search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
change a debug level
[Samba.git] / source / passdb / smbpass.c
blob441ab94ffbbdae55cc18381ab2436434eef35ba6
1 /*
2 * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
3 * Copyright (C) Andrew Tridgell 1992-1997 Modified by Jeremy Allison 1995.
4 *
5 * This program is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free
7 * Software Foundation; either version 2 of the License, or (at your option)
8 * any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 675
17 * Mass Ave, Cambridge, MA 02139, USA.
18 */
19
20 #include "includes.h"
21
22 extern int DEBUGLEVEL;
23
24 int gotalarm;
25
26 void
27 gotalarm_sig()
28 {
29 gotalarm = 1;
30 }
31
32 int
33 do_pw_lock(int fd, int waitsecs, int type)
34 {
35 struct flock lock;
36 int ret;
37
38 gotalarm = 0;
39 signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
40
41 lock.l_type = type;
42 lock.l_whence = SEEK_SET;
43 lock.l_start = 0;
44 lock.l_len = 1;
45 lock.l_pid = 0;
46
47 alarm(5);
48 ret = fcntl(fd, F_SETLKW, &lock);
49 alarm(0);
50 signal(SIGALRM, SIGNAL_CAST SIG_DFL);
51
52 if (gotalarm) {
53 DEBUG(0, ("do_pw_lock: failed to %s SMB passwd file.\n",
54 type == F_UNLCK ? "unlock" : "lock"));
55 return -1;
56 }
57 return ret;
58 }
59
60 int pw_file_lock(char *name, int type, int secs)
61 {
62 int fd = open(name, O_RDWR | O_CREAT, 0600);
63 if (fd < 0)
64 return (-1);
65 if (do_pw_lock(fd, secs, type)) {
66 close(fd);
67 return -1;
68 }
69 return fd;
70 }
71
72 int pw_file_unlock(int fd)
73 {
74 do_pw_lock(fd, 5, F_UNLCK);
75 return close(fd);
76 }
77
78 /*
79 * Routine to get the next 32 hex characters and turn them
80 * into a 16 byte array.
81 */
82
83 static int gethexpwd(char *p, char *pwd)
84 {
85 int i;
86 unsigned char lonybble, hinybble;
87 char *hexchars = "0123456789ABCDEF";
88 char *p1, *p2;
89
90 for (i = 0; i < 32; i += 2) {
91 hinybble = toupper(p[i]);
92 lonybble = toupper(p[i + 1]);
93
94 p1 = strchr(hexchars, hinybble);
95 p2 = strchr(hexchars, lonybble);
96 if (!p1 || !p2)
97 return (False);
98 hinybble = PTR_DIFF(p1, hexchars);
99 lonybble = PTR_DIFF(p2, hexchars);
100
101 pwd[i / 2] = (hinybble << 4) | lonybble;
102 }
103 return (True);
104 }
105
106 /*
107 * Routine to search the smbpasswd file for an entry matching the username.
108 */
109 struct smb_passwd *get_smbpwnam(char *name)
110 {
111 /* Static buffers we will return. */
112 static struct smb_passwd pw_buf;
113 static pstring user_name;
114 static unsigned char smbpwd[16];
115 static unsigned char smbntpwd[16];
116 char linebuf[256];
117 char readbuf[16 * 1024];
118 unsigned char c;
119 unsigned char *p;
120 long uidval;
121 long linebuf_len;
122 FILE *fp;
123 int lockfd;
124 char *pfile = lp_smb_passwd_file();
125
126 if (!*pfile) {
127 DEBUG(0, ("No SMB password file set\n"));
128 return (NULL);
129 }
130 DEBUG(10, ("get_smbpwnam: opening file %s\n", pfile));
131
132 fp = fopen(pfile, "r");
133
134 if (fp == NULL) {
135 DEBUG(0, ("get_smbpwnam: unable to open file %s\n", pfile));
136 return NULL;
137 }
138 /* Set a 16k buffer to do more efficient reads */
139 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
140
141 if ((lockfd = pw_file_lock(pfile, F_RDLCK, 5)) < 0) {
142 DEBUG(0, ("get_smbpwnam: unable to lock file %s\n", pfile));
143 fclose(fp);
144 return NULL;
145 }
146 /* make sure it is only rw by the owner */
147 chmod(pfile, 0600);
148
149 /* We have a read lock on the file. */
150 /*
151 * Scan the file, a line at a time and check if the name matches.
152 */
153 while (!feof(fp)) {
154 linebuf[0] = '\0';
155
156 fgets(linebuf, 256, fp);
157 if (ferror(fp)) {
158 fclose(fp);
159 pw_file_unlock(lockfd);
160 return NULL;
161 }
162 /*
163 * Check if the string is terminated with a newline - if not
164 * then we must keep reading and discard until we get one.
165 */
166 linebuf_len = strlen(linebuf);
167 if (linebuf[linebuf_len - 1] != '\n') {
168 c = '\0';
169 while (!ferror(fp) && !feof(fp)) {
170 c = fgetc(fp);
171 if (c == '\n')
172 break;
173 }
174 } else
175 linebuf[linebuf_len - 1] = '\0';
176
177 #ifdef DEBUG_PASSWORD
178 DEBUG(100, ("get_smbpwnam: got line |%s|\n", linebuf));
179 #endif
180 if ((linebuf[0] == 0) && feof(fp)) {
181 DEBUG(4, ("get_smbpwnam: end of file reached\n"));
182 break;
183 }
184 /*
185 * The line we have should be of the form :-
186 *
187 * username:uid:[32hex bytes]:....other flags presently
188 * ignored....
189 *
190 * or,
191 *
192 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
193 *
194 * if Windows NT compatible passwords are also present.
195 */
196
197 if (linebuf[0] == '#' || linebuf[0] == '\0') {
198 DEBUG(6, ("get_smbpwnam: skipping comment or blank line\n"));
199 continue;
200 }
201 p = (unsigned char *) strchr(linebuf, ':');
202 if (p == NULL) {
203 DEBUG(0, ("get_smbpwnam: malformed password entry (no :)\n"));
204 continue;
205 }
206 /*
207 * As 256 is shorter than a pstring we don't need to check
208 * length here - if this ever changes....
209 */
210 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
211 user_name[PTR_DIFF(p, linebuf)] = '\0';
212 if (!strequal(user_name, name))
213 continue;
214
215 /* User name matches - get uid and password */
216 p++; /* Go past ':' */
217 if (!isdigit(*p)) {
218 DEBUG(0, ("get_smbpwnam: malformed password entry (uid not number)\n"));
219 fclose(fp);
220 pw_file_unlock(lockfd);
221 return NULL;
222 }
223 uidval = atoi((char *) p);
224 while (*p && isdigit(*p))
225 p++;
226 if (*p != ':') {
227 DEBUG(0, ("get_smbpwnam: malformed password entry (no : after uid)\n"));
228 fclose(fp);
229 pw_file_unlock(lockfd);
230 return NULL;
231 }
232 /*
233 * Now get the password value - this should be 32 hex digits
234 * which are the ascii representations of a 16 byte string.
235 * Get two at a time and put them into the password.
236 */
237 p++;
238 if (*p == '*' || *p == 'X') {
239 /* Password deliberately invalid - end here. */
240 DEBUG(10, ("get_smbpwnam: entry invalidated for user %s\n", user_name));
241 fclose(fp);
242 pw_file_unlock(lockfd);
243 return NULL;
244 }
245 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
246 DEBUG(0, ("get_smbpwnam: malformed password entry (passwd too short)\n"));
247 fclose(fp);
248 pw_file_unlock(lockfd);
249 return (False);
250 }
251 if (p[32] != ':') {
252 DEBUG(0, ("get_smbpwnam: malformed password entry (no terminating :)\n"));
253 fclose(fp);
254 pw_file_unlock(lockfd);
255 return NULL;
256 }
257 if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
258 pw_buf.smb_passwd = NULL;
259 } else {
260 if(!gethexpwd((char *)p,(char *)smbpwd)) {
261 DEBUG(0, ("Malformed Lanman password entry (non hex chars)\n"));
262 fclose(fp);
263 pw_file_unlock(lockfd);
264 return NULL;
265 }
266 pw_buf.smb_passwd = smbpwd;
267 }
268 pw_buf.smb_name = user_name;
269 pw_buf.smb_userid = uidval;
270 pw_buf.smb_nt_passwd = NULL;
271
272 /* Now check if the NT compatible password is
273 available. */
274 p += 33; /* Move to the first character of the line after
275 the lanman password. */
276 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
277 if (*p != '*' && *p != 'X') {
278 if(gethexpwd((char *)p,(char *)smbntpwd))
279 pw_buf.smb_nt_passwd = smbntpwd;
280 }
281 }
282
283 fclose(fp);
284 pw_file_unlock(lockfd);
285 DEBUG(5, ("get_smbpwname: returning passwd entry for user %s, uid %d\n",
286 user_name, uidval));
287 return &pw_buf;
288 }
289
290 fclose(fp);
291 pw_file_unlock(lockfd);
292 return NULL;
293 }
Samba GIT mirror