/***************************************************************
smb_passwd_table
* if only plain table in is in pfile, org_dir will be concated.
* so, at first we will clear path prefix from pfile, and
* then we will use pfiletmp as playground to put together full
* nisname string.
* such approach will make it possible to specify samba private dir
* AND still use NIS+ table. as all domain related data is normally
* stored in org_dir.DOMAIN, this should be ok to do.
****************************************************************/
static char *smb_passwd_table(){
char *sp, *p = lp_smb_passwd_file();
#if 1
static pstring pfiletmp;
#endif
/* if lp_smb_passwd_file() returns anything wierd, pass it on */
if (!p || !*p) return p;
sp = strrchr( p, '/' );
if (sp) p=sp+1;
#if 1
/* append org_dir ONLY if plain table name is used.
why we do append it is because NIS_PATH env may not be set,
should we check if it's set?
do not append if lp_smb_passwd_file() returns an empty string
*/
if (!strchr(p, '.')){
slprintf(pfiletmp, sizeof(pfiletmp)-1, "%s.org_dir", p);
return pfiletmp;
}
#endif
return p;
}
static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
{
unsigned int mac_file_len;
char *p;
pstrcpy(mac_file, lp_smb_passwd_file());
p = strrchr(mac_file, '/');
if(p != NULL)
*++p = '\0';
mac_file_len = strlen(mac_file);
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
mac_file));
return;
}
pstrcat(mac_file, domain);
pstrcat(mac_file, ".");
pstrcat(mac_file, name);
pstrcat(mac_file, ".mac");
}
static int do_reseed(bool use_fd, int fd)
{
unsigned char seed_inbuf[40];
uint32 v1, v2; struct timeval tval; pid_t mypid;
struct passwd *pw;
int reseed_data = 0;
if (use_fd) {
if (fd != -1)
return fd;
fd = sys_open( "/dev/urandom", O_RDONLY,0);
if(fd >= 0)
return fd;
}
/* Add in some secret file contents */
do_filehash("/etc/shadow", &seed_inbuf[0]);
do_filehash(lp_smb_passwd_file(), &seed_inbuf[16]);
/*
* Add in the root encrypted password.
* On any system where security is taken
* seriously this will be secret.
*/
pw = getpwnam_alloc(talloc_autofree_context(), "root");
if (pw && pw->pw_passwd) {
size_t i;
unsigned char md4_tmp[16];
mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
for (i=0;i<16;i++)
seed_inbuf[8+i] ^= md4_tmp[i];
TALLOC_FREE(pw);
}
/*
* Add the counter, time of day, and pid.
*/
GetTimeOfDay(&tval);
mypid = sys_getpid();
v1 = (counter++) + mypid + tval.tv_sec;
v2 = (counter++) * mypid + tval.tv_usec;
SIVAL(seed_inbuf, 32, v1 ^ IVAL(seed_inbuf, 32));
SIVAL(seed_inbuf, 36, v2 ^ IVAL(seed_inbuf, 36));
/*
* Add any user-given reseed data.
*/
get_rand_reseed_data(&reseed_data);
if (reseed_data) {
size_t i;
for (i = 0; i < sizeof(seed_inbuf); i++)
seed_inbuf[i] ^= ((char *)(&reseed_data))[i % sizeof(reseed_data)];
}
smb_arc4_init(smb_arc4_state, seed_inbuf, sizeof(seed_inbuf));
return -1;
}
static int do_reseed(BOOL use_fd, int fd)
{
unsigned char seed_inbuf[40];
uint32 v1, v2; struct timeval tval; pid_t mypid;
struct passwd *pw;
if (use_fd) {
if (fd != -1)
return fd;
fd = sys_open( "/dev/urandom", O_RDONLY,0);
if(fd >= 0)
return fd;
}
#ifdef __INSURE__
memset(seed_inbuf, '\0', sizeof(seed_inbuf));
#endif
/* Add in some secret file contents */
do_filehash("/etc/shadow", &seed_inbuf[0]);
#ifdef WITH_TDB_SAM
do_filehash(lp_tdb_passwd_file(), &seed_inbuf[16]);
#else
do_filehash(lp_smb_passwd_file(), &seed_inbuf[16]);
#endif
/*
* Add in the root encrypted password.
* On any system where security is taken
* seriously this will be secret.
*/
pw = sys_getpwnam("root");
if (pw && pw->pw_passwd) {
size_t i;
unsigned char md4_tmp[16];
mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
for (i=0;i<16;i++)
seed_inbuf[8+i] ^= md4_tmp[i];
}
/*
* Add the counter, time of day, and pid.
*/
GetTimeOfDay(&tval);
mypid = sys_getpid();
v1 = (counter++) + mypid + tval.tv_sec;
v2 = (counter++) * mypid + tval.tv_usec;
SIVAL(seed_inbuf, 32, v1 ^ IVAL(seed_inbuf, 32));
SIVAL(seed_inbuf, 36, v2 ^ IVAL(seed_inbuf, 36));
/*
* Add any user-given reseed data.
*/
if (reseed_data) {
size_t i;
for (i = 0; i < sizeof(seed_inbuf); i++)
seed_inbuf[i] ^= reseed_data[i % reseed_data_size];
}
seed_random_stream(seed_inbuf, sizeof(seed_inbuf));
return -1;
}
