2 * Unix SMB/Netbios implementation.
5 * Copyright (C) Jeremy Allison 1995-1998
6 * Copyright (C) Tim Potter 2001
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 * You should have received a copy of the GNU General Public License along with
19 * this program; if not, write to the Free Software Foundation, Inc., 675
20 * Mass Ave, Cambridge, MA 02139, USA. */
24 extern pstring global_myname
;
27 * Next two lines needed for SunOS and don't
28 * hurt anything else...
33 /* forced running in root-mode */
34 static BOOL local_mode
;
36 /*********************************************************
38 **********************************************************/
40 static char *strdup_x(const char *s
)
42 char *new_s
= strdup(s
);
44 fprintf(stderr
,"out of memory\n");
51 /*********************************************************
52 Print command usage on stderr and die.
53 **********************************************************/
54 static void usage(void)
57 printf("smbpasswd [options] [username] [password]\n");
59 printf("smbpasswd [options] [password]\n");
62 printf(" -s use stdin for password prompt\n");
63 printf(" -D LEVEL debug level\n");
64 printf(" -U USER remote username\n");
65 printf(" -r MACHINE remote machine\n");
67 if (getuid() == 0 || local_mode
) {
68 printf(" -L local mode (must be first option)\n");
69 printf(" -R ORDER name resolve order\n");
70 printf(" -j DOMAIN join domain name\n");
71 printf(" -a add user\n");
72 printf(" -x delete user\n");
73 printf(" -d disable user\n");
74 printf(" -e enable user\n");
75 printf(" -n set no password\n");
76 printf(" -m machine trust account\n");
78 printf(" -w ldap admin password\n");
84 /*********************************************************
86 **********************************************************/
87 static int join_domain(char *domain
, char *remote
)
89 pstring remote_machine
;
91 unsigned char orig_trust_passwd_hash
[16];
94 pstrcpy(remote_machine
, remote
? remote
: "");
95 fstrcpy(trust_passwd
, global_myname
);
96 strlower(trust_passwd
);
97 E_md4hash( (uchar
*)trust_passwd
, orig_trust_passwd_hash
);
99 /* Ensure that we are not trying to join a
100 domain if we are locally set up as a domain
103 if(strequal(remote
, global_myname
)) {
104 fprintf(stderr
, "Cannot join domain %s as the domain controller name is our own. We cannot be a domain controller for a domain and also be a domain member.\n", domain
);
109 * Write the old machine account password.
112 if(!secrets_store_trust_account_password(domain
, orig_trust_passwd_hash
)) {
113 fprintf(stderr
, "Unable to write the machine account password for \
114 machine %s in domain %s.\n", global_myname
, domain
);
119 * If we are given a remote machine assume this is the PDC.
123 pstrcpy(remote_machine
, lp_passwordserver());
126 if(!*remote_machine
) {
127 fprintf(stderr
, "No password server list given in smb.conf - \
128 unable to join domain.\n");
132 ret
= change_trust_account_password( domain
, remote_machine
);
135 trust_password_delete(domain
);
136 fprintf(stderr
,"Unable to join domain %s.\n",domain
);
138 printf("Joined domain %s.\n",domain
);
144 /* Initialise client credentials for authenticated pipe access */
146 void init_rpcclient_creds(struct ntuser_creds
*creds
, char* username
,
147 char* domain
, char* password
)
151 if (lp_encrypted_passwords()) {
152 pwd_make_lm_nt_16(&creds
->pwd
, password
);
154 pwd_set_cleartext(&creds
->pwd
, password
);
157 fstrcpy(creds
->user_name
, username
);
158 fstrcpy(creds
->domain
, domain
);
161 /*********************************************************
162 Join a domain using the administrator username and password
163 **********************************************************/
165 /* Macro for checking RPC error codes to make things more readable */
167 #define CHECK_RPC_ERR(rpc, msg) \
168 if (!NT_STATUS_IS_OK(result = rpc)) { \
169 DEBUG(0, (msg ": %s\n", get_nt_error_msg(result))); \
173 #define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
174 if (!NT_STATUS_IS_OK(result = rpc)) { \
175 DEBUG(0, debug_args); \
179 static int join_domain_byuser(char *domain
, char *remote_machine
,
180 char *username
, char *password
)
182 /* libsmb variables */
184 struct nmb_name calling
, called
;
185 struct ntuser_creds creds
;
186 struct cli_state cli
;
187 fstring dest_host
, acct_name
;
188 struct in_addr dest_ip
;
193 POLICY_HND lsa_pol
, sam_pol
, domain_pol
, user_pol
;
201 uchar pwbuf
[516], ntpw
[16], sess_key
[16];
202 SAM_USERINFO_CTR ctr
;
203 SAM_USER_INFO_24 p24
;
204 SAM_USER_INFO_10 p10
;
211 /* Connect to remote machine */
216 if (!(mem_ctx
= talloc_init())) {
217 DEBUG(0, ("Could not initialise talloc context\n"));
221 if (!cli_initialise(&cli
)) {
222 DEBUG(0, ("Could not initialise client structure\n"));
226 init_rpcclient_creds(&creds
, username
, domain
, password
);
227 cli_init_creds(&cli
, &creds
);
229 if (!resolve_srv_name(remote_machine
, dest_host
, &dest_ip
)) {
230 DEBUG(0, ("Could not resolve name %s\n", remote_machine
));
234 make_nmb_name(&called
, dns_to_netbios_name(dest_host
), 0x20);
235 make_nmb_name(&calling
, dns_to_netbios_name(global_myname
), 0);
237 if (!cli_establish_connection(&cli
, dest_host
, &dest_ip
, &calling
,
238 &called
, "IPC$", "IPC", False
, True
)) {
239 DEBUG(0, ("Error connecting to %s\n", dest_host
));
243 /* Fetch domain sid */
245 if (!cli_nt_session_open(&cli
, PIPE_LSARPC
)) {
246 DEBUG(0, ("Error connecting to SAM pipe\n"));
251 CHECK_RPC_ERR(cli_lsa_open_policy(&cli
, mem_ctx
, True
,
252 SEC_RIGHTS_MAXIMUM_ALLOWED
,
254 "error opening lsa policy handle");
256 CHECK_RPC_ERR(cli_lsa_query_info_policy(&cli
, mem_ctx
, &lsa_pol
,
257 5, domain
, &domain_sid
),
258 "error querying info policy");
260 cli_lsa_close(&cli
, mem_ctx
, &lsa_pol
);
262 cli_nt_session_close(&cli
); /* Done with this pipe */
264 /* Create domain user */
266 if (!cli_nt_session_open(&cli
, PIPE_SAMR
)) {
267 DEBUG(0, ("Error connecting to SAM pipe\n"));
271 CHECK_RPC_ERR(cli_samr_connect(&cli
, mem_ctx
,
272 SEC_RIGHTS_MAXIMUM_ALLOWED
,
274 "could not connect to SAM database");
277 CHECK_RPC_ERR(cli_samr_open_domain(&cli
, mem_ctx
, &sam_pol
,
278 SEC_RIGHTS_MAXIMUM_ALLOWED
,
279 &domain_sid
, &domain_pol
),
280 "could not open domain");
282 /* Create domain user */
284 fstrcpy(acct_name
, global_myname
);
285 fstrcat(acct_name
, "$");
290 uint32 unknown
= 0xe005000b;
292 result
= cli_samr_create_dom_user(&cli
, mem_ctx
, &domain_pol
,
293 acct_name
, ACB_WSTRUST
,
297 /* We *must* do this.... don't ask... */
299 CHECK_RPC_ERR_DEBUG(cli_samr_close(&cli
, mem_ctx
, &user_pol
), ("error closing user policy"));
300 result
= NT_STATUS_USER_EXISTS
;
303 if (NT_STATUS_V(result
) == NT_STATUS_V(NT_STATUS_USER_EXISTS
)) {
304 uint32 num_rids
, *name_types
, *user_rids
;
305 uint32 flags
= 0x3e8;
308 /* Look up existing rid */
310 names
= (char *)&acct_name
[0];
313 cli_samr_lookup_names(&cli
, mem_ctx
,
315 1, &names
, &num_rids
,
316 &user_rids
, &name_types
),
317 ("error looking up rid for user %s: %s\n",
318 acct_name
, get_nt_error_msg(result
)));
320 if (name_types
[0] != SID_NAME_USER
) {
321 DEBUG(0, ("%s is not a user account\n", acct_name
));
325 user_rid
= user_rids
[0];
327 /* Open handle on user */
330 cli_samr_open_user(&cli
, mem_ctx
, &domain_pol
,
331 SEC_RIGHTS_MAXIMUM_ALLOWED
,
332 user_rid
, &user_pol
),
333 ("could not re-open existing user %s: %s\n",
334 acct_name
, get_nt_error_msg(result
)));
336 } else if (!NT_STATUS_IS_OK(result
)) {
337 DEBUG(0, ("error creating domain user: %s\n",
338 get_nt_error_msg(result
)));
342 /* Create a random machine account password */
345 UNISTR2 upw
; /* Unicode password */
347 upw
.buffer
= (uint16
*)talloc_zero(mem_ctx
, 0xc *
350 upw
.uni_str_len
= 0xc;
351 upw
.uni_max_len
= 0xc;
353 machine_pwd
= (char *)upw
.buffer
;
354 plen
= upw
.uni_str_len
* 2;
355 generate_random_buffer((unsigned char *)machine_pwd
, plen
, True
);
357 encode_pw_buffer((char *)pwbuf
, machine_pwd
, plen
, False
);
359 nt_owf_genW(&upw
, ntpw
);
362 /* Set password on machine account */
367 init_sam_user_info24(&p24
, (char *)pwbuf
,24);
369 ctr
.switch_value
= 24;
370 ctr
.info
.id24
= &p24
;
372 /* I don't think this is quite the right place for this
373 calculation. It should be moved somewhere where the credentials
374 are calculated. )-: */
376 mdfour(sess_key
, cli
.pwd
.smb_nt_pwd
, 16);
378 CHECK_RPC_ERR(cli_samr_set_userinfo(&cli
, mem_ctx
, &user_pol
, 24,
380 "error setting trust account password");
382 /* Why do we have to try to (re-)set the ACB to be the same as what
383 we passed in the samr_create_dom_user() call? When a NT
384 workstation is joined to a domain by an administrator the
385 acb_info is set to 0x80. For a normal user with "Add
386 workstations to the domain" rights the acb_info is 0x84. I'm
387 not sure whether it is supposed to make a difference or not. NT
388 seems to cope with either value so don't bomb out if the set
389 userinfo2 level 0x10 fails. -tpot */
392 ctr
.switch_value
= 0x10;
393 ctr
.info
.id10
= &p10
;
395 init_sam_user_info10(&p10
, ACB_WSTRUST
);
397 /* Ignoring the return value is necessary for joining a domain
398 as a normal user with "Add workstation to domain" privilege. */
400 result
= cli_samr_set_userinfo2(&cli
, mem_ctx
, &user_pol
, 0x10,
403 /* Now store the secret in the secrets database */
407 if (!secrets_store_domain_sid(domain
, &domain_sid
) ||
408 !secrets_store_trust_account_password(domain
, ntpw
)) {
409 DEBUG(0, ("error storing domain secrets\n"));
413 retval
= 0; /* Success! */
416 /* Close down pipe - this will clean up open policy handles */
418 if (cli
.nt_pipe_fnum
)
419 cli_nt_session_close(&cli
);
421 /* Display success or failure */
424 trust_password_delete(domain
);
425 fprintf(stderr
,"Unable to join domain %s.\n",domain
);
427 printf("Joined domain %s.\n",domain
);
433 static void set_line_buffering(FILE *f
)
435 setvbuf(f
, NULL
, _IOLBF
, 0);
438 /*************************************************************
439 Utility function to prompt for passwords from stdin. Each
440 password entered must end with a newline.
441 *************************************************************/
442 static char *stdin_new_passwd(void)
444 static fstring new_passwd
;
447 ZERO_ARRAY(new_passwd
);
450 * if no error is reported from fgets() and string at least contains
451 * the newline that ends the password, then replace the newline with
454 if ( fgets(new_passwd
, sizeof(new_passwd
), stdin
) != NULL
) {
455 if ((len
= strlen(new_passwd
)) > 0) {
456 if(new_passwd
[len
-1] == '\n')
457 new_passwd
[len
- 1] = 0;
464 /*************************************************************
465 Utility function to get passwords via tty or stdin
466 Used if the '-s' option is set to silently get passwords
468 *************************************************************/
469 static char *get_pass( char *prompt
, BOOL stdin_get
)
473 p
= stdin_new_passwd();
480 /*************************************************************
481 Utility function to prompt for new password.
482 *************************************************************/
483 static char *prompt_for_new_password(BOOL stdin_get
)
488 ZERO_ARRAY(new_passwd
);
490 p
= get_pass("New SMB password:", stdin_get
);
492 fstrcpy(new_passwd
, p
);
495 p
= get_pass("Retype new SMB password:", stdin_get
);
497 if (strcmp(p
, new_passwd
)) {
498 fprintf(stderr
, "Mismatch - password unchanged.\n");
499 ZERO_ARRAY(new_passwd
);
508 /*************************************************************
509 Change a password either locally or remotely.
510 *************************************************************/
512 static BOOL
password_change(const char *remote_machine
, char *user_name
,
513 char *old_passwd
, char *new_passwd
, int local_flags
)
519 if (remote_machine
!= NULL
) {
520 if (local_flags
& (LOCAL_ADD_USER
|LOCAL_DELETE_USER
|LOCAL_DISABLE_USER
|LOCAL_ENABLE_USER
|
521 LOCAL_TRUST_ACCOUNT
|LOCAL_SET_NO_PASSWORD
)) {
522 /* these things can't be done remotely yet */
525 ret
= remote_password_change(remote_machine
, user_name
,
526 old_passwd
, new_passwd
, err_str
, sizeof(err_str
));
528 fprintf(stderr
, err_str
);
532 ret
= local_password_change(user_name
, local_flags
, new_passwd
,
533 err_str
, sizeof(err_str
), msg_str
, sizeof(msg_str
));
538 fprintf(stderr
, err_str
);
544 /*******************************************************************
545 Store the LDAP admin password in secrets.tdb
546 ******************************************************************/
547 static BOOL
store_ldap_admin_pw (char* pw
)
560 return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw
);
564 /*************************************************************
565 Handle password changing for root.
566 *************************************************************/
568 static int process_root(int argc
, char *argv
[])
572 BOOL joining_domain
= False
, got_pass
= False
, got_username
= False
;
574 BOOL stdin_passwd_get
= False
;
575 fstring user_name
, user_password
;
579 char *new_domain
= NULL
;
580 char *new_passwd
= NULL
;
581 char *old_passwd
= NULL
;
582 char *remote_machine
= NULL
;
586 while ((ch
= getopt(argc
, argv
, "axdehmnj:r:sw:R:D:U:L")) != EOF
) {
592 local_flags
|= LOCAL_ADD_USER
;
595 local_flags
|= LOCAL_DELETE_USER
;
596 new_passwd
= strdup_x("XXXXXX");
599 local_flags
|= LOCAL_DISABLE_USER
;
600 new_passwd
= strdup_x("XXXXXX");
603 local_flags
|= LOCAL_ENABLE_USER
;
606 local_flags
|= LOCAL_TRUST_ACCOUNT
;
609 local_flags
|= LOCAL_SET_NO_PASSWORD
;
610 new_passwd
= strdup_x("NO PASSWORD");
614 strupper(new_domain
);
615 joining_domain
= True
;
618 remote_machine
= optarg
;
621 set_line_buffering(stdin
);
622 set_line_buffering(stdout
);
623 set_line_buffering(stderr
);
624 stdin_passwd_get
= True
;
628 local_flags
|= LOCAL_SET_LDAP_ADMIN_PW
;
629 fstrcpy(ldap_secret
, optarg
);
632 printf("-w not available unless configured --with-ldap\n");
636 lp_set_name_resolve_order(optarg
);
639 DEBUGLEVEL
= atoi(optarg
);
645 fstrcpy(user_name
, optarg
);
647 if ((lp
= strchr(user_name
, '%'))) {
649 fstrcpy(user_password
, lp
+ 1);
651 memset(strchr(optarg
, '%') + 1, 'X',
652 strlen(user_password
));
667 if (local_flags
& LOCAL_SET_LDAP_ADMIN_PW
)
669 printf("Setting stored password for \"%s\" in secrets.tdb\n",
671 if (!store_ldap_admin_pw(ldap_secret
))
672 DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
678 * Ensure both add/delete user are not set
679 * Ensure add/delete user and either remote machine or join domain are
682 if(((local_flags
& (LOCAL_ADD_USER
|LOCAL_DELETE_USER
)) == (LOCAL_ADD_USER
|LOCAL_DELETE_USER
)) ||
683 ((local_flags
& (LOCAL_ADD_USER
|LOCAL_DELETE_USER
)) &&
684 ((remote_machine
!= NULL
) || joining_domain
))) {
688 /* Only load interfaces if we are doing network operations. */
690 if (joining_domain
|| remote_machine
) {
696 if (joining_domain
) {
701 /* Are we joining by specifing an admin username and
706 /* Get administrator password if not specified */
709 char *pass
= getpass("Password: ");
712 pstrcpy(user_password
, pass
);
715 return join_domain_byuser(new_domain
, remote_machine
,
716 user_name
, user_password
);
719 /* Or just with the server manager? */
721 return join_domain(new_domain
, remote_machine
);
726 * Deal with root - can add a user, but only locally.
732 fstrcpy(user_name
, "");
737 fstrcpy(user_name
, argv
[0]);
740 if (got_username
|| got_pass
)
742 fstrcpy(user_name
, argv
[0]);
743 new_passwd
= strdup_x(argv
[1]);
749 if (!user_name
[0] && (pwd
= sys_getpwuid(0))) {
750 fstrcpy(user_name
, pwd
->pw_name
);
754 fprintf(stderr
,"You must specify a username\n");
758 if (local_flags
& LOCAL_TRUST_ACCOUNT
) {
759 /* add the $ automatically */
763 * Remove any trailing '$' before we
764 * generate the initial machine password.
767 if (user_name
[strlen(user_name
)-1] == '$') {
768 user_name
[strlen(user_name
)-1] = 0;
771 if (local_flags
& LOCAL_ADD_USER
) {
772 safe_free(new_passwd
);
773 new_passwd
= strdup_x(user_name
);
774 strlower(new_passwd
);
778 * Now ensure the username ends in '$' for
782 slprintf(buf
, sizeof(buf
)-1, "%s$", user_name
);
783 fstrcpy(user_name
, buf
);
786 if (remote_machine
!= NULL
) {
787 old_passwd
= get_pass("Old SMB password:",stdin_passwd_get
);
793 * If we are trying to enable a user, first we need to find out
794 * if they are using a modern version of the smbpasswd file that
795 * disables a user by just writing a flag into the file. If so
796 * then we can re-enable a user without prompting for a new
797 * password. If not (ie. they have a no stored password in the
798 * smbpasswd file) then we need to prompt for a new password.
801 if(local_flags
& LOCAL_ENABLE_USER
) {
803 SAM_ACCOUNT
*sampass
= NULL
;
805 pdb_init_sam(&sampass
);
806 if (!pdb_getsampwnam(sampass
, user_name
)) {
807 printf("ERROR: Unable to locate %s in passdb!\n", user_name
);
808 pdb_free_sam(sampass
);
812 if((sampass
!= NULL
) && (pdb_get_lanman_passwd(sampass
) != NULL
)) {
813 new_passwd
= strdup_x("XXXX"); /* Don't care. */
816 pdb_free_sam(sampass
);
820 new_passwd
= prompt_for_new_password(stdin_passwd_get
);
823 fprintf(stderr
, "Unable to get new password.\n");
828 if (!password_change(remote_machine
, user_name
, old_passwd
, new_passwd
, local_flags
)) {
829 fprintf(stderr
,"Failed to modify password entry for user %s\n", user_name
);
834 if(!(local_flags
& (LOCAL_ADD_USER
|LOCAL_DISABLE_USER
|LOCAL_ENABLE_USER
|LOCAL_DELETE_USER
|LOCAL_SET_NO_PASSWORD
))) {
835 SAM_ACCOUNT
*sampass
= NULL
;
838 pdb_init_sam(&sampass
);
840 if (!pdb_getsampwnam(sampass
, user_name
)) {
841 printf("ERROR: Unable to locate %s in passdb!\n", user_name
);
842 pdb_free_sam(sampass
);
847 printf("Password changed for user %s.", user_name
);
848 acct_ctrl
= pdb_get_acct_ctrl(sampass
);
849 if(acct_ctrl
& ACB_DISABLED
)
850 printf(" User has disabled flag set.");
851 if(acct_ctrl
& ACB_PWNOTREQ
)
852 printf(" User has no password flag set.");
855 pdb_free_sam(sampass
);
859 safe_free(new_passwd
);
864 /*************************************************************
865 handle password changing for non-root
866 *************************************************************/
867 static int process_nonroot(int argc
, char *argv
[])
869 struct passwd
*pwd
= NULL
;
871 BOOL stdin_passwd_get
= False
;
872 char *old_passwd
= NULL
;
873 char *remote_machine
= NULL
;
874 char *user_name
= NULL
;
875 char *new_passwd
= NULL
;
877 while ((ch
= getopt(argc
, argv
, "hD:r:sU:")) != EOF
) {
880 DEBUGLEVEL
= atoi(optarg
);
883 remote_machine
= optarg
;
886 set_line_buffering(stdin
);
887 set_line_buffering(stdout
);
888 set_line_buffering(stderr
);
889 stdin_passwd_get
= True
;
907 new_passwd
= argv
[0];
911 pwd
= sys_getpwuid(getuid());
913 user_name
= strdup_x(pwd
->pw_name
);
915 fprintf(stderr
,"you don't exist - go away\n");
921 * A non-root user is always setting a password
922 * via a remote machine (even if that machine is
926 load_interfaces(); /* Delayed from main() */
928 if (remote_machine
== NULL
) {
929 remote_machine
= "127.0.0.1";
932 if (remote_machine
!= NULL
) {
933 old_passwd
= get_pass("Old SMB password:",stdin_passwd_get
);
937 new_passwd
= prompt_for_new_password(stdin_passwd_get
);
941 fprintf(stderr
, "Unable to get new password.\n");
945 if (!password_change(remote_machine
, user_name
, old_passwd
, new_passwd
, 0)) {
946 fprintf(stderr
,"Failed to change password for %s\n", user_name
);
951 printf("Password changed for user %s\n", user_name
);
954 safe_free(old_passwd
);
955 safe_free(new_passwd
);
962 /*********************************************************
964 **********************************************************/
965 int main(int argc
, char **argv
)
967 static pstring servicesf
= CONFIGFILE
;
969 #if defined(HAVE_SET_AUTH_PARAMETERS)
970 set_auth_parameters(argc
, argv
);
971 #endif /* HAVE_SET_AUTH_PARAMETERS */
975 setup_logging("smbpasswd", True
);
977 charset_initialise();
979 if(!initialize_password_db(False
)) {
980 fprintf(stderr
, "Can't setup password database vectors.\n");
984 if (!lp_load(servicesf
,True
,False
,False
)) {
985 fprintf(stderr
, "Can't load %s - run testparm to debug it\n",
991 * Set the machine NETBIOS name if not already
992 * set from the config file.
995 if (!*global_myname
) {
997 fstrcpy(global_myname
, myhostname());
998 p
= strchr(global_myname
, '.' );
1001 strupper(global_myname
);
1003 codepage_initialise(lp_client_code_page());
1005 /* Check the effective uid - make sure we are not setuid */
1006 if ((geteuid() == (uid_t
)0) && (getuid() != (uid_t
)0)) {
1007 fprintf(stderr
, "smbpasswd must *NOT* be setuid root.\n");
1011 /* pre-check for local mode option as first option. We can't
1012 do this via normal getopt as getopt can't be called
1014 if (argc
> 1 && strcmp(argv
[1], "-L") == 0) {
1018 if (local_mode
|| getuid() == 0) {
1020 return process_root(argc
, argv
);
1023 return process_nonroot(argc
, argv
);