2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Jeremy Allison 1996-1998
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
7 Copyright (C) Gerald (Jerry) Carter 2000-2001
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
29 * This is set on startup - it defines the SID for this
30 * machine, and therefore the SAM database for which it is
34 extern DOM_SID global_sam_sid;
36 struct passdb_ops *pdb_ops;
38 static void* pdb_handle = NULL;
40 /***************************************************************
41 Initialize the password db operations.
42 ***************************************************************/
43 BOOL initialize_password_db(BOOL reload)
45 /* This function is unfinished right now, so just
46 ignore the details and always return True. It is here
47 only as a placeholder --jerry */
51 char* modulename = lp_passdb_module_path();
53 /* load another module? */
54 if (reload && pdb_handle)
56 sys_dlclose (pdb_handle);
60 /* do we have a module defined or use the default? */
61 if (strlen (modulename) != 0)
63 if ((pdb_handle=sys_dlopen (modulename, RTLD_LAZY)) == NULL)
65 DEBUG(0,("initialize_password_db: ERROR - Unable to open passdb module \"%s\"!\n%s\n",
66 modulename, sys_dlerror()));
69 DEBUG(1,("initialize_password_db: passdb module \"%s\" loaded successfully\n", modulename));
72 /* either no module name defined or the one that was failed
73 to open. Let's try the default */
74 if (pdb_handle == NULL)
76 if ((pdb_handle=sys_dlopen ("libpdbfile.so", RTLD_LAZY)) == NULL)
78 DEBUG(0,("initialize_password_db: ERROR - Unable to open \"libpdbfile.so\" passdb module! No user authentication possible!\n%s\n",
83 DEBUG(1,("initialize_password_db: passdb module \"libpdbfile.so\" loaded successfully\n"));
87 return (pdb_handle != NULL);
91 /*************************************************************
92 initialises a struct sam_disp_info.
93 **************************************************************/
94 static void pdb_init_dispinfo(struct sam_disp_info *user)
101 /*************************************************************
102 alloc memory and initialises a struct sam_passwd.
103 ************************************************************/
104 BOOL pdb_init_sam(SAM_ACCOUNT **user)
107 DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n"));
109 smb_panic("NULL pointer passed to pdb_init_sam\n");
114 *user=(SAM_ACCOUNT *)malloc(sizeof(SAM_ACCOUNT));
117 DEBUG(0,("pdb_init_sam: error while allocating memory\n"));
123 (*user)->logon_time = (time_t)0;
124 (*user)->logoff_time = (time_t)-1;
125 (*user)->kickoff_time = (time_t)-1;
126 (*user)->pass_last_set_time = (time_t)-1;
127 (*user)->pass_can_change_time = (time_t)-1;
128 (*user)->pass_must_change_time = (time_t)-1;
130 (*user)->unknown_3 = 0x00ffffff; /* don't know */
131 (*user)->logon_divs = 168; /* hours per week */
132 (*user)->hours_len = 21; /* 21 times 8 bits = 168 */
133 memset((*user)->hours, 0xff, (*user)->hours_len); /* available at all hours */
134 (*user)->unknown_5 = 0x00000000; /* don't know */
135 (*user)->unknown_6 = 0x000004ec; /* don't know */
140 /************************************************************
141 free the SAM_ACCOUNT and the NT/LM hashes.
142 ***********************************************************/
143 BOOL pdb_free_sam(SAM_ACCOUNT *user)
146 DEBUG(0,("pdb_free_sam: SAM_ACCOUNT was NULL\n"));
148 smb_panic("NULL pointer passed to pdb_free_sam\n");
153 SAFE_FREE(user->nt_pw);
154 SAFE_FREE(user->lm_pw);
160 /************************************************************
161 reset the SAM_ACCOUNT and the NT/LM hashes.
162 ***********************************************************/
164 BOOL pdb_reset_sam(SAM_ACCOUNT *user)
167 DEBUG(0,("pdb_reset_sam: SAM_ACCOUNT was NULL\n"));
171 SAFE_FREE(user->nt_pw);
172 SAFE_FREE(user->lm_pw);
178 /*************************************************************************
179 Routine to return the next entry in the sam passwd list.
180 *************************************************************************/
181 struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user)
183 static struct sam_disp_info disp_info;
188 pdb_init_dispinfo(&disp_info);
190 disp_info.smb_name = user->username;
191 disp_info.full_name = user->full_name;
192 disp_info.user_rid = user->user_rid;
197 /*******************************************************************
198 Group and User RID username mapping function
199 ********************************************************************/
200 BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
202 struct passwd *pw = Get_Pwnam(user_name, False);
204 if (u_rid == NULL || g_rid == NULL || user_name == NULL)
211 DEBUG(1,("Username %s is invalid on this system\n", user_name));
215 /* turn the unix UID into a Domain RID. this is what the posix
216 sub-system does (adds 1000 to the uid) */
217 *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
219 /* absolutely no idea what to do about the unix GID to Domain RID mapping */
220 *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
225 /*******************************************************************
226 Converts NT user RID to a UNIX uid.
227 ********************************************************************/
228 uid_t pdb_user_rid_to_uid(uint32 user_rid)
230 return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
233 /*******************************************************************
234 Converts NT user RID to a UNIX gid.
235 ********************************************************************/
237 gid_t pdb_user_rid_to_gid(uint32 user_rid)
239 return (uid_t)(((user_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
242 /*******************************************************************
243 converts UNIX uid to an NT User RID.
244 ********************************************************************/
246 uint32 pdb_uid_to_user_rid(uid_t uid)
248 return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
251 /*******************************************************************
252 converts NT Group RID to a UNIX uid.
253 ********************************************************************/
255 uint32 pdb_gid_to_group_rid(gid_t gid)
257 return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
260 /*******************************************************************
261 Decides if a RID is a well known RID.
262 ********************************************************************/
264 static BOOL pdb_rid_is_well_known(uint32 rid)
269 /*******************************************************************
270 Decides if a RID is a user or group RID.
271 ********************************************************************/
272 BOOL pdb_rid_is_user(uint32 rid)
274 /* lkcl i understand that NT attaches an enumeration to a RID
275 * such that it can be identified as either a user, group etc
276 * type. there are 5 such categories, and they are documented.
278 if(pdb_rid_is_well_known(rid)) {
280 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
281 * and DOMAIN_USER_RID_GUEST.
283 if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
285 } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
291 /*******************************************************************
292 Convert a rid into a name. Used in the lookup SID rpc.
293 ********************************************************************/
294 BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
297 BOOL is_user = pdb_rid_is_user(rid);
299 DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
300 "group", (unsigned int)rid));
303 if(rid == DOMAIN_USER_RID_ADMIN) {
305 char *p = admin_users;
306 if(!next_token(&p, name, NULL, sizeof(fstring)))
307 fstrcpy(name, "Administrator");
308 } else if (rid == DOMAIN_USER_RID_GUEST) {
310 char *p = guest_users;
311 if(!next_token(&p, name, NULL, sizeof(fstring)))
312 fstrcpy(name, "Guest");
318 * Don't try to convert the rid to a name if
319 * running in appliance mode
321 if (lp_hide_local_users())
324 uid = pdb_user_rid_to_uid(rid);
325 pass = sys_getpwuid(uid);
327 *psid_name_use = SID_NAME_USER;
329 DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
330 pass ? "succeeded" : "failed" ));
333 slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
337 fstrcpy(name, pass->pw_name);
339 DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
340 (unsigned int)rid ));
349 * Don't try to convert the rid to a name if running
353 if (lp_hide_local_users())
357 * First try the TDB. If the RID exists and is mapped to a unix group,
358 * return the NT name and the type.
361 sid_copy(&sid, &global_sam_sid);
362 sid_append_rid(&sid, rid);
363 if (get_group_map_from_sid(sid, &map) && map.gid!=-1) {
364 *psid_name_use = map.sid_name_use;
365 fstrcpy(name, map.nt_name);
367 DEBUG(5,("local_lookup_rid: found NT group %s mapped to Unix gid %u for rid %u\n",
368 name, (unsigned int)map.gid, (unsigned int)rid ));
370 if(!getgrgid(map.gid))
376 *psid_name_use = SID_NAME_ALIAS;
377 gid = pdb_user_rid_to_gid(rid);
380 DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
381 gr ? "succeeded" : "failed" ));
384 slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
388 fstrcpy( name, gr->gr_name);
390 DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name, (unsigned int)rid ));
396 /*******************************************************************
397 Convert a name into a SID. Used in the lookup name rpc.
398 ********************************************************************/
400 BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
402 extern DOM_SID global_sid_World_Domain;
403 struct passwd *pass = NULL;
409 * domain and user may be quoted const strings, and map_username and
410 * friends can modify them. Make a modifiable copy. JRA.
413 fstrcpy(domain, c_domain);
414 fstrcpy(user, c_user);
416 sid_copy(&local_sid, &global_sam_sid);
419 * Special case for MACHINE\Everyone. Map to the world_sid.
422 if(strequal(user, "Everyone")) {
423 sid_copy( psid, &global_sid_World_Domain);
424 sid_append_rid(psid, 0);
425 *psid_name_use = SID_NAME_ALIAS;
430 * Don't lookup local unix users if running in appliance mode
432 if (lp_hide_local_users())
435 (void)map_username(user);
437 if((pass = Get_Pwnam(user, True))) {
438 sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
439 *psid_name_use = SID_NAME_USER;
442 * Maybe it was a group ?
445 struct group *grp = NULL;
447 /* It can be a mapped group */
448 if (get_group_map_from_ntname(user, &map) && map.gid!=-1) {
450 grp=getgrgid(map.gid);
454 sid_copy(&local_sid, &map.sid);
455 *psid_name_use = map.sid_name_use;
457 /* It wasn't mapped, it can be a Unix group */
462 sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
463 *psid_name_use = SID_NAME_ALIAS;
467 sid_copy( psid, &local_sid);
472 /****************************************************************************
473 Convert a uid to SID - locally.
474 ****************************************************************************/
475 DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
477 extern DOM_SID global_sam_sid;
479 sid_copy(psid, &global_sam_sid);
480 sid_append_rid(psid, pdb_uid_to_user_rid(uid));
486 /****************************************************************************
487 Convert a SID to uid - locally.
488 ****************************************************************************/
489 BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
491 extern DOM_SID global_sam_sid;
498 *name_type = SID_NAME_UNKNOWN;
500 sid_copy(&dom_sid, psid);
501 sid_split_rid(&dom_sid, &rid);
503 if (!pdb_rid_is_user(rid))
507 * We can only convert to a uid if this is our local
508 * Domain SID (ie. we are the controling authority).
510 if (!sid_equal(&global_sam_sid, &dom_sid))
513 *puid = pdb_user_rid_to_uid(rid);
516 * Ensure this uid really does exist.
518 if(!(pass = sys_getpwuid(*puid)))
521 DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
522 (unsigned int)*puid, pass->pw_name ));
527 /****************************************************************************
528 Convert a gid to SID - locally.
529 ****************************************************************************/
530 DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
532 extern DOM_SID global_sam_sid;
534 sid_copy(psid, &global_sam_sid);
535 sid_append_rid(psid, pdb_gid_to_group_rid(gid));
540 /****************************************************************************
541 Convert a SID to gid - locally.
542 ****************************************************************************/
543 BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
545 extern DOM_SID global_sam_sid;
551 *name_type = SID_NAME_UNKNOWN;
553 sid_copy(&dom_sid, psid);
554 sid_split_rid(&dom_sid, &rid);
557 * We can only convert to a gid if this is our local
558 * Domain SID (ie. we are the controling authority).
561 if (!sid_equal(&global_sam_sid, &dom_sid))
564 if (pdb_rid_is_user(rid))
567 *pgid = pdb_user_rid_to_gid(rid);
570 * Ensure this gid really does exist.
573 if(!(grp = getgrgid(*pgid)))
576 DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str, psid),
577 (unsigned int)*pgid, grp->gr_name ));
582 static void select_name(pstring string, const UNISTR2 *from)
584 if (from->buffer != 0)
585 unistr2_to_ascii(string, from, sizeof(string));
588 /*************************************************************
589 copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
590 **************************************************************/
591 void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
594 if (from == NULL || to == NULL)
597 to->logon_time = nt_time_to_unix(&from->logon_time);
598 to->logoff_time = nt_time_to_unix(&from->logoff_time);
599 to->kickoff_time = nt_time_to_unix(&from->kickoff_time);
600 to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time);
601 to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
602 to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
604 select_name(to->username , &from->uni_user_name );
605 select_name(to->full_name , &from->uni_full_name );
606 select_name(to->home_dir , &from->uni_home_dir );
607 select_name(to->dir_drive , &from->uni_dir_drive );
608 select_name(to->logon_script, &from->uni_logon_script);
609 select_name(to->profile_path, &from->uni_profile_path);
610 select_name(to->acct_desc , &from->uni_acct_desc );
611 select_name(to->workstations, &from->uni_workstations);
612 select_name(to->unknown_str , &from->uni_unknown_str );
613 select_name(to->munged_dial , &from->uni_munged_dial );
615 to->user_rid = from->user_rid;
616 to->group_rid = from->group_rid;
618 to->acct_ctrl = from->acb_info;
619 to->unknown_3 = from->unknown_3;
621 to->logon_divs = from->logon_divs;
622 to->hours_len = from->logon_hrs.len;
623 memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN);
625 to->unknown_5 = from->unknown_5;
626 to->unknown_6 = from->unknown_6;
629 /*************************************************************
631 **************************************************************/
632 void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
634 if (from == NULL || to == NULL)
637 to->logon_time = nt_time_to_unix(&from->logon_time);
638 to->logoff_time = nt_time_to_unix(&from->logoff_time);
639 to->kickoff_time = nt_time_to_unix(&from->kickoff_time);
640 to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time);
641 to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
642 to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
644 select_name(to->username , &from->uni_user_name );
645 select_name(to->full_name , &from->uni_full_name );
646 select_name(to->home_dir , &from->uni_home_dir );
647 select_name(to->dir_drive , &from->uni_dir_drive );
648 select_name(to->logon_script, &from->uni_logon_script);
649 select_name(to->profile_path, &from->uni_profile_path);
650 select_name(to->acct_desc , &from->uni_acct_desc );
651 select_name(to->workstations, &from->uni_workstations);
652 select_name(to->unknown_str , &from->uni_unknown_str );
653 select_name(to->munged_dial , &from->uni_munged_dial );
655 to->user_rid = from->user_rid;
656 to->group_rid = from->group_rid;
658 /* FIXME!! Do we need to copy the passwords here as well?
659 I don't know. Need to figure this out --jerry */
661 to->acct_ctrl = from->acb_info;
662 to->unknown_3 = from->unknown_3;
664 to->logon_divs = from->logon_divs;
665 to->hours_len = from->logon_hrs.len;
666 memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN);
668 to->unknown_5 = from->unknown_5;
669 to->unknown_6 = from->unknown_6;
673 /*************************************************************
675 **************************************************************/
676 void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from)
678 if (!from || !to) return;
680 memcpy(to, from, sizeof(SAM_ACCOUNT));
683 /*************************************************************
684 change a password entry in the local smbpasswd file
686 FIXME!! The function needs to be abstracted into the
687 passdb interface or something. It is currently being called
688 by _api_samr_create_user() in rpc_server/srv_samr.c
691 *************************************************************/
693 BOOL local_password_change(char *user_name, int local_flags,
695 char *err_str, size_t err_str_len,
696 char *msg_str, size_t msg_str_len)
698 struct passwd *pwd = NULL;
699 SAM_ACCOUNT *sam_pass=NULL;
700 SAM_ACCOUNT *new_sam_acct=NULL;
702 uchar new_nt_p16[16];
707 if (local_flags & LOCAL_ADD_USER) {
710 * Check for a local account - if we're adding only.
713 if(!(pwd = sys_getpwnam(user_name))) {
714 slprintf(err_str, err_str_len - 1, "User %s does not \
715 exist in system password file (usually /etc/passwd). Cannot add \
716 account without a valid local system user.\n", user_name);
721 /* Calculate the MD4 hash (NT compatible) of the new password. */
722 nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
724 /* Get the smb passwd entry for this user */
725 pdb_init_sam(&sam_pass);
726 if(!pdb_getsampwnam(sam_pass, user_name))
728 pdb_free_sam(sam_pass);
730 if(!(local_flags & LOCAL_ADD_USER)) {
731 slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
735 /* create the SAM_ACCOUNT struct and call pdb_add_sam_account.
736 Because the new_sam_pwd only exists in the scope of this function
737 we will not allocate memory for members */
738 pdb_init_sam(&new_sam_acct);
739 pdb_set_username(new_sam_acct, user_name);
740 pdb_set_fullname(new_sam_acct, pwd->pw_gecos);
741 pdb_set_uid(new_sam_acct, pwd->pw_uid);
742 pdb_set_gid(new_sam_acct, pwd->pw_gid);
743 pdb_set_pass_last_set_time(new_sam_acct, time(NULL));
744 pdb_set_profile_path(new_sam_acct, lp_logon_path());
745 pdb_set_homedir(new_sam_acct, lp_logon_home());
746 pdb_set_dir_drive(new_sam_acct, lp_logon_drive());
747 pdb_set_logon_script(new_sam_acct, lp_logon_script());
749 /* set account flags */
750 pdb_set_acct_ctrl(new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
752 if (local_flags & LOCAL_DISABLE_USER)
753 pdb_set_acct_ctrl (new_sam_acct, pdb_get_acct_ctrl(new_sam_acct)|ACB_DISABLED);
755 if (local_flags & LOCAL_SET_NO_PASSWORD)
756 pdb_set_acct_ctrl (new_sam_acct, pdb_get_acct_ctrl(new_sam_acct)|ACB_PWNOTREQ);
758 /* set the passwords here. if we get to here it means
759 we have a valid, active account */
760 pdb_set_lanman_passwd (new_sam_acct, new_p16);
761 pdb_set_nt_passwd (new_sam_acct, new_nt_p16);
764 if (pdb_add_sam_account(new_sam_acct)) {
765 slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
766 pdb_free_sam(new_sam_acct);
769 slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
770 pdb_free_sam(new_sam_acct);
774 /* the entry already existed */
775 local_flags &= ~LOCAL_ADD_USER;
779 * We are root - just write the new password
780 * and the valid last change time.
783 if(local_flags & LOCAL_DISABLE_USER)
784 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
785 else if (local_flags & LOCAL_ENABLE_USER)
787 if(pdb_get_lanman_passwd(sam_pass) == NULL) {
788 pdb_set_lanman_passwd (sam_pass, new_p16);
789 pdb_set_nt_passwd (sam_pass, new_nt_p16);
791 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
793 else if (local_flags & LOCAL_SET_NO_PASSWORD) {
794 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
796 /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
797 pdb_set_lanman_passwd (sam_pass, NULL);
798 pdb_set_nt_passwd (sam_pass, NULL);
803 * If we're dealing with setting a completely empty user account
804 * ie. One with a password of 'XXXX', but not set disabled (like
805 * an account created from scratch) then if the old password was
806 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
807 * We remove that as we're giving this user their first password
808 * and the decision hasn't really been made to disable them (ie.
809 * don't create them disabled). JRA.
811 if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED))
812 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
813 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ));
814 pdb_set_lanman_passwd (sam_pass, new_p16);
815 pdb_set_nt_passwd (sam_pass, new_nt_p16);
818 if(local_flags & LOCAL_DELETE_USER) {
819 if (!pdb_delete_sam_account(user_name)) {
820 slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
821 pdb_free_sam(sam_pass);
824 slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
828 if(!pdb_update_sam_account(sam_pass, True)) {
829 slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
830 pdb_free_sam(sam_pass);
833 if(local_flags & LOCAL_DISABLE_USER)
834 slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
835 else if (local_flags & LOCAL_ENABLE_USER)
836 slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
837 else if (local_flags & LOCAL_SET_NO_PASSWORD)
838 slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
841 pdb_free_sam(sam_pass);
846 /*********************************************************************
847 collection of get...() functions for SAM_ACCOUNT_INFO
848 ********************************************************************/
849 uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass)
852 return (sampass->acct_ctrl);
854 return (ACB_DISABLED);
857 time_t pdb_get_logon_time (SAM_ACCOUNT *sampass)
860 return (sampass->logon_time);
865 time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass)
868 return (sampass->logoff_time);
873 time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass)
876 return (sampass->kickoff_time);
881 time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass)
884 return (sampass->pass_last_set_time);
889 time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass)
892 return (sampass->pass_can_change_time);
897 time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass)
900 return (sampass->pass_must_change_time);
905 uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass)
908 return (sampass->logon_divs);
913 uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass)
916 return (sampass->hours_len);
921 uint8* pdb_get_hours (SAM_ACCOUNT *sampass)
924 return (sampass->hours);
929 uint8* pdb_get_nt_passwd (SAM_ACCOUNT *sampass)
932 return (sampass->nt_pw);
937 uint8* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass)
940 return (sampass->lm_pw);
946 uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass)
949 return (sampass->user_rid);
954 uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass)
957 return (sampass->group_rid);
962 uid_t pdb_get_uid (SAM_ACCOUNT *sampass)
965 return (sampass->uid);
970 gid_t pdb_get_gid (SAM_ACCOUNT *sampass)
973 return (sampass->gid);
978 char* pdb_get_username (SAM_ACCOUNT *sampass)
981 return (sampass->username);
986 char* pdb_get_domain (SAM_ACCOUNT *sampass)
989 return (sampass->domain);
994 char* pdb_get_nt_username (SAM_ACCOUNT *sampass)
997 return (sampass->nt_username);
1002 char* pdb_get_fullname (SAM_ACCOUNT *sampass)
1005 return (sampass->full_name);
1010 char* pdb_get_homedir (SAM_ACCOUNT *sampass)
1013 return (sampass->home_dir);
1018 char* pdb_get_dirdrive (SAM_ACCOUNT *sampass)
1021 return (sampass->dir_drive);
1026 char* pdb_get_logon_script (SAM_ACCOUNT *sampass)
1029 return (sampass->logon_script);
1034 char* pdb_get_profile_path (SAM_ACCOUNT *sampass)
1037 return (sampass->profile_path);
1042 char* pdb_get_acct_desc (SAM_ACCOUNT *sampass)
1045 return (sampass->acct_desc);
1050 char* pdb_get_workstations (SAM_ACCOUNT *sampass)
1053 return (sampass->workstations);
1058 char* pdb_get_munged_dial (SAM_ACCOUNT *sampass)
1061 return (sampass->munged_dial);
1066 uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass)
1069 return (sampass->unknown_3);
1074 uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass)
1077 return (sampass->unknown_5);
1082 uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass)
1085 return (sampass->unknown_6);
1090 /*********************************************************************
1091 collection of set...() functions for SAM_ACCOUNT_INFO
1092 ********************************************************************/
1093 BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
1100 sampass->acct_ctrl = flags;
1107 BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime)
1112 sampass->logon_time = mytime;
1116 BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime)
1121 sampass->logoff_time = mytime;
1125 BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime)
1130 sampass->kickoff_time = mytime;
1134 BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime)
1139 sampass->pass_can_change_time = mytime;
1143 BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime)
1148 sampass->pass_must_change_time = mytime;
1152 BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
1157 sampass->pass_last_set_time = mytime;
1161 BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
1166 sampass->hours_len = len;
1170 BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours)
1175 sampass->logon_divs = hours;
1179 BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid)
1188 BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid)
1197 BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
1202 sampass->user_rid = rid;
1206 BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
1211 sampass->group_rid = grid;
1215 /*********************************************************************
1216 set the user's UNIX name
1217 ********************************************************************/
1218 BOOL pdb_set_username(SAM_ACCOUNT *sampass, char *username)
1220 if (!sampass || !username)
1223 StrnCpy (sampass->username, username, strlen(username));
1228 /*********************************************************************
1230 ********************************************************************/
1231 BOOL pdb_set_domain(SAM_ACCOUNT *sampass, char *domain)
1233 if (!sampass || !domain)
1236 StrnCpy (sampass->domain, domain, strlen(domain));
1241 /*********************************************************************
1242 set the user's NT name
1243 ********************************************************************/
1244 BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, char *nt_username)
1246 if (!sampass || !nt_username)
1249 StrnCpy (sampass->nt_username, nt_username, strlen(nt_username));
1254 /*********************************************************************
1255 set the user's full name
1256 ********************************************************************/
1257 BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, char *fullname)
1259 if (!sampass || !fullname)
1262 StrnCpy (sampass->full_name, fullname, strlen(fullname));
1267 /*********************************************************************
1268 set the user's logon script
1269 ********************************************************************/
1270 BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, char *logon_script)
1272 if (!sampass || !logon_script)
1275 StrnCpy (sampass->logon_script, logon_script, strlen(logon_script));
1280 /*********************************************************************
1281 set the user's profile path
1282 ********************************************************************/
1283 BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path)
1285 if (!sampass || !profile_path)
1288 StrnCpy (sampass->profile_path, profile_path, strlen(profile_path));
1293 /*********************************************************************
1294 set the user's directory drive
1295 ********************************************************************/
1296 BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive)
1298 if (!sampass || !dir_drive)
1301 StrnCpy (sampass->dir_drive, dir_drive, strlen(dir_drive));
1306 /*********************************************************************
1307 set the user's home directory
1308 ********************************************************************/
1309 BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir)
1311 if (!sampass || !homedir)
1314 StrnCpy (sampass->home_dir, homedir, strlen(homedir));
1319 /*********************************************************************
1320 set the user's account description
1321 ********************************************************************/
1322 BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, char *acct_desc)
1324 if (!sampass || !acct_desc)
1327 StrnCpy (sampass->acct_desc, acct_desc, strlen(acct_desc));
1332 /*********************************************************************
1333 set the user's workstation allowed list
1334 ********************************************************************/
1335 BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, char *workstations)
1337 if (!sampass || !workstations) return False;
1339 StrnCpy (sampass->workstations, workstations, strlen(workstations));
1344 /*********************************************************************
1345 set the user's dial string
1346 ********************************************************************/
1347 BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, char *munged_dial)
1349 if (!sampass || !munged_dial) return False;
1351 StrnCpy (sampass->munged_dial, munged_dial, strlen(munged_dial));
1356 /*********************************************************************
1357 set the user's NT hash
1358 ********************************************************************/
1359 BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
1361 if (!sampass || !pwd) return False;
1363 if (sampass->nt_pw!=NULL)
1364 DEBUG(0,("pdb_set_nt_passwd: NT hash non NULL overwriting ?\n"));
1366 sampass->nt_pw=(unsigned char *)malloc(sizeof(unsigned char)*16);
1368 if (sampass->nt_pw==NULL)
1371 memcpy (sampass->nt_pw, pwd, 16);
1376 /*********************************************************************
1377 set the user's LM hash
1378 ********************************************************************/
1379 BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
1381 if (!sampass || !pwd) return False;
1383 if (sampass->lm_pw!=NULL)
1384 DEBUG(0,("pdb_set_lanman_passwd: LM hash non NULL overwriting ?\n"));
1386 sampass->lm_pw=(unsigned char *)malloc(sizeof(unsigned char)*16);
1388 if (sampass->lm_pw==NULL)
1391 memcpy (sampass->lm_pw, pwd, 16);
1396 BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
1401 sampass->unknown_3 = unkn;
1405 BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
1410 sampass->unknown_5 = unkn;
1414 BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
1419 sampass->unknown_6 = unkn;
1423 BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours)
1425 if (!sampass) return False;
1429 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
1433 memcpy (sampass->hours, hours, MAX_HOURS_LEN);