Context Navigation

source: vendor/3.6.24/source3/passdb/pdb_smbpasswd.c

Visit:

Last change on this file was 860, checked in by Silvan Scherrer, 11 years ago
Samba 3.6: updated vendor to latest version
File size: 47.1 KB

Line
1	/*
2	* Unix SMB/CIFS implementation.
3	* SMB parameters and setup
4	* Copyright (C) Andrew Tridgell 1992-1998
5	* Modified by Jeremy Allison 1995.
6	* Modified by Gerald (Jerry) Carter 2000-2001,2003
7	* Modified by Andrew Bartlett 2002.
8	*
9	* This program is free software; you can redistribute it and/or modify it under
10	* the terms of the GNU General Public License as published by the Free
11	* Software Foundation; either version 3 of the License, or (at your option)
12	* any later version.
13	*
14	* This program is distributed in the hope that it will be useful, but WITHOUT
15	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17	* more details.
18	*
19	* You should have received a copy of the GNU General Public License along with
20	* this program; if not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#include "includes.h"
24	#include "passdb.h"
25	#include "system/passwd.h"
26	#include "system/filesys.h"
27	#include "../librpc/gen_ndr/samr.h"
28	#include "../libcli/security/security.h"
29
30	#undef DBGC_CLASS
31	#define DBGC_CLASS DBGC_PASSDB
32
33	/*
34	smb_passwd is analogous to sam_passwd used everywhere
35	else. However, smb_passwd is limited to the information
36	stored by an smbpasswd entry
37	*/
38
39	struct smb_passwd
40	{
41	uint32 smb_userid; /* this is actually the unix uid_t */
42	const char smb_name; / username string */
43
44	const unsigned char smb_passwd; / Null if no password */
45	const unsigned char smb_nt_passwd; / Null if no password */
46
47	uint16_t acct_ctrl; /* account info (ACB_xxxx bit-mask) */
48	time_t pass_last_set_time; /* password last set time */
49	};
50
51	struct smbpasswd_privates
52	{
53	/* used for maintain locks on the smbpasswd file */
54	int pw_file_lock_depth;
55
56	/* Global File pointer */
57	FILE *pw_file;
58
59	/* formerly static variables */
60	struct smb_passwd pw_buf;
61	fstring user_name;
62	unsigned char smbpwd[16];
63	unsigned char smbntpwd[16];
64
65	/* retrive-once info */
66	const char *smbpasswd_file;
67	};
68
69	enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
70
71	static SIG_ATOMIC_T gotalarm;
72
73	/***************************************************************
74	Signal function to tell us we timed out.
75	****************************************************************/
76
77	static void gotalarm_sig(int signum)
78	{
79	gotalarm = 1;
80	}
81
82	/***************************************************************
83	Lock or unlock a fd for a known lock type. Abandon after waitsecs
84	seconds.
85	****************************************************************/
86
87	static bool do_file_lock(int fd, int waitsecs, int type)
88	{
89	SMB_STRUCT_FLOCK lock;
90	int ret;
91	void (*oldsig_handler)(int);
92
93	gotalarm = 0;
94	oldsig_handler = CatchSignal(SIGALRM, gotalarm_sig);
95
96	lock.l_type = type;
97	lock.l_whence = SEEK_SET;
98	lock.l_start = 0;
99	lock.l_len = 1;
100	lock.l_pid = 0;
101
102	alarm(waitsecs);
103	/* Note we must NOT use sys_fcntl here ! JRA */
104	ret = fcntl(fd, SMB_F_SETLKW, &lock);
105	alarm(0);
106	CatchSignal(SIGALRM, oldsig_handler);
107
108	if (gotalarm && ret == -1) {
109	DEBUG(0, ("do_file_lock: failed to %s file.\n",
110	type == F_UNLCK ? "unlock" : "lock"));
111	return False;
112	}
113
114	return (ret == 0);
115	}
116
117	/***************************************************************
118	Lock an fd. Abandon after waitsecs seconds.
119	****************************************************************/
120
121	static bool pw_file_lock(int fd, int type, int secs, int *plock_depth)
122	{
123	if (fd < 0) {
124	return False;
125	}
126
127	if(*plock_depth == 0) {
128	if (!do_file_lock(fd, secs, type)) {
129	DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
130	strerror(errno)));
131	return False;
132	}
133	}
134
135	(*plock_depth)++;
136
137	return True;
138	}
139
140	/***************************************************************
141	Unlock an fd. Abandon after waitsecs seconds.
142	****************************************************************/
143
144	static bool pw_file_unlock(int fd, int *plock_depth)
145	{
146	bool ret=True;
147
148	if (fd == 0 \|\| *plock_depth == 0) {
149	return True;
150	}
151
152	if(*plock_depth == 1) {
153	ret = do_file_lock(fd, 5, F_UNLCK);
154	}
155
156	if (*plock_depth > 0) {
157	(*plock_depth)--;
158	}
159
160	if(!ret) {
161	DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
162	strerror(errno)));
163	}
164	return ret;
165	}
166
167	/**************************************************************
168	Intialize a smb_passwd struct
169	*************************************************************/
170
171	static void pdb_init_smb(struct smb_passwd *user)
172	{
173	if (user == NULL)
174	return;
175	ZERO_STRUCTP (user);
176
177	user->pass_last_set_time = (time_t)0;
178	}
179
180	/***************************************************************
181	Internal fn to enumerate the smbpasswd list. Returns a void pointer
182	to ensure no modification outside this module. Checks for atomic
183	rename of smbpasswd file on update or create once the lock has
184	been granted to prevent race conditions. JRA.
185	****************************************************************/
186
187	static FILE startsmbfilepwent(const char pfile, enum pwf_access_type type, int *lock_depth)
188	{
189	FILE *fp = NULL;
190	const char *open_mode = NULL;
191	int race_loop = 0;
192	int lock_type = F_RDLCK;
193
194	if (!*pfile) {
195	DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
196	return (NULL);
197	}
198
199	switch(type) {
200	case PWF_READ:
201	open_mode = "rb";
202	lock_type = F_RDLCK;
203	break;
204	case PWF_UPDATE:
205	open_mode = "r+b";
206	lock_type = F_WRLCK;
207	break;
208	case PWF_CREATE:
209	/*
210	* Ensure atomic file creation.
211	*/
212	{
213	int i, fd = -1;
214
215	for(i = 0; i < 5; i++) {
216	if((fd = sys_open(pfile, O_CREAT\|O_TRUNC\|O_EXCL\|O_RDWR, 0600))!=-1) {
217	break;
218	}
219	sys_usleep(200); /* Spin, spin... */
220	}
221	if(fd == -1) {
222	DEBUG(0,("startsmbfilepwent_internal: too many race conditions \
223	creating file %s\n", pfile));
224	return NULL;
225	}
226	close(fd);
227	open_mode = "r+b";
228	lock_type = F_WRLCK;
229	break;
230	}
231	default:
232	DEBUG(10, ("Invalid open mode: %d\n", type));
233	return NULL;
234	}
235
236	for(race_loop = 0; race_loop < 5; race_loop++) {
237	DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
238
239	if((fp = sys_fopen(pfile, open_mode)) == NULL) {
240
241	/*
242	* If smbpasswd file doesn't exist, then create new one. This helps to avoid
243	* confusing error msg when adding user account first time.
244	*/
245	if (errno == ENOENT) {
246	if ((fp = sys_fopen(pfile, "a+")) != NULL) {
247	DEBUG(0, ("startsmbfilepwent_internal: file %s did not \
248	exist. File successfully created.\n", pfile));
249	} else {
250	DEBUG(0, ("startsmbfilepwent_internal: file %s did not \
251	exist. Couldn't create new one. Error was: %s",
252	pfile, strerror(errno)));
253	return NULL;
254	}
255	} else {
256	DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. \
257	Error was: %s\n", pfile, strerror(errno)));
258	return NULL;
259	}
260	}
261
262	if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) {
263	DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. \
264	Error was %s\n", pfile, strerror(errno) ));
265	fclose(fp);
266	return NULL;
267	}
268
269	/*
270	* Only check for replacement races on update or create.
271	* For read we don't mind if the data is one record out of date.
272	*/
273
274	if(type == PWF_READ) {
275	break;
276	} else {
277	SMB_STRUCT_STAT sbuf1, sbuf2;
278
279	/*
280	* Avoid the potential race condition between the open and the lock
281	* by doing a stat on the filename and an fstat on the fd. If the
282	* two inodes differ then someone did a rename between the open and
283	* the lock. Back off and try the open again. Only do this 5 times to
284	* prevent infinate loops. JRA.
285	*/
286
287	if (sys_stat(pfile, &sbuf1, false) != 0) {
288	DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. \
289	Error was %s\n", pfile, strerror(errno)));
290	pw_file_unlock(fileno(fp), lock_depth);
291	fclose(fp);
292	return NULL;
293	}
294
295	if (sys_fstat(fileno(fp), &sbuf2, false) != 0) {
296	DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. \
297	Error was %s\n", pfile, strerror(errno)));
298	pw_file_unlock(fileno(fp), lock_depth);
299	fclose(fp);
300	return NULL;
301	}
302
303	if( sbuf1.st_ex_ino == sbuf2.st_ex_ino) {
304	/* No race. */
305	break;
306	}
307
308	/*
309	* Race occurred - back off and try again...
310	*/
311
312	pw_file_unlock(fileno(fp), lock_depth);
313	fclose(fp);
314	}
315	}
316
317	if(race_loop == 5) {
318	DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile));
319	return NULL;
320	}
321
322	/* Set a buffer to do more efficient reads */
323	setvbuf(fp, (char *)NULL, _IOFBF, 1024);
324
325	/* Make sure it is only rw by the owner */
326	#ifdef HAVE_FCHMOD
327	if(fchmod(fileno(fp), S_IRUSR\|S_IWUSR) == -1) {
328	#else
329	if(chmod(pfile, S_IRUSR\|S_IWUSR) == -1) {
330	#endif
331	DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
332	Error was %s\n.", pfile, strerror(errno) ));
333	pw_file_unlock(fileno(fp), lock_depth);
334	fclose(fp);
335	return NULL;
336	}
337
338	/* We have a lock on the file. */
339	return fp;
340	}
341
342	/***************************************************************
343	End enumeration of the smbpasswd list.
344	****************************************************************/
345
346	static void endsmbfilepwent(FILE fp, int lock_depth)
347	{
348	if (!fp) {
349	return;
350	}
351
352	pw_file_unlock(fileno(fp), lock_depth);
353	fclose(fp);
354	DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
355	}
356
357	/*************************************************************************
358	Routine to return the next entry in the smbpasswd list.
359	*************************************************************************/
360
361	static struct smb_passwd getsmbfilepwent(struct smbpasswd_privates smbpasswd_state, FILE *fp)
362	{
363	/* Static buffers we will return. */
364	struct smb_passwd *pw_buf = &smbpasswd_state->pw_buf;
365	char *user_name = smbpasswd_state->user_name;
366	unsigned char *smbpwd = smbpasswd_state->smbpwd;
367	unsigned char *smbntpwd = smbpasswd_state->smbntpwd;
368	char linebuf[256];
369	int c;
370	unsigned char *p;
371	long uidval;
372	size_t linebuf_len;
373	char *status;
374
375	if(fp == NULL) {
376	DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
377	return NULL;
378	}
379
380	pdb_init_smb(pw_buf);
381	pw_buf->acct_ctrl = ACB_NORMAL;
382
383	/*
384	* Scan the file, a line at a time and check if the name matches.
385	*/
386	status = linebuf;
387	while (status && !feof(fp)) {
388	linebuf[0] = '\0';
389
390	status = fgets(linebuf, 256, fp);
391	if (status == NULL && ferror(fp)) {
392	return NULL;
393	}
394
395	/*
396	* Check if the string is terminated with a newline - if not
397	* then we must keep reading and discard until we get one.
398	*/
399	if ((linebuf_len = strlen(linebuf)) == 0) {
400	continue;
401	}
402
403	if (linebuf[linebuf_len - 1] != '\n') {
404	c = '\0';
405	while (!ferror(fp) && !feof(fp)) {
406	c = fgetc(fp);
407	if (c == '\n') {
408	break;
409	}
410	}
411	} else {
412	linebuf[linebuf_len - 1] = '\0';
413	}
414
415	#ifdef DEBUG_PASSWORD
416	DEBUG(100, ("getsmbfilepwent: got line \|%s\|\n", linebuf));
417	#endif
418	if ((linebuf[0] == 0) && feof(fp)) {
419	DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
420	break;
421	}
422
423	/*
424	* The line we have should be of the form :-
425	*
426	* username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
427	* ignored....
428	*
429	* or,
430	*
431	* username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
432	*
433	* if Windows NT compatible passwords are also present.
434	* [Account type] is an ascii encoding of the type of account.
435	* LCT-(8 hex digits) is the time_t value of the last change time.
436	*/
437
438	if (linebuf[0] == '#' \|\| linebuf[0] == '\0') {
439	DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
440	continue;
441	}
442	p = (unsigned char *) strchr_m(linebuf, ':');
443	if (p == NULL) {
444	DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
445	continue;
446	}
447
448	strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
449	user_name[PTR_DIFF(p, linebuf)] = '\0';
450
451	/* Get smb uid. */
452
453	p++; /* Go past ':' */
454
455	if(*p == '-') {
456	DEBUG(0, ("getsmbfilepwent: user name %s has a negative uid.\n", user_name));
457	continue;
458	}
459
460	if (!isdigit(*p)) {
461	DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (uid not number)\n",
462	user_name));
463	continue;
464	}
465
466	uidval = atoi((char *) p);
467
468	while (p && isdigit(p)) {
469	p++;
470	}
471
472	if (*p != ':') {
473	DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (no : after uid)\n",
474	user_name));
475	continue;
476	}
477
478	pw_buf->smb_name = user_name;
479	pw_buf->smb_userid = uidval;
480
481	/*
482	* Now get the password value - this should be 32 hex digits
483	* which are the ascii representations of a 16 byte string.
484	* Get two at a time and put them into the password.
485	*/
486
487	/* Skip the ':' */
488	p++;
489
490	if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
491	DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (passwd too short)\n",
492	user_name ));
493	continue;
494	}
495
496	if (p[32] != ':') {
497	DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (no terminating :)\n",
498	user_name));
499	continue;
500	}
501
502	if (strnequal((char *) p, "NO PASSWORD", 11)) {
503	pw_buf->smb_passwd = NULL;
504	pw_buf->acct_ctrl \|= ACB_PWNOTREQ;
505	} else {
506	if (p == '' \|\| *p == 'X') {
507	/* NULL LM password */
508	pw_buf->smb_passwd = NULL;
509	DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name));
510	} else if (pdb_gethexpwd((char *)p, smbpwd)) {
511	pw_buf->smb_passwd = smbpwd;
512	} else {
513	pw_buf->smb_passwd = NULL;
514	DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry for user %s \
515	(non hex chars)\n", user_name));
516	}
517	}
518
519	/*
520	* Now check if the NT compatible password is
521	* available.
522	*/
523	pw_buf->smb_nt_passwd = NULL;
524	p += 33; /* Move to the first character of the line after the lanman password. */
525	if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
526	if (p != '' && *p != 'X') {
527	if(pdb_gethexpwd((char *)p,smbntpwd)) {
528	pw_buf->smb_nt_passwd = smbntpwd;
529	}
530	}
531	p += 33; /* Move to the first character of the line after the NT password. */
532	}
533
534	DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
535	user_name, uidval));
536
537	if (*p == '[') {
538	unsigned char end_p = (unsigned char )strchr_m((char *)p, ']');
539	pw_buf->acct_ctrl = pdb_decode_acct_ctrl((char*)p);
540
541	/* Must have some account type set. */
542	if(pw_buf->acct_ctrl == 0) {
543	pw_buf->acct_ctrl = ACB_NORMAL;
544	}
545
546	/* Now try and get the last change time. */
547	if(end_p) {
548	p = end_p + 1;
549	}
550	if(*p == ':') {
551	p++;
552	if(p && (StrnCaseCmp((char )p, "LCT-", 4)==0)) {
553	int i;
554	p += 4;
555	for(i = 0; i < 8; i++) {
556	if(p[i] == '\0' \|\| !isxdigit(p[i])) {
557	break;
558	}
559	}
560	if(i == 8) {
561	/*
562	* p points at 8 characters of hex digits -
563	* read into a time_t as the seconds since
564	* 1970 that the password was last changed.
565	*/
566	pw_buf->pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
567	}
568	}
569	}
570	} else {
571	/* 'Old' style file. Fake up based on user name. */
572	/*
573	* Currently trust accounts are kept in the same
574	* password file as 'normal accounts'. If this changes
575	* we will have to fix this code. JRA.
576	*/
577	if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
578	pw_buf->acct_ctrl &= ~ACB_NORMAL;
579	pw_buf->acct_ctrl \|= ACB_WSTRUST;
580	}
581	}
582
583	return pw_buf;
584	}
585
586	DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
587	return NULL;
588	}
589
590	/************************************************************************
591	Create a new smbpasswd entry - malloced space returned.
592	*************************************************************************/
593
594	static char format_new_smbpasswd_entry(const struct smb_passwd newpwd)
595	{
596	int new_entry_length;
597	char *new_entry;
598	char *p;
599
600	new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 +
601	NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
602
603	if((new_entry = (char *)SMB_MALLOC( new_entry_length )) == NULL) {
604	DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n",
605	newpwd->smb_name ));
606	return NULL;
607	}
608
609	slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
610
611	p = new_entry+strlen(new_entry);
612	pdb_sethexpwd(p, newpwd->smb_passwd, newpwd->acct_ctrl);
613	p+=strlen(p);
614	*p = ':';
615	p++;
616
617	pdb_sethexpwd(p, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
618	p+=strlen(p);
619	*p = ':';
620	p++;
621
622	/* Add the account encoding and the last change time. */
623	slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
624	pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
625	(uint32_t)newpwd->pass_last_set_time);
626
627	return new_entry;
628	}
629
630	/************************************************************************
631	Routine to add an entry to the smbpasswd file.
632	*************************************************************************/
633
634	static NTSTATUS add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state,
635	struct smb_passwd *newpwd)
636	{
637	const char *pfile = smbpasswd_state->smbpasswd_file;
638	struct smb_passwd *pwd = NULL;
639	FILE *fp = NULL;
640	int wr_len;
641	int fd;
642	size_t new_entry_length;
643	char *new_entry;
644	SMB_OFF_T offpos;
645
646	/* Open the smbpassword file - for update. */
647	fp = startsmbfilepwent(pfile, PWF_UPDATE, &smbpasswd_state->pw_file_lock_depth);
648
649	if (fp == NULL && errno == ENOENT) {
650	/* Try again - create. */
651	fp = startsmbfilepwent(pfile, PWF_CREATE, &smbpasswd_state->pw_file_lock_depth);
652	}
653
654	if (fp == NULL) {
655	DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
656	return map_nt_error_from_unix(errno);
657	}
658
659	/*
660	* Scan the file, a line at a time and check if the name matches.
661	*/
662
663	while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
664	if (strequal(newpwd->smb_name, pwd->smb_name)) {
665	DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
666	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
667	return NT_STATUS_USER_EXISTS;
668	}
669	}
670
671	/* Ok - entry doesn't exist. We can add it */
672
673	/* Create a new smb passwd entry and set it to the given password. */
674	/*
675	* The add user write needs to be atomic - so get the fd from
676	* the fp and do a raw write() call.
677	*/
678	fd = fileno(fp);
679
680	if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
681	NTSTATUS result = map_nt_error_from_unix(errno);
682	DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
683	Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
684	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
685	return result;
686	}
687
688	if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) {
689	DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
690	Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
691	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
692	return NT_STATUS_NO_MEMORY;
693	}
694
695	new_entry_length = strlen(new_entry);
696
697	#ifdef DEBUG_PASSWORD
698	DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line \|%s\|",
699	fd, (int)new_entry_length, new_entry));
700	#endif
701
702	if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) {
703	NTSTATUS result = map_nt_error_from_unix(errno);
704	DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
705	Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
706
707	/* Remove the entry we just wrote. */
708	if(sys_ftruncate(fd, offpos) == -1) {
709	DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
710	Error was %s. Password file may be corrupt ! Please examine by hand !\n",
711	newpwd->smb_name, strerror(errno)));
712	}
713
714	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
715	free(new_entry);
716	return result;
717	}
718
719	free(new_entry);
720	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
721	return NT_STATUS_OK;
722	}
723
724	/************************************************************************
725	Routine to search the smbpasswd file for an entry matching the username.
726	and then modify its password entry. We can't use the startsmbpwent()/
727	getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
728	in the actual file to decide how much room we have to write data.
729	override = False, normal
730	override = True, override XXXXXXXX'd out password or NO PASS
731	************************************************************************/
732
733	static bool mod_smbfilepwd_entry(struct smbpasswd_privates smbpasswd_state, const struct smb_passwd pwd)
734	{
735	/* Static buffers we will return. */
736	fstring user_name;
737
738	char *status;
739	#define LINEBUF_SIZE 255
740	char linebuf[LINEBUF_SIZE + 1];
741	char readbuf[1024];
742	int c;
743	fstring ascii_p16;
744	fstring encode_bits;
745	unsigned char *p = NULL;
746	size_t linebuf_len = 0;
747	FILE *fp;
748	int lockfd;
749	const char *pfile = smbpasswd_state->smbpasswd_file;
750	bool found_entry = False;
751	bool got_pass_last_set_time = False;
752
753	SMB_OFF_T pwd_seekpos = 0;
754
755	int i;
756	int wr_len;
757	int fd;
758
759	if (!*pfile) {
760	DEBUG(0, ("No SMB password file set\n"));
761	return False;
762	}
763	DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
764
765	fp = sys_fopen(pfile, "r+");
766
767	if (fp == NULL) {
768	DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
769	return False;
770	}
771	/* Set a buffer to do more efficient reads */
772	setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
773
774	lockfd = fileno(fp);
775
776	if (!pw_file_lock(lockfd, F_WRLCK, 5, &smbpasswd_state->pw_file_lock_depth)) {
777	DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
778	fclose(fp);
779	return False;
780	}
781
782	/* Make sure it is only rw by the owner */
783	chmod(pfile, 0600);
784
785	/* We have a write lock on the file. */
786	/*
787	* Scan the file, a line at a time and check if the name matches.
788	*/
789	status = linebuf;
790	while (status && !feof(fp)) {
791	pwd_seekpos = sys_ftell(fp);
792
793	linebuf[0] = '\0';
794
795	status = fgets(linebuf, LINEBUF_SIZE, fp);
796	if (status == NULL && ferror(fp)) {
797	pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
798	fclose(fp);
799	return False;
800	}
801
802	/*
803	* Check if the string is terminated with a newline - if not
804	* then we must keep reading and discard until we get one.
805	*/
806	linebuf_len = strlen(linebuf);
807	if (linebuf[linebuf_len - 1] != '\n') {
808	c = '\0';
809	while (!ferror(fp) && !feof(fp)) {
810	c = fgetc(fp);
811	if (c == '\n') {
812	break;
813	}
814	}
815	} else {
816	linebuf[linebuf_len - 1] = '\0';
817	}
818
819	#ifdef DEBUG_PASSWORD
820	DEBUG(100, ("mod_smbfilepwd_entry: got line \|%s\|\n", linebuf));
821	#endif
822
823	if ((linebuf[0] == 0) && feof(fp)) {
824	DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
825	break;
826	}
827
828	/*
829	* The line we have should be of the form :-
830	*
831	* username:uid:[32hex bytes]:....other flags presently
832	* ignored....
833	*
834	* or,
835	*
836	* username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
837	*
838	* if Windows NT compatible passwords are also present.
839	*/
840
841	if (linebuf[0] == '#' \|\| linebuf[0] == '\0') {
842	DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
843	continue;
844	}
845
846	p = (unsigned char *) strchr_m(linebuf, ':');
847
848	if (p == NULL) {
849	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
850	continue;
851	}
852
853	strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
854	user_name[PTR_DIFF(p, linebuf)] = '\0';
855	if (strequal(user_name, pwd->smb_name)) {
856	found_entry = True;
857	break;
858	}
859	}
860
861	if (!found_entry) {
862	pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
863	fclose(fp);
864
865	DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n",
866	pwd->smb_name));
867	return False;
868	}
869
870	DEBUG(6, ("mod_smbfilepwd_entry: entry exists for user %s\n", pwd->smb_name));
871
872	/* User name matches - get uid and password */
873	p++; /* Go past ':' */
874
875	if (!isdigit(*p)) {
876	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (uid not number)\n",
877	pwd->smb_name));
878	pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
879	fclose(fp);
880	return False;
881	}
882
883	while (p && isdigit(p)) {
884	p++;
885	}
886	if (*p != ':') {
887	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no : after uid)\n",
888	pwd->smb_name));
889	pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
890	fclose(fp);
891	return False;
892	}
893
894	/*
895	* Now get the password value - this should be 32 hex digits
896	* which are the ascii representations of a 16 byte string.
897	* Get two at a time and put them into the password.
898	*/
899	p++;
900
901	/* Record exact password position */
902	pwd_seekpos += PTR_DIFF(p, linebuf);
903
904	if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
905	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (passwd too short)\n",
906	pwd->smb_name));
907	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
908	fclose(fp);
909	return (False);
910	}
911
912	if (p[32] != ':') {
913	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no terminating :)\n",
914	pwd->smb_name));
915	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
916	fclose(fp);
917	return False;
918	}
919
920	/* Now check if the NT compatible password is available. */
921	p += 33; /* Move to the first character of the line after the lanman password. */
922	if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
923	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (passwd too short)\n",
924	pwd->smb_name));
925	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
926	fclose(fp);
927	return (False);
928	}
929
930	if (p[32] != ':') {
931	DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no terminating :)\n",
932	pwd->smb_name));
933	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
934	fclose(fp);
935	return False;
936	}
937
938	/*
939	* Now check if the account info and the password last
940	* change time is available.
941	*/
942	p += 33; /* Move to the first character of the line after the NT password. */
943
944	if (*p == '[') {
945	i = 0;
946	encode_bits[i++] = *p++;
947	while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']')) {
948	encode_bits[i++] = *p++;
949	}
950
951	encode_bits[i++] = ']';
952	encode_bits[i++] = '\0';
953
954	if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
955	/*
956	* We are using a new format, space padded
957	* acct ctrl field. Encode the given acct ctrl
958	* bits into it.
959	*/
960	fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
961	} else {
962	DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format for user %s. \
963	This is no longer supported.!\n", pwd->smb_name));
964	DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
965	pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
966	fclose(fp);
967	return False;
968	}
969
970	/* Go past the ']' */
971	if(linebuf_len > PTR_DIFF(p, linebuf)) {
972	p++;
973	}
974
975	if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
976	p++;
977
978	/* We should be pointing at the LCT entry. */
979	if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
980	p += 4;
981	for(i = 0; i < 8; i++) {
982	if(p[i] == '\0' \|\| !isxdigit(p[i])) {
983	break;
984	}
985	}
986	if(i == 8) {
987	/*
988	* p points at 8 characters of hex digits -
989	* read into a time_t as the seconds since
990	* 1970 that the password was last changed.
991	*/
992	got_pass_last_set_time = True;
993	} /* i == 8 */
994	} /* p && StrnCaseCmp() /
995	} /* p == ':' */
996	} /* p == '[' */
997
998	/* Entry is correctly formed. */
999
1000	/* Create the 32 byte representation of the new p16 */
1001	pdb_sethexpwd(ascii_p16, pwd->smb_passwd, pwd->acct_ctrl);
1002
1003	/* Add on the NT md4 hash */
1004	ascii_p16[32] = ':';
1005	wr_len = 66;
1006	pdb_sethexpwd(ascii_p16+33, pwd->smb_nt_passwd, pwd->acct_ctrl);
1007	ascii_p16[65] = ':';
1008	ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
1009
1010	/* Add on the account info bits and the time of last password change. */
1011	if(got_pass_last_set_time) {
1012	slprintf(&ascii_p16[strlen(ascii_p16)],
1013	sizeof(ascii_p16)-(strlen(ascii_p16)+1),
1014	"%s:LCT-%08X:",
1015	encode_bits, (uint32_t)pwd->pass_last_set_time );
1016	wr_len = strlen(ascii_p16);
1017	}
1018
1019	#ifdef DEBUG_PASSWORD
1020	DEBUG(100,("mod_smbfilepwd_entry: "));
1021	dump_data(100, (uint8 *)ascii_p16, wr_len);
1022	#endif
1023
1024	if(wr_len > LINEBUF_SIZE) {
1025	DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
1026	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1027	fclose(fp);
1028	return (False);
1029	}
1030
1031	/*
1032	* Do an atomic write into the file at the position defined by
1033	* seekpos.
1034	*/
1035
1036	/* The mod user write needs to be atomic - so get the fd from
1037	the fp and do a raw write() call.
1038	*/
1039
1040	fd = fileno(fp);
1041
1042	if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
1043	DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
1044	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1045	fclose(fp);
1046	return False;
1047	}
1048
1049	/* Sanity check - ensure the areas we are writing are framed by ':' */
1050	if (read(fd, linebuf, wr_len+1) != wr_len+1) {
1051	DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
1052	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1053	fclose(fp);
1054	return False;
1055	}
1056
1057	if ((linebuf[0] != ':') \|\| (linebuf[wr_len] != ':')) {
1058	DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
1059	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1060	fclose(fp);
1061	return False;
1062	}
1063
1064	if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
1065	DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
1066	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1067	fclose(fp);
1068	return False;
1069	}
1070
1071	if (write(fd, ascii_p16, wr_len) != wr_len) {
1072	DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
1073	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1074	fclose(fp);
1075	return False;
1076	}
1077
1078	pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
1079	fclose(fp);
1080	return True;
1081	}
1082
1083	/************************************************************************
1084	Routine to delete an entry in the smbpasswd file by name.
1085	*************************************************************************/
1086
1087	static bool del_smbfilepwd_entry(struct smbpasswd_privates smbpasswd_state, const char name)
1088	{
1089	const char *pfile = smbpasswd_state->smbpasswd_file;
1090	char *pfile2 = NULL;
1091	struct smb_passwd *pwd = NULL;
1092	FILE *fp = NULL;
1093	FILE *fp_write = NULL;
1094	int pfile2_lockdepth = 0;
1095
1096	pfile2 = talloc_asprintf(talloc_tos(),
1097	"%s.%u",
1098	pfile, (unsigned)sys_getpid());
1099	if (!pfile2) {
1100	return false;
1101	}
1102
1103	/*
1104	* Open the smbpassword file - for update. It needs to be update
1105	* as we need any other processes to wait until we have replaced
1106	* it.
1107	*/
1108
1109	if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &smbpasswd_state->pw_file_lock_depth)) == NULL) {
1110	DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1111	return False;
1112	}
1113
1114	/*
1115	* Create the replacement password file.
1116	*/
1117	if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
1118	DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
1119	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
1120	return False;
1121	}
1122
1123	/*
1124	* Scan the file, a line at a time and check if the name matches.
1125	*/
1126
1127	while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
1128	char *new_entry;
1129	size_t new_entry_length;
1130
1131	if (strequal(name, pwd->smb_name)) {
1132	DEBUG(10, ("del_smbfilepwd_entry: found entry with "
1133	"name %s - deleting it.\n", name));
1134	continue;
1135	}
1136
1137	/*
1138	* We need to copy the entry out into the second file.
1139	*/
1140
1141	if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) {
1142	DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
1143	Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1144	unlink(pfile2);
1145	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
1146	endsmbfilepwent(fp_write, &pfile2_lockdepth);
1147	return False;
1148	}
1149
1150	new_entry_length = strlen(new_entry);
1151
1152	if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) {
1153	DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
1154	Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
1155	unlink(pfile2);
1156	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
1157	endsmbfilepwent(fp_write, &pfile2_lockdepth);
1158	free(new_entry);
1159	return False;
1160	}
1161
1162	free(new_entry);
1163	}
1164
1165	/*
1166	* Ensure pfile2 is flushed before rename.
1167	*/
1168
1169	if(fflush(fp_write) != 0) {
1170	DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
1171	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
1172	endsmbfilepwent(fp_write,&pfile2_lockdepth);
1173	return False;
1174	}
1175
1176	/*
1177	* Do an atomic rename - then release the locks.
1178	*/
1179
1180	if(rename(pfile2,pfile) != 0) {
1181	unlink(pfile2);
1182	}
1183
1184	endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
1185	endsmbfilepwent(fp_write,&pfile2_lockdepth);
1186	return True;
1187	}
1188
1189	/*********************************************************************
1190	Create a smb_passwd struct from a struct samu.
1191	We will not allocate any new memory. The smb_passwd struct
1192	should only stay around as long as the struct samu does.
1193	********************************************************************/
1194
1195	static bool build_smb_pass (struct smb_passwd smb_pw, const struct samu sampass)
1196	{
1197	uint32_t rid;
1198
1199	if (sampass == NULL)
1200	return False;
1201	ZERO_STRUCTP(smb_pw);
1202
1203	if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
1204	rid = pdb_get_user_rid(sampass);
1205
1206	/* If the user specified a RID, make sure its able to be both stored and retreived */
1207	if (rid == DOMAIN_RID_GUEST) {
1208	struct passwd *passwd = Get_Pwnam_alloc(NULL, lp_guestaccount());
1209	if (!passwd) {
1210	DEBUG(0, ("Could not find guest account via Get_Pwnam_alloc()! (%s)\n", lp_guestaccount()));
1211	return False;
1212	}
1213	smb_pw->smb_userid=passwd->pw_uid;
1214	TALLOC_FREE(passwd);
1215	} else if (algorithmic_pdb_rid_is_user(rid)) {
1216	smb_pw->smb_userid=algorithmic_pdb_user_rid_to_uid(rid);
1217	} else {
1218	DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
1219	return False;
1220	}
1221	}
1222
1223	smb_pw->smb_name=(const char*)pdb_get_username(sampass);
1224
1225	smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
1226	smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
1227
1228	smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
1229	smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
1230
1231	return True;
1232	}
1233
1234	/*********************************************************************
1235	Create a struct samu from a smb_passwd struct
1236	********************************************************************/
1237
1238	static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state,
1239	struct samu sam_pass, const struct smb_passwd pw_buf)
1240	{
1241	struct passwd *pwfile;
1242
1243	if ( !sam_pass ) {
1244	DEBUG(5,("build_sam_account: struct samu is NULL\n"));
1245	return False;
1246	}
1247
1248	/* verify the user account exists */
1249
1250	if ( !(pwfile = Get_Pwnam_alloc(NULL, pw_buf->smb_name )) ) {
1251	DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid "
1252	"%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
1253	return False;
1254	}
1255
1256	if ( !NT_STATUS_IS_OK( samu_set_unix(sam_pass, pwfile )) )
1257	return False;
1258
1259	TALLOC_FREE(pwfile);
1260
1261	/* set remaining fields */
1262
1263	if (!pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET))
1264	return False;
1265	if (!pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET))
1266	return False;
1267	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
1268	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
1269	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
1270
1271	return True;
1272	}
1273
1274	/*****************************************************************
1275	Functions to be implemented by the new passdb API
1276	****************************************************************/
1277
1278	/****************************************************************
1279	Search smbpasswd file by iterating over the entries. Do not
1280	call getpwnam() for unix account information until we have found
1281	the correct entry
1282	***************************************************************/
1283
1284	static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
1285	struct samu sam_acct, const char username)
1286	{
1287	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1288	struct smbpasswd_privates smbpasswd_state = (struct smbpasswd_privates)my_methods->private_data;
1289	struct smb_passwd *smb_pw;
1290	FILE *fp = NULL;
1291
1292	DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
1293
1294	/* startsmbfilepwent() is used here as we don't want to lookup
1295	the UNIX account in the local system password file until
1296	we have a match. */
1297	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
1298
1299	if (fp == NULL) {
1300	DEBUG(0, ("Unable to open passdb database.\n"));
1301	return nt_status;
1302	}
1303
1304	while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
1305	/* do nothing....another loop */ ;
1306
1307	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1308
1309
1310	/* did we locate the username in smbpasswd */
1311	if (smb_pw == NULL)
1312	return nt_status;
1313
1314	DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
1315
1316	if (!sam_acct) {
1317	DEBUG(10,("getsampwnam (smbpasswd): struct samu is NULL\n"));
1318	return nt_status;
1319	}
1320
1321	/* now build the struct samu */
1322	if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
1323	return nt_status;
1324
1325	/* success */
1326	return NT_STATUS_OK;
1327	}
1328
1329	static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods my_methods, struct samu sam_acct, const struct dom_sid *sid)
1330	{
1331	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1332	struct smbpasswd_privates smbpasswd_state = (struct smbpasswd_privates)my_methods->private_data;
1333	struct smb_passwd *smb_pw;
1334	FILE *fp = NULL;
1335	uint32_t rid;
1336
1337	DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n",
1338	sid_string_dbg(sid)));
1339
1340	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
1341	return NT_STATUS_UNSUCCESSFUL;
1342
1343	/* More special case 'guest account' hacks... */
1344	if (rid == DOMAIN_RID_GUEST) {
1345	const char *guest_account = lp_guestaccount();
1346	if (!(guest_account && *guest_account)) {
1347	DEBUG(1, ("Guest account not specfied!\n"));
1348	return nt_status;
1349	}
1350	return smbpasswd_getsampwnam(my_methods, sam_acct, guest_account);
1351	}
1352
1353	/* Open the sam password file - not for update. */
1354	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
1355
1356	if (fp == NULL) {
1357	DEBUG(0, ("Unable to open passdb database.\n"));
1358	return nt_status;
1359	}
1360
1361	while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (algorithmic_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
1362	/* do nothing */ ;
1363
1364	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1365
1366
1367	/* did we locate the username in smbpasswd */
1368	if (smb_pw == NULL)
1369	return nt_status;
1370
1371	DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
1372
1373	if (!sam_acct) {
1374	DEBUG(10,("getsampwrid: (smbpasswd) struct samu is NULL\n"));
1375	return nt_status;
1376	}
1377
1378	/* now build the struct samu */
1379	if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
1380	return nt_status;
1381
1382	/* build_sam_account might change the SID on us, if the name was for the guest account */
1383	if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
1384	DEBUG(1, ("looking for user with sid %s instead returned %s "
1385	"for account %s!?!\n", sid_string_dbg(sid),
1386	sid_string_dbg(pdb_get_user_sid(sam_acct)),
1387	pdb_get_username(sam_acct)));
1388	return NT_STATUS_NO_SUCH_USER;
1389	}
1390
1391	/* success */
1392	return NT_STATUS_OK;
1393	}
1394
1395	static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods my_methods, struct samu sampass)
1396	{
1397	struct smbpasswd_privates smbpasswd_state = (struct smbpasswd_privates)my_methods->private_data;
1398	struct smb_passwd smb_pw;
1399
1400	/* convert the struct samu */
1401	if (!build_smb_pass(&smb_pw, sampass)) {
1402	return NT_STATUS_UNSUCCESSFUL;
1403	}
1404
1405	/* add the entry */
1406	return add_smbfilepwd_entry(smbpasswd_state, &smb_pw);
1407	}
1408
1409	static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods my_methods, struct samu sampass)
1410	{
1411	struct smbpasswd_privates smbpasswd_state = (struct smbpasswd_privates)my_methods->private_data;
1412	struct smb_passwd smb_pw;
1413
1414	/* convert the struct samu */
1415	if (!build_smb_pass(&smb_pw, sampass)) {
1416	DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n"));
1417	return NT_STATUS_UNSUCCESSFUL;
1418	}
1419
1420	/* update the entry */
1421	if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
1422	DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n"));
1423	return NT_STATUS_UNSUCCESSFUL;
1424	}
1425
1426	return NT_STATUS_OK;
1427	}
1428
1429	static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods my_methods, struct samu sampass)
1430	{
1431	struct smbpasswd_privates smbpasswd_state = (struct smbpasswd_privates)my_methods->private_data;
1432
1433	const char *username = pdb_get_username(sampass);
1434
1435	if (del_smbfilepwd_entry(smbpasswd_state, username))
1436	return NT_STATUS_OK;
1437
1438	return NT_STATUS_UNSUCCESSFUL;
1439	}
1440
1441	static NTSTATUS smbpasswd_rename_sam_account (struct pdb_methods *my_methods,
1442	struct samu *old_acct,
1443	const char *newname)
1444	{
1445	char *rename_script = NULL;
1446	struct samu *new_acct = NULL;
1447	bool interim_account = False;
1448	TALLOC_CTX *ctx = talloc_tos();
1449	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
1450
1451	if (!*(lp_renameuser_script()))
1452	goto done;
1453
1454	if ( !(new_acct = samu_new( NULL )) ) {
1455	return NT_STATUS_NO_MEMORY;
1456	}
1457
1458	if ( !pdb_copy_sam_account( new_acct, old_acct )
1459	\|\| !pdb_set_username(new_acct, newname, PDB_CHANGED))
1460	{
1461	goto done;
1462	}
1463
1464	ret = smbpasswd_add_sam_account(my_methods, new_acct);
1465	if (!NT_STATUS_IS_OK(ret))
1466	goto done;
1467
1468	interim_account = True;
1469
1470	/* rename the posix user */
1471	rename_script = talloc_strdup(ctx,
1472	lp_renameuser_script());
1473	if (!rename_script) {
1474	ret = NT_STATUS_NO_MEMORY;
1475	goto done;
1476	}
1477
1478	if (*rename_script) {
1479	int rename_ret;
1480
1481	rename_script = talloc_string_sub2(ctx,
1482	rename_script,
1483	"%unew",
1484	newname,
1485	true,
1486	false,
1487	true);
1488	if (!rename_script) {
1489	ret = NT_STATUS_NO_MEMORY;
1490	goto done;
1491	}
1492	rename_script = talloc_string_sub2(ctx,
1493	rename_script,
1494	"%uold",
1495	pdb_get_username(old_acct),
1496	true,
1497	false,
1498	true);
1499	if (!rename_script) {
1500	ret = NT_STATUS_NO_MEMORY;
1501	goto done;
1502	}
1503
1504	rename_ret = smbrun(rename_script, NULL);
1505
1506	DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret));
1507
1508	if (rename_ret == 0) {
1509	smb_nscd_flush_user_cache();
1510	}
1511
1512	if (rename_ret)
1513	goto done;
1514	} else {
1515	goto done;
1516	}
1517
1518	smbpasswd_delete_sam_account(my_methods, old_acct);
1519	interim_account = False;
1520
1521	done:
1522	/* cleanup */
1523	if (interim_account)
1524	smbpasswd_delete_sam_account(my_methods, new_acct);
1525
1526	if (new_acct)
1527	TALLOC_FREE(new_acct);
1528
1529	return (ret);
1530	}
1531
1532	static uint32_t smbpasswd_capabilities(struct pdb_methods *methods)
1533	{
1534	return 0;
1535	}
1536
1537	static void free_private_data(void **vp)
1538	{
1539	struct smbpasswd_privates privates = (struct smbpasswd_privates)vp;
1540
1541	endsmbfilepwent((privates)->pw_file, &((privates)->pw_file_lock_depth));
1542
1543	*privates = NULL;
1544	/* No need to free any further, as it is talloc()ed */
1545	}
1546
1547	struct smbpasswd_search_state {
1548	uint32_t acct_flags;
1549
1550	struct samr_displayentry *entries;
1551	uint32_t num_entries;
1552	ssize_t array_size;
1553	uint32_t current;
1554	};
1555
1556	static void smbpasswd_search_end(struct pdb_search *search)
1557	{
1558	struct smbpasswd_search_state *state = talloc_get_type_abort(
1559	search->private_data, struct smbpasswd_search_state);
1560	TALLOC_FREE(state);
1561	}
1562
1563	static bool smbpasswd_search_next_entry(struct pdb_search *search,
1564	struct samr_displayentry *entry)
1565	{
1566	struct smbpasswd_search_state *state = talloc_get_type_abort(
1567	search->private_data, struct smbpasswd_search_state);
1568
1569	if (state->current == state->num_entries) {
1570	return false;
1571	}
1572
1573	entry->idx = state->entries[state->current].idx;
1574	entry->rid = state->entries[state->current].rid;
1575	entry->acct_flags = state->entries[state->current].acct_flags;
1576
1577	entry->account_name = talloc_strdup(
1578	search, state->entries[state->current].account_name);
1579	entry->fullname = talloc_strdup(
1580	search, state->entries[state->current].fullname);
1581	entry->description = talloc_strdup(
1582	search, state->entries[state->current].description);
1583
1584	if ((entry->account_name == NULL) \|\| (entry->fullname == NULL)
1585	\|\| (entry->description == NULL)) {
1586	DEBUG(0, ("talloc_strdup failed\n"));
1587	return false;
1588	}
1589
1590	state->current += 1;
1591	return true;
1592	}
1593
1594	static bool smbpasswd_search_users(struct pdb_methods *methods,
1595	struct pdb_search *search,
1596	uint32_t acct_flags)
1597	{
1598	struct smbpasswd_privates *smbpasswd_state =
1599	(struct smbpasswd_privates*)methods->private_data;
1600
1601	struct smbpasswd_search_state *search_state;
1602	struct smb_passwd *pwd;
1603	FILE *fp;
1604
1605	search_state = talloc_zero(search, struct smbpasswd_search_state);
1606	if (search_state == NULL) {
1607	DEBUG(0, ("talloc failed\n"));
1608	return false;
1609	}
1610	search_state->acct_flags = acct_flags;
1611
1612	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ,
1613	&smbpasswd_state->pw_file_lock_depth);
1614
1615	if (fp == NULL) {
1616	DEBUG(10, ("Unable to open smbpasswd file.\n"));
1617	TALLOC_FREE(search_state);
1618	return false;
1619	}
1620
1621	while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
1622	struct samr_displayentry entry;
1623	struct samu *user;
1624
1625	if ((acct_flags != 0)
1626	&& ((acct_flags & pwd->acct_ctrl) == 0)) {
1627	continue;
1628	}
1629
1630	user = samu_new(talloc_tos());
1631	if (user == NULL) {
1632	DEBUG(0, ("samu_new failed\n"));
1633	break;
1634	}
1635
1636	if (!build_sam_account(smbpasswd_state, user, pwd)) {
1637	/* Already got debug msgs... */
1638	break;
1639	}
1640
1641	ZERO_STRUCT(entry);
1642
1643	entry.acct_flags = pdb_get_acct_ctrl(user);
1644	sid_peek_rid(pdb_get_user_sid(user), &entry.rid);
1645	entry.account_name = talloc_strdup(
1646	search_state, pdb_get_username(user));
1647	entry.fullname = talloc_strdup(
1648	search_state, pdb_get_fullname(user));
1649	entry.description = talloc_strdup(
1650	search_state, pdb_get_acct_desc(user));
1651
1652	TALLOC_FREE(user);
1653
1654	if ((entry.account_name == NULL) \|\| (entry.fullname == NULL)
1655	\|\| (entry.description == NULL)) {
1656	DEBUG(0, ("talloc_strdup failed\n"));
1657	break;
1658	}
1659
1660	ADD_TO_LARGE_ARRAY(search_state, struct samr_displayentry,
1661	entry, &search_state->entries,
1662	&search_state->num_entries,
1663	&search_state->array_size);
1664	}
1665
1666	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
1667
1668	search->private_data = search_state;
1669	search->next_entry = smbpasswd_search_next_entry;
1670	search->search_end = smbpasswd_search_end;
1671
1672	return true;
1673	}
1674
1675	static NTSTATUS pdb_init_smbpasswd( struct pdb_methods *pdb_method, const char location )
1676	{
1677	NTSTATUS nt_status;
1678	struct smbpasswd_privates *privates;
1679
1680	if ( !NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method )) ) {
1681	return nt_status;
1682	}
1683
1684	(*pdb_method)->name = "smbpasswd";
1685
1686	(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
1687	(*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
1688	(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
1689	(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
1690	(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
1691	(*pdb_method)->rename_sam_account = smbpasswd_rename_sam_account;
1692	(*pdb_method)->search_users = smbpasswd_search_users;
1693
1694	(*pdb_method)->capabilities = smbpasswd_capabilities;
1695
1696	/* Setup private data and free function */
1697
1698	if ( !(privates = TALLOC_ZERO_P( *pdb_method, struct smbpasswd_privates )) ) {
1699	DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
1700	return NT_STATUS_NO_MEMORY;
1701	}
1702
1703	/* Store some config details */
1704
1705	if (location) {
1706	privates->smbpasswd_file = talloc_strdup(*pdb_method, location);
1707	} else {
1708	privates->smbpasswd_file = talloc_strdup(*pdb_method, lp_smb_passwd_file());
1709	}
1710
1711	if (!privates->smbpasswd_file) {
1712	DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
1713	return NT_STATUS_NO_MEMORY;
1714	}
1715
1716	(*pdb_method)->private_data = privates;
1717
1718	(*pdb_method)->free_private_data = free_private_data;
1719
1720	return NT_STATUS_OK;
1721	}
1722
1723	NTSTATUS pdb_smbpasswd_init(void)
1724	{
1725	return smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
1726	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: