2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Jeremy Allison 1996-1998
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
7 Copyright (C) Gerald (Jerry) Carter 2000
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 extern int DEBUGLEVEL
;
30 * This is set on startup - it defines the SID for this
31 * machine, and therefore the SAM database for which it is
35 extern DOM_SID global_sam_sid
;
37 struct passdb_ops
*pdb_ops
;
39 static void* pdb_handle
= NULL
;
41 /***************************************************************
42 Initialize the password db operations.
43 ***************************************************************/
44 BOOL
initialize_password_db(BOOL reload
)
47 char* modulename
= lp_passdb_module_path();
51 /* load another module? */
52 if (reload
&& pdb_handle
)
54 sys_dlclose (pdb_handle
);
58 /* do we have a module defined or use the default? */
59 if (strlen (modulename
) != 0)
61 if ((pdb_handle
=sys_dlopen (modulename
, RTLD_LAZY
)) == NULL
)
63 DEBUG(0,("initialize_password_db: ERROR - Unable to open passdb module \"%s\"!\n%s\n",
64 modulename
, dlerror()));
67 DEBUG(1,("initialize_password_db: passdb module \"%s\" loaded successfully\n", modulename
));
70 /* either no module name defined or the one that was failed
71 to open. Let's try the default */
72 if (pdb_handle
== NULL
)
74 if ((pdb_handle
=sys_dlopen ("libpdbfile.so", RTLD_LAZY
)) == NULL
)
76 DEBUG(0,("initialize_password_db: ERROR - Unable to open \"libpdbfile.so\" passdb module! No user authentication possible!\n%s\n",
81 DEBUG(1,("initialize_password_db: passdb module \"libpdbfile.so\" loaded successfully\n"));
85 return (pdb_handle
!= NULL
);
88 /*************************************************************
89 initialises a struct sam_disp_info.
90 **************************************************************/
91 static void pdb_init_dispinfo(struct sam_disp_info
*user
)
98 /*************************************************************
99 initialises a struct sam_passwd.
100 ************************************************************/
101 void pdb_init_sam(SAM_ACCOUNT
*user
)
108 user
->logon_time
= (time_t)0;
109 user
->logoff_time
= (time_t)-1;
110 user
->kickoff_time
= (time_t)-1;
111 user
->pass_last_set_time
= (time_t)-1;
112 user
->pass_can_change_time
= (time_t)-1;
113 user
->pass_must_change_time
= (time_t)-1;
115 user
->unknown_3
= 0x00ffffff; /* don't know */
116 user
->logon_divs
= 168; /* hours per week */
117 user
->hours_len
= 21; /* 21 times 8 bits = 168 */
118 memset(user
->hours
, 0xff, user
->hours_len
); /* available at all hours */
119 user
->unknown_5
= 0x00000000; /* don't know */
120 user
->unknown_6
= 0x000004ec; /* don't know */
123 /************************************************************
124 free all pointer members and then reinit the SAM_ACCOUNT
125 ***********************************************************/
126 void pdb_clear_sam(SAM_ACCOUNT
*user
)
128 /* do we have a SAM_CCOUTN struct to work with? */
132 /* do we own the memory? */
133 if (user
->own_memory
)
135 /* clear all pointer members */
136 if (user
->username
) free(user
->username
);
137 if (user
->full_name
) free(user
->full_name
);
138 if (user
->domain
) free(user
->domain
);
139 if (user
->nt_username
) free(user
->nt_username
);
140 if (user
->home_dir
) free(user
->home_dir
);
141 if (user
->dir_drive
) free(user
->dir_drive
);
142 if (user
->logon_script
) free(user
->logon_script
);
143 if (user
->profile_path
) free(user
->profile_path
);
144 if (user
->acct_desc
) free(user
->acct_desc
);
145 if (user
->workstations
) free(user
->workstations
);
146 if (user
->unknown_str
) free(user
->unknown_str
);
147 if (user
->munged_dial
) free(user
->munged_dial
);
149 if (user
->lm_pw
) free(user
->lm_pw
);
150 if (user
->nt_pw
) free(user
->nt_pw
);
159 /*************************************************************************
160 Routine to return the next entry in the sam passwd list.
161 *************************************************************************/
162 struct sam_disp_info
*pdb_sam_to_dispinfo(SAM_ACCOUNT
*user
)
164 static struct sam_disp_info disp_info
;
169 pdb_init_dispinfo(&disp_info
);
171 disp_info
.smb_name
= user
->username
;
172 disp_info
.full_name
= user
->full_name
;
173 disp_info
.user_rid
= user
->user_rid
;
179 /**********************************************************
180 Encode the account control bits into a string.
181 length = length of string to encode into (including terminating
182 null). length *MUST BE MORE THAN 2* !
183 **********************************************************/
184 char *pdb_encode_acct_ctrl(uint16 acct_ctrl
, size_t length
)
186 static fstring acct_str
;
191 if (acct_ctrl
& ACB_PWNOTREQ
) acct_str
[i
++] = 'N';
192 if (acct_ctrl
& ACB_DISABLED
) acct_str
[i
++] = 'D';
193 if (acct_ctrl
& ACB_HOMDIRREQ
) acct_str
[i
++] = 'H';
194 if (acct_ctrl
& ACB_TEMPDUP
) acct_str
[i
++] = 'T';
195 if (acct_ctrl
& ACB_NORMAL
) acct_str
[i
++] = 'U';
196 if (acct_ctrl
& ACB_MNS
) acct_str
[i
++] = 'M';
197 if (acct_ctrl
& ACB_WSTRUST
) acct_str
[i
++] = 'W';
198 if (acct_ctrl
& ACB_SVRTRUST
) acct_str
[i
++] = 'S';
199 if (acct_ctrl
& ACB_AUTOLOCK
) acct_str
[i
++] = 'L';
200 if (acct_ctrl
& ACB_PWNOEXP
) acct_str
[i
++] = 'X';
201 if (acct_ctrl
& ACB_DOMTRUST
) acct_str
[i
++] = 'I';
203 for ( ; i
< length
- 2 ; i
++ ) { acct_str
[i
] = ' '; }
207 acct_str
[i
++] = '\0';
212 /**********************************************************
213 Decode the account control bits from a string.
215 this function breaks coding standards minimum line width of 80 chars.
216 reason: vertical line-up code clarity - all case statements fit into
217 15 lines, which is more important.
218 **********************************************************/
220 uint16
pdb_decode_acct_ctrl(const char *p
)
222 uint16 acct_ctrl
= 0;
223 BOOL finished
= False
;
226 * Check if the account type bits have been encoded after the
227 * NT password (in the form [NDHTUWSLXI]).
230 if (*p
!= '[') return 0;
232 for (p
++; *p
&& !finished
; p
++)
236 case 'N': { acct_ctrl
|= ACB_PWNOTREQ
; break; /* 'N'o password. */ }
237 case 'D': { acct_ctrl
|= ACB_DISABLED
; break; /* 'D'isabled. */ }
238 case 'H': { acct_ctrl
|= ACB_HOMDIRREQ
; break; /* 'H'omedir required. */ }
239 case 'T': { acct_ctrl
|= ACB_TEMPDUP
; break; /* 'T'emp account. */ }
240 case 'U': { acct_ctrl
|= ACB_NORMAL
; break; /* 'U'ser account (normal). */ }
241 case 'M': { acct_ctrl
|= ACB_MNS
; break; /* 'M'NS logon user account. What is this ? */ }
242 case 'W': { acct_ctrl
|= ACB_WSTRUST
; break; /* 'W'orkstation account. */ }
243 case 'S': { acct_ctrl
|= ACB_SVRTRUST
; break; /* 'S'erver account. */ }
244 case 'L': { acct_ctrl
|= ACB_AUTOLOCK
; break; /* 'L'ocked account. */ }
245 case 'X': { acct_ctrl
|= ACB_PWNOEXP
; break; /* No 'X'piry on password */ }
246 case 'I': { acct_ctrl
|= ACB_DOMTRUST
; break; /* 'I'nterdomain trust account. */ }
252 default: { finished
= True
; }
259 /*************************************************************
260 Routine to set 32 hex password characters from a 16 byte array.
261 **************************************************************/
262 void pdb_sethexpwd(char *p
, unsigned char *pwd
, uint16 acct_ctrl
)
266 for (i
= 0; i
< 16; i
++)
267 slprintf(&p
[i
*2], 3, "%02X", pwd
[i
]);
269 if (acct_ctrl
& ACB_PWNOTREQ
)
270 safe_strcpy(p
, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
272 safe_strcpy(p
, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
276 /*************************************************************
277 Routine to get the 32 hex characters and turn them
278 into a 16 byte array.
279 **************************************************************/
280 BOOL
pdb_gethexpwd(char *p
, unsigned char *pwd
)
283 unsigned char lonybble
, hinybble
;
284 char *hexchars
= "0123456789ABCDEF";
287 if (!p
) return (False
);
289 for (i
= 0; i
< 32; i
+= 2)
291 hinybble
= toupper(p
[i
]);
292 lonybble
= toupper(p
[i
+ 1]);
294 p1
= strchr(hexchars
, hinybble
);
295 p2
= strchr(hexchars
, lonybble
);
302 hinybble
= PTR_DIFF(p1
, hexchars
);
303 lonybble
= PTR_DIFF(p2
, hexchars
);
305 pwd
[i
/ 2] = (hinybble
<< 4) | lonybble
;
310 /*******************************************************************
311 Group and User RID username mapping function
312 ********************************************************************/
313 BOOL
pdb_name_to_rid(char *user_name
, uint32
*u_rid
, uint32
*g_rid
)
315 struct passwd
*pw
= Get_Pwnam(user_name
, False
);
317 if (u_rid
== NULL
|| g_rid
== NULL
|| user_name
== NULL
)
324 DEBUG(1,("Username %s is invalid on this system\n", user_name
));
328 if (user_in_list(user_name
, lp_domain_guest_users()))
330 *u_rid
= DOMAIN_USER_RID_GUEST
;
332 else if (user_in_list(user_name
, lp_domain_admin_users()))
334 *u_rid
= DOMAIN_USER_RID_ADMIN
;
338 /* turn the unix UID into a Domain RID. this is what the posix
339 sub-system does (adds 1000 to the uid) */
340 *u_rid
= pdb_uid_to_user_rid(pw
->pw_uid
);
343 /* absolutely no idea what to do about the unix GID to Domain RID mapping */
344 *g_rid
= pdb_gid_to_group_rid(pw
->pw_gid
);
349 /*******************************************************************
350 Converts NT user RID to a UNIX uid.
351 ********************************************************************/
352 uid_t
pdb_user_rid_to_uid(uint32 user_rid
)
354 return (uid_t
)(((user_rid
& (~USER_RID_TYPE
))- 1000)/RID_MULTIPLIER
);
357 /*******************************************************************
358 Converts NT user RID to a UNIX gid.
359 ********************************************************************/
361 gid_t
pdb_user_rid_to_gid(uint32 user_rid
)
363 return (uid_t
)(((user_rid
& (~GROUP_RID_TYPE
))- 1000)/RID_MULTIPLIER
);
366 /*******************************************************************
367 converts UNIX uid to an NT User RID.
368 ********************************************************************/
370 uint32
pdb_uid_to_user_rid(uid_t uid
)
372 return (((((uint32
)uid
)*RID_MULTIPLIER
) + 1000) | USER_RID_TYPE
);
375 /*******************************************************************
376 converts NT Group RID to a UNIX uid.
377 ********************************************************************/
379 uint32
pdb_gid_to_group_rid(gid_t gid
)
381 return (((((uint32
)gid
)*RID_MULTIPLIER
) + 1000) | GROUP_RID_TYPE
);
384 /*******************************************************************
385 Decides if a RID is a well known RID.
386 ********************************************************************/
388 static BOOL
pdb_rid_is_well_known(uint32 rid
)
393 /*******************************************************************
394 Decides if a RID is a user or group RID.
395 ********************************************************************/
396 BOOL
pdb_rid_is_user(uint32 rid
)
398 /* lkcl i understand that NT attaches an enumeration to a RID
399 * such that it can be identified as either a user, group etc
400 * type. there are 5 such categories, and they are documented.
402 if(pdb_rid_is_well_known(rid
)) {
404 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
405 * and DOMAIN_USER_RID_GUEST.
407 if(rid
== DOMAIN_USER_RID_ADMIN
|| rid
== DOMAIN_USER_RID_GUEST
)
409 } else if((rid
& RID_TYPE_MASK
) == USER_RID_TYPE
) {
415 /*******************************************************************
416 Convert a rid into a name. Used in the lookup SID rpc.
417 ********************************************************************/
418 BOOL
local_lookup_rid(uint32 rid
, char *name
, enum SID_NAME_USE
*psid_name_use
)
421 BOOL is_user
= pdb_rid_is_user(rid
);
423 DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user
? "user" :
424 "group", (unsigned int)rid
));
427 if(rid
== DOMAIN_USER_RID_ADMIN
) {
429 char *p
= admin_users
;
430 pstrcpy( admin_users
, lp_domain_admin_users());
431 if(!next_token(&p
, name
, NULL
, sizeof(fstring
)))
432 fstrcpy(name
, "Administrator");
433 } else if (rid
== DOMAIN_USER_RID_GUEST
) {
435 char *p
= guest_users
;
436 pstrcpy( guest_users
, lp_domain_guest_users());
437 if(!next_token(&p
, name
, NULL
, sizeof(fstring
)))
438 fstrcpy(name
, "Guest");
444 * Don't try to convert the rid to a name if
445 * running in appliance mode
447 if (lp_hide_local_users())
450 uid
= pdb_user_rid_to_uid(rid
);
451 pass
= sys_getpwuid(uid
);
453 *psid_name_use
= SID_NAME_USER
;
455 DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid
,
456 pass
? "succeeded" : "failed" ));
459 slprintf(name
, sizeof(fstring
)-1, "unix_user.%u", (unsigned int)uid
);
463 fstrcpy(name
, pass
->pw_name
);
465 DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name
,
466 (unsigned int)rid
));
474 * Don't try to convert the rid to a name if running
478 if (lp_hide_local_users())
481 gid
= pdb_user_rid_to_gid(rid
);
484 *psid_name_use
= SID_NAME_ALIAS
;
486 DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid
,
487 gr
? "succeeded" : "failed" ));
490 slprintf(name
, sizeof(fstring
)-1, "unix_group.%u", (unsigned int)gid
);
494 fstrcpy( name
, gr
->gr_name
);
496 DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name
,
497 (unsigned int)rid
));
503 /*******************************************************************
504 Convert a name into a SID. Used in the lookup name rpc.
505 ********************************************************************/
507 BOOL
local_lookup_name(const char *c_domain
, const char *c_user
, DOM_SID
*psid
, enum SID_NAME_USE
*psid_name_use
)
509 extern DOM_SID global_sid_World_Domain
;
510 struct passwd
*pass
= NULL
;
516 * domain and user may be quoted const strings, and map_username and
517 * friends can modify them. Make a modifiable copy. JRA.
520 fstrcpy(domain
, c_domain
);
521 fstrcpy(user
, c_user
);
523 sid_copy(&local_sid
, &global_sam_sid
);
526 * Special case for MACHINE\Everyone. Map to the world_sid.
529 if(strequal(user
, "Everyone")) {
530 sid_copy( psid
, &global_sid_World_Domain
);
531 sid_append_rid(psid
, 0);
532 *psid_name_use
= SID_NAME_ALIAS
;
537 * Don't lookup local unix users if running in appliance mode
539 if (lp_hide_local_users())
542 (void)map_username(user
);
544 if(!(pass
= sys_getpwnam(user
))) {
546 * Maybe it was a group ?
548 struct group
*grp
= getgrnam(user
);
553 sid_append_rid( &local_sid
, pdb_gid_to_group_rid(grp
->gr_gid
));
554 *psid_name_use
= SID_NAME_ALIAS
;
557 sid_append_rid( &local_sid
, pdb_uid_to_user_rid(pass
->pw_uid
));
558 *psid_name_use
= SID_NAME_USER
;
561 sid_copy( psid
, &local_sid
);
566 /****************************************************************************
567 Convert a uid to SID - locally.
568 ****************************************************************************/
569 DOM_SID
*local_uid_to_sid(DOM_SID
*psid
, uid_t uid
)
571 extern DOM_SID global_sam_sid
;
573 sid_copy(psid
, &global_sam_sid
);
574 sid_append_rid(psid
, pdb_uid_to_user_rid(uid
));
580 /****************************************************************************
581 Convert a SID to uid - locally.
582 ****************************************************************************/
583 BOOL
local_sid_to_uid(uid_t
*puid
, DOM_SID
*psid
, enum SID_NAME_USE
*name_type
)
585 extern DOM_SID global_sam_sid
;
592 *name_type
= SID_NAME_UNKNOWN
;
594 sid_copy(&dom_sid
, psid
);
595 sid_split_rid(&dom_sid
, &rid
);
597 if (!pdb_rid_is_user(rid
))
601 * We can only convert to a uid if this is our local
602 * Domain SID (ie. we are the controling authority).
604 if (!sid_equal(&global_sam_sid
, &dom_sid
))
607 *puid
= pdb_user_rid_to_uid(rid
);
610 * Ensure this uid really does exist.
612 if(!(pass
= sys_getpwuid(*puid
)))
615 DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str
, psid
),
616 (unsigned int)*puid
, pass
->pw_name
));
621 /****************************************************************************
622 Convert a gid to SID - locally.
623 ****************************************************************************/
624 DOM_SID
*local_gid_to_sid(DOM_SID
*psid
, gid_t gid
)
626 extern DOM_SID global_sam_sid
;
628 sid_copy(psid
, &global_sam_sid
);
629 sid_append_rid(psid
, pdb_gid_to_group_rid(gid
));
634 /****************************************************************************
635 Convert a SID to gid - locally.
636 ****************************************************************************/
637 BOOL
local_sid_to_gid(gid_t
*pgid
, DOM_SID
*psid
, enum SID_NAME_USE
*name_type
)
639 extern DOM_SID global_sam_sid
;
645 *name_type
= SID_NAME_UNKNOWN
;
647 sid_copy(&dom_sid
, psid
);
648 sid_split_rid(&dom_sid
, &rid
);
651 * We can only convert to a gid if this is our local
652 * Domain SID (ie. we are the controling authority).
655 if (!sid_equal(&global_sam_sid
, &dom_sid
))
658 if (pdb_rid_is_user(rid
))
661 *pgid
= pdb_user_rid_to_gid(rid
);
664 * Ensure this gid really does exist.
667 if(!(grp
= getgrgid(*pgid
)))
670 DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str
, psid
),
671 (unsigned int)*pgid
, grp
->gr_name
));
676 static void select_name(fstring
*string
, char **name
, const UNISTR2
*from
)
678 if (from
->buffer
!= 0)
680 unistr2_to_ascii(*string
, from
, sizeof(*string
));
685 /*************************************************************
686 copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
687 **************************************************************/
688 void copy_id23_to_sam_passwd(SAM_ACCOUNT
*to
, SAM_USER_INFO_23
*from
)
690 static fstring smb_name
;
691 static fstring full_name
;
692 static fstring home_dir
;
693 static fstring dir_drive
;
694 static fstring logon_script
;
695 static fstring profile_path
;
696 static fstring acct_desc
;
697 static fstring workstations
;
698 static fstring unknown_str
;
699 static fstring munged_dial
;
701 if (from
== NULL
|| to
== NULL
)
704 to
->logon_time
= nt_time_to_unix(&from
->logon_time
);
705 to
->logoff_time
= nt_time_to_unix(&from
->logoff_time
);
706 to
->kickoff_time
= nt_time_to_unix(&from
->kickoff_time
);
707 to
->pass_last_set_time
= nt_time_to_unix(&from
->pass_last_set_time
);
708 to
->pass_can_change_time
= nt_time_to_unix(&from
->pass_can_change_time
);
709 to
->pass_must_change_time
= nt_time_to_unix(&from
->pass_must_change_time
);
711 select_name(&smb_name
, &to
->username
, &from
->uni_user_name
);
712 select_name(&full_name
, &to
->full_name
, &from
->uni_full_name
);
713 select_name(&home_dir
, &to
->home_dir
, &from
->uni_home_dir
);
714 select_name(&dir_drive
, &to
->dir_drive
, &from
->uni_dir_drive
);
715 select_name(&logon_script
, &to
->logon_script
, &from
->uni_logon_script
);
716 select_name(&profile_path
, &to
->profile_path
, &from
->uni_profile_path
);
717 select_name(&acct_desc
, &to
->acct_desc
, &from
->uni_acct_desc
);
718 select_name(&workstations
, &to
->workstations
, &from
->uni_workstations
);
719 select_name(&unknown_str
, &to
->unknown_str
, &from
->uni_unknown_str
);
720 select_name(&munged_dial
, &to
->munged_dial
, &from
->uni_munged_dial
);
722 to
->user_rid
= from
->user_rid
;
723 to
->group_rid
= from
->group_rid
;
725 to
->acct_ctrl
= from
->acb_info
;
726 to
->unknown_3
= from
->unknown_3
;
728 to
->logon_divs
= from
->logon_divs
;
729 to
->hours_len
= from
->logon_hrs
.len
;
730 memcpy(to
->hours
, from
->logon_hrs
.hours
, MAX_HOURS_LEN
);
732 to
->unknown_5
= from
->unknown_5
;
733 to
->unknown_6
= from
->unknown_6
;
736 /*************************************************************
738 **************************************************************/
739 void copy_id21_to_sam_passwd(SAM_ACCOUNT
*to
, SAM_USER_INFO_21
*from
)
741 static fstring smb_name
;
742 static fstring full_name
;
743 static fstring home_dir
;
744 static fstring dir_drive
;
745 static fstring logon_script
;
746 static fstring profile_path
;
747 static fstring acct_desc
;
748 static fstring workstations
;
749 static fstring unknown_str
;
750 static fstring munged_dial
;
752 if (from
== NULL
|| to
== NULL
)
755 to
->logon_time
= nt_time_to_unix(&from
->logon_time
);
756 to
->logoff_time
= nt_time_to_unix(&from
->logoff_time
);
757 to
->kickoff_time
= nt_time_to_unix(&from
->kickoff_time
);
758 to
->pass_last_set_time
= nt_time_to_unix(&from
->pass_last_set_time
);
759 to
->pass_can_change_time
= nt_time_to_unix(&from
->pass_can_change_time
);
760 to
->pass_must_change_time
= nt_time_to_unix(&from
->pass_must_change_time
);
762 select_name(&smb_name
, &to
->username
, &from
->uni_user_name
);
763 select_name(&full_name
, &to
->full_name
, &from
->uni_full_name
);
764 select_name(&home_dir
, &to
->home_dir
, &from
->uni_home_dir
);
765 select_name(&dir_drive
, &to
->dir_drive
, &from
->uni_dir_drive
);
766 select_name(&logon_script
, &to
->logon_script
, &from
->uni_logon_script
);
767 select_name(&profile_path
, &to
->profile_path
, &from
->uni_profile_path
);
768 select_name(&acct_desc
, &to
->acct_desc
, &from
->uni_acct_desc
);
769 select_name(&workstations
, &to
->workstations
, &from
->uni_workstations
);
770 select_name(&unknown_str
, &to
->unknown_str
, &from
->uni_unknown_str
);
771 select_name(&munged_dial
, &to
->munged_dial
, &from
->uni_munged_dial
);
773 to
->user_rid
= from
->user_rid
;
774 to
->group_rid
= from
->group_rid
;
776 /* FIXME!! Do we need to copy the passwords here as well?
777 I don't know. Need to figure this out --jerry */
779 to
->acct_ctrl
= from
->acb_info
;
780 to
->unknown_3
= from
->unknown_3
;
782 to
->logon_divs
= from
->logon_divs
;
783 to
->hours_len
= from
->logon_hrs
.len
;
784 memcpy(to
->hours
, from
->logon_hrs
.hours
, MAX_HOURS_LEN
);
786 to
->unknown_5
= from
->unknown_5
;
787 to
->unknown_6
= from
->unknown_6
;
791 /*************************************************************
793 **************************************************************/
794 void copy_sam_passwd(SAM_ACCOUNT
*to
, const SAM_ACCOUNT
*from
)
796 static fstring smb_name
="";
797 static fstring full_name
="";
798 static fstring home_dir
="";
799 static fstring dir_drive
="";
800 static fstring logon_script
="";
801 static fstring profile_path
="";
802 static fstring acct_desc
="";
803 static fstring workstations
="";
804 static fstring unknown_str
="";
805 static fstring munged_dial
="";
806 static uint8 lm_pw
[16], nt_pw
[16];
808 if (from
== NULL
|| to
== NULL
)
811 /* we won't own this memory so set the flag.
812 This will also clear the strings from 'to' */
813 pdb_set_mem_ownership (to
, False
);
815 memcpy(to
, from
, sizeof(*from
));
817 if (from
->username
!= NULL
)
819 fstrcpy(smb_name
, from
->username
);
820 to
->username
= smb_name
;
823 if (from
->full_name
!= NULL
)
825 fstrcpy(full_name
, from
->full_name
);
826 to
->full_name
= full_name
;
829 if (from
->home_dir
!= NULL
)
831 fstrcpy(home_dir
, from
->home_dir
);
832 to
->home_dir
= home_dir
;
835 if (from
->dir_drive
!= NULL
)
837 fstrcpy(dir_drive
, from
->dir_drive
);
838 to
->dir_drive
= dir_drive
;
841 if (from
->logon_script
!= NULL
)
843 fstrcpy(logon_script
, from
->logon_script
);
844 to
->logon_script
= logon_script
;
847 if (from
->profile_path
!= NULL
)
849 fstrcpy(profile_path
, from
->profile_path
);
850 to
->profile_path
= profile_path
;
853 if (from
->acct_desc
!= NULL
)
855 fstrcpy(acct_desc
, from
->acct_desc
);
856 to
->acct_desc
= acct_desc
;
859 if (from
->workstations
!= NULL
)
861 fstrcpy(workstations
, from
->workstations
);
862 to
->workstations
= workstations
;
865 if (from
->unknown_str
!= NULL
)
867 fstrcpy(unknown_str
, from
->unknown_str
);
868 to
->unknown_str
= unknown_str
;
871 if (from
->munged_dial
!= NULL
)
873 fstrcpy(munged_dial
, from
->munged_dial
);
874 to
->munged_dial
= munged_dial
;
877 if (from
->nt_pw
!= NULL
)
879 memcpy (nt_pw
, from
->nt_pw
, 16);
883 if (from
->lm_pw
!= NULL
)
885 memcpy (lm_pw
, from
->lm_pw
, 16);
892 /*************************************************************
893 change a password entry in the local smbpasswd file
895 FIXME!! The function needs to be abstracted into the
896 passdb interface or something. It is currently being called
897 by _api_samr_create_user() in rpc_server/srv_samr.c
900 *************************************************************/
902 BOOL
local_password_change(char *user_name
, int local_flags
,
904 char *err_str
, size_t err_str_len
,
905 char *msg_str
, size_t msg_str_len
)
907 struct passwd
*pwd
= NULL
;
908 SAM_ACCOUNT
*sam_pass
;
909 SAM_ACCOUNT new_sam_acct
;
911 uchar new_nt_p16
[16];
916 if (local_flags
& LOCAL_ADD_USER
) {
919 * Check for a local account - if we're adding only.
922 if(!(pwd
= sys_getpwnam(user_name
))) {
923 slprintf(err_str
, err_str_len
- 1, "User %s does not \
924 exist in system password file (usually /etc/passwd). Cannot add \
925 account without a valid local system user.\n", user_name
);
930 /* Calculate the MD4 hash (NT compatible) of the new password. */
931 nt_lm_owf_gen(new_passwd
, new_nt_p16
, new_p16
);
933 /* Get the smb passwd entry for this user */
934 sam_pass
= pdb_getsampwnam(user_name
);
935 if (sam_pass
== NULL
)
937 if(!(local_flags
& LOCAL_ADD_USER
))
939 slprintf(err_str
, err_str_len
-1,"Failed to find entry for user %s.\n", user_name
);
943 /* create the SAM_ACCOUNT struct and call pdb_add_sam_account.
944 Because the new_sam_pwd only exists in the scope of this function
945 we will not allocate memory for members */
946 pdb_init_sam (&new_sam_acct
);
947 pdb_set_mem_ownership (&new_sam_acct
, False
);
948 pdb_set_username (&new_sam_acct
, user_name
);
949 pdb_set_fullname (&new_sam_acct
, pwd
->pw_gecos
);
950 pdb_set_uid (&new_sam_acct
, pwd
->pw_uid
);
951 pdb_set_gid (&new_sam_acct
, pwd
->pw_gid
);
952 pdb_set_pass_last_set_time(&new_sam_acct
, time(NULL
));
953 pdb_set_profile_path (&new_sam_acct
, lp_logon_path());
954 pdb_set_homedir (&new_sam_acct
, lp_logon_home());
955 pdb_set_dir_drive (&new_sam_acct
, lp_logon_drive());
956 pdb_set_logon_script (&new_sam_acct
, lp_logon_script());
958 /* set account flags */
959 pdb_set_acct_ctrl(&new_sam_acct
,((local_flags
& LOCAL_TRUST_ACCOUNT
) ? ACB_WSTRUST
: ACB_NORMAL
) );
960 if (local_flags
& LOCAL_DISABLE_USER
)
962 pdb_set_acct_ctrl (&new_sam_acct
, pdb_get_acct_ctrl(&new_sam_acct
)|ACB_DISABLED
);
964 if (local_flags
& LOCAL_SET_NO_PASSWORD
)
966 pdb_set_acct_ctrl (&new_sam_acct
, pdb_get_acct_ctrl(&new_sam_acct
)|ACB_PWNOTREQ
);
970 /* set the passwords here. if we get to here it means
971 we have a valid, active account */
972 pdb_set_lanman_passwd (&new_sam_acct
, new_p16
);
973 pdb_set_nt_passwd (&new_sam_acct
, new_nt_p16
);
977 if (pdb_add_sam_account(&new_sam_acct
))
979 slprintf(msg_str
, msg_str_len
-1, "Added user %s.\n", user_name
);
980 pdb_clear_sam (&new_sam_acct
);
985 slprintf(err_str
, err_str_len
-1, "Failed to add entry for user %s.\n", user_name
);
991 /* the entry already existed */
992 local_flags
&= ~LOCAL_ADD_USER
;
996 * We are root - just write the new password
997 * and the valid last change time.
1000 if(local_flags
& LOCAL_DISABLE_USER
)
1002 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_DISABLED
);
1004 else if (local_flags
& LOCAL_ENABLE_USER
)
1006 if(pdb_get_lanman_passwd(sam_pass
) == NULL
)
1008 pdb_set_lanman_passwd (sam_pass
, new_p16
);
1009 pdb_set_nt_passwd (sam_pass
, new_nt_p16
);
1011 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_DISABLED
));
1012 } else if (local_flags
& LOCAL_SET_NO_PASSWORD
)
1014 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)|ACB_PWNOTREQ
);
1016 /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
1017 pdb_set_lanman_passwd (sam_pass
, NULL
);
1018 pdb_set_nt_passwd (sam_pass
, NULL
);
1023 * If we're dealing with setting a completely empty user account
1024 * ie. One with a password of 'XXXX', but not set disabled (like
1025 * an account created from scratch) then if the old password was
1026 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
1027 * We remove that as we're giving this user their first password
1028 * and the decision hasn't really been made to disable them (ie.
1029 * don't create them disabled). JRA.
1031 if ((pdb_get_lanman_passwd(sam_pass
)==NULL
) && (pdb_get_acct_ctrl(sam_pass
)&ACB_DISABLED
))
1032 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_DISABLED
));
1033 pdb_set_acct_ctrl (sam_pass
, pdb_get_acct_ctrl(sam_pass
)&(~ACB_PWNOTREQ
));
1034 pdb_set_lanman_passwd (sam_pass
, new_p16
);
1035 pdb_set_nt_passwd (sam_pass
, new_nt_p16
);
1038 if(local_flags
& LOCAL_DELETE_USER
)
1040 if (!pdb_delete_sam_account(user_name
))
1042 slprintf(err_str
,err_str_len
-1, "Failed to delete entry for user %s.\n", user_name
);
1045 slprintf(msg_str
, msg_str_len
-1, "Deleted user %s.\n", user_name
);
1049 if(!pdb_update_sam_account(sam_pass
, True
))
1051 slprintf(err_str
, err_str_len
-1, "Failed to modify entry for user %s.\n", user_name
);
1054 if(local_flags
& LOCAL_DISABLE_USER
)
1055 slprintf(msg_str
, msg_str_len
-1, "Disabled user %s.\n", user_name
);
1056 else if (local_flags
& LOCAL_ENABLE_USER
)
1057 slprintf(msg_str
, msg_str_len
-1, "Enabled user %s.\n", user_name
);
1058 else if (local_flags
& LOCAL_SET_NO_PASSWORD
)
1059 slprintf(msg_str
, msg_str_len
-1, "User %s password set to none.\n", user_name
);
1066 /*********************************************************************
1067 collection of get...() functions for SAM_ACCOUNT_INFO
1068 ********************************************************************/
1069 uint16
pdb_get_acct_ctrl (SAM_ACCOUNT
*sampass
)
1072 return (sampass
->acct_ctrl
);
1074 return (ACB_DISABLED
);
1077 time_t pdb_get_logon_time (SAM_ACCOUNT
*sampass
)
1080 return (sampass
->logon_time
);
1085 time_t pdb_get_logoff_time (SAM_ACCOUNT
*sampass
)
1088 return (sampass
->logoff_time
);
1093 time_t pdb_get_kickoff_time (SAM_ACCOUNT
*sampass
)
1096 return (sampass
->kickoff_time
);
1101 time_t pdb_get_pass_last_set_time (SAM_ACCOUNT
*sampass
)
1104 return (sampass
->pass_last_set_time
);
1109 time_t pdb_get_pass_can_change_time (SAM_ACCOUNT
*sampass
)
1112 return (sampass
->pass_can_change_time
);
1117 time_t pdb_get_pass_must_change_time (SAM_ACCOUNT
*sampass
)
1120 return (sampass
->pass_must_change_time
);
1125 uint16
pdb_get_logon_divs (SAM_ACCOUNT
*sampass
)
1128 return (sampass
->logon_divs
);
1133 uint32
pdb_get_hours_len (SAM_ACCOUNT
*sampass
)
1136 return (sampass
->hours_len
);
1141 uint8
* pdb_get_hours (SAM_ACCOUNT
*sampass
)
1144 return (sampass
->hours
);
1149 uint8
* pdb_get_nt_passwd (SAM_ACCOUNT
*sampass
)
1152 return (sampass
->nt_pw
);
1157 uint8
* pdb_get_lanman_passwd (SAM_ACCOUNT
*sampass
)
1160 return (sampass
->lm_pw
);
1166 uint32
pdb_get_user_rid (SAM_ACCOUNT
*sampass
)
1169 return (sampass
->user_rid
);
1174 uint32
pdb_get_group_rid (SAM_ACCOUNT
*sampass
)
1177 return (sampass
->group_rid
);
1182 uid_t
pdb_get_uid (SAM_ACCOUNT
*sampass
)
1185 return (sampass
->uid
);
1190 gid_t
pdb_get_gid (SAM_ACCOUNT
*sampass
)
1193 return (sampass
->gid
);
1198 char* pdb_get_username (SAM_ACCOUNT
*sampass
)
1201 return (sampass
->username
);
1206 char* pdb_get_domain (SAM_ACCOUNT
*sampass
)
1209 return (sampass
->domain
);
1214 char* pdb_get_nt_username (SAM_ACCOUNT
*sampass
)
1217 return (sampass
->nt_username
);
1222 char* pdb_get_fullname (SAM_ACCOUNT
*sampass
)
1225 return (sampass
->full_name
);
1230 char* pdb_get_homedir (SAM_ACCOUNT
*sampass
)
1233 return (sampass
->home_dir
);
1238 char* pdb_get_dirdrive (SAM_ACCOUNT
*sampass
)
1241 return (sampass
->dir_drive
);
1246 char* pdb_get_logon_script (SAM_ACCOUNT
*sampass
)
1249 return (sampass
->logon_script
);
1254 char* pdb_get_profile_path (SAM_ACCOUNT
*sampass
)
1257 return (sampass
->profile_path
);
1262 char* pdb_get_acct_desc (SAM_ACCOUNT
*sampass
)
1265 return (sampass
->acct_desc
);
1270 char* pdb_get_workstations (SAM_ACCOUNT
*sampass
)
1273 return (sampass
->workstations
);
1278 char* pdb_get_munged_dial (SAM_ACCOUNT
*sampass
)
1281 return (sampass
->munged_dial
);
1286 uint32
pdb_get_unknown3 (SAM_ACCOUNT
*sampass
)
1289 return (sampass
->unknown_3
);
1294 uint32
pdb_get_unknown5 (SAM_ACCOUNT
*sampass
)
1297 return (sampass
->unknown_5
);
1302 uint32
pdb_get_unknown6 (SAM_ACCOUNT
*sampass
)
1305 return (sampass
->unknown_6
);
1310 /*********************************************************************
1311 collection of set...() functions for SAM_ACCOUNT_INFO
1312 ********************************************************************/
1314 /********************************************************************
1315 The purpose of this flag is to determine whether or not we
1316 should free the memory when we are done. This allows us to
1317 use local static variables for string (reduce the number of
1318 malloc() calls) while still allowing for flexibility of
1321 We always clear the structure even if setting the flag to the
1323 *******************************************************************/
1324 void pdb_set_mem_ownership (SAM_ACCOUNT
*sampass
, BOOL flag
)
1326 /* if we have no SAM_ACCOUNT struct or no change, then done */
1327 if (sampass
== NULL
)
1330 /* clear the struct and set the ownership flag */
1331 pdb_clear_sam (sampass
);
1332 sampass
->own_memory
= flag
;
1337 BOOL
pdb_set_acct_ctrl (SAM_ACCOUNT
*sampass
, uint16 flags
)
1344 sampass
->acct_ctrl
= flags
;
1351 BOOL
pdb_set_logon_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1356 sampass
->logon_time
= mytime
;
1360 BOOL
pdb_set_logoff_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1365 sampass
->logoff_time
= mytime
;
1369 BOOL
pdb_set_kickoff_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1374 sampass
->kickoff_time
= mytime
;
1378 BOOL
pdb_set_pass_can_change_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1383 sampass
->pass_can_change_time
= mytime
;
1387 BOOL
pdb_set_pass_must_change_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1392 sampass
->pass_must_change_time
= mytime
;
1396 BOOL
pdb_set_pass_last_set_time (SAM_ACCOUNT
*sampass
, time_t mytime
)
1401 sampass
->pass_last_set_time
= mytime
;
1405 BOOL
pdb_set_hours_len (SAM_ACCOUNT
*sampass
, uint32 len
)
1410 sampass
->hours_len
= len
;
1414 BOOL
pdb_set_logons_divs (SAM_ACCOUNT
*sampass
, uint16 hours
)
1419 sampass
->logon_divs
= hours
;
1423 BOOL
pdb_set_uid (SAM_ACCOUNT
*sampass
, uid_t uid
)
1432 BOOL
pdb_set_gid (SAM_ACCOUNT
*sampass
, gid_t gid
)
1441 BOOL
pdb_set_user_rid (SAM_ACCOUNT
*sampass
, uint32 rid
)
1446 sampass
->user_rid
= rid
;
1450 BOOL
pdb_set_group_rid (SAM_ACCOUNT
*sampass
, uint32 grid
)
1455 sampass
->group_rid
= grid
;
1459 BOOL
pdb_set_username (SAM_ACCOUNT
*sampass
, char *username
)
1464 if (!sampass
->own_memory
)
1465 sampass
->username
= username
;
1468 if ( (sampass
->username
=strdup(username
)) == NULL
)
1470 DEBUG (0,("pdb_set_username: ERROR - Unable to malloc memory for [%s]\n", username
));
1478 BOOL
pdb_set_domain (SAM_ACCOUNT
*sampass
, char *domain
)
1483 if (!sampass
->own_memory
)
1484 sampass
->domain
= domain
;
1487 if ( (sampass
->domain
=strdup(domain
)) == NULL
)
1489 DEBUG (0,("pdb_set_domain: ERROR - Unable to malloc memory for [%s]\n", domain
));
1497 BOOL
pdb_set_nt_username (SAM_ACCOUNT
*sampass
, char *nt_username
)
1502 if (!sampass
->own_memory
)
1503 sampass
->nt_username
= nt_username
;
1506 if ( (sampass
->nt_username
=strdup(nt_username
)) == NULL
)
1508 DEBUG (0,("pdb_set_nt_username: ERROR - Unable to malloc memory for [%s]\n", nt_username
));
1516 BOOL
pdb_set_fullname (SAM_ACCOUNT
*sampass
, char *fullname
)
1521 if (!sampass
->own_memory
)
1522 sampass
->full_name
= fullname
;
1525 if ( (sampass
->full_name
=strdup(fullname
)) == NULL
)
1527 DEBUG (0,("pdb_set_fullname: ERROR - Unable to malloc memory for [%s]\n", fullname
));
1535 BOOL
pdb_set_logon_script (SAM_ACCOUNT
*sampass
, char *logon_script
)
1540 if (!sampass
->own_memory
)
1541 sampass
->logon_script
= logon_script
;
1544 if ( (sampass
->logon_script
=strdup(logon_script
)) == NULL
)
1546 DEBUG (0,("pdb_set_logon_script: ERROR - Unable to malloc memory for [%s]\n", logon_script
));
1554 BOOL
pdb_set_profile_path (SAM_ACCOUNT
*sampass
, char *profile_path
)
1559 if (!sampass
->own_memory
)
1560 sampass
->profile_path
= profile_path
;
1563 if ( (sampass
->profile_path
=strdup(profile_path
)) == NULL
)
1565 DEBUG (0,("pdb_set_profile_path: ERROR - Unable to malloc memory for [%s]\n", profile_path
));
1573 BOOL
pdb_set_dir_drive (SAM_ACCOUNT
*sampass
, char *dir_drive
)
1578 if (!sampass
->own_memory
)
1579 sampass
->dir_drive
= dir_drive
;
1582 if ( (sampass
->dir_drive
=strdup(dir_drive
)) == NULL
)
1584 DEBUG (0,("pdb_set_dir_drive: ERROR - Unable to malloc memory for [%s]\n", dir_drive
));
1592 BOOL
pdb_set_homedir (SAM_ACCOUNT
*sampass
, char *homedir
)
1597 if (!sampass
->own_memory
)
1598 sampass
->home_dir
= homedir
;
1601 if ( (sampass
->home_dir
=strdup(homedir
)) == NULL
)
1603 DEBUG (0,("pdb_set_home_dir: ERROR - Unable to malloc memory for [%s]\n", homedir
));
1611 BOOL
pdb_set_acct_desc (SAM_ACCOUNT
*sampass
, char *acct_desc
)
1616 if (!sampass
->own_memory
)
1617 sampass
->acct_desc
= acct_desc
;
1620 if ( (sampass
->acct_desc
=strdup(acct_desc
)) == NULL
)
1622 DEBUG (0,("pdb_set_acct_desc: ERROR - Unable to malloc memory for [%s]\n", acct_desc
));
1629 BOOL
pdb_set_workstations (SAM_ACCOUNT
*sampass
, char *workstations
)
1634 if (!sampass
->own_memory
)
1635 sampass
->workstations
= workstations
;
1638 if ( (sampass
->workstations
=strdup(workstations
)) == NULL
)
1640 DEBUG (0,("pdb_set_workstations: ERROR - Unable to malloc memory for [%s]\n", workstations
));
1648 BOOL
pdb_set_munged_dial (SAM_ACCOUNT
*sampass
, char *munged_dial
)
1653 if (!sampass
->own_memory
)
1654 sampass
->munged_dial
= munged_dial
;
1657 if ( (sampass
->munged_dial
=strdup(munged_dial
)) == NULL
)
1659 DEBUG (0,("pdb_set_munged_dial: ERROR - Unable to malloc memory for [%s]\n", munged_dial
));
1667 BOOL
pdb_set_nt_passwd (SAM_ACCOUNT
*sampass
, uint8
*pwd
)
1669 if ( (!sampass
) ||(pwd
== NULL
) )
1672 if (!sampass
->own_memory
)
1673 sampass
->nt_pw
= pwd
;
1676 if ((sampass
->nt_pw
=(uint8
*)malloc(sizeof(uint8
)*16)) == NULL
)
1678 DEBUG(0,("pdb_set_nt_passwd: ERROR - out of memory for nt_pw!\n"));
1681 if (!memcpy(sampass
->nt_pw
, pwd
, 16))
1688 BOOL
pdb_set_lanman_passwd (SAM_ACCOUNT
*sampass
, uint8
*pwd
)
1690 if ( (!sampass
) ||(pwd
== NULL
) )
1693 if (!sampass
->own_memory
)
1694 sampass
->lm_pw
= pwd
;
1697 if ((sampass
->lm_pw
=(uint8
*)malloc(sizeof(uint8
)*16)) == NULL
)
1699 DEBUG(0,("pdb_set_lanman_passwd: ERROR - out of memory for lm_pw!\n"));
1702 if (!memcpy(sampass
->lm_pw
, pwd
, 16))