search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
adding missing files from 3.0
[Samba/gebeck_regimport.git] / source / passdb / pdb_smbpasswd.c
blob8171b65adcce106cbae27e59e8e5ae0cfbe44e61
1 /*
2 * Unix SMB/CIFS implementation.
3 * SMB parameters and setup
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Modified by Jeremy Allison 1995.
6 * Modified by Gerald (Jerry) Carter 2000-2001,2003
7 * Modified by Andrew Bartlett 2002.
8 *
9 * This program is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 * more details.
18 *
19 * You should have received a copy of the GNU General Public License along with
20 * this program; if not, write to the Free Software Foundation, Inc., 675
21 * Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_PASSDB
28
29 /*
30 smb_passwd is analogous to sam_passwd used everywhere
31 else. However, smb_passwd is limited to the information
32 stored by an smbpasswd entry
33 */
34
35 struct smb_passwd
36 {
37 uint32 smb_userid; /* this is actually the unix uid_t */
38 const char *smb_name; /* username string */
39
40 const unsigned char *smb_passwd; /* Null if no password */
41 const unsigned char *smb_nt_passwd; /* Null if no password */
42
43 uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
44 time_t pass_last_set_time; /* password last set time */
45 };
46
47 struct smbpasswd_privates
48 {
49 /* used for maintain locks on the smbpasswd file */
50 int pw_file_lock_depth;
51
52 /* Global File pointer */
53 FILE *pw_file;
54
55 /* formerly static variables */
56 struct smb_passwd pw_buf;
57 pstring user_name;
58 unsigned char smbpwd[16];
59 unsigned char smbntpwd[16];
60
61 /* retrive-once info */
62 const char *smbpasswd_file;
63 };
64
65 enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
66
67 /***************************************************************
68 Lock an fd. Abandon after waitsecs seconds.
69 ****************************************************************/
70
71 static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
72 {
73 if (fd < 0)
74 return False;
75
76 if(*plock_depth == 0) {
77 if (!do_file_lock(fd, secs, type)) {
78 DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
79 strerror(errno)));
80 return False;
81 }
82 }
83
84 (*plock_depth)++;
85
86 return True;
87 }
88
89 /***************************************************************
90 Unlock an fd. Abandon after waitsecs seconds.
91 ****************************************************************/
92
93 static BOOL pw_file_unlock(int fd, int *plock_depth)
94 {
95 BOOL ret=True;
96
97 if (fd == 0 || *plock_depth == 0) {
98 return True;
99 }
100
101 if(*plock_depth == 1)
102 ret = do_file_lock(fd, 5, F_UNLCK);
103
104 if (*plock_depth > 0)
105 (*plock_depth)--;
106
107 if(!ret)
108 DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
109 strerror(errno)));
110 return ret;
111 }
112
113
114 /**************************************************************
115 Intialize a smb_passwd struct
116 *************************************************************/
117
118 static void pdb_init_smb(struct smb_passwd *user)
119 {
120 if (user == NULL)
121 return;
122 ZERO_STRUCTP (user);
123
124 user->pass_last_set_time = (time_t)0;
125 }
126
127 /***************************************************************
128 Internal fn to enumerate the smbpasswd list. Returns a void pointer
129 to ensure no modification outside this module. Checks for atomic
130 rename of smbpasswd file on update or create once the lock has
131 been granted to prevent race conditions. JRA.
132 ****************************************************************/
133
134 static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
135 {
136 FILE *fp = NULL;
137 const char *open_mode = NULL;
138 int race_loop = 0;
139 int lock_type = F_RDLCK;
140
141 if (!*pfile) {
142 DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
143 return (NULL);
144 }
145
146 switch(type) {
147 case PWF_READ:
148 open_mode = "rb";
149 lock_type = F_RDLCK;
150 break;
151 case PWF_UPDATE:
152 open_mode = "r+b";
153 lock_type = F_WRLCK;
154 break;
155 case PWF_CREATE:
156 /*
157 * Ensure atomic file creation.
158 */
159 {
160 int i, fd = -1;
161
162 for(i = 0; i < 5; i++) {
163 if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1)
164 break;
165 sys_usleep(200); /* Spin, spin... */
166 }
167 if(fd == -1) {
168 DEBUG(0,("startsmbfilepwent_internal: too many race conditions creating file %s\n", pfile));
169 return NULL;
170 }
171 close(fd);
172 open_mode = "r+b";
173 lock_type = F_WRLCK;
174 break;
175 }
176 }
177
178 for(race_loop = 0; race_loop < 5; race_loop++) {
179 DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
180
181 if((fp = sys_fopen(pfile, open_mode)) == NULL) {
182
183 /*
184 * If smbpasswd file doesn't exist, then create new one. This helps to avoid
185 * confusing error msg when adding user account first time.
186 */
187 if (errno == ENOENT) {
188 if ((fp = sys_fopen(pfile, "a+")) != NULL) {
189 DEBUG(0, ("startsmbfilepwent_internal: file %s did not exist. File successfully created.\n", pfile));
190
191 } else {
192 DEBUG(0, ("startsmbfilepwent_internal: file %s did not exist. Couldn't create new one. Error was: %s",
193 pfile, strerror(errno)));
194 return NULL;
195 }
196
197 } else {
198 DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. Error was: %s\n", pfile, strerror(errno)));
199 return NULL;
200 }
201 }
202
203 if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) {
204 DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. Error was %s\n", pfile, strerror(errno) ));
205 fclose(fp);
206 return NULL;
207 }
208
209 /*
210 * Only check for replacement races on update or create.
211 * For read we don't mind if the data is one record out of date.
212 */
213
214 if(type == PWF_READ) {
215 break;
216 } else {
217 SMB_STRUCT_STAT sbuf1, sbuf2;
218
219 /*
220 * Avoid the potential race condition between the open and the lock
221 * by doing a stat on the filename and an fstat on the fd. If the
222 * two inodes differ then someone did a rename between the open and
223 * the lock. Back off and try the open again. Only do this 5 times to
224 * prevent infinate loops. JRA.
225 */
226
227 if (sys_stat(pfile,&sbuf1) != 0) {
228 DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. Error was %s\n", pfile, strerror(errno)));
229 pw_file_unlock(fileno(fp), lock_depth);
230 fclose(fp);
231 return NULL;
232 }
233
234 if (sys_fstat(fileno(fp),&sbuf2) != 0) {
235 DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. Error was %s\n", pfile, strerror(errno)));
236 pw_file_unlock(fileno(fp), lock_depth);
237 fclose(fp);
238 return NULL;
239 }
240
241 if( sbuf1.st_ino == sbuf2.st_ino) {
242 /* No race. */
243 break;
244 }
245
246 /*
247 * Race occurred - back off and try again...
248 */
249
250 pw_file_unlock(fileno(fp), lock_depth);
251 fclose(fp);
252 }
253 }
254
255 if(race_loop == 5) {
256 DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile));
257 return NULL;
258 }
259
260 /* Set a buffer to do more efficient reads */
261 setvbuf(fp, (char *)NULL, _IOFBF, 1024);
262
263 /* Make sure it is only rw by the owner */
264 if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
265 DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
266 Error was %s\n.", pfile, strerror(errno) ));
267 pw_file_unlock(fileno(fp), lock_depth);
268 fclose(fp);
269 return NULL;
270 }
271
272 /* We have a lock on the file. */
273 return fp;
274 }
275
276 /***************************************************************
277 End enumeration of the smbpasswd list.
278 ****************************************************************/
279 static void endsmbfilepwent(FILE *fp, int *lock_depth)
280 {
281 if (!fp) {
282 return;
283 }
284
285 pw_file_unlock(fileno(fp), lock_depth);
286 fclose(fp);
287 DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
288 }
289
290 /*************************************************************************
291 Routine to return the next entry in the smbpasswd list.
292 *************************************************************************/
293
294 static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_state, FILE *fp)
295 {
296 /* Static buffers we will return. */
297 struct smb_passwd *pw_buf = &smbpasswd_state->pw_buf;
298 char *user_name = smbpasswd_state->user_name;
299 unsigned char *smbpwd = smbpasswd_state->smbpwd;
300 unsigned char *smbntpwd = smbpasswd_state->smbntpwd;
301 char linebuf[256];
302 unsigned char c;
303 unsigned char *p;
304 long uidval;
305 size_t linebuf_len;
306
307 if(fp == NULL) {
308 DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
309 return NULL;
310 }
311
312 pdb_init_smb(pw_buf);
313
314 pw_buf->acct_ctrl = ACB_NORMAL;
315
316 /*
317 * Scan the file, a line at a time and check if the name matches.
318 */
319 while (!feof(fp)) {
320 linebuf[0] = '\0';
321
322 fgets(linebuf, 256, fp);
323 if (ferror(fp)) {
324 return NULL;
325 }
326
327 /*
328 * Check if the string is terminated with a newline - if not
329 * then we must keep reading and discard until we get one.
330 */
331 if ((linebuf_len = strlen(linebuf)) == 0)
332 continue;
333
334 if (linebuf[linebuf_len - 1] != '\n') {
335 c = '\0';
336 while (!ferror(fp) && !feof(fp)) {
337 c = fgetc(fp);
338 if (c == '\n')
339 break;
340 }
341 } else
342 linebuf[linebuf_len - 1] = '\0';
343
344 #ifdef DEBUG_PASSWORD
345 DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
346 #endif
347 if ((linebuf[0] == 0) && feof(fp)) {
348 DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
349 break;
350 }
351 /*
352 * The line we have should be of the form :-
353 *
354 * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
355 * ignored....
356 *
357 * or,
358 *
359 * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
360 *
361 * if Windows NT compatible passwords are also present.
362 * [Account type] is an ascii encoding of the type of account.
363 * LCT-(8 hex digits) is the time_t value of the last change time.
364 */
365
366 if (linebuf[0] == '#' || linebuf[0] == '\0') {
367 DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
368 continue;
369 }
370 p = (unsigned char *) strchr_m(linebuf, ':');
371 if (p == NULL) {
372 DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
373 continue;
374 }
375 /*
376 * As 256 is shorter than a pstring we don't need to check
377 * length here - if this ever changes....
378 */
379 SMB_ASSERT(sizeof(pstring) > sizeof(linebuf));
380
381 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
382 user_name[PTR_DIFF(p, linebuf)] = '\0';
383
384 /* Get smb uid. */
385
386 p++; /* Go past ':' */
387
388 if(*p == '-') {
389 DEBUG(0, ("getsmbfilepwent: uids in the smbpasswd file must not be negative.\n"));
390 continue;
391 }
392
393 if (!isdigit(*p)) {
394 DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
395 continue;
396 }
397
398 uidval = atoi((char *) p);
399
400 while (*p && isdigit(*p))
401 p++;
402
403 if (*p != ':') {
404 DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
405 continue;
406 }
407
408 pw_buf->smb_name = user_name;
409 pw_buf->smb_userid = uidval;
410
411 /*
412 * Now get the password value - this should be 32 hex digits
413 * which are the ascii representations of a 16 byte string.
414 * Get two at a time and put them into the password.
415 */
416
417 /* Skip the ':' */
418 p++;
419
420 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
421 DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
422 continue;
423 }
424
425 if (p[32] != ':') {
426 DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
427 continue;
428 }
429
430 if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
431 pw_buf->smb_passwd = NULL;
432 pw_buf->acct_ctrl |= ACB_PWNOTREQ;
433 } else {
434 if (*p == '*' || *p == 'X') {
435 /* NULL LM password */
436 pw_buf->smb_passwd = NULL;
437 DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name));
438 } else if (pdb_gethexpwd((char *)p, smbpwd)) {
439 pw_buf->smb_passwd = smbpwd;
440 } else {
441 pw_buf->smb_passwd = NULL;
442 DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
443 }
444 }
445
446 /*
447 * Now check if the NT compatible password is
448 * available.
449 */
450 pw_buf->smb_nt_passwd = NULL;
451
452 p += 33; /* Move to the first character of the line after
453 the lanman password. */
454 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
455 if (*p != '*' && *p != 'X') {
456 if(pdb_gethexpwd((char *)p,smbntpwd))
457 pw_buf->smb_nt_passwd = smbntpwd;
458 }
459 p += 33; /* Move to the first character of the line after
460 the NT password. */
461 }
462
463 DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
464 user_name, uidval));
465
466 if (*p == '[')
467 {
468 unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
469 pw_buf->acct_ctrl = pdb_decode_acct_ctrl((char*)p);
470
471 /* Must have some account type set. */
472 if(pw_buf->acct_ctrl == 0)
473 pw_buf->acct_ctrl = ACB_NORMAL;
474
475 /* Now try and get the last change time. */
476 if(end_p)
477 p = end_p + 1;
478 if(*p == ':') {
479 p++;
480 if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
481 int i;
482 p += 4;
483 for(i = 0; i < 8; i++) {
484 if(p[i] == '\0' || !isxdigit(p[i]))
485 break;
486 }
487 if(i == 8) {
488 /*
489 * p points at 8 characters of hex digits -
490 * read into a time_t as the seconds since
491 * 1970 that the password was last changed.
492 */
493 pw_buf->pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
494 }
495 }
496 }
497 } else {
498 /* 'Old' style file. Fake up based on user name. */
499 /*
500 * Currently trust accounts are kept in the same
501 * password file as 'normal accounts'. If this changes
502 * we will have to fix this code. JRA.
503 */
504 if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
505 pw_buf->acct_ctrl &= ~ACB_NORMAL;
506 pw_buf->acct_ctrl |= ACB_WSTRUST;
507 }
508 }
509
510 return pw_buf;
511 }
512
513 DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
514 return NULL;
515 }
516
517 /************************************************************************
518 Create a new smbpasswd entry - malloced space returned.
519 *************************************************************************/
520
521 static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd)
522 {
523 int new_entry_length;
524 char *new_entry;
525 char *p;
526
527 new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
528
529 if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
530 DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name ));
531 return NULL;
532 }
533
534 slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
535
536 p = new_entry+strlen(new_entry);
537
538 pdb_sethexpwd(p, newpwd->smb_passwd, newpwd->acct_ctrl);
539
540 p+=strlen(p); *p = ':'; p++;
541
542 pdb_sethexpwd(p, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
543
544 p+=strlen(p); *p = ':'; p++;
545
546 /* Add the account encoding and the last change time. */
547 slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
548 pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
549 (uint32)newpwd->pass_last_set_time);
550
551 return new_entry;
552 }
553
554 /************************************************************************
555 Routine to add an entry to the smbpasswd file.
556 *************************************************************************/
557
558 static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd)
559 {
560 const char *pfile = smbpasswd_state->smbpasswd_file;
561 struct smb_passwd *pwd = NULL;
562 FILE *fp = NULL;
563 int wr_len;
564 int fd;
565 size_t new_entry_length;
566 char *new_entry;
567 SMB_OFF_T offpos;
568 uint32 max_found_uid = 0;
569
570 /* Open the smbpassword file - for update. */
571 fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth));
572
573 if (fp == NULL && errno == ENOENT) {
574 /* Try again - create. */
575 fp = startsmbfilepwent(pfile, PWF_CREATE, &(smbpasswd_state->pw_file_lock_depth));
576 }
577
578 if (fp == NULL) {
579 DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
580 return False;
581 }
582
583 /*
584 * Scan the file, a line at a time and check if the name matches.
585 */
586
587 while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL)
588 {
589 if (strequal(newpwd->smb_name, pwd->smb_name))
590 {
591 DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
592 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
593 return False;
594 }
595
596 /* Look for a free uid for use in non-unix accounts */
597 if (pwd->smb_userid > max_found_uid) {
598 max_found_uid = pwd->smb_userid;
599 }
600 }
601
602 /* Ok - entry doesn't exist. We can add it */
603
604 /* Create a new smb passwd entry and set it to the given password. */
605 /*
606 * The add user write needs to be atomic - so get the fd from
607 * the fp and do a raw write() call.
608 */
609 fd = fileno(fp);
610
611 if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1)
612 {
613 DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
614 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
615 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
616 return False;
617 }
618
619 if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL)
620 {
621 DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
622 Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
623 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
624 return False;
625 }
626
627 new_entry_length = strlen(new_entry);
628
629 #ifdef DEBUG_PASSWORD
630 DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|",
631 fd, new_entry_length, new_entry));
632 #endif
633
634 if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length)
635 {
636 DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
637 Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
638
639 /* Remove the entry we just wrote. */
640 if(sys_ftruncate(fd, offpos) == -1)
641 {
642 DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
643 Error was %s. Password file may be corrupt ! Please examine by hand !\n",
644 newpwd->smb_name, strerror(errno)));
645 }
646
647 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
648 free(new_entry);
649 return False;
650 }
651
652 free(new_entry);
653 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
654 return True;
655 }
656
657 /************************************************************************
658 Routine to search the smbpasswd file for an entry matching the username.
659 and then modify its password entry. We can't use the startsmbpwent()/
660 getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
661 in the actual file to decide how much room we have to write data.
662 override = False, normal
663 override = True, override XXXXXXXX'd out password or NO PASS
664 ************************************************************************/
665
666 static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd)
667 {
668 /* Static buffers we will return. */
669 pstring user_name;
670
671 char linebuf[256];
672 char readbuf[1024];
673 unsigned char c;
674 fstring ascii_p16;
675 fstring encode_bits;
676 unsigned char *p = NULL;
677 size_t linebuf_len = 0;
678 FILE *fp;
679 int lockfd;
680 const char *pfile = smbpasswd_state->smbpasswd_file;
681 BOOL found_entry = False;
682 BOOL got_pass_last_set_time = False;
683
684 SMB_OFF_T pwd_seekpos = 0;
685
686 int i;
687 int wr_len;
688 int fd;
689
690 if (!*pfile) {
691 DEBUG(0, ("No SMB password file set\n"));
692 return False;
693 }
694 DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
695
696 fp = sys_fopen(pfile, "r+");
697
698 if (fp == NULL) {
699 DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
700 return False;
701 }
702 /* Set a buffer to do more efficient reads */
703 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
704
705 lockfd = fileno(fp);
706
707 if (!pw_file_lock(lockfd, F_WRLCK, 5, &(smbpasswd_state->pw_file_lock_depth))) {
708 DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
709 fclose(fp);
710 return False;
711 }
712
713 /* Make sure it is only rw by the owner */
714 chmod(pfile, 0600);
715
716 /* We have a write lock on the file. */
717 /*
718 * Scan the file, a line at a time and check if the name matches.
719 */
720 while (!feof(fp)) {
721 pwd_seekpos = sys_ftell(fp);
722
723 linebuf[0] = '\0';
724
725 fgets(linebuf, sizeof(linebuf), fp);
726 if (ferror(fp)) {
727 pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
728 fclose(fp);
729 return False;
730 }
731
732 /*
733 * Check if the string is terminated with a newline - if not
734 * then we must keep reading and discard until we get one.
735 */
736 linebuf_len = strlen(linebuf);
737 if (linebuf[linebuf_len - 1] != '\n') {
738 c = '\0';
739 while (!ferror(fp) && !feof(fp)) {
740 c = fgetc(fp);
741 if (c == '\n') {
742 break;
743 }
744 }
745 } else {
746 linebuf[linebuf_len - 1] = '\0';
747 }
748
749 #ifdef DEBUG_PASSWORD
750 DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
751 #endif
752
753 if ((linebuf[0] == 0) && feof(fp)) {
754 DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
755 break;
756 }
757
758 /*
759 * The line we have should be of the form :-
760 *
761 * username:uid:[32hex bytes]:....other flags presently
762 * ignored....
763 *
764 * or,
765 *
766 * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
767 *
768 * if Windows NT compatible passwords are also present.
769 */
770
771 if (linebuf[0] == '#' || linebuf[0] == '\0') {
772 DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
773 continue;
774 }
775
776 p = (unsigned char *) strchr_m(linebuf, ':');
777
778 if (p == NULL) {
779 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
780 continue;
781 }
782
783 /*
784 * As 256 is shorter than a pstring we don't need to check
785 * length here - if this ever changes....
786 */
787
788 SMB_ASSERT(sizeof(user_name) > sizeof(linebuf));
789
790 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
791 user_name[PTR_DIFF(p, linebuf)] = '\0';
792 if (strequal(user_name, pwd->smb_name)) {
793 found_entry = True;
794 break;
795 }
796 }
797
798 if (!found_entry) {
799 pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
800 fclose(fp);
801
802 DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n",
803 pwd->smb_name));
804 return False;
805 }
806
807 DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
808
809 /* User name matches - get uid and password */
810 p++; /* Go past ':' */
811
812 if (!isdigit(*p)) {
813 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
814 pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
815 fclose(fp);
816 return False;
817 }
818
819 while (*p && isdigit(*p))
820 p++;
821 if (*p != ':') {
822 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
823 pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
824 fclose(fp);
825 return False;
826 }
827
828 /*
829 * Now get the password value - this should be 32 hex digits
830 * which are the ascii representations of a 16 byte string.
831 * Get two at a time and put them into the password.
832 */
833 p++;
834
835 /* Record exact password position */
836 pwd_seekpos += PTR_DIFF(p, linebuf);
837
838 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
839 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
840 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
841 fclose(fp);
842 return (False);
843 }
844
845 if (p[32] != ':') {
846 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
847 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
848 fclose(fp);
849 return False;
850 }
851
852 /* Now check if the NT compatible password is
853 available. */
854 p += 33; /* Move to the first character of the line after
855 the lanman password. */
856 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
857 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
858 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
859 fclose(fp);
860 return (False);
861 }
862
863 if (p[32] != ':') {
864 DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
865 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
866 fclose(fp);
867 return False;
868 }
869
870 /*
871 * Now check if the account info and the password last
872 * change time is available.
873 */
874 p += 33; /* Move to the first character of the line after
875 the NT password. */
876
877 if (*p == '[') {
878
879 i = 0;
880 encode_bits[i++] = *p++;
881 while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
882 encode_bits[i++] = *p++;
883
884 encode_bits[i++] = ']';
885 encode_bits[i++] = '\0';
886
887 if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
888 /*
889 * We are using a new format, space padded
890 * acct ctrl field. Encode the given acct ctrl
891 * bits into it.
892 */
893 fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
894 } else {
895 DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format. This is no longer supported.!\n"));
896 DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
897 return False;
898 }
899
900 /* Go past the ']' */
901 if(linebuf_len > PTR_DIFF(p, linebuf))
902 p++;
903
904 if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
905 p++;
906
907 /* We should be pointing at the LCT entry. */
908 if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
909
910 p += 4;
911 for(i = 0; i < 8; i++) {
912 if(p[i] == '\0' || !isxdigit(p[i]))
913 break;
914 }
915 if(i == 8) {
916 /*
917 * p points at 8 characters of hex digits -
918 * read into a time_t as the seconds since
919 * 1970 that the password was last changed.
920 */
921 got_pass_last_set_time = True;
922 } /* i == 8 */
923 } /* *p && StrnCaseCmp() */
924 } /* p == ':' */
925 } /* p == '[' */
926
927 /* Entry is correctly formed. */
928
929 /* Create the 32 byte representation of the new p16 */
930 pdb_sethexpwd(ascii_p16, pwd->smb_passwd, pwd->acct_ctrl);
931
932 /* Add on the NT md4 hash */
933 ascii_p16[32] = ':';
934 wr_len = 66;
935 pdb_sethexpwd(ascii_p16+33, pwd->smb_nt_passwd, pwd->acct_ctrl);
936 ascii_p16[65] = ':';
937 ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
938
939 /* Add on the account info bits and the time of last
940 password change. */
941
942 if(got_pass_last_set_time) {
943 slprintf(&ascii_p16[strlen(ascii_p16)],
944 sizeof(ascii_p16)-(strlen(ascii_p16)+1),
945 "%s:LCT-%08X:",
946 encode_bits, (uint32)pwd->pass_last_set_time );
947 wr_len = strlen(ascii_p16);
948 }
949
950 #ifdef DEBUG_PASSWORD
951 DEBUG(100,("mod_smbfilepwd_entry: "));
952 dump_data(100, ascii_p16, wr_len);
953 #endif
954
955 if(wr_len > sizeof(linebuf)) {
956 DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
957 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
958 fclose(fp);
959 return (False);
960 }
961
962 /*
963 * Do an atomic write into the file at the position defined by
964 * seekpos.
965 */
966
967 /* The mod user write needs to be atomic - so get the fd from
968 the fp and do a raw write() call.
969 */
970
971 fd = fileno(fp);
972
973 if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
974 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
975 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
976 fclose(fp);
977 return False;
978 }
979
980 /* Sanity check - ensure the areas we are writing are framed by ':' */
981 if (read(fd, linebuf, wr_len+1) != wr_len+1) {
982 DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
983 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
984 fclose(fp);
985 return False;
986 }
987
988 if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
989 DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
990 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
991 fclose(fp);
992 return False;
993 }
994
995 if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
996 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
997 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
998 fclose(fp);
999 return False;
1000 }
1001
1002 if (write(fd, ascii_p16, wr_len) != wr_len) {
1003 DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
1004 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
1005 fclose(fp);
1006 return False;
1007 }
1008
1009 pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
1010 fclose(fp);
1011 return True;
1012 }
1013
1014 /************************************************************************
1015 Routine to delete an entry in the smbpasswd file by name.
1016 *************************************************************************/
1017
1018 static BOOL del_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const char *name)
1019 {
1020 const char *pfile = smbpasswd_state->smbpasswd_file;
1021 pstring pfile2;
1022 struct smb_passwd *pwd = NULL;
1023 FILE *fp = NULL;
1024 FILE *fp_write = NULL;
1025 int pfile2_lockdepth = 0;
1026
1027 slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)sys_getpid() );
1028
1029 /*
1030 * Open the smbpassword file - for update. It needs to be update
1031 * as we need any other processes to wait until we have replaced
1032 * it.
1033 */
1034
1035 if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth))) == NULL) {
1036 DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1037 return False;
1038 }
1039
1040 /*
1041 * Create the replacement password file.
1042 */
1043 if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
1044 DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1045 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1046 return False;
1047 }
1048
1049 /*
1050 * Scan the file, a line at a time and check if the name matches.
1051 */
1052
1053 while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
1054 char *new_entry;
1055 size_t new_entry_length;
1056
1057 if (strequal(name, pwd->smb_name)) {
1058 DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name));
1059 continue;
1060 }
1061
1062 /*
1063 * We need to copy the entry out into the second file.
1064 */
1065
1066 if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL)
1067 {
1068 DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
1069 Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1070 unlink(pfile2);
1071 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1072 endsmbfilepwent(fp_write, &pfile2_lockdepth);
1073 return False;
1074 }
1075
1076 new_entry_length = strlen(new_entry);
1077
1078 if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length)
1079 {
1080 DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
1081 Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1082 unlink(pfile2);
1083 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1084 endsmbfilepwent(fp_write, &pfile2_lockdepth);
1085 free(new_entry);
1086 return False;
1087 }
1088
1089 free(new_entry);
1090 }
1091
1092 /*
1093 * Ensure pfile2 is flushed before rename.
1094 */
1095
1096 if(fflush(fp_write) != 0)
1097 {
1098 DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
1099 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1100 endsmbfilepwent(fp_write,&pfile2_lockdepth);
1101 return False;
1102 }
1103
1104 /*
1105 * Do an atomic rename - then release the locks.
1106 */
1107
1108 if(rename(pfile2,pfile) != 0) {
1109 unlink(pfile2);
1110 }
1111
1112 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1113 endsmbfilepwent(fp_write,&pfile2_lockdepth);
1114 return True;
1115 }
1116
1117 /*********************************************************************
1118 Create a smb_passwd struct from a SAM_ACCOUNT.
1119 We will not allocate any new memory. The smb_passwd struct
1120 should only stay around as long as the SAM_ACCOUNT does.
1121 ********************************************************************/
1122 static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
1123 {
1124 uint32 rid;
1125
1126 if (sampass == NULL)
1127 return False;
1128 ZERO_STRUCTP(smb_pw);
1129
1130 if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
1131 rid = pdb_get_user_rid(sampass);
1132
1133 /* If the user specified a RID, make sure its able to be both stored and retreived */
1134 if (rid == DOMAIN_USER_RID_GUEST) {
1135 struct passwd *passwd = getpwnam_alloc(lp_guestaccount());
1136 if (!passwd) {
1137 DEBUG(0, ("Could not find gest account via getpwnam()! (%s)\n", lp_guestaccount()));
1138 return False;
1139 }
1140 smb_pw->smb_userid=passwd->pw_uid;
1141 passwd_free(&passwd);
1142
1143 } else if (fallback_pdb_rid_is_user(rid)) {
1144 smb_pw->smb_userid=fallback_pdb_user_rid_to_uid(rid);
1145 } else {
1146 DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
1147 return False;
1148 }
1149 }
1150
1151 smb_pw->smb_name=(const char*)pdb_get_username(sampass);
1152
1153 smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
1154 smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
1155
1156 smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
1157 smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
1158
1159 return True;
1160 }
1161
1162 /*********************************************************************
1163 Create a SAM_ACCOUNT from a smb_passwd struct
1164 ********************************************************************/
1165 static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
1166 SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
1167 {
1168 struct passwd *pwfile;
1169
1170 if (sam_pass==NULL) {
1171 DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
1172 return False;
1173 }
1174
1175 /* verify the user account exists */
1176
1177 if ( !(pwfile = getpwnam_alloc(pw_buf->smb_name)) ) {
1178 DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid "
1179 "%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
1180 return False;
1181 }
1182
1183 if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile)))
1184 return False;
1185
1186 passwd_free(&pwfile);
1187
1188 /* set remaining fields */
1189
1190 pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
1191 pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
1192 pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
1193 pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
1194 pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
1195
1196 return True;
1197 }
1198
1199 /*****************************************************************
1200 Functions to be implemented by the new passdb API
1201 ****************************************************************/
1202 static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update)
1203 {
1204 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1205
1206 smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
1207 update ? PWF_UPDATE : PWF_READ,
1208 &(smbpasswd_state->pw_file_lock_depth));
1209
1210 /* did we fail? Should we try to create it? */
1211 if (!smbpasswd_state->pw_file && update && errno == ENOENT)
1212 {
1213 FILE *fp;
1214 /* slprintf(msg_str,msg_str_len-1,
1215 "smbpasswd file did not exist - attempting to create it.\n"); */
1216 DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
1217 fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
1218 if (fp)
1219 {
1220 fprintf(fp, "# Samba SMB password file\n");
1221 fclose(fp);
1222 }
1223
1224 smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
1225 update ? PWF_UPDATE : PWF_READ,
1226 &(smbpasswd_state->pw_file_lock_depth));
1227 }
1228
1229 if (smbpasswd_state->pw_file != NULL)
1230 return NT_STATUS_OK;
1231 else
1232 return NT_STATUS_UNSUCCESSFUL;
1233 }
1234
1235 static void smbpasswd_endsampwent (struct pdb_methods *my_methods)
1236 {
1237 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1238 endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
1239 }
1240
1241 /*****************************************************************
1242 ****************************************************************/
1243 static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user)
1244 {
1245 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1246 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1247 struct smb_passwd *pw_buf=NULL;
1248 BOOL done = False;
1249 DEBUG(5,("pdb_getsampwent\n"));
1250
1251 if (user==NULL) {
1252 DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
1253 #if 0
1254 smb_panic("NULL pointer passed to getsampwent (smbpasswd)\n");
1255 #endif
1256 return nt_status;
1257 }
1258
1259 while (!done)
1260 {
1261 /* do we have an entry? */
1262 pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
1263 if (pw_buf == NULL)
1264 return nt_status;
1265
1266 /* build the SAM_ACCOUNT entry from the smb_passwd struct.
1267 We loop in case the user in the pdb does not exist in
1268 the local system password file */
1269 if (build_sam_account(smbpasswd_state, user, pw_buf))
1270 done = True;
1271 }
1272
1273 DEBUG(5,("getsampwent (smbpasswd): done\n"));
1274
1275 /* success */
1276 return NT_STATUS_OK;
1277 }
1278
1279
1280 /****************************************************************
1281 Search smbpasswd file by iterating over the entries. Do not
1282 call getpwnam() for unix account information until we have found
1283 the correct entry
1284 ***************************************************************/
1285 static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
1286 SAM_ACCOUNT *sam_acct, const char *username)
1287 {
1288 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1289 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1290 struct smb_passwd *smb_pw;
1291 void *fp = NULL;
1292
1293 DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
1294
1295 /* startsmbfilepwent() is used here as we don't want to lookup
1296 the UNIX account in the local system password file until
1297 we have a match. */
1298 fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
1299
1300 if (fp == NULL) {
1301 DEBUG(0, ("Unable to open passdb database.\n"));
1302 return nt_status;
1303 }
1304
1305 while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
1306 /* do nothing....another loop */ ;
1307
1308 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1309
1310
1311 /* did we locate the username in smbpasswd */
1312 if (smb_pw == NULL)
1313 return nt_status;
1314
1315 DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
1316
1317 if (!sam_acct) {
1318 DEBUG(10,("getsampwnam (smbpasswd): SAM_ACCOUNT is NULL\n"));
1319 #if 0
1320 smb_panic("NULL pointer passed to pdb_getsampwnam\n");
1321 #endif
1322 return nt_status;
1323 }
1324
1325 /* now build the SAM_ACCOUNT */
1326 if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
1327 return nt_status;
1328
1329 /* success */
1330 return NT_STATUS_OK;
1331 }
1332
1333 static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
1334 {
1335 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1336 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1337 struct smb_passwd *smb_pw;
1338 void *fp = NULL;
1339 fstring sid_str;
1340 uint32 rid;
1341
1342 DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n", sid_to_string(sid_str, sid)));
1343
1344 if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
1345 return NT_STATUS_UNSUCCESSFUL;
1346
1347 /* More special case 'guest account' hacks... */
1348 if (rid == DOMAIN_USER_RID_GUEST) {
1349 const char *guest_account = lp_guestaccount();
1350 if (!(guest_account && *guest_account)) {
1351 DEBUG(1, ("Guest account not specfied!\n"));
1352 return nt_status;
1353 }
1354 return smbpasswd_getsampwnam(my_methods, sam_acct, guest_account);
1355 }
1356
1357 /* Open the sam password file - not for update. */
1358 fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
1359
1360 if (fp == NULL) {
1361 DEBUG(0, ("Unable to open passdb database.\n"));
1362 return nt_status;
1363 }
1364
1365 while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (fallback_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
1366 /* do nothing */ ;
1367
1368 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1369
1370
1371 /* did we locate the username in smbpasswd */
1372 if (smb_pw == NULL)
1373 return nt_status;
1374
1375 DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
1376
1377 if (!sam_acct) {
1378 DEBUG(10,("getsampwrid: (smbpasswd) SAM_ACCOUNT is NULL\n"));
1379 #if 0
1380 smb_panic("NULL pointer passed to pdb_getsampwrid\n");
1381 #endif
1382 return nt_status;
1383 }
1384
1385 /* now build the SAM_ACCOUNT */
1386 if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
1387 return nt_status;
1388
1389 /* build_sam_account might change the SID on us, if the name was for the guest account */
1390 if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
1391 fstring sid_string1, sid_string2;
1392 DEBUG(1, ("looking for user with sid %s instead returned %s for account %s!?!\n",
1393 sid_to_string(sid_string1, sid), sid_to_string(sid_string2, pdb_get_user_sid(sam_acct)), pdb_get_username(sam_acct)));
1394 return NT_STATUS_NO_SUCH_USER;
1395 }
1396
1397 /* success */
1398 return NT_STATUS_OK;
1399 }
1400
1401 static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
1402 {
1403 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1404 struct smb_passwd smb_pw;
1405
1406 /* convert the SAM_ACCOUNT */
1407 if (!build_smb_pass(&smb_pw, sampass)) {
1408 return NT_STATUS_UNSUCCESSFUL;
1409 }
1410
1411 /* add the entry */
1412 if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
1413 return NT_STATUS_UNSUCCESSFUL;
1414 }
1415
1416 return NT_STATUS_OK;
1417 }
1418
1419 static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
1420 {
1421 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1422 struct smb_passwd smb_pw;
1423
1424 /* convert the SAM_ACCOUNT */
1425 if (!build_smb_pass(&smb_pw, sampass)) {
1426 DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n"));
1427 return NT_STATUS_UNSUCCESSFUL;
1428 }
1429
1430 /* update the entry */
1431 if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
1432 DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n"));
1433 return NT_STATUS_UNSUCCESSFUL;
1434 }
1435
1436 return NT_STATUS_OK;
1437 }
1438
1439 static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
1440 {
1441 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
1442
1443 const char *username = pdb_get_username(sampass);
1444
1445 if (del_smbfilepwd_entry(smbpasswd_state, username))
1446 return NT_STATUS_OK;
1447
1448 return NT_STATUS_UNSUCCESSFUL;
1449 }
1450
1451 static void free_private_data(void **vp)
1452 {
1453 struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
1454
1455 endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth));
1456
1457 *privates = NULL;
1458 /* No need to free any further, as it is talloc()ed */
1459 }
1460
1461 static NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
1462 {
1463 NTSTATUS nt_status;
1464 struct smbpasswd_privates *privates;
1465
1466 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
1467 return nt_status;
1468 }
1469
1470 (*pdb_method)->name = "smbpasswd";
1471
1472 (*pdb_method)->setsampwent = smbpasswd_setsampwent;
1473 (*pdb_method)->endsampwent = smbpasswd_endsampwent;
1474 (*pdb_method)->getsampwent = smbpasswd_getsampwent;
1475 (*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
1476 (*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
1477 (*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
1478 (*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
1479 (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
1480
1481 /* Setup private data and free function */
1482
1483 privates = talloc_zero(pdb_context->mem_ctx, sizeof(struct smbpasswd_privates));
1484
1485 if (!privates) {
1486 DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
1487 return NT_STATUS_NO_MEMORY;
1488 }
1489
1490 /* Store some config details */
1491
1492 if (location) {
1493 privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, location);
1494 } else {
1495 privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, lp_smb_passwd_file());
1496 }
1497
1498 if (!privates->smbpasswd_file) {
1499 DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
1500 return NT_STATUS_NO_MEMORY;
1501 }
1502
1503 (*pdb_method)->private_data = privates;
1504
1505 (*pdb_method)->free_private_data = free_private_data;
1506
1507 return NT_STATUS_OK;
1508 }
1509
1510 NTSTATUS pdb_smbpasswd_init(void)
1511 {
1512 return smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
1513 }
reg import