1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r16241: Fix Klocwork #106 and others like it.

Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
This commit is contained in:
Jeremy Allison 2006-06-15 01:54:09 +00:00 committed by Gerald (Jerry) Carter
parent a1e0a0e928
commit f9147c4e40
9 changed files with 366 additions and 631 deletions

View File

@ -1085,6 +1085,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
const DOM_SID *gr_sid = NULL;
if ( !(sam_acct = samu_new( tmp_ctx )) ) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
@ -1347,25 +1348,44 @@ static auth_serversupplied_info *copy_serverinfo(auth_serversupplied_info *src)
dst->uid = src->uid;
dst->gid = src->gid;
dst->n_groups = src->n_groups;
if (src->n_groups != 0)
if (src->n_groups != 0) {
dst->groups = talloc_memdup(dst, src->groups,
sizeof(gid_t)*dst->n_groups);
else
} else {
dst->groups = NULL;
dst->ptok = dup_nt_token(dst, src->ptok);
}
if (src->ptok) {
dst->ptok = dup_nt_token(dst, src->ptok);
if (!dst->ptok) {
TALLOC_FREE(dst);
return NULL;
}
}
dst->user_session_key = data_blob_talloc( dst, src->user_session_key.data,
src->user_session_key.length);
src->user_session_key.length);
dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data,
src->lm_session_key.length);
if ( (dst->sam_account = samu_new( NULL )) != NULL )
pdb_copy_sam_account(dst->sam_account, src->sam_account);
src->lm_session_key.length);
dst->sam_account = samu_new(NULL);
if (!dst->sam_account) {
TALLOC_FREE(dst);
return NULL;
}
if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) {
TALLOC_FREE(dst);
return NULL;
}
dst->pam_handle = NULL;
dst->unix_name = talloc_strdup(dst, src->unix_name);
if (!dst->unix_name) {
TALLOC_FREE(dst);
return NULL;
}
return dst;
}

View File

@ -42,72 +42,80 @@
int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
int argc, const char **argv )
{
unsigned int ctrl;
int retval;
unsigned int ctrl;
int retval;
const char *name;
struct samu *sampass = NULL;
void (*oldsig_handler)(int);
extern BOOL in_client;
const char *name;
struct samu *sampass = NULL;
void (*oldsig_handler)(int);
extern BOOL in_client;
/* Samba initialization. */
load_case_tables();
setup_logging( "pam_smbpass", False );
in_client = True;
/* Samba initialization. */
load_case_tables();
setup_logging( "pam_smbpass", False );
in_client = True;
ctrl = set_ctrl( flags, argc, argv );
ctrl = set_ctrl( flags, argc, argv );
/* get the username */
/* get the username */
retval = pam_get_user( pamh, &name, "Username: " );
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: could not identify user" );
}
return retval;
}
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
retval = pam_get_user( pamh, &name, "Username: " );
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: could not identify user" );
}
return retval;
}
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
/* Get the user's record. */
/* Get the user's record. */
if ( (sampass = samu_new( NULL )) != NULL ) {
pdb_getsampwnam(sampass, name );
}
if (!(sampass = samu_new( NULL ))) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
/* malloc fail. */
return nt_status_to_pam(NT_STATUS_NO_MEMORY);
}
/* check for lookup failure */
if ( !sampass || !strlen(pdb_get_username(sampass)) ) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
if (!pdb_getsampwnam(sampass, name )) {
_log_err( LOG_DEBUG, "acct: could not identify user" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG
, "acct: account %s is administratively disabled", name );
}
make_remark( pamh, ctrl, PAM_ERROR_MSG
, "Your account has been disabled; "
"please see your system administrator." );
/* check for lookup failure */
if (!strlen(pdb_get_username(sampass)) ) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_ACCT_EXPIRED;
}
if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG
, "acct: account %s is administratively disabled", name );
}
make_remark( pamh, ctrl, PAM_ERROR_MSG
, "Your account has been disabled; "
"please see your system administrator." );
/* TODO: support for expired passwords. */
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_ACCT_EXPIRED;
}
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_SUCCESS;
/* TODO: support for expired passwords. */
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_SUCCESS;
}
/* static module data */

View File

@ -62,94 +62,97 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
unsigned int ctrl;
int retval, *ret_data = NULL;
struct samu *sampass = NULL;
extern BOOL in_client;
const char *name;
void (*oldsig_handler)(int) = NULL;
BOOL found;
unsigned int ctrl;
int retval, *ret_data = NULL;
struct samu *sampass = NULL;
extern BOOL in_client;
const char *name;
void (*oldsig_handler)(int) = NULL;
BOOL found;
/* Points to memory managed by the PAM library. Do not free. */
char *p = NULL;
/* Points to memory managed by the PAM library. Do not free. */
char *p = NULL;
/* Samba initialization. */
load_case_tables();
setup_logging("pam_smbpass",False);
in_client = True;
/* Samba initialization. */
load_case_tables();
setup_logging("pam_smbpass",False);
in_client = True;
ctrl = set_ctrl(flags, argc, argv);
ctrl = set_ctrl(flags, argc, argv);
/* Get a few bytes so we can pass our return value to
pam_sm_setcred(). */
ret_data = SMB_MALLOC_P(int);
/* Get a few bytes so we can pass our return value to
pam_sm_setcred(). */
ret_data = SMB_MALLOC_P(int);
/* we need to do this before we call AUTH_RETURN */
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
/* we need to do this before we call AUTH_RETURN */
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
/* get the username */
retval = pam_get_user( pamh, &name, "Username: " );
if ( retval != PAM_SUCCESS ) {
if (on( SMB_DEBUG, ctrl )) {
_log_err(LOG_DEBUG, "auth: could not identify user");
}
AUTH_RETURN;
}
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "username [%s] obtained", name );
}
/* get the username */
retval = pam_get_user( pamh, &name, "Username: " );
if ( retval != PAM_SUCCESS ) {
if (on( SMB_DEBUG, ctrl )) {
_log_err(LOG_DEBUG, "auth: could not identify user");
}
AUTH_RETURN;
}
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "username [%s] obtained", name );
}
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
AUTH_RETURN;
}
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
AUTH_RETURN;
}
sampass = samu_new( NULL );
if (!sampass) {
_log_err( LOG_ALERT, "Cannot talloc a samu struct" );
retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
AUTH_RETURN;
}
sampass = samu_new( NULL );
found = pdb_getsampwnam( sampass, name );
found = pdb_getsampwnam( sampass, name );
if (on( SMB_MIGRATE, ctrl )) {
retval = _smb_add_user(pamh, ctrl, name, sampass, found);
TALLOC_FREE(sampass);
AUTH_RETURN;
}
if (on( SMB_MIGRATE, ctrl )) {
retval = _smb_add_user(pamh, ctrl, name, sampass, found);
TALLOC_FREE(sampass);
AUTH_RETURN;
}
if (!found) {
_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
retval = PAM_USER_UNKNOWN;
TALLOC_FREE(sampass);
sampass = NULL;
AUTH_RETURN;
}
if (!found) {
_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
retval = PAM_USER_UNKNOWN;
TALLOC_FREE(sampass);
sampass = NULL;
AUTH_RETURN;
}
/* if this user does not have a password... */
/* if this user does not have a password... */
if (_smb_blankpasswd( ctrl, sampass )) {
TALLOC_FREE(sampass);
retval = PAM_SUCCESS;
AUTH_RETURN;
}
if (_smb_blankpasswd( ctrl, sampass )) {
TALLOC_FREE(sampass);
retval = PAM_SUCCESS;
AUTH_RETURN;
}
/* get this user's authentication token */
/* get this user's authentication token */
retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
if (retval != PAM_SUCCESS ) {
_log_err(LOG_CRIT, "auth: no password provided for [%s]"
, name);
TALLOC_FREE(sampass);
AUTH_RETURN;
}
retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
if (retval != PAM_SUCCESS ) {
_log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
TALLOC_FREE(sampass);
AUTH_RETURN;
}
/* verify the password of this user */
/* verify the password of this user */
retval = _smb_verify_password( pamh, sampass, p, ctrl );
TALLOC_FREE(sampass);
p = NULL;
AUTH_RETURN;
retval = _smb_verify_password( pamh, sampass, p, ctrl );
TALLOC_FREE(sampass);
p = NULL;
AUTH_RETURN;
}
/*
@ -255,4 +258,3 @@ struct pam_module _pam_smbpass_auth_modstruct = {
NULL
};
#endif

View File

@ -67,7 +67,7 @@ static int samu_destroy(void *p)
generate a new struct samuser
***********************************************************************/
struct samu* samu_new( TALLOC_CTX *ctx )
struct samu *samu_new( TALLOC_CTX *ctx )
{
struct samu *user;
@ -634,7 +634,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
char *err_str, size_t err_str_len,
char *msg_str, size_t msg_str_len)
{
struct samu *sam_pass=NULL;
struct samu *sam_pass=NULL;
uint32 other_acb;
NTSTATUS result;
@ -1094,12 +1094,6 @@ uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_onl
uint32 nt_pw_hist_len;
uint32 pwHistLen = 0;
/* do we have a valid struct samu pointer? */
if (sampass == NULL) {
DEBUG(0, ("init_buffer_from_sam: struct samu is NULL!\n"));
return -1;
}
*buf = NULL;
buflen = 0;
@ -1330,27 +1324,31 @@ uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_onl
BOOL pdb_copy_sam_account(struct samu *dst, struct samu *src )
{
BOOL result;
uint8 *buf;
uint8 *buf = NULL;
int len;
if ( !dst )
return False;
len = init_buffer_from_sam_v3(&buf, src, False);
if (len == -1)
if (len == -1 || !buf) {
return False;
}
if (!init_sam_from_buffer_v3( dst, buf, len )) {
free(buf);
return False;
}
result = init_sam_from_buffer_v3( dst, buf, len );
dst->methods = src->methods;
if ( src->unix_pw )
if ( src->unix_pw ) {
dst->unix_pw = tcopy_passwd( dst, src->unix_pw );
if (!dst->unix_pw) {
free(buf);
return False;
}
}
free(buf);
return result;
return True;
}
/*********************************************************************
@ -1363,8 +1361,6 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
uint16 BadPasswordCount;
uint32 resettime;
if (!sampass) return False;
BadPasswordCount = pdb_get_bad_password_count(sampass);
if (!BadPasswordCount) {
DEBUG(9, ("No bad password attempts.\n"));
@ -1405,8 +1401,6 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
uint32 duration;
time_t LastBadPassword;
if (!sampass) return False;
if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) {
DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n",
pdb_get_username(sampass)));
@ -1459,9 +1453,6 @@ BOOL pdb_increment_bad_password_count(struct samu *sampass)
BOOL autolock_updated = False, badpw_updated = False;
BOOL ret;
if (!sampass)
return False;
/* Retrieve the account lockout policy */
become_root();
ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);

View File

@ -40,127 +40,81 @@
Collection of get...() functions for struct samu.
********************************************************************/
uint32 pdb_get_acct_ctrl (const struct samu *sampass)
uint32 pdb_get_acct_ctrl(const struct samu *sampass)
{
if (sampass)
return (sampass->acct_ctrl);
else
return (ACB_DISABLED);
return sampass->acct_ctrl;
}
time_t pdb_get_logon_time (const struct samu *sampass)
time_t pdb_get_logon_time(const struct samu *sampass)
{
if (sampass)
return (sampass->logon_time);
else
return (0);
return sampass->logon_time;
}
time_t pdb_get_logoff_time (const struct samu *sampass)
time_t pdb_get_logoff_time(const struct samu *sampass)
{
if (sampass)
return (sampass->logoff_time);
else
return (-1);
return sampass->logoff_time;
}
time_t pdb_get_kickoff_time (const struct samu *sampass)
time_t pdb_get_kickoff_time(const struct samu *sampass)
{
if (sampass)
return (sampass->kickoff_time);
else
return (-1);
return sampass->kickoff_time;
}
time_t pdb_get_bad_password_time (const struct samu *sampass)
time_t pdb_get_bad_password_time(const struct samu *sampass)
{
if (sampass)
return (sampass->bad_password_time);
else
return (-1);
return sampass->bad_password_time;
}
time_t pdb_get_pass_last_set_time (const struct samu *sampass)
time_t pdb_get_pass_last_set_time(const struct samu *sampass)
{
if (sampass)
return (sampass->pass_last_set_time);
else
return (-1);
return sampass->pass_last_set_time;
}
time_t pdb_get_pass_can_change_time (const struct samu *sampass)
time_t pdb_get_pass_can_change_time(const struct samu *sampass)
{
if (sampass)
return (sampass->pass_can_change_time);
else
return (-1);
return sampass->pass_can_change_time;
}
time_t pdb_get_pass_must_change_time (const struct samu *sampass)
time_t pdb_get_pass_must_change_time(const struct samu *sampass)
{
if (sampass)
return (sampass->pass_must_change_time);
else
return (-1);
return sampass->pass_must_change_time;
}
uint16 pdb_get_logon_divs (const struct samu *sampass)
uint16 pdb_get_logon_divs(const struct samu *sampass)
{
if (sampass)
return (sampass->logon_divs);
else
return (-1);
return sampass->logon_divs;
}
uint32 pdb_get_hours_len (const struct samu *sampass)
uint32 pdb_get_hours_len(const struct samu *sampass)
{
if (sampass)
return (sampass->hours_len);
else
return (-1);
return sampass->hours_len;
}
const uint8* pdb_get_hours (const struct samu *sampass)
const uint8 *pdb_get_hours(const struct samu *sampass)
{
if (sampass)
return (sampass->hours);
else
return (NULL);
return (sampass->hours);
}
const uint8* pdb_get_nt_passwd (const struct samu *sampass)
const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
{
if (sampass) {
SMB_ASSERT((!sampass->nt_pw.data)
|| sampass->nt_pw.length == NT_HASH_LEN);
return ((uint8*)sampass->nt_pw.data);
}
else
return (NULL);
SMB_ASSERT((!sampass->nt_pw.data)
|| sampass->nt_pw.length == NT_HASH_LEN);
return (uint8 *)sampass->nt_pw.data;
}
const uint8* pdb_get_lanman_passwd (const struct samu *sampass)
const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
{
if (sampass) {
SMB_ASSERT((!sampass->lm_pw.data)
|| sampass->lm_pw.length == LM_HASH_LEN);
return ((uint8*)sampass->lm_pw.data);
}
else
return (NULL);
SMB_ASSERT((!sampass->lm_pw.data)
|| sampass->lm_pw.length == LM_HASH_LEN);
return (uint8 *)sampass->lm_pw.data;
}
const uint8* pdb_get_pw_history (const struct samu *sampass, uint32 *current_hist_len)
const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
{
if (sampass) {
SMB_ASSERT((!sampass->nt_pw_his.data)
|| ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
*current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
return ((uint8*)sampass->nt_pw_his.data);
} else {
*current_hist_len = 0;
return (NULL);
}
SMB_ASSERT((!sampass->nt_pw_his.data)
|| ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
*current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
return (uint8 *)sampass->nt_pw_his.data;
}
/* Return the plaintext password if known. Most of the time
@ -169,20 +123,14 @@ const uint8* pdb_get_pw_history (const struct samu *sampass, uint32 *current_his
Used to pass the plaintext to passdb backends that might
want to store more than just the NTLM hashes.
*/
const char* pdb_get_plaintext_passwd (const struct samu *sampass)
const char *pdb_get_plaintext_passwd(const struct samu *sampass)
{
if (sampass) {
return (sampass->plaintext_pw);
}
else
return (NULL);
return sampass->plaintext_pw;
}
const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
{
if (sampass)
return &sampass->user_sid;
return NULL;
return &sampass->user_sid;
}
const DOM_SID *pdb_get_group_sid(struct samu *sampass)
@ -190,14 +138,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
DOM_SID *gsid;
struct passwd *pwd;
/* sanity check */
if ( !sampass ) {
return NULL;
}
/* Return the cached group SID if we have that */
if ( sampass->group_sid ) {
return sampass->group_sid;
}
@ -213,10 +154,11 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
be a newly allocated one. We rely on the user's Unix primary gid.
We have no choice but to fail if we can't find it. */
if ( sampass->unix_pw )
if ( sampass->unix_pw ) {
pwd = sampass->unix_pw;
else
} else {
pwd = getpwnam_alloc( sampass, pdb_get_username(sampass) );
}
if ( !pwd ) {
DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
@ -264,11 +206,11 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
* @return the flags indicating the members initialised in the struct.
**/
enum pdb_value_state pdb_get_init_flags (const struct samu *sampass, enum pdb_elements element)
enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
{
enum pdb_value_state ret = PDB_DEFAULT;
if (!sampass || !sampass->change_flags || !sampass->set_flags)
if (!sampass->change_flags || !sampass->set_flags)
return ret;
if (bitmap_query(sampass->set_flags, element)) {
@ -288,147 +230,103 @@ enum pdb_value_state pdb_get_init_flags (const struct samu *sampass, enum pdb_el
return ret;
}
const char* pdb_get_username (const struct samu *sampass)
const char *pdb_get_username(const struct samu *sampass)
{
if (sampass)
return (sampass->username);
else
return (NULL);
return sampass->username;
}
const char* pdb_get_domain (const struct samu *sampass)
const char *pdb_get_domain(const struct samu *sampass)
{
if (sampass)
return (sampass->domain);
else
return (NULL);
return sampass->domain;
}
const char* pdb_get_nt_username (const struct samu *sampass)
const char *pdb_get_nt_username(const struct samu *sampass)
{
if (sampass)
return (sampass->nt_username);
else
return (NULL);
return sampass->nt_username;
}
const char* pdb_get_fullname (const struct samu *sampass)
const char *pdb_get_fullname(const struct samu *sampass)
{
if (sampass)
return (sampass->full_name);
else
return (NULL);
return sampass->full_name;
}
const char* pdb_get_homedir (const struct samu *sampass)
const char *pdb_get_homedir(const struct samu *sampass)
{
if (sampass)
return (sampass->home_dir);
else
return (NULL);
return sampass->home_dir;
}
const char* pdb_get_unix_homedir (const struct samu *sampass)
const char *pdb_get_unix_homedir(const struct samu *sampass)
{
if ( sampass && sampass->unix_pw )
return ( sampass->unix_pw->pw_dir );
return (NULL);
if (sampass->unix_pw ) {
return sampass->unix_pw->pw_dir;
}
return NULL;
}
const char* pdb_get_dir_drive (const struct samu *sampass)
const char *pdb_get_dir_drive(const struct samu *sampass)
{
if (sampass)
return (sampass->dir_drive);
else
return (NULL);
return sampass->dir_drive;
}
const char* pdb_get_logon_script (const struct samu *sampass)
const char *pdb_get_logon_script(const struct samu *sampass)
{
if (sampass)
return (sampass->logon_script);
else
return (NULL);
return sampass->logon_script;
}
const char* pdb_get_profile_path (const struct samu *sampass)
const char *pdb_get_profile_path(const struct samu *sampass)
{
if (sampass)
return (sampass->profile_path);
else
return (NULL);
return sampass->profile_path;
}
const char* pdb_get_acct_desc (const struct samu *sampass)
const char *pdb_get_acct_desc(const struct samu *sampass)
{
if (sampass)
return (sampass->acct_desc);
else
return (NULL);
return sampass->acct_desc;
}
const char* pdb_get_workstations (const struct samu *sampass)
const char *pdb_get_workstations(const struct samu *sampass)
{
if (sampass)
return (sampass->workstations);
else
return (NULL);
return sampass->workstations;
}
const char* pdb_get_unknown_str (const struct samu *sampass)
const char *pdb_get_unknown_str(const struct samu *sampass)
{
if (sampass)
return (sampass->unknown_str);
else
return (NULL);
return sampass->unknown_str;
}
const char* pdb_get_munged_dial (const struct samu *sampass)
const char *pdb_get_munged_dial(const struct samu *sampass)
{
if (sampass)
return (sampass->munged_dial);
else
return (NULL);
return sampass->munged_dial;
}
uint16 pdb_get_bad_password_count(const struct samu *sampass)
{
if (sampass)
return (sampass->bad_password_count);
else
return 0;
return sampass->bad_password_count;
}
uint16 pdb_get_logon_count(const struct samu *sampass)
{
if (sampass)
return (sampass->logon_count);
else
return 0;
return sampass->logon_count;
}
uint32 pdb_get_unknown_6 (const struct samu *sampass)
uint32 pdb_get_unknown_6(const struct samu *sampass)
{
if (sampass)
return (sampass->unknown_6);
else
return (-1);
return sampass->unknown_6;
}
void *pdb_get_backend_private_data (const struct samu *sampass, const struct pdb_methods *my_methods)
void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
{
if (sampass && my_methods == sampass->backend_private_methods)
if (my_methods == sampass->backend_private_methods) {
return sampass->backend_private_data;
else
} else {
return NULL;
}
}
/*********************************************************************
Collection of set...() functions for struct samu.
********************************************************************/
BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
BOOL pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -438,7 +336,7 @@ BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_s
return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
}
BOOL pdb_set_logon_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -448,7 +346,7 @@ BOOL pdb_set_logon_time (struct samu *sampass, time_t mytime, enum pdb_value_sta
return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
}
BOOL pdb_set_logoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -458,7 +356,7 @@ BOOL pdb_set_logoff_time (struct samu *sampass, time_t mytime, enum pdb_value_st
return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
}
BOOL pdb_set_kickoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -468,8 +366,7 @@ BOOL pdb_set_kickoff_time (struct samu *sampass, time_t mytime, enum pdb_value_s
return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
}
BOOL pdb_set_bad_password_time (struct samu *sampass, time_t mytime,
enum pdb_value_state flag)
BOOL pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -479,7 +376,7 @@ BOOL pdb_set_bad_password_time (struct samu *sampass, time_t mytime,
return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
}
BOOL pdb_set_pass_can_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -489,7 +386,7 @@ BOOL pdb_set_pass_can_change_time (struct samu *sampass, time_t mytime, enum pdb
return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
}
BOOL pdb_set_pass_must_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -499,7 +396,7 @@ BOOL pdb_set_pass_must_change_time (struct samu *sampass, time_t mytime, enum pd
return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
}
BOOL pdb_set_pass_last_set_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
BOOL pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -509,7 +406,7 @@ BOOL pdb_set_pass_last_set_time (struct samu *sampass, time_t mytime, enum pdb_v
return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
}
BOOL pdb_set_hours_len (struct samu *sampass, uint32 len, enum pdb_value_state flag)
BOOL pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -519,7 +416,7 @@ BOOL pdb_set_hours_len (struct samu *sampass, uint32 len, enum pdb_value_state f
return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
}
BOOL pdb_set_logon_divs (struct samu *sampass, uint16 hours, enum pdb_value_state flag)
BOOL pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -536,7 +433,7 @@ BOOL pdb_set_logon_divs (struct samu *sampass, uint16 hours, enum pdb_value_stat
* this flag is only added.
**/
BOOL pdb_set_init_flags (struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
BOOL pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
{
if (!sampass || !sampass)
return False;
@ -598,7 +495,7 @@ BOOL pdb_set_init_flags (struct samu *sampass, enum pdb_elements element, enum p
return True;
}
BOOL pdb_set_user_sid (struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
BOOL pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
return False;
@ -611,7 +508,7 @@ BOOL pdb_set_user_sid (struct samu *sampass, const DOM_SID *u_sid, enum pdb_valu
return pdb_set_init_flags(sampass, PDB_USERSID, flag);
}
BOOL pdb_set_user_sid_from_string (struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
BOOL pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
{
DOM_SID new_sid;
@ -642,7 +539,7 @@ BOOL pdb_set_user_sid_from_string (struct samu *sampass, fstring u_sid, enum pdb
have to allow the explicitly setting of a group SID here.
********************************************************************/
BOOL pdb_set_group_sid (struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
BOOL pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
{
gid_t gid;
@ -808,7 +705,7 @@ BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum p
Set the user's profile path.
********************************************************************/
BOOL pdb_set_profile_path (struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
BOOL pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -835,7 +732,7 @@ BOOL pdb_set_profile_path (struct samu *sampass, const char *profile_path, enum
Set the user's directory drive.
********************************************************************/
BOOL pdb_set_dir_drive (struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
BOOL pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -862,7 +759,7 @@ BOOL pdb_set_dir_drive (struct samu *sampass, const char *dir_drive, enum pdb_va
Set the user's home directory.
********************************************************************/
BOOL pdb_set_homedir (struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
BOOL pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -889,7 +786,7 @@ BOOL pdb_set_homedir (struct samu *sampass, const char *home_dir, enum pdb_value
Set the user's account description.
********************************************************************/
BOOL pdb_set_acct_desc (struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
BOOL pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -913,7 +810,7 @@ BOOL pdb_set_acct_desc (struct samu *sampass, const char *acct_desc, enum pdb_va
Set the user's workstation allowed list.
********************************************************************/
BOOL pdb_set_workstations (struct samu *sampass, const char *workstations, enum pdb_value_state flag)
BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -940,7 +837,7 @@ BOOL pdb_set_workstations (struct samu *sampass, const char *workstations, enum
Set the user's 'unknown_str', whatever the heck this actually is...
********************************************************************/
BOOL pdb_set_unknown_str (struct samu *sampass, const char *unknown_str, enum pdb_value_state flag)
BOOL pdb_set_unknown_str(struct samu *sampass, const char *unknown_str, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -964,7 +861,7 @@ BOOL pdb_set_unknown_str (struct samu *sampass, const char *unknown_str, enum pd
Set the user's dial string.
********************************************************************/
BOOL pdb_set_munged_dial (struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
BOOL pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -988,7 +885,7 @@ BOOL pdb_set_munged_dial (struct samu *sampass, const char *munged_dial, enum pd
Set the user's NT hash.
********************************************************************/
BOOL pdb_set_nt_passwd (struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
BOOL pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1009,7 +906,7 @@ BOOL pdb_set_nt_passwd (struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum
Set the user's LM hash.
********************************************************************/
BOOL pdb_set_lanman_passwd (struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
BOOL pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1034,7 +931,7 @@ BOOL pdb_set_lanman_passwd (struct samu *sampass, const uint8 pwd[LM_HASH_LEN],
in pwd.
********************************************************************/
BOOL pdb_set_pw_history (struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
BOOL pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1058,7 +955,7 @@ BOOL pdb_set_pw_history (struct samu *sampass, const uint8 *pwd, uint32 historyL
below)
********************************************************************/
BOOL pdb_set_plaintext_pw_only (struct samu *sampass, const char *password, enum pdb_value_state flag)
BOOL pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1101,7 +998,7 @@ BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_valu
return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
}
BOOL pdb_set_unknown_6 (struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
BOOL pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1111,7 +1008,7 @@ BOOL pdb_set_unknown_6 (struct samu *sampass, uint32 unkn, enum pdb_value_state
return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
}
BOOL pdb_set_hours (struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
BOOL pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
{
if (!sampass)
return False;
@ -1126,7 +1023,7 @@ BOOL pdb_set_hours (struct samu *sampass, const uint8 *hours, enum pdb_value_sta
return pdb_set_init_flags(sampass, PDB_HOURS, flag);
}
BOOL pdb_set_backend_private_data (struct samu *sampass, void *private_data,
BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data,
void (*free_fn)(void **),
const struct pdb_methods *my_methods,
enum pdb_value_state flag)
@ -1155,7 +1052,7 @@ BOOL pdb_set_backend_private_data (struct samu *sampass, void *private_data,
password change.
********************************************************************/
BOOL pdb_set_pass_changed_now (struct samu *sampass)
BOOL pdb_set_pass_changed_now(struct samu *sampass)
{
uint32 expire;
uint32 min_age;
@ -1195,7 +1092,7 @@ BOOL pdb_set_pass_changed_now (struct samu *sampass)
Also sets the last change time to NOW.
********************************************************************/
BOOL pdb_set_plaintext_passwd (struct samu *sampass, const char *plaintext)
BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
{
uchar new_lanman_p16[LM_HASH_LEN];
uchar new_nt_p16[NT_HASH_LEN];
@ -1294,7 +1191,7 @@ BOOL pdb_set_plaintext_passwd (struct samu *sampass, const char *plaintext)
}
/* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
uint32 pdb_build_fields_present (struct samu *sampass)
uint32 pdb_build_fields_present(struct samu *sampass)
{
/* value set to all for testing */
return 0x00ffffff;

View File

@ -37,7 +37,9 @@ static struct pdb_init_function_entry *backends = NULL;
static void lazy_initialize_passdb(void)
{
static BOOL initialized = False;
if(initialized)return;
if(initialized) {
return;
}
static_init_pdb;
initialized = True;
}
@ -201,13 +203,19 @@ static struct pdb_methods *pdb_get_methods_reload( BOOL reload )
if ( pdb && reload ) {
pdb->free_private_data( &(pdb->private_data) );
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
return NULL;
pstring msg;
slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n",
lp_passdb_backend() );
smb_panic(msg);
}
}
if ( !pdb ) {
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
return NULL;
pstring msg;
slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n",
lp_passdb_backend() );
smb_panic(msg);
}
}
@ -226,22 +234,12 @@ static struct pdb_methods *pdb_get_methods(void)
BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask));
}
void pdb_endsampwent(void)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return;
}
pdb->endsampwent(pdb);
}
@ -249,16 +247,10 @@ BOOL pdb_getsampwent(struct samu *user)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) {
return False;
}
pdb_force_pw_initialization( user );
return True;
}
@ -266,10 +258,6 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
return False;
}
@ -280,8 +268,14 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username)
pdb_force_pw_initialization( sam_acct );
if ( (csamuser = samu_new( NULL )) != NULL ) {
pdb_copy_sam_account(csamuser, sam_acct);
csamuser = samu_new( NULL );
if (!csamuser) {
return False;
}
if (!pdb_copy_sam_account(csamuser, sam_acct)) {
TALLOC_FREE(csamuser);
return False;
}
return True;
@ -314,13 +308,9 @@ BOOL guest_user_info( struct samu *user )
BOOL pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
{
struct pdb_methods *pdb;
struct pdb_methods *pdb = pdb_get_methods();
uint32 rid;
if ( !(pdb = pdb_get_methods()) ) {
return False;
}
/* hard code the Guest RID of 501 */
if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
@ -410,11 +400,6 @@ NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
uint32 *rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->create_user(pdb, mem_ctx, name, flags, rid);
}
@ -472,10 +457,6 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
struct pdb_methods *pdb = pdb_get_methods();
uid_t uid = -1;
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
/* sanity check to make sure we don't delete root */
if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
@ -492,11 +473,6 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->add_sam_account(pdb, sam_acct);
}
@ -504,10 +480,6 @@ NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
if (csamuser != NULL) {
TALLOC_FREE(csamuser);
csamuser = NULL;
@ -520,10 +492,6 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
if (csamuser != NULL) {
TALLOC_FREE(csamuser);
csamuser = NULL;
@ -537,10 +505,6 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
struct pdb_methods *pdb = pdb_get_methods();
uid_t uid;
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
if (csamuser != NULL) {
TALLOC_FREE(csamuser);
csamuser = NULL;
@ -562,44 +526,24 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, BOOL success)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
return pdb->update_login_attempts(pdb, sam_acct, success);
}
BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
}
BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
}
BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
}
@ -645,11 +589,6 @@ NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
uint32 *rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->create_dom_group(pdb, mem_ctx, name, rid);
}
@ -704,44 +643,24 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->delete_dom_group(pdb, mem_ctx, rid);
}
NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->add_group_mapping_entry(pdb, map);
}
NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->update_group_mapping_entry(pdb, map);
}
NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->delete_group_mapping_entry(pdb, sid);
}
@ -749,11 +668,6 @@ BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use,
size_t *p_num_entries, BOOL unix_only)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
pp_rmap, p_num_entries, unix_only));
}
@ -766,10 +680,6 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
struct pdb_methods *pdb = pdb_get_methods();
NTSTATUS result;
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
result = pdb->enum_group_members(pdb, mem_ctx,
sid, pp_member_rids, p_num_members);
@ -796,11 +706,6 @@ NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
size_t *p_num_groups)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->enum_group_memberships(
pdb, mem_ctx, user,
pp_sids, pp_gids, p_num_groups);
@ -829,11 +734,6 @@ static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->set_unix_primary_group(pdb, mem_ctx, user);
}
@ -923,11 +823,6 @@ NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
uint32 member_rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
}
@ -990,44 +885,24 @@ NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
uint32 member_rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
}
BOOL pdb_find_alias(const char *name, DOM_SID *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->find_alias(pdb, name, sid));
}
NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
return pdb->create_alias(pdb, name, rid);
}
BOOL pdb_delete_alias(const DOM_SID *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->delete_alias(pdb, sid));
}
@ -1035,44 +910,24 @@ BOOL pdb_delete_alias(const DOM_SID *sid)
BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->get_aliasinfo(pdb, sid, info));
}
BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->set_aliasinfo(pdb, sid, info));
}
NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->add_aliasmem(pdb, alias, member);
}
NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->del_aliasmem(pdb, alias, member);
}
@ -1080,13 +935,7 @@ NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
DOM_SID **pp_members, size_t *p_num_members)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
return pdb->enum_aliasmem(pdb, alias,
pp_members, p_num_members);
return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members);
}
NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
@ -1096,11 +945,6 @@ NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
size_t *p_num_alias_rids)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
return pdb->enum_alias_memberships(pdb, mem_ctx,
domain_sid,
members, num_members,
@ -1115,11 +959,6 @@ NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid,
uint32 *attrs)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
return pdb->lookup_rids(pdb, domain_sid,
num_rids, rids, names, attrs);
}
@ -1131,11 +970,6 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
uint32 *attrs)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return NT_STATUS_NOT_IMPLEMENTED;
}
return pdb->lookup_names(pdb, domain_sid,
num_names, names, rids, attrs);
}
@ -1143,55 +977,30 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
BOOL pdb_get_account_policy(int policy_index, uint32 *value)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
}
BOOL pdb_set_account_policy(int policy_index, uint32 value)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
}
BOOL pdb_get_seq_num(time_t *seq_num)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return pdb->uid_to_rid(pdb, uid, rid);
}
BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return pdb->gid_to_sid(pdb, gid, sid);
}
@ -1199,22 +1008,12 @@ BOOL pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
enum SID_NAME_USE *type)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return pdb->sid_to_id(pdb, sid, id, type);
}
BOOL pdb_rid_algorithm(void)
{
struct pdb_methods *pdb = pdb_get_methods();
if ( !pdb ) {
return False;
}
return pdb->rid_algorithm(pdb);
}
@ -1234,10 +1033,6 @@ BOOL pdb_new_rid(uint32 *rid)
int i;
TALLOC_CTX *ctx;
if ( !pdb ) {
return False;
}
if (pdb_rid_algorithm()) {
DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
"are active\n"));
@ -2079,10 +1874,10 @@ struct pdb_search *pdb_search_users(uint32 acct_flags)
struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
if (pdb == NULL) return NULL;
result = pdb_search_init(PDB_USER_SEARCH);
if (result == NULL) return NULL;
if (result == NULL) {
return NULL;
}
if (!pdb->search_users(pdb, result, acct_flags)) {
talloc_destroy(result->mem_ctx);
@ -2096,10 +1891,10 @@ struct pdb_search *pdb_search_groups(void)
struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
if (pdb == NULL) return NULL;
result = pdb_search_init(PDB_GROUP_SEARCH);
if (result == NULL) return NULL;
if (result == NULL) {
return NULL;
}
if (!pdb->search_groups(pdb, result)) {
talloc_destroy(result->mem_ctx);

View File

@ -238,7 +238,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
ret = pdb_getsampwnam(sampass, mach_acct);
unbecome_root();
if (ret == False) {
if (!ret) {
DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
TALLOC_FREE(sampass);
return NT_STATUS_ACCESS_DENIED;
@ -562,26 +562,30 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
}
/* We must store the creds state after an update. */
sampass = samu_new( NULL );
if (!sampass) {
return NT_STATUS_NO_MEMORY;
}
become_root();
secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
remote_machine,
p->dc);
if ( (sampass = samu_new( NULL )) != NULL ) {
ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
}
ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
unbecome_root();
if ( !sampass )
return NT_STATUS_NO_MEMORY;
if (!ret) {
TALLOC_FREE(sampass);
return NT_STATUS_ACCESS_DENIED;
}
/* Ensure the account exists and is a machine account. */
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (!(ret
&& (acct_ctrl & ACB_WSTRUST ||
if (!(acct_ctrl & ACB_WSTRUST ||
acct_ctrl & ACB_SVRTRUST ||
acct_ctrl & ACB_DOMTRUST))) {
acct_ctrl & ACB_DOMTRUST)) {
TALLOC_FREE(sampass);
return NT_STATUS_NO_SUCH_USER;
}
@ -626,7 +630,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
}
become_root();
r_u->status = pdb_update_sam_account (sampass);
r_u->status = pdb_update_sam_account(sampass);
unbecome_root();
}

View File

@ -2010,6 +2010,12 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
return False;
}
if ( !(sampw = samu_new(mem_ctx)) ) {
DEBUG(0, ("samu_new() failed!\n"));
TALLOC_FREE(mem_ctx);
return False;
}
/* Lookup the user information; This should only be one of
our accounts (not remote domains) */
@ -2027,11 +2033,6 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
goto done;
}
if ( !(sampw = samu_new(mem_ctx)) ) {
DEBUG(0, ("samu_new() failed!\n"));
goto done;
}
if ( !pdb_getsampwsid(sampw, &user_sid) ) {
DEBUG(10, ("pdb_getsampwsid(%s) failed for user %s\n",
sid_string_static(&user_sid), UserName));

View File

@ -403,12 +403,19 @@ static int process_root(int local_flags)
if(local_flags & LOCAL_ENABLE_USER) {
struct samu *sampass = NULL;
BOOL ret;
sampass = samu_new( NULL );
ret = pdb_getsampwnam(sampass, user_name);
if((ret) &&
(pdb_get_nt_passwd(sampass) == NULL)) {
if (!sampass) {
fprintf(stderr, "talloc fail for struct samu.\n");
exit(1);
}
if (!pdb_getsampwnam(sampass, user_name)) {
fprintf(stderr, "Failed to find user %s in passdb backend.\n",
user_name );
exit(1);
}
if(pdb_get_nt_passwd(sampass) == NULL) {
local_flags |= LOCAL_SET_PASSWORD;
}
TALLOC_FREE(sampass);
@ -437,16 +444,26 @@ static int process_root(int local_flags)
printf("Password changed for user %s on %s.\n", user_name, remote_machine );
} else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
struct samu *sampass = NULL;
BOOL ret;
sampass = samu_new( NULL );
ret = pdb_getsampwnam(sampass, user_name);
if (!samu_new) {
fprintf(stderr, "talloc fail for struct samu.\n");
exit(1);
}
if (!pdb_getsampwnam(sampass, user_name)) {
fprintf(stderr, "Failed to find user %s in passdb backend.\n",
user_name );
exit(1);
}
printf("Password changed for user %s.", user_name );
if( (ret != False) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) )
if(pdb_get_acct_ctrl(sampass)&ACB_DISABLED) {
printf(" User has disabled flag set.");
if((ret != False) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) )
}
if(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) {
printf(" User has no password flag set.");
}
printf("\n");
TALLOC_FREE(sampass);
}