search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r15705: Fix bug number 3788. Thanks to Jeff Wright.
[Samba/nascimento.git] / source3 / passdb / pdb_get_set.c
blob0b93c42a41690ad67d28c75c6e54b223afdc5bdc
1 /*
2 Unix SMB/CIFS implementation.
3 struct samu access routines
4 Copyright (C) Jeremy Allison 1996-2001
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Gerald (Jerry) Carter 2000-2006
7 Copyright (C) Andrew Bartlett 2001-2002
8 Copyright (C) Stefan (metze) Metzmacher 2002
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_PASSDB
29
30 /**
31 * @todo Redefine this to NULL, but this changes the API because
32 * much of samba assumes that the pdb_get...() funtions
33 * return pstrings. (ie not null-pointers).
34 * See also pdb_fill_default_sam().
35 */
36
37 #define PDB_NOT_QUITE_NULL ""
38
39 /*********************************************************************
40 Collection of get...() functions for struct samu.
41 ********************************************************************/
42
43 uint32 pdb_get_acct_ctrl (const struct samu *sampass)
44 {
45 if (sampass)
46 return (sampass->acct_ctrl);
47 else
48 return (ACB_DISABLED);
49 }
50
51 time_t pdb_get_logon_time (const struct samu *sampass)
52 {
53 if (sampass)
54 return (sampass->logon_time);
55 else
56 return (0);
57 }
58
59 time_t pdb_get_logoff_time (const struct samu *sampass)
60 {
61 if (sampass)
62 return (sampass->logoff_time);
63 else
64 return (-1);
65 }
66
67 time_t pdb_get_kickoff_time (const struct samu *sampass)
68 {
69 if (sampass)
70 return (sampass->kickoff_time);
71 else
72 return (-1);
73 }
74
75 time_t pdb_get_bad_password_time (const struct samu *sampass)
76 {
77 if (sampass)
78 return (sampass->bad_password_time);
79 else
80 return (-1);
81 }
82
83 time_t pdb_get_pass_last_set_time (const struct samu *sampass)
84 {
85 if (sampass)
86 return (sampass->pass_last_set_time);
87 else
88 return (-1);
89 }
90
91 time_t pdb_get_pass_can_change_time (const struct samu *sampass)
92 {
93 if (sampass)
94 return (sampass->pass_can_change_time);
95 else
96 return (-1);
97 }
98
99 time_t pdb_get_pass_must_change_time (const struct samu *sampass)
100 {
101 if (sampass)
102 return (sampass->pass_must_change_time);
103 else
104 return (-1);
105 }
106
107 uint16 pdb_get_logon_divs (const struct samu *sampass)
108 {
109 if (sampass)
110 return (sampass->logon_divs);
111 else
112 return (-1);
113 }
114
115 uint32 pdb_get_hours_len (const struct samu *sampass)
116 {
117 if (sampass)
118 return (sampass->hours_len);
119 else
120 return (-1);
121 }
122
123 const uint8* pdb_get_hours (const struct samu *sampass)
124 {
125 if (sampass)
126 return (sampass->hours);
127 else
128 return (NULL);
129 }
130
131 const uint8* pdb_get_nt_passwd (const struct samu *sampass)
132 {
133 if (sampass) {
134 SMB_ASSERT((!sampass->nt_pw.data)
135 || sampass->nt_pw.length == NT_HASH_LEN);
136 return ((uint8*)sampass->nt_pw.data);
137 }
138 else
139 return (NULL);
140 }
141
142 const uint8* pdb_get_lanman_passwd (const struct samu *sampass)
143 {
144 if (sampass) {
145 SMB_ASSERT((!sampass->lm_pw.data)
146 || sampass->lm_pw.length == LM_HASH_LEN);
147 return ((uint8*)sampass->lm_pw.data);
148 }
149 else
150 return (NULL);
151 }
152
153 const uint8* pdb_get_pw_history (const struct samu *sampass, uint32 *current_hist_len)
154 {
155 if (sampass) {
156 SMB_ASSERT((!sampass->nt_pw_his.data)
157 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
158 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
159 return ((uint8*)sampass->nt_pw_his.data);
160 } else {
161 *current_hist_len = 0;
162 return (NULL);
163 }
164 }
165
166 /* Return the plaintext password if known. Most of the time
167 it isn't, so don't assume anything magic about this function.
168
169 Used to pass the plaintext to passdb backends that might
170 want to store more than just the NTLM hashes.
171 */
172 const char* pdb_get_plaintext_passwd (const struct samu *sampass)
173 {
174 if (sampass) {
175 return (sampass->plaintext_pw);
176 }
177 else
178 return (NULL);
179 }
180 const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
181 {
182 if (sampass)
183 return &sampass->user_sid;
184
185 return NULL;
186 }
187
188 const DOM_SID *pdb_get_group_sid(struct samu *sampass)
189 {
190 DOM_SID *gsid;
191 struct passwd *pwd;
192
193 /* sanity check */
194
195 if ( !sampass ) {
196 return NULL;
197 }
198
199 /* Return the cached group SID if we have that */
200
201 if ( sampass->group_sid ) {
202 return sampass->group_sid;
203 }
204
205 /* generate the group SID from the user's primary Unix group */
206
207 if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
208 return NULL;
209 }
210
211 /* No algorithmic mapping, meaning that we have to figure out the
212 primary group SID according to group mapping and the user SID must
213 be a newly allocated one. We rely on the user's Unix primary gid.
214 We have no choice but to fail if we can't find it. */
215
216 if ( sampass->unix_pw )
217 pwd = sampass->unix_pw;
218 else
219 pwd = getpwnam_alloc( sampass, pdb_get_username(sampass) );
220
221 if ( !pwd ) {
222 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
223 return NULL;
224 }
225
226 if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
227 enum SID_NAME_USE type = SID_NAME_UNKNOWN;
228 TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
229 BOOL lookup_ret;
230
231 if (!mem_ctx) {
232 return NULL;
233 }
234
235 /* Now check that it's actually a domain group and not something else */
236
237 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
238
239 TALLOC_FREE( mem_ctx );
240
241 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
242 sampass->group_sid = gsid;
243 return sampass->group_sid;
244 }
245
246 DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n",
247 pwd->pw_name, sid_type_lookup(type)));
248 }
249
250 /* Just set it to the 'Domain Users' RID of 512 which will
251 always resolve to a name */
252
253 sid_copy( gsid, get_global_sam_sid() );
254 sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
255
256 sampass->group_sid = gsid;
257
258 return sampass->group_sid;
259 }
260
261 /**
262 * Get flags showing what is initalised in the struct samu
263 * @param sampass the struct samu in question
264 * @return the flags indicating the members initialised in the struct.
265 **/
266
267 enum pdb_value_state pdb_get_init_flags (const struct samu *sampass, enum pdb_elements element)
268 {
269 enum pdb_value_state ret = PDB_DEFAULT;
270
271 if (!sampass || !sampass->change_flags || !sampass->set_flags)
272 return ret;
273
274 if (bitmap_query(sampass->set_flags, element)) {
275 DEBUG(11, ("element %d: SET\n", element));
276 ret = PDB_SET;
277 }
278
279 if (bitmap_query(sampass->change_flags, element)) {
280 DEBUG(11, ("element %d: CHANGED\n", element));
281 ret = PDB_CHANGED;
282 }
283
284 if (ret == PDB_DEFAULT) {
285 DEBUG(11, ("element %d: DEFAULT\n", element));
286 }
287
288 return ret;
289 }
290
291 const char* pdb_get_username (const struct samu *sampass)
292 {
293 if (sampass)
294 return (sampass->username);
295 else
296 return (NULL);
297 }
298
299 const char* pdb_get_domain (const struct samu *sampass)
300 {
301 if (sampass)
302 return (sampass->domain);
303 else
304 return (NULL);
305 }
306
307 const char* pdb_get_nt_username (const struct samu *sampass)
308 {
309 if (sampass)
310 return (sampass->nt_username);
311 else
312 return (NULL);
313 }
314
315 const char* pdb_get_fullname (const struct samu *sampass)
316 {
317 if (sampass)
318 return (sampass->full_name);
319 else
320 return (NULL);
321 }
322
323 const char* pdb_get_homedir (const struct samu *sampass)
324 {
325 if (sampass)
326 return (sampass->home_dir);
327 else
328 return (NULL);
329 }
330
331 const char* pdb_get_unix_homedir (const struct samu *sampass)
332 {
333 if ( sampass && sampass->unix_pw )
334 return ( sampass->unix_pw->pw_dir );
335
336 return (NULL);
337 }
338
339 const char* pdb_get_dir_drive (const struct samu *sampass)
340 {
341 if (sampass)
342 return (sampass->dir_drive);
343 else
344 return (NULL);
345 }
346
347 const char* pdb_get_logon_script (const struct samu *sampass)
348 {
349 if (sampass)
350 return (sampass->logon_script);
351 else
352 return (NULL);
353 }
354
355 const char* pdb_get_profile_path (const struct samu *sampass)
356 {
357 if (sampass)
358 return (sampass->profile_path);
359 else
360 return (NULL);
361 }
362
363 const char* pdb_get_acct_desc (const struct samu *sampass)
364 {
365 if (sampass)
366 return (sampass->acct_desc);
367 else
368 return (NULL);
369 }
370
371 const char* pdb_get_workstations (const struct samu *sampass)
372 {
373 if (sampass)
374 return (sampass->workstations);
375 else
376 return (NULL);
377 }
378
379 const char* pdb_get_unknown_str (const struct samu *sampass)
380 {
381 if (sampass)
382 return (sampass->unknown_str);
383 else
384 return (NULL);
385 }
386
387 const char* pdb_get_munged_dial (const struct samu *sampass)
388 {
389 if (sampass)
390 return (sampass->munged_dial);
391 else
392 return (NULL);
393 }
394
395 uint16 pdb_get_bad_password_count(const struct samu *sampass)
396 {
397 if (sampass)
398 return (sampass->bad_password_count);
399 else
400 return 0;
401 }
402
403 uint16 pdb_get_logon_count(const struct samu *sampass)
404 {
405 if (sampass)
406 return (sampass->logon_count);
407 else
408 return 0;
409 }
410
411 uint32 pdb_get_unknown_6 (const struct samu *sampass)
412 {
413 if (sampass)
414 return (sampass->unknown_6);
415 else
416 return (-1);
417 }
418
419 void *pdb_get_backend_private_data (const struct samu *sampass, const struct pdb_methods *my_methods)
420 {
421 if (sampass && my_methods == sampass->backend_private_methods)
422 return sampass->backend_private_data;
423 else
424 return NULL;
425 }
426
427 /*********************************************************************
428 Collection of set...() functions for struct samu.
429 ********************************************************************/
430
431 BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
432 {
433 if (!sampass)
434 return False;
435
436 sampass->acct_ctrl = acct_ctrl;
437
438 return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
439 }
440
441 BOOL pdb_set_logon_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
442 {
443 if (!sampass)
444 return False;
445
446 sampass->logon_time = mytime;
447
448 return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
449 }
450
451 BOOL pdb_set_logoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
452 {
453 if (!sampass)
454 return False;
455
456 sampass->logoff_time = mytime;
457
458 return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
459 }
460
461 BOOL pdb_set_kickoff_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
462 {
463 if (!sampass)
464 return False;
465
466 sampass->kickoff_time = mytime;
467
468 return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
469 }
470
471 BOOL pdb_set_bad_password_time (struct samu *sampass, time_t mytime,
472 enum pdb_value_state flag)
473 {
474 if (!sampass)
475 return False;
476
477 sampass->bad_password_time = mytime;
478
479 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
480 }
481
482 BOOL pdb_set_pass_can_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
483 {
484 if (!sampass)
485 return False;
486
487 sampass->pass_can_change_time = mytime;
488
489 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
490 }
491
492 BOOL pdb_set_pass_must_change_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
493 {
494 if (!sampass)
495 return False;
496
497 sampass->pass_must_change_time = mytime;
498
499 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
500 }
501
502 BOOL pdb_set_pass_last_set_time (struct samu *sampass, time_t mytime, enum pdb_value_state flag)
503 {
504 if (!sampass)
505 return False;
506
507 sampass->pass_last_set_time = mytime;
508
509 return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
510 }
511
512 BOOL pdb_set_hours_len (struct samu *sampass, uint32 len, enum pdb_value_state flag)
513 {
514 if (!sampass)
515 return False;
516
517 sampass->hours_len = len;
518
519 return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
520 }
521
522 BOOL pdb_set_logon_divs (struct samu *sampass, uint16 hours, enum pdb_value_state flag)
523 {
524 if (!sampass)
525 return False;
526
527 sampass->logon_divs = hours;
528
529 return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
530 }
531
532 /**
533 * Set flags showing what is initalised in the struct samu
534 * @param sampass the struct samu in question
535 * @param flag The *new* flag to be set. Old flags preserved
536 * this flag is only added.
537 **/
538
539 BOOL pdb_set_init_flags (struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
540 {
541 if (!sampass || !sampass)
542 return False;
543
544 if (!sampass->set_flags) {
545 if ((sampass->set_flags =
546 bitmap_talloc(sampass,
547 PDB_COUNT))==NULL) {
548 DEBUG(0,("bitmap_talloc failed\n"));
549 return False;
550 }
551 }
552 if (!sampass->change_flags) {
553 if ((sampass->change_flags =
554 bitmap_talloc(sampass,
555 PDB_COUNT))==NULL) {
556 DEBUG(0,("bitmap_talloc failed\n"));
557 return False;
558 }
559 }
560
561 switch(value_flag) {
562 case PDB_CHANGED:
563 if (!bitmap_set(sampass->change_flags, element)) {
564 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
565 return False;
566 }
567 if (!bitmap_set(sampass->set_flags, element)) {
568 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
569 return False;
570 }
571 DEBUG(11, ("element %d -> now CHANGED\n", element));
572 break;
573 case PDB_SET:
574 if (!bitmap_clear(sampass->change_flags, element)) {
575 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
576 return False;
577 }
578 if (!bitmap_set(sampass->set_flags, element)) {
579 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
580 return False;
581 }
582 DEBUG(11, ("element %d -> now SET\n", element));
583 break;
584 case PDB_DEFAULT:
585 default:
586 if (!bitmap_clear(sampass->change_flags, element)) {
587 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
588 return False;
589 }
590 if (!bitmap_clear(sampass->set_flags, element)) {
591 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
592 return False;
593 }
594 DEBUG(11, ("element %d -> now DEFAULT\n", element));
595 break;
596 }
597
598 return True;
599 }
600
601 BOOL pdb_set_user_sid (struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
602 {
603 if (!sampass || !u_sid)
604 return False;
605
606 sid_copy(&sampass->user_sid, u_sid);
607
608 DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
609 sid_string_static(&sampass->user_sid)));
610
611 return pdb_set_init_flags(sampass, PDB_USERSID, flag);
612 }
613
614 BOOL pdb_set_user_sid_from_string (struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
615 {
616 DOM_SID new_sid;
617
618 if (!sampass || !u_sid)
619 return False;
620
621 DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
622 u_sid));
623
624 if (!string_to_sid(&new_sid, u_sid)) {
625 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
626 return False;
627 }
628
629 if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
630 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
631 return False;
632 }
633
634 return True;
635 }
636
637 /********************************************************************
638 We never fill this in from a passdb backend but rather set is
639 based on the user's primary group membership. However, the
640 struct samu* is overloaded and reused in domain memship code
641 as well and built from the NET_USER_INFO_3 or PAC so we
642 have to allow the explicitly setting of a group SID here.
643 ********************************************************************/
644
645 BOOL pdb_set_group_sid (struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
646 {
647 gid_t gid;
648
649 if (!sampass || !g_sid)
650 return False;
651
652 if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
653 return False;
654 }
655
656 /* if we cannot resolve the SID to gid, then just ignore it and
657 store DOMAIN_USERS as the primary groupSID */
658
659 if ( sid_to_gid( g_sid, &gid ) ) {
660 sid_copy(sampass->group_sid, g_sid);
661 } else {
662 sid_copy( sampass->group_sid, get_global_sam_sid() );
663 sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
664 }
665
666 DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
667 sid_string_static(sampass->group_sid)));
668
669 return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
670 }
671
672 /*********************************************************************
673 Set the user's UNIX name.
674 ********************************************************************/
675
676 BOOL pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
677 {
678 if (!sampass)
679 return False;
680
681 if (username) {
682 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
683 (sampass->username)?(sampass->username):"NULL"));
684
685 sampass->username = talloc_strdup(sampass, username);
686
687 if (!sampass->username) {
688 DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
689 return False;
690 }
691
692 } else {
693 sampass->username = PDB_NOT_QUITE_NULL;
694 }
695
696 return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
697 }
698
699 /*********************************************************************
700 Set the domain name.
701 ********************************************************************/
702
703 BOOL pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
704 {
705 if (!sampass)
706 return False;
707
708 if (domain) {
709 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
710 (sampass->domain)?(sampass->domain):"NULL"));
711
712 sampass->domain = talloc_strdup(sampass, domain);
713
714 if (!sampass->domain) {
715 DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
716 return False;
717 }
718
719 } else {
720 sampass->domain = PDB_NOT_QUITE_NULL;
721 }
722
723 return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
724 }
725
726 /*********************************************************************
727 Set the user's NT name.
728 ********************************************************************/
729
730 BOOL pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
731 {
732 if (!sampass)
733 return False;
734
735 if (nt_username) {
736 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
737 (sampass->nt_username)?(sampass->nt_username):"NULL"));
738
739 sampass->nt_username = talloc_strdup(sampass, nt_username);
740
741 if (!sampass->nt_username) {
742 DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
743 return False;
744 }
745
746 } else {
747 sampass->nt_username = PDB_NOT_QUITE_NULL;
748 }
749
750 return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
751 }
752
753 /*********************************************************************
754 Set the user's full name.
755 ********************************************************************/
756
757 BOOL pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
758 {
759 if (!sampass)
760 return False;
761
762 if (full_name) {
763 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
764 (sampass->full_name)?(sampass->full_name):"NULL"));
765
766 sampass->full_name = talloc_strdup(sampass, full_name);
767
768 if (!sampass->full_name) {
769 DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
770 return False;
771 }
772
773 } else {
774 sampass->full_name = PDB_NOT_QUITE_NULL;
775 }
776
777 return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
778 }
779
780 /*********************************************************************
781 Set the user's logon script.
782 ********************************************************************/
783
784 BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
785 {
786 if (!sampass)
787 return False;
788
789 if (logon_script) {
790 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
791 (sampass->logon_script)?(sampass->logon_script):"NULL"));
792
793 sampass->logon_script = talloc_strdup(sampass, logon_script);
794
795 if (!sampass->logon_script) {
796 DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
797 return False;
798 }
799
800 } else {
801 sampass->logon_script = PDB_NOT_QUITE_NULL;
802 }
803
804 return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
805 }
806
807 /*********************************************************************
808 Set the user's profile path.
809 ********************************************************************/
810
811 BOOL pdb_set_profile_path (struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
812 {
813 if (!sampass)
814 return False;
815
816 if (profile_path) {
817 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
818 (sampass->profile_path)?(sampass->profile_path):"NULL"));
819
820 sampass->profile_path = talloc_strdup(sampass, profile_path);
821
822 if (!sampass->profile_path) {
823 DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
824 return False;
825 }
826
827 } else {
828 sampass->profile_path = PDB_NOT_QUITE_NULL;
829 }
830
831 return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
832 }
833
834 /*********************************************************************
835 Set the user's directory drive.
836 ********************************************************************/
837
838 BOOL pdb_set_dir_drive (struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
839 {
840 if (!sampass)
841 return False;
842
843 if (dir_drive) {
844 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
845 (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
846
847 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
848
849 if (!sampass->dir_drive) {
850 DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
851 return False;
852 }
853
854 } else {
855 sampass->dir_drive = PDB_NOT_QUITE_NULL;
856 }
857
858 return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
859 }
860
861 /*********************************************************************
862 Set the user's home directory.
863 ********************************************************************/
864
865 BOOL pdb_set_homedir (struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
866 {
867 if (!sampass)
868 return False;
869
870 if (home_dir) {
871 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
872 (sampass->home_dir)?(sampass->home_dir):"NULL"));
873
874 sampass->home_dir = talloc_strdup(sampass, home_dir);
875
876 if (!sampass->home_dir) {
877 DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
878 return False;
879 }
880
881 } else {
882 sampass->home_dir = PDB_NOT_QUITE_NULL;
883 }
884
885 return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
886 }
887
888 /*********************************************************************
889 Set the user's account description.
890 ********************************************************************/
891
892 BOOL pdb_set_acct_desc (struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
893 {
894 if (!sampass)
895 return False;
896
897 if (acct_desc) {
898 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
899
900 if (!sampass->acct_desc) {
901 DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
902 return False;
903 }
904
905 } else {
906 sampass->acct_desc = PDB_NOT_QUITE_NULL;
907 }
908
909 return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
910 }
911
912 /*********************************************************************
913 Set the user's workstation allowed list.
914 ********************************************************************/
915
916 BOOL pdb_set_workstations (struct samu *sampass, const char *workstations, enum pdb_value_state flag)
917 {
918 if (!sampass)
919 return False;
920
921 if (workstations) {
922 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
923 (sampass->workstations)?(sampass->workstations):"NULL"));
924
925 sampass->workstations = talloc_strdup(sampass, workstations);
926
927 if (!sampass->workstations) {
928 DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
929 return False;
930 }
931
932 } else {
933 sampass->workstations = PDB_NOT_QUITE_NULL;
934 }
935
936 return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
937 }
938
939 /*********************************************************************
940 Set the user's 'unknown_str', whatever the heck this actually is...
941 ********************************************************************/
942
943 BOOL pdb_set_unknown_str (struct samu *sampass, const char *unknown_str, enum pdb_value_state flag)
944 {
945 if (!sampass)
946 return False;
947
948 if (unknown_str) {
949 sampass->unknown_str = talloc_strdup(sampass, unknown_str);
950
951 if (!sampass->unknown_str) {
952 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
953 return False;
954 }
955
956 } else {
957 sampass->unknown_str = PDB_NOT_QUITE_NULL;
958 }
959
960 return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
961 }
962
963 /*********************************************************************
964 Set the user's dial string.
965 ********************************************************************/
966
967 BOOL pdb_set_munged_dial (struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
968 {
969 if (!sampass)
970 return False;
971
972 if (munged_dial) {
973 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
974
975 if (!sampass->munged_dial) {
976 DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
977 return False;
978 }
979
980 } else {
981 sampass->munged_dial = PDB_NOT_QUITE_NULL;
982 }
983
984 return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
985 }
986
987 /*********************************************************************
988 Set the user's NT hash.
989 ********************************************************************/
990
991 BOOL pdb_set_nt_passwd (struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
992 {
993 if (!sampass)
994 return False;
995
996 data_blob_clear_free(&sampass->nt_pw);
997
998 if (pwd) {
999 sampass->nt_pw =
1000 data_blob_talloc(sampass, pwd, NT_HASH_LEN);
1001 } else {
1002 sampass->nt_pw = data_blob(NULL, 0);
1003 }
1004
1005 return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
1006 }
1007
1008 /*********************************************************************
1009 Set the user's LM hash.
1010 ********************************************************************/
1011
1012 BOOL pdb_set_lanman_passwd (struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
1013 {
1014 if (!sampass)
1015 return False;
1016
1017 data_blob_clear_free(&sampass->lm_pw);
1018
1019 /* on keep the password if we are allowing LANMAN authentication */
1020
1021 if (pwd && lp_lanman_auth() ) {
1022 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
1023 } else {
1024 sampass->lm_pw = data_blob(NULL, 0);
1025 }
1026
1027 return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
1028 }
1029
1030 /*********************************************************************
1031 Set the user's password history hash. historyLen is the number of
1032 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
1033 entries to store in the history - this must match the size of the uint8 array
1034 in pwd.
1035 ********************************************************************/
1036
1037 BOOL pdb_set_pw_history (struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
1038 {
1039 if (!sampass)
1040 return False;
1041
1042 if (historyLen && pwd){
1043 sampass->nt_pw_his = data_blob_talloc(sampass,
1044 pwd, historyLen*PW_HISTORY_ENTRY_LEN);
1045 if (!sampass->nt_pw_his.length) {
1046 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
1047 return False;
1048 }
1049 } else {
1050 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
1051 }
1052
1053 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
1054 }
1055
1056 /*********************************************************************
1057 Set the user's plaintext password only (base procedure, see helper
1058 below)
1059 ********************************************************************/
1060
1061 BOOL pdb_set_plaintext_pw_only (struct samu *sampass, const char *password, enum pdb_value_state flag)
1062 {
1063 if (!sampass)
1064 return False;
1065
1066 if (password) {
1067 if (sampass->plaintext_pw!=NULL)
1068 memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
1069
1070 sampass->plaintext_pw = talloc_strdup(sampass, password);
1071
1072 if (!sampass->plaintext_pw) {
1073 DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
1074 return False;
1075 }
1076
1077 } else {
1078 sampass->plaintext_pw = NULL;
1079 }
1080
1081 return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
1082 }
1083
1084 BOOL pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
1085 {
1086 if (!sampass)
1087 return False;
1088
1089 sampass->bad_password_count = bad_password_count;
1090
1091 return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
1092 }
1093
1094 BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
1095 {
1096 if (!sampass)
1097 return False;
1098
1099 sampass->logon_count = logon_count;
1100
1101 return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
1102 }
1103
1104 BOOL pdb_set_unknown_6 (struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
1105 {
1106 if (!sampass)
1107 return False;
1108
1109 sampass->unknown_6 = unkn;
1110
1111 return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
1112 }
1113
1114 BOOL pdb_set_hours (struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
1115 {
1116 if (!sampass)
1117 return False;
1118
1119 if (!hours) {
1120 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
1121 return True;
1122 }
1123
1124 memcpy (sampass->hours, hours, MAX_HOURS_LEN);
1125
1126 return pdb_set_init_flags(sampass, PDB_HOURS, flag);
1127 }
1128
1129 BOOL pdb_set_backend_private_data (struct samu *sampass, void *private_data,
1130 void (*free_fn)(void **),
1131 const struct pdb_methods *my_methods,
1132 enum pdb_value_state flag)
1133 {
1134 if (!sampass)
1135 return False;
1136
1137 if (sampass->backend_private_data &&
1138 sampass->backend_private_data_free_fn) {
1139 sampass->backend_private_data_free_fn(
1140 &sampass->backend_private_data);
1141 }
1142
1143 sampass->backend_private_data = private_data;
1144 sampass->backend_private_data_free_fn = free_fn;
1145 sampass->backend_private_methods = my_methods;
1146
1147 return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
1148 }
1149
1150
1151 /* Helpful interfaces to the above */
1152
1153 /*********************************************************************
1154 Sets the last changed times and must change times for a normal
1155 password change.
1156 ********************************************************************/
1157
1158 BOOL pdb_set_pass_changed_now (struct samu *sampass)
1159 {
1160 uint32 expire;
1161 uint32 min_age;
1162
1163 if (!sampass)
1164 return False;
1165
1166 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
1167 return False;
1168
1169 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
1170 || (expire==(uint32)-1) || (expire == 0)) {
1171 if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
1172 return False;
1173 } else {
1174 if (!pdb_set_pass_must_change_time (sampass,
1175 pdb_get_pass_last_set_time(sampass)
1176 + expire, PDB_CHANGED))
1177 return False;
1178 }
1179
1180 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
1181 || (min_age==(uint32)-1)) {
1182 if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
1183 return False;
1184 } else {
1185 if (!pdb_set_pass_can_change_time (sampass,
1186 pdb_get_pass_last_set_time(sampass)
1187 + min_age, PDB_CHANGED))
1188 return False;
1189 }
1190 return True;
1191 }
1192
1193 /*********************************************************************
1194 Set the user's PLAINTEXT password. Used as an interface to the above.
1195 Also sets the last change time to NOW.
1196 ********************************************************************/
1197
1198 BOOL pdb_set_plaintext_passwd (struct samu *sampass, const char *plaintext)
1199 {
1200 uchar new_lanman_p16[LM_HASH_LEN];
1201 uchar new_nt_p16[NT_HASH_LEN];
1202
1203 if (!sampass || !plaintext)
1204 return False;
1205
1206 /* Calculate the MD4 hash (NT compatible) of the password */
1207 E_md4hash(plaintext, new_nt_p16);
1208
1209 if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
1210 return False;
1211
1212 if (!E_deshash(plaintext, new_lanman_p16)) {
1213 /* E_deshash returns false for 'long' passwords (> 14
1214 DOS chars). This allows us to match Win2k, which
1215 does not store a LM hash for these passwords (which
1216 would reduce the effective password length to 14 */
1217
1218 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
1219 return False;
1220 } else {
1221 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
1222 return False;
1223 }
1224
1225 if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
1226 return False;
1227
1228 if (!pdb_set_pass_changed_now (sampass))
1229 return False;
1230
1231 /* Store the password history. */
1232 if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
1233 uchar *pwhistory;
1234 uint32 pwHistLen;
1235 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
1236 if (pwHistLen != 0){
1237 uint32 current_history_len;
1238 /* We need to make sure we don't have a race condition here - the
1239 account policy history length can change between when the pw_history
1240 was first loaded into the struct samu struct and now.... JRA. */
1241 pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
1242
1243 if (current_history_len != pwHistLen) {
1244 /* After closing and reopening struct samu the history
1245 values will sync up. We can't do this here. */
1246
1247 /* current_history_len > pwHistLen is not a problem - we
1248 have more history than we need. */
1249
1250 if (current_history_len < pwHistLen) {
1251 /* Ensure we have space for the needed history. */
1252 uchar *new_history = TALLOC(sampass,
1253 pwHistLen*PW_HISTORY_ENTRY_LEN);
1254 if (!new_history) {
1255 return False;
1256 }
1257
1258 /* And copy it into the new buffer. */
1259 if (current_history_len) {
1260 memcpy(new_history, pwhistory,
1261 current_history_len*PW_HISTORY_ENTRY_LEN);
1262 }
1263 /* Clearing out any extra space. */
1264 memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
1265 '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
1266 /* Finally replace it. */
1267 pwhistory = new_history;
1268 }
1269 }
1270 if (pwhistory && pwHistLen){
1271 /* Make room for the new password in the history list. */
1272 if (pwHistLen > 1) {
1273 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
1274 pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
1275 }
1276 /* Create the new salt as the first part of the history entry. */
1277 generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
1278
1279 /* Generate the md5 hash of the salt+new password as the second
1280 part of the history entry. */
1281
1282 E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
1283 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
1284 } else {
1285 DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
1286 }
1287 } else {
1288 /* Set the history length to zero. */
1289 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
1290 }
1291 }
1292
1293 return True;
1294 }
1295
1296 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
1297 uint32 pdb_build_fields_present (struct samu *sampass)
1298 {
1299 /* value set to all for testing */
1300 return 0x00ffffff;
1301 }