search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific
[Samba.git] / source3 / passdb / pdb_get_set.c
blobd7fc02f807828c17e2f81fd737768689d0bd6741
1 /*
2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../libcli/auth/libcli_auth.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return strings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
35 */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40 Collection of get...() functions for struct samu.
41 ********************************************************************/
42
43 uint32 pdb_get_acct_ctrl(const struct samu *sampass)
44 {
45 return sampass->acct_ctrl;
46 }
47
48 time_t pdb_get_logon_time(const struct samu *sampass)
49 {
50 return sampass->logon_time;
51 }
52
53 time_t pdb_get_logoff_time(const struct samu *sampass)
54 {
55 return sampass->logoff_time;
56 }
57
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
59 {
60 return sampass->kickoff_time;
61 }
62
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
64 {
65 return sampass->bad_password_time;
66 }
67
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
69 {
70 return sampass->pass_last_set_time;
71 }
72
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
74 {
75 uint32 allow;
76
77 /* if the last set time is zero, it means the user cannot
78 change their password, and this time must be zero. jmcd
79 */
80 if (sampass->pass_last_set_time == 0)
81 return (time_t) 0;
82
83 /* if the time is max, and the field has been changed,
84 we're trying to update this real value from the sampass
85 to indicate that the user cannot change their password. jmcd
86 */
87 if (sampass->pass_can_change_time == get_time_t_max() &&
88 pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
89 return sampass->pass_can_change_time;
90
91 if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
92 allow = 0;
93
94 /* in normal cases, just calculate it from policy */
95 return sampass->pass_last_set_time + allow;
96 }
97
98 /* we need this for loading from the backend, so that we don't overwrite
99 non-changed max times, otherwise the pass_can_change checking won't work */
100 time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
101 {
102 return sampass->pass_can_change_time;
103 }
104
105 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
106 {
107 uint32 expire;
108
109 if (sampass->pass_last_set_time == 0)
110 return (time_t) 0;
111
112 if (sampass->acct_ctrl & ACB_PWNOEXP)
113 return get_time_t_max();
114
115 if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
116 || expire == (uint32)-1 || expire == 0)
117 return get_time_t_max();
118
119 return sampass->pass_last_set_time + expire;
120 }
121
122 bool pdb_get_pass_can_change(const struct samu *sampass)
123 {
124 if (sampass->pass_can_change_time == get_time_t_max() &&
125 sampass->pass_last_set_time != 0)
126 return False;
127 return True;
128 }
129
130 uint16 pdb_get_logon_divs(const struct samu *sampass)
131 {
132 return sampass->logon_divs;
133 }
134
135 uint32 pdb_get_hours_len(const struct samu *sampass)
136 {
137 return sampass->hours_len;
138 }
139
140 const uint8 *pdb_get_hours(const struct samu *sampass)
141 {
142 return (sampass->hours);
143 }
144
145 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
146 {
147 SMB_ASSERT((!sampass->nt_pw.data)
148 || sampass->nt_pw.length == NT_HASH_LEN);
149 return (uint8 *)sampass->nt_pw.data;
150 }
151
152 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
153 {
154 SMB_ASSERT((!sampass->lm_pw.data)
155 || sampass->lm_pw.length == LM_HASH_LEN);
156 return (uint8 *)sampass->lm_pw.data;
157 }
158
159 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
160 {
161 SMB_ASSERT((!sampass->nt_pw_his.data)
162 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
163 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
164 return (uint8 *)sampass->nt_pw_his.data;
165 }
166
167 /* Return the plaintext password if known. Most of the time
168 it isn't, so don't assume anything magic about this function.
169
170 Used to pass the plaintext to passdb backends that might
171 want to store more than just the NTLM hashes.
172 */
173 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
174 {
175 return sampass->plaintext_pw;
176 }
177
178 const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
179 {
180 return &sampass->user_sid;
181 }
182
183 const DOM_SID *pdb_get_group_sid(struct samu *sampass)
184 {
185 DOM_SID *gsid;
186 struct passwd *pwd;
187
188 /* Return the cached group SID if we have that */
189 if ( sampass->group_sid ) {
190 return sampass->group_sid;
191 }
192
193 /* generate the group SID from the user's primary Unix group */
194
195 if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
196 return NULL;
197 }
198
199 /* No algorithmic mapping, meaning that we have to figure out the
200 primary group SID according to group mapping and the user SID must
201 be a newly allocated one. We rely on the user's Unix primary gid.
202 We have no choice but to fail if we can't find it. */
203
204 if ( sampass->unix_pw ) {
205 pwd = sampass->unix_pw;
206 } else {
207 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
208 }
209
210 if ( !pwd ) {
211 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
212 return NULL;
213 }
214
215 if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
216 enum lsa_SidType type = SID_NAME_UNKNOWN;
217 TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
218 bool lookup_ret;
219
220 if (!mem_ctx) {
221 return NULL;
222 }
223
224 /* Now check that it's actually a domain group and not something else */
225
226 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
227
228 TALLOC_FREE( mem_ctx );
229
230 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
231 sampass->group_sid = gsid;
232 return sampass->group_sid;
233 }
234
235 DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n",
236 pwd->pw_name, sid_type_lookup(type)));
237 }
238
239 /* Just set it to the 'Domain Users' RID of 512 which will
240 always resolve to a name */
241
242 sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
243
244 sampass->group_sid = gsid;
245
246 return sampass->group_sid;
247 }
248
249 /**
250 * Get flags showing what is initalised in the struct samu
251 * @param sampass the struct samu in question
252 * @return the flags indicating the members initialised in the struct.
253 **/
254
255 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
256 {
257 enum pdb_value_state ret = PDB_DEFAULT;
258
259 if (!sampass->change_flags || !sampass->set_flags)
260 return ret;
261
262 if (bitmap_query(sampass->set_flags, element)) {
263 DEBUG(11, ("element %d: SET\n", element));
264 ret = PDB_SET;
265 }
266
267 if (bitmap_query(sampass->change_flags, element)) {
268 DEBUG(11, ("element %d: CHANGED\n", element));
269 ret = PDB_CHANGED;
270 }
271
272 if (ret == PDB_DEFAULT) {
273 DEBUG(11, ("element %d: DEFAULT\n", element));
274 }
275
276 return ret;
277 }
278
279 const char *pdb_get_username(const struct samu *sampass)
280 {
281 return sampass->username;
282 }
283
284 const char *pdb_get_domain(const struct samu *sampass)
285 {
286 return sampass->domain;
287 }
288
289 const char *pdb_get_nt_username(const struct samu *sampass)
290 {
291 return sampass->nt_username;
292 }
293
294 const char *pdb_get_fullname(const struct samu *sampass)
295 {
296 return sampass->full_name;
297 }
298
299 const char *pdb_get_homedir(const struct samu *sampass)
300 {
301 return sampass->home_dir;
302 }
303
304 const char *pdb_get_dir_drive(const struct samu *sampass)
305 {
306 return sampass->dir_drive;
307 }
308
309 const char *pdb_get_logon_script(const struct samu *sampass)
310 {
311 return sampass->logon_script;
312 }
313
314 const char *pdb_get_profile_path(const struct samu *sampass)
315 {
316 return sampass->profile_path;
317 }
318
319 const char *pdb_get_acct_desc(const struct samu *sampass)
320 {
321 return sampass->acct_desc;
322 }
323
324 const char *pdb_get_workstations(const struct samu *sampass)
325 {
326 return sampass->workstations;
327 }
328
329 const char *pdb_get_comment(const struct samu *sampass)
330 {
331 return sampass->comment;
332 }
333
334 const char *pdb_get_munged_dial(const struct samu *sampass)
335 {
336 return sampass->munged_dial;
337 }
338
339 uint16 pdb_get_bad_password_count(const struct samu *sampass)
340 {
341 return sampass->bad_password_count;
342 }
343
344 uint16 pdb_get_logon_count(const struct samu *sampass)
345 {
346 return sampass->logon_count;
347 }
348
349 uint32 pdb_get_unknown_6(const struct samu *sampass)
350 {
351 return sampass->unknown_6;
352 }
353
354 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
355 {
356 if (my_methods == sampass->backend_private_methods) {
357 return sampass->backend_private_data;
358 } else {
359 return NULL;
360 }
361 }
362
363 /*********************************************************************
364 Collection of set...() functions for struct samu.
365 ********************************************************************/
366
367 bool pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
368 {
369 sampass->acct_ctrl = acct_ctrl;
370 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
371 }
372
373 bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
374 {
375 sampass->logon_time = mytime;
376 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
377 }
378
379 bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
380 {
381 sampass->logoff_time = mytime;
382 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
383 }
384
385 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
386 {
387 sampass->kickoff_time = mytime;
388 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
389 }
390
391 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
392 {
393 sampass->bad_password_time = mytime;
394 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
395 }
396
397 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
398 {
399 sampass->pass_can_change_time = mytime;
400 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
401 }
402
403 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
404 {
405 sampass->pass_must_change_time = mytime;
406 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
407 }
408
409 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
410 {
411 sampass->pass_last_set_time = mytime;
412 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
413 }
414
415 bool pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
416 {
417 sampass->hours_len = len;
418 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
419 }
420
421 bool pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
422 {
423 sampass->logon_divs = hours;
424 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
425 }
426
427 /**
428 * Set flags showing what is initalised in the struct samu
429 * @param sampass the struct samu in question
430 * @param flag The *new* flag to be set. Old flags preserved
431 * this flag is only added.
432 **/
433
434 bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
435 {
436 if (!sampass->set_flags) {
437 if ((sampass->set_flags =
438 bitmap_talloc(sampass,
439 PDB_COUNT))==NULL) {
440 DEBUG(0,("bitmap_talloc failed\n"));
441 return False;
442 }
443 }
444 if (!sampass->change_flags) {
445 if ((sampass->change_flags =
446 bitmap_talloc(sampass,
447 PDB_COUNT))==NULL) {
448 DEBUG(0,("bitmap_talloc failed\n"));
449 return False;
450 }
451 }
452
453 switch(value_flag) {
454 case PDB_CHANGED:
455 if (!bitmap_set(sampass->change_flags, element)) {
456 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
457 return False;
458 }
459 if (!bitmap_set(sampass->set_flags, element)) {
460 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
461 return False;
462 }
463 DEBUG(11, ("element %d -> now CHANGED\n", element));
464 break;
465 case PDB_SET:
466 if (!bitmap_clear(sampass->change_flags, element)) {
467 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
468 return False;
469 }
470 if (!bitmap_set(sampass->set_flags, element)) {
471 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
472 return False;
473 }
474 DEBUG(11, ("element %d -> now SET\n", element));
475 break;
476 case PDB_DEFAULT:
477 default:
478 if (!bitmap_clear(sampass->change_flags, element)) {
479 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
480 return False;
481 }
482 if (!bitmap_clear(sampass->set_flags, element)) {
483 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
484 return False;
485 }
486 DEBUG(11, ("element %d -> now DEFAULT\n", element));
487 break;
488 }
489
490 return True;
491 }
492
493 bool pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
494 {
495 if (!u_sid)
496 return False;
497
498 sid_copy(&sampass->user_sid, u_sid);
499
500 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
501 sid_string_dbg(&sampass->user_sid)));
502
503 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
504 }
505
506 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
507 {
508 DOM_SID new_sid;
509
510 if (!u_sid)
511 return False;
512
513 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
514 u_sid));
515
516 if (!string_to_sid(&new_sid, u_sid)) {
517 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
518 return False;
519 }
520
521 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
522 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
523 return False;
524 }
525
526 return True;
527 }
528
529 /********************************************************************
530 We never fill this in from a passdb backend but rather set is
531 based on the user's primary group membership. However, the
532 struct samu* is overloaded and reused in domain memship code
533 as well and built from the netr_SamInfo3 or PAC so we
534 have to allow the explicitly setting of a group SID here.
535 ********************************************************************/
536
537 bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
538 {
539 gid_t gid;
540
541 if (!g_sid)
542 return False;
543
544 if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
545 return False;
546 }
547
548 /* if we cannot resolve the SID to gid, then just ignore it and
549 store DOMAIN_USERS as the primary groupSID */
550
551 if ( sid_to_gid( g_sid, &gid ) ) {
552 sid_copy(sampass->group_sid, g_sid);
553 } else {
554 sid_compose(sampass->group_sid, get_global_sam_sid(),
555 DOMAIN_GROUP_RID_USERS);
556 }
557
558 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
559 sid_string_dbg(sampass->group_sid)));
560
561 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
562 }
563
564 /*********************************************************************
565 Set the user's UNIX name.
566 ********************************************************************/
567
568 bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
569 {
570 if (username) {
571 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
572 (sampass->username)?(sampass->username):"NULL"));
573
574 sampass->username = talloc_strdup(sampass, username);
575
576 if (!sampass->username) {
577 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
578 return False;
579 }
580 } else {
581 sampass->username = PDB_NOT_QUITE_NULL;
582 }
583
584 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
585 }
586
587 /*********************************************************************
588 Set the domain name.
589 ********************************************************************/
590
591 bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
592 {
593 if (domain) {
594 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
595 (sampass->domain)?(sampass->domain):"NULL"));
596
597 sampass->domain = talloc_strdup(sampass, domain);
598
599 if (!sampass->domain) {
600 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
601 return False;
602 }
603 } else {
604 sampass->domain = PDB_NOT_QUITE_NULL;
605 }
606
607 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
608 }
609
610 /*********************************************************************
611 Set the user's NT name.
612 ********************************************************************/
613
614 bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
615 {
616 if (nt_username) {
617 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
618 (sampass->nt_username)?(sampass->nt_username):"NULL"));
619
620 sampass->nt_username = talloc_strdup(sampass, nt_username);
621
622 if (!sampass->nt_username) {
623 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
624 return False;
625 }
626 } else {
627 sampass->nt_username = PDB_NOT_QUITE_NULL;
628 }
629
630 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
631 }
632
633 /*********************************************************************
634 Set the user's full name.
635 ********************************************************************/
636
637 bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
638 {
639 if (full_name) {
640 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
641 (sampass->full_name)?(sampass->full_name):"NULL"));
642
643 sampass->full_name = talloc_strdup(sampass, full_name);
644
645 if (!sampass->full_name) {
646 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
647 return False;
648 }
649 } else {
650 sampass->full_name = PDB_NOT_QUITE_NULL;
651 }
652
653 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
654 }
655
656 /*********************************************************************
657 Set the user's logon script.
658 ********************************************************************/
659
660 bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
661 {
662 if (logon_script) {
663 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
664 (sampass->logon_script)?(sampass->logon_script):"NULL"));
665
666 sampass->logon_script = talloc_strdup(sampass, logon_script);
667
668 if (!sampass->logon_script) {
669 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
670 return False;
671 }
672 } else {
673 sampass->logon_script = PDB_NOT_QUITE_NULL;
674 }
675
676 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
677 }
678
679 /*********************************************************************
680 Set the user's profile path.
681 ********************************************************************/
682
683 bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
684 {
685 if (profile_path) {
686 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
687 (sampass->profile_path)?(sampass->profile_path):"NULL"));
688
689 sampass->profile_path = talloc_strdup(sampass, profile_path);
690
691 if (!sampass->profile_path) {
692 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
693 return False;
694 }
695 } else {
696 sampass->profile_path = PDB_NOT_QUITE_NULL;
697 }
698
699 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
700 }
701
702 /*********************************************************************
703 Set the user's directory drive.
704 ********************************************************************/
705
706 bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
707 {
708 if (dir_drive) {
709 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
710 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
711
712 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
713
714 if (!sampass->dir_drive) {
715 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
716 return False;
717 }
718
719 } else {
720 sampass->dir_drive = PDB_NOT_QUITE_NULL;
721 }
722
723 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
724 }
725
726 /*********************************************************************
727 Set the user's home directory.
728 ********************************************************************/
729
730 bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
731 {
732 if (home_dir) {
733 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
734 (sampass->home_dir)?(sampass->home_dir):"NULL"));
735
736 sampass->home_dir = talloc_strdup(sampass, home_dir);
737
738 if (!sampass->home_dir) {
739 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
740 return False;
741 }
742 } else {
743 sampass->home_dir = PDB_NOT_QUITE_NULL;
744 }
745
746 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
747 }
748
749 /*********************************************************************
750 Set the user's account description.
751 ********************************************************************/
752
753 bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
754 {
755 if (acct_desc) {
756 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
757
758 if (!sampass->acct_desc) {
759 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
760 return False;
761 }
762 } else {
763 sampass->acct_desc = PDB_NOT_QUITE_NULL;
764 }
765
766 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
767 }
768
769 /*********************************************************************
770 Set the user's workstation allowed list.
771 ********************************************************************/
772
773 bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
774 {
775 if (workstations) {
776 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
777 (sampass->workstations)?(sampass->workstations):"NULL"));
778
779 sampass->workstations = talloc_strdup(sampass, workstations);
780
781 if (!sampass->workstations) {
782 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
783 return False;
784 }
785 } else {
786 sampass->workstations = PDB_NOT_QUITE_NULL;
787 }
788
789 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
790 }
791
792 /*********************************************************************
793 ********************************************************************/
794
795 bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
796 {
797 if (comment) {
798 sampass->comment = talloc_strdup(sampass, comment);
799
800 if (!sampass->comment) {
801 DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
802 return False;
803 }
804 } else {
805 sampass->comment = PDB_NOT_QUITE_NULL;
806 }
807
808 return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
809 }
810
811 /*********************************************************************
812 Set the user's dial string.
813 ********************************************************************/
814
815 bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
816 {
817 if (munged_dial) {
818 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
819
820 if (!sampass->munged_dial) {
821 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
822 return False;
823 }
824 } else {
825 sampass->munged_dial = PDB_NOT_QUITE_NULL;
826 }
827
828 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
829 }
830
831 /*********************************************************************
832 Set the user's NT hash.
833 ********************************************************************/
834
835 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
836 {
837 data_blob_clear_free(&sampass->nt_pw);
838
839 if (pwd) {
840 sampass->nt_pw =
841 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
842 } else {
843 sampass->nt_pw = data_blob_null;
844 }
845
846 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
847 }
848
849 /*********************************************************************
850 Set the user's LM hash.
851 ********************************************************************/
852
853 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
854 {
855 data_blob_clear_free(&sampass->lm_pw);
856
857 /* on keep the password if we are allowing LANMAN authentication */
858
859 if (pwd && lp_lanman_auth() ) {
860 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
861 } else {
862 sampass->lm_pw = data_blob_null;
863 }
864
865 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
866 }
867
868 /*********************************************************************
869 Set the user's password history hash. historyLen is the number of
870 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
871 entries to store in the history - this must match the size of the uint8 array
872 in pwd.
873 ********************************************************************/
874
875 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
876 {
877 if (historyLen && pwd){
878 data_blob_free(&(sampass->nt_pw_his));
879 sampass->nt_pw_his = data_blob_talloc(sampass,
880 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
881 if (!sampass->nt_pw_his.length) {
882 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
883 return False;
884 }
885 } else {
886 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
887 }
888
889 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
890 }
891
892 /*********************************************************************
893 Set the user's plaintext password only (base procedure, see helper
894 below)
895 ********************************************************************/
896
897 bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
898 {
899 if (password) {
900 if (sampass->plaintext_pw!=NULL)
901 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
902
903 sampass->plaintext_pw = talloc_strdup(sampass, password);
904
905 if (!sampass->plaintext_pw) {
906 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
907 return False;
908 }
909 } else {
910 sampass->plaintext_pw = NULL;
911 }
912
913 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
914 }
915
916 bool pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
917 {
918 sampass->bad_password_count = bad_password_count;
919 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
920 }
921
922 bool pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
923 {
924 sampass->logon_count = logon_count;
925 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
926 }
927
928 bool pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
929 {
930 sampass->unknown_6 = unkn;
931 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
932 }
933
934 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
935 {
936 if (!hours) {
937 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
938 } else {
939 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
940 }
941
942 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
943 }
944
945 bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
946 void (*free_fn)(void **),
947 const struct pdb_methods *my_methods,
948 enum pdb_value_state flag)
949 {
950 if (sampass->backend_private_data &&
951 sampass->backend_private_data_free_fn) {
952 sampass->backend_private_data_free_fn(
953 &sampass->backend_private_data);
954 }
955
956 sampass->backend_private_data = private_data;
957 sampass->backend_private_data_free_fn = free_fn;
958 sampass->backend_private_methods = my_methods;
959
960 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
961 }
962
963
964 /* Helpful interfaces to the above */
965
966 bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
967 {
968 return pdb_set_pass_can_change_time(sampass,
969 canchange ? 0 : get_time_t_max(),
970 PDB_CHANGED);
971 }
972
973
974 /*********************************************************************
975 Set the user's PLAINTEXT password. Used as an interface to the above.
976 Also sets the last change time to NOW.
977 ********************************************************************/
978
979 bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
980 {
981 uchar new_lanman_p16[LM_HASH_LEN];
982 uchar new_nt_p16[NT_HASH_LEN];
983 uchar *pwhistory;
984 uint32 pwHistLen;
985 uint32 current_history_len;
986
987 if (!plaintext)
988 return False;
989
990 /* Calculate the MD4 hash (NT compatible) of the password */
991 E_md4hash(plaintext, new_nt_p16);
992
993 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
994 return False;
995
996 if (!E_deshash(plaintext, new_lanman_p16)) {
997 /* E_deshash returns false for 'long' passwords (> 14
998 DOS chars). This allows us to match Win2k, which
999 does not store a LM hash for these passwords (which
1000 would reduce the effective password length to 14 */
1001
1002 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1003 return False;
1004 } else {
1005 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1006 return False;
1007 }
1008
1009 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1010 return False;
1011
1012 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1013 return False;
1014
1015 if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
1016 /*
1017 * No password history for non-user accounts
1018 */
1019 return true;
1020 }
1021
1022 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
1023
1024 if (pwHistLen == 0) {
1025 /* Set the history length to zero. */
1026 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1027 return true;
1028 }
1029
1030 /*
1031 * We need to make sure we don't have a race condition here -
1032 * the account policy history length can change between when
1033 * the pw_history was first loaded into the struct samu struct
1034 * and now.... JRA.
1035 */
1036 pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1037
1038 if ((current_history_len != 0) && (pwhistory == NULL)) {
1039 DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
1040 return false;
1041 }
1042
1043 if (current_history_len < pwHistLen) {
1044 /*
1045 * Ensure we have space for the needed history. This
1046 * also takes care of an account which did not have
1047 * any history at all so far, i.e. pwhistory==NULL
1048 */
1049 uchar *new_history = talloc_zero_array(
1050 sampass, uchar,
1051 pwHistLen*PW_HISTORY_ENTRY_LEN);
1052
1053 if (!new_history) {
1054 return False;
1055 }
1056
1057 memcpy(new_history, pwhistory,
1058 current_history_len*PW_HISTORY_ENTRY_LEN);
1059
1060 pwhistory = new_history;
1061 }
1062
1063 /*
1064 * Make room for the new password in the history list.
1065 */
1066 if (pwHistLen > 1) {
1067 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
1068 (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
1069 }
1070
1071 /*
1072 * Fill the salt area with 0-s: this indicates that
1073 * a plain nt hash is stored in the has area.
1074 * The old format was to store a 16 byte salt and
1075 * then an md5hash of the nt_hash concatenated with
1076 * the salt.
1077 */
1078 memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
1079
1080 /*
1081 * Store the plain nt hash in the second 16 bytes.
1082 * The old format was to store the md5 hash of
1083 * the salt+newpw.
1084 */
1085 memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
1086
1087 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1088
1089 return True;
1090 }
1091
1092 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1093 uint32 pdb_build_fields_present(struct samu *sampass)
1094 {
1095 /* value set to all for testing */
1096 return 0x00ffffff;
1097 }
Samba GIT mirror