search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
selftest: Fix typo in comment.
[Samba.git] / source3 / passdb / pdb_get_set.c
blob57d95138e3ea99b4c969324afdd853d50bd8a38d
1 /*
2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../libcli/auth/libcli_auth.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return strings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
35 */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40 Collection of get...() functions for struct samu.
41 ********************************************************************/
42
43 uint32_t pdb_get_acct_ctrl(const struct samu *sampass)
44 {
45 return sampass->acct_ctrl;
46 }
47
48 time_t pdb_get_logon_time(const struct samu *sampass)
49 {
50 return sampass->logon_time;
51 }
52
53 time_t pdb_get_logoff_time(const struct samu *sampass)
54 {
55 return sampass->logoff_time;
56 }
57
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
59 {
60 return sampass->kickoff_time;
61 }
62
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
64 {
65 return sampass->bad_password_time;
66 }
67
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
69 {
70 return sampass->pass_last_set_time;
71 }
72
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
74 {
75 uint32_t allow;
76
77 /* if the last set time is zero, it means the user cannot
78 change their password, and this time must be zero. jmcd
79 */
80 if (sampass->pass_last_set_time == 0)
81 return (time_t) 0;
82
83 /* if the time is max, and the field has been changed,
84 we're trying to update this real value from the sampass
85 to indicate that the user cannot change their password. jmcd
86 */
87 if (sampass->pass_can_change_time == get_time_t_max() &&
88 IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME))
89 return sampass->pass_can_change_time;
90
91 if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
92 allow = 0;
93
94 /* in normal cases, just calculate it from policy */
95 return sampass->pass_last_set_time + allow;
96 }
97
98 /* we need this for loading from the backend, so that we don't overwrite
99 non-changed max times, otherwise the pass_can_change checking won't work */
100 time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
101 {
102 return sampass->pass_can_change_time;
103 }
104
105 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
106 {
107 uint32_t expire;
108
109 if (sampass->pass_last_set_time == 0)
110 return (time_t) 0;
111
112 if (sampass->acct_ctrl & ACB_PWNOEXP)
113 return get_time_t_max();
114
115 if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
116 || expire == (uint32_t)-1 || expire == 0)
117 return get_time_t_max();
118
119 return sampass->pass_last_set_time + expire;
120 }
121
122 bool pdb_get_pass_can_change(const struct samu *sampass)
123 {
124 if (sampass->pass_can_change_time == get_time_t_max() &&
125 sampass->pass_last_set_time != 0)
126 return False;
127 return True;
128 }
129
130 uint16_t pdb_get_logon_divs(const struct samu *sampass)
131 {
132 return sampass->logon_divs;
133 }
134
135 uint32_t pdb_get_hours_len(const struct samu *sampass)
136 {
137 return sampass->hours_len;
138 }
139
140 const uint8 *pdb_get_hours(const struct samu *sampass)
141 {
142 return (sampass->hours);
143 }
144
145 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
146 {
147 SMB_ASSERT((!sampass->nt_pw.data)
148 || sampass->nt_pw.length == NT_HASH_LEN);
149 return (uint8 *)sampass->nt_pw.data;
150 }
151
152 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
153 {
154 SMB_ASSERT((!sampass->lm_pw.data)
155 || sampass->lm_pw.length == LM_HASH_LEN);
156 return (uint8 *)sampass->lm_pw.data;
157 }
158
159 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len)
160 {
161 SMB_ASSERT((!sampass->nt_pw_his.data)
162 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
163 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
164 return (uint8 *)sampass->nt_pw_his.data;
165 }
166
167 /* Return the plaintext password if known. Most of the time
168 it isn't, so don't assume anything magic about this function.
169
170 Used to pass the plaintext to passdb backends that might
171 want to store more than just the NTLM hashes.
172 */
173 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
174 {
175 return sampass->plaintext_pw;
176 }
177
178 const struct dom_sid *pdb_get_user_sid(const struct samu *sampass)
179 {
180 return &sampass->user_sid;
181 }
182
183 const struct dom_sid *pdb_get_group_sid(struct samu *sampass)
184 {
185 struct dom_sid *gsid;
186 struct passwd *pwd;
187 bool need_lookup_sid = false;
188
189 /* Return the cached group SID if we have that */
190 if ( sampass->group_sid ) {
191 return sampass->group_sid;
192 }
193
194 /* generate the group SID from the user's primary Unix group */
195
196 if ( !(gsid = TALLOC_ZERO_P( sampass, struct dom_sid )) ) {
197 return NULL;
198 }
199
200 /* No algorithmic mapping, meaning that we have to figure out the
201 primary group SID according to group mapping and the user SID must
202 be a newly allocated one. We rely on the user's Unix primary gid.
203 We have no choice but to fail if we can't find it. */
204
205 if ( sampass->unix_pw ) {
206 pwd = sampass->unix_pw;
207 } else {
208 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
209 sampass->unix_pw = pwd;
210 }
211
212 if ( !pwd ) {
213 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
214 return NULL;
215 }
216
217 gid_to_sid(gsid, pwd->pw_gid);
218 if (!is_null_sid(gsid)) {
219 struct dom_sid dgsid;
220 uint32_t rid;
221
222 sid_copy(&dgsid, gsid);
223 sid_split_rid(&dgsid, &rid);
224 if (sid_equal(&dgsid, get_global_sam_sid())) {
225 /*
226 * As shortcut for the expensive lookup_sid call
227 * compare the domain sid part
228 */
229 switch (rid) {
230 case DOMAIN_RID_ADMINS:
231 case DOMAIN_RID_USERS:
232 sampass->group_sid = gsid;
233 return sampass->group_sid;
234 default:
235 need_lookup_sid = true;
236 break;
237 }
238 } else {
239 ZERO_STRUCTP(gsid);
240 if (pdb_gid_to_sid(pwd->pw_gid, gsid)) {
241 need_lookup_sid = true;
242 }
243 }
244 }
245
246 if (need_lookup_sid) {
247 enum lsa_SidType type = SID_NAME_UNKNOWN;
248 TALLOC_CTX *mem_ctx;
249 bool lookup_ret;
250 const struct dom_sid *usid = pdb_get_user_sid(sampass);
251
252 mem_ctx = talloc_init("pdb_get_group_sid");
253 if (!mem_ctx) {
254 return NULL;
255 }
256
257 DEBUG(10,("do lookup_sid(%s) for group of user %s\n",
258 sid_string_dbg(gsid), sid_string_dbg(usid)));
259
260 /* Now check that it's actually a domain group and not something else */
261
262 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
263
264 TALLOC_FREE( mem_ctx );
265
266 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
267 sampass->group_sid = gsid;
268 return sampass->group_sid;
269 }
270
271 DEBUG(3, ("Primary group %s for user %s is a %s and not a domain group\n",
272 sid_string_dbg(gsid), pwd->pw_name, sid_type_lookup(type)));
273 }
274
275 /* Just set it to the 'Domain Users' RID of 513 which will
276 always resolve to a name */
277
278 sid_compose(gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
279
280 sampass->group_sid = gsid;
281
282 return sampass->group_sid;
283 }
284
285 /**
286 * Get flags showing what is initalised in the struct samu
287 * @param sampass the struct samu in question
288 * @return the flags indicating the members initialised in the struct.
289 **/
290
291 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
292 {
293 enum pdb_value_state ret = PDB_DEFAULT;
294
295 if (!sampass->change_flags || !sampass->set_flags)
296 return ret;
297
298 if (bitmap_query(sampass->set_flags, element)) {
299 DEBUG(11, ("element %d: SET\n", element));
300 ret = PDB_SET;
301 }
302
303 if (bitmap_query(sampass->change_flags, element)) {
304 DEBUG(11, ("element %d: CHANGED\n", element));
305 ret = PDB_CHANGED;
306 }
307
308 if (ret == PDB_DEFAULT) {
309 DEBUG(11, ("element %d: DEFAULT\n", element));
310 }
311
312 return ret;
313 }
314
315 const char *pdb_get_username(const struct samu *sampass)
316 {
317 return sampass->username;
318 }
319
320 const char *pdb_get_domain(const struct samu *sampass)
321 {
322 return sampass->domain;
323 }
324
325 const char *pdb_get_nt_username(const struct samu *sampass)
326 {
327 return sampass->nt_username;
328 }
329
330 const char *pdb_get_fullname(const struct samu *sampass)
331 {
332 return sampass->full_name;
333 }
334
335 const char *pdb_get_homedir(const struct samu *sampass)
336 {
337 return sampass->home_dir;
338 }
339
340 const char *pdb_get_dir_drive(const struct samu *sampass)
341 {
342 return sampass->dir_drive;
343 }
344
345 const char *pdb_get_logon_script(const struct samu *sampass)
346 {
347 return sampass->logon_script;
348 }
349
350 const char *pdb_get_profile_path(const struct samu *sampass)
351 {
352 return sampass->profile_path;
353 }
354
355 const char *pdb_get_acct_desc(const struct samu *sampass)
356 {
357 return sampass->acct_desc;
358 }
359
360 const char *pdb_get_workstations(const struct samu *sampass)
361 {
362 return sampass->workstations;
363 }
364
365 const char *pdb_get_comment(const struct samu *sampass)
366 {
367 return sampass->comment;
368 }
369
370 const char *pdb_get_munged_dial(const struct samu *sampass)
371 {
372 return sampass->munged_dial;
373 }
374
375 uint16_t pdb_get_bad_password_count(const struct samu *sampass)
376 {
377 return sampass->bad_password_count;
378 }
379
380 uint16_t pdb_get_logon_count(const struct samu *sampass)
381 {
382 return sampass->logon_count;
383 }
384
385 uint32_t pdb_get_unknown_6(const struct samu *sampass)
386 {
387 return sampass->unknown_6;
388 }
389
390 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
391 {
392 if (my_methods == sampass->backend_private_methods) {
393 return sampass->backend_private_data;
394 } else {
395 return NULL;
396 }
397 }
398
399 /*********************************************************************
400 Collection of set...() functions for struct samu.
401 ********************************************************************/
402
403 bool pdb_set_acct_ctrl(struct samu *sampass, uint32_t acct_ctrl, enum pdb_value_state flag)
404 {
405 sampass->acct_ctrl = acct_ctrl;
406 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
407 }
408
409 bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
410 {
411 sampass->logon_time = mytime;
412 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
413 }
414
415 bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
416 {
417 sampass->logoff_time = mytime;
418 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
419 }
420
421 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
422 {
423 sampass->kickoff_time = mytime;
424 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
425 }
426
427 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
428 {
429 sampass->bad_password_time = mytime;
430 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
431 }
432
433 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
434 {
435 sampass->pass_can_change_time = mytime;
436 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
437 }
438
439 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
440 {
441 sampass->pass_must_change_time = mytime;
442 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
443 }
444
445 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
446 {
447 sampass->pass_last_set_time = mytime;
448 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
449 }
450
451 bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag)
452 {
453 sampass->hours_len = len;
454 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
455 }
456
457 bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag)
458 {
459 sampass->logon_divs = hours;
460 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
461 }
462
463 /**
464 * Set flags showing what is initalised in the struct samu
465 * @param sampass the struct samu in question
466 * @param flag The *new* flag to be set. Old flags preserved
467 * this flag is only added.
468 **/
469
470 bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
471 {
472 if (!sampass->set_flags) {
473 if ((sampass->set_flags =
474 bitmap_talloc(sampass,
475 PDB_COUNT))==NULL) {
476 DEBUG(0,("bitmap_talloc failed\n"));
477 return False;
478 }
479 }
480 if (!sampass->change_flags) {
481 if ((sampass->change_flags =
482 bitmap_talloc(sampass,
483 PDB_COUNT))==NULL) {
484 DEBUG(0,("bitmap_talloc failed\n"));
485 return False;
486 }
487 }
488
489 switch(value_flag) {
490 case PDB_CHANGED:
491 if (!bitmap_set(sampass->change_flags, element)) {
492 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
493 return False;
494 }
495 if (!bitmap_set(sampass->set_flags, element)) {
496 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
497 return False;
498 }
499 DEBUG(11, ("element %d -> now CHANGED\n", element));
500 break;
501 case PDB_SET:
502 if (!bitmap_clear(sampass->change_flags, element)) {
503 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
504 return False;
505 }
506 if (!bitmap_set(sampass->set_flags, element)) {
507 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
508 return False;
509 }
510 DEBUG(11, ("element %d -> now SET\n", element));
511 break;
512 case PDB_DEFAULT:
513 default:
514 if (!bitmap_clear(sampass->change_flags, element)) {
515 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
516 return False;
517 }
518 if (!bitmap_clear(sampass->set_flags, element)) {
519 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
520 return False;
521 }
522 DEBUG(11, ("element %d -> now DEFAULT\n", element));
523 break;
524 }
525
526 return True;
527 }
528
529 bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag)
530 {
531 if (!u_sid)
532 return False;
533
534 sid_copy(&sampass->user_sid, u_sid);
535
536 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
537 sid_string_dbg(&sampass->user_sid)));
538
539 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
540 }
541
542 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
543 {
544 struct dom_sid new_sid;
545
546 if (!u_sid)
547 return False;
548
549 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
550 u_sid));
551
552 if (!string_to_sid(&new_sid, u_sid)) {
553 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
554 return False;
555 }
556
557 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
558 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
559 return False;
560 }
561
562 return True;
563 }
564
565 /********************************************************************
566 We never fill this in from a passdb backend but rather set is
567 based on the user's primary group membership. However, the
568 struct samu* is overloaded and reused in domain memship code
569 as well and built from the netr_SamInfo3 or PAC so we
570 have to allow the explicitly setting of a group SID here.
571 ********************************************************************/
572
573 bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum pdb_value_state flag)
574 {
575 gid_t gid;
576 struct dom_sid dug_sid;
577
578 if (!g_sid)
579 return False;
580
581 if ( !(sampass->group_sid = TALLOC_P( sampass, struct dom_sid )) ) {
582 return False;
583 }
584
585 /* if we cannot resolve the SID to gid, then just ignore it and
586 store DOMAIN_USERS as the primary groupSID */
587
588 sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
589
590 if (sid_equal(&dug_sid, g_sid)) {
591 sid_copy(sampass->group_sid, &dug_sid);
592 } else if (sid_to_gid( g_sid, &gid ) ) {
593 sid_copy(sampass->group_sid, g_sid);
594 } else {
595 sid_copy(sampass->group_sid, &dug_sid);
596 }
597
598 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
599 sid_string_dbg(sampass->group_sid)));
600
601 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
602 }
603
604 /*********************************************************************
605 Set the user's UNIX name.
606 ********************************************************************/
607
608 bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
609 {
610 if (username) {
611 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
612 (sampass->username)?(sampass->username):"NULL"));
613
614 sampass->username = talloc_strdup(sampass, username);
615
616 if (!sampass->username) {
617 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
618 return False;
619 }
620 } else {
621 sampass->username = PDB_NOT_QUITE_NULL;
622 }
623
624 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
625 }
626
627 /*********************************************************************
628 Set the domain name.
629 ********************************************************************/
630
631 bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
632 {
633 if (domain) {
634 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
635 (sampass->domain)?(sampass->domain):"NULL"));
636
637 sampass->domain = talloc_strdup(sampass, domain);
638
639 if (!sampass->domain) {
640 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
641 return False;
642 }
643 } else {
644 sampass->domain = PDB_NOT_QUITE_NULL;
645 }
646
647 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
648 }
649
650 /*********************************************************************
651 Set the user's NT name.
652 ********************************************************************/
653
654 bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
655 {
656 if (nt_username) {
657 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
658 (sampass->nt_username)?(sampass->nt_username):"NULL"));
659
660 sampass->nt_username = talloc_strdup(sampass, nt_username);
661
662 if (!sampass->nt_username) {
663 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
664 return False;
665 }
666 } else {
667 sampass->nt_username = PDB_NOT_QUITE_NULL;
668 }
669
670 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
671 }
672
673 /*********************************************************************
674 Set the user's full name.
675 ********************************************************************/
676
677 bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
678 {
679 if (full_name) {
680 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
681 (sampass->full_name)?(sampass->full_name):"NULL"));
682
683 sampass->full_name = talloc_strdup(sampass, full_name);
684
685 if (!sampass->full_name) {
686 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
687 return False;
688 }
689 } else {
690 sampass->full_name = PDB_NOT_QUITE_NULL;
691 }
692
693 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
694 }
695
696 /*********************************************************************
697 Set the user's logon script.
698 ********************************************************************/
699
700 bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
701 {
702 if (logon_script) {
703 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
704 (sampass->logon_script)?(sampass->logon_script):"NULL"));
705
706 sampass->logon_script = talloc_strdup(sampass, logon_script);
707
708 if (!sampass->logon_script) {
709 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
710 return False;
711 }
712 } else {
713 sampass->logon_script = PDB_NOT_QUITE_NULL;
714 }
715
716 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
717 }
718
719 /*********************************************************************
720 Set the user's profile path.
721 ********************************************************************/
722
723 bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
724 {
725 if (profile_path) {
726 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
727 (sampass->profile_path)?(sampass->profile_path):"NULL"));
728
729 sampass->profile_path = talloc_strdup(sampass, profile_path);
730
731 if (!sampass->profile_path) {
732 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
733 return False;
734 }
735 } else {
736 sampass->profile_path = PDB_NOT_QUITE_NULL;
737 }
738
739 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
740 }
741
742 /*********************************************************************
743 Set the user's directory drive.
744 ********************************************************************/
745
746 bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
747 {
748 if (dir_drive) {
749 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
750 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
751
752 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
753
754 if (!sampass->dir_drive) {
755 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
756 return False;
757 }
758
759 } else {
760 sampass->dir_drive = PDB_NOT_QUITE_NULL;
761 }
762
763 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
764 }
765
766 /*********************************************************************
767 Set the user's home directory.
768 ********************************************************************/
769
770 bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
771 {
772 if (home_dir) {
773 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
774 (sampass->home_dir)?(sampass->home_dir):"NULL"));
775
776 sampass->home_dir = talloc_strdup(sampass, home_dir);
777
778 if (!sampass->home_dir) {
779 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
780 return False;
781 }
782 } else {
783 sampass->home_dir = PDB_NOT_QUITE_NULL;
784 }
785
786 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
787 }
788
789 /*********************************************************************
790 Set the user's account description.
791 ********************************************************************/
792
793 bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
794 {
795 if (acct_desc) {
796 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
797
798 if (!sampass->acct_desc) {
799 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
800 return False;
801 }
802 } else {
803 sampass->acct_desc = PDB_NOT_QUITE_NULL;
804 }
805
806 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
807 }
808
809 /*********************************************************************
810 Set the user's workstation allowed list.
811 ********************************************************************/
812
813 bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
814 {
815 if (workstations) {
816 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
817 (sampass->workstations)?(sampass->workstations):"NULL"));
818
819 sampass->workstations = talloc_strdup(sampass, workstations);
820
821 if (!sampass->workstations) {
822 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
823 return False;
824 }
825 } else {
826 sampass->workstations = PDB_NOT_QUITE_NULL;
827 }
828
829 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
830 }
831
832 /*********************************************************************
833 ********************************************************************/
834
835 bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
836 {
837 if (comment) {
838 sampass->comment = talloc_strdup(sampass, comment);
839
840 if (!sampass->comment) {
841 DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
842 return False;
843 }
844 } else {
845 sampass->comment = PDB_NOT_QUITE_NULL;
846 }
847
848 return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
849 }
850
851 /*********************************************************************
852 Set the user's dial string.
853 ********************************************************************/
854
855 bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
856 {
857 if (munged_dial) {
858 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
859
860 if (!sampass->munged_dial) {
861 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
862 return False;
863 }
864 } else {
865 sampass->munged_dial = PDB_NOT_QUITE_NULL;
866 }
867
868 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
869 }
870
871 /*********************************************************************
872 Set the user's NT hash.
873 ********************************************************************/
874
875 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
876 {
877 data_blob_clear_free(&sampass->nt_pw);
878
879 if (pwd) {
880 sampass->nt_pw =
881 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
882 } else {
883 sampass->nt_pw = data_blob_null;
884 }
885
886 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
887 }
888
889 /*********************************************************************
890 Set the user's LM hash.
891 ********************************************************************/
892
893 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
894 {
895 data_blob_clear_free(&sampass->lm_pw);
896
897 /* on keep the password if we are allowing LANMAN authentication */
898
899 if (pwd && lp_lanman_auth() ) {
900 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
901 } else {
902 sampass->lm_pw = data_blob_null;
903 }
904
905 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
906 }
907
908 /*********************************************************************
909 Set the user's password history hash. historyLen is the number of
910 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
911 entries to store in the history - this must match the size of the uint8 array
912 in pwd.
913 ********************************************************************/
914
915 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag)
916 {
917 if (historyLen && pwd){
918 data_blob_free(&(sampass->nt_pw_his));
919 sampass->nt_pw_his = data_blob_talloc(sampass,
920 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
921 if (!sampass->nt_pw_his.length) {
922 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
923 return False;
924 }
925 } else {
926 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
927 }
928
929 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
930 }
931
932 /*********************************************************************
933 Set the user's plaintext password only (base procedure, see helper
934 below)
935 ********************************************************************/
936
937 bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
938 {
939 if (password) {
940 if (sampass->plaintext_pw!=NULL)
941 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
942
943 sampass->plaintext_pw = talloc_strdup(sampass, password);
944
945 if (!sampass->plaintext_pw) {
946 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
947 return False;
948 }
949 } else {
950 sampass->plaintext_pw = NULL;
951 }
952
953 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
954 }
955
956 bool pdb_set_bad_password_count(struct samu *sampass, uint16_t bad_password_count, enum pdb_value_state flag)
957 {
958 sampass->bad_password_count = bad_password_count;
959 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
960 }
961
962 bool pdb_set_logon_count(struct samu *sampass, uint16_t logon_count, enum pdb_value_state flag)
963 {
964 sampass->logon_count = logon_count;
965 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
966 }
967
968 bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag)
969 {
970 sampass->unknown_6 = unkn;
971 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
972 }
973
974 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
975 {
976 if (!hours) {
977 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
978 } else {
979 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
980 }
981
982 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
983 }
984
985 bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
986 void (*free_fn)(void **),
987 const struct pdb_methods *my_methods,
988 enum pdb_value_state flag)
989 {
990 if (sampass->backend_private_data &&
991 sampass->backend_private_data_free_fn) {
992 sampass->backend_private_data_free_fn(
993 &sampass->backend_private_data);
994 }
995
996 sampass->backend_private_data = private_data;
997 sampass->backend_private_data_free_fn = free_fn;
998 sampass->backend_private_methods = my_methods;
999
1000 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
1001 }
1002
1003
1004 /* Helpful interfaces to the above */
1005
1006 bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
1007 {
1008 return pdb_set_pass_can_change_time(sampass,
1009 canchange ? 0 : get_time_t_max(),
1010 PDB_CHANGED);
1011 }
1012
1013
1014 /*********************************************************************
1015 Set the user's PLAINTEXT password. Used as an interface to the above.
1016 Also sets the last change time to NOW.
1017 ********************************************************************/
1018
1019 bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
1020 {
1021 uchar new_lanman_p16[LM_HASH_LEN];
1022 uchar new_nt_p16[NT_HASH_LEN];
1023 uchar *pwhistory;
1024 uint32_t pwHistLen;
1025 uint32_t current_history_len;
1026
1027 if (!plaintext)
1028 return False;
1029
1030 /* Calculate the MD4 hash (NT compatible) of the password */
1031 E_md4hash(plaintext, new_nt_p16);
1032
1033 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
1034 return False;
1035
1036 if (!E_deshash(plaintext, new_lanman_p16)) {
1037 /* E_deshash returns false for 'long' passwords (> 14
1038 DOS chars). This allows us to match Win2k, which
1039 does not store a LM hash for these passwords (which
1040 would reduce the effective password length to 14 */
1041
1042 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1043 return False;
1044 } else {
1045 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1046 return False;
1047 }
1048
1049 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1050 return False;
1051
1052 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1053 return False;
1054
1055 if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
1056 /*
1057 * No password history for non-user accounts
1058 */
1059 return true;
1060 }
1061
1062 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
1063
1064 if (pwHistLen == 0) {
1065 /* Set the history length to zero. */
1066 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1067 return true;
1068 }
1069
1070 /*
1071 * We need to make sure we don't have a race condition here -
1072 * the account policy history length can change between when
1073 * the pw_history was first loaded into the struct samu struct
1074 * and now.... JRA.
1075 */
1076 pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1077
1078 if ((current_history_len != 0) && (pwhistory == NULL)) {
1079 DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
1080 return false;
1081 }
1082
1083 if (current_history_len < pwHistLen) {
1084 /*
1085 * Ensure we have space for the needed history. This
1086 * also takes care of an account which did not have
1087 * any history at all so far, i.e. pwhistory==NULL
1088 */
1089 uchar *new_history = talloc_zero_array(
1090 sampass, uchar,
1091 pwHistLen*PW_HISTORY_ENTRY_LEN);
1092
1093 if (!new_history) {
1094 return False;
1095 }
1096
1097 memcpy(new_history, pwhistory,
1098 current_history_len*PW_HISTORY_ENTRY_LEN);
1099
1100 pwhistory = new_history;
1101 }
1102
1103 /*
1104 * Make room for the new password in the history list.
1105 */
1106 if (pwHistLen > 1) {
1107 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
1108 (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
1109 }
1110
1111 /*
1112 * Fill the salt area with 0-s: this indicates that
1113 * a plain nt hash is stored in the has area.
1114 * The old format was to store a 16 byte salt and
1115 * then an md5hash of the nt_hash concatenated with
1116 * the salt.
1117 */
1118 memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
1119
1120 /*
1121 * Store the plain nt hash in the second 16 bytes.
1122 * The old format was to store the md5 hash of
1123 * the salt+newpw.
1124 */
1125 memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
1126
1127 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1128
1129 return True;
1130 }
1131
1132 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1133 uint32_t pdb_build_fields_present(struct samu *sampass)
1134 {
1135 /* value set to all for testing */
1136 return 0x00ffffff;
1137 }
Samba GIT mirror