end of the platform specific sections
********************************************************************/
+#if (!defined(USE_LDAP_DB) && !defined(USE_NISPLUS_DB))
+#define USE_SMBPASS_DB
+#endif
+
#if defined(USE_MMAP) || defined(FAST_SHARE_MODES)
#include <sys/mman.h>
#endif
#include <krb.h>
#endif
-#ifdef USE_LDAP
-#include <lber.h>
-#include <ldap.h>
-#endif
-
#ifdef NO_UTIMBUF
struct utimbuf {
time_t actime;
/*The following definitions come from ldap.c */
-#ifdef USE_LDAP
-BOOL ldap_open_connection(LDAP **ldap_struct);
-BOOL ldap_connect_system(LDAP *ldap_struct);
-BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result);
-BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result);
-void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value);
-BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry);
-BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry);
+BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd);
BOOL add_ldappwd_entry(struct smb_passwd *newpwd);
BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override);
+BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override);
void *startldappwent(BOOL update);
struct smb_passwd *getldappwent(void *vp);
struct sam_passwd *getldap21pwent(void *vp);
void endldappwent(void *vp);
unsigned long getldappwpos(void *vp);
BOOL setldappwpos(void *vp, unsigned long tok);
-#endif /* USE_LDAP */
/*The following definitions come from lib/rpc/client/cli_login.c */
void endlmhosts(FILE *fp);
BOOL resolve_name(char *name, struct in_addr *return_ip);
+/*The following definitions come from nisppass.c */
+
+void *startnisppwent(BOOL update);
+void endnisppwent(void *vp);
+struct sam_passwd *getnisp21pwent(void *vp);
+struct smb_passwd *getnisppwent(void *vp);
+unsigned long getnisppwpos(void *vp);
+BOOL setnisppwpos(void *vp, unsigned long tok);
+BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd);
+BOOL add_nisppwd_entry(struct smb_passwd *newpwd);
+BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override);
+BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override);
+struct smb_passwd *getnisppwnam(char *name);
+struct smb_passwd *getnisppwuid(int smb_userid);
+
/*The following definitions come from nmbd.c */
BOOL reload_services(BOOL test);
void *startsampwent(BOOL update);
void endsampwent(void *vp);
struct smb_passwd *getsampwent(void *vp);
+struct sam_disp_info *getsamdispent(void *vp);
struct sam_passwd *getsam21pwent(void *vp);
unsigned long getsampwpos(void *vp);
BOOL setsampwpos(void *vp, unsigned long tok);
struct sam_passwd *getsam21pwnam(char *name);
struct smb_passwd *getsampwuid(uid_t smb_userid);
struct sam_passwd *getsam21pwrid(uint32 rid);
-char *encode_acct_ctrl(uint16 acct_ctrl);
-uint16 decode_acct_ctrl(char *p);
-int gethexpwd(char *p, char *pwd);
-BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
-BOOL generate_machine_sid(void);
-uid_t user_rid_to_uid(uint32 u_rid);
-uid_t group_rid_to_uid(uint32 u_gid);
-uint32 uid_to_user_rid(uint32 uid);
-uint32 gid_to_group_rid(uint32 gid);
+time_t pdb_get_last_set_time(char *p);
+void pdb_set_last_set_time(char *p, int max_len, time_t t);
+char *pdb_encode_acct_ctrl(uint16 acct_ctrl);
+uint16 pdb_decode_acct_ctrl(char *p);
+int pdb_gethexpwd(char *p, char *pwd);
+BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
+BOOL pdb_generate_machine_sid(void);
+uid_t pdb_user_rid_to_uid(uint32 u_rid);
+uid_t pdb_group_rid_to_uid(uint32 u_gid);
+uint32 pdb_uid_to_user_rid(uint32 uid);
+uint32 pdb_gid_to_group_rid(uint32 gid);
/*The following definitions come from password.c */
struct smb_passwd *getsmbpwent(void *vp);
unsigned long getsmbpwpos(void *vp);
BOOL setsmbpwpos(void *vp, unsigned long tok);
+BOOL add_smb21pwd_entry(struct sam_passwd *newpwd);
BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
+BOOL mod_smb21pwd_entry(struct sam_passwd* pwd, BOOL override);
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
BOOL trust_password_lock( char *domain, char *name, BOOL update);
BOOL trust_password_unlock(void);
};
+struct sam_disp_info
+{
+ uint32 user_rid; /* Primary User ID */
+ char *smb_name; /* username string */
+ char *full_name; /* user's full name string */
+};
+
+
/* DOM_CHAL - challenge info */
typedef struct chal_info
{
#include "includes.h"
#if (defined(NETGROUP) && defined (AUTOMOUNT))
-#ifdef NISPLUS
+#ifdef NISPLUS_HOME
#include <rpcsvc/nis.h>
#else
#include "rpcsvc/ypclnt.h"
*******************************************************************/
#if (defined(NETGROUP) && defined(AUTOMOUNT))
-#ifdef NISPLUS
+#ifdef NISPLUS_HOME
static char *automount_lookup(char *user_name)
{
static fstring last_key = "";
DEBUG(4, ("NIS+ Lookup: %s resulted in %s\n", user_name, last_value));
return last_value;
}
-#else /* NISPLUS */
+#else /* NISPLUS_HOME */
static char *automount_lookup(char *user_name)
{
static fstring last_key = "";
DEBUG(4, ("YP Lookup: %s resulted in %s\n", user_name, last_value));
return last_value;
}
-#endif /* NISPLUS */
+#endif /* NISPLUS_HOME */
#endif
/*******************************************************************
Globals.bUnixRealname = False;
#if (defined(NETGROUP) && defined(AUTOMOUNT))
Globals.bNISHomeMap = False;
-#ifdef NISPLUS
+#ifdef NISPLUS_HOME
string_set(&Globals.szNISHomeMapName, "auto_home.org_dir");
#else
string_set(&Globals.szNISHomeMapName, "auto.home");
/*******************************************************************
open a connection to the ldap serve.
******************************************************************/
-BOOL ldap_open_connection(LDAP **ldap_struct)
+static BOOL ldap_open_connection(LDAP **ldap_struct)
{
if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) )== NULL)
{
/*******************************************************************
connect to the ldap server under system privileg.
******************************************************************/
-BOOL ldap_connect_system(LDAP *ldap_struct)
+static BOOL ldap_connect_system(LDAP *ldap_struct)
{
if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
{
/*******************************************************************
run the search by name.
******************************************************************/
-BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result)
+static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result)
{
pstring filter;
/*
/*******************************************************************
run the search by uid.
******************************************************************/
-BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
+static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
{
pstring filter;
/*
/*******************************************************************
search an attribute and return the first value found.
******************************************************************/
-void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
+static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
{
char **valeurs;
/*******************************************************************
check if the returned entry is a sambaAccount objectclass.
******************************************************************/
-BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
+static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
{
BOOL sambaAccount=False;
char **valeur;
/*******************************************************************
check if the returned entry is a sambaMachine objectclass.
******************************************************************/
-BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
+static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
{
BOOL sambaMachine=False;
char **valeur;
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#else
get_single_attribute(ldap_struct, entry, "ntPasswordHash", temp);
- gethexpwd(temp, user->smb_nt_passwd);
+ pdb_gethexpwd(temp, user->smb_nt_passwd);
get_single_attribute(ldap_struct, entry, "lmPasswordHash", temp);
- gethexpwd(temp, user->smb_passwd);
+ pdb_gethexpwd(temp, user->smb_passwd);
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#endif
}
}
+/************************************************************************
+ Routine to add an entry to the ldap passwd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
+BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd)
+{
+ DEBUG(0,("add_ldap21pwd_entry - currently not supported\n"));
+ return True;
+}
+
/************************************************************************
Routine to add an entry to the ldap passwd file.
return False;
}
+/************************************************************************
+ Routine to search the ldap passwd file for an entry matching the username.
+ and then modify its password entry. We can't use the startldappwent()/
+ getldappwent()/endldappwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
+BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override)
+{
+ DEBUG(0,("mod_ldap21pwd_entry - currently not supported\n"));
+ return False;
+}
+
/***************************************************************
Start to enumerate the ldap passwd list. Returns a void pointer
to ensure no modification outside this module.
* Mass Ave, Cambridge, MA 02139, USA.
*/
-#ifdef NISPLUS
+#ifdef USE_NISPLUS_DB
#include "includes.h"
-
-extern int DEBUGLEVEL;
-
#include <rpcsvc/nis.h>
+extern int DEBUGLEVEL;
static int gotalarm;
****************************************************************/
void *startnisppwent(BOOL update)
{
+ return NULL;
}
/***************************************************************
*************************************************************************/
struct sam_passwd *getnisp21pwent(void *vp)
{
+ return NULL;
}
/*************************************************************************
return False;
}
+/************************************************************************
+ Routine to add an entry to the nisplus passwd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
+BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
+{
+}
+
/************************************************************************
Routine to add an entry to the nisplus passwd file.
*************************************************************************/
BOOL add_nisppwd_entry(struct smb_passwd *newpwd)
{
- return False;
+ /* Static buffers we will return. */
+ static pstring user_name;
+
+ BOOL add_user = True;
+ char *pfile;
+ pstring nisname;
+ nis_result *nis_user;
+ nis_result *result = NULL,
+ *tblresult = NULL,
+ *addresult = NULL;
+ nis_object newobj, *obj, *user_obj;
+ char lmpwd[33], ntpwd[33];
+
+ pfile = lp_smb_passwd_file();
+
+ safe_strcpy(user_name, newpwd->smb_name, sizeof(user_name));
+
+ safe_strcpy(nisname, "[name=", sizeof(nisname));
+ safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) -1);
+ safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1);
+
+ safe_strcpy(nisname, "[uid=", sizeof(nisname));
+ slprintf(nisname, sizeof(nisname), "%s%d", nisname, newpwd->smb_userid);
+ safe_strcat(nisname, "],passwd.org_dir", sizeof(nisname)-strlen(nisname)-1);
+
+ nis_user = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
+
+ if (nis_user->status != NIS_SUCCESS || NIS_RES_NUMOBJ(nis_user) <= 0)
+ {
+ DEBUG(3, ("add_nisppwd_entry: Unable to get NIS+ passwd entry for user: %s.\n",
+ nis_sperrno(nis_user->status)));
+ return False;
+ }
+
+ /*
+ * Calculate the SMB (lanman) hash functions of both old and new passwords.
+ */
+
+ user_obj = NIS_RES_OBJECT(nis_user);
+
+ safe_strcpy(nisname, "[name=", sizeof(nisname));
+ safe_strcat(nisname, ENTRY_VAL(user_obj,0),sizeof(nisname)-strlen(nisname)-1);
+ safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
+ safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
+
+ result = nis_list(nisname, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP,NULL,NULL);
+ if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND)
+ {
+ DEBUG(3, ( "add_nisppwd_entry: nis_list failure: %s: %s\n",
+ nisname, nis_sperrno(result->status)));
+ nis_freeresult(nis_user);
+ nis_freeresult(result);
+ return False;
+ }
+
+ if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0)
+ {
+ DEBUG(3, ("add_nisppwd_entry: User already exists in NIS+ password db: %s\n",
+ pfile));
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ return False;
+ }
+
+ /* User not found. */
+
+ if (!add_user)
+ {
+ DEBUG(3, ("add_nisppwd_entry: User not found in NIS+ password db: %s\n",
+ pfile));
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ return False;
+ }
+
+ tblresult = nis_lookup(pfile, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP );
+ if (tblresult->status != NIS_SUCCESS)
+ {
+ nis_freeresult(result);
+ nis_freeresult(nis_user);
+ nis_freeresult(tblresult);
+ DEBUG(3, ( "add_nisppwd_entry: nis_lookup failure: %s\n",
+ nis_sperrno(tblresult->status)));
+ return False;
+ }
+
+ newobj.zo_name = NIS_RES_OBJECT(tblresult)->zo_name;
+ newobj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain;
+ newobj.zo_owner = NIS_RES_OBJECT(nis_user)->zo_owner;
+ newobj.zo_group = NIS_RES_OBJECT(tblresult)->zo_group;
+ newobj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access;
+ newobj.zo_ttl = NIS_RES_OBJECT(tblresult)->zo_ttl;
+
+ newobj.zo_data.zo_type = ENTRY_OBJ;
+
+ newobj.zo_data.objdata_u.en_data.en_type = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_type;
+ newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol;
+ newobj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(newobj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col));
+
+ ENTRY_VAL(&newobj, 0) = ENTRY_VAL(user_obj, 0);
+ ENTRY_LEN(&newobj, 0) = ENTRY_LEN(user_obj, 0);
+
+ ENTRY_VAL(&newobj, 1) = ENTRY_VAL(user_obj, 2);
+ ENTRY_LEN(&newobj, 1) = ENTRY_LEN(user_obj, 2);
+
+ ENTRY_VAL(&newobj, 2) = lmpwd;
+ ENTRY_LEN(&newobj, 2) = strlen(lmpwd);
+ newobj.EN_data.en_cols.en_cols_val[2].ec_flags = EN_CRYPT;
+
+ ENTRY_VAL(&newobj, 3) = ntpwd;
+ ENTRY_LEN(&newobj, 3) = strlen(ntpwd);
+ newobj.EN_data.en_cols.en_cols_val[3].ec_flags = EN_CRYPT;
+
+ ENTRY_VAL(&newobj, 4) = ENTRY_VAL(user_obj, 4);
+ ENTRY_LEN(&newobj, 4) = ENTRY_LEN(user_obj, 4);
+
+ ENTRY_VAL(&newobj, 5) = ENTRY_VAL(user_obj, 5);
+ ENTRY_LEN(&newobj, 5) = ENTRY_LEN(user_obj, 5);
+
+ ENTRY_VAL(&newobj, 6) = ENTRY_VAL(user_obj, 6);
+ ENTRY_LEN(&newobj, 6) = ENTRY_LEN(user_obj, 6);
+
+ obj = &newobj;
+
+ addresult = nis_add_entry(pfile, obj, ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP);
+
+ nis_freeresult(nis_user);
+ if (tblresult)
+ {
+ nis_freeresult(tblresult);
+ }
+
+ if (addresult->status != NIS_SUCCESS)
+ {
+ DEBUG(3, ( "add_nisppwd_entry: NIS+ table update failed: %s\n",
+ nisname, nis_sperrno(addresult->status)));
+ nis_freeresult(addresult);
+ nis_freeresult(result);
+ return False;
+ }
+
+ nis_freeresult(addresult);
+ nis_freeresult(result);
+
+ return True;
}
+/************************************************************************
+ Routine to search the nisplus passwd file for an entry matching the username.
+ and then modify its password entry. We can't use the startnisppwent()/
+ getnisppwent()/endnisppwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
+BOOL mod_nisp21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+ return False;
+}
+
/************************************************************************
Routine to search the nisplus passwd file for an entry matching the username.
and then modify its password entry. We can't use the startnisppwent()/
/************************************************************************
makes a struct smb_passwd from a NIS+ result.
************************************************************************/
-BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
+static BOOL make_smb_from_nisp(struct smb_passwd *pw_buf, nis_result *result)
{
int uidval;
static pstring user_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
+ nis_object *obj;
+ uchar *p;
if (pw_buf == NULL || result == NULL) return False;
if (result->status != NIS_SUCCESS)
{
- DEBUG(0, ("make_smb_from_nisp: %s: NIS+ lookup failure: %s\n",
- nisname, nis_sperrno(result->status)));
+ DEBUG(0, ("make_smb_from_nisp: NIS+ lookup failure: %s\n",
+ nis_sperrno(result->status)));
return False;
}
/* User not found. */
if (NIS_RES_NUMOBJ(result) <= 0)
{
- DEBUG(10, ("make_smb_from_nisp: %s not found in NIS+\n", nisname));
+ DEBUG(10, ("make_smb_from_nisp: user not found in NIS+\n"));
return False;
}
if (NIS_RES_NUMOBJ(result) > 1)
{
- DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for %s in NIS+ table!\n", nisname));
+ DEBUG(10, ("make_smb_from_nisp: WARNING: Multiple entries for user in NIS+ table!\n"));
}
/* Grab the first hit. */
/* Check the lanman password column. */
p = (uchar *)ENTRY_VAL(obj, 2);
- if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbpwd))
+ if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd))
{
DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n"));
return False;
/* Check the NT password column. */
p = (uchar *)ENTRY_VAL(obj, 3);
- if (strlen((char *)p) != 32 || !gethexpwd((char *)p, (char *)smbntpwd))
+ if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd))
{
DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n"));
return False;
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- char linebuf[256];
- char readbuf[16 * 1024];
- unsigned char c;
- unsigned char *p;
- long uidval;
- long linebuf_len;
- FILE *fp;
- int lockfd;
- char *pfile = lp_smb_passwd_file();
nis_result *result;
- nis_object *obj;
- char *nisname, *nisnamefmt;
+ pstring nisname;
BOOL ret;
- if (!*pfile)
+ if (!*lp_smb_passwd_file())
{
DEBUG(0, ("No SMB password file set\n"));
- return (NULL);
+ return NULL;
}
DEBUG(10, ("getnisppwnam: search by name: %s\n", name));
- DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", pfile));
+ DEBUG(10, ("getnisppwnam: using NIS+ table %s\n", lp_smb_passwd_file()));
- nisnamefmt = "[name=%s],%s";
- nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile) + strlen(name));
-
- if (!nisname)
- {
- DEBUG(0,("getnisppwnam: Can't allocate nisname"));
- return NULL;
- }
-
- safe_sprintf(nisname, nisnamefmt, name, pfile);
+ slprintf(nisname, sizeof(nisname), "[name=%s],%s", name, lp_smb_passwd_file());
/* Search the table. */
gotalarm = 0;
alarm(5);
result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
- free(nisname);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-struct smb_passwd *getnisppwnam(int uid)
+struct smb_passwd *getnisppwuid(int smb_userid)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- char linebuf[256];
- char readbuf[16 * 1024];
- unsigned char c;
- unsigned char *p;
- long linebuf_len;
- FILE *fp;
- int lockfd;
- char *pfile = lp_smb_passwd_file();
nis_result *result;
- nis_object *obj;
- char *nisname, *nisnamefmt;
+ pstring nisname;
+ BOOL ret;
- if (!*pfile)
+ if (!*lp_smb_passwd_file())
{
DEBUG(0, ("No SMB password file set\n"));
return NULL;
}
- DEBUG(10, ("getnisppwuid: search by uid: %d\n", uid));
- DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", pfile));
-
- nisnamefmt = "[uid=%d],%s";
- nisname = (char *)malloc(strlen(nisnamefmt) + strlen(pfile)+ sizeof(smb_userid));
-
- if (!nisname)
- {
- DEBUG(0,("getnisppwuid: Can't allocate nisname"));
- return NULL;
- }
+ DEBUG(10, ("getnisppwuid: search by uid: %d\n", smb_userid));
+ DEBUG(10, ("getnisppwuid: using NIS+ table %s\n", lp_smb_passwd_file()));
- safe_sprintf(nisname, nisnamefmt, smb_userid, pfile);
+ slprintf(nisname, sizeof(nisname), "[uid=%d],%s", smb_userid, lp_smb_passwd_file());
/* Search the table. */
gotalarm = 0;
alarm(5);
result = nis_list(nisname, FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP, NULL, NULL);
- free(nisname);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
#else
static void dummy_function(void) { } /* stop some compilers complaining */
-#endif /* NISPLUS */
+#endif /* USE_NISPLUS_DB */
****************************************************************/
void *startsampwent(BOOL update)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return startnisppwent(update);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return startldappwent(update);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return startsmbpwent(update);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/***************************************************************
****************************************************************/
void endsampwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ endnisppwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
endldappwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
endsmbpwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
*************************************************************************/
struct smb_passwd *getsampwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisppwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldappwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmbpwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
+}
+
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
+struct sam_disp_info *getsamdispent(void *vp)
+{
+ struct sam_passwd *pwd = NULL;
+ static struct sam_disp_info disp_info;
+
+#ifdef USE_NISPLUS_DB
+ pwd = getnisp21pwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
+ pwd = getldap21pwent(vp);
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
+ pwd = getsmb21pwent(vp);
+#endif /* USE_SMBPASS_DB */
+
+ if (pwd == NULL) return NULL;
+
+ disp_info.smb_name = pwd->smb_name;
+ disp_info.full_name = pwd->full_name;
+ disp_info.user_rid = pwd->user_rid;
+
+ return &disp_info;
}
/*************************************************************************
*************************************************************************/
struct sam_passwd *getsam21pwent(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisp21pwent(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldap21pwent(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmb21pwent(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
*************************************************************************/
unsigned long getsampwpos(void *vp)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return getnisppwpos(vp);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return getldappwpos(vp);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return getsmbpwpos(vp);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/*************************************************************************
*************************************************************************/
BOOL setsampwpos(void *vp, unsigned long tok)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return setnisppwpos(vp, tok);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return setldappwpos(vp, tok);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return setsmbpwpos(vp, tok);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
*************************************************************************/
BOOL add_sampwd_entry(struct smb_passwd *newpwd)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return add_nisppwd_entry(newpwd);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return add_ldappwd_entry(newpwd);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return add_smbpwd_entry(newpwd);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
*************************************************************************/
BOOL add_sam21pwd_entry(struct sam_passwd *newpwd)
{
-#if 0
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return add_nisp21pwd_entry(newpwd);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return add_ldap21pwd_entry(newpwd);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return add_smb21pwd_entry(newpwd);
-#endif /* USE_LDAP */
-#else
- DEBUG(0,("add_sam21pwd_entry() - under development\n"));
- return False;
-#endif
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
************************************************************************/
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return mod_nisppwd_entry(pwd, override);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return mod_ldappwd_entry(pwd, override);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return mod_smbpwd_entry(pwd, override);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
************************************************************************/
BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override)
{
-#if 0
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return mod_nisp21pwd_entry(pwd, override);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return mod_ldap21pwd_entry(pwd, override);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return mod_smb21pwd_entry(pwd, override);
-#endif /* USE_LDAP */
-#else
- DEBUG(0,("mod_sam21pwd_entry() - under development\n"));
- return False;
-#endif
+#endif /* USE_SMBPASS_DB */
}
/**********************************************************
*************************************************************************/
struct smb_passwd *getsampwnam(char *name)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return _getsampwnam(name);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsampwnam(name);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsampwnam(name);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
struct sam_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("getsam21pwnam: search by name: %s\n", name));
+ DEBUG(10, ("_getsam21pwnam: search by name: %s\n", name));
/* Open the sam password file - not for update. */
fp = startsampwent(False);
if (fp == NULL)
{
- DEBUG(0, ("getsam21pwnam: unable to open sam password database.\n"));
+ DEBUG(0, ("_getsam21pwnam: unable to open sam password database.\n"));
return NULL;
}
if (pwd != NULL)
{
- DEBUG(10, ("getsam21pwnam: found by name: %s\n", name));
+ DEBUG(10, ("_getsam21pwnam: found by name: %s\n", name));
}
endsampwent(fp);
*************************************************************************/
struct sam_passwd *getsam21pwnam(char *name)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
return _getsam21pwnam(name);
-#else
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
+ return _getsam21pwnam(name);
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsam21pwnam(name);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
/************************************************************************
*************************************************************************/
struct smb_passwd *getsampwuid(uid_t smb_userid)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
+ return _getsampwuid(smb_userid);
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsampwuid(smb_userid);
-#else
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
return _getsampwuid(smb_userid);
-#endif /* USE_LDAP */
+#endif /* USE_SMBPASS_DB */
}
Routine to search sam passwd by rid. use this if your database
does not have search facilities.
*************************************************************************/
-struct sam_passwd *_getsam21pwrid(uint32 rid)
+static struct sam_passwd *_getsam21pwrid(uint32 rid)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("getsam21pwrid: search by rid: %x\n", rid));
+ DEBUG(10, ("_getsam21pwrid: search by rid: %x\n", rid));
/* Open the sam password file - not for update. */
fp = startsampwent(False);
if (fp == NULL)
{
- DEBUG(0, ("getsam21pwrid: unable to open sam password database.\n"));
+ DEBUG(0, ("_getsam21pwrid: unable to open sam password database.\n"));
return NULL;
}
if (pwd != NULL)
{
- DEBUG(10, ("getsam21pwrid: found by smb_userid: %x\n", rid));
+ DEBUG(10, ("_getsam21pwrid: found by smb_userid: %x\n", rid));
}
endsmbpwent(fp);
*************************************************************************/
struct sam_passwd *getsam21pwrid(uint32 rid)
{
-#ifdef USE_LDAP
+#ifdef USE_NISPLUS_DB
return _getsam21pwrid(rid);
-#else
+#endif /* USE_NISPLUS_DB */
+
+#ifdef USE_LDAP_DB
return _getsam21pwrid(rid);
-#endif /* USE_LDAP */
+#endif /* USE_LDAP_DB */
+
+#ifdef USE_SMBPASS_DB
+ return _getsam21pwrid(rid);
+#endif /* USE_SMBPASS_DB */
}
**********************************************************
**********************************************************/
+/*******************************************************************
+ gets password-database-format time from a string.
+ ********************************************************************/
+static time_t get_time_from_string(char *p)
+{
+ int i;
+
+ for (i = 0; i < 8; i++)
+ {
+ if (p[i] == '\0' || !isxdigit(p[i]))
+ break;
+ }
+ if (i == 8)
+ {
+ /*
+ * p points at 8 characters of hex digits -
+ * read into a time_t as the seconds since
+ * 1970 that the password was last changed.
+ */
+ return (time_t)strtol((char *)p, NULL, 16);
+ }
+ return (time_t)-1;
+}
+
+/*******************************************************************
+ gets password last set time
+ ********************************************************************/
+time_t pdb_get_last_set_time(char *p)
+{
+ if (*p && StrnCaseCmp((char *)p, "LCT-", 4))
+ {
+ return get_time_from_string(p + 4);
+ }
+ return (time_t)-1;
+}
+
+
+/*******************************************************************
+ sets password-database-format time in a string.
+ ********************************************************************/
+static set_time_in_string(char *p, int max_len, char *type, time_t t)
+{
+ slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
+}
+
+/*******************************************************************
+ sets password last set time
+ ********************************************************************/
+void pdb_set_last_set_time(char *p, int max_len, time_t t)
+{
+ set_time_in_string(p, max_len, "LCT", t);
+}
/**********************************************************
Encode the account control bits into a string.
**********************************************************/
-char *encode_acct_ctrl(uint16 acct_ctrl)
+char *pdb_encode_acct_ctrl(uint16 acct_ctrl)
{
static fstring acct_str;
char *p = acct_str;
reason: vertical line-up code clarity - all case statements fit into
15 lines, which is more important.
**********************************************************/
-uint16 decode_acct_ctrl(char *p)
+uint16 pdb_decode_acct_ctrl(char *p)
{
uint16 acct_ctrl = 0;
BOOL finished = False;
Routine to get the next 32 hex characters and turn them
into a 16 byte array.
**************************************************************/
-int gethexpwd(char *p, char *pwd)
+int pdb_gethexpwd(char *p, char *pwd)
{
int i;
unsigned char lonybble, hinybble;
/*******************************************************************
Group and User RID username mapping function
********************************************************************/
-BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
struct passwd *pw = Get_Pwnam(user_name, False);
/****************************************************************************
Read the machine SID from a file.
****************************************************************************/
-
static BOOL read_sid_from_file(int fd, char *sid_file)
{
fstring fline;
Generate the global machine sid. Look for the MACHINE.SID file first, if
not found then look in smb.conf and use it to create the MACHINE.SID file.
****************************************************************************/
-
-BOOL generate_machine_sid(void)
+BOOL pdb_generate_machine_sid(void)
{
int fd;
char *p;
/*******************************************************************
converts NT User RID to a UNIX uid.
********************************************************************/
-uid_t user_rid_to_uid(uint32 u_rid)
+uid_t pdb_user_rid_to_uid(uint32 u_rid)
{
return (uid_t)(u_rid - 1000);
}
/*******************************************************************
converts NT Group RID to a UNIX uid.
********************************************************************/
-uid_t group_rid_to_uid(uint32 u_gid)
+uid_t pdb_group_rid_to_uid(uint32 u_gid)
{
return (uid_t)(u_gid - 1000);
}
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 uid_to_user_rid(uint32 uid)
+uint32 pdb_uid_to_user_rid(uint32 uid)
{
return (uint32)(uid + 1000);
}
/*******************************************************************
converts NT Group RID to a UNIX uid.
********************************************************************/
-uint32 gid_to_group_rid(uint32 gid)
+uint32 pdb_gid_to_group_rid(uint32 gid)
{
return (uint32)(gid + 1000);
}
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_PWNOTREQ;
} else {
- if (!gethexpwd((char *)p, (char *)smbpwd)) {
+ if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) {
DEBUG(0, ("getsmbpwent: Malformed Lanman password entry (non hex chars)\n"));
continue;
}
the lanman password. */
if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
if (*p != '*' && *p != 'X') {
- if(gethexpwd((char *)p,(char *)smbntpwd))
+ if(pdb_gethexpwd((char *)p,(char *)smbntpwd))
pw_buf.smb_nt_passwd = smbntpwd;
}
p += 33; /* Move to the first character of the line after
return !fseek((FILE *)vp, tok, SEEK_SET);
}
+/************************************************************************
+ Routine to add an entry to the smbpasswd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
+BOOL add_smb21pwd_entry(struct sam_passwd *newpwd)
+{
+ return False;
+}
+
/************************************************************************
Routine to add an entry to the smbpasswd file.
return True;
}
+/************************************************************************
+ Routine to search the smbpasswd file for an entry matching the username.
+ and then modify its password entry. We can't use the startsmbpwent()/
+ getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+
+ do not call this function directly. use passdb.c instead.
+
+************************************************************************/
+BOOL mod_smb21pwd_entry(struct sam_passwd* pwd, BOOL override)
+{
+ return False;
+}
+
/************************************************************************
Routine to search the smbpasswd file for an entry matching the username.
and then modify its password entry. We can't use the startsmbpwent()/
* Get the hex password.
*/
- if (!gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
+ if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
strncmp(&linebuf[33], "TLC-", 4)) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
#ifdef DEBUG_PASSWORD
BEGIN {
inheader=0;
- use_ldap_define = 0;
+# use_ldap_define = 0;
current_file="";
print "/* This file is automatically generated with \"make proto\". DO NOT EDIT */"
print ""
{
if (FILENAME!=current_file) {
- if (use_ldap_define)
- {
- print "#endif /* USE_LDAP */"
- use_ldap_define = 0;
- }
+# if (use_ldap_define)
+# {
+# print "#endif /* USE_LDAP */"
+# use_ldap_define = 0;
+# }
print ""
print "/*The following definitions come from ",FILENAME," */"
print ""
current_file=FILENAME
- if (current_file=="ldap.c") {
- print "#ifdef USE_LDAP"
- use_ldap_define = 1;
- }
+# if (current_file=="ldap.c") {
+# print "#ifdef USE_LDAP"
+# use_ldap_define = 1;
+# }
}
if (inheader) {
if (match($0,"[)][ \t]*$")) {
git.samba.org / kai / samba.git / commitdiff