[s3]pdbedit: remove unused variable.
[ira/wip.git] / source3 / utils / pdbedit.c
1 /* 
2    Unix SMB/CIFS implementation.
3    passdb editing frontend
4    
5    Copyright (C) Simo Sorce      2000
6    Copyright (C) Andrew Bartlett 2001   
7    Copyright (C) Jelmer Vernooij 2002
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24
25 #define BIT_BACKEND     0x00000004
26 #define BIT_VERBOSE     0x00000008
27 #define BIT_SPSTYLE     0x00000010
28 #define BIT_CAN_CHANGE  0x00000020
29 #define BIT_MUST_CHANGE 0x00000040
30 #define BIT_USERSIDS    0x00000080
31 #define BIT_FULLNAME    0x00000100
32 #define BIT_HOMEDIR     0x00000200
33 #define BIT_HDIRDRIVE   0x00000400
34 #define BIT_LOGSCRIPT   0x00000800
35 #define BIT_PROFILE     0x00001000
36 #define BIT_MACHINE     0x00002000
37 #define BIT_USERDOMAIN  0x00004000
38 #define BIT_USER        0x00008000
39 #define BIT_LIST        0x00010000
40 #define BIT_MODIFY      0x00020000
41 #define BIT_CREATE      0x00040000
42 #define BIT_DELETE      0x00080000
43 #define BIT_ACCPOLICY   0x00100000
44 #define BIT_ACCPOLVAL   0x00200000
45 #define BIT_ACCTCTRL    0x00400000
46 #define BIT_RESERV_7    0x00800000
47 #define BIT_IMPORT      0x01000000
48 #define BIT_EXPORT      0x02000000
49 #define BIT_FIX_INIT    0x04000000
50 #define BIT_BADPWRESET  0x08000000
51 #define BIT_LOGONHOURS  0x10000000
52
53 #define MASK_ALWAYS_GOOD        0x0000001F
54 #define MASK_USER_GOOD          0x00405FE0
55
56 /*********************************************************
57  Add all currently available users to another db
58  ********************************************************/
59
60 static int export_database (struct pdb_methods *in, 
61                             struct pdb_methods *out, 
62                             const char *username) 
63 {
64         NTSTATUS status;
65         struct pdb_search *u_search;
66         struct samr_displayentry userentry;
67
68         DEBUG(3, ("export_database: username=\"%s\"\n", username ? username : "(NULL)"));
69
70         u_search = pdb_search_init(PDB_USER_SEARCH);
71         if (u_search == NULL) {
72                 DEBUG(0, ("pdb_search_init failed\n"));
73                 return 1;
74         }
75
76         if (!in->search_users(in, u_search, 0)) {
77                 DEBUG(0, ("Could not start searching users\n"));
78                 pdb_search_destroy(u_search);
79                 return 1;
80         }
81
82         while (u_search->next_entry(u_search, &userentry)) {
83                 struct samu *user;
84                 struct samu *account;
85                 DOM_SID user_sid;
86
87                 DEBUG(4, ("Processing account %s\n", userentry.account_name));
88
89                 if ((username != NULL)
90                     && (strcmp(username, userentry.account_name) != 0)) {
91                         /*
92                          * ignore unwanted users
93                          */
94                         continue;
95                 }
96
97                 user = samu_new(talloc_tos());
98                 if (user == NULL) {
99                         DEBUG(0, ("talloc failed\n"));
100                         break;
101                 }
102
103                 sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
104
105                 status = in->getsampwsid(in, user, &user_sid);
106
107                 if (!NT_STATUS_IS_OK(status)) {
108                         DEBUG(2, ("getsampwsid failed: %s\n",
109                                   nt_errstr(status)));
110                         TALLOC_FREE(user);
111                         continue;
112                 }
113
114                 account = samu_new(NULL);
115                 if (account == NULL) {
116                         fprintf(stderr, "export_database: Memory allocation "
117                                 "failure!\n");
118                         TALLOC_FREE( user );
119                         pdb_search_destroy(u_search);
120                         return 1;
121                 }
122
123                 printf("Importing account for %s...", user->username);
124                 status = out->getsampwnam(out, account, user->username);
125
126                 if (NT_STATUS_IS_OK(status)) {
127                         status = out->update_sam_account( out, user );
128                 } else {
129                         status = out->add_sam_account(out, user);
130                 }
131
132                 if ( NT_STATUS_IS_OK(status) ) {
133                         printf( "ok\n");
134                 } else {
135                         printf( "failed\n");
136                 }
137
138                 TALLOC_FREE( account );
139                 TALLOC_FREE( user );
140         }
141
142         pdb_search_destroy(u_search);
143
144         return 0;
145 }
146
147 /*********************************************************
148  Add all currently available group mappings to another db
149  ********************************************************/
150
151 static int export_groups (struct pdb_methods *in, struct pdb_methods *out) 
152 {
153         GROUP_MAP *maps = NULL;
154         size_t i, entries = 0;
155         NTSTATUS status;
156
157         status = in->enum_group_mapping(in, get_global_sam_sid(), 
158                         SID_NAME_DOM_GRP, &maps, &entries, False);
159
160         if ( NT_STATUS_IS_ERR(status) ) {
161                 fprintf(stderr, "Unable to enumerate group map entries.\n");
162                 return 1;
163         }
164
165         for (i=0; i<entries; i++) {
166                 out->add_group_mapping_entry(out, &(maps[i]));
167         }
168
169         SAFE_FREE( maps );
170
171         return 0;
172 }
173
174 /*********************************************************
175  Reset account policies to their default values and remove marker
176  ********************************************************/
177
178 static int reinit_account_policies (void) 
179 {
180         int i;
181
182         for (i=1; decode_account_policy_name(i) != NULL; i++) {
183                 uint32 policy_value;
184                 if (!account_policy_get_default(i, &policy_value)) {
185                         fprintf(stderr, "Can't get default account policy\n");
186                         return -1;
187                 }
188                 if (!account_policy_set(i, policy_value)) {
189                         fprintf(stderr, "Can't set account policy in tdb\n");
190                         return -1;
191                 }
192         }
193
194         return 0;
195 }
196
197
198 /*********************************************************
199  Add all currently available account policy from tdb to one backend
200  ********************************************************/
201
202 static int export_account_policies (struct pdb_methods *in, struct pdb_methods *out) 
203 {
204         int i;
205
206         for ( i=1; decode_account_policy_name(i) != NULL; i++ ) {
207                 uint32 policy_value;
208                 NTSTATUS status;
209
210                 status = in->get_account_policy(in, i, &policy_value);
211
212                 if ( NT_STATUS_IS_ERR(status) ) {
213                         fprintf(stderr, "Unable to get account policy from %s\n", in->name);
214                         return -1;
215                 }
216
217                 status = out->set_account_policy(out, i, policy_value);
218
219                 if ( NT_STATUS_IS_ERR(status) ) {
220                         fprintf(stderr, "Unable to migrate account policy to %s\n", out->name);
221                         return -1;
222                 }
223         }
224
225         return 0;
226 }
227
228
229 /*********************************************************
230  Print info from sam structure
231 **********************************************************/
232
233 static int print_sam_info (struct samu *sam_pwent, bool verbosity, bool smbpwdstyle)
234 {
235         uid_t uid;
236         time_t tmp;
237
238         /* TODO: check if entry is a user or a workstation */
239         if (!sam_pwent) return -1;
240
241         if (verbosity) {
242                 char temp[44];
243                 const uint8 *hours;
244
245                 printf ("Unix username:        %s\n", pdb_get_username(sam_pwent));
246                 printf ("NT username:          %s\n", pdb_get_nt_username(sam_pwent));
247                 printf ("Account Flags:        %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN));
248                 printf ("User SID:             %s\n",
249                         sid_string_tos(pdb_get_user_sid(sam_pwent)));
250                 printf ("Primary Group SID:    %s\n",
251                         sid_string_tos(pdb_get_group_sid(sam_pwent)));
252                 printf ("Full Name:            %s\n", pdb_get_fullname(sam_pwent));
253                 printf ("Home Directory:       %s\n", pdb_get_homedir(sam_pwent));
254                 printf ("HomeDir Drive:        %s\n", pdb_get_dir_drive(sam_pwent));
255                 printf ("Logon Script:         %s\n", pdb_get_logon_script(sam_pwent));
256                 printf ("Profile Path:         %s\n", pdb_get_profile_path(sam_pwent));
257                 printf ("Domain:               %s\n", pdb_get_domain(sam_pwent));
258                 printf ("Account desc:         %s\n", pdb_get_acct_desc(sam_pwent));
259                 printf ("Workstations:         %s\n", pdb_get_workstations(sam_pwent));
260                 printf ("Munged dial:          %s\n", pdb_get_munged_dial(sam_pwent));
261
262                 tmp = pdb_get_logon_time(sam_pwent);
263                 printf ("Logon time:           %s\n", 
264                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
265
266                 tmp = pdb_get_logoff_time(sam_pwent);
267                 printf ("Logoff time:          %s\n", 
268                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
269
270                 tmp = pdb_get_kickoff_time(sam_pwent);
271                 printf ("Kickoff time:         %s\n", 
272                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
273
274                 tmp = pdb_get_pass_last_set_time(sam_pwent);
275                 printf ("Password last set:    %s\n", 
276                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
277
278                 tmp = pdb_get_pass_can_change_time(sam_pwent);
279                 printf ("Password can change:  %s\n", 
280                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
281
282                 tmp = pdb_get_pass_must_change_time(sam_pwent);
283                 printf ("Password must change: %s\n", 
284                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
285
286                 tmp = pdb_get_bad_password_time(sam_pwent);
287                 printf ("Last bad password   : %s\n", 
288                                 tmp ? http_timestring(talloc_tos(), tmp) : "0");
289                 printf ("Bad password count  : %d\n",
290                         pdb_get_bad_password_count(sam_pwent));
291
292                 hours = pdb_get_hours(sam_pwent);
293                 pdb_sethexhours(temp, hours);
294                 printf ("Logon hours         : %s\n", temp);
295
296         } else if (smbpwdstyle) {
297                 char lm_passwd[33];
298                 char nt_passwd[33];
299
300                 uid = nametouid(pdb_get_username(sam_pwent));
301                 pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
302                 pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
303
304                 printf("%s:%lu:%s:%s:%s:LCT-%08X:\n",
305                        pdb_get_username(sam_pwent),
306                        (unsigned long)uid,
307                        lm_passwd,
308                        nt_passwd,
309                        pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
310                        (uint32)convert_time_t_to_uint32(pdb_get_pass_last_set_time(sam_pwent)));
311         } else {
312                 uid = nametouid(pdb_get_username(sam_pwent));
313                 printf ("%s:%lu:%s\n", pdb_get_username(sam_pwent), (unsigned long)uid, 
314                         pdb_get_fullname(sam_pwent));
315         }
316
317         return 0;
318 }
319
320 /*********************************************************
321  Get an Print User Info
322 **********************************************************/
323
324 static int print_user_info (struct pdb_methods *in, const char *username, bool verbosity, bool smbpwdstyle)
325 {
326         struct samu *sam_pwent=NULL;
327         bool ret;
328
329         if ( (sam_pwent = samu_new( NULL )) == NULL ) {
330                 return -1;
331         }
332
333         ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
334
335         if (ret==False) {
336                 fprintf (stderr, "Username not found!\n");
337                 TALLOC_FREE(sam_pwent);
338                 return -1;
339         }
340
341         ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
342         TALLOC_FREE(sam_pwent);
343         
344         return ret;
345 }
346         
347 /*********************************************************
348  List Users
349 **********************************************************/
350 static int print_users_list (struct pdb_methods *in, bool verbosity, bool smbpwdstyle)
351 {
352         struct pdb_search *u_search;
353         struct samr_displayentry userentry;
354
355         u_search = pdb_search_init(PDB_USER_SEARCH);
356         if (u_search == NULL) {
357                 DEBUG(0, ("pdb_search_init failed\n"));
358                 return 1;
359         }
360
361         if (!in->search_users(in, u_search, 0)) {
362                 DEBUG(0, ("Could not start searching users\n"));
363                 pdb_search_destroy(u_search);
364                 return 1;
365         }
366
367         while (u_search->next_entry(u_search, &userentry)) {
368                 struct samu *sam_pwent;
369                 DOM_SID user_sid;
370                 NTSTATUS status;
371
372                 sam_pwent = samu_new(talloc_tos());
373                 if (sam_pwent == NULL) {
374                         DEBUG(0, ("talloc failed\n"));
375                         break;
376                 }
377
378                 sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
379
380                 status = in->getsampwsid(in, sam_pwent, &user_sid);
381
382                 if (!NT_STATUS_IS_OK(status)) {
383                         DEBUG(2, ("getsampwsid failed: %s\n",
384                                   nt_errstr(status)));
385                         TALLOC_FREE(sam_pwent);
386                         continue;
387                 }
388
389                 if (verbosity)
390                         printf ("---------------\n");
391                 print_sam_info (sam_pwent, verbosity, smbpwdstyle);
392                 TALLOC_FREE(sam_pwent);
393         }
394         pdb_search_destroy(u_search);
395
396         return 0;
397 }
398
399 /*********************************************************
400  Fix a list of Users for uninitialised passwords
401 **********************************************************/
402 static int fix_users_list (struct pdb_methods *in)
403 {
404         struct pdb_search *u_search;
405         struct samr_displayentry userentry;
406
407         u_search = pdb_search_init(PDB_USER_SEARCH);
408         if (u_search == NULL) {
409                 DEBUG(0, ("pdb_search_init failed\n"));
410                 return 1;
411         }
412
413         if (!in->search_users(in, u_search, 0)) {
414                 DEBUG(0, ("Could not start searching users\n"));
415                 pdb_search_destroy(u_search);
416                 return 1;
417         }
418
419         while (u_search->next_entry(u_search, &userentry)) {
420                 struct samu *sam_pwent;
421                 DOM_SID user_sid;
422                 NTSTATUS status;
423
424                 sam_pwent = samu_new(talloc_tos());
425                 if (sam_pwent == NULL) {
426                         DEBUG(0, ("talloc failed\n"));
427                         break;
428                 }
429
430                 sid_compose(&user_sid, get_global_sam_sid(), userentry.rid);
431
432                 status = in->getsampwsid(in, sam_pwent, &user_sid);
433
434                 if (!NT_STATUS_IS_OK(status)) {
435                         DEBUG(2, ("getsampwsid failed: %s\n",
436                                   nt_errstr(status)));
437                         TALLOC_FREE(sam_pwent);
438                         continue;
439                 }
440
441                 if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
442                         printf("Update of user %s failed!\n",
443                                pdb_get_username(sam_pwent));
444                 }
445                 TALLOC_FREE(sam_pwent);
446         }
447         pdb_search_destroy(u_search);
448         return 0;
449 }
450
451 /*********************************************************
452  Set User Info
453 **********************************************************/
454
455 static int set_user_info (struct pdb_methods *in, const char *username, 
456                           const char *fullname, const char *homedir, 
457                           const char *acct_desc, 
458                           const char *drive, const char *script, 
459                           const char *profile, const char *account_control,
460                           const char *user_sid, const char *user_domain,
461                           const bool badpw, const bool hours)
462 {
463         bool updated_autolock = False, updated_badpw = False;
464         struct samu *sam_pwent=NULL;
465         bool ret;
466         
467         if ( (sam_pwent = samu_new( NULL )) == NULL ) {
468                 return 1;
469         }
470         
471         ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
472         if (ret==False) {
473                 fprintf (stderr, "Username not found!\n");
474                 TALLOC_FREE(sam_pwent);
475                 return -1;
476         }
477
478         if (hours) {
479                 uint8 hours_array[MAX_HOURS_LEN];
480                 uint32 hours_len;
481                 
482                 hours_len = pdb_get_hours_len(sam_pwent);
483                 memset(hours_array, 0xff, hours_len);
484                 
485                 pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED);
486         }
487
488         if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
489                 DEBUG(2,("pdb_update_autolock_flag failed.\n"));
490         }
491
492         if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
493                 DEBUG(2,("pdb_update_bad_password_count failed.\n"));
494         }
495
496         if (fullname)
497                 pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
498         if (acct_desc)
499                 pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
500         if (homedir)
501                 pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
502         if (drive)
503                 pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
504         if (script)
505                 pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
506         if (profile)
507                 pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
508         if (user_domain)
509                 pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
510
511         if (account_control) {
512                 uint32 not_settable = ~(ACB_DISABLED|ACB_HOMDIRREQ|ACB_PWNOTREQ|
513                                         ACB_PWNOEXP|ACB_AUTOLOCK);
514
515                 uint32 newflag = pdb_decode_acct_ctrl(account_control);
516
517                 if (newflag & not_settable) {
518                         fprintf(stderr, "Can only set [NDHLX] flags\n");
519                         TALLOC_FREE(sam_pwent);
520                         return -1;
521                 }
522
523                 pdb_set_acct_ctrl(sam_pwent,
524                                   (pdb_get_acct_ctrl(sam_pwent) & not_settable) | newflag,
525                                   PDB_CHANGED);
526         }
527         if (user_sid) {
528                 DOM_SID u_sid;
529                 if (!string_to_sid(&u_sid, user_sid)) {
530                         /* not a complete sid, may be a RID, try building a SID */
531                         int u_rid;
532                         
533                         if (sscanf(user_sid, "%d", &u_rid) != 1) {
534                                 fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
535                                 return -1;
536                         }
537                         sid_copy(&u_sid, get_global_sam_sid());
538                         sid_append_rid(&u_sid, u_rid);
539                 }
540                 pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
541         }
542
543         if (badpw) {
544                 pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
545                 pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
546         }
547
548         if (NT_STATUS_IS_OK(in->update_sam_account (in, sam_pwent)))
549                 print_user_info (in, username, True, False);
550         else {
551                 fprintf (stderr, "Unable to modify entry!\n");
552                 TALLOC_FREE(sam_pwent);
553                 return -1;
554         }
555         TALLOC_FREE(sam_pwent);
556         return 0;
557 }
558
559 /*********************************************************
560  Add New User
561 **********************************************************/
562 static int new_user (struct pdb_methods *in, const char *username,
563                         const char *fullname, const char *homedir,
564                         const char *drive, const char *script,
565                         const char *profile, char *user_sid, bool stdin_get)
566 {
567         struct samu *sam_pwent;
568         char *password1, *password2;
569         int rc_pwd_cmp;
570         struct passwd *pwd;
571
572         get_global_sam_sid();
573
574         if ( !(pwd = getpwnam_alloc( NULL, username )) ) {
575                 DEBUG(0,("Cannot locate Unix account for %s\n", username));
576                 return -1;
577         }
578
579         if ( (sam_pwent = samu_new( NULL )) == NULL ) {
580                 DEBUG(0, ("Memory allocation failure!\n"));
581                 return -1;
582         }
583
584         if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) {
585                 TALLOC_FREE( sam_pwent );
586                 TALLOC_FREE( pwd );
587                 DEBUG(0, ("could not create account to add new user %s\n", username));
588                 return -1;
589         }
590
591         password1 = get_pass( "new password:", stdin_get);
592         password2 = get_pass( "retype new password:", stdin_get);
593         if ((rc_pwd_cmp = strcmp (password1, password2))) {
594                 fprintf (stderr, "Passwords do not match!\n");
595                 TALLOC_FREE(sam_pwent);
596         } else {
597                 pdb_set_plaintext_passwd(sam_pwent, password1);
598         }
599
600         memset(password1, 0, strlen(password1));
601         SAFE_FREE(password1);
602         memset(password2, 0, strlen(password2));
603         SAFE_FREE(password2);
604
605         /* pwds do _not_ match? */
606         if (rc_pwd_cmp)
607                 return -1;
608
609         if (fullname)
610                 pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
611         if (homedir)
612                 pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
613         if (drive)
614                 pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
615         if (script)
616                 pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
617         if (profile)
618                 pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
619         if (user_sid) {
620                 DOM_SID u_sid;
621                 if (!string_to_sid(&u_sid, user_sid)) {
622                         /* not a complete sid, may be a RID, try building a SID */
623                         int u_rid;
624                         
625                         if (sscanf(user_sid, "%d", &u_rid) != 1) {
626                                 fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
627                                 TALLOC_FREE(sam_pwent);
628                                 return -1;
629                         }
630                         sid_copy(&u_sid, get_global_sam_sid());
631                         sid_append_rid(&u_sid, u_rid);
632                 }
633                 pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
634         }
635         
636         pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
637         
638         if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) { 
639                 print_user_info (in, username, True, False);
640         } else {
641                 fprintf (stderr, "Unable to add user! (does it already exist?)\n");
642                 TALLOC_FREE(sam_pwent);
643                 return -1;
644         }
645         TALLOC_FREE(sam_pwent);
646         return 0;
647 }
648
649 /*********************************************************
650  Add New Machine
651 **********************************************************/
652
653 static int new_machine (struct pdb_methods *in, const char *machine_in)
654 {
655         struct samu *sam_pwent=NULL;
656         fstring machinename;
657         fstring machineaccount;
658         struct passwd  *pwd = NULL;
659         
660         get_global_sam_sid();
661
662         if (strlen(machine_in) == 0) {
663                 fprintf(stderr, "No machine name given\n");
664                 return -1;
665         }
666
667         fstrcpy(machinename, machine_in); 
668         machinename[15]= '\0';
669
670         if (machinename[strlen (machinename) -1] == '$')
671                 machinename[strlen (machinename) -1] = '\0';
672         
673         strlower_m(machinename);
674         
675         fstrcpy(machineaccount, machinename);
676         fstrcat(machineaccount, "$");
677
678         if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) {
679                 DEBUG(0,("Cannot locate Unix account for %s\n", machineaccount));
680                 return -1;
681         }
682
683         if ( (sam_pwent = samu_new( NULL )) == NULL ) {
684                 fprintf(stderr, "Memory allocation error!\n");
685                 TALLOC_FREE(pwd);
686                 return -1;
687         }
688
689         if ( !NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd )) ) {
690                 fprintf(stderr, "Could not init sam from pw\n");
691                 TALLOC_FREE(pwd);
692                 return -1;
693         }
694
695         TALLOC_FREE(pwd);
696
697         pdb_set_plaintext_passwd (sam_pwent, machinename);
698         pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED);      
699         pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
700         
701         if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
702                 print_user_info (in, machineaccount, True, False);
703         } else {
704                 fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
705                 TALLOC_FREE(sam_pwent);
706                 return -1;
707         }
708         TALLOC_FREE(sam_pwent);
709         return 0;
710 }
711
712 /*********************************************************
713  Delete user entry
714 **********************************************************/
715
716 static int delete_user_entry (struct pdb_methods *in, const char *username)
717 {
718         struct samu *samaccount = NULL;
719
720         if ( (samaccount = samu_new( NULL )) == NULL ) {
721                 return -1;
722         }
723
724         if (!NT_STATUS_IS_OK(in->getsampwnam(in, samaccount, username))) {
725                 fprintf (stderr, "user %s does not exist in the passdb\n", username);
726                 return -1;
727         }
728
729         if (!NT_STATUS_IS_OK(in->delete_sam_account (in, samaccount))) {
730                 fprintf (stderr, "Unable to delete user %s\n", username);
731                 return -1;
732         }
733         return 0;
734 }
735
736 /*********************************************************
737  Delete machine entry
738 **********************************************************/
739
740 static int delete_machine_entry (struct pdb_methods *in, const char *machinename)
741 {
742         fstring name;
743         struct samu *samaccount = NULL;
744
745         if (strlen(machinename) == 0) {
746                 fprintf(stderr, "No machine name given\n");
747                 return -1;
748         }
749         
750         fstrcpy(name, machinename);
751         name[15] = '\0';
752         if (name[strlen(name)-1] != '$')
753                 fstrcat (name, "$");
754
755         if ( (samaccount = samu_new( NULL )) == NULL ) {
756                 return -1;
757         }
758
759         if (!NT_STATUS_IS_OK(in->getsampwnam(in, samaccount, name))) {
760                 fprintf (stderr, "machine %s does not exist in the passdb\n", name);
761                 return -1;
762         }
763
764         if (!NT_STATUS_IS_OK(in->delete_sam_account (in, samaccount))) {
765                 fprintf (stderr, "Unable to delete machine %s\n", name);
766                 return -1;
767         }
768
769         return 0;
770 }
771
772 /*********************************************************
773  Start here.
774 **********************************************************/
775
776 int main (int argc, char **argv)
777 {
778         static int list_users = False;
779         static int verbose = False;
780         static int spstyle = False;
781         static int machine = False;
782         static int add_user = False;
783         static int delete_user = False;
784         static int modify_user = False;
785         uint32  setparms, checkparms;
786         int opt;
787         static char *full_name = NULL;
788         static char *acct_desc = NULL;
789         static const char *user_name = NULL;
790         static char *home_dir = NULL;
791         static char *home_drive = NULL;
792         static char *backend = NULL;
793         static char *backend_in = NULL;
794         static char *backend_out = NULL;
795         static int transfer_groups = False;
796         static int transfer_account_policies = False;
797         static int reset_account_policies = False;
798         static int  force_initialised_password = False;
799         static char *logon_script = NULL;
800         static char *profile_path = NULL;
801         static char *user_domain = NULL;
802         static char *account_control = NULL;
803         static char *account_policy = NULL;
804         static char *user_sid = NULL;
805         static long int account_policy_value = 0;
806         bool account_policy_value_set = False;
807         static int badpw_reset = False;
808         static int hours_reset = False;
809         static char *pwd_time_format = NULL;
810         static int pw_from_stdin = False;
811         struct pdb_methods *bin, *bout, *bdef;
812         TALLOC_CTX *frame = talloc_stackframe();
813         poptContext pc;
814         struct poptOption long_options[] = {
815                 POPT_AUTOHELP
816                 {"list",        'L', POPT_ARG_NONE, &list_users, 0, "list all users", NULL},
817                 {"verbose",     'v', POPT_ARG_NONE, &verbose, 0, "be verbose", NULL },
818                 {"smbpasswd-style",     'w',POPT_ARG_NONE, &spstyle, 0, "give output in smbpasswd style", NULL},
819                 {"user",        'u', POPT_ARG_STRING, &user_name, 0, "use username", "USER" },
820                 {"account-desc",        'N', POPT_ARG_STRING, &acct_desc, 0, "set account description", NULL},
821                 {"fullname",    'f', POPT_ARG_STRING, &full_name, 0, "set full name", NULL},
822                 {"homedir",     'h', POPT_ARG_STRING, &home_dir, 0, "set home directory", NULL},
823                 {"drive",       'D', POPT_ARG_STRING, &home_drive, 0, "set home drive", NULL},
824                 {"script",      'S', POPT_ARG_STRING, &logon_script, 0, "set logon script", NULL},
825                 {"profile",     'p', POPT_ARG_STRING, &profile_path, 0, "set profile path", NULL},
826                 {"domain",      'I', POPT_ARG_STRING, &user_domain, 0, "set a users' domain", NULL},
827                 {"user SID",    'U', POPT_ARG_STRING, &user_sid, 0, "set user SID or RID", NULL},
828                 {"create",      'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL},
829                 {"modify",      'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL},
830                 {"machine",     'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL},
831                 {"delete",      'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL},
832                 {"backend",     'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL},
833                 {"import",      'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
834                 {"export",      'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
835                 {"group",       'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL},
836                 {"policies",    'y', POPT_ARG_NONE, &transfer_account_policies, 0, "use -i and -e to move account policies between backends", NULL},
837                 {"policies-reset",      0, POPT_ARG_NONE, &reset_account_policies, 0, "restore default policies", NULL},
838                 {"account-policy",      'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
839                 {"value",       'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
840                 {"account-control",     'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
841                 {"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
842                 {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL},
843                 {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL},
844                 {"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL },
845                 {"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL},
846                 POPT_COMMON_SAMBA
847                 POPT_TABLEEND
848         };
849         
850         /* we shouldn't have silly checks like this */
851         if (getuid() != 0) {
852                 d_fprintf(stderr, "You must be root to use pdbedit\n");
853                 TALLOC_FREE(frame);
854                 return -1;
855         }
856         
857         bin = bout = bdef = NULL;
858
859         load_case_tables();
860
861         setup_logging("pdbedit", True);
862         
863         pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
864                             POPT_CONTEXT_KEEP_FIRST);
865         
866         while((opt = poptGetNextOpt(pc)) != -1) {
867                 switch (opt) {
868                 case 'C':
869                         account_policy_value_set = True;
870                         break;
871                 }
872         }
873
874         poptGetArg(pc); /* Drop argv[0], the program name */
875
876         if (user_name == NULL)
877                 user_name = poptGetArg(pc);
878
879         if (!lp_load(get_dyn_CONFIGFILE(),True,False,False,True)) {
880                 fprintf(stderr, "Can't load %s - run testparm to debug it\n", get_dyn_CONFIGFILE());
881                 exit(1);
882         }
883
884         if(!initialize_password_db(False, NULL))
885                 exit(1);
886
887         if (!init_names())
888                 exit(1);
889
890         setparms =      (backend ? BIT_BACKEND : 0) +
891                         (verbose ? BIT_VERBOSE : 0) +
892                         (spstyle ? BIT_SPSTYLE : 0) +
893                         (full_name ? BIT_FULLNAME : 0) +
894                         (home_dir ? BIT_HOMEDIR : 0) +
895                         (home_drive ? BIT_HDIRDRIVE : 0) +
896                         (logon_script ? BIT_LOGSCRIPT : 0) +
897                         (profile_path ? BIT_PROFILE : 0) +
898                         (user_domain ? BIT_USERDOMAIN : 0) +
899                         (machine ? BIT_MACHINE : 0) +
900                         (user_name ? BIT_USER : 0) +
901                         (list_users ? BIT_LIST : 0) +
902                         (force_initialised_password ? BIT_FIX_INIT : 0) +
903                         (user_sid ? BIT_USERSIDS : 0) +
904                         (modify_user ? BIT_MODIFY : 0) +
905                         (add_user ? BIT_CREATE : 0) +
906                         (delete_user ? BIT_DELETE : 0) +
907                         (account_control ? BIT_ACCTCTRL : 0) +
908                         (account_policy ? BIT_ACCPOLICY : 0) +
909                         (account_policy_value_set ? BIT_ACCPOLVAL : 0) +
910                         (backend_in ? BIT_IMPORT : 0) +
911                         (backend_out ? BIT_EXPORT : 0) +
912                         (badpw_reset ? BIT_BADPWRESET : 0) +
913                         (hours_reset ? BIT_LOGONHOURS : 0);
914
915         if (setparms & BIT_BACKEND) {
916                 if (!NT_STATUS_IS_OK(make_pdb_method_name( &bdef, backend ))) {
917                         fprintf(stderr, "Can't initialize passdb backend.\n");
918                         return 1;
919                 }
920         } else {
921                 if (!NT_STATUS_IS_OK(make_pdb_method_name(&bdef, lp_passdb_backend()))) {
922                         fprintf(stderr, "Can't initialize passdb backend.\n");
923                         return 1;
924                 }
925         }
926         
927         /* the lowest bit options are always accepted */
928         checkparms = setparms & ~MASK_ALWAYS_GOOD;
929
930         if (checkparms & BIT_FIX_INIT) {
931                 return fix_users_list(bdef);
932         }
933
934         /* account policy operations */
935         if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) {
936                 uint32 value;
937                 int field = account_policy_name_to_fieldnum(account_policy);
938                 if (field == 0) {
939                         const char **names;
940                         int count;
941                         int i;
942                         account_policy_names_list(&names, &count);
943                         fprintf(stderr, "No account policy by that name!\n");
944                         if (count !=0) {
945                                 fprintf(stderr, "Account policy names are:\n");
946                                 for (i = 0; i < count ; i++) {
947                                         d_fprintf(stderr, "%s\n", names[i]);
948                                 }
949                         }
950                         SAFE_FREE(names);
951                         exit(1);
952                 }
953                 if (!pdb_get_account_policy(field, &value)) {
954                         fprintf(stderr, "valid account policy, but unable to fetch value!\n");
955                         if (!account_policy_value_set)
956                                 exit(1);
957                 }
958                 printf("account policy \"%s\" description: %s\n", account_policy, account_policy_get_desc(field));
959                 if (account_policy_value_set) {
960                         printf("account policy \"%s\" value was: %u\n", account_policy, value);
961                         if (!pdb_set_account_policy(field, account_policy_value)) {
962                                 fprintf(stderr, "valid account policy, but unable to set value!\n");
963                                 exit(1);
964                         }
965                         printf("account policy \"%s\" value is now: %lu\n", account_policy, account_policy_value);
966                         exit(0);
967                 } else {
968                         printf("account policy \"%s\" value is: %u\n", account_policy, value);
969                         exit(0);
970                 }
971         }
972
973         if (reset_account_policies) {
974                 if (!reinit_account_policies()) {
975                         exit(1);
976                 }
977
978                 exit(0);
979         }
980
981         /* import and export operations */
982
983         if ( ((checkparms & BIT_IMPORT) 
984                 || (checkparms & BIT_EXPORT))
985                 && !(checkparms & ~(BIT_IMPORT +BIT_EXPORT +BIT_USER)) ) 
986         {
987                 NTSTATUS status;
988
989                 bin = bout = bdef;
990
991                 if (backend_in) {
992                         status = make_pdb_method_name(&bin, backend_in);
993
994                         if ( !NT_STATUS_IS_OK(status) ) {
995                                 fprintf(stderr, "Unable to initialize %s.\n", backend_in);
996                                 return 1;
997                         }
998                 }
999
1000                 if (backend_out) {
1001                         status = make_pdb_method_name(&bout, backend_out);
1002
1003                         if ( !NT_STATUS_IS_OK(status) ) {
1004                                 fprintf(stderr, "Unable to initialize %s.\n", backend_out);
1005                                 return 1;
1006                         }
1007                 }
1008
1009                 if (transfer_account_policies) {
1010
1011                         if (!(checkparms & BIT_USER))
1012                                 return export_account_policies(bin, bout);
1013
1014                 } else  if (transfer_groups) {
1015
1016                         if (!(checkparms & BIT_USER))
1017                                 return export_groups(bin, bout);
1018
1019                 } else {
1020                                 return export_database(bin, bout, 
1021                                         (checkparms & BIT_USER) ? user_name : NULL );
1022                 }
1023         }
1024
1025         /* if BIT_USER is defined but nothing else then threat it as -l -u for compatibility */
1026         /* fake up BIT_LIST if only BIT_USER is defined */
1027         if ((checkparms & BIT_USER) && !(checkparms & ~BIT_USER)) {
1028                 checkparms += BIT_LIST;
1029         }
1030         
1031         /* modify flag is optional to maintain backwards compatibility */
1032         /* fake up BIT_MODIFY if BIT_USER  and at least one of MASK_USER_GOOD is defined */
1033         if (!((checkparms & ~MASK_USER_GOOD) & ~BIT_USER) && (checkparms & MASK_USER_GOOD)) {
1034                 checkparms += BIT_MODIFY;
1035         }
1036
1037         /* list users operations */
1038         if (checkparms & BIT_LIST) {
1039                 if (!(checkparms & ~BIT_LIST)) {
1040                         return print_users_list (bdef, verbose, spstyle);
1041                 }
1042                 if (!(checkparms & ~(BIT_USER + BIT_LIST))) {
1043                         return print_user_info (bdef, user_name, verbose, spstyle);
1044                 }
1045         }
1046         
1047         /* mask out users options */
1048         checkparms &= ~MASK_USER_GOOD;
1049
1050         /* if bad password count is reset, we must be modifying */
1051         if (checkparms & BIT_BADPWRESET) {
1052                 checkparms |= BIT_MODIFY;
1053                 checkparms &= ~BIT_BADPWRESET;
1054         }
1055
1056         /* if logon hours is reset, must modify */
1057         if (checkparms & BIT_LOGONHOURS) {
1058                 checkparms |= BIT_MODIFY;
1059                 checkparms &= ~BIT_LOGONHOURS;
1060         }
1061         
1062         /* account operation */
1063         if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) {
1064                 /* check use of -u option */
1065                 if (!(checkparms & BIT_USER)) {
1066                         fprintf (stderr, "Username not specified! (use -u option)\n");
1067                         return -1;
1068                 }
1069
1070                 /* account creation operations */
1071                 if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) {
1072                         if (checkparms & BIT_MACHINE) {
1073                                 return new_machine (bdef, user_name);
1074                         } else {
1075                                 return new_user (bdef, user_name, full_name, home_dir, 
1076                                         home_drive, logon_script, profile_path, user_sid, pw_from_stdin);
1077                         }
1078                 }
1079
1080                 /* account deletion operations */
1081                 if (!(checkparms & ~(BIT_DELETE + BIT_USER + BIT_MACHINE))) {
1082                         if (checkparms & BIT_MACHINE) {
1083                                 return delete_machine_entry (bdef, user_name);
1084                         } else {
1085                                 return delete_user_entry (bdef, user_name);
1086                         }
1087                 }
1088
1089                 /* account modification operations */
1090                 if (!(checkparms & ~(BIT_MODIFY + BIT_USER))) {
1091                         return set_user_info (bdef, user_name, full_name, home_dir,
1092                                 acct_desc, home_drive, logon_script, profile_path, account_control,
1093                                 user_sid, user_domain, badpw_reset, hours_reset);
1094                 }
1095         }
1096
1097         if (setparms >= 0x20) {
1098                 fprintf (stderr, "Incompatible or insufficient options on command line!\n");
1099         }
1100         poptPrintHelp(pc, stderr, 0);
1101
1102         TALLOC_FREE(frame);
1103         return 1;
1104 }