "smbadduser unixid:ntid unixid:ntid ..." - echo "" - echo "Example: smbadduser zak:zakharoffm johns:smithj" - echo $line - exit 1 -endif - -touch $smbpasswd $user_map -set new = () -foreach one ($argv) - echo $one | grep ':' >& /dev/null - if ($status != 0) then - echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm" - continue - endif - set unix = `echo $one | awk -F: '{print $1}'` - set ntid = `echo $one | awk -F: '{print $2}'` - - set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix` - if ($#usr != 1) then - echo "ERROR: $unix Not in passwd database SKIPPING..." - continue - endif - set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix` - if ($#tmp != 0) then - echo "ERROR: $unix is already in $smbpasswd SKIPPING..." - continue - endif - - echo "Adding: $unix to $smbpasswd" - eval $passwd | \ - awk -F: '$1==USR { \ - printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd - if ($unix != $ntid) then - echo "Adding: {$unix = $ntid} to $user_map" - echo "$unix = $ntid" >> $user_map - endif - set new = ($new $unix) -end - -# -# Enter password for new users -# -foreach one ($new) - echo $line - echo "ENTER password for $one" - smbpasswd $one -end |