1fb1f2355b6596faf6cbb7ee090cdf792b8e5bbf
[ira/wip.git] / source3 / utils / pdbedit.c
1 /* 
2    Unix SMB/CIFS implementation.
3    passdb editing frontend
4    
5    Copyright (C) Simo Sorce      2000
6    Copyright (C) Andrew Bartlett 2001   
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 extern pstring global_myname;
26 extern BOOL AllowDebugChange;
27
28 /*
29  * Next two lines needed for SunOS and don't
30  * hurt anything else...
31  */
32 extern char *optarg;
33 extern int optind;
34
35 /*********************************************************
36  Print command usage on stderr and die.
37 **********************************************************/
38 static void usage(void)
39 {
40         if (getuid() == 0) {
41                 printf("pdbedit options\n");
42         } else {
43                 printf("You need to be root to use this tool!\n");
44         }
45         printf("(actually to add a user you need to use smbpasswd)\n");
46         printf("options:\n");
47         printf("  -l                   list usernames\n");
48         printf("     -v                verbose output\n");
49         printf("     -w                smbpasswd file style\n");
50         printf("  -u username          print user's info\n");
51         printf("     -f fullname       set Full Name\n");
52         printf("     -h homedir        set home directory\n");
53         printf("     -d drive          set home dir drive\n");
54         printf("     -s script         set logon script\n");
55         printf("     -p profile        set profile path\n");
56         printf("  -a                   create new account\n");
57         printf("     -m                it is a machine trust\n");
58         printf("  -x                   delete this user\n");
59         printf("  -i file              import account from file (smbpasswd style)\n");
60         printf("  -D debuglevel        set DEBUGELEVEL (default = 1)\n");
61         exit(1);
62 }
63
64 /*********************************************************
65  Print info from sam structure
66 **********************************************************/
67
68 static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle)
69 {
70         uid_t uid;
71         gid_t gid;
72
73         /* TODO: chaeck if entry is a user or a workstation */
74         if (!sam_pwent) return -1;
75         
76         if (verbosity) {
77                 printf ("username:       %s\n",  pdb_get_username(sam_pwent));
78                 if (IS_SAM_UNIX_USER(sam_pwent)) {
79                         uid = pdb_get_uid(sam_pwent);
80                         gid = pdb_get_gid(sam_pwent);
81                         printf ("user ID/Group:  %d/%d\n", uid, gid);
82                 }
83                 printf ("user RID/GRID:  %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
84                         (unsigned int)pdb_get_group_rid(sam_pwent));
85                 printf ("Full Name:      %s\n", pdb_get_fullname(sam_pwent));
86                 printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
87                 printf ("HomeDir Drive:  %s\n", pdb_get_dirdrive(sam_pwent));
88                 printf ("Logon Script:   %s\n", pdb_get_logon_script(sam_pwent));
89                 printf ("Profile Path:   %s\n", pdb_get_profile_path(sam_pwent));
90         } else if (smbpwdstyle) {
91                 if (IS_SAM_UNIX_USER(sam_pwent)) {
92                         char lm_passwd[33];
93                         char nt_passwd[33];
94
95                         uid = pdb_get_uid(sam_pwent);
96                         pdb_sethexpwd(lm_passwd, 
97                                       pdb_get_lanman_passwd(sam_pwent), 
98                                       pdb_get_acct_ctrl(sam_pwent));
99                         pdb_sethexpwd(nt_passwd, 
100                                       pdb_get_nt_passwd(sam_pwent), 
101                                       pdb_get_acct_ctrl(sam_pwent));
102                         
103                         printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
104                                pdb_get_username(sam_pwent),
105                                uid,
106                                lm_passwd,
107                                nt_passwd,
108                                pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
109                                (uint32)pdb_get_pass_last_set_time(sam_pwent));
110                 } else {
111                         fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n");
112                 }
113         } else {
114                 if (IS_SAM_UNIX_USER(sam_pwent)) {
115                         printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), 
116                                 pdb_get_fullname(sam_pwent));
117                 } else {        
118                         printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent));
119                 }
120         }
121
122         return 0;       
123 }
124
125 /*********************************************************
126  Get an Print User Info
127 **********************************************************/
128
129 static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle)
130 {
131         SAM_ACCOUNT *sam_pwent=NULL;
132         BOOL ret;
133         
134         if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
135                 return -1;
136         }
137         
138         ret = pdb_getsampwnam (sam_pwent, username);
139
140         if (ret==False) {
141                 fprintf (stderr, "Username not found!\n");
142                 pdb_free_sam(&sam_pwent);
143                 return -1;
144         }
145         
146         ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
147         pdb_free_sam(&sam_pwent);
148         
149         return ret;
150 }
151         
152 /*********************************************************
153  List Users
154 **********************************************************/
155 static int print_users_list (BOOL verbosity, BOOL smbpwdstyle)
156 {
157         SAM_ACCOUNT *sam_pwent=NULL;
158         BOOL check, ret;
159         
160         errno = 0; /* testing --simo */
161         check = pdb_setsampwent(False);
162         if (check && errno == ENOENT) {
163                 fprintf (stderr,"Password database not found!\n");
164                 exit(1);
165         }
166
167         check = True;
168         if (!(NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)))) return 1;
169
170         while (check && (ret = pdb_getsampwent (sam_pwent))) {
171                 if (verbosity)
172                         printf ("---------------\n");
173                 print_sam_info (sam_pwent, verbosity, smbpwdstyle);
174                 pdb_free_sam(&sam_pwent);
175                 check = NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent));
176         }
177         if (check) pdb_free_sam(&sam_pwent);
178         
179         pdb_endsampwent();
180         return 0;
181 }
182
183 /*********************************************************
184  Set User Info
185 **********************************************************/
186
187 static int set_user_info (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
188 {
189         SAM_ACCOUNT *sam_pwent=NULL;
190         BOOL ret;
191         
192         pdb_init_sam(&sam_pwent);
193         
194         ret = pdb_getsampwnam (sam_pwent, username);
195         if (ret==False) {
196                 fprintf (stderr, "Username not found!\n");
197                 pdb_free_sam(&sam_pwent);
198                 return -1;
199         }
200         
201         if (fullname)
202                 pdb_set_fullname(sam_pwent, fullname);
203         if (homedir)
204                 pdb_set_homedir(sam_pwent, homedir, True);
205         if (drive)
206                 pdb_set_dir_drive(sam_pwent,drive, True);
207         if (script)
208                 pdb_set_logon_script(sam_pwent, script, True);
209         if (profile)
210                 pdb_set_profile_path (sam_pwent, profile, True);
211         
212         if (pdb_update_sam_account (sam_pwent))
213                 print_user_info (username, True, False);
214         else {
215                 fprintf (stderr, "Unable to modify entry!\n");
216                 pdb_free_sam(&sam_pwent);
217                 return -1;
218         }
219         pdb_free_sam(&sam_pwent);
220         return 0;
221 }
222
223 /*********************************************************
224  Add New User
225 **********************************************************/
226 static int new_user (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
227 {
228         SAM_ACCOUNT *sam_pwent=NULL;
229         struct passwd  *pwd = NULL;
230         char *password1, *password2;
231         
232         ZERO_STRUCT(sam_pwent);
233
234         if ((pwd = getpwnam_alloc(username))) {
235                 pdb_init_sam_pw (&sam_pwent, pwd);
236                 passwd_free(&pwd);
237         } else {
238                 fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
239                 pdb_init_sam(&sam_pwent);
240                 if (!pdb_set_username(sam_pwent, username)) {
241                         return False;
242                 }
243         }
244
245         password1 = getpass("new password:");
246         password2 = getpass("retype new password:");
247         if (strcmp (password1, password2)) {
248                  fprintf (stderr, "Passwords does not match!\n");
249                  pdb_free_sam (&sam_pwent);
250                  return -1;
251         }
252
253         pdb_set_plaintext_passwd(sam_pwent, password1);
254
255         if (fullname)
256                 pdb_set_fullname(sam_pwent, fullname);
257         if (homedir)
258                 pdb_set_homedir (sam_pwent, homedir, True);
259         if (drive)
260                 pdb_set_dir_drive (sam_pwent, drive, True);
261         if (script)
262                 pdb_set_logon_script(sam_pwent, script, True);
263         if (profile)
264                 pdb_set_profile_path (sam_pwent, profile, True);
265         
266         pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
267         
268         if (pdb_add_sam_account (sam_pwent)) { 
269                 print_user_info (username, True, False);
270         } else {
271                 fprintf (stderr, "Unable to add user! (does it alredy exist?)\n");
272                 pdb_free_sam (&sam_pwent);
273                 return -1;
274         }
275         pdb_free_sam (&sam_pwent);
276         return 0;
277 }
278
279 /*********************************************************
280  Add New Machine
281 **********************************************************/
282
283 static int new_machine (char *machinename)
284 {
285         SAM_ACCOUNT *sam_pwent=NULL;
286         char name[16];
287         char *password = NULL;
288         
289         if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
290                 return -1;
291         }
292
293         if (machinename[strlen (machinename) -1] == '$')
294                 machinename[strlen (machinename) -1] = '\0';
295         
296         safe_strcpy (name, machinename, 16);
297         safe_strcat (name, "$", 16);
298         
299         string_set (&password, machinename);
300         strlower_m(password);
301         
302         pdb_set_plaintext_passwd (sam_pwent, password);
303
304         pdb_set_username (sam_pwent, name);
305         
306         pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
307         
308         pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
309         
310         if (pdb_add_sam_account (sam_pwent)) {
311                 print_user_info (name, True, False);
312         } else {
313                 fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
314                 pdb_free_sam (&sam_pwent);
315                 return -1;
316         }
317         pdb_free_sam (&sam_pwent);
318         return 0;
319 }
320
321 /*********************************************************
322  Delete user entry
323 **********************************************************/
324
325 static int delete_user_entry (char *username)
326 {
327         SAM_ACCOUNT *samaccount = NULL;
328
329         if (!NT_STATUS_IS_OK(pdb_init_sam (&samaccount))) {
330                 return -1;
331         }
332
333         if (!pdb_getsampwnam(samaccount, username)) {
334                 fprintf (stderr, "user %s does not exist in the passdb\n", username);
335                 return -1;
336         }
337
338         return pdb_delete_sam_account (samaccount);
339 }
340
341 /*********************************************************
342  Delete machine entry
343 **********************************************************/
344
345 static int delete_machine_entry (char *machinename)
346 {
347         char name[16];
348         SAM_ACCOUNT *samaccount = NULL;
349         
350         safe_strcpy (name, machinename, 16);
351         if (name[strlen(name)] != '$')
352                 safe_strcat (name, "$", 16);
353
354         if (!NT_STATUS_IS_OK(pdb_init_sam (&samaccount))) {
355                 return -1;
356         }
357
358         if (!pdb_getsampwnam(samaccount, name)) {
359                 fprintf (stderr, "user %s does not exist in the passdb\n", name);
360                 return -1;
361         }
362
363         return pdb_delete_sam_account (samaccount);
364 }
365
366 /*********************************************************
367  Import smbpasswd style file
368 **********************************************************/
369
370 static int import_users (char *filename)
371 {
372         FILE *fp = NULL;
373         SAM_ACCOUNT *sam_pwent = NULL;
374         static pstring  user_name;
375         static unsigned char smbpwd[16];
376         static unsigned char smbntpwd[16];
377         char linebuf[256];
378         size_t linebuf_len;
379         unsigned char c;
380         unsigned char *p;
381         long uidval;
382         int line = 0;
383         int good = 0;
384         struct passwd *pwd;
385
386         if((fp = sys_fopen(filename, "rb")) == NULL) {
387                 fprintf (stderr, "%s\n", strerror (ferror (fp)));
388                 return -1;
389         }
390         
391         while (!feof(fp)) {
392                 /*Get a new line*/
393                 linebuf[0] = '\0';
394                 fgets(linebuf, 256, fp);
395                 if (ferror(fp)) {
396                         fprintf (stderr, "%s\n", strerror (ferror (fp)));
397                         return -1;
398                 }
399                 if ((linebuf_len = strlen(linebuf)) == 0) {
400                         line++;
401                         continue;
402                 }
403                 if (linebuf[linebuf_len - 1] != '\n') {
404                         c = '\0';
405                         while (!ferror(fp) && !feof(fp)) {
406                                 c = fgetc(fp);
407                                 if (c == '\n') break;
408                         }
409                 } else
410                         linebuf[linebuf_len - 1] = '\0';
411                 linebuf[linebuf_len] = '\0';
412                 if ((linebuf[0] == 0) && feof(fp)) {
413                         /*end of file!!*/
414                         return 0;
415                 }
416                 line++;
417                 if (linebuf[0] == '#' || linebuf[0] == '\0')
418                         continue;
419                 
420                 /* Get user name */
421                 p = (unsigned char *) strchr_m(linebuf, ':');
422                 if (p == NULL) {
423                         fprintf (stderr, "Error: malformed password entry at line %d !!\n", line);
424                         continue;
425                 }
426                 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
427                 user_name[PTR_DIFF(p, linebuf)] = '\0';
428
429                 /* Get smb uid. */
430                 p++;
431                 if(*p == '-') {
432                         fprintf (stderr, "Error: negative uid at line %d\n", line);
433                         continue;
434                 }
435                 if (!isdigit(*p)) {
436                         fprintf (stderr, "Error: malformed password entry at line %d (uid not number)\n", line);
437                         continue;
438                 }
439                 uidval = atoi((char *) p);
440                 while (*p && isdigit(*p)) p++;
441                 if (*p != ':') {
442                         fprintf (stderr, "Error: malformed password entry at line %d (no : after uid)\n", line);
443                         continue;
444                 }
445                 if(!(pwd = sys_getpwnam(user_name))) {
446                         fprintf(stderr, "User %s does not \
447 exist in system password file (usually /etc/passwd). Cannot add \
448 account without a valid local system user.\n", user_name);
449                         return False;
450                 }
451
452                 if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pwent, pwd))) {
453                         fprintf(stderr, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
454                         return False;
455                 }
456
457                 /* Get passwords */
458                 p++;
459                 if (*p == '*' || *p == 'X') {
460                         /* Password deliberately invalid */
461                         fprintf (stderr, "Warning: entry invalidated for user %s\n", user_name);
462                         pdb_set_lanman_passwd(sam_pwent, NULL);
463                         pdb_set_nt_passwd(sam_pwent,NULL);
464                         pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_DISABLED);
465                 } else {
466                         if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
467                                 fprintf (stderr, "Error: malformed password entry at line %d (password too short)\n",line);
468                                 pdb_free_sam (&sam_pwent);
469                                 continue;
470                         }
471                         if (p[32] != ':') {
472                                 fprintf (stderr, "Error: malformed password entry at line %d (no terminating :)\n",line);
473                                 pdb_free_sam (&sam_pwent);
474                                 continue;
475                         }
476                         if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
477                                 pdb_set_lanman_passwd(sam_pwent, NULL);
478                                 pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_PWNOTREQ);
479                         } else {
480                                 if (!pdb_gethexpwd((char *)p, smbpwd)) {
481                                         fprintf (stderr, "Error: malformed Lanman password entry at line %d (non hex chars)\n", line);
482                                         pdb_free_sam (&sam_pwent);
483                                         continue;
484                                 }
485                                 pdb_set_lanman_passwd(sam_pwent, smbpwd);
486                         }
487                         /* NT password */
488                         p += 33;
489                         if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
490                                 if (*p != '*' && *p != 'X') {
491                                         if (pdb_gethexpwd((char *)p,smbntpwd)) {
492                                                 pdb_set_nt_passwd(sam_pwent, smbntpwd);
493                                         }
494                                 }
495                                 p += 33;
496                         }
497                 }
498
499                 /* Get ACCT_CTRL field if any */
500                 if (*p == '[') {
501                         uint16 acct_ctrl;
502                         unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
503                         
504                         acct_ctrl = pdb_decode_acct_ctrl((char*)p);
505                         if (acct_ctrl)
506                                 acct_ctrl = ACB_NORMAL;
507
508                         pdb_set_acct_ctrl(sam_pwent, acct_ctrl);
509                         
510                         /* Get last change time */
511                         if(end_p)
512                                 p = end_p + 1;
513                         if(*p == ':') {
514                                 p++;
515                                 if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
516                                         int i;
517                                         
518                                         p += 4;
519                                         for(i = 0; i < 8; i++) {
520                                                 if(p[i] == '\0' || !isxdigit(p[i])) break;
521                                         }
522                                         if(i == 8) {
523                                                  pdb_set_pass_last_set_time (sam_pwent, (time_t)strtol((char *)p, NULL, 16));
524                                         }
525                                 }
526                         }
527                 }
528
529                  /* Now ADD the entry */
530                 if (!(pdb_add_sam_account (sam_pwent))) {
531                         fprintf (stderr, "Unable to add user entry!\n");
532                         pdb_free_sam (&sam_pwent);
533                         continue;
534                 }
535                 printf ("%s imported!\n", user_name);
536                 good++;
537                 pdb_free_sam (&sam_pwent);
538         }
539         printf ("%d lines read.\n%d entryes imported\n", line, good);
540         return 0;
541 }
542
543 /*********************************************************
544  Start here.
545 **********************************************************/
546
547 int main (int argc, char **argv)
548 {
549         int ch;
550         BOOL list_users = False;
551         BOOL verbose = False;
552         BOOL spstyle = False;
553         BOOL setparms = False;
554         BOOL machine = False;
555         BOOL add_user = False;
556         BOOL delete_user = False;
557         BOOL import = False;
558         char *user_name = NULL;
559         char *full_name = NULL;
560         char *home_dir = NULL;
561         char *home_drive = NULL;
562         char *logon_script = NULL;
563         char *profile_path = NULL;
564         char *smbpasswd = NULL;
565
566         setup_logging("pdbedit", True);
567
568         if (argc < 2) {
569                 usage();
570                 return 0;
571         }
572         
573         DEBUGLEVEL = 1;
574         AllowDebugChange = False;
575
576         if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
577                 fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
578                         dyn_CONFIGFILE);
579                 exit(1);
580         }
581         
582         if(!initialize_password_db(True)) {
583                 fprintf(stderr, "Can't setup password database vectors.\n");
584                 exit(1);
585         }
586         
587         while ((ch = getopt(argc, argv, "ad:f:h:i:lmp:s:u:vwxD:")) != EOF) {
588                 switch(ch) {
589                 case 'a':
590                         add_user = True;
591                         break;
592                 case 'm':
593                         machine = True;
594                         break;
595                 case 'l':
596                         list_users = True;
597                         break;
598                 case 'v':
599                         verbose = True;
600                         break;
601                 case 'w':
602                         spstyle = True;
603                         break;
604                 case 'u':
605                         user_name = optarg;
606                         break;
607                 case 'f':
608                         setparms = True;
609                         full_name = optarg;
610                         break;
611                 case 'h':
612                         setparms = True;
613                         home_dir = optarg;
614                         break;
615                 case 'd':
616                         setparms = True;
617                         home_drive = optarg;
618                         break;
619                 case 's':
620                         setparms = True;
621                         logon_script = optarg;
622                         break;
623                 case 'p':
624                         setparms = True;
625                         profile_path = optarg;
626                         break;
627                 case 'x':
628                         delete_user = True;
629                         break;
630                 case 'i':
631                         import = True;
632                         smbpasswd = optarg;
633                         break;
634                 case 'D':
635                         DEBUGLEVEL = atoi(optarg);
636                         break;
637                 default:
638                         usage();
639                 }
640         }
641         if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) > 1) {
642                 fprintf (stderr, "Incompatible options on command line!\n");
643                 usage();
644                 exit(1);
645         }
646
647         if (add_user) {
648                 if (!user_name) {
649                         fprintf (stderr, "Username not specified! (use -u option)\n");
650                         return -1;
651                 }
652                 if (machine)
653                         return new_machine (user_name);
654                 else
655                         return new_user (user_name, full_name, home_dir, home_drive, logon_script, profile_path);
656         }
657
658         if (delete_user) {
659                 if (!user_name) {
660                         fprintf (stderr, "Username not specified! (use -u option)\n");
661                         return -1;
662                 }
663                 if (machine)
664                         return delete_machine_entry (user_name);
665                 else
666                         return delete_user_entry (user_name);
667         }
668         
669         if (user_name) {
670                 if (setparms)
671                         set_user_info ( user_name, full_name,
672                                                 home_dir,
673                                                 home_drive,
674                                                 logon_script,
675                                                 profile_path);
676                 else
677                         return print_user_info (user_name, verbose, spstyle);
678                 
679                 return 0;
680         }
681
682         
683         if (list_users) 
684                 return print_users_list (verbose, spstyle);
685         
686         if (import) 
687                 return import_users (smbpasswd); 
688         
689         usage();
690
691         return 0;
692 }