Context Navigation

source: branches/samba-3.0/source/utils/pdbedit.c@ 104

Visit:

Last change on this file since 104 was 44, checked in by Paul Smedley, 18 years ago
Update source to 3.0.25b
File size: 31.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	passdb editing frontend
4
5	Copyright (C) Simo Sorce 2000
6	Copyright (C) Andrew Bartlett 2001
7	Copyright (C) Jelmer Vernooij 2002
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 2 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program; if not, write to the Free Software
21	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22	*/
23
24	#include "includes.h"
25
26	#define BIT_BACKEND 0x00000004
27	#define BIT_VERBOSE 0x00000008
28	#define BIT_SPSTYLE 0x00000010
29	#define BIT_CAN_CHANGE 0x00000020
30	#define BIT_MUST_CHANGE 0x00000040
31	#define BIT_USERSIDS 0x00000080
32	#define BIT_FULLNAME 0x00000100
33	#define BIT_HOMEDIR 0x00000200
34	#define BIT_HDIRDRIVE 0x00000400
35	#define BIT_LOGSCRIPT 0x00000800
36	#define BIT_PROFILE 0x00001000
37	#define BIT_MACHINE 0x00002000
38	#define BIT_USERDOMAIN 0x00004000
39	#define BIT_USER 0x00008000
40	#define BIT_LIST 0x00010000
41	#define BIT_MODIFY 0x00020000
42	#define BIT_CREATE 0x00040000
43	#define BIT_DELETE 0x00080000
44	#define BIT_ACCPOLICY 0x00100000
45	#define BIT_ACCPOLVAL 0x00200000
46	#define BIT_ACCTCTRL 0x00400000
47	#define BIT_RESERV_7 0x00800000
48	#define BIT_IMPORT 0x01000000
49	#define BIT_EXPORT 0x02000000
50	#define BIT_FIX_INIT 0x04000000
51	#define BIT_BADPWRESET 0x08000000
52	#define BIT_LOGONHOURS 0x10000000
53
54	#define MASK_ALWAYS_GOOD 0x0000001F
55	#define MASK_USER_GOOD 0x00405FE0
56
57	/*********************************************************
58	Add all currently available users to another db
59	********************************************************/
60
61	static int export_database (struct pdb_methods *in,
62	struct pdb_methods *out,
63	const char *username)
64	{
65	struct samu *user = NULL;
66	NTSTATUS status;
67
68	DEBUG(3, ("export_database: username=\"%s\"\n", username ? username : "(NULL)"));
69
70	status = in->setsampwent(in, 0, 0);
71	if ( NT_STATUS_IS_ERR(status) ) {
72	fprintf(stderr, "Unable to set account database iterator for %s!\n",
73	in->name);
74	return 1;
75	}
76
77	if ( ( user = samu_new( NULL ) ) == NULL ) {
78	fprintf(stderr, "export_database: Memory allocation failure!\n");
79	return 1;
80	}
81
82	while ( NT_STATUS_IS_OK(in->getsampwent(in, user)) )
83	{
84	DEBUG(4, ("Processing account %s\n", user->username));
85
86	/* If we don't have a specific user or if we do and
87	the login name matches */
88
89	if ( !username \|\| (strcmp(username, user->username) == 0)) {
90	struct samu *account;
91
92	if ( (account = samu_new( NULL )) == NULL ) {
93	fprintf(stderr, "export_database: Memory allocation failure!\n");
94	TALLOC_FREE( user );
95	in->endsampwent( in );
96	return 1;
97	}
98
99	printf("Importing account for %s...", user->username);
100	if ( !NT_STATUS_IS_OK(out->getsampwnam( out, account, user->username )) ) {
101	status = out->add_sam_account(out, user);
102	} else {
103	status = out->update_sam_account( out, user );
104	}
105
106	if ( NT_STATUS_IS_OK(status) ) {
107	printf( "ok\n");
108	} else {
109	printf( "failed\n");
110	}
111
112	TALLOC_FREE( account );
113	}
114
115	/* clean up and get ready for another run */
116
117	TALLOC_FREE( user );
118
119	if ( ( user = samu_new( NULL ) ) == NULL ) {
120	fprintf(stderr, "export_database: Memory allocation failure!\n");
121	return 1;
122	}
123	}
124
125	TALLOC_FREE( user );
126
127	in->endsampwent(in);
128
129	return 0;
130	}
131
132	/*********************************************************
133	Add all currently available group mappings to another db
134	********************************************************/
135
136	static int export_groups (struct pdb_methods in, struct pdb_methods out)
137	{
138	GROUP_MAP *maps = NULL;
139	size_t i, entries = 0;
140	NTSTATUS status;
141
142	status = in->enum_group_mapping(in, get_global_sam_sid(),
143	SID_NAME_DOM_GRP, &maps, &entries, False);
144
145	if ( NT_STATUS_IS_ERR(status) ) {
146	fprintf(stderr, "Unable to enumerate group map entries.\n");
147	return 1;
148	}
149
150	for (i=0; i<entries; i++) {
151	out->add_group_mapping_entry(out, &(maps[i]));
152	}
153
154	SAFE_FREE( maps );
155
156	return 0;
157	}
158
159	/*********************************************************
160	Reset account policies to their default values and remove marker
161	********************************************************/
162
163	static int reinit_account_policies (void)
164	{
165	int i;
166
167	for (i=1; decode_account_policy_name(i) != NULL; i++) {
168	uint32 policy_value;
169	if (!account_policy_get_default(i, &policy_value)) {
170	fprintf(stderr, "Can't get default account policy\n");
171	return -1;
172	}
173	if (!account_policy_set(i, policy_value)) {
174	fprintf(stderr, "Can't set account policy in tdb\n");
175	return -1;
176	}
177	}
178
179	return 0;
180	}
181
182
183	/*********************************************************
184	Add all currently available account policy from tdb to one backend
185	********************************************************/
186
187	static int export_account_policies (struct pdb_methods in, struct pdb_methods out)
188	{
189	int i;
190
191	for ( i=1; decode_account_policy_name(i) != NULL; i++ ) {
192	uint32 policy_value;
193	NTSTATUS status;
194
195	status = in->get_account_policy(in, i, &policy_value);
196
197	if ( NT_STATUS_IS_ERR(status) ) {
198	fprintf(stderr, "Unable to get account policy from %s\n", in->name);
199	return -1;
200	}
201
202	status = out->set_account_policy(out, i, policy_value);
203
204	if ( NT_STATUS_IS_ERR(status) ) {
205	fprintf(stderr, "Unable to migrate account policy to %s\n", out->name);
206	return -1;
207	}
208	}
209
210	return 0;
211	}
212
213
214	/*********************************************************
215	Print info from sam structure
216	**********************************************************/
217
218	static int print_sam_info (struct samu *sam_pwent, BOOL verbosity, BOOL smbpwdstyle)
219	{
220	uid_t uid;
221	time_t tmp;
222
223	/* TODO: chaeck if entry is a user or a workstation */
224	if (!sam_pwent) return -1;
225
226	if (verbosity) {
227	pstring temp;
228	const uint8 *hours;
229
230	printf ("Unix username: %s\n", pdb_get_username(sam_pwent));
231	printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent));
232	printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN));
233	printf ("User SID: %s\n",
234	sid_string_static(pdb_get_user_sid(sam_pwent)));
235	printf ("Primary Group SID: %s\n",
236	sid_string_static(pdb_get_group_sid(sam_pwent)));
237	printf ("Full Name: %s\n", pdb_get_fullname(sam_pwent));
238	printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
239	printf ("HomeDir Drive: %s\n", pdb_get_dir_drive(sam_pwent));
240	printf ("Logon Script: %s\n", pdb_get_logon_script(sam_pwent));
241	printf ("Profile Path: %s\n", pdb_get_profile_path(sam_pwent));
242	printf ("Domain: %s\n", pdb_get_domain(sam_pwent));
243	printf ("Account desc: %s\n", pdb_get_acct_desc(sam_pwent));
244	printf ("Workstations: %s\n", pdb_get_workstations(sam_pwent));
245	printf ("Munged dial: %s\n", pdb_get_munged_dial(sam_pwent));
246
247	tmp = pdb_get_logon_time(sam_pwent);
248	printf ("Logon time: %s\n", tmp ? http_timestring(tmp) : "0");
249
250	tmp = pdb_get_logoff_time(sam_pwent);
251	printf ("Logoff time: %s\n", tmp ? http_timestring(tmp) : "0");
252
253	tmp = pdb_get_kickoff_time(sam_pwent);
254	printf ("Kickoff time: %s\n", tmp ? http_timestring(tmp) : "0");
255
256	tmp = pdb_get_pass_last_set_time(sam_pwent);
257	printf ("Password last set: %s\n", tmp ? http_timestring(tmp) : "0");
258
259	tmp = pdb_get_pass_can_change_time(sam_pwent);
260	printf ("Password can change: %s\n", tmp ? http_timestring(tmp) : "0");
261
262	tmp = pdb_get_pass_must_change_time(sam_pwent);
263	printf ("Password must change: %s\n", tmp ? http_timestring(tmp) : "0");
264
265	tmp = pdb_get_bad_password_time(sam_pwent);
266	printf ("Last bad password : %s\n", tmp ? http_timestring(tmp) : "0");
267	printf ("Bad password count : %d\n",
268	pdb_get_bad_password_count(sam_pwent));
269
270	hours = pdb_get_hours(sam_pwent);
271	pdb_sethexhours(temp, hours);
272	printf ("Logon hours : %s\n", temp);
273
274	} else if (smbpwdstyle) {
275	char lm_passwd[33];
276	char nt_passwd[33];
277
278	uid = nametouid(pdb_get_username(sam_pwent));
279	pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
280	pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
281
282	printf("%s:%lu:%s:%s:%s:LCT-%08X:\n",
283	pdb_get_username(sam_pwent),
284	(unsigned long)uid,
285	lm_passwd,
286	nt_passwd,
287	pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
288	(uint32)convert_time_t_to_uint32(pdb_get_pass_last_set_time(sam_pwent)));
289	} else {
290	uid = nametouid(pdb_get_username(sam_pwent));
291	printf ("%s:%lu:%s\n", pdb_get_username(sam_pwent), (unsigned long)uid,
292	pdb_get_fullname(sam_pwent));
293	}
294
295	return 0;
296	}
297
298	/*********************************************************
299	Get an Print User Info
300	**********************************************************/
301
302	static int print_user_info (struct pdb_methods in, const char username, BOOL verbosity, BOOL smbpwdstyle)
303	{
304	struct samu *sam_pwent=NULL;
305	BOOL ret;
306
307	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
308	return -1;
309	}
310
311	ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
312
313	if (ret==False) {
314	fprintf (stderr, "Username not found!\n");
315	TALLOC_FREE(sam_pwent);
316	return -1;
317	}
318
319	ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
320	TALLOC_FREE(sam_pwent);
321
322	return ret;
323	}
324
325	/*********************************************************
326	List Users
327	**********************************************************/
328	static int print_users_list (struct pdb_methods *in, BOOL verbosity, BOOL smbpwdstyle)
329	{
330	struct samu *sam_pwent=NULL;
331	BOOL check;
332
333	check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0));
334	if (!check) {
335	return 1;
336	}
337
338	check = True;
339	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
340	return 1;
341	}
342
343	while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) {
344	if (verbosity)
345	printf ("---------------\n");
346	print_sam_info (sam_pwent, verbosity, smbpwdstyle);
347	TALLOC_FREE(sam_pwent);
348
349	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
350	check = False;
351	}
352	}
353	if (check)
354	TALLOC_FREE(sam_pwent);
355
356	in->endsampwent(in);
357	return 0;
358	}
359
360	/*********************************************************
361	Fix a list of Users for uninitialised passwords
362	**********************************************************/
363	static int fix_users_list (struct pdb_methods *in)
364	{
365	struct samu *sam_pwent=NULL;
366	BOOL check;
367
368	check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0));
369	if (!check) {
370	return 1;
371	}
372
373	check = True;
374	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
375	return 1;
376	}
377
378	while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) {
379	printf("Updating record for user %s\n", pdb_get_username(sam_pwent));
380
381	if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
382	printf("Update of user %s failed!\n", pdb_get_username(sam_pwent));
383	}
384	TALLOC_FREE(sam_pwent);
385	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
386	check = False;
387	}
388	if (!check) {
389	fprintf(stderr, "Failed to initialise new struct samu structure (out of memory?)\n");
390	}
391
392	}
393	if (check)
394	TALLOC_FREE(sam_pwent);
395
396	in->endsampwent(in);
397	return 0;
398	}
399
400	/*********************************************************
401	Set User Info
402	**********************************************************/
403
404	static int set_user_info (struct pdb_methods in, const char username,
405	const char fullname, const char homedir,
406	const char *acct_desc,
407	const char drive, const char script,
408	const char profile, const char account_control,
409	const char user_sid, const char user_domain,
410	const BOOL badpw, const BOOL hours)
411	{
412	BOOL updated_autolock = False, updated_badpw = False;
413	struct samu *sam_pwent=NULL;
414	BOOL ret;
415
416	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
417	return 1;
418	}
419
420	ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
421	if (ret==False) {
422	fprintf (stderr, "Username not found!\n");
423	TALLOC_FREE(sam_pwent);
424	return -1;
425	}
426
427	if (hours) {
428	uint8 hours_array[MAX_HOURS_LEN];
429	uint32 hours_len;
430
431	hours_len = pdb_get_hours_len(sam_pwent);
432	memset(hours_array, 0xff, hours_len);
433
434	pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED);
435	}
436
437	if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
438	DEBUG(2,("pdb_update_autolock_flag failed.\n"));
439	}
440
441	if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
442	DEBUG(2,("pdb_update_bad_password_count failed.\n"));
443	}
444
445	if (fullname)
446	pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
447	if (acct_desc)
448	pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
449	if (homedir)
450	pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
451	if (drive)
452	pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
453	if (script)
454	pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
455	if (profile)
456	pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
457	if (user_domain)
458	pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
459
460	if (account_control) {
461	uint32 not_settable = ~(ACB_DISABLED\|ACB_HOMDIRREQ\|ACB_PWNOTREQ\|
462	ACB_PWNOEXP\|ACB_AUTOLOCK);
463
464	uint32 newflag = pdb_decode_acct_ctrl(account_control);
465
466	if (newflag & not_settable) {
467	fprintf(stderr, "Can only set [NDHLX] flags\n");
468	TALLOC_FREE(sam_pwent);
469	return -1;
470	}
471
472	pdb_set_acct_ctrl(sam_pwent,
473	(pdb_get_acct_ctrl(sam_pwent) & not_settable) \| newflag,
474	PDB_CHANGED);
475	}
476	if (user_sid) {
477	DOM_SID u_sid;
478	if (!string_to_sid(&u_sid, user_sid)) {
479	/* not a complete sid, may be a RID, try building a SID */
480	int u_rid;
481
482	if (sscanf(user_sid, "%d", &u_rid) != 1) {
483	fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
484	return -1;
485	}
486	sid_copy(&u_sid, get_global_sam_sid());
487	sid_append_rid(&u_sid, u_rid);
488	}
489	pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
490	}
491
492	if (badpw) {
493	pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
494	pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
495	}
496
497	if (NT_STATUS_IS_OK(in->update_sam_account (in, sam_pwent)))
498	print_user_info (in, username, True, False);
499	else {
500	fprintf (stderr, "Unable to modify entry!\n");
501	TALLOC_FREE(sam_pwent);
502	return -1;
503	}
504	TALLOC_FREE(sam_pwent);
505	return 0;
506	}
507
508	/*********************************************************
509	Add New User
510	**********************************************************/
511	static int new_user (struct pdb_methods in, const char username,
512	const char fullname, const char homedir,
513	const char drive, const char script,
514	const char profile, char user_sid, BOOL stdin_get)
515	{
516	struct samu *sam_pwent;
517	char password1, password2;
518	int rc_pwd_cmp;
519	struct passwd *pwd;
520
521	get_global_sam_sid();
522
523	if ( !(pwd = getpwnam_alloc( NULL, username )) ) {
524	DEBUG(0,("Cannot locate Unix account for %s\n", username));
525	return -1;
526	}
527
528	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
529	DEBUG(0, ("Memory allocation failure!\n"));
530	return -1;
531	}
532
533	if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) {
534	TALLOC_FREE( sam_pwent );
535	TALLOC_FREE( pwd );
536	DEBUG(0, ("could not create account to add new user %s\n", username));
537	return -1;
538	}
539
540	password1 = get_pass( "new password:", stdin_get);
541	password2 = get_pass( "retype new password:", stdin_get);
542	if ((rc_pwd_cmp = strcmp (password1, password2))) {
543	fprintf (stderr, "Passwords do not match!\n");
544	TALLOC_FREE(sam_pwent);
545	} else {
546	pdb_set_plaintext_passwd(sam_pwent, password1);
547	}
548
549	memset(password1, 0, strlen(password1));
550	SAFE_FREE(password1);
551	memset(password2, 0, strlen(password2));
552	SAFE_FREE(password2);
553
554	/* pwds do _not_ match? */
555	if (rc_pwd_cmp)
556	return -1;
557
558	if (fullname)
559	pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
560	if (homedir)
561	pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
562	if (drive)
563	pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
564	if (script)
565	pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
566	if (profile)
567	pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
568	if (user_sid) {
569	DOM_SID u_sid;
570	if (!string_to_sid(&u_sid, user_sid)) {
571	/* not a complete sid, may be a RID, try building a SID */
572	int u_rid;
573
574	if (sscanf(user_sid, "%d", &u_rid) != 1) {
575	fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
576	TALLOC_FREE(sam_pwent);
577	return -1;
578	}
579	sid_copy(&u_sid, get_global_sam_sid());
580	sid_append_rid(&u_sid, u_rid);
581	}
582	pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
583	}
584
585	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
586
587	if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
588	print_user_info (in, username, True, False);
589	} else {
590	fprintf (stderr, "Unable to add user! (does it already exist?)\n");
591	TALLOC_FREE(sam_pwent);
592	return -1;
593	}
594	TALLOC_FREE(sam_pwent);
595	return 0;
596	}
597
598	/*********************************************************
599	Add New Machine
600	**********************************************************/
601
602	static int new_machine (struct pdb_methods in, const char machine_in)
603	{
604	struct samu *sam_pwent=NULL;
605	fstring machinename;
606	fstring machineaccount;
607	struct passwd *pwd = NULL;
608
609	get_global_sam_sid();
610
611	if (strlen(machine_in) == 0) {
612	fprintf(stderr, "No machine name given\n");
613	return -1;
614	}
615
616	fstrcpy(machinename, machine_in);
617	machinename[15]= '\0';
618
619	if (machinename[strlen (machinename) -1] == '$')
620	machinename[strlen (machinename) -1] = '\0';
621
622	strlower_m(machinename);
623
624	fstrcpy(machineaccount, machinename);
625	fstrcat(machineaccount, "$");
626
627	if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) {
628	DEBUG(0,("Cannot locate Unix account for %s\n", machineaccount));
629	return -1;
630	}
631
632	if ( (sam_pwent = samu_new( NULL )) == NULL ) {
633	fprintf(stderr, "Memory allocation error!\n");
634	TALLOC_FREE(pwd);
635	return -1;
636	}
637
638	if ( !NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd )) ) {
639	fprintf(stderr, "Could not init sam from pw\n");
640	TALLOC_FREE(pwd);
641	return -1;
642	}
643
644	TALLOC_FREE(pwd);
645
646	pdb_set_plaintext_passwd (sam_pwent, machinename);
647	pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED);
648	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
649
650	if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
651	print_user_info (in, machineaccount, True, False);
652	} else {
653	fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
654	TALLOC_FREE(sam_pwent);
655	return -1;
656	}
657	TALLOC_FREE(sam_pwent);
658	return 0;
659	}
660
661	/*********************************************************
662	Delete user entry
663	**********************************************************/
664
665	static int delete_user_entry (struct pdb_methods in, const char username)
666	{
667	struct samu *samaccount = NULL;
668
669	if ( (samaccount = samu_new( NULL )) == NULL ) {
670	return -1;
671	}
672
673	if (!NT_STATUS_IS_OK(in->getsampwnam(in, samaccount, username))) {
674	fprintf (stderr, "user %s does not exist in the passdb\n", username);
675	return -1;
676	}
677
678	if (!NT_STATUS_IS_OK(in->delete_sam_account (in, samaccount))) {
679	fprintf (stderr, "Unable to delete user %s\n", username);
680	return -1;
681	}
682	return 0;
683	}
684
685	/*********************************************************
686	Delete machine entry
687	**********************************************************/
688
689	static int delete_machine_entry (struct pdb_methods in, const char machinename)
690	{
691	fstring name;
692	struct samu *samaccount = NULL;
693
694	if (strlen(machinename) == 0) {
695	fprintf(stderr, "No machine name given\n");
696	return -1;
697	}
698
699	fstrcpy(name, machinename);
700	name[15] = '\0';
701	if (name[strlen(name)-1] != '$')
702	fstrcat (name, "$");
703
704	if ( (samaccount = samu_new( NULL )) == NULL ) {
705	return -1;
706	}
707
708	if (!NT_STATUS_IS_OK(in->getsampwnam(in, samaccount, name))) {
709	fprintf (stderr, "machine %s does not exist in the passdb\n", name);
710	return -1;
711	}
712
713	if (!NT_STATUS_IS_OK(in->delete_sam_account (in, samaccount))) {
714	fprintf (stderr, "Unable to delete machine %s\n", name);
715	return -1;
716	}
717
718	return 0;
719	}
720
721	/*********************************************************
722	Start here.
723	**********************************************************/
724
725	int main (int argc, char **argv)
726	{
727	static BOOL list_users = False;
728	static BOOL verbose = False;
729	static BOOL spstyle = False;
730	static BOOL machine = False;
731	static BOOL add_user = False;
732	static BOOL delete_user = False;
733	static BOOL modify_user = False;
734	uint32 setparms, checkparms;
735	int opt;
736	static char *full_name = NULL;
737	static char *acct_desc = NULL;
738	static const char *user_name = NULL;
739	static char *home_dir = NULL;
740	static char *home_drive = NULL;
741	static char *backend = NULL;
742	static char *backend_in = NULL;
743	static char *backend_out = NULL;
744	static BOOL transfer_groups = False;
745	static BOOL transfer_account_policies = False;
746	static BOOL reset_account_policies = False;
747	static BOOL force_initialised_password = False;
748	static char *logon_script = NULL;
749	static char *profile_path = NULL;
750	static char *user_domain = NULL;
751	static char *account_control = NULL;
752	static char *account_policy = NULL;
753	static char *user_sid = NULL;
754	static long int account_policy_value = 0;
755	BOOL account_policy_value_set = False;
756	static BOOL badpw_reset = False;
757	static BOOL hours_reset = False;
758	static char *pwd_time_format = NULL;
759	static BOOL pw_from_stdin = False;
760	struct pdb_methods bin, bout, *bdef;
761	poptContext pc;
762	struct poptOption long_options[] = {
763	POPT_AUTOHELP
764	{"list", 'L', POPT_ARG_NONE, &list_users, 0, "list all users", NULL},
765	{"verbose", 'v', POPT_ARG_NONE, &verbose, 0, "be verbose", NULL },
766	{"smbpasswd-style", 'w',POPT_ARG_NONE, &spstyle, 0, "give output in smbpasswd style", NULL},
767	{"user", 'u', POPT_ARG_STRING, &user_name, 0, "use username", "USER" },
768	{"account-desc", 'N', POPT_ARG_STRING, &acct_desc, 0, "set account description", NULL},
769	{"fullname", 'f', POPT_ARG_STRING, &full_name, 0, "set full name", NULL},
770	{"homedir", 'h', POPT_ARG_STRING, &home_dir, 0, "set home directory", NULL},
771	{"drive", 'D', POPT_ARG_STRING, &home_drive, 0, "set home drive", NULL},
772	{"script", 'S', POPT_ARG_STRING, &logon_script, 0, "set logon script", NULL},
773	{"profile", 'p', POPT_ARG_STRING, &profile_path, 0, "set profile path", NULL},
774	{"domain", 'I', POPT_ARG_STRING, &user_domain, 0, "set a users' domain", NULL},
775	{"user SID", 'U', POPT_ARG_STRING, &user_sid, 0, "set user SID or RID", NULL},
776	{"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL},
777	{"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL},
778	{"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL},
779	{"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL},
780	{"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL},
781	{"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
782	{"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
783	{"group", 'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL},
784	{"policies", 'y', POPT_ARG_NONE, &transfer_account_policies, 0, "use -i and -e to move account policies between backends", NULL},
785	{"policies-reset", 0, POPT_ARG_NONE, &reset_account_policies, 0, "restore default policies", NULL},
786	{"account-policy", 'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
787	{"value", 'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
788	{"account-control", 'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
789	{"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
790	{"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL},
791	{"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL},
792	{"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL },
793	{"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL},
794	POPT_COMMON_SAMBA
795	POPT_TABLEEND
796	};
797
798	/* we shouldn't have silly checks like this */
799	if (getuid() != 0) {
800	d_fprintf(stderr, "You must be root to use pdbedit\n");
801	return -1;
802	}
803
804	bin = bout = bdef = NULL;
805
806	load_case_tables();
807
808	setup_logging("pdbedit", True);
809
810	pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
811	POPT_CONTEXT_KEEP_FIRST);
812
813	while((opt = poptGetNextOpt(pc)) != -1) {
814	switch (opt) {
815	case 'C':
816	account_policy_value_set = True;
817	break;
818	}
819	}
820
821	poptGetArg(pc); /* Drop argv[0], the program name */
822
823	if (user_name == NULL)
824	user_name = poptGetArg(pc);
825
826	if (!lp_load(dyn_CONFIGFILE,True,False,False,True)) {
827	fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
828	exit(1);
829	}
830
831	if(!initialize_password_db(False))
832	exit(1);
833
834	if (!init_names())
835	exit(1);
836
837	setparms = (backend ? BIT_BACKEND : 0) +
838	(verbose ? BIT_VERBOSE : 0) +
839	(spstyle ? BIT_SPSTYLE : 0) +
840	(full_name ? BIT_FULLNAME : 0) +
841	(home_dir ? BIT_HOMEDIR : 0) +
842	(home_drive ? BIT_HDIRDRIVE : 0) +
843	(logon_script ? BIT_LOGSCRIPT : 0) +
844	(profile_path ? BIT_PROFILE : 0) +
845	(user_domain ? BIT_USERDOMAIN : 0) +
846	(machine ? BIT_MACHINE : 0) +
847	(user_name ? BIT_USER : 0) +
848	(list_users ? BIT_LIST : 0) +
849	(force_initialised_password ? BIT_FIX_INIT : 0) +
850	(user_sid ? BIT_USERSIDS : 0) +
851	(modify_user ? BIT_MODIFY : 0) +
852	(add_user ? BIT_CREATE : 0) +
853	(delete_user ? BIT_DELETE : 0) +
854	(account_control ? BIT_ACCTCTRL : 0) +
855	(account_policy ? BIT_ACCPOLICY : 0) +
856	(account_policy_value_set ? BIT_ACCPOLVAL : 0) +
857	(backend_in ? BIT_IMPORT : 0) +
858	(backend_out ? BIT_EXPORT : 0) +
859	(badpw_reset ? BIT_BADPWRESET : 0) +
860	(hours_reset ? BIT_LOGONHOURS : 0);
861
862	if (setparms & BIT_BACKEND) {
863	if (!NT_STATUS_IS_OK(make_pdb_method_name( &bdef, backend ))) {
864	fprintf(stderr, "Can't initialize passdb backend.\n");
865	return 1;
866	}
867	} else {
868	if (!NT_STATUS_IS_OK(make_pdb_method_name(&bdef, lp_passdb_backend()))) {
869	fprintf(stderr, "Can't initialize passdb backend.\n");
870	return 1;
871	}
872	}
873
874	/* the lowest bit options are always accepted */
875	checkparms = setparms & ~MASK_ALWAYS_GOOD;
876
877	if (checkparms & BIT_FIX_INIT) {
878	return fix_users_list(bdef);
879	}
880
881	/* account policy operations */
882	if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) {
883	uint32 value;
884	int field = account_policy_name_to_fieldnum(account_policy);
885	if (field == 0) {
886	const char **names;
887	int count;
888	int i;
889	account_policy_names_list(&names, &count);
890	fprintf(stderr, "No account policy by that name!\n");
891	if (count !=0) {
892	fprintf(stderr, "Account policy names are:\n");
893	for (i = 0; i < count ; i++) {
894	d_fprintf(stderr, "%s\n", names[i]);
895	}
896	}
897	SAFE_FREE(names);
898	exit(1);
899	}
900	if (!pdb_get_account_policy(field, &value)) {
901	fprintf(stderr, "valid account policy, but unable to fetch value!\n");
902	if (!account_policy_value_set)
903	exit(1);
904	}
905	printf("account policy \"%s\" description: %s\n", account_policy, account_policy_get_desc(field));
906	if (account_policy_value_set) {
907	printf("account policy \"%s\" value was: %u\n", account_policy, value);
908	if (!pdb_set_account_policy(field, account_policy_value)) {
909	fprintf(stderr, "valid account policy, but unable to set value!\n");
910	exit(1);
911	}
912	printf("account policy \"%s\" value is now: %lu\n", account_policy, account_policy_value);
913	exit(0);
914	} else {
915	printf("account policy \"%s\" value is: %u\n", account_policy, value);
916	exit(0);
917	}
918	}
919
920	if (reset_account_policies) {
921	if (!reinit_account_policies()) {
922	exit(1);
923	}
924
925	exit(0);
926	}
927
928	/* import and export operations */
929
930	if ( ((checkparms & BIT_IMPORT)
931	\|\| (checkparms & BIT_EXPORT))
932	&& !(checkparms & ~(BIT_IMPORT +BIT_EXPORT +BIT_USER)) )
933	{
934	NTSTATUS status;
935
936	bin = bout = bdef;
937
938	if (backend_in) {
939	status = make_pdb_method_name(&bin, backend_in);
940
941	if ( !NT_STATUS_IS_OK(status) ) {
942	fprintf(stderr, "Unable to initialize %s.\n", backend_in);
943	return 1;
944	}
945	}
946
947	if (backend_out) {
948	status = make_pdb_method_name(&bout, backend_out);
949
950	if ( !NT_STATUS_IS_OK(status) ) {
951	fprintf(stderr, "Unable to initialize %s.\n", backend_out);
952	return 1;
953	}
954	}
955
956	if (transfer_account_policies) {
957
958	if (!(checkparms & BIT_USER))
959	return export_account_policies(bin, bout);
960
961	} else if (transfer_groups) {
962
963	if (!(checkparms & BIT_USER))
964	return export_groups(bin, bout);
965
966	} else {
967	return export_database(bin, bout,
968	(checkparms & BIT_USER) ? user_name : NULL );
969	}
970	}
971
972	/* if BIT_USER is defined but nothing else then threat it as -l -u for compatibility */
973	/* fake up BIT_LIST if only BIT_USER is defined */
974	if ((checkparms & BIT_USER) && !(checkparms & ~BIT_USER)) {
975	checkparms += BIT_LIST;
976	}
977
978	/* modify flag is optional to maintain backwards compatibility */
979	/* fake up BIT_MODIFY if BIT_USER and at least one of MASK_USER_GOOD is defined */
980	if (!((checkparms & ~MASK_USER_GOOD) & ~BIT_USER) && (checkparms & MASK_USER_GOOD)) {
981	checkparms += BIT_MODIFY;
982	}
983
984	/* list users operations */
985	if (checkparms & BIT_LIST) {
986	if (!(checkparms & ~BIT_LIST)) {
987	return print_users_list (bdef, verbose, spstyle);
988	}
989	if (!(checkparms & ~(BIT_USER + BIT_LIST))) {
990	return print_user_info (bdef, user_name, verbose, spstyle);
991	}
992	}
993
994	/* mask out users options */
995	checkparms &= ~MASK_USER_GOOD;
996
997	/* if bad password count is reset, we must be modifying */
998	if (checkparms & BIT_BADPWRESET) {
999	checkparms \|= BIT_MODIFY;
1000	checkparms &= ~BIT_BADPWRESET;
1001	}
1002
1003	/* if logon hours is reset, must modify */
1004	if (checkparms & BIT_LOGONHOURS) {
1005	checkparms \|= BIT_MODIFY;
1006	checkparms &= ~BIT_LOGONHOURS;
1007	}
1008
1009	/* account operation */
1010	if ((checkparms & BIT_CREATE) \|\| (checkparms & BIT_MODIFY) \|\| (checkparms & BIT_DELETE)) {
1011	/* check use of -u option */
1012	if (!(checkparms & BIT_USER)) {
1013	fprintf (stderr, "Username not specified! (use -u option)\n");
1014	return -1;
1015	}
1016
1017	/* account creation operations */
1018	if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) {
1019	if (checkparms & BIT_MACHINE) {
1020	return new_machine (bdef, user_name);
1021	} else {
1022	return new_user (bdef, user_name, full_name, home_dir,
1023	home_drive, logon_script, profile_path, user_sid, pw_from_stdin);
1024	}
1025	}
1026
1027	/* account deletion operations */
1028	if (!(checkparms & ~(BIT_DELETE + BIT_USER + BIT_MACHINE))) {
1029	if (checkparms & BIT_MACHINE) {
1030	return delete_machine_entry (bdef, user_name);
1031	} else {
1032	return delete_user_entry (bdef, user_name);
1033	}
1034	}
1035
1036	/* account modification operations */
1037	if (!(checkparms & ~(BIT_MODIFY + BIT_USER))) {
1038	return set_user_info (bdef, user_name, full_name, home_dir,
1039	acct_desc, home_drive, logon_script, profile_path, account_control,
1040	user_sid, user_domain, badpw_reset, hours_reset);
1041	}
1042	}
1043
1044	if (setparms >= 0x20) {
1045	fprintf (stderr, "Incompatible or insufficient options on command line!\n");
1046	}
1047	poptPrintHelp(pc, stderr, 0);
1048
1049	return 1;
1050	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: