diff options
| author | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
| commit | 0b92d0838ebdbe24f34f17e313ecbf61a0301389 (patch) | |
| tree | 2b81dcbefc7da6360b4353f09d6e1331ee90a541 | |
| parent | 600eb0eb0036631b7e6d8aa7cddbc378368c002c (diff) | |
| download | samba-0b92d0838ebdbe24f34f17e313ecbf61a0301389.tar.gz | |
Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
29 files changed, 2554 insertions, 2186 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index 28628658f17..2b490da4f6d 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -154,9 +154,11 @@ RPC_CLIENT_OBJ = \ LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o -PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o passdb/secrets.o \ - passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o \ - passdb/tdbpass.o +PASSDB_OBJ = passdb/passdb.o passdb/secrets.o \ + passdb/pass_check.o passdb/smbpassfile.o \ + passdb/machine_sid.o passdb/pdb_smbpasswd.o + +# passdb/smbpass.o passdb/ldap.o passdb/nispass.o PROFILE_OBJ = profile/profile.o @@ -239,6 +241,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o lib/msrpc-client.o $(PARAM_OBJ) \ $(LIBSMB_OBJ) $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) +TDBEDIT_OBJ = utils/tdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + RPCCLIENT_OBJ1 = rpcclient/rpcclient.o \ lib/cmd_interp.o lib/util_list.o \ lib/msrpc-client.o \ @@ -481,6 +486,10 @@ bin/smbpasswd: $(SMBPASSWD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS) +bin/tdbedit: $(TDBEDIT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(TDBEDIT_OBJ) $(LDFLAGS) $(LIBS) + bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS) diff --git a/source/include/proto.h b/source/include/proto.h index 066d7e7f803..c18d013f62f 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1332,6 +1332,7 @@ char *lp_smbrun(void); char *lp_configfile(void); char *lp_tdb_passwd_file(void); char *lp_smb_passwd_file(void); +char *lp_passdb_module_path(void); char *lp_serverstring(void); char *lp_printcapname(void); char *lp_enumports_cmd(void); @@ -1603,13 +1604,9 @@ BOOL pm_process( char *FileName, BOOL (*sfunc)(char *), BOOL (*pfunc)(char *, char *) ); -/*The following definitions come from passdb/ldap.c */ +/*The following definitions come from passdb/machine_sid.c */ -struct passdb_ops *ldap_initialize_password_db(void); - -/*The following definitions come from passdb/nispass.c */ - -struct passdb_ops *nisplus_initialize_password_db(void); +BOOL pdb_generate_sam_sid(void); /*The following definitions come from passdb/pass_check.c */ @@ -1619,49 +1616,15 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, /*The following definitions come from passdb/passdb.c */ -BOOL initialize_password_db(void); -struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid); -struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid); -struct smb_passwd *iterate_getsmbpwnam(char *name); -void *startsmbpwent(BOOL update); -void endsmbpwent(void *vp); -struct smb_passwd *getsmbpwent(void *vp); -BOOL add_smbpwd_entry(struct smb_passwd *newpwd); -BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override); -BOOL del_smbpwd_entry(const char *name); -struct smb_passwd *getsmbpwnam(char *name); -struct smb_passwd *getsmbpwrid(uint32 user_rid); -struct smb_passwd *getsmbpwuid(uid_t smb_userid); -struct sam_passwd *iterate_getsam21pwnam(char *name); -struct sam_passwd *iterate_getsam21pwrid(uint32 rid); -struct sam_passwd *iterate_getsam21pwuid(uid_t uid); -struct sam_disp_info *getsamdisprid(uint32 rid); -struct sam_passwd *getsam21pwent(void *vp); -struct sam_passwd *getsam21pwnam(char *name); -struct sam_passwd *getsam21pwrid(uint32 rid); -BOOL add_sam21pwd_entry(struct sam_passwd *pwd); -BOOL mod_sam21pwd_entry(struct sam_passwd *pwd, BOOL override); -void pdb_init_smb(struct smb_passwd *user); -void pdb_init_sam(struct sam_passwd *user); -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user); -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user); -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user); -void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from); -void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from); -void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from); +BOOL initialize_password_db(BOOL reload); +void pdb_init_sam(SAM_ACCOUNT *user); +void pdb_clear_sam(SAM_ACCOUNT *user); +struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user); char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); uint16 pdb_decode_acct_ctrl(const char *p); -time_t pdb_get_last_set_time(const char *p); -void pdb_set_logon_time(char *p, int max_len, time_t t); -void pdb_set_logoff_time(char *p, int max_len, time_t t); -void pdb_set_kickoff_time(char *p, int max_len, time_t t); -void pdb_set_can_change_time(char *p, int max_len, time_t t); -void pdb_set_must_change_time(char *p, int max_len, time_t t); -void pdb_set_last_set_time(char *p, int max_len, time_t t); void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl); BOOL pdb_gethexpwd(char *p, unsigned char *pwd); BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); -BOOL pdb_generate_sam_sid(void); uid_t pdb_user_rid_to_uid(uint32 user_rid); gid_t pdb_user_rid_to_gid(uint32 user_rid); uint32 pdb_uid_to_user_rid(uid_t uid); @@ -1673,6 +1636,78 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid); BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type); DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid); BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type); +void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from); +void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from); +void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from); +BOOL local_password_change(char *user_name, int local_flags, + char *new_passwd, + char *err_str, size_t err_str_len, + char *msg_str, size_t msg_str_len); +uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass); +time_t pdb_get_logon_time (SAM_ACCOUNT *sampass); +time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass); +time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass); +time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass); +time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass); +time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass); +uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass); +uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass); +uint8* pdb_get_hours (SAM_ACCOUNT *sampass); +BYTE* pdb_get_nt_passwd (SAM_ACCOUNT *sampass); +BYTE* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass); +uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass); +uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass); +uid_t pdb_get_uid (SAM_ACCOUNT *sampass); +gid_t pdb_get_gid (SAM_ACCOUNT *sampass); +char* pdb_get_username (SAM_ACCOUNT *sampass); +char* pdb_get_domain (SAM_ACCOUNT *sampass); +char* pdb_get_nt_username (SAM_ACCOUNT *sampass); +char* pdb_get_fullname (SAM_ACCOUNT *sampass); +char* pdb_get_homedir (SAM_ACCOUNT *sampass); +char* pdb_get_dirdrive (SAM_ACCOUNT *sampass); +char* pdb_get_logon_script (SAM_ACCOUNT *sampass); +char* pdb_get_profile_path (SAM_ACCOUNT *sampass); +char* pdb_get_acct_desc (SAM_ACCOUNT *sampass); +char* pdb_get_workstations (SAM_ACCOUNT *sampass); +char* pdb_get_munged_dial (SAM_ACCOUNT *sampass); +uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass); +uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass); +uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass); +BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags); +BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t time); +BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len); +BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours); +BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid); +BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid); +BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid); +BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid); +BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username); +BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain); +BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username); +BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname); +BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script); +BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path); +BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive); +BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir); +BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, BYTE *pwd); +BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, BYTE *pwd); + +/*The following definitions come from passdb/pdb_smbpasswd.c */ + +BOOL pdb_setsampwent (BOOL update); +void pdb_endsampwent (void); +SAM_ACCOUNT* pdb_getsampwent (void); +SAM_ACCOUNT* pdb_getsampwnam (char *username); +SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); +SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); +BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); +BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); +BOOL pdb_delete_sam_account (char* username); /*The following definitions come from passdb/secrets.c */ @@ -1686,28 +1721,10 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], time_t *pass_last_set_time); BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]); -/*The following definitions come from passdb/smbpass.c */ - -char *format_new_smbpasswd_entry(struct smb_passwd *newpwd); -struct passdb_ops *file_initialize_password_db(void); - -/*The following definitions come from passdb/smbpasschange.c */ - -BOOL local_password_change(char *user_name, int local_flags, - char *new_passwd, - char *err_str, size_t err_str_len, - char *msg_str, size_t msg_str_len); - /*The following definitions come from passdb/smbpassfile.c */ -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth); -BOOL pw_file_unlock(int fd, int *plock_depth); BOOL trust_password_delete(char *domain); -/*The following definitions come from passdb/tdbpass.c */ - -struct passdb_ops *tdb_initialize_password_db(void); - /*The following definitions come from printing/load.c */ void add_all_printers(void); @@ -1731,7 +1748,8 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count); int get_ntdrivers(fstring **list, char *architecture, uint32 version); BOOL get_short_archi(char *short_archi, char *long_archi); uint32 clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level); -BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user, uint32 *perr); +BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, struct current_user *user, uint32 *perr); uint32 get_a_printer_driver_9x_compatible(pstring line, fstring model); uint32 del_a_printer(char *sharename); BOOL add_a_specific_param(NT_PRINTER_INFO_LEVEL_2 *info_2, NT_PRINTER_PARAM *param); @@ -1808,6 +1826,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode); /*The following definitions come from profile/profile.c */ void profile_message(int msg_type, pid_t src, void *buf, size_t len); +void reqprofile_message(int msg_type, pid_t src, void *buf, size_t len); BOOL profile_setup(BOOL rdonly); /*The following definitions come from rpc_client/cli_connect.c */ @@ -2333,38 +2352,12 @@ void init_sam_info(DOM_SAM_INFO *sam, char *logon_srv, char *comp_name, DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, uint16 logon_level, NET_ID_INFO_CTR *ctr); -void init_net_user_info3(NET_USER_INFO_3 *usr, - - NTTIME *logon_time, - NTTIME *logoff_time, - NTTIME *kickoff_time, - NTTIME *pass_last_set_time, - NTTIME *pass_can_change_time, - NTTIME *pass_must_change_time, - - char *user_name, - char *full_name, - char *logon_script, - char *profile_path, - char *home_dir, - char *dir_drive, - - uint16 logon_count, - uint16 bad_pw_count, - - uint32 user_id, - uint32 group_id, - uint32 num_groups, - DOM_GID *gids, - uint32 user_flgs, - - char *sess_key, - - char *logon_srv, - char *logon_dom, - - DOM_SID *dom_sid, - char *other_sids); +void init_net_user_info3(NET_USER_INFO_3 *usr, SAM_ACCOUNT *sampw, + uint16 logon_count, uint16 bad_pw_count, + uint32 num_groups, DOM_GID *gids, + uint32 user_flgs, char *sess_key, + char *logon_srv, char *logon_dom, + DOM_SID *dom_sid, char *other_sids); void free_user_info3(NET_USER_INFO_3 *usr); BOOL net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth); BOOL net_io_r_sam_logon(char *desc, NET_R_SAM_LOGON *r_l, prs_struct *ps, int depth); @@ -2658,34 +2651,7 @@ void init_sam_user_info11(SAM_USER_INFO_11 *usr, uint32 rid_group, uint16 acct_ctrl); BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 *usr, prs_struct *ps, int depth); -void init_sam_user_info21(SAM_USER_INFO_21 *usr, - NTTIME *logon_time, - NTTIME *logoff_time, - NTTIME *kickoff_time, - NTTIME *pass_last_set_time, - NTTIME *pass_can_change_time, - NTTIME *pass_must_change_time, - - char *user_name, - char *full_name, - char *home_dir, - char *dir_drive, - char *logon_script, - char *profile_path, - char *description, - char *workstations, - char *unknown_str, - char *munged_dial, - - uint32 user_rid, - uint32 group_rid, - uint16 acb_info, - - uint32 unknown_3, - uint16 logon_divs, - LOGON_HRS *hrs, - uint32 unknown_5, - uint32 unknown_6); +void init_sam_user_info21(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw); void init_samr_r_query_userinfo(SAMR_R_QUERY_USERINFO *r_u, uint16 switch_value, void *info, uint32 status); BOOL samr_io_r_query_userinfo(char *desc, SAMR_R_QUERY_USERINFO *r_u, prs_struct *ps, int depth); @@ -3233,12 +3199,8 @@ uint32 _spoolss_enumjobs( POLICY_HND *handle, uint32 firstjob, uint32 numofjobs, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned); uint32 _spoolss_schedulejob( POLICY_HND *handle, uint32 jobid); -uint32 _spoolss_setjob( POLICY_HND *handle, - uint32 jobid, - uint32 level, - pipes_struct *p, - JOB_INFO *ctr, - uint32 command); +uint32 _spoolss_setjob(POLICY_HND *handle, uint32 jobid, uint32 level, + pipes_struct *p, JOB_INFO *ctr, uint32 command); uint32 _spoolss_enumprinterdrivers( UNISTR2 *name, UNISTR2 *environment, uint32 level, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned); @@ -3392,8 +3354,8 @@ void process_blocking_lock_queue(time_t t); BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root); BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root); BOOL check_lanman_password(char *user, uchar * pass1, - uchar * pass2, struct smb_passwd **psmbpw); -BOOL change_lanman_password(struct smb_passwd *smbpw, uchar * pass1, + uchar * pass2, SAM_ACCOUNT **hnd); +BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1, uchar * pass2); BOOL pass_oem_change(char *user, uchar * lmdata, uchar * lmhash, @@ -3401,12 +3363,12 @@ BOOL pass_oem_change(char *user, BOOL check_oem_password(char *user, uchar * lmdata, uchar * lmhash, uchar * ntdata, uchar * nthash, - struct smb_passwd **psmbpw, char *new_passwd, + SAM_ACCOUNT **hnd, char *new_passwd, int new_passwd_size); -BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, +BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd, BOOL override); BOOL check_plaintext_password(char *user, char *old_passwd, - int old_passwd_size, struct smb_passwd **psmbpw); + int old_passwd_size, SAM_ACCOUNT **hnd); #endif /*The following definitions come from smbd/close.c */ @@ -3673,11 +3635,10 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, char *domain,BOOL guest); void add_session_user(char *user); BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8); -BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], +BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8], uchar lm_pass[24], uchar nt_pass[24]); -BOOL pass_check_smb(char *user, char *domain, - uchar *chal, uchar *lm_pwd, uchar *nt_pwd, - struct passwd *pwd); +BOOL pass_check_smb(char *user, char *domain, uchar *chal, + uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd); BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd); BOOL user_ok(char *user,int snum); BOOL authorise_login(int snum,char *user,char *password, int pwlen, diff --git a/source/include/rpc_misc.h b/source/include/rpc_misc.h index d3e56634a93..1fbf87f134f 100644 --- a/source/include/rpc_misc.h +++ b/source/include/rpc_misc.h @@ -335,4 +335,5 @@ typedef struct uint64_s uint32 high; } UINT64_S; + #endif /* _RPC_MISC_H */ diff --git a/source/include/smb.h b/source/include/smb.h index b1efb4260a5..57a62b7f1f0 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -36,6 +36,8 @@ #define True (1) #define Auto (2) +typedef unsigned char BYTE; + #ifndef _BOOL typedef int BOOL; #define _BOOL /* So we don't typedef BOOL again in vfs.h */ @@ -307,58 +309,6 @@ typedef struct nttime_info #define MAX_HOURS_LEN 32 -struct sam_passwd -{ - time_t logon_time; /* logon time */ - time_t logoff_time; /* logoff time */ - time_t kickoff_time; /* kickoff time */ - time_t pass_last_set_time; /* password last set time */ - time_t pass_can_change_time; /* password can change time */ - time_t pass_must_change_time; /* password must change time */ - - char *smb_name; /* username string */ - char *full_name; /* user's full name string */ - char *home_dir; /* home directory string */ - char *dir_drive; /* home directory drive string */ - char *logon_script; /* logon script string */ - char *profile_path; /* profile path string */ - char *acct_desc ; /* user description string */ - char *workstations; /* login from workstations string */ - char *unknown_str ; /* don't know what this is, yet. */ - char *munged_dial ; /* munged path name and dial-back tel number */ - - uid_t smb_userid; /* this is actually the unix uid_t */ - gid_t smb_grpid; /* this is actually the unix gid_t */ - uint32 user_rid; /* Primary User ID */ - uint32 group_rid; /* Primary Group ID */ - - unsigned char *smb_passwd; /* Null if no password */ - unsigned char *smb_nt_passwd; /* Null if no password */ - - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - uint32 unknown_3; /* 0x00ff ffff */ - - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 hours[MAX_HOURS_LEN]; - - uint32 unknown_5; /* 0x0002 0000 */ - uint32 unknown_6; /* 0x0000 04ec */ -}; - -struct smb_passwd -{ - uid_t smb_userid; /* this is actually the unix uid_t */ - char *smb_name; /* username string */ - - unsigned char *smb_passwd; /* Null if no password */ - unsigned char *smb_nt_passwd; /* Null if no password */ - - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - time_t pass_last_set_time; /* password last set time */ -}; - - struct sam_disp_info { uint32 user_rid; /* Primary User ID */ @@ -701,6 +651,49 @@ typedef struct #define SHAREMODE_FN(fn) \ void (*fn)(share_mode_entry *, char*) +typedef struct sam_passwd +{ + time_t logon_time; /* logon time */ + time_t logoff_time; /* logoff time */ + time_t kickoff_time; /* kickoff time */ + time_t pass_last_set_time; /* password last set time */ + time_t pass_can_change_time; /* password can change time */ + time_t pass_must_change_time; /* password must change time */ + + char *username; /* UNIX username string */ + char *domain; /* Windows Domain name */ + char *nt_username; /* Windows username string */ + char *full_name; /* user's full name string */ + char *home_dir; /* home directory string */ + char *dir_drive; /* home directory drive string */ + char *logon_script; /* logon script string */ + char *profile_path; /* profile path string */ + char *acct_desc ; /* user description string */ + char *workstations; /* login from workstations string */ + char *unknown_str ; /* don't know what this is, yet. */ + char *munged_dial ; /* munged path name and dial-back tel number */ + + uid_t uid; /* this is actually the unix uid_t */ + gid_t gid; /* this is actually the unix gid_t */ + uint32 user_rid; /* Primary User ID */ + uint32 group_rid; /* Primary Group ID */ + + unsigned char *lm_pw; /* Null if no password */ + unsigned char *nt_pw; /* Null if no password */ + + uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ + uint32 unknown_3; /* 0x00ff ffff */ + + uint16 logon_divs; /* 168 - number of hours in a week */ + uint32 hours_len; /* normally 21 bytes */ + uint8 hours[MAX_HOURS_LEN]; + + uint32 unknown_5; /* 0x0002 0000 */ + uint32 unknown_6; /* 0x0000 04ec */ + +} SAM_ACCOUNT; + +#if 0 /* GWC */ /* * Each implementation of the password database code needs * to support the following operations. @@ -755,16 +748,16 @@ struct passdb_ops { struct sam_disp_info *(*getsamdisprid)(uint32); struct sam_disp_info *(*getsamdispent)(void *); -#if 0 /* * password checking functions */ struct smb_passwd *(*smb_password_chal )(char *username, char lm_pass[24], char nt_pass[24], char chal[8]); struct smb_passwd *(*smb_password_check )(char *username, char lm_hash[16], char nt_hash[16]); struct passwd *(*unix_password_check)(char *username, char *pass, int pass_len); -#endif }; +#endif /* 0 */ + /* * Flags for local user manipulation. */ @@ -1667,6 +1660,7 @@ struct ncacn_np }; #include "rpc_creds.h" +#include "rpc_misc.h" #include "rpc_secdes.h" #include "nt_printing.h" diff --git a/source/lib/util_list.c b/source/lib/util_list.c index 5593ccb5186..ea262b5db52 100644 --- a/source/lib/util_list.c +++ b/source/lib/util_list.c @@ -216,6 +216,12 @@ BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src) return True; } +/* ------------------------------------------------------------- + Functions to implement the RpcHandle list + -------------------------------------------------------------- */ + + + /*************************************************************** Return True if the to RPC_HND_NODEs are eqivalent in value. Return False if they are not. Since a POLICY_HND is really @@ -319,3 +325,4 @@ struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd) return located->cli; } + diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 43b0c62f17b..dc2082423b9 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -119,11 +119,12 @@ typedef struct char *szPasswdChat; char *szLogFile; char *szConfigFile; -/*#ifdef WITH_TDBPWD +#ifdef WITH_TDBPWD char *szTDBPasswdFile; -#else*/ +#else char *szSMBPasswdFile; -/* #endif */ +#endif + char *szPassdbModulePath; char *szPasswordServer; char *szSocketOptions; char *szValidChars; @@ -669,6 +670,7 @@ static struct parm_struct parm_table[] = { #else */ {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, /* #endif */ + {"passdb module path", P_STRING, P_GLOBAL, &Globals.szPassdbModulePath, NULL, NULL, 0}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, @@ -1131,14 +1133,13 @@ static void init_globals(void) DEBUG(3, ("Initialising global parameters\n")); -/* #ifdef WITH_TDBPWD - string_set(&Globals.szTDBPasswdFile, TDB_PASSWD_FILE); -#else */ #ifdef WITH_TDBPWD - string_set(&Globals.szSMBPasswdFile, TDB_PASSWD_FILE); + string_set(&Globals.szTDBPasswdFile, TDB_PASSWD_FILE); #else string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE); #endif + string_set(&Globals.szPassdbModulePath, ""); + /* * Allow the default PASSWD_CHAT to be overridden in local.h. */ @@ -1256,7 +1257,8 @@ static void init_globals(void) Globals.sslCompatibility = False; #endif /* WITH_SSL */ -/* these parameters are set to defaults that are more appropriate +/* + these parameters are set to defaults that are more appropriate for the increasing samba install base: as a member of the workgroup, that will possibly become a @@ -1265,7 +1267,6 @@ static void init_globals(void) doesn't provide WINS server service by default (wsupp = False), and doesn't provide domain master browser services by default, either. - */ Globals.bMsAddPrinterWizard = True; @@ -1367,11 +1368,12 @@ static char *lp_string(const char *s) FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile) FN_GLOBAL_STRING(lp_smbrun, &Globals.szSmbrun) FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile) -/* #ifdef WITH_TDBPWD +#ifdef WITH_TDBPWD FN_GLOBAL_STRING(lp_tdb_passwd_file, &Globals.szTDBPasswdFile) -#else */ +#else FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile) -/* #endif */ +#endif +FN_GLOBAL_STRING(lp_passdb_module_path, &Globals.szPassdbModulePath) FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString) FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname) FN_GLOBAL_STRING(lp_enumports_cmd, &Globals.szEnumPortsCommand) diff --git a/source/passdb/machine_sid.c b/source/passdb/machine_sid.c new file mode 100644 index 00000000000..f714106b431 --- /dev/null +++ b/source/passdb/machine_sid.c @@ -0,0 +1,260 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Password and authentication handling + Copyright (C) Jeremy Allison 1996-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/**************************************************************************** + Read the machine SID from a file. +****************************************************************************/ + +static BOOL read_sid_from_file(int fd, char *sid_file) +{ + fstring fline; + + memset(fline, '\0', sizeof(fline)); + + if(read(fd, fline, sizeof(fline) -1 ) < 0) { + DEBUG(0,("unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + return False; + } + + /* + * Convert to the machine SID. + */ + + fline[sizeof(fline)-1] = '\0'; + if(!string_to_sid( &global_sam_sid, fline)) { + DEBUG(0,("unable to generate machine SID.\n")); + return False; + } + + return True; +} + +/**************************************************************************** + Generate the global machine sid. Look for the MACHINE.SID file first, if + not found then look in smb.conf and use it to create the MACHINE.SID file. + Note this function will be replaced soon. JRA. +****************************************************************************/ + +BOOL pdb_generate_sam_sid(void) +{ + int fd; + char *p; + pstring sid_file; + fstring sid_string; + SMB_STRUCT_STAT st; + BOOL overwrite_bad_sid = False; + + generate_wellknown_sids(); + + pstrcpy(sid_file, lp_smb_passwd_file()); + p = strrchr(sid_file, '/'); + if(p != NULL) { + *++p = '\0'; + } + + if (!directory_exist(sid_file, NULL)) { + if (mkdir(sid_file, 0700) != 0) { + DEBUG(0,("can't create private directory %s : %s\n", + sid_file, strerror(errno))); + return False; + } + } + + pstrcat(sid_file, "MACHINE.SID"); + + if((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { + DEBUG(0,("unable to open or create file %s. Error was %s\n", + sid_file, strerror(errno) )); + return False; + } + + /* + * Check if the file contains data. + */ + + if(sys_fstat( fd, &st) < 0) { + DEBUG(0,("unable to stat file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(st.st_size > 0) { + /* + * We have a valid SID - read it. + */ + if(!read_sid_from_file( fd, sid_file)) { + DEBUG(0,("unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + /* + * JRA. Reversed the sense of this test now that I have + * actually done this test *personally*. One more reason + * to never trust third party information you have not + * independently verified.... sigh. JRA. + */ + + if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 0x21) { + /* + * Fix and re-write... + */ + overwrite_bad_sid = True; + global_sam_sid.sub_auths[0] = 21; + DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of hex 21 \ +detected - re-writing to be decimal 21 instead.\n" )); + sid_to_string(sid_string, &global_sam_sid); + if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) { + DEBUG(0,("unable to seek file file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + } else { + close(fd); + return True; + } + } else { + /* + * The file contains no data - we need to generate our + * own sid. + * Generate the new sid data & turn it into a string. + */ + int i; + uchar raw_sid_data[12]; + DOM_SID mysid; + + memset((char *)&mysid, '\0', sizeof(DOM_SID)); + mysid.sid_rev_num = 1; + mysid.id_auth[5] = 5; + mysid.num_auths = 0; + mysid.sub_auths[mysid.num_auths++] = 21; + + generate_random_buffer( raw_sid_data, 12, True); + for( i = 0; i < 3; i++) + mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4); + + sid_to_string(sid_string, &mysid); + } + + fstrcat(sid_string, "\n"); + + /* + * Ensure our new SID is valid. + */ + + if(!string_to_sid( &global_sam_sid, sid_string)) { + DEBUG(0,("unable to generate machine SID.\n")); + return False; + } + + /* + * Do an exclusive blocking lock on the file. + */ + + if(!do_file_lock( fd, 60, F_WRLCK)) { + DEBUG(0,("unable to lock file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(!overwrite_bad_sid) { + /* + * At this point we have a blocking lock on the SID + * file - check if in the meantime someone else wrote + * SID data into the file. If so - they were here first, + * use their data. + */ + + if(sys_fstat( fd, &st) < 0) { + DEBUG(0,("unable to stat file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + + if(st.st_size > 0) { + /* + * Unlock as soon as possible to reduce + * contention on the exclusive lock. + */ + do_file_lock( fd, 60, F_UNLCK); + + /* + * We have a valid SID - read it. + */ + + if(!read_sid_from_file( fd, sid_file)) { + DEBUG(0,("unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + close(fd); + return True; + } + } + + /* + * The file is still empty and we have an exlusive lock on it, + * or we're fixing an earlier mistake. + * Write out out SID data into the file. + */ + + /* + * Use chmod here as some (strange) UNIX's don't + * have fchmod. JRA. + */ + + if(chmod(sid_file, 0644) < 0) { + DEBUG(0,("unable to set correct permissions on file %s. \ +Error was %s\n", sid_file, strerror(errno) )); + do_file_lock( fd, 60, F_UNLCK); + close(fd); + return False; + } + + if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { + DEBUG(0,("unable to write file %s. Error was %s\n", + sid_file, strerror(errno) )); + do_file_lock( fd, 60, F_UNLCK); + close(fd); + return False; + } + + /* + * Unlock & exit. + */ + + do_file_lock( fd, 60, F_UNLCK); + close(fd); + return True; +} + + diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 7bf9c1bae26..5b5b2e8a98b 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -2,8 +2,9 @@ Unix SMB/Netbios implementation. Version 1.9. Password and authentication handling - Copyright (C) Jeremy Allison 1996-1998 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Jeremy Allison 1996-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +21,7 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include <dlfcn.h> #include "includes.h" extern int DEBUGLEVEL; @@ -58,711 +60,186 @@ extern fstring global_myworkgroup; * */ -static struct passdb_ops *pdb_ops; +struct passdb_ops *pdb_ops; + +static void* pdb_handle = NULL; /*************************************************************** Initialize the password db operations. ***************************************************************/ - -BOOL initialize_password_db(void) -{ - if (pdb_ops) - { - return True; - } - -#ifdef WITH_NISPLUS - pdb_ops = nisplus_initialize_password_db(); -#elif defined(WITH_LDAP) - pdb_ops = ldap_initialize_password_db(); -#elif defined(WITH_TDBPWD) - pdb_ops = tdb_initialize_password_db(); -#else - pdb_ops = file_initialize_password_db(); -#endif - - return (pdb_ops != NULL); -} - -/* - * Functions that return/manipulate a struct smb_passwd. - */ - -/************************************************************************ - Utility function to search smb passwd by rid. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) -{ - return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid)); -} - -/************************************************************************ - Utility function to search smb passwd by uid. use this if your database - does not have search facilities. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); - - /* Open the smb password database - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb password database.\n")); - return NULL; - } - - while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search smb passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbpwnam(char *name) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the sam password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb password database.\n")); - return NULL; - } - - while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name)) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbpwent(fp); - return pwd; -} - -/*************************************************************** - Start to enumerate the smb or sam passwd list. Returns a void pointer - to ensure no modification outside this module. - - Note that currently it is being assumed that a pointer returned - from this function may be used to enumerate struct sam_passwd - entries as well as struct smb_passwd entries. This may need - to change. JRA. - -****************************************************************/ - -void *startsmbpwent(BOOL update) -{ - return pdb_ops->startsmbpwent(update); -} - -/*************************************************************** - End enumeration of the smb or sam passwd list. - - Note that currently it is being assumed that a pointer returned - from this function may be used to enumerate struct sam_passwd - entries as well as struct smb_passwd entries. This may need - to change. JRA. - -****************************************************************/ - -void endsmbpwent(void *vp) -{ - pdb_ops->endsmbpwent(vp); -} - -/************************************************************************* - Routine to return the next entry in the smb passwd list. - *************************************************************************/ - -struct smb_passwd *getsmbpwent(void *vp) -{ - return pdb_ops->getsmbpwent(vp); -} - -/************************************************************************ - Routine to add an entry to the smb passwd file. -*************************************************************************/ - -BOOL add_smbpwd_entry(struct smb_passwd *newpwd) -{ - return pdb_ops->add_smbpwd_entry(newpwd); -} - -/************************************************************************ - Routine to search the smb passwd file for an entry matching the username. - and then modify its password entry. We can't use the startsampwent()/ - getsampwent()/endsampwent() interfaces here as we depend on looking - in the actual file to decide how much room we have to write data. - override = False, normal - override = True, override XXXXXXXX'd out password or NO PASS -************************************************************************/ - -BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) -{ - return pdb_ops->mod_smbpwd_entry(pwd, override); -} - -/************************************************************************ - Routine to delete an entry from the smb passwd file. -*************************************************************************/ - -BOOL del_smbpwd_entry(const char *name) -{ - return pdb_ops->del_smbpwd_entry(name); -} - -/************************************************************************ - Routine to search smb passwd by name. -*************************************************************************/ - -struct smb_passwd *getsmbpwnam(char *name) -{ - return pdb_ops->getsmbpwnam(name); -} - -/************************************************************************ - Routine to search smb passwd by user rid. -*************************************************************************/ - -struct smb_passwd *getsmbpwrid(uint32 user_rid) -{ - return pdb_ops->getsmbpwrid(user_rid); -} - -/************************************************************************ - Routine to search smb passwd by uid. -*************************************************************************/ - -struct smb_passwd *getsmbpwuid(uid_t smb_userid) -{ - return pdb_ops->getsmbpwuid(smb_userid); -} - -/* - * Functions that manupulate a struct sam_passwd. - */ - -/************************************************************************ - Utility function to search sam passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwnam(char *name) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the smb password database - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name)) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by rid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwrid(uint32 rid) +BOOL initialize_password_db(BOOL reload) { - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by rid: %x\n", rid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) + char* modulename = lp_passdb_module_path(); + + return True; + + /* load another module? */ + if (reload && pdb_handle) { - DEBUG(10, ("found by user_rid: %x\n", rid)); + dlclose (pdb_handle); + pdb_handle = NULL; } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by uid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwuid(uid_t uid) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by uid: %x\n", (int)uid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) + + /* do we have a module defined or use the default? */ + if (strlen (modulename) != 0) { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid) - ; - - if (pwd != NULL) + if ((pdb_handle=dlopen (modulename, RTLD_LAZY)) == NULL) + { + DEBUG(0,("initialize_password_db: ERROR - Unable to open passdb module \"%s\"!\n%s\n", + modulename, dlerror())); + } + else + DEBUG(1,("initialize_password_db: passdb module \"%s\" loaded successfully\n", modulename)); + } + + /* either no module name defined or the one that was failed + to open. Let's try the default */ + if (pdb_handle == NULL) { - DEBUG(10, ("found by smb_userid: %x\n", (int)uid)); + if ((pdb_handle=dlopen ("libpdbfile.so", RTLD_LAZY)) == NULL) + { + DEBUG(0,("initialize_password_db: ERROR - Unable to open \"libpdbfile.so\" passdb module! No user authentication possible!\n%s\n", + dlerror())); + return False; + } + else + DEBUG(1,("initialize_password_db: passdb module \"libpdbfile.so\" loaded successfully\n")); } + - endsmbpwent(fp); - return pwd; -} - -/************************************************************************* - Routine to return a display info structure, by rid - *************************************************************************/ -struct sam_disp_info *getsamdisprid(uint32 rid) -{ - return pdb_ops->getsamdisprid(rid); -} - -/************************************************************************* - Routine to return the next entry in the sam passwd list. - *************************************************************************/ - -struct sam_passwd *getsam21pwent(void *vp) -{ - return pdb_ops->getsam21pwent(vp); -} - - -/************************************************************************ - Routine to search sam passwd by name. -*************************************************************************/ - -struct sam_passwd *getsam21pwnam(char *name) -{ - return pdb_ops->getsam21pwnam(name); -} - -/************************************************************************ - Routine to search sam passwd by rid. -*************************************************************************/ - -struct sam_passwd *getsam21pwrid(uint32 rid) -{ - return pdb_ops->getsam21pwrid(rid); -} - -/************************************************************************ - Routine to add a SAM entry to the smb passwd file. -*************************************************************************/ - -BOOL add_sam21pwd_entry(struct sam_passwd *pwd) -{ - return pdb_ops->add_sam21pwd_entry(pwd); -} - -/************************************************************************ - Routine to modify a SAM entry to the smb passwd file. -*************************************************************************/ - -BOOL mod_sam21pwd_entry(struct sam_passwd *pwd, BOOL override) -{ - return pdb_ops->mod_sam21pwd_entry(pwd, override); + return (pdb_handle != NULL); } -/********************************************************** - ********************************************************** - - utility routines which are likely to be useful to all password - databases - - ********************************************************** - **********************************************************/ - /************************************************************* initialises a struct sam_disp_info. **************************************************************/ - static void pdb_init_dispinfo(struct sam_disp_info *user) { - if (user == NULL) return; - memset((char *)user, '\0', sizeof(*user)); -} - -/************************************************************* - initialises a struct smb_passwd. - **************************************************************/ - -void pdb_init_smb(struct smb_passwd *user) -{ - if (user == NULL) return; - memset((char *)user, '\0', sizeof(*user)); - user->pass_last_set_time = (time_t)-1; + if (user == NULL) + return; + ZERO_STRUCTP(user); } /************************************************************* initialises a struct sam_passwd. - **************************************************************/ -void pdb_init_sam(struct sam_passwd *user) + ************************************************************/ +void pdb_init_sam(SAM_ACCOUNT *user) { - if (user == NULL) return; - memset((char *)user, '\0', sizeof(*user)); + if (user == NULL) + return; + + ZERO_STRUCTP(user); + user->logon_time = (time_t)-1; user->logoff_time = (time_t)-1; user->kickoff_time = (time_t)-1; user->pass_last_set_time = (time_t)-1; user->pass_can_change_time = (time_t)-1; user->pass_must_change_time = (time_t)-1; + + user->unknown_3 = 0x00ffffff; /* don't know */ + user->logon_divs = 168; /* hours per week */ + user->hours_len = 21; /* 21 times 8 bits = 168 */ + memset(user->hours, 0xff, user->hours_len); /* available at all hours */ + user->unknown_5 = 0x00020000; /* don't know */ + user->unknown_5 = 0x000004ec; /* don't know */ + } +/************************************************************ + free all pointer members and then reinit the SAM_ACCOUNT + ***********************************************************/ +void pdb_clear_sam(SAM_ACCOUNT *user) +{ + if (user == NULL) + return; + + /* clear all pointer members */ + if (user->username) + free(user->username); + if (user->full_name) + free(user->full_name); + if (user->home_dir) + free(user->home_dir); + if (user->dir_drive) + free(user->dir_drive); + if (user->logon_script) + free(user->logon_script); + if (user->profile_path) + free(user->profile_path); + if (user->acct_desc) + free(user->acct_desc); + if (user->workstations) + free(user->workstations); + if (user->unknown_str) + free(user->unknown_str); + if (user->munged_dial) + free(user->munged_dial); + + if (user->lm_pw) + free(user->lm_pw); + if (user->nt_pw) + free(user->nt_pw); + + + /* now initialize */ + pdb_init_sam(user); + +} + + /************************************************************************* Routine to return the next entry in the sam passwd list. *************************************************************************/ - -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) +struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user) { static struct sam_disp_info disp_info; - if (user == NULL) return NULL; + if (user == NULL) + return NULL; pdb_init_dispinfo(&disp_info); - disp_info.smb_name = user->smb_name; + disp_info.smb_name = user->username; disp_info.full_name = user->full_name; disp_info.user_rid = user->user_rid; return &disp_info; } -/************************************************************* - converts a sam_passwd structure to a smb_passwd structure. - **************************************************************/ - -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) -{ - static struct smb_passwd pw_buf; - - if (user == NULL) return NULL; - - pdb_init_smb(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - - -/************************************************************* - converts a smb_passwd structure to a sam_passwd structure. - **************************************************************/ - -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) -{ - static struct sam_passwd pw_buf; - - if (user == NULL) return NULL; - - pdb_init_sam(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - -static void select_name(fstring *string, char **name, const UNISTR2 *from) -{ - if (from->buffer != 0) - { - unistr2_to_ascii(*string, from, sizeof(*string)); - *name = *string; - } -} - -/************************************************************* - copies a sam passwd. - **************************************************************/ -void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from) -{ - static fstring smb_name; - static fstring full_name; - static fstring home_dir; - static fstring dir_drive; - static fstring logon_script; - static fstring profile_path; - static fstring acct_desc; - static fstring workstations; - static fstring unknown_str; - static fstring munged_dial; - - if (from == NULL || to == NULL) return; - - to->logon_time = nt_time_to_unix(&from->logon_time); - to->logoff_time = nt_time_to_unix(&from->logoff_time); - to->kickoff_time = nt_time_to_unix(&from->kickoff_time); - to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time); - to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time); - to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time); - - select_name(&smb_name , &to->smb_name , &from->uni_user_name ); - select_name(&full_name , &to->full_name , &from->uni_full_name ); - select_name(&home_dir , &to->home_dir , &from->uni_home_dir ); - select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive ); - select_name(&logon_script, &to->logon_script, &from->uni_logon_script); - select_name(&profile_path, &to->profile_path, &from->uni_profile_path); - select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc ); - select_name(&workstations, &to->workstations, &from->uni_workstations); - select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str ); - select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial ); - - to->smb_userid = (uid_t)-1; - to->smb_grpid = (gid_t)-1; - to->user_rid = from->user_rid; - to->group_rid = from->group_rid; - - to->smb_passwd = NULL; - to->smb_nt_passwd = NULL; - - to->acct_ctrl = from->acb_info; - to->unknown_3 = from->unknown_3; - - to->logon_divs = from->logon_divs; - to->hours_len = from->logon_hrs.len; - memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN); - - to->unknown_5 = from->unknown_5; - to->unknown_6 = from->unknown_6; -} - -/************************************************************* - copies a sam passwd. - **************************************************************/ -void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from) -{ - static fstring smb_name; - static fstring full_name; - static fstring home_dir; - static fstring dir_drive; - static fstring logon_script; - static fstring profile_path; - static fstring acct_desc; - static fstring workstations; - static fstring unknown_str; - static fstring munged_dial; - - if (from == NULL || to == NULL) return; - - to->logon_time = nt_time_to_unix(&from->logon_time); - to->logoff_time = nt_time_to_unix(&from->logoff_time); - to->kickoff_time = nt_time_to_unix(&from->kickoff_time); - to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time); - to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time); - to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time); - - select_name(&smb_name , &to->smb_name , &from->uni_user_name ); - select_name(&full_name , &to->full_name , &from->uni_full_name ); - select_name(&home_dir , &to->home_dir , &from->uni_home_dir ); - select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive ); - select_name(&logon_script, &to->logon_script, &from->uni_logon_script); - select_name(&profile_path, &to->profile_path, &from->uni_profile_path); - select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc ); - select_name(&workstations, &to->workstations, &from->uni_workstations); - select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str ); - select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial ); - - to->smb_userid = (uid_t)-1; - to->smb_grpid = (gid_t)-1; - to->user_rid = from->user_rid; - to->group_rid = from->group_rid; - - to->smb_passwd = NULL; - to->smb_nt_passwd = NULL; - - to->acct_ctrl = from->acb_info; - to->unknown_3 = from->unknown_3; - - to->logon_divs = from->logon_divs; - to->hours_len = from->logon_hrs.len; - memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN); - - to->unknown_5 = from->unknown_5; - to->unknown_6 = from->unknown_6; -} - - -/************************************************************* - copies a sam passwd. - **************************************************************/ -void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from) -{ - static fstring smb_name=""; - static fstring full_name=""; - static fstring home_dir=""; - static fstring dir_drive=""; - static fstring logon_script=""; - static fstring profile_path=""; - static fstring acct_desc=""; - static fstring workstations=""; - static fstring unknown_str=""; - static fstring munged_dial=""; - - if (from == NULL || to == NULL) return; - - memcpy(to, from, sizeof(*from)); - - if (from->smb_name != NULL) { - fstrcpy(smb_name , from->smb_name); - to->smb_name = smb_name; - } - - if (from->full_name != NULL) { - fstrcpy(full_name, from->full_name); - to->full_name = full_name; - } - - if (from->home_dir != NULL) { - fstrcpy(home_dir , from->home_dir); - to->home_dir = home_dir; - } - - if (from->dir_drive != NULL) { - fstrcpy(dir_drive , from->dir_drive); - to->dir_drive = dir_drive; - } - - if (from->logon_script != NULL) { - fstrcpy(logon_script , from->logon_script); - to->logon_script = logon_script; - } - - if (from->profile_path != NULL) { - fstrcpy(profile_path , from->profile_path); - to->profile_path = profile_path; - } - - if (from->acct_desc != NULL) { - fstrcpy(acct_desc , from->acct_desc); - to->acct_desc = acct_desc; - } - - if (from->workstations != NULL) { - fstrcpy(workstations , from->workstations); - to->workstations = workstations; - } - - if (from->unknown_str != NULL) { - fstrcpy(unknown_str , from->unknown_str); - to->unknown_str = unknown_str; - } - - if (from->munged_dial != NULL) { - fstrcpy(munged_dial , from->munged_dial); - to->munged_dial = munged_dial; - } -} /********************************************************** Encode the account control bits into a string. length = length of string to encode into (including terminating null). length *MUST BE MORE THAN 2* ! **********************************************************/ - char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) { - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) { acct_str[i] = ' '; } - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; + static fstring acct_str; + size_t i = 0; + + acct_str[i++] = '['; + + if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; + if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; + if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; + if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; + if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; + if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; + if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; + if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; + if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; + if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; + if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; + + for ( ; i < length - 2 ; i++ ) { acct_str[i] = ' '; } + + i = length - 2; + acct_str[i++] = ']'; + acct_str[i++] = '\0'; + + return acct_str; } /********************************************************** @@ -812,102 +289,6 @@ uint16 pdb_decode_acct_ctrl(const char *p) return acct_ctrl; } -/******************************************************************* - gets password-database-format time from a string. - ********************************************************************/ - -static time_t get_time_from_string(const char *p) -{ - int i; - - for (i = 0; i < 8; i++) - { - if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - break; - } - if (i == 8) - { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - return (time_t)strtol(p, NULL, 16); - } - return (time_t)-1; -} - -/******************************************************************* - gets password last set time - ********************************************************************/ - -time_t pdb_get_last_set_time(const char *p) -{ - if (*p && StrnCaseCmp(p, "LCT-", 4)) - { - return get_time_from_string(p + 4); - } - return (time_t)-1; -} - - -/******************************************************************* - sets password-database-format time in a string. - ********************************************************************/ -static void set_time_in_string(char *p, int max_len, char *type, time_t t) -{ - slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); -} - -/******************************************************************* - sets logon time - ********************************************************************/ -void pdb_set_logon_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LNT", t); -} - -/******************************************************************* - sets logoff time - ********************************************************************/ -void pdb_set_logoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LOT", t); -} - -/******************************************************************* - sets kickoff time - ********************************************************************/ -void pdb_set_kickoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "KOT", t); -} - -/******************************************************************* - sets password can change time - ********************************************************************/ -void pdb_set_can_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "CCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pdb_set_must_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "MCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pdb_set_last_set_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LCT", t); -} - - /************************************************************* Routine to set 32 hex password characters from a 16 byte array. **************************************************************/ @@ -924,6 +305,7 @@ void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl) safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); } } + /************************************************************* Routine to get the 32 hex characters and turn them into a 16 byte array. @@ -959,10 +341,9 @@ BOOL pdb_gethexpwd(char *p, unsigned char *pwd) /******************************************************************* Group and User RID username mapping function ********************************************************************/ - BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) { - struct passwd *pw = Get_Pwnam(user_name, False); + struct passwd *pw = Get_Pwnam(user_name, False); if (u_rid == NULL || g_rid == NULL || user_name == NULL) { @@ -996,243 +377,9 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) return True; } -/**************************************************************************** - Read the machine SID from a file. -****************************************************************************/ - -static BOOL read_sid_from_file(int fd, char *sid_file) -{ - fstring fline; - - memset(fline, '\0', sizeof(fline)); - - if(read(fd, fline, sizeof(fline) -1 ) < 0) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Convert to the machine SID. - */ - - fline[sizeof(fline)-1] = '\0'; - if(!string_to_sid( &global_sam_sid, fline)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - return True; -} - -/**************************************************************************** - Generate the global machine sid. Look for the MACHINE.SID file first, if - not found then look in smb.conf and use it to create the MACHINE.SID file. - Note this function will be replaced soon. JRA. -****************************************************************************/ - -BOOL pdb_generate_sam_sid(void) -{ - int fd; - char *p; - pstring sid_file; - fstring sid_string; - SMB_STRUCT_STAT st; - BOOL overwrite_bad_sid = False; - - generate_wellknown_sids(); - - pstrcpy(sid_file, lp_smb_passwd_file()); - p = strrchr(sid_file, '/'); - if(p != NULL) { - *++p = '\0'; - } - - if (!directory_exist(sid_file, NULL)) { - if (mkdir(sid_file, 0700) != 0) { - DEBUG(0,("can't create private directory %s : %s\n", - sid_file, strerror(errno))); - return False; - } - } - - pstrcat(sid_file, "MACHINE.SID"); - - if((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { - DEBUG(0,("unable to open or create file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Check if the file contains data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * We have a valid SID - read it. - */ - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * JRA. Reversed the sense of this test now that I have - * actually done this test *personally*. One more reason - * to never trust third party information you have not - * independently verified.... sigh. JRA. - */ - - if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 0x21) { - /* - * Fix and re-write... - */ - overwrite_bad_sid = True; - global_sam_sid.sub_auths[0] = 21; - DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of hex 21 \ -detected - re-writing to be decimal 21 instead.\n" )); - sid_to_string(sid_string, &global_sam_sid); - if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) { - DEBUG(0,("unable to seek file file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - } else { - close(fd); - return True; - } - } else { - /* - * The file contains no data - we need to generate our - * own sid. - * Generate the new sid data & turn it into a string. - */ - int i; - uchar raw_sid_data[12]; - DOM_SID mysid; - - memset((char *)&mysid, '\0', sizeof(DOM_SID)); - mysid.sid_rev_num = 1; - mysid.id_auth[5] = 5; - mysid.num_auths = 0; - mysid.sub_auths[mysid.num_auths++] = 21; - - generate_random_buffer( raw_sid_data, 12, True); - for( i = 0; i < 3; i++) - mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4); - - sid_to_string(sid_string, &mysid); - } - - fstrcat(sid_string, "\n"); - - /* - * Ensure our new SID is valid. - */ - - if(!string_to_sid( &global_sam_sid, sid_string)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - /* - * Do an exclusive blocking lock on the file. - */ - - if(!do_file_lock( fd, 60, F_WRLCK)) { - DEBUG(0,("unable to lock file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(!overwrite_bad_sid) { - /* - * At this point we have a blocking lock on the SID - * file - check if in the meantime someone else wrote - * SID data into the file. If so - they were here first, - * use their data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * Unlock as soon as possible to reduce - * contention on the exclusive lock. - */ - do_file_lock( fd, 60, F_UNLCK); - - /* - * We have a valid SID - read it. - */ - - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - } - - /* - * The file is still empty and we have an exlusive lock on it, - * or we're fixing an earlier mistake. - * Write out out SID data into the file. - */ - - /* - * Use chmod here as some (strange) UNIX's don't - * have fchmod. JRA. - */ - - if(chmod(sid_file, 0644) < 0) { - DEBUG(0,("unable to set correct permissions on file %s. \ -Error was %s\n", sid_file, strerror(errno) )); - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return False; - } - - if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { - DEBUG(0,("unable to write file %s. Error was %s\n", - sid_file, strerror(errno) )); - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return False; - } - - /* - * Unlock & exit. - */ - - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return True; -} /******************************************************************* Converts NT user RID to a UNIX uid. ********************************************************************/ - uid_t pdb_user_rid_to_uid(uint32 user_rid) { return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); @@ -1277,7 +424,6 @@ static BOOL pdb_rid_is_well_known(uint32 rid) /******************************************************************* Decides if a RID is a user or group RID. ********************************************************************/ - BOOL pdb_rid_is_user(uint32 rid) { /* lkcl i understand that NT attaches an enumeration to a RID @@ -1300,7 +446,6 @@ BOOL pdb_rid_is_user(uint32 rid) /******************************************************************* Convert a rid into a name. Used in the lookup SID rpc. ********************************************************************/ - BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) { @@ -1418,10 +563,9 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US /**************************************************************************** Convert a uid to SID - locally. ****************************************************************************/ - DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { - extern DOM_SID global_sam_sid; + extern DOM_SID global_sam_sid; sid_copy(psid, &global_sam_sid); sid_append_rid(psid, pdb_uid_to_user_rid(uid)); @@ -1433,10 +577,10 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) /**************************************************************************** Convert a SID to uid - locally. ****************************************************************************/ - BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; + extern DOM_SID global_sam_sid; + DOM_SID dom_sid; uint32 rid; @@ -1449,7 +593,6 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) * We can only convert to a uid if this is our local * Domain SID (ie. we are the controling authority). */ - if (!sid_equal(&global_sam_sid, &dom_sid)) return False; @@ -1458,7 +601,6 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) /* * Ensure this uid really does exist. */ - if(!sys_getpwuid(*puid)) return False; @@ -1468,7 +610,6 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) /**************************************************************************** Convert a gid to SID - locally. ****************************************************************************/ - DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) { extern DOM_SID global_sam_sid; @@ -1482,7 +623,6 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) /**************************************************************************** Convert a SID to gid - locally. ****************************************************************************/ - BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) { extern DOM_SID global_sam_sid; @@ -1513,3 +653,889 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) return True; } + +static void select_name(fstring *string, char **name, const UNISTR2 *from) +{ + if (from->buffer != 0) + { + unistr2_to_ascii(*string, from, sizeof(*string)); + *name = *string; + } +} + +/************************************************************* + copies a sam passwd. + **************************************************************/ +void copy_id23_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_23 *from) +{ + static fstring smb_name; + static fstring full_name; + static fstring home_dir; + static fstring dir_drive; + static fstring logon_script; + static fstring profile_path; + static fstring acct_desc; + static fstring workstations; + static fstring unknown_str; + static fstring munged_dial; + + if (from == NULL || to == NULL) return; + + to->logon_time = nt_time_to_unix(&from->logon_time); + to->logoff_time = nt_time_to_unix(&from->logoff_time); + to->kickoff_time = nt_time_to_unix(&from->kickoff_time); + to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time); + to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time); + to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time); + + select_name(&smb_name , &to->username , &from->uni_user_name ); + select_name(&full_name , &to->full_name , &from->uni_full_name ); + select_name(&home_dir , &to->home_dir , &from->uni_home_dir ); + select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive ); + select_name(&logon_script, &to->logon_script, &from->uni_logon_script); + select_name(&profile_path, &to->profile_path, &from->uni_profile_path); + select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc ); + select_name(&workstations, &to->workstations, &from->uni_workstations); + select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str ); + select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial ); + + to->uid = (uid_t)-1; + to->gid = (gid_t)-1; + to->user_rid = from->user_rid; + to->group_rid = from->group_rid; + + to->lm_pw = NULL; + to->nt_pw = NULL; + + to->acct_ctrl = from->acb_info; + to->unknown_3 = from->unknown_3; + + to->logon_divs = from->logon_divs; + to->hours_len = from->logon_hrs.len; + memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN); + + to->unknown_5 = from->unknown_5; + to->unknown_6 = from->unknown_6; +} + +/************************************************************* + copies a sam passwd. + **************************************************************/ +void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from) +{ + static fstring smb_name; + static fstring full_name; + static fstring home_dir; + static fstring dir_drive; + static fstring logon_script; + static fstring profile_path; + static fstring acct_desc; + static fstring workstations; + static fstring unknown_str; + static fstring munged_dial; + + if (from == NULL || to == NULL) return; + + to->logon_time = nt_time_to_unix(&from->logon_time); + to->logoff_time = nt_time_to_unix(&from->logoff_time); + to->kickoff_time = nt_time_to_unix(&from->kickoff_time); + to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time); + to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time); + to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time); + + select_name(&smb_name , &to->username , &from->uni_user_name ); + select_name(&full_name , &to->full_name , &from->uni_full_name ); + select_name(&home_dir , &to->home_dir , &from->uni_home_dir ); + select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive ); + select_name(&logon_script, &to->logon_script, &from->uni_logon_script); + select_name(&profile_path, &to->profile_path, &from->uni_profile_path); + select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc ); + select_name(&workstations, &to->workstations, &from->uni_workstations); + select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str ); + select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial ); + + to->uid = (uid_t)-1; + to->gid = (gid_t)-1; + to->user_rid = from->user_rid; + to->group_rid = from->group_rid; + + to->lm_pw = NULL; + to->nt_pw = NULL; + + to->acct_ctrl = from->acb_info; + to->unknown_3 = from->unknown_3; + + to->logon_divs = from->logon_divs; + to->hours_len = from->logon_hrs.len; + memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN); + + to->unknown_5 = from->unknown_5; + to->unknown_6 = from->unknown_6; +} + + +/************************************************************* + copies a sam passwd. + + FIXME! Do we need to use dynamically allocated strings + here instead of static strings? + + Why are password hashes not also copied? --jerry + **************************************************************/ +void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from) +{ + static fstring smb_name=""; + static fstring full_name=""; + static fstring home_dir=""; + static fstring dir_drive=""; + static fstring logon_script=""; + static fstring profile_path=""; + static fstring acct_desc=""; + static fstring workstations=""; + static fstring unknown_str=""; + static fstring munged_dial=""; + + if (from == NULL || to == NULL) return; + + memcpy(to, from, sizeof(*from)); + + if (from->username != NULL) { + fstrcpy(smb_name , from->username); + to->username = smb_name; + } + + if (from->full_name != NULL) { + fstrcpy(full_name, from->full_name); + to->full_name = full_name; + } + + if (from->home_dir != NULL) { + fstrcpy(home_dir , from->home_dir); + to->home_dir = home_dir; + } + + if (from->dir_drive != NULL) { + fstrcpy(dir_drive , from->dir_drive); + to->dir_drive = dir_drive; + } + + if (from->logon_script != NULL) { + fstrcpy(logon_script , from->logon_script); + to->logon_script = logon_script; + } + + if (from->profile_path != NULL) { + fstrcpy(profile_path , from->profile_path); + to->profile_path = profile_path; + } + + if (from->acct_desc != NULL) { + fstrcpy(acct_desc , from->acct_desc); + to->acct_desc = acct_desc; + } + + if (from->workstations != NULL) { + fstrcpy(workstations , from->workstations); + to->workstations = workstations; + } + + if (from->unknown_str != NULL) { + fstrcpy(unknown_str , from->unknown_str); + to->unknown_str = unknown_str; + } + + if (from->munged_dial != NULL) { + fstrcpy(munged_dial , from->munged_dial); + to->munged_dial = munged_dial; + } +} + +/************************************************************* + change a password entry in the local smbpasswd file + + FIXME!! The function needs to be abstracted into the + passdb interface or something. It is currently being called + by _api_samr_create_user() in rpc_server/srv_samr.c + + --jerry + *************************************************************/ + +BOOL local_password_change(char *user_name, int local_flags, + char *new_passwd, + char *err_str, size_t err_str_len, + char *msg_str, size_t msg_str_len) +{ + struct passwd *pwd = NULL; + SAM_ACCOUNT *sam_pass; + SAM_ACCOUNT new_sam_acct; + uchar new_p16[16]; + uchar new_nt_p16[16]; + + *err_str = '\0'; + *msg_str = '\0'; + + if (local_flags & LOCAL_ADD_USER) { + + /* + * Check for a local account - if we're adding only. + */ + + if(!(pwd = sys_getpwnam(user_name))) { + slprintf(err_str, err_str_len - 1, "User %s does not \ +exist in system password file (usually /etc/passwd). Cannot add \ +account without a valid local system user.\n", user_name); + return False; + } + } + + /* Calculate the MD4 hash (NT compatible) of the new password. */ + nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16); + + /* Get the smb passwd entry for this user */ + sam_pass = pdb_getsampwnam(user_name); + if (sam_pass == NULL) + { + if(!(local_flags & LOCAL_ADD_USER)) + { + slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name); + return False; + } + + /* create the SAM_ACCOUNT struct and call pdb_add_sam_account */ + pdb_init_sam (&new_sam_acct); + pdb_set_username (&new_sam_acct, user_name); + pdb_set_uid (&new_sam_acct, pwd->pw_uid); + pdb_set_pass_last_set_time(&new_sam_acct, time(NULL)); + + /* set account flags */ + pdb_set_acct_ctrl(&new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) ); + if (local_flags & LOCAL_DISABLE_USER) + { + pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_DISABLED); + } + if (local_flags & LOCAL_SET_NO_PASSWORD) + { + pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_PWNOTREQ); + } + else + { + /* set the passwords here. if we get to here it means + we have a valid, active account */ + pdb_set_lanman_passwd (&new_sam_acct, new_p16); + pdb_set_nt_passwd (&new_sam_acct, new_nt_p16); + } + + + if (pdb_add_sam_account(&new_sam_acct)) + { + slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); + pdb_clear_sam (&new_sam_acct); + return True; + } + else + { + slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); + return False; + } + } + else + { + /* the entry already existed */ + local_flags &= ~LOCAL_ADD_USER; + } + + /* + * We are root - just write the new password + * and the valid last change time. + */ + + if(local_flags & LOCAL_DISABLE_USER) + { + pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED); + } + else if (local_flags & LOCAL_ENABLE_USER) + { + if(pdb_get_lanman_passwd(sam_pass) == NULL) + { + pdb_set_lanman_passwd (sam_pass, new_p16); + pdb_set_nt_passwd (sam_pass, new_nt_p16); + } + pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED)); + } else if (local_flags & LOCAL_SET_NO_PASSWORD) + { + pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ); + + /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ + pdb_set_lanman_passwd (sam_pass, NULL); + pdb_set_nt_passwd (sam_pass, NULL); + } + else + { + /* + * If we're dealing with setting a completely empty user account + * ie. One with a password of 'XXXX', but not set disabled (like + * an account created from scratch) then if the old password was + * 'XX's then getsmbpwent will have set the ACB_DISABLED flag. + * We remove that as we're giving this user their first password + * and the decision hasn't really been made to disable them (ie. + * don't create them disabled). JRA. + */ + if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) + pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED)); + pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ)); + pdb_set_lanman_passwd (sam_pass, new_p16); + pdb_set_nt_passwd (sam_pass, new_nt_p16); + } + + if(local_flags & LOCAL_DELETE_USER) + { + if (!pdb_delete_sam_account(user_name)) + { + slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); + return False; + } + slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); + } + else + { + if(!pdb_update_sam_account(sam_pass, True)) + { + slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); + return False; + } + if(local_flags & LOCAL_DISABLE_USER) + slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); + else if (local_flags & LOCAL_ENABLE_USER) + slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); + else if (local_flags & LOCAL_SET_NO_PASSWORD) + slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); + } + + return True; +} + + +/********************************************************************* + collection of get...() functions for SAM_ACCOUNT_INFO + ********************************************************************/ +uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->acct_ctrl); + else + return (ACB_DISABLED); +} + +time_t pdb_get_logon_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->logon_time); + else + return (-1); +} + +time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->logoff_time); + else + return (-1); +} + +time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->kickoff_time); + else + return (-1); +} + +time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->pass_last_set_time); + else + return (-1); +} + +time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->pass_can_change_time); + else + return (-1); +} + +time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->pass_must_change_time); + else + return (-1); +} + +uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->logon_divs); + else + return (-1); +} + +uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->hours_len); + else + return (-1); +} + +uint8* pdb_get_hours (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->hours); + else + return (NULL); +} + +BYTE* pdb_get_nt_passwd (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->nt_pw); + else + return (NULL); +} + +BYTE* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->lm_pw); + else + return (NULL); +} + + +uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->user_rid); + else + return (-1); +} + +uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->group_rid); + else + return (-1); +} + +uid_t pdb_get_uid (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->uid); + else + return ((uid_t)-1); +} + +gid_t pdb_get_gid (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->gid); + else + return ((gid_t)-1); +} + +char* pdb_get_username (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->username); + else + return (NULL); +} + +char* pdb_get_domain (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->domain); + else + return (NULL); +} + +char* pdb_get_nt_username (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->nt_username); + else + return (NULL); +} + +char* pdb_get_fullname (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->full_name); + else + return (NULL); +} + +char* pdb_get_homedir (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->home_dir); + else + return (NULL); +} + +char* pdb_get_dirdrive (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->dir_drive); + else + return (NULL); +} + +char* pdb_get_logon_script (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->logon_script); + else + return (NULL); +} + +char* pdb_get_profile_path (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->profile_path); + else + return (NULL); +} + +char* pdb_get_acct_desc (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->acct_desc); + else + return (NULL); +} + +char* pdb_get_workstations (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->workstations); + else + return (NULL); +} + +char* pdb_get_munged_dial (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->munged_dial); + else + return (NULL); +} + +uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->unknown_3); + else + return (-1); +} + +uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->unknown_5); + else + return (-1); +} + +uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->unknown_6); + else + return (-1); +} + +/********************************************************************* + collection of set...() functions for SAM_ACCOUNT_INFO + ********************************************************************/ +BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags) +{ + if (sampass) + { + sampass->acct_ctrl = flags; + return True; + } + + return False; +} + +BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->logon_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->logoff_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->kickoff_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->pass_can_change_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->pass_must_change_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t time) +{ + if (sampass) + { + sampass->pass_last_set_time = time; + return True; + } + + return False; +} + +BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len) +{ + if (sampass) + { + sampass->hours_len = len; + return True; + } + + return False; +} + +BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours) +{ + if (sampass) + { + sampass->logon_divs = hours; + return True; + } + + return False; +} + +BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid) +{ + if (sampass) + { + sampass->uid = uid; + return True; + } + + return False; +} + +BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid) +{ + if (sampass) + { + sampass->gid = gid; + return True; + } + + return False; +} + +BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid) +{ + if (sampass) + { + sampass->user_rid = rid; + return True; + } + + return False; +} + +BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid) +{ + if (sampass) + { + sampass->group_rid = grid; + return True; + } + + return False; +} + +BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username) +{ + if (sampass) + { + sampass->username = strdup(username); + return True; + } + + return False; +} + +BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain) +{ + if (sampass) + { + sampass->username = strdup(domain); + return True; + } + + return False; +} + +BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username) +{ + if (sampass) + { + sampass->username = strdup(nt_username); + return True; + } + + return False; +} + +BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname) +{ + if (sampass) + { + sampass->full_name = strdup(fullname); + return True; + } + + return False; +} + +BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script) +{ + if (sampass) + { + sampass->logon_script = strdup(logon_script); + return True; + } + + return False; +} + +BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path) +{ + if (sampass) + { + sampass->profile_path = strdup(profile_path); + return True; + } + + return False; +} + +BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive) +{ + if (sampass) + { + sampass->dir_drive = strdup(dir_drive); + return True; + } + + return False; +} + +BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir) +{ + if (sampass) + { + sampass->home_dir = strdup(homedir); + return True; + } + + return False; +} + + +BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, BYTE *pwd) +{ + + if (pwd == NULL) + return False; + + /* allocate space for the password and make a copy of it */ + if (sampass) + { + if ((sampass->nt_pw=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL) + { + DEBUG(0,("pdb_set_nt_passwd: ERROR - out of memory for nt_pw!\n")); + return False; + } + if (memcpy(sampass->nt_pw, pwd, 16)) + return True; + } + + return False; +} + +BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, BYTE *pwd) +{ + if (pwd == NULL) + return False; + + /* allocate space for the password and make a copy of it */ + if (sampass) + { + if ((sampass->lm_pw=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL) + { + DEBUG(0,("pdb_set_lanman_passwd: ERROR - out of memory for lm_pw!\n")); + return False; + } + if (memcpy(sampass->lm_pw, pwd, 16)) + return True; + } + + return False; +} + + + + + diff --git a/source/passdb/smbpass.c b/source/passdb/pdb_smbpasswd.c index ec1a984b76b..4473dd74c0c 100644 --- a/source/passdb/smbpass.c +++ b/source/passdb/pdb_smbpasswd.c @@ -1,6 +1,9 @@ /* - * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * Unix SMB/Netbios implementation. + * Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 + * Modified by Jeremy Allison 1995. + * Modified by Gerald (Jerry) Carter 2000 * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free @@ -21,22 +24,107 @@ #ifdef USE_SMBPASS_DB + +/* + smb_passwd is analogous to sam_passwd used everywhere + else. However, smb_passwd is limited to the information + stored by an smbpasswd entry + */ + +struct smb_passwd +{ + uid_t smb_userid; /* this is actually the unix uid_t */ + char *smb_name; /* username string */ + + unsigned char *smb_passwd; /* Null if no password */ + unsigned char *smb_nt_passwd; /* Null if no password */ + + uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ + time_t pass_last_set_time; /* password last set time */ +}; + + extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; +extern struct passdb_ops pdb_ops; + -static int pw_file_lock_depth; +/* used for maintain locks on the smbpasswd file */ +static int pw_file_lock_depth; +static void *global_vp; + +/* static memory area used by all passdb search functions + in this module */ +static SAM_ACCOUNT global_sam_pass; enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; /*************************************************************** + Lock an fd. Abandon after waitsecs seconds. +****************************************************************/ + +static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) +{ + if (fd < 0) + return False; + + if(*plock_depth == 0) { + if (!do_file_lock(fd, secs, type)) { + DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", + strerror(errno))); + return False; + } + } + + (*plock_depth)++; + + return True; +} + +/*************************************************************** + Unlock an fd. Abandon after waitsecs seconds. +****************************************************************/ + +static BOOL pw_file_unlock(int fd, int *plock_depth) +{ + BOOL ret=True; + + if(*plock_depth == 1) + ret = do_file_lock(fd, 5, F_UNLCK); + + if (*plock_depth > 0) + (*plock_depth)--; + + if(!ret) + DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", + strerror(errno))); + return ret; +} + + +/************************************************************** + Intialize a smb_passwd struct + *************************************************************/ +static void pdb_init_smb(struct smb_passwd *user) +{ + if (user == NULL) + return; + ZERO_STRUCTP (user); + + user->pass_last_set_time = (time_t)-1; +} + + + +/*************************************************************** Internal fn to enumerate the smbpasswd list. Returns a void pointer to ensure no modification outside this module. Checks for atomic rename of smbpasswd file on update or create once the lock has been granted to prevent race conditions. JRA. ****************************************************************/ -static void *startsmbfilepwent_internal(const char *pfile, enum pwf_access_type type, int *lock_depth) +static void *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth) { FILE *fp = NULL; const char *open_mode = NULL; @@ -162,20 +250,9 @@ Error was %s\n.", pfile, strerror(errno) )); } /*************************************************************** - Start to enumerate the smbpasswd list. Returns a void pointer - to ensure no modification outside this module. -****************************************************************/ - -static void *startsmbfilepwent(BOOL update) -{ - return startsmbfilepwent_internal(lp_smb_passwd_file(), update ? PWF_UPDATE : PWF_READ, &pw_file_lock_depth); -} - -/*************************************************************** End enumeration of the smbpasswd list. ****************************************************************/ - -static void endsmbfilepwent_internal(void *vp, int *lock_depth) +static void endsmbfilepwent(void *vp, int *lock_depth) { FILE *fp = (FILE *)vp; @@ -184,16 +261,6 @@ static void endsmbfilepwent_internal(void *vp, int *lock_depth) DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n")); } -/*************************************************************** - End enumeration of the smbpasswd list - operate on the default - lock_depth. -****************************************************************/ - -static void endsmbfilepwent(void *vp) -{ - endsmbfilepwent_internal(vp, &pw_file_lock_depth); -} - /************************************************************************* Routine to return the next entry in the smbpasswd list. *************************************************************************/ @@ -424,135 +491,11 @@ static struct smb_passwd *getsmbfilepwent(void *vp) return NULL; } -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - this function is a nice, messy combination of reading: - - the smbpasswd file - - the unix password database - - smb.conf options (not done at present). - *************************************************************************/ - -static struct sam_passwd *getsmbfile21pwent(void *vp) -{ - struct smb_passwd *pw_buf = getsmbfilepwent(vp); - static struct sam_passwd user; - struct passwd *pwfile; - - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - - DEBUG(5,("getsmbfile21pwent\n")); - - if (pw_buf == NULL) return NULL; - - pwfile = sys_getpwnam(pw_buf->smb_name); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name)); - return NULL; - } - - pdb_init_sam(&user); - - pstrcpy(samlogon_user, pw_buf->smb_name); - - if (samlogon_user[strlen(samlogon_user)-1] != '$') - { - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); - - pstrcpy(full_name , pwfile->pw_gecos ); - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - - sam_logon_in_ssb = False; - } - else - { - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - - user.smb_name = pw_buf->smb_name; - user.full_name = full_name; - user.home_dir = home_dir; - user.dir_drive = home_drive; - user.logon_script = logon_script; - user.profile_path = profile_path; - user.acct_desc = acct_desc; - user.workstations = workstations; - - user.unknown_str = NULL; /* don't know, yet! */ - user.munged_dial = NULL; /* "munged" dial-back telephone number */ - - user.smb_nt_passwd = pw_buf->smb_nt_passwd; - user.smb_passwd = pw_buf->smb_passwd; - - user.acct_ctrl = pw_buf->acct_ctrl; - - user.unknown_3 = 0xffffff; /* don't know */ - user.logon_divs = 168; /* hours per week */ - user.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user.hours, 0xff, user.hours_len); /* available at all hours */ - user.unknown_5 = 0x00020000; /* don't know */ - user.unknown_5 = 0x000004ec; /* don't know */ - - return &user; -} - -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilepwpos(void *vp) -{ - return (SMB_BIG_UINT)sys_ftell((FILE *)vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) -{ - return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET); -} - /************************************************************************ Create a new smbpasswd entry - malloced space returned. *************************************************************************/ -char *format_new_smbpasswd_entry(struct smb_passwd *newpwd) +static char *format_new_smbpasswd_entry(struct smb_passwd *newpwd) { int new_entry_length; char *new_entry; @@ -624,7 +567,7 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) SMB_OFF_T offpos; /* Open the smbpassword file - for update. */ - fp = startsmbfilepwent(True); + fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth); if (fp == NULL) { DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n")); @@ -635,11 +578,13 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) * Scan the file, a line at a time and check if the name matches. */ - while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->smb_name, pwd->smb_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); - endsmbfilepwent(fp); - return False; + while ((pwd = getsmbfilepwent(fp)) != NULL) + { + if (strequal(newpwd->smb_name, pwd->smb_name)) + { + DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); + endsmbfilepwent(fp, &pw_file_lock_depth); + return False; } } @@ -652,18 +597,20 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) */ fd = fileno(fp); - if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { - DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ + if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) + { + DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); - endsmbfilepwent(fp); - return False; + endsmbfilepwent(fp, &pw_file_lock_depth); + return False; } - if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) { - DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ + if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) + { + DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); - endsmbfilepwent(fp); - return False; + endsmbfilepwent(fp, &pw_file_lock_depth); + return False; } new_entry_length = strlen(new_entry); @@ -673,24 +620,26 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); fd, new_entry_length, new_entry)); #endif - if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) { - DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ + if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) + { + DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); - /* Remove the entry we just wrote. */ - if(sys_ftruncate(fd, offpos) == -1) { - DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ + /* Remove the entry we just wrote. */ + if(sys_ftruncate(fd, offpos) == -1) + { + DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->smb_name, strerror(errno))); - } + newpwd->smb_name, strerror(errno))); + } - endsmbfilepwent(fp); - free(new_entry); - return False; + endsmbfilepwent(fp, &pw_file_lock_depth); + free(new_entry); + return False; } free(new_entry); - endsmbfilepwent(fp); + endsmbfilepwent(fp, &pw_file_lock_depth); return True; } @@ -1116,7 +1065,7 @@ static BOOL del_smbfilepwd_entry(const char *name) * it. */ - if((fp = startsmbfilepwent(True)) == NULL) { + if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth)) == NULL) { DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); return False; } @@ -1124,9 +1073,9 @@ static BOOL del_smbfilepwd_entry(const char *name) /* * Create the replacement password file. */ - if((fp_write = startsmbfilepwent_internal(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) { + if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) { DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile)); - endsmbfilepwent(fp); + endsmbfilepwent(fp, &pw_file_lock_depth); return False; } @@ -1147,25 +1096,27 @@ static BOOL del_smbfilepwd_entry(const char *name) * We need to copy the entry out into the second file. */ - if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) { - DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \ + if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) + { + DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); - unlink(pfile2); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - return False; + unlink(pfile2); + endsmbfilepwent(fp, &pw_file_lock_depth); + endsmbfilepwent(fp_write, &pfile2_lockdepth); + return False; } new_entry_length = strlen(new_entry); - if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) { - DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \ + if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) + { + DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); - unlink(pfile2); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - free(new_entry); - return False; + unlink(pfile2); + endsmbfilepwent(fp, &pw_file_lock_depth); + endsmbfilepwent(fp_write, &pfile2_lockdepth); + free(new_entry); + return False; } free(new_entry); @@ -1175,11 +1126,12 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); * Ensure pfile2 is flushed before rename. */ - if(fflush(fp_write) != 0) { - DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno))); - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); - return False; + if(fflush(fp_write) != 0) + { + DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno))); + endsmbfilepwent(fp, &pw_file_lock_depth); + endsmbfilepwent(fp_write,&pfile2_lockdepth); + return False; } /* @@ -1189,66 +1141,409 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); if(rename(pfile2,pfile) != 0) { unlink(pfile2); } - endsmbfilepwent(fp); - endsmbfilepwent_internal(fp_write,&pfile2_lockdepth); + + endsmbfilepwent(fp, &pw_file_lock_depth); + endsmbfilepwent(fp_write,&pfile2_lockdepth); return True; } + +/********************************************************************* + Create a SAM_ACCOUNT from a smb_passwd struct + ********************************************************************/ +static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass) +{ + BYTE *ptr; + + if (sampass == NULL) + return False; + + ZERO_STRUCTP (smb_pw); + + smb_pw->smb_userid = pdb_get_uid(sampass); + smb_pw->smb_name = strdup(pdb_get_username(sampass)); + + if ((ptr=pdb_get_lanman_passwd(sampass)) != NULL) + { + if ((smb_pw->smb_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL) + { + DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n")); + return False; + } + memcpy (smb_pw->smb_passwd, ptr, sizeof(BYTE)*16); + } + + if ((ptr=pdb_get_nt_passwd(sampass)) != NULL) + { + if ((smb_pw->smb_nt_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL) + { + DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n")); + return False; + } + memcpy (smb_pw->smb_nt_passwd, ptr, sizeof(BYTE)*16); + } + + smb_pw->acct_ctrl = pdb_get_acct_ctrl(sampass); + smb_pw->pass_last_set_time = pdb_get_pass_last_set_time(sampass); + + return True; + +} + +/******************************************************************** + clear out memory allocated for pointer members + *******************************************************************/ +static void clear_smb_pass (struct smb_passwd *smb_pw) +{ + + /* valid poiner to begin with? */ + if (smb_pw == NULL) + return; + + /* clear out members */ + if (smb_pw->smb_name) + free (smb_pw->smb_name); + + if (smb_pw->smb_passwd) + free(smb_pw->smb_passwd); + + if (smb_pw->smb_nt_passwd) + free(smb_pw->smb_nt_passwd); + + return; +} -/* - * Stub functions - implemented in terms of others. - */ -static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) +/********************************************************************* + Create a SAM_ACCOUNT from a smb_passwd struct + ********************************************************************/ +static BOOL build_sam_account (SAM_ACCOUNT *sam_pass, + struct smb_passwd *pw_buf) { - return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override); + + struct passwd *pwfile; + + /* is the user valid? Verify in system password file... + + FIXME!!! This is where we should look up an internal + mapping of allocated uid for machine accounts as well + --jerry */ + pwfile = sys_getpwnam(pw_buf->smb_name); + if (pwfile == NULL) + { + DEBUG(0,("build_sam_account: smbpasswd database is corrupt!\n")); + DEBUG(0,("build_sam_account: username %s not in unix passwd database!\n", pw_buf->smb_name)); + return False; + } + + pstrcpy(samlogon_user, pw_buf->smb_name); + + pdb_set_uid (sam_pass, pwfile->pw_uid); + pdb_set_gid (sam_pass, pwfile->pw_gid); + pdb_set_user_rid (sam_pass, pdb_uid_to_user_rid (pdb_get_uid(sam_pass)) ); + pdb_set_username (sam_pass, pw_buf->smb_name); + pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd); + pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd); + pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl); + pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time); + pdb_set_domain (sam_pass, lp_workgroup()); + + /* FIXME!! What should this be set to? New smb.conf parameter maybe? + max password age? For now, we'll use the current time + 21 days. + --jerry */ + pdb_set_pass_must_change_time (sam_pass, time(NULL)+1814400); + + /* check if this is a user account or a machine account */ + if (samlogon_user[strlen(samlogon_user)-1] != '$') + { + pstring str; + gid_t gid; + + sam_logon_in_ssb = True; + + pstrcpy(str, lp_logon_script()); + standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); + pdb_set_logon_script(sam_pass, str); + + pstrcpy(str, lp_logon_path()); + standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); + pdb_set_profile_path(sam_pass, str); + + pstrcpy(str, lp_logon_home()); + standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); + pdb_set_homedir(sam_pass, str); + + if (lp_unix_realname()) + pdb_set_fullname(sam_pass, pwfile->pw_gecos); + else + pdb_set_fullname(sam_pass, "<Full Name>"); + + + /* set other user information that we have */ + pdb_set_group_rid (sam_pass, pdb_gid_to_group_rid(pdb_get_gid(&global_sam_pass)) ); + pdb_set_dir_drive (sam_pass, lp_logon_drive()); + + sam_logon_in_ssb = False; + } + else + { + /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ + pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); + } + + return True; +} +/***************************************************************** + Functions to be implemented by the new passdb API + ****************************************************************/ +BOOL pdb_setsampwent (BOOL update) +{ + global_vp = startsmbfilepwent(lp_smb_passwd_file(), + update ? PWF_UPDATE : PWF_READ, + &pw_file_lock_depth); + + /* did we fail? Should we try to create it? */ + if (!global_vp && update && errno == ENOENT) + { + FILE *fp; + /* slprintf(msg_str,msg_str_len-1, + "smbpasswd file did not exist - attempting to create it.\n"); */ + DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n")); + fp = sys_fopen(lp_smb_passwd_file(), "w"); + if (fp) + { + fprintf(fp, "# Samba SMB password file\n"); + fclose(fp); + } + + global_vp = startsmbfilepwent(lp_smb_passwd_file(), + update ? PWF_UPDATE : PWF_READ, + &pw_file_lock_depth); + } + + return (global_vp != NULL); +} + +void pdb_endsampwent (void) +{ + endsmbfilepwent(global_vp, &pw_file_lock_depth); +} + +/***************************************************************** + pdb_getsampwent() uses a static memory ares (returning a pointer + to this) for all instances. This is identical behavior to the + getpwnam() call. If the caller wishes to save the SAM_ACCOUNT + struct, it should make a copy immediately after calling this + function. + ****************************************************************/ +SAM_ACCOUNT* pdb_getsampwent (void) +{ + struct smb_passwd *pw_buf; + + + DEBUG(5,("pdb_getsampwent\n")); + + /* do we have an entry? */ + pw_buf = getsmbfilepwent(global_vp); + if (pw_buf == NULL) + return NULL; + + /* clear out any preexisting information from the last call */ + pdb_clear_sam (&global_sam_pass); + + /* build the SAM_ACCOUNT entry from the smb_passwd struct */ + if (!build_sam_account (&global_sam_pass, pw_buf)) + return NULL; + + /* success */ + return &global_sam_pass; } -static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) + +/**************************************************************** + Search smbpasswd file by iterating over the entries. Do not + call getpwnam() for unix account information until we have found + the correct entry + ***************************************************************/ +SAM_ACCOUNT* pdb_getsampwnam (char *username) { - return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd)); + struct smb_passwd *smb_pw; + void *fp = NULL; + char *domain = NULL; + char *user = NULL; + fstring name; + + DEBUG(10, ("search by name: %s\n", username)); + + /* break the username from the domain if we have + been given a string in the form 'DOMAIN\user' */ + fstrcpy (name, username); + if ((user=strchr(name, '\\')) != NULL) + { + domain = name; + *user = '\0'; + user++; + } + + /* if a domain was specified and it wasn't ours + then there is no chance of matching */ + if ( (domain) && (!StrCaseCmp(domain, lp_workgroup())) ) + return (NULL); + + /* startsmbfilepwent() is used here as we don't want to lookup + the UNIX account in the local system password file until + we have a match. */ + fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth); + + if (fp == NULL) + { + DEBUG(0, ("unable to open passdb database.\n")); + return NULL; + } + + /* if we have a domain name, then we should map it to a UNIX + username first */ + if ( domain ) + map_username(user); + + while ( ((smb_pw=getsmbfilepwent(fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) ) + /* do nothing....another loop */ ; + + endsmbfilepwent(fp, &pw_file_lock_depth); + + + /* did we locate the username in smbpasswd */ + if (smb_pw == NULL) + { + return (NULL); + } + + DEBUG(10, ("found by name: %s\n", smb_pw->smb_name)); + + /* now build the SAM_ACCOUNT */ + pdb_clear_sam (&global_sam_pass); + if (!build_sam_account (&global_sam_pass, smb_pw)) + return NULL; + + /* success */ + return (&global_sam_pass); } -static struct sam_disp_info *getsmbfiledispnam(char *name) + +SAM_ACCOUNT* pdb_getsampwuid (uid_t uid) { - return pdb_sam_to_dispinfo(getsam21pwnam(name)); + struct smb_passwd *smb_pw; + void *fp = NULL; + + DEBUG(10, ("search by uid: %d\n", uid)); + + /* Open the sam password file - not for update. */ + fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth); + + if (fp == NULL) + { + DEBUG(0, ("unable to open passdb database.\n")); + return NULL; + } + + while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) ) + /* do nothing */ ; + + endsmbfilepwent(fp, &pw_file_lock_depth); + + + /* did we locate the username in smbpasswd */ + if (smb_pw == NULL) + { + return (NULL); + } + + DEBUG(10, ("found by name: %s\n", smb_pw->smb_name)); + + /* now build the SAM_ACCOUNT */ + pdb_clear_sam (&global_sam_pass); + if (!build_sam_account (&global_sam_pass, smb_pw)) + return NULL; + + /* success */ + return (&global_sam_pass); } -static struct sam_disp_info *getsmbfiledisprid(uint32 rid) +SAM_ACCOUNT* pdb_getsampwrid (uint32 rid) { - return pdb_sam_to_dispinfo(getsam21pwrid(rid)); + struct smb_passwd *smb_pw; + void *fp = NULL; + + DEBUG(10, ("search by rid: %d\n", rid)); + + /* Open the sam password file - not for update. */ + fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth); + + if (fp == NULL) + { + DEBUG(0, ("unable to open passdb database.\n")); + return NULL; + } + + while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) ) + /* do nothing */ ; + + endsmbfilepwent(fp, &pw_file_lock_depth); + + + /* did we locate the username in smbpasswd */ + if (smb_pw == NULL) + { + return (NULL); + } + + DEBUG(10, ("found by name: %s\n", smb_pw->smb_name)); + + /* now build the SAM_ACCOUNT */ + pdb_clear_sam (&global_sam_pass); + if (!build_sam_account (&global_sam_pass, smb_pw)) + return NULL; + + /* success */ + return (&global_sam_pass); } -static struct sam_disp_info *getsmbfiledispent(void *vp) +BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass) { - return pdb_sam_to_dispinfo(getsam21pwent(vp)); + struct smb_passwd smb_pw; + BOOL ret; + + /* convert the SAM_ACCOUNT */ + build_smb_pass(&smb_pw, sampass); + + /* add the entry */ + ret = add_smbfilepwd_entry(&smb_pw); + + /* clear memory from smb_passwd */ + clear_smb_pass (&smb_pw); + + return (ret); } -static struct passdb_ops file_ops = { - startsmbfilepwent, - endsmbfilepwent, - getsmbfilepwpos, - setsmbfilepwpos, - iterate_getsmbpwnam, /* In passdb.c */ - iterate_getsmbpwuid, /* In passdb.c */ - iterate_getsmbpwrid, /* In passdb.c */ - getsmbfilepwent, - add_smbfilepwd_entry, - mod_smbfilepwd_entry, - del_smbfilepwd_entry, - getsmbfile21pwent, - iterate_getsam21pwnam, - iterate_getsam21pwuid, - iterate_getsam21pwrid, - add_smbfile21pwd_entry, - mod_smbfile21pwd_entry, - getsmbfiledispnam, - getsmbfiledisprid, - getsmbfiledispent -}; +BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override) +{ + struct smb_passwd smb_pw; + BOOL ret; + + /* convert the SAM_ACCOUNT */ + build_smb_pass(&smb_pw, sampass); + + /* update the entry */ + ret = mod_smbfilepwd_entry(&smb_pw, override); + + /* clear memory from smb_passwd */ + clear_smb_pass (&smb_pw); + + return (ret); +} -struct passdb_ops *file_initialize_password_db(void) -{ - return &file_ops; +BOOL pdb_delete_sam_account (char* username) +{ + return ( del_smbfilepwd_entry(username) ); } #else diff --git a/source/passdb/tdbpass.c b/source/passdb/pdb_tdb.c index c3afced2d49..29f1b119ae7 100644 --- a/source/passdb/tdbpass.c +++ b/source/passdb/pdb_tdb.c @@ -30,6 +30,7 @@ extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; +#if 0 /* GWC */ struct tdb_sam_entry { time_t logon_time; /* logon time */ @@ -73,6 +74,8 @@ struct tdb_sam_entry char strings[1]; }; +#endif + struct tdb_enum_info { TDB_CONTEXT *passwd_tdb; @@ -88,19 +91,20 @@ static struct tdb_enum_info tdb_ent; static void *startsamtdbpwent(BOOL update) { - /* Open tdb passwd */ - if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600))) - { - DEBUG(0, ("Unable to open TDB passwd, trying create new!\n")); - if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600))) - { - DEBUG(0, ("Unable to creat TDB passwd (smbpasswd.tdb) !!!")); - return NULL; - } - return &tdb_ent; - } - tdb_ent.key = tdb_firstkey(tdb_ent.passwd_tdb); - return &tdb_ent; + /* Open tdb passwd */ + if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600))) + { + DEBUG(0, ("Unable to open TDB passwd, trying create new!\n")); + if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600))) + { + DEBUG(0, ("Unable to creat TDB passwd (smbpasswd.tdb) !!!")); + return NULL; + } + return &tdb_ent; + } + + tdb_ent.key = tdb_firstkey(tdb_ent.passwd_tdb); + return &tdb_ent; } /*************************************************************** diff --git a/source/passdb/smbpasschange.c b/source/passdb/smbpasschange.c index 0c30bbe4a56..f4af6e8745f 100644 --- a/source/passdb/smbpasschange.c +++ b/source/passdb/smbpasschange.c @@ -22,177 +22,4 @@ #include "includes.h" -/************************************************************* -add a new user to the local smbpasswd file -*************************************************************/ -static BOOL add_new_user(char *user_name, uid_t uid, int local_flags, - uchar *new_p16, uchar *new_nt_p16) -{ - struct smb_passwd new_smb_pwent; - - /* Create a new smb passwd entry and set it to the given password. */ - new_smb_pwent.smb_userid = uid; - new_smb_pwent.smb_name = user_name; - new_smb_pwent.smb_passwd = NULL; - new_smb_pwent.smb_nt_passwd = NULL; - new_smb_pwent.pass_last_set_time = time(NULL); - new_smb_pwent.acct_ctrl = ((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL); - - if(local_flags & LOCAL_DISABLE_USER) { - new_smb_pwent.acct_ctrl |= ACB_DISABLED; - } - - if (local_flags & LOCAL_SET_NO_PASSWORD) { - new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ; - } else { - new_smb_pwent.smb_passwd = new_p16; - new_smb_pwent.smb_nt_passwd = new_nt_p16; - } - - - return add_smbpwd_entry(&new_smb_pwent); -} - - -/************************************************************* -change a password entry in the local smbpasswd file -*************************************************************/ - -BOOL local_password_change(char *user_name, int local_flags, - char *new_passwd, - char *err_str, size_t err_str_len, - char *msg_str, size_t msg_str_len) -{ - struct passwd *pwd = NULL; - void *vp; - struct smb_passwd *smb_pwent; - uchar new_p16[16]; - uchar new_nt_p16[16]; - - *err_str = '\0'; - *msg_str = '\0'; - - if (local_flags & LOCAL_ADD_USER) { - - /* - * Check for a local account - if we're adding only. - */ - - if(!(pwd = sys_getpwnam(user_name))) { - slprintf(err_str, err_str_len - 1, "User %s does not \ -exist in system password file (usually /etc/passwd). Cannot add \ -account without a valid local system user.\n", user_name); - return False; - } - } - - /* Calculate the MD4 hash (NT compatible) of the new password. */ - nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16); - - /* - * Open the smbpaswd file. - */ - vp = startsmbpwent(True); - if (!vp && errno == ENOENT) { - FILE *fp; - slprintf(msg_str,msg_str_len-1, - "smbpasswd file did not exist - attempting to create it.\n"); - fp = sys_fopen(lp_smb_passwd_file(), "w"); - if (fp) { - fprintf(fp, "# Samba SMB password file\n"); - fclose(fp); - vp = startsmbpwent(True); - } - } - - if (!vp) { - slprintf(err_str, err_str_len-1, "Cannot open file %s. Error was %s\n", - lp_smb_passwd_file(), strerror(errno) ); - return False; - } - - /* Get the smb passwd entry for this user */ - smb_pwent = getsmbpwnam(user_name); - if (smb_pwent == NULL) { - if(!(local_flags & LOCAL_ADD_USER)) { - slprintf(err_str, err_str_len-1, - "Failed to find entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - - if (add_new_user(user_name, pwd->pw_uid, local_flags, new_p16, new_nt_p16)) { - slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); - endsmbpwent(vp); - return True; - } else { - slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - } else { - /* the entry already existed */ - local_flags &= ~LOCAL_ADD_USER; - } - - /* - * We are root - just write the new password - * and the valid last change time. - */ - - if(local_flags & LOCAL_DISABLE_USER) { - smb_pwent->acct_ctrl |= ACB_DISABLED; - } else if (local_flags & LOCAL_ENABLE_USER) { - if(smb_pwent->smb_passwd == NULL) { - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; - } - smb_pwent->acct_ctrl &= ~ACB_DISABLED; - } else if (local_flags & LOCAL_SET_NO_PASSWORD) { - smb_pwent->acct_ctrl |= ACB_PWNOTREQ; - /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ - smb_pwent->smb_passwd = NULL; - smb_pwent->smb_nt_passwd = NULL; - } else { - /* - * If we're dealing with setting a completely empty user account - * ie. One with a password of 'XXXX', but not set disabled (like - * an account created from scratch) then if the old password was - * 'XX's then getsmbpwent will have set the ACB_DISABLED flag. - * We remove that as we're giving this user their first password - * and the decision hasn't really been made to disable them (ie. - * don't create them disabled). JRA. - */ - if((smb_pwent->smb_passwd == NULL) && (smb_pwent->acct_ctrl & ACB_DISABLED)) - smb_pwent->acct_ctrl &= ~ACB_DISABLED; - smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ; - smb_pwent->smb_passwd = new_p16; - smb_pwent->smb_nt_passwd = new_nt_p16; - } - - if(local_flags & LOCAL_DELETE_USER) { - if (del_smbpwd_entry(user_name)==False) { - slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); - } else { - if(mod_smbpwd_entry(smb_pwent,True) == False) { - slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); - endsmbpwent(vp); - return False; - } - if(local_flags & LOCAL_DISABLE_USER) - slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); - else if (local_flags & LOCAL_ENABLE_USER) - slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); - else if (local_flags & LOCAL_SET_NO_PASSWORD) - slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); - } - - endsmbpwent(vp); - - return True; -} diff --git a/source/passdb/smbpassfile.c b/source/passdb/smbpassfile.c index c915c8365a8..9087dcf0ea8 100644 --- a/source/passdb/smbpassfile.c +++ b/source/passdb/smbpassfile.c @@ -32,11 +32,15 @@ extern pstring global_myname; BOOL global_machine_password_needs_changing = False; + +static int mach_passwd_lock_depth; +static FILE *mach_passwd_fp; + /*************************************************************** Lock an fd. Abandon after waitsecs seconds. ****************************************************************/ -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) +static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) { if (fd < 0) return False; @@ -58,7 +62,7 @@ BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) Unlock an fd. Abandon after waitsecs seconds. ****************************************************************/ -BOOL pw_file_unlock(int fd, int *plock_depth) +static BOOL pw_file_unlock(int fd, int *plock_depth) { BOOL ret=True; @@ -74,9 +78,6 @@ BOOL pw_file_unlock(int fd, int *plock_depth) return ret; } -static int mach_passwd_lock_depth; -static FILE *mach_passwd_fp; - /************************************************************************ Routine to get the name for an old trust account file. ************************************************************************/ diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 18652d8c928..15b78032cd4 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -627,7 +627,8 @@ static void convert_level_6_to_level3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dst, NT_PR /**************************************************************************** ****************************************************************************/ -BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user, uint32 *perr) +BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, struct current_user *user, uint32 *perr) { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver; diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 0d8f33f9cb8..904f3f3612c 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1005,64 +1005,62 @@ static BOOL smb_io_sam_info(char *desc, DOM_SAM_INFO *sam, prs_struct *ps, int d Init *************************************************************************/ -void init_net_user_info3(NET_USER_INFO_3 *usr, - - NTTIME *logon_time, - NTTIME *logoff_time, - NTTIME *kickoff_time, - NTTIME *pass_last_set_time, - NTTIME *pass_can_change_time, - NTTIME *pass_must_change_time, - - char *user_name, - char *full_name, - char *logon_script, - char *profile_path, - char *home_dir, - char *dir_drive, - - uint16 logon_count, - uint16 bad_pw_count, - - uint32 user_id, - uint32 group_id, - uint32 num_groups, - DOM_GID *gids, - uint32 user_flgs, - - char *sess_key, - - char *logon_srv, - char *logon_dom, - - DOM_SID *dom_sid, - char *other_sids) +void init_net_user_info3(NET_USER_INFO_3 *usr, SAM_ACCOUNT *sampw, + uint16 logon_count, uint16 bad_pw_count, + uint32 num_groups, DOM_GID *gids, + uint32 user_flgs, char *sess_key, + char *logon_srv, char *logon_dom, + DOM_SID *dom_sid, char *other_sids) { /* only cope with one "other" sid, right now. */ /* need to count the number of space-delimited sids */ int i; int num_other_sids = 0; - - int len_user_name = strlen(user_name ); - int len_full_name = strlen(full_name ); - int len_logon_script = strlen(logon_script); - int len_profile_path = strlen(profile_path); - int len_home_dir = strlen(home_dir ); - int len_dir_drive = strlen(dir_drive ); + + NTTIME logon_time, logoff_time, kickoff_time, + pass_last_set_time, pass_can_change_time, + pass_must_change_time; + + int len_user_name, len_full_name, len_home_dir, + len_dir_drive, len_logon_script, len_profile_path; + + char* user_name = pdb_get_username(sampw); + char* full_name = pdb_get_fullname(sampw); + char* home_dir = pdb_get_homedir(sampw); + char* dir_drive = pdb_get_dirdrive(sampw); + char* logon_script = pdb_get_logon_script(sampw); + char* profile_path = pdb_get_profile_path(sampw); int len_logon_srv = strlen(logon_srv); int len_logon_dom = strlen(logon_dom); - memset(usr, '\0', sizeof(*usr)); + len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; + len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; + len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; + len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0; + len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0; + len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0; + + + ZERO_STRUCTP(usr); usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */ - usr->logon_time = *logon_time; - usr->logoff_time = *logoff_time; - usr->kickoff_time = *kickoff_time; - usr->pass_last_set_time = *pass_last_set_time; - usr->pass_can_change_time = *pass_can_change_time; - usr->pass_must_change_time = *pass_must_change_time; + + /* Create NTTIME structs */ + unix_to_nt_time (&logon_time, pdb_get_logon_time(sampw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(sampw)); + unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(sampw)); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(sampw)); + unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(sampw)); + unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(sampw)); + + usr->logon_time = logon_time; + usr->logoff_time = logoff_time; + usr->kickoff_time = kickoff_time; + usr->pass_last_set_time = pass_last_set_time; + usr->pass_can_change_time = pass_can_change_time; + usr->pass_must_change_time = pass_must_change_time; init_uni_hdr(&usr->hdr_user_name, len_user_name); init_uni_hdr(&usr->hdr_full_name, len_full_name); @@ -1074,8 +1072,8 @@ void init_net_user_info3(NET_USER_INFO_3 *usr, usr->logon_count = logon_count; usr->bad_pw_count = bad_pw_count; - usr->user_id = user_id; - usr->group_id = group_id; + usr->user_id = pdb_get_user_rid(sampw); + usr->group_id = pdb_get_group_rid(sampw); usr->num_groups = num_groups; usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */ usr->user_flgs = user_flgs; diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 6ce20fbefc7..2208d760904 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -2293,7 +2293,6 @@ BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *p /******************************************************************* Inits a SAMR_R_LOOKUP_NAMES structure. ********************************************************************/ - void init_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, uint32 num_rids, uint32 *rid, enum SID_NAME_USE *type, uint32 status) { @@ -2958,55 +2957,56 @@ BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 *usr, prs_struct *ps, int unknown_3 = 0x00ff ffff unknown_5 = 0x0002 0000 unknown_6 = 0x0000 04ec - *************************************************************************/ -void init_sam_user_info21(SAM_USER_INFO_21 *usr, - NTTIME *logon_time, - NTTIME *logoff_time, - NTTIME *kickoff_time, - NTTIME *pass_last_set_time, - NTTIME *pass_can_change_time, - NTTIME *pass_must_change_time, - - char *user_name, - char *full_name, - char *home_dir, - char *dir_drive, - char *logon_script, - char *profile_path, - char *description, - char *workstations, - char *unknown_str, - char *munged_dial, - - uint32 user_rid, - uint32 group_rid, - uint16 acb_info, - - uint32 unknown_3, - uint16 logon_divs, - LOGON_HRS *hrs, - uint32 unknown_5, - uint32 unknown_6) -{ - int len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; - int len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; - int len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; - int len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0; - int len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0; - int len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0; - int len_description = description != NULL ? strlen(description )+1 : 0; - int len_workstations = workstations != NULL ? strlen(workstations)+1 : 0; - int len_unknown_str = unknown_str != NULL ? strlen(unknown_str )+1 : 0; - int len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0; - - usr->logon_time = *logon_time; - usr->logoff_time = *logoff_time; - usr->kickoff_time = *kickoff_time; - usr->pass_last_set_time = *pass_last_set_time; - usr->pass_can_change_time = *pass_can_change_time; - usr->pass_must_change_time = *pass_must_change_time; +void init_sam_user_info21(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) +{ + NTTIME logon_time, logoff_time, kickoff_time, + pass_last_set_time, pass_can_change_time, + pass_must_change_time; + + int len_user_name, len_full_name, len_home_dir, + len_dir_drive, len_logon_script, len_profile_path, + len_description, len_workstations, len_unknown_str, + len_munged_dial; + + char* user_name = pdb_get_username(pw); + char* full_name = pdb_get_fullname(pw); + char* home_dir = pdb_get_homedir(pw); + char* dir_drive = pdb_get_dirdrive(pw); + char* logon_script = pdb_get_logon_script(pw); + char* profile_path = pdb_get_profile_path(pw); + char* description = pdb_get_acct_desc(pw); + char* workstations = pdb_get_workstations(pw); + char* munged_dial = pdb_get_munged_dial(pw); + + len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; + len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; + len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; + len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0; + len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0; + len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0; + len_description = description != NULL ? strlen(description )+1 : 0; + len_workstations = workstations != NULL ? strlen(workstations)+1 : 0; + len_unknown_str = 0; + len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0; + + + /* Create NTTIME structs */ + unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); + unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); + unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); + + /* structure assignment */ + usr->logon_time = logon_time; + usr->logoff_time = logoff_time; + usr->kickoff_time = kickoff_time; + usr->pass_last_set_time = pass_last_set_time; + usr->pass_can_change_time = pass_can_change_time; + usr->pass_must_change_time = pass_must_change_time; init_uni_hdr(&usr->hdr_user_name, len_user_name); init_uni_hdr(&usr->hdr_full_name, len_full_name); @@ -3022,14 +3022,14 @@ void init_sam_user_info21(SAM_USER_INFO_21 *usr, memset((char *)usr->nt_pwd, '\0', sizeof(usr->nt_pwd)); memset((char *)usr->lm_pwd, '\0', sizeof(usr->lm_pwd)); - usr->user_rid = user_rid; - usr->group_rid = group_rid; - usr->acb_info = acb_info; - usr->unknown_3 = unknown_3; /* 0x00ff ffff */ + usr->user_rid = pdb_get_user_rid(pw); + usr->group_rid = pdb_get_group_rid(pw); + usr->acb_info = pdb_get_acct_ctrl(pw); + usr->unknown_3 = pdb_get_unknown3(pw); - usr->logon_divs = logon_divs; /* should be 168 (hours/week) */ - usr->ptr_logon_hrs = hrs ? 1 : 0; - usr->unknown_5 = unknown_5; /* 0x0002 0000 */ + usr->logon_divs = pdb_get_logon_divs(pw); + usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0; + usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */ memset((char *)usr->padding1, '\0', sizeof(usr->padding1)); @@ -3041,14 +3041,17 @@ void init_sam_user_info21(SAM_USER_INFO_21 *usr, init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path); init_unistr2(&usr->uni_acct_desc, description, len_description); init_unistr2(&usr->uni_workstations, workstations, len_workstations); - init_unistr2(&usr->uni_unknown_str, unknown_str, len_unknown_str); + init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str); init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial); - usr->unknown_6 = unknown_6; /* 0x0000 04ec */ + usr->unknown_6 = pdb_get_unknown6(pw); usr->padding4 = 0; - if (hrs) - memcpy(&(usr->logon_hrs), hrs, sizeof(usr->logon_hrs)); + if (pdb_get_hours(pw)) + { + usr->logon_hrs.len = pdb_get_hours_len(pw); + memcpy(&(usr->logon_hrs.hours), pdb_get_hours(pw), MAX_HOURS_LEN); + } else memset(&(usr->logon_hrs), 0xff, sizeof(usr->logon_hrs)); } diff --git a/source/rpc_server/srv_lookup.c b/source/rpc_server/srv_lookup.c index e81f3051f3d..8b29be62e72 100644 --- a/source/rpc_server/srv_lookup.c +++ b/source/rpc_server/srv_lookup.c @@ -532,19 +532,19 @@ uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type) uint32 lookup_added_user_rids(char *user_name, uint32 *usr_rid, uint32 *grp_rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*usr_rid) = 0; (*grp_rid) = 0; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*usr_rid) = sam_pass->user_rid ; - (*grp_rid) = sam_pass->group_rid; + (*usr_rid) = pdb_get_user_rid(sam_pass); + (*grp_rid) = pdb_get_group_rid(sam_pass); return 0x0; } @@ -556,18 +556,18 @@ uint32 lookup_added_user_rids(char *user_name, ********************************************************************/ uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*rid) = 0; (*type) = SID_NAME_USER; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*rid) = sam_pass->user_rid; + (*rid) = pdb_get_user_rid(sam_pass); return 0x0; } diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c index 9f5d84ee1f5..8e2b3819cbf 100644 --- a/source/rpc_server/srv_netlog.c +++ b/source/rpc_server/srv_netlog.c @@ -264,7 +264,8 @@ static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata, static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass = NULL; + BYTE *pass = NULL; #if 0 /* @@ -285,13 +286,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) #endif /* 0 */ become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) && - (smb_pass->smb_nt_passwd != NULL)) + if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { - memcpy(md4pw, smb_pass->smb_nt_passwd, 16); + memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); return True; @@ -425,7 +426,7 @@ static BOOL api_net_srv_pwset(pipes_struct *p) uint32 status = NT_STATUS_WRONG_PASSWORD; DOM_CRED srv_cred; pstring mach_acct; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass; BOOL ret; user_struct *vuser; prs_struct *data = &p->in_data.data; @@ -454,10 +455,10 @@ static BOOL api_net_srv_pwset(pipes_struct *p) DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (smb_pass != NULL) { + if (sampass != NULL) { unsigned char pwd[16]; int i; @@ -469,12 +470,12 @@ static BOOL api_net_srv_pwset(pipes_struct *p) cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ - smb_pass->smb_passwd = pwd; - smb_pass->smb_nt_passwd = pwd; - smb_pass->acct_ctrl = ACB_WSTRUST; + pdb_set_lanman_passwd (sampass, pwd); + pdb_set_nt_passwd (sampass, pwd); + pdb_set_acct_ctrl (sampass, ACB_WSTRUST); - become_root(); - ret = mod_smbpwd_entry(smb_pass,False); + become_root(); + ret = pdb_update_sam_account (sampass,False); unbecome_root(); if (ret) { @@ -542,8 +543,8 @@ static BOOL api_net_sam_logoff(pipes_struct *p) net_login_interactive: *************************************************************************/ -static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass, - user_struct *vuser) +static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, + user_struct *vuser) { uint32 status = 0x0; @@ -579,8 +580,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p dump_data(100, nt_pwd, 16); #endif - if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 || - memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) + if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 || + memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0) { status = NT_STATUS_WRONG_PASSWORD; } @@ -592,8 +593,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p net_login_network: *************************************************************************/ -static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) +static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) { + BYTE *nt_pwd, *lanman_pwd; + DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, id2->hdr_nt_chal_resp.str_str_len)); @@ -601,11 +604,12 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) /* JRA. Check the NT password first if it exists - this is a higher quality password, if it exists and it doesn't match - fail. */ + nt_pwd = pdb_get_nt_passwd (sampass); + lanman_pwd = pdb_get_lanman_passwd (sampass); if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) + nt_pwd != NULL) { - if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, + if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd, id2->lm_chal)) return 0x0; else @@ -622,8 +626,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) if (id2->hdr_lm_chal_resp.str_str_len == 24 && smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) + lanman_pwd, id2->lm_chal)) { return 0x0; } @@ -646,21 +649,20 @@ static BOOL api_net_sam_logon(pipes_struct *p) NET_USER_INFO_3 usr_info; uint32 status = 0x0; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; + SAM_ACCOUNT *sampass = NULL; + uint16 acct_ctrl; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; - struct passwd *pw; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; user_struct *vuser = NULL; if ((vuser = get_valid_user_struct(vuid)) == NULL) return False; - memset(&q_l, '\0', sizeof(q_l)); - memset(&ctr, '\0', sizeof(ctr)); - memset(&usr_info, '\0', sizeof(usr_info)); + ZERO_STRUCT(q_l); + ZERO_STRUCT(ctr); + ZERO_STRUCT(usr_info); q_l.sam_id.ctr = &ctr; @@ -682,8 +684,7 @@ static BOOL api_net_sam_logon(pipes_struct *p) case INTERACTIVE_LOGON_TYPE: uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name; - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", - lp_workgroup())); + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); break; case NET_LOGON_TYPE: uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name; @@ -699,7 +700,8 @@ static BOOL api_net_sam_logon(pipes_struct *p) /* check username exists */ - if (status == 0) { + if (status == 0) + { pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer, uni_samlogon_user->uni_str_len)); @@ -709,40 +711,37 @@ static BOOL api_net_sam_logon(pipes_struct *p) * Convert to a UNIX username. */ map_username(nt_username); - - /* - * Do any case conversions. - */ - pw=Get_Pwnam(nt_username, True); + /* get the account information */ become_root(); - smb_pass = getsmbpwnam(nt_username); + sampass = pdb_getsampwnam(nt_username); unbecome_root(); - if (smb_pass == NULL) + acct_ctrl = pdb_get_acct_ctrl(sampass); + if (sampass == NULL) status = NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_PWNOTREQ) + else if (acct_ctrl & ACB_PWNOTREQ) status = 0; - else if (smb_pass->acct_ctrl & ACB_DISABLED) + else if (acct_ctrl & ACB_DISABLED) status = NT_STATUS_ACCOUNT_DISABLED; } /* Validate password - if required. */ - if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) { + if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) { switch (q_l.sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: /* interactive login. */ status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, - smb_pass, vuser); + sampass, vuser); break; case NET_LOGON_TYPE: /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); + status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass); break; } } - + /* lkclXXXX this is the point at which, if the login was successful, that the SAM Local Security Authority should record that the user is logged in to the domain. @@ -753,49 +752,47 @@ static BOOL api_net_sam_logon(pipes_struct *p) if (status == 0) { DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; pstring my_name; pstring my_workgroup; pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - fstring full_name; /* set up pointer indicating user/password failed to be found */ usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - + /* XXXX hack to get standard_sub_basic() to use sam logon username */ /* possibly a better way would be to do a become_user() call */ + + /* + * All this information should be filled in from the + * passdb information + */ sam_logon_in_ssb = True; pstrcpy(samlogon_user, nt_username); - pstrcpy(logon_script, lp_logon_script()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script); +#if 0 + gid = pdb_get_gid(sampass); - pstrcpy(profile_path, lp_logon_path()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path); - - pstrcpy(my_workgroup, lp_workgroup()); + pstrcpy(str, pdb_get_logon_script(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_logon_script(sampass, str); + + pstrcpy(str, pdb_get_profile_path(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_profile_path(sampass, str); + + pstrcpy(str, pdb_get_homedir(sampass)); + standard_sub_advanced(-1, nt_username, "", gid, str); + pdb_set_homedir(sampass, str); - pstrcpy(home_drive, lp_logon_drive()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive); + fstrcpy(full_name, "<Full Name>"); + if (lp_unix_realname()) + fstrcpy(full_name, pdb_get_fullname(sampass)); +#endif - pstrcpy(home_dir, lp_logon_home()); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir); - + pstrcpy(my_workgroup, lp_workgroup()); pstrcpy(my_name, global_myname); strupper(my_name); - fstrcpy(full_name, "<Full Name>"); - if (lp_unix_realname()) - fstrcpy(full_name, pw->pw_gecos); /* * This is the point at which we get the group @@ -815,40 +812,32 @@ static BOOL api_net_sam_logon(pipes_struct *p) sam_logon_in_ssb = False; + /* + * This next call is where the 'domain admin users' parameter + * gets mapped. I'm leaving it out for now. The user and group rid + * has already been mapped into the SAM_ACCOUNT struct. I don't + * think this should be overridden here. The correct solution + * is proper group memberships and mapping. --jerry + */ +#if 0 if (pdb_name_to_rid(nt_username, &r_uid, &r_gid)) - init_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - full_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - +#endif + init_net_user_info3(&usr_info, sampass, 0, /* logon_count */ 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ - NULL, /* char sess_key[16] */ - my_name , /* char *logon_srv */ my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ + +#if 0 else status = NT_STATUS_NO_SUCH_USER; +#endif /* Free any allocated groups array. */ if(gids) diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 4cb57c69d8e..d15f0452523 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -270,10 +270,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm fstring domain; fstring wks; BOOL guest_user = False; - struct smb_passwd *smb_pass = NULL; - struct passwd *pass = NULL; - uchar null_smb_passwd[16]; - uchar *smb_passwd_ptr = NULL; + SAM_ACCOUNT *sam_pass = NULL; + BYTE null_smb_passwd[16]; + BYTE *smb_passwd_ptr = NULL; DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -359,7 +358,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return False; } - +/* unnecessary as the passdb validates the user before returning --jerry */ +#if 0 /* * Find the user in the unix password db. */ @@ -369,6 +369,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return(False); } +#endif /* 0 */ + if(!guest_user) { become_root(); @@ -381,8 +383,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name return False; } - if(!(smb_pass = getsmbpwnam(pipe_user_name))) { - DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", + if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) { + DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n", pipe_user_name)); unbecome_root(); return False; @@ -390,24 +392,24 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name unbecome_root(); - if (smb_pass == NULL) { - DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n", + if (sam_pass == NULL) { + DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n", pipe_user_name)); return(False); } /* Quit if the account was disabled. */ - if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) { + if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); return(False); } - if(!smb_pass->smb_nt_passwd) { + if(!pdb_get_nt_passwd(sam_pass)) { DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); return(False); } - smb_passwd_ptr = smb_pass->smb_passwd; + smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass); } /* @@ -457,9 +459,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - - p->pipe_user.uid = pass->pw_uid; - p->pipe_user.gid = pass->pw_gid; + p->pipe_user.uid = pdb_get_uid(sam_pass); + p->pipe_user.gid = pdb_get_gid(sam_pass); /* Set up pipe user group membership. */ initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); @@ -467,7 +468,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* Create an NT_USER_TOKEN struct for this user. */ p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups); + p->pipe_user.ngroups, p->pipe_user.groups); p->ntlmssp_auth_validated = True; return True; diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c index 72a86c8d80c..dcb5b9c9e35 100644 --- a/source/rpc_server/srv_samr.c +++ b/source/rpc_server/srv_samr.c @@ -40,27 +40,26 @@ extern rid_name builtin_alias_rids[]; dynamically returns the correct user info..... JRA. ********************************************************************/ -static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, - int start_idx, +static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, int *total_entries, int *num_entries, - int max_num_entries, - uint16 acb_mask) + int max_num_entries, uint16 acb_mask) { - void *vp = NULL; - struct sam_passwd *pwd = NULL; + SAM_ACCOUNT *pwd = NULL; (*num_entries) = 0; (*total_entries) = 0; - if (pw_buf == NULL) return False; + if (pw_buf == NULL) + return False; - vp = startsmbpwent(False); - if (!vp) { - DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n")); + if (!pdb_setsampwent(False)) + { + DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); return False; } - while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) { + while ( ((pwd=pdb_getsampwent()) != NULL) && ((*num_entries) < max_num_entries) ) + { int user_name_len; if (start_idx > 0) { @@ -71,34 +70,38 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, continue; } - user_name_len = strlen(pwd->smb_name)+1; - init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); + user_name_len = strlen(pdb_get_username(pwd))+1; + init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pdb_get_username(pwd), user_name_len); init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); - pw_buf[(*num_entries)].user_rid = pwd->user_rid; + pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); /* Now check if the NT compatible password is available. */ - if (pwd->smb_nt_passwd != NULL) { - memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); + if (pdb_get_nt_passwd(pwd) != NULL) + { + memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); } - pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; + pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, - pwd->user_rid, pwd->acct_ctrl)); + (*num_entries), pdb_get_username(pwd), + pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd))); - if (acb_mask == 0 || (pwd->acct_ctrl & acb_mask)) { + if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask)) + { DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); (*num_entries)++; - } else { + } + else + { DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); } (*total_entries)++; } - endsmbpwent(vp); + pdb_endsampwent(); return (*num_entries) > 0; } @@ -1046,7 +1049,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, for (i = 0; i < num_rids && status == 0; i++) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; fstring user_name; @@ -1055,7 +1058,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, /* find the user account */ become_root(); - sam_pass = get_smb21pwd_entry(user_name, 0); + sam_pass = pdb_getsampwnam(user_name); unbecome_root(); if (sam_pass == NULL) @@ -1065,7 +1068,7 @@ static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, } else { - rid[i] = sam_pass->user_rid; + rid[i] = pdb_get_user_rid(sam_pass); } } #endif @@ -1379,7 +1382,7 @@ static BOOL api_samr_lookup_rids(pipes_struct *p) ********************************************************************/ static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY_HND *user_pol) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; DOM_SID sid; /* find the domain policy handle. */ @@ -1391,7 +1394,7 @@ static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY return NT_STATUS_OBJECT_NAME_NOT_FOUND; become_root(); - sam_pass = getsam21pwrid(user_rid); + sam_pass = pdb_getsampwrid(user_rid); unbecome_root(); /* check that the RID exists in our domain. */ @@ -1455,7 +1458,7 @@ static BOOL api_samr_open_user(pipes_struct *p) *************************************************************************/ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass; if (!pdb_rid_is_user(user_rid)) { @@ -1464,18 +1467,18 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) } become_root(); - smb_pass = getsmbpwrid(user_rid); + sampass = pdb_getsampwrid(user_rid); unbecome_root(); - if (smb_pass == NULL) + if (sampass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", smb_pass->smb_name)); + DEBUG(3,("User:[%s]\n", pdb_get_username(sampass))); - init_sam_user_info10(id10, smb_pass->acct_ctrl); + init_sam_user_info10(id10, pdb_get_acct_ctrl(sampass)); return True; } @@ -1485,10 +1488,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) *************************************************************************/ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { - NTTIME dummy_time; - struct sam_passwd *sam_pass; - LOGON_HRS hrs; - int i; + SAM_ACCOUNT *sam_pass; if (!pdb_rid_is_user(user_rid)) { @@ -1497,7 +1497,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) } become_root(); - sam_pass = getsam21pwrid(user_rid); + sam_pass = pdb_getsampwrid(user_rid); unbecome_root(); if (sam_pass == NULL) @@ -1506,50 +1506,9 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) return False; } - DEBUG(3,("User:[%s]\n", sam_pass->smb_name)); - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n")); + DEBUG(3,("User:[%s]\n", pdb_get_username(sam_pass))); - /* create a LOGON_HRS structure */ - hrs.len = sam_pass->hours_len; - SMB_ASSERT_ARRAY(hrs.hours, hrs.len); - for (i = 0; i < hrs.len; i++) - { - hrs.hours[i] = sam_pass->hours[i]; - } - - init_sam_user_info21(id21, - - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - sam_pass->smb_name, /* user_name */ - sam_pass->full_name, /* full_name */ - sam_pass->home_dir, /* home_dir */ - sam_pass->dir_drive, /* dir_drive */ - sam_pass->logon_script, /* logon_script */ - sam_pass->profile_path, /* profile_path */ - sam_pass->acct_desc, /* description */ - sam_pass->workstations, /* workstations user can log in from */ - sam_pass->unknown_str, /* don't know, yet */ - sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */ - - sam_pass->user_rid, /* RID user_id */ - sam_pass->group_rid, /* RID group_id */ - sam_pass->acct_ctrl, - - sam_pass->unknown_3, /* unknown_3 */ - sam_pass->logon_divs, /* divisions per week */ - &hrs, /* logon hours */ - sam_pass->unknown_5, - sam_pass->unknown_6); + init_sam_user_info21(id21, sam_pass); return True; } @@ -1670,7 +1629,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS r_u; uint32 status = 0x0; - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; DOM_GID *gids = NULL; int num_groups = 0; uint32 rid; @@ -1692,7 +1651,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { become_root(); - sam_pass = getsam21pwrid(rid); + sam_pass = pdb_getsampwrid(rid); unbecome_root(); if (sam_pass == NULL) @@ -1704,7 +1663,7 @@ static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { pstring groups; - get_domain_user_groups(groups, sam_pass->smb_name); + get_domain_user_groups(groups, pdb_get_username(sam_pass)); gids = NULL; num_groups = make_dom_gids(groups, &gids); } @@ -1828,7 +1787,7 @@ static BOOL api_samr_query_dom_info(pipes_struct *p) static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint32 acb_info, uint32 access_mask, POLICY_HND *user_pol, uint32 *unknown0, uint32 *user_rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; fstring mach_acct; pstring err_str; pstring msg_str; @@ -1849,9 +1808,10 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint strlower(mach_acct); become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (sam_pass != NULL) { + if (sam_pass != NULL) + { /* machine account exists: say so */ return NT_STATUS_USER_EXISTS; } @@ -1875,14 +1835,16 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint smb_create_user(mach_acct); /* add the user in the smbpasswd file or the Samba authority database */ - if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) { + if (!local_password_change(mach_acct, local_flags, NULL, err_str, + sizeof(err_str), msg_str, sizeof(msg_str))) + { DEBUG(0, ("%s\n", err_str)); close_lsa_policy_hnd(user_pol); return NT_STATUS_ACCESS_DENIED; } become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); if (sam_pass == NULL) { /* account doesn't exist: say so */ @@ -1909,8 +1871,8 @@ static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - *unknown0=0x000703ff; - *user_rid=sam_pass->user_rid; + *unknown0 = 0x000703ff; + *user_rid = pdb_get_user_rid(sam_pass); return NT_STATUS_NO_PROBLEMO; } @@ -2219,8 +2181,7 @@ static BOOL api_samr_open_alias(pipes_struct *p) ********************************************************************/ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); if (id10 == NULL) { DEBUG(5, ("set_user_info_10: NULL id10\n")); @@ -2230,11 +2191,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) if (pwd == NULL) return False; - copy_sam_passwd(&new_pwd, pwd); + pdb_set_acct_ctrl(pwd, id10->acb_info); - new_pwd.acct_ctrl = id10->acb_info; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2243,12 +2202,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) /******************************************************************* set_user_info_12 ********************************************************************/ -static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) +static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); if (pwd == NULL) return False; @@ -2258,16 +2214,10 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) return False; } - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - - memcpy(nt_hash, id12->nt_pwd, sizeof(nt_hash)); - memcpy(lm_hash, id12->lm_pwd, sizeof(lm_hash)); + pdb_set_lanman_passwd (pwd, id12->lm_pwd); + pdb_set_nt_passwd (pwd, id12->nt_pwd); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2278,10 +2228,8 @@ static BOOL set_user_info_12(const SAM_USER_INFO_12 *id12, uint32 rid) ********************************************************************/ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; if (id21 == NULL) { DEBUG(5, ("set_user_info_21: NULL id21\n")); @@ -2291,25 +2239,34 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) if (pwd == NULL) return False; + /* Zero out struct and set a few initial items */ pdb_init_sam(&new_pwd); + + /* FIXME!! these two calls may need to be fixed. copy_sam_passwd() + uses static strings and copy_id21..() reassigns some + strings. Right now there is no memory leaks, but if + the internals of copy_sam_passwd() changes to use dynamically + allocated strings, this will need to be fixed --jerry */ copy_sam_passwd(&new_pwd, pwd); copy_id21_to_sam_passwd(&new_pwd, id21); - if (pwd->smb_nt_passwd != NULL) { - memcpy(nt_hash, pwd->smb_nt_passwd, 16); - new_pwd.smb_nt_passwd = nt_hash; - } else - new_pwd.smb_nt_passwd = NULL; + /* passwords are not copied as part of copy_sam_passwd() */ + if (pdb_get_nt_passwd(pwd) != NULL) + pdb_set_nt_passwd (&new_pwd, pdb_get_nt_passwd(pwd)); - if (pwd->smb_nt_passwd != NULL) { - memcpy(lm_hash, pwd->smb_passwd, 16); - new_pwd.smb_passwd = lm_hash; - } else - new_pwd.smb_passwd = NULL; + if (pdb_get_lanman_passwd(pwd) != NULL) + pdb_set_lanman_passwd (&new_pwd, pdb_get_lanman_passwd(pwd)); - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(&new_pwd, True)) return False; + /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam() + because copy_sam_passwd uses static arrays. Therefore, + we will manually free the password pointers here. This + needs to be fixed. ---jerry */ + if (new_pwd.nt_pw) free (new_pwd.nt_pw); + if (new_pwd.lm_pw) free (new_pwd.lm_pw); + return True; } @@ -2318,10 +2275,10 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 * id21, uint32 rid) ********************************************************************/ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; + BYTE nt_hash[16]; + BYTE lm_hash[16]; pstring buf; uint32 len; @@ -2337,23 +2294,30 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) copy_sam_passwd(&new_pwd, pwd); copy_id23_to_sam_passwd(&new_pwd, id23); - if (!decode_pw_buffer((const char *)id23->pass, buf, 256, &len)) + if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len)) return False; nt_lm_owf_gen(buf, nt_hash, lm_hash); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; + pdb_set_lanman_passwd (&new_pwd, lm_hash); + pdb_set_nt_passwd (&new_pwd, nt_hash); /* update the UNIX password */ if (lp_unix_password_sync()) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True)) return False; memset(buf, 0, sizeof(buf)); - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(&new_pwd, True)) return False; + + /* FIXME!!! Memory leak here. Cannot call pdb_clear_sam() + because copy_sam_passwd uses static arrays. Therefore, + we will manually free the password pointers here. This + needs to be fixed. ---jerry */ + if (new_pwd.nt_pw) free (new_pwd.nt_pw); + if (new_pwd.lm_pw) free (new_pwd.lm_pw); return True; } @@ -2363,40 +2327,38 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) ********************************************************************/ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + uchar nt_hash[16]; + uchar lm_hash[16]; uint32 len; pstring buf; if (pwd == NULL) return False; - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - memset(buf, 0, sizeof(buf)); - if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len)) + if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len)) return False; -DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); + DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); + nt_lm_owf_gen(buf, nt_hash, lm_hash); - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; + pdb_set_lanman_passwd (pwd, lm_hash); + pdb_set_nt_passwd (pwd, nt_hash); /* update the UNIX password */ if (lp_unix_password_sync()) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) return False; memset(buf, 0, sizeof(buf)); -DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n")); + + DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n")); /* update the SAMBA password */ - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -2405,19 +2367,23 @@ DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n")); /******************************************************************* samr_reply_set_userinfo ********************************************************************/ -static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR *ctr, pipes_struct *p) +static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, + SAM_USERINFO_CTR *ctr, pipes_struct *p) { uint32 rid = 0x0; DOM_SID sid; struct current_user user; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sam_pass; unsigned char sess_key[16]; DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); - if (p->ntlmssp_auth_validated) { + if (p->ntlmssp_auth_validated) + { memcpy(&user, &p->pipe_user, sizeof(user)); - } else { + } + else + { extern struct current_user current_user; memcpy(&user, ¤t_user, sizeof(user)); } @@ -2447,15 +2413,16 @@ static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, SAM_USERI */ become_root(); - smb_pass = getsmbpwuid(user.uid); + sam_pass = pdb_getsampwuid(user.uid); unbecome_root(); - if(smb_pass == NULL) { - DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid )); + if(sam_pass == NULL) { + DEBUG(0,("_samr_set_userinfo: Unable to get passdb entry for uid %u\n", + (unsigned int)pdb_get_uid(sam_pass) )); return NT_STATUS_ACCESS_DENIED; } memset(sess_key, '\0', 16); - mdfour(sess_key, smb_pass->smb_nt_passwd, 16); + mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c index ba13f0ed7a6..8349b7add69 100644 --- a/source/rpc_server/srv_util.c +++ b/source/rpc_server/srv_util.c @@ -271,7 +271,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) /* ok, it's a user. find the user account */ become_root(); - disp_info = getsamdisprid(rid); + disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid)); unbecome_root(); if (disp_info != NULL) @@ -328,17 +328,17 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid) ********************************************************************/ uint32 lookup_user_rid(char *user_name, uint32 *rid) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; (*rid) = 0; /* find the user account */ become_root(); - sam_pass = getsam21pwnam(user_name); + sam_pass = pdb_getsampwnam(user_name); unbecome_root(); if (sam_pass != NULL) { - (*rid) = sam_pass->user_rid; + *rid = pdb_get_user_rid(sam_pass); return 0x0; } diff --git a/source/script/mkproto.awk b/source/script/mkproto.awk index b36eaca33bb..9a85e89ced1 100644 --- a/source/script/mkproto.awk +++ b/source/script/mkproto.awk @@ -108,17 +108,22 @@ END { gotstart = 1; } - if( $0 ~ /^vuser_key|^UNISTR2|^LOCAL_GRP|^DOMAIN_GRP|^SMB_STRUCT_DIRENT|^SEC_ACL|^SEC_DESC|^SEC_DESC_BUF|^DOM_SID|^RPC_HND_NODE/ ) { + if( $0 ~ /^vuser_key|^UNISTR2|^LOCAL_GRP|^DOMAIN_GRP|^SMB_STRUCT_DIRENT|^SEC_ACL|^SEC_DESC|^SEC_DESC_BUF|^DOM_SID|^RPC_HND_NODE|^BYTE/ ) { gotstart = 1; } - if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN/ ) { + if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) { gotstart = 1; } if( $0 ~ /^long|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ ) { gotstart = 1; } + + if( $0 ~ /^SAM_ACCT_INFO_NODE/ ) { + gotstart = 1; + } + if(!gotstart) { next; } diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 1f1ee96713e..ba68557fdf7 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -52,6 +52,7 @@ #include "includes.h" extern int DEBUGLEVEL; +extern struct passdb_ops pdb_ops; #if ALLOW_CHANGE_PASSWORD @@ -541,62 +542,64 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root) ************************************************************/ BOOL check_lanman_password(char *user, uchar * pass1, - uchar * pass2, struct smb_passwd **psmbpw) + uchar * pass2, SAM_ACCOUNT **hnd) { static uchar null_pw[16]; uchar unenc_new_pw[16]; uchar unenc_old_pw[16]; - struct smb_passwd *smbpw; - - *psmbpw = NULL; + SAM_ACCOUNT *sampass = NULL; + uint16 acct_ctrl; + BYTE *lanman_pw; become_root(); - smbpw = getsmbpwnam(user); + sampass = pdb_getsampwnam(user); unbecome_root(); - if (smbpw == NULL) + if (sampass == NULL) { - DEBUG(0, - ("check_lanman_password: getsmbpwnam returned NULL\n")); + DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n")); return False; } + + acct_ctrl = pdb_get_acct_ctrl (sampass); + lanman_pw = pdb_get_lanman_passwd (sampass); - if (smbpw->acct_ctrl & ACB_DISABLED) + if (acct_ctrl & ACB_DISABLED) { - DEBUG(0, - ("check_lanman_password: account %s disabled.\n", + DEBUG(0,("check_lanman_password: account %s disabled.\n", user)); return False; } - if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) + if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ)) { uchar no_pw[14]; memset(no_pw, '\0', 14); E_P16(no_pw, null_pw); - smbpw->smb_passwd = null_pw; + pdb_set_lanman_passwd (sampass, null_pw); } - else if (smbpw->smb_passwd == NULL) + else if (lanman_pw == NULL) { DEBUG(0, ("check_lanman_password: no lanman password !\n")); return False; } /* Get the new lanman hash. */ - D_P16(smbpw->smb_passwd, pass2, unenc_new_pw); + D_P16(lanman_pw, pass2, unenc_new_pw); /* Use this to get the old lanman hash. */ D_P16(unenc_new_pw, pass1, unenc_old_pw); /* Check that the two old passwords match. */ - if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) + if (memcmp(lanman_pw, unenc_old_pw, 16)) { - DEBUG(0, - ("check_lanman_password: old password doesn't match.\n")); + DEBUG(0,("check_lanman_password: old password doesn't match.\n")); return False; } - *psmbpw = smbpw; + /* this saves the pointer for the caller */ + *hnd = sampass; + return True; } @@ -606,50 +609,52 @@ BOOL check_lanman_password(char *user, uchar * pass1, no longer be valid. ************************************************************/ -BOOL change_lanman_password(struct smb_passwd *smbpw, uchar * pass1, +BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1, uchar * pass2) { static uchar null_pw[16]; uchar unenc_new_pw[16]; BOOL ret; + uint16 acct_ctrl; + BYTE *pwd; - if (smbpw == NULL) + if (sampass == NULL) { - DEBUG(0, - ("change_lanman_password: no smb password entry.\n")); + DEBUG(0,("change_lanman_password: no smb password entry.\n")); return False; } + acct_ctrl = pdb_get_acct_ctrl(sampass); + pwd = pdb_get_lanman_passwd(sampass); - if (smbpw->acct_ctrl & ACB_DISABLED) + if (acct_ctrl & ACB_DISABLED) { - DEBUG(0, - ("change_lanman_password: account %s disabled.\n", - smbpw->smb_name)); + DEBUG(0,("change_lanman_password: account %s disabled.\n", + pdb_get_username(sampass))); return False; } - if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) + if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ)) { uchar no_pw[14]; memset(no_pw, '\0', 14); E_P16(no_pw, null_pw); - smbpw->smb_passwd = null_pw; + pdb_set_lanman_passwd(sampass, null_pw); } - else if (smbpw->smb_passwd == NULL) + else if (pwd == NULL) { - DEBUG(0, ("change_lanman_password: no lanman password !\n")); + DEBUG(0,("change_lanman_password: no lanman password !\n")); return False; } /* Get the new lanman hash. */ - D_P16(smbpw->smb_passwd, pass2, unenc_new_pw); + D_P16(pwd, pass2, unenc_new_pw); - smbpw->smb_passwd = unenc_new_pw; - smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */ + pdb_set_lanman_passwd(sampass, unenc_new_pw); + pdb_set_nt_passwd (sampass, NULL); /* We lose the NT hash. Sorry. */ - /* Now write it into the file. */ + /* Now flush the sam_passwd struct to persistent storage */ become_root(); - ret = mod_smbpwd_entry(smbpw, False); + ret = pdb_update_sam_account (sampass, False); unbecome_root(); return ret; @@ -663,10 +668,9 @@ BOOL pass_oem_change(char *user, uchar * ntdata, uchar * nthash) { fstring new_passwd; - struct smb_passwd *sampw; + SAM_ACCOUNT *sampass = NULL; BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash, - &sampw, - new_passwd, sizeof(new_passwd)); + &sampass, new_passwd, sizeof(new_passwd)); /* * At this point we have the new case-sensitive plaintext @@ -684,7 +688,7 @@ BOOL pass_oem_change(char *user, if (ret) { - ret = change_oem_password(sampw, new_passwd, False); + ret = change_oem_password(sampass, new_passwd, False); } memset(new_passwd, 0, sizeof(new_passwd)); @@ -702,12 +706,14 @@ BOOL pass_oem_change(char *user, BOOL check_oem_password(char *user, uchar * lmdata, uchar * lmhash, uchar * ntdata, uchar * nthash, - struct smb_passwd **psmbpw, char *new_passwd, + SAM_ACCOUNT **hnd, char *new_passwd, int new_passwd_size) { static uchar null_pw[16]; static uchar null_ntpw[16]; - struct smb_passwd *smbpw = NULL; + SAM_ACCOUNT *sampass = NULL; + BYTE *lanman_pw, *nt_pw; + uint16 acct_ctrl; int new_pw_len; uchar new_ntp16[16]; uchar unenc_old_ntpw[16]; @@ -718,20 +724,19 @@ BOOL check_oem_password(char *user, BOOL nt_pass_set = (ntdata != NULL && nthash != NULL); become_root(); - *psmbpw = smbpw = getsmbpwnam(user); + *hnd = sampass = pdb_getsampwnam(user); unbecome_root(); - if (smbpw == NULL) + if (sampass == NULL) { DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n")); return False; } - - if (smbpw->acct_ctrl & ACB_DISABLED) + acct_ctrl = pdb_get_acct_ctrl(sampass); + + if (acct_ctrl & ACB_DISABLED) { - DEBUG(0, - ("check_lanman_password: account %s disabled.\n", - user)); + DEBUG(0,("check_lanman_password: account %s disabled.\n", user)); return False; } @@ -740,31 +745,33 @@ BOOL check_oem_password(char *user, no_pw[1] = 0; nt_lm_owf_gen(no_pw, null_ntpw, null_pw); + /* save pointers to passwords so we don't have to keep looking them up */ + lanman_pw = pdb_get_lanman_passwd(sampass); + nt_pw = pdb_get_nt_passwd (sampass); + /* check for null passwords */ - if (smbpw->smb_passwd == NULL) + if (lanman_pw == NULL) { - if (smbpw->acct_ctrl & ACB_PWNOTREQ) + if (acct_ctrl & ACB_PWNOTREQ) { - smbpw->smb_passwd = null_pw; + pdb_set_lanman_passwd(sampass, null_pw); } else { - DEBUG(0, - ("check_oem_password: no lanman password !\n")); + DEBUG(0,("check_oem_password: no lanman password !\n")); return False; } } - if (smbpw->smb_nt_passwd == NULL && nt_pass_set) + if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set) { - if (smbpw->acct_ctrl & ACB_PWNOTREQ) + if (acct_ctrl & ACB_PWNOTREQ) { - smbpw->smb_nt_passwd = null_pw; + pdb_set_nt_passwd(sampass, null_pw); } else { - DEBUG(0, - ("check_oem_password: no ntlm password !\n")); + DEBUG(0,("check_oem_password: no ntlm password !\n")); return False; } } @@ -772,7 +779,7 @@ BOOL check_oem_password(char *user, /* * Call the hash function to get the new password. */ - SamOEMhash((uchar *) lmdata, (uchar *) smbpw->smb_passwd, True); + SamOEMhash((uchar *) lmdata, (uchar *)lanman_pw, True); /* * The length of the new password is in the last 4 bytes of @@ -782,8 +789,7 @@ BOOL check_oem_password(char *user, new_pw_len = IVAL(lmdata, 512); if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1) { - DEBUG(0, - ("check_oem_password: incorrect password length (%d).\n", + DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len)); return False; } @@ -796,9 +802,7 @@ BOOL check_oem_password(char *user, int uni_pw_len = new_pw_len; char *pw; new_pw_len /= 2; - pw = - dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]), - new_pw_len); + pw = dos_unistrn2((uint16 *)(&lmdata[512 - uni_pw_len]),new_pw_len); memcpy(new_passwd, pw, new_pw_len + 1); } else @@ -822,10 +826,9 @@ BOOL check_oem_password(char *user, */ D_P16(new_p16, lmhash, unenc_old_pw); - if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) + if (memcmp(lanman_pw, unenc_old_pw, 16)) { - DEBUG(0, - ("check_oem_password: old lm password doesn't match.\n")); + DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); return False; } @@ -843,17 +846,15 @@ BOOL check_oem_password(char *user, D_P16(new_ntp16, lmhash, unenc_old_pw); D_P16(new_ntp16, nthash, unenc_old_ntpw); - if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) + if (memcmp(lanman_pw, unenc_old_pw, 16)) { - DEBUG(0, - ("check_oem_password: old lm password doesn't match.\n")); + DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); return False; } - if (memcmp(smbpw->smb_nt_passwd, unenc_old_ntpw, 16)) + if (memcmp(nt_pw, unenc_old_ntpw, 16)) { - DEBUG(0, - ("check_oem_password: old nt password doesn't match.\n")); + DEBUG(0,("check_oem_password: old nt password doesn't match.\n")); return False; } #ifdef DEBUG_PASSWORD @@ -869,7 +870,7 @@ BOOL check_oem_password(char *user, override = True, override XXXXXXXXXX'd password ************************************************************/ -BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, +BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd, BOOL override) { int ret; @@ -878,12 +879,12 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16); - smbpw->smb_passwd = new_p16; - smbpw->smb_nt_passwd = new_nt_p16; + pdb_set_lanman_passwd (hnd, new_p16); + pdb_set_nt_passwd (hnd, new_nt_p16); /* Now write it into the file. */ become_root(); - ret = mod_smbpwd_entry(smbpw, override); + ret = pdb_update_sam_account (hnd, override); unbecome_root(); memset(new_passwd, '\0', strlen(new_passwd)); @@ -896,45 +897,42 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, ***********************************************************/ BOOL check_plaintext_password(char *user, char *old_passwd, - int old_passwd_size, struct smb_passwd **psmbpw) + int old_passwd_size, SAM_ACCOUNT **hnd) { - struct smb_passwd *smbpw = NULL; + SAM_ACCOUNT *sampass = NULL; uchar old_pw[16], old_ntpw[16]; become_root(); - *psmbpw = smbpw = getsmbpwnam(user); + *hnd = sampass = pdb_getsampwnam(user); unbecome_root(); - if (smbpw == NULL) + if (sampass == NULL) { - DEBUG(0, - ("check_plaintext_password: getsmbpwnam returned NULL\n")); + DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n")); return False; } - if (smbpw->acct_ctrl & ACB_DISABLED) + if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { - DEBUG(0, - ("check_plaintext_password: account %s disabled.\n", - user)); + DEBUG(0,("check_plaintext_password: account %s disabled.\n", user)); return (False); } nt_lm_owf_gen(old_passwd, old_ntpw, old_pw); #ifdef DEBUG_PASSWORD - DEBUG(100, ("check_plaintext_password: smbpw->smb_nt_passwd \n")); - dump_data(100, smbpw->smb_nt_passwd, 16); + DEBUG(100, ("check_plaintext_password: nt_passwd \n")); + dump_data(100, pdb_get_nt_passwd(sampass), 16); DEBUG(100, ("check_plaintext_password: old_ntpw \n")); dump_data(100, old_ntpw, 16); - DEBUG(100, ("check_plaintext_password: smbpw->smb_passwd \n")); - dump_data(100, smbpw->smb_passwd, 16); + DEBUG(100, ("check_plaintext_password: lanman_passwd \n")); + dump_data(100, pdb_get_lanman_passwd, 16); DEBUG(100, ("check_plaintext_password: old_pw\n")); dump_data(100, old_pw, 16); #endif - if (memcmp(smbpw->smb_nt_passwd, old_ntpw, 16) - && memcmp(smbpw->smb_passwd, old_pw, 16)) + if (memcmp(pdb_get_nt_passwd(sampass), old_ntpw, 16) + && memcmp(pdb_get_lanman_passwd(sampass), old_pw, 16)) return (False); else return (True); diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 944a187ccc9..fe6b22a9bf7 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -1733,7 +1733,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param { fstring saved_pass2; - struct smb_passwd *smbpw = NULL; + SAM_ACCOUNT *sampass; /* * Save the new password as change_oem_password overwrites it @@ -1742,8 +1742,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param fstrcpy(saved_pass2, pass2); - if (check_plaintext_password(user,pass1,strlen(pass1),&smbpw) && - change_oem_password(smbpw,pass2,False)) + if (check_plaintext_password(user,pass1,strlen(pass1),&sampass) && + change_oem_password(sampass,pass2,False)) { SSVAL(*rparam,0,NERR_Success); @@ -1784,10 +1784,10 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param if(SVAL(*rparam,0) != NERR_Success) { - struct smb_passwd *sampw = NULL; + SAM_ACCOUNT *hnd = NULL; - if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) && - change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2)) + if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) && + change_lanman_password(hnd,(unsigned char *)pass1,(unsigned char *)pass2)) { SSVAL(*rparam,0,NERR_Success); } diff --git a/source/smbd/password.c b/source/smbd/password.c index 55c7f0709bb..934b3155f3a 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -289,15 +289,15 @@ update the encrypted smbpasswd file from the plaintext username and password *****************************************************************************/ static BOOL update_smbpassword_file(char *user, char *password) { - struct smb_passwd *smbpw; - BOOL ret; + SAM_ACCOUNT *sampass = NULL; + BOOL ret; become_root(); - smbpw = getsmbpwnam(user); + sampass = pdb_getsampwnam(user); unbecome_root(); - if(smbpw == NULL) { - DEBUG(0,("getsmbpwnam returned NULL\n")); + if(sampass == NULL) { + DEBUG(0,("pdb_getsampwnam returned NULL\n")); return False; } @@ -305,11 +305,11 @@ static BOOL update_smbpassword_file(char *user, char *password) * Remove the account disabled flag - we are updating the * users password from a login. */ - smbpw->acct_ctrl &= ~ACB_DISABLED; + pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED); /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */ - ret = change_oem_password( smbpw, password, True); + ret = change_oem_password( sampass, password, True); if (ret == False) { DEBUG(3,("change_oem_password returned False\n")); } @@ -317,10 +317,6 @@ static BOOL update_smbpassword_file(char *user, char *password) return ret; } - - - - /**************************************************************************** core of smb password checking routine. ****************************************************************************/ @@ -367,19 +363,22 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha Do a specific test for an smb password being correct, given a smb_password and the lanman and NT responses. ****************************************************************************/ -BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], +BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8], uchar lm_pass[24], uchar nt_pass[24]) { uchar challenge[8]; + char* user_name; + BYTE *nt_pw, *lm_pw; - if (!lm_pass || !smb_pass) return(False); + if (!lm_pass || !sampass) + return(False); - DEBUG(4,("Checking SMB password for user %s\n", - smb_pass->smb_name)); + user_name = pdb_get_username(sampass); + + DEBUG(4,("Checking SMB password for user %s\n",user_name)); - if(smb_pass->acct_ctrl & ACB_DISABLED) { - DEBUG(1,("account for user %s was disabled.\n", - smb_pass->smb_name)); + if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { + DEBUG(1,("account for user %s was disabled.\n", user_name)); return(False); } @@ -398,35 +397,36 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], memcpy(challenge, chal, 8); } - if ((Protocol >= PROTOCOL_NT1) && (smb_pass->smb_nt_passwd != NULL)) { + nt_pw = pdb_get_nt_passwd(sampass); + + if ((Protocol >= PROTOCOL_NT1) && (nt_pw != NULL)) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ DEBUG(4,("smb_password_ok: Checking NT MD4 password\n")); - if (smb_password_check((char *)nt_pass, - (uchar *)smb_pass->smb_nt_passwd, - challenge)) { + if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge)) + { DEBUG(4,("NT MD4 password check succeeded\n")); return(True); } DEBUG(4,("NT MD4 password check failed\n")); } - /* Try against the lanman password. smb_pass->smb_passwd == NULL means - no password, allow access. */ + /* Try against the lanman password. pdb_get_lanman_passwd(sampass) == NULL + means no password, allow access. */ DEBUG(4,("Checking LM MD4 password\n")); - if((smb_pass->smb_passwd == NULL) && - (smb_pass->acct_ctrl & ACB_PWNOTREQ)) { - DEBUG(4,("no password required for user %s\n", - smb_pass->smb_name)); + lm_pw = pdb_get_lanman_passwd(sampass); + + if((lm_pw == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) + { + DEBUG(4,("no password required for user %s\n",user_name)); return True; } - if((smb_pass->smb_passwd != NULL) && - smb_password_check((char *)lm_pass, - (uchar *)smb_pass->smb_passwd, challenge)) { + if((lm_pw != NULL) && smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge)) + { DEBUG(4,("LM MD4 password check succeeded\n")); return(True); } @@ -443,18 +443,19 @@ SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -BOOL pass_check_smb(char *user, char *domain, - uchar *chal, uchar *lm_pwd, uchar *nt_pwd, - struct passwd *pwd) +BOOL pass_check_smb(char *user, char *domain, uchar *chal, + uchar *lm_pwd, uchar *nt_pwd, struct passwd *pwd) { struct passwd *pass; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass; if (!lm_pwd || !nt_pwd) { return(False); } + /* FIXME! this code looks to be unnecessary now that the passdb + validates that the username exists and has a valid uid */ if (pwd != NULL && user == NULL) { pass = (struct passwd *) pwd; @@ -462,6 +463,8 @@ BOOL pass_check_smb(char *user, char *domain, } else { + /* I don't get this call here. I think it should be moved. + Need to check on it. --jerry */ pass = smb_getpwnam(user,True); } @@ -471,38 +474,45 @@ BOOL pass_check_smb(char *user, char *domain, return(False); } - smb_pass = getsmbpwnam(user); - - if (smb_pass == NULL) + /* get the account information */ + sampass = pdb_getsampwnam(user); + if (sampass == NULL) { - DEBUG(1,("Couldn't find user '%s' in smb_passwd file.\n", user)); + DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user)); return(False); } /* Quit if the account was disabled. */ - if(smb_pass->acct_ctrl & ACB_DISABLED) { + if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { DEBUG(1,("Account for user '%s' was disabled.\n", user)); return(False); } - /* Ensure the uid's match */ + /* Ensure the uid's match + FIXME! This also seems unnecessary --jerry */ +#if 0 /* GWC */ if (smb_pass->smb_userid != pass->pw_uid) { DEBUG(0,("Error : UNIX and SMB uids in password files do not match for user '%s'!\n", user)); return(False); } +#endif - if (smb_pass->acct_ctrl & ACB_PWNOTREQ) { - if (lp_null_passwords()) { - DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name)); + if (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) + { + if (lp_null_passwords()) + { + DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user)); return(True); - } else { - DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", smb_pass->smb_name)); + } + else + { + DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user)); return(False); } } - if (smb_password_ok(smb_pass, chal, lm_pwd, nt_pwd)) + if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd)) { return(True); } diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 4fd9f9c42d8..fa8aa112776 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -439,16 +439,19 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out char *smb_passwd, int smb_passlen, char *smb_nt_passwd, int smb_nt_passlen) { - struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */ + /* check if trust account exists */ + SAM_ACCOUNT *sam_trust_acct = NULL; + uint16 acct_ctrl; + if (lp_security() == SEC_USER) { - smb_trust_acct = getsmbpwnam(user); + sam_trust_acct = pdb_getsampwnam(user); } else { DEBUG(0,("session_trust_account: Trust account %s only supported with security = user\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (smb_trust_acct == NULL) { + if (sam_trust_acct == NULL) { /* lkclXXXX: workstation entry doesn't exist */ DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); @@ -460,25 +463,26 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (!smb_password_ok(smb_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) { + if (!smb_password_ok(sam_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) { DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (smb_trust_acct->acct_ctrl & ACB_DOMTRUST) { + acct_ctrl = pdb_get_acct_ctrl(sam_trust_acct); + if (acct_ctrl & ACB_DOMTRUST) { DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)); } - if (smb_trust_acct->acct_ctrl & ACB_SVRTRUST) { + if (acct_ctrl & ACB_SVRTRUST) { DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT)); } - if (smb_trust_acct->acct_ctrl & ACB_WSTRUST) { + if (acct_ctrl & ACB_WSTRUST) { DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)); diff --git a/source/smbd/server.c b/source/smbd/server.c index e4dd661ea56..823536f2abf 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -729,7 +729,7 @@ static void usage(char *pname) exit(1); } - if(!initialize_password_db()) { + if(!initialize_password_db(False)) { exit(1); } diff --git a/source/smbd/uid.c b/source/smbd/uid.c index c181b9a00f0..d82edcbfae0 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -243,8 +243,8 @@ BOOL unbecome_authenticated_pipe_user(pipes_struct *p) return pop_sec_ctx(); } -/* Temporarily become a root user. Must match with unbecome_root(). */ +/* Temporarily become a root user. Must match with unbecome_root(). */ void become_root(void) { push_sec_ctx(); diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c index d9fa46fe4ce..d6a0c3dba89 100644 --- a/source/utils/smbpasswd.c +++ b/source/utils/smbpasswd.c @@ -221,12 +221,13 @@ static BOOL password_change(const char *remote_machine, char *user_name, if (remote_machine != NULL) { if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER| - LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) { + LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) + { /* these things can't be done remotely yet */ return False; } - ret = remote_password_change(remote_machine, user_name, - old_passwd, new_passwd, err_str, sizeof(err_str)); + ret = remote_password_change(remote_machine, user_name, old_passwd, + new_passwd, err_str, sizeof(err_str)); if(*err_str) fprintf(stderr, err_str); return ret; @@ -402,9 +403,11 @@ static int process_root(int argc, char *argv[]) * smbpasswd file) then we need to prompt for a new password. */ - if(local_flags & LOCAL_ENABLE_USER) { - struct smb_passwd *smb_pass = getsmbpwnam(user_name); - if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL)) { + if(local_flags & LOCAL_ENABLE_USER) + { + SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name); + if((sampass != NULL) && (pdb_get_lanman_passwd(sampass) != NULL)) + { new_passwd = xstrdup("XXXX"); /* Don't care. */ } } @@ -418,18 +421,20 @@ static int process_root(int argc, char *argv[]) } } - if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags)) { + if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags)) + { fprintf(stderr,"Failed to modify password entry for user %s\n", user_name); result = 1; goto done; } - if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) { - struct smb_passwd *smb_pass = getsmbpwnam(user_name); + if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) + { + SAM_ACCOUNT *sampass = pdb_getsampwnam(user_name); printf("Password changed for user %s.", user_name ); - if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_DISABLED )) + if( (sampass != NULL) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) ) printf(" User has disabled flag set."); - if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ)) + if((sampass != NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) ) printf(" User has no password flag set."); printf("\n"); } @@ -554,7 +559,7 @@ int main(int argc, char **argv) charset_initialise(); - if(!initialize_password_db()) { + if(!initialize_password_db(True)) { fprintf(stderr, "Can't setup password database vectors.\n"); exit(1); } diff --git a/source/web/swat.c b/source/web/swat.c index 29ff28a75a7..e0936d07419 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -640,8 +640,8 @@ static BOOL change_password(const char *remote_machine, char *user_name, return ret; } - if(!initialize_password_db()) { - printf("Can't setup password database vectors.\n<p>"); + if(!initialize_password_db(True)) { + printf("Can't initialize passdb!\n<p>"); return False; } |