* responsible.
*/
-extern DOM_SID global_sam_sid;
-extern pstring global_myname;
-
/************************************************************
Fill the SAM_ACCOUNT with default values.
***********************************************************/
{
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
+ /* no initial methods */
+ user->methods = NULL;
+
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
- user->private.init_flag = FLAG_SAM_UNINIT;
user->private.uid = user->private.gid = -1;
user->private.logon_time = (time_t)0;
user->private.workstations = "";
user->private.unknown_str = "";
user->private.munged_dial = "";
+
+ user->private.plaintext_pw = NULL;
+
}
static void destroy_pdb_talloc(SAM_ACCOUNT **user)
{
if (*user) {
+ data_blob_clear_free(&((*user)->private.lm_pw));
+ data_blob_clear_free(&((*user)->private.nt_pw));
+
+ if((*user)->private.plaintext_pw!=NULL)
+ memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw));
talloc_destroy((*user)->mem_ctx);
*user = NULL;
}
NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user)
{
if (*user != NULL) {
- DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n"));
+ DEBUG(0,("pdb_init_sam_talloc: SAM_ACCOUNT was non NULL\n"));
#if 0
smb_panic("non-NULL pointer passed to pdb_init_sam\n");
#endif
*user=(SAM_ACCOUNT *)talloc(mem_ctx, sizeof(SAM_ACCOUNT));
if (*user==NULL) {
- DEBUG(0,("pdb_init_sam: error while allocating memory\n"));
+ DEBUG(0,("pdb_init_sam_talloc: error while allocating memory\n"));
return NT_STATUS_NO_MEMORY;
}
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
- mem_ctx = talloc_init_named("passdb internal SAM_ACCOUNT allocation");
+ mem_ctx = talloc_init("passdb internal SAM_ACCOUNT allocation");
if (!mem_ctx) {
DEBUG(0,("pdb_init_sam: error while doing talloc_init()\n"));
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
GROUP_MAP map;
- uint32 rid;
+
+ const char *guest_account = lp_guestaccount();
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
pdb_fill_default_sam(sam_account);
- pdb_set_username(sam_account, pwd->pw_name);
- pdb_set_fullname(sam_account, pwd->pw_gecos);
+ pdb_set_username(sam_account, pwd->pw_name, PDB_SET);
+ pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET);
- pdb_set_unix_homedir(sam_account, pwd->pw_dir);
+ pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
- pdb_set_domain (sam_account, lp_workgroup());
+ pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
- pdb_set_uid(sam_account, pwd->pw_uid);
- pdb_set_gid(sam_account, pwd->pw_gid);
+ pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
+ pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
-- abartlet 11-May-02
*/
- pdb_set_user_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid));
- /* call the mapping code here */
- if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, &rid);
- }
- else {
- rid=pdb_gid_to_group_rid(pwd->pw_gid);
- }
+ /* Ensure this *must* be set right */
+ if (strcmp(pwd->pw_name, guest_account) == 0) {
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ } else {
+
+ if (!pdb_set_user_sid_from_rid(sam_account,
+ fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ DEBUG(0,("Can't set User SID from RID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- pdb_set_group_rid(sam_account, rid);
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
+ DEBUG(0,("Can't set Group SID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ else {
+ if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ DEBUG(0,("Can't set Group SID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ }
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
{
pdb_set_profile_path(sam_account,
- standard_sub_specified((sam_account)->mem_ctx,
+ talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_path(),
- pwd->pw_name, global_myname,
+ pwd->pw_name, global_myname(),
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_homedir(sam_account,
- standard_sub_specified((sam_account)->mem_ctx,
+ talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_home(),
- pwd->pw_name, global_myname,
+ pwd->pw_name, global_myname(),
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_dir_drive(sam_account,
- standard_sub_specified((sam_account)->mem_ctx,
+ talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_drive(),
- pwd->pw_name, global_myname,
+ pwd->pw_name, global_myname(),
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_logon_script(sam_account,
- standard_sub_specified((sam_account)->mem_ctx,
+ talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_script(),
- pwd->pw_name, global_myname,
+ pwd->pw_name, global_myname(),
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) {
+ DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ } else {
+ if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) {
+ DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
}
return NT_STATUS_OK;
}
/**
* Free the contets of the SAM_ACCOUNT, but not the structure.
*
- * Also wipes the LM and NT hashes and plaintext passwrod from
+ * Also wipes the LM and NT hashes and plaintext password from
* memory.
*
* @param user SAM_ACCOUNT to free members of.
data_blob_clear_free(&(user->private.lm_pw));
data_blob_clear_free(&(user->private.nt_pw));
- data_blob_clear_free(&(user->private.plaintext_pw));
+ if (user->private.plaintext_pw!=NULL)
+ memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
}
{
int i;
unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
+ const char *hexchars = "0123456789ABCDEF";
char *p1, *p2;
if (!p)
return (True);
}
-#if 0 /* seem it is not used by anyone */
/*******************************************************************
- Group and User RID username mapping function
+ Converts NT user RID to a UNIX uid.
********************************************************************/
-BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
+static int algorithmic_rid_base(void)
{
- GROUP_MAP map;
- struct passwd *pw = Get_Pwnam(user_name);
-
- if (u_rid == NULL || g_rid == NULL || user_name == NULL)
- return False;
+ static int rid_offset = 0;
- if (!pw) {
- DEBUG(1,("Username %s is invalid on this system\n", user_name));
- return False;
- }
+ if (rid_offset != 0)
+ return rid_offset;
- /* turn the unix UID into a Domain RID. this is what the posix
- sub-system does (adds 1000 to the uid) */
- *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
+ rid_offset = lp_algorithmic_rid_base();
- /* absolutely no idea what to do about the unix GID to Domain RID mapping */
- /* map it ! */
- if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, g_rid);
- } else
- *g_rid = pdb_gid_to_group_rid(pw->pw_gid);
-
- return True;
+ if (rid_offset < BASE_RID) {
+ /* Try to prevent admin foot-shooting, we can't put algorithmic
+ rids below 1000, that's the 'well known RIDs' on NT */
+ DEBUG(0, ("'algorithmic rid base' must be equal to or above %ld\n", BASE_RID));
+ rid_offset = BASE_RID;
+ }
+ if (rid_offset & 1) {
+ DEBUG(0, ("algorithmic rid base must be even\n"));
+ rid_offset += 1;
+ }
+ return rid_offset;
}
-#endif /* seem it is not used by anyone */
-/*******************************************************************
- Converts NT user RID to a UNIX uid.
- ********************************************************************/
uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
{
- int rid_offset = lp_algorithmic_rid_base();
+ int rid_offset = algorithmic_rid_base();
return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
}
uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
{
- int rid_offset = lp_algorithmic_rid_base();
+ int rid_offset = algorithmic_rid_base();
return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
}
gid_t pdb_group_rid_to_gid(uint32 group_rid)
{
- int rid_offset = lp_algorithmic_rid_base();
+ int rid_offset = algorithmic_rid_base();
return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
}
uint32 pdb_gid_to_group_rid(gid_t gid)
{
- int rid_offset = lp_algorithmic_rid_base();
+ int rid_offset = algorithmic_rid_base();
return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE);
}
* such that it can be identified as either a user, group etc
* type. there are 5 such categories, and they are documented.
*/
+ /* However, they are not in the RID, just somthing you can query
+ seperatly. Sorry luke :-) */
+
if(pdb_rid_is_well_known(rid)) {
/*
* The only well known user RIDs are DOMAIN_USER_RID_ADMIN
SAM_ACCOUNT *sam_account = NULL;
GROUP_MAP map;
- sid_peek_rid(sid, &rid);
+ if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
+ DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
+ sid_string_static(&map.sid)));
+ return False;
+ }
*psid_name_use = SID_NAME_UNKNOWN;
DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid));
if (rid == DOMAIN_USER_RID_ADMIN) {
- char **admin_list = lp_admin_users(-1);
+ const char **admin_list = lp_admin_users(-1);
*psid_name_use = SID_NAME_USER;
if (admin_list) {
- char *p = *admin_list;
+ const char *p = *admin_list;
if(!next_token(&p, name, NULL, sizeof(fstring)))
fstrcpy(name, "Administrator");
} else {
fstrcpy(name, "Administrator");
}
return True;
-
- } else if (rid == DOMAIN_USER_RID_GUEST) {
- char *p = lp_guestaccount();
- *psid_name_use = SID_NAME_USER;
- if(!next_token(&p, name, NULL, sizeof(fstring)))
- fstrcpy(name, "Guest");
- return True;
-
}
/*
}
/* This now does the 'generic' mapping in pdb_unix */
- if (pdb_getsampwrid(sam_account, rid)) {
+ /* 'guest' is also handled there */
+ if (pdb_getsampwsid(sam_account, sid)) {
fstrcpy(name, pdb_get_username(sam_account));
*psid_name_use = SID_NAME_USER;
pdb_free_sam(&sam_account);
- if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
} else {
fstrcpy(user, c_user);
- sid_copy(&local_sid, &global_sam_sid);
+ sid_copy(&local_sid, get_global_sam_sid());
/*
* Special case for MACHINE\Everyone. Map to the world_sid.
}
if (pdb_getsampwnam(sam_account, user)) {
- sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
+ sid_copy(psid, pdb_get_user_sid(sam_account));
*psid_name_use = SID_NAME_USER;
- sid_copy( psid, &local_sid);
pdb_free_sam(&sam_account);
return True;
}
*/
/* check if it's a mapped group */
- if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
- if (map.gid!=-1) {
- /* yes it's a mapped group to a valid unix group */
- sid_copy(&local_sid, &map.sid);
- *psid_name_use = map.sid_name_use;
- }
- else {
- /* it's a correct name but not mapped so it points to nothing*/
- return False;
- }
+ if (pdb_getgrnam(&map, user, MAPPING_WITHOUT_PRIV)) {
+ /* yes it's a mapped group */
+ sid_copy(&local_sid, &map.sid);
+ *psid_name_use = map.sid_name_use;
} else {
/* it's not a mapped group */
grp = getgrnam(user);
* JFM, 30/11/2001
*/
- if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
+ if (pdb_getgrgid(&map, grp->gr_gid, MAPPING_WITHOUT_PRIV)){
return False;
}
DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
- extern DOM_SID global_sam_sid;
struct passwd *pass;
SAM_ACCOUNT *sam_user = NULL;
fstring str; /* sid string buffer */
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
if((pass = getpwuid_alloc(uid))) {
}
if (pdb_getsampwnam(sam_user, pass->pw_name)) {
- sid_append_rid(psid, pdb_get_user_rid(sam_user));
+ sid_copy(psid, pdb_get_user_sid(sam_user));
+ } else if (strcmp(pass->pw_name, lp_guestaccount()) == 0) {
+ sid_append_rid(psid, DOMAIN_USER_RID_GUEST);
} else {
sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
}
Convert a SID to uid - locally.
****************************************************************************/
-BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- extern DOM_SID global_sam_sid;
-
- DOM_SID dom_sid;
- uint32 rid;
fstring str;
SAM_ACCOUNT *sam_user = NULL;
*name_type = SID_NAME_UNKNOWN;
- sid_copy(&dom_sid, psid);
- sid_split_rid(&dom_sid, &rid);
-
- /*
- * We can only convert to a uid if this is our local
- * Domain SID (ie. we are the controling authority).
- */
- if (!sid_equal(&global_sam_sid, &dom_sid))
- return False;
-
if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
return False;
- if (pdb_getsampwrid(sam_user, rid)) {
- *puid = pdb_get_uid(sam_user);
- if (*puid == -1) {
+ if (pdb_getsampwsid(sam_user, psid)) {
+
+ if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
pdb_free_sam(&sam_user);
return False;
}
+
+ *puid = pdb_get_uid(sam_user);
+
DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
(unsigned int)*puid, pdb_get_username(sam_user)));
- } else {
- DEBUG(5,("local_sid_to_uid: SID %s not mapped becouse RID was not found in passdb.\n", sid_to_string( str, psid)));
pdb_free_sam(&sam_user);
- return False;
+ } else {
+
+ DOM_SID dom_sid;
+ uint32 rid;
+ GROUP_MAP map;
+
+ pdb_free_sam(&sam_user);
+
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+ DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
+ /* It's a group, not a user... */
+ return False;
+ }
+
+ sid_copy(&dom_sid, psid);
+ if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
+ return False;
+ }
+
+ if (!pdb_rid_is_user(rid)) {
+ DEBUG(3, ("local_sid_to_uid: sid '%s' cannot be mapped to a uid algorithmicly becouse it is a group\n", sid_to_string(str, psid)));
+ return False;
+ }
+
+ *puid = fallback_pdb_user_rid_to_uid(rid);
+
+ DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
+ sid_to_string(str, psid), (signed long int)(*puid)));
}
- pdb_free_sam(&sam_user);
*name_type = SID_NAME_USER;
DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
{
- extern DOM_SID global_sam_sid;
GROUP_MAP map;
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
- if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
}
else {
Convert a SID to gid - locally.
****************************************************************************/
-BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- extern DOM_SID global_sam_sid;
- DOM_SID dom_sid;
- uint32 rid;
fstring str;
GROUP_MAP map;
*name_type = SID_NAME_UNKNOWN;
- sid_copy(&dom_sid, psid);
- sid_split_rid(&dom_sid, &rid);
-
/*
* We can only convert to a gid if this is our local
* Domain SID (ie. we are the controling authority).
* Or in the Builtin SID too. JFM, 11/30/2001
*/
- if (!sid_equal(&global_sam_sid, &dom_sid))
- return False;
-
- if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
/* the SID is in the mapping table but not mapped */
if (map.gid==-1)
return False;
- sid_peek_rid(&map.sid, &rid);
*pgid = map.gid;
*name_type = map.sid_name_use;
- DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid),
+ DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n",
+ sid_to_string( str, psid),
map.nt_name, (unsigned int)*pgid));
} else {
- if (pdb_rid_is_user(rid))
+ uint32 rid;
+ SAM_ACCOUNT *sam_user = NULL;
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return False;
+
+ if (pdb_getsampwsid(sam_user, psid)) {
+ return False;
+ pdb_free_sam(&sam_user);
+ }
+
+ pdb_free_sam(&sam_user);
+
+ if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
return False;
+ }
+ if (pdb_rid_is_user(rid))
+ return False;
+
*pgid = pdb_group_rid_to_gid(rid);
*name_type = SID_NAME_ALIAS;
DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid),
(unsigned int)*pgid));
}
-
+
return True;
}
static pstring convert_buffer;
*convert_buffer = 0;
if (!from) {
- return convert_buffer;
+ return NULL;
}
unistr2_to_ascii(convert_buffer, from, sizeof(pstring));
return convert_buffer;
}
-/*************************************************************
- Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
- **************************************************************/
-
-void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
-{
-
- if (from == NULL || to == NULL)
- return;
-
- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
- pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
- pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
-
- pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
-
- if (from->uni_user_name.buffer)
- pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
- if (from->uni_full_name.buffer)
- pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
- if (from->uni_home_dir.buffer)
- pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
- if (from->uni_dir_drive.buffer)
- pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
- if (from->uni_logon_script.buffer)
- pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
- if (from->uni_profile_path.buffer)
- pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
- if (from->uni_acct_desc.buffer)
- pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
- if (from->uni_workstations.buffer)
- pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
- if (from->uni_unknown_str.buffer)
- pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
- if (from->uni_munged_dial.buffer)
- pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
-
- if (from->user_rid)
- pdb_set_user_rid(to, from->user_rid);
- if (from->group_rid)
- pdb_set_group_rid(to, from->group_rid);
-
- pdb_set_acct_ctrl(to, from->acb_info);
- pdb_set_unknown_3(to, from->unknown_3);
-
- pdb_set_logon_divs(to, from->logon_divs);
- pdb_set_hours_len(to, from->logon_hrs.len);
- pdb_set_hours(to, from->logon_hrs.hours);
-
- pdb_set_unknown_5(to, from->unknown_5);
- pdb_set_unknown_6(to, from->unknown_6);
-}
-
-
-/*************************************************************
- Copies a sam passwd.
- **************************************************************/
-
-void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
-{
- if (from == NULL || to == NULL)
- return;
-
- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
- pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
- pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
-
- pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
-
- if (from->uni_user_name.buffer)
- pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
- if (from->uni_full_name.buffer)
- pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
- if (from->uni_home_dir.buffer)
- pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
- if (from->uni_dir_drive.buffer)
- pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
- if (from->uni_logon_script.buffer)
- pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
- if (from->uni_profile_path.buffer)
- pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
- if (from->uni_acct_desc.buffer)
- pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
- if (from->uni_workstations.buffer)
- pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
- if (from->uni_unknown_str.buffer)
- pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
- if (from->uni_munged_dial.buffer)
- pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
-
- if (from->user_rid)
- pdb_set_user_rid(to, from->user_rid);
- if (from->group_rid)
- pdb_set_group_rid(to, from->group_rid);
-
- /* FIXME!! Do we need to copy the passwords here as well?
- I don't know. Need to figure this out --jerry */
-
- /* Passwords dealt with in caller --abartlet */
-
- pdb_set_acct_ctrl(to, from->acb_info);
- pdb_set_unknown_3(to, from->unknown_3);
-
- pdb_set_logon_divs(to, from->logon_divs);
- pdb_set_hours_len(to, from->logon_hrs.len);
- pdb_set_hours(to, from->logon_hrs.hours);
-
- pdb_set_unknown_5(to, from->unknown_5);
- pdb_set_unknown_6(to, from->unknown_6);
-}
-
-
/*************************************************************
Change a password entry in the local smbpasswd file.
{
struct passwd *pwd = NULL;
SAM_ACCOUNT *sam_pass=NULL;
+ uint16 other_acb;
*err_str = '\0';
*msg_str = '\0';
return False;
}
- if (!pdb_set_username(sam_pass, user_name)) {
+ if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
}
- if (local_flags & LOCAL_TRUST_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- } else {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
- }
-
} else {
/* the entry already existed */
local_flags &= ~LOCAL_ADD_USER;
}
+ /* the 'other' acb bits not being changed here */
+ other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
+ if (local_flags & LOCAL_TRUST_ACCOUNT) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ } else {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ }
+
/*
* We are root - just write the new password
* and the valid last change time.
*/
if (local_flags & LOCAL_DISABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
if (local_flags & LOCAL_SET_NO_PASSWORD) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
* don't create them disabled). JRA.
*/
if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
}
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;