関数 | |
const char * | my_sam_name (void) |
static int | samu_destroy (struct samu *user) |
samu * | samu_new (TALLOC_CTX *ctx) |
static NTSTATUS | samu_set_unix_internal (struct samu *user, const struct passwd *pwd, BOOL create) |
NTSTATUS | samu_set_unix (struct samu *user, const struct passwd *pwd) |
NTSTATUS | samu_alloc_rid_unix (struct samu *user, const struct passwd *pwd) |
char * | pdb_encode_acct_ctrl (uint32 acct_ctrl, size_t length) |
uint32 | pdb_decode_acct_ctrl (const char *p) |
void | pdb_sethexpwd (char *p, const unsigned char *pwd, uint32 acct_ctrl) |
BOOL | pdb_gethexpwd (const char *p, unsigned char *pwd) |
void | pdb_sethexhours (char *p, const unsigned char *hours) |
BOOL | pdb_gethexhours (const char *p, unsigned char *hours) |
int | algorithmic_rid_base (void) |
uid_t | algorithmic_pdb_user_rid_to_uid (uint32 user_rid) |
uid_t | max_algorithmic_uid (void) |
uint32 | algorithmic_pdb_uid_to_user_rid (uid_t uid) |
gid_t | pdb_group_rid_to_gid (uint32 group_rid) |
gid_t | max_algorithmic_gid (void) |
uint32 | algorithmic_pdb_gid_to_group_rid (gid_t gid) |
static BOOL | rid_is_well_known (uint32 rid) |
BOOL | algorithmic_pdb_rid_is_user (uint32 rid) |
BOOL | lookup_global_sam_name (const char *user, int flags, uint32_t *rid, enum lsa_SidType *type) |
NTSTATUS | local_password_change (const char *user_name, int local_flags, const char *new_passwd, char *err_str, size_t err_str_len, char *msg_str, size_t msg_str_len) |
BOOL | init_sam_from_buffer_v3 (struct samu *sampass, uint8 *buf, uint32 buflen) |
uint32 | init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_only) |
BOOL | pdb_copy_sam_account (struct samu *dst, struct samu *src) |
BOOL | pdb_update_bad_password_count (struct samu *sampass, BOOL *updated) |
BOOL | pdb_update_autolock_flag (struct samu *sampass, BOOL *updated) |
BOOL | pdb_increment_bad_password_count (struct samu *sampass) |
const char* my_sam_name | ( | void | ) |
参照先 global_myname・lp_workgroup()・ROLE_STANDALONE.
参照元 make_user_info_map().
00040 { 00041 /* standalone servers can only use the local netbios name */ 00042 if ( lp_server_role() == ROLE_STANDALONE ) 00043 return global_myname(); 00044 00045 /* Windows domain members default to the DOMAIN 00046 name when not specified */ 00047 return lp_workgroup(); 00048 }
static int samu_destroy | ( | struct samu * | user | ) | [static] |
参照先 data_blob_clear_free()・samu::lm_pw・samu::nt_pw・samu::plaintext_pw.
参照元 samu_new().
00054 { 00055 data_blob_clear_free( &user->lm_pw ); 00056 data_blob_clear_free( &user->nt_pw ); 00057 00058 if ( user->plaintext_pw ) 00059 memset( user->plaintext_pw, 0x0, strlen(user->plaintext_pw) ); 00060 00061 return 0; 00062 }
struct samu* samu_new | ( | TALLOC_CTX * | ctx | ) |
参照先 samu::acct_ctrl・samu::acct_desc・samu::bad_password_count・samu::comment・samu::domain・samu::fields_present・samu::full_name・get_time_t_max()・samu::home_dir・samu::hours・samu::hours_len・samu::kickoff_time・samu::logoff_time・samu::logon_count・samu::logon_divs・samu::logon_script・samu::logon_time・samu::methods・samu::munged_dial・samu::nt_username・samu::pass_can_change_time・samu::pass_last_set_time・samu::pass_must_change_time・samu::plaintext_pw・samu::profile_path・samu_destroy()・samu::unknown_6・samu::username・samu::workstations.
参照元 _net_srv_pwset()・_samr_delete_dom_user()・_samr_open_user()・_samr_query_usergroups()・_samr_set_sec_obj()・_samr_set_userinfo()・_samr_set_userinfo2()・api_NetUserGetGroups()・check_change_pw_access()・check_lanman_password()・check_oem_password()・check_sam_security()・copy_serverinfo()・create_token_from_username()・delete_machine_entry()・delete_user_entry()・export_database()・fetch_account_info()・fetch_group_mem_info()・fix_users_list()・get_md4pw()・get_user_info_16()・get_user_info_18()・get_user_info_20()・get_user_info_21()・get_user_info_7()・get_user_info_9()・ldapsam_create_user()・local_password_change()・lookup_global_sam_name()・lookup_global_sam_rid()・lookup_usergroups()・main()・make_new_server_info_guest()・make_server_info_info3()・make_server_info_pw()・net_sam_provision()・net_sam_set_pwdmustchangenow()・net_sam_set_userflag()・net_sam_userset()・new_machine()・new_user()・next_entry_users()・pam_sm_acct_mgmt()・pam_sm_authenticate()・pam_sm_chauthtok()・pdb_default_add_groupmem()・pdb_default_create_user()・pdb_default_del_groupmem()・pdb_default_uid_to_sid()・pdb_getsampwnam()・print_user_info()・print_users_list()・process_root()・sam_query_user()・set_user_info()・tdbsam_convert()・tdbsam_rename_sam_account()・update_smbpassword_file().
00069 { 00070 struct samu *user; 00071 00072 if ( !(user = TALLOC_ZERO_P( ctx, struct samu )) ) { 00073 DEBUG(0,("samuser_new: Talloc failed!\n")); 00074 return NULL; 00075 } 00076 00077 talloc_set_destructor( user, samu_destroy ); 00078 00079 /* no initial methods */ 00080 00081 user->methods = NULL; 00082 00083 /* Don't change these timestamp settings without a good reason. 00084 They are important for NT member server compatibility. */ 00085 00086 user->logon_time = (time_t)0; 00087 user->pass_last_set_time = (time_t)0; 00088 user->pass_can_change_time = (time_t)0; 00089 user->logoff_time = get_time_t_max(); 00090 user->kickoff_time = get_time_t_max(); 00091 user->pass_must_change_time = get_time_t_max(); 00092 user->fields_present = 0x00ffffff; 00093 user->logon_divs = 168; /* hours per week */ 00094 user->hours_len = 21; /* 21 times 8 bits = 168 */ 00095 memset(user->hours, 0xff, user->hours_len); /* available at all hours */ 00096 user->bad_password_count = 0; 00097 user->logon_count = 0; 00098 user->unknown_6 = 0x000004ec; /* don't know */ 00099 00100 /* Some parts of samba strlen their pdb_get...() returns, 00101 so this keeps the interface unchanged for now. */ 00102 00103 user->username = ""; 00104 user->domain = ""; 00105 user->nt_username = ""; 00106 user->full_name = ""; 00107 user->home_dir = ""; 00108 user->logon_script = ""; 00109 user->profile_path = ""; 00110 user->acct_desc = ""; 00111 user->workstations = ""; 00112 user->comment = ""; 00113 user->munged_dial = ""; 00114 00115 user->plaintext_pw = NULL; 00116 00117 /* Unless we know otherwise have a Account Control Bit 00118 value of 'normal user'. This helps User Manager, which 00119 asks for a filtered list of users. */ 00120 00121 user->acct_ctrl = ACB_NORMAL; 00122 00123 00124 return user; 00125 }
static NTSTATUS samu_set_unix_internal | ( | struct samu * | user, | |
const struct passwd * | pwd, | |||
BOOL | create | |||
) | [static] |
参照先 algorithmic_pdb_uid_to_user_rid()・samu::domain・get_global_sam_name()・get_global_sam_sid()・gid_to_sid()・global_myname・samu::group_sid・PDB_DEFAULT・pdb_new_rid()・pdb_rid_algorithm()・PDB_SET・pdb_set_acct_ctrl()・pdb_set_dir_drive()・pdb_set_domain()・pdb_set_fullname()・pdb_set_group_sid()・pdb_set_homedir()・pdb_set_logon_script()・pdb_set_profile_path()・pdb_set_user_sid()・pdb_set_user_sid_from_rid()・pdb_set_username()・sid_append_rid()・sid_copy()・strequal()・talloc_sub_specified()・tcopy_passwd()・samu::unix_pw・samu::user_sid.
参照元 samu_alloc_rid_unix()・samu_set_unix().
00134 { 00135 const char *guest_account = lp_guestaccount(); 00136 const char *domain = global_myname(); 00137 uint32 urid; 00138 00139 if ( !pwd ) { 00140 return NT_STATUS_NO_SUCH_USER; 00141 } 00142 00143 /* Basic properties based upon the Unix account information */ 00144 00145 pdb_set_username(user, pwd->pw_name, PDB_SET); 00146 pdb_set_fullname(user, pwd->pw_gecos, PDB_SET); 00147 pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT); 00148 #if 0 00149 /* This can lead to a primary group of S-1-22-2-XX which 00150 will be rejected by other parts of the Samba code. 00151 Rely on pdb_get_group_sid() to "Do The Right Thing" (TM) 00152 --jerry */ 00153 00154 gid_to_sid(&group_sid, pwd->pw_gid); 00155 pdb_set_group_sid(user, &group_sid, PDB_SET); 00156 #endif 00157 00158 /* save the password structure for later use */ 00159 00160 user->unix_pw = tcopy_passwd( user, pwd ); 00161 00162 /* Special case for the guest account which must have a RID of 501 */ 00163 00164 if ( strequal( pwd->pw_name, guest_account ) ) { 00165 if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) { 00166 return NT_STATUS_NO_SUCH_USER; 00167 } 00168 return NT_STATUS_OK; 00169 } 00170 00171 /* Non-guest accounts...Check for a workstation or user account */ 00172 00173 if (pwd->pw_name[strlen(pwd->pw_name)-1] == '$') { 00174 /* workstation */ 00175 00176 if (!pdb_set_acct_ctrl(user, ACB_WSTRUST, PDB_DEFAULT)) { 00177 DEBUG(1, ("Failed to set 'workstation account' flags for user %s.\n", 00178 pwd->pw_name)); 00179 return NT_STATUS_INVALID_COMPUTER_NAME; 00180 } 00181 } 00182 else { 00183 /* user */ 00184 00185 if (!pdb_set_acct_ctrl(user, ACB_NORMAL, PDB_DEFAULT)) { 00186 DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", 00187 pwd->pw_name)); 00188 return NT_STATUS_INVALID_ACCOUNT_NAME; 00189 } 00190 00191 /* set some basic attributes */ 00192 00193 pdb_set_profile_path(user, talloc_sub_specified(user, 00194 lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 00195 PDB_DEFAULT); 00196 pdb_set_homedir(user, talloc_sub_specified(user, 00197 lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 00198 PDB_DEFAULT); 00199 pdb_set_dir_drive(user, talloc_sub_specified(user, 00200 lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 00201 PDB_DEFAULT); 00202 pdb_set_logon_script(user, talloc_sub_specified(user, 00203 lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 00204 PDB_DEFAULT); 00205 } 00206 00207 /* Now deal with the user SID. If we have a backend that can generate 00208 RIDs, then do so. But sometimes the caller just wanted a structure 00209 initialized and will fill in these fields later (such as from a 00210 NET_USER_INFO_3 structure) */ 00211 00212 if ( create && !pdb_rid_algorithm() ) { 00213 uint32 user_rid; 00214 DOM_SID user_sid; 00215 00216 if ( !pdb_new_rid( &user_rid ) ) { 00217 DEBUG(3, ("Could not allocate a new RID\n")); 00218 return NT_STATUS_ACCESS_DENIED; 00219 } 00220 00221 sid_copy( &user_sid, get_global_sam_sid() ); 00222 sid_append_rid( &user_sid, user_rid ); 00223 00224 if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) { 00225 DEBUG(3, ("pdb_set_user_sid failed\n")); 00226 return NT_STATUS_INTERNAL_ERROR; 00227 } 00228 00229 return NT_STATUS_OK; 00230 } 00231 00232 /* generate a SID for the user with the RID algorithm */ 00233 00234 urid = algorithmic_pdb_uid_to_user_rid( user->unix_pw->pw_uid ); 00235 00236 if ( !pdb_set_user_sid_from_rid( user, urid, PDB_SET) ) { 00237 return NT_STATUS_INTERNAL_ERROR; 00238 } 00239 00240 return NT_STATUS_OK; 00241 }
参照元 fill_sam_account()・guest_user_info()・local_password_change()・main()・make_server_info_pw().
00248 { 00249 return samu_set_unix_internal( user, pwd, False ); 00250 }
参照元 new_machine()・new_user()・pdb_default_create_user().
00253 { 00254 return samu_set_unix_internal( user, pwd, True ); 00255 }
char* pdb_encode_acct_ctrl | ( | uint32 | acct_ctrl, | |
size_t | length | |||
) |
参照元 display_account_info()・fetch_account_info()・fetch_account_info_to_ldif()・init_ldap_from_sam()・net_sam_provision()・print_sam_info().
00264 { 00265 static fstring acct_str; 00266 00267 size_t i = 0; 00268 00269 SMB_ASSERT(length <= sizeof(acct_str)); 00270 00271 acct_str[i++] = '['; 00272 00273 if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; 00274 if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; 00275 if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; 00276 if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; 00277 if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; 00278 if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; 00279 if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; 00280 if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; 00281 if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; 00282 if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; 00283 if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; 00284 00285 for ( ; i < length - 2 ; i++ ) 00286 acct_str[i] = ' '; 00287 00288 i = length - 2; 00289 acct_str[i++] = ']'; 00290 acct_str[i++] = '\0'; 00291 00292 return acct_str; 00293 }
uint32 pdb_decode_acct_ctrl | ( | const char * | p | ) |
参照先 samu::acct_ctrl.
参照元 init_sam_from_ldap()・ldapuser2displayentry()・set_user_info()・startsmbfilepwent().
00300 { 00301 uint32 acct_ctrl = 0; 00302 BOOL finished = False; 00303 00304 /* 00305 * Check if the account type bits have been encoded after the 00306 * NT password (in the form [NDHTUWSLXI]). 00307 */ 00308 00309 if (*p != '[') 00310 return 0; 00311 00312 for (p++; *p && !finished; p++) { 00313 switch (*p) { 00314 case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } 00315 case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } 00316 case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } 00317 case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } 00318 case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } 00319 case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } 00320 case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } 00321 case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 00322 case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 00323 case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } 00324 case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } 00325 case ' ': { break; } 00326 case ':': 00327 case '\n': 00328 case '\0': 00329 case ']': 00330 default: { finished = True; } 00331 } 00332 } 00333 00334 return acct_ctrl; 00335 }
void pdb_sethexpwd | ( | char * | p, | |
const unsigned char * | pwd, | |||
uint32 | acct_ctrl | |||
) |
参照元 display_account_info()・fetch_account_info_to_ldif()・init_ldap_from_sam()・print_sam_info().
00342 { 00343 if (pwd != NULL) { 00344 int i; 00345 for (i = 0; i < 16; i++) 00346 slprintf(&p[i*2], 3, "%02X", pwd[i]); 00347 } else { 00348 if (acct_ctrl & ACB_PWNOTREQ) 00349 safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32); 00350 else 00351 safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32); 00352 } 00353 }
BOOL pdb_gethexpwd | ( | const char * | p, | |
unsigned char * | pwd | |||
) |
参照先 toupper_ascii().
参照元 init_sam_from_ldap()・startsmbfilepwent().
00361 { 00362 int i; 00363 unsigned char lonybble, hinybble; 00364 const char *hexchars = "0123456789ABCDEF"; 00365 char *p1, *p2; 00366 00367 if (!p) 00368 return (False); 00369 00370 for (i = 0; i < 32; i += 2) { 00371 hinybble = toupper_ascii(p[i]); 00372 lonybble = toupper_ascii(p[i + 1]); 00373 00374 p1 = strchr(hexchars, hinybble); 00375 p2 = strchr(hexchars, lonybble); 00376 00377 if (!p1 || !p2) 00378 return (False); 00379 00380 hinybble = PTR_DIFF(p1, hexchars); 00381 lonybble = PTR_DIFF(p2, hexchars); 00382 00383 pwd[i / 2] = (hinybble << 4) | lonybble; 00384 } 00385 return (True); 00386 }
void pdb_sethexhours | ( | char * | p, | |
const unsigned char * | hours | |||
) |
参照元 copy_id21_to_sam_passwd()・init_ldap_from_sam()・print_sam_info()・sam_account_from_delta().
00393 { 00394 if (hours != NULL) { 00395 int i; 00396 for (i = 0; i < 21; i++) { 00397 slprintf(&p[i*2], 3, "%02X", hours[i]); 00398 } 00399 } else { 00400 safe_strcpy(p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 43); 00401 } 00402 }
BOOL pdb_gethexhours | ( | const char * | p, | |
unsigned char * | hours | |||
) |
参照先 toupper_ascii().
参照元 init_sam_from_ldap().
00410 { 00411 int i; 00412 unsigned char lonybble, hinybble; 00413 const char *hexchars = "0123456789ABCDEF"; 00414 char *p1, *p2; 00415 00416 if (!p) { 00417 return (False); 00418 } 00419 00420 for (i = 0; i < 42; i += 2) { 00421 hinybble = toupper_ascii(p[i]); 00422 lonybble = toupper_ascii(p[i + 1]); 00423 00424 p1 = strchr(hexchars, hinybble); 00425 p2 = strchr(hexchars, lonybble); 00426 00427 if (!p1 || !p2) { 00428 return (False); 00429 } 00430 00431 hinybble = PTR_DIFF(p1, hexchars); 00432 lonybble = PTR_DIFF(p2, hexchars); 00433 00434 hours[i / 2] = (hinybble << 4) | lonybble; 00435 } 00436 return (True); 00437 }
int algorithmic_rid_base | ( | void | ) |
参照元 add_new_domain_info()・algorithmic_pdb_gid_to_group_rid()・algorithmic_pdb_uid_to_user_rid()・algorithmic_pdb_user_rid_to_uid()・pdb_group_rid_to_gid()・pdb_init_ldapsam()・pdb_new_rid().
00443 { 00444 static int rid_offset = 0; 00445 00446 if (rid_offset != 0) 00447 return rid_offset; 00448 00449 rid_offset = lp_algorithmic_rid_base(); 00450 00451 if (rid_offset < BASE_RID) { 00452 /* Try to prevent admin foot-shooting, we can't put algorithmic 00453 rids below 1000, that's the 'well known RIDs' on NT */ 00454 DEBUG(0, ("'algorithmic rid base' must be equal to or above %ld\n", BASE_RID)); 00455 rid_offset = BASE_RID; 00456 } 00457 if (rid_offset & 1) { 00458 DEBUG(0, ("algorithmic rid base must be even\n")); 00459 rid_offset += 1; 00460 } 00461 return rid_offset; 00462 }
uid_t algorithmic_pdb_user_rid_to_uid | ( | uint32 | user_rid | ) |
00469 { 00470 int rid_offset = algorithmic_rid_base(); 00471 return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER); 00472 }
uid_t max_algorithmic_uid | ( | void | ) |
参照先 algorithmic_pdb_user_rid_to_uid().
00475 { 00476 return algorithmic_pdb_user_rid_to_uid(0xfffffffe); 00477 }
uint32 algorithmic_pdb_uid_to_user_rid | ( | uid_t | uid | ) |
00484 { 00485 int rid_offset = algorithmic_rid_base(); 00486 return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE); 00487 }
gid_t pdb_group_rid_to_gid | ( | uint32 | group_rid | ) |
00494 { 00495 int rid_offset = algorithmic_rid_base(); 00496 return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER); 00497 }
gid_t max_algorithmic_gid | ( | void | ) |
uint32 algorithmic_pdb_gid_to_group_rid | ( | gid_t | gid | ) |
参照元 map_unix_group()・net_groupmap_add()・net_groupmap_set()・pdb_default_create_dom_group().
00513 { 00514 int rid_offset = algorithmic_rid_base(); 00515 return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE); 00516 }
static BOOL rid_is_well_known | ( | uint32 | rid | ) | [static] |
参照元 algorithmic_pdb_rid_is_user().
00523 { 00524 /* Not using rid_offset here, because this is the actual 00525 NT fixed value (1000) */ 00526 00527 return (rid < BASE_RID); 00528 }
BOOL algorithmic_pdb_rid_is_user | ( | uint32 | rid | ) |
参照先 rid_is_well_known().
00535 { 00536 if ( rid_is_well_known(rid) ) { 00537 /* 00538 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN 00539 * and DOMAIN_USER_RID_GUEST. 00540 */ 00541 if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) 00542 return True; 00543 } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { 00544 return True; 00545 } 00546 return False; 00547 }
BOOL lookup_global_sam_name | ( | const char * | user, | |
int | flags, | |||
uint32_t * | rid, | |||
enum lsa_SidType * | type | |||
) |
参照先 become_root()・pdb_get_user_sid()・pdb_getgrnam()・pdb_getsampwnam()・samu_new()・_GROUP_MAP::sid・sid_check_is_in_our_domain()・sid_copy()・SID_NAME_DOM_GRP・_GROUP_MAP::sid_name_use・SID_NAME_USER・sid_peek_rid()・sid_string_static()・strequal()・unbecome_root()・samu::user_sid.
参照元 _samr_lookup_names()・lookup_name()・pdb_default_lookup_names().
00555 { 00556 GROUP_MAP map; 00557 BOOL ret; 00558 00559 /* Windows treats "MACHINE\None" as a special name for 00560 rid 513 on non-DCs. You cannot create a user or group 00561 name "None" on Windows. You will get an error that 00562 the group already exists. */ 00563 00564 if ( strequal( user, "None" ) ) { 00565 *rid = DOMAIN_GROUP_RID_USERS; 00566 *type = SID_NAME_DOM_GRP; 00567 00568 return True; 00569 } 00570 00571 /* LOOKUP_NAME_GROUP is a hack to allow valid users = @foo to work 00572 * correctly in the case where foo also exists as a user. If the flag 00573 * is set, don't look for users at all. */ 00574 00575 if ((flags & LOOKUP_NAME_GROUP) == 0) { 00576 struct samu *sam_account = NULL; 00577 DOM_SID user_sid; 00578 00579 if ( !(sam_account = samu_new( NULL )) ) { 00580 return False; 00581 } 00582 00583 become_root(); 00584 ret = pdb_getsampwnam(sam_account, user); 00585 unbecome_root(); 00586 00587 if (ret) { 00588 sid_copy(&user_sid, pdb_get_user_sid(sam_account)); 00589 } 00590 00591 TALLOC_FREE(sam_account); 00592 00593 if (ret) { 00594 if (!sid_check_is_in_our_domain(&user_sid)) { 00595 DEBUG(0, ("User %s with invalid SID %s in passdb\n", 00596 user, sid_string_static(&user_sid))); 00597 return False; 00598 } 00599 00600 sid_peek_rid(&user_sid, rid); 00601 *type = SID_NAME_USER; 00602 return True; 00603 } 00604 } 00605 00606 /* 00607 * Maybe it is a group ? 00608 */ 00609 00610 become_root(); 00611 ret = pdb_getgrnam(&map, user); 00612 unbecome_root(); 00613 00614 if (!ret) { 00615 return False; 00616 } 00617 00618 /* BUILTIN groups are looked up elsewhere */ 00619 if (!sid_check_is_in_our_domain(&map.sid)) { 00620 DEBUG(10, ("Found group %s (%s) not in our domain -- " 00621 "ignoring.", user, 00622 sid_string_static(&map.sid))); 00623 return False; 00624 } 00625 00626 /* yes it's a mapped group */ 00627 sid_peek_rid(&map.sid, rid); 00628 *type = map.sid_name_use; 00629 return True; 00630 }
NTSTATUS local_password_change | ( | const char * | user_name, | |
int | local_flags, | |||
const char * | new_passwd, | |||
char * | err_str, | |||
size_t | err_str_len, | |||
char * | msg_str, | |||
size_t | msg_str_len | |||
) |
参照先 become_root()・DEBUGLEVEL・getpwnam_alloc()・nt_errstr()・pdb_add_sam_account()・PDB_CHANGED・pdb_delete_sam_account()・pdb_get_acct_ctrl()・pdb_get_lanman_passwd()・pdb_getsampwnam()・pdb_set_acct_ctrl()・pdb_set_plaintext_passwd()・pdb_update_sam_account()・result・samu_new()・samu_set_unix()・unbecome_root().
参照元 _smb_add_user()・change_password()・password_change()・smb_update_db().
00640 { 00641 struct samu *sam_pass=NULL; 00642 uint32 other_acb; 00643 NTSTATUS result; 00644 00645 *err_str = '\0'; 00646 *msg_str = '\0'; 00647 00648 /* Get the smb passwd entry for this user */ 00649 00650 if ( !(sam_pass = samu_new( NULL )) ) { 00651 return NT_STATUS_NO_MEMORY; 00652 } 00653 00654 become_root(); 00655 if(!pdb_getsampwnam(sam_pass, user_name)) { 00656 unbecome_root(); 00657 TALLOC_FREE(sam_pass); 00658 00659 if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) { 00660 int tmp_debug = DEBUGLEVEL; 00661 struct passwd *pwd; 00662 00663 /* Might not exist in /etc/passwd. */ 00664 00665 if (tmp_debug < 1) { 00666 DEBUGLEVEL = 1; 00667 } 00668 00669 if ( !(pwd = getpwnam_alloc( NULL, user_name)) ) { 00670 return NT_STATUS_NO_SUCH_USER; 00671 } 00672 00673 /* create the struct samu and initialize the basic Unix properties */ 00674 00675 if ( !(sam_pass = samu_new( NULL )) ) { 00676 return NT_STATUS_NO_MEMORY; 00677 } 00678 00679 result = samu_set_unix( sam_pass, pwd ); 00680 00681 DEBUGLEVEL = tmp_debug; 00682 00683 TALLOC_FREE( pwd ); 00684 00685 if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PRIMARY_GROUP)) { 00686 return result; 00687 } 00688 00689 if (!NT_STATUS_IS_OK(result)) { 00690 slprintf(err_str, err_str_len-1, "Failed to " "initialize account for user %s: %s\n", 00691 user_name, nt_errstr(result)); 00692 return result; 00693 } 00694 } else { 00695 slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name); 00696 return NT_STATUS_NO_SUCH_USER; 00697 } 00698 } else { 00699 unbecome_root(); 00700 /* the entry already existed */ 00701 local_flags &= ~LOCAL_ADD_USER; 00702 } 00703 00704 /* the 'other' acb bits not being changed here */ 00705 other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL))); 00706 if (local_flags & LOCAL_TRUST_ACCOUNT) { 00707 if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) { 00708 slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); 00709 TALLOC_FREE(sam_pass); 00710 return NT_STATUS_UNSUCCESSFUL; 00711 } 00712 } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { 00713 if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) { 00714 slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); 00715 TALLOC_FREE(sam_pass); 00716 return NT_STATUS_UNSUCCESSFUL; 00717 } 00718 } else { 00719 if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) { 00720 slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); 00721 TALLOC_FREE(sam_pass); 00722 return NT_STATUS_UNSUCCESSFUL; 00723 } 00724 } 00725 00726 /* 00727 * We are root - just write the new password 00728 * and the valid last change time. 00729 */ 00730 00731 if (local_flags & LOCAL_DISABLE_USER) { 00732 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) { 00733 slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name); 00734 TALLOC_FREE(sam_pass); 00735 return NT_STATUS_UNSUCCESSFUL; 00736 } 00737 } else if (local_flags & LOCAL_ENABLE_USER) { 00738 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { 00739 slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); 00740 TALLOC_FREE(sam_pass); 00741 return NT_STATUS_UNSUCCESSFUL; 00742 } 00743 } 00744 00745 if (local_flags & LOCAL_SET_NO_PASSWORD) { 00746 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) { 00747 slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name); 00748 TALLOC_FREE(sam_pass); 00749 return NT_STATUS_UNSUCCESSFUL; 00750 } 00751 } else if (local_flags & LOCAL_SET_PASSWORD) { 00752 /* 00753 * If we're dealing with setting a completely empty user account 00754 * ie. One with a password of 'XXXX', but not set disabled (like 00755 * an account created from scratch) then if the old password was 00756 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag. 00757 * We remove that as we're giving this user their first password 00758 * and the decision hasn't really been made to disable them (ie. 00759 * don't create them disabled). JRA. 00760 */ 00761 if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) { 00762 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { 00763 slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); 00764 TALLOC_FREE(sam_pass); 00765 return NT_STATUS_UNSUCCESSFUL; 00766 } 00767 } 00768 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) { 00769 slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name); 00770 TALLOC_FREE(sam_pass); 00771 return NT_STATUS_UNSUCCESSFUL; 00772 } 00773 00774 if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) { 00775 slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name); 00776 TALLOC_FREE(sam_pass); 00777 return NT_STATUS_UNSUCCESSFUL; 00778 } 00779 } 00780 00781 if (local_flags & LOCAL_ADD_USER) { 00782 if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) { 00783 slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); 00784 TALLOC_FREE(sam_pass); 00785 return NT_STATUS_OK; 00786 } else { 00787 slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); 00788 TALLOC_FREE(sam_pass); 00789 return NT_STATUS_UNSUCCESSFUL; 00790 } 00791 } else if (local_flags & LOCAL_DELETE_USER) { 00792 if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) { 00793 slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); 00794 TALLOC_FREE(sam_pass); 00795 return NT_STATUS_UNSUCCESSFUL; 00796 } 00797 slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); 00798 } else { 00799 result = pdb_update_sam_account(sam_pass); 00800 if(!NT_STATUS_IS_OK(result)) { 00801 slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); 00802 TALLOC_FREE(sam_pass); 00803 return result; 00804 } 00805 if(local_flags & LOCAL_DISABLE_USER) 00806 slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); 00807 else if (local_flags & LOCAL_ENABLE_USER) 00808 slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); 00809 else if (local_flags & LOCAL_SET_NO_PASSWORD) 00810 slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); 00811 } 00812 00813 TALLOC_FREE(sam_pass); 00814 return NT_STATUS_OK; 00815 }
参照先 convert_uint32_to_time_t()・len・PDB_DEFAULT・pdb_get_account_policy()・PDB_SET・pdb_set_acct_ctrl()・pdb_set_acct_desc()・pdb_set_bad_password_count()・pdb_set_bad_password_time()・pdb_set_dir_drive()・pdb_set_domain()・pdb_set_fullname()・pdb_set_homedir()・pdb_set_hours()・pdb_set_hours_len()・pdb_set_kickoff_time()・pdb_set_lanman_passwd()・pdb_set_logoff_time()・pdb_set_logon_count()・pdb_set_logon_divs()・pdb_set_logon_script()・pdb_set_logon_time()・pdb_set_munged_dial()・pdb_set_nt_passwd()・pdb_set_nt_username()・pdb_set_pass_can_change_time()・pdb_set_pass_last_set_time()・pdb_set_pass_must_change_time()・pdb_set_profile_path()・pdb_set_pw_history()・pdb_set_unknown_6()・pdb_set_user_sid_from_rid()・pdb_set_username()・pdb_set_workstations()・standard_sub_basic()・talloc_sub_basic()・tdb_unpack()・username.
参照元 init_sam_from_buffer()・pdb_copy_sam_account()・tdbsam_convert().
00827 { 00828 00829 /* times are stored as 32bit integer 00830 take care on system with 64bit wide time_t 00831 --SSS */ 00832 uint32 logon_time, 00833 logoff_time, 00834 kickoff_time, 00835 bad_password_time, 00836 pass_last_set_time, 00837 pass_can_change_time, 00838 pass_must_change_time; 00839 char *username = NULL; 00840 char *domain = NULL; 00841 char *nt_username = NULL; 00842 char *dir_drive = NULL; 00843 char *unknown_str = NULL; 00844 char *munged_dial = NULL; 00845 char *fullname = NULL; 00846 char *homedir = NULL; 00847 char *logon_script = NULL; 00848 char *profile_path = NULL; 00849 char *acct_desc = NULL; 00850 char *workstations = NULL; 00851 uint32 username_len, domain_len, nt_username_len, 00852 dir_drive_len, unknown_str_len, munged_dial_len, 00853 fullname_len, homedir_len, logon_script_len, 00854 profile_path_len, acct_desc_len, workstations_len; 00855 00856 uint32 user_rid, group_rid, hours_len, unknown_6, acct_ctrl; 00857 uint16 logon_divs; 00858 uint16 bad_password_count, logon_count; 00859 uint8 *hours = NULL; 00860 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; 00861 uint32 len = 0; 00862 uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen; 00863 uint32 pwHistLen = 0; 00864 BOOL ret = True; 00865 fstring tmpstring; 00866 BOOL expand_explicit = lp_passdb_expand_explicit(); 00867 00868 if(sampass == NULL || buf == NULL) { 00869 DEBUG(0, ("init_sam_from_buffer_v3: NULL parameters found!\n")); 00870 return False; 00871 } 00872 00873 /* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */ 00874 00875 /* unpack the buffer into variables */ 00876 len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V3, 00877 &logon_time, /* d */ 00878 &logoff_time, /* d */ 00879 &kickoff_time, /* d */ 00880 &bad_password_time, /* d */ 00881 &pass_last_set_time, /* d */ 00882 &pass_can_change_time, /* d */ 00883 &pass_must_change_time, /* d */ 00884 &username_len, &username, /* B */ 00885 &domain_len, &domain, /* B */ 00886 &nt_username_len, &nt_username, /* B */ 00887 &fullname_len, &fullname, /* B */ 00888 &homedir_len, &homedir, /* B */ 00889 &dir_drive_len, &dir_drive, /* B */ 00890 &logon_script_len, &logon_script, /* B */ 00891 &profile_path_len, &profile_path, /* B */ 00892 &acct_desc_len, &acct_desc, /* B */ 00893 &workstations_len, &workstations, /* B */ 00894 &unknown_str_len, &unknown_str, /* B */ 00895 &munged_dial_len, &munged_dial, /* B */ 00896 &user_rid, /* d */ 00897 &group_rid, /* d */ 00898 &lm_pw_len, &lm_pw_ptr, /* B */ 00899 &nt_pw_len, &nt_pw_ptr, /* B */ 00900 /* Change from V1 is addition of password history field. */ 00901 &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */ 00902 /* Change from V2 is the uint32 acb_mask */ 00903 &acct_ctrl, /* d */ 00904 /* Also "remove_me" field was removed. */ 00905 &logon_divs, /* w */ 00906 &hours_len, /* d */ 00907 &hourslen, &hours, /* B */ 00908 &bad_password_count, /* w */ 00909 &logon_count, /* w */ 00910 &unknown_6); /* d */ 00911 00912 if (len == (uint32) -1) { 00913 ret = False; 00914 goto done; 00915 } 00916 00917 pdb_set_logon_time(sampass, convert_uint32_to_time_t(logon_time), PDB_SET); 00918 pdb_set_logoff_time(sampass, convert_uint32_to_time_t(logoff_time), PDB_SET); 00919 pdb_set_kickoff_time(sampass, convert_uint32_to_time_t(kickoff_time), PDB_SET); 00920 pdb_set_bad_password_time(sampass, convert_uint32_to_time_t(bad_password_time), PDB_SET); 00921 pdb_set_pass_can_change_time(sampass, convert_uint32_to_time_t(pass_can_change_time), PDB_SET); 00922 pdb_set_pass_must_change_time(sampass, convert_uint32_to_time_t(pass_must_change_time), PDB_SET); 00923 pdb_set_pass_last_set_time(sampass, convert_uint32_to_time_t(pass_last_set_time), PDB_SET); 00924 00925 pdb_set_username(sampass, username, PDB_SET); 00926 pdb_set_domain(sampass, domain, PDB_SET); 00927 pdb_set_nt_username(sampass, nt_username, PDB_SET); 00928 pdb_set_fullname(sampass, fullname, PDB_SET); 00929 00930 if (homedir) { 00931 fstrcpy( tmpstring, homedir ); 00932 if (expand_explicit) { 00933 standard_sub_basic( username, domain, tmpstring, 00934 sizeof(tmpstring) ); 00935 } 00936 pdb_set_homedir(sampass, tmpstring, PDB_SET); 00937 } 00938 else { 00939 pdb_set_homedir(sampass, 00940 talloc_sub_basic(sampass, username, domain, 00941 lp_logon_home()), 00942 PDB_DEFAULT); 00943 } 00944 00945 if (dir_drive) 00946 pdb_set_dir_drive(sampass, dir_drive, PDB_SET); 00947 else 00948 pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT ); 00949 00950 if (logon_script) { 00951 fstrcpy( tmpstring, logon_script ); 00952 if (expand_explicit) { 00953 standard_sub_basic( username, domain, tmpstring, 00954 sizeof(tmpstring) ); 00955 } 00956 pdb_set_logon_script(sampass, tmpstring, PDB_SET); 00957 } 00958 else { 00959 pdb_set_logon_script(sampass, 00960 talloc_sub_basic(sampass, username, domain, 00961 lp_logon_script()), 00962 PDB_DEFAULT); 00963 } 00964 00965 if (profile_path) { 00966 fstrcpy( tmpstring, profile_path ); 00967 if (expand_explicit) { 00968 standard_sub_basic( username, domain, tmpstring, 00969 sizeof(tmpstring) ); 00970 } 00971 pdb_set_profile_path(sampass, tmpstring, PDB_SET); 00972 } 00973 else { 00974 pdb_set_profile_path(sampass, 00975 talloc_sub_basic(sampass, username, domain, lp_logon_path()), 00976 PDB_DEFAULT); 00977 } 00978 00979 pdb_set_acct_desc(sampass, acct_desc, PDB_SET); 00980 pdb_set_workstations(sampass, workstations, PDB_SET); 00981 pdb_set_munged_dial(sampass, munged_dial, PDB_SET); 00982 00983 if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { 00984 if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) { 00985 ret = False; 00986 goto done; 00987 } 00988 } 00989 00990 if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { 00991 if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) { 00992 ret = False; 00993 goto done; 00994 } 00995 } 00996 00997 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); 00998 if (pwHistLen) { 00999 uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); 01000 if (!pw_hist) { 01001 ret = False; 01002 goto done; 01003 } 01004 memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); 01005 if (nt_pw_hist_ptr && nt_pw_hist_len) { 01006 int i; 01007 SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0); 01008 nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN; 01009 for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) { 01010 memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN], 01011 &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN], 01012 PW_HISTORY_ENTRY_LEN); 01013 } 01014 } 01015 if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) { 01016 SAFE_FREE(pw_hist); 01017 ret = False; 01018 goto done; 01019 } 01020 SAFE_FREE(pw_hist); 01021 } else { 01022 pdb_set_pw_history(sampass, NULL, 0, PDB_SET); 01023 } 01024 01025 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); 01026 pdb_set_hours_len(sampass, hours_len, PDB_SET); 01027 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); 01028 pdb_set_logon_count(sampass, logon_count, PDB_SET); 01029 pdb_set_unknown_6(sampass, unknown_6, PDB_SET); 01030 /* Change from V2 is the uint32 acct_ctrl */ 01031 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 01032 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 01033 pdb_set_hours(sampass, hours, PDB_SET); 01034 01035 done: 01036 01037 SAFE_FREE(username); 01038 SAFE_FREE(domain); 01039 SAFE_FREE(nt_username); 01040 SAFE_FREE(fullname); 01041 SAFE_FREE(homedir); 01042 SAFE_FREE(dir_drive); 01043 SAFE_FREE(logon_script); 01044 SAFE_FREE(profile_path); 01045 SAFE_FREE(acct_desc); 01046 SAFE_FREE(workstations); 01047 SAFE_FREE(munged_dial); 01048 SAFE_FREE(unknown_str); 01049 SAFE_FREE(lm_pw_ptr); 01050 SAFE_FREE(nt_pw_ptr); 01051 SAFE_FREE(nt_pw_hist_ptr); 01052 SAFE_FREE(hours); 01053 01054 return ret; 01055 }
参照先 convert_time_t_to_uint32()・len・PDB_DRIVE・pdb_get_account_policy()・pdb_get_acct_ctrl()・pdb_get_acct_desc()・pdb_get_bad_password_count()・pdb_get_bad_password_time()・pdb_get_dir_drive()・pdb_get_domain()・pdb_get_fullname()・pdb_get_group_rid()・pdb_get_homedir()・pdb_get_hours()・pdb_get_hours_len()・pdb_get_kickoff_time()・pdb_get_lanman_passwd()・pdb_get_logoff_time()・pdb_get_logon_count()・pdb_get_logon_divs()・pdb_get_logon_script()・pdb_get_logon_time()・pdb_get_munged_dial()・pdb_get_nt_passwd()・pdb_get_nt_username()・pdb_get_pass_can_change_time_noncalc()・pdb_get_pass_last_set_time()・pdb_get_pass_must_change_time()・pdb_get_profile_path()・pdb_get_pw_history()・pdb_get_unknown_6()・pdb_get_user_rid()・pdb_get_username()・pdb_get_workstations()・PDB_LOGONSCRIPT・PDB_PROFILE・PDB_SMBHOME・tdb_pack()・username.
参照元 init_buffer_from_sam()・pdb_copy_sam_account().
01061 { 01062 size_t len, buflen; 01063 01064 /* times are stored as 32bit integer 01065 take care on system with 64bit wide time_t 01066 --SSS */ 01067 uint32 logon_time, 01068 logoff_time, 01069 kickoff_time, 01070 bad_password_time, 01071 pass_last_set_time, 01072 pass_can_change_time, 01073 pass_must_change_time; 01074 01075 uint32 user_rid, group_rid; 01076 01077 const char *username; 01078 const char *domain; 01079 const char *nt_username; 01080 const char *dir_drive; 01081 const char *unknown_str; 01082 const char *munged_dial; 01083 const char *fullname; 01084 const char *homedir; 01085 const char *logon_script; 01086 const char *profile_path; 01087 const char *acct_desc; 01088 const char *workstations; 01089 uint32 username_len, domain_len, nt_username_len, 01090 dir_drive_len, unknown_str_len, munged_dial_len, 01091 fullname_len, homedir_len, logon_script_len, 01092 profile_path_len, acct_desc_len, workstations_len; 01093 01094 const uint8 *lm_pw; 01095 const uint8 *nt_pw; 01096 const uint8 *nt_pw_hist; 01097 uint32 lm_pw_len = 16; 01098 uint32 nt_pw_len = 16; 01099 uint32 nt_pw_hist_len; 01100 uint32 pwHistLen = 0; 01101 01102 *buf = NULL; 01103 buflen = 0; 01104 01105 logon_time = convert_time_t_to_uint32(pdb_get_logon_time(sampass)); 01106 logoff_time = convert_time_t_to_uint32(pdb_get_logoff_time(sampass)); 01107 kickoff_time = convert_time_t_to_uint32(pdb_get_kickoff_time(sampass)); 01108 bad_password_time = convert_time_t_to_uint32(pdb_get_bad_password_time(sampass)); 01109 pass_can_change_time = convert_time_t_to_uint32(pdb_get_pass_can_change_time_noncalc(sampass)); 01110 pass_must_change_time = convert_time_t_to_uint32(pdb_get_pass_must_change_time(sampass)); 01111 pass_last_set_time = convert_time_t_to_uint32(pdb_get_pass_last_set_time(sampass)); 01112 01113 user_rid = pdb_get_user_rid(sampass); 01114 group_rid = pdb_get_group_rid(sampass); 01115 01116 username = pdb_get_username(sampass); 01117 if (username) { 01118 username_len = strlen(username) +1; 01119 } else { 01120 username_len = 0; 01121 } 01122 01123 domain = pdb_get_domain(sampass); 01124 if (domain) { 01125 domain_len = strlen(domain) +1; 01126 } else { 01127 domain_len = 0; 01128 } 01129 01130 nt_username = pdb_get_nt_username(sampass); 01131 if (nt_username) { 01132 nt_username_len = strlen(nt_username) +1; 01133 } else { 01134 nt_username_len = 0; 01135 } 01136 01137 fullname = pdb_get_fullname(sampass); 01138 if (fullname) { 01139 fullname_len = strlen(fullname) +1; 01140 } else { 01141 fullname_len = 0; 01142 } 01143 01144 /* 01145 * Only updates fields which have been set (not defaults from smb.conf) 01146 */ 01147 01148 if (!IS_SAM_DEFAULT(sampass, PDB_DRIVE)) { 01149 dir_drive = pdb_get_dir_drive(sampass); 01150 } else { 01151 dir_drive = NULL; 01152 } 01153 if (dir_drive) { 01154 dir_drive_len = strlen(dir_drive) +1; 01155 } else { 01156 dir_drive_len = 0; 01157 } 01158 01159 if (!IS_SAM_DEFAULT(sampass, PDB_SMBHOME)) { 01160 homedir = pdb_get_homedir(sampass); 01161 } else { 01162 homedir = NULL; 01163 } 01164 if (homedir) { 01165 homedir_len = strlen(homedir) +1; 01166 } else { 01167 homedir_len = 0; 01168 } 01169 01170 if (!IS_SAM_DEFAULT(sampass, PDB_LOGONSCRIPT)) { 01171 logon_script = pdb_get_logon_script(sampass); 01172 } else { 01173 logon_script = NULL; 01174 } 01175 if (logon_script) { 01176 logon_script_len = strlen(logon_script) +1; 01177 } else { 01178 logon_script_len = 0; 01179 } 01180 01181 if (!IS_SAM_DEFAULT(sampass, PDB_PROFILE)) { 01182 profile_path = pdb_get_profile_path(sampass); 01183 } else { 01184 profile_path = NULL; 01185 } 01186 if (profile_path) { 01187 profile_path_len = strlen(profile_path) +1; 01188 } else { 01189 profile_path_len = 0; 01190 } 01191 01192 lm_pw = pdb_get_lanman_passwd(sampass); 01193 if (!lm_pw) { 01194 lm_pw_len = 0; 01195 } 01196 01197 nt_pw = pdb_get_nt_passwd(sampass); 01198 if (!nt_pw) { 01199 nt_pw_len = 0; 01200 } 01201 01202 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); 01203 nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len); 01204 if (pwHistLen && nt_pw_hist && nt_pw_hist_len) { 01205 nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN; 01206 } else { 01207 nt_pw_hist_len = 0; 01208 } 01209 01210 acct_desc = pdb_get_acct_desc(sampass); 01211 if (acct_desc) { 01212 acct_desc_len = strlen(acct_desc) +1; 01213 } else { 01214 acct_desc_len = 0; 01215 } 01216 01217 workstations = pdb_get_workstations(sampass); 01218 if (workstations) { 01219 workstations_len = strlen(workstations) +1; 01220 } else { 01221 workstations_len = 0; 01222 } 01223 01224 unknown_str = NULL; 01225 unknown_str_len = 0; 01226 01227 munged_dial = pdb_get_munged_dial(sampass); 01228 if (munged_dial) { 01229 munged_dial_len = strlen(munged_dial) +1; 01230 } else { 01231 munged_dial_len = 0; 01232 } 01233 01234 /* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */ 01235 01236 /* one time to get the size needed */ 01237 len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V3, 01238 logon_time, /* d */ 01239 logoff_time, /* d */ 01240 kickoff_time, /* d */ 01241 bad_password_time, /* d */ 01242 pass_last_set_time, /* d */ 01243 pass_can_change_time, /* d */ 01244 pass_must_change_time, /* d */ 01245 username_len, username, /* B */ 01246 domain_len, domain, /* B */ 01247 nt_username_len, nt_username, /* B */ 01248 fullname_len, fullname, /* B */ 01249 homedir_len, homedir, /* B */ 01250 dir_drive_len, dir_drive, /* B */ 01251 logon_script_len, logon_script, /* B */ 01252 profile_path_len, profile_path, /* B */ 01253 acct_desc_len, acct_desc, /* B */ 01254 workstations_len, workstations, /* B */ 01255 unknown_str_len, unknown_str, /* B */ 01256 munged_dial_len, munged_dial, /* B */ 01257 user_rid, /* d */ 01258 group_rid, /* d */ 01259 lm_pw_len, lm_pw, /* B */ 01260 nt_pw_len, nt_pw, /* B */ 01261 nt_pw_hist_len, nt_pw_hist, /* B */ 01262 pdb_get_acct_ctrl(sampass), /* d */ 01263 pdb_get_logon_divs(sampass), /* w */ 01264 pdb_get_hours_len(sampass), /* d */ 01265 MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */ 01266 pdb_get_bad_password_count(sampass), /* w */ 01267 pdb_get_logon_count(sampass), /* w */ 01268 pdb_get_unknown_6(sampass)); /* d */ 01269 01270 if (size_only) { 01271 return buflen; 01272 } 01273 01274 /* malloc the space needed */ 01275 if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) { 01276 DEBUG(0,("init_buffer_from_sam_v3: Unable to malloc() memory for buffer!\n")); 01277 return (-1); 01278 } 01279 01280 /* now for the real call to tdb_pack() */ 01281 buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V3, 01282 logon_time, /* d */ 01283 logoff_time, /* d */ 01284 kickoff_time, /* d */ 01285 bad_password_time, /* d */ 01286 pass_last_set_time, /* d */ 01287 pass_can_change_time, /* d */ 01288 pass_must_change_time, /* d */ 01289 username_len, username, /* B */ 01290 domain_len, domain, /* B */ 01291 nt_username_len, nt_username, /* B */ 01292 fullname_len, fullname, /* B */ 01293 homedir_len, homedir, /* B */ 01294 dir_drive_len, dir_drive, /* B */ 01295 logon_script_len, logon_script, /* B */ 01296 profile_path_len, profile_path, /* B */ 01297 acct_desc_len, acct_desc, /* B */ 01298 workstations_len, workstations, /* B */ 01299 unknown_str_len, unknown_str, /* B */ 01300 munged_dial_len, munged_dial, /* B */ 01301 user_rid, /* d */ 01302 group_rid, /* d */ 01303 lm_pw_len, lm_pw, /* B */ 01304 nt_pw_len, nt_pw, /* B */ 01305 nt_pw_hist_len, nt_pw_hist, /* B */ 01306 pdb_get_acct_ctrl(sampass), /* d */ 01307 pdb_get_logon_divs(sampass), /* w */ 01308 pdb_get_hours_len(sampass), /* d */ 01309 MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */ 01310 pdb_get_bad_password_count(sampass), /* w */ 01311 pdb_get_logon_count(sampass), /* w */ 01312 pdb_get_unknown_6(sampass)); /* d */ 01313 01314 /* check to make sure we got it correct */ 01315 if (buflen != len) { 01316 DEBUG(0, ("init_buffer_from_sam_v3: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n", 01317 (unsigned long)buflen, (unsigned long)len)); 01318 /* error */ 01319 SAFE_FREE (*buf); 01320 return (-1); 01321 } 01322 01323 return (buflen); 01324 }
参照先 buf・init_buffer_from_sam_v3()・init_sam_from_buffer_v3()・len・samu::methods・tcopy_passwd()・samu::unix_pw.
参照元 copy_serverinfo()・pdb_getsampwnam()・pdb_getsampwsid()・tdbsam_rename_sam_account().
01331 { 01332 uint8 *buf = NULL; 01333 int len; 01334 01335 len = init_buffer_from_sam_v3(&buf, src, False); 01336 if (len == -1 || !buf) { 01337 SAFE_FREE(buf); 01338 return False; 01339 } 01340 01341 if (!init_sam_from_buffer_v3( dst, buf, len )) { 01342 free(buf); 01343 return False; 01344 } 01345 01346 dst->methods = src->methods; 01347 01348 if ( src->unix_pw ) { 01349 dst->unix_pw = tcopy_passwd( dst, src->unix_pw ); 01350 if (!dst->unix_pw) { 01351 free(buf); 01352 return False; 01353 } 01354 } 01355 01356 free(buf); 01357 return True; 01358 }
参照先 become_root()・convert_uint32_to_time_t()・PDB_CHANGED・pdb_get_account_policy()・pdb_get_bad_password_count()・pdb_get_bad_password_time()・pdb_set_bad_password_count()・pdb_set_bad_password_time()・unbecome_root().
参照元 check_sam_security()・pdb_increment_bad_password_count()・set_user_info().
01365 { 01366 time_t LastBadPassword; 01367 uint16 BadPasswordCount; 01368 uint32 resettime; 01369 BOOL res; 01370 01371 BadPasswordCount = pdb_get_bad_password_count(sampass); 01372 if (!BadPasswordCount) { 01373 DEBUG(9, ("No bad password attempts.\n")); 01374 return True; 01375 } 01376 01377 become_root(); 01378 res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime); 01379 unbecome_root(); 01380 01381 if (!res) { 01382 DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n")); 01383 return False; 01384 } 01385 01386 /* First, check if there is a reset time to compare */ 01387 if ((resettime == (uint32) -1) || (resettime == 0)) { 01388 DEBUG(9, ("No reset time, can't reset bad pw count\n")); 01389 return True; 01390 } 01391 01392 LastBadPassword = pdb_get_bad_password_time(sampass); 01393 DEBUG(7, ("LastBadPassword=%d, resettime=%d, current time=%d.\n", 01394 (uint32) LastBadPassword, resettime, (uint32)time(NULL))); 01395 if (time(NULL) > (LastBadPassword + convert_uint32_to_time_t(resettime)*60)){ 01396 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); 01397 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); 01398 if (updated) { 01399 *updated = True; 01400 } 01401 } 01402 01403 return True; 01404 }
参照先 become_root()・convert_uint32_to_time_t()・PDB_CHANGED・pdb_get_account_policy()・pdb_get_acct_ctrl()・pdb_get_bad_password_time()・pdb_get_username()・pdb_set_acct_ctrl()・pdb_set_bad_password_count()・pdb_set_bad_password_time()・unbecome_root().
参照元 check_sam_security()・pdb_increment_bad_password_count()・set_user_info().
01411 { 01412 uint32 duration; 01413 time_t LastBadPassword; 01414 BOOL res; 01415 01416 if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) { 01417 DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n", 01418 pdb_get_username(sampass))); 01419 return True; 01420 } 01421 01422 become_root(); 01423 res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration); 01424 unbecome_root(); 01425 01426 if (!res) { 01427 DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n")); 01428 return False; 01429 } 01430 01431 /* First, check if there is a duration to compare */ 01432 if ((duration == (uint32) -1) || (duration == 0)) { 01433 DEBUG(9, ("pdb_update_autolock_flag: No reset duration, can't reset autolock\n")); 01434 return True; 01435 } 01436 01437 LastBadPassword = pdb_get_bad_password_time(sampass); 01438 DEBUG(7, ("pdb_update_autolock_flag: Account %s, LastBadPassword=%d, duration=%d, current time =%d.\n", 01439 pdb_get_username(sampass), (uint32)LastBadPassword, duration*60, (uint32)time(NULL))); 01440 01441 if (LastBadPassword == (time_t)0) { 01442 DEBUG(1,("pdb_update_autolock_flag: Account %s administratively locked out with no \ 01443 bad password time. Leaving locked out.\n", 01444 pdb_get_username(sampass) )); 01445 return True; 01446 } 01447 01448 if ((time(NULL) > (LastBadPassword + convert_uint32_to_time_t(duration) * 60))) { 01449 pdb_set_acct_ctrl(sampass, 01450 pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK, 01451 PDB_CHANGED); 01452 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); 01453 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); 01454 if (updated) { 01455 *updated = True; 01456 } 01457 } 01458 01459 return True; 01460 }
参照先 become_root()・PDB_CHANGED・pdb_get_account_policy()・pdb_get_acct_ctrl()・pdb_get_bad_password_count()・pdb_set_acct_ctrl()・pdb_set_bad_password_count()・pdb_set_bad_password_time()・pdb_update_autolock_flag()・pdb_update_bad_password_count()・unbecome_root().
参照元 check_sam_security().
01467 { 01468 uint32 account_policy_lockout; 01469 BOOL autolock_updated = False, badpw_updated = False; 01470 BOOL ret; 01471 01472 /* Retrieve the account lockout policy */ 01473 become_root(); 01474 ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout); 01475 unbecome_root(); 01476 if ( !ret ) { 01477 DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n")); 01478 return False; 01479 } 01480 01481 /* If there is no policy, we don't need to continue checking */ 01482 if (!account_policy_lockout) { 01483 DEBUG(9, ("No lockout policy, don't track bad passwords\n")); 01484 return True; 01485 } 01486 01487 /* Check if the autolock needs to be cleared */ 01488 if (!pdb_update_autolock_flag(sampass, &autolock_updated)) 01489 return False; 01490 01491 /* Check if the badpw count needs to be reset */ 01492 if (!pdb_update_bad_password_count(sampass, &badpw_updated)) 01493 return False; 01494 01495 /* 01496 Ok, now we can assume that any resetting that needs to be 01497 done has been done, and just get on with incrementing 01498 and autolocking if necessary 01499 */ 01500 01501 pdb_set_bad_password_count(sampass, 01502 pdb_get_bad_password_count(sampass)+1, 01503 PDB_CHANGED); 01504 pdb_set_bad_password_time(sampass, time(NULL), PDB_CHANGED); 01505 01506 01507 if (pdb_get_bad_password_count(sampass) < account_policy_lockout) 01508 return True; 01509 01510 if (!pdb_set_acct_ctrl(sampass, 01511 pdb_get_acct_ctrl(sampass) | ACB_AUTOLOCK, 01512 PDB_CHANGED)) { 01513 DEBUG(1, ("pdb_increment_bad_password_count:failed to set 'autolock' flag. \n")); 01514 return False; 01515 } 01516 01517 return True; 01518 }