sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

- renamed some of the passdb.c functions: they have a prefix pdb_ on them

Browse Source 
- split smbpass.c "password file lock" routines into smbpassfile.c: moved
  trust account routines into smbpassfile.c as well
(This used to be commit 3e48b4eb11)
This commit is contained in:
Luke Leighton
1998-05-18 12:27:04 +00:00
parent a85b42ff37
commit 39f3c0c25a
7 changed files with 323 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source3/lsarpcd/srv_lsa.c
View File

@ -372,7 +372,7 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
for (i = 0; i < q_l.num_entries; i++)
{
char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
{
/* WHOOPS! we should really do something about this... */
dom_rids[i] = 0;

6
source3/passdb/passdb.c
View File

@ -532,7 +532,7 @@ time_t pdb_get_last_set_time(char *p)
/*******************************************************************
sets password-database-format time in a string.
********************************************************************/
static set_time_in_string(char *p, int max_len, char *type, time_t t)
static void set_time_in_string(char *p, int max_len, char *type, time_t t)
{
slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
}
@ -679,11 +679,11 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
*u_rid = uid_to_user_rid(pw->pw_uid);
*u_rid = pdb_uid_to_user_rid(pw->pw_uid);
}
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
*g_rid = gid_to_group_rid(pw->pw_gid);
*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
return True;
}

306
source3/passdb/smbpass.c
View File

@ -19,98 +19,14 @@
#include "includes.h"
#ifdef USE_SMBPASS_DB
extern int DEBUGLEVEL;
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
static int gotalarm;
static char s_readbuf[16 * 1024];
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
static void gotalarm_sig(void)
{
gotalarm = 1;
}
/***************************************************************
Lock or unlock a fd for a known lock type. Abandon after waitsecs
seconds.
****************************************************************/
BOOL do_file_lock(int fd, int waitsecs, int type)
{
struct flock lock;
int ret;
gotalarm = 0;
signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
lock.l_type = type;
lock.l_whence = SEEK_SET;
lock.l_start = 0;
lock.l_len = 1;
lock.l_pid = 0;
alarm(5);
ret = fcntl(fd, F_SETLKW, &lock);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
if (gotalarm) {
DEBUG(0, ("do_file_lock: failed to %s file.\n",
type == F_UNLCK ? "unlock" : "lock"));
return False;
}
return (ret == 0);
}
static int pw_file_lock_depth;
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
{
if (fd < 0)
return False;
(*plock_depth)++;
if(pw_file_lock_depth == 0) {
if (!do_file_lock(fd, secs, type)) {
DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
strerror(errno)));
return False;
}
}
return True;
}
/***************************************************************
Unlock an fd. Abandon after waitsecs seconds.
****************************************************************/
static BOOL pw_file_unlock(int fd, int *plock_depth)
{
BOOL ret=True;
if(*plock_depth == 1)
ret = do_file_lock(fd, 5, F_UNLCK);
(*plock_depth)--;
if(!ret)
DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
strerror(errno)));
return ret;
}
/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module.
@ -207,8 +123,8 @@ struct sam_passwd *getsmb21pwent(void *vp)
user.smb_userid = pw_buf->smb_userid;
user.smb_grpid = pwfile->pw_gid;
user.user_rid = uid_to_user_rid (user.smb_userid);
user.group_rid = gid_to_group_rid(user.smb_grpid );
user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
pstrcpy(full_name , pwfile->pw_gecos );
pstrcpy(logon_script , lp_logon_script ());
@ -445,7 +361,7 @@ struct smb_passwd *getsmbpwent(void *vp)
if (*p == '[')
{
pw_buf.acct_ctrl = decode_acct_ctrl(p);
pw_buf.acct_ctrl = pdb_decode_acct_ctrl(p);
/* Must have some account type set. */
if(pw_buf.acct_ctrl == 0)
@ -630,7 +546,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
/* Add the account encoding and the last change time. */
slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
encode_acct_ctrl(newpwd->acct_ctrl),
pdb_encode_acct_ctrl(newpwd->acct_ctrl),
(uint32)time(NULL));
#ifdef DEBUG_PASSWORD
@ -1025,210 +941,6 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
fclose(fp);
return True;
}
static int mach_passwd_lock_depth;
static FILE *mach_passwd_fp;
/************************************************************************
Routine to get the name for a trust account file.
************************************************************************/
static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
{
unsigned int mac_file_len;
char *p;
pstrcpy(mac_file, lp_smb_passwd_file());
p = strrchr(mac_file, '/');
if(p != NULL)
*++p = '\0';
mac_file_len = strlen(mac_file);
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
mac_file));
return;
}
pstrcat(mac_file, domain);
pstrcat(mac_file, ".");
pstrcat(mac_file, name);
pstrcat(mac_file, ".mac");
}
/************************************************************************
Routine to lock the trust account password file for a domain.
************************************************************************/
BOOL trust_password_lock( char *domain, char *name, BOOL update)
{
pstring mac_file;
if(mach_passwd_lock_depth == 0) {
get_trust_account_file_name( domain, name, mac_file);
if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
if(errno == ENOENT && update) {
mach_passwd_fp = fopen(mac_file, "w+b");
}
if(mach_passwd_fp == NULL) {
DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n",
mac_file, strerror(errno) ));
return False;
}
}
chmod(mac_file, 0600);
if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
60, &mach_passwd_lock_depth))
{
DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
fclose(mach_passwd_fp);
return False;
}
}
return True;
}
/************************************************************************
Routine to unlock the trust account password file for a domain.
************************************************************************/
BOOL trust_password_unlock(void)
{
BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
if(mach_passwd_lock_depth == 0)
fclose(mach_passwd_fp);
return ret;
}
/************************************************************************
Routine to delete the trust account password file for a domain.
************************************************************************/
BOOL trust_password_delete( char *domain, char *name )
{
pstring mac_file;
get_trust_account_file_name( domain, name, mac_file);
return (unlink( mac_file ) == 0);
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
{
char linebuf[256];
char *p;
int i;
linebuf[0] = '\0';
*pass_last_set_time = (time_t)0;
memset(ret_pwd, '\0', 16);
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
if(ferror(mach_passwd_fp)) {
DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n",
strerror(errno) ));
return False;
}
/*
* The length of the line read
* must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678
*/
if(strlen(linebuf) != 45) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
/*
* Get the hex password.
*/
if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
strncmp(&linebuf[33], "TLC-", 4)) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
/*
* Get the last changed time.
*/
p = &linebuf[37];
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
}
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed.
*/
*pass_last_set_time = (time_t)strtol(p, NULL, 16);
return True;
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
BOOL set_trust_account_password( unsigned char *md4_new_pwd)
{
char linebuf[64];
int i;
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
for (i = 0; i < 16; i++)
slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]);
slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \
account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
return False;
}
fflush(mach_passwd_fp);
return True;
}
#else
static void dummy_function(void) { } /* stop some compilers complaining */
#endif /* USE_SMBPASS_DB */

307
source3/passdb/smbpassfile.c Normal file
View File

@ -0,0 +1,307 @@
/*
* Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
* Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern int DEBUGLEVEL;
static int gotalarm;
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
static void gotalarm_sig(void)
{
gotalarm = 1;
}
/***************************************************************
Lock or unlock a fd for a known lock type. Abandon after waitsecs
seconds.
****************************************************************/
BOOL do_file_lock(int fd, int waitsecs, int type)
{
struct flock lock;
int ret;
gotalarm = 0;
signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
lock.l_type = type;
lock.l_whence = SEEK_SET;
lock.l_start = 0;
lock.l_len = 1;
lock.l_pid = 0;
alarm(5);
ret = fcntl(fd, F_SETLKW, &lock);
alarm(0);
signal(SIGALRM, SIGNAL_CAST SIG_DFL);
if (gotalarm) {
DEBUG(0, ("do_file_lock: failed to %s file.\n",
type == F_UNLCK ? "unlock" : "lock"));
return False;
}
return (ret == 0);
}
static int pw_file_lock_depth;
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
{
if (fd < 0)
return False;
(*plock_depth)++;
if(pw_file_lock_depth == 0) {
if (!do_file_lock(fd, secs, type)) {
DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
strerror(errno)));
return False;
}
}
return True;
}
/***************************************************************
Unlock an fd. Abandon after waitsecs seconds.
****************************************************************/
BOOL pw_file_unlock(int fd, int *plock_depth)
{
BOOL ret=True;
if(*plock_depth == 1)
ret = do_file_lock(fd, 5, F_UNLCK);
(*plock_depth)--;
if(!ret)
DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
strerror(errno)));
return ret;
}
static int mach_passwd_lock_depth;
static FILE *mach_passwd_fp;
/************************************************************************
Routine to get the name for a trust account file.
************************************************************************/
static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
{
unsigned int mac_file_len;
char *p;
pstrcpy(mac_file, lp_smb_passwd_file());
p = strrchr(mac_file, '/');
if(p != NULL)
*++p = '\0';
mac_file_len = strlen(mac_file);
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
mac_file));
return;
}
pstrcat(mac_file, domain);
pstrcat(mac_file, ".");
pstrcat(mac_file, name);
pstrcat(mac_file, ".mac");
}
/************************************************************************
Routine to lock the trust account password file for a domain.
************************************************************************/
BOOL trust_password_lock( char *domain, char *name, BOOL update)
{
pstring mac_file;
if(mach_passwd_lock_depth == 0) {
get_trust_account_file_name( domain, name, mac_file);
if((mach_passwd_fp = fopen(mac_file, "r+b")) == NULL) {
if(errno == ENOENT && update) {
mach_passwd_fp = fopen(mac_file, "w+b");
}
if(mach_passwd_fp == NULL) {
DEBUG(0,("trust_password_lock: cannot open file %s - Error was %s.\n",
mac_file, strerror(errno) ));
return False;
}
}
chmod(mac_file, 0600);
if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK),
60, &mach_passwd_lock_depth))
{
DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file));
fclose(mach_passwd_fp);
return False;
}
}
return True;
}
/************************************************************************
Routine to unlock the trust account password file for a domain.
************************************************************************/
BOOL trust_password_unlock(void)
{
BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth);
if(mach_passwd_lock_depth == 0)
fclose(mach_passwd_fp);
return ret;
}
/************************************************************************
Routine to delete the trust account password file for a domain.
************************************************************************/
BOOL trust_password_delete( char *domain, char *name )
{
pstring mac_file;
get_trust_account_file_name( domain, name, mac_file);
return (unlink( mac_file ) == 0);
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time)
{
char linebuf[256];
char *p;
int i;
linebuf[0] = '\0';
*pass_last_set_time = (time_t)0;
memset(ret_pwd, '\0', 16);
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
DEBUG(0,("get_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
fgets(linebuf, sizeof(linebuf), mach_passwd_fp);
if(ferror(mach_passwd_fp)) {
DEBUG(0,("get_trust_account_password: Failed to read password. Error was %s.\n",
strerror(errno) ));
return False;
}
/*
* The length of the line read
* must be 45 bytes ( <---XXXX 32 bytes-->:TLC-12345678
*/
if(strlen(linebuf) != 45) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (wrong length).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
/*
* Get the hex password.
*/
if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' ||
strncmp(&linebuf[33], "TLC-", 4)) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
/*
* Get the last changed time.
*/
p = &linebuf[37];
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
DEBUG(0,("get_trust_account_password: Malformed trust password file (no timestamp).\n"));
#ifdef DEBUG_PASSWORD
DEBUG(100,("get_trust_account_password: line = |%s|\n", linebuf));
#endif
return False;
}
}
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed.
*/
*pass_last_set_time = (time_t)strtol(p, NULL, 16);
return True;
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
BOOL set_trust_account_password( unsigned char *md4_new_pwd)
{
char linebuf[64];
int i;
if(fseek( mach_passwd_fp, 0L, SEEK_SET) == -1) {
DEBUG(0,("set_trust_account_password: Failed to seek to start of file. Error was %s.\n",
strerror(errno) ));
return False;
}
for (i = 0; i < 16; i++)
slprintf(&linebuf[(i*2)], sizeof(linebuf) - (i*2) - 1, "%02X", md4_new_pwd[i]);
slprintf(&linebuf[32], 32, ":TLC-%08X\n", (unsigned)time(NULL));
if(fwrite( linebuf, 1, 45, mach_passwd_fp)!= 45) {
DEBUG(0,("set_trust_account_password: Failed to write file. Warning - the trust \
account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
return False;
}
fflush(mach_passwd_fp);
return True;
}

2
source3/rpc_server/srv_lsa.c
View File

@ -372,7 +372,7 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
for (i = 0; i < q_l.num_entries; i++)
{
char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
{
/* WHOOPS! we should really do something about this... */
dom_rids[i] = 0;

2
source3/rpc_server/srv_netlog.c
View File

@ -725,7 +725,7 @@ static void api_net_sam_logon( int uid,
sam_logon_in_ssb = False;
if (name_to_rid(samlogon_user, &r_uid, &r_gid))
if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid))
{
make_net_user_info3(&usr_info,
&dummy_time, /* logon_time */

2
source3/rpc_server/srv_util.c
View File

@ -414,7 +414,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
return 0x0;
}
unix_uid = uid_to_user_rid(rid);
unix_uid = pdb_uid_to_user_rid(rid);
DEBUG(5,(" uid: %d", unix_uid));
/* ok, it's a user. find the user account */