From 8d63a817bb04da3c7cc43e342a9034f5f23c5041 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 1 Feb 2002 22:15:18 +0000 Subject: Move over to RELEASE branch. Jeremy. --- source/passdb/pampass.c | 93 +++++----- source/passdb/pass_check.c | 6 +- source/passdb/passdb.c | 162 +++++++++++----- source/passdb/passgrp.c | 2 - source/passdb/pdb_ldap.c | 422 ++++++++++++++++++++++-------------------- source/passdb/pdb_nisplus.c | 81 +++----- source/passdb/pdb_smbpasswd.c | 55 +----- source/passdb/pdb_tdb.c | 302 +++++++++++++++--------------- source/passdb/secrets.c | 15 +- source/passdb/smbpassfile.c | 1 - 10 files changed, 570 insertions(+), 569 deletions(-) (limited to 'source/passdb') diff --git a/source/passdb/pampass.c b/source/passdb/pampass.c index dd9d38f66c3..018eae3a07e 100644 --- a/source/passdb/pampass.c +++ b/source/passdb/pampass.c @@ -30,8 +30,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - #ifdef WITH_PAM /******************************************************************* @@ -49,9 +47,9 @@ extern int DEBUGLEVEL; */ struct smb_pam_userdata { - char *PAM_username; - char *PAM_password; - char *PAM_newpassword; + const char *PAM_username; + const char *PAM_password; + const char *PAM_newpassword; }; typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr); @@ -83,12 +81,13 @@ static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, *********************************************************************/ static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error, - char *msg, int dbglvl, uint32 *nt_status) + char *msg, int dbglvl, + NTSTATUS *nt_status) { if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl)) return True; - if (*nt_status == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(*nt_status)) { /* Complain LOUDLY */ DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \ error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE")); @@ -158,7 +157,7 @@ static int smb_pam_conv(int num_msg, default: /* Must be an error of some sort... */ - free(reply); + SAFE_FREE(reply); return PAM_CONV_ERR; } } @@ -181,7 +180,7 @@ static void special_char_sub(char *buf) all_string_sub(buf, "\\t", "\t", 0); } -static void pwd_sub(char *buf, char *username, char *oldpass, char *newpass) +static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass) { pstring_sub(buf, "%u", username); all_string_sub(buf, "%o", oldpass, sizeof(fstring)); @@ -249,7 +248,7 @@ static void free_pw_chat(struct chat_struct *list) while (list) { struct chat_struct *old_head = list; DLIST_REMOVE(list, list); - free(old_head); + SAFE_FREE(old_head); } } @@ -324,8 +323,7 @@ static int smb_pam_passchange_conv(int num_msg, if (!found) { DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); free_pw_chat(pw_chat); - free(reply); - reply = NULL; + SAFE_FREE(reply); return PAM_CONV_ERR; } break; @@ -357,8 +355,7 @@ static int smb_pam_passchange_conv(int num_msg, if (!found) { DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); free_pw_chat(pw_chat); - free(reply); - reply = NULL; + SAFE_FREE(reply); return PAM_CONV_ERR; } break; @@ -375,8 +372,7 @@ static int smb_pam_passchange_conv(int num_msg, default: /* Must be an error of some sort... */ free_pw_chat(pw_chat); - free(reply); - reply = NULL; + SAFE_FREE(reply); return PAM_CONV_ERR; } } @@ -394,24 +390,24 @@ static int smb_pam_passchange_conv(int num_msg, static void smb_free_pam_conv(struct pam_conv *pconv) { if (pconv) - safe_free(pconv->appdata_ptr); + SAFE_FREE(pconv->appdata_ptr); - safe_free(pconv); + SAFE_FREE(pconv); } /*************************************************************************** Allocate a pam_conv struct. ****************************************************************************/ -static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, char *user, - char *passwd, char *newpass) +static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user, + const char *passwd, const char *newpass) { struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv)); struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata)); if (pconv == NULL || udp == NULL) { - safe_free(pconv); - safe_free(udp); + SAFE_FREE(pconv); + SAFE_FREE(udp); return NULL; } @@ -449,9 +445,10 @@ static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr) * Start PAM authentication for specified account */ -static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct pam_conv *pconv) +static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv) { int pam_error; + const char *our_rhost; *pamh = (pam_handle_t *)NULL; @@ -464,14 +461,16 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p } if (rhost == NULL) { - rhost = client_name(); + our_rhost = client_name(); if (strequal(rhost,"UNKNOWN")) - rhost = client_addr(); + our_rhost = client_addr(); + } else { + our_rhost = rhost; } #ifdef PAM_RHOST - DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost)); - pam_error = pam_set_item(*pamh, PAM_RHOST, rhost); + DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); + pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { smb_pam_end(*pamh, pconv); *pamh = (pam_handle_t *)NULL; @@ -494,10 +493,10 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p /* * PAM Authentication Handler */ -static uint32 smb_pam_auth(pam_handle_t *pamh, char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) { int pam_error; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; /* * To enable debugging set in /etc/pam.d/samba: @@ -548,10 +547,10 @@ static uint32 smb_pam_auth(pam_handle_t *pamh, char *user) /* * PAM Account Handler */ -static uint32 smb_pam_account(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) { int pam_error; - uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED; + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user)); pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */ @@ -594,10 +593,10 @@ static uint32 smb_pam_account(pam_handle_t *pamh, char * user) * PAM Credential Setting */ -static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) { int pam_error; - uint32 nt_status = NT_STATUS_NO_TOKEN; + NTSTATUS nt_status = NT_STATUS_NO_TOKEN; /* * This will allow samba to aquire a kerberos token. And, when @@ -668,7 +667,7 @@ static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, * Internal PAM Password Changer. */ -static BOOL smb_pam_chauthtok(pam_handle_t *pamh, char * user) +static BOOL smb_pam_chauthtok(pam_handle_t *pamh, const char * user) { int pam_error; @@ -778,9 +777,9 @@ BOOL smb_pam_close_session(char *user, char *tty, char *rhost) * PAM Externally accessible Account handler */ -uint32 smb_pam_accountcheck(char * user) +NTSTATUS smb_pam_accountcheck(const char * user) { - uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED; + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; pam_handle_t *pamh = NULL; struct pam_conv *pconv = NULL; @@ -790,12 +789,12 @@ uint32 smb_pam_accountcheck(char * user) return NT_STATUS_OK; if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) - return False; + return NT_STATUS_NO_MEMORY; if (!smb_pam_start(&pamh, user, NULL, pconv)) return NT_STATUS_ACCOUNT_DISABLED; - if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user)); smb_pam_end(pamh, pconv); @@ -806,10 +805,10 @@ uint32 smb_pam_accountcheck(char * user) * PAM Password Validation Suite */ -uint32 smb_pam_passcheck(char * user, char * password) +NTSTATUS smb_pam_passcheck(char * user, char * password) { pam_handle_t *pamh = NULL; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; struct pam_conv *pconv = NULL; /* @@ -824,19 +823,19 @@ uint32 smb_pam_passcheck(char * user, char * password) if (!smb_pam_start(&pamh, user, NULL, pconv)) return NT_STATUS_LOGON_FAILURE; - if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; } - if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; } - if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; @@ -850,7 +849,7 @@ uint32 smb_pam_passcheck(char * user, char * password) * PAM Password Change Suite */ -BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword) +BOOL smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword) { /* Appropriate quantities of root should be obtained BEFORE calling this function */ struct pam_conv *pconv = NULL; @@ -874,19 +873,19 @@ BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword) #else /* If PAM not used, no PAM restrictions on accounts. */ - uint32 smb_pam_accountcheck(char * user) +NTSTATUS smb_pam_accountcheck(const char * user) { return NT_STATUS_OK; } /* If PAM not used, also no PAM restrictions on sessions. */ - BOOL smb_pam_claim_session(char *user, char *tty, char *rhost) +BOOL smb_pam_claim_session(char *user, char *tty, char *rhost) { return True; } /* If PAM not used, also no PAM restrictions on sessions. */ - BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost) +BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost) { return True; } diff --git a/source/passdb/pass_check.c b/source/passdb/pass_check.c index b3e762741fc..2437aa0d53e 100644 --- a/source/passdb/pass_check.c +++ b/source/passdb/pass_check.c @@ -24,8 +24,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - /* these are kept here to keep the string_combinations function simple */ static fstring this_user; static fstring this_salt; @@ -233,7 +231,7 @@ static BOOL dfs_auth(char *user, char *password) } /* - * NB. I'd like to change these to call something like become_user() + * NB. I'd like to change these to call something like change_to_user() * instead but currently we don't have a connection * context to become the correct user. This is already * fairly platform specific code however, so I think @@ -599,7 +597,7 @@ static BOOL password_check(char *password) { #ifdef WITH_PAM - return (smb_pam_passcheck(this_user, password) == NT_STATUS_OK); + return (NT_STATUS_IS_OK(smb_pam_passcheck(this_user, password))); #endif /* WITH_PAM */ #ifdef WITH_AFS diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 37da884a67f..fd2a678a268 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -23,8 +23,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - /* * This is set on startup - it defines the SID for this * machine, and therefore the SAM database for which it is @@ -78,6 +76,9 @@ static BOOL pdb_fill_default_sam(SAM_ACCOUNT *user) } ZERO_STRUCTP(user); + + user->init_flag = FLAG_SAM_UNINIT; + user->uid = user->gid = -1; user->logon_time = (time_t)0; user->pass_last_set_time = (time_t)0; user->pass_can_change_time = (time_t)0; @@ -138,14 +139,15 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd) return False; } + pdb_set_username(*new_sam_acct, pwd->pw_name); pdb_set_fullname(*new_sam_acct, pwd->pw_gecos); pdb_set_uid(*new_sam_acct, pwd->pw_uid); pdb_set_gid(*new_sam_acct, pwd->pw_gid); - pdb_set_profile_path(*new_sam_acct, lp_logon_path()); - pdb_set_homedir(*new_sam_acct, lp_logon_home()); - pdb_set_dir_drive(*new_sam_acct, lp_logon_drive()); - pdb_set_logon_script(*new_sam_acct, lp_logon_script()); + pdb_set_profile_path(*new_sam_acct, lp_logon_path(), False); + pdb_set_homedir(*new_sam_acct, lp_logon_home(), False); + pdb_set_dir_drive(*new_sam_acct, lp_logon_drive(), False); + pdb_set_logon_script(*new_sam_acct, lp_logon_script(), False); return True; } @@ -826,8 +828,11 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) to->unknown_6 = from->unknown_6; } +#if 0 /* JERRY */ /************************************************************* Copies a SAM_ACCOUNT. + FIXME!!!! This is broken as SAM_ACCOUNT contains two + pointers. --jerry **************************************************************/ void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from) @@ -836,7 +841,10 @@ void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from) return; memcpy(to, from, sizeof(SAM_ACCOUNT)); -} + + +} +#endif /************************************************************* Change a password entry in the local smbpasswd file. @@ -875,6 +883,16 @@ account without a valid local system user.\n", user_name); /* Get the smb passwd entry for this user */ pdb_init_sam(&sam_pass); + if(local_flags & LOCAL_DELETE_USER) { + if (!pdb_delete_sam_account(user_name)) { + slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); + pdb_free_sam(sam_pass); + return False; + } + slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); + pdb_free_sam(sam_pass); + return True; + } if(!pdb_getsampwnam(sam_pass, user_name)) { pdb_free_sam(sam_pass); @@ -905,6 +923,9 @@ account without a valid local system user.\n", user_name); } } + /* Remember to set the "last changed time". */ + pdb_set_pass_last_set_time(sam_pass, time(NULL)); + if (pdb_add_sam_account(sam_pass)) { slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); pdb_free_sam(sam_pass); @@ -936,7 +957,6 @@ account without a valid local system user.\n", user_name); pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED)); } else if (local_flags & LOCAL_SET_NO_PASSWORD) { pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ); - /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ if (!pdb_set_lanman_passwd (sam_pass, NULL)) { pdb_free_sam(sam_pass); @@ -965,26 +985,17 @@ account without a valid local system user.\n", user_name); } } - if(local_flags & LOCAL_DELETE_USER) { - if (!pdb_delete_sam_account(user_name)) { - slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); - pdb_free_sam(sam_pass); - return False; - } - slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); - } else { - if(!pdb_update_sam_account(sam_pass, True)) { - slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); - pdb_free_sam(sam_pass); - return False; - } - if(local_flags & LOCAL_DISABLE_USER) - slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); - else if (local_flags & LOCAL_ENABLE_USER) - slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); - else if (local_flags & LOCAL_SET_NO_PASSWORD) - slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); + if(!pdb_update_sam_account(sam_pass, True)) { + slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); + pdb_free_sam(sam_pass); + return False; } + if(local_flags & LOCAL_DISABLE_USER) + slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); + else if (local_flags & LOCAL_ENABLE_USER) + slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); + else if (local_flags & LOCAL_SET_NO_PASSWORD) + slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); pdb_free_sam(sam_pass); return True; @@ -1314,7 +1325,7 @@ BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len) return True; } -BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours) +BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours) { if (!sampass) return False; @@ -1323,12 +1334,24 @@ BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours) return True; } +BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag) +{ + if (!sampass) + return False; + + sampass->init_flag |= flag; + + return True; +} + BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid) { if (!sampass) return False; sampass->uid = uid; + sampass->init_flag |= FLAG_SAM_UID; + return True; } @@ -1337,7 +1360,9 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid) if (!sampass) return False; - sampass->gid = gid; + sampass->gid = gid; + sampass->init_flag |= FLAG_SAM_GID; + return True; } @@ -1371,7 +1396,7 @@ BOOL pdb_set_username(SAM_ACCOUNT *sampass, char *username) if (!username) return False; - StrnCpy (sampass->username, username, strlen(username)); + StrnCpy (sampass->username, username, sizeof(sampass->username)-1); return True; } @@ -1388,7 +1413,7 @@ BOOL pdb_set_domain(SAM_ACCOUNT *sampass, char *domain) if (!domain) return False; - StrnCpy (sampass->domain, domain, strlen(domain)); + StrnCpy (sampass->domain, domain, sizeof(sampass->domain)-1); return True; } @@ -1405,7 +1430,7 @@ BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, char *nt_username) if (!nt_username) return False; - StrnCpy (sampass->nt_username, nt_username, strlen(nt_username)); + StrnCpy (sampass->nt_username, nt_username, sizeof(sampass->nt_username) -1); return True; } @@ -1422,7 +1447,7 @@ BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, char *fullname) if (!fullname) return False; - StrnCpy (sampass->full_name, fullname, strlen(fullname)); + StrnCpy (sampass->full_name, fullname, sizeof(sampass->full_name)-1); return True; } @@ -1431,7 +1456,7 @@ BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, char *fullname) Set the user's logon script. ********************************************************************/ -BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script) +BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script, BOOL store) { if (!sampass) return False; @@ -1439,7 +1464,10 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script) if (!logon_script) return False; - StrnCpy (sampass->logon_script, logon_script, strlen(logon_script)); + StrnCpy (sampass->logon_script, logon_script, sizeof(sampass->logon_script)-1); + + if (store) + pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT); return True; } @@ -1448,7 +1476,7 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script) Set the user's profile path. ********************************************************************/ -BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path) +BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path, BOOL store) { if (!sampass) return False; @@ -1456,7 +1484,10 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path) if (!profile_path) return False; - StrnCpy (sampass->profile_path, profile_path, strlen(profile_path)); + StrnCpy (sampass->profile_path, profile_path, sizeof(sampass->profile_path)-1); + + if (store) + pdb_set_init_flag(sampass, FLAG_SAM_PROFILE); return True; } @@ -1465,7 +1496,7 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path) Set the user's directory drive. ********************************************************************/ -BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive) +BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive, BOOL store) { if (!sampass) return False; @@ -1473,7 +1504,10 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive) if (!dir_drive) return False; - StrnCpy (sampass->dir_drive, dir_drive, strlen(dir_drive)); + StrnCpy (sampass->dir_drive, dir_drive, sizeof(sampass->dir_drive)-1); + + if (store) + pdb_set_init_flag(sampass, FLAG_SAM_DRIVE); return True; } @@ -1482,7 +1516,7 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive) Set the user's home directory. ********************************************************************/ -BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir) +BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir, BOOL store) { if (!sampass) return False; @@ -1490,7 +1524,10 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir) if (!homedir) return False; - StrnCpy (sampass->home_dir, homedir, strlen(homedir)); + StrnCpy (sampass->home_dir, homedir, sizeof(sampass->home_dir)-1); + + if (store) + pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME); return True; } @@ -1507,7 +1544,7 @@ BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, char *acct_desc) if (!acct_desc) return False; - StrnCpy (sampass->acct_desc, acct_desc, strlen(acct_desc)); + StrnCpy (sampass->acct_desc, acct_desc, sizeof(sampass->acct_desc)-1); return True; } @@ -1524,7 +1561,7 @@ BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, char *workstations) if (!workstations) return False; - StrnCpy (sampass->workstations, workstations, strlen(workstations)); + StrnCpy (sampass->workstations, workstations, sizeof(sampass->workstations)-1); return True; } @@ -1541,7 +1578,7 @@ BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, char *munged_dial) if (!munged_dial) return False; - StrnCpy (sampass->munged_dial, munged_dial, strlen(munged_dial)); + StrnCpy (sampass->munged_dial, munged_dial, sizeof(sampass->munged_dial)-1); return True; } @@ -1555,6 +1592,9 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd) if (!sampass) return False; + /* Remember to set the "last changed time". */ + pdb_set_pass_last_set_time(sampass, time(NULL)); + if (!pwd) { /* Allow setting to NULL */ SAFE_FREE(sampass->nt_pw); @@ -1583,6 +1623,9 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, uint8 *pwd) if (!sampass) return False; + /* Remember to set the "last changed time". */ + pdb_set_pass_last_set_time(sampass, time(NULL)); + if (!pwd) { /* Allow setting to NULL */ SAFE_FREE(sampass->lm_pw); @@ -1666,3 +1709,34 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours) return True; } + +/*************************************************************************** + Search by uid. Wrapper around pdb_getsampwnam() + **************************************************************************/ + +BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid) +{ + struct passwd *pw; + fstring name; + + if (user==NULL) { + DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n")); + return False; + } + + /* + * Never trust the uid in the passdb. Lookup the username first + * and then lokup the user by name in the sam. + */ + + if ((pw=sys_getpwuid(uid)) == NULL) { + DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid)); + return False; + } + + fstrcpy (name, pw->pw_name); + + return pdb_getsampwnam (user, name); + +} + diff --git a/source/passdb/passgrp.c b/source/passdb/passgrp.c index 399a45d8a9a..fe5b181e33c 100644 --- a/source/passdb/passgrp.c +++ b/source/passdb/passgrp.c @@ -22,8 +22,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - /* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 1a1dc0915ea..3b7b8123eb6 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -2,6 +2,7 @@ Unix SMB/Netbios implementation. Version 2.9. LDAP protocol helper functions for SAMBA + Copyright (C) Gerald Carter 2001 Copyright (C) Shahms King 2001 Copyright (C) Jean François Micouleau 1998 @@ -51,10 +52,7 @@ #define SAM_ACCOUNT struct sam_passwd #endif -extern int DEBUGLEVEL; - -struct ldap_enum_info -{ +struct ldap_enum_info { LDAP *ldap_struct; LDAPMessage *result; LDAPMessage *entry; @@ -63,16 +61,24 @@ struct ldap_enum_info static struct ldap_enum_info global_ldap_ent; +extern pstring samlogon_user; +extern BOOL sam_logon_in_ssb; + + /******************************************************************* open a connection to the ldap server. ******************************************************************/ -static BOOL -ldap_open_connection (LDAP ** ldap_struct) +static BOOL ldap_open_connection (LDAP ** ldap_struct) { int port; int version, rc; int tls = LDAP_OPT_X_TLS_HARD; + if (geteuid() != 0) { + DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n")); + return False; + } + if (lp_ldap_ssl() == LDAP_SSL_ON && lp_ldap_port() == 389) { port = 636; } @@ -82,7 +88,7 @@ ldap_open_connection (LDAP ** ldap_struct) if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL) { DEBUG(0, ("The LDAP server is not responding !\n")); - return (False); + return False; } /* Connect to older servers using SSL and V2 rather than Start TLS */ @@ -110,25 +116,31 @@ ldap_open_connection (LDAP ** ldap_struct) } if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) { - DEBUG(0, - ("Failed to issue the StartTLS instruction: %s\n", + DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", ldap_err2string(rc))); return False; } DEBUG (2, ("StartTLS issued: using a TLS connection\n")); break; + case LDAP_SSL_ON: if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { DEBUG(0, ("Failed to setup a TLS session\n")); } break; + case LDAP_SSL_OFF: default: + /* + * No special needs to setup options prior to the LDAP + * bind (which should be called next via ldap_connect_system() + */ + break; } DEBUG(2, ("ldap_open_connection: connection opened\n")); - return (True); + return True; } /******************************************************************* @@ -150,15 +162,19 @@ static BOOL ldap_connect_system(LDAP * ldap_struct) /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite (OpenLDAP) doesnt' seem to support it */ + + DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n", + lp_ldap_admin_dn())); + if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(), ldap_secret)) != LDAP_SUCCESS) { DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc))); - return (False); + return False; } DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); - return (True); + return True; } /******************************************************************* @@ -171,8 +187,7 @@ static int ldap_search_one_user (LDAP * ldap_struct, const char *filter, LDAPMes DEBUG(2, ("ldap_search_one_user: searching for:[%s]\n", filter)); - rc = ldap_search_s (ldap_struct, lp_ldap_suffix (), scope, - filter, NULL, 0, result); + rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result); if (rc != LDAP_SUCCESS) { DEBUG(0,("ldap_search_one_user: Problem during the LDAP search: %s\n", @@ -180,7 +195,8 @@ static int ldap_search_one_user (LDAP * ldap_struct, const char *filter, LDAPMes DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n", lp_ldap_suffix(), filter)); } - return (rc); + + return rc; } /******************************************************************* @@ -192,13 +208,14 @@ static int ldap_search_one_user_by_name (LDAP * ldap_struct, const char *user, pstring filter; /* - in the filter expression, replace %u with the real name - so in ldap filter, %u MUST exist :-) + * in the filter expression, replace %u with the real name + * so in ldap filter, %u MUST exist :-) */ pstrcpy(filter, lp_ldap_filter()); - /* have to use this here because $ is filtered out - * in pstring_sub + /* + * have to use this here because $ is filtered out + * in pstring_sub */ all_string_sub(filter, "%u", user, sizeof(pstring)); @@ -215,8 +232,14 @@ static int ldap_search_one_user_by_uid(LDAP * ldap_struct, int uid, pstring filter; /* Get the username from the system and look that up in the LDAP */ - user = sys_getpwuid(uid); + + if ((user = sys_getpwuid(uid)) == NULL) { + DEBUG(3,("ldap_search_one_user_by_uid: Failed to locate uid [%d]\n", uid)); + return LDAP_NO_SUCH_OBJECT; + } + pstrcpy(filter, lp_ldap_filter()); + all_string_sub(filter, "%u", user->pw_name, sizeof(pstring)); return ldap_search_one_user(ldap_struct, filter, result); @@ -232,6 +255,7 @@ static int ldap_search_one_user_by_rid (LDAP * ldap_struct, uint32 rid, int rc; /* check if the user rid exsists, if not, try searching on the uid */ + snprintf(filter, sizeof(filter) - 1, "rid=%i", rid); rc = ldap_search_one_user(ldap_struct, filter, result); @@ -245,20 +269,23 @@ static int ldap_search_one_user_by_rid (LDAP * ldap_struct, uint32 rid, /******************************************************************* search an attribute and return the first value found. ******************************************************************/ -static void get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, +static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, char *attribute, char *value) { - char **valeurs; + char **values; - if ((valeurs = ldap_get_values (ldap_struct, entry, attribute)) != NULL) { - pstrcpy(value, valeurs[0]); - ldap_value_free(valeurs); - DEBUG (2, ("get_single_attribute: [%s] = [%s]\n", attribute, value)); - } - else { + if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { value = NULL; - DEBUG (2, ("get_single_attribute: [%s] = [NULL]\n", attribute)); + DEBUG (2, ("get_single_attribute: [%s] = []\n", attribute)); + + return False; } + + pstrcpy(value, values[0]); + ldap_value_free(values); + DEBUG (2, ("get_single_attribute: [%s] = [%s]\n", attribute, value)); + + return True; } /************************************************************************ @@ -298,7 +325,7 @@ static void make_a_mod (LDAPMod *** modlist, int modop, char *attribute, char *v if (mods[i] == NULL) { - mods = (LDAPMod **) realloc (mods, (i + 2) * sizeof (LDAPMod *)); + mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); if (mods == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); @@ -322,7 +349,7 @@ static void make_a_mod (LDAPMod *** modlist, int modop, char *attribute, char *v if (mods[i]->mod_values != NULL) { for (; mods[i]->mod_values[j] != NULL; j++); } - mods[i]->mod_values = (char **)realloc(mods[i]->mod_values, + mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, (j + 2) * sizeof (char *)); if (mods[i]->mod_values == NULL) { @@ -344,123 +371,152 @@ Initialize SAM_ACCOUNT from an LDAP query static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass, LDAP * ldap_struct, LDAPMessage * entry) { - time_t logon_time, + time_t logon_time, logoff_time, kickoff_time, pass_last_set_time, pass_can_change_time, pass_must_change_time; - static pstring username; - static pstring domain; - static pstring nt_username; - static pstring fullname; - static pstring homedir; - static pstring dir_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring munged_dial; - static pstring workstations; - struct passwd *sys_user; - uint32 user_rid, group_rid; - static uint8 smblmpwd[16]; - static uint8 smbntpwd[16]; - uint16 acct_ctrl, logon_divs; - uint32 hours_len; - uint8 *hours; - pstring temp; + pstring username, + domain, + nt_username, + fullname, + homedir, + dir_drive, + logon_script, + profile_path, + acct_desc, + munged_dial, + workstations; + struct passwd *sys_user; + uint32 user_rid, + group_rid; + uint8 smblmpwd[16], + smbntpwd[16]; + uint16 acct_ctrl, + logon_divs; + uint32 hours_len; + uint8 hours[MAX_HOURS_LEN]; + pstring temp; + gid_t gid = getegid(); + + + /* + * do a little initialization + */ + username[0] = '\0'; + domain[0] = '\0'; + nt_username[0] = '\0'; + fullname[0] = '\0'; + homedir[0] = '\0'; + dir_drive[0] = '\0'; + logon_script[0] = '\0'; + profile_path[0] = '\0'; + acct_desc[0] = '\0'; + munged_dial[0] = '\0'; + workstations[0] = '\0'; + get_single_attribute(ldap_struct, entry, "uid", username); DEBUG(2, ("Entry found for user: %s\n", username)); - + + pstrcpy(samlogon_user, username); + pstrcpy(nt_username, username); - get_single_attribute(ldap_struct, entry, "sambaDomain", domain); - if (!domain) - pstrcpy(domain, lp_workgroup()); + pstrcpy(domain, lp_workgroup()); get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); - pass_last_set_time = (time_t) strtol(temp, NULL, 16); + pass_last_set_time = (time_t) atol(temp); get_single_attribute(ldap_struct, entry, "logonTime", temp); - logon_time = (time_t) strtol(temp, NULL, 16); + logon_time = (time_t) atol(temp); get_single_attribute(ldap_struct, entry, "logoffTime", temp); - logoff_time = (time_t) strtol(temp, NULL, 16); + logoff_time = (time_t) atol(temp); get_single_attribute(ldap_struct, entry, "kickoffTime", temp); - kickoff_time = (time_t) strtol(temp, NULL, 16); + kickoff_time = (time_t) atol(temp); get_single_attribute(ldap_struct, entry, "pwdCanChange", temp); - pass_can_change_time = (time_t) strtol(temp, NULL, 16); + pass_can_change_time = (time_t) atol(temp); get_single_attribute(ldap_struct, entry, "pwdMustChange", temp); - pass_must_change_time = (time_t) strtol(temp, NULL, 16); + pass_must_change_time = (time_t) atol(temp); /* recommend that 'gecos' and 'displayName' should refer to the same - * attribute OID. userFullName depreciated, only used by Samba - * primary rules of LDAP: don't make a new attribute when one is already defined - * that fits your needs; using gecos then displayName then cn rather than 'userFullName' + * attribute OID. userFullName depreciated, only used by Samba + * primary rules of LDAP: don't make a new attribute when one is already defined + * that fits your needs; using cn then displayName rather than 'userFullName' */ + + sam_logon_in_ssb = True; - get_single_attribute(ldap_struct, entry, "gecos", fullname); - - if (!fullname) { + if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) { get_single_attribute(ldap_struct, entry, "displayName", fullname); - get_single_attribute(ldap_struct, entry, "cn", fullname); } - get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive); - DEBUG(5,("homeDrive is set to %s\n",dir_drive)); - if (!*dir_drive) { + + if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) { pstrcpy(dir_drive, lp_logon_drive()); + standard_sub_advanced(-1, username, "", gid, dir_drive); DEBUG(5,("homeDrive fell back to %s\n",dir_drive)); + pdb_set_dir_drive(sampass, dir_drive, False); } + else + pdb_set_dir_drive(sampass, dir_drive, True); - get_single_attribute(ldap_struct, entry, "smbHome", homedir); - DEBUG(5,("smbHome is set to %s\n",homedir)); - if (!*homedir) { + if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) { pstrcpy(homedir, lp_logon_home()); + standard_sub_advanced(-1, username, "", gid, homedir); DEBUG(5,("smbHome fell back to %s\n",homedir)); + pdb_set_homedir(sampass, homedir, False); } + else + pdb_set_homedir(sampass, homedir, True); - get_single_attribute(ldap_struct, entry, "scriptPath", logon_script); - DEBUG(5,("scriptPath is set to %s\n",logon_script)); - if (!*logon_script) { + if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) { pstrcpy(logon_script, lp_logon_script()); + standard_sub_advanced(-1, username, "", gid, logon_script); DEBUG(5,("scriptPath fell back to %s\n",logon_script)); + pdb_set_logon_script(sampass, logon_script, False); } + else + pdb_set_logon_script(sampass, logon_script, True); - get_single_attribute(ldap_struct, entry, "profilePath", profile_path); - DEBUG(5,("profilePath is set to %s\n",profile_path)); - if (!*profile_path) { + if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) { pstrcpy(profile_path, lp_logon_path()); + standard_sub_advanced(-1, username, "", gid, profile_path); DEBUG(5,("profilePath fell back to %s\n",profile_path)); + pdb_set_profile_path(sampass, profile_path, False); } + else + pdb_set_profile_path(sampass, profile_path, True); + + sam_logon_in_ssb = False; get_single_attribute(ldap_struct, entry, "description", acct_desc); get_single_attribute(ldap_struct, entry, "userWorkstations", workstations); get_single_attribute(ldap_struct, entry, "rid", temp); - user_rid = (uint32)strtol(temp, NULL, 16); + user_rid = (uint32)atol(temp); get_single_attribute(ldap_struct, entry, "primaryGroupID", temp); - group_rid = (uint32)strtol(temp, NULL, 16); + group_rid = (uint32)atol(temp); /* These values MAY be in LDAP, but they can also be retrieved through - * sys_getpw*() which is how we're doing it (if you use nss_ldap, then - * these values will be stored in LDAP as well, but if not, we want the - * local values to override the LDAP for this anyway - * homeDirectory attribute + * sys_getpw*() which is how we're doing it */ sys_user = sys_getpwnam(username); - if (sys_user == NULL) + if (sys_user == NULL) { + DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); return False; + } /* FIXME: hours stuff should be cleaner */ + logon_divs = 168; hours_len = 21; - hours = malloc(sizeof(hours) * hours_len); memset(hours, 0xff, hours_len); get_single_attribute (ldap_struct, entry, "lmPassword", temp); @@ -485,7 +541,7 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass, pdb_set_pass_last_set_time(sampass, pass_last_set_time); pdb_set_hours_len(sampass, hours_len); - pdb_set_logons_divs(sampass, logon_divs); + pdb_set_logon_divs(sampass, logon_divs); pdb_set_uid(sampass, sys_user->pw_uid); pdb_set_gid(sampass, sys_user->pw_gid); @@ -499,13 +555,10 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass, pdb_set_fullname(sampass, fullname); - pdb_set_logon_script(sampass, logon_script); - pdb_set_profile_path(sampass, profile_path); - pdb_set_dir_drive(sampass, dir_drive); - pdb_set_homedir(sampass, homedir); pdb_set_acct_desc(sampass, acct_desc); pdb_set_workstations(sampass, workstations); pdb_set_munged_dial(sampass, munged_dial); + if (!pdb_set_nt_passwd(sampass, smbntpwd)) return False; if (!pdb_set_lanman_passwd(sampass, smblmpwd)) @@ -527,6 +580,7 @@ Initialize SAM_ACCOUNT from an LDAP query static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, SAM_ACCOUNT * sampass) { pstring temp; + uint32 i; *mods = NULL; @@ -539,12 +593,6 @@ static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, SAM_ACCOUNT * make_a_mod(mods, ldap_state, "uid", pdb_get_username(sampass)); DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass))); - /* not sure about using this for the nt_username */ - make_a_mod(mods, ldap_state, "sambaDomain", pdb_get_domain(sampass)); - - slprintf(temp, sizeof(temp) - 1, "%i", pdb_get_uid(sampass)); - make_a_mod(mods, ldap_state, "uidNumber", temp); - slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass)); make_a_mod(mods, ldap_state, "pwdLastSet", temp); @@ -564,32 +612,52 @@ static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, SAM_ACCOUNT * make_a_mod(mods, ldap_state, "pwdMustChange", temp); /* displayName, cn, and gecos should all be the same - * most easily accomplished by giving them the same OID - * gecos isn't set here b/c it should be handled by the - * add-user script + * most easily accomplished by giving them the same OID + * gecos isn't set here b/c it should be handled by the + * add-user script */ make_a_mod(mods, ldap_state, "displayName", pdb_get_fullname(sampass)); make_a_mod(mods, ldap_state, "cn", pdb_get_fullname(sampass)); - - make_a_mod(mods, ldap_state, "smbHome", pdb_get_homedir(sampass)); - make_a_mod(mods, ldap_state, "homeDrive", pdb_get_dirdrive(sampass)); - make_a_mod(mods, ldap_state, "scriptPath", pdb_get_logon_script(sampass)); - make_a_mod(mods, ldap_state, "profilePath", pdb_get_profile_path(sampass)); make_a_mod(mods, ldap_state, "description", pdb_get_acct_desc(sampass)); make_a_mod(mods, ldap_state, "userWorkstations", pdb_get_workstations(sampass)); - slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid); + /* + * Only updates fields which have been set (not defaults from smb.conf) + */ + + if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME)) + make_a_mod(mods, ldap_state, "smbHome", pdb_get_homedir(sampass)); + + if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE)) + make_a_mod(mods, ldap_state, "homeDrive", pdb_get_dirdrive(sampass)); + + if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT)) + make_a_mod(mods, ldap_state, "scriptPath", pdb_get_logon_script(sampass)); + + if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE)) + make_a_mod(mods, ldap_state, "profilePath", pdb_get_profile_path(sampass)); + + + if ( !pdb_get_user_rid(sampass)) + slprintf(temp, sizeof(temp) - 1, "%i", pdb_uid_to_user_rid(pdb_get_uid(sampass))); + else + slprintf(temp, sizeof(temp) - 1, "%i", pdb_get_user_rid(sampass)); make_a_mod(mods, ldap_state, "rid", temp); - slprintf(temp, sizeof(temp) - 1, "%i", sampass->group_rid); + if ( !pdb_get_group_rid(sampass)) + slprintf(temp, sizeof(temp) - 1, "%i", pdb_gid_to_group_rid(pdb_get_gid(sampass))); + else + slprintf(temp, sizeof(temp) - 1, "%i", pdb_get_group_rid(sampass)); make_a_mod(mods, ldap_state, "primaryGroupID", temp); /* FIXME: Hours stuff goes in LDAP */ pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass)); make_a_mod (mods, ldap_state, "lmPassword", temp); + pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass)); make_a_mod (mods, ldap_state, "ntPassword", temp); + make_a_mod (mods, ldap_state, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN)); @@ -691,16 +759,18 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, char *sname) ldap_unbind(ldap_struct); return False; } - if (ldap_search_one_user_by_name(ldap_struct, sname, &result) != - LDAP_SUCCESS) + if (ldap_search_one_user_by_name(ldap_struct, sname, &result) != LDAP_SUCCESS) { ldap_unbind(ldap_struct); return False; } if (ldap_count_entries(ldap_struct, result) < 1) { - DEBUG(0, - ("We don't find this user [%s] count=%d\n", sname, + pstring filter; + + pstrcpy(filter, lp_ldap_filter()); + standard_sub_advanced(-1, sname, "", -1, filter); + DEBUG(0,("LDAP search \"%s\" returned %d entries.\n", filter, ldap_count_entries(ldap_struct, result))); ldap_unbind(ldap_struct); return False; @@ -770,58 +840,10 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) } } -/********************************************************************** - Get SAM_ACCOUNT entry from LDAP by uid -*********************************************************************/ -BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid) -{ - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMessage *entry; - - if (!ldap_open_connection(&ldap_struct)) - return False; - - if (!ldap_connect_system(ldap_struct)) - { - ldap_unbind(ldap_struct); - return False; - } - if (ldap_search_one_user_by_uid(ldap_struct, uid, &result) != - LDAP_SUCCESS) - { - ldap_unbind(ldap_struct); - return False; - } - - if (ldap_count_entries(ldap_struct, result) < 1) - { - DEBUG(0, - ("We don't find this uid [%i] count=%d\n", uid, - ldap_count_entries(ldap_struct, result))); - ldap_unbind(ldap_struct); - return False; - } - entry = ldap_first_entry(ldap_struct, result); - if (entry) - { - init_sam_from_ldap(user, ldap_struct, entry); - ldap_msgfree(result); - ldap_unbind(ldap_struct); - return True; - } - else - { - ldap_msgfree(result); - ldap_unbind(ldap_struct); - return False; - } -} - - /********************************************************************** Delete entry from LDAP for username *********************************************************************/ + BOOL pdb_delete_sam_account(char *sname) { int rc; @@ -830,6 +852,7 @@ BOOL pdb_delete_sam_account(char *sname) LDAPMessage *entry; LDAPMessage *result; + /* Ensure we have euid as root - else deny this. */ if (!ldap_open_connection (&ldap_struct)) return False; @@ -873,6 +896,7 @@ BOOL pdb_delete_sam_account(char *sname) /********************************************************************** Update SAM_ACCOUNT *********************************************************************/ + BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) { int rc; @@ -885,8 +909,7 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */ return False; - if (!ldap_connect_system(ldap_struct)) /* connect as system account */ - { + if (!ldap_connect_system(ldap_struct)) /* connect as system account */ { ldap_unbind(ldap_struct); return False; } @@ -894,8 +917,7 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) rc = ldap_search_one_user_by_name(ldap_struct, pdb_get_username(newpwd), &result); - if (ldap_count_entries(ldap_struct, result) == 0) - { + if (ldap_count_entries(ldap_struct, result) == 0) { DEBUG(0, ("No user to modify!\n")); ldap_msgfree(result); ldap_unbind(ldap_struct); @@ -909,8 +931,7 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) rc = ldap_modify_s(ldap_struct, dn, mods); - if (rc != LDAP_SUCCESS) - { + if (rc != LDAP_SUCCESS) { char *ld_error; ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -923,8 +944,7 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) return False; } - DEBUG(2, - ("successfully modified uid = %s in the LDAP database\n", + DEBUG(2, ("successfully modified uid = %s in the LDAP database\n", pdb_get_username(newpwd))); ldap_mods_free(mods, 1); ldap_unbind(ldap_struct); @@ -934,41 +954,29 @@ BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override) /********************************************************************** Add SAM_ACCOUNT to LDAP *********************************************************************/ + BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd) { - int rc; - pstring filter; - LDAP *ldap_struct; - LDAPMessage *result; - pstring dn; - LDAPMod **mods; - int ldap_op = LDAP_MOD_ADD; + int rc; + pstring filter; + LDAP *ldap_struct; + LDAPMessage *result; + pstring dn; + LDAPMod **mods; + int ldap_op; + uint32 num_result; if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */ - { return False; - } - if (!ldap_connect_system(ldap_struct)) /* connect as system account */ - { + if (!ldap_connect_system(ldap_struct)) /* connect as system account */ { ldap_unbind(ldap_struct); return False; } - if (pdb_get_username(newpwd) != NULL) { - slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", - pdb_get_username(newpwd), lp_ldap_suffix ()); - } - else - { - return False; - } - - rc = ldap_search_one_user_by_name (ldap_struct, pdb_get_username(newpwd), &result); - if (ldap_count_entries(ldap_struct, result) != 0) - { + if (ldap_count_entries(ldap_struct, result) != 0) { DEBUG(0,("User already in the base, with samba properties\n")); ldap_msgfree(result); ldap_unbind(ldap_struct); @@ -978,21 +986,29 @@ BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd) slprintf (filter, sizeof (filter) - 1, "uid=%s", pdb_get_username(newpwd)); rc = ldap_search_one_user(ldap_struct, filter, &result); - if (ldap_count_entries(ldap_struct, result) == 1) - { + num_result = ldap_count_entries(ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than one user with that uid exists: bailing out!\n")); + return False; + } + + /* Check if we need to update an existing entry */ + if (num_result == 1) { char *tmp; LDAPMessage *entry; + DEBUG(3,("User exists without samba properties: adding them\n")); ldap_op = LDAP_MOD_REPLACE; entry = ldap_first_entry (ldap_struct, result); tmp = ldap_get_dn (ldap_struct, entry); slprintf (dn, sizeof (dn) - 1, "%s", tmp); ldap_memfree (tmp); - } - else - { - DEBUG (3, ("More than one user with that uid exists: bailing out!\n")); - return False; + } else { + /* Check if we need to add an entry */ + DEBUG(3,("Adding new user\n")); + ldap_op = LDAP_MOD_ADD; + slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", pdb_get_username(newpwd), lp_ldap_suffix ()); } ldap_msgfree(result); @@ -1002,13 +1018,11 @@ BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd) if (ldap_op == LDAP_MOD_REPLACE) { rc = ldap_modify_s(ldap_struct, dn, mods); - } - else { + } else { rc = ldap_add_s(ldap_struct, dn, mods); } - if (rc != LDAP_SUCCESS) - { + if (rc != LDAP_SUCCESS) { char *ld_error; ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); diff --git a/source/passdb/pdb_nisplus.c b/source/passdb/pdb_nisplus.c index 990dcfbe9e0..3648fb0341a 100644 --- a/source/passdb/pdb_nisplus.c +++ b/source/passdb/pdb_nisplus.c @@ -325,27 +325,40 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, nis_object *obj) pstrcpy(samlogon_user, pdb_get_username(pw_buf)); get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); - if( !(home_dir && *home_dir) ) + if( !(home_dir && *home_dir) ) { pstrcpy(home_dir, lp_logon_home()); - pdb_set_homedir(pw_buf, home_dir); + pdb_set_homedir(pw_buf, home_dir, False); + } + else + pdb_set_homedir(pw_buf, home_dir, True); get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring)); - if( !(home_drive && *home_drive) ) + if( !(home_drive && *home_drive) ) { pstrcpy(home_drive, lp_logon_drive()); - pdb_set_dir_drive(pw_buf, home_drive); + pdb_set_dir_drive(pw_buf, home_drive, False); + } + else + pdb_set_dir_drive(pw_buf, home_drive, True); get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, sizeof(pstring)); - if( !(logon_script && *logon_script) ) - pstrcpy(logon_script, lp_logon_script()); - pdb_set_logon_script(pw_buf, logon_script); + if( !(logon_script && *logon_script) ) { + pstrcpy(logon_script, lp_logon_script(), False); + } + else + pdb_set_logon_script(pw_buf, logon_script, True); - get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, - sizeof(pstring)); - if( !(profile_path && *profile_path) ) + get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring)); + if( !(profile_path && *profile_path) ) { pstrcpy(profile_path, lp_logon_path()); - pdb_set_profile_path(pw_buf, profile_path); - } else { + pdb_set_profile_path(pw_buf, profile_path, False); + } + else + pdb_set_profile_path(pw_buf, profile_path, True); + + } + else + { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); } @@ -375,7 +388,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, nis_object *obj) if (!(pdb_get_acct_ctrl(pw_buf) & ACB_PWNOTREQ) && strncasecmp(ptr, "NO PASSWORD", 11)) { if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbntpwd)) { - DEBUG(0, ("malformed NT pwd entry: + DEBUG(0, ("malformed NT pwd entry:\ uid = %d.\n", pdb_get_uid(pw_buf))); return False; @@ -385,7 +398,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, nis_object *obj) } pdb_set_unknown_3(pw_buf, 0xffffff); /* don't know */ - pdb_set_logons_divs(pw_buf, 168); /* hours per week */ + pdb_set_logon_divs(pw_buf, 168); /* hours per week */ if( (hours_len = ENTRY_LEN(obj, NPF_HOURS)) == 21 ) { memcpy(hours, ENTRY_VAL(obj, NPF_HOURS), hours_len); @@ -1014,46 +1027,6 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) return ret; } -/************************************************************************* - Routine to search the nisplus passwd file for an entry matching the username - *************************************************************************/ -BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid) -{ - nis_result *result; - char *nisname; - BOOL ret; - char *sp, *p = lp_smb_passwd_file(); - pstring pfiletmp; - - if (!*p) - { - DEBUG(0, ("no SMB password file set\n")); - return False; - } - - if( (sp = strrchr( p, '/' )) ) - safe_strcpy(pfiletmp, sp+1, sizeof(pfiletmp)-1); - else - safe_strcpy(pfiletmp, p, sizeof(pfiletmp)-1); - safe_strcat(pfiletmp, ".org_dir", sizeof(pfiletmp)-strlen(pfiletmp)-1); - - nisname = make_nisname_from_uid(uid, pfiletmp); - - DEBUG(10, ("search by uid: %s\n", nisname)); - - /* Search the table. */ - - if(!(result = nisp_get_nis_list(nisname, 0))) - { - return False; - } - - ret = make_sam_from_nisresult(user, result); - nis_freeresult(result); - - return ret; -} - /************************************************************************* Routine to remove entry from the nisplus smbpasswd table *************************************************************************/ diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c index d29a4bfcaf0..6f75f879667 100644 --- a/source/passdb/pdb_smbpasswd.c +++ b/source/passdb/pdb_smbpasswd.c @@ -44,7 +44,6 @@ struct smb_passwd }; -extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; extern struct passdb_ops pdb_ops; @@ -168,7 +167,7 @@ static void *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); if((fp = sys_fopen(pfile, open_mode)) == NULL) { - DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); + DEBUG(2, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) )); return NULL; } @@ -1089,7 +1088,7 @@ static BOOL del_smbfilepwd_entry(const char *name) size_t new_entry_length; if (strequal(name, pwd->smb_name)) { - DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name)); + DEBUG(10, ("del_smbfilepwd_entry: found entry with name %s - deleting it.\n", name)); continue; } @@ -1221,7 +1220,7 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf) pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time); pdb_set_domain (sam_pass, lp_workgroup()); - pdb_set_dir_drive (sam_pass, lp_logon_drive()); + pdb_set_dir_drive (sam_pass, lp_logon_drive(), False); /* FIXME!! What should this be set to? New smb.conf parameter maybe? max password age? For now, we'll use the current time + 21 days. @@ -1238,15 +1237,15 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf) pstrcpy(str, lp_logon_script()); standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); - pdb_set_logon_script(sam_pass, str); + pdb_set_logon_script(sam_pass, str, False); pstrcpy(str, lp_logon_path()); standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); - pdb_set_profile_path(sam_pass, str); + pdb_set_profile_path(sam_pass, str, False); pstrcpy(str, lp_logon_home()); standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str); - pdb_set_homedir(sam_pass, str); + pdb_set_homedir(sam_pass, str, False); sam_logon_in_ssb = False; } else { @@ -1403,48 +1402,6 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, char *username) } -BOOL pdb_getsampwuid (SAM_ACCOUNT *sam_acct, uid_t uid) -{ - struct smb_passwd *smb_pw; - void *fp = NULL; - - DEBUG(10, ("pdb_getsampwuid: search by uid: %d\n", uid)); - - /* Open the sam password file - not for update. */ - fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth); - - if (fp == NULL) { - DEBUG(0, ("unable to open passdb database.\n")); - return False; - } - - while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) ) - /* do nothing */ ; - - endsmbfilepwent(fp, &pw_file_lock_depth); - - /* did we locate the username in smbpasswd */ - if (smb_pw == NULL) - return False; - - DEBUG(10, ("pdb_getsampwuid: found by name: %s\n", smb_pw->smb_name)); - - if (!sam_acct) { - DEBUG(10,("pdb_getsampwuid:SAM_ACCOUNT is NULL\n")); -#if 0 - smb_panic("NULL pointer passed to pdb_getsampwuid\n"); -#endif - return False; - } - - /* now build the SAM_ACCOUNT */ - if (!build_sam_account(sam_acct, smb_pw)) - return False; - - /* success */ - return True; -} - BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid) { struct smb_passwd *smb_pw; diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index 6ae7f33b0f1..219b0ee7bd6 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -82,7 +82,16 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf, uint32 bufle uint32 len = 0; uint32 lmpwlen, ntpwlen, hourslen; BOOL ret = True; - + BOOL setflag; + struct passwd *pw; + uid_t uid; + gid_t gid; + + if(sampass == NULL || buf == NULL) { + DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n")); + return False; + } + /* unpack the buffer into variables */ len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING, &logon_time, @@ -120,6 +129,22 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf, uint32 bufle goto done; } + /* validate the account and fill in UNIX uid and gid. Standard + * getpwnam() is used instead of Get_Pwnam() as we do not need + * to try case permutations + */ + if (!username || !(pw=getpwnam(username))) { + DEBUG(0,("tdb_sam: getpwnam(%s) return NULL. User does not exist!\n", + username?username:"NULL")); + ret = False; + goto done; + } + + uid = pw->pw_uid; + gid = pw->pw_gid; + pdb_set_uid(sampass, uid); + pdb_set_gid(sampass, gid); + pdb_set_logon_time(sampass, logon_time); pdb_set_logoff_time(sampass, logoff_time); pdb_set_kickoff_time(sampass, kickoff_time); @@ -131,18 +156,55 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf, uint32 bufle pdb_set_domain (sampass, domain_len?domain:NULL); pdb_set_nt_username (sampass, nt_username_len?nt_username:NULL); pdb_set_fullname (sampass, fullname_len?fullname:NULL); - pdb_set_homedir (sampass, homedir_len?homedir:NULL); - pdb_set_dir_drive (sampass, dir_drive_len?dir_drive:NULL); - pdb_set_logon_script (sampass, logon_script_len?logon_script:NULL); - pdb_set_profile_path (sampass, profile_path_len?profile_path:NULL); - pdb_set_acct_desc (sampass, acct_desc_len?acct_desc:NULL); - pdb_set_workstations (sampass, workstations_len?workstations:NULL); - pdb_set_munged_dial (sampass, munged_dial_len?munged_dial:NULL); - if (!pdb_set_lanman_passwd(sampass, lmpwlen?lm_pw_ptr:NULL)) { + + if (homedir) setflag = True; + else { + setflag = False; + homedir = strdup(lp_logon_home()); + if(!homedir) { ret = False; goto done; } + standard_sub_advanced(-1, username, "", gid, homedir); + DEBUG(5,("Home directory set back to %s\n", homedir)); + } + pdb_set_homedir(sampass, homedir, setflag); + + if (dir_drive) setflag = True; + else { + setflag = False; + dir_drive = strdup(lp_logon_drive()); + if(!dir_drive) { ret = False; goto done; } + standard_sub_advanced(-1, username, "", gid, dir_drive); + DEBUG(5,("Home directory set back to %s\n", dir_drive)); + } + pdb_set_dir_drive(sampass, dir_drive, setflag); + + if (logon_script) setflag = True; + else { + setflag = False; + logon_script = strdup(lp_logon_script()); + if(!logon_script) { ret = False; goto done; } + standard_sub_advanced(-1, username, "", gid, logon_script); + DEBUG(5,("Home directory set back to %s\n", logon_script)); + } + pdb_set_logon_script(sampass, logon_script, setflag); + + if (profile_path) setflag = True; + else { + setflag = False; + profile_path = strdup(lp_logon_path()); + if(!profile_path) { ret = False; goto done; } + standard_sub_advanced(-1, username, "", gid, profile_path); + DEBUG(5,("Home directory set back to %s\n", profile_path)); + } + pdb_set_profile_path(sampass, profile_path, setflag); + + pdb_set_acct_desc (sampass, acct_desc); + pdb_set_workstations (sampass, workstations); + pdb_set_munged_dial (sampass, munged_dial); + if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) { ret = False; goto done; } - if (!pdb_set_nt_passwd(sampass, ntpwlen?nt_pw_ptr:NULL)) { + if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) { ret = False; goto done; } @@ -156,7 +218,7 @@ static BOOL init_sam_from_buffer (SAM_ACCOUNT *sampass, uint8 *buf, uint32 bufle pdb_set_unknown_5(sampass, unknown_5); pdb_set_unknown_6(sampass, unknown_6); pdb_set_acct_ctrl(sampass, acct_ctrl); - pdb_set_logons_divs(sampass, logon_divs); + pdb_set_logon_divs(sampass, logon_divs); pdb_set_hours(sampass, hours); done: @@ -209,14 +271,16 @@ static uint32 init_buffer_from_sam (uint8 **buf, SAM_ACCOUNT *sampass) fullname_len, homedir_len, logon_script_len, profile_path_len, acct_desc_len, workstations_len; - uint8 *lm_pw; - uint8 *nt_pw; + const uint8 *lm_pw; + const uint8 *nt_pw; uint32 lm_pw_len = 16; uint32 nt_pw_len = 16; /* do we have a valid SAM_ACCOUNT pointer? */ - if (sampass == NULL) + if (sampass == NULL) { + DEBUG(0, ("init_buffer_from_sam: SAM_ACCOUNT is NULL!\n")); return -1; + } *buf = NULL; buflen = 0; @@ -230,71 +294,65 @@ static uint32 init_buffer_from_sam (uint8 **buf, SAM_ACCOUNT *sampass) username = pdb_get_username(sampass); - if (username) - username_len = strlen(username) +1; - else - username_len = 0; + if (username) username_len = strlen(username) +1; + else username_len = 0; + domain = pdb_get_domain(sampass); - if (domain) - domain_len = strlen(domain) +1; - else - domain_len = 0; + if (domain) domain_len = strlen(domain) +1; + else domain_len = 0; + nt_username = pdb_get_nt_username(sampass); - if (nt_username) - nt_username_len = strlen(nt_username) +1; - else - nt_username_len = 0; - dir_drive = pdb_get_dirdrive(sampass); - if (dir_drive) - dir_drive_len = strlen(dir_drive) +1; - else - dir_drive_len = 0; - unknown_str = NULL; - unknown_str_len = 0; - munged_dial = pdb_get_munged_dial(sampass); - if (munged_dial) - munged_dial_len = strlen(munged_dial) +1; - else - munged_dial_len = 0; - + if (nt_username) nt_username_len = strlen(nt_username) +1; + else nt_username_len = 0; + fullname = pdb_get_fullname(sampass); - if (fullname) - fullname_len = strlen(fullname) +1; - else - fullname_len = 0; - homedir = pdb_get_homedir(sampass); - if (homedir) - homedir_len = strlen(homedir) +1; - else - homedir_len = 0; - logon_script = pdb_get_logon_script(sampass); - if (logon_script) - logon_script_len = strlen(logon_script) +1; - else - logon_script_len = 0; - profile_path = pdb_get_profile_path(sampass); - if (profile_path) - profile_path_len = strlen(profile_path) +1; - else - profile_path_len = 0; - acct_desc = pdb_get_acct_desc(sampass); - if (acct_desc) - acct_desc_len = strlen(acct_desc) +1; - else - acct_desc_len = 0; - workstations = pdb_get_workstations(sampass); - if (workstations) - workstations_len = strlen(workstations) +1; - else - workstations_len = 0; + if (fullname) fullname_len = strlen(fullname) +1; + else fullname_len = 0; + + /* + * Only updates fields which have been set (not defaults from smb.conf) + */ + + if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE)) dir_drive = pdb_get_dirdrive(sampass); + else dir_drive = NULL; + if (dir_drive) dir_drive_len = strlen(dir_drive) +1; + else dir_drive_len = 0; + + if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME)) homedir = pdb_get_homedir(sampass); + else homedir = NULL; + if (homedir) homedir_len = strlen(homedir) +1; + else homedir_len = 0; + + if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass); + else logon_script = NULL; + if (logon_script) logon_script_len = strlen(logon_script) +1; + else logon_script_len = 0; + + if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE)) profile_path = pdb_get_profile_path(sampass); + else profile_path = NULL; + if (profile_path) profile_path_len = strlen(profile_path) +1; + else profile_path_len = 0; lm_pw = pdb_get_lanman_passwd(sampass); - if (!lm_pw) - lm_pw_len = 0; + if (!lm_pw) lm_pw_len = 0; nt_pw = pdb_get_nt_passwd(sampass); - if (!nt_pw) - nt_pw_len = 0; + if (!nt_pw) nt_pw_len = 0; + + acct_desc = pdb_get_acct_desc(sampass); + if (acct_desc) acct_desc_len = strlen(acct_desc) +1; + else acct_desc_len = 0; + + workstations = pdb_get_workstations(sampass); + if (workstations) workstations_len = strlen(workstations) +1; + else workstations_len = 0; + + unknown_str = NULL; + unknown_str_len = 0; + + munged_dial = pdb_get_munged_dial(sampass); + if (munged_dial) munged_dial_len = strlen(munged_dial) +1; + else munged_dial_len = 0; /* one time to get the size needed */ len = tdb_pack(NULL, 0, TDB_FORMAT_STRING, @@ -412,7 +470,7 @@ void pdb_endsampwent(void) global_tdb_ent.passwd_tdb = NULL; } - DEBUG(7, ("endtdbpwent: closed password file.\n")); + DEBUG(7, ("endtdbpwent: closed sam database.\n")); } /***************************************************************** @@ -433,10 +491,10 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user) return False; } - /* skip all RID entries */ - while ((global_tdb_ent.key.dsize != 0) && (strncmp (global_tdb_ent.key.dptr, prefix, prefixlen))) + /* skip all non-USER entries (eg. RIDS) */ + while ((global_tdb_ent.key.dsize != 0) && (strncmp(global_tdb_ent.key.dptr, prefix, prefixlen))) /* increment to next in line */ - global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key); + global_tdb_ent.key = tdb_nextkey(global_tdb_ent.passwd_tdb, global_tdb_ent.key); /* do we have an valid interation pointer? */ if(global_tdb_ent.passwd_tdb == NULL) { @@ -444,43 +502,22 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user) return False; } - data = tdb_fetch (global_tdb_ent.passwd_tdb, global_tdb_ent.key); + data = tdb_fetch(global_tdb_ent.passwd_tdb, global_tdb_ent.key); if (!data.dptr) { DEBUG(5,("pdb_getsampwent: database entry not found.\n")); return False; } /* unpack the buffer */ - if (!init_sam_from_buffer (user, data.dptr, data.dsize)) { + if (!init_sam_from_buffer(user, data.dptr, data.dsize)) { DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n")); SAFE_FREE(data.dptr); return False; } SAFE_FREE(data.dptr); - /* validate the account and fill in UNIX uid and gid. sys_getpwnam() - is used instaed of Get_Pwnam() as we do not need to try case - permutations */ - if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL) { - DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n", - pdb_get_username(user))); - return False; - } - - uid = pw->pw_uid; - gid = pw->pw_gid; - pdb_set_uid (user, uid); - pdb_set_gid (user, gid); - - /* 21 days from present */ - pdb_set_pass_must_change_time(user, time(NULL)+1814400); - - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user)); - /* increment to next in line */ - global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key); + global_tdb_ent.key = tdb_nextkey(global_tdb_ent.passwd_tdb, global_tdb_ent.key); return True; } @@ -511,12 +548,12 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname) strlower(name); get_private_directory(tdbfile); - pstrcat (tdbfile, PASSDB_FILE_NAME); + pstrcat(tdbfile, PASSDB_FILE_NAME); /* set search key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); key.dptr = keystr; - key.dsize = strlen (keystr) + 1; + key.dsize = strlen(keystr) + 1; /* open the accounts TDB */ if (!(pwd_tdb = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600))) { @@ -525,74 +562,29 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname) } /* get the record */ - data = tdb_fetch (pwd_tdb, key); + data = tdb_fetch(pwd_tdb, key); if (!data.dptr) { DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n")); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close (pwd_tdb); + tdb_close(pwd_tdb); return False; } /* unpack the buffer */ - if (!init_sam_from_buffer (user, data.dptr, data.dsize)) { + if (!init_sam_from_buffer(user, data.dptr, data.dsize)) { DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n")); SAFE_FREE(data.dptr); + tdb_close(pwd_tdb); return False; } SAFE_FREE(data.dptr); - - /* validate the account and fill in UNIX uid and gid. sys_getpwnam() - is used instaed of Get_Pwnam() as we do not need to try case - permutations */ - if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL) { - DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n", - pdb_get_username(user))); - return False; - } - - uid = pw->pw_uid; - gid = pw->pw_gid; - pdb_set_uid (user, uid); - pdb_set_gid (user, gid); - - /* 21 days from present */ - pdb_set_pass_must_change_time(user, time(NULL)+1814400); - - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user)); - standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user)); - - /* cleanup */ - tdb_close (pwd_tdb); + /* no further use for database, close it now */ + tdb_close(pwd_tdb); + return True; } -/*************************************************************************** - Search by uid - **************************************************************************/ - -BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid) -{ - struct passwd *pw; - fstring name; - - if (user==NULL) { - DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n")); - return False; - } - - pw = sys_getpwuid(uid); - if (pw == NULL) { - DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist!\n", uid)); - return False; - } - fstrcpy (name, pw->pw_name); - - return pdb_getsampwnam (user, name); - -} - /*************************************************************************** Search by rid **************************************************************************/ @@ -740,7 +732,6 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag) pstring tdbfile; fstring name; BOOL ret = True; - int newtdb = FALSE; get_private_directory(tdbfile); pstrcat (tdbfile, PASSDB_FILE_NAME); @@ -789,7 +780,6 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag) if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { DEBUG(0, ("Unable to modify passwd TDB!")); DEBUGADD(0, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close (pwd_tdb); ret = False; goto done; } diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 856adec244b..ad29bb23b0f 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -110,13 +110,14 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) if (dyn_sid == NULL) return False; - if (size != sizeof(DOM_SID)) { - free(dyn_sid); + if (size != sizeof(DOM_SID)) + { + SAFE_FREE(dyn_sid); return False; } *sid = *dyn_sid; - free(dyn_sid); + SAFE_FREE(dyn_sid); return True; } @@ -153,10 +154,8 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], return False; if (pass_last_set_time) *pass_last_set_time = pass->mod_time; - memcpy(ret_pwd, pass->hash, 16); - free(pass); - + SAFE_FREE(pass); return True; } @@ -199,8 +198,8 @@ void reset_globals_after_fork(void) */ if (tdb) { - uint32 initial_val = sys_getpid(); - tdb_change_int_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1); + int32 initial_val = sys_getpid(); + tdb_change_int32_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1); set_rand_reseed_data((unsigned char *)&initial_val, sizeof(initial_val)); } diff --git a/source/passdb/smbpassfile.c b/source/passdb/smbpassfile.c index e4b11dbf76a..d931478839d 100644 --- a/source/passdb/smbpassfile.c +++ b/source/passdb/smbpassfile.c @@ -27,7 +27,6 @@ #include "includes.h" -extern int DEBUGLEVEL; extern pstring global_myname; -- cgit