search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
examples/VFS: fix skel_transparent.c in reference to shadow_copy changes
[Samba/gebeck_regimport.git] / source3 / passdb / pdb_get_set.c
blobeec82f9c9840c864cd7a77caa66a2a283ec08dd4
1 /*
2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "passdb.h"
26 #include "../libcli/auth/libcli_auth.h"
27 #include "../libcli/security/security.h"
28
29 #undef DBGC_CLASS
30 #define DBGC_CLASS DBGC_PASSDB
31
32 /**
33 * @todo Redefine this to NULL, but this changes the API because
34 * much of samba assumes that the pdb_get...() funtions
35 * return strings. (ie not null-pointers).
36 * See also pdb_fill_default_sam().
37 */
38
39 #define PDB_NOT_QUITE_NULL ""
40
41 /*********************************************************************
42 Collection of get...() functions for struct samu.
43 ********************************************************************/
44
45 uint32_t pdb_get_acct_ctrl(const struct samu *sampass)
46 {
47 return sampass->acct_ctrl;
48 }
49
50 time_t pdb_get_logon_time(const struct samu *sampass)
51 {
52 return sampass->logon_time;
53 }
54
55 time_t pdb_get_logoff_time(const struct samu *sampass)
56 {
57 return sampass->logoff_time;
58 }
59
60 time_t pdb_get_kickoff_time(const struct samu *sampass)
61 {
62 return sampass->kickoff_time;
63 }
64
65 time_t pdb_get_bad_password_time(const struct samu *sampass)
66 {
67 return sampass->bad_password_time;
68 }
69
70 time_t pdb_get_pass_last_set_time(const struct samu *sampass)
71 {
72 return sampass->pass_last_set_time;
73 }
74
75 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
76 {
77 uint32_t allow;
78
79 /* if the last set time is zero, it means the user cannot
80 change their password, and this time must be zero. jmcd
81 */
82 if (sampass->pass_last_set_time == 0)
83 return (time_t) 0;
84
85 /* if the time is max, and the field has been changed,
86 we're trying to update this real value from the sampass
87 to indicate that the user cannot change their password. jmcd
88 */
89 if (sampass->pass_can_change_time == get_time_t_max() &&
90 IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME))
91 return sampass->pass_can_change_time;
92
93 if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
94 allow = 0;
95
96 /* in normal cases, just calculate it from policy */
97 return sampass->pass_last_set_time + allow;
98 }
99
100 /* we need this for loading from the backend, so that we don't overwrite
101 non-changed max times, otherwise the pass_can_change checking won't work */
102 time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
103 {
104 return sampass->pass_can_change_time;
105 }
106
107 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
108 {
109 uint32_t expire;
110
111 if (sampass->pass_last_set_time == 0)
112 return (time_t) 0;
113
114 if (sampass->acct_ctrl & ACB_PWNOEXP)
115 return get_time_t_max();
116
117 if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
118 || expire == (uint32_t)-1 || expire == 0)
119 return get_time_t_max();
120
121 return sampass->pass_last_set_time + expire;
122 }
123
124 bool pdb_get_pass_can_change(const struct samu *sampass)
125 {
126 if (sampass->pass_can_change_time == get_time_t_max())
127 return False;
128 return True;
129 }
130
131 uint16_t pdb_get_logon_divs(const struct samu *sampass)
132 {
133 return sampass->logon_divs;
134 }
135
136 uint32_t pdb_get_hours_len(const struct samu *sampass)
137 {
138 return sampass->hours_len;
139 }
140
141 const uint8 *pdb_get_hours(const struct samu *sampass)
142 {
143 return (sampass->hours);
144 }
145
146 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
147 {
148 SMB_ASSERT((!sampass->nt_pw.data)
149 || sampass->nt_pw.length == NT_HASH_LEN);
150 return (uint8 *)sampass->nt_pw.data;
151 }
152
153 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
154 {
155 SMB_ASSERT((!sampass->lm_pw.data)
156 || sampass->lm_pw.length == LM_HASH_LEN);
157 return (uint8 *)sampass->lm_pw.data;
158 }
159
160 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len)
161 {
162 SMB_ASSERT((!sampass->nt_pw_his.data)
163 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
164 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
165 return (uint8 *)sampass->nt_pw_his.data;
166 }
167
168 /* Return the plaintext password if known. Most of the time
169 it isn't, so don't assume anything magic about this function.
170
171 Used to pass the plaintext to passdb backends that might
172 want to store more than just the NTLM hashes.
173 */
174 const char *pdb_get_plaintext_passwd(const struct samu *sampass)
175 {
176 return sampass->plaintext_pw;
177 }
178
179 const struct dom_sid *pdb_get_user_sid(const struct samu *sampass)
180 {
181 return &sampass->user_sid;
182 }
183
184 const struct dom_sid *pdb_get_group_sid(struct samu *sampass)
185 {
186 NTSTATUS status;
187
188 /* Return the cached group SID if we have that */
189 if (sampass->group_sid) {
190 return sampass->group_sid;
191 }
192
193 /* No algorithmic mapping, meaning that we have to figure out the
194 primary group SID according to group mapping and the user SID must
195 be a newly allocated one. We rely on the user's Unix primary gid.
196 We have no choice but to fail if we can't find it. */
197 status = get_primary_group_sid(sampass,
198 pdb_get_username(sampass),
199 &sampass->unix_pw,
200 &sampass->group_sid);
201 if (!NT_STATUS_IS_OK(status)) {
202 return NULL;
203 }
204
205 return sampass->group_sid;
206 }
207
208 /**
209 * Get flags showing what is initalised in the struct samu
210 * @param sampass the struct samu in question
211 * @return the flags indicating the members initialised in the struct.
212 **/
213
214 enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
215 {
216 enum pdb_value_state ret = PDB_DEFAULT;
217
218 if (!sampass->change_flags || !sampass->set_flags)
219 return ret;
220
221 if (bitmap_query(sampass->set_flags, element)) {
222 DEBUG(11, ("element %d: SET\n", element));
223 ret = PDB_SET;
224 }
225
226 if (bitmap_query(sampass->change_flags, element)) {
227 DEBUG(11, ("element %d: CHANGED\n", element));
228 ret = PDB_CHANGED;
229 }
230
231 if (ret == PDB_DEFAULT) {
232 DEBUG(11, ("element %d: DEFAULT\n", element));
233 }
234
235 return ret;
236 }
237
238 const char *pdb_get_username(const struct samu *sampass)
239 {
240 return sampass->username;
241 }
242
243 const char *pdb_get_domain(const struct samu *sampass)
244 {
245 return sampass->domain;
246 }
247
248 const char *pdb_get_nt_username(const struct samu *sampass)
249 {
250 return sampass->nt_username;
251 }
252
253 const char *pdb_get_fullname(const struct samu *sampass)
254 {
255 return sampass->full_name;
256 }
257
258 const char *pdb_get_homedir(const struct samu *sampass)
259 {
260 return sampass->home_dir;
261 }
262
263 const char *pdb_get_dir_drive(const struct samu *sampass)
264 {
265 return sampass->dir_drive;
266 }
267
268 const char *pdb_get_logon_script(const struct samu *sampass)
269 {
270 return sampass->logon_script;
271 }
272
273 const char *pdb_get_profile_path(const struct samu *sampass)
274 {
275 return sampass->profile_path;
276 }
277
278 const char *pdb_get_acct_desc(const struct samu *sampass)
279 {
280 return sampass->acct_desc;
281 }
282
283 const char *pdb_get_workstations(const struct samu *sampass)
284 {
285 return sampass->workstations;
286 }
287
288 const char *pdb_get_comment(const struct samu *sampass)
289 {
290 return sampass->comment;
291 }
292
293 const char *pdb_get_munged_dial(const struct samu *sampass)
294 {
295 return sampass->munged_dial;
296 }
297
298 uint16_t pdb_get_bad_password_count(const struct samu *sampass)
299 {
300 return sampass->bad_password_count;
301 }
302
303 uint16_t pdb_get_logon_count(const struct samu *sampass)
304 {
305 return sampass->logon_count;
306 }
307
308 uint16_t pdb_get_country_code(const struct samu *sampass)
309 {
310 return sampass->country_code;
311 }
312
313 uint16_t pdb_get_code_page(const struct samu *sampass)
314 {
315 return sampass->code_page;
316 }
317
318 uint32_t pdb_get_unknown_6(const struct samu *sampass)
319 {
320 return sampass->unknown_6;
321 }
322
323 void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
324 {
325 if (my_methods == sampass->backend_private_methods) {
326 return sampass->backend_private_data;
327 } else {
328 return NULL;
329 }
330 }
331
332 /*********************************************************************
333 Collection of set...() functions for struct samu.
334 ********************************************************************/
335
336 bool pdb_set_acct_ctrl(struct samu *sampass, uint32_t acct_ctrl, enum pdb_value_state flag)
337 {
338 sampass->acct_ctrl = acct_ctrl;
339 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
340 }
341
342 bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
343 {
344 sampass->logon_time = mytime;
345 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
346 }
347
348 bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
349 {
350 sampass->logoff_time = mytime;
351 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
352 }
353
354 bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
355 {
356 sampass->kickoff_time = mytime;
357 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
358 }
359
360 bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
361 {
362 sampass->bad_password_time = mytime;
363 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
364 }
365
366 bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
367 {
368 sampass->pass_can_change_time = mytime;
369 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
370 }
371
372 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
373 {
374 sampass->pass_must_change_time = mytime;
375 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
376 }
377
378 bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
379 {
380 sampass->pass_last_set_time = mytime;
381 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
382 }
383
384 bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag)
385 {
386 sampass->hours_len = len;
387 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
388 }
389
390 bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag)
391 {
392 sampass->logon_divs = hours;
393 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
394 }
395
396 /**
397 * Set flags showing what is initalised in the struct samu
398 * @param sampass the struct samu in question
399 * @param flag The *new* flag to be set. Old flags preserved
400 * this flag is only added.
401 **/
402
403 bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
404 {
405 if (!sampass->set_flags) {
406 if ((sampass->set_flags =
407 bitmap_talloc(sampass,
408 PDB_COUNT))==NULL) {
409 DEBUG(0,("bitmap_talloc failed\n"));
410 return False;
411 }
412 }
413 if (!sampass->change_flags) {
414 if ((sampass->change_flags =
415 bitmap_talloc(sampass,
416 PDB_COUNT))==NULL) {
417 DEBUG(0,("bitmap_talloc failed\n"));
418 return False;
419 }
420 }
421
422 switch(value_flag) {
423 case PDB_CHANGED:
424 if (!bitmap_set(sampass->change_flags, element)) {
425 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
426 return False;
427 }
428 if (!bitmap_set(sampass->set_flags, element)) {
429 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
430 return False;
431 }
432 DEBUG(11, ("element %d -> now CHANGED\n", element));
433 break;
434 case PDB_SET:
435 if (!bitmap_clear(sampass->change_flags, element)) {
436 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
437 return False;
438 }
439 if (!bitmap_set(sampass->set_flags, element)) {
440 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
441 return False;
442 }
443 DEBUG(11, ("element %d -> now SET\n", element));
444 break;
445 case PDB_DEFAULT:
446 default:
447 if (!bitmap_clear(sampass->change_flags, element)) {
448 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
449 return False;
450 }
451 if (!bitmap_clear(sampass->set_flags, element)) {
452 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
453 return False;
454 }
455 DEBUG(11, ("element %d -> now DEFAULT\n", element));
456 break;
457 }
458
459 return True;
460 }
461
462 bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag)
463 {
464 if (!u_sid)
465 return False;
466
467 sid_copy(&sampass->user_sid, u_sid);
468
469 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
470 sid_string_dbg(&sampass->user_sid)));
471
472 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
473 }
474
475 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
476 {
477 struct dom_sid new_sid;
478
479 if (!u_sid)
480 return False;
481
482 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
483 u_sid));
484
485 if (!string_to_sid(&new_sid, u_sid)) {
486 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
487 return False;
488 }
489
490 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
491 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
492 return False;
493 }
494
495 return True;
496 }
497
498 /********************************************************************
499 We never fill this in from a passdb backend but rather set is
500 based on the user's primary group membership. However, the
501 struct samu* is overloaded and reused in domain memship code
502 as well and built from the netr_SamInfo3 or PAC so we
503 have to allow the explicitly setting of a group SID here.
504 ********************************************************************/
505
506 bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum pdb_value_state flag)
507 {
508 gid_t gid;
509 struct dom_sid dug_sid;
510
511 if (!g_sid)
512 return False;
513
514 if ( !(sampass->group_sid = talloc( sampass, struct dom_sid )) ) {
515 return False;
516 }
517
518 /* if we cannot resolve the SID to gid, then just ignore it and
519 store DOMAIN_USERS as the primary groupSID */
520
521 sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
522
523 if (dom_sid_equal(&dug_sid, g_sid)) {
524 sid_copy(sampass->group_sid, &dug_sid);
525 } else if (sid_to_gid( g_sid, &gid ) ) {
526 sid_copy(sampass->group_sid, g_sid);
527 } else {
528 sid_copy(sampass->group_sid, &dug_sid);
529 }
530
531 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
532 sid_string_dbg(sampass->group_sid)));
533
534 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
535 }
536
537 /*********************************************************************
538 Set the user's UNIX name.
539 ********************************************************************/
540
541 bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
542 {
543 if (username) {
544 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
545 (sampass->username)?(sampass->username):"NULL"));
546
547 sampass->username = talloc_strdup(sampass, username);
548
549 if (!sampass->username) {
550 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
551 return False;
552 }
553 } else {
554 sampass->username = PDB_NOT_QUITE_NULL;
555 }
556
557 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
558 }
559
560 /*********************************************************************
561 Set the domain name.
562 ********************************************************************/
563
564 bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
565 {
566 if (domain) {
567 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
568 (sampass->domain)?(sampass->domain):"NULL"));
569
570 sampass->domain = talloc_strdup(sampass, domain);
571
572 if (!sampass->domain) {
573 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
574 return False;
575 }
576 } else {
577 sampass->domain = PDB_NOT_QUITE_NULL;
578 }
579
580 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
581 }
582
583 /*********************************************************************
584 Set the user's NT name.
585 ********************************************************************/
586
587 bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
588 {
589 if (nt_username) {
590 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
591 (sampass->nt_username)?(sampass->nt_username):"NULL"));
592
593 sampass->nt_username = talloc_strdup(sampass, nt_username);
594
595 if (!sampass->nt_username) {
596 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
597 return False;
598 }
599 } else {
600 sampass->nt_username = PDB_NOT_QUITE_NULL;
601 }
602
603 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
604 }
605
606 /*********************************************************************
607 Set the user's full name.
608 ********************************************************************/
609
610 bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
611 {
612 if (full_name) {
613 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
614 (sampass->full_name)?(sampass->full_name):"NULL"));
615
616 sampass->full_name = talloc_strdup(sampass, full_name);
617
618 if (!sampass->full_name) {
619 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
620 return False;
621 }
622 } else {
623 sampass->full_name = PDB_NOT_QUITE_NULL;
624 }
625
626 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
627 }
628
629 /*********************************************************************
630 Set the user's logon script.
631 ********************************************************************/
632
633 bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
634 {
635 if (logon_script) {
636 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
637 (sampass->logon_script)?(sampass->logon_script):"NULL"));
638
639 sampass->logon_script = talloc_strdup(sampass, logon_script);
640
641 if (!sampass->logon_script) {
642 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
643 return False;
644 }
645 } else {
646 sampass->logon_script = PDB_NOT_QUITE_NULL;
647 }
648
649 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
650 }
651
652 /*********************************************************************
653 Set the user's profile path.
654 ********************************************************************/
655
656 bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
657 {
658 if (profile_path) {
659 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
660 (sampass->profile_path)?(sampass->profile_path):"NULL"));
661
662 sampass->profile_path = talloc_strdup(sampass, profile_path);
663
664 if (!sampass->profile_path) {
665 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
666 return False;
667 }
668 } else {
669 sampass->profile_path = PDB_NOT_QUITE_NULL;
670 }
671
672 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
673 }
674
675 /*********************************************************************
676 Set the user's directory drive.
677 ********************************************************************/
678
679 bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
680 {
681 if (dir_drive) {
682 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
683 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
684
685 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
686
687 if (!sampass->dir_drive) {
688 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
689 return False;
690 }
691
692 } else {
693 sampass->dir_drive = PDB_NOT_QUITE_NULL;
694 }
695
696 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
697 }
698
699 /*********************************************************************
700 Set the user's home directory.
701 ********************************************************************/
702
703 bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
704 {
705 if (home_dir) {
706 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
707 (sampass->home_dir)?(sampass->home_dir):"NULL"));
708
709 sampass->home_dir = talloc_strdup(sampass, home_dir);
710
711 if (!sampass->home_dir) {
712 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
713 return False;
714 }
715 } else {
716 sampass->home_dir = PDB_NOT_QUITE_NULL;
717 }
718
719 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
720 }
721
722 /*********************************************************************
723 Set the user's account description.
724 ********************************************************************/
725
726 bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
727 {
728 if (acct_desc) {
729 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
730
731 if (!sampass->acct_desc) {
732 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
733 return False;
734 }
735 } else {
736 sampass->acct_desc = PDB_NOT_QUITE_NULL;
737 }
738
739 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
740 }
741
742 /*********************************************************************
743 Set the user's workstation allowed list.
744 ********************************************************************/
745
746 bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
747 {
748 if (workstations) {
749 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
750 (sampass->workstations)?(sampass->workstations):"NULL"));
751
752 sampass->workstations = talloc_strdup(sampass, workstations);
753
754 if (!sampass->workstations) {
755 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
756 return False;
757 }
758 } else {
759 sampass->workstations = PDB_NOT_QUITE_NULL;
760 }
761
762 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
763 }
764
765 /*********************************************************************
766 ********************************************************************/
767
768 bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
769 {
770 if (comment) {
771 sampass->comment = talloc_strdup(sampass, comment);
772
773 if (!sampass->comment) {
774 DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
775 return False;
776 }
777 } else {
778 sampass->comment = PDB_NOT_QUITE_NULL;
779 }
780
781 return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
782 }
783
784 /*********************************************************************
785 Set the user's dial string.
786 ********************************************************************/
787
788 bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
789 {
790 if (munged_dial) {
791 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
792
793 if (!sampass->munged_dial) {
794 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
795 return False;
796 }
797 } else {
798 sampass->munged_dial = PDB_NOT_QUITE_NULL;
799 }
800
801 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
802 }
803
804 /*********************************************************************
805 Set the user's NT hash.
806 ********************************************************************/
807
808 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
809 {
810 data_blob_clear_free(&sampass->nt_pw);
811
812 if (pwd) {
813 sampass->nt_pw =
814 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
815 } else {
816 sampass->nt_pw = data_blob_null;
817 }
818
819 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
820 }
821
822 /*********************************************************************
823 Set the user's LM hash.
824 ********************************************************************/
825
826 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
827 {
828 data_blob_clear_free(&sampass->lm_pw);
829
830 /* on keep the password if we are allowing LANMAN authentication */
831
832 if (pwd && lp_lanman_auth() ) {
833 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
834 } else {
835 sampass->lm_pw = data_blob_null;
836 }
837
838 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
839 }
840
841 /*********************************************************************
842 Set the user's password history hash. historyLen is the number of
843 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
844 entries to store in the history - this must match the size of the uint8 array
845 in pwd.
846 ********************************************************************/
847
848 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag)
849 {
850 if (historyLen && pwd){
851 data_blob_free(&(sampass->nt_pw_his));
852 sampass->nt_pw_his = data_blob_talloc(sampass,
853 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
854 if (!sampass->nt_pw_his.length) {
855 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
856 return False;
857 }
858 } else {
859 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
860 }
861
862 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
863 }
864
865 /*********************************************************************
866 Set the user's plaintext password only (base procedure, see helper
867 below)
868 ********************************************************************/
869
870 bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
871 {
872 if (password) {
873 if (sampass->plaintext_pw!=NULL)
874 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
875
876 sampass->plaintext_pw = talloc_strdup(sampass, password);
877
878 if (!sampass->plaintext_pw) {
879 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
880 return False;
881 }
882 } else {
883 sampass->plaintext_pw = NULL;
884 }
885
886 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
887 }
888
889 bool pdb_set_bad_password_count(struct samu *sampass, uint16_t bad_password_count, enum pdb_value_state flag)
890 {
891 sampass->bad_password_count = bad_password_count;
892 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
893 }
894
895 bool pdb_set_logon_count(struct samu *sampass, uint16_t logon_count, enum pdb_value_state flag)
896 {
897 sampass->logon_count = logon_count;
898 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
899 }
900
901 bool pdb_set_country_code(struct samu *sampass, uint16_t country_code,
902 enum pdb_value_state flag)
903 {
904 sampass->country_code = country_code;
905 return pdb_set_init_flags(sampass, PDB_COUNTRY_CODE, flag);
906 }
907
908 bool pdb_set_code_page(struct samu *sampass, uint16_t code_page,
909 enum pdb_value_state flag)
910 {
911 sampass->code_page = code_page;
912 return pdb_set_init_flags(sampass, PDB_CODE_PAGE, flag);
913 }
914
915 bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag)
916 {
917 sampass->unknown_6 = unkn;
918 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
919 }
920
921 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, int hours_len,
922 enum pdb_value_state flag)
923 {
924 if (hours_len > sizeof(sampass->hours)) {
925 return false;
926 }
927
928 if (!hours) {
929 memset ((char *)sampass->hours, 0, hours_len);
930 } else {
931 memcpy (sampass->hours, hours, hours_len);
932 }
933
934 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
935 }
936
937 bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
938 void (*free_fn)(void **),
939 const struct pdb_methods *my_methods,
940 enum pdb_value_state flag)
941 {
942 if (sampass->backend_private_data &&
943 sampass->backend_private_data_free_fn) {
944 sampass->backend_private_data_free_fn(
945 &sampass->backend_private_data);
946 }
947
948 sampass->backend_private_data = private_data;
949 sampass->backend_private_data_free_fn = free_fn;
950 sampass->backend_private_methods = my_methods;
951
952 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
953 }
954
955
956 /* Helpful interfaces to the above */
957
958 bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
959 {
960 return pdb_set_pass_can_change_time(sampass,
961 canchange ? 0 : get_time_t_max(),
962 PDB_CHANGED);
963 }
964
965
966 /*********************************************************************
967 Set the user's PLAINTEXT password. Used as an interface to the above.
968 Also sets the last change time to NOW.
969 ********************************************************************/
970
971 bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
972 {
973 uchar new_lanman_p16[LM_HASH_LEN];
974 uchar new_nt_p16[NT_HASH_LEN];
975 uchar *pwhistory;
976 uint32_t pwHistLen;
977 uint32_t current_history_len;
978
979 if (!plaintext)
980 return False;
981
982 /* Calculate the MD4 hash (NT compatible) of the password */
983 E_md4hash(plaintext, new_nt_p16);
984
985 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
986 return False;
987
988 if (!E_deshash(plaintext, new_lanman_p16)) {
989 /* E_deshash returns false for 'long' passwords (> 14
990 DOS chars). This allows us to match Win2k, which
991 does not store a LM hash for these passwords (which
992 would reduce the effective password length to 14 */
993
994 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
995 return False;
996 } else {
997 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
998 return False;
999 }
1000
1001 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1002 return False;
1003
1004 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1005 return False;
1006
1007 if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
1008 /*
1009 * No password history for non-user accounts
1010 */
1011 return true;
1012 }
1013
1014 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
1015
1016 if (pwHistLen == 0) {
1017 /* Set the history length to zero. */
1018 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1019 return true;
1020 }
1021
1022 /*
1023 * We need to make sure we don't have a race condition here -
1024 * the account policy history length can change between when
1025 * the pw_history was first loaded into the struct samu struct
1026 * and now.... JRA.
1027 */
1028 pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1029
1030 if ((current_history_len != 0) && (pwhistory == NULL)) {
1031 DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
1032 return false;
1033 }
1034
1035 if (current_history_len < pwHistLen) {
1036 /*
1037 * Ensure we have space for the needed history. This
1038 * also takes care of an account which did not have
1039 * any history at all so far, i.e. pwhistory==NULL
1040 */
1041 uchar *new_history = talloc_zero_array(
1042 sampass, uchar,
1043 pwHistLen*PW_HISTORY_ENTRY_LEN);
1044
1045 if (!new_history) {
1046 return False;
1047 }
1048
1049 memcpy(new_history, pwhistory,
1050 current_history_len*PW_HISTORY_ENTRY_LEN);
1051
1052 pwhistory = new_history;
1053 }
1054
1055 /*
1056 * Make room for the new password in the history list.
1057 */
1058 if (pwHistLen > 1) {
1059 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
1060 (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
1061 }
1062
1063 /*
1064 * Fill the salt area with 0-s: this indicates that
1065 * a plain nt hash is stored in the has area.
1066 * The old format was to store a 16 byte salt and
1067 * then an md5hash of the nt_hash concatenated with
1068 * the salt.
1069 */
1070 memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
1071
1072 /*
1073 * Store the plain nt hash in the second 16 bytes.
1074 * The old format was to store the md5 hash of
1075 * the salt+newpw.
1076 */
1077 memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
1078
1079 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1080
1081 return True;
1082 }
1083
1084 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1085 uint32_t pdb_build_fields_present(struct samu *sampass)
1086 {
1087 /* value set to all for testing */
1088 return 0x00ffffff;
1089 }
reg import