s3:passdb Export function to calculate the proper primary group sid
[idra/samba.git] / source3 / passdb / pdb_get_set.c
1 /* 
2    Unix SMB/CIFS implementation.
3    struct samu access routines
4    Copyright (C) Jeremy Allison                 1996-2001
5    Copyright (C) Luke Kenneth Casson Leighton   1996-1998
6    Copyright (C) Gerald (Jerry) Carter          2000-2006
7    Copyright (C) Andrew Bartlett                2001-2002
8    Copyright (C) Stefan (metze) Metzmacher      2002
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../libcli/auth/libcli_auth.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31  * @todo Redefine this to NULL, but this changes the API because
32  *       much of samba assumes that the pdb_get...() funtions 
33  *       return strings.  (ie not null-pointers).
34  *       See also pdb_fill_default_sam().
35  */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40  Collection of get...() functions for struct samu.
41  ********************************************************************/
42
43 uint32_t pdb_get_acct_ctrl(const struct samu *sampass)
44 {
45         return sampass->acct_ctrl;
46 }
47
48 time_t pdb_get_logon_time(const struct samu *sampass)
49 {
50         return sampass->logon_time;
51 }
52
53 time_t pdb_get_logoff_time(const struct samu *sampass)
54 {
55         return sampass->logoff_time;
56 }
57
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
59 {
60         return sampass->kickoff_time;
61 }
62
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
64 {
65         return sampass->bad_password_time;
66 }
67
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
69 {
70         return sampass->pass_last_set_time;
71 }
72
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
74 {
75         uint32_t allow;
76
77         /* if the last set time is zero, it means the user cannot 
78            change their password, and this time must be zero.   jmcd 
79         */
80         if (sampass->pass_last_set_time == 0)
81                 return (time_t) 0;
82
83         /* if the time is max, and the field has been changed,
84            we're trying to update this real value from the sampass
85            to indicate that the user cannot change their password.  jmcd
86         */
87         if (sampass->pass_can_change_time == get_time_t_max() &&
88             IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME))
89                 return sampass->pass_can_change_time;
90
91         if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
92                 allow = 0;
93
94         /* in normal cases, just calculate it from policy */
95         return sampass->pass_last_set_time + allow;
96 }
97
98 /* we need this for loading from the backend, so that we don't overwrite
99    non-changed max times, otherwise the pass_can_change checking won't work */
100 time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
101 {
102         return sampass->pass_can_change_time;
103 }
104
105 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
106 {
107         uint32_t expire;
108
109         if (sampass->pass_last_set_time == 0)
110                 return (time_t) 0;
111
112         if (sampass->acct_ctrl & ACB_PWNOEXP)
113                 return get_time_t_max();
114
115         if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
116             || expire == (uint32_t)-1 || expire == 0)
117                 return get_time_t_max();
118
119         return sampass->pass_last_set_time + expire;
120 }
121
122 bool pdb_get_pass_can_change(const struct samu *sampass)
123 {
124         if (sampass->pass_can_change_time == get_time_t_max() &&
125             sampass->pass_last_set_time != 0)
126                 return False;
127         return True;
128 }
129
130 uint16_t pdb_get_logon_divs(const struct samu *sampass)
131 {
132         return sampass->logon_divs;
133 }
134
135 uint32_t pdb_get_hours_len(const struct samu *sampass)
136 {
137         return sampass->hours_len;
138 }
139
140 const uint8 *pdb_get_hours(const struct samu *sampass)
141 {
142         return (sampass->hours);
143 }
144
145 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
146 {
147         SMB_ASSERT((!sampass->nt_pw.data) 
148                    || sampass->nt_pw.length == NT_HASH_LEN);
149         return (uint8 *)sampass->nt_pw.data;
150 }
151
152 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
153 {
154         SMB_ASSERT((!sampass->lm_pw.data) 
155                    || sampass->lm_pw.length == LM_HASH_LEN);
156         return (uint8 *)sampass->lm_pw.data;
157 }
158
159 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len)
160 {
161         SMB_ASSERT((!sampass->nt_pw_his.data) 
162            || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
163         *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
164         return (uint8 *)sampass->nt_pw_his.data;
165 }
166
167 /* Return the plaintext password if known.  Most of the time
168    it isn't, so don't assume anything magic about this function.
169
170    Used to pass the plaintext to passdb backends that might 
171    want to store more than just the NTLM hashes.
172 */
173 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
174 {
175         return sampass->plaintext_pw;
176 }
177
178 const struct dom_sid *pdb_get_user_sid(const struct samu *sampass)
179 {
180         return &sampass->user_sid;
181 }
182
183 const struct dom_sid *pdb_get_group_sid(struct samu *sampass)
184 {
185         NTSTATUS status;
186
187         /* Return the cached group SID if we have that */
188         if (sampass->group_sid) {
189                 return sampass->group_sid;
190         }
191
192         /* No algorithmic mapping, meaning that we have to figure out the
193            primary group SID according to group mapping and the user SID must
194            be a newly allocated one.  We rely on the user's Unix primary gid.
195            We have no choice but to fail if we can't find it. */
196         status = get_primary_group_sid(sampass,
197                                         pdb_get_username(sampass),
198                                         &sampass->unix_pw,
199                                         &sampass->group_sid);
200         if (!NT_STATUS_IS_OK(status)) {
201                 return NULL;
202         }
203
204         return sampass->group_sid;
205 }
206
207 /**
208  * Get flags showing what is initalised in the struct samu
209  * @param sampass the struct samu in question
210  * @return the flags indicating the members initialised in the struct.
211  **/
212
213 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
214 {
215         enum pdb_value_state ret = PDB_DEFAULT;
216
217         if (!sampass->change_flags || !sampass->set_flags)
218                 return ret;
219
220         if (bitmap_query(sampass->set_flags, element)) {
221                 DEBUG(11, ("element %d: SET\n", element)); 
222                 ret = PDB_SET;
223         }
224
225         if (bitmap_query(sampass->change_flags, element)) {
226                 DEBUG(11, ("element %d: CHANGED\n", element)); 
227                 ret = PDB_CHANGED;
228         }
229
230         if (ret == PDB_DEFAULT) {
231                 DEBUG(11, ("element %d: DEFAULT\n", element)); 
232         }
233
234         return ret;
235 }
236
237 const char *pdb_get_username(const struct samu *sampass)
238 {
239         return sampass->username;
240 }
241
242 const char *pdb_get_domain(const struct samu *sampass)
243 {
244         return sampass->domain;
245 }
246
247 const char *pdb_get_nt_username(const struct samu *sampass)
248 {
249         return sampass->nt_username;
250 }
251
252 const char *pdb_get_fullname(const struct samu *sampass)
253 {
254         return sampass->full_name;
255 }
256
257 const char *pdb_get_homedir(const struct samu *sampass)
258 {
259         return sampass->home_dir;
260 }
261
262 const char *pdb_get_dir_drive(const struct samu *sampass)
263 {
264         return sampass->dir_drive;
265 }
266
267 const char *pdb_get_logon_script(const struct samu *sampass)
268 {
269         return sampass->logon_script;
270 }
271
272 const char *pdb_get_profile_path(const struct samu *sampass)
273 {
274         return sampass->profile_path;
275 }
276
277 const char *pdb_get_acct_desc(const struct samu *sampass)
278 {
279         return sampass->acct_desc;
280 }
281
282 const char *pdb_get_workstations(const struct samu *sampass)
283 {
284         return sampass->workstations;
285 }
286
287 const char *pdb_get_comment(const struct samu *sampass)
288 {
289         return sampass->comment;
290 }
291
292 const char *pdb_get_munged_dial(const struct samu *sampass)
293 {
294         return sampass->munged_dial;
295 }
296
297 uint16_t pdb_get_bad_password_count(const struct samu *sampass)
298 {
299         return sampass->bad_password_count;
300 }
301
302 uint16_t pdb_get_logon_count(const struct samu *sampass)
303 {
304         return sampass->logon_count;
305 }
306
307 uint32_t pdb_get_unknown_6(const struct samu *sampass)
308 {
309         return sampass->unknown_6;
310 }
311
312 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
313 {
314         if (my_methods == sampass->backend_private_methods) {
315                 return sampass->backend_private_data;
316         } else {
317                 return NULL;
318         }
319 }
320
321 /*********************************************************************
322  Collection of set...() functions for struct samu.
323  ********************************************************************/
324
325 bool pdb_set_acct_ctrl(struct samu *sampass, uint32_t acct_ctrl, enum pdb_value_state flag)
326 {
327         sampass->acct_ctrl = acct_ctrl;
328         return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
329 }
330
331 bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
332 {
333         sampass->logon_time = mytime;
334         return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
335 }
336
337 bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
338 {
339         sampass->logoff_time = mytime;
340         return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
341 }
342
343 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
344 {
345         sampass->kickoff_time = mytime;
346         return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
347 }
348
349 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
350 {
351         sampass->bad_password_time = mytime;
352         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
353 }
354
355 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
356 {
357         sampass->pass_can_change_time = mytime;
358         return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
359 }
360
361 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
362 {
363         sampass->pass_must_change_time = mytime;
364         return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
365 }
366
367 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
368 {
369         sampass->pass_last_set_time = mytime;
370         return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
371 }
372
373 bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag)
374 {
375         sampass->hours_len = len;
376         return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
377 }
378
379 bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag)
380 {
381         sampass->logon_divs = hours;
382         return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
383 }
384
385 /**
386  * Set flags showing what is initalised in the struct samu
387  * @param sampass the struct samu in question
388  * @param flag The *new* flag to be set.  Old flags preserved
389  *             this flag is only added.  
390  **/
391
392 bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
393 {
394         if (!sampass->set_flags) {
395                 if ((sampass->set_flags = 
396                         bitmap_talloc(sampass, 
397                                         PDB_COUNT))==NULL) {
398                         DEBUG(0,("bitmap_talloc failed\n"));
399                         return False;
400                 }
401         }
402         if (!sampass->change_flags) {
403                 if ((sampass->change_flags = 
404                         bitmap_talloc(sampass, 
405                                         PDB_COUNT))==NULL) {
406                         DEBUG(0,("bitmap_talloc failed\n"));
407                         return False;
408                 }
409         }
410
411         switch(value_flag) {
412                 case PDB_CHANGED:
413                         if (!bitmap_set(sampass->change_flags, element)) {
414                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
415                                 return False;
416                         }
417                         if (!bitmap_set(sampass->set_flags, element)) {
418                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
419                                 return False;
420                         }
421                         DEBUG(11, ("element %d -> now CHANGED\n", element)); 
422                         break;
423                 case PDB_SET:
424                         if (!bitmap_clear(sampass->change_flags, element)) {
425                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
426                                 return False;
427                         }
428                         if (!bitmap_set(sampass->set_flags, element)) {
429                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
430                                 return False;
431                         }
432                         DEBUG(11, ("element %d -> now SET\n", element)); 
433                         break;
434                 case PDB_DEFAULT:
435                 default:
436                         if (!bitmap_clear(sampass->change_flags, element)) {
437                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
438                                 return False;
439                         }
440                         if (!bitmap_clear(sampass->set_flags, element)) {
441                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
442                                 return False;
443                         }
444                         DEBUG(11, ("element %d -> now DEFAULT\n", element)); 
445                         break;
446         }
447
448         return True;
449 }
450
451 bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag)
452 {
453         if (!u_sid)
454                 return False;
455
456         sid_copy(&sampass->user_sid, u_sid);
457
458         DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", 
459                     sid_string_dbg(&sampass->user_sid)));
460
461         return pdb_set_init_flags(sampass, PDB_USERSID, flag);
462 }
463
464 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
465 {
466         struct dom_sid new_sid;
467
468         if (!u_sid)
469                 return False;
470
471         DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
472                    u_sid));
473
474         if (!string_to_sid(&new_sid, u_sid)) { 
475                 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
476                 return False;
477         }
478
479         if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
480                 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
481                 return False;
482         }
483
484         return True;
485 }
486
487 /********************************************************************
488  We never fill this in from a passdb backend but rather set is 
489  based on the user's primary group membership.  However, the 
490  struct samu* is overloaded and reused in domain memship code 
491  as well and built from the netr_SamInfo3 or PAC so we
492  have to allow the explicitly setting of a group SID here.
493 ********************************************************************/
494
495 bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum pdb_value_state flag)
496 {
497         gid_t gid;
498         struct dom_sid dug_sid;
499
500         if (!g_sid)
501                 return False;
502
503         if ( !(sampass->group_sid = TALLOC_P( sampass, struct dom_sid )) ) {
504                 return False;
505         }
506
507         /* if we cannot resolve the SID to gid, then just ignore it and 
508            store DOMAIN_USERS as the primary groupSID */
509
510         sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
511
512         if (sid_equal(&dug_sid, g_sid)) {
513                 sid_copy(sampass->group_sid, &dug_sid);
514         } else if (sid_to_gid( g_sid, &gid ) ) {
515                 sid_copy(sampass->group_sid, g_sid);
516         } else {
517                 sid_copy(sampass->group_sid, &dug_sid);
518         }
519
520         DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
521                    sid_string_dbg(sampass->group_sid)));
522
523         return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
524 }
525
526 /*********************************************************************
527  Set the user's UNIX name.
528  ********************************************************************/
529
530 bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
531 {
532         if (username) { 
533                 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
534                         (sampass->username)?(sampass->username):"NULL"));
535
536                 sampass->username = talloc_strdup(sampass, username);
537
538                 if (!sampass->username) {
539                         DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
540                         return False;
541                 }
542         } else {
543                 sampass->username = PDB_NOT_QUITE_NULL;
544         }
545
546         return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
547 }
548
549 /*********************************************************************
550  Set the domain name.
551  ********************************************************************/
552
553 bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
554 {
555         if (domain) { 
556                 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
557                         (sampass->domain)?(sampass->domain):"NULL"));
558
559                 sampass->domain = talloc_strdup(sampass, domain);
560
561                 if (!sampass->domain) {
562                         DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
563                         return False;
564                 }
565         } else {
566                 sampass->domain = PDB_NOT_QUITE_NULL;
567         }
568
569         return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
570 }
571
572 /*********************************************************************
573  Set the user's NT name.
574  ********************************************************************/
575
576 bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
577 {
578         if (nt_username) { 
579                 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
580                         (sampass->nt_username)?(sampass->nt_username):"NULL"));
581  
582                 sampass->nt_username = talloc_strdup(sampass, nt_username);
583
584                 if (!sampass->nt_username) {
585                         DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
586                         return False;
587                 }
588         } else {
589                 sampass->nt_username = PDB_NOT_QUITE_NULL;
590         }
591
592         return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
593 }
594
595 /*********************************************************************
596  Set the user's full name.
597  ********************************************************************/
598
599 bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
600 {
601         if (full_name) { 
602                 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
603                         (sampass->full_name)?(sampass->full_name):"NULL"));
604
605                 sampass->full_name = talloc_strdup(sampass, full_name);
606
607                 if (!sampass->full_name) {
608                         DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
609                         return False;
610                 }
611         } else {
612                 sampass->full_name = PDB_NOT_QUITE_NULL;
613         }
614
615         return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
616 }
617
618 /*********************************************************************
619  Set the user's logon script.
620  ********************************************************************/
621
622 bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
623 {
624         if (logon_script) { 
625                 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
626                         (sampass->logon_script)?(sampass->logon_script):"NULL"));
627
628                 sampass->logon_script = talloc_strdup(sampass, logon_script);
629
630                 if (!sampass->logon_script) {
631                         DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
632                         return False;
633                 }
634         } else {
635                 sampass->logon_script = PDB_NOT_QUITE_NULL;
636         }
637
638         return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
639 }
640
641 /*********************************************************************
642  Set the user's profile path.
643  ********************************************************************/
644
645 bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
646 {
647         if (profile_path) { 
648                 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
649                         (sampass->profile_path)?(sampass->profile_path):"NULL"));
650
651                 sampass->profile_path = talloc_strdup(sampass, profile_path);
652
653                 if (!sampass->profile_path) {
654                         DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
655                         return False;
656                 }
657         } else {
658                 sampass->profile_path = PDB_NOT_QUITE_NULL;
659         }
660
661         return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
662 }
663
664 /*********************************************************************
665  Set the user's directory drive.
666  ********************************************************************/
667
668 bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
669 {
670         if (dir_drive) { 
671                 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
672                         (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
673
674                 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
675
676                 if (!sampass->dir_drive) {
677                         DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
678                         return False;
679                 }
680
681         } else {
682                 sampass->dir_drive = PDB_NOT_QUITE_NULL;
683         }
684
685         return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
686 }
687
688 /*********************************************************************
689  Set the user's home directory.
690  ********************************************************************/
691
692 bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
693 {
694         if (home_dir) { 
695                 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
696                         (sampass->home_dir)?(sampass->home_dir):"NULL"));
697
698                 sampass->home_dir = talloc_strdup(sampass, home_dir);
699
700                 if (!sampass->home_dir) {
701                         DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
702                         return False;
703                 }
704         } else {
705                 sampass->home_dir = PDB_NOT_QUITE_NULL;
706         }
707
708         return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
709 }
710
711 /*********************************************************************
712  Set the user's account description.
713  ********************************************************************/
714
715 bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
716 {
717         if (acct_desc) { 
718                 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
719
720                 if (!sampass->acct_desc) {
721                         DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
722                         return False;
723                 }
724         } else {
725                 sampass->acct_desc = PDB_NOT_QUITE_NULL;
726         }
727
728         return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
729 }
730
731 /*********************************************************************
732  Set the user's workstation allowed list.
733  ********************************************************************/
734
735 bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
736 {
737         if (workstations) { 
738                 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
739                         (sampass->workstations)?(sampass->workstations):"NULL"));
740
741                 sampass->workstations = talloc_strdup(sampass, workstations);
742
743                 if (!sampass->workstations) {
744                         DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
745                         return False;
746                 }
747         } else {
748                 sampass->workstations = PDB_NOT_QUITE_NULL;
749         }
750
751         return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
752 }
753
754 /*********************************************************************
755  ********************************************************************/
756
757 bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
758 {
759         if (comment) { 
760                 sampass->comment = talloc_strdup(sampass, comment);
761
762                 if (!sampass->comment) {
763                         DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
764                         return False;
765                 }
766         } else {
767                 sampass->comment = PDB_NOT_QUITE_NULL;
768         }
769
770         return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
771 }
772
773 /*********************************************************************
774  Set the user's dial string.
775  ********************************************************************/
776
777 bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
778 {
779         if (munged_dial) { 
780                 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
781
782                 if (!sampass->munged_dial) {
783                         DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
784                         return False;
785                 }
786         } else {
787                 sampass->munged_dial = PDB_NOT_QUITE_NULL;
788         }
789
790         return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
791 }
792
793 /*********************************************************************
794  Set the user's NT hash.
795  ********************************************************************/
796
797 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
798 {
799         data_blob_clear_free(&sampass->nt_pw);
800
801        if (pwd) {
802                sampass->nt_pw =
803                        data_blob_talloc(sampass, pwd, NT_HASH_LEN);
804        } else {
805                sampass->nt_pw = data_blob_null;
806        }
807
808         return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
809 }
810
811 /*********************************************************************
812  Set the user's LM hash.
813  ********************************************************************/
814
815 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
816 {
817         data_blob_clear_free(&sampass->lm_pw);
818
819         /* on keep the password if we are allowing LANMAN authentication */
820
821         if (pwd && lp_lanman_auth() ) {
822                 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
823         } else {
824                 sampass->lm_pw = data_blob_null;
825         }
826
827         return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
828 }
829
830 /*********************************************************************
831  Set the user's password history hash. historyLen is the number of 
832  PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
833  entries to store in the history - this must match the size of the uint8 array
834  in pwd.
835 ********************************************************************/
836
837 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag)
838 {
839         if (historyLen && pwd){
840                 data_blob_free(&(sampass->nt_pw_his));
841                 sampass->nt_pw_his = data_blob_talloc(sampass,
842                                                 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
843                 if (!sampass->nt_pw_his.length) {
844                         DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
845                         return False;
846                 }
847         } else {
848                 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
849         }
850
851         return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
852 }
853
854 /*********************************************************************
855  Set the user's plaintext password only (base procedure, see helper
856  below)
857  ********************************************************************/
858
859 bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
860 {
861         if (password) { 
862                 if (sampass->plaintext_pw!=NULL) 
863                         memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
864
865                 sampass->plaintext_pw = talloc_strdup(sampass, password);
866
867                 if (!sampass->plaintext_pw) {
868                         DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
869                         return False;
870                 }
871         } else {
872                 sampass->plaintext_pw = NULL;
873         }
874
875         return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
876 }
877
878 bool pdb_set_bad_password_count(struct samu *sampass, uint16_t bad_password_count, enum pdb_value_state flag)
879 {
880         sampass->bad_password_count = bad_password_count;
881         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
882 }
883
884 bool pdb_set_logon_count(struct samu *sampass, uint16_t logon_count, enum pdb_value_state flag)
885 {
886         sampass->logon_count = logon_count;
887         return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
888 }
889
890 bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag)
891 {
892         sampass->unknown_6 = unkn;
893         return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
894 }
895
896 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
897 {
898         if (!hours) {
899                 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
900         } else {
901                 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
902         }
903
904         return pdb_set_init_flags(sampass, PDB_HOURS, flag);
905 }
906
907 bool pdb_set_backend_private_data(struct samu *sampass, void *private_data, 
908                                    void (*free_fn)(void **), 
909                                    const struct pdb_methods *my_methods, 
910                                    enum pdb_value_state flag)
911 {
912         if (sampass->backend_private_data &&
913             sampass->backend_private_data_free_fn) {
914                 sampass->backend_private_data_free_fn(
915                         &sampass->backend_private_data);
916         }
917
918         sampass->backend_private_data = private_data;
919         sampass->backend_private_data_free_fn = free_fn;
920         sampass->backend_private_methods = my_methods;
921
922         return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
923 }
924
925
926 /* Helpful interfaces to the above */
927
928 bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
929 {
930         return pdb_set_pass_can_change_time(sampass, 
931                                      canchange ? 0 : get_time_t_max(),
932                                      PDB_CHANGED);
933 }
934
935
936 /*********************************************************************
937  Set the user's PLAINTEXT password.  Used as an interface to the above.
938  Also sets the last change time to NOW.
939  ********************************************************************/
940
941 bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
942 {
943         uchar new_lanman_p16[LM_HASH_LEN];
944         uchar new_nt_p16[NT_HASH_LEN];
945         uchar *pwhistory;
946         uint32_t pwHistLen;
947         uint32_t current_history_len;
948
949         if (!plaintext)
950                 return False;
951
952         /* Calculate the MD4 hash (NT compatible) of the password */
953         E_md4hash(plaintext, new_nt_p16);
954
955         if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) 
956                 return False;
957
958         if (!E_deshash(plaintext, new_lanman_p16)) {
959                 /* E_deshash returns false for 'long' passwords (> 14
960                    DOS chars).  This allows us to match Win2k, which
961                    does not store a LM hash for these passwords (which
962                    would reduce the effective password length to 14 */
963
964                 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) 
965                         return False;
966         } else {
967                 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
968                         return False;
969         }
970
971         if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) 
972                 return False;
973
974         if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
975                 return False;
976
977         if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
978                 /*
979                  * No password history for non-user accounts
980                  */
981                 return true;
982         }
983
984         pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
985
986         if (pwHistLen == 0) {
987                 /* Set the history length to zero. */
988                 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
989                 return true;
990         }
991
992         /*
993          * We need to make sure we don't have a race condition here -
994          * the account policy history length can change between when
995          * the pw_history was first loaded into the struct samu struct
996          * and now.... JRA.
997          */
998         pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
999
1000         if ((current_history_len != 0) && (pwhistory == NULL)) {
1001                 DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
1002                 return false;
1003         }
1004
1005         if (current_history_len < pwHistLen) {
1006                 /*
1007                  * Ensure we have space for the needed history. This
1008                  * also takes care of an account which did not have
1009                  * any history at all so far, i.e. pwhistory==NULL
1010                  */
1011                 uchar *new_history = talloc_zero_array(
1012                         sampass, uchar,
1013                         pwHistLen*PW_HISTORY_ENTRY_LEN);
1014
1015                 if (!new_history) {
1016                         return False;
1017                 }
1018
1019                 memcpy(new_history, pwhistory,
1020                        current_history_len*PW_HISTORY_ENTRY_LEN);
1021
1022                 pwhistory = new_history;
1023         }
1024
1025         /*
1026          * Make room for the new password in the history list.
1027          */
1028         if (pwHistLen > 1) {
1029                 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
1030                         (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
1031         }
1032
1033         /*
1034          * Fill the salt area with 0-s: this indicates that
1035          * a plain nt hash is stored in the has area.
1036          * The old format was to store a 16 byte salt and
1037          * then an md5hash of the nt_hash concatenated with
1038          * the salt.
1039          */
1040         memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
1041
1042         /*
1043          * Store the plain nt hash in the second 16 bytes.
1044          * The old format was to store the md5 hash of
1045          * the salt+newpw.
1046          */
1047         memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
1048
1049         pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1050
1051         return True;
1052 }
1053
1054 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1055 uint32_t pdb_build_fields_present(struct samu *sampass)
1056 {
1057         /* value set to all for testing */
1058         return 0x00ffffff;
1059 }