2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Jeremy Allison 1996-2001
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
7 Copyright (C) Gerald (Jerry) Carter 2000-2001
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 * This is set on startup - it defines the SID for this
28 * machine, and therefore the SAM database for which it is
32 extern DOM_SID global_sam_sid
;
34 struct passdb_ops
*pdb_ops
;
37 static void* pdb_handle
= NULL
;
40 /***************************************************************
41 Initialize the password db operations.
42 ***************************************************************/
44 BOOL
initialize_password_db(BOOL reload
)
47 * This function is unfinished right now, so just
48 * ignore the details and always return True. It
49 * is here only as a placeholder --jerry
55 /*************************************************************
56 Initialises a struct sam_disp_info.
57 **************************************************************/
59 static void pdb_init_dispinfo(struct sam_disp_info
*user
)
67 /************************************************************
68 Fill the SAM_ACCOUNT with default values.
69 ***********************************************************/
71 static BOOL
pdb_fill_default_sam(SAM_ACCOUNT
*user
)
74 DEBUG(0,("pdb_fill_default_sam: SAM_ACCOUNT was NULL\n"));
80 user
->init_flag
= FLAG_SAM_UNINIT
;
81 user
->uid
= user
->gid
= -1;
82 user
->logon_time
= (time_t)0;
83 user
->pass_last_set_time
= (time_t)0;
84 user
->pass_can_change_time
= (time_t)0;
87 user
->pass_must_change_time
= get_time_t_max(); /* Password never expires. */
89 user
->unknown_3
= 0x00ffffff; /* don't know */
90 user
->logon_divs
= 168; /* hours per week */
91 user
->hours_len
= 21; /* 21 times 8 bits = 168 */
92 memset(user
->hours
, 0xff, user
->hours_len
); /* available at all hours */
93 user
->unknown_5
= 0x00000000; /* don't know */
94 user
->unknown_6
= 0x000004ec; /* don't know */
99 /*************************************************************
100 Alloc memory and initialises a struct sam_passwd.
101 ************************************************************/
103 BOOL
pdb_init_sam(SAM_ACCOUNT
**user
)
106 DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n"));
108 smb_panic("NULL pointer passed to pdb_init_sam\n");
113 *user
=(SAM_ACCOUNT
*)malloc(sizeof(SAM_ACCOUNT
));
116 DEBUG(0,("pdb_init_sam: error while allocating memory\n"));
120 pdb_fill_default_sam(*user
);
126 /*************************************************************
127 Initialises a struct sam_passwd with sane values.
128 ************************************************************/
130 BOOL
pdb_init_sam_pw(SAM_ACCOUNT
**new_sam_acct
, struct passwd
*pwd
)
137 if (!pdb_init_sam(new_sam_acct
)) {
143 pdb_set_username(*new_sam_acct
, pwd
->pw_name
);
144 pdb_set_fullname(*new_sam_acct
, pwd
->pw_gecos
);
145 pdb_set_uid(*new_sam_acct
, pwd
->pw_uid
);
146 pdb_set_gid(*new_sam_acct
, pwd
->pw_gid
);
147 pdb_set_profile_path(*new_sam_acct
, lp_logon_path(), False
);
148 pdb_set_homedir(*new_sam_acct
, lp_logon_home(), False
);
149 pdb_set_dir_drive(*new_sam_acct
, lp_logon_drive(), False
);
150 pdb_set_logon_script(*new_sam_acct
, lp_logon_script(), False
);
155 /************************************************************
156 Free the NT/LM hashes only.
157 ***********************************************************/
159 static BOOL
pdb_free_sam_contents(SAM_ACCOUNT
*user
)
162 DEBUG(0,("pdb_free_sam_contents: SAM_ACCOUNT was NULL\n"));
164 smb_panic("NULL pointer passed to pdb_free_sam\n");
169 /* As we start mallocing more strings this is where
170 we should free them. */
172 SAFE_FREE(user
->nt_pw
);
173 SAFE_FREE(user
->lm_pw
);
179 /************************************************************
180 Reset the SAM_ACCOUNT and free the NT/LM hashes.
181 - note: they are not zero'ed out however.
182 ***********************************************************/
184 BOOL
pdb_reset_sam(SAM_ACCOUNT
*user
)
187 DEBUG(0,("pdb_reset_sam: SAM_ACCOUNT was NULL\n"));
191 if (!pdb_free_sam_contents(user
)) {
195 if (!pdb_fill_default_sam(user
)) {
203 /************************************************************
204 Free the SAM_ACCOUNT and the NT/LM hashes.
205 ***********************************************************/
207 BOOL
pdb_free_sam(SAM_ACCOUNT
*user
)
210 DEBUG(0,("pdb_free_sam: SAM_ACCOUNT was NULL\n"));
212 smb_panic("NULL pointer passed to pdb_free_sam\n");
217 if (!pdb_free_sam_contents(user
)) {
227 /*************************************************************************
228 Routine to return the next entry in the sam passwd list.
229 *************************************************************************/
231 struct sam_disp_info
*pdb_sam_to_dispinfo(SAM_ACCOUNT
*user
)
233 static struct sam_disp_info disp_info
;
238 pdb_init_dispinfo(&disp_info
);
240 disp_info
.smb_name
= user
->username
;
241 disp_info
.full_name
= user
->full_name
;
242 disp_info
.user_rid
= user
->user_rid
;
247 /**********************************************************
248 Encode the account control bits into a string.
249 length = length of string to encode into (including terminating
250 null). length *MUST BE MORE THAN 2* !
251 **********************************************************/
253 char *pdb_encode_acct_ctrl(uint16 acct_ctrl
, size_t length
)
255 static fstring acct_str
;
260 if (acct_ctrl
& ACB_PWNOTREQ
) acct_str
[i
++] = 'N';
261 if (acct_ctrl
& ACB_DISABLED
) acct_str
[i
++] = 'D';
262 if (acct_ctrl
& ACB_HOMDIRREQ
) acct_str
[i
++] = 'H';
263 if (acct_ctrl
& ACB_TEMPDUP
) acct_str
[i
++] = 'T';
264 if (acct_ctrl
& ACB_NORMAL
) acct_str
[i
++] = 'U';
265 if (acct_ctrl
& ACB_MNS
) acct_str
[i
++] = 'M';
266 if (acct_ctrl
& ACB_WSTRUST
) acct_str
[i
++] = 'W';
267 if (acct_ctrl
& ACB_SVRTRUST
) acct_str
[i
++] = 'S';
268 if (acct_ctrl
& ACB_AUTOLOCK
) acct_str
[i
++] = 'L';
269 if (acct_ctrl
& ACB_PWNOEXP
) acct_str
[i
++] = 'X';
270 if (acct_ctrl
& ACB_DOMTRUST
) acct_str
[i
++] = 'I';
272 for ( ; i
< length
- 2 ; i
++ )
277 acct_str
[i
++] = '\0';
282 /**********************************************************
283 Decode the account control bits from a string.
284 **********************************************************/
286 uint16
pdb_decode_acct_ctrl(const char *p
)
288 uint16 acct_ctrl
= 0;
289 BOOL finished
= False
;
292 * Check if the account type bits have been encoded after the
293 * NT password (in the form [NDHTUWSLXI]).
299 for (p
++; *p
&& !finished
; p
++) {
301 case 'N': { acct_ctrl
|= ACB_PWNOTREQ
; break; /* 'N'o password. */ }
302 case 'D': { acct_ctrl
|= ACB_DISABLED
; break; /* 'D'isabled. */ }
303 case 'H': { acct_ctrl
|= ACB_HOMDIRREQ
; break; /* 'H'omedir required. */ }
304 case 'T': { acct_ctrl
|= ACB_TEMPDUP
; break; /* 'T'emp account. */ }
305 case 'U': { acct_ctrl
|= ACB_NORMAL
; break; /* 'U'ser account (normal). */ }
306 case 'M': { acct_ctrl
|= ACB_MNS
; break; /* 'M'NS logon user account. What is this ? */ }
307 case 'W': { acct_ctrl
|= ACB_WSTRUST
; break; /* 'W'orkstation account. */ }
308 case 'S': { acct_ctrl
|= ACB_SVRTRUST
; break; /* 'S'erver account. */ }
309 case 'L': { acct_ctrl
|= ACB_AUTOLOCK
; break; /* 'L'ocked account. */ }
310 case 'X': { acct_ctrl
|= ACB_PWNOEXP
; break; /* No 'X'piry on password */ }
311 case 'I': { acct_ctrl
|= ACB_DOMTRUST
; break; /* 'I'nterdomain trust account. */ }
317 default: { finished
= True
; }
324 /*************************************************************
325 Routine to set 32 hex password characters from a 16 byte array.
326 **************************************************************/
328 void pdb_sethexpwd(char *p
, unsigned char *pwd
, uint16 acct_ctrl
)
332 for (i
= 0; i
< 16; i
++)
333 slprintf(&p
[i
*2], 3, "%02X", pwd
[i
]);
335 if (acct_ctrl
& ACB_PWNOTREQ
)
336 safe_strcpy(p
, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
338 safe_strcpy(p
, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
342 /*************************************************************
343 Routine to get the 32 hex characters and turn them
344 into a 16 byte array.
345 **************************************************************/
347 BOOL
pdb_gethexpwd(char *p
, unsigned char *pwd
)
350 unsigned char lonybble
, hinybble
;
351 char *hexchars
= "0123456789ABCDEF";
357 for (i
= 0; i
< 32; i
+= 2) {
358 hinybble
= toupper(p
[i
]);
359 lonybble
= toupper(p
[i
+ 1]);
361 p1
= strchr(hexchars
, hinybble
);
362 p2
= strchr(hexchars
, lonybble
);
367 hinybble
= PTR_DIFF(p1
, hexchars
);
368 lonybble
= PTR_DIFF(p2
, hexchars
);
370 pwd
[i
/ 2] = (hinybble
<< 4) | lonybble
;
375 /*******************************************************************
376 Group and User RID username mapping function
377 ********************************************************************/
379 BOOL
pdb_name_to_rid(char *user_name
, uint32
*u_rid
, uint32
*g_rid
)
381 struct passwd
*pw
= Get_Pwnam(user_name
, False
);
383 if (u_rid
== NULL
|| g_rid
== NULL
|| user_name
== NULL
)
387 DEBUG(1,("Username %s is invalid on this system\n", user_name
));
391 /* turn the unix UID into a Domain RID. this is what the posix
392 sub-system does (adds 1000 to the uid) */
393 *u_rid
= pdb_uid_to_user_rid(pw
->pw_uid
);
395 /* absolutely no idea what to do about the unix GID to Domain RID mapping */
396 *g_rid
= pdb_gid_to_group_rid(pw
->pw_gid
);
401 /*******************************************************************
402 Converts NT user RID to a UNIX uid.
403 ********************************************************************/
405 uid_t
pdb_user_rid_to_uid(uint32 user_rid
)
407 return (uid_t
)(((user_rid
& (~USER_RID_TYPE
))- 1000)/RID_MULTIPLIER
);
410 /*******************************************************************
411 Converts NT user RID to a UNIX gid.
412 ********************************************************************/
414 gid_t
pdb_user_rid_to_gid(uint32 user_rid
)
416 return (uid_t
)(((user_rid
& (~GROUP_RID_TYPE
))- 1000)/RID_MULTIPLIER
);
419 /*******************************************************************
420 converts UNIX uid to an NT User RID.
421 ********************************************************************/
423 uint32
pdb_uid_to_user_rid(uid_t uid
)
425 return (((((uint32
)uid
)*RID_MULTIPLIER
) + 1000) | USER_RID_TYPE
);
428 /*******************************************************************
429 converts NT Group RID to a UNIX uid.
430 ********************************************************************/
432 uint32
pdb_gid_to_group_rid(gid_t gid
)
434 return (((((uint32
)gid
)*RID_MULTIPLIER
) + 1000) | GROUP_RID_TYPE
);
437 /*******************************************************************
438 Decides if a RID is a well known RID.
439 ********************************************************************/
441 static BOOL
pdb_rid_is_well_known(uint32 rid
)
446 /*******************************************************************
447 Decides if a RID is a user or group RID.
448 ********************************************************************/
450 BOOL
pdb_rid_is_user(uint32 rid
)
452 /* lkcl i understand that NT attaches an enumeration to a RID
453 * such that it can be identified as either a user, group etc
454 * type. there are 5 such categories, and they are documented.
456 if(pdb_rid_is_well_known(rid
)) {
458 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
459 * and DOMAIN_USER_RID_GUEST.
461 if(rid
== DOMAIN_USER_RID_ADMIN
|| rid
== DOMAIN_USER_RID_GUEST
)
463 } else if((rid
& RID_TYPE_MASK
) == USER_RID_TYPE
) {
469 /*******************************************************************
470 Convert a rid into a name. Used in the lookup SID rpc.
471 ********************************************************************/
473 BOOL
local_lookup_rid(uint32 rid
, char *name
, enum SID_NAME_USE
*psid_name_use
)
475 BOOL is_user
= pdb_rid_is_user(rid
);
477 *psid_name_use
= SID_NAME_UNKNOWN
;
479 DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user
? "user" :
480 "group", (unsigned int)rid
));
483 if(rid
== DOMAIN_USER_RID_ADMIN
) {
484 char *p
= lp_admin_users(-1);
485 *psid_name_use
= SID_NAME_USER
;
486 if(!next_token(&p
, name
, NULL
, sizeof(fstring
)))
487 fstrcpy(name
, "Administrator");
488 } else if (rid
== DOMAIN_USER_RID_GUEST
) {
489 char *p
= lp_guestaccount(-1);
490 *psid_name_use
= SID_NAME_USER
;
491 if(!next_token(&p
, name
, NULL
, sizeof(fstring
)))
492 fstrcpy(name
, "Guest");
498 * Don't try to convert the rid to a name if
499 * running in appliance mode
501 if (lp_hide_local_users())
504 uid
= pdb_user_rid_to_uid(rid
);
505 pass
= sys_getpwuid(uid
);
507 *psid_name_use
= SID_NAME_USER
;
509 DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid
,
510 pass
? "succeeded" : "failed" ));
513 slprintf(name
, sizeof(fstring
)-1, "unix_user.%u", (unsigned int)uid
);
517 fstrcpy(name
, pass
->pw_name
);
519 DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name
,
520 (unsigned int)rid
));
528 * Don't try to convert the rid to a name if running
532 if (lp_hide_local_users())
535 gid
= pdb_user_rid_to_gid(rid
);
538 *psid_name_use
= SID_NAME_ALIAS
;
540 DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid
,
541 gr
? "succeeded" : "failed" ));
545 case DOMAIN_GROUP_RID_ADMINS
:
546 fstrcpy(name
, "Domain Admins");
548 case DOMAIN_GROUP_RID_USERS
:
549 fstrcpy(name
, "Domain Users");
551 case DOMAIN_GROUP_RID_GUESTS
:
552 fstrcpy(name
, "Domain Guests");
554 case BUILTIN_ALIAS_RID_USERS
:
555 fstrcpy(name
, "Users");
558 slprintf(name
, sizeof(fstring
)-1, "unix_group.%u", (unsigned int)gid
);
562 fstrcpy( name
, gr
->gr_name
);
564 DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name
,
565 (unsigned int)rid
));
571 /*******************************************************************
572 Convert a name into a SID. Used in the lookup name rpc.
573 ********************************************************************/
575 BOOL
local_lookup_name(const char *c_domain
, const char *c_user
, DOM_SID
*psid
, enum SID_NAME_USE
*psid_name_use
)
577 extern DOM_SID global_sid_World_Domain
;
578 struct passwd
*pass
= NULL
;
583 *psid_name_use
= SID_NAME_UNKNOWN
;
586 * domain and user may be quoted const strings, and map_username and
587 * friends can modify them. Make a modifiable copy. JRA.
590 fstrcpy(domain
, c_domain
);
591 fstrcpy(user
, c_user
);
593 sid_copy(&local_sid
, &global_sam_sid
);
596 * Special case for MACHINE\Everyone. Map to the world_sid.
599 if(strequal(user
, "Everyone")) {
600 sid_copy( psid
, &global_sid_World_Domain
);
601 sid_append_rid(psid
, 0);
602 *psid_name_use
= SID_NAME_ALIAS
;
607 * Don't lookup local unix users if running in appliance mode
609 if (lp_hide_local_users())
612 (void)map_username(user
);
614 if((pass
= Get_Pwnam(user
, False
))) {
615 sid_append_rid( &local_sid
, pdb_uid_to_user_rid(pass
->pw_uid
));
616 *psid_name_use
= SID_NAME_USER
;
619 * Maybe it was a group ?
621 struct group
*grp
= getgrnam(user
);
626 sid_append_rid( &local_sid
, pdb_gid_to_group_rid(grp
->gr_gid
));
627 *psid_name_use
= SID_NAME_ALIAS
;
630 sid_copy( psid
, &local_sid
);
635 /****************************************************************************
636 Convert a uid to SID - locally.
637 ****************************************************************************/
639 DOM_SID
*local_uid_to_sid(DOM_SID
*psid
, uid_t uid
)
641 extern DOM_SID global_sam_sid
;
643 sid_copy(psid
, &global_sam_sid
);
644 sid_append_rid(psid
, pdb_uid_to_user_rid(uid
));
649 /****************************************************************************
650 Convert a SID to uid - locally.
651 ****************************************************************************/
653 BOOL
local_sid_to_uid(uid_t
*puid
, DOM_SID
*psid
, enum SID_NAME_USE
*name_type
)
655 extern DOM_SID global_sam_sid
;
662 *name_type
= SID_NAME_UNKNOWN
;
664 sid_copy(&dom_sid
, psid
);
665 sid_split_rid(&dom_sid
, &rid
);
667 if (!pdb_rid_is_user(rid
))
671 * We can only convert to a uid if this is our local
672 * Domain SID (ie. we are the controling authority).
674 if (!sid_equal(&global_sam_sid
, &dom_sid
))
677 *puid
= pdb_user_rid_to_uid(rid
);
680 * Ensure this uid really does exist.
682 if(!(pass
= sys_getpwuid(*puid
)))
685 DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str
, psid
),
686 (unsigned int)*puid
, pass
->pw_name
));
688 *name_type
= SID_NAME_USER
;
692 /****************************************************************************
693 Convert a gid to SID - locally.
694 ****************************************************************************/
696 DOM_SID
*local_gid_to_sid(DOM_SID
*psid
, gid_t gid
)
698 extern DOM_SID global_sam_sid
;
700 sid_copy(psid
, &global_sam_sid
);
701 sid_append_rid(psid
, pdb_gid_to_group_rid(gid
));
706 /****************************************************************************
707 Convert a SID to gid - locally.
708 ****************************************************************************/
710 BOOL
local_sid_to_gid(gid_t
*pgid
, DOM_SID
*psid
, enum SID_NAME_USE
*name_type
)
712 extern DOM_SID global_sam_sid
;
718 *name_type
= SID_NAME_UNKNOWN
;
720 sid_copy(&dom_sid
, psid
);
721 sid_split_rid(&dom_sid
, &rid
);
724 * We can only convert to a gid if this is our local
725 * Domain SID (ie. we are the controling authority).
728 if (!sid_equal(&global_sam_sid
, &dom_sid
))
731 if (pdb_rid_is_user(rid
))
734 *pgid
= pdb_user_rid_to_gid(rid
);
737 * Ensure this gid really does exist.
740 if(!(grp
= getgrgid(*pgid
)))
743 *name_type
= SID_NAME_ALIAS
;
745 DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str
, psid
),
746 (unsigned int)*pgid
, grp
->gr_name
));
751 static void select_name(pstring string
, const UNISTR2
*from
)
753 if (from
->buffer
!= 0)
754 unistr2_to_dos(string
, from
, sizeof(pstring
));
757 /*************************************************************
758 Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
759 **************************************************************/
761 void copy_id23_to_sam_passwd(SAM_ACCOUNT
*to
, SAM_USER_INFO_23
*from
)
764 if (from
== NULL
|| to
== NULL
)
767 to
->logon_time
= nt_time_to_unix(&from
->logon_time
);
768 to
->logoff_time
= nt_time_to_unix(&from
->logoff_time
);
769 to
->kickoff_time
= nt_time_to_unix(&from
->kickoff_time
);
770 to
->pass_last_set_time
= nt_time_to_unix(&from
->pass_last_set_time
);
771 to
->pass_can_change_time
= nt_time_to_unix(&from
->pass_can_change_time
);
772 to
->pass_must_change_time
= nt_time_to_unix(&from
->pass_must_change_time
);
774 select_name(to
->username
, &from
->uni_user_name
);
775 select_name(to
->full_name
, &from
->uni_full_name
);
776 select_name(to
->home_dir
, &from
->uni_home_dir
);
777 select_name(to
->dir_drive
, &from
->uni_dir_drive
);
778 select_name(to
->logon_script
, &from
->uni_logon_script
);
779 select_name(to
->profile_path
, &from
->uni_profile_path
);
780 select_name(to
->acct_desc
, &from
->uni_acct_desc
);
781 select_name(to
->workstations
, &from
->uni_workstations
);
782 select_name(to
->unknown_str
, &from
->uni_unknown_str
);
783 select_name(to
->munged_dial
, &from
->uni_munged_dial
);
785 to
->user_rid
= from
->user_rid
;
786 to
->group_rid
= from
->group_rid
;
788 to
->acct_ctrl
= from
->acb_info
;
789 to
->unknown_3
= from
->unknown_3
;
791 to
->logon_divs
= from
->logon_divs
;
792 to
->hours_len
= from
->logon_hrs
.len
;
793 memcpy(to
->hours
, from
->logon_hrs
.hours
, MAX_HOURS_LEN
);
795 to
->unknown_5
= from
->unknown_5
;
796 to
->unknown_6
= from
->unknown_6
;
799 /*************************************************************
801 **************************************************************/
803 void copy_id21_to_sam_passwd(SAM_ACCOUNT
*to
, SAM_USER_INFO_21
*from
)
805 if (from
== NULL
|| to
== NULL
)
808 to
->logon_time
= nt_time_to_unix(&from
->logon_time
);
809 to
->logoff_time
= nt_time_to_unix(&from
->logoff_time
);
810 to
->kickoff_time
= nt_time_to_unix(&from
->kickoff_time
);
811 to
->pass_last_set_time
= nt_time_to_unix(&from
->pass_last_set_time
);
812 to
->pass_can_change_time
= nt_time_to_unix(&from
->pass_can_change_time
);
813 to
->pass_must_change_time
= nt_time_to_unix(&from
->pass_must_change_time
);
815 select_name(to
->username
, &from
->uni_user_name
);
816 select_name(to
->full_name
, &from
->uni_full_name
);
817 select_name(to
->home_dir
, &from
->uni_home_dir
);
818 select_name(to
->dir_drive
, &from
->uni_dir_drive
);
819 select_name(to
->logon_script
, &from
->uni_logon_script
);
820 select_name(to
->profile_path
, &from
->uni_profile_path
);
821 select_name(to
->acct_desc
, &from
->uni_acct_desc
);
822 select_name(to
->workstations
, &from
->uni_workstations
);
823 select_name(to
->unknown_str
, &from
->uni_unknown_str
);
824 select_name(to
->munged_dial
, &from
->uni_munged_dial
);
826 to
->user_rid
= from
->user_rid
;
827 to
->group_rid
= from
->group_rid
;
829 /* FIXME!! Do we need to copy the passwords here as well?
830 I don't know. Need to figure this out --jerry */
832 to
->acct_ctrl
= from
->acb_info
;
833 to
->unknown_3
= from
->unknown_3
;
835 to
->logon_divs
= from
->logon_divs
;
836 to
->hours_len
= from
->logon_hrs
.len
;
837 memcpy(to
->hours
, from
->logon_hrs
.hours
, MAX_HOURS_LEN
);
839 to
->unknown_5
= from
->unknown_5
;
840 to
->unknown_6
= from
->unknown_6
;
844 /*************************************************************
845 Copies a SAM_ACCOUNT.
846 FIXME!!!! This is broken as SAM_ACCOUNT contains two
848 **************************************************************/
850 void copy_sam_passwd(SAM_ACCOUNT
*to
, const SAM_ACCOUNT
*from
)
855 memcpy(to
, from
, sizeof(SAM_ACCOUNT
));
861 /*************************************************************
862 Change a password entry in the local smbpasswd file.
864 FIXME!! The function needs to be abstracted into the
865 passdb interface or something. It is currently being called
866 by _api_samr_create_user() in rpc_server/srv_samr.c
869 *************************************************************/
871 BOOL
local_password_change(char *user_name
, int local_flags
,
873 char *err_str
, size_t err_str_len
,
874 char *msg_str
, size_t msg_str_len
)
876 struct passwd
*pwd
= NULL
;
877 SAM_ACCOUNT
*sam_pass
=NULL
;
882 if (local_flags
& LOCAL_ADD_USER
) {
885 * Check for a local account - if we're adding only.
888 if(!(pwd
= sys_getpwnam(user_name
))) {
889 slprintf(err_str
, err_str_len
- 1, "User %s does not \
890 exist in system password file (usually /etc/passwd). Cannot add \
891 account without a valid local system user.\n", user_name
);
896 /* Get the smb passwd entry for this user */
897 pdb_init_sam(&sam_pass
);
898 if(local_flags
& LOCAL_DELETE_USER
) {
899 if (!pdb_delete_sam_account(user_name
)) {
900 slprintf(err_str
,err_str_len
-1, "Failed to delete entry for user %s.\n", user_name
);
901 pdb_free_sam(sam_pass
);
904 slprintf(msg_str
, msg_str_len
-1, "Deleted user %s.\n", user_name
);
905 pdb_free_sam(sam_pass
);
908 if(!pdb_getsampwnam(sam_pass
, user_name
)) {
909 pdb_free_sam(sam_pass
);
911 if(!(local_flags
& LOCAL_ADD_USER
)) {
912 slprintf(err_str
, err_str_len
-1,"Failed to find entry for user %s.\n", user_name
);
917 if (!pdb_init_sam_pw(&sam_pass
, sys_getpwnam(user_name
))) {
921 /* Set account flags. Note that the default is non-expiring accounts */
922 pdb_set_acct_ctrl(sam_pass
,(local_flags
& LOCAL_TRUST_ACCOUNT
) ? ACB_WSTRUST
: ACB_NORMAL
|ACB_PWNOEXP
);
924 if (local_flags
& LOCAL_DISABLE_USER
)
925 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_DISABLED
);
927 if (local_flags
& LOCAL_SET_NO_PASSWORD
) {
928 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_PWNOTREQ
);
930 /* set the passwords here. if we get to here it means
931 we have a valid, active account */
932 if (!pdb_set_plaintext_passwd (sam_pass
, new_passwd
)) {
933 pdb_free_sam(sam_pass
);
938 /* Remember to set the "last changed time". */
939 pdb_set_pass_last_set_time(sam_pass
, time(NULL
));
941 if (pdb_add_sam_account(sam_pass
)) {
942 slprintf(msg_str
, msg_str_len
-1, "Added user %s.\n", user_name
);
943 pdb_free_sam(sam_pass
);
946 slprintf(err_str
, err_str_len
-1, "Failed to add entry for user %s.\n", user_name
);
947 pdb_free_sam(sam_pass
);
951 /* the entry already existed */
952 local_flags
&= ~LOCAL_ADD_USER
;
953 slprintf(msg_str
, msg_str_len
-1, "Password changed for user %s.\n", user_name
);
957 * We are root - just write the new password
958 * and the valid last change time.
961 if(local_flags
& LOCAL_DISABLE_USER
) {
962 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_DISABLED
);
963 } else if (local_flags
& LOCAL_ENABLE_USER
) {
964 if(pdb_get_lanman_passwd(sam_pass
) == NULL
) {
965 if (!pdb_set_plaintext_passwd (sam_pass
, new_passwd
)) {
966 pdb_free_sam(sam_pass
);
970 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_DISABLED
));
971 } else if (local_flags
& LOCAL_SET_NO_PASSWORD
) {
972 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_PWNOTREQ
);
973 /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
974 if (!pdb_set_lanman_passwd (sam_pass
, NULL
)) {
975 pdb_free_sam(sam_pass
);
978 if (!pdb_set_nt_passwd(sam_pass
, NULL
)) {
979 pdb_free_sam(sam_pass
);
984 * If we're dealing with setting a completely empty user account
985 * ie. One with a password of 'XXXX', but not set disabled (like
986 * an account created from scratch) then if the old password was
987 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
988 * We remove that as we're giving this user their first password
989 * and the decision hasn't really been made to disable them (ie.
990 * don't create them disabled). JRA.
992 if ((pdb_get_lanman_passwd(sam_pass
)==NULL
) && (pdb_get_acct_ctrl(sam_pass
)&ACB_DISABLED
))
993 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_DISABLED
));
994 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_PWNOTREQ
));
995 if (!pdb_set_plaintext_passwd (sam_pass
, new_passwd
)) {
996 pdb_free_sam(sam_pass
);
1001 if(!pdb_update_sam_account(sam_pass
, True
)) {
1002 slprintf(err_str
, err_str_len
-1, "Failed to modify entry for user %s.\n", user_name
);
1003 pdb_free_sam(sam_pass
);
1006 if(local_flags
& LOCAL_DISABLE_USER
)
1007 slprintf(msg_str
, msg_str_len
-1, "Disabled user %s.\n", user_name
);
1008 else if (local_flags
& LOCAL_ENABLE_USER
)
1009 slprintf(msg_str
, msg_str_len
-1, "Enabled user %s.\n", user_name
);
1010 else if (local_flags
& LOCAL_SET_NO_PASSWORD
)
1011 slprintf(msg_str
, msg_str_len
-1, "User %s password set to none.\n", user_name
);
1013 pdb_free_sam(sam_pass
);
1017 /*********************************************************************
1018 Collection of get...() functions for SAM_ACCOUNT_INFO.
1019 ********************************************************************/
1021 uint16
pdb_get_acct_ctrl (SAM_ACCOUNT
*sampass
)
1024 return (sampass
->acct_ctrl
);
1026 return (ACB_DISABLED
);
1029 time_t pdb_get_logon_time (SAM_ACCOUNT
*sampass
)
1032 return (sampass
->logon_time
);
1037 time_t pdb_get_logoff_time (SAM_ACCOUNT
*sampass
)
1040 return (sampass
->logoff_time
);
1045 time_t pdb_get_kickoff_time (SAM_ACCOUNT
*sampass
)
1048 return (sampass
->kickoff_time
);
1053 time_t pdb_get_pass_last_set_time (SAM_ACCOUNT
*sampass
)
1056 return (sampass
->pass_last_set_time
);
1061 time_t pdb_get_pass_can_change_time (SAM_ACCOUNT
*sampass
)
1064 return (sampass
->pass_can_change_time
);
1069 time_t pdb_get_pass_must_change_time (SAM_ACCOUNT
*sampass
)
1072 return (sampass
->pass_must_change_time
);
1077 uint16
pdb_get_logon_divs (SAM_ACCOUNT
*sampass
)
1080 return (sampass
->logon_divs
);
1085 uint32
pdb_get_hours_len (SAM_ACCOUNT
*sampass
)
1088 return (sampass
->hours_len
);
1093 uint8
* pdb_get_hours (SAM_ACCOUNT
*sampass
)
1096 return (sampass
->hours
);
1101 uint8
* pdb_get_nt_passwd (SAM_ACCOUNT
*sampass
)
1104 return (sampass
->nt_pw
);
1109 uint8
* pdb_get_lanman_passwd (SAM_ACCOUNT
*sampass
)
1112 return (sampass
->lm_pw
);
1117 uint32
pdb_get_user_rid (SAM_ACCOUNT
*sampass
)
1120 return (sampass
->user_rid
);
1125 uint32
pdb_get_group_rid (SAM_ACCOUNT
*sampass
)
1128 return (sampass
->group_rid
);
1133 uid_t
pdb_get_uid (SAM_ACCOUNT
*sampass
)
1136 return (sampass
->uid
);
1141 gid_t
pdb_get_gid (SAM_ACCOUNT
*sampass
)
1144 return (sampass
->gid
);
1149 char* pdb_get_username (SAM_ACCOUNT
*sampass
)
1152 return (sampass
->username
);
1157 char* pdb_get_domain (SAM_ACCOUNT
*sampass
)
1160 return (sampass
->domain
);
1165 char* pdb_get_nt_username (SAM_ACCOUNT
*sampass
)
1168 return (sampass
->nt_username
);
1173 char* pdb_get_fullname (SAM_ACCOUNT
*sampass
)
1176 return (sampass
->full_name
);
1181 char* pdb_get_homedir (SAM_ACCOUNT
*sampass
)
1184 return (sampass
->home_dir
);
1189 char* pdb_get_dirdrive (SAM_ACCOUNT
*sampass
)
1192 return (sampass
->dir_drive
);
1197 char* pdb_get_logon_script (SAM_ACCOUNT
*sampass
)
1200 return (sampass
->logon_script
);
1205 char* pdb_get_profile_path (SAM_ACCOUNT
*sampass
)
1208 return (sampass
->profile_path
);
1213 char* pdb_get_acct_desc (SAM_ACCOUNT
*sampass
)
1216 return (sampass
->acct_desc
);
1221 char* pdb_get_workstations (SAM_ACCOUNT
*sampass
)
1224 return (sampass
->workstations
);
1229 char* pdb_get_munged_dial (SAM_ACCOUNT
*sampass
)
1232 return (sampass
->munged_dial
);
1237 uint32
pdb_get_unknown3 (SAM_ACCOUNT
*sampass
)
1240 return (sampass
->unknown_3
);
1245 uint32
pdb_get_unknown5 (SAM_ACCOUNT
*sampass
)
1248 return (sampass
->unknown_5
);
1253 uint32
pdb_get_unknown6 (SAM_ACCOUNT
*sampass
)
1256 return (sampass
->unknown_6
);
1261 /*********************************************************************
1262 Collection of set...() functions for SAM_ACCOUNT_INFO.
1263 ********************************************************************/
1265 BOOL
pdb_set_acct_ctrl (SAM_ACCOUNT
*sampass
, uint16 flags
)
1271 sampass
->acct_ctrl
= flags
;
1278 BOOL
pdb_set_logon_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1283 sampass
->logon_time
= mytime
;
1287 BOOL
pdb_set_logoff_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1292 sampass
->logoff_time
= mytime
;
1296 BOOL
pdb_set_kickoff_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1301 sampass
->kickoff_time
= mytime
;
1305 BOOL
pdb_set_pass_can_change_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1310 sampass
->pass_can_change_time
= mytime
;
1314 BOOL
pdb_set_pass_must_change_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1319 sampass
->pass_must_change_time
= mytime
;
1323 BOOL
pdb_set_pass_last_set_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1328 sampass
->pass_last_set_time
= mytime
;
1332 BOOL
pdb_set_hours_len (SAM_ACCOUNT
*sampass
, uint32 len
)
1337 sampass
->hours_len
= len
;
1341 BOOL
pdb_set_logon_divs (SAM_ACCOUNT
*sampass
, uint16 hours
)
1346 sampass
->logon_divs
= hours
;
1350 BOOL
pdb_set_init_flag (SAM_ACCOUNT
*sampass
, uint32 flag
)
1355 sampass
->init_flag
|= flag
;
1360 BOOL
pdb_set_uid (SAM_ACCOUNT
*sampass
, uid_t uid
)
1366 sampass
->init_flag
|= FLAG_SAM_UID
;
1371 BOOL
pdb_set_gid (SAM_ACCOUNT
*sampass
, gid_t gid
)
1377 sampass
->init_flag
|= FLAG_SAM_GID
;
1382 BOOL
pdb_set_user_rid (SAM_ACCOUNT
*sampass
, uint32 rid
)
1387 sampass
->user_rid
= rid
;
1391 BOOL
pdb_set_group_rid (SAM_ACCOUNT
*sampass
, uint32 grid
)
1396 sampass
->group_rid
= grid
;
1400 /*********************************************************************
1401 Set the user's UNIX name.
1402 ********************************************************************/
1404 BOOL
pdb_set_username(SAM_ACCOUNT
*sampass
, char *username
)
1408 *sampass
->username
= '\0';
1412 StrnCpy (sampass
->username
, username
, sizeof(sampass
->username
)-1);
1417 /*********************************************************************
1418 Set the domain name.
1419 ********************************************************************/
1421 BOOL
pdb_set_domain(SAM_ACCOUNT
*sampass
, char *domain
)
1425 *sampass
->domain
= '\0';
1429 StrnCpy (sampass
->domain
, domain
, sizeof(sampass
->domain
)-1);
1434 /*********************************************************************
1435 Set the user's NT name.
1436 ********************************************************************/
1438 BOOL
pdb_set_nt_username(SAM_ACCOUNT
*sampass
, char *nt_username
)
1442 *sampass
->nt_username
= '\0';
1446 StrnCpy (sampass
->nt_username
, nt_username
, sizeof(sampass
->nt_username
) -1);
1451 /*********************************************************************
1452 Set the user's full name.
1453 ********************************************************************/
1455 BOOL
pdb_set_fullname(SAM_ACCOUNT
*sampass
, char *fullname
)
1459 *sampass
->full_name
= '\0';
1463 StrnCpy (sampass
->full_name
, fullname
, sizeof(sampass
->full_name
)-1);
1468 /*********************************************************************
1469 Set the user's logon script.
1470 ********************************************************************/
1472 BOOL
pdb_set_logon_script(SAM_ACCOUNT
*sampass
, char *logon_script
, BOOL store
)
1476 *sampass
->logon_script
= '\0';
1480 StrnCpy (sampass
->logon_script
, logon_script
, sizeof(sampass
->logon_script
)-1);
1483 pdb_set_init_flag(sampass
, FLAG_SAM_LOGONSCRIPT
);
1488 /*********************************************************************
1489 Set the user's profile path.
1490 ********************************************************************/
1492 BOOL
pdb_set_profile_path (SAM_ACCOUNT
*sampass
, char *profile_path
, BOOL store
)
1496 *sampass
->profile_path
= '\0';
1500 StrnCpy (sampass
->profile_path
, profile_path
, sizeof(sampass
->profile_path
)-1);
1503 pdb_set_init_flag(sampass
, FLAG_SAM_PROFILE
);
1508 /*********************************************************************
1509 Set the user's directory drive.
1510 ********************************************************************/
1512 BOOL
pdb_set_dir_drive (SAM_ACCOUNT
*sampass
, char *dir_drive
, BOOL store
)
1516 *sampass
->dir_drive
= '\0';
1520 StrnCpy (sampass
->dir_drive
, dir_drive
, sizeof(sampass
->dir_drive
)-1);
1523 pdb_set_init_flag(sampass
, FLAG_SAM_DRIVE
);
1528 /*********************************************************************
1529 Set the user's home directory.
1530 ********************************************************************/
1532 BOOL
pdb_set_homedir (SAM_ACCOUNT
*sampass
, char *homedir
, BOOL store
)
1536 *sampass
->home_dir
= '\0';
1540 StrnCpy (sampass
->home_dir
, homedir
, sizeof(sampass
->home_dir
)-1);
1543 pdb_set_init_flag(sampass
, FLAG_SAM_SMBHOME
);
1548 /*********************************************************************
1549 Set the user's account description.
1550 ********************************************************************/
1552 BOOL
pdb_set_acct_desc (SAM_ACCOUNT
*sampass
, char *acct_desc
)
1556 *sampass
->acct_desc
= '\0';
1560 StrnCpy (sampass
->acct_desc
, acct_desc
, sizeof(sampass
->acct_desc
)-1);
1565 /*********************************************************************
1566 Set the user's workstation allowed list.
1567 ********************************************************************/
1569 BOOL
pdb_set_workstations (SAM_ACCOUNT
*sampass
, char *workstations
)
1573 *sampass
->workstations
= '\0';
1577 StrnCpy (sampass
->workstations
, workstations
, sizeof(sampass
->workstations
)-1);
1582 /*********************************************************************
1583 Set the user's dial string.
1584 ********************************************************************/
1586 BOOL
pdb_set_munged_dial (SAM_ACCOUNT
*sampass
, char *munged_dial
)
1590 *sampass
->munged_dial
= '\0';
1594 StrnCpy (sampass
->munged_dial
, munged_dial
, sizeof(sampass
->munged_dial
)-1);
1599 /*********************************************************************
1600 Set the user's NT hash.
1601 ********************************************************************/
1603 BOOL
pdb_set_nt_passwd (SAM_ACCOUNT
*sampass
, uint8
*pwd
)
1608 /* Remember to set the "last changed time". */
1609 pdb_set_pass_last_set_time(sampass
, time(NULL
));
1612 /* Allow setting to NULL */
1613 SAFE_FREE(sampass
->nt_pw
);
1617 if (sampass
->nt_pw
!=NULL
)
1618 DEBUG(4,("pdb_set_nt_passwd: NT hash non NULL overwritting ?\n"));
1620 sampass
->nt_pw
=(unsigned char *)malloc(sizeof(unsigned char)*16);
1622 if (sampass
->nt_pw
==NULL
)
1625 memcpy (sampass
->nt_pw
, pwd
, 16);
1630 /*********************************************************************
1631 Set the user's LM hash.
1632 ********************************************************************/
1634 BOOL
pdb_set_lanman_passwd (SAM_ACCOUNT
*sampass
, uint8
*pwd
)
1639 /* Remember to set the "last changed time". */
1640 pdb_set_pass_last_set_time(sampass
, time(NULL
));
1643 /* Allow setting to NULL */
1644 SAFE_FREE(sampass
->lm_pw
);
1648 if (sampass
->lm_pw
!=NULL
)
1649 DEBUG(4,("pdb_set_lanman_passwd: LM hash non NULL overwritting ?\n"));
1651 sampass
->lm_pw
=(unsigned char *)malloc(sizeof(unsigned char)*16);
1653 if (sampass
->lm_pw
==NULL
)
1656 memcpy (sampass
->lm_pw
, pwd
, 16);
1661 /*********************************************************************
1662 Set the user's PLAINTEXT password. Used as an interface to the above.
1663 ********************************************************************/
1665 BOOL
pdb_set_plaintext_passwd (SAM_ACCOUNT
*sampass
, char *plaintext
)
1667 uchar new_lanman_p16
[16];
1668 uchar new_nt_p16
[16];
1670 if (!sampass
|| !plaintext
)
1673 nt_lm_owf_gen (plaintext
, new_nt_p16
, new_lanman_p16
);
1675 if (!pdb_set_nt_passwd (sampass
, new_nt_p16
))
1678 if (!pdb_set_lanman_passwd (sampass
, new_lanman_p16
))
1684 BOOL
pdb_set_unknown_3 (SAM_ACCOUNT
*sampass
, uint32 unkn
)
1689 sampass
->unknown_3
= unkn
;
1693 BOOL
pdb_set_unknown_5 (SAM_ACCOUNT
*sampass
, uint32 unkn
)
1698 sampass
->unknown_5
= unkn
;
1702 BOOL
pdb_set_unknown_6 (SAM_ACCOUNT
*sampass
, uint32 unkn
)
1707 sampass
->unknown_6
= unkn
;
1711 BOOL
pdb_set_hours (SAM_ACCOUNT
*sampass
, uint8
*hours
)
1717 memset ((char *)sampass
->hours
, 0, MAX_HOURS_LEN
);
1721 memcpy (sampass
->hours
, hours
, MAX_HOURS_LEN
);
1726 /***************************************************************************
1727 Search by uid. Wrapper around pdb_getsampwnam()
1728 **************************************************************************/
1730 BOOL
pdb_getsampwuid (SAM_ACCOUNT
* user
, uid_t uid
)
1736 DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n"));
1741 * Never trust the uid in the passdb. Lookup the username first
1742 * and then lokup the user by name in the sam.
1745 if ((pw
=sys_getpwuid(uid
)) == NULL
) {
1746 DEBUG(0,("pdb_getsampwuid: getpwuid(%u) return NULL. User does not exist in Unix accounts!\n",
1747 (unsigned int)uid
));
1751 fstrcpy (name
, pw
->pw_name
);
1753 return pdb_getsampwnam (user
, name
);