*/
#include "includes.h"
+#include "passdb.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
+#include "../librpc/gen_ndr/samr.h"
+#include "../libcli/security/security.h"
+#include "passdb/pdb_smbpasswd.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
else. However, smb_passwd is limited to the information
stored by an smbpasswd entry
*/
-
+
struct smb_passwd
{
- uint32 smb_userid; /* this is actually the unix uid_t */
+ uint32_t smb_userid; /* this is actually the unix uid_t */
const char *smb_name; /* username string */
const unsigned char *smb_passwd; /* Null if no password */
const unsigned char *smb_nt_passwd; /* Null if no password */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ uint16_t acct_ctrl; /* account info (ACB_xxxx bit-mask) */
time_t pass_last_set_time; /* password last set time */
};
{
/* used for maintain locks on the smbpasswd file */
int pw_file_lock_depth;
-
+
/* Global File pointer */
FILE *pw_file;
-
+
/* formerly static variables */
struct smb_passwd pw_buf;
fstring user_name;
Signal function to tell us we timed out.
****************************************************************/
-static void gotalarm_sig(void)
+static void gotalarm_sig(int signum)
{
gotalarm = 1;
}
static bool do_file_lock(int fd, int waitsecs, int type)
{
- SMB_STRUCT_FLOCK lock;
+ struct flock lock;
int ret;
void (*oldsig_handler)(int);
gotalarm = 0;
- oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+ oldsig_handler = CatchSignal(SIGALRM, gotalarm_sig);
lock.l_type = type;
lock.l_whence = SEEK_SET;
alarm(waitsecs);
/* Note we must *NOT* use sys_fcntl here ! JRA */
- ret = fcntl(fd, SMB_F_SETLKW, &lock);
+ ret = fcntl(fd, F_SETLKW, &lock);
alarm(0);
- CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler);
+ CatchSignal(SIGALRM, oldsig_handler);
- if (gotalarm) {
+ if (gotalarm && ret == -1) {
DEBUG(0, ("do_file_lock: failed to %s file.\n",
type == F_UNLCK ? "unlock" : "lock"));
return False;
if (user == NULL)
return;
ZERO_STRUCTP (user);
-
+
user->pass_last_set_time = (time_t)0;
}
int i, fd = -1;
for(i = 0; i < 5; i++) {
- if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) {
+ if((fd = open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) {
break;
}
- sys_usleep(200); /* Spin, spin... */
+ usleep(200); /* Spin, spin... */
}
if(fd == -1) {
DEBUG(0,("startsmbfilepwent_internal: too many race conditions \
lock_type = F_WRLCK;
break;
}
+ default:
+ DEBUG(10, ("Invalid open mode: %d\n", type));
+ return NULL;
}
-
+
for(race_loop = 0; race_loop < 5; race_loop++) {
DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
- if((fp = sys_fopen(pfile, open_mode)) == NULL) {
+ if((fp = fopen(pfile, open_mode)) == NULL) {
/*
* If smbpasswd file doesn't exist, then create new one. This helps to avoid
* confusing error msg when adding user account first time.
*/
if (errno == ENOENT) {
- if ((fp = sys_fopen(pfile, "a+")) != NULL) {
+ if ((fp = fopen(pfile, "a+")) != NULL) {
DEBUG(0, ("startsmbfilepwent_internal: file %s did not \
exist. File successfully created.\n", pfile));
} else {
* prevent infinate loops. JRA.
*/
- if (sys_stat(pfile,&sbuf1) != 0) {
+ if (sys_stat(pfile, &sbuf1, false) != 0) {
DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. \
Error was %s\n", pfile, strerror(errno)));
pw_file_unlock(fileno(fp), lock_depth);
return NULL;
}
- if (sys_fstat(fileno(fp),&sbuf2) != 0) {
+ if (sys_fstat(fileno(fp), &sbuf2, false) != 0) {
DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. \
Error was %s\n", pfile, strerror(errno)));
pw_file_unlock(fileno(fp), lock_depth);
return NULL;
}
- if( sbuf1.st_ino == sbuf2.st_ino) {
+ if( sbuf1.st_ex_ino == sbuf2.st_ex_ino) {
/* No race. */
break;
}
}
if(*p == ':') {
p++;
- if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
+ if(*p && (strncasecmp_m((char *)p, "LCT-", 4)==0)) {
int i;
p += 4;
for(i = 0; i < 8; i++) {
/* Add the account encoding and the last change time. */
slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
- (uint32)newpwd->pass_last_set_time);
+ (uint32_t)newpwd->pass_last_set_time);
return new_entry;
}
int fd;
size_t new_entry_length;
char *new_entry;
- SMB_OFF_T offpos;
+ off_t offpos;
/* Open the smbpassword file - for update. */
fp = startsmbfilepwent(pfile, PWF_UPDATE, &smbpasswd_state->pw_file_lock_depth);
*/
fd = fileno(fp);
- if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
+ if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
NTSTATUS result = map_nt_error_from_unix(errno);
- DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
+ DEBUG(0, ("add_smbfilepwd_entry(lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return result;
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
/* Remove the entry we just wrote. */
- if(sys_ftruncate(fd, offpos) == -1) {
+ if(ftruncate(fd, offpos) == -1) {
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
newpwd->smb_name, strerror(errno)));
fstring user_name;
char *status;
- char linebuf[256];
+#define LINEBUF_SIZE 255
+ char linebuf[LINEBUF_SIZE + 1];
char readbuf[1024];
int c;
fstring ascii_p16;
bool found_entry = False;
bool got_pass_last_set_time = False;
- SMB_OFF_T pwd_seekpos = 0;
+ off_t pwd_seekpos = 0;
int i;
int wr_len;
}
DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
- fp = sys_fopen(pfile, "r+");
+ fp = fopen(pfile, "r+");
if (fp == NULL) {
DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
*/
status = linebuf;
while (status && !feof(fp)) {
- pwd_seekpos = sys_ftell(fp);
+ pwd_seekpos = ftell(fp);
linebuf[0] = '\0';
- status = fgets(linebuf, sizeof(linebuf), fp);
+ status = fgets(linebuf, LINEBUF_SIZE, fp);
if (status == NULL && ferror(fp)) {
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
p++;
/* We should be pointing at the LCT entry. */
- if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
+ if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (strncasecmp_m((char *)p, "LCT-", 4) == 0)) {
p += 4;
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
*/
got_pass_last_set_time = True;
} /* i == 8 */
- } /* *p && StrnCaseCmp() */
+ } /* *p && strncasecmp_m() */
} /* p == ':' */
} /* p == '[' */
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
"%s:LCT-%08X:",
- encode_bits, (uint32)pwd->pass_last_set_time );
+ encode_bits, (uint32_t)pwd->pass_last_set_time );
wr_len = strlen(ascii_p16);
}
#ifdef DEBUG_PASSWORD
DEBUG(100,("mod_smbfilepwd_entry: "));
- dump_data(100, (uint8 *)ascii_p16, wr_len);
+ dump_data(100, (uint8_t *)ascii_p16, wr_len);
#endif
- if(wr_len > sizeof(linebuf)) {
+ if(wr_len > LINEBUF_SIZE) {
DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
fd = fileno(fp);
- if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
+ if (lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
- if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
+ if (lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
pfile2 = talloc_asprintf(talloc_tos(),
"%s.%u",
- pfile, (unsigned)sys_getpid());
+ pfile, (unsigned)getpid());
if (!pfile2) {
return false;
}
static bool build_smb_pass (struct smb_passwd *smb_pw, const struct samu *sampass)
{
- uint32 rid;
+ uint32_t rid;
if (sampass == NULL)
return False;
if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
rid = pdb_get_user_rid(sampass);
-
+
/* If the user specified a RID, make sure its able to be both stored and retreived */
- if (rid == DOMAIN_USER_RID_GUEST) {
- struct passwd *passwd = getpwnam_alloc(NULL, lp_guestaccount());
+ if (rid == DOMAIN_RID_GUEST) {
+ struct passwd *passwd = Get_Pwnam_alloc(NULL, lp_guest_account());
if (!passwd) {
- DEBUG(0, ("Could not find guest account via getpwnam()! (%s)\n", lp_guestaccount()));
+ DEBUG(0, ("Could not find guest account via Get_Pwnam_alloc()! (%s)\n", lp_guest_account()));
return False;
}
smb_pw->smb_userid=passwd->pw_uid;
struct samu *sam_pass, const struct smb_passwd *pw_buf)
{
struct passwd *pwfile;
-
+
if ( !sam_pass ) {
DEBUG(5,("build_sam_account: struct samu is NULL\n"));
return False;
"%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
return False;
}
-
+
if ( !NT_STATUS_IS_OK( samu_set_unix(sam_pass, pwfile )) )
return False;
-
+
TALLOC_FREE(pwfile);
/* set remaining fields */
-
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
- pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
+
+ if (!pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET))
+ return False;
+ if (!pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET))
+ return False;
pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
-
+
return True;
}
while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
/* do nothing....another loop */ ;
-
+
endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
return nt_status;
-
+
DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
if (!sam_acct) {
DEBUG(10,("getsampwnam (smbpasswd): struct samu is NULL\n"));
return nt_status;
}
-
+
/* now build the struct samu */
if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
return nt_status;
return NT_STATUS_OK;
}
-static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct samu *sam_acct, const DOM_SID *sid)
+static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct samu *sam_acct, const struct dom_sid *sid)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
FILE *fp = NULL;
- uint32 rid;
-
+ uint32_t rid;
+
DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n",
sid_string_dbg(sid)));
return NT_STATUS_UNSUCCESSFUL;
/* More special case 'guest account' hacks... */
- if (rid == DOMAIN_USER_RID_GUEST) {
- const char *guest_account = lp_guestaccount();
+ if (rid == DOMAIN_RID_GUEST) {
+ const char *guest_account = lp_guest_account();
if (!(guest_account && *guest_account)) {
DEBUG(1, ("Guest account not specfied!\n"));
return nt_status;
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
return nt_status;
-
+
DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
-
+
if (!sam_acct) {
DEBUG(10,("getsampwrid: (smbpasswd) struct samu is NULL\n"));
return nt_status;
return nt_status;
/* build_sam_account might change the SID on us, if the name was for the guest account */
- if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+ if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
DEBUG(1, ("looking for user with sid %s instead returned %s "
"for account %s!?!\n", sid_string_dbg(sid),
sid_string_dbg(pdb_get_user_sid(sam_acct)),
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd smb_pw;
-
+
/* convert the struct samu */
if (!build_smb_pass(&smb_pw, sampass)) {
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* add the entry */
return add_smbfilepwd_entry(smbpasswd_state, &smb_pw);
}
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd smb_pw;
-
+
/* convert the struct samu */
if (!build_smb_pass(&smb_pw, sampass)) {
DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* update the entry */
if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
return NT_STATUS_OK;
}
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- if (!*(lp_renameuser_script()))
+ if (!*(lp_rename_user_script(talloc_tos())))
goto done;
if ( !(new_acct = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
}
-
+
if ( !pdb_copy_sam_account( new_acct, old_acct )
|| !pdb_set_username(new_acct, newname, PDB_CHANGED))
{
interim_account = True;
/* rename the posix user */
- rename_script = talloc_strdup(ctx,
- lp_renameuser_script());
+ rename_script = lp_rename_user_script(ctx);
if (!rename_script) {
ret = NT_STATUS_NO_MEMORY;
goto done;
goto done;
}
- rename_ret = smbrun(rename_script, NULL);
+ rename_ret = smbrun(rename_script, NULL, NULL);
DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret));
if (new_acct)
TALLOC_FREE(new_acct);
-
+
return (ret);
}
-static bool smbpasswd_rid_algorithm(struct pdb_methods *methods)
+static uint32_t smbpasswd_capabilities(struct pdb_methods *methods)
{
- return True;
+ return 0;
}
static void free_private_data(void **vp)
{
struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
-
+
endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth));
-
+
*privates = NULL;
/* No need to free any further, as it is talloc()ed */
}
entry->acct_flags = state->entries[state->current].acct_flags;
entry->account_name = talloc_strdup(
- search->mem_ctx, state->entries[state->current].account_name);
+ search, state->entries[state->current].account_name);
entry->fullname = talloc_strdup(
- search->mem_ctx, state->entries[state->current].fullname);
+ search, state->entries[state->current].fullname);
entry->description = talloc_strdup(
- search->mem_ctx, state->entries[state->current].description);
+ search, state->entries[state->current].description);
if ((entry->account_name == NULL) || (entry->fullname == NULL)
|| (entry->description == NULL)) {
struct smb_passwd *pwd;
FILE *fp;
- search_state = TALLOC_ZERO_P(search->mem_ctx,
- struct smbpasswd_search_state);
+ search_state = talloc_zero(search, struct smbpasswd_search_state);
if (search_state == NULL) {
DEBUG(0, ("talloc failed\n"));
return false;
(*pdb_method)->rename_sam_account = smbpasswd_rename_sam_account;
(*pdb_method)->search_users = smbpasswd_search_users;
- (*pdb_method)->rid_algorithm = smbpasswd_rid_algorithm;
+ (*pdb_method)->capabilities = smbpasswd_capabilities;
/* Setup private data and free function */
- if ( !(privates = TALLOC_ZERO_P( *pdb_method, struct smbpasswd_privates )) ) {
+ if ( !(privates = talloc_zero( *pdb_method, struct smbpasswd_privates )) ) {
DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
} else {
privates->smbpasswd_file = talloc_strdup(*pdb_method, lp_smb_passwd_file());
}
-
+
if (!privates->smbpasswd_file) {
DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS pdb_smbpasswd_init(void)
+NTSTATUS pdb_smbpasswd_init(TALLOC_CTX *ctx)
{
return smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
}