From c19598f2a6a3329e973e14e389e0577ebb914f3b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Nov 2002 23:08:59 +0000 Subject: Merge from HEAD: - change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1) --- source3/auth/auth_sam.c | 17 +++++++++-------- source3/libsmb/cliconnect.c | 2 +- source3/passdb/pdb_ldap.c | 28 ++++++++++++++-------------- source3/passdb/pdb_smbpasswd.c | 40 ++++++++++++++++++++++++---------------- source3/passdb/secrets.c | 15 +++++++++------ source3/rpc_server/srv_samr_nt.c | 2 ++ source3/utils/smbpasswd.c | 2 +- 7 files changed, 60 insertions(+), 46 deletions(-) diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index bc98f46dc2..7252193c9a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -162,12 +162,9 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } - nt_pw = pdb_get_nt_passwd(sampass); - lm_pw = pdb_get_lanman_passwd(sampass); - auth_flags = user_info->auth_flags; - if (nt_pw == NULL) { + if (IS_SAM_DEFAULT(sampass, PDB_NTPASSWD)) { DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n", pdb_get_username(sampass))); /* No return, we want to check the LM hash below in this case */ @@ -175,6 +172,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } if (auth_flags & AUTH_FLAG_NTLMv2_RESP) { + nt_pw = pdb_get_nt_passwd(sampass); /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ @@ -191,7 +189,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, return NT_STATUS_WRONG_PASSWORD; } } else if (auth_flags & AUTH_FLAG_NTLM_RESP) { - if (lp_ntlm_auth()) { + if (lp_ntlm_auth()) { + nt_pw = pdb_get_nt_passwd(sampass); /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ @@ -211,13 +210,14 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } - if (lm_pw == NULL) { + if (IS_SAM_DEFAULT(sampass, PDB_LMPASSWD)) { DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass))); auth_flags &= (~AUTH_FLAG_LM_RESP); } if (auth_flags & AUTH_FLAG_LM_RESP) { - + lm_pw = pdb_get_lanman_passwd(sampass); + if (user_info->lm_resp.length != 24) { DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n", user_info->nt_resp.length, pdb_get_username(sampass))); @@ -235,7 +235,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, { return NT_STATUS_OK; } else { - if (lp_ntlm_auth()) { + if (lp_ntlm_auth() && (!IS_SAM_DEFAULT(sampass, PDB_NTPASSWD))) { + nt_pw = pdb_get_nt_passwd(sampass); /* Apparently NT accepts NT responses in the LM field - I think this is related to Win9X pass-though authentication */ diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 890dc4dc25..ee311932a7 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1280,7 +1280,7 @@ again: Attempt a NetBIOS session request, falling back to *SMBSERVER if needed. ****************************************************************************/ -BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, +BOOL attempt_netbios_session_request(struct cli_state *cli, const char *srchost, const char *desthost, struct in_addr *pdest_ip) { struct nmb_name calling, called; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 22358cb47d..e35775a6da 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1907,49 +1907,49 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO return NT_STATUS_OK; } -static NTSTATUS lsapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, +static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid, BOOL with_priv) { return get_group_map_from_sid(sid, map, with_priv) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, +static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid, BOOL with_priv) { return get_group_map_from_gid(gid, map, with_priv) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, +static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, char *name, BOOL with_priv) { return get_group_map_from_ntname(name, map, with_priv) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_add_group_mapping_entry(struct pdb_methods *methods, +static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { return add_mapping_entry(map, TDB_INSERT) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_update_group_mapping_entry(struct pdb_methods *methods, +static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { return add_mapping_entry(map, TDB_REPLACE) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_delete_group_mapping_entry(struct pdb_methods *methods, +static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { return group_map_remove(sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS lsapsam_enum_group_mapping(struct pdb_methods *methods, +static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, BOOL unix_only, BOOL with_priv) @@ -1998,13 +1998,13 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->add_sam_account = ldapsam_add_sam_account; (*pdb_method)->update_sam_account = ldapsam_update_sam_account; (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; - (*pdb_method)->getgrsid = lsapsam_getgrsid; - (*pdb_method)->getgrgid = lsapsam_getgrgid; - (*pdb_method)->getgrnam = lsapsam_getgrnam; - (*pdb_method)->add_group_mapping_entry = lsapsam_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = lsapsam_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = lsapsam_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = lsapsam_enum_group_mapping; + (*pdb_method)->getgrsid = ldapsam_getgrsid; + (*pdb_method)->getgrgid = ldapsam_getgrgid; + (*pdb_method)->getgrnam = ldapsam_getgrnam; + (*pdb_method)->add_group_mapping_entry = ldapsam_add_group_mapping_entry; + (*pdb_method)->update_group_mapping_entry = ldapsam_update_group_mapping_entry; + (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; + (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; /* TODO: Setup private data and free */ diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index abfe016e8a..5fd6a828bf 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1494,47 +1494,55 @@ static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SA } static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid, BOOL with_priv) + DOM_SID sid, BOOL with_priv) { - return NT_STATUS_NOT_IMPLEMENTED; + return get_group_map_from_sid(sid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid, BOOL with_priv) + gid_t gid, BOOL with_priv) { - return NT_STATUS_NOT_IMPLEMENTED; + return get_group_map_from_gid(gid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - char *name, BOOL with_priv) + char *name, BOOL with_priv) { - return NT_STATUS_NOT_IMPLEMENTED; + return get_group_map_from_ntname(name, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - return NT_STATUS_NOT_IMPLEMENTED; + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - return NT_STATUS_NOT_IMPLEMENTED; + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) + DOM_SID sid) { - return NT_STATUS_NOT_IMPLEMENTED; + return group_map_remove(sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **rmap, int *num_entries, - BOOL unix_only, BOOL with_priv) + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) { - return NT_STATUS_NOT_IMPLEMENTED; + return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, + with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static void free_private_data(void **vp) diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index ad56fcedd1..29afaddea3 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -209,7 +209,7 @@ char *trustdom_keystr(const char *domain) Lock the trust password entry. ************************************************************************/ -BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock) +BOOL secrets_lock_trust_account_password(const char *domain, BOOL dolock) { if (!tdb) return False; @@ -263,7 +263,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], Routine to get account password to trusted domain ************************************************************************/ -BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, +BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass *pass; @@ -302,7 +302,8 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, /************************************************************************ Routine to set the trust account password for a domain. ************************************************************************/ -BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) + +BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) { struct machine_acct_pass pass; @@ -322,7 +323,7 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) * @return true if succeeded **/ -BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name, +BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name, size_t uni_name_len, char* pwd, DOM_SID sid) { @@ -353,7 +354,8 @@ BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_nam Routine to set the plaintext machine account password for a realm the password is assumed to be a null terminated ascii string ************************************************************************/ -BOOL secrets_store_machine_password(char *pass) + +BOOL secrets_store_machine_password(const char *pass) { char *key; BOOL ret; @@ -394,6 +396,7 @@ BOOL trust_password_delete(const char *domain) /************************************************************************ Routine to delete the password for trusted domain ************************************************************************/ + BOOL trusted_domain_password_delete(const char *domain) { return secrets_delete(trustdom_keystr(domain)); @@ -602,7 +605,7 @@ BOOL secrets_named_mutex(const char *name, unsigned int timeout) Unlock a named mutex. *******************************************************************************/ -void secrets_named_mutex_release(char *name) +void secrets_named_mutex_release(const char *name) { tdb_unlock_bystring(tdb, name); DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name )); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7b611922f6..0b5870b16c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -303,6 +303,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) } if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) { + DEBUG(1, ("load_group_domain_entries: pdb_enum_group_mapping() failed!\n")); return NT_STATUS_NO_MEMORY; } @@ -311,6 +312,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) grp_array=(DISP_GROUP_INFO *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO)); if (group_entries!=0 && grp_array==NULL) { + DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n")); SAFE_FREE(map); return NT_STATUS_NO_MEMORY; } diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 75a4319cb9..0e822ee7ad 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -122,7 +122,7 @@ static int process_options(int argc, char **argv, int local_flags) local_flags |= LOCAL_INTERDOM_ACCOUNT; break; case 'j': - d_printf("See 'net rpc join' for this functionality\n"); + d_printf("See 'net join' for this functionality\n"); exit(1); break; case 'n': -- cgit