Change the passdb interface to use allocated strings.
[ira/wip.git] / source3 / utils / pdbedit.c
1 /* 
2    Unix SMB/Netbios implementation.
3    passdb editing frontend
4    Version 3.0
5    
6    Copyright (C) Simo Sorce      2000
7    Copyright (C) Andrew Bartlett 2001   
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 /* base uid for trust accounts is set to 60000 ! 
25  * May be we should add the defines in smb.h to make it possible having 
26  * different values on different platforms?
27  */
28
29 #define BASE_MACHINE_UID 60000
30 #define MAX_MACHINE_UID 65500 /* 5500 trust accounts aren't enough? */
31
32 #include "includes.h"
33
34 extern pstring global_myname;
35 extern BOOL AllowDebugChange;
36
37 /*
38  * Next two lines needed for SunOS and don't
39  * hurt anything else...
40  */
41 extern char *optarg;
42 extern int optind;
43
44 /*********************************************************
45  Print command usage on stderr and die.
46 **********************************************************/
47 static void usage(void)
48 {
49         if (getuid() == 0) {
50                 printf("pdbedit options\n");
51         } else {
52                 printf("You need to be root to use this tool!\n");
53         }
54         printf("(actually to add a user you need to use smbpasswd)\n");
55         printf("options:\n");
56         printf("  -l                   list usernames\n");
57         printf("     -v                verbose output\n");
58         printf("     -w                smbpasswd file style\n");
59         printf("  -u username          print user's info\n");
60         printf("     -f fullname       set Full Name\n");
61         printf("     -h homedir        set home directory\n");
62         printf("     -d drive          set home dir drive\n");
63         printf("     -s script         set logon script\n");
64         printf("     -p profile        set profile path\n");
65         printf("  -a                   create new account\n");
66         printf("     -m                it is a machine trust\n");
67         printf("  -x                   delete this user\n");
68         printf("  -i file              import account from file (smbpasswd style)\n");
69         exit(1);
70 }
71
72 /*********************************************************
73  Print info from sam structure
74 **********************************************************/
75
76 static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle)
77 {
78         uid_t uid;
79         gid_t gid;
80
81         /* TODO: chaeck if entry is a user or a workstation */
82         if (!sam_pwent) return -1;
83         
84         if (verbosity) {
85                 printf ("username:       %s\n",  pdb_get_username(sam_pwent));
86                 if (IS_SAM_UNIX_USER(sam_pwent)) {
87                         uid = pdb_get_uid(sam_pwent);
88                         gid = pdb_get_gid(sam_pwent);
89                         printf ("user ID/Group:  %d/%d\n", uid, gid);
90                 }
91                 printf ("user RID/GRID:  %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
92                         (unsigned int)pdb_get_group_rid(sam_pwent));
93                 printf ("Full Name:      %s\n", pdb_get_fullname(sam_pwent));
94                 printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
95                 printf ("HomeDir Drive:  %s\n", pdb_get_dirdrive(sam_pwent));
96                 printf ("Logon Script:   %s\n", pdb_get_logon_script(sam_pwent));
97                 printf ("Profile Path:   %s\n", pdb_get_profile_path(sam_pwent));
98         } else if (smbpwdstyle) {
99                 if (IS_SAM_UNIX_USER(sam_pwent)) {
100                         char lm_passwd[33];
101                         char nt_passwd[33];
102
103                         uid = pdb_get_uid(sam_pwent);
104                         pdb_sethexpwd(lm_passwd, 
105                                       pdb_get_lanman_passwd(sam_pwent), 
106                                       pdb_get_acct_ctrl(sam_pwent));
107                         pdb_sethexpwd(nt_passwd, 
108                                       pdb_get_nt_passwd(sam_pwent), 
109                                       pdb_get_acct_ctrl(sam_pwent));
110                         
111                         printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
112                                pdb_get_username(sam_pwent),
113                                uid,
114                                lm_passwd,
115                                nt_passwd,
116                                pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
117                                (uint32)pdb_get_pass_last_set_time(sam_pwent));
118                 } else {
119                         fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n");
120                 }
121         } else {
122                 if (IS_SAM_UNIX_USER(sam_pwent)) {
123                         printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), 
124                                 pdb_get_fullname(sam_pwent));
125                 } else {        
126                         printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent));
127                 }
128         }
129
130         return 0;       
131 }
132
133 /*********************************************************
134  Get an Print User Info
135 **********************************************************/
136
137 static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle)
138 {
139         SAM_ACCOUNT *sam_pwent=NULL;
140         BOOL ret;
141         
142         pdb_init_sam(&sam_pwent);
143         
144         ret = pdb_getsampwnam (sam_pwent, username);
145
146         if (ret==False) {
147                 fprintf (stderr, "Username not found!\n");
148                 pdb_free_sam(&sam_pwent);
149                 return -1;
150         }
151         
152         ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
153         pdb_free_sam(&sam_pwent);
154         
155         return ret;
156 }
157         
158 /*********************************************************
159  List Users
160 **********************************************************/
161 static int print_users_list (BOOL verbosity, BOOL smbpwdstyle)
162 {
163         SAM_ACCOUNT *sam_pwent=NULL;
164         BOOL ret;
165         
166         pdb_init_sam(&sam_pwent);
167         errno = 0; /* testing --simo */
168         ret = pdb_setsampwent(False);
169         if (ret && errno == ENOENT) {
170                 fprintf (stderr,"Password database not found!\n");
171                 pdb_free_sam(&sam_pwent);
172                 exit(1);
173         }
174
175         while ((ret = pdb_getsampwent (sam_pwent))) {
176                 if (verbosity)
177                         printf ("---------------\n");
178                 print_sam_info (sam_pwent, verbosity, smbpwdstyle);
179                 pdb_reset_sam(sam_pwent);
180         }
181         
182         pdb_endsampwent ();
183         pdb_free_sam(&sam_pwent);
184         return 0;
185 }
186
187 /*********************************************************
188  Set User Info
189 **********************************************************/
190
191 static int set_user_info (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
192 {
193         SAM_ACCOUNT *sam_pwent=NULL;
194         BOOL ret;
195         
196         pdb_init_sam(&sam_pwent);
197         
198         ret = pdb_getsampwnam (sam_pwent, username);
199         if (ret==False) {
200                 fprintf (stderr, "Username not found!\n");
201                 pdb_free_sam(&sam_pwent);
202                 return -1;
203         }
204         
205         if (fullname)
206                 pdb_set_fullname(sam_pwent, fullname);
207         if (homedir)
208                 pdb_set_homedir(sam_pwent, homedir, True);
209         if (drive)
210                 pdb_set_dir_drive(sam_pwent,drive, True);
211         if (script)
212                 pdb_set_logon_script(sam_pwent, script, True);
213         if (profile)
214                 pdb_set_profile_path (sam_pwent, profile, True);
215         
216         if (pdb_update_sam_account (sam_pwent, True))
217                 print_user_info (username, True, False);
218         else {
219                 fprintf (stderr, "Unable to modify entry!\n");
220                 pdb_free_sam(&sam_pwent);
221                 return -1;
222         }
223         pdb_free_sam(&sam_pwent);
224         return 0;
225 }
226
227 /*********************************************************
228  Add New User
229 **********************************************************/
230 static int new_user (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
231 {
232         SAM_ACCOUNT *sam_pwent=NULL;
233         struct passwd  *pwd = NULL;
234         char *password1, *password2;
235         
236         ZERO_STRUCT(sam_pwent);
237
238         if (!(pwd = sys_getpwnam(username))) {
239                 fprintf (stderr, "User %s does not exist in system passwd!\n", username);
240                 return -1;
241         }
242         
243         pdb_init_sam_pw (&sam_pwent, pwd);
244
245         password1 = getpass("new password:");
246         password2 = getpass("retype new password:");
247         if (strcmp (password1, password2)) {
248                  fprintf (stderr, "Passwords does not match!\n");
249                  pdb_free_sam (&sam_pwent);
250                  return -1;
251         }
252
253         pdb_set_plaintext_passwd(sam_pwent, password1);
254
255         pdb_set_username(sam_pwent, username);
256         if (fullname)
257                 pdb_set_fullname(sam_pwent, fullname);
258         if (homedir)
259                 pdb_set_homedir (sam_pwent, homedir, True);
260         if (drive)
261                 pdb_set_dir_drive (sam_pwent, drive, True);
262         if (script)
263                 pdb_set_logon_script(sam_pwent, script, True);
264         if (profile)
265                 pdb_set_profile_path (sam_pwent, profile, True);
266         
267         pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
268         
269         if (pdb_add_sam_account (sam_pwent)) { 
270                 print_user_info (username, True, False);
271         } else {
272                 fprintf (stderr, "Unable to add user! (does it alredy exist?)\n");
273                 pdb_free_sam (&sam_pwent);
274                 return -1;
275         }
276         pdb_free_sam (&sam_pwent);
277         return 0;
278 }
279
280 /*********************************************************
281  Add New Machine
282 **********************************************************/
283
284 static int new_machine (char *machinename)
285 {
286         SAM_ACCOUNT *sam_pwent=NULL;
287         SAM_ACCOUNT *sam_trust=NULL;
288         char name[16];
289         char *password = NULL;
290         uid_t uid;
291         
292         pdb_init_sam (&sam_pwent);
293
294         if (machinename[strlen (machinename) -1] == '$')
295                 machinename[strlen (machinename) -1] = '\0';
296         
297         safe_strcpy (name, machinename, 16);
298         safe_strcat (name, "$", 16);
299         
300         string_set (&password, machinename);
301         strlower_m(password);
302         
303         pdb_set_plaintext_passwd (sam_pwent, password);
304
305         pdb_set_username (sam_pwent, name);
306         
307         for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++) {
308                 pdb_init_sam (&sam_trust);
309                 if (pdb_getsampwrid (sam_trust, pdb_uid_to_user_rid (uid))) {
310                         pdb_free_sam (&sam_trust);
311                 } else {
312                         break;
313                 }
314         }
315
316         if (uid>MAX_MACHINE_UID) {
317                 fprintf (stderr, "No more free UIDs available to Machine accounts!\n");
318                 pdb_free_sam(&sam_pwent);               
319                 return -1;
320         }
321
322         pdb_set_user_rid (sam_pwent,pdb_uid_to_user_rid (uid));
323         pdb_set_group_rid (sam_pwent, pdb_gid_to_group_rid (BASE_MACHINE_UID));
324         pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
325         
326         if (pdb_add_sam_account (sam_pwent)) {
327                 print_user_info (name, True, False);
328         } else {
329                 fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
330                 pdb_free_sam (&sam_pwent);
331                 return -1;
332         }
333         pdb_free_sam (&sam_pwent);
334         return 0;
335 }
336
337 /*********************************************************
338  Delete user entry
339 **********************************************************/
340
341 static int delete_user_entry (char *username)
342 {
343         return pdb_delete_sam_account (username);
344 }
345
346 /*********************************************************
347  Delete machine entry
348 **********************************************************/
349
350 static int delete_machine_entry (char *machinename)
351 {
352         char name[16];
353         
354         safe_strcpy (name, machinename, 16);
355         if (name[strlen(name)] != '$')
356                 safe_strcat (name, "$", 16);
357         return pdb_delete_sam_account (name);
358 }
359
360 /*********************************************************
361  Import smbpasswd style file
362 **********************************************************/
363
364 static int import_users (char *filename)
365 {
366         FILE *fp = NULL;
367         SAM_ACCOUNT *sam_pwent = NULL;
368         static pstring  user_name;
369         static unsigned char smbpwd[16];
370         static unsigned char smbntpwd[16];
371         char linebuf[256];
372         size_t linebuf_len;
373         unsigned char c;
374         unsigned char *p;
375         long uidval;
376         int line = 0;
377         int good = 0;
378         struct passwd *pwd;
379
380         if((fp = sys_fopen(filename, "rb")) == NULL) {
381                 fprintf (stderr, "%s\n", strerror (ferror (fp)));
382                 return -1;
383         }
384         
385         while (!feof(fp)) {
386                 /*Get a new line*/
387                 linebuf[0] = '\0';
388                 fgets(linebuf, 256, fp);
389                 if (ferror(fp)) {
390                         fprintf (stderr, "%s\n", strerror (ferror (fp)));
391                         return -1;
392                 }
393                 if ((linebuf_len = strlen(linebuf)) == 0) {
394                         line++;
395                         continue;
396                 }
397                 if (linebuf[linebuf_len - 1] != '\n') {
398                         c = '\0';
399                         while (!ferror(fp) && !feof(fp)) {
400                                 c = fgetc(fp);
401                                 if (c == '\n') break;
402                         }
403                 } else
404                         linebuf[linebuf_len - 1] = '\0';
405                 linebuf[linebuf_len] = '\0';
406                 if ((linebuf[0] == 0) && feof(fp)) {
407                         /*end of file!!*/
408                         return 0;
409                 }
410                 line++;
411                 if (linebuf[0] == '#' || linebuf[0] == '\0')
412                         continue;
413                 
414                 /* Get user name */
415                 p = (unsigned char *) strchr_m(linebuf, ':');
416                 if (p == NULL) {
417                         fprintf (stderr, "Error: malformed password entry at line %d !!\n", line);
418                         continue;
419                 }
420                 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
421                 user_name[PTR_DIFF(p, linebuf)] = '\0';
422
423                 /* Get smb uid. */
424                 p++;
425                 if(*p == '-') {
426                         fprintf (stderr, "Error: negative uid at line %d\n", line);
427                         continue;
428                 }
429                 if (!isdigit(*p)) {
430                         fprintf (stderr, "Error: malformed password entry at line %d (uid not number)\n", line);
431                         continue;
432                 }
433                 uidval = atoi((char *) p);
434                 while (*p && isdigit(*p)) p++;
435                 if (*p != ':') {
436                         fprintf (stderr, "Error: malformed password entry at line %d (no : after uid)\n", line);
437                         continue;
438                 }
439                 if(!(pwd = sys_getpwnam(user_name))) {
440                         fprintf(stderr, "User %s does not \
441 exist in system password file (usually /etc/passwd). Cannot add \
442 account without a valid local system user.\n", user_name);
443                         return False;
444                 }
445
446                 if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pwent, pwd))) {
447                         fprintf(stderr, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
448                         return False;
449                 }
450
451                 /* Get passwords */
452                 p++;
453                 if (*p == '*' || *p == 'X') {
454                         /* Password deliberately invalid */
455                         fprintf (stderr, "Warning: entry invalidated for user %s\n", user_name);
456                         pdb_set_lanman_passwd(sam_pwent, NULL);
457                         pdb_set_nt_passwd(sam_pwent,NULL);
458                         pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_DISABLED);
459                 } else {
460                         if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
461                                 fprintf (stderr, "Error: malformed password entry at line %d (password too short)\n",line);
462                                 pdb_free_sam (&sam_pwent);
463                                 continue;
464                         }
465                         if (p[32] != ':') {
466                                 fprintf (stderr, "Error: malformed password entry at line %d (no terminating :)\n",line);
467                                 pdb_free_sam (&sam_pwent);
468                                 continue;
469                         }
470                         if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
471                                 pdb_set_lanman_passwd(sam_pwent, NULL);
472                                 pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_PWNOTREQ);
473                         } else {
474                                 if (!pdb_gethexpwd((char *)p, smbpwd)) {
475                                         fprintf (stderr, "Error: malformed Lanman password entry at line %d (non hex chars)\n", line);
476                                         pdb_free_sam (&sam_pwent);
477                                         continue;
478                                 }
479                                 pdb_set_lanman_passwd(sam_pwent, smbpwd);
480                         }
481                         /* NT password */
482                         p += 33;
483                         if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
484                                 if (*p != '*' && *p != 'X') {
485                                         if (pdb_gethexpwd((char *)p,smbntpwd)) {
486                                                 pdb_set_nt_passwd(sam_pwent, smbntpwd);
487                                         }
488                                 }
489                                 p += 33;
490                         }
491                 }
492
493                 /* Get ACCT_CTRL field if any */
494                 if (*p == '[') {
495                         uint16 acct_ctrl;
496                         unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
497                         
498                         acct_ctrl = pdb_decode_acct_ctrl((char*)p);
499                         if (acct_ctrl)
500                                 acct_ctrl = ACB_NORMAL;
501
502                         pdb_set_acct_ctrl(sam_pwent, acct_ctrl);
503                         
504                         /* Get last change time */
505                         if(end_p)
506                                 p = end_p + 1;
507                         if(*p == ':') {
508                                 p++;
509                                 if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
510                                         int i;
511                                         
512                                         p += 4;
513                                         for(i = 0; i < 8; i++) {
514                                                 if(p[i] == '\0' || !isxdigit(p[i])) break;
515                                         }
516                                         if(i == 8) {
517                                                  pdb_set_pass_last_set_time (sam_pwent, (time_t)strtol((char *)p, NULL, 16));
518                                         }
519                                 }
520                         }
521                 }
522
523                  /* Now ADD the entry */
524                 if (!(pdb_add_sam_account (sam_pwent))) {
525                         fprintf (stderr, "Unable to add user entry!\n");
526                         pdb_free_sam (&sam_pwent);
527                         continue;
528                 }
529                 printf ("%s imported!\n", user_name);
530                 good++;
531                 pdb_free_sam (&sam_pwent);
532         }
533         printf ("%d lines read.\n%d entryes imported\n", line, good);
534         return 0;
535 }
536
537 /*********************************************************
538  Start here.
539 **********************************************************/
540
541 int main (int argc, char **argv)
542 {
543         int ch;
544         BOOL list_users = False;
545         BOOL verbose = False;
546         BOOL spstyle = False;
547         BOOL setparms = False;
548         BOOL machine = False;
549         BOOL add_user = False;
550         BOOL delete_user = False;
551         BOOL import = False;
552         char *user_name = NULL;
553         char *full_name = NULL;
554         char *home_dir = NULL;
555         char *home_drive = NULL;
556         char *logon_script = NULL;
557         char *profile_path = NULL;
558         char *smbpasswd = NULL;
559
560         setup_logging("pdbedit", True);
561
562         if (argc < 2) {
563                 usage();
564                 return 0;
565         }
566         
567         if(!initialize_password_db(True)) {
568                 fprintf(stderr, "Can't setup password database vectors.\n");
569                 exit(1);
570         }
571         
572         DEBUGLEVEL = 1;
573         AllowDebugChange = False;
574
575         if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
576                 fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
577                         dyn_CONFIGFILE);
578                 exit(1);
579         }
580         
581         while ((ch = getopt(argc, argv, "ad:f:h:i:lmp:s:u:vwx")) != EOF) {
582                 switch(ch) {
583                 case 'a':
584                         add_user = True;
585                         break;
586                 case 'm':
587                         machine = True;
588                         break;
589                 case 'l':
590                         list_users = True;
591                         break;
592                 case 'v':
593                         verbose = True;
594                         break;
595                 case 'w':
596                         spstyle = True;
597                         break;
598                 case 'u':
599                         user_name = optarg;
600                         break;
601                 case 'f':
602                         setparms = True;
603                         full_name = optarg;
604                         break;
605                 case 'h':
606                         setparms = True;
607                         home_dir = optarg;
608                         break;
609                 case 'd':
610                         setparms = True;
611                         home_drive = optarg;
612                         break;
613                 case 's':
614                         setparms = True;
615                         logon_script = optarg;
616                         break;
617                 case 'p':
618                         setparms = True;
619                         profile_path = optarg;
620                         break;
621                 case 'x':
622                         delete_user = True;
623                         break;
624                 case 'i':
625                         import = True;
626                         smbpasswd = optarg;
627                         break;
628                 default:
629                         usage();
630                 }
631         }
632         if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) > 1) {
633                 fprintf (stderr, "Incompatible options on command line!\n");
634                 usage();
635                 exit(1);
636         }
637
638         if (add_user) {
639                 if (!user_name) {
640                         fprintf (stderr, "Username not specified! (use -u option)\n");
641                         return -1;
642                 }
643                 if (machine)
644                         return new_machine (user_name);
645                 else
646                         return new_user (user_name, full_name, home_dir, home_drive, logon_script, profile_path);
647         }
648
649         if (delete_user) {
650                 if (!user_name) {
651                         fprintf (stderr, "Username not specified! (use -u option)\n");
652                         return -1;
653                 }
654                 if (machine)
655                         return delete_machine_entry (user_name);
656                 else
657                         return delete_user_entry (user_name);
658         }
659         
660         if (user_name) {
661                 if (setparms)
662                         set_user_info ( user_name, full_name,
663                                                 home_dir,
664                                                 home_drive,
665                                                 logon_script,
666                                                 profile_path);
667                 else
668                         return print_user_info (user_name, verbose, spstyle);
669                 
670                 return 0;
671         }
672
673         
674         if (list_users) 
675                 return print_users_list (verbose, spstyle);
676         
677         if (import) 
678                 return import_users (smbpasswd); 
679         
680         usage();
681
682         return 0;
683 }