2 * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
3 * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
5 * This program is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free
7 * Software Foundation; either version 2 of the License, or (at your option)
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 675
17 * Mass Ave, Cambridge, MA 02139, USA.
24 extern int pw_file_lock_depth;
25 extern int DEBUGLEVEL;
26 extern pstring samlogon_user;
27 extern BOOL sam_logon_in_ssb;
29 static char s_readbuf[1024];
31 /***************************************************************
32 Start to enumerate the smbpasswd list. Returns a void pointer
33 to ensure no modification outside this module.
34 ****************************************************************/
36 static void *startsmbfilepwent(BOOL update)
39 char *pfile = lp_smb_passwd_file();
42 DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
45 DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile));
47 fp = fopen(pfile, update ? "r+b" : "rb");
50 DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile));
54 /* Set a buffer to do more efficient reads */
55 setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf));
57 if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth))
59 DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile));
64 /* Make sure it is only rw by the owner */
67 /* We have a lock on the file. */
71 /***************************************************************
72 End enumeration of the smbpasswd list.
73 ****************************************************************/
75 static void endsmbfilepwent(void *vp)
77 FILE *fp = (FILE *)vp;
79 pw_file_unlock(fileno(fp), &pw_file_lock_depth);
81 DEBUG(7, ("endsmbfilepwent: closed password file.\n"));
84 /*************************************************************************
85 Routine to return the next entry in the smbpasswd list.
86 *************************************************************************/
87 static struct smb_passwd *getsmbfilepwent(void *vp)
89 /* Static buffers we will return. */
90 static struct smb_passwd pw_buf;
91 static pstring user_name;
92 static unsigned char smbpwd[16];
93 static unsigned char smbntpwd[16];
94 FILE *fp = (FILE *)vp;
102 DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
106 pdb_init_smb(&pw_buf);
108 pw_buf.acct_ctrl = ACB_NORMAL;
111 * Scan the file, a line at a time and check if the name matches.
116 fgets(linebuf, 256, fp);
122 * Check if the string is terminated with a newline - if not
123 * then we must keep reading and discard until we get one.
125 linebuf_len = strlen(linebuf);
126 if (linebuf[linebuf_len - 1] != '\n') {
128 while (!ferror(fp) && !feof(fp)) {
134 linebuf[linebuf_len - 1] = '\0';
136 #ifdef DEBUG_PASSWORD
137 DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
139 if ((linebuf[0] == 0) && feof(fp)) {
140 DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
144 * The line we have should be of the form :-
146 * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
151 * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
153 * if Windows NT compatible passwords are also present.
154 * [Account type] is an ascii encoding of the type of account.
155 * LCT-(8 hex digits) is the time_t value of the last change time.
158 if (linebuf[0] == '#' || linebuf[0] == '\0') {
159 DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
162 p = (unsigned char *) strchr(linebuf, ':');
164 DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
168 * As 256 is shorter than a pstring we don't need to check
169 * length here - if this ever changes....
171 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
172 user_name[PTR_DIFF(p, linebuf)] = '\0';
176 p++; /* Go past ':' */
178 DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
182 uidval = atoi((char *) p);
184 while (*p && isdigit(*p))
188 DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
192 pw_buf.smb_name = user_name;
193 pw_buf.smb_userid = uidval;
196 * Now get the password value - this should be 32 hex digits
197 * which are the ascii representations of a 16 byte string.
198 * Get two at a time and put them into the password.
204 if (*p == '*' || *p == 'X') {
205 /* Password deliberately invalid - end here. */
206 DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
207 pw_buf.smb_nt_passwd = NULL;
208 pw_buf.smb_passwd = NULL;
209 pw_buf.acct_ctrl |= ACB_DISABLED;
213 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
214 DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
219 DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
223 if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
224 pw_buf.smb_passwd = NULL;
225 pw_buf.acct_ctrl |= ACB_PWNOTREQ;
227 if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) {
228 DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
231 pw_buf.smb_passwd = smbpwd;
235 * Now check if the NT compatible password is
238 pw_buf.smb_nt_passwd = NULL;
240 p += 33; /* Move to the first character of the line after
241 the lanman password. */
242 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
243 if (*p != '*' && *p != 'X') {
244 if(pdb_gethexpwd((char *)p,(char *)smbntpwd))
245 pw_buf.smb_nt_passwd = smbntpwd;
247 p += 33; /* Move to the first character of the line after
251 DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
256 pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p);
258 /* Must have some account type set. */
259 if(pw_buf.acct_ctrl == 0)
260 pw_buf.acct_ctrl = ACB_NORMAL;
262 /* Now try and get the last change time. */
267 if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
270 for(i = 0; i < 8; i++) {
271 if(p[i] == '\0' || !isxdigit(p[i]))
276 * p points at 8 characters of hex digits -
277 * read into a time_t as the seconds since
278 * 1970 that the password was last changed.
280 pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
285 /* 'Old' style file. Fake up based on user name. */
287 * Currently trust accounts are kept in the same
288 * password file as 'normal accounts'. If this changes
289 * we will have to fix this code. JRA.
291 if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
292 pw_buf.acct_ctrl &= ~ACB_NORMAL;
293 pw_buf.acct_ctrl |= ACB_WSTRUST;
300 DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
304 /*************************************************************************
305 Routine to return the next entry in the smbpasswd list.
306 this function is a nice, messy combination of reading:
308 - the unix password database
309 - smb.conf options (not done at present).
310 *************************************************************************/
312 static struct sam_passwd *getsmbfile21pwent(void *vp)
314 struct smb_passwd *pw_buf = getsmbfilepwent(vp);
315 static struct sam_passwd user;
316 struct passwd *pwfile;
318 static pstring full_name;
319 static pstring home_dir;
320 static pstring home_drive;
321 static pstring logon_script;
322 static pstring profile_path;
323 static pstring acct_desc;
324 static pstring workstations;
326 DEBUG(5,("getsmbfile21pwent\n"));
328 if (pw_buf == NULL) return NULL;
330 pwfile = getpwnam(pw_buf->smb_name);
333 DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
334 DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
340 pstrcpy(samlogon_user, pw_buf->smb_name);
342 if (samlogon_user[strlen(samlogon_user)-1] != '$')
344 /* XXXX hack to get standard_sub_basic() to use sam logon username */
345 /* possibly a better way would be to do a become_user() call */
346 sam_logon_in_ssb = True;
348 user.smb_userid = pw_buf->smb_userid;
349 user.smb_grpid = pwfile->pw_gid;
351 user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
352 user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
354 pstrcpy(full_name , pwfile->pw_gecos );
355 pstrcpy(logon_script , lp_logon_script ());
356 pstrcpy(profile_path , lp_logon_path ());
357 pstrcpy(home_drive , lp_logon_drive ());
358 pstrcpy(home_dir , lp_logon_home ());
359 pstrcpy(acct_desc , "");
360 pstrcpy(workstations , "");
362 sam_logon_in_ssb = False;
366 user.smb_userid = pw_buf->smb_userid;
367 user.smb_grpid = pwfile->pw_gid;
369 user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
370 user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
372 pstrcpy(full_name , "");
373 pstrcpy(logon_script , "");
374 pstrcpy(profile_path , "");
375 pstrcpy(home_drive , "");
376 pstrcpy(home_dir , "");
377 pstrcpy(acct_desc , "");
378 pstrcpy(workstations , "");
381 user.smb_name = pw_buf->smb_name;
382 user.full_name = full_name;
383 user.home_dir = home_dir;
384 user.dir_drive = home_drive;
385 user.logon_script = logon_script;
386 user.profile_path = profile_path;
387 user.acct_desc = acct_desc;
388 user.workstations = workstations;
390 user.unknown_str = NULL; /* don't know, yet! */
391 user.munged_dial = NULL; /* "munged" dial-back telephone number */
393 user.smb_nt_passwd = pw_buf->smb_nt_passwd;
394 user.smb_passwd = pw_buf->smb_passwd;
396 user.acct_ctrl = pw_buf->acct_ctrl;
398 user.unknown_3 = 0xffffff; /* don't know */
399 user.logon_divs = 168; /* hours per week */
400 user.hours_len = 21; /* 21 times 8 bits = 168 */
401 memset(user.hours, 0xff, user.hours_len); /* available at all hours */
402 user.unknown_5 = 0x00020000; /* don't know */
403 user.unknown_5 = 0x000004ec; /* don't know */
408 /*************************************************************************
409 Return the current position in the smbpasswd list as an SMB_BIG_UINT.
410 This must be treated as an opaque token.
411 *************************************************************************/
413 static SMB_BIG_UINT getsmbfilepwpos(void *vp)
415 return (SMB_BIG_UINT)sys_ftell((FILE *)vp);
418 /*************************************************************************
419 Set the current position in the smbpasswd list from an SMB_BIG_UINT.
420 This must be treated as an opaque token.
421 *************************************************************************/
423 static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
425 return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET);
428 /************************************************************************
429 Routine to add an entry to the smbpasswd file.
430 *************************************************************************/
432 static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
434 char *pfile = lp_smb_passwd_file();
435 struct smb_passwd *pwd = NULL;
442 int new_entry_length;
447 /* Open the smbpassword file - for update. */
448 fp = startsmbfilepwent(True);
451 DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
456 * Scan the file, a line at a time and check if the name matches.
459 while ((pwd = getsmbfilepwent(fp)) != NULL) {
460 if (strequal(newpwd->smb_name, pwd->smb_name)) {
461 DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
467 /* Ok - entry doesn't exist. We can add it */
469 /* Create a new smb passwd entry and set it to the given password. */
471 * The add user write needs to be atomic - so get the fd from
472 * the fp and do a raw write() call.
476 if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
477 DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
478 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
483 new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
485 if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
486 DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
487 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
492 slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
493 p = &new_entry[strlen(new_entry)];
495 if(newpwd->smb_passwd != NULL) {
496 for( i = 0; i < 16; i++) {
497 slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
501 if(newpwd->acct_ctrl & ACB_PWNOTREQ)
502 safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
504 safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
511 if(newpwd->smb_nt_passwd != NULL) {
512 for( i = 0; i < 16; i++) {
513 slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
516 if(newpwd->acct_ctrl & ACB_PWNOTREQ)
517 safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
519 safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
526 /* Add the account encoding and the last change time. */
527 slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
528 pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL));
530 #ifdef DEBUG_PASSWORD
531 DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|",
532 fd, new_entry_length, strlen(new_entry), new_entry));
535 if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
536 DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
537 Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
539 /* Remove the entry we just wrote. */
540 if(sys_ftruncate(fd, offpos) == -1) {
541 DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
542 Error was %s. Password file may be corrupt ! Please examine by hand !\n",
543 newpwd->smb_name, strerror(errno)));
556 /************************************************************************
557 Routine to search the smbpasswd file for an entry matching the username.
558 and then modify its password entry. We can't use the startsmbpwent()/
559 getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
560 in the actual file to decide how much room we have to write data.
561 override = False, normal
562 override = True, override XXXXXXXX'd out password or NO PASS
563 ************************************************************************/
565 static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
567 /* Static buffers we will return. */
568 static pstring user_name;
575 unsigned char *p = NULL;
576 size_t linebuf_len = 0;
579 char *pfile = lp_smb_passwd_file();
580 BOOL found_entry = False;
581 BOOL got_pass_last_set_time = False;
583 SMB_OFF_T pwd_seekpos = 0;
590 DEBUG(0, ("No SMB password file set\n"));
593 DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
595 fp = fopen(pfile, "r+");
598 DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
601 /* Set a buffer to do more efficient reads */
602 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
606 if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
607 DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
612 /* Make sure it is only rw by the owner */
615 /* We have a write lock on the file. */
617 * Scan the file, a line at a time and check if the name matches.
620 pwd_seekpos = sys_ftell(fp);
624 fgets(linebuf, sizeof(linebuf), fp);
626 pw_file_unlock(lockfd, &pw_file_lock_depth);
632 * Check if the string is terminated with a newline - if not
633 * then we must keep reading and discard until we get one.
635 linebuf_len = strlen(linebuf);
636 if (linebuf[linebuf_len - 1] != '\n') {
638 while (!ferror(fp) && !feof(fp)) {
645 linebuf[linebuf_len - 1] = '\0';
648 #ifdef DEBUG_PASSWORD
649 DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
652 if ((linebuf[0] == 0) && feof(fp)) {
653 DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
658 * The line we have should be of the form :-
660 * username:uid:[32hex bytes]:....other flags presently
665 * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
667 * if Windows NT compatible passwords are also present.
670 if (linebuf[0] == '#' || linebuf[0] == '\0') {
671 DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
675 p = (unsigned char *) strchr(linebuf, ':');
678 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
683 * As 256 is shorter than a pstring we don't need to check
684 * length here - if this ever changes....
686 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
687 user_name[PTR_DIFF(p, linebuf)] = '\0';
688 if (strequal(user_name, pwd->smb_name)) {
695 pw_file_unlock(lockfd, &pw_file_lock_depth);
700 DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
702 /* User name matches - get uid and password */
703 p++; /* Go past ':' */
706 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
707 pw_file_unlock(lockfd, &pw_file_lock_depth);
712 while (*p && isdigit(*p))
715 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
716 pw_file_unlock(lockfd, &pw_file_lock_depth);
722 * Now get the password value - this should be 32 hex digits
723 * which are the ascii representations of a 16 byte string.
724 * Get two at a time and put them into the password.
728 /* Record exact password position */
729 pwd_seekpos += PTR_DIFF(p, linebuf);
731 if (!override && (*p == '*' || *p == 'X')) {
732 /* Password deliberately invalid - end here. */
733 DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
734 pw_file_unlock(lockfd, &pw_file_lock_depth);
739 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
740 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
741 pw_file_unlock(lockfd,&pw_file_lock_depth);
747 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
748 pw_file_unlock(lockfd,&pw_file_lock_depth);
753 if (!override && (*p == '*' || *p == 'X')) {
754 pw_file_unlock(lockfd,&pw_file_lock_depth);
759 /* Now check if the NT compatible password is
761 p += 33; /* Move to the first character of the line after
762 the lanman password. */
763 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
764 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
765 pw_file_unlock(lockfd,&pw_file_lock_depth);
771 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
772 pw_file_unlock(lockfd,&pw_file_lock_depth);
778 * Now check if the account info and the password last
779 * change time is available.
781 p += 33; /* Move to the first character of the line after
785 * If both NT and lanman passwords are provided - reset password
789 if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
790 /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
791 pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
797 encode_bits[i++] = *p++;
798 while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
799 encode_bits[i++] = *p++;
801 encode_bits[i++] = ']';
802 encode_bits[i++] = '\0';
804 if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
806 * We are using a new format, space padded
807 * acct ctrl field. Encode the given acct ctrl
810 fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
813 * If using the old format and the ACB_DISABLED or
814 * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
815 * here as we have no space to encode the change.
817 if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
818 pwd->smb_passwd = NULL;
819 pwd->smb_nt_passwd = NULL;
823 /* Go past the ']' */
824 if(linebuf_len > PTR_DIFF(p, linebuf))
827 if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
830 /* We should be pointing at the LCT entry. */
831 if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
834 for(i = 0; i < 8; i++) {
835 if(p[i] == '\0' || !isxdigit(p[i]))
840 * p points at 8 characters of hex digits -
841 * read into a time_t as the seconds since
842 * 1970 that the password was last changed.
844 got_pass_last_set_time = True;
846 } /* *p && StrnCaseCmp() */
850 /* Entry is correctly formed. */
852 /* Create the 32 byte representation of the new p16 */
853 if(pwd->smb_passwd != NULL) {
854 for (i = 0; i < 16; i++) {
855 slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
858 if(pwd->acct_ctrl & ACB_PWNOTREQ)
859 fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
861 fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
864 /* Add on the NT md4 hash */
867 if (pwd->smb_nt_passwd != NULL) {
868 for (i = 0; i < 16; i++) {
869 slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
872 if(pwd->acct_ctrl & ACB_PWNOTREQ)
873 fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
875 fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
878 ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
880 /* Add on the account info bits and the time of last
883 pwd->pass_last_set_time = time(NULL);
885 if(got_pass_last_set_time) {
886 slprintf(&ascii_p16[strlen(ascii_p16)],
887 sizeof(ascii_p16)-(strlen(ascii_p16)+1),
889 encode_bits, (uint32)pwd->pass_last_set_time );
890 wr_len = strlen(ascii_p16);
893 #ifdef DEBUG_PASSWORD
894 DEBUG(100,("mod_smbfilepwd_entry: "));
895 dump_data(100, ascii_p16, wr_len);
898 if(wr_len > sizeof(linebuf)) {
899 DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
900 pw_file_unlock(lockfd,&pw_file_lock_depth);
906 * Do an atomic write into the file at the position defined by
910 /* The mod user write needs to be atomic - so get the fd from
911 the fp and do a raw write() call.
916 if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
917 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
918 pw_file_unlock(lockfd,&pw_file_lock_depth);
923 /* Sanity check - ensure the areas we are writing are framed by ':' */
924 if (read(fd, linebuf, wr_len+1) != wr_len+1) {
925 DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
926 pw_file_unlock(lockfd,&pw_file_lock_depth);
931 if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
932 DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
933 pw_file_unlock(lockfd,&pw_file_lock_depth);
938 if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
939 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
940 pw_file_unlock(lockfd,&pw_file_lock_depth);
945 if (write(fd, ascii_p16, wr_len) != wr_len) {
946 DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
947 pw_file_unlock(lockfd,&pw_file_lock_depth);
952 pw_file_unlock(lockfd,&pw_file_lock_depth);
958 * Stub functions - implemented in terms of others.
961 static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
963 return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override);
966 static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
968 return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd));
971 static struct sam_disp_info *getsmbfiledispnam(char *name)
973 return pdb_sam_to_dispinfo(getsam21pwnam(name));
976 static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
978 return pdb_sam_to_dispinfo(getsam21pwrid(rid));
981 static struct sam_disp_info *getsmbfiledispent(void *vp)
983 return pdb_sam_to_dispinfo(getsam21pwent(vp));
986 static struct passdb_ops file_ops = {
991 iterate_getsmbpwnam, /* In passdb.c */
992 iterate_getsmbpwuid, /* In passdb.c */
993 iterate_getsmbpwrid, /* In passdb.c */
995 add_smbfilepwd_entry,
996 mod_smbfilepwd_entry,
998 iterate_getsam21pwnam,
999 iterate_getsam21pwuid,
1000 iterate_getsam21pwrid,
1001 add_smbfile21pwd_entry,
1002 mod_smbfile21pwd_entry,
1008 struct passdb_ops *file_initialize_password_db(void)
1014 /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
1015 void smbpass_dummy_function(void) { } /* stop some compilers complaining */
1016 #endif /* USE_SMBPASS_DB */