s3:pdb_set_pw_history: free the old history before setting the new.
[amitay/samba.git] / source3 / passdb / pdb_get_set.c
1 /* 
2    Unix SMB/CIFS implementation.
3    struct samu access routines
4    Copyright (C) Jeremy Allison                 1996-2001
5    Copyright (C) Luke Kenneth Casson Leighton   1996-1998
6    Copyright (C) Gerald (Jerry) Carter          2000-2006
7    Copyright (C) Andrew Bartlett                2001-2002
8    Copyright (C) Stefan (metze) Metzmacher      2002
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../libcli/auth/libcli_auth.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31  * @todo Redefine this to NULL, but this changes the API because
32  *       much of samba assumes that the pdb_get...() funtions 
33  *       return strings.  (ie not null-pointers).
34  *       See also pdb_fill_default_sam().
35  */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40  Collection of get...() functions for struct samu.
41  ********************************************************************/
42
43 uint32 pdb_get_acct_ctrl(const struct samu *sampass)
44 {
45         return sampass->acct_ctrl;
46 }
47
48 time_t pdb_get_logon_time(const struct samu *sampass)
49 {
50         return sampass->logon_time;
51 }
52
53 time_t pdb_get_logoff_time(const struct samu *sampass)
54 {
55         return sampass->logoff_time;
56 }
57
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
59 {
60         return sampass->kickoff_time;
61 }
62
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
64 {
65         return sampass->bad_password_time;
66 }
67
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
69 {
70         return sampass->pass_last_set_time;
71 }
72
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
74 {
75         uint32 allow;
76
77         /* if the last set time is zero, it means the user cannot 
78            change their password, and this time must be zero.   jmcd 
79         */
80         if (sampass->pass_last_set_time == 0)
81                 return (time_t) 0;
82
83         /* if the time is max, and the field has been changed,
84            we're trying to update this real value from the sampass
85            to indicate that the user cannot change their password.  jmcd
86         */
87         if (sampass->pass_can_change_time == get_time_t_max() &&
88             pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
89                 return sampass->pass_can_change_time;
90
91         if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
92                 allow = 0;
93
94         /* in normal cases, just calculate it from policy */
95         return sampass->pass_last_set_time + allow;
96 }
97
98 /* we need this for loading from the backend, so that we don't overwrite
99    non-changed max times, otherwise the pass_can_change checking won't work */
100 time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
101 {
102         return sampass->pass_can_change_time;
103 }
104
105 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
106 {
107         uint32 expire;
108
109         if (sampass->pass_last_set_time == 0)
110                 return (time_t) 0;
111
112         if (sampass->acct_ctrl & ACB_PWNOEXP)
113                 return get_time_t_max();
114
115         if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
116             || expire == (uint32)-1 || expire == 0) 
117                 return get_time_t_max();
118
119         return sampass->pass_last_set_time + expire;
120 }
121
122 bool pdb_get_pass_can_change(const struct samu *sampass)
123 {
124         if (sampass->pass_can_change_time == get_time_t_max() &&
125             sampass->pass_last_set_time != 0)
126                 return False;
127         return True;
128 }
129
130 uint16 pdb_get_logon_divs(const struct samu *sampass)
131 {
132         return sampass->logon_divs;
133 }
134
135 uint32 pdb_get_hours_len(const struct samu *sampass)
136 {
137         return sampass->hours_len;
138 }
139
140 const uint8 *pdb_get_hours(const struct samu *sampass)
141 {
142         return (sampass->hours);
143 }
144
145 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
146 {
147         SMB_ASSERT((!sampass->nt_pw.data) 
148                    || sampass->nt_pw.length == NT_HASH_LEN);
149         return (uint8 *)sampass->nt_pw.data;
150 }
151
152 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
153 {
154         SMB_ASSERT((!sampass->lm_pw.data) 
155                    || sampass->lm_pw.length == LM_HASH_LEN);
156         return (uint8 *)sampass->lm_pw.data;
157 }
158
159 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
160 {
161         SMB_ASSERT((!sampass->nt_pw_his.data) 
162            || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
163         *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
164         return (uint8 *)sampass->nt_pw_his.data;
165 }
166
167 /* Return the plaintext password if known.  Most of the time
168    it isn't, so don't assume anything magic about this function.
169
170    Used to pass the plaintext to passdb backends that might 
171    want to store more than just the NTLM hashes.
172 */
173 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
174 {
175         return sampass->plaintext_pw;
176 }
177
178 const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
179 {
180         return &sampass->user_sid;
181 }
182
183 const DOM_SID *pdb_get_group_sid(struct samu *sampass)
184 {
185         DOM_SID *gsid;
186         struct passwd *pwd;
187
188         /* Return the cached group SID if we have that */
189         if ( sampass->group_sid ) {
190                 return sampass->group_sid;
191         }
192
193         /* generate the group SID from the user's primary Unix group */
194
195         if ( !(gsid  = TALLOC_P( sampass, DOM_SID )) ) {
196                 return NULL;
197         }
198
199         /* No algorithmic mapping, meaning that we have to figure out the
200            primary group SID according to group mapping and the user SID must
201            be a newly allocated one.  We rely on the user's Unix primary gid.
202            We have no choice but to fail if we can't find it. */
203
204         if ( sampass->unix_pw ) {
205                 pwd = sampass->unix_pw;
206         } else {
207                 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
208         }
209
210         if ( !pwd ) {
211                 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
212                 return NULL;
213         }
214
215         if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
216                 enum lsa_SidType type = SID_NAME_UNKNOWN;
217                 TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
218                 bool lookup_ret;
219
220                 if (!mem_ctx) {
221                         return NULL;
222                 }
223
224                 /* Now check that it's actually a domain group and not something else */
225
226                 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
227
228                 TALLOC_FREE( mem_ctx );
229
230                 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
231                         sampass->group_sid = gsid;
232                         return sampass->group_sid;
233                 }
234
235                 DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n", 
236                         pwd->pw_name, sid_type_lookup(type)));
237         }
238
239         /* Just set it to the 'Domain Users' RID of 512 which will 
240            always resolve to a name */
241
242         sid_copy( gsid, get_global_sam_sid() );
243         sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
244
245         sampass->group_sid = gsid;
246
247         return sampass->group_sid;
248 }       
249
250 /**
251  * Get flags showing what is initalised in the struct samu
252  * @param sampass the struct samu in question
253  * @return the flags indicating the members initialised in the struct.
254  **/
255
256 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
257 {
258         enum pdb_value_state ret = PDB_DEFAULT;
259
260         if (!sampass->change_flags || !sampass->set_flags)
261                 return ret;
262
263         if (bitmap_query(sampass->set_flags, element)) {
264                 DEBUG(11, ("element %d: SET\n", element)); 
265                 ret = PDB_SET;
266         }
267
268         if (bitmap_query(sampass->change_flags, element)) {
269                 DEBUG(11, ("element %d: CHANGED\n", element)); 
270                 ret = PDB_CHANGED;
271         }
272
273         if (ret == PDB_DEFAULT) {
274                 DEBUG(11, ("element %d: DEFAULT\n", element)); 
275         }
276
277         return ret;
278 }
279
280 const char *pdb_get_username(const struct samu *sampass)
281 {
282         return sampass->username;
283 }
284
285 const char *pdb_get_domain(const struct samu *sampass)
286 {
287         return sampass->domain;
288 }
289
290 const char *pdb_get_nt_username(const struct samu *sampass)
291 {
292         return sampass->nt_username;
293 }
294
295 const char *pdb_get_fullname(const struct samu *sampass)
296 {
297         return sampass->full_name;
298 }
299
300 const char *pdb_get_homedir(const struct samu *sampass)
301 {
302         return sampass->home_dir;
303 }
304
305 const char *pdb_get_dir_drive(const struct samu *sampass)
306 {
307         return sampass->dir_drive;
308 }
309
310 const char *pdb_get_logon_script(const struct samu *sampass)
311 {
312         return sampass->logon_script;
313 }
314
315 const char *pdb_get_profile_path(const struct samu *sampass)
316 {
317         return sampass->profile_path;
318 }
319
320 const char *pdb_get_acct_desc(const struct samu *sampass)
321 {
322         return sampass->acct_desc;
323 }
324
325 const char *pdb_get_workstations(const struct samu *sampass)
326 {
327         return sampass->workstations;
328 }
329
330 const char *pdb_get_comment(const struct samu *sampass)
331 {
332         return sampass->comment;
333 }
334
335 const char *pdb_get_munged_dial(const struct samu *sampass)
336 {
337         return sampass->munged_dial;
338 }
339
340 uint16 pdb_get_bad_password_count(const struct samu *sampass)
341 {
342         return sampass->bad_password_count;
343 }
344
345 uint16 pdb_get_logon_count(const struct samu *sampass)
346 {
347         return sampass->logon_count;
348 }
349
350 uint32 pdb_get_unknown_6(const struct samu *sampass)
351 {
352         return sampass->unknown_6;
353 }
354
355 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
356 {
357         if (my_methods == sampass->backend_private_methods) {
358                 return sampass->backend_private_data;
359         } else {
360                 return NULL;
361         }
362 }
363
364 /*********************************************************************
365  Collection of set...() functions for struct samu.
366  ********************************************************************/
367
368 bool pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
369 {
370         sampass->acct_ctrl = acct_ctrl;
371         return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
372 }
373
374 bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
375 {
376         sampass->logon_time = mytime;
377         return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
378 }
379
380 bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
381 {
382         sampass->logoff_time = mytime;
383         return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
384 }
385
386 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
387 {
388         sampass->kickoff_time = mytime;
389         return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
390 }
391
392 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
393 {
394         sampass->bad_password_time = mytime;
395         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
396 }
397
398 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
399 {
400         sampass->pass_can_change_time = mytime;
401         return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
402 }
403
404 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
405 {
406         sampass->pass_must_change_time = mytime;
407         return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
408 }
409
410 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
411 {
412         sampass->pass_last_set_time = mytime;
413         return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
414 }
415
416 bool pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
417 {
418         sampass->hours_len = len;
419         return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
420 }
421
422 bool pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
423 {
424         sampass->logon_divs = hours;
425         return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
426 }
427
428 /**
429  * Set flags showing what is initalised in the struct samu
430  * @param sampass the struct samu in question
431  * @param flag The *new* flag to be set.  Old flags preserved
432  *             this flag is only added.  
433  **/
434
435 bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
436 {
437         if (!sampass->set_flags) {
438                 if ((sampass->set_flags = 
439                         bitmap_talloc(sampass, 
440                                         PDB_COUNT))==NULL) {
441                         DEBUG(0,("bitmap_talloc failed\n"));
442                         return False;
443                 }
444         }
445         if (!sampass->change_flags) {
446                 if ((sampass->change_flags = 
447                         bitmap_talloc(sampass, 
448                                         PDB_COUNT))==NULL) {
449                         DEBUG(0,("bitmap_talloc failed\n"));
450                         return False;
451                 }
452         }
453
454         switch(value_flag) {
455                 case PDB_CHANGED:
456                         if (!bitmap_set(sampass->change_flags, element)) {
457                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
458                                 return False;
459                         }
460                         if (!bitmap_set(sampass->set_flags, element)) {
461                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
462                                 return False;
463                         }
464                         DEBUG(11, ("element %d -> now CHANGED\n", element)); 
465                         break;
466                 case PDB_SET:
467                         if (!bitmap_clear(sampass->change_flags, element)) {
468                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
469                                 return False;
470                         }
471                         if (!bitmap_set(sampass->set_flags, element)) {
472                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
473                                 return False;
474                         }
475                         DEBUG(11, ("element %d -> now SET\n", element)); 
476                         break;
477                 case PDB_DEFAULT:
478                 default:
479                         if (!bitmap_clear(sampass->change_flags, element)) {
480                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
481                                 return False;
482                         }
483                         if (!bitmap_clear(sampass->set_flags, element)) {
484                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
485                                 return False;
486                         }
487                         DEBUG(11, ("element %d -> now DEFAULT\n", element)); 
488                         break;
489         }
490
491         return True;
492 }
493
494 bool pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
495 {
496         if (!u_sid)
497                 return False;
498
499         sid_copy(&sampass->user_sid, u_sid);
500
501         DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", 
502                     sid_string_dbg(&sampass->user_sid)));
503
504         return pdb_set_init_flags(sampass, PDB_USERSID, flag);
505 }
506
507 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
508 {
509         DOM_SID new_sid;
510
511         if (!u_sid)
512                 return False;
513
514         DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
515                    u_sid));
516
517         if (!string_to_sid(&new_sid, u_sid)) { 
518                 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
519                 return False;
520         }
521
522         if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
523                 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
524                 return False;
525         }
526
527         return True;
528 }
529
530 /********************************************************************
531  We never fill this in from a passdb backend but rather set is 
532  based on the user's primary group membership.  However, the 
533  struct samu* is overloaded and reused in domain memship code 
534  as well and built from the netr_SamInfo3 or PAC so we
535  have to allow the explicitly setting of a group SID here.
536 ********************************************************************/
537
538 bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
539 {
540         gid_t gid;
541
542         if (!g_sid)
543                 return False;
544
545         if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
546                 return False;
547         }
548
549         /* if we cannot resolve the SID to gid, then just ignore it and 
550            store DOMAIN_USERS as the primary groupSID */
551
552         if ( sid_to_gid( g_sid, &gid ) ) {
553                 sid_copy(sampass->group_sid, g_sid);
554         } else {
555                 sid_copy( sampass->group_sid, get_global_sam_sid() );
556                 sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
557         }
558
559         DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
560                    sid_string_dbg(sampass->group_sid)));
561
562         return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
563 }
564
565 /*********************************************************************
566  Set the user's UNIX name.
567  ********************************************************************/
568
569 bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
570 {
571         if (username) { 
572                 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
573                         (sampass->username)?(sampass->username):"NULL"));
574
575                 sampass->username = talloc_strdup(sampass, username);
576
577                 if (!sampass->username) {
578                         DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
579                         return False;
580                 }
581         } else {
582                 sampass->username = PDB_NOT_QUITE_NULL;
583         }
584
585         return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
586 }
587
588 /*********************************************************************
589  Set the domain name.
590  ********************************************************************/
591
592 bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
593 {
594         if (domain) { 
595                 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
596                         (sampass->domain)?(sampass->domain):"NULL"));
597
598                 sampass->domain = talloc_strdup(sampass, domain);
599
600                 if (!sampass->domain) {
601                         DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
602                         return False;
603                 }
604         } else {
605                 sampass->domain = PDB_NOT_QUITE_NULL;
606         }
607
608         return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
609 }
610
611 /*********************************************************************
612  Set the user's NT name.
613  ********************************************************************/
614
615 bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
616 {
617         if (nt_username) { 
618                 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
619                         (sampass->nt_username)?(sampass->nt_username):"NULL"));
620  
621                 sampass->nt_username = talloc_strdup(sampass, nt_username);
622
623                 if (!sampass->nt_username) {
624                         DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
625                         return False;
626                 }
627         } else {
628                 sampass->nt_username = PDB_NOT_QUITE_NULL;
629         }
630
631         return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
632 }
633
634 /*********************************************************************
635  Set the user's full name.
636  ********************************************************************/
637
638 bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
639 {
640         if (full_name) { 
641                 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
642                         (sampass->full_name)?(sampass->full_name):"NULL"));
643
644                 sampass->full_name = talloc_strdup(sampass, full_name);
645
646                 if (!sampass->full_name) {
647                         DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
648                         return False;
649                 }
650         } else {
651                 sampass->full_name = PDB_NOT_QUITE_NULL;
652         }
653
654         return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
655 }
656
657 /*********************************************************************
658  Set the user's logon script.
659  ********************************************************************/
660
661 bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
662 {
663         if (logon_script) { 
664                 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
665                         (sampass->logon_script)?(sampass->logon_script):"NULL"));
666
667                 sampass->logon_script = talloc_strdup(sampass, logon_script);
668
669                 if (!sampass->logon_script) {
670                         DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
671                         return False;
672                 }
673         } else {
674                 sampass->logon_script = PDB_NOT_QUITE_NULL;
675         }
676
677         return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
678 }
679
680 /*********************************************************************
681  Set the user's profile path.
682  ********************************************************************/
683
684 bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
685 {
686         if (profile_path) { 
687                 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
688                         (sampass->profile_path)?(sampass->profile_path):"NULL"));
689
690                 sampass->profile_path = talloc_strdup(sampass, profile_path);
691
692                 if (!sampass->profile_path) {
693                         DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
694                         return False;
695                 }
696         } else {
697                 sampass->profile_path = PDB_NOT_QUITE_NULL;
698         }
699
700         return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
701 }
702
703 /*********************************************************************
704  Set the user's directory drive.
705  ********************************************************************/
706
707 bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
708 {
709         if (dir_drive) { 
710                 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
711                         (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
712
713                 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
714
715                 if (!sampass->dir_drive) {
716                         DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
717                         return False;
718                 }
719
720         } else {
721                 sampass->dir_drive = PDB_NOT_QUITE_NULL;
722         }
723
724         return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
725 }
726
727 /*********************************************************************
728  Set the user's home directory.
729  ********************************************************************/
730
731 bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
732 {
733         if (home_dir) { 
734                 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
735                         (sampass->home_dir)?(sampass->home_dir):"NULL"));
736
737                 sampass->home_dir = talloc_strdup(sampass, home_dir);
738
739                 if (!sampass->home_dir) {
740                         DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
741                         return False;
742                 }
743         } else {
744                 sampass->home_dir = PDB_NOT_QUITE_NULL;
745         }
746
747         return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
748 }
749
750 /*********************************************************************
751  Set the user's account description.
752  ********************************************************************/
753
754 bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
755 {
756         if (acct_desc) { 
757                 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
758
759                 if (!sampass->acct_desc) {
760                         DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
761                         return False;
762                 }
763         } else {
764                 sampass->acct_desc = PDB_NOT_QUITE_NULL;
765         }
766
767         return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
768 }
769
770 /*********************************************************************
771  Set the user's workstation allowed list.
772  ********************************************************************/
773
774 bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
775 {
776         if (workstations) { 
777                 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
778                         (sampass->workstations)?(sampass->workstations):"NULL"));
779
780                 sampass->workstations = talloc_strdup(sampass, workstations);
781
782                 if (!sampass->workstations) {
783                         DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
784                         return False;
785                 }
786         } else {
787                 sampass->workstations = PDB_NOT_QUITE_NULL;
788         }
789
790         return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
791 }
792
793 /*********************************************************************
794  ********************************************************************/
795
796 bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
797 {
798         if (comment) { 
799                 sampass->comment = talloc_strdup(sampass, comment);
800
801                 if (!sampass->comment) {
802                         DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
803                         return False;
804                 }
805         } else {
806                 sampass->comment = PDB_NOT_QUITE_NULL;
807         }
808
809         return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
810 }
811
812 /*********************************************************************
813  Set the user's dial string.
814  ********************************************************************/
815
816 bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
817 {
818         if (munged_dial) { 
819                 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
820
821                 if (!sampass->munged_dial) {
822                         DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
823                         return False;
824                 }
825         } else {
826                 sampass->munged_dial = PDB_NOT_QUITE_NULL;
827         }
828
829         return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
830 }
831
832 /*********************************************************************
833  Set the user's NT hash.
834  ********************************************************************/
835
836 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
837 {
838         data_blob_clear_free(&sampass->nt_pw);
839
840        if (pwd) {
841                sampass->nt_pw =
842                        data_blob_talloc(sampass, pwd, NT_HASH_LEN);
843        } else {
844                sampass->nt_pw = data_blob_null;
845        }
846
847         return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
848 }
849
850 /*********************************************************************
851  Set the user's LM hash.
852  ********************************************************************/
853
854 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
855 {
856         data_blob_clear_free(&sampass->lm_pw);
857
858         /* on keep the password if we are allowing LANMAN authentication */
859
860         if (pwd && lp_lanman_auth() ) {
861                 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
862         } else {
863                 sampass->lm_pw = data_blob_null;
864         }
865
866         return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
867 }
868
869 /*********************************************************************
870  Set the user's password history hash. historyLen is the number of 
871  PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
872  entries to store in the history - this must match the size of the uint8 array
873  in pwd.
874 ********************************************************************/
875
876 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
877 {
878         if (historyLen && pwd){
879                 data_blob_free(&(sampass->nt_pw_his));
880                 sampass->nt_pw_his = data_blob_talloc(sampass,
881                                                 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
882                 if (!sampass->nt_pw_his.length) {
883                         DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
884                         return False;
885                 }
886         } else {
887                 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
888         }
889
890         return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
891 }
892
893 /*********************************************************************
894  Set the user's plaintext password only (base procedure, see helper
895  below)
896  ********************************************************************/
897
898 bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
899 {
900         if (password) { 
901                 if (sampass->plaintext_pw!=NULL) 
902                         memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
903
904                 sampass->plaintext_pw = talloc_strdup(sampass, password);
905
906                 if (!sampass->plaintext_pw) {
907                         DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
908                         return False;
909                 }
910         } else {
911                 sampass->plaintext_pw = NULL;
912         }
913
914         return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
915 }
916
917 bool pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
918 {
919         sampass->bad_password_count = bad_password_count;
920         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
921 }
922
923 bool pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
924 {
925         sampass->logon_count = logon_count;
926         return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
927 }
928
929 bool pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
930 {
931         sampass->unknown_6 = unkn;
932         return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
933 }
934
935 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
936 {
937         if (!hours) {
938                 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
939         } else {
940                 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
941         }
942
943         return pdb_set_init_flags(sampass, PDB_HOURS, flag);
944 }
945
946 bool pdb_set_backend_private_data(struct samu *sampass, void *private_data, 
947                                    void (*free_fn)(void **), 
948                                    const struct pdb_methods *my_methods, 
949                                    enum pdb_value_state flag)
950 {
951         if (sampass->backend_private_data &&
952             sampass->backend_private_data_free_fn) {
953                 sampass->backend_private_data_free_fn(
954                         &sampass->backend_private_data);
955         }
956
957         sampass->backend_private_data = private_data;
958         sampass->backend_private_data_free_fn = free_fn;
959         sampass->backend_private_methods = my_methods;
960
961         return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
962 }
963
964
965 /* Helpful interfaces to the above */
966
967 bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
968 {
969         return pdb_set_pass_can_change_time(sampass, 
970                                      canchange ? 0 : get_time_t_max(),
971                                      PDB_CHANGED);
972 }
973
974
975 /*********************************************************************
976  Set the user's PLAINTEXT password.  Used as an interface to the above.
977  Also sets the last change time to NOW.
978  ********************************************************************/
979
980 bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
981 {
982         uchar new_lanman_p16[LM_HASH_LEN];
983         uchar new_nt_p16[NT_HASH_LEN];
984
985         if (!plaintext)
986                 return False;
987
988         /* Calculate the MD4 hash (NT compatible) of the password */
989         E_md4hash(plaintext, new_nt_p16);
990
991         if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) 
992                 return False;
993
994         if (!E_deshash(plaintext, new_lanman_p16)) {
995                 /* E_deshash returns false for 'long' passwords (> 14
996                    DOS chars).  This allows us to match Win2k, which
997                    does not store a LM hash for these passwords (which
998                    would reduce the effective password length to 14 */
999
1000                 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) 
1001                         return False;
1002         } else {
1003                 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
1004                         return False;
1005         }
1006
1007         if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) 
1008                 return False;
1009
1010         if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1011                 return False;
1012
1013         /* Store the password history. */
1014         if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
1015                 uchar *pwhistory;
1016                 uint32 pwHistLen;
1017                 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
1018                 if (pwHistLen != 0){
1019                         uint32 current_history_len;
1020                         /* We need to make sure we don't have a race condition here - the
1021                            account policy history length can change between when the pw_history
1022                            was first loaded into the struct samu struct and now.... JRA. */
1023                         pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1024
1025                         if (current_history_len != pwHistLen) {
1026                                 /* After closing and reopening struct samu the history
1027                                         values will sync up. We can't do this here. */
1028
1029                                 /* current_history_len > pwHistLen is not a problem - we
1030                                         have more history than we need. */
1031
1032                                 if (current_history_len < pwHistLen) {
1033                                         /* Ensure we have space for the needed history. */
1034                                         uchar *new_history = (uchar *)TALLOC(sampass,
1035                                                                 pwHistLen*PW_HISTORY_ENTRY_LEN);
1036                                         if (!new_history) {
1037                                                 return False;
1038                                         }
1039
1040                                         /* And copy it into the new buffer. */
1041                                         if (current_history_len) {
1042                                                 memcpy(new_history, pwhistory,
1043                                                         current_history_len*PW_HISTORY_ENTRY_LEN);
1044                                         }
1045                                         /* Clearing out any extra space. */
1046                                         memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
1047                                                 '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
1048                                         /* Finally replace it. */
1049                                         pwhistory = new_history;
1050                                 }
1051                         }
1052                         if (pwhistory && pwHistLen){
1053                                 /* Make room for the new password in the history list. */
1054                                 if (pwHistLen > 1) {
1055                                         memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
1056                                                 pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
1057                                 }
1058                                 /* Create the new salt as the first part of the history entry. */
1059                                 generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
1060
1061                                 /* Generate the md5 hash of the salt+new password as the second
1062                                         part of the history entry. */
1063
1064                                 E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
1065                                 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1066                         } else {
1067                                 DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
1068                         }
1069                 } else {
1070                         /* Set the history length to zero. */
1071                         pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1072                 }
1073         }
1074
1075         return True;
1076 }
1077
1078 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1079 uint32 pdb_build_fields_present(struct samu *sampass)
1080 {
1081         /* value set to all for testing */
1082         return 0x00ffffff;
1083 }