From 128b73da7b86c45e411e5331251f9ed08f0f689e Mon Sep 17 00:00:00 2001 From: cvs2svn Import User Date: Sat, 23 Jun 2001 20:19:24 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'release-2-2-0a'. --- docs/OID/allocated-arcs.txt | 16 - docs/OID/samba-oid.mail | 27 -- examples/VFS/block/Makefile | 37 -- examples/VFS/block/block.c | 546 --------------------- examples/VFS/block/samba-block.conf | 6 - examples/VFS/block/smb.conf | 13 - examples/libsmbclient/README | 8 - source/include/mapping.h | 48 -- source/include/util_getent.h | 45 -- source/libsmb/cli_netlogon.c | 128 ----- source/libsmb/cli_srvsvc.c | 128 ----- source/nsswitch/winbind_nss_solaris.c | 279 ----------- source/nsswitch/winbindd_sid.c | 244 ---------- source/pam_smbpass/CHANGELOG | 31 -- source/pam_smbpass/README | 66 --- source/pam_smbpass/TODO | 7 - source/pam_smbpass/general.h | 123 ----- source/pam_smbpass/samples/README | 3 - source/pam_smbpass/samples/kdc-pdc | 15 - source/pam_smbpass/samples/password-mature | 14 - source/pam_smbpass/samples/password-migration | 18 - source/pam_smbpass/samples/password-sync | 15 - source/pam_smbpass/support.c | 651 -------------------------- source/pam_smbpass/support.h | 52 -- testsuite/lib/default-nt-names.exp | 20 - testsuite/lib/nsswitch-config.exp | 21 - testsuite/nsswitch/.cvsignore | 12 - testsuite/nsswitch/Makefile.longarg | 5 - testsuite/nsswitch/envvar.exp | 282 ----------- testsuite/nsswitch/getent.c | 151 ------ testsuite/nsswitch/getent_grent.c | 101 ---- testsuite/nsswitch/getent_pwent.c | 113 ----- testsuite/nsswitch/groupmem_dom.exp | 33 -- testsuite/nsswitch/initgroups.c | 42 -- testsuite/nsswitch/initgroups.exp | 37 -- testsuite/nsswitch/login.exp | 102 ---- testsuite/nsswitch/longarg.exp | 29 -- testsuite/nsswitch/longarg_getgrnam.c | 42 -- testsuite/nsswitch/longarg_getpwnam.c | 42 -- testsuite/nsswitch/longarg_utils.h | 27 -- testsuite/nsswitch/wbinfo.exp | 360 -------------- 41 files changed, 3939 deletions(-) delete mode 100644 docs/OID/allocated-arcs.txt delete mode 100644 docs/OID/samba-oid.mail delete mode 100644 examples/VFS/block/Makefile delete mode 100644 examples/VFS/block/block.c delete mode 100644 examples/VFS/block/samba-block.conf delete mode 100644 examples/VFS/block/smb.conf delete mode 100644 examples/libsmbclient/README delete mode 100644 source/include/mapping.h delete mode 100644 source/include/util_getent.h delete mode 100644 source/libsmb/cli_netlogon.c delete mode 100644 source/libsmb/cli_srvsvc.c delete mode 100644 source/nsswitch/winbind_nss_solaris.c delete mode 100644 source/nsswitch/winbindd_sid.c delete mode 100644 source/pam_smbpass/CHANGELOG delete mode 100644 source/pam_smbpass/README delete mode 100644 source/pam_smbpass/TODO delete mode 100644 source/pam_smbpass/general.h delete mode 100644 source/pam_smbpass/samples/README delete mode 100644 source/pam_smbpass/samples/kdc-pdc delete mode 100644 source/pam_smbpass/samples/password-mature delete mode 100644 source/pam_smbpass/samples/password-migration delete mode 100644 source/pam_smbpass/samples/password-sync delete mode 100644 source/pam_smbpass/support.c delete mode 100644 source/pam_smbpass/support.h delete mode 100644 testsuite/lib/default-nt-names.exp delete mode 100644 testsuite/lib/nsswitch-config.exp delete mode 100644 testsuite/nsswitch/.cvsignore delete mode 100644 testsuite/nsswitch/Makefile.longarg delete mode 100644 testsuite/nsswitch/envvar.exp delete mode 100644 testsuite/nsswitch/getent.c delete mode 100644 testsuite/nsswitch/getent_grent.c delete mode 100644 testsuite/nsswitch/getent_pwent.c delete mode 100644 testsuite/nsswitch/groupmem_dom.exp delete mode 100644 testsuite/nsswitch/initgroups.c delete mode 100644 testsuite/nsswitch/initgroups.exp delete mode 100644 testsuite/nsswitch/login.exp delete mode 100644 testsuite/nsswitch/longarg.exp delete mode 100644 testsuite/nsswitch/longarg_getgrnam.c delete mode 100644 testsuite/nsswitch/longarg_getpwnam.c delete mode 100644 testsuite/nsswitch/longarg_utils.h delete mode 100644 testsuite/nsswitch/wbinfo.exp diff --git a/docs/OID/allocated-arcs.txt b/docs/OID/allocated-arcs.txt deleted file mode 100644 index 7a7cd8057b6..00000000000 --- a/docs/OID/allocated-arcs.txt +++ /dev/null @@ -1,16 +0,0 @@ -!=========================================================================================== -!== -!== Allocated Arcs from the Samba Team Private Enterprise Number -!== ISO(1) org(3) dod(6) internet(1) experimental(3) private(4) enterprise(1) Samba(7165) -!== -!== Arc allocation is maintained by jerry carter . Please notify -!== me if you need an OID and update this file. -!== -!== File Created : Tue May 8 09:33:31 CDT 2001 -!== -!=========================================================================================== - -ARC Owner Contact Purpose ---- ----- ------- ------- -.1 Plainjoe.org Jerry Carter Use for Plainjoe.org domain - and examples in O'Reilly LDAP book diff --git a/docs/OID/samba-oid.mail b/docs/OID/samba-oid.mail deleted file mode 100644 index d1ad668f880..00000000000 --- a/docs/OID/samba-oid.mail +++ /dev/null @@ -1,27 +0,0 @@ -From gruiz@icann.org Tue May 8 04:27:07 2001 -Date: Tue, 26 Sep 2000 15:29:02 -0700 -From: GIGI RUIZ -To: jerry@samba.org -Cc: "Iana-Mib (E-mail)" -Subject: PEN 7165 RE: Application for Enterprise-number - - [ The following text is in the "iso-8859-1" character set. ] - [ Your display is set for the "US-ASCII" character set. ] - [ Some characters may be displayed incorrectly. ] - -Gerald, - -We have assigned Private Enterprise Number 7165 to SAMBA Team, with you as -the point of contact. Please confirm the information listed below. - -7165 SAMBA Team Gerald Carter jerry@samba.org - -Sincerely, - -Gigi Ruiz -Internet Assigned Numbers Authority - MIB - -Voice: (310) 823-9358 -Fax: (310) 823-8649 -EMAIL: iana-mib@iana.org - diff --git a/examples/VFS/block/Makefile b/examples/VFS/block/Makefile deleted file mode 100644 index dcc7c077936..00000000000 --- a/examples/VFS/block/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# -# Makefile for samba-vfs examples -# -# - -# Variables - -CC = gcc -LIBTOOL = libtool - -SAMBA_SRC = /usr/local/src/samba/samba-2.2.0-ron/source -SAMBA_INCL = ${SAMBA_SRC}/include -UBIQX_SRC = ${SAMBA_SRC}/ubiqx -SMBWR_SRC = ${SAMBA_SRC}/smbwrapper -CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -D_LARGEFILE63_SOURCE -D_GNU_SOURCE -fno-builtin - - -VFS_OBJS = block.so - -# Default target - -default: $(VFS_OBJS) - -# Pattern rules - -%.so: %.lo - $(LIBTOOL) $(CC) -shared -o $@ $< $(LDFLAGS) - -%.lo: %.c - $(LIBTOOL) $(CC) $(CPPFLAGS) $(CFLAGS) -c $< - -# Misc targets - -clean: - rm -rf .libs - rm -f core *~ *% *.bak \ - $(VFS_OBJS) $(VFS_OBJS:.so=.o) $(VFS_OBJS:.so=.lo) diff --git a/examples/VFS/block/block.c b/examples/VFS/block/block.c deleted file mode 100644 index 3c4f736e849..00000000000 --- a/examples/VFS/block/block.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - * - * Block access from links to dev mount points specified in PARAMCONF file - * - * Copyright (C) Ronald Kuetemeier, 2001 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "config.h" -#include -#include -#include -#include -#include -#include -#include -#include - - -#ifdef HAVE_UTIME_H -#include -#endif -#ifdef HAVE_DIRENT_H -#include -#endif -#include -#ifdef HAVE_FCNTL_H -#include -#endif - - -#include -#include - - - -DIR *block_opendir(struct connection_struct *conn, char *fname); -int block_connect(struct connection_struct *conn, char *service, char *user); -void block_disconnect(struct connection_struct *conn); - - -/* VFS operations */ - - -extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ - -struct vfs_ops execute_vfs_ops = { - - /* Disk operations */ - - block_connect, - block_disconnect, - NULL, /* disk free */ - - /* Directory operations */ - - block_opendir, - NULL, /* readdir */ - NULL, - NULL, - NULL, /* closedir */ - - /* File operations */ - - NULL, - NULL, - NULL, /* read */ - NULL, /* write */ - NULL, /* lseek */ - NULL, - NULL, /* fsync */ - NULL, /* stat */ - NULL, /* fstat */ - NULL, /* lstat */ - NULL, - NULL, - NULL, - NULL, /* chown */ - NULL, - NULL, /* chdir */ - NULL, /* getwd */ - NULL, /* utime */ - NULL, /* ftruncate */ - NULL, /* lock */ - NULL, /* fget_nt_acl */ - NULL, /* get_nt_acl */ - NULL, /* fset_nt_acl */ - NULL, /* set_nt_acl */ - NULL, - NULL -}; - - -#ifndef PARAMCONF -#define PARAMCONF "/etc/samba-block.conf" -#endif - -extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char * , char *)); - -//functions - -BOOL enter_pblock_mount(char *dir); -BOOL get_section(char *sect); -BOOL get_parameter_value(char *param, char *value); -BOOL load_param(void); -BOOL search(struct stat *stat_buf); -BOOL dir_search(char *link, char *dir); -BOOL enter_pblock_dir(char *dir); - - - -typedef struct block_dir -{ - dev_t st_dev; - int str_len; - char *dir_name; - struct block_dir *next; -} block_dir; - - -static char *params[] = {"mount_point","dir_name"}; -enum { MOUNT_POINT , DIR_NAME }; - -static struct block_dir *pblock_mountp = NULL; -static struct block_dir *pblock_dir = NULL; - - - -/* - * Load the conf file into a table - */ - -BOOL load_param(void) -{ - - if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE) - { - return TRUE; - - } - return FALSE; -} - - - -/* - * Enter the key and data into the list - * - */ - -BOOL enter_pblock_mount(char *dir) -{ - struct stat stat_buf; - static struct block_dir *tmp_pblock; - - - if((stat(dir,&stat_buf)) != 0) - { - return FALSE; - } - - if(pblock_mountp == NULL) - { - pblock_mountp = calloc(1, sizeof(block_dir)); - if( pblock_mountp == NULL) - { - return FALSE; - } - tmp_pblock = pblock_mountp; - tmp_pblock->next = NULL; - - }else - { - tmp_pblock->next = calloc(1, sizeof(block_dir)); - if(tmp_pblock->next == NULL) - { - return FALSE; - } - tmp_pblock = tmp_pblock->next; - tmp_pblock->next = NULL; - - } - - - tmp_pblock->st_dev = stat_buf.st_dev; - tmp_pblock->dir_name = strdup(dir); - - - return TRUE; - -} - - -/* - * Enter the key and data into the list - * - */ - -BOOL enter_pblock_dir(char *dir) -{ - static struct block_dir *tmp_pblock; - - - if(pblock_dir == NULL) - { - pblock_dir = calloc(1, sizeof(block_dir)); - if( pblock_dir == NULL) - { - return FALSE; - } - tmp_pblock = pblock_dir; - tmp_pblock->next = NULL; - - }else - { - tmp_pblock->next = calloc(1, sizeof(block_dir)); - if(tmp_pblock->next == NULL) - { - return FALSE; - } - tmp_pblock = tmp_pblock->next; - tmp_pblock->next = NULL; - - } - - - tmp_pblock->dir_name = strdup(dir); - tmp_pblock->str_len = strlen(dir); - - - return TRUE; - -} - - - - -/* - * Function callback for config section names - */ - -BOOL get_section(char *sect) -{ - return TRUE; -} - - - -/* - * Function callback for config parameter value pairs - * - */ - -BOOL get_parameter_value(char *param, char *value) -{ - int i = 0, maxargs = sizeof(params) / sizeof(char *); - - - for( i= 0; i < maxargs; i++) - { - if (strcmp(param,params[i]) == 0) - { - switch(i) - { - case MOUNT_POINT : - enter_pblock_mount(value); - break; - case DIR_NAME : - enter_pblock_dir(value); - break; - default : - break; - } - } - } - - return TRUE; - -} - - - - -/* VFS initialisation function. Return initialised vfs_ops structure - back to SAMBA. */ - -struct vfs_ops *vfs_init(int *vfs_version) -{ - *vfs_version = SMB_VFS_INTERFACE_VERSION; - - return(&execute_vfs_ops); -} - - -/* - * VFS connect and param file loading - */ - -int block_connect(struct connection_struct *conn, char *service, char *user) -{ - if((load_param()) == FALSE) - { - - return -1; - - } - - DEBUG(0,("%s connecting \n",conn->user)); - - return (default_vfs_ops.connect(conn, service,user)); -} - -/* - * Free allocated structures and disconnect - * - */ - - -void block_disconnect(struct connection_struct *conn) -{ - - struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp); - struct block_dir *free_pblock = NULL; - - while(tmp_pblock != NULL) - { - free(tmp_pblock->dir_name); - free_pblock = tmp_pblock; - tmp_pblock = tmp_pblock->next; - free(free_pblock); - - if(tmp_pblock == NULL && pblock_dir != NULL) - { - tmp_pblock = (pblock_mountp == NULL ? pblock_dir : NULL); - pblock_dir = NULL; - - } - - } - - - - default_vfs_ops.disconnect(conn); -} - -/* - * VFS opendir - */ - -DIR *block_opendir(struct connection_struct *conn, char *fname) -{ - - char *dir_name = NULL; - struct stat stat_buf; - - dir_name = alloca((strlen(conn->origpath) + strlen(fname) + 2) * sizeof(char)); - - pstrcpy(dir_name,conn->origpath); - pstrcat(dir_name, "/"); - strncat(dir_name, fname, strcspn(fname,"/")); - - if((lstat(dir_name,&stat_buf)) == 0) - { - if((S_ISLNK(stat_buf.st_mode)) == 1) - { - stat(dir_name,&stat_buf); - if((search(&stat_buf) || dir_search(dir_name, fname) ) == TRUE) - { - DEBUG(0,("%s used link to blocked dir: %s \n", conn->user, dir_name)); - errno = EACCES; - return NULL; - } - } - } - - return (default_vfs_ops.opendir(conn, fname)); -} - - -/* - * Find mount point to block in list - */ - -BOOL search(struct stat *stat_buf) -{ - struct block_dir *tmp_pblock = pblock_mountp; - - while(tmp_pblock != NULL) - { - - if(tmp_pblock->st_dev == stat_buf->st_dev) - { - return TRUE; - } - tmp_pblock = tmp_pblock->next; - } - - return FALSE; - -} - -/* - * Find dir in list to block id the starting point is link from a share - */ - -BOOL dir_search(char *link, char *dir) -{ - char buf[PATH_MAX +1], *ext_path; - int len = 0; - struct block_dir *tmp_pblock = pblock_dir; - - if((len = readlink(link,buf,sizeof(buf))) == -1) - { - return TRUE; - - }else - { - buf[len] = '\0'; - } - - - if((ext_path = strchr(dir,'/')) != NULL) - { - pstrcat(buf,&ext_path[1]); - len = strlen(buf); - } - - while(tmp_pblock != NULL) - { - if(len < tmp_pblock->str_len) - { - tmp_pblock = tmp_pblock->next; - continue; - } - - if((strstr(buf,tmp_pblock->dir_name)) != NULL) - { - return TRUE; - } - tmp_pblock = tmp_pblock->next; - } - - - return FALSE; - -} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/examples/VFS/block/samba-block.conf b/examples/VFS/block/samba-block.conf deleted file mode 100644 index 7a137980b73..00000000000 --- a/examples/VFS/block/samba-block.conf +++ /dev/null @@ -1,6 +0,0 @@ -[ blocked ] -mount_point = / -mount_point = /boot -mount_point = /proc -dir_name = /usr/local/src/samba -dir_name = /usr/bin diff --git a/examples/VFS/block/smb.conf b/examples/VFS/block/smb.conf deleted file mode 100644 index 368155f1f83..00000000000 --- a/examples/VFS/block/smb.conf +++ /dev/null @@ -1,13 +0,0 @@ -[homes] - comment = Home Directories - vfs object = /usr/local/samba/lib/block.so - browseable = yes - writable = yes - - - - - - - - diff --git a/examples/libsmbclient/README b/examples/libsmbclient/README deleted file mode 100644 index d9a9f829174..00000000000 --- a/examples/libsmbclient/README +++ /dev/null @@ -1,8 +0,0 @@ -Some simple example programs for libsmbclient ... - -testsmbc.c is kinda broken as it has many hardcoded bits in it - -tree.c is an example of how you might do some of these things with GTK+ -It needs lots of work but shows you some ways to use libsmbclient. - -Richard Sharpe, 17-May-2001 ... diff --git a/source/include/mapping.h b/source/include/mapping.h deleted file mode 100644 index f3e0be6e4a7..00000000000 --- a/source/include/mapping.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -typedef struct _GROUP_MAP { - gid_t gid; - DOM_SID sid; - enum SID_NAME_USE sid_name_use; - fstring nt_name; - fstring comment; - uint32 privilege; -} GROUP_MAP; - -typedef struct _PRIVS { - uint32 se_priv; - char *priv; - char *description; -} PRIVS; - -#define SE_PRIV_NONE 0x0000 -#define SE_PRIV_ADD_USERS 0x0001 -#define SE_PRIV_ADD_MACHINES 0x0002 -#define SE_PRIV_PRINT_OPERATOR 0x0004 -#define SE_PRIV_ALL 0xffff - -#define PRIV_ALL_INDEX 4 - - -#define ENUM_ONLY_MAPPED True -#define ENUM_ALL_MAPPED False diff --git a/source/include/util_getent.h b/source/include/util_getent.h deleted file mode 100644 index 11926b89641..00000000000 --- a/source/include/util_getent.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 3.0 - Samba utility functions - Copyright (C) Simo Sorce 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* element for a single linked list of group entries */ -/* replace the use of struct group in some cases */ -/* used by getgrent_list() */ -struct sys_grent { - char *gr_name; - char *gr_passwd; - gid_t gr_gid; - char **gr_mem; - struct sys_grent *next; -}; - -/* element for a single linked list of passwd entries */ -/* replace the use of struct passwd in some cases */ -/* used by getpwent_list() */ -struct sys_pwent { - char *pw_name; - char *pw_passwd; - uid_t pw_uid; - gid_t pw_gid; - char *pw_gecos; - char *pw_dir; - char *pw_shell; - struct sys_pwent *next; -}; diff --git a/source/libsmb/cli_netlogon.c b/source/libsmb/cli_netlogon.c deleted file mode 100644 index 47b7c2f22ec..00000000000 --- a/source/libsmb/cli_netlogon.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Tim Potter 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Opens a SMB connection to the netlogon pipe */ - -struct cli_state *cli_netlogon_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - struct in_addr dest_ip; - struct nmb_name calling, called; - fstring dest_host; - extern pstring global_myname; - struct ntuser_creds anon; - - /* Initialise cli_state information */ - - if (!cli_initialise(cli)) { - return NULL; - } - - if (!creds) { - ZERO_STRUCT(anon); - anon.pwd.null_pwd = 1; - creds = &anon; - } - - cli_init_creds(cli, creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(system_name, dest_host, &dest_ip)) { - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - return NULL; - } - - /* Open a NT session thingy */ - - if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { - cli_shutdown(cli); - return NULL; - } - - return cli; -} - -/* Shut down a SMB connection to the netlogon pipe */ - -void cli_netlogon_shutdown(struct cli_state *cli) -{ - if (cli->fd != -1) cli_ulogoff(cli); - cli_shutdown(cli); -} - -/* Logon Control 2 */ - -uint32 cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 query_level) -{ - prs_struct qbuf, rbuf; - NET_Q_LOGON_CTRL2 q; - NET_R_LOGON_CTRL2 r; - uint32 result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level); - - /* Marshall data and send request */ - - if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} diff --git a/source/libsmb/cli_srvsvc.c b/source/libsmb/cli_srvsvc.c deleted file mode 100644 index 8209d9301f1..00000000000 --- a/source/libsmb/cli_srvsvc.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Tim Potter 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Opens a SMB connection to the svrsvc pipe */ - -struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - struct in_addr dest_ip; - struct nmb_name calling, called; - fstring dest_host; - extern pstring global_myname; - struct ntuser_creds anon; - - /* Initialise cli_state information */ - - if (!cli_initialise(cli)) { - return NULL; - } - - if (!creds) { - ZERO_STRUCT(anon); - anon.pwd.null_pwd = 1; - creds = &anon; - } - - cli_init_creds(cli, creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(system_name, dest_host, &dest_ip)) { - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - return NULL; - } - - /* Open a NT session thingy */ - - if (!cli_nt_session_open(cli, PIPE_SRVSVC)) { - cli_shutdown(cli); - return NULL; - } - - return cli; -} - -/* Shut down a SMB connection to the srvsvc pipe */ - -void cli_srvsvc_shutdown(struct cli_state *cli) -{ - if (cli->fd != -1) cli_ulogoff(cli); - cli_shutdown(cli); -} - -uint32 cli_srvsvc_net_srv_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 switch_value, SRV_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_SRV_GET_INFO q; - SRV_R_NET_SRV_GET_INFO r; - uint32 result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_srv_get_info(&q, cli->srv_name_slash, switch_value); - - /* Marshall data and send request */ - - if (!srv_io_q_net_srv_get_info("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_SRV_GET_INFO, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!srv_io_r_net_srv_get_info("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} diff --git a/source/nsswitch/winbind_nss_solaris.c b/source/nsswitch/winbind_nss_solaris.c deleted file mode 100644 index de8a63b90bf..00000000000 --- a/source/nsswitch/winbind_nss_solaris.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - Solaris NSS wrapper for winbind - - Shirish Kalele 2000 - - Based on Luke Howard's ldap_nss module for Solaris - */ - -#include -#include -#include -#include -#include -#include -#include -#include "includes.h" -#include "winbind_nss_config.h" - -#ifdef HAVE_NSS_COMMON_H - -#undef NSS_DEBUG - -#ifdef NSS_DEBUG -#define NSS_DEBUG(str) syslog(LOG_DEBUG, "nss_winbind: %s", str); -#else -#define NSS_DEBUG(str) ; -#endif - -#define NSS_ARGS(args) ((nss_XbyY_args_t *)args) - -#define make_pwent_str(dest, src) \ -{ \ - if((dest = get_static(buffer, buflen, strlen(src)+1)) == NULL) \ - { \ - *errnop = ERANGE; \ - NSS_DEBUG("ERANGE error"); \ - return NSS_STATUS_TRYAGAIN; \ - } \ - strcpy(dest, src); \ -} - -static NSS_STATUS _nss_winbind_setpwent_solwrap (nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_setpwent_solwrap"); - return _nss_winbind_setpwent(); -} - -static NSS_STATUS -_nss_winbind_endpwent_solwrap (nss_backend_t * be, void *args) -{ - NSS_DEBUG("_nss_winbind_endpwent_solwrap"); - return _nss_winbind_endpwent(); -} - -static NSS_STATUS -_nss_winbind_getpwent_solwrap (nss_backend_t* be, void *args) -{ - NSS_STATUS ret; - char* buffer = NSS_ARGS(args)->buf.buffer; - int buflen = NSS_ARGS(args)->buf.buflen; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - int* errnop = &NSS_ARGS(args)->erange; - char logmsg[80]; - - ret = _nss_winbind_getpwent_r(result, buffer, - buflen, errnop); - - if(ret == NSS_STATUS_SUCCESS) - { - snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning user: %s\n", - result->pw_name); - NSS_DEBUG(logmsg); - NSS_ARGS(args)->returnval = (void*) result; - } else { - snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning error: %d.\n",ret); - NSS_DEBUG(logmsg); - } - - return ret; -} - -static NSS_STATUS -_nss_winbind_getpwnam_solwrap (nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getpwnam_solwrap"); - - ret = _nss_winbind_getpwnam_r (NSS_ARGS(args)->key.name, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getpwuid_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getpwuid_solwrap"); - ret = _nss_winbind_getpwuid_r (NSS_ARGS(args)->key.uid, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS _nss_winbind_passwd_destr (nss_backend_t * be, void *args) -{ - free(be); - NSS_DEBUG("_nss_winbind_passwd_destr"); - return NSS_STATUS_SUCCESS; -} - -static nss_backend_op_t passwd_ops[] = -{ - _nss_winbind_passwd_destr, - _nss_winbind_endpwent_solwrap, /* NSS_DBOP_ENDENT */ - _nss_winbind_setpwent_solwrap, /* NSS_DBOP_SETENT */ - _nss_winbind_getpwent_solwrap, /* NSS_DBOP_GETENT */ - _nss_winbind_getpwnam_solwrap, /* NSS_DBOP_PASSWD_BYNAME */ - _nss_winbind_getpwuid_solwrap /* NSS_DBOP_PASSWD_BYUID */ -}; - -nss_backend_t* -_nss_winbind_passwd_constr (const char* db_name, - const char* src_name, - const char* cfg_args) -{ - nss_backend_t *be; - - if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) ) - return NULL; - - be->ops = passwd_ops; - be->n_ops = sizeof(passwd_ops) / sizeof(nss_backend_op_t); - - NSS_DEBUG("Initialized nss_winbind passwd backend"); - return be; -} - -/***************************************************************** - GROUP database backend - *****************************************************************/ - -static NSS_STATUS _nss_winbind_setgrent_solwrap (nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_setgrent_solwrap"); - return _nss_winbind_setgrent(); -} - -static NSS_STATUS -_nss_winbind_endgrent_solwrap (nss_backend_t * be, void *args) -{ - NSS_DEBUG("_nss_winbind_endgrent_solwrap"); - return _nss_winbind_endgrent(); -} - -static NSS_STATUS -_nss_winbind_getgrent_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - char* buffer = NSS_ARGS(args)->buf.buffer; - int buflen = NSS_ARGS(args)->buf.buflen; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - int* errnop = &NSS_ARGS(args)->erange; - char logmsg[80]; - - ret = _nss_winbind_getgrent_r(result, buffer, - buflen, errnop); - - if(ret == NSS_STATUS_SUCCESS) - { - snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning group: %s\n", result->gr_name); - NSS_DEBUG(logmsg); - NSS_ARGS(args)->returnval = (void*) result; - } else { - snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning error: %d.\n", ret); - NSS_DEBUG(logmsg); - } - - return ret; - -} - -static NSS_STATUS -_nss_winbind_getgrnam_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getgrnam_solwrap"); - ret = _nss_winbind_getgrnam_r(NSS_ARGS(args)->key.name, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getgrgid_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getgrgid_solwrap"); - ret = _nss_winbind_getgrgid_r (NSS_ARGS(args)->key.gid, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_getgroupsbymember"); - return NSS_STATUS_NOTFOUND; -} - -static NSS_STATUS -_nss_winbind_group_destr (nss_backend_t* be, void* args) -{ - free(be); - NSS_DEBUG("_nss_winbind_group_destr"); - return NSS_STATUS_SUCCESS; -} - -static nss_backend_op_t group_ops[] = -{ - _nss_winbind_group_destr, - _nss_winbind_endgrent_solwrap, - _nss_winbind_setgrent_solwrap, - _nss_winbind_getgrent_solwrap, - _nss_winbind_getgrnam_solwrap, - _nss_winbind_getgrgid_solwrap, - _nss_winbind_getgroupsbymember_solwrap -}; - -nss_backend_t* -_nss_winbind_group_constr (const char* db_name, - const char* src_name, - const char* cfg_args) -{ - nss_backend_t* be; - - if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) ) - return NULL; - - be->ops = group_ops; - be->n_ops = sizeof(group_ops) / sizeof(nss_backend_op_t); - - NSS_DEBUG("Initialized nss_winbind group backend"); - return be; -} - -#endif /* SUN_NSS */ - - diff --git a/source/nsswitch/winbindd_sid.c b/source/nsswitch/winbindd_sid.c deleted file mode 100644 index bc014f26918..00000000000 --- a/source/nsswitch/winbindd_sid.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.0 - - Winbind daemon - sid related functions - - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" -#include "sids.h" - -/* Convert a string */ - -enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) -{ - extern DOM_SID global_sid_Builtin; - enum SID_NAME_USE type; - DOM_SID sid, tmp_sid; - uint32 rid; - fstring name; - - DEBUG(3, ("[%5d]: lookupsid %s\n", state->pid, - state->request.data.sid)); - - /* Lookup sid from PDC using lsa_lookup_sids() */ - - string_to_sid(&sid, state->request.data.sid); - - /* Don't look up BUILTIN sids */ - - sid_copy(&tmp_sid, &sid); - sid_split_rid(&tmp_sid, &rid); - - if (sid_equal(&tmp_sid, &global_sid_Builtin)) { - return WINBINDD_ERROR; - } - - /* Lookup the sid */ - - if (!winbindd_lookup_name_by_sid(&sid, name, &type)) { - return WINBINDD_ERROR; - } - - string_sub(name, "\\", lp_winbind_separator(), sizeof(fstring)); - fstrcpy(state->response.data.name.name, name); - state->response.data.name.type = type; - - return WINBINDD_OK; -} - -/* Convert a sid to a string */ - -enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) -{ - enum SID_NAME_USE type; - fstring sid_str, name_domain, name_user, name; - DOM_SID sid; - - DEBUG(3, ("[%5d]: lookupname %s\n", state->pid, - state->request.data.name)); - - parse_domain_user(state->request.data.name, name_domain, name_user); - - snprintf(name, sizeof(name), "%s\\%s", name_domain, name_user); - - /* Lookup name from PDC using lsa_lookup_names() */ - - if (!winbindd_lookup_sid_by_name(name, &sid, &type)) { - return WINBINDD_ERROR; - } - - sid_to_string(sid_str, &sid); - fstrcpy(state->response.data.sid.sid, sid_str); - state->response.data.sid.type = type; - - return WINBINDD_OK; -} - -/* Convert a sid to a uid. We assume we only have one rid attached to the - sid. */ - -enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - uint32 user_rid; - struct winbindd_domain *domain; - - DEBUG(3, ("[%5d]: sid to uid %s\n", state->pid, - state->request.data.sid)); - - /* Split sid into domain sid and user rid */ - - string_to_sid(&sid, state->request.data.sid); - sid_split_rid(&sid, &user_rid); - - /* Find domain this sid belongs to */ - - if ((domain = find_domain_from_sid(&sid)) == NULL) { - fstring sid_str; - - sid_to_string(sid_str, &sid); - DEBUG(1, ("Could not find domain for sid %s\n", sid_str)); - return WINBINDD_ERROR; - } - - /* Find uid for this sid and return it */ - - if (!winbindd_idmap_get_uid_from_rid(domain->name, user_rid, - &state->response.data.uid)) { - DEBUG(1, ("Could not get uid for sid %s\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - return WINBINDD_OK; -} - -/* Convert a sid to a gid. We assume we only have one rid attached to the - sid.*/ - -enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - uint32 group_rid; - struct winbindd_domain *domain; - - DEBUG(3, ("[%5d]: sid to gid %s\n", state->pid, - state->request.data.sid)); - - /* Split sid into domain sid and user rid */ - - string_to_sid(&sid, state->request.data.sid); - sid_split_rid(&sid, &group_rid); - - /* Find domain this sid belongs to */ - - if ((domain = find_domain_from_sid(&sid)) == NULL) { - fstring sid_str; - - sid_to_string(sid_str, &sid); - DEBUG(1, ("Could not find domain for sid %s\n", sid_str)); - return WINBINDD_ERROR; - } - - /* Find uid for this sid and return it */ - - if (!winbindd_idmap_get_gid_from_rid(domain->name, group_rid, - &state->response.data.gid)) { - DEBUG(1, ("Could not get gid for sid %s\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - return WINBINDD_OK; -} - -/* Convert a uid to a sid */ - -enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - uint32 user_rid; - DOM_SID sid; - - /* Bug out if the uid isn't in the winbind range */ - - if ((state->request.data.uid < server_state.uid_low ) || - (state->request.data.uid > server_state.uid_high)) { - return WINBINDD_ERROR; - } - - DEBUG(3, ("[%5d]: uid to sid %d\n", state->pid, - state->request.data.uid)); - - /* Lookup rid for this uid */ - - if (!winbindd_idmap_get_rid_from_uid(state->request.data.uid, - &user_rid, &domain)) { - DEBUG(1, ("Could not convert uid %d to rid\n", - state->request.data.uid)); - return WINBINDD_ERROR; - } - - /* Construct sid and return it */ - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, user_rid); - sid_to_string(state->response.data.sid.sid, &sid); - state->response.data.sid.type = SID_NAME_USER; - - return WINBINDD_OK; -} - -/* Convert a gid to a sid */ - -enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - uint32 group_rid; - DOM_SID sid; - - /* Bug out if the gid isn't in the winbind range */ - - if ((state->request.data.gid < server_state.gid_low) || - (state->request.data.gid > server_state.gid_high)) { - return WINBINDD_ERROR; - } - - DEBUG(3, ("[%5d]: gid to sid %d\n", state->pid, - state->request.data.gid)); - - /* Lookup rid for this uid */ - - if (!winbindd_idmap_get_rid_from_gid(state->request.data.gid, - &group_rid, &domain)) { - DEBUG(1, ("Could not convert gid %d to rid\n", - state->request.data.gid)); - return WINBINDD_ERROR; - } - - /* Construct sid and return it */ - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, group_rid); - sid_to_string(state->response.data.sid.sid, &sid); - state->response.data.sid.type = SID_NAME_DOM_GRP; - - return WINBINDD_OK; -} diff --git a/source/pam_smbpass/CHANGELOG b/source/pam_smbpass/CHANGELOG deleted file mode 100644 index 96ef7840084..00000000000 --- a/source/pam_smbpass/CHANGELOG +++ /dev/null @@ -1,31 +0,0 @@ -version 0.7.5 25 Mar 2001 - - Use Samba 2.2.0 (alpha) as the target codebase, since it doesn't look - like Samba will be offering shared libraries in the near future. - - added a Makefile and support scripts to make the build process easier. - - imported some Solaris fixes that I've been sitting on. - -version 0.7.4 20 Jan 2000 - - added a 'migrate' option to the authentication code which makes no - effort to authenticate the user, or even to ask for a password, but - it can be useful for filling in an SMB password db. - -version 0.7.3 19 Jan 2000 - - updated to use the SAMBA_TNG Samba branch, allowing us to dynamically - link against Luke's new shared libs (libsamba, libsmb). - -version 0.7.2 20 Jul 1999 - - miscellaneous bugfixes. Cleanup of legacy pam_pwdb code. - - fixed return value of pam_sm_setcred function. - - fix to autoconf support - - clarified some of the messages being logged - -version 0.6, 15 Jul 1999 - - updated to use the new Samba (2.0) password database API. - - added autoconf support. May now theoretically compile on more - platforms than PAM itself does. - - added support for account management functions (i.e., disabled - accounts) - -version 0.5, 4 Apr 1998 - - added support for hashed passwords as input. Now capable of serving - as an authentication agent for encrypted network transactions. diff --git a/source/pam_smbpass/README b/source/pam_smbpass/README deleted file mode 100644 index 6f50ce4d2c0..00000000000 --- a/source/pam_smbpass/README +++ /dev/null @@ -1,66 +0,0 @@ -25 Mar 2001 - -pam_smbpass is a PAM module which can be used on conforming systems to -keep the smbpasswd (Samba password) database in sync with the unix -password file. PAM (Pluggable Authentication Modules) is an API supported -under some Unices, such as Solaris, HPUX and Linux, that provides a -generic interface to authentication mechanisms. - -For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/ - -This module authenticates a local smbpasswd user database. If you require -support for authenticating against a remote SMB server, or if you're -concerned about the presence of suid root binaries on your system, it is -recommended that you use one of the other two following modules - - pam_smb - http://www.csn.ul.ie/~airlied/pam_smb/ - authenticates against any remote SMB server - - pam_ntdom - ftp://ftp.samba.org/pub/samba/pam_ntdom/ - authenticates against an NT or Samba domain controller - -Options recognized by this module are as follows: - - debug - log more debugging info - audit - like debug, but also logs unknown usernames - use_first_pass - don't prompt the user for passwords; - take them from PAM_ items instead - try_first_pass - try to get the password from a previous - PAM module, fall back to prompting the user - use_authtok - like try_first_pass, but *fail* if the new - PAM_AUTHTOK has not been previously set. - (intended for stacking password modules only) - not_set_pass - don't make passwords used by this module - available to other modules. - nodelay - don't insert ~1 second delays on authentication - failure. - nullok - null passwords are allowed. - nonull - null passwords are not allowed. Used to - override the Samba configuration. - migrate - only meaningful in an "auth" context; - used to update smbpasswd file with a - password used for successful authentication. - smbconf= - specify an alternate path to the smb.conf - file. - -See the samples/ directory for example PAM configurations using this -module. - -Thanks go to the following people: - -* Andrew Morgan , for providing the Linux-PAM -framework, without which none of this would have happened - -* Christian Gafton and Andrew Morgan again, for the -pam_pwdb module upon which pam_smbpass was originally based - -* Luke Leighton for being receptive to the idea, -and for the occasional good-natured complaint about the project's status -that keep me working on it :) - -* and of course, all the other members of the Samba team -, for creating a great product and for giving this -project a purpose - ---------------------- -Stephen Langasek diff --git a/source/pam_smbpass/TODO b/source/pam_smbpass/TODO deleted file mode 100644 index 20cf4fb0987..00000000000 --- a/source/pam_smbpass/TODO +++ /dev/null @@ -1,7 +0,0 @@ -This is a tentative TODO file which will probably get much longer before -it gets much shorter. - -- Recognizing (and overriding) debug options in the smb.conf file -- Support for 'name=value' parameters in the PAM config -- Compliant handling of unrecognized PAM parameters (i.e., fail on error) -- diff --git a/source/pam_smbpass/general.h b/source/pam_smbpass/general.h deleted file mode 100644 index 0291146cbba..00000000000 --- a/source/pam_smbpass/general.h +++ /dev/null @@ -1,123 +0,0 @@ -#ifndef LINUX -/* This is only needed by modules in the Sun implementation. */ -#include -#endif /* LINUX */ - -#include - -#ifndef PAM_AUTHTOK_RECOVER_ERR -#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR -#endif - -#include -#include -#include -#include -#include -#include -#include - -/* - * here is the string to inform the user that the new passwords they - * typed were not the same. - */ - -#define MISTYPED_PASS "Sorry, passwords do not match" - -/* type definition for the control options */ - -typedef struct { - const char *token; - unsigned int mask; /* shall assume 32 bits of flags */ - unsigned int flag; -} SMB_Ctrls; - -#ifndef False -#define False (0) -#endif - -#ifndef True -#define True (1) -#endif - -/* macro to determine if a given flag is on */ -#define on(x,ctrl) (smb_args[x].flag & ctrl) - -/* macro to determine that a given flag is NOT on */ -#define off(x,ctrl) (!on(x,ctrl)) - -/* macro to turn on/off a ctrl flag manually */ -#define set(x,ctrl) (ctrl = ((ctrl)&smb_args[x].mask)|smb_args[x].flag) -#define unset(x,ctrl) (ctrl &= ~(smb_args[x].flag)) - -#ifndef __linux__ -#define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n) -#endif - -/* the generic mask */ -#define _ALL_ON_ (~0U) - -/* end of macro definitions definitions for the control flags */ - -/* - * These are the options supported by the smb password module, very - * similar to the pwdb options - */ - -#define SMB__OLD_PASSWD 0 /* internal */ -#define SMB__VERIFY_PASSWD 1 /* internal */ - -#define SMB_AUDIT 2 /* print more things than debug.. - some information may be sensitive */ -#define SMB_USE_FIRST_PASS 3 -#define SMB_TRY_FIRST_PASS 4 -#define SMB_NOT_SET_PASS 5 /* don't set the AUTHTOK items */ - -#define SMB__NONULL 6 /* internal */ -#define SMB__QUIET 7 /* internal */ -#define SMB_USE_AUTHTOK 8 /* insist on reading PAM_AUTHTOK */ -#define SMB__NULLOK 9 /* Null token ok */ -#define SMB_DEBUG 10 /* send more info to syslog(3) */ -#define SMB_NODELAY 11 /* admin does not want a fail-delay */ -#define SMB_MIGRATE 12 /* Does no authentication, just - updates the smb database. */ -#define SMB_CONF_FILE 13 /* Alternate location of smb.conf */ - -#define SMB_CTRLS_ 14 /* number of ctrl arguments defined */ - -static const SMB_Ctrls smb_args[SMB_CTRLS_] = { -/* symbol token name ctrl mask ctrl * - * ------------------ ------------------ -------------- ---------- */ - -/* SMB__OLD_PASSWD */ { NULL, _ALL_ON_, 01 }, -/* SMB__VERIFY_PASSWD */ { NULL, _ALL_ON_, 02 }, -/* SMB_AUDIT */ { "audit", _ALL_ON_, 04 }, -/* SMB_USE_FIRST_PASS */ { "use_first_pass", _ALL_ON_^(030), 010 }, -/* SMB_TRY_FIRST_PASS */ { "try_first_pass", _ALL_ON_^(030), 020 }, -/* SMB_NOT_SET_PASS */ { "not_set_pass", _ALL_ON_, 040 }, -/* SMB__NONULL */ { "nonull", _ALL_ON_, 0100 }, -/* SMB__QUIET */ { NULL, _ALL_ON_, 0200 }, -/* SMB_USE_AUTHTOK */ { "use_authtok", _ALL_ON_, 0400 }, -/* SMB__NULLOK */ { "nullok", _ALL_ON_^(0100), 0 }, -/* SMB_DEBUG */ { "debug", _ALL_ON_, 01000 }, -/* SMB_NODELAY */ { "nodelay", _ALL_ON_, 02000 }, -/* SMB_MIGRATE */ { "migrate", _ALL_ON_^(0100), 04000 }, -/* SMB_CONF_FILE */ { "smbconf=", _ALL_ON_, 0 }, -}; - -#define SMB_DEFAULTS (smb_args[SMB__NONULL].flag) - -/* - * the following is used to keep track of the number of times a user fails - * to authenticate themself. - */ - -#define FAIL_PREFIX "-SMB-FAIL-" -#define SMB_MAX_RETRIES 3 - -struct _pam_failed_auth { - char *user; /* user that's failed to be authenticated */ - int id; /* uid of requested user */ - char *agent; /* attempt from user with name */ - int count; /* number of failures so far */ -}; diff --git a/source/pam_smbpass/samples/README b/source/pam_smbpass/samples/README deleted file mode 100644 index d77603306f1..00000000000 --- a/source/pam_smbpass/samples/README +++ /dev/null @@ -1,3 +0,0 @@ -This directory contains example configurations demonstrating various uses -of pam_smbpass. These examples use Linux-style /etc/pam.d syntax, and -must be modified for use on Solaris systems. diff --git a/source/pam_smbpass/samples/kdc-pdc b/source/pam_smbpass/samples/kdc-pdc deleted file mode 100644 index 70f1998f32a..00000000000 --- a/source/pam_smbpass/samples/kdc-pdc +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -# kdc-pdc -# -# A sample PAM configuration that shows pam_smbpass used together with -# pam_krb5. This could be useful on a Samba PDC that is also a member of -# a Kerberos realm. - -auth requisite pam_nologin.so -auth requisite pam_krb5.so -auth optional pam_smbpass.so migrate -account required pam_krb5.so -password requisite pam_cracklib.so retry=3 -password optional pam_smbpass.so nullok use_authtok try_first_pass -password required pam_krb5.so use_authtok try_first_pass -session required pam_krb5.so diff --git a/source/pam_smbpass/samples/password-mature b/source/pam_smbpass/samples/password-mature deleted file mode 100644 index 6d73e0906fc..00000000000 --- a/source/pam_smbpass/samples/password-mature +++ /dev/null @@ -1,14 +0,0 @@ -#%PAM-1.0 -# password-mature -# -# A sample PAM configuration for a 'mature' smbpasswd installation. -# private/smbpasswd is fully populated, and we consider it an error if -# the smbpasswd doesn't exist or doesn't match the Unix password. - -auth requisite pam_nologin.so -auth required pam_unix.so -account required pam_unix.so -password requisite pam_cracklib.so retry=3 -password requisite pam_unix.so shadow md5 use_authtok try_first_pass -password required pam_smbpass.so use_authtok use_first_pass -session required pam_unix.so diff --git a/source/pam_smbpass/samples/password-migration b/source/pam_smbpass/samples/password-migration deleted file mode 100644 index 305cb53858e..00000000000 --- a/source/pam_smbpass/samples/password-migration +++ /dev/null @@ -1,18 +0,0 @@ -#%PAM-1.0 -# password-migration -# -# A sample PAM configuration that shows the use of pam_smbpass to migrate -# from plaintext to encrypted passwords for Samba. Unlike other methods, -# this can be used for users who have never connected to Samba shares: -# password migration takes place when users ftp in, login using ssh, pop -# their mail, etc. - -auth requisite pam_nologin.so -# pam_smbpass is called IFF pam_unix succeeds. -auth requisite pam_unix.so -auth optional pam_smbpass.so migrate -account required pam_unix.so -password requisite pam_cracklib.so retry=3 -password requisite pam_unix.so shadow md5 use_authtok try_first_pass -password optional pam_smbpass.so nullok use_authtok try_first_pass -session required pam_unix.so diff --git a/source/pam_smbpass/samples/password-sync b/source/pam_smbpass/samples/password-sync deleted file mode 100644 index 0a950dd2e9a..00000000000 --- a/source/pam_smbpass/samples/password-sync +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -# password-sync -# -# A sample PAM configuration that shows the use of pam_smbpass to make -# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) -# is changed. Useful when an expired password might be changed by an -# application (such as ssh). - -auth requisite pam_nologin.so -auth required pam_unix.so -account required pam_unix.so -password requisite pam_cracklib.so retry=3 -password requisite pam_unix.so shadow md5 use_authtok try_first_pass -password required pam_smbpass.so nullok use_authtok try_first_pass -session required pam_unix.so diff --git a/source/pam_smbpass/support.c b/source/pam_smbpass/support.c deleted file mode 100644 index 01f4aa30c7d..00000000000 --- a/source/pam_smbpass/support.c +++ /dev/null @@ -1,651 +0,0 @@ -/* Unix NT password database implementation, version 0.6. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "general.h" - -#include "support.h" - - -#define _pam_overwrite(x) \ -do { \ - register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ -} while (0) - -/* - * Don't just free it, forget it too. - */ - -#define _pam_drop(X) \ -do { \ - if (X) { \ - free(X); \ - X=NULL; \ - } \ -} while (0) - -#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - int reply_i; \ - \ - for (reply_i=0; reply_iconv(nargs, (const struct pam_message **) message - ,response, conv->appdata_ptr); - - if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { - _log_err(LOG_DEBUG, "conversation failure [%s]" - ,pam_strerror(pamh, retval)); - } - } else { - _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" - ,pam_strerror(pamh, retval)); - } - - return retval; /* propagate error status */ -} - -int make_remark( pam_handle_t * pamh, unsigned int ctrl - , int type, const char *text ) -{ - if (off(SMB__QUIET, ctrl)) { - struct pam_message *pmsg[1], msg[1]; - struct pam_response *resp; - - pmsg[0] = &msg[0]; - msg[0].msg = text; - msg[0].msg_style = type; - resp = NULL; - - return converse(pamh, ctrl, 1, pmsg, &resp); - } - return PAM_SUCCESS; -} - - -/* set the control flags for the SMB module. */ - -int set_ctrl( int flags, int argc, const char **argv ) -{ - int i = 0; - static pstring servicesf = CONFIGFILE; - const char *service_file = servicesf; - unsigned int ctrl; - - ctrl = SMB_DEFAULTS; /* the default selection of options */ - - /* set some flags manually */ - - /* A good, sane default (matches Samba's behavior). */ - set( SMB__NONULL, ctrl ); - - if (flags & PAM_SILENT) { - set( SMB__QUIET, ctrl ); - } - - /* Run through the arguments once, looking for an alternate smb config - file location */ - while (i < argc) { - int j; - - for (j = 0; j < SMB_CTRLS_; ++j) { - if (smb_args[j].token - && !strncmp(argv[i], smb_args[j].token, strlen(smb_args[j].token))) - { - break; - } - } - - if (j == SMB_CONF_FILE) { - service_file = argv[i] + 8; - } - i++; - } - - /* Read some options from the Samba config. Can be overridden by - the PAM config. */ - if(lp_load(service_file,True,False,False) == False) { - _log_err( LOG_ERR, "Error loading service file %s", service_file ); - } - - if (lp_null_passwords()) { - set( SMB__NULLOK, ctrl ); - } - - /* now parse the rest of the arguments to this module */ - - while (argc-- > 0) { - int j; - - for (j = 0; j < SMB_CTRLS_; ++j) { - if (smb_args[j].token - && !strncmp(*argv, smb_args[j].token, strlen(smb_args[j].token))) - { - break; - } - } - - if (j >= SMB_CTRLS_) { - _log_err( LOG_ERR, "unrecognized option [%s]", *argv ); - } else { - ctrl &= smb_args[j].mask; /* for turning things off */ - ctrl |= smb_args[j].flag; /* for turning things on */ - } - - ++argv; /* step to next argument */ - } - - /* auditing is a more sensitive version of debug */ - - if (on( SMB_AUDIT, ctrl )) { - set( SMB_DEBUG, ctrl ); - } - /* return the set of flags */ - - return ctrl; -} - -/* use this to free strings. ESPECIALLY password strings */ - -char * _pam_delete( register char *xx ) -{ - _pam_overwrite( xx ); - _pam_drop( xx ); - return NULL; -} - -void _cleanup( pam_handle_t * pamh, void *x, int error_status ) -{ - x = _pam_delete( (char *) x ); -} - -/* - * Safe duplication of character strings. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -char * xstrdup( const char *x ) -{ - register char *new = NULL; - - if (x != NULL) { - register int i; - - for (i = 0; x[i]; ++i); /* length of string */ - if ((new = malloc(++i)) == NULL) { - i = 0; - _log_err( LOG_CRIT, "out of memory in xstrdup" ); - } else { - while (i-- > 0) { - new[i] = x[i]; - } - } - x = NULL; - } - return new; /* return the duplicate or NULL on error */ -} - -/* ************************************************************** * - * Useful non-trivial functions * - * ************************************************************** */ - -void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) -{ - int quiet; - const char *service = NULL; - struct _pam_failed_auth *failure; - -#ifdef PAM_DATA_SILENT - quiet = err & PAM_DATA_SILENT; /* should we log something? */ -#else - quiet = 0; -#endif -#ifdef PAM_DATA_REPLACE - err &= PAM_DATA_REPLACE; /* are we just replacing data? */ -#endif - failure = (struct _pam_failed_auth *) fl; - - if (failure != NULL) { - -#ifdef PAM_DATA_SILENT - if (!quiet && !err) { /* under advisement from Sun,may go away */ -#else - if (!quiet) { /* under advisement from Sun,may go away */ -#endif - - /* log the number of authentication failures */ - if (failure->count != 0) { - pam_get_item( pamh, PAM_SERVICE, (const void **) &service ); - _log_err( LOG_NOTICE - , "%d authentication %s " - "from %s for service %s as %s(%d)" - , failure->count - , failure->count == 1 ? "failure" : "failures" - , failure->agent - , service == NULL ? "**unknown**" : service - , failure->user, failure->id ); - if (failure->count > SMB_MAX_RETRIES) { - _log_err( LOG_ALERT - , "service(%s) ignoring max retries; %d > %d" - , service == NULL ? "**unknown**" : service - , failure->count - , SMB_MAX_RETRIES ); - } - } - } - _pam_delete( failure->agent ); /* tidy up */ - _pam_delete( failure->user ); /* tidy up */ - free( failure ); - } -} - -int _smb_verify_password( pam_handle_t * pamh - , const struct smb_passwd *smb_pwent - , const char *p, unsigned int ctrl ) -{ - uchar hash_pass[16]; - uchar lm_pw[16]; - uchar nt_pw[16]; - int retval; - char *data_name; - const char *name; - - if (!smb_pwent) - return PAM_ABORT; - - name = smb_pwent->smb_name; - -#ifdef HAVE_PAM_FAIL_DELAY - if (off( SMB_NODELAY, ctrl )) { - (void) pam_fail_delay( pamh, 1000000 ); /* 1 sec delay for on failure */ - } -#endif - - if (!smb_pwent->smb_passwd) - { - _log_err( LOG_DEBUG, "user %s has null SMB password" - , name ); - - if (off( SMB__NONULL, ctrl ) - && (smb_pwent->acct_ctrl & ACB_PWNOTREQ)) - { /* this means we've succeeded */ - return PAM_SUCCESS; - } else { - const char *service; - - pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , smb_pwent->smb_userid ); - return PAM_AUTH_ERR; - } - } - - data_name = (char *) malloc( sizeof(FAIL_PREFIX) - + strlen( name )); - if (data_name == NULL) { - _log_err( LOG_CRIT, "no memory for data-name" ); - } - strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) ); - strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 ); - - /* First we check whether we've been given the password in already - encrypted form. */ - if (strlen( p ) == 16 || (strlen( p ) == 32 - && pdb_gethexpwd( p, (char *) hash_pass ))) { - - if (!memcmp( hash_pass, smb_pwent->smb_passwd, 16 ) - || (smb_pwent->smb_nt_passwd - && !memcmp( hash_pass, smb_pwent->smb_nt_passwd, 16 ))) - { - retval = PAM_SUCCESS; - if (data_name) { /* reset failures */ - pam_set_data( pamh, data_name, NULL, _cleanup_failures ); - } - _pam_delete( data_name ); - memset( hash_pass, '\0', 16 ); - smb_pwent = NULL; - return retval; - } - } - - /* - * The password we were given wasn't an encrypted password, or it - * didn't match the one we have. We encrypt the password now and try - * again. - */ - - nt_lm_owf_gen(p, nt_pw, lm_pw); - - /* the moment of truth -- do we agree with the password? */ - - if (!memcmp( nt_pw, smb_pwent->smb_nt_passwd, 16 )) { - - retval = PAM_SUCCESS; - if (data_name) { /* reset failures */ - pam_set_data(pamh, data_name, NULL, _cleanup_failures); - } - } else { - - const char *service; - - pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - - if (data_name != NULL) { - struct _pam_failed_auth *new = NULL; - const struct _pam_failed_auth *old = NULL; - - /* get a failure recorder */ - - new = (struct _pam_failed_auth *) - malloc( sizeof(struct _pam_failed_auth) ); - - if (new != NULL) { - - /* any previous failures for this user ? */ - pam_get_data(pamh, data_name, (const void **) &old); - - if (old != NULL) { - new->count = old->count + 1; - if (new->count >= SMB_MAX_RETRIES) { - retval = PAM_MAXTRIES; - } - } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , smb_pwent->smb_userid ); - new->count = 1; - } - new->user = xstrdup( name ); - new->id = smb_pwent->smb_userid; - new->agent = xstrdup( uidtoname( getuid() ) ); - pam_set_data( pamh, data_name, new, _cleanup_failures ); - - } else { - _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , smb_pwent->smb_userid ); - } - } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , smb_pwent->smb_userid ); - retval = PAM_AUTH_ERR; - } - } - - _pam_delete( data_name ); - smb_pwent = NULL; - return retval; -} - - -/* - * _smb_blankpasswd() is a quick check for a blank password - * - * returns TRUE if user does not have a password - * - to avoid prompting for one in such cases (CG) - */ - -int _smb_blankpasswd( unsigned int ctrl, const struct smb_passwd *smb_pwent ) -{ - int retval; - - /* - * This function does not have to be too smart if something goes - * wrong, return FALSE and let this case to be treated somewhere - * else (CG) - */ - - if (on( SMB__NONULL, ctrl )) - return 0; /* will fail but don't let on yet */ - - if (smb_pwent->smb_passwd == NULL) - retval = 1; - else - retval = 0; - - return retval; -} - -/* - * obtain a password from the user - */ - -int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl - , const char *comment, const char *prompt1 - , const char *prompt2, const char *data_name - , const char **pass ) -{ - int authtok_flag; - int retval; - const char *item = NULL; - char *token; - - struct pam_message msg[3], *pmsg[3]; - struct pam_response *resp; - int i, expect; - - - /* make sure nothing inappropriate gets returned */ - - *pass = token = NULL; - - /* which authentication token are we getting? */ - - authtok_flag = on(SMB__OLD_PASSWD, ctrl) ? PAM_OLDAUTHTOK : PAM_AUTHTOK; - - /* should we obtain the password from a PAM item ? */ - - if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) { - retval = pam_get_item( pamh, authtok_flag, (const void **) &item ); - if (retval != PAM_SUCCESS) { - /* very strange. */ - _log_err( LOG_ALERT - , "pam_get_item returned error to smb_read_password" ); - return retval; - } else if (item != NULL) { /* we have a password! */ - *pass = item; - item = NULL; - return PAM_SUCCESS; - } else if (on( SMB_USE_FIRST_PASS, ctrl )) { - return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ - } else if (on( SMB_USE_AUTHTOK, ctrl ) - && off( SMB__OLD_PASSWD, ctrl )) - { - return PAM_AUTHTOK_RECOVER_ERR; - } - } - - /* - * getting here implies we will have to get the password from the - * user directly. - */ - - /* prepare to converse */ - if (comment != NULL && off(SMB__QUIET, ctrl)) { - pmsg[0] = &msg[0]; - msg[0].msg_style = PAM_TEXT_INFO; - msg[0].msg = comment; - i = 1; - } else { - i = 0; - } - - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt1; - - if (prompt2 != NULL) { - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt2; - expect = 2; - } else - expect = 1; - - resp = NULL; - - retval = converse( pamh, ctrl, i, pmsg, &resp ); - - if (resp != NULL) { - int j = comment ? 1 : 0; - /* interpret the response */ - - if (retval == PAM_SUCCESS) { /* a good conversation */ - - token = xstrdup(resp[j++].resp); - if (token != NULL) { - if (expect == 2) { - /* verify that password entered correctly */ - if (!resp[j].resp || strcmp( token, resp[j].resp )) { - _pam_delete( token ); - retval = PAM_AUTHTOK_RECOVER_ERR; - make_remark( pamh, ctrl, PAM_ERROR_MSG - , MISTYPED_PASS ); - } - } - } else { - _log_err(LOG_NOTICE, "could not recover authentication token"); - } - } - - /* tidy up */ - _pam_drop_reply( resp, expect ); - - } else { - retval = (retval == PAM_SUCCESS) ? PAM_AUTHTOK_RECOVER_ERR : retval; - } - - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) - _log_err( LOG_DEBUG, "unable to obtain a password" ); - return retval; - } - /* 'token' is the entered password */ - - if (off( SMB_NOT_SET_PASS, ctrl )) { - - /* we store this password as an item */ - - retval = pam_set_item( pamh, authtok_flag, (const void *)token ); - _pam_delete( token ); /* clean it up */ - if (retval != PAM_SUCCESS - || (retval = pam_get_item( pamh, authtok_flag - ,(const void **)&item )) != PAM_SUCCESS) - { - _log_err( LOG_CRIT, "error manipulating password" ); - return retval; - } - } else { - /* - * then store it as data specific to this module. pam_end() - * will arrange to clean it up. - */ - - retval = pam_set_data( pamh, data_name, (void *) token, _cleanup ); - if (retval != PAM_SUCCESS - || (retval = pam_get_data( pamh, data_name, (const void **)&item )) - != PAM_SUCCESS) - { - _log_err( LOG_CRIT, "error manipulating password data [%s]" - , pam_strerror( pamh, retval )); - _pam_delete( token ); - item = NULL; - return retval; - } - token = NULL; /* break link to password */ - } - - *pass = item; - item = NULL; /* break link to password */ - - return PAM_SUCCESS; -} - -int _pam_smb_approve_pass(pam_handle_t * pamh - ,unsigned int ctrl - ,const char *pass_old - ,const char *pass_new) -{ - - /* Further checks should be handled through module stacking. -SRL */ - if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new ))) - { - if (on(SMB_DEBUG, ctrl)) { - _log_err( LOG_DEBUG, - "passwd: bad authentication token (null or unchanged)" ); - } - make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? - "No password supplied" : "Password unchanged" ); - return PAM_AUTHTOK_ERR; - } - - return PAM_SUCCESS; -} diff --git a/source/pam_smbpass/support.h b/source/pam_smbpass/support.h deleted file mode 100644 index 85bbd0a523c..00000000000 --- a/source/pam_smbpass/support.h +++ /dev/null @@ -1,52 +0,0 @@ -/* syslogging function for errors and other information */ -extern void _log_err(int, const char *, ...); - -/* set the control flags for the UNIX module. */ -extern int set_ctrl(int, int, const char **); - -/* generic function for freeing pam data segments */ -extern void _cleanup(pam_handle_t *, void *, int); - -/* - * Safe duplication of character strings. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -extern char *xstrdup(const char *); - -/* ************************************************************** * - * Useful non-trivial functions * - * ************************************************************** */ - -extern void _cleanup_failures(pam_handle_t *, void *, int); - -/* compare 2 strings */ -extern BOOL strequal(const char *, const char *); - -extern struct smb_passwd * -_my_get_smbpwnam(FILE *, const char *, BOOL *, BOOL *, long *); - -extern int _smb_verify_password( pam_handle_t *pamh - , const struct smb_passwd *smb_pwent - , const char *p, unsigned int ctrl ); - -/* - * this function obtains the name of the current user and ensures - * that the PAM_USER item is set to this value - */ - -extern int _smb_get_user(pam_handle_t *, unsigned int, - const char *, const char **); - -/* _smb_blankpasswd() is a quick check for a blank password */ - -extern int _smb_blankpasswd(unsigned int, const struct smb_passwd *); - - -/* obtain a password from the user */ -extern int _smb_read_password( pam_handle_t *, unsigned int, const char*, - const char *, const char *, const char *, - const char **); - -extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *, - const char *); diff --git a/testsuite/lib/default-nt-names.exp b/testsuite/lib/default-nt-names.exp deleted file mode 100644 index 5d01d2a5bb3..00000000000 --- a/testsuite/lib/default-nt-names.exp +++ /dev/null @@ -1,20 +0,0 @@ -# -# A list of default domain/local users/groups. Unfortunately this is tied -# to the English language version of Windows NT. -# - -global domain - -# Domain users and groups - -set domain_users [list "$domain/Administrator" "$domain/Guest"] - -set domain_groups [list "$domain/Domain Admins" "$domain/Domain Guests" \ - "$domain/Domain Users"] - -# Local groups - -set local_groups [list "BUILTIN/Replicator" "BUILTIN/Server Operators" \ - "BUILTIN/Account Operators" "BUILTIN/Backup Operators" \ - "BUILTIN/Print Operators" "BUILTIN/Guests" "BUILTIN/Users" \ - "BUILTIN/Administrators"] diff --git a/testsuite/lib/nsswitch-config.exp b/testsuite/lib/nsswitch-config.exp deleted file mode 100644 index 38342685dfa..00000000000 --- a/testsuite/lib/nsswitch-config.exp +++ /dev/null @@ -1,21 +0,0 @@ -# -# Load environment variables -# - -global tool - -if { [file exists "deja-$tool.tcl"] } { - source "deja-$tool.tcl" -} - -# Required options - -if { ![info exists WORKGROUP] } { - error "\$WORKGROUP not set in config file" -} - -if { ![info exists PDC] } { - error "\$PDC not set in config file" -} - -set domain $WORKGROUP diff --git a/testsuite/nsswitch/.cvsignore b/testsuite/nsswitch/.cvsignore deleted file mode 100644 index 1c30875a884..00000000000 --- a/testsuite/nsswitch/.cvsignore +++ /dev/null @@ -1,12 +0,0 @@ -initgroups -nss_winbind_syms -getgrent_r -getgrgid -getgrnam -getpwent_r -getpwnam -wbtorture -leaktest? -getpwuid -getent_pwent -getent_grent diff --git a/testsuite/nsswitch/Makefile.longarg b/testsuite/nsswitch/Makefile.longarg deleted file mode 100644 index 6cc7ef8306d..00000000000 --- a/testsuite/nsswitch/Makefile.longarg +++ /dev/null @@ -1,5 +0,0 @@ -# -# Makefile for null tests -# - -longarg_getpwnam: longarg_getpwnam.o \ No newline at end of file diff --git a/testsuite/nsswitch/envvar.exp b/testsuite/nsswitch/envvar.exp deleted file mode 100644 index 134a8b37a85..00000000000 --- a/testsuite/nsswitch/envvar.exp +++ /dev/null @@ -1,282 +0,0 @@ -# -# @(#) Test operation of WINBINDD_DOMAIN environment variable -# - -load_lib "util-defs.exp" -load_lib "$srcdir/lib/nsswitch-config.exp" - -# -# @(#) Test that there is at least one domain user and domain group -# @(#) in the output of getent passwd and getent group. -# - -# Get list of users and groups - -set user_list [util_start "getent passwd"] -set group_list [util_start "getent group"] - -verbose "user list is:\n$user_list" -verbose "group list is:\n$group_list" - -# Check for domain users - -set no_dom 0 - -if { ![regexp "$domain/" $user_list] } { - fail "no domain users in getent" - set no_dom 1 -} - -# Check for domain groups - -if { ![regexp "$domain/" $group_list] } { - fail "no domain groups in getent group" - set no_dom 1 -} - -if { $no_dom } { - return -} - -# -# @(#) Check for "leakage" between different domains using the -# @(#) WINBINDD_DOMAIN environment variable. -# - -verbose "Domain is $domain" - -set output [util_start "bin/wbinfo" "-m"] -verbose "Trusted domains are $output" -set trusted_domain_list [split $output "\n"] - -# Test simple inclusion by setting $WINBINDD_DOMAIN to each trusted domain -# in turn and checking there are no users/groups from other domains in the -# output of getent. - -set domain_list $trusted_domain_list -lappend domain_list $domain - -foreach { the_domain } $domain_list { - - set env(WINBINDD_DOMAIN) $the_domain - - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { user } [split $user_out "\n"] { - set user_name [lindex [split $user ":"] 0] - if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { group } [split $group_out "\n"] { - set group_name [lindex [split $group ":"] 0] - if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Test inclusion of a dummy domain doesn't generate users/groups -# @(#) from that domain. -# - -set env(WINBINDD_DOMAIN) "asmithee" -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -# Users - -set test_desc "users in different WINBINDD_DOMAIN" -if { [regexp $domain $user_out] } { - fail $test_desc -} else { - pass $test_desc -} - -# Groups - -set test_desc "groups in different WINBINDD_DOMAIN" -if { [regexp $domain $group_out] } { - fail $test_desc -} else { - pass $test_desc -} - -# -# @(#) Test comma separated inclusion of dummy domain doesn't generate -# @(#) users/groups in the dummy domain. -# - -foreach { the_domain } $domain_list { - set env(WINBINDD_DOMAIN) "$the_domain,asmithee" - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in comma separated WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { user } [split $user_out "\n"] { - set user_name [lindex [split $user ":"] 0] - if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in comma separated WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { group } [split $group_out "\n"] { - set group_name [lindex [split $group ":"] 0] - if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Test two comma separated dummy domains do not generate any domain -# @(#) users or groups. -# - -foreach { the_domain } $domain_list { - - set env(WINBINDD_DOMAIN) "moose,asmithee" - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in comma separated invalid WINBINDD_DOMAIN" - if { [regexp $the_domain $user_out] } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in comma separated invalid WINBINDD_DOMAIN" - if { [regexp $the_domain $group_out] } { - fail $test_desc - } else { - pass $test_desc - } -} - -set env(WINBINDD_DOMAIN) "" - -# -# @(#) Test _NO_WINBINDD doesn't return any domain users or groups -# - -set env(_NO_WINBINDD) "1" -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -verbose "users with _NO_WINBINDD:\n$user_out\n" -verbose "groups with _NO_WINBINDD:\n$group_out\n" - -foreach { the_domain } $domain_list { - - # Users - - set test_desc "users found with _NO_WINBINDD environment variable set" - if { [regexp $the_domain $user_out] } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups found with _NO_WINBINDD environment variable set" - if { [regexp $the_domain $group_out] } { - fail $test_desc - } else { - pass $test_desc - } -} - -# Unset _NO_WINBINDD and make sure everything still works - -unset env(_NO_WINBINDD) - -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -verbose "users with _NO_WINBINDD unset:\n$user_out\n" -verbose "groups with _NO_WINBINDD unset:\n$group_out\n" - -# Users - -set test_desc "no users found with _NO_WINBINDD environment variable set" -if { $user_out != $user_list } { - fail $test_desc -} else { - pass $test_desc -} - -# Groups - -set test_desc "no groups found with _NO_WINBINDD environment variable set" -if { $group_out != $group_list } { - fail $test_desc -} else { - pass $test_desc -} - -# Make sure we unset the environment vars so we don't cause subsequent tests -# any grief. - -catch { unset env(WINBINDD_DOMAIN) } tmp -catch { unset env(_NO_WINBINDD) } tmp diff --git a/testsuite/nsswitch/getent.c b/testsuite/nsswitch/getent.c deleted file mode 100644 index b4c4e50c6fe..00000000000 --- a/testsuite/nsswitch/getent.c +++ /dev/null @@ -1,151 +0,0 @@ -/* Cut down version of getent which only returns passwd and group database - entries and seems to compile on most systems without too much fuss. - Original copyright notice below. */ - -/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc. - This file is part of the GNU C Library. - Contributed by Thorsten Kukuk , 1998. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the GNU C Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -#include -#include -#include - -group_keys (int number, char *key[]) -{ - int result = 0; - int i; - - for (i = 0; i < number; ++i) - { - struct group *grp; - - if (isdigit (key[i][0])) - grp = getgrgid (atol (key[i])); - else - grp = getgrnam (key[i]); - - if (grp == NULL) - result = 2; - else - print_group (grp); - } - - return result; -} - -passwd_keys (int number, char *key[]) -{ - int result = 0; - int i; - - for (i = 0; i < number; ++i) - { - struct passwd *pwd; - - if (isdigit (key[i][0])) - pwd = getpwuid (atol (key[i])); - else - pwd = getpwnam (key[i]); - - if (pwd == NULL) - result = 2; - else - print_passwd (pwd); - } - - return result; -} - -print_group (struct group *grp) -{ - unsigned int i = 0; - - printf ("%s:%s:%ld:", grp->gr_name ? grp->gr_name : "", - grp->gr_passwd ? grp->gr_passwd : "", - (unsigned long)grp->gr_gid); - - while (grp->gr_mem[i] != NULL) - { - fputs (grp->gr_mem[i], stdout); - ++i; - if (grp->gr_mem[i] != NULL) - fputs (",", stdout); - } - fputs ("\n", stdout); -} - -print_passwd (struct passwd *pwd) -{ - printf ("%s:%s:%ld:%ld:%s:%s:%s\n", - pwd->pw_name ? pwd->pw_name : "", - pwd->pw_passwd ? pwd->pw_passwd : "", - (unsigned long)pwd->pw_uid, - (unsigned long)pwd->pw_gid, - pwd->pw_gecos ? pwd->pw_gecos : "", - pwd->pw_dir ? pwd->pw_dir : "", - pwd->pw_shell ? pwd->pw_shell : ""); -} - -int main(int argc, char **argv) -{ - switch(argv[1][0]) - { - case 'g': /* group */ - if (strcmp (argv[1], "group") == 0) - { - if (argc == 2) - { - struct group *grp; - - setgrent (); - while ((grp = getgrent()) != NULL) - print_group (grp); - endgrent (); - } - else - return group_keys (argc - 2, &argv[2]); - } - else - goto error; - break; - - case 'p': /* passwd, protocols */ - if (strcmp (argv[1], "passwd") == 0) - { - if (argc == 2) - { - struct passwd *pwd; - - setpwent (); - while ((pwd = getpwent()) != NULL) - print_passwd (pwd); - endpwent (); - } - else - return passwd_keys (argc - 2, &argv[2]); - } - else - goto error; - break; - default: - error: - fprintf (stderr, "Unknown database: %s\n", argv[1]); - return 1; - } - return 0; -} diff --git a/testsuite/nsswitch/getent_grent.c b/testsuite/nsswitch/getent_grent.c deleted file mode 100644 index 782cc0c86b7..00000000000 --- a/testsuite/nsswitch/getent_grent.c +++ /dev/null @@ -1,101 +0,0 @@ -/* Test out of order operations with {set,get,end}grent */ - -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include -#include - -int main (int argc, char **argv) -{ - struct group *gr; - int found = 0; - int num_users, i; - - /* Test getgrent() without setgrent() */ - - for (i = 0; i < 100; i++) { - gr = getgrent(); - - /* This is supposed to work */ - -#if 0 - if (gr != NULL) { - printf("FAIL: getgrent() with no setgrent()\n"); - return 1; - } -#endif - } - - /* Work out how many user till first domain group */ - - num_users = 0; - setgrent(); - - while (1) { - gr = getgrent(); - num_users++; - - if (gr == NULL) break; - - if (strchr(gr->gr_name, '/')) { - found = 1; - break; - } - - } - - if (!found) { - printf("FAIL: could not find any domain groups\n"); - return 1; - } - - /* Test stopping getgrent in the middle of a set of users */ - - endgrent(); - - /* Test setgrent() without any getgrent() calls */ - - setgrent(); - - for (i = 0; i < (num_users - 1); i++) { - getgrent(); - } - - endgrent(); - - /* Test lots of setgrent() calls */ - - for (i = 0; i < 100; i++) { - setgrent(); - } - - /* Test lots of endgrent() calls */ - - for (i = 0; i < 100; i++) { - endgrent(); - } - - /* Everything's cool */ - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/getent_pwent.c b/testsuite/nsswitch/getent_pwent.c deleted file mode 100644 index 96c804433a4..00000000000 --- a/testsuite/nsswitch/getent_pwent.c +++ /dev/null @@ -1,113 +0,0 @@ -/* Test out of order operations with {set,get,end}pwent */ - -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include -#include - -int main (int argc, char **argv) -{ - struct passwd *pw; - int found = 0; - int num_users, i; - - /* Test getpwent() without setpwent() */ - - for (i = 0; i < 100; i++) { - pw = getpwent(); - - /* This is supposed to work */ - -#if 0 - if (pw != NULL) { - printf("FAIL: getpwent() with no setpwent()\n"); - return 1; - } -#endif - } - - /* Work out how many user till first domain user */ - - num_users = 0; - setpwent(); - - while (1) { - pw = getpwent(); - num_users++; - - if (pw == NULL) break; - - if (strchr(pw->pw_name, '/')) { - found = 1; - break; - } - - } - - if (!found) { - printf("FAIL: could not find any domain users\n"); - return 1; - } - - /* Test stopping getpwent in the middle of a set of users */ - - endpwent(); - - /* Test setpwent() without any getpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - endpwent(); - - /* Test lots of setpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - for (i = 0; i < 100; i++) { - setpwent(); - } - - /* Test lots of endpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - for (i = 0; i < 100; i++) { - endpwent(); - } - - /* Everything's cool */ - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/groupmem_dom.exp b/testsuite/nsswitch/groupmem_dom.exp deleted file mode 100644 index 3ba34bb810e..00000000000 --- a/testsuite/nsswitch/groupmem_dom.exp +++ /dev/null @@ -1,33 +0,0 @@ -# -# @(#) Test whether members of domain groups all have domain names -# - -load_lib util-defs.exp - -set group_list [split [util_start "getent group" ""] "\n"] -set failed 0 - -foreach { group } $group_list { - set group_entry [split $group ":"] - - set group_name [lindex $group_entry 0] - set group_members [split [lindex $group_entry 3] ","] - - if { [regexp {^[^/]+/} $group_name] } { - - verbose "group $group_name has members $group_members" - - foreach { user } $group_members { - if { ![regexp {^[^/]+/} $user] } { - fail "group $group has non-domain user $user" - set failed 1 - } - } - } else { - verbose "ignoring non-domain group $group_name" - } -} - -if { !$failed } { - pass "domain groups contain only domain members" -} diff --git a/testsuite/nsswitch/initgroups.c b/testsuite/nsswitch/initgroups.c deleted file mode 100644 index b7d9c50eaa3..00000000000 --- a/testsuite/nsswitch/initgroups.c +++ /dev/null @@ -1,42 +0,0 @@ -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - int result, ngroups, i; - gid_t *groups; - struct passwd *pw; - - if (!(pw = getpwnam(argv[1]))) { - printf("FAIL: no passwd entry for %s\n", argv[1]); - return 1; - } - - result = initgroups(argv[1], pw->pw_gid); - - if (result == -1) { - printf("FAIL"); - return 1; - } - - ngroups = getgroups(0, NULL); - - groups = (gid_t *)malloc(sizeof(gid_t) * ngroups); - ngroups = getgroups(ngroups, groups); - - printf("%s is a member of groups:\n", argv[1]); - - for (i = 0; i < ngroups; i++) { - struct group *grp; - - grp = getgrgid(groups[i]); - - printf("%d (%s)\n", groups[i], grp ? grp->gr_name : "?"); - } - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/initgroups.exp b/testsuite/nsswitch/initgroups.exp deleted file mode 100644 index ab21bcc9e7b..00000000000 --- a/testsuite/nsswitch/initgroups.exp +++ /dev/null @@ -1,37 +0,0 @@ -# -# @(#) Test initgroups function -# - -load_lib util-defs.exp -load_lib compile.exp - -if { [util_start "id -u"] != 0 } { - set test_desc "must be userid 0 to run" - note $test_desc - untested $test_desc - return -} - -# Compile test program - -simple_compile "initgroups" - -# Test domain users - -set user_list [split [util_start "bin/wbinfo" "-u"] "\n"] - -verbose $user_list - -foreach { user } $user_list { - set output [util_start "$srcdir/$subdir/initgroups" "\"$user\"" ""] - - verbose $output - - set test_desc "initgroups $user" - - if { [regexp "PASS" $output] } { - pass $test_desc - } else { - fail $test_desc - } -} diff --git a/testsuite/nsswitch/login.exp b/testsuite/nsswitch/login.exp deleted file mode 100644 index c2bb0e5a40a..00000000000 --- a/testsuite/nsswitch/login.exp +++ /dev/null @@ -1,102 +0,0 @@ -# -# @(#) Test logins using pam_winbind.so module using telnet -# - -load_lib util-defs.exp -load_lib nsswitch-config.exp - -# -# @(#) Test user can login -# - -spawn telnet localhost - -set test_desc "telnet localhost (login)" - -expect { - "login:" { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -send "$domain/$USER\r" - -set test_desc "telnet localhost (password)" - -expect { - "Password:" { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -send "$PASSWORD\r" - -expect { - "$ " { } - "Login incorrect" { fail "login incorrect"; return } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -pass "login $domain/$USER" - -# -# @(#) Check supplementary group membership -# - -set test_desc "supplementary groups" - -# Get list of groups - -send "id -G\r" - -expect { - -re "((\[0-9]+ )*\[0-9]+\r)" { exp_continue; } - "$ " { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -set groups $expect_out(1,string) -set wb_groups [util_start "bin/wbinfo" "-r $domain/$USER"] - -verbose "id groups are $groups" -verbose "wbinfo groups are $wb_groups" - -# Check all groups from id are in wbinfo and vice-versa - -set failed 0 - -foreach { group } $groups { - set got_group 0 - foreach { wb_group } $wb_groups { - if { $wb_group == $group } { - set got_group 1 - break - } - } - - if { !$got_group } { - fail "group $group not in output of wbinfo -r" - set failed 1 - } -} - -foreach { wb_group } $wb_groups { - set got_group 0 - foreach { group } $groups { - if { $group == $wb_group } { - set got_group 1 - break - } - } - - if { !$got_group } { - fail "group $group not in output of id -G" - set failed 1 - } -} - -if { !$failed } { - pass "id/wbinfo groups match" -} diff --git a/testsuite/nsswitch/longarg.exp b/testsuite/nsswitch/longarg.exp deleted file mode 100644 index e1d0eda9ccb..00000000000 --- a/testsuite/nsswitch/longarg.exp +++ /dev/null @@ -1,29 +0,0 @@ -# -# @(#) Test handling of long arguments passed to various nss functions -# - -load_lib compile.exp -load_lib util-defs.exp - -# Run tests from C source files - -set longarg_tests [list \ - { "long arg to getpwnam()" "longarg_getpwnam" } \ - { "long arg to getgrnam()" "longarg_getgrnam" } \ - ] - -foreach { test } $longarg_tests { - set test_desc [lindex $test 0] - set test_file [lindex $test 1] - - simple_make "longarg" $test_file - set output [util_start "$srcdir/$subdir/$test_file" ] - - if { [regexp "PASS" $output] } { - pass $test_desc - file delete "$srcdir/$subdir/$test_file" "$srcdir/$subdir/$test_file.o" - } else { - fail $test_desc - puts $output - } -} diff --git a/testsuite/nsswitch/longarg_getgrnam.c b/testsuite/nsswitch/longarg_getgrnam.c deleted file mode 100644 index 84083d2620e..00000000000 --- a/testsuite/nsswitch/longarg_getgrnam.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include -#include -#include -#include - -#include "longarg_utils.h" - -int main(void) -{ - struct group *grp; - char *domain = getenv("TEST_WORKGROUP"); - char long_name[65535]; - int failed = 0; - - sprintf(long_name, "%s/%s", domain, LONG_STRING); - - grp = getgrnam(long_name); - printf("%s\n", !grp ? "PASS" : "FAIL"); - - return grp == NULL; -} diff --git a/testsuite/nsswitch/longarg_getpwnam.c b/testsuite/nsswitch/longarg_getpwnam.c deleted file mode 100644 index f2a0a73ddca..00000000000 --- a/testsuite/nsswitch/longarg_getpwnam.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include -#include -#include -#include - -#include "longarg_utils.h" - -int main(void) -{ - struct passwd *pwd; - char *domain = getenv("TEST_WORKGROUP"); - char long_name[65535]; - int failed = 0; - - sprintf(long_name, "%s/%s", domain, LONG_STRING); - - pwd = getpwnam(long_name); - printf("%s\n", !pwd ? "PASS" : "FAIL"); - - return pwd == NULL; -} diff --git a/testsuite/nsswitch/longarg_utils.h b/testsuite/nsswitch/longarg_utils.h deleted file mode 100644 index 1f2f2a7065d..00000000000 --- a/testsuite/nsswitch/longarg_utils.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _LONGARG_UTILS_H -#define _LONGARG_UTILS_H - -#define LONG_STRING "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - -#endif diff --git a/testsuite/nsswitch/wbinfo.exp b/testsuite/nsswitch/wbinfo.exp deleted file mode 100644 index 3518db387be..00000000000 --- a/testsuite/nsswitch/wbinfo.exp +++ /dev/null @@ -1,360 +0,0 @@ -# -# @(#) Test wbinfo client access to winbind daemon -# - -load_lib "util-defs.exp" -load_lib "$srcdir/lib/nsswitch-config.exp" -load_lib "$srcdir/lib/default-nt-names.exp" - -# Name types - -set SID_NAME_USER 1 -set SID_NAME_DOM_GRP 2 -set SID_NAME_DOMAIN 3 -set SID_NAME_ALIAS 4 -set SID_NAME_UNKNOWN 8 - -# Get list of users and groups - -set user_list [util_start "bin/wbinfo" "-u"] -set group_list [util_start "bin/wbinfo" "-g"] - -verbose "user list is:\n$user_list" -verbose "group list is:\n$group_list" - -set user_list [split $user_list "\n"] -set group_list [split $group_list "\n"] - -# -# @(#) Check list of users and groups contain default NT user and group -# @(#) names -# - -# Users - -foreach { user } $domain_users { - set test_desc "user $user in wbinfo domain users" - if {![regexp $user $user_list]} { - fail $test_desc - } else { - pass $test_desc - } -} - -# Groups - -foreach { group } $domain_groups { - set test_desc "group $group in wbinfo domain groups" - if {![regexp $group $group_list]} { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Lookup sids for all user and group names returned by wbinfo -# - -# Users - -foreach { user } $user_list { - set test_desc "get sid for user $user" - set output [util_start "bin/wbinfo" "-n \"$user\""] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set sid_type [lindex $list [expr [llength $list] - 1]] - set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { ![regexp "S-" $sid] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "sid type for user $user" - if { $sid_type != $SID_NAME_USER } { - fail $test_desc - } else { - pass $test_desc - } - - lappend user_sid_list $sid -} - -# Groups - -foreach { group } $group_list { - set test_desc "get sid for group $group" - set output [util_start "bin/wbinfo" "-n \"$group\""] - - verbose $output - - # Split output into sid and sid type - - set list [split $output " "] - set sid_type [lindex $list [expr [llength $list] - 1]] - set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { ![regexp "S-" $sid] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "sid type for group group" - if { $sid_type != $SID_NAME_DOM_GRP } { - fail $test_desc - } else { - pass $test_desc - } - - lappend group_sid_list $sid -} - -# -# @(#) Check reverse lookup of sids to names -# - -# Users - -set count 0 - -foreach { sid } $user_sid_list { - set test_desc "reverse user name lookup for sid $sid" - set output [util_start "bin/wbinfo" "-s $sid"] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { $name != [lindex $user_list $count] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "reverse user name type lookup for sid $sid" - - if { $name_type != 1 } { - fail $test_desc - } else { - pass $test_desc - } - - incr count -} - -# Groups - -set count 0 - -foreach { sid } $group_sid_list { - set test_desc "reverse group name lookup for sid $sid" - set output [util_start "bin/wbinfo" "-s $sid"] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { $name != [lindex $group_list $count] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "reverse group name type lookup for sid $sid" - - if { $name_type != 2 } { - fail $test_desc - } else { - pass $test_desc - } - - incr count -} - -# -# @(#) Cross-check the output of wbinfo -n, getent passwd/group and -# @(#) wbinfo -S -# - -# Get mapped list of uids from winbindd - -set output [util_start "getent" "passwd"] -set user_list [split $output "\n"] - -foreach { user_entry } $user_list { - if { [regexp $domain $user_entry] } { - set field_list [split $user_entry ":"] - set name_output [util_start "bin/wbinfo" \ - "-n \"[lindex $field_list 0]\""] - set list [split $name_output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - set username_uid_sid [lappend username_uid_sid [list \ - [lindex $field_list 0] \ - [lindex $field_list 2] \ - $name]] - } -} - -# Get mapped list of gids from winbindd - -set output [util_start "getent" "group"] -set group_list [split $output "\n"] - -foreach { group_entry } $group_list { - if { [regexp $domain $group_entry] } { - set field_list [split $group_entry ":"] - set groupname_gid_sid [lappend groupname_gid_sid [list \ - [lindex $field_list 0] \ - [lindex $field_list 2] \ - [util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]] - } -} - -# OK, now we have enough info to cross-check the uid/gid -> sid and -# sid -> uid/gid functions - -foreach { user } $username_uid_sid { - set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"] - set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"] - - set test_desc "lookup sid by uid [lindex $user 1]" - - if { $sid != [lindex $user 2] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "lookup uid by sid [lindex $user 2]" - - if { $uid != [lindex $user 1] } { - fail $test_desc - } else { - pass $test_desc - } -} - -foreach { group } $groupname_gid_sid { - set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"] - set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"] - - set test_desc "lookup sid by gid [lindex $group 1]" - - if { $sid != [lindex [split [lindex $group 2] " "] 0] || - [lindex [split [lindex $group 2] " " ] 1] != 2 } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "lookup gid by sid [lindex $group 2]" - - if { $gid != [lindex $group 1] } { - fail $test_desc - } else { - pass $test_desc - } -} - -# Check exit codes - -proc check_errcode { args } { - global errorCode - set test_desc [lindex $args 0] - set cmd [lindex $args 1] - set result [lindex $args 2] - - set errorCode "" - verbose "Spawning $cmd" - catch "exec $cmd" output - set exit_code [lindex $errorCode 2] - if { $exit_code == "" } { set exit_code 0 } - - if { $exit_code == $result } { - verbose "process returned correct exit code $exit_code" - pass $test_desc - } else { - verbose "process returned bad exit code $exit_code instead of $result" - fail $test_desc - } -} - -set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0] -set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"] - -set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0] -set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"] - -# Some conditions not tested: -# - bad list users/groups -# - good uid/gid to sid - -set errcode_tests [list \ - { "no arg" "bin/wbinfo" 1 } \ - { "invalid arg" "bin/wbinfo -@" 1 } \ - { "list users" "bin/wbinfo -u" 0 } \ - { "list groups" "bin/wbinfo -g" 0 } \ - { "good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \ - { "bad name to sid" "bin/wbinfo -n asmithee" 0 } \ - { "good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \ - { "bad sid to name" "bin/wbinfo -s S-1234" 1 } \ - { "bad uid to sid" "bin/wbinfo -U 0" 1 } \ - { "bad gid to sid" "bin/wbinfo -G 0" 1} \ - { "good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \ - { "bad sid to uid" "bin/wbinfo -S S-1234" 1 } \ - { "good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \ - { "bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \ - ] - -foreach { test } $errcode_tests { - check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2] -} - -# Test enumerate trusted domains - -set test_desc "enumerate trusted domains" -set output [util_start "bin/wbinfo" "-m"] - -verbose $output - -foreach { the_domain } $output { - if { $the_domain == $domain} { - fail "own domain appears in trusted list" - } -} - -if {[regexp "Usage" $output] || [regexp "Could not" $output]} { - fail $test_desc -} else { - pass $test_desc -} - -# Test check machine account - -set test_desc "check machine account" -set output [util_start "bin/wbinfo" "-t"] - -verbose $output - -if {[regexp "Usage" $output] || [regexp "Could not" $output] || \ - ![regexp "(good|bad)" $output]} { - fail $test_desc -} else { - pass $test_desc -} -- cgit