/*
- * Unix SMB/Netbios implementation.
- * Version 1.9. SMB parameters and setup
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
* Copyright (C) Andrew Tridgell 1992-1998
* Modified by Jeremy Allison 1995.
- * Modified by Gerald (Jerry) Carter 2000
+ * Modified by Gerald (Jerry) Carter 2000-2001
+ * Modified by Andrew Bartlett 2002.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
#include "includes.h"
-#ifdef USE_SMBPASS_DB
-
/*
smb_passwd is analogous to sam_passwd used everywhere
struct smb_passwd
{
- uid_t smb_userid; /* this is actually the unix uid_t */
- char *smb_name; /* username string */
+ BOOL smb_userid_set; /* this is actually the unix uid_t */
+ uint32 smb_userid; /* this is actually the unix uid_t */
+ const char *smb_name; /* username string */
- unsigned char *smb_passwd; /* Null if no password */
- unsigned char *smb_nt_passwd; /* Null if no password */
+ const unsigned char *smb_passwd; /* Null if no password */
+ const unsigned char *smb_nt_passwd; /* Null if no password */
uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
time_t pass_last_set_time; /* password last set time */
};
+struct smbpasswd_privates
+{
+ /* used for maintain locks on the smbpasswd file */
+ int pw_file_lock_depth;
+
+ /* Global File pointer */
+ FILE *pw_file;
+
+ /* formerly static variables */
+ struct smb_passwd pw_buf;
+ pstring user_name;
+ unsigned char smbpwd[16];
+ unsigned char smbntpwd[16];
-extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
-extern struct passdb_ops pdb_ops;
+ /* retrive-once info */
+ const char *smbpasswd_file;
+ BOOL permit_non_unix_accounts;
-/* used for maintain locks on the smbpasswd file */
-static int pw_file_lock_depth;
-static void *global_vp;
+ uint32 low_nua_userid;
+ uint32 high_nua_userid;
-/* static memory area used by all passdb search functions
- in this module */
-static SAM_ACCOUNT global_sam_pass;
+};
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
/**************************************************************
Intialize a smb_passwd struct
*************************************************************/
+
static void pdb_init_smb(struct smb_passwd *user)
{
- if (user == NULL)
+ if (user == NULL)
return;
- ZERO_STRUCTP (user);
+ ZERO_STRUCTP (user);
- user->pass_last_set_time = (time_t)-1;
+ user->pass_last_set_time = (time_t)0;
}
-
-
/***************************************************************
Internal fn to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module. Checks for atomic
been granted to prevent race conditions. JRA.
****************************************************************/
-static void *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
+static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
{
FILE *fp = NULL;
const char *open_mode = NULL;
}
/* We have a lock on the file. */
- return (void *)fp;
+ return fp;
}
/***************************************************************
End enumeration of the smbpasswd list.
****************************************************************/
-static void endsmbfilepwent(void *vp, int *lock_depth)
+static void endsmbfilepwent(FILE *fp, int *lock_depth)
{
- FILE *fp = (FILE *)vp;
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
Routine to return the next entry in the smbpasswd list.
*************************************************************************/
-static struct smb_passwd *getsmbfilepwent(void *vp)
+static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_state, FILE *fp)
{
/* Static buffers we will return. */
- static struct smb_passwd pw_buf;
- static pstring user_name;
- static unsigned char smbpwd[16];
- static unsigned char smbntpwd[16];
- FILE *fp = (FILE *)vp;
+ struct smb_passwd *pw_buf = &smbpasswd_state->pw_buf;
+ char *user_name = smbpasswd_state->user_name;
+ unsigned char *smbpwd = smbpasswd_state->smbpwd;
+ unsigned char *smbntpwd = smbpasswd_state->smbntpwd;
char linebuf[256];
unsigned char c;
unsigned char *p;
return NULL;
}
- pdb_init_smb(&pw_buf);
+ pdb_init_smb(pw_buf);
- pw_buf.acct_ctrl = ACB_NORMAL;
+ pw_buf->acct_ctrl = ACB_NORMAL;
/*
* Scan the file, a line at a time and check if the name matches.
DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
continue;
}
- p = (unsigned char *) strchr(linebuf, ':');
+ p = (unsigned char *) strchr_m(linebuf, ':');
if (p == NULL) {
DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
continue;
continue;
}
- pw_buf.smb_name = user_name;
- pw_buf.smb_userid = uidval;
+ pw_buf->smb_name = user_name;
+ pw_buf->smb_userid = uidval;
/*
* Now get the password value - this should be 32 hex digits
if (*p == '*' || *p == 'X') {
/* Password deliberately invalid - end here. */
DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
- pw_buf.smb_nt_passwd = NULL;
- pw_buf.smb_passwd = NULL;
- pw_buf.acct_ctrl |= ACB_DISABLED;
- return &pw_buf;
+ pw_buf->smb_nt_passwd = NULL;
+ pw_buf->smb_passwd = NULL;
+ pw_buf->acct_ctrl |= ACB_DISABLED;
+ return pw_buf;
}
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
}
if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
- pw_buf.smb_passwd = NULL;
- pw_buf.acct_ctrl |= ACB_PWNOTREQ;
+ pw_buf->smb_passwd = NULL;
+ pw_buf->acct_ctrl |= ACB_PWNOTREQ;
} else {
if (!pdb_gethexpwd((char *)p, smbpwd)) {
DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
continue;
}
- pw_buf.smb_passwd = smbpwd;
+ pw_buf->smb_passwd = smbpwd;
}
/*
* Now check if the NT compatible password is
* available.
*/
- pw_buf.smb_nt_passwd = NULL;
+ pw_buf->smb_nt_passwd = NULL;
p += 33; /* Move to the first character of the line after
the lanman password. */
if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
if (*p != '*' && *p != 'X') {
if(pdb_gethexpwd((char *)p,smbntpwd))
- pw_buf.smb_nt_passwd = smbntpwd;
+ pw_buf->smb_nt_passwd = smbntpwd;
}
p += 33; /* Move to the first character of the line after
the NT password. */
if (*p == '[')
{
- unsigned char *end_p = (unsigned char *)strchr((char *)p, ']');
- pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p);
+ unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
+ pw_buf->acct_ctrl = pdb_decode_acct_ctrl((char*)p);
/* Must have some account type set. */
- if(pw_buf.acct_ctrl == 0)
- pw_buf.acct_ctrl = ACB_NORMAL;
+ if(pw_buf->acct_ctrl == 0)
+ pw_buf->acct_ctrl = ACB_NORMAL;
/* Now try and get the last change time. */
if(end_p)
* read into a time_t as the seconds since
* 1970 that the password was last changed.
*/
- pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
+ pw_buf->pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
}
}
}
* password file as 'normal accounts'. If this changes
* we will have to fix this code. JRA.
*/
- if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
- pw_buf.acct_ctrl &= ~ACB_NORMAL;
- pw_buf.acct_ctrl |= ACB_WSTRUST;
+ if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
+ pw_buf->acct_ctrl &= ~ACB_NORMAL;
+ pw_buf->acct_ctrl |= ACB_WSTRUST;
}
}
- return &pw_buf;
+ return pw_buf;
}
DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
Create a new smbpasswd entry - malloced space returned.
*************************************************************************/
-static char *format_new_smbpasswd_entry(struct smb_passwd *newpwd)
+static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd)
{
int new_entry_length;
char *new_entry;
Routine to add an entry to the smbpasswd file.
*************************************************************************/
-static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
+static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd)
{
- char *pfile = lp_smb_passwd_file();
+ const char *pfile = smbpasswd_state->smbpasswd_file;
struct smb_passwd *pwd = NULL;
FILE *fp = NULL;
int wr_len;
size_t new_entry_length;
char *new_entry;
SMB_OFF_T offpos;
-
+ uint32 max_found_uid = 0;
+
/* Open the smbpassword file - for update. */
- fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth);
+ fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth));
+
+ if (fp == NULL && errno == ENOENT) {
+ /* Try again - create. */
+ fp = startsmbfilepwent(pfile, PWF_CREATE, &(smbpasswd_state->pw_file_lock_depth));
+ }
if (fp == NULL) {
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
* Scan the file, a line at a time and check if the name matches.
*/
- while ((pwd = getsmbfilepwent(fp)) != NULL)
+ while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL)
{
if (strequal(newpwd->smb_name, pwd->smb_name))
{
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
return False;
}
- }
+
+ /* Look for a free uid for use in non-unix accounts */
+ if (pwd->smb_userid > max_found_uid) {
+ max_found_uid = pwd->smb_userid;
+ }
+ }
/* Ok - entry doesn't exist. We can add it */
+ /* Account not in /etc/passwd hack!!! */
+ if (!newpwd->smb_userid_set) {
+ if (!smbpasswd_state->permit_non_unix_accounts) {
+ DEBUG(0, ("add_smbfilepwd_entry: cannot add account %s without unix identity\n", newpwd->smb_name));
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+ return False;
+ }
+
+ if (max_found_uid < smbpasswd_state->low_nua_userid) {
+ newpwd->smb_userid = smbpasswd_state->low_nua_userid;
+ newpwd->smb_userid_set = True;
+ } else if (max_found_uid >= smbpasswd_state->high_nua_userid) {
+ DEBUG(0, ("add_smbfilepwd_entry: cannot add machine %s, no uids are free! \n", newpwd->smb_name));
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+ return False;
+ } else {
+ newpwd->smb_userid = max_found_uid + 1;
+ newpwd->smb_userid_set = True;
+ }
+ }
+
+
/* Create a new smb passwd entry and set it to the given password. */
/*
* The add user write needs to be atomic - so get the fd from
{
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
return False;
}
{
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
return False;
}
newpwd->smb_name, strerror(errno)));
}
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
free(new_entry);
return False;
}
free(new_entry);
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
return True;
}
override = True, override XXXXXXXX'd out password or NO PASS
************************************************************************/
-static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
+static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd)
{
/* Static buffers we will return. */
- static pstring user_name;
+ char * user_name = smbpasswd_state->user_name;
char linebuf[256];
char readbuf[1024];
size_t linebuf_len = 0;
FILE *fp;
int lockfd;
- char *pfile = lp_smb_passwd_file();
+ const char *pfile = smbpasswd_state->smbpasswd_file;
BOOL found_entry = False;
BOOL got_pass_last_set_time = False;
lockfd = fileno(fp);
- if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
+ if (!pw_file_lock(lockfd, F_WRLCK, 5, &(smbpasswd_state->pw_file_lock_depth))) {
DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
fclose(fp);
return False;
fgets(linebuf, sizeof(linebuf), fp);
if (ferror(fp)) {
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
continue;
}
- p = (unsigned char *) strchr(linebuf, ':');
+ p = (unsigned char *) strchr_m(linebuf, ':');
if (p == NULL) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
}
if (!found_entry) {
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
if (!isdigit(*p)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
p++;
if (*p != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
+ pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
/* Record exact password position */
pwd_seekpos += PTR_DIFF(p, linebuf);
- if (!override && (*p == '*' || *p == 'X')) {
- /* Password deliberately invalid - end here. */
- DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
- pw_file_unlock(lockfd, &pw_file_lock_depth);
- fclose(fp);
- return False;
- }
-
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return (False);
}
if (p[32] != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
- fclose(fp);
- return False;
- }
-
- if (!override && (*p == '*' || *p == 'X')) {
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
the lanman password. */
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return (False);
}
if (p[32] != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
p += 33; /* Move to the first character of the line after
the NT password. */
- /*
- * If both NT and lanman passwords are provided - reset password
- * not required flag.
- */
-
- if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
- /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
- pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
- }
-
if (*p == '[') {
i = 0;
*/
fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
} else {
- /*
- * If using the old format and the ACB_DISABLED or
- * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
- * here as we have no space to encode the change.
- */
- if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
- pwd->smb_passwd = NULL;
- pwd->smb_nt_passwd = NULL;
- }
+ DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format. This is no longer supported.!\n"));
+ DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
+ return False;
}
/* Go past the ']' */
/* Add on the account info bits and the time of last
password change. */
- pwd->pass_last_set_time = time(NULL);
-
if(got_pass_last_set_time) {
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
if(wr_len > sizeof(linebuf)) {
DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return (False);
}
if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
/* Sanity check - ensure the areas we are writing are framed by ':' */
if (read(fd, linebuf, wr_len+1) != wr_len+1) {
DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
if (write(fd, ascii_p16, wr_len) != wr_len) {
DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return False;
}
- pw_file_unlock(lockfd,&pw_file_lock_depth);
+ pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
fclose(fp);
return True;
}
Routine to delete an entry in the smbpasswd file by name.
*************************************************************************/
-static BOOL del_smbfilepwd_entry(const char *name)
+static BOOL del_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const char *name)
{
- char *pfile = lp_smb_passwd_file();
+ const char *pfile = smbpasswd_state->smbpasswd_file;
pstring pfile2;
struct smb_passwd *pwd = NULL;
FILE *fp = NULL;
* it.
*/
- if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth)) == NULL) {
+ if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth))) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
return False;
}
*/
if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
return False;
}
* Scan the file, a line at a time and check if the name matches.
*/
- while ((pwd = getsmbfilepwent(fp)) != NULL) {
+ while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
char *new_entry;
size_t new_entry_length;
DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
unlink(pfile2);
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
endsmbfilepwent(fp_write, &pfile2_lockdepth);
return False;
}
DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
unlink(pfile2);
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
endsmbfilepwent(fp_write, &pfile2_lockdepth);
free(new_entry);
return False;
if(fflush(fp_write) != 0)
{
DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
endsmbfilepwent(fp_write,&pfile2_lockdepth);
return False;
}
unlink(pfile2);
}
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
endsmbfilepwent(fp_write,&pfile2_lockdepth);
return True;
}
/*********************************************************************
- Create a SAM_ACCOUNT from a smb_passwd struct
+ Create a smb_passwd struct from a SAM_ACCOUNT.
+ We will not allocate any new memory. The smb_passwd struct
+ should only stay around as long as the SAM_ACCOUNT does.
********************************************************************/
-static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
- BYTE *ptr;
-
- if (sampass == NULL)
- return False;
+ uid_t uid;
- ZERO_STRUCTP (smb_pw);
-
- smb_pw->smb_userid = pdb_get_uid(sampass);
- smb_pw->smb_name = strdup(pdb_get_username(sampass));
-
- if ((ptr=pdb_get_lanman_passwd(sampass)) != NULL)
- {
- if ((smb_pw->smb_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
- {
- DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
- return False;
- }
- memcpy (smb_pw->smb_passwd, ptr, sizeof(BYTE)*16);
- }
+ if (sampass == NULL)
+ return False;
- if ((ptr=pdb_get_nt_passwd(sampass)) != NULL)
- {
- if ((smb_pw->smb_nt_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
- {
- DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
+ ZERO_STRUCTP(smb_pw);
+
+ if (!IS_SAM_UNIX_USER(sampass)) {
+ smb_pw->smb_userid_set = False;
+ DEBUG(5,("build_sam_pass: storing user without a UNIX uid or gid. \n"));
+ } else {
+ uint32 rid = pdb_get_user_rid(sampass);
+ smb_pw->smb_userid_set = True;
+ uid = pdb_get_uid(sampass);
+
+ /* If the user specified a RID, make sure its able to be both stored and retreived */
+ if (rid && uid != pdb_user_rid_to_uid(rid)) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
return False;
}
- memcpy (smb_pw->smb_nt_passwd, ptr, sizeof(BYTE)*16);
- }
-
- smb_pw->acct_ctrl = pdb_get_acct_ctrl(sampass);
- smb_pw->pass_last_set_time = pdb_get_pass_last_set_time(sampass);
- return True;
-
-}
-
-/********************************************************************
- clear out memory allocated for pointer members
- *******************************************************************/
-static void clear_smb_pass (struct smb_passwd *smb_pw)
-{
+ smb_pw->smb_userid=uid;
+ }
- /* valid poiner to begin with? */
- if (smb_pw == NULL)
- return;
-
- /* clear out members */
- if (smb_pw->smb_name)
- free (smb_pw->smb_name);
-
- if (smb_pw->smb_passwd)
- free(smb_pw->smb_passwd);
+ smb_pw->smb_name=(const char*)pdb_get_username(sampass);
+
+ smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
+ smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
+
+ smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
+ smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
+
+#if 0
+ /*
+ * ifdef'out by JFM on 11/29/2001.
+ * this assertion is no longer valid
+ * and I don't understand the goal
+ * and doing the same thing with the group mapping code
+ * is hairy !
+ *
+ * We just have the RID, in which SID is it valid ?
+ * our domain SID ? well known SID ? local SID ?
+ */
+
+ if (gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
+ DEBUG(0,("build_sam_pass: %d %d %d. \n", *gid, pdb_group_rid_to_gid(pdb_get_group_rid(sampass)), pdb_get_group_rid(sampass)));
+ return False;
+ }
+#endif
- if (smb_pw->smb_nt_passwd)
- free(smb_pw->smb_nt_passwd);
-
- return;
-}
-
+ return True;
+}
/*********************************************************************
Create a SAM_ACCOUNT from a smb_passwd struct
********************************************************************/
-static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
- struct smb_passwd *pw_buf)
+static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
{
-
- struct passwd *pwfile;
-
- if (!sam_pass)
- return (False);
-
- /* make sure that we own the memory here--also clears
- any existing members as a side effect */
- pdb_set_mem_ownership(sam_pass, True);
+ struct passwd *pwfile;
- /* is the user valid? Verify in system password file...
-
- FIXME!!! This is where we should look up an internal
- mapping of allocated uid for machine accounts as well
- --jerry */
- pwfile = sys_getpwnam(pw_buf->smb_name);
- if (pwfile == NULL)
- {
- DEBUG(0,("build_sam_account: smbpasswd database is corrupt!\n"));
- DEBUG(0,("build_sam_account: username %s not in unix passwd database!\n", pw_buf->smb_name));
+ if (sam_pass==NULL) {
+ DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
return False;
}
- pstrcpy(samlogon_user, pw_buf->smb_name);
-
- pdb_set_uid (sam_pass, pwfile->pw_uid);
- pdb_set_gid (sam_pass, pwfile->pw_gid);
- pdb_set_user_rid (sam_pass, pdb_uid_to_user_rid (pdb_get_uid(sam_pass)) );
- pdb_set_username (sam_pass, pw_buf->smb_name);
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
- pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
- pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
- pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
- pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time);
- pdb_set_domain (sam_pass, lp_workgroup());
-
- /* FIXME!! What should this be set to? New smb.conf parameter maybe?
- max password age? For now, we'll use the current time + 21 days.
- --jerry */
- pdb_set_pass_must_change_time (sam_pass, time(NULL)+1814400);
+ if ((smbpasswd_state->permit_non_unix_accounts)
+ && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
+ && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
- /* check if this is a user account or a machine account */
- if (samlogon_user[strlen(samlogon_user)-1] != '$')
- {
- pstring str;
- gid_t gid;
+ pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pw_buf->smb_userid));
+
+ /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here.
+
+ This was down the bottom for machines, but it looks pretty good as
+ a general default for non-unix users. --abartlet 2002-01-08
+ */
+ pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
- sam_logon_in_ssb = True;
-
- pstrcpy(str, lp_logon_script());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
- pdb_set_logon_script(sam_pass, str);
+ } else {
+
+ uint32 grid;
+ GROUP_MAP map;
- pstrcpy(str, lp_logon_path());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
- pdb_set_profile_path(sam_pass, str);
-
- pstrcpy(str, lp_logon_home());
- standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
- pdb_set_homedir(sam_pass, str);
-
- if (lp_unix_realname())
- pdb_set_fullname(sam_pass, pwfile->pw_gecos);
- else
- pdb_set_fullname(sam_pass, "<Full Name>");
+ /* Verify in system password file...
+ FIXME!!! This is where we should look up an internal
+ mapping of allocated uid for machine accounts as well
+ --jerry */
+ pwfile = getpwnam_alloc(pw_buf->smb_name);
+ if (pwfile == NULL) {
+ DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s not in unix passwd database!\n", pw_buf->smb_name));
+ return False;
+ }
+
+ pdb_set_uid (sam_pass, pwfile->pw_uid);
+ pdb_set_gid (sam_pass, pwfile->pw_gid);
+ pdb_set_fullname(sam_pass, pwfile->pw_gecos);
+
+ pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid));
+
+ if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+ sid_peek_rid(&map.sid, &grid);
+ } else {
+ grid=pdb_gid_to_group_rid(pwfile->pw_gid);
+ }
- /* set other user information that we have */
- pdb_set_group_rid (sam_pass, pdb_gid_to_group_rid(pdb_get_gid(&global_sam_pass)) );
- pdb_set_dir_drive (sam_pass, lp_logon_drive());
+ pdb_set_group_rid(sam_pass, grid);
+
+ /* check if this is a user account or a machine account */
+ if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$')
+ {
+ pstring str;
+
+ pstrcpy(str, lp_logon_path());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+ pdb_set_profile_path(sam_pass, str, False);
+
+ pstrcpy(str, lp_logon_home());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+ pdb_set_homedir(sam_pass, str, False);
+
+ pstrcpy(str, lp_logon_drive());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+ pdb_set_dir_drive(sam_pass, str, False);
+
+ pstrcpy(str, lp_logon_script());
+ standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+ pdb_set_logon_script(sam_pass, str, False);
+
+ } else {
+ /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
+ /*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */
+ }
- sam_logon_in_ssb = False;
- }
- else
- {
- /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
- pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
+ passwd_free(&pwfile);
}
+ pdb_set_username (sam_pass, pw_buf->smb_name);
+ pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
+ pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
+ pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
+ pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
+ pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+ pdb_set_domain (sam_pass, lp_workgroup());
+
+ pdb_set_dir_drive (sam_pass, lp_logon_drive(), False);
+
+#if 0 /* JERRY */
+ /* the smbpasswd format doesn't have a must change time field, so
+ we can't get this right. The best we can do is to set this to
+ some time in the future. 21 days seems as reasonable as any other value :)
+ */
+ pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+#endif
return True;
}
+
/*****************************************************************
Functions to be implemented by the new passdb API
****************************************************************/
-BOOL pdb_setsampwent (BOOL update)
+static BOOL smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update)
{
- global_vp = startsmbfilepwent(lp_smb_passwd_file(),
- update ? PWF_UPDATE : PWF_READ,
- &pw_file_lock_depth);
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+
+ smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
+ update ? PWF_UPDATE : PWF_READ,
+ &(smbpasswd_state->pw_file_lock_depth));
/* did we fail? Should we try to create it? */
- if (!global_vp && update && errno == ENOENT)
+ if (!smbpasswd_state->pw_file && update && errno == ENOENT)
{
FILE *fp;
/* slprintf(msg_str,msg_str_len-1,
- "smbpasswd file did not exist - attempting to create it.\n"); */
+ "smbpasswd file did not exist - attempting to create it.\n"); */
DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
- fp = sys_fopen(lp_smb_passwd_file(), "w");
+ fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
if (fp)
{
fprintf(fp, "# Samba SMB password file\n");
fclose(fp);
}
- global_vp = startsmbfilepwent(lp_smb_passwd_file(),
- update ? PWF_UPDATE : PWF_READ,
- &pw_file_lock_depth);
+ smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
+ update ? PWF_UPDATE : PWF_READ,
+ &(smbpasswd_state->pw_file_lock_depth));
}
- return (global_vp != NULL);
+ return (smbpasswd_state->pw_file != NULL);
}
-void pdb_endsampwent (void)
+static void smbpasswd_endsampwent (struct pdb_methods *my_methods)
{
- endsmbfilepwent(global_vp, &pw_file_lock_depth);
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
}
/*****************************************************************
- pdb_getsampwent() uses a static memory ares (returning a pointer
- to this) for all instances. This is identical behavior to the
- getpwnam() call. If the caller wishes to save the SAM_ACCOUNT
- struct, it should make a copy immediately after calling this
- function.
****************************************************************/
-SAM_ACCOUNT* pdb_getsampwent (void)
+static BOOL smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user)
{
- struct smb_passwd *pw_buf;
-
-
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ struct smb_passwd *pw_buf=NULL;
+ BOOL done = False;
DEBUG(5,("pdb_getsampwent\n"));
- /* do we have an entry? */
- pw_buf = getsmbfilepwent(global_vp);
- if (pw_buf == NULL)
- return NULL;
+ if (user==NULL) {
+ DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to getsampwent (smbpasswd)\n");
+#endif
+ return False;
+ }
+
+ while (!done)
+ {
+ /* do we have an entry? */
+ pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
+ if (pw_buf == NULL)
+ return False;
+
+ /* build the SAM_ACCOUNT entry from the smb_passwd struct.
+ We loop in case the user in the pdb does not exist in
+ the local system password file */
+ if (build_sam_account(smbpasswd_state, user, pw_buf))
+ done = True;
+ }
- /* build the SAM_ACCOUNT entry from the smb_passwd struct.
- This will also clear out the previous SAM_ACCOUNT fields */
- if (!build_sam_account (&global_sam_pass, pw_buf))
- return NULL;
+ DEBUG(5,("getsampwent (smbpasswd): done\n"));
/* success */
- return &global_sam_pass;
+ return True;
}
call getpwnam() for unix account information until we have found
the correct entry
***************************************************************/
-SAM_ACCOUNT* pdb_getsampwnam (char *username)
+static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const char *username)
{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
- char *domain = NULL;
- char *user = NULL;
- fstring name;
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
+ char *domain = NULL;
+ char *user = NULL;
+ fstring name;
- DEBUG(10, ("search by name: %s\n", username));
+ DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
+
/* break the username from the domain if we have
been given a string in the form 'DOMAIN\user' */
fstrcpy (name, username);
- if ((user=strchr(name, '\\')) != NULL)
- {
+ if ((user=strchr_m(name, '\\')) != NULL) {
domain = name;
*user = '\0';
user++;
/* if a domain was specified and it wasn't ours
then there is no chance of matching */
- if ( (domain) && (!StrCaseCmp(domain, lp_workgroup())) )
- return (NULL);
+ if ( domain && !StrCaseCmp(domain, lp_workgroup()) )
+ return False;
/* startsmbfilepwent() is used here as we don't want to lookup
the UNIX account in the local system password file until
we have a match. */
- fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
+ fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
- if (fp == NULL)
- {
+ if (fp == NULL) {
DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ return False;
}
/* if we have a domain name, then we should map it to a UNIX
if ( domain )
map_username(user);
- while ( ((smb_pw=getsmbfilepwent(fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
+ while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
/* do nothing....another loop */ ;
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
- {
- return (NULL);
- }
+ return False;
- DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
+ DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
+
+ if (!sam_acct) {
+ DEBUG(10,("getsampwnam (smbpasswd): SAM_ACCOUNT is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwnam\n");
+#endif
+ return False;
+ }
/* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
+ if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
+ return False;
/* success */
- return (&global_sam_pass);
+ return True;
}
-SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
+static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid)
{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ struct smb_passwd *smb_pw;
+ void *fp = NULL;
- DEBUG(10, ("search by uid: %d\n", uid));
+ DEBUG(10, ("pdb_getsampwrid: search by rid: %d\n", rid));
/* Open the sam password file - not for update. */
- fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
+ fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
- if (fp == NULL)
- {
+ if (fp == NULL) {
DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ return False;
}
- while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) )
+ while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
/* do nothing */ ;
- endsmbfilepwent(fp, &pw_file_lock_depth);
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
/* did we locate the username in smbpasswd */
if (smb_pw == NULL)
- {
- return (NULL);
- }
+ return False;
- DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
+ DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
- /* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
-
- /* success */
- return (&global_sam_pass);
-}
-
-SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
-{
- struct smb_passwd *smb_pw;
- void *fp = NULL;
-
- DEBUG(10, ("search by rid: %d\n", rid));
-
- /* Open the sam password file - not for update. */
- fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open passdb database.\n"));
- return NULL;
+ if (!sam_acct) {
+ DEBUG(10,("getsampwrid: (smbpasswd) SAM_ACCOUNT is NULL\n"));
+#if 0
+ smb_panic("NULL pointer passed to pdb_getsampwrid\n");
+#endif
+ return False;
}
- while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
- /* do nothing */ ;
-
- endsmbfilepwent(fp, &pw_file_lock_depth);
-
-
- /* did we locate the username in smbpasswd */
- if (smb_pw == NULL)
- {
- return (NULL);
- }
-
- DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
-
/* now build the SAM_ACCOUNT */
- if (!build_sam_account (&global_sam_pass, smb_pw))
- return NULL;
+ if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
+ return False;
/* success */
- return (&global_sam_pass);
+ return True;
}
-BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass)
+static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass)
{
- struct smb_passwd smb_pw;
- BOOL ret;
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
- build_smb_pass(&smb_pw, sampass);
+ if (!build_smb_pass(&smb_pw, sampass)) {
+ return False;
+ }
/* add the entry */
- ret = add_smbfilepwd_entry(&smb_pw);
-
- /* clear memory from smb_passwd */
- clear_smb_pass (&smb_pw);
+ if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
+ return False;
+ }
- return (ret);
+ return True;
}
-BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override)
+static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass)
{
- struct smb_passwd smb_pw;
- BOOL ret;
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+ struct smb_passwd smb_pw;
/* convert the SAM_ACCOUNT */
- build_smb_pass(&smb_pw, sampass);
+ if (!build_smb_pass(&smb_pw, sampass))
+ return False;
/* update the entry */
- ret = mod_smbfilepwd_entry(&smb_pw, override);
+ if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw))
+ return False;
+
+ return True;
+}
+
+static BOOL smbpasswd_delete_sam_account (struct pdb_methods *my_methods, const SAM_ACCOUNT *sampass)
+{
+ struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
+
+ const char *username = pdb_get_username(sampass);
+
+ return del_smbfilepwd_entry(smbpasswd_state, username);
+}
+
+static void free_private_data(void **vp)
+{
+ struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
- /* clear memory from smb_passwd */
- clear_smb_pass (&smb_pw);
+ endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth));
- return (ret);
+ *privates = NULL;
+ /* No need to free any further, as it is talloc()ed */
}
-BOOL pdb_delete_sam_account (char* username)
+
+NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
- return ( del_smbfilepwd_entry(username) );
+ NTSTATUS nt_status;
+ struct smbpasswd_privates *privates;
+
+ if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+ return nt_status;
+ }
+
+ (*pdb_method)->name = "smbpasswd";
+
+ (*pdb_method)->setsampwent = smbpasswd_setsampwent;
+ (*pdb_method)->endsampwent = smbpasswd_endsampwent;
+ (*pdb_method)->getsampwent = smbpasswd_getsampwent;
+ (*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
+ (*pdb_method)->getsampwrid = smbpasswd_getsampwrid;
+ (*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
+ (*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
+ (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
+
+ /* Setup private data and free function */
+
+ privates = talloc_zero(pdb_context->mem_ctx, sizeof(struct smbpasswd_privates));
+
+ if (!privates) {
+ DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Store some config details */
+
+ if (location) {
+ privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, location);
+ } else {
+ privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, lp_smb_passwd_file());
+ }
+
+ if (!privates->smbpasswd_file) {
+ DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ (*pdb_method)->private_data = privates;
+
+ (*pdb_method)->free_private_data = free_private_data;
+
+ return NT_STATUS_OK;
}
-#else
- /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
- void smbpass_dummy_function(void) { } /* stop some compilers complaining */
-#endif /* USE_SMBPASS_DB */
+NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+ NTSTATUS nt_status;
+ struct smbpasswd_privates *privates;
+
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_smbpasswd(pdb_context, pdb_method, location))) {
+ return nt_status;
+ }
+
+ (*pdb_method)->name = "smbpasswd_nua";
+
+ privates = (*pdb_method)->private_data;
+
+ privates->permit_non_unix_accounts = True;
+
+ if (!lp_non_unix_account_range(&privates->low_nua_userid, &privates->high_nua_userid)) {
+ DEBUG(0, ("cannot use smbpasswd_nua without 'non unix account range' in smb.conf!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return NT_STATUS_OK;
+}