sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code

(merge from 3.0)

Browse Source 
Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c

(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).

This also includes some >14 character password changes, and the start
of a move away from using 'admin user' to determine if the user is
root (as root can login without setting 'admin user').

Andrew Bartlett
(This used to be commit be0704abb919152c359a735023283acbf9be3076)
This commit is contained in:
Andrew Bartlett 2004-02-08 11:59:55 +00:00
parent f7c1c68e19
commit 9b586b5a64
11 changed files with 30 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source3/Makefile.in
View File

@ -180,7 +180,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
lib/ms_fnmatch.o lib/select.o lib/messages.o \
lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \

2
source3/lib/iconv.c
View File

@ -105,7 +105,7 @@ NTSTATUS smb_register_charset(struct charset_functions *funcs)
return NT_STATUS_OK;
}
void lazy_initialize_iconv(void)
static void lazy_initialize_iconv(void)
{
static BOOL initialized;
int i;

200
source3/lib/smbpasswd.c
View File

@ -1,200 +0,0 @@
/*
Unix SMB/CIFS implementation.
smbpasswd file format routines
Copyright (C) Andrew Tridgell 1992-1998
Modified by Jeremy Allison 1995.
Modified by Gerald (Jerry) Carter 2000-2001
Copyright (C) Tim Potter 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/*! \file lib/smbpasswd.c
The smbpasswd file is used to store encrypted passwords in a similar
fashion to the /etc/passwd file. The format is colon separated fields
with one user per line like so:
<username>:<uid>:<lanman hash>:<nt hash>:<acb info>:<last change time>
The username and uid must correspond to an entry in the /etc/passwd
file. The lanman and nt password hashes are 32 hex digits corresponding
to the 16-byte lanman and nt hashes respectively.
The password last change time is stored as a string of the format
LCD-<change time> where the change time is expressed as an
'N' No password
'D' Disabled
'H' Homedir required
'T' Temp account.
'U' User account (normal)
'M' MNS logon user account - what is this ?
'W' Workstation account
'S' Server account
'L' Locked account
'X' No Xpiry on password
'I' Interdomain trust account
*/
#include "includes.h"
/*! Convert 32 hex characters into a 16 byte array. */
BOOL smbpasswd_gethexpwd(char *p, unsigned char *pwd)
{
int i;
unsigned char lonybble, hinybble;
const char *hexchars = "0123456789ABCDEF";
char *p1, *p2;
if (!p) return (False);
for (i = 0; i < 32; i += 2)
{
hinybble = toupper(p[i]);
lonybble = toupper(p[i + 1]);
p1 = strchr_m(hexchars, hinybble);
p2 = strchr_m(hexchars, lonybble);
if (!p1 || !p2)
{
return (False);
}
hinybble = PTR_DIFF(p1, hexchars);
lonybble = PTR_DIFF(p2, hexchars);
pwd[i / 2] = (hinybble << 4) | lonybble;
}
return (True);
}
/*! Convert a 16-byte array into 32 hex characters. */
void smbpasswd_sethexpwd(fstring p, unsigned char *pwd, uint16 acb_info)
{
if (pwd != NULL) {
int i;
for (i = 0; i < 16; i++)
slprintf(&p[i*2], 3, "%02X", pwd[i]);
} else {
if (acb_info & ACB_PWNOTREQ)
safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
else
safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
}
}
/*! Decode the account control bits (ACB) info from a string. */
uint16 smbpasswd_decode_acb_info(const char *p)
{
uint16 acb_info = 0;
BOOL finished = False;
/*
* Check if the account type bits have been encoded after the
* NT password (in the form [NDHTUWSLXI]).
*/
if (*p != '[') return 0;
for (p++; *p && !finished; p++)
{
switch (*p) {
case 'N': /* 'N'o password. */
acb_info |= ACB_PWNOTREQ;
break;
case 'D': /* 'D'isabled. */
acb_info |= ACB_DISABLED;
break;
case 'H': /* 'H'omedir required. */
acb_info |= ACB_HOMDIRREQ;
break;
case 'T': /* 'T'emp account. */
acb_info |= ACB_TEMPDUP;
break;
case 'U': /* 'U'ser account (normal). */
acb_info |= ACB_NORMAL;
break;
case 'M': /* 'M'NS logon user account. What is this ? */
acb_info |= ACB_MNS;
break;
case 'W': /* 'W'orkstation account. */
acb_info |= ACB_WSTRUST;
break;
case 'S': /* 'S'erver account. */
acb_info |= ACB_SVRTRUST;
break;
case 'L': /* 'L'ocked account. */
acb_info |= ACB_AUTOLOCK;
break;
case 'X': /* No 'X'piry on password */
acb_info |= ACB_PWNOEXP;
break;
case 'I': /* 'I'nterdomain trust account. */
acb_info |= ACB_DOMTRUST;
break;
case ' ':
break;
case ':':
case '\n':
case '\0':
case ']':
default:
finished = True;
break;
}
}
return acb_info;
}
/*! Encode account control bits (ACBs) into a string. */
char *smbpasswd_encode_acb_info(uint16 acb_info)
{
static fstring acct_str;
size_t i = 0;
acct_str[i++] = '[';
if (acb_info & ACB_PWNOTREQ ) acct_str[i++] = 'N';
if (acb_info & ACB_DISABLED ) acct_str[i++] = 'D';
if (acb_info & ACB_HOMDIRREQ) acct_str[i++] = 'H';
if (acb_info & ACB_TEMPDUP ) acct_str[i++] = 'T';
if (acb_info & ACB_NORMAL ) acct_str[i++] = 'U';
if (acb_info & ACB_MNS ) acct_str[i++] = 'M';
if (acb_info & ACB_WSTRUST ) acct_str[i++] = 'W';
if (acb_info & ACB_SVRTRUST ) acct_str[i++] = 'S';
if (acb_info & ACB_AUTOLOCK ) acct_str[i++] = 'L';
if (acb_info & ACB_PWNOEXP ) acct_str[i++] = 'X';
if (acb_info & ACB_DOMTRUST ) acct_str[i++] = 'I';
for ( ; i < NEW_PW_FORMAT_SPACE_PADDED_LEN - 2 ; i++ )
acct_str[i] = ' ';
i = NEW_PW_FORMAT_SPACE_PADDED_LEN - 2;
acct_str[i++] = ']';
acct_str[i++] = '\0';
return acct_str;
}

2
source3/nsswitch/winbindd_rpc.c
View File

@ -792,7 +792,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
LDAP queries
**********************************************************************/
int get_ldap_sequence_number( const char* domain, uint32 *seq)
static int get_ldap_sequence_number( const char* domain, uint32 *seq)
{
int ret = -1;
int i, port = LDAP_PORT;

17
source3/passdb/pdb_get_set.c
View File

@ -1102,13 +1102,24 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
if (!sampass || !plaintext)
return False;
nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(plaintext, new_nt_p16);
if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
return False;
if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
return False;
if (!E_deshash(plaintext, new_lanman_p16)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14 */
if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
return False;
} else {
if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
return False;
}
if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
return False;

2
source3/rpc_parse/parse_misc.c
View File

@ -32,7 +32,7 @@
static TALLOC_CTX *current_rpc_talloc = NULL;
TALLOC_CTX *get_current_rpc_talloc(void)
static TALLOC_CTX *get_current_rpc_talloc(void)
{
return current_rpc_talloc;
}

5
source3/smbd/nttrans.c
View File

@ -56,7 +56,7 @@ struct generic_mapping file_generic_mapping = {
FILE_GENERIC_ALL
};
char *nttrans_realloc(char **ptr, size_t size)
static char *nttrans_realloc(char **ptr, size_t size)
{
char *tptr = NULL;
if (ptr==NULL)
@ -2022,11 +2022,12 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf,
SMB_NTQUOTA_STRUCT qt;
SMB_NTQUOTA_LIST *tmp_list;
SMB_NTQUOTA_HANDLE *qt_handle = NULL;
extern struct current_user current_user;
ZERO_STRUCT(qt);
/* access check */
if (conn->admin_user != True) {
if (current_user.uid != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),conn->user));
return ERROR_DOS(ERRDOS,ERRnoaccess);

2
source3/smbd/server.c
View File

@ -145,7 +145,7 @@ static void msg_exit_server(int msg_type, pid_t src, void *buf, size_t len)
Have we reached the process limit ?
****************************************************************************/
BOOL allowable_number_of_smbd_processes(void)
static BOOL allowable_number_of_smbd_processes(void)
{
int max_processes = lp_max_smbd_processes();

2
source3/utils/net_rpc_join.c
View File

@ -42,7 +42,7 @@
* @return A shell status integer (0 for success)
*
**/
int net_rpc_join_ok(const char *domain)
static int net_rpc_join_ok(const char *domain)
{
struct cli_state *cli;
uchar stored_md4_trust_password[16];

12
source3/utils/net_rpc_samsync.c
View File

@ -62,21 +62,21 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) {
sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
} else {
smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0);
pdb_sethexpwd(hex_lm_passwd, NULL, 0);
}
if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) {
sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
} else {
smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0);
pdb_sethexpwd(hex_nt_passwd, NULL, 0);
}
printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
a->user_rid, hex_lm_passwd, hex_nt_passwd,
smbpasswd_encode_acb_info(a->acb_info));
pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
}
static void display_domain_info(SAM_DOMAIN_INFO *a)
@ -432,7 +432,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
pstrcpy(add_script, lp_addmachine_script());
} else {
DEBUG(1, ("Unknown user type: %s\n",
smbpasswd_encode_acb_info(delta->acb_info)));
pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
nt_ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}

2
source3/web/cgi.c
View File

@ -91,7 +91,7 @@ static char *grab_line(FILE *f, int *cl)
(This was in rfc1738_unescape(), but that broke the squid helper)
**/
void plus_to_space_unescape(char *buf)
static void plus_to_space_unescape(char *buf)
{
char *p=buf;