* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
eu.in.dom_hnd = sod.out.dom_hnd;
printf("ACB mask (can be 0): ");
- scanf("%hx", &eu.in.acb_mask);
+ scanf("%x", &eu.in.acb_mask);
while(cac_SamEnumUsers(hnd, mem_ctx, &eu)) {
printf("Enumerated %d users:\n", eu.out.num_users);
Start enumeration of the passwd list.
****************************************************************/
-static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
+static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint32 acb_mask)
{
DEBUG(10, ("testsam_setsampwent called\n"));
return NT_STATUS_NOT_IMPLEMENTED;
DATA_BLOB *user_sess_key,
DATA_BLOB *lm_sess_key)
{
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
const uint8 *lm_pw, *nt_pw;
const char *username = pdb_get_username(sampass);
struct samu *sampass,
const auth_usersupplied_info *user_info)
{
- uint16 acct_ctrl = pdb_get_acct_ctrl(sampass);
+ uint32 acct_ctrl = pdb_get_acct_ctrl(sampass);
char *workstation_list;
time_t kickoff_time;
return NT_STATUS_NO_MEMORY;
}
+ if (!pdb_set_acct_ctrl(sam_account, info3->acct_flags, PDB_CHANGED)) {
+ TALLOC_FREE(sam_account);
+ return NT_STATUS_NO_MEMORY;
+ }
+
result = make_server_info(NULL);
if (result == NULL) {
DEBUG(4, ("make_server_info failed!\n"));
POLICY_HND *dom_hnd;
/**Enumerate users with specific ACB. If 0, all users will be enumerated*/
- uint16 acb_mask;
+ uint32 acb_mask;
} in;
struct {
/* cache for bad password lockout data, to be used on replicated SAMs */
typedef struct logon_cache_struct {
time_t entry_timestamp;
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
uint16 bad_password_count;
time_t bad_password_time;
} LOGIN_CACHE;
DATA_BLOB nt_pw_his; /* nt hashed password history .data is Null if not available */
char* plaintext_pw; /* is Null if not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ uint32 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
uint32 fields_present; /* 0x00ff ffff */
uint16 logon_divs; /* 168 - number of hours in a week */
struct samr_displayentry {
uint32 idx;
uint32 rid;
- uint16 acct_flags;
+ uint32 acct_flags;
const char *account_name;
const char *fullname;
const char *description;
{
const char *name; /* What name got this module */
- NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint16 acb_mask);
+ NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint32 acb_mask);
void (*endsampwent)(struct pdb_methods *);
BOOL (*search_users)(struct pdb_methods *methods,
struct pdb_search *search,
- uint16 acct_flags);
+ uint32 acct_flags);
BOOL (*search_groups)(struct pdb_methods *methods,
struct pdb_search *search);
BOOL (*search_aliases)(struct pdb_methods *methods,
POLICY_HND pol; /* policy handle */
uint32 start_idx; /* number of values (0 indicates unlimited?) */
- uint16 acb_mask; /* 0x0000 indicates all */
- uint16 unknown_1; /* 0x0000 */
+ uint32 acb_mask; /* 0x0000 indicates all */
uint32 max_size; /* 0x0000 ffff */
uint32 user_idx;
uint32 rid_user;
- uint16 acb_info;
+ uint32 acb_info;
UNIHDR hdr_acct_name;
UNIHDR hdr_user_name;
uint32 user_idx;
uint32 rid_user;
- uint16 acb_info;
+ uint32 acb_info;
UNIHDR hdr_srv_name;
UNIHDR hdr_srv_desc;
#define ACB_NOT_DELEGATED 0x00004000 /* 1 = Not delegated */
#define ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 = Use DES key only */
#define ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 = Preauth not required */
+#define ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
#define MAX_HOURS_LEN 32
/*
translated the ACB_CTRL Flags to UserFlags (userAccountControl)
*/
-uint32 ads_acb2uf(uint16 acb)
+uint32 ads_acb2uf(uint32 acb)
{
uint32 uf = 0x00000000;
- if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE;
- if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED;
- if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD;
- if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT;
- if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT;
- if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT;
- if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT;
- if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT;
- if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT;
- if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD;
- if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT;
+ if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE;
+ if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED;
+ if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD;
+ if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT;
+ if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT;
+ if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT;
+ if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT;
+ if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT;
+ if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT;
+ if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD;
+ if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT;
+ if (acb & ACB_USE_DES_KEY_ONLY) uf |= UF_USE_DES_KEY_ONLY;
+ if (acb & ACB_SMARTCARD_REQUIRED) uf |= UF_SMARTCARD_REQUIRED;
+ if (acb & ACB_TRUSTED_FOR_DELEGATION) uf |= UF_TRUSTED_FOR_DELEGATION;
+ if (acb & ACB_DONT_REQUIRE_PREAUTH) uf |= UF_DONT_REQUIRE_PREAUTH;
+ if (acb & ACB_NO_AUTH_DATA_REQD) uf |= UF_NO_AUTH_DATA_REQUIRED;
+ if (acb & ACB_NOT_DELEGATED) uf |= UF_NOT_DELEGATED;
+ if (acb & ACB_ENC_TXT_PWD_ALLOWED) uf |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED;
return uf;
}
/*
translated the UserFlags (userAccountControl) to ACB_CTRL Flags
*/
-uint16 ads_uf2acb(uint32 uf)
+uint32 ads_uf2acb(uint32 uf)
{
- uint16 acb = 0x0000;
+ uint32 acb = 0x00000000;
if (uf & UF_ACCOUNTDISABLE) acb |= ACB_DISABLED;
if (uf & UF_HOMEDIR_REQUIRED) acb |= ACB_HOMDIRREQ;
if (uf & UF_MNS_LOGON_ACCOUNT) acb |= ACB_MNS;
if (uf & UF_DONT_EXPIRE_PASSWD) acb |= ACB_PWNOEXP;
if (uf & UF_LOCKOUT) acb |= ACB_AUTOLOCK;
+ if (uf & UF_USE_DES_KEY_ONLY) acb |= ACB_USE_DES_KEY_ONLY;
+ if (uf & UF_SMARTCARD_REQUIRED) acb |= ACB_SMARTCARD_REQUIRED;
+ if (uf & UF_TRUSTED_FOR_DELEGATION) acb |= ACB_TRUSTED_FOR_DELEGATION;
+ if (uf & UF_DONT_REQUIRE_PREAUTH) acb |= ACB_DONT_REQUIRE_PREAUTH;
+ if (uf & UF_NO_AUTH_DATA_REQUIRED) acb |= ACB_NO_AUTH_DATA_REQD;
+ if (uf & UF_NOT_DELEGATED) acb |= ACB_NOT_DELEGATED;
+ if (uf & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) acb |= ACB_ENC_TXT_PWD_ALLOWED;
switch (uf & UF_ACCOUNT_TYPE_MASK)
{
null). length *MUST BE MORE THAN 2* !
**********************************************************/
-char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+char *pdb_encode_acct_ctrl(uint32 acct_ctrl, size_t length)
{
static fstring acct_str;
Decode the account control bits from a string.
**********************************************************/
-uint16 pdb_decode_acct_ctrl(const char *p)
+uint32 pdb_decode_acct_ctrl(const char *p)
{
- uint16 acct_ctrl = 0;
+ uint32 acct_ctrl = 0;
BOOL finished = False;
/*
Routine to set 32 hex password characters from a 16 byte array.
**************************************************************/
-void pdb_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
+void pdb_sethexpwd(char *p, const unsigned char *pwd, uint32 acct_ctrl)
{
if (pwd != NULL) {
int i;
char *msg_str, size_t msg_str_len)
{
struct samu *sam_pass=NULL;
- uint16 other_acb;
+ uint32 other_acb;
NTSTATUS result;
*err_str = '\0';
Marshall/unmarshall struct samu structs.
*********************************************************************/
-#define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd"
+#define TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd"
/*********************************************************************
*********************************************************************/
-BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
+BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
{
/* times are stored as 32bit integer
fullname_len, homedir_len, logon_script_len,
profile_path_len, acct_desc_len, workstations_len;
- uint32 user_rid, group_rid, hours_len, unknown_6;
- uint16 acct_ctrl, logon_divs;
+ uint32 user_rid, group_rid, hours_len, unknown_6, acct_ctrl;
+ uint16 logon_divs;
uint16 bad_password_count, logon_count;
uint8 *hours = NULL;
uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
BOOL expand_explicit = lp_passdb_expand_explicit();
if(sampass == NULL || buf == NULL) {
- DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n"));
+ DEBUG(0, ("init_sam_from_buffer_v3: NULL parameters found!\n"));
return False;
}
-/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */
+/* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */
/* unpack the buffer into variables */
- len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V2,
+ len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V3,
&logon_time, /* d */
&logoff_time, /* d */
&kickoff_time, /* d */
&nt_pw_len, &nt_pw_ptr, /* B */
/* Change from V1 is addition of password history field. */
&nt_pw_hist_len, &nt_pw_hist_ptr, /* B */
- &acct_ctrl, /* w */
+ /* Change from V2 is the uint32 acb_mask */
+ &acct_ctrl, /* d */
/* Also "remove_me" field was removed. */
&logon_divs, /* w */
&hours_len, /* d */
}
}
- /* Change from V1 is addition of password history field. */
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
pdb_set_logon_count(sampass, logon_count, PDB_SET);
pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
+ /* Change from V2 is the uint32 acct_ctrl */
pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
pdb_set_hours(sampass, hours, PDB_SET);
/*********************************************************************
*********************************************************************/
-uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_only)
+uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_only)
{
size_t len, buflen;
munged_dial_len = 0;
}
-/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */
+/* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */
/* one time to get the size needed */
- len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V2,
+ len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V3,
logon_time, /* d */
logoff_time, /* d */
kickoff_time, /* d */
lm_pw_len, lm_pw, /* B */
nt_pw_len, nt_pw, /* B */
nt_pw_hist_len, nt_pw_hist, /* B */
- pdb_get_acct_ctrl(sampass), /* w */
+ pdb_get_acct_ctrl(sampass), /* d */
pdb_get_logon_divs(sampass), /* w */
pdb_get_hours_len(sampass), /* d */
MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */
/* malloc the space needed */
if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) {
- DEBUG(0,("init_buffer_from_sam_v2: Unable to malloc() memory for buffer!\n"));
+ DEBUG(0,("init_buffer_from_sam_v3: Unable to malloc() memory for buffer!\n"));
return (-1);
}
/* now for the real call to tdb_pack() */
- buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V2,
+ buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V3,
logon_time, /* d */
logoff_time, /* d */
kickoff_time, /* d */
lm_pw_len, lm_pw, /* B */
nt_pw_len, nt_pw, /* B */
nt_pw_hist_len, nt_pw_hist, /* B */
- pdb_get_acct_ctrl(sampass), /* w */
+ pdb_get_acct_ctrl(sampass), /* d */
pdb_get_logon_divs(sampass), /* w */
pdb_get_hours_len(sampass), /* d */
MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */
/* check to make sure we got it correct */
if (buflen != len) {
- DEBUG(0, ("init_buffer_from_sam_v2: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n",
+ DEBUG(0, ("init_buffer_from_sam_v3: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n",
(unsigned long)buflen, (unsigned long)len));
/* error */
SAFE_FREE (*buf);
if ( !dst )
return False;
- len = init_buffer_from_sam_v2(&buf, src, False);
+ len = init_buffer_from_sam_v3(&buf, src, False);
if (len == -1)
return False;
- result = init_sam_from_buffer_v2( dst, buf, len );
+ result = init_sam_from_buffer_v3( dst, buf, len );
dst->methods = src->methods;
if ( src->unix_pw )
Collection of get...() functions for struct samu.
********************************************************************/
-uint16 pdb_get_acct_ctrl (const struct samu *sampass)
+uint32 pdb_get_acct_ctrl (const struct samu *sampass)
{
if (sampass)
return (sampass->acct_ctrl);
Collection of set...() functions for struct samu.
********************************************************************/
-BOOL pdb_set_acct_ctrl (struct samu *sampass, uint16 acct_ctrl, enum pdb_value_state flag)
+BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
{
if (!sampass)
return False;
return NT_STATUS_OK;
}
-static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
+static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint32 acb_mask)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static BOOL pdb_default_search_users(struct pdb_methods *methods,
struct pdb_search *search,
- uint16 acct_flags)
+ uint32 acct_flags)
{
struct user_search *state;
return (search->num_entries > idx) ? &search->cache[idx] : NULL;
}
-struct pdb_search *pdb_search_users(uint16 acct_flags)
+struct pdb_search *pdb_search_users(uint32 acct_flags)
{
struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
uint8 smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
BOOL use_samba_attrs = True;
- uint16 acct_ctrl = 0,
- logon_divs;
+ uint32 acct_ctrl = 0;
+ uint16 logon_divs;
uint16 bad_password_count = 0,
logon_count = 0;
uint32 hours_len;
Connect to LDAP server for password enumeration.
*********************************************************************/
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
+static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
struct ldap_search_state {
struct smbldap_state *connection;
- uint16 acct_flags;
+ uint32 acct_flags;
uint16 group_type;
const char *base;
{
char **vals;
DOM_SID sid;
- uint16 acct_flags;
+ uint32 acct_flags;
vals = ldap_get_values(ld, entry, "sambaAcctFlags");
if ((vals == NULL) || (vals[0] == NULL)) {
static BOOL ldapsam_search_users(struct pdb_methods *methods,
struct pdb_search *search,
- uint16 acct_flags)
+ uint32 acct_flags)
{
struct ldapsam_privates *ldap_state = methods->private_data;
struct ldap_search_state *state;
Functions to be implemented by the new passdb API
****************************************************************/
-static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
+static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update, uint32 acb_mask)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
#endif
-#define TDBSAM_VERSION 2 /* Most recent TDBSAM version */
+#define TDBSAM_VERSION 3 /* Most recent TDBSAM version */
#define TDBSAM_VERSION_STRING "INFO/version"
#define PASSDB_FILE_NAME "passdb.tdb"
#define USERPREFIX "USER_"
#define TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd"
#define TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd"
+#define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd"
/*********************************************************************
*********************************************************************/
return ret;
}
+BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
+{
+
+ /* times are stored as 32bit integer
+ take care on system with 64bit wide time_t
+ --SSS */
+ uint32 logon_time,
+ logoff_time,
+ kickoff_time,
+ bad_password_time,
+ pass_last_set_time,
+ pass_can_change_time,
+ pass_must_change_time;
+ char *username = NULL;
+ char *domain = NULL;
+ char *nt_username = NULL;
+ char *dir_drive = NULL;
+ char *unknown_str = NULL;
+ char *munged_dial = NULL;
+ char *fullname = NULL;
+ char *homedir = NULL;
+ char *logon_script = NULL;
+ char *profile_path = NULL;
+ char *acct_desc = NULL;
+ char *workstations = NULL;
+ uint32 username_len, domain_len, nt_username_len,
+ dir_drive_len, unknown_str_len, munged_dial_len,
+ fullname_len, homedir_len, logon_script_len,
+ profile_path_len, acct_desc_len, workstations_len;
+
+ uint32 user_rid, group_rid, hours_len, unknown_6;
+ uint16 acct_ctrl, logon_divs;
+ uint16 bad_password_count, logon_count;
+ uint8 *hours = NULL;
+ uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
+ uint32 len = 0;
+ uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
+ uint32 pwHistLen = 0;
+ BOOL ret = True;
+ fstring tmpstring;
+ BOOL expand_explicit = lp_passdb_expand_explicit();
+
+ if(sampass == NULL || buf == NULL) {
+ DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n"));
+ return False;
+ }
+
+/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */
+
+ /* unpack the buffer into variables */
+ len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V2,
+ &logon_time, /* d */
+ &logoff_time, /* d */
+ &kickoff_time, /* d */
+ &bad_password_time, /* d */
+ &pass_last_set_time, /* d */
+ &pass_can_change_time, /* d */
+ &pass_must_change_time, /* d */
+ &username_len, &username, /* B */
+ &domain_len, &domain, /* B */
+ &nt_username_len, &nt_username, /* B */
+ &fullname_len, &fullname, /* B */
+ &homedir_len, &homedir, /* B */
+ &dir_drive_len, &dir_drive, /* B */
+ &logon_script_len, &logon_script, /* B */
+ &profile_path_len, &profile_path, /* B */
+ &acct_desc_len, &acct_desc, /* B */
+ &workstations_len, &workstations, /* B */
+ &unknown_str_len, &unknown_str, /* B */
+ &munged_dial_len, &munged_dial, /* B */
+ &user_rid, /* d */
+ &group_rid, /* d */
+ &lm_pw_len, &lm_pw_ptr, /* B */
+ &nt_pw_len, &nt_pw_ptr, /* B */
+ /* Change from V1 is addition of password history field. */
+ &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */
+ &acct_ctrl, /* w */
+ /* Also "remove_me" field was removed. */
+ &logon_divs, /* w */
+ &hours_len, /* d */
+ &hourslen, &hours, /* B */
+ &bad_password_count, /* w */
+ &logon_count, /* w */
+ &unknown_6); /* d */
+
+ if (len == (uint32) -1) {
+ ret = False;
+ goto done;
+ }
+
+ pdb_set_logon_time(sampass, logon_time, PDB_SET);
+ pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
+ pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
+ pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET);
+ pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+ pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+ pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+
+ pdb_set_username(sampass, username, PDB_SET);
+ pdb_set_domain(sampass, domain, PDB_SET);
+ pdb_set_nt_username(sampass, nt_username, PDB_SET);
+ pdb_set_fullname(sampass, fullname, PDB_SET);
+
+ if (homedir) {
+ fstrcpy( tmpstring, homedir );
+ if (expand_explicit) {
+ standard_sub_basic( username, tmpstring,
+ sizeof(tmpstring) );
+ }
+ pdb_set_homedir(sampass, tmpstring, PDB_SET);
+ }
+ else {
+ pdb_set_homedir(sampass,
+ talloc_sub_basic(sampass, username, lp_logon_home()),
+ PDB_DEFAULT);
+ }
+
+ if (dir_drive)
+ pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
+ else
+ pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT );
+
+ if (logon_script) {
+ fstrcpy( tmpstring, logon_script );
+ if (expand_explicit) {
+ standard_sub_basic( username, tmpstring,
+ sizeof(tmpstring) );
+ }
+ pdb_set_logon_script(sampass, tmpstring, PDB_SET);
+ }
+ else {
+ pdb_set_logon_script(sampass,
+ talloc_sub_basic(sampass, username, lp_logon_script()),
+ PDB_DEFAULT);
+ }
+
+ if (profile_path) {
+ fstrcpy( tmpstring, profile_path );
+ if (expand_explicit) {
+ standard_sub_basic( username, tmpstring,
+ sizeof(tmpstring) );
+ }
+ pdb_set_profile_path(sampass, tmpstring, PDB_SET);
+ }
+ else {
+ pdb_set_profile_path(sampass,
+ talloc_sub_basic(sampass, username, lp_logon_path()),
+ PDB_DEFAULT);
+ }
+
+ pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
+ pdb_set_workstations(sampass, workstations, PDB_SET);
+ pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
+
+ if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
+ if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
+ ret = False;
+ goto done;
+ }
+ }
+
+ if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
+ if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
+ ret = False;
+ goto done;
+ }
+ }
+
+ /* Change from V1 is addition of password history field. */
+ pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ if (pwHistLen) {
+ uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
+ if (!pw_hist) {
+ ret = False;
+ goto done;
+ }
+ memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
+ if (nt_pw_hist_ptr && nt_pw_hist_len) {
+ int i;
+ SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0);
+ nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN;
+ for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) {
+ memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN],
+ &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN],
+ PW_HISTORY_ENTRY_LEN);
+ }
+ }
+ if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) {
+ SAFE_FREE(pw_hist);
+ ret = False;
+ goto done;
+ }
+ SAFE_FREE(pw_hist);
+ } else {
+ pdb_set_pw_history(sampass, NULL, 0, PDB_SET);
+ }
+
+ pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
+ pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+ pdb_set_hours_len(sampass, hours_len, PDB_SET);
+ pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
+ pdb_set_logon_count(sampass, logon_count, PDB_SET);
+ pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
+ pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+ pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
+ pdb_set_hours(sampass, hours, PDB_SET);
+
+done:
+
+ SAFE_FREE(username);
+ SAFE_FREE(domain);
+ SAFE_FREE(nt_username);
+ SAFE_FREE(fullname);
+ SAFE_FREE(homedir);
+ SAFE_FREE(dir_drive);
+ SAFE_FREE(logon_script);
+ SAFE_FREE(profile_path);
+ SAFE_FREE(acct_desc);
+ SAFE_FREE(workstations);
+ SAFE_FREE(munged_dial);
+ SAFE_FREE(unknown_str);
+ SAFE_FREE(lm_pw_ptr);
+ SAFE_FREE(nt_pw_ptr);
+ SAFE_FREE(nt_pw_hist_ptr);
+ SAFE_FREE(hours);
+
+ return ret;
+}
+
+
/**********************************************************************
Intialize a struct samu struct from a BYTE buffer of size len
*********************************************************************/
static BOOL init_sam_from_buffer(struct samu *sampass, uint8 *buf, uint32 buflen)
{
- return init_sam_from_buffer_v2(sampass, buf, buflen);
+ return init_sam_from_buffer_v3(sampass, buf, buflen);
}
/**********************************************************************
static uint32 init_buffer_from_sam (uint8 **buf, struct samu *sampass, BOOL size_only)
{
- return init_buffer_from_sam_v2(buf, sampass, size_only);
+ return init_buffer_from_sam_v3(buf, sampass, size_only);
}
/**********************************************************************
case 2:
ret = init_sam_from_buffer_v2(user, (uint8 *)data.dptr, data.dsize);
break;
+ case 3:
+ ret = init_sam_from_buffer_v3(user, (uint8 *)data.dptr, data.dsize);
+ break;
default:
/* unknown tdbsam version */
ret = False;
Save a list of user keys for iteration.
****************************************************************/
-static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
+static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask)
{
if ( !tdbsam_open( tdbsam_filename ) ) {
DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
uint32 user_rid;
PyObject *result = NULL;
TALLOC_CTX *mem_ctx;
- uint16 acb_info = ACB_NORMAL;
+ uint32 acb_info = ACB_NORMAL;
POLICY_HND user_pol;
if (!PyArg_ParseTupleAndKeywords(
**/
NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 *start_idx, uint16 acb_mask,
+ POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask,
uint32 size, char ***dom_users, uint32 **rids,
uint32 *num_dom_users)
{
/* Fill query structure with parameters */
- init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, 0, size);
+ init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS,
q, r,
uint16 logon_count, uint16 bad_pw_count,
uint32 num_groups, const DOM_GID *gids,
- uint32 user_flgs, uchar user_session_key[16],
+ uint32 user_flgs, uint32 acct_flags,
+ uchar user_session_key[16],
uchar lm_session_key[16],
const char *logon_srv, const char *logon_dom,
const DOM_SID *dom_sid)
usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
usr->user_flgs = user_flgs;
+ usr->acct_flags = acct_flags;
if (user_session_key != NULL)
memcpy(usr->user_sess_key, user_session_key, sizeof(usr->user_sess_key));
usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
memset((char *)usr->lm_sess_key, '\0', sizeof(usr->lm_sess_key));
- memset(&usr->acct_flags, '\0', sizeof(usr->acct_flags));
for (i=0; i<7; i++) {
memset(&usr->unknown[i], '\0', sizeof(usr->unknown));
int lvl = 10;
DEBUG(lvl,("dump_acct_flags\n"));
if (acct_flags & ACB_NORMAL) {
- DEBUGADD(lvl,("\taccount has UF_NORMAL_ACCOUNT\n"));
+ DEBUGADD(lvl,("\taccount has ACB_NORMAL\n"));
}
if (acct_flags & ACB_PWNOEXP) {
- DEBUGADD(lvl,("\taccount has UF_DONT_EXPIRE_PASSWD\n"));
+ DEBUGADD(lvl,("\taccount has ACB_PWNOEXP\n"));
}
if (acct_flags & ACB_ENC_TXT_PWD_ALLOWED) {
- DEBUGADD(lvl,("\taccount has UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED\n"));
+ DEBUGADD(lvl,("\taccount has ACB_ENC_TXT_PWD_ALLOWED\n"));
}
if (acct_flags & ACB_NOT_DELEGATED) {
- DEBUGADD(lvl,("\taccount has UF_NOT_DELEGATED\n"));
+ DEBUGADD(lvl,("\taccount has ACB_NOT_DELEGATED\n"));
}
if (acct_flags & ACB_USE_DES_KEY_ONLY) {
- DEBUGADD(lvl,("\taccount has UF_USE_DES_KEY_ONLY set, sig verify wont work\n"));
+ DEBUGADD(lvl,("\taccount has ACB_USE_DES_KEY_ONLY set, sig verify wont work\n"));
+ }
+ if (acct_flags & ACB_NO_AUTH_DATA_REQD) {
+ DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n"));
}
}
static void init_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx,
UNISTR2 *sam_name, UNISTR2 *sam_full,
UNISTR2 *sam_desc, uint32 rid_user,
- uint16 acb_info)
+ uint32 acb_info)
{
DEBUG(5, ("init_sam_entry1\n"));
if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
return False;
- if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info))
- return False;
-
- if(!prs_align(ps))
+ if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info))
return False;
if (!smb_io_unihdr("hdr_acct_name", &sam->hdr_acct_name, ps, depth))
********************************************************************/
static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx,
UNISTR2 *sam_name, UNISTR2 *sam_desc,
- uint32 rid_user, uint16 acb_info)
+ uint32 rid_user, uint32 acb_info)
{
DEBUG(5, ("init_sam_entry2\n"));
if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
return False;
- if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info))
- return False;
-
- if(!prs_align(ps))
+ if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info))
return False;
if(!smb_io_unihdr("unihdr", &sam->hdr_srv_name, ps, depth)) /* account name unicode string header */
void init_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS * q_e, POLICY_HND *pol,
uint32 start_idx,
- uint16 acb_mask, uint16 unk_1, uint32 size)
+ uint32 acb_mask, uint32 size)
{
DEBUG(5, ("init_samr_q_enum_dom_users\n"));
q_e->start_idx = start_idx; /* zero indicates lots */
q_e->acb_mask = acb_mask;
- q_e->unknown_1 = unk_1;
q_e->max_size = size;
}
if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
return False;
- if(!prs_uint16("acb_mask ", ps, depth, &q_e->acb_mask))
- return False;
- if(!prs_uint16("unknown_1", ps, depth, &q_e->unknown_1))
+ if(!prs_uint32("acb_mask ", ps, depth, &q_e->acb_mask))
return False;
if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
pdb_get_pass_last_set_time(sampw),
pdb_get_pass_can_change_time(sampw),
pdb_get_pass_must_change_time(sampw),
-
0, /* logon_count */
0, /* bad_pw_count */
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
- 0x20 , /* uint32 user_flgs (?) */
+ LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
+ pdb_get_acct_ctrl(sampw),
server_info->user_session_key.length ? user_session_key : NULL,
server_info->lm_session_key.length ? lm_session_key : NULL,
my_name , /* char *logon_srv */
pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
}
-static uint32 count_sam_users(struct disp_info *info, uint16 acct_flags)
+static uint32 count_sam_users(struct disp_info *info, uint32 acct_flags)
{
struct samr_displayentry *entry;
{
uint32 len;
pstring plaintext_buf;
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
DEBUG(5, ("Attempting administrator password change for user %s\n",
pdb_get_username(pwd)));
printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */
printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */
- printf("\tacb_info :\t0x%04x\n", usr->acb_info ); /* Account Control Info */
+ printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
char **dom_users;
uint32 *dom_rids;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
- uint16 acb_mask = ACB_NORMAL;
+ uint32 acb_mask = ACB_NORMAL;
BOOL got_connect_pol = False, got_domain_pol = False;
if ((argc < 1) || (argc > 3)) {
sscanf(argv[1], "%x", &access_mask);
if (argc > 2)
- sscanf(argv[2], "%hx", &acb_mask);
+ sscanf(argv[2], "%x", &acb_mask);
/* Get sam policy handle */
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
- uint16 acb_info;
+ uint32 acb_info;
uint32 unknown, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
uchar unenc_new_pw[16];
uchar unenc_old_pw[16];
struct samu *sampass = NULL;
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
const uint8 *lanman_pw;
BOOL ret;
static uchar null_pw[16];
uchar unenc_new_pw[16];
BOOL ret;
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
const uint8 *pwd;
if (sampass == NULL) {
uint8 *password_encrypted;
const uint8 *encryption_key;
const uint8 *lanman_pw, *nt_pw;
- uint16 acct_ctrl;
+ uint32 acct_ctrl;
uint32 new_pw_len;
uchar new_nt_hash[16];
uchar new_lm_hash[16];
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
- uint16 acb_info;
+ uint32 acb_info;
uint32 unknown, user_rid;
if (argc != 1) {
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- uint16 acb_info;
+ uint32 acb_info;
uint32 unknown, user_rid;
if (argc != 2) {