2 Unix SMB/CIFS implementation.
3 SAM_ACCOUNT access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2001
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_PASSDB
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return pstrings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
37 #define PDB_NOT_QUITE_NULL ""
39 /*********************************************************************
40 Collection of get...() functions for SAM_ACCOUNT.
41 ********************************************************************/
43 uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
46 return (sampass->private_u.acct_ctrl);
48 return (ACB_DISABLED);
51 time_t pdb_get_logon_time (const SAM_ACCOUNT *sampass)
54 return (sampass->private_u.logon_time);
59 time_t pdb_get_logoff_time (const SAM_ACCOUNT *sampass)
62 return (sampass->private_u.logoff_time);
67 time_t pdb_get_kickoff_time (const SAM_ACCOUNT *sampass)
70 return (sampass->private_u.kickoff_time);
75 time_t pdb_get_bad_password_time (const SAM_ACCOUNT *sampass)
78 return (sampass->private_u.bad_password_time);
83 time_t pdb_get_pass_last_set_time (const SAM_ACCOUNT *sampass)
86 return (sampass->private_u.pass_last_set_time);
91 time_t pdb_get_pass_can_change_time (const SAM_ACCOUNT *sampass)
94 return (sampass->private_u.pass_can_change_time);
99 time_t pdb_get_pass_must_change_time (const SAM_ACCOUNT *sampass)
102 return (sampass->private_u.pass_must_change_time);
107 uint16 pdb_get_logon_divs (const SAM_ACCOUNT *sampass)
110 return (sampass->private_u.logon_divs);
115 uint32 pdb_get_hours_len (const SAM_ACCOUNT *sampass)
118 return (sampass->private_u.hours_len);
123 const uint8* pdb_get_hours (const SAM_ACCOUNT *sampass)
126 return (sampass->private_u.hours);
131 const uint8* pdb_get_nt_passwd (const SAM_ACCOUNT *sampass)
134 SMB_ASSERT((!sampass->private_u.nt_pw.data)
135 || sampass->private_u.nt_pw.length == NT_HASH_LEN);
136 return ((uint8*)sampass->private_u.nt_pw.data);
142 const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass)
145 SMB_ASSERT((!sampass->private_u.lm_pw.data)
146 || sampass->private_u.lm_pw.length == LM_HASH_LEN);
147 return ((uint8*)sampass->private_u.lm_pw.data);
153 const uint8* pdb_get_pw_history (const SAM_ACCOUNT *sampass, uint32 *current_hist_len)
156 SMB_ASSERT((!sampass->private_u.nt_pw_his.data)
157 || ((sampass->private_u.nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
158 *current_hist_len = sampass->private_u.nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
159 return ((uint8*)sampass->private_u.nt_pw_his.data);
161 *current_hist_len = 0;
166 /* Return the plaintext password if known. Most of the time
167 it isn't, so don't assume anything magic about this function.
169 Used to pass the plaintext to passdb backends that might
170 want to store more than just the NTLM hashes.
172 const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
175 return (sampass->private_u.plaintext_pw);
180 const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass)
183 return &sampass->private_u.user_sid;
188 const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
191 return &sampass->private_u.group_sid;
197 * Get flags showing what is initalised in the SAM_ACCOUNT
198 * @param sampass the SAM_ACCOUNT in question
199 * @return the flags indicating the members initialised in the struct.
202 enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_elements element)
204 enum pdb_value_state ret = PDB_DEFAULT;
206 if (!sampass || !sampass->private_u.change_flags || !sampass->private_u.set_flags)
209 if (bitmap_query(sampass->private_u.set_flags, element)) {
210 DEBUG(11, ("element %d: SET\n", element));
214 if (bitmap_query(sampass->private_u.change_flags, element)) {
215 DEBUG(11, ("element %d: CHANGED\n", element));
219 if (ret == PDB_DEFAULT) {
220 DEBUG(11, ("element %d: DEFAULT\n", element));
226 const char* pdb_get_username (const SAM_ACCOUNT *sampass)
229 return (sampass->private_u.username);
234 const char* pdb_get_domain (const SAM_ACCOUNT *sampass)
237 return (sampass->private_u.domain);
242 const char* pdb_get_nt_username (const SAM_ACCOUNT *sampass)
245 return (sampass->private_u.nt_username);
250 const char* pdb_get_fullname (const SAM_ACCOUNT *sampass)
253 return (sampass->private_u.full_name);
258 const char* pdb_get_homedir (const SAM_ACCOUNT *sampass)
261 return (sampass->private_u.home_dir);
266 const char* pdb_get_unix_homedir (const SAM_ACCOUNT *sampass)
269 return (sampass->private_u.unix_home_dir);
274 const char* pdb_get_dir_drive (const SAM_ACCOUNT *sampass)
277 return (sampass->private_u.dir_drive);
282 const char* pdb_get_logon_script (const SAM_ACCOUNT *sampass)
285 return (sampass->private_u.logon_script);
290 const char* pdb_get_profile_path (const SAM_ACCOUNT *sampass)
293 return (sampass->private_u.profile_path);
298 const char* pdb_get_acct_desc (const SAM_ACCOUNT *sampass)
301 return (sampass->private_u.acct_desc);
306 const char* pdb_get_workstations (const SAM_ACCOUNT *sampass)
309 return (sampass->private_u.workstations);
314 const char* pdb_get_unknown_str (const SAM_ACCOUNT *sampass)
317 return (sampass->private_u.unknown_str);
322 const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass)
325 return (sampass->private_u.munged_dial);
330 uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass)
333 return (sampass->private_u.bad_password_count);
338 uint16 pdb_get_logon_count(const SAM_ACCOUNT *sampass)
341 return (sampass->private_u.logon_count);
346 uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
349 return (sampass->private_u.unknown_6);
354 void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
356 if (sampass && my_methods == sampass->private_u.backend_private_methods)
357 return sampass->private_u.backend_private_data;
362 /*********************************************************************
363 Collection of set...() functions for SAM_ACCOUNT.
364 ********************************************************************/
366 BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 acct_ctrl, enum pdb_value_state flag)
371 sampass->private_u.acct_ctrl = acct_ctrl;
373 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
376 BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
381 sampass->private_u.logon_time = mytime;
383 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
386 BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
391 sampass->private_u.logoff_time = mytime;
393 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
396 BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
401 sampass->private_u.kickoff_time = mytime;
403 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
406 BOOL pdb_set_bad_password_time (SAM_ACCOUNT *sampass, time_t mytime,
407 enum pdb_value_state flag)
412 sampass->private_u.bad_password_time = mytime;
414 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
417 BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
422 sampass->private_u.pass_can_change_time = mytime;
424 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
427 BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
432 sampass->private_u.pass_must_change_time = mytime;
434 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
437 BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
442 sampass->private_u.pass_last_set_time = mytime;
444 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
447 BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len, enum pdb_value_state flag)
452 sampass->private_u.hours_len = len;
454 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
457 BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours, enum pdb_value_state flag)
462 sampass->private_u.logon_divs = hours;
464 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
468 * Set flags showing what is initalised in the SAM_ACCOUNT
469 * @param sampass the SAM_ACCOUNT in question
470 * @param flag The *new* flag to be set. Old flags preserved
471 * this flag is only added.
474 BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
476 if (!sampass || !sampass->mem_ctx)
479 if (!sampass->private_u.set_flags) {
480 if ((sampass->private_u.set_flags =
481 bitmap_talloc(sampass->mem_ctx,
483 DEBUG(0,("bitmap_talloc failed\n"));
487 if (!sampass->private_u.change_flags) {
488 if ((sampass->private_u.change_flags =
489 bitmap_talloc(sampass->mem_ctx,
491 DEBUG(0,("bitmap_talloc failed\n"));
498 if (!bitmap_set(sampass->private_u.change_flags, element)) {
499 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
502 if (!bitmap_set(sampass->private_u.set_flags, element)) {
503 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
506 DEBUG(11, ("element %d -> now CHANGED\n", element));
509 if (!bitmap_clear(sampass->private_u.change_flags, element)) {
510 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
513 if (!bitmap_set(sampass->private_u.set_flags, element)) {
514 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
517 DEBUG(11, ("element %d -> now SET\n", element));
521 if (!bitmap_clear(sampass->private_u.change_flags, element)) {
522 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
525 if (!bitmap_clear(sampass->private_u.set_flags, element)) {
526 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
529 DEBUG(11, ("element %d -> now DEFAULT\n", element));
536 BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
538 if (!sampass || !u_sid)
541 sid_copy(&sampass->private_u.user_sid, u_sid);
543 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
544 sid_string_static(&sampass->private_u.user_sid)));
546 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
549 BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, enum pdb_value_state flag)
553 if (!sampass || !u_sid)
556 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
559 if (!string_to_sid(&new_sid, u_sid)) {
560 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
564 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
565 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid));
572 BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
576 if (!sampass || !g_sid)
579 /* if we cannot resolve the SID to gid, then just ignore it and
580 store DOMAIN_USERS as the primary groupSID */
582 if ( sid_to_gid( g_sid, &gid ) ) {
583 sid_copy(&sampass->private_u.group_sid, g_sid);
585 sid_copy( &sampass->private_u.group_sid, get_global_sam_sid() );
586 sid_append_rid( &sampass->private_u.group_sid, DOMAIN_GROUP_RID_USERS );
589 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
590 sid_string_static(&sampass->private_u.group_sid)));
592 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
595 BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid, enum pdb_value_state flag)
598 if (!sampass || !g_sid)
601 DEBUG(10, ("pdb_set_group_sid_from_string: setting group sid %s\n",
604 if (!string_to_sid(&new_sid, g_sid)) {
605 DEBUG(1, ("pdb_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
609 if (!pdb_set_group_sid(sampass, &new_sid, flag)) {
610 DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid));
616 /*********************************************************************
617 Set the user's UNIX name.
618 ********************************************************************/
620 BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username, enum pdb_value_state flag)
626 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
627 (sampass->private_u.username)?(sampass->private_u.username):"NULL"));
629 sampass->private_u.username = talloc_strdup(sampass->mem_ctx, username);
631 if (!sampass->private_u.username) {
632 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
637 sampass->private_u.username = PDB_NOT_QUITE_NULL;
640 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
643 /*********************************************************************
645 ********************************************************************/
647 BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain, enum pdb_value_state flag)
653 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
654 (sampass->private_u.domain)?(sampass->private_u.domain):"NULL"));
656 sampass->private_u.domain = talloc_strdup(sampass->mem_ctx, domain);
658 if (!sampass->private_u.domain) {
659 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
664 sampass->private_u.domain = PDB_NOT_QUITE_NULL;
667 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
670 /*********************************************************************
671 Set the user's NT name.
672 ********************************************************************/
674 BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username, enum pdb_value_state flag)
680 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
681 (sampass->private_u.nt_username)?(sampass->private_u.nt_username):"NULL"));
683 sampass->private_u.nt_username = talloc_strdup(sampass->mem_ctx, nt_username);
685 if (!sampass->private_u.nt_username) {
686 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
691 sampass->private_u.nt_username = PDB_NOT_QUITE_NULL;
694 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
697 /*********************************************************************
698 Set the user's full name.
699 ********************************************************************/
701 BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name, enum pdb_value_state flag)
707 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
708 (sampass->private_u.full_name)?(sampass->private_u.full_name):"NULL"));
710 sampass->private_u.full_name = talloc_strdup(sampass->mem_ctx, full_name);
712 if (!sampass->private_u.full_name) {
713 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
718 sampass->private_u.full_name = PDB_NOT_QUITE_NULL;
721 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
724 /*********************************************************************
725 Set the user's logon script.
726 ********************************************************************/
728 BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, enum pdb_value_state flag)
734 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
735 (sampass->private_u.logon_script)?(sampass->private_u.logon_script):"NULL"));
737 sampass->private_u.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
739 if (!sampass->private_u.logon_script) {
740 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
745 sampass->private_u.logon_script = PDB_NOT_QUITE_NULL;
748 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
751 /*********************************************************************
752 Set the user's profile path.
753 ********************************************************************/
755 BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, enum pdb_value_state flag)
761 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
762 (sampass->private_u.profile_path)?(sampass->private_u.profile_path):"NULL"));
764 sampass->private_u.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
766 if (!sampass->private_u.profile_path) {
767 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
772 sampass->private_u.profile_path = PDB_NOT_QUITE_NULL;
775 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
778 /*********************************************************************
779 Set the user's directory drive.
780 ********************************************************************/
782 BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, enum pdb_value_state flag)
788 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
789 (sampass->private_u.dir_drive)?(sampass->private_u.dir_drive):"NULL"));
791 sampass->private_u.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
793 if (!sampass->private_u.dir_drive) {
794 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
799 sampass->private_u.dir_drive = PDB_NOT_QUITE_NULL;
802 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
805 /*********************************************************************
806 Set the user's home directory.
807 ********************************************************************/
809 BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, enum pdb_value_state flag)
815 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
816 (sampass->private_u.home_dir)?(sampass->private_u.home_dir):"NULL"));
818 sampass->private_u.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
820 if (!sampass->private_u.home_dir) {
821 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
826 sampass->private_u.home_dir = PDB_NOT_QUITE_NULL;
829 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
832 /*********************************************************************
833 Set the user's unix home directory.
834 ********************************************************************/
836 BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir, enum pdb_value_state flag)
842 DEBUG(10, ("pdb_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
843 (sampass->private_u.unix_home_dir)?(sampass->private_u.unix_home_dir):"NULL"));
845 sampass->private_u.unix_home_dir = talloc_strdup(sampass->mem_ctx,
848 if (!sampass->private_u.unix_home_dir) {
849 DEBUG(0, ("pdb_set_unix_home_dir: talloc_strdup() failed!\n"));
854 sampass->private_u.unix_home_dir = PDB_NOT_QUITE_NULL;
857 return pdb_set_init_flags(sampass, PDB_UNIXHOMEDIR, flag);
860 /*********************************************************************
861 Set the user's account description.
862 ********************************************************************/
864 BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc, enum pdb_value_state flag)
870 sampass->private_u.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
872 if (!sampass->private_u.acct_desc) {
873 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
878 sampass->private_u.acct_desc = PDB_NOT_QUITE_NULL;
881 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
884 /*********************************************************************
885 Set the user's workstation allowed list.
886 ********************************************************************/
888 BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations, enum pdb_value_state flag)
894 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
895 (sampass->private_u.workstations)?(sampass->private_u.workstations):"NULL"));
897 sampass->private_u.workstations = talloc_strdup(sampass->mem_ctx, workstations);
899 if (!sampass->private_u.workstations) {
900 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
905 sampass->private_u.workstations = PDB_NOT_QUITE_NULL;
908 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
911 /*********************************************************************
912 Set the user's 'unknown_str', whatever the heck this actually is...
913 ********************************************************************/
915 BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str, enum pdb_value_state flag)
921 sampass->private_u.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
923 if (!sampass->private_u.unknown_str) {
924 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
929 sampass->private_u.unknown_str = PDB_NOT_QUITE_NULL;
932 return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
935 /*********************************************************************
936 Set the user's dial string.
937 ********************************************************************/
939 BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial, enum pdb_value_state flag)
945 sampass->private_u.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
947 if (!sampass->private_u.munged_dial) {
948 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
953 sampass->private_u.munged_dial = PDB_NOT_QUITE_NULL;
956 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
959 /*********************************************************************
960 Set the user's NT hash.
961 ********************************************************************/
963 BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
968 data_blob_clear_free(&sampass->private_u.nt_pw);
971 sampass->private_u.nt_pw =
972 data_blob_talloc(sampass->mem_ctx, pwd, NT_HASH_LEN);
974 sampass->private_u.nt_pw = data_blob(NULL, 0);
977 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
980 /*********************************************************************
981 Set the user's LM hash.
982 ********************************************************************/
984 BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
989 data_blob_clear_free(&sampass->private_u.lm_pw);
992 sampass->private_u.lm_pw =
993 data_blob_talloc(sampass->mem_ctx, pwd, LM_HASH_LEN);
995 sampass->private_u.lm_pw = data_blob(NULL, 0);
998 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
1001 /*********************************************************************
1002 Set the user's password history hash. historyLen is the number of
1003 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
1004 entries to store in the history - this must match the size of the uint8 array
1006 ********************************************************************/
1008 BOOL pdb_set_pw_history (SAM_ACCOUNT *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
1013 if (historyLen && pwd){
1014 sampass->private_u.nt_pw_his = data_blob_talloc(sampass->mem_ctx,
1015 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
1016 if (!sampass->private_u.nt_pw_his.length) {
1017 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
1021 sampass->private_u.nt_pw_his = data_blob_talloc(sampass->mem_ctx, NULL, 0);
1024 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
1027 /*********************************************************************
1028 Set the user's plaintext password only (base procedure, see helper
1030 ********************************************************************/
1032 BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum pdb_value_state flag)
1038 if (sampass->private_u.plaintext_pw!=NULL)
1039 memset(sampass->private_u.plaintext_pw,'\0',strlen(sampass->private_u.plaintext_pw)+1);
1041 sampass->private_u.plaintext_pw = talloc_strdup(sampass->mem_ctx, password);
1043 if (!sampass->private_u.plaintext_pw) {
1044 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
1049 sampass->private_u.plaintext_pw = NULL;
1052 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
1055 BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag)
1060 sampass->private_u.bad_password_count = bad_password_count;
1062 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
1065 BOOL pdb_set_logon_count(SAM_ACCOUNT *sampass, uint16 logon_count, enum pdb_value_state flag)
1070 sampass->private_u.logon_count = logon_count;
1072 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
1075 BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
1080 sampass->private_u.unknown_6 = unkn;
1082 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
1085 BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, enum pdb_value_state flag)
1091 memset ((char *)sampass->private_u.hours, 0, MAX_HOURS_LEN);
1095 memcpy (sampass->private_u.hours, hours, MAX_HOURS_LEN);
1097 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
1100 BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
1101 void (*free_fn)(void **),
1102 const struct pdb_methods *my_methods,
1103 enum pdb_value_state flag)
1108 if (sampass->private_u.backend_private_data &&
1109 sampass->private_u.backend_private_data_free_fn) {
1110 sampass->private_u.backend_private_data_free_fn(
1111 &sampass->private_u.backend_private_data);
1114 sampass->private_u.backend_private_data = private_data;
1115 sampass->private_u.backend_private_data_free_fn = free_fn;
1116 sampass->private_u.backend_private_methods = my_methods;
1118 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
1122 /* Helpful interfaces to the above */
1124 /*********************************************************************
1125 Sets the last changed times and must change times for a normal
1127 ********************************************************************/
1129 BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
1137 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1140 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
1141 || (expire==(uint32)-1) || (expire == 0)) {
1142 if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
1145 if (!pdb_set_pass_must_change_time (sampass,
1146 pdb_get_pass_last_set_time(sampass)
1147 + expire, PDB_CHANGED))
1151 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
1152 || (min_age==(uint32)-1)) {
1153 if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
1156 if (!pdb_set_pass_can_change_time (sampass,
1157 pdb_get_pass_last_set_time(sampass)
1158 + min_age, PDB_CHANGED))
1164 /*********************************************************************
1165 Set the user's PLAINTEXT password. Used as an interface to the above.
1166 Also sets the last change time to NOW.
1167 ********************************************************************/
1169 BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
1171 uchar new_lanman_p16[LM_HASH_LEN];
1172 uchar new_nt_p16[NT_HASH_LEN];
1174 if (!sampass || !plaintext)
1177 /* Calculate the MD4 hash (NT compatible) of the password */
1178 E_md4hash(plaintext, new_nt_p16);
1180 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
1183 if (!E_deshash(plaintext, new_lanman_p16)) {
1184 /* E_deshash returns false for 'long' passwords (> 14
1185 DOS chars). This allows us to match Win2k, which
1186 does not store a LM hash for these passwords (which
1187 would reduce the effective password length to 14 */
1189 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1192 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1196 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1199 if (!pdb_set_pass_changed_now (sampass))
1202 /* Store the password history. */
1203 if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
1206 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
1207 if (pwHistLen != 0){
1208 uint32 current_history_len;
1209 /* We need to make sure we don't have a race condition here - the
1210 account policy history length can change between when the pw_history
1211 was first loaded into the SAM_ACCOUNT struct and now.... JRA. */
1212 pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len);
1214 if (current_history_len != pwHistLen) {
1215 /* After closing and reopening SAM_ACCOUNT the history
1216 values will sync up. We can't do this here. */
1218 /* current_history_len > pwHistLen is not a problem - we
1219 have more history than we need. */
1221 if (current_history_len < pwHistLen) {
1222 /* Ensure we have space for the needed history. */
1223 uchar *new_history = TALLOC(sampass->mem_ctx,
1224 pwHistLen*PW_HISTORY_ENTRY_LEN);
1225 /* And copy it into the new buffer. */
1226 if (current_history_len) {
1227 memcpy(new_history, pwhistory,
1228 current_history_len*PW_HISTORY_ENTRY_LEN);
1230 /* Clearing out any extra space. */
1231 memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
1232 '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
1233 /* Finally replace it. */
1234 pwhistory = new_history;
1237 if (pwhistory && pwHistLen){
1238 /* Make room for the new password in the history list. */
1239 if (pwHistLen > 1) {
1240 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
1241 pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
1243 /* Create the new salt as the first part of the history entry. */
1244 generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
1246 /* Generate the md5 hash of the salt+new password as the second
1247 part of the history entry. */
1249 E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
1250 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1252 DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
1255 /* Set the history length to zero. */
1256 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1263 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1264 uint32 pdb_build_fields_present (SAM_ACCOUNT *sampass)
1266 /* value set to all for testing */