search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Another large patch for the passdb rewrite.
[Samba/gbeck.git] / source / passdb / pdb_smbpasswd.c
blob951c97ab3c069773f020ca8e5e3d1274099b2f7f
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9. SMB parameters and setup
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Modified by Jeremy Allison 1995.
6 * Modified by Gerald (Jerry) Carter 2000
7 *
8 * This program is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * more details.
17 *
18 * You should have received a copy of the GNU General Public License along with
19 * this program; if not, write to the Free Software Foundation, Inc., 675
20 * Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 #ifdef USE_SMBPASS_DB
26
27
28 /*
29 smb_passwd is analogous to sam_passwd used everywhere
30 else. However, smb_passwd is limited to the information
31 stored by an smbpasswd entry
32 */
33
34 struct smb_passwd
35 {
36 uid_t smb_userid; /* this is actually the unix uid_t */
37 char *smb_name; /* username string */
38
39 unsigned char *smb_passwd; /* Null if no password */
40 unsigned char *smb_nt_passwd; /* Null if no password */
41
42 uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
43 time_t pass_last_set_time; /* password last set time */
44 };
45
46
47 extern int DEBUGLEVEL;
48 extern pstring samlogon_user;
49 extern BOOL sam_logon_in_ssb;
50 extern struct passdb_ops pdb_ops;
51
52
53 /* used for maintain locks on the smbpasswd file */
54 static int pw_file_lock_depth;
55 static void *global_vp;
56
57 /* static memory area used by all passdb search functions
58 in this module */
59 static SAM_ACCOUNT global_sam_pass;
60
61 enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
62
63 /***************************************************************
64 Lock an fd. Abandon after waitsecs seconds.
65 ****************************************************************/
66
67 static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
68 {
69 if (fd < 0)
70 return False;
71
72 if(*plock_depth == 0) {
73 if (!do_file_lock(fd, secs, type)) {
74 DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
75 strerror(errno)));
76 return False;
77 }
78 }
79
80 (*plock_depth)++;
81
82 return True;
83 }
84
85 /***************************************************************
86 Unlock an fd. Abandon after waitsecs seconds.
87 ****************************************************************/
88
89 static BOOL pw_file_unlock(int fd, int *plock_depth)
90 {
91 BOOL ret=True;
92
93 if(*plock_depth == 1)
94 ret = do_file_lock(fd, 5, F_UNLCK);
95
96 if (*plock_depth > 0)
97 (*plock_depth)--;
98
99 if(!ret)
100 DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
101 strerror(errno)));
102 return ret;
103 }
104
105
106 /**************************************************************
107 Intialize a smb_passwd struct
108 *************************************************************/
109 static void pdb_init_smb(struct smb_passwd *user)
110 {
111 if (user == NULL)
112 return;
113 ZERO_STRUCTP (user);
114
115 user->pass_last_set_time = (time_t)-1;
116 }
117
118
119
120 /***************************************************************
121 Internal fn to enumerate the smbpasswd list. Returns a void pointer
122 to ensure no modification outside this module. Checks for atomic
123 rename of smbpasswd file on update or create once the lock has
124 been granted to prevent race conditions. JRA.
125 ****************************************************************/
126
127 static void *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
128 {
129 FILE *fp = NULL;
130 const char *open_mode = NULL;
131 int race_loop = 0;
132 int lock_type = F_RDLCK;
133
134 if (!*pfile) {
135 DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
136 return (NULL);
137 }
138
139 switch(type) {
140 case PWF_READ:
141 open_mode = "rb";
142 lock_type = F_RDLCK;
143 break;
144 case PWF_UPDATE:
145 open_mode = "r+b";
146 lock_type = F_WRLCK;
147 break;
148 case PWF_CREATE:
149 /*
150 * Ensure atomic file creation.
151 */
152 {
153 int i, fd = -1;
154
155 for(i = 0; i < 5; i++) {
156 if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1)
157 break;
158 sys_usleep(200); /* Spin, spin... */
159 }
160 if(fd == -1) {
161 DEBUG(0,("startsmbfilepwent_internal: too many race conditions creating file %s\n", pfile));
162 return NULL;
163 }
164 close(fd);
165 open_mode = "r+b";
166 lock_type = F_WRLCK;
167 break;
168 }
169 }
170
171 for(race_loop = 0; race_loop < 5; race_loop++) {
172 DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
173
174 if((fp = sys_fopen(pfile, open_mode)) == NULL) {
175 DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) ));
176 return NULL;
177 }
178
179 if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) {
180 DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. Error was %s\n", pfile, strerror(errno) ));
181 fclose(fp);
182 return NULL;
183 }
184
185 /*
186 * Only check for replacement races on update or create.
187 * For read we don't mind if the data is one record out of date.
188 */
189
190 if(type == PWF_READ) {
191 break;
192 } else {
193 SMB_STRUCT_STAT sbuf1, sbuf2;
194
195 /*
196 * Avoid the potential race condition between the open and the lock
197 * by doing a stat on the filename and an fstat on the fd. If the
198 * two inodes differ then someone did a rename between the open and
199 * the lock. Back off and try the open again. Only do this 5 times to
200 * prevent infinate loops. JRA.
201 */
202
203 if (sys_stat(pfile,&sbuf1) != 0) {
204 DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. Error was %s\n", pfile, strerror(errno)));
205 pw_file_unlock(fileno(fp), lock_depth);
206 fclose(fp);
207 return NULL;
208 }
209
210 if (sys_fstat(fileno(fp),&sbuf2) != 0) {
211 DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. Error was %s\n", pfile, strerror(errno)));
212 pw_file_unlock(fileno(fp), lock_depth);
213 fclose(fp);
214 return NULL;
215 }
216
217 if( sbuf1.st_ino == sbuf2.st_ino) {
218 /* No race. */
219 break;
220 }
221
222 /*
223 * Race occurred - back off and try again...
224 */
225
226 pw_file_unlock(fileno(fp), lock_depth);
227 fclose(fp);
228 }
229 }
230
231 if(race_loop == 5) {
232 DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile));
233 return NULL;
234 }
235
236 /* Set a buffer to do more efficient reads */
237 setvbuf(fp, (char *)NULL, _IOFBF, 1024);
238
239 /* Make sure it is only rw by the owner */
240 if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
241 DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
242 Error was %s\n.", pfile, strerror(errno) ));
243 pw_file_unlock(fileno(fp), lock_depth);
244 fclose(fp);
245 return NULL;
246 }
247
248 /* We have a lock on the file. */
249 return (void *)fp;
250 }
251
252 /***************************************************************
253 End enumeration of the smbpasswd list.
254 ****************************************************************/
255 static void endsmbfilepwent(void *vp, int *lock_depth)
256 {
257 FILE *fp = (FILE *)vp;
258
259 pw_file_unlock(fileno(fp), lock_depth);
260 fclose(fp);
261 DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
262 }
263
264 /*************************************************************************
265 Routine to return the next entry in the smbpasswd list.
266 *************************************************************************/
267
268 static struct smb_passwd *getsmbfilepwent(void *vp)
269 {
270 /* Static buffers we will return. */
271 static struct smb_passwd pw_buf;
272 static pstring user_name;
273 static unsigned char smbpwd[16];
274 static unsigned char smbntpwd[16];
275 FILE *fp = (FILE *)vp;
276 char linebuf[256];
277 unsigned char c;
278 unsigned char *p;
279 long uidval;
280 size_t linebuf_len;
281
282 if(fp == NULL) {
283 DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
284 return NULL;
285 }
286
287 pdb_init_smb(&pw_buf);
288
289 pw_buf.acct_ctrl = ACB_NORMAL;
290
291 /*
292 * Scan the file, a line at a time and check if the name matches.
293 */
294 while (!feof(fp)) {
295 linebuf[0] = '\0';
296
297 fgets(linebuf, 256, fp);
298 if (ferror(fp)) {
299 return NULL;
300 }
301
302 /*
303 * Check if the string is terminated with a newline - if not
304 * then we must keep reading and discard until we get one.
305 */
306 if ((linebuf_len = strlen(linebuf)) == 0)
307 continue;
308
309 if (linebuf[linebuf_len - 1] != '\n') {
310 c = '\0';
311 while (!ferror(fp) && !feof(fp)) {
312 c = fgetc(fp);
313 if (c == '\n')
314 break;
315 }
316 } else
317 linebuf[linebuf_len - 1] = '\0';
318
319 #ifdef DEBUG_PASSWORD
320 DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
321 #endif
322 if ((linebuf[0] == 0) && feof(fp)) {
323 DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
324 break;
325 }
326 /*
327 * The line we have should be of the form :-
328 *
329 * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
330 * ignored....
331 *
332 * or,
333 *
334 * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
335 *
336 * if Windows NT compatible passwords are also present.
337 * [Account type] is an ascii encoding of the type of account.
338 * LCT-(8 hex digits) is the time_t value of the last change time.
339 */
340
341 if (linebuf[0] == '#' || linebuf[0] == '\0') {
342 DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
343 continue;
344 }
345 p = (unsigned char *) strchr(linebuf, ':');
346 if (p == NULL) {
347 DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
348 continue;
349 }
350 /*
351 * As 256 is shorter than a pstring we don't need to check
352 * length here - if this ever changes....
353 */
354 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
355 user_name[PTR_DIFF(p, linebuf)] = '\0';
356
357 /* Get smb uid. */
358
359 p++; /* Go past ':' */
360
361 if(*p == '-') {
362 DEBUG(0, ("getsmbfilepwent: uids in the smbpasswd file must not be negative.\n"));
363 continue;
364 }
365
366 if (!isdigit(*p)) {
367 DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
368 continue;
369 }
370
371 uidval = atoi((char *) p);
372
373 while (*p && isdigit(*p))
374 p++;
375
376 if (*p != ':') {
377 DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
378 continue;
379 }
380
381 pw_buf.smb_name = user_name;
382 pw_buf.smb_userid = uidval;
383
384 /*
385 * Now get the password value - this should be 32 hex digits
386 * which are the ascii representations of a 16 byte string.
387 * Get two at a time and put them into the password.
388 */
389
390 /* Skip the ':' */
391 p++;
392
393 if (*p == '*' || *p == 'X') {
394 /* Password deliberately invalid - end here. */
395 DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
396 pw_buf.smb_nt_passwd = NULL;
397 pw_buf.smb_passwd = NULL;
398 pw_buf.acct_ctrl |= ACB_DISABLED;
399 return &pw_buf;
400 }
401
402 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
403 DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
404 continue;
405 }
406
407 if (p[32] != ':') {
408 DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
409 continue;
410 }
411
412 if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
413 pw_buf.smb_passwd = NULL;
414 pw_buf.acct_ctrl |= ACB_PWNOTREQ;
415 } else {
416 if (!pdb_gethexpwd((char *)p, smbpwd)) {
417 DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
418 continue;
419 }
420 pw_buf.smb_passwd = smbpwd;
421 }
422
423 /*
424 * Now check if the NT compatible password is
425 * available.
426 */
427 pw_buf.smb_nt_passwd = NULL;
428
429 p += 33; /* Move to the first character of the line after
430 the lanman password. */
431 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
432 if (*p != '*' && *p != 'X') {
433 if(pdb_gethexpwd((char *)p,smbntpwd))
434 pw_buf.smb_nt_passwd = smbntpwd;
435 }
436 p += 33; /* Move to the first character of the line after
437 the NT password. */
438 }
439
440 DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
441 user_name, uidval));
442
443 if (*p == '[')
444 {
445 unsigned char *end_p = (unsigned char *)strchr((char *)p, ']');
446 pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p);
447
448 /* Must have some account type set. */
449 if(pw_buf.acct_ctrl == 0)
450 pw_buf.acct_ctrl = ACB_NORMAL;
451
452 /* Now try and get the last change time. */
453 if(end_p)
454 p = end_p + 1;
455 if(*p == ':') {
456 p++;
457 if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
458 int i;
459 p += 4;
460 for(i = 0; i < 8; i++) {
461 if(p[i] == '\0' || !isxdigit(p[i]))
462 break;
463 }
464 if(i == 8) {
465 /*
466 * p points at 8 characters of hex digits -
467 * read into a time_t as the seconds since
468 * 1970 that the password was last changed.
469 */
470 pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
471 }
472 }
473 }
474 } else {
475 /* 'Old' style file. Fake up based on user name. */
476 /*
477 * Currently trust accounts are kept in the same
478 * password file as 'normal accounts'. If this changes
479 * we will have to fix this code. JRA.
480 */
481 if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
482 pw_buf.acct_ctrl &= ~ACB_NORMAL;
483 pw_buf.acct_ctrl |= ACB_WSTRUST;
484 }
485 }
486
487 return &pw_buf;
488 }
489
490 DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
491 return NULL;
492 }
493
494 /************************************************************************
495 Create a new smbpasswd entry - malloced space returned.
496 *************************************************************************/
497
498 static char *format_new_smbpasswd_entry(struct smb_passwd *newpwd)
499 {
500 int new_entry_length;
501 char *new_entry;
502 char *p;
503 int i;
504
505 new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
506
507 if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
508 DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name ));
509 return NULL;
510 }
511
512 slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
513 p = &new_entry[strlen(new_entry)];
514
515 if(newpwd->smb_passwd != NULL) {
516 for( i = 0; i < 16; i++) {
517 slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
518 }
519 } else {
520 i=0;
521 if(newpwd->acct_ctrl & ACB_PWNOTREQ)
522 safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
523 else
524 safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
525 }
526
527 p += 32;
528
529 *p++ = ':';
530
531 if(newpwd->smb_nt_passwd != NULL) {
532 for( i = 0; i < 16; i++) {
533 slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
534 }
535 } else {
536 if(newpwd->acct_ctrl & ACB_PWNOTREQ)
537 safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
538 else
539 safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
540 }
541
542 p += 32;
543
544 *p++ = ':';
545
546 /* Add the account encoding and the last change time. */
547 slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
548 pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
549 (uint32)newpwd->pass_last_set_time);
550
551 return new_entry;
552 }
553
554 /************************************************************************
555 Routine to add an entry to the smbpasswd file.
556 *************************************************************************/
557
558 static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
559 {
560 char *pfile = lp_smb_passwd_file();
561 struct smb_passwd *pwd = NULL;
562 FILE *fp = NULL;
563 int wr_len;
564 int fd;
565 size_t new_entry_length;
566 char *new_entry;
567 SMB_OFF_T offpos;
568
569 /* Open the smbpassword file - for update. */
570 fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth);
571
572 if (fp == NULL) {
573 DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
574 return False;
575 }
576
577 /*
578 * Scan the file, a line at a time and check if the name matches.
579 */
580
581 while ((pwd = getsmbfilepwent(fp)) != NULL)
582 {
583 if (strequal(newpwd->smb_name, pwd->smb_name))
584 {
585 DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
586 endsmbfilepwent(fp, &pw_file_lock_depth);
587 return False;
588 }
589 }
590
591 /* Ok - entry doesn't exist. We can add it */
592
593 /* Create a new smb passwd entry and set it to the given password. */
594 /*
595 * The add user write needs to be atomic - so get the fd from
596 * the fp and do a raw write() call.
597 */
598 fd = fileno(fp);
599
600 if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1)
601 {
602 DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
603 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
604 endsmbfilepwent(fp, &pw_file_lock_depth);
605 return False;
606 }
607
608 if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL)
609 {
610 DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
611 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
612 endsmbfilepwent(fp, &pw_file_lock_depth);
613 return False;
614 }
615
616 new_entry_length = strlen(new_entry);
617
618 #ifdef DEBUG_PASSWORD
619 DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|",
620 fd, new_entry_length, new_entry));
621 #endif
622
623 if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length)
624 {
625 DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
626 Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
627
628 /* Remove the entry we just wrote. */
629 if(sys_ftruncate(fd, offpos) == -1)
630 {
631 DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
632 Error was %s. Password file may be corrupt ! Please examine by hand !\n",
633 newpwd->smb_name, strerror(errno)));
634 }
635
636 endsmbfilepwent(fp, &pw_file_lock_depth);
637 free(new_entry);
638 return False;
639 }
640
641 free(new_entry);
642 endsmbfilepwent(fp, &pw_file_lock_depth);
643 return True;
644 }
645
646 /************************************************************************
647 Routine to search the smbpasswd file for an entry matching the username.
648 and then modify its password entry. We can't use the startsmbpwent()/
649 getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
650 in the actual file to decide how much room we have to write data.
651 override = False, normal
652 override = True, override XXXXXXXX'd out password or NO PASS
653 ************************************************************************/
654
655 static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
656 {
657 /* Static buffers we will return. */
658 static pstring user_name;
659
660 char linebuf[256];
661 char readbuf[1024];
662 unsigned char c;
663 fstring ascii_p16;
664 fstring encode_bits;
665 unsigned char *p = NULL;
666 size_t linebuf_len = 0;
667 FILE *fp;
668 int lockfd;
669 char *pfile = lp_smb_passwd_file();
670 BOOL found_entry = False;
671 BOOL got_pass_last_set_time = False;
672
673 SMB_OFF_T pwd_seekpos = 0;
674
675 int i;
676 int wr_len;
677 int fd;
678
679 if (!*pfile) {
680 DEBUG(0, ("No SMB password file set\n"));
681 return False;
682 }
683 DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
684
685 fp = sys_fopen(pfile, "r+");
686
687 if (fp == NULL) {
688 DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
689 return False;
690 }
691 /* Set a buffer to do more efficient reads */
692 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
693
694 lockfd = fileno(fp);
695
696 if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
697 DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
698 fclose(fp);
699 return False;
700 }
701
702 /* Make sure it is only rw by the owner */
703 chmod(pfile, 0600);
704
705 /* We have a write lock on the file. */
706 /*
707 * Scan the file, a line at a time and check if the name matches.
708 */
709 while (!feof(fp)) {
710 pwd_seekpos = sys_ftell(fp);
711
712 linebuf[0] = '\0';
713
714 fgets(linebuf, sizeof(linebuf), fp);
715 if (ferror(fp)) {
716 pw_file_unlock(lockfd, &pw_file_lock_depth);
717 fclose(fp);
718 return False;
719 }
720
721 /*
722 * Check if the string is terminated with a newline - if not
723 * then we must keep reading and discard until we get one.
724 */
725 linebuf_len = strlen(linebuf);
726 if (linebuf[linebuf_len - 1] != '\n') {
727 c = '\0';
728 while (!ferror(fp) && !feof(fp)) {
729 c = fgetc(fp);
730 if (c == '\n') {
731 break;
732 }
733 }
734 } else {
735 linebuf[linebuf_len - 1] = '\0';
736 }
737
738 #ifdef DEBUG_PASSWORD
739 DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
740 #endif
741
742 if ((linebuf[0] == 0) && feof(fp)) {
743 DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
744 break;
745 }
746
747 /*
748 * The line we have should be of the form :-
749 *
750 * username:uid:[32hex bytes]:....other flags presently
751 * ignored....
752 *
753 * or,
754 *
755 * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
756 *
757 * if Windows NT compatible passwords are also present.
758 */
759
760 if (linebuf[0] == '#' || linebuf[0] == '\0') {
761 DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
762 continue;
763 }
764
765 p = (unsigned char *) strchr(linebuf, ':');
766
767 if (p == NULL) {
768 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
769 continue;
770 }
771
772 /*
773 * As 256 is shorter than a pstring we don't need to check
774 * length here - if this ever changes....
775 */
776 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
777 user_name[PTR_DIFF(p, linebuf)] = '\0';
778 if (strequal(user_name, pwd->smb_name)) {
779 found_entry = True;
780 break;
781 }
782 }
783
784 if (!found_entry) {
785 pw_file_unlock(lockfd, &pw_file_lock_depth);
786 fclose(fp);
787 return False;
788 }
789
790 DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
791
792 /* User name matches - get uid and password */
793 p++; /* Go past ':' */
794
795 if (!isdigit(*p)) {
796 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
797 pw_file_unlock(lockfd, &pw_file_lock_depth);
798 fclose(fp);
799 return False;
800 }
801
802 while (*p && isdigit(*p))
803 p++;
804 if (*p != ':') {
805 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
806 pw_file_unlock(lockfd, &pw_file_lock_depth);
807 fclose(fp);
808 return False;
809 }
810
811 /*
812 * Now get the password value - this should be 32 hex digits
813 * which are the ascii representations of a 16 byte string.
814 * Get two at a time and put them into the password.
815 */
816 p++;
817
818 /* Record exact password position */
819 pwd_seekpos += PTR_DIFF(p, linebuf);
820
821 if (!override && (*p == '*' || *p == 'X')) {
822 /* Password deliberately invalid - end here. */
823 DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
824 pw_file_unlock(lockfd, &pw_file_lock_depth);
825 fclose(fp);
826 return False;
827 }
828
829 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
830 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
831 pw_file_unlock(lockfd,&pw_file_lock_depth);
832 fclose(fp);
833 return (False);
834 }
835
836 if (p[32] != ':') {
837 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
838 pw_file_unlock(lockfd,&pw_file_lock_depth);
839 fclose(fp);
840 return False;
841 }
842
843 if (!override && (*p == '*' || *p == 'X')) {
844 pw_file_unlock(lockfd,&pw_file_lock_depth);
845 fclose(fp);
846 return False;
847 }
848
849 /* Now check if the NT compatible password is
850 available. */
851 p += 33; /* Move to the first character of the line after
852 the lanman password. */
853 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
854 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
855 pw_file_unlock(lockfd,&pw_file_lock_depth);
856 fclose(fp);
857 return (False);
858 }
859
860 if (p[32] != ':') {
861 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
862 pw_file_unlock(lockfd,&pw_file_lock_depth);
863 fclose(fp);
864 return False;
865 }
866
867 /*
868 * Now check if the account info and the password last
869 * change time is available.
870 */
871 p += 33; /* Move to the first character of the line after
872 the NT password. */
873
874 /*
875 * If both NT and lanman passwords are provided - reset password
876 * not required flag.
877 */
878
879 if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
880 /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
881 pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
882 }
883
884 if (*p == '[') {
885
886 i = 0;
887 encode_bits[i++] = *p++;
888 while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
889 encode_bits[i++] = *p++;
890
891 encode_bits[i++] = ']';
892 encode_bits[i++] = '\0';
893
894 if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
895 /*
896 * We are using a new format, space padded
897 * acct ctrl field. Encode the given acct ctrl
898 * bits into it.
899 */
900 fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
901 } else {
902 /*
903 * If using the old format and the ACB_DISABLED or
904 * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
905 * here as we have no space to encode the change.
906 */
907 if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
908 pwd->smb_passwd = NULL;
909 pwd->smb_nt_passwd = NULL;
910 }
911 }
912
913 /* Go past the ']' */
914 if(linebuf_len > PTR_DIFF(p, linebuf))
915 p++;
916
917 if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
918 p++;
919
920 /* We should be pointing at the LCT entry. */
921 if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
922
923 p += 4;
924 for(i = 0; i < 8; i++) {
925 if(p[i] == '\0' || !isxdigit(p[i]))
926 break;
927 }
928 if(i == 8) {
929 /*
930 * p points at 8 characters of hex digits -
931 * read into a time_t as the seconds since
932 * 1970 that the password was last changed.
933 */
934 got_pass_last_set_time = True;
935 } /* i == 8 */
936 } /* *p && StrnCaseCmp() */
937 } /* p == ':' */
938 } /* p == '[' */
939
940 /* Entry is correctly formed. */
941
942 /* Create the 32 byte representation of the new p16 */
943 if(pwd->smb_passwd != NULL) {
944 for (i = 0; i < 16; i++) {
945 slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
946 }
947 } else {
948 if(pwd->acct_ctrl & ACB_PWNOTREQ)
949 fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
950 else
951 fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
952 }
953
954 /* Add on the NT md4 hash */
955 ascii_p16[32] = ':';
956 wr_len = 66;
957 if (pwd->smb_nt_passwd != NULL) {
958 for (i = 0; i < 16; i++) {
959 slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
960 }
961 } else {
962 if(pwd->acct_ctrl & ACB_PWNOTREQ)
963 fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
964 else
965 fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
966 }
967 ascii_p16[65] = ':';
968 ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
969
970 /* Add on the account info bits and the time of last
971 password change. */
972
973 pwd->pass_last_set_time = time(NULL);
974
975 if(got_pass_last_set_time) {
976 slprintf(&ascii_p16[strlen(ascii_p16)],
977 sizeof(ascii_p16)-(strlen(ascii_p16)+1),
978 "%s:LCT-%08X:",
979 encode_bits, (uint32)pwd->pass_last_set_time );
980 wr_len = strlen(ascii_p16);
981 }
982
983 #ifdef DEBUG_PASSWORD
984 DEBUG(100,("mod_smbfilepwd_entry: "));
985 dump_data(100, ascii_p16, wr_len);
986 #endif
987
988 if(wr_len > sizeof(linebuf)) {
989 DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
990 pw_file_unlock(lockfd,&pw_file_lock_depth);
991 fclose(fp);
992 return (False);
993 }
994
995 /*
996 * Do an atomic write into the file at the position defined by
997 * seekpos.
998 */
999
1000 /* The mod user write needs to be atomic - so get the fd from
1001 the fp and do a raw write() call.
1002 */
1003
1004 fd = fileno(fp);
1005
1006 if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
1007 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
1008 pw_file_unlock(lockfd,&pw_file_lock_depth);
1009 fclose(fp);
1010 return False;
1011 }
1012
1013 /* Sanity check - ensure the areas we are writing are framed by ':' */
1014 if (read(fd, linebuf, wr_len+1) != wr_len+1) {
1015 DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
1016 pw_file_unlock(lockfd,&pw_file_lock_depth);
1017 fclose(fp);
1018 return False;
1019 }
1020
1021 if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
1022 DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
1023 pw_file_unlock(lockfd,&pw_file_lock_depth);
1024 fclose(fp);
1025 return False;
1026 }
1027
1028 if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
1029 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
1030 pw_file_unlock(lockfd,&pw_file_lock_depth);
1031 fclose(fp);
1032 return False;
1033 }
1034
1035 if (write(fd, ascii_p16, wr_len) != wr_len) {
1036 DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
1037 pw_file_unlock(lockfd,&pw_file_lock_depth);
1038 fclose(fp);
1039 return False;
1040 }
1041
1042 pw_file_unlock(lockfd,&pw_file_lock_depth);
1043 fclose(fp);
1044 return True;
1045 }
1046
1047 /************************************************************************
1048 Routine to delete an entry in the smbpasswd file by name.
1049 *************************************************************************/
1050
1051 static BOOL del_smbfilepwd_entry(const char *name)
1052 {
1053 char *pfile = lp_smb_passwd_file();
1054 pstring pfile2;
1055 struct smb_passwd *pwd = NULL;
1056 FILE *fp = NULL;
1057 FILE *fp_write = NULL;
1058 int pfile2_lockdepth = 0;
1059
1060 slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)sys_getpid() );
1061
1062 /*
1063 * Open the smbpassword file - for update. It needs to be update
1064 * as we need any other processes to wait until we have replaced
1065 * it.
1066 */
1067
1068 if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &pw_file_lock_depth)) == NULL) {
1069 DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1070 return False;
1071 }
1072
1073 /*
1074 * Create the replacement password file.
1075 */
1076 if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
1077 DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1078 endsmbfilepwent(fp, &pw_file_lock_depth);
1079 return False;
1080 }
1081
1082 /*
1083 * Scan the file, a line at a time and check if the name matches.
1084 */
1085
1086 while ((pwd = getsmbfilepwent(fp)) != NULL) {
1087 char *new_entry;
1088 size_t new_entry_length;
1089
1090 if (strequal(name, pwd->smb_name)) {
1091 DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name));
1092 continue;
1093 }
1094
1095 /*
1096 * We need to copy the entry out into the second file.
1097 */
1098
1099 if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL)
1100 {
1101 DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
1102 Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1103 unlink(pfile2);
1104 endsmbfilepwent(fp, &pw_file_lock_depth);
1105 endsmbfilepwent(fp_write, &pfile2_lockdepth);
1106 return False;
1107 }
1108
1109 new_entry_length = strlen(new_entry);
1110
1111 if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length)
1112 {
1113 DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
1114 Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1115 unlink(pfile2);
1116 endsmbfilepwent(fp, &pw_file_lock_depth);
1117 endsmbfilepwent(fp_write, &pfile2_lockdepth);
1118 free(new_entry);
1119 return False;
1120 }
1121
1122 free(new_entry);
1123 }
1124
1125 /*
1126 * Ensure pfile2 is flushed before rename.
1127 */
1128
1129 if(fflush(fp_write) != 0)
1130 {
1131 DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
1132 endsmbfilepwent(fp, &pw_file_lock_depth);
1133 endsmbfilepwent(fp_write,&pfile2_lockdepth);
1134 return False;
1135 }
1136
1137 /*
1138 * Do an atomic rename - then release the locks.
1139 */
1140
1141 if(rename(pfile2,pfile) != 0) {
1142 unlink(pfile2);
1143 }
1144
1145 endsmbfilepwent(fp, &pw_file_lock_depth);
1146 endsmbfilepwent(fp_write,&pfile2_lockdepth);
1147 return True;
1148 }
1149
1150 /*********************************************************************
1151 Create a SAM_ACCOUNT from a smb_passwd struct
1152 ********************************************************************/
1153 static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
1154 {
1155 BYTE *ptr;
1156
1157 if (sampass == NULL)
1158 return False;
1159
1160 ZERO_STRUCTP (smb_pw);
1161
1162 smb_pw->smb_userid = pdb_get_uid(sampass);
1163 smb_pw->smb_name = strdup(pdb_get_username(sampass));
1164
1165 if ((ptr=pdb_get_lanman_passwd(sampass)) != NULL)
1166 {
1167 if ((smb_pw->smb_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
1168 {
1169 DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
1170 return False;
1171 }
1172 memcpy (smb_pw->smb_passwd, ptr, sizeof(BYTE)*16);
1173 }
1174
1175 if ((ptr=pdb_get_nt_passwd(sampass)) != NULL)
1176 {
1177 if ((smb_pw->smb_nt_passwd=(BYTE*)malloc(sizeof(BYTE)*16)) == NULL)
1178 {
1179 DEBUG (0,("build_smb_pass: ERROR - Unable to malloc memory!\n"));
1180 return False;
1181 }
1182 memcpy (smb_pw->smb_nt_passwd, ptr, sizeof(BYTE)*16);
1183 }
1184
1185 smb_pw->acct_ctrl = pdb_get_acct_ctrl(sampass);
1186 smb_pw->pass_last_set_time = pdb_get_pass_last_set_time(sampass);
1187
1188 return True;
1189
1190 }
1191
1192 /********************************************************************
1193 clear out memory allocated for pointer members
1194 *******************************************************************/
1195 static void clear_smb_pass (struct smb_passwd *smb_pw)
1196 {
1197
1198 /* valid poiner to begin with? */
1199 if (smb_pw == NULL)
1200 return;
1201
1202 /* clear out members */
1203 if (smb_pw->smb_name)
1204 free (smb_pw->smb_name);
1205
1206 if (smb_pw->smb_passwd)
1207 free(smb_pw->smb_passwd);
1208
1209 if (smb_pw->smb_nt_passwd)
1210 free(smb_pw->smb_nt_passwd);
1211
1212 return;
1213 }
1214
1215
1216 /*********************************************************************
1217 Create a SAM_ACCOUNT from a smb_passwd struct
1218 ********************************************************************/
1219 static BOOL build_sam_account (SAM_ACCOUNT *sam_pass,
1220 struct smb_passwd *pw_buf)
1221 {
1222
1223 struct passwd *pwfile;
1224
1225 if (!sam_pass)
1226 return (False);
1227
1228 /* make sure that we own the memory here--also clears
1229 any existing members as a side effect */
1230 pdb_set_mem_ownership(sam_pass, True);
1231
1232 /* is the user valid? Verify in system password file...
1233
1234 FIXME!!! This is where we should look up an internal
1235 mapping of allocated uid for machine accounts as well
1236 --jerry */
1237 pwfile = sys_getpwnam(pw_buf->smb_name);
1238 if (pwfile == NULL)
1239 {
1240 DEBUG(0,("build_sam_account: smbpasswd database is corrupt!\n"));
1241 DEBUG(0,("build_sam_account: username %s not in unix passwd database!\n", pw_buf->smb_name));
1242 return False;
1243 }
1244
1245 pstrcpy(samlogon_user, pw_buf->smb_name);
1246
1247 pdb_set_uid (sam_pass, pwfile->pw_uid);
1248 pdb_set_gid (sam_pass, pwfile->pw_gid);
1249 pdb_set_user_rid (sam_pass, pdb_uid_to_user_rid (pdb_get_uid(sam_pass)) );
1250 pdb_set_username (sam_pass, pw_buf->smb_name);
1251 pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
1252 pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
1253 pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
1254 pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
1255 pdb_set_domain (sam_pass, lp_workgroup());
1256
1257 /* FIXME!! What should this be set to? New smb.conf parameter maybe?
1258 max password age? For now, we'll use the current time + 21 days.
1259 --jerry */
1260 pdb_set_pass_must_change_time (sam_pass, time(NULL)+1814400);
1261
1262 /* check if this is a user account or a machine account */
1263 if (samlogon_user[strlen(samlogon_user)-1] != '$')
1264 {
1265 pstring str;
1266 gid_t gid;
1267
1268 sam_logon_in_ssb = True;
1269
1270 pstrcpy(str, lp_logon_script());
1271 standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
1272 pdb_set_logon_script(sam_pass, str);
1273
1274 pstrcpy(str, lp_logon_path());
1275 standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
1276 pdb_set_profile_path(sam_pass, str);
1277
1278 pstrcpy(str, lp_logon_home());
1279 standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
1280 pdb_set_homedir(sam_pass, str);
1281
1282 if (lp_unix_realname())
1283 pdb_set_fullname(sam_pass, pwfile->pw_gecos);
1284 else
1285 pdb_set_fullname(sam_pass, "<Full Name>");
1286
1287
1288 /* set other user information that we have */
1289 pdb_set_group_rid (sam_pass, pdb_gid_to_group_rid(pdb_get_gid(&global_sam_pass)) );
1290 pdb_set_dir_drive (sam_pass, lp_logon_drive());
1291
1292 sam_logon_in_ssb = False;
1293 }
1294 else
1295 {
1296 /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
1297 pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
1298 }
1299
1300 return True;
1301 }
1302 /*****************************************************************
1303 Functions to be implemented by the new passdb API
1304 ****************************************************************/
1305 BOOL pdb_setsampwent (BOOL update)
1306 {
1307 global_vp = startsmbfilepwent(lp_smb_passwd_file(),
1308 update ? PWF_UPDATE : PWF_READ,
1309 &pw_file_lock_depth);
1310
1311 /* did we fail? Should we try to create it? */
1312 if (!global_vp && update && errno == ENOENT)
1313 {
1314 FILE *fp;
1315 /* slprintf(msg_str,msg_str_len-1,
1316 "smbpasswd file did not exist - attempting to create it.\n"); */
1317 DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
1318 fp = sys_fopen(lp_smb_passwd_file(), "w");
1319 if (fp)
1320 {
1321 fprintf(fp, "# Samba SMB password file\n");
1322 fclose(fp);
1323 }
1324
1325 global_vp = startsmbfilepwent(lp_smb_passwd_file(),
1326 update ? PWF_UPDATE : PWF_READ,
1327 &pw_file_lock_depth);
1328 }
1329
1330 return (global_vp != NULL);
1331 }
1332
1333 void pdb_endsampwent (void)
1334 {
1335 endsmbfilepwent(global_vp, &pw_file_lock_depth);
1336 }
1337
1338 /*****************************************************************
1339 pdb_getsampwent() uses a static memory ares (returning a pointer
1340 to this) for all instances. This is identical behavior to the
1341 getpwnam() call. If the caller wishes to save the SAM_ACCOUNT
1342 struct, it should make a copy immediately after calling this
1343 function.
1344 ****************************************************************/
1345 SAM_ACCOUNT* pdb_getsampwent (void)
1346 {
1347 struct smb_passwd *pw_buf;
1348
1349
1350 DEBUG(5,("pdb_getsampwent\n"));
1351
1352 /* do we have an entry? */
1353 pw_buf = getsmbfilepwent(global_vp);
1354 if (pw_buf == NULL)
1355 return NULL;
1356
1357 /* build the SAM_ACCOUNT entry from the smb_passwd struct.
1358 This will also clear out the previous SAM_ACCOUNT fields */
1359 if (!build_sam_account (&global_sam_pass, pw_buf))
1360 return NULL;
1361
1362 /* success */
1363 return &global_sam_pass;
1364 }
1365
1366
1367 /****************************************************************
1368 Search smbpasswd file by iterating over the entries. Do not
1369 call getpwnam() for unix account information until we have found
1370 the correct entry
1371 ***************************************************************/
1372 SAM_ACCOUNT* pdb_getsampwnam (char *username)
1373 {
1374 struct smb_passwd *smb_pw;
1375 void *fp = NULL;
1376 char *domain = NULL;
1377 char *user = NULL;
1378 fstring name;
1379
1380 DEBUG(10, ("search by name: %s\n", username));
1381
1382 /* break the username from the domain if we have
1383 been given a string in the form 'DOMAIN\user' */
1384 fstrcpy (name, username);
1385 if ((user=strchr(name, '\\')) != NULL)
1386 {
1387 domain = name;
1388 *user = '\0';
1389 user++;
1390 }
1391
1392 /* if a domain was specified and it wasn't ours
1393 then there is no chance of matching */
1394 if ( (domain) && (!StrCaseCmp(domain, lp_workgroup())) )
1395 return (NULL);
1396
1397 /* startsmbfilepwent() is used here as we don't want to lookup
1398 the UNIX account in the local system password file until
1399 we have a match. */
1400 fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
1401
1402 if (fp == NULL)
1403 {
1404 DEBUG(0, ("unable to open passdb database.\n"));
1405 return NULL;
1406 }
1407
1408 /* if we have a domain name, then we should map it to a UNIX
1409 username first */
1410 if ( domain )
1411 map_username(user);
1412
1413 while ( ((smb_pw=getsmbfilepwent(fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
1414 /* do nothing....another loop */ ;
1415
1416 endsmbfilepwent(fp, &pw_file_lock_depth);
1417
1418
1419 /* did we locate the username in smbpasswd */
1420 if (smb_pw == NULL)
1421 {
1422 return (NULL);
1423 }
1424
1425 DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
1426
1427 /* now build the SAM_ACCOUNT */
1428 if (!build_sam_account (&global_sam_pass, smb_pw))
1429 return NULL;
1430
1431 /* success */
1432 return (&global_sam_pass);
1433 }
1434
1435
1436 SAM_ACCOUNT* pdb_getsampwuid (uid_t uid)
1437 {
1438 struct smb_passwd *smb_pw;
1439 void *fp = NULL;
1440
1441 DEBUG(10, ("search by uid: %d\n", uid));
1442
1443 /* Open the sam password file - not for update. */
1444 fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
1445
1446 if (fp == NULL)
1447 {
1448 DEBUG(0, ("unable to open passdb database.\n"));
1449 return NULL;
1450 }
1451
1452 while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (smb_pw->smb_userid != uid) )
1453 /* do nothing */ ;
1454
1455 endsmbfilepwent(fp, &pw_file_lock_depth);
1456
1457
1458 /* did we locate the username in smbpasswd */
1459 if (smb_pw == NULL)
1460 {
1461 return (NULL);
1462 }
1463
1464 DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
1465
1466 /* now build the SAM_ACCOUNT */
1467 if (!build_sam_account (&global_sam_pass, smb_pw))
1468 return NULL;
1469
1470 /* success */
1471 return (&global_sam_pass);
1472 }
1473
1474 SAM_ACCOUNT* pdb_getsampwrid (uint32 rid)
1475 {
1476 struct smb_passwd *smb_pw;
1477 void *fp = NULL;
1478
1479 DEBUG(10, ("search by rid: %d\n", rid));
1480
1481 /* Open the sam password file - not for update. */
1482 fp = startsmbfilepwent(lp_smb_passwd_file(), PWF_READ, &pw_file_lock_depth);
1483
1484 if (fp == NULL)
1485 {
1486 DEBUG(0, ("unable to open passdb database.\n"));
1487 return NULL;
1488 }
1489
1490 while ( ((smb_pw=getsmbfilepwent(fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
1491 /* do nothing */ ;
1492
1493 endsmbfilepwent(fp, &pw_file_lock_depth);
1494
1495
1496 /* did we locate the username in smbpasswd */
1497 if (smb_pw == NULL)
1498 {
1499 return (NULL);
1500 }
1501
1502 DEBUG(10, ("found by name: %s\n", smb_pw->smb_name));
1503
1504 /* now build the SAM_ACCOUNT */
1505 if (!build_sam_account (&global_sam_pass, smb_pw))
1506 return NULL;
1507
1508 /* success */
1509 return (&global_sam_pass);
1510 }
1511
1512 BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass)
1513 {
1514 struct smb_passwd smb_pw;
1515 BOOL ret;
1516
1517 /* convert the SAM_ACCOUNT */
1518 build_smb_pass(&smb_pw, sampass);
1519
1520 /* add the entry */
1521 ret = add_smbfilepwd_entry(&smb_pw);
1522
1523 /* clear memory from smb_passwd */
1524 clear_smb_pass (&smb_pw);
1525
1526 return (ret);
1527 }
1528
1529 BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override)
1530 {
1531 struct smb_passwd smb_pw;
1532 BOOL ret;
1533
1534 /* convert the SAM_ACCOUNT */
1535 build_smb_pass(&smb_pw, sampass);
1536
1537 /* update the entry */
1538 ret = mod_smbfilepwd_entry(&smb_pw, override);
1539
1540 /* clear memory from smb_passwd */
1541 clear_smb_pass (&smb_pw);
1542
1543 return (ret);
1544 }
1545
1546 BOOL pdb_delete_sam_account (char* username)
1547 {
1548 return ( del_smbfilepwd_entry(username) );
1549 }
1550
1551 #else
1552 /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
1553 void smbpass_dummy_function(void) { } /* stop some compilers complaining */
1554 #endif /* USE_SMBPASS_DB */
WIP