2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Jeremy Allison 1996-1998
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
7 Copyright (C) Gerald (Jerry) Carter 2000-2001
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
29 * This is set on startup - it defines the SID for this
30 * machine, and therefore the SAM database for which it is
34 extern DOM_SID global_sam_sid;
36 struct passdb_ops *pdb_ops;
38 static void* pdb_handle = NULL;
40 /***************************************************************
41 Initialize the password db operations.
42 ***************************************************************/
43 BOOL initialize_password_db(BOOL reload)
46 char* modulename = lp_passdb_module_path();
48 /* This function is unfinished right now, so just
49 ignore the details and always return True. It is here
50 only as a placeholder --jerry */
53 /* load another module? */
54 if (reload && pdb_handle)
56 sys_dlclose (pdb_handle);
60 /* do we have a module defined or use the default? */
61 if (strlen (modulename) != 0)
63 if ((pdb_handle=sys_dlopen (modulename, RTLD_LAZY)) == NULL)
65 DEBUG(0,("initialize_password_db: ERROR - Unable to open passdb module \"%s\"!\n%s\n",
66 modulename, dlerror()));
69 DEBUG(1,("initialize_password_db: passdb module \"%s\" loaded successfully\n", modulename));
72 /* either no module name defined or the one that was failed
73 to open. Let's try the default */
74 if (pdb_handle == NULL)
76 if ((pdb_handle=sys_dlopen ("libpdbfile.so", RTLD_LAZY)) == NULL)
78 DEBUG(0,("initialize_password_db: ERROR - Unable to open \"libpdbfile.so\" passdb module! No user authentication possible!\n%s\n",
83 DEBUG(1,("initialize_password_db: passdb module \"libpdbfile.so\" loaded successfully\n"));
87 return (pdb_handle != NULL);
90 /*************************************************************
91 initialises a struct sam_disp_info.
92 **************************************************************/
93 static void pdb_init_dispinfo(struct sam_disp_info *user)
100 /*************************************************************
101 initialises a struct sam_passwd.
102 ************************************************************/
103 void pdb_init_sam(SAM_ACCOUNT *user)
110 user->mem_ctx = talloc_init();
111 DEBUG(10, ("pdb_init_sam: obtained a talloc context of 0x%x\n",
112 (unsigned)user->mem_ctx));
114 user->logon_time = (time_t)0;
115 user->logoff_time = (time_t)-1;
116 user->kickoff_time = (time_t)-1;
117 user->pass_last_set_time = (time_t)-1;
118 user->pass_can_change_time = (time_t)-1;
119 user->pass_must_change_time = (time_t)-1;
121 user->unknown_3 = 0x00ffffff; /* don't know */
122 user->logon_divs = 168; /* hours per week */
123 user->hours_len = 21; /* 21 times 8 bits = 168 */
124 memset(user->hours, 0xff, user->hours_len); /* available at all hours */
125 user->unknown_5 = 0x00000000; /* don't know */
126 user->unknown_6 = 0x000004ec; /* don't know */
129 /************************************************************
130 free all pointer members and then reinit the SAM_ACCOUNT
131 ***********************************************************/
132 void pdb_clear_sam(SAM_ACCOUNT *user)
137 /* free upany memory used */
138 DEBUG(10, ("pdb_clear_sam: releasing memory. talloc context is 0x%x\n",(unsigned)user->mem_ctx));
139 talloc_destroy (user->mem_ctx);
147 /*************************************************************************
148 Routine to return the next entry in the sam passwd list.
149 *************************************************************************/
150 struct sam_disp_info *pdb_sam_to_dispinfo(SAM_ACCOUNT *user)
152 static struct sam_disp_info disp_info;
157 pdb_init_dispinfo(&disp_info);
159 disp_info.smb_name = user->username;
160 disp_info.full_name = user->full_name;
161 disp_info.user_rid = user->user_rid;
167 /**********************************************************
168 Encode the account control bits into a string.
169 length = length of string to encode into (including terminating
170 null). length *MUST BE MORE THAN 2* !
171 **********************************************************/
172 char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
174 static fstring acct_str;
179 if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
180 if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
181 if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
182 if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
183 if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
184 if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
185 if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
186 if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
187 if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
188 if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
189 if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
191 for ( ; i < length - 2 ; i++ ) { acct_str[i] = ' '; }
195 acct_str[i++] = '\0';
200 /**********************************************************
201 Decode the account control bits from a string.
203 this function breaks coding standards minimum line width of 80 chars.
204 reason: vertical line-up code clarity - all case statements fit into
205 15 lines, which is more important.
206 **********************************************************/
208 uint16 pdb_decode_acct_ctrl(const char *p)
210 uint16 acct_ctrl = 0;
211 BOOL finished = False;
214 * Check if the account type bits have been encoded after the
215 * NT password (in the form [NDHTUWSLXI]).
218 if (*p != '[') return 0;
220 for (p++; *p && !finished; p++)
224 case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
225 case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
226 case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
227 case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
228 case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
229 case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
230 case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
231 case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
232 case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
233 case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
234 case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
240 default: { finished = True; }
247 /*************************************************************
248 Routine to set 32 hex password characters from a 16 byte array.
249 **************************************************************/
250 void pdb_sethexpwd(char *p, unsigned char *pwd, uint16 acct_ctrl)
254 for (i = 0; i < 16; i++)
255 slprintf(&p[i*2], 3, "%02X", pwd[i]);
257 if (acct_ctrl & ACB_PWNOTREQ)
258 safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
260 safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
264 /*************************************************************
265 Routine to get the 32 hex characters and turn them
266 into a 16 byte array.
267 **************************************************************/
268 BOOL pdb_gethexpwd(char *p, unsigned char *pwd)
271 unsigned char lonybble, hinybble;
272 char *hexchars = "0123456789ABCDEF";
275 if (!p) return (False);
277 for (i = 0; i < 32; i += 2)
279 hinybble = toupper(p[i]);
280 lonybble = toupper(p[i + 1]);
282 p1 = strchr(hexchars, hinybble);
283 p2 = strchr(hexchars, lonybble);
290 hinybble = PTR_DIFF(p1, hexchars);
291 lonybble = PTR_DIFF(p2, hexchars);
293 pwd[i / 2] = (hinybble << 4) | lonybble;
298 /*******************************************************************
299 Group and User RID username mapping function
300 ********************************************************************/
301 BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
303 struct passwd *pw = Get_Pwnam(user_name, False);
305 if (u_rid == NULL || g_rid == NULL || user_name == NULL)
312 DEBUG(1,("Username %s is invalid on this system\n", user_name));
316 if (user_in_list(user_name, lp_domain_guest_users()))
318 *u_rid = DOMAIN_USER_RID_GUEST;
320 else if (user_in_list(user_name, lp_domain_admin_users()))
322 *u_rid = DOMAIN_USER_RID_ADMIN;
326 /* turn the unix UID into a Domain RID. this is what the posix
327 sub-system does (adds 1000 to the uid) */
328 *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
331 /* absolutely no idea what to do about the unix GID to Domain RID mapping */
332 *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
337 /*******************************************************************
338 Converts NT user RID to a UNIX uid.
339 ********************************************************************/
340 uid_t pdb_user_rid_to_uid(uint32 user_rid)
342 return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
345 /*******************************************************************
346 Converts NT user RID to a UNIX gid.
347 ********************************************************************/
349 gid_t pdb_user_rid_to_gid(uint32 user_rid)
351 return (uid_t)(((user_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
354 /*******************************************************************
355 converts UNIX uid to an NT User RID.
356 ********************************************************************/
358 uint32 pdb_uid_to_user_rid(uid_t uid)
360 return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
363 /*******************************************************************
364 converts NT Group RID to a UNIX uid.
365 ********************************************************************/
367 uint32 pdb_gid_to_group_rid(gid_t gid)
369 return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
372 /*******************************************************************
373 Decides if a RID is a well known RID.
374 ********************************************************************/
376 static BOOL pdb_rid_is_well_known(uint32 rid)
381 /*******************************************************************
382 Decides if a RID is a user or group RID.
383 ********************************************************************/
384 BOOL pdb_rid_is_user(uint32 rid)
386 /* lkcl i understand that NT attaches an enumeration to a RID
387 * such that it can be identified as either a user, group etc
388 * type. there are 5 such categories, and they are documented.
390 if(pdb_rid_is_well_known(rid)) {
392 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
393 * and DOMAIN_USER_RID_GUEST.
395 if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
397 } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
403 /*******************************************************************
404 Convert a rid into a name. Used in the lookup SID rpc.
405 ********************************************************************/
406 BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
409 BOOL is_user = pdb_rid_is_user(rid);
411 DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
412 "group", (unsigned int)rid));
415 if(rid == DOMAIN_USER_RID_ADMIN) {
417 char *p = admin_users;
418 pstrcpy( admin_users, lp_domain_admin_users());
419 if(!next_token(&p, name, NULL, sizeof(fstring)))
420 fstrcpy(name, "Administrator");
421 } else if (rid == DOMAIN_USER_RID_GUEST) {
423 char *p = guest_users;
424 pstrcpy( guest_users, lp_domain_guest_users());
425 if(!next_token(&p, name, NULL, sizeof(fstring)))
426 fstrcpy(name, "Guest");
432 * Don't try to convert the rid to a name if
433 * running in appliance mode
435 if (lp_hide_local_users())
438 uid = pdb_user_rid_to_uid(rid);
439 pass = sys_getpwuid(uid);
441 *psid_name_use = SID_NAME_USER;
443 DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
444 pass ? "succeeded" : "failed" ));
447 slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
451 fstrcpy(name, pass->pw_name);
453 DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
454 (unsigned int)rid ));
462 * Don't try to convert the rid to a name if running
466 if (lp_hide_local_users())
469 gid = pdb_user_rid_to_gid(rid);
472 *psid_name_use = SID_NAME_ALIAS;
474 DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
475 gr ? "succeeded" : "failed" ));
478 slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
482 fstrcpy( name, gr->gr_name);
484 DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
485 (unsigned int)rid ));
491 /*******************************************************************
492 Convert a name into a SID. Used in the lookup name rpc.
493 ********************************************************************/
495 BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
497 extern DOM_SID global_sid_World_Domain;
498 struct passwd *pass = NULL;
504 * domain and user may be quoted const strings, and map_username and
505 * friends can modify them. Make a modifiable copy. JRA.
508 fstrcpy(domain, c_domain);
509 fstrcpy(user, c_user);
511 sid_copy(&local_sid, &global_sam_sid);
514 * Special case for MACHINE\Everyone. Map to the world_sid.
517 if(strequal(user, "Everyone")) {
518 sid_copy( psid, &global_sid_World_Domain);
519 sid_append_rid(psid, 0);
520 *psid_name_use = SID_NAME_ALIAS;
525 * Don't lookup local unix users if running in appliance mode
527 if (lp_hide_local_users())
530 (void)map_username(user);
532 if(!(pass = Get_Pwnam(user, True))) {
534 * Maybe it was a group ?
536 struct group *grp = getgrnam(user);
541 sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
542 *psid_name_use = SID_NAME_ALIAS;
545 sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
546 *psid_name_use = SID_NAME_USER;
549 sid_copy( psid, &local_sid);
554 /****************************************************************************
555 Convert a uid to SID - locally.
556 ****************************************************************************/
557 DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
559 extern DOM_SID global_sam_sid;
561 sid_copy(psid, &global_sam_sid);
562 sid_append_rid(psid, pdb_uid_to_user_rid(uid));
568 /****************************************************************************
569 Convert a SID to uid - locally.
570 ****************************************************************************/
571 BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
573 extern DOM_SID global_sam_sid;
580 *name_type = SID_NAME_UNKNOWN;
582 sid_copy(&dom_sid, psid);
583 sid_split_rid(&dom_sid, &rid);
585 if (!pdb_rid_is_user(rid))
589 * We can only convert to a uid if this is our local
590 * Domain SID (ie. we are the controling authority).
592 if (!sid_equal(&global_sam_sid, &dom_sid))
595 *puid = pdb_user_rid_to_uid(rid);
598 * Ensure this uid really does exist.
600 if(!(pass = sys_getpwuid(*puid)))
603 DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
604 (unsigned int)*puid, pass->pw_name ));
609 /****************************************************************************
610 Convert a gid to SID - locally.
611 ****************************************************************************/
612 DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
614 extern DOM_SID global_sam_sid;
616 sid_copy(psid, &global_sam_sid);
617 sid_append_rid(psid, pdb_gid_to_group_rid(gid));
622 /****************************************************************************
623 Convert a SID to gid - locally.
624 ****************************************************************************/
625 BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
627 extern DOM_SID global_sam_sid;
633 *name_type = SID_NAME_UNKNOWN;
635 sid_copy(&dom_sid, psid);
636 sid_split_rid(&dom_sid, &rid);
639 * We can only convert to a gid if this is our local
640 * Domain SID (ie. we are the controling authority).
643 if (!sid_equal(&global_sam_sid, &dom_sid))
646 if (pdb_rid_is_user(rid))
649 *pgid = pdb_user_rid_to_gid(rid);
652 * Ensure this gid really does exist.
655 if(!(grp = getgrgid(*pgid)))
658 DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str, psid),
659 (unsigned int)*pgid, grp->gr_name ));
664 static void select_name(fstring *string, char **name, const UNISTR2 *from)
666 if (from->buffer != 0)
668 unistr2_to_ascii(*string, from, sizeof(*string));
673 /*************************************************************
674 copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
675 **************************************************************/
676 void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
678 static fstring smb_name;
679 static fstring full_name;
680 static fstring home_dir;
681 static fstring dir_drive;
682 static fstring logon_script;
683 static fstring profile_path;
684 static fstring acct_desc;
685 static fstring workstations;
686 static fstring unknown_str;
687 static fstring munged_dial;
689 if (from == NULL || to == NULL)
692 to->logon_time = nt_time_to_unix(&from->logon_time);
693 to->logoff_time = nt_time_to_unix(&from->logoff_time);
694 to->kickoff_time = nt_time_to_unix(&from->kickoff_time);
695 to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time);
696 to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
697 to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
699 select_name(&smb_name , &to->username , &from->uni_user_name );
700 select_name(&full_name , &to->full_name , &from->uni_full_name );
701 select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
702 select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
703 select_name(&logon_script, &to->logon_script, &from->uni_logon_script);
704 select_name(&profile_path, &to->profile_path, &from->uni_profile_path);
705 select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc );
706 select_name(&workstations, &to->workstations, &from->uni_workstations);
707 select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
708 select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
710 to->user_rid = from->user_rid;
711 to->group_rid = from->group_rid;
713 to->acct_ctrl = from->acb_info;
714 to->unknown_3 = from->unknown_3;
716 to->logon_divs = from->logon_divs;
717 to->hours_len = from->logon_hrs.len;
718 memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN);
720 to->unknown_5 = from->unknown_5;
721 to->unknown_6 = from->unknown_6;
724 /*************************************************************
726 **************************************************************/
727 void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
729 static fstring smb_name;
730 static fstring full_name;
731 static fstring home_dir;
732 static fstring dir_drive;
733 static fstring logon_script;
734 static fstring profile_path;
735 static fstring acct_desc;
736 static fstring workstations;
737 static fstring unknown_str;
738 static fstring munged_dial;
740 if (from == NULL || to == NULL)
743 to->logon_time = nt_time_to_unix(&from->logon_time);
744 to->logoff_time = nt_time_to_unix(&from->logoff_time);
745 to->kickoff_time = nt_time_to_unix(&from->kickoff_time);
746 to->pass_last_set_time = nt_time_to_unix(&from->pass_last_set_time);
747 to->pass_can_change_time = nt_time_to_unix(&from->pass_can_change_time);
748 to->pass_must_change_time = nt_time_to_unix(&from->pass_must_change_time);
750 select_name(&smb_name , &to->username , &from->uni_user_name );
751 select_name(&full_name , &to->full_name , &from->uni_full_name );
752 select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
753 select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
754 select_name(&logon_script, &to->logon_script, &from->uni_logon_script);
755 select_name(&profile_path, &to->profile_path, &from->uni_profile_path);
756 select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc );
757 select_name(&workstations, &to->workstations, &from->uni_workstations);
758 select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
759 select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
761 to->user_rid = from->user_rid;
762 to->group_rid = from->group_rid;
764 /* FIXME!! Do we need to copy the passwords here as well?
765 I don't know. Need to figure this out --jerry */
767 to->acct_ctrl = from->acb_info;
768 to->unknown_3 = from->unknown_3;
770 to->logon_divs = from->logon_divs;
771 to->hours_len = from->logon_hrs.len;
772 memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN);
774 to->unknown_5 = from->unknown_5;
775 to->unknown_6 = from->unknown_6;
779 /*************************************************************
781 **************************************************************/
782 void copy_sam_passwd(SAM_ACCOUNT *to, const SAM_ACCOUNT *from)
786 if (!from || !to) return;
790 /* copy all non-pointers */
791 memcpy(to, from, sizeof(*from));
793 if (from->username) {
794 len=strlen(from->username)+1;
795 to->username = talloc(to->mem_ctx, len);
796 StrnCpy (to->username, from->username, len-1);
799 if (from->full_name) {
800 len=strlen(from->full_name)+1;
801 to->full_name = talloc(to->mem_ctx, len);
802 StrnCpy (to->full_name, from->full_name, len-1);
805 if (from->nt_username) {
806 len=strlen(from->nt_username)+1;
807 to->nt_username = talloc(to->mem_ctx, len);
808 StrnCpy (to->nt_username, from->nt_username, len-1);
811 if (from->profile_path) {
812 len=strlen(from->profile_path)+1;
813 to->profile_path = talloc(to->mem_ctx, len);
814 StrnCpy (to->profile_path, from->profile_path, len-1);
817 if (from->logon_script) {
818 len=strlen(from->logon_script)+1;
819 to->logon_script = talloc(to->mem_ctx, len);
820 StrnCpy (to->logon_script, from->logon_script, len-1);
823 if (from->home_dir) {
824 len=strlen(from->home_dir)+1;
825 to->home_dir = talloc(to->mem_ctx, len);
826 StrnCpy (to->home_dir, from->home_dir, len-1);
829 if (from->dir_drive) {
830 len=strlen(from->dir_drive)+1;
831 to->dir_drive = talloc(to->mem_ctx, len);
832 StrnCpy (to->dir_drive, from->dir_drive, len-1);
835 if (from->workstations) {
836 len=strlen(from->workstations)+1;
837 to->workstations = talloc(to->mem_ctx, len);
838 StrnCpy (to->workstations, from->workstations, len-1);
841 if (from->acct_desc) {
842 len=strlen(from->acct_desc)+1;
843 to->acct_desc = talloc(to->mem_ctx, len);
844 StrnCpy (to->acct_desc, from->acct_desc, len-1);
847 if (from->munged_dial) {
848 len=strlen(from->munged_dial)+1;
849 to->munged_dial = talloc(to->mem_ctx, len);
850 StrnCpy (to->munged_dial, from->munged_dial, len);
853 if (from->unknown_str) {
854 len=strlen(from->unknown_str)+1;
855 to->unknown_str = talloc(to->mem_ctx, len);
856 StrnCpy (to->unknown_str, from->unknown_str, len-1);
861 to->nt_pw = talloc(to->mem_ctx, 16);
862 memcpy (to->nt_pw, from->nt_pw, 16);
866 to->lm_pw = talloc(to->mem_ctx, 16);
867 memcpy (to->lm_pw, from->lm_pw, 16);
873 /*************************************************************
874 change a password entry in the local smbpasswd file
876 FIXME!! The function needs to be abstracted into the
877 passdb interface or something. It is currently being called
878 by _api_samr_create_user() in rpc_server/srv_samr.c
881 *************************************************************/
883 BOOL local_password_change(char *user_name, int local_flags,
885 char *err_str, size_t err_str_len,
886 char *msg_str, size_t msg_str_len)
888 struct passwd *pwd = NULL;
889 SAM_ACCOUNT *sam_pass;
890 SAM_ACCOUNT new_sam_acct;
892 uchar new_nt_p16[16];
897 if (local_flags & LOCAL_ADD_USER) {
900 * Check for a local account - if we're adding only.
903 if(!(pwd = sys_getpwnam(user_name))) {
904 slprintf(err_str, err_str_len - 1, "User %s does not \
905 exist in system password file (usually /etc/passwd). Cannot add \
906 account without a valid local system user.\n", user_name);
911 /* Calculate the MD4 hash (NT compatible) of the new password. */
912 nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
914 /* Get the smb passwd entry for this user */
915 sam_pass = pdb_getsampwnam(user_name);
916 if (sam_pass == NULL)
918 if(!(local_flags & LOCAL_ADD_USER))
920 slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
924 /* create the SAM_ACCOUNT struct and call pdb_add_sam_account.
925 Because the new_sam_pwd only exists in the scope of this function
926 we will not allocate memory for members */
927 pdb_init_sam (&new_sam_acct);
928 pdb_set_username (&new_sam_acct, user_name);
929 pdb_set_fullname (&new_sam_acct, pwd->pw_gecos);
930 pdb_set_uid (&new_sam_acct, pwd->pw_uid);
931 pdb_set_gid (&new_sam_acct, pwd->pw_gid);
932 pdb_set_pass_last_set_time(&new_sam_acct, time(NULL));
933 pdb_set_profile_path (&new_sam_acct, lp_logon_path());
934 pdb_set_homedir (&new_sam_acct, lp_logon_home());
935 pdb_set_dir_drive (&new_sam_acct, lp_logon_drive());
936 pdb_set_logon_script (&new_sam_acct, lp_logon_script());
938 /* set account flags */
939 pdb_set_acct_ctrl(&new_sam_acct,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) );
940 if (local_flags & LOCAL_DISABLE_USER)
942 pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_DISABLED);
944 if (local_flags & LOCAL_SET_NO_PASSWORD)
946 pdb_set_acct_ctrl (&new_sam_acct, pdb_get_acct_ctrl(&new_sam_acct)|ACB_PWNOTREQ);
950 /* set the passwords here. if we get to here it means
951 we have a valid, active account */
952 pdb_set_lanman_passwd (&new_sam_acct, new_p16);
953 pdb_set_nt_passwd (&new_sam_acct, new_nt_p16);
957 if (pdb_add_sam_account(&new_sam_acct))
959 slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
960 pdb_clear_sam (&new_sam_acct);
965 slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
971 /* the entry already existed */
972 local_flags &= ~LOCAL_ADD_USER;
976 * We are root - just write the new password
977 * and the valid last change time.
980 if(local_flags & LOCAL_DISABLE_USER)
982 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED);
984 else if (local_flags & LOCAL_ENABLE_USER)
986 if(pdb_get_lanman_passwd(sam_pass) == NULL)
988 pdb_set_lanman_passwd (sam_pass, new_p16);
989 pdb_set_nt_passwd (sam_pass, new_nt_p16);
991 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
992 } else if (local_flags & LOCAL_SET_NO_PASSWORD)
994 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ);
996 /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
997 pdb_set_lanman_passwd (sam_pass, NULL);
998 pdb_set_nt_passwd (sam_pass, NULL);
1003 * If we're dealing with setting a completely empty user account
1004 * ie. One with a password of 'XXXX', but not set disabled (like
1005 * an account created from scratch) then if the old password was
1006 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
1007 * We remove that as we're giving this user their first password
1008 * and the decision hasn't really been made to disable them (ie.
1009 * don't create them disabled). JRA.
1011 if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED))
1012 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED));
1013 pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ));
1014 pdb_set_lanman_passwd (sam_pass, new_p16);
1015 pdb_set_nt_passwd (sam_pass, new_nt_p16);
1018 if(local_flags & LOCAL_DELETE_USER)
1020 if (!pdb_delete_sam_account(user_name))
1022 slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
1025 slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
1029 if(!pdb_update_sam_account(sam_pass, True))
1031 slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
1034 if(local_flags & LOCAL_DISABLE_USER)
1035 slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
1036 else if (local_flags & LOCAL_ENABLE_USER)
1037 slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
1038 else if (local_flags & LOCAL_SET_NO_PASSWORD)
1039 slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
1046 /*********************************************************************
1047 collection of get...() functions for SAM_ACCOUNT_INFO
1048 ********************************************************************/
1049 uint16 pdb_get_acct_ctrl (SAM_ACCOUNT *sampass)
1052 return (sampass->acct_ctrl);
1054 return (ACB_DISABLED);
1057 time_t pdb_get_logon_time (SAM_ACCOUNT *sampass)
1060 return (sampass->logon_time);
1065 time_t pdb_get_logoff_time (SAM_ACCOUNT *sampass)
1068 return (sampass->logoff_time);
1073 time_t pdb_get_kickoff_time (SAM_ACCOUNT *sampass)
1076 return (sampass->kickoff_time);
1081 time_t pdb_get_pass_last_set_time (SAM_ACCOUNT *sampass)
1084 return (sampass->pass_last_set_time);
1089 time_t pdb_get_pass_can_change_time (SAM_ACCOUNT *sampass)
1092 return (sampass->pass_can_change_time);
1097 time_t pdb_get_pass_must_change_time (SAM_ACCOUNT *sampass)
1100 return (sampass->pass_must_change_time);
1105 uint16 pdb_get_logon_divs (SAM_ACCOUNT *sampass)
1108 return (sampass->logon_divs);
1113 uint32 pdb_get_hours_len (SAM_ACCOUNT *sampass)
1116 return (sampass->hours_len);
1121 uint8* pdb_get_hours (SAM_ACCOUNT *sampass)
1124 return (sampass->hours);
1129 uint8* pdb_get_nt_passwd (SAM_ACCOUNT *sampass)
1132 return (sampass->nt_pw);
1137 uint8* pdb_get_lanman_passwd (SAM_ACCOUNT *sampass)
1140 return (sampass->lm_pw);
1146 uint32 pdb_get_user_rid (SAM_ACCOUNT *sampass)
1149 return (sampass->user_rid);
1154 uint32 pdb_get_group_rid (SAM_ACCOUNT *sampass)
1157 return (sampass->group_rid);
1162 uid_t pdb_get_uid (SAM_ACCOUNT *sampass)
1165 return (sampass->uid);
1170 gid_t pdb_get_gid (SAM_ACCOUNT *sampass)
1173 return (sampass->gid);
1178 char* pdb_get_username (SAM_ACCOUNT *sampass)
1181 return (sampass->username);
1186 char* pdb_get_domain (SAM_ACCOUNT *sampass)
1189 return (sampass->domain);
1194 char* pdb_get_nt_username (SAM_ACCOUNT *sampass)
1197 return (sampass->nt_username);
1202 char* pdb_get_fullname (SAM_ACCOUNT *sampass)
1205 return (sampass->full_name);
1210 char* pdb_get_homedir (SAM_ACCOUNT *sampass)
1213 return (sampass->home_dir);
1218 char* pdb_get_dirdrive (SAM_ACCOUNT *sampass)
1221 return (sampass->dir_drive);
1226 char* pdb_get_logon_script (SAM_ACCOUNT *sampass)
1229 return (sampass->logon_script);
1234 char* pdb_get_profile_path (SAM_ACCOUNT *sampass)
1237 return (sampass->profile_path);
1242 char* pdb_get_acct_desc (SAM_ACCOUNT *sampass)
1245 return (sampass->acct_desc);
1250 char* pdb_get_workstations (SAM_ACCOUNT *sampass)
1253 return (sampass->workstations);
1258 char* pdb_get_munged_dial (SAM_ACCOUNT *sampass)
1261 return (sampass->munged_dial);
1266 uint32 pdb_get_unknown3 (SAM_ACCOUNT *sampass)
1269 return (sampass->unknown_3);
1274 uint32 pdb_get_unknown5 (SAM_ACCOUNT *sampass)
1277 return (sampass->unknown_5);
1282 uint32 pdb_get_unknown6 (SAM_ACCOUNT *sampass)
1285 return (sampass->unknown_6);
1290 /*********************************************************************
1291 collection of set...() functions for SAM_ACCOUNT_INFO
1292 ********************************************************************/
1293 BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
1300 sampass->acct_ctrl = flags;
1307 BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime)
1312 sampass->logon_time = mytime;
1316 BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime)
1321 sampass->logoff_time = mytime;
1325 BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime)
1330 sampass->kickoff_time = mytime;
1334 BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime)
1339 sampass->pass_can_change_time = mytime;
1343 BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime)
1348 sampass->pass_must_change_time = mytime;
1352 BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
1357 sampass->pass_last_set_time = mytime;
1361 BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
1366 sampass->hours_len = len;
1370 BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours)
1375 sampass->logon_divs = hours;
1379 BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid)
1388 BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid)
1397 BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
1402 sampass->user_rid = rid;
1406 BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
1411 sampass->group_rid = grid;
1415 BOOL pdb_set_username (SAM_ACCOUNT *sampass, char *username)
1419 if (!sampass || !sampass->mem_ctx) return False;
1423 sampass->username = NULL;
1427 len = strlen(username)+1;
1428 sampass->username = (char*)talloc(sampass->mem_ctx, len);
1430 if (sampass->username == NULL )
1432 DEBUG (0,("pdb_set_username: ERROR - Unable to talloc memory for [%s]\n", username));
1436 StrnCpy (sampass->username, username, len-1);
1441 BOOL pdb_set_domain (SAM_ACCOUNT *sampass, char *domain)
1445 if (!sampass || !sampass->mem_ctx) return False;
1449 sampass->domain = NULL;
1453 len = strlen(domain)+1;
1454 sampass->domain = talloc (sampass->mem_ctx, len);
1456 if (sampass->domain == NULL )
1458 DEBUG (0,("pdb_set_domain: ERROR - Unable to talloc memory for [%s]\n", domain));
1462 StrnCpy (sampass->domain, domain, len-1);
1467 BOOL pdb_set_nt_username (SAM_ACCOUNT *sampass, char *nt_username)
1471 if (!sampass || !sampass->mem_ctx) return False;
1475 sampass->nt_username = NULL;
1479 len = strlen(nt_username)+1;
1480 sampass->nt_username = talloc (sampass->mem_ctx, len);
1482 if (sampass->nt_username == NULL )
1484 DEBUG (0,("pdb_set_nt_username: ERROR - Unable to talloc memory for [%s]\n", nt_username));
1488 StrnCpy (sampass->nt_username, nt_username, len-1);
1493 BOOL pdb_set_fullname (SAM_ACCOUNT *sampass, char *fullname)
1497 if (!sampass || !sampass->mem_ctx) return False;
1501 sampass->full_name = NULL;
1505 len = strlen(fullname)+1;
1506 sampass->full_name = talloc (sampass->mem_ctx, len);
1508 if (sampass->full_name == NULL )
1510 DEBUG (0,("pdb_set_fullname: ERROR - Unable to talloc memory for [%s]\n", fullname));
1514 StrnCpy (sampass->full_name, fullname, len-1);
1519 BOOL pdb_set_logon_script (SAM_ACCOUNT *sampass, char *logon_script)
1523 if (!sampass || !sampass->mem_ctx) return False;
1527 sampass->logon_script = NULL;
1531 len = strlen(logon_script)+1;
1532 sampass->logon_script = talloc (sampass->mem_ctx, len);
1534 if (sampass->logon_script == NULL )
1536 DEBUG (0,("pdb_set_logon_script: ERROR - Unable to talloc memory for [%s]\n", logon_script));
1540 StrnCpy (sampass->logon_script, logon_script, len-1);
1545 BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, char *profile_path)
1549 if (!sampass || !sampass->mem_ctx) return False;
1553 sampass->profile_path = NULL;
1557 len = strlen(profile_path)+1;
1558 sampass->profile_path = talloc (sampass->mem_ctx, len);
1560 if (!sampass->profile_path)
1562 DEBUG (0,("pdb_set_profile_path: ERROR - Unable to talloc memory for [%s]\n", profile_path));
1566 StrnCpy (sampass->profile_path, profile_path, len-1);
1571 BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, char *dir_drive)
1575 if (!sampass || !sampass->mem_ctx) return False;
1579 sampass->dir_drive = NULL;
1583 len = strlen(dir_drive)+1;
1584 sampass->dir_drive = talloc (sampass->mem_ctx, len);
1586 if (sampass->dir_drive == NULL )
1588 DEBUG (0,("pdb_set_dir_drive: ERROR - Unable to talloc memory for [%s]\n", dir_drive));
1592 StrnCpy (sampass->dir_drive, dir_drive, len-1);
1597 BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, char *homedir)
1601 if (!sampass || !sampass->mem_ctx) return False;
1605 sampass->home_dir = NULL;
1609 len = strlen(homedir)+1;
1610 sampass->home_dir = talloc (sampass->mem_ctx, len);
1612 if (sampass->home_dir == NULL )
1614 DEBUG (0,("pdb_set_homedir: ERROR - Unable to talloc memory for [%s]\n", homedir));
1618 StrnCpy (sampass->home_dir, homedir, len-1);
1623 BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, char *acct_desc)
1627 if (!sampass || !sampass->mem_ctx) return False;
1631 sampass->acct_desc = NULL;
1635 len = strlen(acct_desc)+1;
1636 sampass->acct_desc = talloc (sampass->mem_ctx, len);
1638 if (sampass->acct_desc == NULL )
1640 DEBUG (0,("pdb_set_acct_desc: ERROR - Unable to talloc memory for [%s]\n", acct_desc));
1644 StrnCpy (sampass->acct_desc, acct_desc, len-1);
1649 BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, char *workstations)
1653 if (!sampass || !sampass->mem_ctx) return False;
1657 sampass->workstations = NULL;
1661 len = strlen(workstations)+1;
1662 sampass->workstations = talloc (sampass->mem_ctx, len);
1664 if (sampass->workstations == NULL )
1666 DEBUG (0,("pdb_set_workstations: ERROR - Unable to talloc memory for [%s]\n", workstations));
1670 StrnCpy (sampass->workstations, workstations, len-1);
1675 BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, char *munged_dial)
1679 if (!sampass || !sampass->mem_ctx) return False;
1683 sampass->munged_dial = NULL;
1687 len = strlen(munged_dial)+1;
1688 sampass->munged_dial = talloc (sampass->mem_ctx, len);
1690 if (sampass->munged_dial == NULL )
1692 DEBUG (0,("pdb_set_munged_dial: ERROR - Unable to talloc memory for [%s]\n", munged_dial));
1696 StrnCpy (sampass->munged_dial, munged_dial, len-1);
1701 BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
1703 if (!sampass || !sampass->mem_ctx) return False;
1707 sampass->nt_pw = NULL;
1711 sampass->nt_pw = talloc (sampass->mem_ctx, 16);
1713 if (sampass->nt_pw == NULL )
1715 DEBUG (0,("pdb_set_nt_passwd: ERROR - Unable to talloc memory for [%s]\n", pwd));
1719 memcpy (sampass->nt_pw, pwd, 16);
1724 BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, uint8 *pwd)
1726 if (!sampass || !sampass->mem_ctx) return False;
1730 sampass->lm_pw = NULL;
1734 sampass->lm_pw = talloc (sampass->mem_ctx, 16);
1736 if (sampass->lm_pw == NULL )
1738 DEBUG (0,("pdb_set_lanman_passwd: ERROR - Unable to talloc memory for [%s]\n", pwd));
1742 memcpy (sampass->lm_pw, pwd, 16);
1747 BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
1752 sampass->unknown_3 = unkn;
1756 BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
1761 sampass->unknown_5 = unkn;
1765 BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
1770 sampass->unknown_6 = unkn;
1774 BOOL pdb_set_hours (SAM_ACCOUNT *sampass, uint8 *hours)
1776 if (!sampass || !sampass->mem_ctx) return False;
1780 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
1784 memcpy (sampass->hours, hours, MAX_HOURS_LEN);