From 39f3c0c25a289b0b255e104a0a0aaade557c84f4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 18 May 1998 12:27:04 +0000 Subject: [PATCH] - renamed some of the passdb.c functions: they have a prefix pdb_ on them - split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a) --- source3/lsarpcd/srv_lsa.c | 2 +- source3/passdb/passdb.c | 6 +- source3/passdb/smbpass.c | 306 +------------------------------ source3/passdb/smbpassfile.c | 307 ++++++++++++++++++++++++++++++++ source3/rpc_server/srv_lsa.c | 2 +- source3/rpc_server/srv_netlog.c | 2 +- source3/rpc_server/srv_util.c | 2 +- 7 files changed, 323 insertions(+), 304 deletions(-) create mode 100644 source3/passdb/smbpassfile.c diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 930b6077707..ff4b6bf4b63 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -372,7 +372,7 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, for (i = 0; i < q_l.num_entries; i++) { char *user_name = unistr2(q_l.lookup_name[i].str.buffer); - if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 9df88bf6d3f..411b76d006e 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -532,7 +532,7 @@ time_t pdb_get_last_set_time(char *p) /******************************************************************* sets password-database-format time in a string. ********************************************************************/ -static set_time_in_string(char *p, int max_len, char *type, time_t t) +static void set_time_in_string(char *p, int max_len, char *type, time_t t) { slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); } @@ -679,11 +679,11 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) { /* turn the unix UID into a Domain RID. this is what the posix sub-system does (adds 1000 to the uid) */ - *u_rid = uid_to_user_rid(pw->pw_uid); + *u_rid = pdb_uid_to_user_rid(pw->pw_uid); } /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - *g_rid = gid_to_group_rid(pw->pw_gid); + *g_rid = pdb_gid_to_group_rid(pw->pw_gid); return True; } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index faaf9c5ccb1..a712092439e 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -19,98 +19,14 @@ #include "includes.h" +#ifdef USE_SMBPASS_DB + extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; -static int gotalarm; static char s_readbuf[16 * 1024]; -/*************************************************************** - Signal function to tell us we timed out. -****************************************************************/ - -static void gotalarm_sig(void) -{ - gotalarm = 1; -} - -/*************************************************************** - Lock or unlock a fd for a known lock type. Abandon after waitsecs - seconds. -****************************************************************/ - -BOOL do_file_lock(int fd, int waitsecs, int type) -{ - struct flock lock; - int ret; - - gotalarm = 0; - signal(SIGALRM, SIGNAL_CAST gotalarm_sig); - - lock.l_type = type; - lock.l_whence = SEEK_SET; - lock.l_start = 0; - lock.l_len = 1; - lock.l_pid = 0; - - alarm(5); - ret = fcntl(fd, F_SETLKW, &lock); - alarm(0); - signal(SIGALRM, SIGNAL_CAST SIG_DFL); - - if (gotalarm) { - DEBUG(0, ("do_file_lock: failed to %s file.\n", - type == F_UNLCK ? "unlock" : "lock")); - return False; - } - - return (ret == 0); -} - -static int pw_file_lock_depth; - -/*************************************************************** - Lock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) -{ - if (fd < 0) - return False; - - (*plock_depth)++; - - if(pw_file_lock_depth == 0) { - if (!do_file_lock(fd, secs, type)) { - DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", - strerror(errno))); - return False; - } - } - - return True; -} - -/*************************************************************** - Unlock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -static BOOL pw_file_unlock(int fd, int *plock_depth) -{ - BOOL ret=True; - - if(*plock_depth == 1) - ret = do_file_lock(fd, 5, F_UNLCK); - - (*plock_depth)--; - - if(!ret) - DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", - strerror(errno))); - return ret; -} - /*************************************************************** Start to enumerate the smbpasswd list. Returns a void pointer to ensure no modification outside this module. @@ -207,8 +123,8 @@ struct sam_passwd *getsmb21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = uid_to_user_rid (user.smb_userid); - user.group_rid = gid_to_group_rid(user.smb_grpid ); + user.user_rid = pdb_uid_to_user_rid (user.smb_userid); + user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); pstrcpy(full_name , pwfile->pw_gecos ); pstrcpy(logon_script , lp_logon_script ()); @@ -445,7 +361,7 @@ struct smb_passwd *getsmbpwent(void *vp) if (*p == '[') { - pw_buf.acct_ctrl = decode_acct_ctrl(p); + pw_buf.acct_ctrl = pdb_decode_acct_ctrl(p); /* Must have some account type set. */ if(pw_buf.acct_ctrl == 0) @@ -630,7 +546,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - encode_acct_ctrl(newpwd->acct_ctrl), + pdb_encode_acct_ctrl(newpwd->acct_ctrl), (uint32)time(NULL)); #ifdef DEBUG_PASSWORD @@ -1025,210 +941,6 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) fclose(fp); return True; } - -static int mach_passwd_lock_depth; -static FILE *mach_passwd_fp; - -/************************************************************************ - Routine to get the name for a trust account file. -************************************************************************/ - -static void get_trust_account_file_name( char *domain, char *name, char *mac_file) -{ - unsigned int mac_file_len; - char *p; - - pstrcpy(mac_file, lp_smb_passwd_file()); - p = strrchr(mac_file, '/'); - if(p != NULL) - *++p = '\0'; - - mac_file_len = strlen(mac_file); - - if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0) - { - DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n", - mac_file)); - return; - } - - pstrcat(mac_file, domain); - pstrcat(mac_file, "."); - pstrcat(mac_file, name); - pstrcat(mac_file, ".mac"); -} - -/************************************************************************ - Routine to lock the trust account password file for a domain. -************************************************************************/ - -BOOL trust_password_lock( char *domain, char *name, BOOL update) -{ - pstring mac_file; - - if(mach_passwd_lock_depth == 0) { - - get_trust_account_file_name( domain, name, mac_file); - - if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) { - if(errno == ENOENT && update) { - mach_passwd_fp = fopen(mac_file, "w+b"); - } - - if(mach_passwd_fp == NULL) { - DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n", - mac_file, strerror(errno) )); - return False; - } - } - - chmod(mac_file, 0600); - - if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), - 60, &mach_passwd_lock_depth)) - { - DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file)); - fclose(mach_passwd_fp); - return False; - } - - } - - return True; -} - -/************************************************************************ - Routine to unlock the trust account password file for a domain. -************************************************************************/ - -BOOL trust_password_unlock(void) -{ - BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); - if(mach_passwd_lock_depth == 0) - fclose(mach_passwd_fp); - return ret; -} - -/************************************************************************ - Routine to delete the trust account password file for a domain. -************************************************************************/ - -BOOL trust_password_delete( char *domain, char *name ) -{ - pstring mac_file; - - get_trust_account_file_name( domain, name, mac_file); - return (unlink( mac_file ) == 0); -} - -/************************************************************************ - Routine to get the trust account password for a domain. - The user of this function must have locked the trust password file. -************************************************************************/ - -BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time) -{ - char linebuf[256]; - char *p; - int i; - - linebuf[0] = '\0'; - - *pass_last_set_time = (time_t)0; - memset(ret_pwd, '\0', 16); - - if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) { - DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n", - strerror(errno) )); - return False; - } - - fgets(linebuf, sizeof(linebuf), mach_passwd_fp); - if(ferror(mach_passwd_fp)) { - DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n", - strerror(errno) )); - return False; - } - - /* - * The length of the line read - * must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678 - */ - - if(strlen(linebuf) != 45) { - DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n")); -#ifdef DEBUG_PASSWORD - DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); -#endif - return False; - } - - /* - * Get the hex password. - */ - - if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || - strncmp(&linebuf[33], "TLC-", 4)) { - DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); -#ifdef DEBUG_PASSWORD - DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); -#endif - return False; - } - - /* - * Get the last changed time. - */ - p = &linebuf[37]; - - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) { - DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n")); -#ifdef DEBUG_PASSWORD - DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); -#endif - return False; - } - } - - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - - *pass_last_set_time = (time_t)strtol(p, NULL, 16); - - return True; -} - -/************************************************************************ - Routine to get the trust account password for a domain. - The user of this function must have locked the trust password file. -************************************************************************/ - -BOOL set_trust_account_password( unsigned char *md4_new_pwd) -{ - char linebuf[64]; - int i; - - if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) { - DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n", - strerror(errno) )); - return False; - } - - for (i = 0; i < 16; i++) - slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]); - - slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL)); - - if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) { - DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \ -account is now invalid. Please recreate. Error was %s.\n", strerror(errno) )); - return False; - } - - fflush(mach_passwd_fp); - return True; -} +#else +static void dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c new file mode 100644 index 00000000000..dfd5931a72b --- /dev/null +++ b/source3/passdb/smbpassfile.c @@ -0,0 +1,307 @@ +/* + * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern int DEBUGLEVEL; + +static int gotalarm; + +/*************************************************************** + Signal function to tell us we timed out. +****************************************************************/ +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + +/*************************************************************** + Lock or unlock a fd for a known lock type. Abandon after waitsecs + seconds. +****************************************************************/ +BOOL do_file_lock(int fd, int waitsecs, int type) +{ + struct flock lock; + int ret; + + gotalarm = 0; + signal(SIGALRM, SIGNAL_CAST gotalarm_sig); + + lock.l_type = type; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 1; + lock.l_pid = 0; + + alarm(5); + ret = fcntl(fd, F_SETLKW, &lock); + alarm(0); + signal(SIGALRM, SIGNAL_CAST SIG_DFL); + + if (gotalarm) { + DEBUG(0, ("do_file_lock: failed to %s file.\n", + type == F_UNLCK ? "unlock" : "lock")); + return False; + } + + return (ret == 0); +} + +static int pw_file_lock_depth; + +/*************************************************************** + Lock an fd. Abandon after waitsecs seconds. +****************************************************************/ +BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) +{ + if (fd < 0) + return False; + + (*plock_depth)++; + + if(pw_file_lock_depth == 0) { + if (!do_file_lock(fd, secs, type)) { + DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", + strerror(errno))); + return False; + } + } + + return True; +} + +/*************************************************************** + Unlock an fd. Abandon after waitsecs seconds. +****************************************************************/ +BOOL pw_file_unlock(int fd, int *plock_depth) +{ + BOOL ret=True; + + if(*plock_depth == 1) + ret = do_file_lock(fd, 5, F_UNLCK); + + (*plock_depth)--; + + if(!ret) + DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", + strerror(errno))); + return ret; +} + +static int mach_passwd_lock_depth; +static FILE *mach_passwd_fp; + +/************************************************************************ + Routine to get the name for a trust account file. +************************************************************************/ +static void get_trust_account_file_name( char *domain, char *name, char *mac_file) +{ + unsigned int mac_file_len; + char *p; + + pstrcpy(mac_file, lp_smb_passwd_file()); + p = strrchr(mac_file, '/'); + if(p != NULL) + *++p = '\0'; + + mac_file_len = strlen(mac_file); + + if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0) + { + DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n", + mac_file)); + return; + } + + pstrcat(mac_file, domain); + pstrcat(mac_file, "."); + pstrcat(mac_file, name); + pstrcat(mac_file, ".mac"); +} + +/************************************************************************ + Routine to lock the trust account password file for a domain. +************************************************************************/ +BOOL trust_password_lock( char *domain, char *name, BOOL update) +{ + pstring mac_file; + + if(mach_passwd_lock_depth == 0) { + + get_trust_account_file_name( domain, name, mac_file); + + if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) { + if(errno == ENOENT && update) { + mach_passwd_fp = fopen(mac_file, "w+b"); + } + + if(mach_passwd_fp == NULL) { + DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n", + mac_file, strerror(errno) )); + return False; + } + } + + chmod(mac_file, 0600); + + if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), + 60, &mach_passwd_lock_depth)) + { + DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file)); + fclose(mach_passwd_fp); + return False; + } + + } + + return True; +} + +/************************************************************************ + Routine to unlock the trust account password file for a domain. +************************************************************************/ +BOOL trust_password_unlock(void) +{ + BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); + if(mach_passwd_lock_depth == 0) + fclose(mach_passwd_fp); + return ret; +} + +/************************************************************************ + Routine to delete the trust account password file for a domain. +************************************************************************/ +BOOL trust_password_delete( char *domain, char *name ) +{ + pstring mac_file; + + get_trust_account_file_name( domain, name, mac_file); + return (unlink( mac_file ) == 0); +} + +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file. +************************************************************************/ +BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time) +{ + char linebuf[256]; + char *p; + int i; + + linebuf[0] = '\0'; + + *pass_last_set_time = (time_t)0; + memset(ret_pwd, '\0', 16); + + if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) { + DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n", + strerror(errno) )); + return False; + } + + fgets(linebuf, sizeof(linebuf), mach_passwd_fp); + if(ferror(mach_passwd_fp)) { + DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n", + strerror(errno) )); + return False; + } + + /* + * The length of the line read + * must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678 + */ + + if(strlen(linebuf) != 45) { + DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n")); +#ifdef DEBUG_PASSWORD + DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); +#endif + return False; + } + + /* + * Get the hex password. + */ + + if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || + strncmp(&linebuf[33], "TLC-", 4)) { + DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); +#ifdef DEBUG_PASSWORD + DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); +#endif + return False; + } + + /* + * Get the last changed time. + */ + p = &linebuf[37]; + + for(i = 0; i < 8; i++) { + if(p[i] == '\0' || !isxdigit(p[i])) { + DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n")); +#ifdef DEBUG_PASSWORD + DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf)); +#endif + return False; + } + } + + /* + * p points at 8 characters of hex digits - + * read into a time_t as the seconds since + * 1970 that the password was last changed. + */ + + *pass_last_set_time = (time_t)strtol(p, NULL, 16); + + return True; +} + +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file. +************************************************************************/ +BOOL set_trust_account_password( unsigned char *md4_new_pwd) +{ + char linebuf[64]; + int i; + + if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) { + DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n", + strerror(errno) )); + return False; + } + + for (i = 0; i < 16; i++) + slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]); + + slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL)); + + if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) { + DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \ +account is now invalid. Please recreate. Error was %s.\n", strerror(errno) )); + return False; + } + + fflush(mach_passwd_fp); + return True; +} + diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 930b6077707..ff4b6bf4b63 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -372,7 +372,7 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, for (i = 0; i < q_l.num_entries; i++) { char *user_name = unistr2(q_l.lookup_name[i].str.buffer); - if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 73992faf5de..e5ae3959b9b 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -725,7 +725,7 @@ static void api_net_sam_logon( int uid, sam_logon_in_ssb = False; - if (name_to_rid(samlogon_user, &r_uid, &r_gid)) + if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid)) { make_net_user_info3(&usr_info, &dummy_time, /* logon_time */ diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 204a9eac8ef..632c508343a 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -414,7 +414,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) return 0x0; } - unix_uid = uid_to_user_rid(rid); + unix_uid = pdb_uid_to_user_rid(rid); DEBUG(5,(" uid: %d", unix_uid)); /* ok, it's a user. find the user account */ -- 2.34.1