#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
struct smb_passwd
{
uint32 smb_userid;
const char *smb_name;
const unsigned char *smb_passwd;
const unsigned char *smb_nt_passwd;
uint16 acct_ctrl;
time_t pass_last_set_time;
};
struct smbpasswd_privates
{
int pw_file_lock_depth;
FILE *pw_file;
struct smb_passwd pw_buf;
pstring user_name;
unsigned char smbpwd[16];
unsigned char smbntpwd[16];
const char *smbpasswd_file;
};
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
{
if (fd < 0) {
return False;
}
if(*plock_depth == 0) {
if (!do_file_lock(fd, secs, type)) {
DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
strerror(errno)));
return False;
}
}
(*plock_depth)++;
return True;
}
static BOOL pw_file_unlock(int fd, int *plock_depth)
{
BOOL ret=True;
if (fd == 0 || *plock_depth == 0) {
return True;
}
if(*plock_depth == 1) {
ret = do_file_lock(fd, 5, F_UNLCK);
}
if (*plock_depth > 0) {
(*plock_depth)--;
}
if(!ret) {
DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
strerror(errno)));
}
return ret;
}
static void pdb_init_smb(struct smb_passwd *user)
{
if (user == NULL)
return;
ZERO_STRUCTP (user);
user->pass_last_set_time = (time_t)0;
}
static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
{
FILE *fp = NULL;
const char *open_mode = NULL;
int race_loop = 0;
int lock_type = F_RDLCK;
if (!*pfile) {
DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
return (NULL);
}
switch(type) {
case PWF_READ:
open_mode = "rb";
lock_type = F_RDLCK;
break;
case PWF_UPDATE:
open_mode = "r+b";
lock_type = F_WRLCK;
break;
case PWF_CREATE:
{
int i, fd = -1;
for(i = 0; i < 5; i++) {
if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) {
break;
}
sys_usleep(200);
}
if(fd == -1) {
DEBUG(0,("startsmbfilepwent_internal: too many race conditions \
creating file %s\n", pfile));
return NULL;
}
close(fd);
open_mode = "r+b";
lock_type = F_WRLCK;
break;
}
}
for(race_loop = 0; race_loop < 5; race_loop++) {
DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
if((fp = sys_fopen(pfile, open_mode)) == NULL) {
if (errno == ENOENT) {
if ((fp = sys_fopen(pfile, "a+")) != NULL) {
DEBUG(0, ("startsmbfilepwent_internal: file %s did not \
exist. File successfully created.\n", pfile));
} else {
DEBUG(0, ("startsmbfilepwent_internal: file %s did not \
exist. Couldn't create new one. Error was: %s",
pfile, strerror(errno)));
return NULL;
}
} else {
DEBUG(0, ("startsmbfilepwent_internal: unable to open file %s. \
Error was: %s\n", pfile, strerror(errno)));
return NULL;
}
}
if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) {
DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. \
Error was %s\n", pfile, strerror(errno) ));
fclose(fp);
return NULL;
}
if(type == PWF_READ) {
break;
} else {
SMB_STRUCT_STAT sbuf1, sbuf2;
if (sys_stat(pfile,&sbuf1) != 0) {
DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. \
Error was %s\n", pfile, strerror(errno)));
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
return NULL;
}
if (sys_fstat(fileno(fp),&sbuf2) != 0) {
DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. \
Error was %s\n", pfile, strerror(errno)));
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
return NULL;
}
if( sbuf1.st_ino == sbuf2.st_ino) {
break;
}
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
}
}
if(race_loop == 5) {
DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile));
return NULL;
}
setvbuf(fp, (char *)NULL, _IOFBF, 1024);
#ifdef HAVE_FCHMOD
if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
#else
if(chmod(pfile, S_IRUSR|S_IWUSR) == -1) {
#endif
DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
Error was %s\n.", pfile, strerror(errno) ));
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
return NULL;
}
return fp;
}
static void endsmbfilepwent(FILE *fp, int *lock_depth)
{
if (!fp) {
return;
}
pw_file_unlock(fileno(fp), lock_depth);
fclose(fp);
DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
}
static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_state, FILE *fp)
{
struct smb_passwd *pw_buf = &smbpasswd_state->pw_buf;
char *user_name = smbpasswd_state->user_name;
unsigned char *smbpwd = smbpasswd_state->smbpwd;
unsigned char *smbntpwd = smbpasswd_state->smbntpwd;
char linebuf[256];
unsigned char c;
unsigned char *p;
long uidval;
size_t linebuf_len;
if(fp == NULL) {
DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
return NULL;
}
pdb_init_smb(pw_buf);
pw_buf->acct_ctrl = ACB_NORMAL;
while (!feof(fp)) {
linebuf[0] = '\0';
fgets(linebuf, 256, fp);
if (ferror(fp)) {
return NULL;
}
if ((linebuf_len = strlen(linebuf)) == 0) {
continue;
}
if (linebuf[linebuf_len - 1] != '\n') {
c = '\0';
while (!ferror(fp) && !feof(fp)) {
c = fgetc(fp);
if (c == '\n') {
break;
}
}
} else {
linebuf[linebuf_len - 1] = '\0';
}
#ifdef DEBUG_PASSWORD
DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
#endif
if ((linebuf[0] == 0) && feof(fp)) {
DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
break;
}
if (linebuf[0] == '#' || linebuf[0] == '\0') {
DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
continue;
}
p = (unsigned char *) strchr_m(linebuf, ':');
if (p == NULL) {
DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
continue;
}
SMB_ASSERT(sizeof(pstring) > sizeof(linebuf));
strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
user_name[PTR_DIFF(p, linebuf)] = '\0';
p++;
if(*p == '-') {
DEBUG(0, ("getsmbfilepwent: user name %s has a negative uid.\n", user_name));
continue;
}
if (!isdigit(*p)) {
DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (uid not number)\n",
user_name));
continue;
}
uidval = atoi((char *) p);
while (*p && isdigit(*p)) {
p++;
}
if (*p != ':') {
DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (no : after uid)\n",
user_name));
continue;
}
pw_buf->smb_name = user_name;
pw_buf->smb_userid = uidval;
p++;
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (passwd too short)\n",
user_name ));
continue;
}
if (p[32] != ':') {
DEBUG(0, ("getsmbfilepwent: malformed password entry for user %s (no terminating :)\n",
user_name));
continue;
}
if (strnequal((char *) p, "NO PASSWORD", 11)) {
pw_buf->smb_passwd = NULL;
pw_buf->acct_ctrl |= ACB_PWNOTREQ;
} else {
if (*p == '*' || *p == 'X') {
pw_buf->smb_passwd = NULL;
DEBUG(10, ("getsmbfilepwent: LM password for user %s invalidated\n", user_name));
} else if (pdb_gethexpwd((char *)p, smbpwd)) {
pw_buf->smb_passwd = smbpwd;
} else {
pw_buf->smb_passwd = NULL;
DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry for user %s \
(non hex chars)\n", user_name));
}
}
pw_buf->smb_nt_passwd = NULL;
p += 33;
if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
if (*p != '*' && *p != 'X') {
if(pdb_gethexpwd((char *)p,smbntpwd)) {
pw_buf->smb_nt_passwd = smbntpwd;
}
}
p += 33;
}
DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
user_name, uidval));
if (*p == '[') {
unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
pw_buf->acct_ctrl = pdb_decode_acct_ctrl((char*)p);
if(pw_buf->acct_ctrl == 0) {
pw_buf->acct_ctrl = ACB_NORMAL;
}
if(end_p) {
p = end_p + 1;
}
if(*p == ':') {
p++;
if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
int i;
p += 4;
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
break;
}
}
if(i == 8) {
pw_buf->pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
}
}
}
} else {
if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
pw_buf->acct_ctrl &= ~ACB_NORMAL;
pw_buf->acct_ctrl |= ACB_WSTRUST;
}
}
return pw_buf;
}
DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
return NULL;
}
static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd)
{
int new_entry_length;
char *new_entry;
char *p;
new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 +
NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
if((new_entry = (char *)SMB_MALLOC( new_entry_length )) == NULL) {
DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n",
newpwd->smb_name ));
return NULL;
}
slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
p = new_entry+strlen(new_entry);
pdb_sethexpwd(p, newpwd->smb_passwd, newpwd->acct_ctrl);
p+=strlen(p);
*p = ':';
p++;
pdb_sethexpwd(p, newpwd->smb_nt_passwd, newpwd->acct_ctrl);
p+=strlen(p);
*p = ':';
p++;
slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n",
pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
(uint32)newpwd->pass_last_set_time);
return new_entry;
}
static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd)
{
const char *pfile = smbpasswd_state->smbpasswd_file;
struct smb_passwd *pwd = NULL;
FILE *fp = NULL;
int wr_len;
int fd;
size_t new_entry_length;
char *new_entry;
SMB_OFF_T offpos;
uint32 max_found_uid = 0;
fp = startsmbfilepwent(pfile, PWF_UPDATE, &smbpasswd_state->pw_file_lock_depth);
if (fp == NULL && errno == ENOENT) {
fp = startsmbfilepwent(pfile, PWF_CREATE, &smbpasswd_state->pw_file_lock_depth);
}
if (fp == NULL) {
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
return False;
}
while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
if (strequal(newpwd->smb_name, pwd->smb_name)) {
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return False;
}
if (pwd->smb_userid > max_found_uid) {
max_found_uid = pwd->smb_userid;
}
}
fd = fileno(fp);
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return False;
}
if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return False;
}
new_entry_length = strlen(new_entry);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|",
fd, new_entry_length, new_entry));
#endif
if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) {
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
if(sys_ftruncate(fd, offpos) == -1) {
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
newpwd->smb_name, strerror(errno)));
}
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
free(new_entry);
return False;
}
free(new_entry);
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return True;
}
static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd)
{
pstring user_name;
char linebuf[256];
char readbuf[1024];
unsigned char c;
fstring ascii_p16;
fstring encode_bits;
unsigned char *p = NULL;
size_t linebuf_len = 0;
FILE *fp;
int lockfd;
const char *pfile = smbpasswd_state->smbpasswd_file;
BOOL found_entry = False;
BOOL got_pass_last_set_time = False;
SMB_OFF_T pwd_seekpos = 0;
int i;
int wr_len;
int fd;
if (!*pfile) {
DEBUG(0, ("No SMB password file set\n"));
return False;
}
DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
fp = sys_fopen(pfile, "r+");
if (fp == NULL) {
DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
return False;
}
setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
lockfd = fileno(fp);
if (!pw_file_lock(lockfd, F_WRLCK, 5, &smbpasswd_state->pw_file_lock_depth)) {
DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
fclose(fp);
return False;
}
chmod(pfile, 0600);
while (!feof(fp)) {
pwd_seekpos = sys_ftell(fp);
linebuf[0] = '\0';
fgets(linebuf, sizeof(linebuf), fp);
if (ferror(fp)) {
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
linebuf_len = strlen(linebuf);
if (linebuf[linebuf_len - 1] != '\n') {
c = '\0';
while (!ferror(fp) && !feof(fp)) {
c = fgetc(fp);
if (c == '\n') {
break;
}
}
} else {
linebuf[linebuf_len - 1] = '\0';
}
#ifdef DEBUG_PASSWORD
DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
#endif
if ((linebuf[0] == 0) && feof(fp)) {
DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
break;
}
if (linebuf[0] == '#' || linebuf[0] == '\0') {
DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
continue;
}
p = (unsigned char *) strchr_m(linebuf, ':');
if (p == NULL) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
continue;
}
SMB_ASSERT(sizeof(user_name) > sizeof(linebuf));
strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
user_name[PTR_DIFF(p, linebuf)] = '\0';
if (strequal(user_name, pwd->smb_name)) {
found_entry = True;
break;
}
}
if (!found_entry) {
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n",
pwd->smb_name));
return False;
}
DEBUG(6, ("mod_smbfilepwd_entry: entry exists for user %s\n", pwd->smb_name));
p++;
if (!isdigit(*p)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (uid not number)\n",
pwd->smb_name));
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
while (*p && isdigit(*p)) {
p++;
}
if (*p != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no : after uid)\n",
pwd->smb_name));
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
p++;
pwd_seekpos += PTR_DIFF(p, linebuf);
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (passwd too short)\n",
pwd->smb_name));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return (False);
}
if (p[32] != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no terminating :)\n",
pwd->smb_name));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
p += 33;
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (passwd too short)\n",
pwd->smb_name));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return (False);
}
if (p[32] != ':') {
DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry for user %s (no terminating :)\n",
pwd->smb_name));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
p += 33;
if (*p == '[') {
i = 0;
encode_bits[i++] = *p++;
while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']')) {
encode_bits[i++] = *p++;
}
encode_bits[i++] = ']';
encode_bits[i++] = '\0';
if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
} else {
DEBUG(0,("mod_smbfilepwd_entry: Using old smbpasswd format for user %s. \
This is no longer supported.!\n", pwd->smb_name));
DEBUG(0,("mod_smbfilepwd_entry: No changes made, failing.!\n"));
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
if(linebuf_len > PTR_DIFF(p, linebuf)) {
p++;
}
if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
p++;
if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
p += 4;
for(i = 0; i < 8; i++) {
if(p[i] == '\0' || !isxdigit(p[i])) {
break;
}
}
if(i == 8) {
got_pass_last_set_time = True;
}
}
}
}
pdb_sethexpwd(ascii_p16, pwd->smb_passwd, pwd->acct_ctrl);
ascii_p16[32] = ':';
wr_len = 66;
pdb_sethexpwd(ascii_p16+33, pwd->smb_nt_passwd, pwd->acct_ctrl);
ascii_p16[65] = ':';
ascii_p16[66] = '\0';
if(got_pass_last_set_time) {
slprintf(&ascii_p16[strlen(ascii_p16)],
sizeof(ascii_p16)-(strlen(ascii_p16)+1),
"%s:LCT-%08X:",
encode_bits, (uint32)pwd->pass_last_set_time );
wr_len = strlen(ascii_p16);
}
#ifdef DEBUG_PASSWORD
DEBUG(100,("mod_smbfilepwd_entry: "));
dump_data(100, ascii_p16, wr_len);
#endif
if(wr_len > sizeof(linebuf)) {
DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return (False);
}
fd = fileno(fp);
if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
if (read(fd, linebuf, wr_len+1) != wr_len+1) {
DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) {
DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
if (write(fd, ascii_p16, wr_len) != wr_len) {
DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return False;
}
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
return True;
}
static BOOL del_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const char *name)
{
const char *pfile = smbpasswd_state->smbpasswd_file;
pstring pfile2;
struct smb_passwd *pwd = NULL;
FILE *fp = NULL;
FILE *fp_write = NULL;
int pfile2_lockdepth = 0;
slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)sys_getpid() );
if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &smbpasswd_state->pw_file_lock_depth)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
return False;
}
if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
return False;
}
while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
char *new_entry;
size_t new_entry_length;
if (strequal(name, pwd->smb_name)) {
DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name));
continue;
}
if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) {
DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
unlink(pfile2);
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
endsmbfilepwent(fp_write, &pfile2_lockdepth);
return False;
}
new_entry_length = strlen(new_entry);
if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) {
DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
unlink(pfile2);
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
endsmbfilepwent(fp_write, &pfile2_lockdepth);
free(new_entry);
return False;
}
free(new_entry);
}
if(fflush(fp_write) != 0) {
DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
endsmbfilepwent(fp_write,&pfile2_lockdepth);
return False;
}
if(rename(pfile2,pfile) != 0) {
unlink(pfile2);
}
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
endsmbfilepwent(fp_write,&pfile2_lockdepth);
return True;
}
static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
uint32 rid;
if (sampass == NULL)
return False;
ZERO_STRUCTP(smb_pw);
if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
rid = pdb_get_user_rid(sampass);
if (rid == DOMAIN_USER_RID_GUEST) {
struct passwd *passwd = getpwnam_alloc(lp_guestaccount());
if (!passwd) {
DEBUG(0, ("Could not find gest account via getpwnam()! (%s)\n", lp_guestaccount()));
return False;
}
smb_pw->smb_userid=passwd->pw_uid;
passwd_free(&passwd);
} else if (algorithmic_pdb_rid_is_user(rid)) {
smb_pw->smb_userid=algorithmic_pdb_user_rid_to_uid(rid);
} else {
DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
return False;
}
}
smb_pw->smb_name=(const char*)pdb_get_username(sampass);
smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
return True;
}
static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
{
struct passwd *pwfile;
if (sam_pass==NULL) {
DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
return False;
}
if ( !(pwfile = getpwnam_alloc(pw_buf->smb_name)) ) {
DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid "
"%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
return False;
}
if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile, False)))
return False;
passwd_free(&pwfile);
pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
return True;
}
static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
update ? PWF_UPDATE : PWF_READ,
&(smbpasswd_state->pw_file_lock_depth));
if (!smbpasswd_state->pw_file && update && errno == ENOENT) {
FILE *fp;
DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
if (fp) {
fprintf(fp, "# Samba SMB password file\n");
fclose(fp);
}
smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
update ? PWF_UPDATE : PWF_READ,
&(smbpasswd_state->pw_file_lock_depth));
}
if (smbpasswd_state->pw_file != NULL)
return NT_STATUS_OK;
else
return NT_STATUS_UNSUCCESSFUL;
}
static void smbpasswd_endsampwent (struct pdb_methods *my_methods)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
}
static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *pw_buf=NULL;
BOOL done = False;
DEBUG(5,("pdb_getsampwent\n"));
if (user==NULL) {
DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
#if 0
smb_panic("NULL pointer passed to getsampwent (smbpasswd)\n");
#endif
return nt_status;
}
while (!done) {
pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
if (pw_buf == NULL)
return nt_status;
if (build_sam_account(smbpasswd_state, user, pw_buf))
done = True;
}
DEBUG(5,("getsampwent (smbpasswd): done\n"));
return NT_STATUS_OK;
}
static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
SAM_ACCOUNT *sam_acct, const char *username)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
void *fp = NULL;
DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
if (fp == NULL) {
DEBUG(0, ("Unable to open passdb database.\n"));
return nt_status;
}
while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
;
endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
if (smb_pw == NULL)
return nt_status;
DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
if (!sam_acct) {
DEBUG(10,("getsampwnam (smbpasswd): SAM_ACCOUNT is NULL\n"));
#if 0
smb_panic("NULL pointer passed to pdb_getsampwnam\n");
#endif
return nt_status;
}
if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
return nt_status;
return NT_STATUS_OK;
}
static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
void *fp = NULL;
fstring sid_str;
uint32 rid;
DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n", sid_to_string(sid_str, sid)));
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_UNSUCCESSFUL;
if (rid == DOMAIN_USER_RID_GUEST) {
const char *guest_account = lp_guestaccount();
if (!(guest_account && *guest_account)) {
DEBUG(1, ("Guest account not specfied!\n"));
return nt_status;
}
return smbpasswd_getsampwnam(my_methods, sam_acct, guest_account);
}
fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
if (fp == NULL) {
DEBUG(0, ("Unable to open passdb database.\n"));
return nt_status;
}
while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (algorithmic_pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
;
endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
if (smb_pw == NULL)
return nt_status;
DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
if (!sam_acct) {
DEBUG(10,("getsampwrid: (smbpasswd) SAM_ACCOUNT is NULL\n"));
#if 0
smb_panic("NULL pointer passed to pdb_getsampwrid\n");
#endif
return nt_status;
}
if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
return nt_status;
if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
fstring sid_string1, sid_string2;
DEBUG(1, ("looking for user with sid %s instead returned %s for account %s!?!\n",
sid_to_string(sid_string1, sid), sid_to_string(sid_string2, pdb_get_user_sid(sam_acct)), pdb_get_username(sam_acct)));
return NT_STATUS_NO_SUCH_USER;
}
return NT_STATUS_OK;
}
static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd smb_pw;
if (!build_smb_pass(&smb_pw, sampass)) {
return NT_STATUS_UNSUCCESSFUL;
}
if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd smb_pw;
if (!build_smb_pass(&smb_pw, sampass)) {
DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
const char *username = pdb_get_username(sampass);
if (del_smbfilepwd_entry(smbpasswd_state, username))
return NT_STATUS_OK;
return NT_STATUS_UNSUCCESSFUL;
}
static void free_private_data(void **vp)
{
struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth));
*privates = NULL;
}
static NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct smbpasswd_privates *privates;
if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
return nt_status;
}
(*pdb_method)->name = "smbpasswd";
(*pdb_method)->setsampwent = smbpasswd_setsampwent;
(*pdb_method)->endsampwent = smbpasswd_endsampwent;
(*pdb_method)->getsampwent = smbpasswd_getsampwent;
(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
(*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
privates = TALLOC_ZERO_P(pdb_context->mem_ctx, struct smbpasswd_privates);
if (!privates) {
DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
if (location) {
privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, location);
} else {
privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, lp_smb_passwd_file());
}
if (!privates->smbpasswd_file) {
DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
return NT_STATUS_NO_MEMORY;
}
(*pdb_method)->private_data = privates;
(*pdb_method)->free_private_data = free_private_data;
return NT_STATUS_OK;
}
NTSTATUS pdb_smbpasswd_init(void)
{
return smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
}