1998-05-15 18:49:48 +04:00
/*
* Unix SMB / Netbios implementation . Version 1.9 . SMB parameters and setup
* Copyright ( C ) Andrew Tridgell 1992 - 1998 Modified by Jeremy Allison 1995.
* Copyright ( C ) Benny Holmgren 1998 < bigfoot @ astrakan . hgs . se >
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1998.
*
* This program is free software ; you can redistribute it and / or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation ; either version 2 of the License , or ( at your option )
* any later version .
*
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
* this program ; if not , write to the Free Software Foundation , Inc . , 675
* Mass Ave , Cambridge , MA 0213 9 , USA .
*/
1999-12-13 16:27:58 +03:00
# include "includes.h"
1998-07-29 07:08:05 +04:00
# ifdef WITH_NISPLUS
1998-05-15 18:49:48 +04:00
1999-12-13 16:27:58 +03:00
# ifdef BROKEN_NISPLUS_INCLUDE_FILES
/*
* The following lines are needed due to buggy include files
* in Solaris 2.6 which define GROUP in both / usr / include / sys / acl . h and
* also in / usr / include / rpcsvc / nis . h . The definitions conflict . JRA .
* Also GROUP_OBJ is defined as 0x4 in / usr / include / sys / acl . h and as
* an enum in / usr / include / rpcsvc / nis . h .
*/
# if defined(GROUP)
# undef GROUP
# endif
# if defined(GROUP_OBJ)
# undef GROUP_OBJ
# endif
# endif
1998-05-15 18:49:48 +04:00
# include <rpcsvc/nis.h>
1998-05-18 15:54:00 +04:00
extern int DEBUGLEVEL ;
1999-12-13 16:27:58 +03:00
extern pstring samlogon_user ;
extern BOOL sam_logon_in_ssb ;
1998-05-15 18:49:48 +04:00
1999-12-13 16:27:58 +03:00
static VOLATILE SIG_ATOMIC_T gotalarm ;
1998-05-15 18:49:48 +04:00
/***************************************************************
1998-05-18 15:59:19 +04:00
the fields for the NIS + table , generated from mknissmbpwtbl . sh , are :
name = S , nogw = r
uid = S , nogw = r
user_rid = S , nogw = r
smb_grpid = , nw + r
group_rid = , nw + r
acb = , nw + r
lmpwd = C , nw = , g = r , o = rm
ntpwd = C , nw = , g = r , o = rm
logon_t = , nw + r
logoff_t = , nw + r
kick_t = , nw + r
pwdlset_t = , nw + r
pwdlchg_t = , nw + r
pwdmchg_t = , nw + r
full_name = , nw + r
home_dir = , nw + r
dir_drive = , nw + r
logon_script = , nw + r
profile_path = , nw + r
acct_desc = , nw + r
workstations = , nw + r
hours = , nw + r
1998-05-15 18:49:48 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-18 15:59:19 +04:00
# define NPF_NAME 0
# define NPF_UID 1
# define NPF_USER_RID 2
# define NPF_SMB_GRPID 3
# define NPF_GROUP_RID 4
# define NPF_ACB 5
# define NPF_LMPWD 6
# define NPF_NTPWD 7
# define NPF_LOGON_T 8
# define NPF_LOGOFF_T 9
1998-05-22 15:28:32 +04:00
# define NPF_KICK_T 10
# define NPF_PWDLSET_T 11
# define NPF_PWDLCHG_T 12
# define NPF_PWDMCHG_T 13
# define NPF_FULL_NAME 14
# define NPF_HOME_DIR 15
# define NPF_DIR_DRIVE 16
# define NPF_LOGON_SCRIPT 17
# define NPF_PROFILE_PATH 18
# define NPF_ACCT_DESC 19
# define NPF_WORKSTATIONS 20
# define NPF_HOURS 21
1998-05-18 15:59:19 +04:00
/***************************************************************
Signal function to tell us we timed out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-15 18:49:48 +04:00
static void gotalarm_sig ( void )
{
gotalarm = 1 ;
}
1998-05-18 15:59:19 +04:00
/***************************************************************
make_nisname_from_user_rid
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
static char * make_nisname_from_user_rid ( uint32 rid , char * pfile )
1998-05-18 15:59:19 +04:00
{
static pstring nisname ;
1998-05-19 01:30:57 +04:00
safe_strcpy ( nisname , " [user_rid= " , sizeof ( nisname ) - 1 ) ;
slprintf ( nisname , sizeof ( nisname ) - 1 , " %s%d " , nisname , rid ) ;
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
safe_strcat ( nisname , " ], " , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
safe_strcat ( nisname , pfile , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
1998-05-18 15:59:19 +04:00
return nisname ;
}
/***************************************************************
make_nisname_from_uid
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
static char * make_nisname_from_uid ( int uid , char * pfile )
1998-05-18 15:59:19 +04:00
{
static pstring nisname ;
1998-05-19 01:30:57 +04:00
safe_strcpy ( nisname , " [uid= " , sizeof ( nisname ) - 1 ) ;
slprintf ( nisname , sizeof ( nisname ) - 1 , " %s%d " , nisname , uid ) ;
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
safe_strcat ( nisname , " ], " , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
safe_strcat ( nisname , pfile , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
1998-05-18 15:59:19 +04:00
return nisname ;
}
/***************************************************************
make_nisname_from_name
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
static char * make_nisname_from_name ( char * user_name , char * pfile )
1998-05-18 15:59:19 +04:00
{
static pstring nisname ;
1998-05-19 01:30:57 +04:00
safe_strcpy ( nisname , " [name= " , sizeof ( nisname ) - 1 ) ;
1998-05-18 15:59:19 +04:00
safe_strcat ( nisname , user_name , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
safe_strcat ( nisname , " ], " , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
safe_strcat ( nisname , pfile , sizeof ( nisname ) - strlen ( nisname ) - 1 ) ;
1998-05-18 15:59:19 +04:00
return nisname ;
}
1998-05-28 20:55:12 +04:00
/*************************************************************************
gets a NIS + attribute
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void get_single_attribute ( nis_object * new_obj , int col ,
char * val , int len )
{
int entry_len ;
if ( new_obj = = NULL | | val = = NULL ) return ;
entry_len = ENTRY_LEN ( new_obj , col ) ;
if ( len > entry_len )
{
DEBUG ( 10 , ( " get_single_attribute: entry length truncated \n " ) ) ;
len = entry_len ;
}
1999-12-13 16:27:58 +03:00
safe_strcpy ( val , ENTRY_VAL ( new_obj , col ) , len - 1 ) ;
1998-05-28 20:55:12 +04:00
}
1999-12-13 16:27:58 +03:00
/************************************************************************
makes a struct sam_passwd from a NIS + object .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL make_sam_from_nisp_object ( struct sam_passwd * pw_buf , nis_object * obj )
{
int uidval ;
static pstring user_name ;
static pstring full_name ;
static pstring home_dir ;
static pstring home_drive ;
static pstring logon_script ;
static pstring profile_path ;
static pstring acct_desc ;
static pstring workstations ;
static pstring temp ;
static unsigned char smbpwd [ 16 ] ;
static unsigned char smbntpwd [ 16 ] ;
char * p ;
pdb_init_sam ( pw_buf ) ;
pw_buf - > acct_ctrl = ACB_NORMAL ;
pstrcpy ( user_name , ENTRY_VAL ( obj , NPF_NAME ) ) ;
pw_buf - > smb_name = user_name ;
uidval = atoi ( ENTRY_VAL ( obj , NPF_UID ) ) ;
pw_buf - > smb_userid = uidval ;
/* Check the lanman password column. */
p = ( char * ) ENTRY_VAL ( obj , NPF_LMPWD ) ;
if ( * p = = ' * ' | | * p = = ' X ' ) {
/* Password deliberately invalid - end here. */
DEBUG ( 10 , ( " make_sam_from_nisp_object: entry invalidated for user %s \n " , user_name ) ) ;
pw_buf - > smb_nt_passwd = NULL ;
pw_buf - > smb_passwd = NULL ;
pw_buf - > acct_ctrl | = ACB_DISABLED ;
return True ;
}
if ( ! strncasecmp ( p , " NO PASSWORD " , 11 ) ) {
pw_buf - > smb_passwd = NULL ;
pw_buf - > acct_ctrl | = ACB_PWNOTREQ ;
} else {
if ( strlen ( p ) ! = 32 | | ! pdb_gethexpwd ( p , smbpwd ) )
{
DEBUG ( 0 , ( " make_sam_from_nisp_object: malformed LM pwd entry. \n " ) ) ;
return False ;
}
}
pw_buf - > smb_passwd = smbpwd ;
/* Check the NT password column. */
p = ENTRY_VAL ( obj , NPF_NTPWD ) ;
if ( * p ! = ' * ' & & * p ! = ' X ' ) {
if ( strlen ( p ) ! = 32 | | ! pdb_gethexpwd ( p , smbntpwd ) )
{
DEBUG ( 0 , ( " make_smb_from_nisp_object: malformed NT pwd entry \n " ) ) ;
return False ;
}
pw_buf - > smb_nt_passwd = smbntpwd ;
}
p = ( char * ) ENTRY_VAL ( obj , NPF_ACB ) ;
if ( * p = = ' [ ' )
{
pw_buf - > acct_ctrl = pdb_decode_acct_ctrl ( p ) ;
/* Must have some account type set. */
if ( pw_buf - > acct_ctrl = = 0 )
pw_buf - > acct_ctrl = ACB_NORMAL ;
/* Now try and get the last change time. */
if ( * p = = ' ] ' )
p + + ;
if ( * p = = ' : ' ) {
p + + ;
if ( * p & & ( StrnCaseCmp ( p , " LCT- " , 4 ) = = 0 ) ) {
int i ;
p + = 4 ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
pw_buf - > pass_last_set_time = ( time_t ) strtol ( p , NULL , 16 ) ;
}
}
}
} else {
/* 'Old' style file. Fake up based on user name. */
/*
* Currently trust accounts are kept in the same
* password file as ' normal accounts ' . If this changes
* we will have to fix this code . JRA .
*/
if ( pw_buf - > smb_name [ strlen ( pw_buf - > smb_name ) - 1 ] = = ' $ ' ) {
pw_buf - > acct_ctrl & = ~ ACB_NORMAL ;
pw_buf - > acct_ctrl | = ACB_WSTRUST ;
}
}
get_single_attribute ( obj , NPF_SMB_GRPID , temp , sizeof ( pstring ) ) ;
pw_buf - > smb_grpid = atoi ( temp ) ;
get_single_attribute ( obj , NPF_USER_RID , temp , sizeof ( pstring ) ) ;
pw_buf - > user_rid = ( strlen ( temp ) > 0 ) ?
strtol ( temp , NULL , 16 ) : pdb_uid_to_user_rid ( pw_buf - > smb_userid ) ;
if ( pw_buf - > smb_name [ strlen ( pw_buf - > smb_name ) - 1 ] ! = ' $ ' ) {
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
pstrcpy ( samlogon_user , pw_buf - > smb_name ) ;
sam_logon_in_ssb = True ;
get_single_attribute ( obj , NPF_GROUP_RID , temp , sizeof ( pstring ) ) ;
pw_buf - > group_rid = ( strlen ( temp ) > 0 ) ?
strtol ( temp , NULL , 16 ) : pdb_gid_to_group_rid ( pw_buf - > smb_grpid ) ;
get_single_attribute ( obj , NPF_FULL_NAME , full_name , sizeof ( pstring ) ) ;
# if 1
/* It seems correct to use the global values - but in that case why
* do we want these NIS + entries anyway ? ?
*/
pstrcpy ( logon_script , lp_logon_script ( ) ) ;
pstrcpy ( profile_path , lp_logon_path ( ) ) ;
pstrcpy ( home_drive , lp_logon_drive ( ) ) ;
pstrcpy ( home_dir , lp_logon_home ( ) ) ;
# else
get_single_attribute ( obj , NPF_LOGON_SCRIPT , logon_script , sizeof ( pstring ) ) ;
get_single_attribute ( obj , NPF_PROFILE_PATH , profile_path , sizeof ( pstring ) ) ;
get_single_attribute ( obj , NPF_DIR_DRIVE , home_drive , sizeof ( pstring ) ) ;
get_single_attribute ( obj , NPF_HOME_DIR , home_dir , sizeof ( pstring ) ) ;
# endif
get_single_attribute ( obj , NPF_ACCT_DESC , acct_desc , sizeof ( pstring ) ) ;
get_single_attribute ( obj , NPF_WORKSTATIONS , workstations , sizeof ( pstring ) ) ;
sam_logon_in_ssb = False ;
} else {
pw_buf - > group_rid = DOMAIN_GROUP_RID_USERS ; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pstrcpy ( full_name , " " ) ;
pstrcpy ( logon_script , " " ) ;
pstrcpy ( profile_path , " " ) ;
pstrcpy ( home_drive , " " ) ;
pstrcpy ( home_dir , " " ) ;
pstrcpy ( acct_desc , " " ) ;
pstrcpy ( workstations , " " ) ;
}
pw_buf - > full_name = full_name ;
pw_buf - > home_dir = home_dir ;
pw_buf - > dir_drive = home_drive ;
pw_buf - > logon_script = logon_script ;
pw_buf - > profile_path = profile_path ;
pw_buf - > acct_desc = acct_desc ;
pw_buf - > workstations = workstations ;
pw_buf - > unknown_str = NULL ; /* don't know, yet! */
pw_buf - > munged_dial = NULL ; /* "munged" dial-back telephone number */
pw_buf - > unknown_3 = 0xffffff ; /* don't know */
pw_buf - > logon_divs = 168 ; /* hours per week */
pw_buf - > hours_len = 21 ; /* 21 times 8 bits = 168 */
memset ( pw_buf - > hours , 0xff , pw_buf - > hours_len ) ; /* available at all hours */
pw_buf - > unknown_5 = 0x00020000 ; /* don't know */
pw_buf - > unknown_6 = 0x000004ec ; /* don't know */
return True ;
}
/************************************************************************
makes a struct sam_passwd from a NIS + result .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL make_sam_from_nisresult ( struct sam_passwd * pw_buf , nis_result * result )
{
if ( pw_buf = = NULL | | result = = NULL ) return False ;
if ( result - > status ! = NIS_SUCCESS & & result - > status ! = NIS_NOTFOUND )
{
DEBUG ( 0 , ( " make_sam_from_nisresult: NIS+ lookup failure: %s \n " ,
nis_sperrno ( result - > status ) ) ) ;
return False ;
}
/* User not found. */
if ( NIS_RES_NUMOBJ ( result ) < = 0 )
{
DEBUG ( 10 , ( " make_sam_from_nisresult: user not found in NIS+ \n " ) ) ;
return False ;
}
if ( NIS_RES_NUMOBJ ( result ) > 1 )
{
DEBUG ( 10 , ( " make_sam_from_nisresult: WARNING: Multiple entries for user in NIS+ table! \n " ) ) ;
}
/* Grab the first hit. */
return make_sam_from_nisp_object ( pw_buf , & NIS_RES_OBJECT ( result ) [ 0 ] ) ;
}
1998-05-28 20:55:12 +04:00
/***************************************************************
calls nis_list , returns results .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static nis_result * nisp_get_nis_list ( char * nis_name )
{
nis_result * result ;
result = nis_list ( nis_name , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP , NULL , NULL ) ;
alarm ( 0 ) ;
1998-07-29 07:08:05 +04:00
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_DFL ) ;
1998-05-28 20:55:12 +04:00
if ( gotalarm )
{
DEBUG ( 0 , ( " nisp_get_nis_list: NIS+ lookup time out \n " ) ) ;
nis_freeresult ( result ) ;
return NULL ;
}
return result ;
}
struct nisp_enum_info
{
nis_result * result ;
int enum_entry ;
} ;
1998-05-15 18:49:48 +04:00
/***************************************************************
Start to enumerate the nisplus passwd list . Returns a void pointer
to ensure no modification outside this module .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static void * startnisppwent ( BOOL update )
1998-05-15 18:49:48 +04:00
{
1998-05-28 20:55:12 +04:00
static struct nisp_enum_info res ;
1998-06-27 04:27:44 +04:00
res . result = nisp_get_nis_list ( lp_smb_passwd_file ( ) ) ;
1998-05-28 20:55:12 +04:00
res . enum_entry = 0 ;
return res . result ! = NULL ? & res : NULL ;
1998-05-15 18:49:48 +04:00
}
/***************************************************************
End enumeration of the nisplus passwd list .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static void endnisppwent ( void * vp )
1998-05-15 18:49:48 +04:00
{
1999-12-13 16:27:58 +03:00
struct nisp_enum_info * res = ( struct nisp_enum_info * ) vp ;
nis_freeresult ( res - > result ) ;
DEBUG ( 7 , ( " endnisppwent: freed enumeration list \n " ) ) ;
1998-05-15 18:49:48 +04:00
}
/*************************************************************************
Routine to return the next entry in the nisplus passwd list .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static struct sam_passwd * getnisp21pwent ( void * vp )
1998-05-15 18:49:48 +04:00
{
1999-12-13 16:27:58 +03:00
struct nisp_enum_info * res = ( struct nisp_enum_info * ) vp ;
static struct sam_passwd pw_buf ;
int which ;
BOOL ret ;
if ( res = = NULL | | ( int ) ( res - > enum_entry ) < 0 | |
( int ) ( res - > enum_entry ) > ( NIS_RES_NUMOBJ ( res - > result ) - 1 ) ) {
ret = False ;
} else {
which = ( int ) ( res - > enum_entry ) ;
ret = make_sam_from_nisp_object ( & pw_buf ,
& NIS_RES_OBJECT ( res - > result ) [ which ] ) ;
if ( ret & & which < ( NIS_RES_NUMOBJ ( res - > result ) - 1 ) )
( int ) ( res - > enum_entry ) + + ;
}
return ret ? & pw_buf : NULL ;
1998-05-15 18:49:48 +04:00
}
/*************************************************************************
1998-09-18 03:06:57 +04:00
Return the current position in the nisplus passwd list as an SMB_BIG_UINT .
1998-05-15 18:49:48 +04:00
This must be treated as an opaque token .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-09-18 03:06:57 +04:00
static SMB_BIG_UINT getnisppwpos ( void * vp )
1998-05-15 18:49:48 +04:00
{
1999-12-13 16:27:58 +03:00
struct nisp_enum_info * res = ( struct nisp_enum_info * ) vp ;
return ( SMB_BIG_UINT ) ( res - > enum_entry ) ;
1998-05-15 18:49:48 +04:00
}
/*************************************************************************
1998-09-18 03:06:57 +04:00
Set the current position in the nisplus passwd list from SMB_BIG_UINT .
1998-05-15 18:49:48 +04:00
This must be treated as an opaque token .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-09-18 03:06:57 +04:00
static BOOL setnisppwpos ( void * vp , SMB_BIG_UINT tok )
1998-05-15 18:49:48 +04:00
{
1999-12-13 16:27:58 +03:00
struct nisp_enum_info * res = ( struct nisp_enum_info * ) vp ;
if ( tok < ( NIS_RES_NUMOBJ ( res - > result ) - 1 ) ) {
res - > enum_entry = tok ;
return True ;
} else {
return False ;
}
1998-05-15 18:49:48 +04:00
}
1998-05-22 15:28:32 +04:00
/*************************************************************************
sets a NIS + attribute
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-22 16:12:16 +04:00
static void set_single_attribute ( nis_object * new_obj , int col ,
1998-05-22 15:28:32 +04:00
char * val , int len , int flags )
{
1998-05-22 16:12:16 +04:00
if ( new_obj = = NULL ) return ;
1998-05-22 15:28:32 +04:00
1998-05-22 16:12:16 +04:00
ENTRY_VAL ( new_obj , col ) = val ;
1999-12-13 16:27:58 +03:00
ENTRY_LEN ( new_obj , col ) = len + 1 ;
1998-05-22 15:28:32 +04:00
if ( flags ! = 0 )
{
1998-05-22 16:12:16 +04:00
new_obj - > EN_data . en_cols . en_cols_val [ col ] . ec_flags = flags ;
1998-05-22 15:28:32 +04:00
}
}
1998-05-18 15:54:00 +04:00
/************************************************************************
Routine to add an entry to the nisplus passwd file .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static BOOL add_nisp21pwd_entry ( struct sam_passwd * newpwd )
1998-05-15 18:49:48 +04:00
{
1998-05-18 15:54:00 +04:00
char * pfile ;
1998-05-18 15:59:19 +04:00
char * nisname ;
1998-05-18 15:54:00 +04:00
nis_result * nis_user ;
nis_result * result = NULL ,
* tblresult = NULL ,
* addresult = NULL ;
1998-05-22 16:12:16 +04:00
nis_object new_obj , * obj ;
1998-05-22 15:28:32 +04:00
fstring uid ;
fstring user_rid ;
fstring smb_grpid ;
fstring group_rid ;
fstring acb ;
1998-05-24 17:36:43 +04:00
fstring smb_passwd ;
fstring smb_nt_passwd ;
1998-05-22 15:28:32 +04:00
fstring logon_t ;
fstring logoff_t ;
1998-05-25 17:39:08 +04:00
fstring kickoff_t ;
1998-05-22 15:28:32 +04:00
fstring pwdlset_t ;
fstring pwdlchg_t ;
fstring pwdmchg_t ;
1999-12-13 16:27:58 +03:00
memset ( ( char * ) logon_t , ' \0 ' , sizeof ( logon_t ) ) ;
memset ( ( char * ) logoff_t , ' \0 ' , sizeof ( logoff_t ) ) ;
memset ( ( char * ) kickoff_t , ' \0 ' , sizeof ( kickoff_t ) ) ;
memset ( ( char * ) pwdlset_t , ' \0 ' , sizeof ( pwdlset_t ) ) ;
memset ( ( char * ) pwdlchg_t , ' \0 ' , sizeof ( pwdlchg_t ) ) ;
memset ( ( char * ) pwdmchg_t , ' \0 ' , sizeof ( pwdmchg_t ) ) ;
1998-05-18 15:54:00 +04:00
pfile = lp_smb_passwd_file ( ) ;
1998-05-22 15:28:32 +04:00
nisname = make_nisname_from_name ( newpwd - > smb_name , pfile ) ;
1998-05-28 20:55:12 +04:00
result = nisp_get_nis_list ( nisname ) ;
1998-05-18 15:54:00 +04:00
if ( result - > status ! = NIS_SUCCESS & & result - > status ! = NIS_NOTFOUND )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " add_nis21ppwd_entry: nis_list failure: %s: %s \n " ,
1998-05-18 15:54:00 +04:00
nisname , nis_sperrno ( result - > status ) ) ) ;
nis_freeresult ( result ) ;
return False ;
}
if ( result - > status = = NIS_SUCCESS & & NIS_RES_NUMOBJ ( result ) > 0 )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " add_nisp21pwd_entry: User already exists in NIS+ password db: %s \n " ,
1998-05-18 15:54:00 +04:00
pfile ) ) ;
nis_freeresult ( result ) ;
return False ;
}
1998-05-22 15:28:32 +04:00
#if 0
1998-05-18 15:54:00 +04:00
/* User not found. */
if ( ! add_user )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " add_nisp21pwd_entry: User not found in NIS+ password db: %s \n " ,
1998-05-18 15:54:00 +04:00
pfile ) ) ;
nis_freeresult ( result ) ;
return False ;
}
1998-05-22 15:28:32 +04:00
# endif
1998-05-18 15:54:00 +04:00
tblresult = nis_lookup ( pfile , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ) ;
if ( tblresult - > status ! = NIS_SUCCESS )
{
nis_freeresult ( result ) ;
nis_freeresult ( tblresult ) ;
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " add_nisp21pwd_entry: nis_lookup failure: %s \n " ,
1998-05-18 15:54:00 +04:00
nis_sperrno ( tblresult - > status ) ) ) ;
return False ;
}
1998-05-22 16:12:16 +04:00
new_obj . zo_name = NIS_RES_OBJECT ( tblresult ) - > zo_name ;
new_obj . zo_domain = NIS_RES_OBJECT ( tblresult ) - > zo_domain ;
1998-05-28 20:55:12 +04:00
new_obj . zo_owner = NIS_RES_OBJECT ( tblresult ) - > zo_owner ;
1998-05-22 16:12:16 +04:00
new_obj . zo_group = NIS_RES_OBJECT ( tblresult ) - > zo_group ;
new_obj . zo_access = NIS_RES_OBJECT ( tblresult ) - > zo_access ;
new_obj . zo_ttl = NIS_RES_OBJECT ( tblresult ) - > zo_ttl ;
1998-05-18 15:54:00 +04:00
1998-05-22 16:12:16 +04:00
new_obj . zo_data . zo_type = ENTRY_OBJ ;
1998-05-18 15:54:00 +04:00
1998-05-22 16:12:16 +04:00
new_obj . zo_data . objdata_u . en_data . en_type = NIS_RES_OBJECT ( tblresult ) - > zo_data . objdata_u . ta_data . ta_type ;
new_obj . zo_data . objdata_u . en_data . en_cols . en_cols_len = NIS_RES_OBJECT ( tblresult ) - > zo_data . objdata_u . ta_data . ta_maxcol ;
new_obj . zo_data . objdata_u . en_data . en_cols . en_cols_val = calloc ( new_obj . zo_data . objdata_u . en_data . en_cols . en_cols_len , sizeof ( entry_col ) ) ;
1998-05-18 15:54:00 +04:00
1999-12-13 16:27:58 +03:00
if ( new_obj . zo_data . objdata_u . en_data . en_cols . en_cols_val = = NULL )
{
DEBUG ( 0 , ( " add_nisp21pwd_entry: memory allocation failure \n " ) ) ;
nis_freeresult ( result ) ;
nis_freeresult ( tblresult ) ;
return False ;
}
pdb_sethexpwd ( smb_passwd , newpwd - > smb_passwd , newpwd - > acct_ctrl ) ;
pdb_sethexpwd ( smb_nt_passwd , newpwd - > smb_nt_passwd , newpwd - > acct_ctrl ) ;
newpwd - > pass_last_set_time = ( time_t ) time ( NULL ) ;
newpwd - > logon_time = ( time_t ) - 1 ;
newpwd - > logoff_time = ( time_t ) - 1 ;
newpwd - > kickoff_time = ( time_t ) - 1 ;
newpwd - > pass_can_change_time = ( time_t ) - 1 ;
newpwd - > pass_must_change_time = ( time_t ) - 1 ;
1998-05-24 17:36:43 +04:00
1999-12-13 16:27:58 +03:00
slprintf ( logon_t , 13 , " LNT-%08X " , ( uint32 ) newpwd - > logon_time ) ;
slprintf ( logoff_t , 13 , " LOT-%08X " , ( uint32 ) newpwd - > logoff_time ) ;
slprintf ( kickoff_t , 13 , " KOT-%08X " , ( uint32 ) newpwd - > kickoff_time ) ;
slprintf ( pwdlset_t , 13 , " LCT-%08X " , ( uint32 ) newpwd - > pass_last_set_time ) ;
slprintf ( pwdlchg_t , 13 , " CCT-%08X " , ( uint32 ) newpwd - > pass_can_change_time ) ;
slprintf ( pwdmchg_t , 13 , " MCT-%08X " , ( uint32 ) newpwd - > pass_must_change_time ) ;
1998-05-22 15:28:32 +04:00
1999-12-13 16:27:58 +03:00
slprintf ( uid , sizeof ( uid ) , " %u " , newpwd - > smb_userid ) ;
1998-05-22 15:28:32 +04:00
slprintf ( user_rid , sizeof ( user_rid ) , " 0x%x " , newpwd - > user_rid ) ;
slprintf ( smb_grpid , sizeof ( smb_grpid ) , " %u " , newpwd - > smb_grpid ) ;
slprintf ( group_rid , sizeof ( group_rid ) , " 0x%x " , newpwd - > group_rid ) ;
1999-12-13 16:27:58 +03:00
safe_strcpy ( acb , pdb_encode_acct_ctrl ( newpwd - > acct_ctrl , NEW_PW_FORMAT_SPACE_PADDED_LEN ) , sizeof ( acb ) - 1 ) ;
1998-05-22 16:12:16 +04:00
1998-05-24 17:36:43 +04:00
set_single_attribute ( & new_obj , NPF_NAME , newpwd - > smb_name , strlen ( newpwd - > smb_name ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_UID , uid , strlen ( uid ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_USER_RID , user_rid , strlen ( user_rid ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_SMB_GRPID , smb_grpid , strlen ( smb_grpid ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_GROUP_RID , group_rid , strlen ( group_rid ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_ACB , acb , strlen ( acb ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_LMPWD , smb_passwd , strlen ( smb_passwd ) , EN_CRYPT ) ;
set_single_attribute ( & new_obj , NPF_NTPWD , smb_nt_passwd , strlen ( smb_nt_passwd ) , EN_CRYPT ) ;
set_single_attribute ( & new_obj , NPF_LOGON_T , logon_t , strlen ( logon_t ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_LOGOFF_T , logoff_t , strlen ( logoff_t ) , 0 ) ;
1998-05-25 17:39:08 +04:00
set_single_attribute ( & new_obj , NPF_KICK_T , kickoff_t , strlen ( kickoff_t ) , 0 ) ;
1998-05-24 17:36:43 +04:00
set_single_attribute ( & new_obj , NPF_PWDLSET_T , pwdlset_t , strlen ( pwdlset_t ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_PWDLCHG_T , pwdlchg_t , strlen ( pwdlchg_t ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_PWDMCHG_T , pwdmchg_t , strlen ( pwdmchg_t ) , 0 ) ;
1999-12-13 16:27:58 +03:00
#if 0
1998-05-24 17:36:43 +04:00
set_single_attribute ( & new_obj , NPF_FULL_NAME , newpwd - > full_name , strlen ( newpwd - > full_name ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_HOME_DIR , newpwd - > home_dir , strlen ( newpwd - > home_dir ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_DIR_DRIVE , newpwd - > dir_drive , strlen ( newpwd - > dir_drive ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_LOGON_SCRIPT , newpwd - > logon_script , strlen ( newpwd - > logon_script ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_PROFILE_PATH , newpwd - > profile_path , strlen ( newpwd - > profile_path ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_ACCT_DESC , newpwd - > acct_desc , strlen ( newpwd - > acct_desc ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_WORKSTATIONS , newpwd - > workstations , strlen ( newpwd - > workstations ) , 0 ) ;
set_single_attribute ( & new_obj , NPF_HOURS , newpwd - > hours , newpwd - > hours_len , 0 ) ;
1999-12-13 16:27:58 +03:00
# endif
1998-05-22 16:12:16 +04:00
obj = & new_obj ;
1998-05-18 15:54:00 +04:00
addresult = nis_add_entry ( pfile , obj , ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ) ;
if ( addresult - > status ! = NIS_SUCCESS )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " add_nisp21pwd_entry: NIS+ table update failed: %s \n " ,
1998-05-18 15:54:00 +04:00
nisname , nis_sperrno ( addresult - > status ) ) ) ;
1999-12-13 16:27:58 +03:00
nis_freeresult ( tblresult ) ;
1998-05-18 15:54:00 +04:00
nis_freeresult ( addresult ) ;
nis_freeresult ( result ) ;
return False ;
}
1999-12-13 16:27:58 +03:00
nis_freeresult ( tblresult ) ;
1998-05-18 15:54:00 +04:00
nis_freeresult ( addresult ) ;
nis_freeresult ( result ) ;
return True ;
1998-05-15 18:49:48 +04:00
}
1998-05-18 15:54:00 +04:00
/************************************************************************
Routine to search the nisplus passwd file for an entry matching the username .
and then modify its password entry . We can ' t use the startnisppwent ( ) /
getnisppwent ( ) / endnisppwent ( ) interfaces here as we depend on looking
in the actual file to decide how much room we have to write data .
override = False , normal
override = True , override XXXXXXXX ' d out password or NO PASS
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static BOOL mod_nisp21pwd_entry ( struct sam_passwd * pwd , BOOL override )
1998-05-18 15:54:00 +04:00
{
1999-12-13 16:27:58 +03:00
char * oldnislmpwd , * oldnisntpwd , * oldnisacb , * oldnislct , * user_name ;
char lmpwd [ 33 ] , ntpwd [ 33 ] , lct [ 13 ] ;
nis_result * result , * addresult ;
nis_object * obj ;
fstring acb ;
pstring nisname ;
BOOL got_pass_last_set_time , ret ;
int i ;
if ( ! * lp_smb_passwd_file ( ) )
{
DEBUG ( 0 , ( " mod_getnisp21pwd_entry: no SMB password file set \n " ) ) ;
return False ;
}
DEBUG ( 10 , ( " mod_getnisp21pwd_entry: search by name: %s \n " , pwd - > smb_name ) ) ;
DEBUG ( 10 , ( " mod_getnisp21pwd_entry: using NIS+ table %s \n " , lp_smb_passwd_file ( ) ) ) ;
slprintf ( nisname , sizeof ( nisname ) - 1 , " [name=%s],%s " , pwd - > smb_name , lp_smb_passwd_file ( ) ) ;
/* Search the table. */
gotalarm = 0 ;
CatchSignal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
alarm ( 5 ) ;
result = nis_list ( nisname , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP , NULL , NULL ) ;
alarm ( 0 ) ;
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_DFL ) ;
if ( gotalarm )
{
DEBUG ( 0 , ( " mod_getnisp21pwd_entry: NIS+ lookup time out \n " ) ) ;
nis_freeresult ( result ) ;
return False ;
}
if ( result - > status ! = NIS_SUCCESS | | NIS_RES_NUMOBJ ( result ) < = 0 ) {
/* User not found. */
DEBUG ( 0 , ( " mod_getnisp21pwd_entry: user not found in NIS+ \n " ) ) ;
nis_freeresult ( result ) ;
return False ;
}
DEBUG ( 6 , ( " mod_getnisp21pwd_entry: entry exists \n " ) ) ;
obj = NIS_RES_OBJECT ( result ) ;
user_name = ENTRY_VAL ( obj , NPF_NAME ) ;
oldnislmpwd = ENTRY_VAL ( obj , NPF_LMPWD ) ;
oldnisntpwd = ENTRY_VAL ( obj , NPF_NTPWD ) ;
oldnisacb = ENTRY_VAL ( obj , NPF_ACB ) ;
oldnislct = ENTRY_VAL ( obj , NPF_PWDLSET_T ) ;
if ( ! override & & ( * oldnislmpwd = = ' * ' | | * oldnislmpwd = = ' X ' | |
* oldnisntpwd = = ' * ' | | * oldnisntpwd = = ' X ' ) ) {
/* Password deliberately invalid - end here. */
DEBUG ( 10 , ( " mod_nisp21pwd_entry: entry invalidated for user %s \n " , user_name ) ) ;
nis_freeresult ( result ) ;
return False ;
}
if ( strlen ( oldnislmpwd ) ! = 32 | | strlen ( oldnisntpwd ) ! = 32 ) {
DEBUG ( 0 , ( " mod_nisp21pwd_entry: malformed password entry (incorrect length) \n " ) ) ;
nis_freeresult ( result ) ;
return False ;
}
/*
* Now check if the account info and the password last
* change time is available .
*/
/*
* If both NT and lanman passwords are provided - reset password
* not required flag .
*/
if ( pwd - > smb_passwd ! = NULL | | pwd - > smb_nt_passwd ! = NULL ) {
/* Require password in the future (should ACB_DISABLED also be reset?) */
pwd - > acct_ctrl & = ~ ( ACB_PWNOTREQ ) ;
}
if ( * oldnisacb = = ' [ ' ) {
i = 0 ;
acb [ i + + ] = oldnisacb [ i ] ;
while ( i < ( sizeof ( fstring ) - 2 ) & & ( oldnisacb [ i ] ! = ' ] ' ) )
acb [ i ] = oldnisacb [ i + + ] ;
acb [ i + + ] = ' ] ' ;
acb [ i + + ] = ' \0 ' ;
if ( i = = NEW_PW_FORMAT_SPACE_PADDED_LEN ) {
/*
* We are using a new format , space padded
* acct ctrl field . Encode the given acct ctrl
* bits into it .
*/
fstrcpy ( acb , pdb_encode_acct_ctrl ( pwd - > acct_ctrl , NEW_PW_FORMAT_SPACE_PADDED_LEN ) ) ;
} else {
/*
* If using the old format and the ACB_DISABLED or
* ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
* here as we have no space to encode the change .
*/
if ( pwd - > acct_ctrl & ( ACB_DISABLED | ACB_PWNOTREQ ) ) {
pwd - > smb_passwd = NULL ;
pwd - > smb_nt_passwd = NULL ;
}
}
/* Now do the LCT stuff. */
if ( StrnCaseCmp ( oldnislct , " LCT- " , 4 ) = = 0 ) {
for ( i = 0 ; i < 8 ; i + + ) {
if ( oldnislct [ i + 4 ] = = ' \0 ' | | ! isxdigit ( oldnislct [ i + 4 ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
got_pass_last_set_time = True ;
} /* i == 8 */
} /* StrnCaseCmp() */
} /* p == '[' */
/* Entry is correctly formed. */
/* Create the 32 byte representation of the new p16 */
if ( pwd - > smb_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
slprintf ( & lmpwd [ i * 2 ] , 32 , " %02X " , ( uchar ) pwd - > smb_passwd [ i ] ) ;
}
} else {
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
fstrcpy ( lmpwd , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
else
fstrcpy ( lmpwd , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
}
/* Add on the NT md4 hash */
if ( pwd - > smb_nt_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
slprintf ( & ntpwd [ i * 2 ] , 32 , " %02X " , ( uchar ) pwd - > smb_nt_passwd [ i ] ) ;
}
} else {
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
fstrcpy ( ntpwd , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
else
fstrcpy ( ntpwd , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
}
pwd - > pass_last_set_time = time ( NULL ) ;
if ( got_pass_last_set_time ) {
slprintf ( lct , 12 , " LCT-%08X " , ( uint32 ) pwd - > pass_last_set_time ) ;
}
set_single_attribute ( obj , NPF_LMPWD , lmpwd , strlen ( lmpwd ) , EN_CRYPT ) ;
set_single_attribute ( obj , NPF_NTPWD , ntpwd , strlen ( ntpwd ) , EN_CRYPT ) ;
set_single_attribute ( obj , NPF_ACB , acb , strlen ( acb ) , 0 ) ;
set_single_attribute ( obj , NPF_PWDLSET_T , lct , strlen ( lct ) , 0 ) ;
addresult =
nis_add_entry ( lp_smb_passwd_file ( ) , obj ,
ADD_OVERWRITE | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP ) ;
if ( addresult - > status ! = NIS_SUCCESS ) {
DEBUG ( 0 , ( " mod_nisp21pwd_entry: NIS+ table update failed: %s %s \n " , nisname , nis_sperrno ( addresult - > status ) ) ) ;
nis_freeresult ( addresult ) ;
nis_freeresult ( result ) ;
return False ;
}
DEBUG ( 6 , ( " mod_nisp21pwd_entry: password changed \n " ) ) ;
nis_freeresult ( addresult ) ;
nis_freeresult ( result ) ;
return True ;
1998-05-18 15:54:00 +04:00
}
1998-05-15 18:49:48 +04:00
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static struct sam_passwd * getnisp21pwnam ( char * name )
1998-05-15 18:49:48 +04:00
{
/* Static buffers we will return. */
1998-05-18 19:50:56 +04:00
static struct sam_passwd pw_buf ;
1998-05-15 18:49:48 +04:00
nis_result * result ;
1998-05-18 15:54:00 +04:00
pstring nisname ;
1998-05-15 18:49:48 +04:00
BOOL ret ;
1998-05-18 15:54:00 +04:00
if ( ! * lp_smb_passwd_file ( ) )
1998-05-15 18:49:48 +04:00
{
DEBUG ( 0 , ( " No SMB password file set \n " ) ) ;
1998-05-18 15:54:00 +04:00
return NULL ;
1998-05-15 18:49:48 +04:00
}
1999-12-13 16:27:58 +03:00
DEBUG ( 10 , ( " getnisp21pwnam: search by name: %s \n " , name ) ) ;
DEBUG ( 10 , ( " getnisp21pwnam: using NIS+ table %s \n " , lp_smb_passwd_file ( ) ) ) ;
1998-05-15 18:49:48 +04:00
1998-05-19 01:30:57 +04:00
slprintf ( nisname , sizeof ( nisname ) - 1 , " [name=%s],%s " , name , lp_smb_passwd_file ( ) ) ;
1998-05-15 18:49:48 +04:00
/* Search the table. */
gotalarm = 0 ;
1998-07-29 07:08:05 +04:00
CatchSignal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
1998-05-15 18:49:48 +04:00
alarm ( 5 ) ;
result = nis_list ( nisname , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP , NULL , NULL ) ;
alarm ( 0 ) ;
1998-07-29 07:08:05 +04:00
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_DFL ) ;
1998-05-15 18:49:48 +04:00
if ( gotalarm )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 0 , ( " getnisp21pwnam: NIS+ lookup time out \n " ) ) ;
1998-05-15 18:49:48 +04:00
nis_freeresult ( result ) ;
return NULL ;
}
1999-12-13 16:27:58 +03:00
ret = make_sam_from_nisresult ( & pw_buf , result ) ;
1998-05-15 18:49:48 +04:00
nis_freeresult ( result ) ;
return ret ? & pw_buf : NULL ;
}
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
static struct sam_passwd * getnisp21pwrid ( uint32 rid )
1998-05-15 18:49:48 +04:00
{
/* Static buffers we will return. */
1998-05-18 19:50:56 +04:00
static struct sam_passwd pw_buf ;
1998-05-15 18:49:48 +04:00
nis_result * result ;
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
char * nisname ;
1998-05-18 15:54:00 +04:00
BOOL ret ;
1998-05-15 18:49:48 +04:00
1998-05-18 15:54:00 +04:00
if ( ! * lp_smb_passwd_file ( ) )
1998-05-15 18:49:48 +04:00
{
1999-12-13 16:27:58 +03:00
DEBUG ( 0 , ( " getnisp21pwrid: no SMB password file set \n " ) ) ;
1998-05-15 18:49:48 +04:00
return NULL ;
}
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
DEBUG ( 10 , ( " getnisp21pwrid: search by rid: %x \n " , rid ) ) ;
DEBUG ( 10 , ( " getnisp21pwrid: using NIS+ table %s \n " , lp_smb_passwd_file ( ) ) ) ;
1998-05-15 18:49:48 +04:00
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
nisname = make_nisname_from_user_rid ( rid , lp_smb_passwd_file ( ) ) ;
1998-05-15 18:49:48 +04:00
/* Search the table. */
gotalarm = 0 ;
1998-07-29 07:08:05 +04:00
CatchSignal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
1998-05-15 18:49:48 +04:00
alarm ( 5 ) ;
result = nis_list ( nisname , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP , NULL , NULL ) ;
alarm ( 0 ) ;
1998-07-29 07:08:05 +04:00
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_DFL ) ;
1998-05-15 18:49:48 +04:00
if ( gotalarm )
{
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
DEBUG ( 0 , ( " getnisp21pwrid: NIS+ lookup time out \n " ) ) ;
1998-05-15 18:49:48 +04:00
nis_freeresult ( result ) ;
return NULL ;
}
1999-12-13 16:27:58 +03:00
ret = make_sam_from_nisresult ( & pw_buf , result ) ;
1998-05-15 18:49:48 +04:00
nis_freeresult ( result ) ;
return ret ? & pw_buf : NULL ;
}
1998-05-19 03:57:28 +04:00
/*
* Derived functions for NIS + .
*/
1998-05-19 23:17:35 +04:00
static struct smb_passwd * getnisppwent ( void * vp )
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_smb ( getnisp21pwent ( vp ) ) ;
1998-05-19 23:17:35 +04:00
}
static BOOL add_nisppwd_entry ( struct smb_passwd * newpwd )
{
1999-12-13 16:27:58 +03:00
return add_nisp21pwd_entry ( pdb_smb_to_sam ( newpwd ) ) ;
1998-05-19 23:17:35 +04:00
}
static BOOL mod_nisppwd_entry ( struct smb_passwd * pwd , BOOL override )
{
1999-12-13 16:27:58 +03:00
return mod_nisp21pwd_entry ( pdb_smb_to_sam ( pwd ) , override ) ;
1998-05-19 23:17:35 +04:00
}
2000-02-26 01:25:25 +03:00
static BOOL del_nisppwd_entry ( const char * name )
{
return False ; /* Dummy. */
}
1998-05-19 23:17:35 +04:00
static struct smb_passwd * getnisppwnam ( char * name )
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_smb ( getnisp21pwnam ( name ) ) ;
1998-05-19 23:17:35 +04:00
}
1999-12-13 16:27:58 +03:00
static struct sam_passwd * getnisp21pwuid ( uid_t smb_userid )
1998-05-19 23:17:35 +04:00
{
1999-12-13 16:27:58 +03:00
return getnisp21pwrid ( pdb_uid_to_user_rid ( smb_userid ) ) ;
1998-05-19 23:17:35 +04:00
}
1999-12-13 16:27:58 +03:00
static struct smb_passwd * getnisppwrid ( uint32 user_rid )
1998-10-22 01:11:16 +04:00
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_smb ( getnisp21pwuid ( pdb_user_rid_to_uid ( user_rid ) ) ) ;
1998-10-22 01:11:16 +04:00
}
1999-12-13 16:27:58 +03:00
static struct smb_passwd * getnisppwuid ( uid_t smb_userid )
1998-05-19 23:17:35 +04:00
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_smb ( getnisp21pwuid ( smb_userid ) ) ;
1998-05-19 23:17:35 +04:00
}
static struct sam_disp_info * getnispdispnam ( char * name )
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_dispinfo ( getnisp21pwnam ( name ) ) ;
1998-05-19 23:17:35 +04:00
}
static struct sam_disp_info * getnispdisprid ( uint32 rid )
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_dispinfo ( getnisp21pwrid ( rid ) ) ;
1998-05-19 23:17:35 +04:00
}
static struct sam_disp_info * getnispdispent ( void * vp )
{
1999-12-13 16:27:58 +03:00
return pdb_sam_to_dispinfo ( getnisp21pwent ( vp ) ) ;
1998-05-19 23:17:35 +04:00
}
1998-05-19 03:57:28 +04:00
static struct passdb_ops nispasswd_ops = {
startnisppwent ,
endnisppwent ,
getnisppwpos ,
setnisppwpos ,
1998-05-19 23:17:35 +04:00
getnisppwnam ,
getnisppwuid ,
1998-10-22 01:11:16 +04:00
getnisppwrid ,
1998-05-19 23:17:35 +04:00
getnisppwent ,
add_nisppwd_entry ,
mod_nisppwd_entry ,
2000-02-26 01:25:25 +03:00
del_nisppwd_entry ,
1998-05-19 03:57:28 +04:00
getnisp21pwent ,
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
getnisp21pwnam ,
1998-05-19 23:17:35 +04:00
getnisp21pwuid ,
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
getnisp21pwrid ,
1998-05-19 03:57:28 +04:00
add_nisp21pwd_entry ,
ldap.c :
- added support for some of the new passdb_ops functions.
- removed functions that are supported "indirectly" through passdb.c
nisppass.c :
- modified make_nisname_from_xxx() functions to take a "file" arg.
- turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid()
functionality is available through "indirect" support in passdb.c
- removed functions that are supported "indirectly" through passdb.c
- added support for some of the new passdb_ops functions.
passdb.c :
- created getsam21pwrid() function to go alongside getsam21pwuid.
it is not expected that getsam21pwuid ever be used, certainly
not from the lib/rpc code.
- created getsamdisprid() and getsamdispent(). these are primarily
for support of SamrQueryDisplayInfo, however given that they
[struct sam_disp_info] return username, rid and fullname, there may
be further instances where these functions will be useful.
- added support where either the get/add/mod-smb or get/add/mod-sam21
functions are optional. this can be done very easily by checking
whether the struct passdb_ops table functions are NULL or not.
documented this capability in the notes at the top of the module.
- where unix uid was referenced, use uid_t.
- where unix gid was referenced, use gid_t.
smb.h :
- added sam_disp_info functions to passdb_ops.
- added getsam21pwrid() function.
smbpass.c :
- added reference to iterate_getsam21pwrid().
lib/rpc/server/srv_samr.c :
- removed group rid code added to get_user_info_21() code: this
had been added in the wrong place. the client / server should
already know whether it wants to do a lookup by user rid or
by group rid.
the test of whether the rid is a user or group rid has been left
in because this may become useful consistency-check code.
- converted back to getsam21pwrid() not
getsam21pwuid(pdb_user_rid_to_uid()).
this is because the unix uid to user rid mapping can be non-monotonic
in some password database systems, and monotonic in others. imposing
the restriction by converting immediately from rid to uid at this
point is inadviseable, and will place this potential restriction on
_all_ password database systems, not just some which, for whatever
reason, do not support user rids.
it should be up to the individual password database writer to
convert from user rid to unix uid, should that module not support
rids.
lib/rpc/server/srv_util.c :
- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
a bug was introduced (or at least the bug already there was not
fixed) whereby the nt user rid was converted to a unix uid, and
then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-19 21:48:40 +04:00
mod_nisp21pwd_entry ,
1998-05-19 23:17:35 +04:00
getnispdispnam ,
getnispdisprid ,
getnispdispent
1998-05-19 03:57:28 +04:00
} ;
1999-12-13 16:27:58 +03:00
struct passdb_ops * nisplus_initialize_password_db ( void )
1998-05-19 03:57:28 +04:00
{
return & nispasswd_ops ;
}
1998-05-15 18:49:48 +04:00
# else
1998-10-17 21:41:13 +04:00
void nisplus_dummy_function ( void ) ;
1998-05-19 01:30:57 +04:00
void nisplus_dummy_function ( void ) { } /* stop some compilers complaining */
1998-07-29 07:08:05 +04:00
# endif /* WITH_NISPLUS */
1998-05-22 16:12:16 +04:00
/* useful code i can't bring myself to delete */
#if 0
1998-09-05 09:07:05 +04:00
static void useful_code ( void ) {
1998-05-22 16:12:16 +04:00
/* checks user in unix password database. don't want to do that, here. */
nisname = make_nisname_from_name ( newpwd - > smb_name , " passwd.org_dir " ) ;
nis_user = nis_list ( nisname , FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP , NULL , NULL ) ;
if ( nis_user - > status ! = NIS_SUCCESS | | NIS_RES_NUMOBJ ( nis_user ) < = 0 )
{
1999-12-13 16:27:58 +03:00
DEBUG ( 3 , ( " useful_code: Unable to get NIS+ passwd entry for user: %s. \n " ,
1998-05-22 16:12:16 +04:00
nis_sperrno ( nis_user - > status ) ) ) ;
return False ;
}
user_obj = NIS_RES_OBJECT ( nis_user ) ;
make_nisname_from_name ( ENTRY_VAL ( user_obj , 0 ) , pfile ) ;
1998-09-05 09:07:05 +04:00
}
1998-05-22 16:12:16 +04:00
# endif
