mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
1d16f75051
smbpass.c: Do *NOT* make this function static. It breaks the compile on gcc
util.c: Getting closer to MS wildcard semantics. A trailing '*' matches
any trailing dot-separated components.
trans2.c: Removed hacks that change multiple '?' -> '*' as this
breaks things now.
trans2.h: Removed NT_FILE_ATTRIBUTE_NORMAL - now FILE_ATTRIBUTE_NORMAL is defined
in smb.h.
Jeremy.
(This used to be commit 42a6551106
)
958 lines
27 KiB
C
958 lines
27 KiB
C
/*
|
|
* Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
|
|
* Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU General Public License as published by the Free
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
* more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with
|
|
* this program; if not, write to the Free Software Foundation, Inc., 675
|
|
* Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#ifdef USE_SMBPASS_DB
|
|
|
|
extern int pw_file_lock_depth;
|
|
extern int DEBUGLEVEL;
|
|
extern pstring samlogon_user;
|
|
extern BOOL sam_logon_in_ssb;
|
|
|
|
static char s_readbuf[16 * 1024];
|
|
|
|
/***************************************************************
|
|
Start to enumerate the smbpasswd list. Returns a void pointer
|
|
to ensure no modification outside this module.
|
|
****************************************************************/
|
|
|
|
static void *startsmbfilepwent(BOOL update)
|
|
{
|
|
FILE *fp = NULL;
|
|
char *pfile = lp_smb_passwd_file();
|
|
|
|
if (!*pfile) {
|
|
DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
|
|
return (NULL);
|
|
}
|
|
DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile));
|
|
|
|
fp = fopen(pfile, update ? "r+b" : "rb");
|
|
|
|
if (fp == NULL) {
|
|
DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile));
|
|
return NULL;
|
|
}
|
|
|
|
/* Set a 16k buffer to do more efficient reads */
|
|
setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf));
|
|
|
|
if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth))
|
|
{
|
|
DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile));
|
|
fclose(fp);
|
|
return NULL;
|
|
}
|
|
|
|
/* Make sure it is only rw by the owner */
|
|
chmod(pfile, 0600);
|
|
|
|
/* We have a lock on the file. */
|
|
return (void *)fp;
|
|
}
|
|
|
|
/***************************************************************
|
|
End enumeration of the smbpasswd list.
|
|
****************************************************************/
|
|
|
|
static void endsmbfilepwent(void *vp)
|
|
{
|
|
FILE *fp = (FILE *)vp;
|
|
|
|
pw_file_unlock(fileno(fp), &pw_file_lock_depth);
|
|
fclose(fp);
|
|
DEBUG(7, ("endsmbfilepwent: closed password file.\n"));
|
|
}
|
|
|
|
/*************************************************************************
|
|
Routine to return the next entry in the smbpasswd list.
|
|
*************************************************************************/
|
|
static struct smb_passwd *getsmbfilepwent(void *vp)
|
|
{
|
|
/* Static buffers we will return. */
|
|
static struct smb_passwd pw_buf;
|
|
static pstring user_name;
|
|
static unsigned char smbpwd[16];
|
|
static unsigned char smbntpwd[16];
|
|
FILE *fp = (FILE *)vp;
|
|
char linebuf[256];
|
|
unsigned char c;
|
|
unsigned char *p;
|
|
long uidval;
|
|
long linebuf_len;
|
|
|
|
if(fp == NULL) {
|
|
DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
|
|
return NULL;
|
|
}
|
|
|
|
pdb_init_smb(&pw_buf);
|
|
|
|
pw_buf.acct_ctrl = ACB_NORMAL;
|
|
|
|
/*
|
|
* Scan the file, a line at a time and check if the name matches.
|
|
*/
|
|
while (!feof(fp)) {
|
|
linebuf[0] = '\0';
|
|
|
|
fgets(linebuf, 256, fp);
|
|
if (ferror(fp)) {
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Check if the string is terminated with a newline - if not
|
|
* then we must keep reading and discard until we get one.
|
|
*/
|
|
linebuf_len = strlen(linebuf);
|
|
if (linebuf[linebuf_len - 1] != '\n') {
|
|
c = '\0';
|
|
while (!ferror(fp) && !feof(fp)) {
|
|
c = fgetc(fp);
|
|
if (c == '\n')
|
|
break;
|
|
}
|
|
} else
|
|
linebuf[linebuf_len - 1] = '\0';
|
|
|
|
#ifdef DEBUG_PASSWORD
|
|
DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
|
|
#endif
|
|
if ((linebuf[0] == 0) && feof(fp)) {
|
|
DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
|
|
break;
|
|
}
|
|
/*
|
|
* The line we have should be of the form :-
|
|
*
|
|
* username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
|
|
* ignored....
|
|
*
|
|
* or,
|
|
*
|
|
* username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
|
|
*
|
|
* if Windows NT compatible passwords are also present.
|
|
* [Account type] is an ascii encoding of the type of account.
|
|
* LCT-(8 hex digits) is the time_t value of the last change time.
|
|
*/
|
|
|
|
if (linebuf[0] == '#' || linebuf[0] == '\0') {
|
|
DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
|
|
continue;
|
|
}
|
|
p = (unsigned char *) strchr(linebuf, ':');
|
|
if (p == NULL) {
|
|
DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
|
|
continue;
|
|
}
|
|
/*
|
|
* As 256 is shorter than a pstring we don't need to check
|
|
* length here - if this ever changes....
|
|
*/
|
|
strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
|
|
user_name[PTR_DIFF(p, linebuf)] = '\0';
|
|
|
|
/* Get smb uid. */
|
|
|
|
p++; /* Go past ':' */
|
|
if (!isdigit(*p)) {
|
|
DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
|
|
continue;
|
|
}
|
|
|
|
uidval = atoi((char *) p);
|
|
|
|
while (*p && isdigit(*p))
|
|
p++;
|
|
|
|
if (*p != ':') {
|
|
DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
|
|
continue;
|
|
}
|
|
|
|
pw_buf.smb_name = user_name;
|
|
pw_buf.smb_userid = uidval;
|
|
|
|
/*
|
|
* Now get the password value - this should be 32 hex digits
|
|
* which are the ascii representations of a 16 byte string.
|
|
* Get two at a time and put them into the password.
|
|
*/
|
|
|
|
/* Skip the ':' */
|
|
p++;
|
|
|
|
if (*p == '*' || *p == 'X') {
|
|
/* Password deliberately invalid - end here. */
|
|
DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
|
|
pw_buf.smb_nt_passwd = NULL;
|
|
pw_buf.smb_passwd = NULL;
|
|
pw_buf.acct_ctrl |= ACB_DISABLED;
|
|
return &pw_buf;
|
|
}
|
|
|
|
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
|
|
DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
|
|
continue;
|
|
}
|
|
|
|
if (p[32] != ':') {
|
|
DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
|
|
continue;
|
|
}
|
|
|
|
if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
|
|
pw_buf.smb_passwd = NULL;
|
|
pw_buf.acct_ctrl |= ACB_PWNOTREQ;
|
|
} else {
|
|
if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) {
|
|
DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
|
|
continue;
|
|
}
|
|
pw_buf.smb_passwd = smbpwd;
|
|
}
|
|
|
|
/*
|
|
* Now check if the NT compatible password is
|
|
* available.
|
|
*/
|
|
pw_buf.smb_nt_passwd = NULL;
|
|
|
|
p += 33; /* Move to the first character of the line after
|
|
the lanman password. */
|
|
if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
|
|
if (*p != '*' && *p != 'X') {
|
|
if(pdb_gethexpwd((char *)p,(char *)smbntpwd))
|
|
pw_buf.smb_nt_passwd = smbntpwd;
|
|
}
|
|
p += 33; /* Move to the first character of the line after
|
|
the NT password. */
|
|
}
|
|
|
|
DEBUG(5, ("getsmbfilepwent: returning passwd entry for user %s, uid %d\n",
|
|
user_name, uidval));
|
|
|
|
if (*p == '[')
|
|
{
|
|
pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p);
|
|
|
|
/* Must have some account type set. */
|
|
if(pw_buf.acct_ctrl == 0)
|
|
pw_buf.acct_ctrl = ACB_NORMAL;
|
|
|
|
/* Now try and get the last change time. */
|
|
if(*p == ']')
|
|
p++;
|
|
if(*p == ':') {
|
|
p++;
|
|
if(*p && StrnCaseCmp((char *)p, "LCT-", 4)) {
|
|
int i;
|
|
p += 4;
|
|
for(i = 0; i < 8; i++) {
|
|
if(p[i] == '\0' || !isxdigit(p[i]))
|
|
break;
|
|
}
|
|
if(i == 8) {
|
|
/*
|
|
* p points at 8 characters of hex digits -
|
|
* read into a time_t as the seconds since
|
|
* 1970 that the password was last changed.
|
|
*/
|
|
pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
/* 'Old' style file. Fake up based on user name. */
|
|
/*
|
|
* Currently trust accounts are kept in the same
|
|
* password file as 'normal accounts'. If this changes
|
|
* we will have to fix this code. JRA.
|
|
*/
|
|
if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
|
|
pw_buf.acct_ctrl &= ~ACB_NORMAL;
|
|
pw_buf.acct_ctrl |= ACB_WSTRUST;
|
|
}
|
|
}
|
|
|
|
return &pw_buf;
|
|
}
|
|
|
|
DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
|
|
return NULL;
|
|
}
|
|
|
|
/*************************************************************************
|
|
Routine to return the next entry in the smbpasswd list.
|
|
this function is a nice, messy combination of reading:
|
|
- the smbpasswd file
|
|
- the unix password database
|
|
- smb.conf options (not done at present).
|
|
*************************************************************************/
|
|
|
|
static struct sam_passwd *getsmbfile21pwent(void *vp)
|
|
{
|
|
struct smb_passwd *pw_buf = getsmbfilepwent(vp);
|
|
static struct sam_passwd user;
|
|
struct passwd *pwfile;
|
|
|
|
static pstring full_name;
|
|
static pstring home_dir;
|
|
static pstring home_drive;
|
|
static pstring logon_script;
|
|
static pstring profile_path;
|
|
static pstring acct_desc;
|
|
static pstring workstations;
|
|
|
|
if (pw_buf == NULL) return NULL;
|
|
|
|
pwfile = getpwnam(pw_buf->smb_name);
|
|
if (pwfile == NULL) return NULL;
|
|
|
|
pdb_init_sam(&user);
|
|
|
|
pstrcpy(samlogon_user, pw_buf->smb_name);
|
|
|
|
if (samlogon_user[strlen(samlogon_user)-1] != '$')
|
|
{
|
|
/* XXXX hack to get standard_sub_basic() to use sam logon username */
|
|
/* possibly a better way would be to do a become_user() call */
|
|
sam_logon_in_ssb = True;
|
|
|
|
user.smb_userid = pw_buf->smb_userid;
|
|
user.smb_grpid = pwfile->pw_gid;
|
|
|
|
user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
|
|
user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
|
|
|
|
pstrcpy(full_name , pwfile->pw_gecos );
|
|
pstrcpy(logon_script , lp_logon_script ());
|
|
pstrcpy(profile_path , lp_logon_path ());
|
|
pstrcpy(home_drive , lp_logon_drive ());
|
|
pstrcpy(home_dir , lp_logon_home ());
|
|
pstrcpy(acct_desc , "");
|
|
pstrcpy(workstations , "");
|
|
|
|
sam_logon_in_ssb = False;
|
|
}
|
|
else
|
|
{
|
|
user.smb_userid = pw_buf->smb_userid;
|
|
user.smb_grpid = pwfile->pw_gid;
|
|
|
|
user.user_rid = pdb_uid_to_user_rid (user.smb_userid);
|
|
user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
|
|
|
|
pstrcpy(full_name , "");
|
|
pstrcpy(logon_script , "");
|
|
pstrcpy(profile_path , "");
|
|
pstrcpy(home_drive , "");
|
|
pstrcpy(home_dir , "");
|
|
pstrcpy(acct_desc , "");
|
|
pstrcpy(workstations , "");
|
|
}
|
|
|
|
user.smb_name = pw_buf->smb_name;
|
|
user.full_name = full_name;
|
|
user.home_dir = home_dir;
|
|
user.dir_drive = home_drive;
|
|
user.logon_script = logon_script;
|
|
user.profile_path = profile_path;
|
|
user.acct_desc = acct_desc;
|
|
user.workstations = workstations;
|
|
|
|
user.unknown_str = NULL; /* don't know, yet! */
|
|
user.munged_dial = NULL; /* "munged" dial-back telephone number */
|
|
|
|
user.smb_nt_passwd = pw_buf->smb_nt_passwd;
|
|
user.smb_passwd = pw_buf->smb_passwd;
|
|
|
|
user.acct_ctrl = pw_buf->acct_ctrl;
|
|
|
|
user.unknown_3 = 0xffffff; /* don't know */
|
|
user.logon_divs = 168; /* hours per week */
|
|
user.hours_len = 21; /* 21 times 8 bits = 168 */
|
|
memset(user.hours, 0xff, user.hours_len); /* available at all hours */
|
|
user.unknown_5 = 0x00020000; /* don't know */
|
|
user.unknown_5 = 0x000004ec; /* don't know */
|
|
|
|
return &user;
|
|
}
|
|
|
|
/*************************************************************************
|
|
Return the current position in the smbpasswd list as an unsigned long.
|
|
This must be treated as an opaque token.
|
|
*************************************************************************/
|
|
|
|
static unsigned long getsmbfilepwpos(void *vp)
|
|
{
|
|
return (unsigned long)ftell((FILE *)vp);
|
|
}
|
|
|
|
/*************************************************************************
|
|
Set the current position in the smbpasswd list from unsigned long.
|
|
This must be treated as an opaque token.
|
|
*************************************************************************/
|
|
|
|
static BOOL setsmbfilepwpos(void *vp, unsigned long tok)
|
|
{
|
|
return !fseek((FILE *)vp, tok, SEEK_SET);
|
|
}
|
|
|
|
/************************************************************************
|
|
Routine to add an entry to the smbpasswd file.
|
|
*************************************************************************/
|
|
|
|
static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
|
|
{
|
|
char *pfile = lp_smb_passwd_file();
|
|
struct smb_passwd *pwd = NULL;
|
|
FILE *fp = NULL;
|
|
|
|
int i;
|
|
int wr_len;
|
|
|
|
int fd;
|
|
int new_entry_length;
|
|
unsigned char *new_entry;
|
|
long offpos;
|
|
unsigned char *p;
|
|
|
|
/* Open the smbpassword file - for update. */
|
|
fp = startsmbfilepwent(True);
|
|
|
|
if (fp == NULL) {
|
|
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
|
|
return False;
|
|
}
|
|
|
|
/*
|
|
* Scan the file, a line at a time and check if the name matches.
|
|
*/
|
|
|
|
while ((pwd = getsmbfilepwent(fp)) != NULL) {
|
|
if (strequal(newpwd->smb_name, pwd->smb_name)) {
|
|
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
|
|
endsmbfilepwent(fp);
|
|
return False;
|
|
}
|
|
}
|
|
|
|
/* Ok - entry doesn't exist. We can add it */
|
|
|
|
/* Create a new smb passwd entry and set it to the given password. */
|
|
/*
|
|
* The add user write needs to be atomic - so get the fd from
|
|
* the fp and do a raw write() call.
|
|
*/
|
|
fd = fileno(fp);
|
|
|
|
if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
|
|
DEBUG(0, ("add_smbfilepwd_entry(lseek): Failed to add entry for user %s to file %s. \
|
|
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
|
|
endsmbfilepwent(fp);
|
|
return False;
|
|
}
|
|
|
|
new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + 5 + 1 + 13 + 2;
|
|
|
|
if((new_entry = (unsigned char *)malloc( new_entry_length )) == NULL) {
|
|
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
|
|
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
|
|
endsmbfilepwent(fp);
|
|
return False;
|
|
}
|
|
|
|
slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
|
|
p = (unsigned char *)&new_entry[strlen(new_entry)];
|
|
|
|
if(newpwd->smb_passwd != NULL) {
|
|
for( i = 0; i < 16; i++) {
|
|
slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
|
|
}
|
|
} else {
|
|
i=0;
|
|
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
|
|
safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
|
|
else
|
|
safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
|
|
}
|
|
|
|
p += 32;
|
|
|
|
*p++ = ':';
|
|
|
|
if(newpwd->smb_nt_passwd != NULL) {
|
|
for( i = 0; i < 16; i++) {
|
|
slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
|
|
}
|
|
} else {
|
|
if(newpwd->acct_ctrl & ACB_PWNOTREQ)
|
|
safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
|
|
else
|
|
safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
|
|
}
|
|
|
|
p += 32;
|
|
|
|
*p++ = ':';
|
|
|
|
/* Add the account encoding and the last change time. */
|
|
slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
|
|
pdb_encode_acct_ctrl(newpwd->acct_ctrl),
|
|
(uint32)time(NULL));
|
|
|
|
#ifdef DEBUG_PASSWORD
|
|
DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|",
|
|
fd, new_entry_length, strlen(new_entry), new_entry));
|
|
#endif
|
|
|
|
if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
|
|
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
|
|
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
|
|
|
|
/* Remove the entry we just wrote. */
|
|
if(ftruncate(fd, offpos) == -1) {
|
|
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
|
|
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
|
|
newpwd->smb_name, strerror(errno)));
|
|
}
|
|
|
|
endsmbfilepwent(fp);
|
|
return False;
|
|
}
|
|
|
|
endsmbfilepwent(fp);
|
|
return True;
|
|
}
|
|
|
|
/************************************************************************
|
|
Routine to search the smbpasswd file for an entry matching the username.
|
|
and then modify its password entry. We can't use the startsmbpwent()/
|
|
getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
|
|
in the actual file to decide how much room we have to write data.
|
|
override = False, normal
|
|
override = True, override XXXXXXXX'd out password or NO PASS
|
|
************************************************************************/
|
|
|
|
static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
|
|
{
|
|
/* Static buffers we will return. */
|
|
static pstring user_name;
|
|
|
|
char linebuf[256];
|
|
char readbuf[16 * 1024];
|
|
unsigned char c;
|
|
fstring ascii_p16;
|
|
fstring encode_bits;
|
|
unsigned char *p = NULL;
|
|
long linebuf_len = 0;
|
|
FILE *fp;
|
|
int lockfd;
|
|
char *pfile = lp_smb_passwd_file();
|
|
BOOL found_entry = False;
|
|
BOOL got_pass_last_set_time = False;
|
|
|
|
long pwd_seekpos = 0;
|
|
|
|
int i;
|
|
int wr_len;
|
|
int fd;
|
|
|
|
if (!*pfile) {
|
|
DEBUG(0, ("No SMB password file set\n"));
|
|
return False;
|
|
}
|
|
DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
|
|
|
|
fp = fopen(pfile, "r+");
|
|
|
|
if (fp == NULL) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
|
|
return False;
|
|
}
|
|
/* Set a 16k buffer to do more efficient reads */
|
|
setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
|
|
|
|
lockfd = fileno(fp);
|
|
|
|
if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/* Make sure it is only rw by the owner */
|
|
chmod(pfile, 0600);
|
|
|
|
/* We have a write lock on the file. */
|
|
/*
|
|
* Scan the file, a line at a time and check if the name matches.
|
|
*/
|
|
while (!feof(fp)) {
|
|
pwd_seekpos = ftell(fp);
|
|
|
|
linebuf[0] = '\0';
|
|
|
|
fgets(linebuf, sizeof(linebuf), fp);
|
|
if (ferror(fp)) {
|
|
pw_file_unlock(lockfd, &pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/*
|
|
* Check if the string is terminated with a newline - if not
|
|
* then we must keep reading and discard until we get one.
|
|
*/
|
|
linebuf_len = strlen(linebuf);
|
|
if (linebuf[linebuf_len - 1] != '\n') {
|
|
c = '\0';
|
|
while (!ferror(fp) && !feof(fp)) {
|
|
c = fgetc(fp);
|
|
if (c == '\n') {
|
|
break;
|
|
}
|
|
}
|
|
} else {
|
|
linebuf[linebuf_len - 1] = '\0';
|
|
}
|
|
|
|
#ifdef DEBUG_PASSWORD
|
|
DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
|
|
#endif
|
|
|
|
if ((linebuf[0] == 0) && feof(fp)) {
|
|
DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* The line we have should be of the form :-
|
|
*
|
|
* username:uid:[32hex bytes]:....other flags presently
|
|
* ignored....
|
|
*
|
|
* or,
|
|
*
|
|
* username:uid:[32hex bytes]:[32hex bytes]:....ignored....
|
|
*
|
|
* if Windows NT compatible passwords are also present.
|
|
*/
|
|
|
|
if (linebuf[0] == '#' || linebuf[0] == '\0') {
|
|
DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
|
|
continue;
|
|
}
|
|
|
|
p = (unsigned char *) strchr(linebuf, ':');
|
|
|
|
if (p == NULL) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
* As 256 is shorter than a pstring we don't need to check
|
|
* length here - if this ever changes....
|
|
*/
|
|
strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
|
|
user_name[PTR_DIFF(p, linebuf)] = '\0';
|
|
if (strequal(user_name, pwd->smb_name)) {
|
|
found_entry = True;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!found_entry) return False;
|
|
|
|
DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
|
|
|
|
/* User name matches - get uid and password */
|
|
p++; /* Go past ':' */
|
|
|
|
if (!isdigit(*p)) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
|
|
pw_file_unlock(lockfd, &pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
while (*p && isdigit(*p))
|
|
p++;
|
|
if (*p != ':') {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
|
|
pw_file_unlock(lockfd, &pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/*
|
|
* Now get the password value - this should be 32 hex digits
|
|
* which are the ascii representations of a 16 byte string.
|
|
* Get two at a time and put them into the password.
|
|
*/
|
|
p++;
|
|
|
|
/* Record exact password position */
|
|
pwd_seekpos += PTR_DIFF(p, linebuf);
|
|
|
|
if (!override && (*p == '*' || *p == 'X')) {
|
|
/* Password deliberately invalid - end here. */
|
|
DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
|
|
pw_file_unlock(lockfd, &pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return (False);
|
|
}
|
|
|
|
if (p[32] != ':') {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
if (!override && (*p == '*' || *p == 'X')) {
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/* Now check if the NT compatible password is
|
|
available. */
|
|
p += 33; /* Move to the first character of the line after
|
|
the lanman password. */
|
|
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return (False);
|
|
}
|
|
|
|
if (p[32] != ':') {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/*
|
|
* Now check if the account info and the password last
|
|
* change time is available.
|
|
*/
|
|
p += 33; /* Move to the first character of the line after
|
|
the NT password. */
|
|
|
|
if (*p == '[') {
|
|
|
|
i = 0;
|
|
p++;
|
|
while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
|
|
encode_bits[i++] = *p++;
|
|
|
|
encode_bits[i] = '\0';
|
|
|
|
/* Go past the ']' */
|
|
if(linebuf_len > PTR_DIFF(p, linebuf))
|
|
p++;
|
|
|
|
if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
|
|
p++;
|
|
|
|
/* We should be pointing at the TLC entry. */
|
|
if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && StrnCaseCmp((char *)p, "LCT-", 4)) {
|
|
|
|
p += 4;
|
|
for(i = 0; i < 8; i++) {
|
|
if(p[i] == '\0' || !isxdigit(p[i]))
|
|
break;
|
|
}
|
|
if(i == 8) {
|
|
/*
|
|
* p points at 8 characters of hex digits -
|
|
* read into a time_t as the seconds since
|
|
* 1970 that the password was last changed.
|
|
*/
|
|
got_pass_last_set_time = True;
|
|
} /* i == 8 */
|
|
} /* *p && StrnCaseCmp() */
|
|
} /* p == ':' */
|
|
} /* p == '[' */
|
|
|
|
/* Entry is correctly formed. */
|
|
|
|
/*
|
|
* Do an atomic write into the file at the position defined by
|
|
* seekpos.
|
|
*/
|
|
|
|
/* The mod user write needs to be atomic - so get the fd from
|
|
the fp and do a raw write() call.
|
|
*/
|
|
|
|
fd = fileno(fp);
|
|
|
|
if (lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/* Sanity check - ensure the character is a ':' */
|
|
if (read(fd, &c, 1) != 1) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
if (c != ':') {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
/* Create the 32 byte representation of the new p16 */
|
|
if(pwd->smb_passwd != NULL) {
|
|
for (i = 0; i < 16; i++) {
|
|
slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
|
|
}
|
|
} else {
|
|
if(pwd->acct_ctrl & ACB_PWNOTREQ)
|
|
fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
|
|
else
|
|
fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
|
|
}
|
|
|
|
/* Add on the NT md4 hash */
|
|
ascii_p16[32] = ':';
|
|
wr_len = 65;
|
|
if (pwd->smb_nt_passwd != NULL) {
|
|
for (i = 0; i < 16; i++) {
|
|
slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
|
|
}
|
|
} else {
|
|
if(pwd->acct_ctrl & ACB_PWNOTREQ)
|
|
fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
|
|
else
|
|
fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
|
|
}
|
|
|
|
/* Add on the account info bits and the time of last
|
|
password change. */
|
|
|
|
pwd->pass_last_set_time = time(NULL);
|
|
|
|
if(got_pass_last_set_time) {
|
|
slprintf(&ascii_p16[strlen(ascii_p16)],
|
|
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
|
|
":[%s]:TLC-%08X:",
|
|
encode_bits, (uint32)pwd->pass_last_set_time );
|
|
wr_len = strlen(ascii_p16);
|
|
}
|
|
|
|
#ifdef DEBUG_PASSWORD
|
|
DEBUG(100,("mod_smbfilepwd_entry: "));
|
|
dump_data(100, ascii_p16, wr_len);
|
|
#endif
|
|
|
|
if (write(fd, ascii_p16, wr_len) != wr_len) {
|
|
DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return False;
|
|
}
|
|
|
|
pw_file_unlock(lockfd,&pw_file_lock_depth);
|
|
fclose(fp);
|
|
return True;
|
|
}
|
|
|
|
/*
|
|
* Stub functions - implemented in terms of others.
|
|
*/
|
|
|
|
static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
|
|
{
|
|
return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override);
|
|
}
|
|
|
|
static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
|
|
{
|
|
return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd));
|
|
}
|
|
|
|
static struct sam_disp_info *getsmbfiledispnam(char *name)
|
|
{
|
|
return pdb_sam_to_dispinfo(getsam21pwnam(name));
|
|
}
|
|
|
|
static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
|
|
{
|
|
return pdb_sam_to_dispinfo(getsam21pwrid(rid));
|
|
}
|
|
|
|
static struct sam_disp_info *getsmbfiledispent(void *vp)
|
|
{
|
|
return pdb_sam_to_dispinfo(getsam21pwent(vp));
|
|
}
|
|
|
|
static struct passdb_ops file_ops = {
|
|
startsmbfilepwent,
|
|
endsmbfilepwent,
|
|
getsmbfilepwpos,
|
|
setsmbfilepwpos,
|
|
iterate_getsmbpwnam, /* In passdb.c */
|
|
iterate_getsmbpwuid, /* In passdb.c */
|
|
getsmbfilepwent,
|
|
add_smbfilepwd_entry,
|
|
mod_smbfilepwd_entry,
|
|
getsmbfile21pwent,
|
|
iterate_getsam21pwnam,
|
|
iterate_getsam21pwuid,
|
|
iterate_getsam21pwrid,
|
|
add_smbfile21pwd_entry,
|
|
mod_smbfile21pwd_entry,
|
|
getsmbfiledispnam,
|
|
getsmbfiledisprid,
|
|
getsmbfiledispent
|
|
};
|
|
|
|
struct passdb_ops *file_initialize_password_db(void)
|
|
{
|
|
return &file_ops;
|
|
}
|
|
|
|
#else
|
|
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
|
|
void dummy_function(void) { } /* stop some compilers complaining */
|
|
#endif /* USE_SMBPASS_DB */
|