diff --git a/source/Makefile.in b/source/Makefile.in index a61e0981d78..8543014e20d 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -179,7 +179,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \ lib/ms_fnmatch.o lib/select.o lib/messages.o \ lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \ - lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \ + lib/md5.o lib/hmacmd5.o lib/iconv.o \ nsswitch/wb_client.o nsswitch/wb_common.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ diff --git a/source/lib/iconv.c b/source/lib/iconv.c index d0d2dcd1c48..7df73192f24 100644 --- a/source/lib/iconv.c +++ b/source/lib/iconv.c @@ -105,7 +105,7 @@ NTSTATUS smb_register_charset(struct charset_functions *funcs) return NT_STATUS_OK; } -void lazy_initialize_iconv(void) +static void lazy_initialize_iconv(void) { static BOOL initialized; int i; diff --git a/source/lib/smbpasswd.c b/source/lib/smbpasswd.c deleted file mode 100644 index 92ae1ffea26..00000000000 --- a/source/lib/smbpasswd.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - smbpasswd file format routines - - Copyright (C) Andrew Tridgell 1992-1998 - Modified by Jeremy Allison 1995. - Modified by Gerald (Jerry) Carter 2000-2001 - Copyright (C) Tim Potter 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/*! \file lib/smbpasswd.c - - The smbpasswd file is used to store encrypted passwords in a similar - fashion to the /etc/passwd file. The format is colon separated fields - with one user per line like so: - - ::::: - - The username and uid must correspond to an entry in the /etc/passwd - file. The lanman and nt password hashes are 32 hex digits corresponding - to the 16-byte lanman and nt hashes respectively. - - The password last change time is stored as a string of the format - LCD- where the change time is expressed as an - - 'N' No password - 'D' Disabled - 'H' Homedir required - 'T' Temp account. - 'U' User account (normal) - 'M' MNS logon user account - what is this ? - 'W' Workstation account - 'S' Server account - 'L' Locked account - 'X' No Xpiry on password - 'I' Interdomain trust account - -*/ - -#include "includes.h" - -/*! Convert 32 hex characters into a 16 byte array. */ - -BOOL smbpasswd_gethexpwd(char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - const char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) return (False); - - for (i = 0; i < 32; i += 2) - { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr_m(hexchars, hinybble); - p2 = strchr_m(hexchars, lonybble); - - if (!p1 || !p2) - { - return (False); - } - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} - -/*! Convert a 16-byte array into 32 hex characters. */ - -void smbpasswd_sethexpwd(fstring p, unsigned char *pwd, uint16 acb_info) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acb_info & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/*! Decode the account control bits (ACB) info from a string. */ - -uint16 smbpasswd_decode_acb_info(const char *p) -{ - uint16 acb_info = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') return 0; - - for (p++; *p && !finished; p++) - { - switch (*p) { - case 'N': /* 'N'o password. */ - acb_info |= ACB_PWNOTREQ; - break; - case 'D': /* 'D'isabled. */ - acb_info |= ACB_DISABLED; - break; - case 'H': /* 'H'omedir required. */ - acb_info |= ACB_HOMDIRREQ; - break; - case 'T': /* 'T'emp account. */ - acb_info |= ACB_TEMPDUP; - break; - case 'U': /* 'U'ser account (normal). */ - acb_info |= ACB_NORMAL; - break; - case 'M': /* 'M'NS logon user account. What is this ? */ - acb_info |= ACB_MNS; - break; - case 'W': /* 'W'orkstation account. */ - acb_info |= ACB_WSTRUST; - break; - case 'S': /* 'S'erver account. */ - acb_info |= ACB_SVRTRUST; - break; - case 'L': /* 'L'ocked account. */ - acb_info |= ACB_AUTOLOCK; - break; - case 'X': /* No 'X'piry on password */ - acb_info |= ACB_PWNOEXP; - break; - case 'I': /* 'I'nterdomain trust account. */ - acb_info |= ACB_DOMTRUST; - break; - - case ' ': - break; - case ':': - case '\n': - case '\0': - case ']': - default: - finished = True; - break; - } - } - - return acb_info; -} - -/*! Encode account control bits (ACBs) into a string. */ - -char *smbpasswd_encode_acb_info(uint16 acb_info) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acb_info & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acb_info & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acb_info & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acb_info & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acb_info & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acb_info & ACB_MNS ) acct_str[i++] = 'M'; - if (acb_info & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acb_info & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acb_info & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acb_info & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acb_info & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < NEW_PW_FORMAT_SPACE_PADDED_LEN - 2 ; i++ ) - acct_str[i] = ' '; - - i = NEW_PW_FORMAT_SPACE_PADDED_LEN - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c index 21e0c3092e3..d4428a2f59c 100644 --- a/source/nsswitch/winbindd_rpc.c +++ b/source/nsswitch/winbindd_rpc.c @@ -792,7 +792,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq) LDAP queries **********************************************************************/ -int get_ldap_sequence_number( const char* domain, uint32 *seq) +static int get_ldap_sequence_number( const char* domain, uint32 *seq) { int ret = -1; int i, port = LDAP_PORT; diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 9248fc1f8f8..935b75cf756 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -1120,13 +1120,24 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext) if (!sampass || !plaintext) return False; - nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16); + /* Calculate the MD4 hash (NT compatible) of the password */ + E_md4hash(plaintext, new_nt_p16); if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) return False; - if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) - return False; + if (!E_deshash(plaintext, new_lanman_p16)) { + /* E_deshash returns false for 'long' passwords (> 14 + DOS chars). This allows us to match Win2k, which + does not store a LM hash for these passwords (which + would reduce the effective password length to 14 */ + + if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) + return False; + } else { + if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) + return False; + } if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) return False; diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 976ba206810..efb2bfa97ff 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -32,7 +32,7 @@ static TALLOC_CTX *current_rpc_talloc = NULL; -TALLOC_CTX *get_current_rpc_talloc(void) +static TALLOC_CTX *get_current_rpc_talloc(void) { return current_rpc_talloc; } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 767df0b7251..92629faa9e2 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -55,7 +55,7 @@ struct generic_mapping file_generic_mapping = { FILE_GENERIC_ALL }; -char *nttrans_realloc(char **ptr, size_t size) +static char *nttrans_realloc(char **ptr, size_t size) { char *tptr = NULL; if (ptr==NULL) @@ -2021,11 +2021,12 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, SMB_NTQUOTA_STRUCT qt; SMB_NTQUOTA_LIST *tmp_list; SMB_NTQUOTA_HANDLE *qt_handle = NULL; + extern struct current_user current_user; ZERO_STRUCT(qt); /* access check */ - if (conn->admin_user != True) { + if (current_user.uid != 0) { DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n", lp_servicename(SNUM(conn)),conn->user)); return ERROR_DOS(ERRDOS,ERRnoaccess); diff --git a/source/smbd/server.c b/source/smbd/server.c index e7aa41e3433..26e4021443a 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -145,7 +145,7 @@ static void msg_exit_server(int msg_type, pid_t src, void *buf, size_t len) Have we reached the process limit ? ****************************************************************************/ -BOOL allowable_number_of_smbd_processes(void) +static BOOL allowable_number_of_smbd_processes(void) { int max_processes = lp_max_smbd_processes(); diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c index 6bfeedc8a0c..52e295949e0 100644 --- a/source/utils/net_rpc_join.c +++ b/source/utils/net_rpc_join.c @@ -42,7 +42,7 @@ * @return A shell status integer (0 for success) * **/ -int net_rpc_join_ok(const char *domain) +static int net_rpc_join_ok(const char *domain) { struct cli_state *cli; uchar stored_md4_trust_password[16]; diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c index e97a362acce..cb395de828f 100644 --- a/source/utils/net_rpc_samsync.c +++ b/source/utils/net_rpc_samsync.c @@ -62,21 +62,21 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); } else { - smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0); + pdb_sethexpwd(hex_lm_passwd, NULL, 0); } if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); - smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); } else { - smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0); + pdb_sethexpwd(hex_nt_passwd, NULL, 0); } printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), a->user_rid, hex_lm_passwd, hex_nt_passwd, - smbpasswd_encode_acb_info(a->acb_info)); + pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } static void display_domain_info(SAM_DOMAIN_INFO *a) @@ -432,7 +432,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pstrcpy(add_script, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", - smbpasswd_encode_acb_info(delta->acb_info))); + pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } diff --git a/source/web/cgi.c b/source/web/cgi.c index 8a103fa57f3..aac009893ca 100644 --- a/source/web/cgi.c +++ b/source/web/cgi.c @@ -91,7 +91,7 @@ static char *grab_line(FILE *f, int *cl) (This was in rfc1738_unescape(), but that broke the squid helper) **/ -void plus_to_space_unescape(char *buf) +static void plus_to_space_unescape(char *buf) { char *p=buf;