2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_PASSDB
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return pstrings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
37 #define PDB_NOT_QUITE_NULL ""
39 /*********************************************************************
40 Collection of get...() functions for struct samu.
41 ********************************************************************/
43 uint32 pdb_get_acct_ctrl(const struct samu *sampass)
45 return sampass->acct_ctrl;
48 time_t pdb_get_logon_time(const struct samu *sampass)
50 return sampass->logon_time;
53 time_t pdb_get_logoff_time(const struct samu *sampass)
55 return sampass->logoff_time;
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
60 return sampass->kickoff_time;
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
65 return sampass->bad_password_time;
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
70 return sampass->pass_last_set_time;
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
77 if (sampass->pass_last_set_time == 0)
80 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
83 return sampass->pass_last_set_time + allow;
86 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
90 if (sampass->pass_last_set_time == 0)
93 if (sampass->acct_ctrl & ACB_PWNOEXP)
94 return get_time_t_max();
96 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
97 || expire == (uint32)-1 || expire == 0)
98 return get_time_t_max();
100 return sampass->pass_last_set_time + expire;
103 uint16 pdb_get_logon_divs(const struct samu *sampass)
105 return sampass->logon_divs;
108 uint32 pdb_get_hours_len(const struct samu *sampass)
110 return sampass->hours_len;
113 const uint8 *pdb_get_hours(const struct samu *sampass)
115 return (sampass->hours);
118 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
120 SMB_ASSERT((!sampass->nt_pw.data)
121 || sampass->nt_pw.length == NT_HASH_LEN);
122 return (uint8 *)sampass->nt_pw.data;
125 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
127 SMB_ASSERT((!sampass->lm_pw.data)
128 || sampass->lm_pw.length == LM_HASH_LEN);
129 return (uint8 *)sampass->lm_pw.data;
132 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
134 SMB_ASSERT((!sampass->nt_pw_his.data)
135 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
136 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
137 return (uint8 *)sampass->nt_pw_his.data;
140 /* Return the plaintext password if known. Most of the time
141 it isn't, so don't assume anything magic about this function.
143 Used to pass the plaintext to passdb backends that might
144 want to store more than just the NTLM hashes.
146 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
148 return sampass->plaintext_pw;
151 const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
153 return &sampass->user_sid;
156 const DOM_SID *pdb_get_group_sid(struct samu *sampass)
161 /* Return the cached group SID if we have that */
162 if ( sampass->group_sid ) {
163 return sampass->group_sid;
166 /* generate the group SID from the user's primary Unix group */
168 if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
172 /* No algorithmic mapping, meaning that we have to figure out the
173 primary group SID according to group mapping and the user SID must
174 be a newly allocated one. We rely on the user's Unix primary gid.
175 We have no choice but to fail if we can't find it. */
177 if ( sampass->unix_pw ) {
178 pwd = sampass->unix_pw;
180 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
184 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
188 if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
189 enum lsa_SidType type = SID_NAME_UNKNOWN;
190 TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
197 /* Now check that it's actually a domain group and not something else */
199 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
201 TALLOC_FREE( mem_ctx );
203 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
204 sampass->group_sid = gsid;
205 return sampass->group_sid;
208 DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n",
209 pwd->pw_name, sid_type_lookup(type)));
212 /* Just set it to the 'Domain Users' RID of 512 which will
213 always resolve to a name */
215 sid_copy( gsid, get_global_sam_sid() );
216 sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
218 sampass->group_sid = gsid;
220 return sampass->group_sid;
224 * Get flags showing what is initalised in the struct samu
225 * @param sampass the struct samu in question
226 * @return the flags indicating the members initialised in the struct.
229 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
231 enum pdb_value_state ret = PDB_DEFAULT;
233 if (!sampass->change_flags || !sampass->set_flags)
236 if (bitmap_query(sampass->set_flags, element)) {
237 DEBUG(11, ("element %d: SET\n", element));
241 if (bitmap_query(sampass->change_flags, element)) {
242 DEBUG(11, ("element %d: CHANGED\n", element));
246 if (ret == PDB_DEFAULT) {
247 DEBUG(11, ("element %d: DEFAULT\n", element));
253 const char *pdb_get_username(const struct samu *sampass)
255 return sampass->username;
258 const char *pdb_get_domain(const struct samu *sampass)
260 return sampass->domain;
263 const char *pdb_get_nt_username(const struct samu *sampass)
265 return sampass->nt_username;
268 const char *pdb_get_fullname(const struct samu *sampass)
270 return sampass->full_name;
273 const char *pdb_get_homedir(const struct samu *sampass)
275 return sampass->home_dir;
278 const char *pdb_get_unix_homedir(const struct samu *sampass)
280 if (sampass->unix_pw ) {
281 return sampass->unix_pw->pw_dir;
286 const char *pdb_get_dir_drive(const struct samu *sampass)
288 return sampass->dir_drive;
291 const char *pdb_get_logon_script(const struct samu *sampass)
293 return sampass->logon_script;
296 const char *pdb_get_profile_path(const struct samu *sampass)
298 return sampass->profile_path;
301 const char *pdb_get_acct_desc(const struct samu *sampass)
303 return sampass->acct_desc;
306 const char *pdb_get_workstations(const struct samu *sampass)
308 return sampass->workstations;
311 const char *pdb_get_comment(const struct samu *sampass)
313 return sampass->comment;
316 const char *pdb_get_munged_dial(const struct samu *sampass)
318 return sampass->munged_dial;
321 uint16 pdb_get_bad_password_count(const struct samu *sampass)
323 return sampass->bad_password_count;
326 uint16 pdb_get_logon_count(const struct samu *sampass)
328 return sampass->logon_count;
331 uint32 pdb_get_unknown_6(const struct samu *sampass)
333 return sampass->unknown_6;
336 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
338 if (my_methods == sampass->backend_private_methods) {
339 return sampass->backend_private_data;
345 /*********************************************************************
346 Collection of set...() functions for struct samu.
347 ********************************************************************/
349 BOOL pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
351 sampass->acct_ctrl = acct_ctrl;
352 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
355 BOOL pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
357 sampass->logon_time = mytime;
358 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
361 BOOL pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
363 sampass->logoff_time = mytime;
364 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
367 BOOL pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
369 sampass->kickoff_time = mytime;
370 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
373 BOOL pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
375 sampass->bad_password_time = mytime;
376 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
379 BOOL pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
381 sampass->pass_can_change_time = mytime;
382 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
385 BOOL pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
387 sampass->pass_must_change_time = mytime;
388 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
391 BOOL pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
393 sampass->pass_last_set_time = mytime;
394 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
397 BOOL pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
399 sampass->hours_len = len;
400 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
403 BOOL pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
405 sampass->logon_divs = hours;
406 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
410 * Set flags showing what is initalised in the struct samu
411 * @param sampass the struct samu in question
412 * @param flag The *new* flag to be set. Old flags preserved
413 * this flag is only added.
416 BOOL pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
418 if (!sampass->set_flags) {
419 if ((sampass->set_flags =
420 bitmap_talloc(sampass,
422 DEBUG(0,("bitmap_talloc failed\n"));
426 if (!sampass->change_flags) {
427 if ((sampass->change_flags =
428 bitmap_talloc(sampass,
430 DEBUG(0,("bitmap_talloc failed\n"));
437 if (!bitmap_set(sampass->change_flags, element)) {
438 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
441 if (!bitmap_set(sampass->set_flags, element)) {
442 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
445 DEBUG(11, ("element %d -> now CHANGED\n", element));
448 if (!bitmap_clear(sampass->change_flags, element)) {
449 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
452 if (!bitmap_set(sampass->set_flags, element)) {
453 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
456 DEBUG(11, ("element %d -> now SET\n", element));
460 if (!bitmap_clear(sampass->change_flags, element)) {
461 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
464 if (!bitmap_clear(sampass->set_flags, element)) {
465 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
468 DEBUG(11, ("element %d -> now DEFAULT\n", element));
475 BOOL pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
480 sid_copy(&sampass->user_sid, u_sid);
482 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
483 sid_string_static(&sampass->user_sid)));
485 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
488 BOOL pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
495 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
498 if (!string_to_sid(&new_sid, u_sid)) {
499 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
503 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
504 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
511 /********************************************************************
512 We never fill this in from a passdb backend but rather set is
513 based on the user's primary group membership. However, the
514 struct samu* is overloaded and reused in domain memship code
515 as well and built from the NET_USER_INFO_3 or PAC so we
516 have to allow the explicitly setting of a group SID here.
517 ********************************************************************/
519 BOOL pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
526 if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
530 /* if we cannot resolve the SID to gid, then just ignore it and
531 store DOMAIN_USERS as the primary groupSID */
533 if ( sid_to_gid( g_sid, &gid ) ) {
534 sid_copy(sampass->group_sid, g_sid);
536 sid_copy( sampass->group_sid, get_global_sam_sid() );
537 sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
540 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
541 sid_string_static(sampass->group_sid)));
543 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
546 /*********************************************************************
547 Set the user's UNIX name.
548 ********************************************************************/
550 BOOL pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
553 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
554 (sampass->username)?(sampass->username):"NULL"));
556 sampass->username = talloc_strdup(sampass, username);
558 if (!sampass->username) {
559 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
563 sampass->username = PDB_NOT_QUITE_NULL;
566 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
569 /*********************************************************************
571 ********************************************************************/
573 BOOL pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
576 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
577 (sampass->domain)?(sampass->domain):"NULL"));
579 sampass->domain = talloc_strdup(sampass, domain);
581 if (!sampass->domain) {
582 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
586 sampass->domain = PDB_NOT_QUITE_NULL;
589 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
592 /*********************************************************************
593 Set the user's NT name.
594 ********************************************************************/
596 BOOL pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
599 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
600 (sampass->nt_username)?(sampass->nt_username):"NULL"));
602 sampass->nt_username = talloc_strdup(sampass, nt_username);
604 if (!sampass->nt_username) {
605 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
609 sampass->nt_username = PDB_NOT_QUITE_NULL;
612 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
615 /*********************************************************************
616 Set the user's full name.
617 ********************************************************************/
619 BOOL pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
622 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
623 (sampass->full_name)?(sampass->full_name):"NULL"));
625 sampass->full_name = talloc_strdup(sampass, full_name);
627 if (!sampass->full_name) {
628 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
632 sampass->full_name = PDB_NOT_QUITE_NULL;
635 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
638 /*********************************************************************
639 Set the user's logon script.
640 ********************************************************************/
642 BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
645 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
646 (sampass->logon_script)?(sampass->logon_script):"NULL"));
648 sampass->logon_script = talloc_strdup(sampass, logon_script);
650 if (!sampass->logon_script) {
651 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
655 sampass->logon_script = PDB_NOT_QUITE_NULL;
658 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
661 /*********************************************************************
662 Set the user's profile path.
663 ********************************************************************/
665 BOOL pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
668 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
669 (sampass->profile_path)?(sampass->profile_path):"NULL"));
671 sampass->profile_path = talloc_strdup(sampass, profile_path);
673 if (!sampass->profile_path) {
674 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
678 sampass->profile_path = PDB_NOT_QUITE_NULL;
681 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
684 /*********************************************************************
685 Set the user's directory drive.
686 ********************************************************************/
688 BOOL pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
691 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
692 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
694 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
696 if (!sampass->dir_drive) {
697 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
702 sampass->dir_drive = PDB_NOT_QUITE_NULL;
705 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
708 /*********************************************************************
709 Set the user's home directory.
710 ********************************************************************/
712 BOOL pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
715 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
716 (sampass->home_dir)?(sampass->home_dir):"NULL"));
718 sampass->home_dir = talloc_strdup(sampass, home_dir);
720 if (!sampass->home_dir) {
721 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
725 sampass->home_dir = PDB_NOT_QUITE_NULL;
728 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
731 /*********************************************************************
732 Set the user's account description.
733 ********************************************************************/
735 BOOL pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
738 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
740 if (!sampass->acct_desc) {
741 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
745 sampass->acct_desc = PDB_NOT_QUITE_NULL;
748 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
751 /*********************************************************************
752 Set the user's workstation allowed list.
753 ********************************************************************/
755 BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
758 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
759 (sampass->workstations)?(sampass->workstations):"NULL"));
761 sampass->workstations = talloc_strdup(sampass, workstations);
763 if (!sampass->workstations) {
764 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
768 sampass->workstations = PDB_NOT_QUITE_NULL;
771 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
774 /*********************************************************************
775 ********************************************************************/
777 BOOL pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
780 sampass->comment = talloc_strdup(sampass, comment);
782 if (!sampass->comment) {
783 DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
787 sampass->comment = PDB_NOT_QUITE_NULL;
790 return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
793 /*********************************************************************
794 Set the user's dial string.
795 ********************************************************************/
797 BOOL pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
800 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
802 if (!sampass->munged_dial) {
803 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
807 sampass->munged_dial = PDB_NOT_QUITE_NULL;
810 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
813 /*********************************************************************
814 Set the user's NT hash.
815 ********************************************************************/
817 BOOL pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
819 data_blob_clear_free(&sampass->nt_pw);
823 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
825 sampass->nt_pw = data_blob(NULL, 0);
828 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
831 /*********************************************************************
832 Set the user's LM hash.
833 ********************************************************************/
835 BOOL pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
837 data_blob_clear_free(&sampass->lm_pw);
839 /* on keep the password if we are allowing LANMAN authentication */
841 if (pwd && lp_lanman_auth() ) {
842 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
844 sampass->lm_pw = data_blob(NULL, 0);
847 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
850 /*********************************************************************
851 Set the user's password history hash. historyLen is the number of
852 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
853 entries to store in the history - this must match the size of the uint8 array
855 ********************************************************************/
857 BOOL pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
859 if (historyLen && pwd){
860 sampass->nt_pw_his = data_blob_talloc(sampass,
861 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
862 if (!sampass->nt_pw_his.length) {
863 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
867 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
870 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
873 /*********************************************************************
874 Set the user's plaintext password only (base procedure, see helper
876 ********************************************************************/
878 BOOL pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
881 if (sampass->plaintext_pw!=NULL)
882 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
884 sampass->plaintext_pw = talloc_strdup(sampass, password);
886 if (!sampass->plaintext_pw) {
887 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
891 sampass->plaintext_pw = NULL;
894 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
897 BOOL pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
899 sampass->bad_password_count = bad_password_count;
900 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
903 BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
905 sampass->logon_count = logon_count;
906 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
909 BOOL pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
911 sampass->unknown_6 = unkn;
912 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
915 BOOL pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
918 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
920 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
923 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
926 BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data,
927 void (*free_fn)(void **),
928 const struct pdb_methods *my_methods,
929 enum pdb_value_state flag)
931 if (sampass->backend_private_data &&
932 sampass->backend_private_data_free_fn) {
933 sampass->backend_private_data_free_fn(
934 &sampass->backend_private_data);
937 sampass->backend_private_data = private_data;
938 sampass->backend_private_data_free_fn = free_fn;
939 sampass->backend_private_methods = my_methods;
941 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
945 /* Helpful interfaces to the above */
947 /*********************************************************************
948 Sets the last changed times and must change times for a normal
950 ********************************************************************/
952 BOOL pdb_set_pass_changed_now(struct samu *sampass)
957 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
960 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
961 || (expire==(uint32)-1) || (expire == 0)) {
962 if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
965 if (!pdb_set_pass_must_change_time (sampass,
966 pdb_get_pass_last_set_time(sampass)
967 + expire, PDB_CHANGED))
971 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
972 || (min_age==(uint32)-1)) {
973 if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
976 if (!pdb_set_pass_can_change_time (sampass,
977 pdb_get_pass_last_set_time(sampass)
978 + min_age, PDB_CHANGED))
984 /*********************************************************************
985 Set the user's PLAINTEXT password. Used as an interface to the above.
986 Also sets the last change time to NOW.
987 ********************************************************************/
989 BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
991 uchar new_lanman_p16[LM_HASH_LEN];
992 uchar new_nt_p16[NT_HASH_LEN];
997 /* Calculate the MD4 hash (NT compatible) of the password */
998 E_md4hash(plaintext, new_nt_p16);
1000 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
1003 if (!E_deshash(plaintext, new_lanman_p16)) {
1004 /* E_deshash returns false for 'long' passwords (> 14
1005 DOS chars). This allows us to match Win2k, which
1006 does not store a LM hash for these passwords (which
1007 would reduce the effective password length to 14 */
1009 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1012 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1016 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1019 if (!pdb_set_pass_changed_now (sampass))
1022 /* Store the password history. */
1023 if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
1026 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
1027 if (pwHistLen != 0){
1028 uint32 current_history_len;
1029 /* We need to make sure we don't have a race condition here - the
1030 account policy history length can change between when the pw_history
1031 was first loaded into the struct samu struct and now.... JRA. */
1032 pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len);
1034 if (current_history_len != pwHistLen) {
1035 /* After closing and reopening struct samu the history
1036 values will sync up. We can't do this here. */
1038 /* current_history_len > pwHistLen is not a problem - we
1039 have more history than we need. */
1041 if (current_history_len < pwHistLen) {
1042 /* Ensure we have space for the needed history. */
1043 uchar *new_history = (uchar *)TALLOC(sampass,
1044 pwHistLen*PW_HISTORY_ENTRY_LEN);
1049 /* And copy it into the new buffer. */
1050 if (current_history_len) {
1051 memcpy(new_history, pwhistory,
1052 current_history_len*PW_HISTORY_ENTRY_LEN);
1054 /* Clearing out any extra space. */
1055 memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
1056 '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
1057 /* Finally replace it. */
1058 pwhistory = new_history;
1061 if (pwhistory && pwHistLen){
1062 /* Make room for the new password in the history list. */
1063 if (pwHistLen > 1) {
1064 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
1065 pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
1067 /* Create the new salt as the first part of the history entry. */
1068 generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
1070 /* Generate the md5 hash of the salt+new password as the second
1071 part of the history entry. */
1073 E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
1074 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1076 DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
1079 /* Set the history length to zero. */
1080 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1087 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1088 uint32 pdb_build_fields_present(struct samu *sampass)
1090 /* value set to all for testing */
git.samba.org / idra / samba.git / blob