#include "includes.h"
-extern int DEBUGLEVEL;
-
-static int gotalarm;
-static char s_readbuf[16 * 1024];
-
-/***************************************************************
- Signal function to tell us we timed out.
-****************************************************************/
-
-static void gotalarm_sig(void)
-{
- gotalarm = 1;
-}
-
-/***************************************************************
- Lock or unlock a fd for a known lock type. Abandon after waitsecs
- seconds.
-****************************************************************/
-
-static BOOL do_pw_lock(int fd, int waitsecs, int type)
-{
- struct flock lock;
- int ret;
-
- gotalarm = 0;
- signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
-
- lock.l_type = type;
- lock.l_whence = SEEK_SET;
- lock.l_start = 0;
- lock.l_len = 1;
- lock.l_pid = 0;
-
- alarm(5);
- ret = fcntl(fd, F_SETLKW, &lock);
- alarm(0);
- signal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
- if (gotalarm) {
- DEBUG(0, ("do_pw_lock: failed to %s SMB passwd file.\n",
- type == F_UNLCK ? "unlock" : "lock"));
- return False;
- }
-
- return (ret == 0);
-}
-
-static int pw_file_lock_depth;
-
-/***************************************************************
- Lock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
-{
- if (fd < 0)
- return False;
-
- (*plock_depth)++;
+#ifdef USE_SMBPASS_DB
- if(pw_file_lock_depth == 0) {
- if (!do_pw_lock(fd, secs, type)) {
- DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
- strerror(errno)));
- return False;
- }
- }
-
- return True;
-}
-
-/***************************************************************
- Unlock an fd. Abandon after waitsecs seconds.
-****************************************************************/
-
-static BOOL pw_file_unlock(int fd, int *plock_depth)
-{
- BOOL ret;
-
- if(*plock_depth == 1)
- ret = do_pw_lock(fd, 5, F_UNLCK);
-
- (*plock_depth)--;
+static int pw_file_lock_depth = 0;
+extern int DEBUGLEVEL;
- if(!ret)
- DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
- strerror(errno)));
- return ret;
-}
+static char s_readbuf[1024];
/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module.
+****************************************************************/
- do not call this function directly. use passdb.c instead.
-
- ****************************************************************/
-void *startsmbpwent(BOOL update)
+static void *startsmbfilepwent(BOOL update)
{
- FILE *fp = NULL;
- char *pfile = lp_smb_passwd_file();
-
- if (!*pfile) {
- DEBUG(0, ("startsmbpwent: No SMB password file set\n"));
- return (NULL);
- }
- DEBUG(10, ("startsmbpwent: opening file %s\n", pfile));
-
- fp = fopen(pfile, update ? "r+b" : "rb");
-
- if (fp == NULL) {
- DEBUG(0, ("startsmbpwent: unable to open file %s\n", pfile));
- return NULL;
- }
-
- /* Set a 16k buffer to do more efficient reads */
- setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf));
-
- if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth))
- {
- DEBUG(0, ("startsmbpwent: unable to lock file %s\n", pfile));
- fclose(fp);
- return NULL;
- }
-
- /* Make sure it is only rw by the owner */
- chmod(pfile, 0600);
-
- /* We have a lock on the file. */
- return (void *)fp;
+ return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
+ &pw_file_lock_depth, update);
}
/***************************************************************
End enumeration of the smbpasswd list.
****************************************************************/
-void endsmbpwent(void *vp)
+static void endsmbfilepwent(void *vp)
{
- FILE *fp = (FILE *)vp;
-
- pw_file_unlock(fileno(fp), &pw_file_lock_depth);
- fclose(fp);
- DEBUG(7, ("endsmbpwent: closed password file.\n"));
-}
-
-/*************************************************************************
- Routine to return the next entry in the smbpasswd list.
-
- do not call this function directly. use passdb.c instead.
-
- *************************************************************************/
-struct smb_passwd *getsmbpwent(void *vp)
-{
- /* Static buffers we will return. */
- static struct smb_passwd pw_buf;
- static pstring user_name;
- static unsigned char smbpwd[16];
- static unsigned char smbntpwd[16];
- FILE *fp = (FILE *)vp;
- char linebuf[256];
- unsigned char c;
- unsigned char *p;
- long uidval;
- long linebuf_len;
-
- if(fp == NULL) {
- DEBUG(0,("getsmbpwent: Bad password file pointer.\n"));
- return NULL;
- }
-
- pw_buf.acct_ctrl = ACB_NORMAL;
- pw_buf.pass_last_set_time = (time_t)-1;
-
- /*
- * Scan the file, a line at a time and check if the name matches.
- */
- while (!feof(fp)) {
- linebuf[0] = '\0';
-
- fgets(linebuf, 256, fp);
- if (ferror(fp)) {
- return NULL;
- }
-
- /*
- * Check if the string is terminated with a newline - if not
- * then we must keep reading and discard until we get one.
- */
- linebuf_len = strlen(linebuf);
- if (linebuf[linebuf_len - 1] != '\n') {
- c = '\0';
- while (!ferror(fp) && !feof(fp)) {
- c = fgetc(fp);
- if (c == '\n')
- break;
- }
- } else
- linebuf[linebuf_len - 1] = '\0';
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100, ("getsmbpwent: got line |%s|\n", linebuf));
-#endif
- if ((linebuf[0] == 0) && feof(fp)) {
- DEBUG(4, ("getsmbpwent: end of file reached\n"));
- break;
- }
- /*
- * The line we have should be of the form :-
- *
- * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
- * ignored....
- *
- * or,
- *
- * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
- *
- * if Windows NT compatible passwords are also present.
- * [Account type] is an ascii encoding of the type of account.
- * LCT-(8 hex digits) is the time_t value of the last change time.
- */
-
- if (linebuf[0] == '#' || linebuf[0] == '\0') {
- DEBUG(6, ("getsmbpwent: skipping comment or blank line\n"));
- continue;
- }
- p = (unsigned char *) strchr(linebuf, ':');
- if (p == NULL) {
- DEBUG(0, ("getsmbpwent: malformed password entry (no :)\n"));
- continue;
- }
- /*
- * As 256 is shorter than a pstring we don't need to check
- * length here - if this ever changes....
- */
- strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
- user_name[PTR_DIFF(p, linebuf)] = '\0';
-
- /* Get smb uid. */
-
- p++; /* Go past ':' */
- if (!isdigit(*p)) {
- DEBUG(0, ("getsmbpwent: malformed password entry (uid not number)\n"));
- continue;
- }
-
- uidval = atoi((char *) p);
-
- while (*p && isdigit(*p))
- p++;
-
- if (*p != ':') {
- DEBUG(0, ("getsmbpwent: malformed password entry (no : after uid)\n"));
- continue;
- }
-
- pw_buf.smb_name = user_name;
- pw_buf.smb_userid = uidval;
-
- /*
- * Now get the password value - this should be 32 hex digits
- * which are the ascii representations of a 16 byte string.
- * Get two at a time and put them into the password.
- */
-
- /* Skip the ':' */
- p++;
-
- if (*p == '*' || *p == 'X') {
- /* Password deliberately invalid - end here. */
- DEBUG(10, ("getsmbpwent: entry invalidated for user %s\n", user_name));
- pw_buf.smb_nt_passwd = NULL;
- pw_buf.smb_passwd = NULL;
- pw_buf.acct_ctrl |= ACB_DISABLED;
- return &pw_buf;
- }
-
- if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
- DEBUG(0, ("getsmbpwent: malformed password entry (passwd too short)\n"));
- continue;
- }
-
- if (p[32] != ':') {
- DEBUG(0, ("getsmbpwent: malformed password entry (no terminating :)\n"));
- continue;
- }
-
- if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
- pw_buf.smb_passwd = NULL;
- pw_buf.acct_ctrl |= ACB_PWNOTREQ;
- } else {
- if (!gethexpwd((char *)p, (char *)smbpwd)) {
- DEBUG(0, ("getsmbpwent: Malformed Lanman password entry (non hex chars)\n"));
- continue;
- }
- pw_buf.smb_passwd = smbpwd;
- }
-
- /*
- * Now check if the NT compatible password is
- * available.
- */
- pw_buf.smb_nt_passwd = NULL;
-
- p += 33; /* Move to the first character of the line after
- the lanman password. */
- if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
- if (*p != '*' && *p != 'X') {
- if(gethexpwd((char *)p,(char *)smbntpwd))
- pw_buf.smb_nt_passwd = smbntpwd;
- }
- p += 33; /* Move to the first character of the line after
- the NT password. */
- }
-
- DEBUG(5, ("getsmbpwent: returning passwd entry for user %s, uid %d\n",
- user_name, uidval));
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p == '[') {
- BOOL finished = False;
-
- pw_buf.acct_ctrl = 0;
-
- for(p++;*p && !finished; p++) {
- switch (*p) {
-#if 0
- /*
- * Hmmm. Don't allow these to be set/read independently
- * of the actual password fields. We don't want a mismatch.
- * JRA.
- */
- case 'N':
- /* 'N'o password. */
- pw_buf.acct_ctrl |= ACB_PWNOTREQ;
- break;
- case 'D':
- /* 'D'isabled. */
- pw_buf.acct_ctrl |= ACB_DISABLED;
- break;
-#endif
- case 'H':
- /* 'H'omedir required. */
- pw_buf.acct_ctrl |= ACB_HOMDIRREQ;
- break;
- case 'T':
- /* 'T'emp account. */
- pw_buf.acct_ctrl |= ACB_TEMPDUP;
- break;
- case 'U':
- /* 'U'ser account (normal). */
- pw_buf.acct_ctrl |= ACB_NORMAL;
- break;
- case 'M':
- /* 'M'NS logon user account. What is this ? */
- pw_buf.acct_ctrl |= ACB_MNS;
- break;
- case 'W':
- /* 'W'orkstation account. */
- pw_buf.acct_ctrl |= ACB_WSTRUST;
- break;
- case 'S':
- /* 'S'erver account. */
- pw_buf.acct_ctrl |= ACB_SVRTRUST;
- break;
- case 'L':
- /* 'L'ocked account. */
- pw_buf.acct_ctrl |= ACB_AUTOLOCK;
- break;
- case 'X':
- /* No 'X'piry. */
- pw_buf.acct_ctrl |= ACB_PWNOEXP;
- break;
- case 'I':
- /* 'I'nterdomain trust account. */
- pw_buf.acct_ctrl |= ACB_DOMTRUST;
- break;
-
- case ':':
- case '\n':
- case '\0':
- case ']':
- default:
- finished = True;
- }
- }
-
- /* Must have some account type set. */
- if(pw_buf.acct_ctrl == 0)
- pw_buf.acct_ctrl = ACB_NORMAL;
-
- /* Now try and get the last change time. */
- if(*p == ']')
- p++;
- if(*p == ':') {
- p++;
- if(*p && StrnCaseCmp( p, "LCT-", 4)) {
- int i;
- p += 4;
- for(i = 0; i < 8; i++) {
- if(p[i] == '\0' || !isxdigit(p[i]))
- break;
- }
- if(i == 8) {
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
- pw_buf.pass_last_set_time = (time_t)strtol(p, NULL, 16);
- }
- }
- }
- } else {
- /* 'Old' style file. Fake up based on user name. */
- /*
- * Currently machine accounts are kept in the same
- * password file as 'normal accounts'. If this changes
- * we will have to fix this code. JRA.
- */
- if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
- pw_buf.acct_ctrl &= ~ACB_NORMAL;
- pw_buf.acct_ctrl |= ACB_WSTRUST;
- }
- }
-
- return &pw_buf;
- }
-
- DEBUG(5,("getsmbpwent: end of file reached.\n"));
- return NULL;
+ endfilepwent(vp, &pw_file_lock_depth);
}
/*************************************************************************
- Return the current position in the smbpasswd list as an unsigned long.
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-
*************************************************************************/
-unsigned long getsmbpwpos(void *vp)
-{
- return (unsigned long)ftell((FILE *)vp);
-}
-
-/*************************************************************************
- Set the current position in the smbpasswd list from unsigned long.
- This must be treated as an opaque token.
-
- do not call this function directly. use passdb.c instead.
-*************************************************************************/
-BOOL setsmbpwpos(void *vp, unsigned long tok)
+static SMB_BIG_UINT getsmbfilepwpos(void *vp)
{
- return !fseek((FILE *)vp, tok, SEEK_SET);
+ return getfilepwpos(vp);
}
/*************************************************************************
- Routine to search the smbpasswd file for an entry matching the username
- or user id. if the name is NULL, then the smb_uid is used instead.
- *************************************************************************/
-static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
-{
- struct smb_passwd *pwd = NULL;
- FILE *fp = NULL;
-
- if (name != NULL) {
- DEBUG(10, ("get_smbpwd_entry: search by name: %s\n", name));
- } else {
- DEBUG(10, ("get_smbpwd_entry: search by smb_userid: %x\n", smb_userid));
- }
-
- /* Open the smbpassword file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL) {
- DEBUG(0, ("get_smbpwd_entry: unable to open password file.\n"));
- return NULL;
- }
-
- /*
- * Scan the file, a line at a time and check if the name
- * or uid matches.
- */
-
- while ((pwd = getsmbpwent(fp)) != NULL) {
- if (name != NULL) {
- /* Search is by user name */
- if (!strequal(pwd->smb_name, name))
- continue;
- DEBUG(10, ("get_smbpwd_entry: found by name: %s\n", name));
- break;
- } else {
- /* Search is by user id */
- if (pwd->smb_userid != smb_userid)
- continue;
- DEBUG(10, ("get_smbpwd_entry: found by smb_userid: %x\n", smb_userid));
- break;
- }
- }
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Routine to search smb passwd by name.
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
*************************************************************************/
-struct smb_passwd *getsmbpwnam(char *name)
+static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
{
- return get_smbpwd_entry(name, 0);
+ return setfilepwpos(vp, tok);
}
+/*************************************************************************
+ Routine to return the next entry in the smbpasswd list.
-/************************************************************************
- Routine to search smb passwd by uid.
-*************************************************************************/
-
-struct smb_passwd *getsmbpwuid(unsigned int uid)
+ this function is non-static as it is called (exclusively and only)
+ from getsamfile21pwent().
+ *************************************************************************/
+struct smb_passwd *getsmbfilepwent(void *vp)
{
- return get_smbpwd_entry(NULL, uid);
+ /* Static buffers we will return. */
+ static struct smb_passwd pw_buf;
+ static pstring unix_name;
+ static unsigned char smbpwd[16];
+ static unsigned char smbntpwd[16];
+ char linebuf[256];
+ char *p;
+ int uidval;
+ size_t linebuf_len;
+
+ if (vp == NULL)
+ {
+ DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
+ return NULL;
+ }
+
+ pwdb_init_smb(&pw_buf);
+
+ pw_buf.acct_ctrl = ACB_NORMAL;
+
+ /*
+ * Scan the file, a line at a time.
+ */
+ while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0)
+ {
+ /*
+ * The line we have should be of the form :-
+ *
+ * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
+ * ignored....
+ *
+ * or,
+ *
+ * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
+ *
+ * if Windows NT compatible passwords are also present.
+ * [Account type] is an ascii encoding of the type of account.
+ * LCT-(8 hex digits) is the time_t value of the last change time.
+ */
+
+ /*
+ * As 256 is shorter than a pstring we don't need to check
+ * length here - if this ever changes....
+ */
+ p = strncpyn(unix_name, linebuf, sizeof(unix_name), ':');
+
+ /* Go past ':' */
+ p++;
+
+ /* Get smb uid. */
+
+ p = Atoic( p, &uidval, ":");
+
+ pw_buf.unix_name = unix_name;
+ pw_buf.unix_uid = uidval;
+
+ /*
+ * Now get the password value - this should be 32 hex digits
+ * which are the ascii representations of a 16 byte string.
+ * Get two at a time and put them into the password.
+ */
+
+ /* Skip the ':' */
+ p++;
+
+ if (*p == '*' || *p == 'X')
+ {
+ /* Password deliberately invalid - end here. */
+ DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
+ pw_buf.smb_nt_passwd = NULL;
+ pw_buf.smb_passwd = NULL;
+ pw_buf.acct_ctrl |= ACB_DISABLED;
+ return &pw_buf;
+ }
+
+ if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
+ {
+ DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
+ continue;
+ }
+
+ if (p[32] != ':')
+ {
+ DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
+ continue;
+ }
+
+ if (!strncasecmp( p, "NO PASSWORD", 11))
+ {
+ pw_buf.smb_passwd = NULL;
+ pw_buf.acct_ctrl |= ACB_PWNOTREQ;
+ }
+ else
+ {
+ if (!pwdb_gethexpwd(p, (char *)smbpwd))
+ {
+ DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
+ continue;
+ }
+ pw_buf.smb_passwd = smbpwd;
+ }
+
+ /*
+ * Now check if the NT compatible password is
+ * available.
+ */
+ pw_buf.smb_nt_passwd = NULL;
+
+ /* Move to the first character of the line after the lanman password. */
+ p += 33;
+ if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':'))
+ {
+ if (*p != '*' && *p != 'X')
+ {
+ if(pwdb_gethexpwd(p,(char *)smbntpwd))
+ {
+ pw_buf.smb_nt_passwd = smbntpwd;
+ }
+ }
+ /* Move to the first character of the line after the NT password. */
+ p += 33;
+ }
+
+ DEBUG(5,("getsmbfilepwent: returning passwd entry for unix user %s, unix uid %d\n",
+ unix_name, uidval));
+
+ if (*p == '[')
+ {
+ pw_buf.acct_ctrl = pwdb_decode_acct_ctrl((char*)p);
+
+ /* Must have some account type set. */
+ if (pw_buf.acct_ctrl == 0)
+ {
+ pw_buf.acct_ctrl = ACB_NORMAL;
+ }
+
+ /* Now try and get the last change time. */
+ while (*p != ']' && *p != ':')
+ {
+ p++;
+ }
+ if (*p == ']')
+ {
+ p++;
+ }
+ if (*p == ':')
+ {
+ p++;
+ pw_buf.pass_last_set_time = pwdb_get_last_set_time(p);
+ }
+ }
+ else
+ {
+ /* 'Old' style file. Fake up based on user name. */
+ /*
+ * Currently trust accounts are kept in the same
+ * password file as 'normal accounts'. If this changes
+ * we will have to fix this code. JRA.
+ */
+ if (pw_buf.unix_name[strlen(pw_buf.unix_name) - 1] == '$')
+ {
+ pw_buf.acct_ctrl &= ~ACB_NORMAL;
+ pw_buf.acct_ctrl |= ACB_WSTRUST;
+ }
+ }
+
+ return &pw_buf;
+ }
+
+ DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
+ return NULL;
}
-
-/**********************************************************
- Encode the account control bits into a string.
-**********************************************************/
-
-char *encode_acct_ctrl(uint16 acct_ctrl)
-{
- static fstring acct_str;
- char *p = acct_str;
-
- *p++ = '[';
-
- if (acct_ctrl & ACB_HOMDIRREQ) *p++ = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) *p++ = 'T';
- if (acct_ctrl & ACB_NORMAL ) *p++ = 'U';
- if (acct_ctrl & ACB_MNS ) *p++ = 'M';
- if (acct_ctrl & ACB_WSTRUST ) *p++ = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) *p++ = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) *p++ = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) *p++ = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) *p++ = 'I';
-
- *p++ = ']';
- *p = '\0';
- return acct_str;
-}
-
/************************************************************************
Routine to add an entry to the smbpasswd file.
-
- do not call this function directly. use passdb.c instead.
-
*************************************************************************/
-BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
+static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
{
char *pfile = lp_smb_passwd_file();
struct smb_passwd *pwd = NULL;
int fd;
int new_entry_length;
char *new_entry;
- long offpos;
- unsigned char *p;
+ SMB_OFF_T offpos;
+ char *p;
/* Open the smbpassword file - for update. */
- fp = startsmbpwent(True);
+ fp = startsmbfilepwent(True);
if (fp == NULL) {
- DEBUG(0, ("add_smbpwd_entry: unable to open file.\n"));
+ DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
return False;
}
* Scan the file, a line at a time and check if the name matches.
*/
- while ((pwd = getsmbpwent(fp)) != NULL) {
- if (strequal(newpwd->smb_name, pwd->smb_name)) {
- DEBUG(0, ("add_smbpwd_entry: entry with name %s already exists\n", pwd->smb_name));
- endsmbpwent(fp);
+ while ((pwd = getsmbfilepwent(fp)) != NULL) {
+ if (strequal(newpwd->unix_name, pwd->unix_name)) {
+ DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name));
+ endsmbfilepwent(fp);
return False;
}
}
*/
fd = fileno(fp);
- if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
- DEBUG(0, ("add_smbpwd_entry(lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbpwent(fp);
+ if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
+ DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
+ endsmbfilepwent(fp);
return False;
}
- new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + 5 + 1 + 13 + 2;
+ new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
- DEBUG(0, ("add_smbpwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbpwent(fp);
+ DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
+ endsmbfilepwent(fp);
return False;
}
- sprintf(new_entry, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
- p = (unsigned char *)&new_entry[strlen(new_entry)];
+ slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid);
+ p = &new_entry[strlen(new_entry)];
if(newpwd->smb_passwd != NULL) {
for( i = 0; i < 16; i++) {
- sprintf((char *)&p[i*2], "%02X", newpwd->smb_passwd[i]);
+ slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
}
} else {
i=0;
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
else
- sprintf(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
}
p += 32;
if(newpwd->smb_nt_passwd != NULL) {
for( i = 0; i < 16; i++) {
- sprintf((char *)&p[i*2], "%02X", newpwd->smb_nt_passwd[i]);
+ slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
}
} else {
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
else
- sprintf(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
}
p += 32;
*p++ = ':';
/* Add the account encoding and the last change time. */
- sprintf((char *)p, "%s:LCT-%08X:\n", encode_acct_ctrl(newpwd->acct_ctrl),
- (uint32)time(NULL));
+ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
+ pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL));
#ifdef DEBUG_PASSWORD
- DEBUG(100, ("add_smbpwd_entry(%d): new_entry_len %d entry_len %d made line |%s|",
+ DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|",
fd, new_entry_length, strlen(new_entry), new_entry));
#endif
if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
- DEBUG(0, ("add_smbpwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
+ DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
+Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno)));
/* Remove the entry we just wrote. */
- if(ftruncate(fd, offpos) == -1) {
- DEBUG(0, ("add_smbpwd_entry: ERROR failed to ftruncate file %s. \
+ if(sys_ftruncate(fd, offpos) == -1) {
+ DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
- newpwd->smb_name, strerror(errno)));
+ newpwd->unix_name, strerror(errno)));
}
- endsmbpwent(fp);
+ endsmbfilepwent(fp);
+ free(new_entry);
return False;
}
- endsmbpwent(fp);
+ free(new_entry);
+ endsmbfilepwent(fp);
return True;
}
in the actual file to decide how much room we have to write data.
override = False, normal
override = True, override XXXXXXXX'd out password or NO PASS
-
- do not call this function directly. use passdb.c instead.
-
************************************************************************/
-BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
+static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
- static pstring user_name;
+ static pstring unix_name;
char linebuf[256];
- char readbuf[16 * 1024];
+ char readbuf[1024];
unsigned char c;
fstring ascii_p16;
fstring encode_bits;
unsigned char *p = NULL;
- long linebuf_len = 0;
+ size_t linebuf_len = 0;
FILE *fp;
int lockfd;
char *pfile = lp_smb_passwd_file();
BOOL found_entry = False;
BOOL got_pass_last_set_time = False;
- long pwd_seekpos = 0;
+ SMB_OFF_T pwd_seekpos = 0;
int i;
int wr_len;
DEBUG(0, ("No SMB password file set\n"));
return False;
}
- DEBUG(10, ("mod_smbpwd_entry: opening file %s\n", pfile));
+ DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
- fp = fopen(pfile, "r+");
+ fp = sys_fopen(pfile, "r+");
if (fp == NULL) {
- DEBUG(0, ("mod_smbpwd_entry: unable to open file %s\n", pfile));
+ DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
return False;
}
- /* Set a 16k buffer to do more efficient reads */
+ /* Set a buffer to do more efficient reads */
setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
lockfd = fileno(fp);
- if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
- DEBUG(0, ("mod_smbpwd_entry: unable to lock file %s\n", pfile));
+ if (!file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
+ DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
fclose(fp);
return False;
}
* Scan the file, a line at a time and check if the name matches.
*/
while (!feof(fp)) {
- pwd_seekpos = ftell(fp);
+ pwd_seekpos = sys_ftell(fp);
linebuf[0] = '\0';
fgets(linebuf, sizeof(linebuf), fp);
if (ferror(fp)) {
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
}
}
#ifdef DEBUG_PASSWORD
- DEBUG(100, ("mod_smbpwd_entry: got line |%s|\n", linebuf));
+ DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
#endif
if ((linebuf[0] == 0) && feof(fp)) {
- DEBUG(4, ("mod_smbpwd_entry: end of file reached\n"));
+ DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
break;
}
*
* or,
*
- * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
+ * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
*
* if Windows NT compatible passwords are also present.
*/
if (linebuf[0] == '#' || linebuf[0] == '\0') {
- DEBUG(6, ("mod_smbpwd_entry: skipping comment or blank line\n"));
+ DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
continue;
}
p = (unsigned char *) strchr(linebuf, ':');
if (p == NULL) {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (no :)\n"));
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
continue;
}
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
- user_name[PTR_DIFF(p, linebuf)] = '\0';
- if (strequal(user_name, pwd->smb_name)) {
+ strncpy(unix_name, linebuf, PTR_DIFF(p, linebuf));
+ unix_name[PTR_DIFF(p, linebuf)] = '\0';
+ if (strequal(unix_name, pwd->unix_name)) {
found_entry = True;
break;
}
}
- if (!found_entry) return False;
+ if (!found_entry) {
+ file_unlock(lockfd, &pw_file_lock_depth);
+ fclose(fp);
+ return False;
+ }
- DEBUG(6, ("mod_smbpwd_entry: entry exists\n"));
+ DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
/* User name matches - get uid and password */
p++; /* Go past ':' */
if (!isdigit(*p)) {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (uid not number)\n"));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
+ file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
}
while (*p && isdigit(*p))
p++;
if (*p != ':') {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (no : after uid)\n"));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
+ file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
}
if (!override && (*p == '*' || *p == 'X')) {
/* Password deliberately invalid - end here. */
- DEBUG(10, ("mod_smbpwd_entry: entry invalidated for user %s\n", user_name));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for unix user %s\n", unix_name));
+ file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
}
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (passwd too short)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
return (False);
}
if (p[32] != ':') {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (no terminating :)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
return False;
}
if (!override && (*p == '*' || *p == 'X')) {
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
return False;
}
p += 33; /* Move to the first character of the line after
the lanman password. */
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (passwd too short)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
return (False);
}
if (p[32] != ':') {
- DEBUG(0, ("mod_smbpwd_entry: malformed password entry (no terminating :)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
return False;
}
p += 33; /* Move to the first character of the line after
the NT password. */
+ /*
+ * If both NT and lanman passwords are provided - reset password
+ * not required flag.
+ */
+
+ if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
+ /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
+ pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
+ }
+
if (*p == '[') {
i = 0;
- p++;
+ encode_bits[i++] = *p++;
while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
encode_bits[i++] = *p++;
- encode_bits[i] = '\0';
+ encode_bits[i++] = ']';
+ encode_bits[i++] = '\0';
+
+ if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
+ /*
+ * We are using a new format, space padded
+ * acct ctrl field. Encode the given acct ctrl
+ * bits into it.
+ */
+ fstrcpy(encode_bits, pwdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+ } else {
+ /*
+ * If using the old format and the ACB_DISABLED or
+ * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
+ * here as we have no space to encode the change.
+ */
+ if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
+ pwd->smb_passwd = NULL;
+ pwd->smb_nt_passwd = NULL;
+ }
+ }
/* Go past the ']' */
if(linebuf_len > PTR_DIFF(p, linebuf))
if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
p++;
- /* We should be pointing at the TLC entry. */
- if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && StrnCaseCmp( p, "LCT-", 4)) {
+ /* We should be pointing at the LCT entry. */
+ if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
p += 4;
for(i = 0; i < 8; i++) {
/* Entry is correctly formed. */
- /*
- * Do an atomic write into the file at the position defined by
- * seekpos.
- */
-
- /* The mod user write needs to be atomic - so get the fd from
- the fp and do a raw write() call.
- */
-
- fd = fileno(fp);
-
- if (lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
- DEBUG(0, ("mod_smbpwd_entry: seek fail on file %s.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
- fclose(fp);
- return False;
- }
-
- /* Sanity check - ensure the character is a ':' */
- if (read(fd, &c, 1) != 1) {
- DEBUG(0, ("mod_smbpwd_entry: read fail on file %s.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
- fclose(fp);
- return False;
- }
-
- if (c != ':') {
- DEBUG(0, ("mod_smbpwd_entry: check on passwd file %s failed.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
- fclose(fp);
- return False;
- }
-
/* Create the 32 byte representation of the new p16 */
if(pwd->smb_passwd != NULL) {
for (i = 0; i < 16; i++) {
- sprintf(&ascii_p16[i*2], "%02X", (uchar) pwd->smb_passwd[i]);
+ slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
}
} else {
if(pwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
- sprintf(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
/* Add on the NT md4 hash */
ascii_p16[32] = ':';
- wr_len = 65;
+ wr_len = 66;
if (pwd->smb_nt_passwd != NULL) {
for (i = 0; i < 16; i++) {
- sprintf(&ascii_p16[(i*2)+33], "%02X", (uchar) pwd->smb_nt_passwd[i]);
+ slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
}
} else {
if(pwd->acct_ctrl & ACB_PWNOTREQ)
- sprintf(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
else
- sprintf(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
}
+ ascii_p16[65] = ':';
+ ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
/* Add on the account info bits and the time of last
password change. */
pwd->pass_last_set_time = time(NULL);
if(got_pass_last_set_time) {
- sprintf(&ascii_p16[strlen(ascii_p16)], ":[%s]:TLC-%08X:",
+ slprintf(&ascii_p16[strlen(ascii_p16)],
+ sizeof(ascii_p16)-(strlen(ascii_p16)+1),
+ "%s:LCT-%08X:",
encode_bits, (uint32)pwd->pass_last_set_time );
wr_len = strlen(ascii_p16);
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("mod_smbpwd_entry: "));
+ DEBUG(100,("mod_smbfilepwd_entry: "));
dump_data(100, ascii_p16, wr_len);
#endif
- if (write(fd, ascii_p16, wr_len) != wr_len) {
- DEBUG(0, ("mod_smbpwd_entry: write failed in passwd file %s\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ if(wr_len > sizeof(linebuf)) {
+ DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
+ file_unlock(lockfd,&pw_file_lock_depth);
fclose(fp);
- return False;
- }
-
- pw_file_unlock(lockfd,&pw_file_lock_depth);
- fclose(fp);
- return True;
-}
-
-static int mach_passwd_lock_depth;
-static FILE *mach_passwd_fp;
-
-/************************************************************************
- Routine to get the name for a machine account file.
-************************************************************************/
-
-static void get_machine_account_file_name( char *domain, char *name, char *mac_file)
-{
- unsigned int mac_file_len;
- char *p;
-
- pstrcpy(mac_file, lp_smb_passwd_file());
- p = strrchr(mac_file, '/');
- if(p != NULL)
- *++p = '\0';
-
- mac_file_len = strlen(mac_file);
-
- if (sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6 < 0)
- {
- DEBUG(0,("machine_password_lock: path %s too long to add machine details.\n",
- mac_file));
- return;
- }
-
- strcat(mac_file, domain);
- strcat(mac_file, ".");
- strcat(mac_file, name);
- strcat(mac_file, ".mac");
-}
-
-/************************************************************************
- Routine to lock the machine account password file for a domain.
-************************************************************************/
-
-BOOL machine_password_lock( char *domain, char *name, BOOL update)
-{
- pstring mac_file;
-
- if(mach_passwd_lock_depth == 0) {
-
- get_machine_account_file_name( domain, name, mac_file);
-
- if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
- if(errno == ENOENT && update) {
- mach_passwd_fp = fopen(mac_file, "w+b");
- }
-
- if(mach_passwd_fp == NULL) {
- DEBUG(0,("machine_password_lock: cannot open file %s - Error was %s.\n",
- mac_file, strerror(errno) ));
- return False;
- }
- }
-
- chmod(mac_file, 0600);
-
- if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
- 60, &mach_passwd_lock_depth))
- {
- DEBUG(0,("machine_password_lock: cannot lock file %s\n", mac_file));
- fclose(mach_passwd_fp);
- return False;
- }
-
+ return (False);
}
- return True;
-}
-
-/************************************************************************
- Routine to unlock the machine account password file for a domain.
-************************************************************************/
-
-BOOL machine_password_unlock(void)
-{
- BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
- if(mach_passwd_lock_depth == 0)
- fclose(mach_passwd_fp);
- return ret;
-}
-
-/************************************************************************
- Routine to delete the machine account password file for a domain.
-************************************************************************/
-
-BOOL machine_password_delete( char *domain, char *name )
-{
- pstring mac_file;
-
- get_machine_account_file_name( domain, name, mac_file);
- return (unlink( mac_file ) == 0);
-}
-
-/************************************************************************
- Routine to get the machine account password for a domain.
- The user of this function must have locked the machine password file.
-************************************************************************/
-
-BOOL get_machine_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
-{
- char linebuf[256];
- char *p;
- int i;
+ /*
+ * Do an atomic write into the file at the position defined by
+ * seekpos.
+ */
- linebuf[0] = '\0';
+ /* The mod user write needs to be atomic - so get the fd from
+ the fp and do a raw write() call.
+ */
- *pass_last_set_time = (time_t)0;
- memset(ret_pwd, '\0', 16);
+ fd = fileno(fp);
- if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("get_machine_account_password: Failed to seek to start of file. Error was %s.\n",
- strerror(errno) ));
+ if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
+ DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
return False;
- }
+ }
- fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
- if(ferror(mach_passwd_fp)) {
- DEBUG(0,("get_machine_account_password: Failed to read password. Error was %s.\n",
- strerror(errno) ));
+ /* Sanity check - ensure the areas we are writing are framed by ':' */
+ if (read(fd, linebuf, wr_len+1) != wr_len+1) {
+ DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
return False;
}
- /*
- * The length of the line read
- * must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678
- */
-
- if(strlen(linebuf) != 45) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (wrong length).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
-#endif
+ if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
+ DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
return False;
}
-
- /*
- * Get the hex password.
- */
-
- if (!gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
- strncmp(&linebuf[33], "TLC-", 4)) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (incorrect format).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
-#endif
+
+ if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
+ DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
return False;
}
- /*
- * Get the last changed time.
- */
- p = &linebuf[37];
-
- for(i = 0; i < 8; i++) {
- if(p[i] == '\0' || !isxdigit(p[i])) {
- DEBUG(0,("get_machine_account_password: Malformed machine password file (no timestamp).\n"));
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("get_machine_account_password: line = |%s|\n", linebuf));
-#endif
- return False;
- }
+ if (write(fd, ascii_p16, wr_len) != wr_len) {
+ DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
+ return False;
}
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
-
- *pass_last_set_time = (time_t)strtol(p, NULL, 16);
-
+ file_unlock(lockfd,&pw_file_lock_depth);
+ fclose(fp);
return True;
}
-/************************************************************************
- Routine to get the machine account password for a domain.
- The user of this function must have locked the machine password file.
-************************************************************************/
-
-BOOL set_machine_account_password( unsigned char *md4_new_pwd)
-{
- char linebuf[64];
- int i;
-
- if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
- DEBUG(0,("set_machine_account_password: Failed to seek to start of file. Error was %s.\n",
- strerror(errno) ));
- return False;
- }
-
- for (i = 0; i < 16; i++)
- sprintf(&linebuf[(i*2)], "%02X", md4_new_pwd[i]);
-
- sprintf(&linebuf[32], ":TLC-%08X\n", (unsigned)time(NULL));
-
- if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
- DEBUG(0,("set_machine_account_password: Failed to write file. Warning - the machine \
-machine account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
- return False;
- }
-
- fflush(mach_passwd_fp);
- return True;
+static struct smb_passdb_ops file_ops = {
+ startsmbfilepwent,
+ endsmbfilepwent,
+ getsmbfilepwpos,
+ setsmbfilepwpos,
+ iterate_getsmbpwnam, /* In passdb.c */
+ iterate_getsmbpwuid, /* In passdb.c */
+ getsmbfilepwent,
+ add_smbfilepwd_entry,
+ mod_smbfilepwd_entry
+};
+
+struct smb_passdb_ops *file_initialise_password_db(void)
+{
+ return &file_ops;
}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void smbpass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
git.samba.org / samba.git / blobdiff