struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name)
{
struct passwd *pw, *for_cache;
pw = (struct passwd *)memcache_lookup_talloc(
NULL, GETPWNAM_CACHE, data_blob_string_const(name));
if (pw != NULL) {
return tcopy_passwd(mem_ctx, pw);
}
pw = sys_getpwnam(name);
if (pw == NULL) {
return NULL;
}
for_cache = tcopy_passwd(talloc_autofree_context(), pw);
if (for_cache == NULL) {
return NULL;
}
memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const(name),
&for_cache);
return tcopy_passwd(mem_ctx, pw);
}
int main(void)
{
struct passwd *pwd;
char *domain = getenv("TEST_WORKGROUP");
char long_name[65535];
int failed = 0;
sprintf(long_name, "%s/%s", domain, LONG_STRING);
pwd = sys_getpwnam(long_name);
printf("%s\n", !pwd ? "PASS" : "FAIL");
return pwd == NULL;
}
static struct passwd *_Get_Pwnam(char *s)
{
struct passwd *ret;
ret = sys_getpwnam(s);
if (ret) {
#ifdef HAVE_GETPWANAM
struct passwd_adjunct *pwret;
pwret = getpwanam(s);
if (pwret && pwret->pwa_passwd) {
pstrcpy(ret->pw_passwd,pwret->pwa_passwd);
}
#endif
}
return(ret);
}
struct passwd *getpwnam_alloc(const char *name)
{
struct passwd *temp;
temp = sys_getpwnam(name);
if (!temp) {
#if 0
if (errno == ENOMEM) {
/* what now? */
}
#endif
return NULL;
}
return alloc_copy_passwd(temp);
}
struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name)
{
int i;
struct passwd *temp;
init_pwnam_cache();
for (i=0; i<PWNAMCACHE_SIZE; i++) {
if ((pwnam_cache[i] != NULL) &&
(strcmp(name, pwnam_cache[i]->pw_name) == 0)) {
DEBUG(10, ("Got %s from pwnam_cache\n", name));
return talloc_reference(mem_ctx, pwnam_cache[i]);
}
}
temp = sys_getpwnam(name);
if (!temp) {
#if 0
if (errno == ENOMEM) {
/* what now? */
}
#endif
return NULL;
}
for (i=0; i<PWNAMCACHE_SIZE; i++) {
if (pwnam_cache[i] == NULL)
break;
}
if (i == PWNAMCACHE_SIZE)
i = rand() % PWNAMCACHE_SIZE;
if (pwnam_cache[i] != NULL) {
TALLOC_FREE(pwnam_cache[i]);
}
pwnam_cache[i] = tcopy_passwd(pwnam_cache, temp);
if (pwnam_cache[i]!= NULL && mem_ctx != NULL) {
return talloc_reference(mem_ctx, pwnam_cache[i]);
}
return tcopy_passwd(NULL, pwnam_cache[i]);
}
SMB_STRUCT_WPASSWD *wsys_getpwnam(const smb_ucs2_t *wname)
{
static SMB_STRUCT_WPASSWD retval;
fstring name;
struct passwd *pwret = sys_getpwnam(unicode_to_unix(name,wname,sizeof(name)));
if(!pwret)
return NULL;
unix_to_unicode(retval.pw_name, pwret->pw_name, sizeof(retval.pw_name));
retval.pw_passwd = pwret->pw_passwd;
retval.pw_uid = pwret->pw_uid;
retval.pw_gid = pwret->pw_gid;
unix_to_unicode(retval.pw_gecos, pwret->pw_gecos, sizeof(retval.pw_gecos));
unix_to_unicode(retval.pw_dir, pwret->pw_dir, sizeof(retval.pw_dir));
unix_to_unicode(retval.pw_shell, pwret->pw_shell, sizeof(retval.pw_shell));
return &retval;
}
static struct cli_state
*smb_complete_connection(const char *myname,
const char *server,
int port,
const char *username,
const char *password,
const char *workgroup,
const char *share,
int flags)
{
struct cli_state *cli; /* New connection */
NTSTATUS nt_status;
/* Start the SMB connection */
nt_status = cli_start_connection( &cli, myname, server, NULL, port,
Undefined, flags, NULL);
if (!NT_STATUS_IS_OK(nt_status))
{
return NULL;
}
/* We pretty much guarentee password must be valid or a pointer
to a 0 char. */
if (!password) {
return NULL;
}
if ( (username) && (*username) &&
(strlen(password) == 0 ) &&
(cli->use_kerberos) )
{
/* Use kerberos authentication */
struct passwd *pw;
char *cache_file;
if ( !(pw = sys_getpwnam(username)) ) {
fprintf(stderr,"ERROR Can not get %s uid\n", username);
cli_shutdown(cli);
return NULL;
}
/*
* Get the ticket cache of the user to set KRB5CCNAME env
* variable
*/
cache_file = get_ticket_cache( pw->pw_uid );
if ( cache_file == NULL )
{
fprintf(stderr, "ERROR: Can not get the ticket cache for %s\n", username);
cli_shutdown(cli);
return NULL;
}
if ( setenv(KRB5CCNAME, cache_file, OVERWRITE) < 0 )
{
fprintf(stderr, "ERROR: Can not add KRB5CCNAME to the environment");
cli_shutdown(cli);
free(cache_file);
return NULL;
}
free(cache_file);
/*
* Change the UID of the process to be able to read the kerberos
* ticket cache
*/
setuid(pw->pw_uid);
}
if (!NT_STATUS_IS_OK(cli_session_setup(cli, username,
password, strlen(password)+1,
password, strlen(password)+1,
workgroup)))
{
fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli));
if (NT_STATUS_V(cli_nt_error(cli)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
{
fprintf(stderr, "did you forget to run kinit?\n");
}
cli_shutdown(cli);
return NULL;
}
if (!cli_send_tconX(cli, share, "?????", password, strlen(password)+1))
{
fprintf(stderr, "ERROR: Tree connect failed (%s)\n", cli_errstr(cli));
cli_shutdown(cli);
return NULL;
}
return cli;
}
enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
{
DOM_SID sid;
uint32 flags = 0x0;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
DEBUG(3, ("[%5lu]: sid to uid %s\n", (unsigned long)state->pid,
state->request.data.sid));
if (!string_to_sid(&sid, state->request.data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n", state->request.data.sid));
return WINBINDD_ERROR;
}
/* This gets a little tricky. If we assume that usernames are syncd between
/etc/passwd and the windows domain (such as a member of a Samba domain),
the we need to get the uid from the OS and not alocate one ourselves */
if ( lp_winbind_trusted_domains_only() ) {
struct winbindd_domain *domain = NULL;
DOM_SID sid2;
uint32 rid;
domain = find_our_domain();
if ( !domain ) {
DEBUG(0,("winbindd_sid_to_uid: can't find my own domain!\n"));
return WINBINDD_ERROR;
}
sid_copy( &sid2, &sid );
sid_split_rid( &sid2, &rid );
if ( sid_equal( &sid2, &domain->sid ) ) {
fstring domain_name;
fstring user;
enum SID_NAME_USE type;
struct passwd *pw = NULL;
unid_t id;
/* ok...here's we know that we are dealing with our
own domain (the one to which we are joined). And
we know that there must be a UNIX account for this user.
So we lookup the sid and the call getpwnam().*/
/* But first check and see if we don't already have a mapping */
flags = ID_QUERY_ONLY;
if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
return WINBINDD_OK;
/* now fall back to the hard way */
if ( !winbindd_lookup_name_by_sid(&sid, domain_name, user, &type) )
return WINBINDD_ERROR;
if ( !(pw = sys_getpwnam(user)) ) {
DEBUG(0,("winbindd_sid_to_uid: 'winbind trusted domains only' is "
"set but this user [%s] doesn't exist!\n", user));
return WINBINDD_ERROR;
}
state->response.data.uid = pw->pw_uid;
id.uid = pw->pw_uid;
idmap_set_mapping( &sid, id, ID_USERID );
return WINBINDD_OK;
}
}
if ( state->request.flags & WBFLAG_QUERY_ONLY )
flags = ID_QUERY_ONLY;
/* Find uid for this sid and return it */
if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
return WINBINDD_OK;
}
static int do_reseed(BOOL use_fd, int fd)
{
unsigned char seed_inbuf[40];
uint32 v1, v2; struct timeval tval; pid_t mypid;
struct passwd *pw;
if (use_fd) {
if (fd != -1)
return fd;
fd = sys_open( "/dev/urandom", O_RDONLY,0);
if(fd >= 0)
return fd;
}
#ifdef __INSURE__
memset(seed_inbuf, '\0', sizeof(seed_inbuf));
#endif
/* Add in some secret file contents */
do_filehash("/etc/shadow", &seed_inbuf[0]);
#ifdef WITH_TDB_SAM
do_filehash(lp_tdb_passwd_file(), &seed_inbuf[16]);
#else
do_filehash(lp_smb_passwd_file(), &seed_inbuf[16]);
#endif
/*
* Add in the root encrypted password.
* On any system where security is taken
* seriously this will be secret.
*/
pw = sys_getpwnam("root");
if (pw && pw->pw_passwd) {
size_t i;
unsigned char md4_tmp[16];
mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
for (i=0;i<16;i++)
seed_inbuf[8+i] ^= md4_tmp[i];
}
/*
* Add the counter, time of day, and pid.
*/
GetTimeOfDay(&tval);
mypid = sys_getpid();
v1 = (counter++) + mypid + tval.tv_sec;
v2 = (counter++) * mypid + tval.tv_usec;
SIVAL(seed_inbuf, 32, v1 ^ IVAL(seed_inbuf, 32));
SIVAL(seed_inbuf, 36, v2 ^ IVAL(seed_inbuf, 36));
/*
* Add any user-given reseed data.
*/
if (reseed_data) {
size_t i;
for (i = 0; i < sizeof(seed_inbuf); i++)
seed_inbuf[i] ^= reseed_data[i % reseed_data_size];
}
seed_random_stream(seed_inbuf, sizeof(seed_inbuf));
return -1;
}
