search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r18722: Fix up password change times. The can change and must change times are
[Samba/bb.git] / source / passdb / pdb_get_set.c
blob7aac8f585691e51672611a9bb28035af228e040f
1 /*
2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return pstrings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
35 */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40 Collection of get...() functions for struct samu.
41 ********************************************************************/
42
43 uint32 pdb_get_acct_ctrl(const struct samu *sampass)
44 {
45 return sampass->acct_ctrl;
46 }
47
48 time_t pdb_get_logon_time(const struct samu *sampass)
49 {
50 return sampass->logon_time;
51 }
52
53 time_t pdb_get_logoff_time(const struct samu *sampass)
54 {
55 return sampass->logoff_time;
56 }
57
58 time_t pdb_get_kickoff_time(const struct samu *sampass)
59 {
60 return sampass->kickoff_time;
61 }
62
63 time_t pdb_get_bad_password_time(const struct samu *sampass)
64 {
65 return sampass->bad_password_time;
66 }
67
68 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
69 {
70 return sampass->pass_last_set_time;
71 }
72
73 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
74 {
75 uint32 allow;
76
77 if (sampass->pass_last_set_time == 0)
78 return (time_t) 0;
79
80 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
81 allow = 0;
82
83 return sampass->pass_last_set_time + allow;
84 }
85
86 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
87 {
88 uint32 expire;
89
90 if (sampass->pass_last_set_time == 0)
91 return (time_t) 0;
92
93 if (sampass->acct_ctrl & ACB_PWNOEXP)
94 return get_time_t_max();
95
96 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
97 || expire == (uint32)-1 || expire == 0)
98 return get_time_t_max();
99
100 return sampass->pass_last_set_time + expire;
101 }
102
103 uint16 pdb_get_logon_divs(const struct samu *sampass)
104 {
105 return sampass->logon_divs;
106 }
107
108 uint32 pdb_get_hours_len(const struct samu *sampass)
109 {
110 return sampass->hours_len;
111 }
112
113 const uint8 *pdb_get_hours(const struct samu *sampass)
114 {
115 return (sampass->hours);
116 }
117
118 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
119 {
120 SMB_ASSERT((!sampass->nt_pw.data)
121 || sampass->nt_pw.length == NT_HASH_LEN);
122 return (uint8 *)sampass->nt_pw.data;
123 }
124
125 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
126 {
127 SMB_ASSERT((!sampass->lm_pw.data)
128 || sampass->lm_pw.length == LM_HASH_LEN);
129 return (uint8 *)sampass->lm_pw.data;
130 }
131
132 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
133 {
134 SMB_ASSERT((!sampass->nt_pw_his.data)
135 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
136 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
137 return (uint8 *)sampass->nt_pw_his.data;
138 }
139
140 /* Return the plaintext password if known. Most of the time
141 it isn't, so don't assume anything magic about this function.
142
143 Used to pass the plaintext to passdb backends that might
144 want to store more than just the NTLM hashes.
145 */
146 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
147 {
148 return sampass->plaintext_pw;
149 }
150
151 const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
152 {
153 return &sampass->user_sid;
154 }
155
156 const DOM_SID *pdb_get_group_sid(struct samu *sampass)
157 {
158 DOM_SID *gsid;
159 struct passwd *pwd;
160
161 /* Return the cached group SID if we have that */
162 if ( sampass->group_sid ) {
163 return sampass->group_sid;
164 }
165
166 /* generate the group SID from the user's primary Unix group */
167
168 if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
169 return NULL;
170 }
171
172 /* No algorithmic mapping, meaning that we have to figure out the
173 primary group SID according to group mapping and the user SID must
174 be a newly allocated one. We rely on the user's Unix primary gid.
175 We have no choice but to fail if we can't find it. */
176
177 if ( sampass->unix_pw ) {
178 pwd = sampass->unix_pw;
179 } else {
180 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
181 }
182
183 if ( !pwd ) {
184 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
185 return NULL;
186 }
187
188 if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
189 enum lsa_SidType type = SID_NAME_UNKNOWN;
190 TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
191 BOOL lookup_ret;
192
193 if (!mem_ctx) {
194 return NULL;
195 }
196
197 /* Now check that it's actually a domain group and not something else */
198
199 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
200
201 TALLOC_FREE( mem_ctx );
202
203 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
204 sampass->group_sid = gsid;
205 return sampass->group_sid;
206 }
207
208 DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n",
209 pwd->pw_name, sid_type_lookup(type)));
210 }
211
212 /* Just set it to the 'Domain Users' RID of 512 which will
213 always resolve to a name */
214
215 sid_copy( gsid, get_global_sam_sid() );
216 sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
217
218 sampass->group_sid = gsid;
219
220 return sampass->group_sid;
221 }
222
223 /**
224 * Get flags showing what is initalised in the struct samu
225 * @param sampass the struct samu in question
226 * @return the flags indicating the members initialised in the struct.
227 **/
228
229 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
230 {
231 enum pdb_value_state ret = PDB_DEFAULT;
232
233 if (!sampass->change_flags || !sampass->set_flags)
234 return ret;
235
236 if (bitmap_query(sampass->set_flags, element)) {
237 DEBUG(11, ("element %d: SET\n", element));
238 ret = PDB_SET;
239 }
240
241 if (bitmap_query(sampass->change_flags, element)) {
242 DEBUG(11, ("element %d: CHANGED\n", element));
243 ret = PDB_CHANGED;
244 }
245
246 if (ret == PDB_DEFAULT) {
247 DEBUG(11, ("element %d: DEFAULT\n", element));
248 }
249
250 return ret;
251 }
252
253 const char *pdb_get_username(const struct samu *sampass)
254 {
255 return sampass->username;
256 }
257
258 const char *pdb_get_domain(const struct samu *sampass)
259 {
260 return sampass->domain;
261 }
262
263 const char *pdb_get_nt_username(const struct samu *sampass)
264 {
265 return sampass->nt_username;
266 }
267
268 const char *pdb_get_fullname(const struct samu *sampass)
269 {
270 return sampass->full_name;
271 }
272
273 const char *pdb_get_homedir(const struct samu *sampass)
274 {
275 return sampass->home_dir;
276 }
277
278 const char *pdb_get_unix_homedir(const struct samu *sampass)
279 {
280 if (sampass->unix_pw ) {
281 return sampass->unix_pw->pw_dir;
282 }
283 return NULL;
284 }
285
286 const char *pdb_get_dir_drive(const struct samu *sampass)
287 {
288 return sampass->dir_drive;
289 }
290
291 const char *pdb_get_logon_script(const struct samu *sampass)
292 {
293 return sampass->logon_script;
294 }
295
296 const char *pdb_get_profile_path(const struct samu *sampass)
297 {
298 return sampass->profile_path;
299 }
300
301 const char *pdb_get_acct_desc(const struct samu *sampass)
302 {
303 return sampass->acct_desc;
304 }
305
306 const char *pdb_get_workstations(const struct samu *sampass)
307 {
308 return sampass->workstations;
309 }
310
311 const char *pdb_get_comment(const struct samu *sampass)
312 {
313 return sampass->comment;
314 }
315
316 const char *pdb_get_munged_dial(const struct samu *sampass)
317 {
318 return sampass->munged_dial;
319 }
320
321 uint16 pdb_get_bad_password_count(const struct samu *sampass)
322 {
323 return sampass->bad_password_count;
324 }
325
326 uint16 pdb_get_logon_count(const struct samu *sampass)
327 {
328 return sampass->logon_count;
329 }
330
331 uint32 pdb_get_unknown_6(const struct samu *sampass)
332 {
333 return sampass->unknown_6;
334 }
335
336 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
337 {
338 if (my_methods == sampass->backend_private_methods) {
339 return sampass->backend_private_data;
340 } else {
341 return NULL;
342 }
343 }
344
345 /*********************************************************************
346 Collection of set...() functions for struct samu.
347 ********************************************************************/
348
349 BOOL pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
350 {
351 sampass->acct_ctrl = acct_ctrl;
352 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
353 }
354
355 BOOL pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
356 {
357 sampass->logon_time = mytime;
358 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
359 }
360
361 BOOL pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
362 {
363 sampass->logoff_time = mytime;
364 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
365 }
366
367 BOOL pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
368 {
369 sampass->kickoff_time = mytime;
370 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
371 }
372
373 BOOL pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
374 {
375 sampass->bad_password_time = mytime;
376 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
377 }
378
379 BOOL pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
380 {
381 sampass->pass_can_change_time = mytime;
382 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
383 }
384
385 BOOL pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
386 {
387 sampass->pass_must_change_time = mytime;
388 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
389 }
390
391 BOOL pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
392 {
393 sampass->pass_last_set_time = mytime;
394 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
395 }
396
397 BOOL pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
398 {
399 sampass->hours_len = len;
400 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
401 }
402
403 BOOL pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
404 {
405 sampass->logon_divs = hours;
406 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
407 }
408
409 /**
410 * Set flags showing what is initalised in the struct samu
411 * @param sampass the struct samu in question
412 * @param flag The *new* flag to be set. Old flags preserved
413 * this flag is only added.
414 **/
415
416 BOOL pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
417 {
418 if (!sampass->set_flags) {
419 if ((sampass->set_flags =
420 bitmap_talloc(sampass,
421 PDB_COUNT))==NULL) {
422 DEBUG(0,("bitmap_talloc failed\n"));
423 return False;
424 }
425 }
426 if (!sampass->change_flags) {
427 if ((sampass->change_flags =
428 bitmap_talloc(sampass,
429 PDB_COUNT))==NULL) {
430 DEBUG(0,("bitmap_talloc failed\n"));
431 return False;
432 }
433 }
434
435 switch(value_flag) {
436 case PDB_CHANGED:
437 if (!bitmap_set(sampass->change_flags, element)) {
438 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
439 return False;
440 }
441 if (!bitmap_set(sampass->set_flags, element)) {
442 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
443 return False;
444 }
445 DEBUG(11, ("element %d -> now CHANGED\n", element));
446 break;
447 case PDB_SET:
448 if (!bitmap_clear(sampass->change_flags, element)) {
449 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
450 return False;
451 }
452 if (!bitmap_set(sampass->set_flags, element)) {
453 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
454 return False;
455 }
456 DEBUG(11, ("element %d -> now SET\n", element));
457 break;
458 case PDB_DEFAULT:
459 default:
460 if (!bitmap_clear(sampass->change_flags, element)) {
461 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
462 return False;
463 }
464 if (!bitmap_clear(sampass->set_flags, element)) {
465 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
466 return False;
467 }
468 DEBUG(11, ("element %d -> now DEFAULT\n", element));
469 break;
470 }
471
472 return True;
473 }
474
475 BOOL pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
476 {
477 if (!u_sid)
478 return False;
479
480 sid_copy(&sampass->user_sid, u_sid);
481
482 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
483 sid_string_static(&sampass->user_sid)));
484
485 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
486 }
487
488 BOOL pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
489 {
490 DOM_SID new_sid;
491
492 if (!u_sid)
493 return False;
494
495 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
496 u_sid));
497
498 if (!string_to_sid(&new_sid, u_sid)) {
499 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
500 return False;
501 }
502
503 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
504 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
505 return False;
506 }
507
508 return True;
509 }
510
511 /********************************************************************
512 We never fill this in from a passdb backend but rather set is
513 based on the user's primary group membership. However, the
514 struct samu* is overloaded and reused in domain memship code
515 as well and built from the NET_USER_INFO_3 or PAC so we
516 have to allow the explicitly setting of a group SID here.
517 ********************************************************************/
518
519 BOOL pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
520 {
521 gid_t gid;
522
523 if (!g_sid)
524 return False;
525
526 if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
527 return False;
528 }
529
530 /* if we cannot resolve the SID to gid, then just ignore it and
531 store DOMAIN_USERS as the primary groupSID */
532
533 if ( sid_to_gid( g_sid, &gid ) ) {
534 sid_copy(sampass->group_sid, g_sid);
535 } else {
536 sid_copy( sampass->group_sid, get_global_sam_sid() );
537 sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
538 }
539
540 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
541 sid_string_static(sampass->group_sid)));
542
543 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
544 }
545
546 /*********************************************************************
547 Set the user's UNIX name.
548 ********************************************************************/
549
550 BOOL pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
551 {
552 if (username) {
553 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
554 (sampass->username)?(sampass->username):"NULL"));
555
556 sampass->username = talloc_strdup(sampass, username);
557
558 if (!sampass->username) {
559 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
560 return False;
561 }
562 } else {
563 sampass->username = PDB_NOT_QUITE_NULL;
564 }
565
566 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
567 }
568
569 /*********************************************************************
570 Set the domain name.
571 ********************************************************************/
572
573 BOOL pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
574 {
575 if (domain) {
576 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
577 (sampass->domain)?(sampass->domain):"NULL"));
578
579 sampass->domain = talloc_strdup(sampass, domain);
580
581 if (!sampass->domain) {
582 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
583 return False;
584 }
585 } else {
586 sampass->domain = PDB_NOT_QUITE_NULL;
587 }
588
589 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
590 }
591
592 /*********************************************************************
593 Set the user's NT name.
594 ********************************************************************/
595
596 BOOL pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
597 {
598 if (nt_username) {
599 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
600 (sampass->nt_username)?(sampass->nt_username):"NULL"));
601
602 sampass->nt_username = talloc_strdup(sampass, nt_username);
603
604 if (!sampass->nt_username) {
605 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
606 return False;
607 }
608 } else {
609 sampass->nt_username = PDB_NOT_QUITE_NULL;
610 }
611
612 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
613 }
614
615 /*********************************************************************
616 Set the user's full name.
617 ********************************************************************/
618
619 BOOL pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
620 {
621 if (full_name) {
622 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
623 (sampass->full_name)?(sampass->full_name):"NULL"));
624
625 sampass->full_name = talloc_strdup(sampass, full_name);
626
627 if (!sampass->full_name) {
628 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
629 return False;
630 }
631 } else {
632 sampass->full_name = PDB_NOT_QUITE_NULL;
633 }
634
635 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
636 }
637
638 /*********************************************************************
639 Set the user's logon script.
640 ********************************************************************/
641
642 BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
643 {
644 if (logon_script) {
645 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
646 (sampass->logon_script)?(sampass->logon_script):"NULL"));
647
648 sampass->logon_script = talloc_strdup(sampass, logon_script);
649
650 if (!sampass->logon_script) {
651 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
652 return False;
653 }
654 } else {
655 sampass->logon_script = PDB_NOT_QUITE_NULL;
656 }
657
658 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
659 }
660
661 /*********************************************************************
662 Set the user's profile path.
663 ********************************************************************/
664
665 BOOL pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
666 {
667 if (profile_path) {
668 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
669 (sampass->profile_path)?(sampass->profile_path):"NULL"));
670
671 sampass->profile_path = talloc_strdup(sampass, profile_path);
672
673 if (!sampass->profile_path) {
674 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
675 return False;
676 }
677 } else {
678 sampass->profile_path = PDB_NOT_QUITE_NULL;
679 }
680
681 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
682 }
683
684 /*********************************************************************
685 Set the user's directory drive.
686 ********************************************************************/
687
688 BOOL pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
689 {
690 if (dir_drive) {
691 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
692 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
693
694 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
695
696 if (!sampass->dir_drive) {
697 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
698 return False;
699 }
700
701 } else {
702 sampass->dir_drive = PDB_NOT_QUITE_NULL;
703 }
704
705 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
706 }
707
708 /*********************************************************************
709 Set the user's home directory.
710 ********************************************************************/
711
712 BOOL pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
713 {
714 if (home_dir) {
715 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
716 (sampass->home_dir)?(sampass->home_dir):"NULL"));
717
718 sampass->home_dir = talloc_strdup(sampass, home_dir);
719
720 if (!sampass->home_dir) {
721 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
722 return False;
723 }
724 } else {
725 sampass->home_dir = PDB_NOT_QUITE_NULL;
726 }
727
728 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
729 }
730
731 /*********************************************************************
732 Set the user's account description.
733 ********************************************************************/
734
735 BOOL pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
736 {
737 if (acct_desc) {
738 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
739
740 if (!sampass->acct_desc) {
741 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
742 return False;
743 }
744 } else {
745 sampass->acct_desc = PDB_NOT_QUITE_NULL;
746 }
747
748 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
749 }
750
751 /*********************************************************************
752 Set the user's workstation allowed list.
753 ********************************************************************/
754
755 BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
756 {
757 if (workstations) {
758 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
759 (sampass->workstations)?(sampass->workstations):"NULL"));
760
761 sampass->workstations = talloc_strdup(sampass, workstations);
762
763 if (!sampass->workstations) {
764 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
765 return False;
766 }
767 } else {
768 sampass->workstations = PDB_NOT_QUITE_NULL;
769 }
770
771 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
772 }
773
774 /*********************************************************************
775 ********************************************************************/
776
777 BOOL pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
778 {
779 if (comment) {
780 sampass->comment = talloc_strdup(sampass, comment);
781
782 if (!sampass->comment) {
783 DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
784 return False;
785 }
786 } else {
787 sampass->comment = PDB_NOT_QUITE_NULL;
788 }
789
790 return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
791 }
792
793 /*********************************************************************
794 Set the user's dial string.
795 ********************************************************************/
796
797 BOOL pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
798 {
799 if (munged_dial) {
800 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
801
802 if (!sampass->munged_dial) {
803 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
804 return False;
805 }
806 } else {
807 sampass->munged_dial = PDB_NOT_QUITE_NULL;
808 }
809
810 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
811 }
812
813 /*********************************************************************
814 Set the user's NT hash.
815 ********************************************************************/
816
817 BOOL pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
818 {
819 data_blob_clear_free(&sampass->nt_pw);
820
821 if (pwd) {
822 sampass->nt_pw =
823 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
824 } else {
825 sampass->nt_pw = data_blob(NULL, 0);
826 }
827
828 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
829 }
830
831 /*********************************************************************
832 Set the user's LM hash.
833 ********************************************************************/
834
835 BOOL pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
836 {
837 data_blob_clear_free(&sampass->lm_pw);
838
839 /* on keep the password if we are allowing LANMAN authentication */
840
841 if (pwd && lp_lanman_auth() ) {
842 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
843 } else {
844 sampass->lm_pw = data_blob(NULL, 0);
845 }
846
847 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
848 }
849
850 /*********************************************************************
851 Set the user's password history hash. historyLen is the number of
852 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
853 entries to store in the history - this must match the size of the uint8 array
854 in pwd.
855 ********************************************************************/
856
857 BOOL pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
858 {
859 if (historyLen && pwd){
860 sampass->nt_pw_his = data_blob_talloc(sampass,
861 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
862 if (!sampass->nt_pw_his.length) {
863 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
864 return False;
865 }
866 } else {
867 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
868 }
869
870 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
871 }
872
873 /*********************************************************************
874 Set the user's plaintext password only (base procedure, see helper
875 below)
876 ********************************************************************/
877
878 BOOL pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
879 {
880 if (password) {
881 if (sampass->plaintext_pw!=NULL)
882 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
883
884 sampass->plaintext_pw = talloc_strdup(sampass, password);
885
886 if (!sampass->plaintext_pw) {
887 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
888 return False;
889 }
890 } else {
891 sampass->plaintext_pw = NULL;
892 }
893
894 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
895 }
896
897 BOOL pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
898 {
899 sampass->bad_password_count = bad_password_count;
900 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
901 }
902
903 BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
904 {
905 sampass->logon_count = logon_count;
906 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
907 }
908
909 BOOL pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
910 {
911 sampass->unknown_6 = unkn;
912 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
913 }
914
915 BOOL pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
916 {
917 if (!hours) {
918 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
919 } else {
920 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
921 }
922
923 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
924 }
925
926 BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data,
927 void (*free_fn)(void **),
928 const struct pdb_methods *my_methods,
929 enum pdb_value_state flag)
930 {
931 if (sampass->backend_private_data &&
932 sampass->backend_private_data_free_fn) {
933 sampass->backend_private_data_free_fn(
934 &sampass->backend_private_data);
935 }
936
937 sampass->backend_private_data = private_data;
938 sampass->backend_private_data_free_fn = free_fn;
939 sampass->backend_private_methods = my_methods;
940
941 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
942 }
943
944
945 /* Helpful interfaces to the above */
946
947 /*********************************************************************
948 Sets the last changed times and must change times for a normal
949 password change.
950 ********************************************************************/
951
952 BOOL pdb_set_pass_changed_now(struct samu *sampass)
953 {
954 uint32 expire;
955 uint32 min_age;
956
957 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
958 return False;
959
960 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
961 || (expire==(uint32)-1) || (expire == 0)) {
962 if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
963 return False;
964 } else {
965 if (!pdb_set_pass_must_change_time (sampass,
966 pdb_get_pass_last_set_time(sampass)
967 + expire, PDB_CHANGED))
968 return False;
969 }
970
971 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
972 || (min_age==(uint32)-1)) {
973 if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
974 return False;
975 } else {
976 if (!pdb_set_pass_can_change_time (sampass,
977 pdb_get_pass_last_set_time(sampass)
978 + min_age, PDB_CHANGED))
979 return False;
980 }
981 return True;
982 }
983
984 /*********************************************************************
985 Set the user's PLAINTEXT password. Used as an interface to the above.
986 Also sets the last change time to NOW.
987 ********************************************************************/
988
989 BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
990 {
991 uchar new_lanman_p16[LM_HASH_LEN];
992 uchar new_nt_p16[NT_HASH_LEN];
993
994 if (!plaintext)
995 return False;
996
997 /* Calculate the MD4 hash (NT compatible) of the password */
998 E_md4hash(plaintext, new_nt_p16);
999
1000 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
1001 return False;
1002
1003 if (!E_deshash(plaintext, new_lanman_p16)) {
1004 /* E_deshash returns false for 'long' passwords (> 14
1005 DOS chars). This allows us to match Win2k, which
1006 does not store a LM hash for these passwords (which
1007 would reduce the effective password length to 14 */
1008
1009 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1010 return False;
1011 } else {
1012 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1013 return False;
1014 }
1015
1016 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1017 return False;
1018
1019 if (!pdb_set_pass_changed_now (sampass))
1020 return False;
1021
1022 /* Store the password history. */
1023 if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
1024 uchar *pwhistory;
1025 uint32 pwHistLen;
1026 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
1027 if (pwHistLen != 0){
1028 uint32 current_history_len;
1029 /* We need to make sure we don't have a race condition here - the
1030 account policy history length can change between when the pw_history
1031 was first loaded into the struct samu struct and now.... JRA. */
1032 pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1033
1034 if (current_history_len != pwHistLen) {
1035 /* After closing and reopening struct samu the history
1036 values will sync up. We can't do this here. */
1037
1038 /* current_history_len > pwHistLen is not a problem - we
1039 have more history than we need. */
1040
1041 if (current_history_len < pwHistLen) {
1042 /* Ensure we have space for the needed history. */
1043 uchar *new_history = (uchar *)TALLOC(sampass,
1044 pwHistLen*PW_HISTORY_ENTRY_LEN);
1045 if (!new_history) {
1046 return False;
1047 }
1048
1049 /* And copy it into the new buffer. */
1050 if (current_history_len) {
1051 memcpy(new_history, pwhistory,
1052 current_history_len*PW_HISTORY_ENTRY_LEN);
1053 }
1054 /* Clearing out any extra space. */
1055 memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
1056 '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
1057 /* Finally replace it. */
1058 pwhistory = new_history;
1059 }
1060 }
1061 if (pwhistory && pwHistLen){
1062 /* Make room for the new password in the history list. */
1063 if (pwHistLen > 1) {
1064 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
1065 pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
1066 }
1067 /* Create the new salt as the first part of the history entry. */
1068 generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
1069
1070 /* Generate the md5 hash of the salt+new password as the second
1071 part of the history entry. */
1072
1073 E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
1074 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1075 } else {
1076 DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
1077 }
1078 } else {
1079 /* Set the history length to zero. */
1080 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1081 }
1082 }
1083
1084 return True;
1085 }
1086
1087 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1088 uint32 pdb_build_fields_present(struct samu *sampass)
1089 {
1090 /* value set to all for testing */
1091 return 0x00ffffff;
1092 }