1 | /*
|
---|
2 | Unix SMB/CIFS implementation.
|
---|
3 | struct samu access routines
|
---|
4 | Copyright (C) Jeremy Allison 1996-2001
|
---|
5 | Copyright (C) Luke Kenneth Casson Leighton 1996-1998
|
---|
6 | Copyright (C) Gerald (Jerry) Carter 2000-2006
|
---|
7 | Copyright (C) Andrew Bartlett 2001-2002
|
---|
8 | Copyright (C) Stefan (metze) Metzmacher 2002
|
---|
9 |
|
---|
10 | This program is free software; you can redistribute it and/or modify
|
---|
11 | it under the terms of the GNU General Public License as published by
|
---|
12 | the Free Software Foundation; either version 3 of the License, or
|
---|
13 | (at your option) any later version.
|
---|
14 |
|
---|
15 | This program is distributed in the hope that it will be useful,
|
---|
16 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
18 | GNU General Public License for more details.
|
---|
19 |
|
---|
20 | You should have received a copy of the GNU General Public License
|
---|
21 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
---|
22 | */
|
---|
23 |
|
---|
24 | #include "includes.h"
|
---|
25 | #include "../libcli/auth/libcli_auth.h"
|
---|
26 |
|
---|
27 | #undef DBGC_CLASS
|
---|
28 | #define DBGC_CLASS DBGC_PASSDB
|
---|
29 |
|
---|
30 | /**
|
---|
31 | * @todo Redefine this to NULL, but this changes the API because
|
---|
32 | * much of samba assumes that the pdb_get...() funtions
|
---|
33 | * return strings. (ie not null-pointers).
|
---|
34 | * See also pdb_fill_default_sam().
|
---|
35 | */
|
---|
36 |
|
---|
37 | #define PDB_NOT_QUITE_NULL ""
|
---|
38 |
|
---|
39 | /*********************************************************************
|
---|
40 | Test if a change time is a max value. Copes with old and new values
|
---|
41 | of max.
|
---|
42 | ********************************************************************/
|
---|
43 |
|
---|
44 | bool pdb_is_password_change_time_max(time_t test_time)
|
---|
45 | {
|
---|
46 | if (test_time == get_time_t_max()) {
|
---|
47 | return true;
|
---|
48 | }
|
---|
49 | #if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
|
---|
50 | if (test_time == 0x7FFFFFFFFFFFFFFFLL) {
|
---|
51 | return true;
|
---|
52 | }
|
---|
53 | #endif
|
---|
54 | if (test_time == 0x7FFFFFFF) {
|
---|
55 | return true;
|
---|
56 | }
|
---|
57 | return false;
|
---|
58 | }
|
---|
59 |
|
---|
60 | /*********************************************************************
|
---|
61 | Return an unchanging version of max password change time - 0x7FFFFFFF.
|
---|
62 | ********************************************************************/
|
---|
63 |
|
---|
64 | time_t pdb_password_change_time_max(void)
|
---|
65 | {
|
---|
66 | return 0x7FFFFFFF;
|
---|
67 | }
|
---|
68 |
|
---|
69 | /*********************************************************************
|
---|
70 | Collection of get...() functions for struct samu.
|
---|
71 | ********************************************************************/
|
---|
72 |
|
---|
73 | uint32 pdb_get_acct_ctrl(const struct samu *sampass)
|
---|
74 | {
|
---|
75 | return sampass->acct_ctrl;
|
---|
76 | }
|
---|
77 |
|
---|
78 | time_t pdb_get_logon_time(const struct samu *sampass)
|
---|
79 | {
|
---|
80 | return sampass->logon_time;
|
---|
81 | }
|
---|
82 |
|
---|
83 | time_t pdb_get_logoff_time(const struct samu *sampass)
|
---|
84 | {
|
---|
85 | return sampass->logoff_time;
|
---|
86 | }
|
---|
87 |
|
---|
88 | time_t pdb_get_kickoff_time(const struct samu *sampass)
|
---|
89 | {
|
---|
90 | return sampass->kickoff_time;
|
---|
91 | }
|
---|
92 |
|
---|
93 | time_t pdb_get_bad_password_time(const struct samu *sampass)
|
---|
94 | {
|
---|
95 | return sampass->bad_password_time;
|
---|
96 | }
|
---|
97 |
|
---|
98 | time_t pdb_get_pass_last_set_time(const struct samu *sampass)
|
---|
99 | {
|
---|
100 | return sampass->pass_last_set_time;
|
---|
101 | }
|
---|
102 |
|
---|
103 | time_t pdb_get_pass_can_change_time(const struct samu *sampass)
|
---|
104 | {
|
---|
105 | uint32 allow;
|
---|
106 |
|
---|
107 | /* if the last set time is zero, it means the user cannot
|
---|
108 | change their password, and this time must be zero. jmcd
|
---|
109 | */
|
---|
110 | if (sampass->pass_last_set_time == 0)
|
---|
111 | return (time_t) 0;
|
---|
112 |
|
---|
113 | /* if the time is max, and the field has been changed,
|
---|
114 | we're trying to update this real value from the sampass
|
---|
115 | to indicate that the user cannot change their password. jmcd
|
---|
116 | */
|
---|
117 | if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
|
---|
118 | pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
|
---|
119 | return sampass->pass_can_change_time;
|
---|
120 |
|
---|
121 | if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
|
---|
122 | allow = 0;
|
---|
123 |
|
---|
124 | /* in normal cases, just calculate it from policy */
|
---|
125 | return sampass->pass_last_set_time + allow;
|
---|
126 | }
|
---|
127 |
|
---|
128 | /* we need this for loading from the backend, so that we don't overwrite
|
---|
129 | non-changed max times, otherwise the pass_can_change checking won't work */
|
---|
130 | time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
|
---|
131 | {
|
---|
132 | return sampass->pass_can_change_time;
|
---|
133 | }
|
---|
134 |
|
---|
135 | time_t pdb_get_pass_must_change_time(const struct samu *sampass)
|
---|
136 | {
|
---|
137 | uint32 expire;
|
---|
138 |
|
---|
139 | if (sampass->pass_last_set_time == 0)
|
---|
140 | return (time_t) 0;
|
---|
141 |
|
---|
142 | if (sampass->acct_ctrl & ACB_PWNOEXP)
|
---|
143 | return pdb_password_change_time_max();
|
---|
144 |
|
---|
145 | if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
|
---|
146 | || expire == (uint32)-1 || expire == 0)
|
---|
147 | return pdb_password_change_time_max();
|
---|
148 |
|
---|
149 | return sampass->pass_last_set_time + expire;
|
---|
150 | }
|
---|
151 |
|
---|
152 | bool pdb_get_pass_can_change(const struct samu *sampass)
|
---|
153 | {
|
---|
154 | if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
|
---|
155 | sampass->pass_last_set_time != 0)
|
---|
156 | return False;
|
---|
157 | return True;
|
---|
158 | }
|
---|
159 |
|
---|
160 | uint16 pdb_get_logon_divs(const struct samu *sampass)
|
---|
161 | {
|
---|
162 | return sampass->logon_divs;
|
---|
163 | }
|
---|
164 |
|
---|
165 | uint32 pdb_get_hours_len(const struct samu *sampass)
|
---|
166 | {
|
---|
167 | return sampass->hours_len;
|
---|
168 | }
|
---|
169 |
|
---|
170 | const uint8 *pdb_get_hours(const struct samu *sampass)
|
---|
171 | {
|
---|
172 | return (sampass->hours);
|
---|
173 | }
|
---|
174 |
|
---|
175 | const uint8 *pdb_get_nt_passwd(const struct samu *sampass)
|
---|
176 | {
|
---|
177 | SMB_ASSERT((!sampass->nt_pw.data)
|
---|
178 | || sampass->nt_pw.length == NT_HASH_LEN);
|
---|
179 | return (uint8 *)sampass->nt_pw.data;
|
---|
180 | }
|
---|
181 |
|
---|
182 | const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)
|
---|
183 | {
|
---|
184 | SMB_ASSERT((!sampass->lm_pw.data)
|
---|
185 | || sampass->lm_pw.length == LM_HASH_LEN);
|
---|
186 | return (uint8 *)sampass->lm_pw.data;
|
---|
187 | }
|
---|
188 |
|
---|
189 | const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)
|
---|
190 | {
|
---|
191 | SMB_ASSERT((!sampass->nt_pw_his.data)
|
---|
192 | || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
|
---|
193 | *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
|
---|
194 | return (uint8 *)sampass->nt_pw_his.data;
|
---|
195 | }
|
---|
196 |
|
---|
197 | /* Return the plaintext password if known. Most of the time
|
---|
198 | it isn't, so don't assume anything magic about this function.
|
---|
199 |
|
---|
200 | Used to pass the plaintext to passdb backends that might
|
---|
201 | want to store more than just the NTLM hashes.
|
---|
202 | */
|
---|
203 | const char *pdb_get_plaintext_passwd(const struct samu *sampass)
|
---|
204 | {
|
---|
205 | return sampass->plaintext_pw;
|
---|
206 | }
|
---|
207 |
|
---|
208 | const DOM_SID *pdb_get_user_sid(const struct samu *sampass)
|
---|
209 | {
|
---|
210 | return &sampass->user_sid;
|
---|
211 | }
|
---|
212 |
|
---|
213 | const DOM_SID *pdb_get_group_sid(struct samu *sampass)
|
---|
214 | {
|
---|
215 | DOM_SID *gsid;
|
---|
216 | struct passwd *pwd;
|
---|
217 | bool need_lookup_sid = false;
|
---|
218 |
|
---|
219 | /* Return the cached group SID if we have that */
|
---|
220 | if ( sampass->group_sid ) {
|
---|
221 | return sampass->group_sid;
|
---|
222 | }
|
---|
223 |
|
---|
224 | /* generate the group SID from the user's primary Unix group */
|
---|
225 |
|
---|
226 | if ( !(gsid = TALLOC_ZERO_P( sampass, DOM_SID )) ) {
|
---|
227 | return NULL;
|
---|
228 | }
|
---|
229 |
|
---|
230 | /* No algorithmic mapping, meaning that we have to figure out the
|
---|
231 | primary group SID according to group mapping and the user SID must
|
---|
232 | be a newly allocated one. We rely on the user's Unix primary gid.
|
---|
233 | We have no choice but to fail if we can't find it. */
|
---|
234 |
|
---|
235 | if ( sampass->unix_pw ) {
|
---|
236 | pwd = sampass->unix_pw;
|
---|
237 | } else {
|
---|
238 | pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
|
---|
239 | }
|
---|
240 |
|
---|
241 | if ( !pwd ) {
|
---|
242 | DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
|
---|
243 | return NULL;
|
---|
244 | }
|
---|
245 |
|
---|
246 | gid_to_sid(gsid, pwd->pw_gid);
|
---|
247 | if (!is_null_sid(gsid)) {
|
---|
248 | DOM_SID dgsid;
|
---|
249 | uint32_t rid;
|
---|
250 |
|
---|
251 | sid_copy(&dgsid, gsid);
|
---|
252 | sid_split_rid(&dgsid, &rid);
|
---|
253 | if (sid_equal(&dgsid, get_global_sam_sid())) {
|
---|
254 | /*
|
---|
255 | * As shortcut for the expensive lookup_sid call
|
---|
256 | * compare the domain sid part
|
---|
257 | */
|
---|
258 | switch (rid) {
|
---|
259 | case DOMAIN_RID_ADMINS:
|
---|
260 | case DOMAIN_RID_USERS:
|
---|
261 | sampass->group_sid = gsid;
|
---|
262 | return sampass->group_sid;
|
---|
263 | default:
|
---|
264 | need_lookup_sid = true;
|
---|
265 | break;
|
---|
266 | }
|
---|
267 | } else {
|
---|
268 | ZERO_STRUCTP(gsid);
|
---|
269 | if (pdb_gid_to_sid(pwd->pw_gid, gsid)) {
|
---|
270 | need_lookup_sid = true;
|
---|
271 | }
|
---|
272 | }
|
---|
273 | }
|
---|
274 |
|
---|
275 | if (need_lookup_sid) {
|
---|
276 | enum lsa_SidType type = SID_NAME_UNKNOWN;
|
---|
277 | TALLOC_CTX *mem_ctx;
|
---|
278 | bool lookup_ret;
|
---|
279 | const DOM_SID *usid = pdb_get_user_sid(sampass);
|
---|
280 |
|
---|
281 | mem_ctx = talloc_init("pdb_get_group_sid");
|
---|
282 | if (!mem_ctx) {
|
---|
283 | return NULL;
|
---|
284 | }
|
---|
285 |
|
---|
286 | DEBUG(10,("do lookup_sid(%s) for group of user %s\n",
|
---|
287 | sid_string_dbg(gsid), sid_string_dbg(usid)));
|
---|
288 |
|
---|
289 | /* Now check that it's actually a domain group and not something else */
|
---|
290 |
|
---|
291 | lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
|
---|
292 |
|
---|
293 | TALLOC_FREE( mem_ctx );
|
---|
294 |
|
---|
295 | if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
|
---|
296 | sampass->group_sid = gsid;
|
---|
297 | return sampass->group_sid;
|
---|
298 | }
|
---|
299 |
|
---|
300 | DEBUG(3, ("Primary group %s for user %s is a %s and not a domain group\n",
|
---|
301 | sid_string_dbg(gsid), pwd->pw_name, sid_type_lookup(type)));
|
---|
302 | }
|
---|
303 |
|
---|
304 | /* Just set it to the 'Domain Users' RID of 512 which will
|
---|
305 | always resolve to a name */
|
---|
306 |
|
---|
307 | sid_copy( gsid, get_global_sam_sid() );
|
---|
308 | sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
|
---|
309 |
|
---|
310 | sampass->group_sid = gsid;
|
---|
311 |
|
---|
312 | return sampass->group_sid;
|
---|
313 | }
|
---|
314 |
|
---|
315 | /**
|
---|
316 | * Get flags showing what is initalised in the struct samu
|
---|
317 | * @param sampass the struct samu in question
|
---|
318 | * @return the flags indicating the members initialised in the struct.
|
---|
319 | **/
|
---|
320 |
|
---|
321 | enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
|
---|
322 | {
|
---|
323 | enum pdb_value_state ret = PDB_DEFAULT;
|
---|
324 |
|
---|
325 | if (!sampass->change_flags || !sampass->set_flags)
|
---|
326 | return ret;
|
---|
327 |
|
---|
328 | if (bitmap_query(sampass->set_flags, element)) {
|
---|
329 | DEBUG(11, ("element %d: SET\n", element));
|
---|
330 | ret = PDB_SET;
|
---|
331 | }
|
---|
332 |
|
---|
333 | if (bitmap_query(sampass->change_flags, element)) {
|
---|
334 | DEBUG(11, ("element %d: CHANGED\n", element));
|
---|
335 | ret = PDB_CHANGED;
|
---|
336 | }
|
---|
337 |
|
---|
338 | if (ret == PDB_DEFAULT) {
|
---|
339 | DEBUG(11, ("element %d: DEFAULT\n", element));
|
---|
340 | }
|
---|
341 |
|
---|
342 | return ret;
|
---|
343 | }
|
---|
344 |
|
---|
345 | const char *pdb_get_username(const struct samu *sampass)
|
---|
346 | {
|
---|
347 | return sampass->username;
|
---|
348 | }
|
---|
349 |
|
---|
350 | const char *pdb_get_domain(const struct samu *sampass)
|
---|
351 | {
|
---|
352 | return sampass->domain;
|
---|
353 | }
|
---|
354 |
|
---|
355 | const char *pdb_get_nt_username(const struct samu *sampass)
|
---|
356 | {
|
---|
357 | return sampass->nt_username;
|
---|
358 | }
|
---|
359 |
|
---|
360 | const char *pdb_get_fullname(const struct samu *sampass)
|
---|
361 | {
|
---|
362 | return sampass->full_name;
|
---|
363 | }
|
---|
364 |
|
---|
365 | const char *pdb_get_homedir(const struct samu *sampass)
|
---|
366 | {
|
---|
367 | return sampass->home_dir;
|
---|
368 | }
|
---|
369 |
|
---|
370 | const char *pdb_get_dir_drive(const struct samu *sampass)
|
---|
371 | {
|
---|
372 | return sampass->dir_drive;
|
---|
373 | }
|
---|
374 |
|
---|
375 | const char *pdb_get_logon_script(const struct samu *sampass)
|
---|
376 | {
|
---|
377 | return sampass->logon_script;
|
---|
378 | }
|
---|
379 |
|
---|
380 | const char *pdb_get_profile_path(const struct samu *sampass)
|
---|
381 | {
|
---|
382 | return sampass->profile_path;
|
---|
383 | }
|
---|
384 |
|
---|
385 | const char *pdb_get_acct_desc(const struct samu *sampass)
|
---|
386 | {
|
---|
387 | return sampass->acct_desc;
|
---|
388 | }
|
---|
389 |
|
---|
390 | const char *pdb_get_workstations(const struct samu *sampass)
|
---|
391 | {
|
---|
392 | return sampass->workstations;
|
---|
393 | }
|
---|
394 |
|
---|
395 | const char *pdb_get_comment(const struct samu *sampass)
|
---|
396 | {
|
---|
397 | return sampass->comment;
|
---|
398 | }
|
---|
399 |
|
---|
400 | const char *pdb_get_munged_dial(const struct samu *sampass)
|
---|
401 | {
|
---|
402 | return sampass->munged_dial;
|
---|
403 | }
|
---|
404 |
|
---|
405 | uint16 pdb_get_bad_password_count(const struct samu *sampass)
|
---|
406 | {
|
---|
407 | return sampass->bad_password_count;
|
---|
408 | }
|
---|
409 |
|
---|
410 | uint16 pdb_get_logon_count(const struct samu *sampass)
|
---|
411 | {
|
---|
412 | return sampass->logon_count;
|
---|
413 | }
|
---|
414 |
|
---|
415 | uint32 pdb_get_unknown_6(const struct samu *sampass)
|
---|
416 | {
|
---|
417 | return sampass->unknown_6;
|
---|
418 | }
|
---|
419 |
|
---|
420 | void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
|
---|
421 | {
|
---|
422 | if (my_methods == sampass->backend_private_methods) {
|
---|
423 | return sampass->backend_private_data;
|
---|
424 | } else {
|
---|
425 | return NULL;
|
---|
426 | }
|
---|
427 | }
|
---|
428 |
|
---|
429 | /*********************************************************************
|
---|
430 | Collection of set...() functions for struct samu.
|
---|
431 | ********************************************************************/
|
---|
432 |
|
---|
433 | bool pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
|
---|
434 | {
|
---|
435 | sampass->acct_ctrl = acct_ctrl;
|
---|
436 | return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
|
---|
437 | }
|
---|
438 |
|
---|
439 | bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
440 | {
|
---|
441 | sampass->logon_time = mytime;
|
---|
442 | return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
|
---|
443 | }
|
---|
444 |
|
---|
445 | bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
446 | {
|
---|
447 | sampass->logoff_time = mytime;
|
---|
448 | return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
|
---|
449 | }
|
---|
450 |
|
---|
451 | bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
452 | {
|
---|
453 | sampass->kickoff_time = mytime;
|
---|
454 | return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
|
---|
455 | }
|
---|
456 |
|
---|
457 | bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
458 | {
|
---|
459 | sampass->bad_password_time = mytime;
|
---|
460 | return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
|
---|
461 | }
|
---|
462 |
|
---|
463 | bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
464 | {
|
---|
465 | sampass->pass_can_change_time = mytime;
|
---|
466 | return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
|
---|
467 | }
|
---|
468 |
|
---|
469 | bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
470 | {
|
---|
471 | sampass->pass_must_change_time = mytime;
|
---|
472 | return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
|
---|
473 | }
|
---|
474 |
|
---|
475 | bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
|
---|
476 | {
|
---|
477 | sampass->pass_last_set_time = mytime;
|
---|
478 | return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
|
---|
479 | }
|
---|
480 |
|
---|
481 | bool pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
|
---|
482 | {
|
---|
483 | sampass->hours_len = len;
|
---|
484 | return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
|
---|
485 | }
|
---|
486 |
|
---|
487 | bool pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
|
---|
488 | {
|
---|
489 | sampass->logon_divs = hours;
|
---|
490 | return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
|
---|
491 | }
|
---|
492 |
|
---|
493 | /**
|
---|
494 | * Set flags showing what is initalised in the struct samu
|
---|
495 | * @param sampass the struct samu in question
|
---|
496 | * @param flag The *new* flag to be set. Old flags preserved
|
---|
497 | * this flag is only added.
|
---|
498 | **/
|
---|
499 |
|
---|
500 | bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
|
---|
501 | {
|
---|
502 | if (!sampass->set_flags) {
|
---|
503 | if ((sampass->set_flags =
|
---|
504 | bitmap_talloc(sampass,
|
---|
505 | PDB_COUNT))==NULL) {
|
---|
506 | DEBUG(0,("bitmap_talloc failed\n"));
|
---|
507 | return False;
|
---|
508 | }
|
---|
509 | }
|
---|
510 | if (!sampass->change_flags) {
|
---|
511 | if ((sampass->change_flags =
|
---|
512 | bitmap_talloc(sampass,
|
---|
513 | PDB_COUNT))==NULL) {
|
---|
514 | DEBUG(0,("bitmap_talloc failed\n"));
|
---|
515 | return False;
|
---|
516 | }
|
---|
517 | }
|
---|
518 |
|
---|
519 | switch(value_flag) {
|
---|
520 | case PDB_CHANGED:
|
---|
521 | if (!bitmap_set(sampass->change_flags, element)) {
|
---|
522 | DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
|
---|
523 | return False;
|
---|
524 | }
|
---|
525 | if (!bitmap_set(sampass->set_flags, element)) {
|
---|
526 | DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
|
---|
527 | return False;
|
---|
528 | }
|
---|
529 | DEBUG(11, ("element %d -> now CHANGED\n", element));
|
---|
530 | break;
|
---|
531 | case PDB_SET:
|
---|
532 | if (!bitmap_clear(sampass->change_flags, element)) {
|
---|
533 | DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
|
---|
534 | return False;
|
---|
535 | }
|
---|
536 | if (!bitmap_set(sampass->set_flags, element)) {
|
---|
537 | DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
|
---|
538 | return False;
|
---|
539 | }
|
---|
540 | DEBUG(11, ("element %d -> now SET\n", element));
|
---|
541 | break;
|
---|
542 | case PDB_DEFAULT:
|
---|
543 | default:
|
---|
544 | if (!bitmap_clear(sampass->change_flags, element)) {
|
---|
545 | DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
|
---|
546 | return False;
|
---|
547 | }
|
---|
548 | if (!bitmap_clear(sampass->set_flags, element)) {
|
---|
549 | DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
|
---|
550 | return False;
|
---|
551 | }
|
---|
552 | DEBUG(11, ("element %d -> now DEFAULT\n", element));
|
---|
553 | break;
|
---|
554 | }
|
---|
555 |
|
---|
556 | return True;
|
---|
557 | }
|
---|
558 |
|
---|
559 | bool pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
|
---|
560 | {
|
---|
561 | if (!u_sid)
|
---|
562 | return False;
|
---|
563 |
|
---|
564 | sid_copy(&sampass->user_sid, u_sid);
|
---|
565 |
|
---|
566 | DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
|
---|
567 | sid_string_dbg(&sampass->user_sid)));
|
---|
568 |
|
---|
569 | return pdb_set_init_flags(sampass, PDB_USERSID, flag);
|
---|
570 | }
|
---|
571 |
|
---|
572 | bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
|
---|
573 | {
|
---|
574 | DOM_SID new_sid;
|
---|
575 |
|
---|
576 | if (!u_sid)
|
---|
577 | return False;
|
---|
578 |
|
---|
579 | DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
|
---|
580 | u_sid));
|
---|
581 |
|
---|
582 | if (!string_to_sid(&new_sid, u_sid)) {
|
---|
583 | DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
|
---|
584 | return False;
|
---|
585 | }
|
---|
586 |
|
---|
587 | if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
|
---|
588 | DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
|
---|
589 | return False;
|
---|
590 | }
|
---|
591 |
|
---|
592 | return True;
|
---|
593 | }
|
---|
594 |
|
---|
595 | /********************************************************************
|
---|
596 | We never fill this in from a passdb backend but rather set is
|
---|
597 | based on the user's primary group membership. However, the
|
---|
598 | struct samu* is overloaded and reused in domain memship code
|
---|
599 | as well and built from the netr_SamInfo3 or PAC so we
|
---|
600 | have to allow the explicitly setting of a group SID here.
|
---|
601 | ********************************************************************/
|
---|
602 |
|
---|
603 | bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
|
---|
604 | {
|
---|
605 | gid_t gid;
|
---|
606 |
|
---|
607 | if (!g_sid)
|
---|
608 | return False;
|
---|
609 |
|
---|
610 | if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
|
---|
611 | return False;
|
---|
612 | }
|
---|
613 |
|
---|
614 | /* if we cannot resolve the SID to gid, then just ignore it and
|
---|
615 | store DOMAIN_USERS as the primary groupSID */
|
---|
616 |
|
---|
617 | if ( sid_to_gid( g_sid, &gid ) ) {
|
---|
618 | sid_copy(sampass->group_sid, g_sid);
|
---|
619 | } else {
|
---|
620 | sid_copy( sampass->group_sid, get_global_sam_sid() );
|
---|
621 | sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
|
---|
622 | }
|
---|
623 |
|
---|
624 | DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
|
---|
625 | sid_string_dbg(sampass->group_sid)));
|
---|
626 |
|
---|
627 | return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
|
---|
628 | }
|
---|
629 |
|
---|
630 | /*********************************************************************
|
---|
631 | Set the user's UNIX name.
|
---|
632 | ********************************************************************/
|
---|
633 |
|
---|
634 | bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
|
---|
635 | {
|
---|
636 | if (username) {
|
---|
637 | DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
|
---|
638 | (sampass->username)?(sampass->username):"NULL"));
|
---|
639 |
|
---|
640 | sampass->username = talloc_strdup(sampass, username);
|
---|
641 |
|
---|
642 | if (!sampass->username) {
|
---|
643 | DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
|
---|
644 | return False;
|
---|
645 | }
|
---|
646 | } else {
|
---|
647 | sampass->username = PDB_NOT_QUITE_NULL;
|
---|
648 | }
|
---|
649 |
|
---|
650 | return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
|
---|
651 | }
|
---|
652 |
|
---|
653 | /*********************************************************************
|
---|
654 | Set the domain name.
|
---|
655 | ********************************************************************/
|
---|
656 |
|
---|
657 | bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
|
---|
658 | {
|
---|
659 | if (domain) {
|
---|
660 | DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
|
---|
661 | (sampass->domain)?(sampass->domain):"NULL"));
|
---|
662 |
|
---|
663 | sampass->domain = talloc_strdup(sampass, domain);
|
---|
664 |
|
---|
665 | if (!sampass->domain) {
|
---|
666 | DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
|
---|
667 | return False;
|
---|
668 | }
|
---|
669 | } else {
|
---|
670 | sampass->domain = PDB_NOT_QUITE_NULL;
|
---|
671 | }
|
---|
672 |
|
---|
673 | return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
|
---|
674 | }
|
---|
675 |
|
---|
676 | /*********************************************************************
|
---|
677 | Set the user's NT name.
|
---|
678 | ********************************************************************/
|
---|
679 |
|
---|
680 | bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
|
---|
681 | {
|
---|
682 | if (nt_username) {
|
---|
683 | DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
|
---|
684 | (sampass->nt_username)?(sampass->nt_username):"NULL"));
|
---|
685 |
|
---|
686 | sampass->nt_username = talloc_strdup(sampass, nt_username);
|
---|
687 |
|
---|
688 | if (!sampass->nt_username) {
|
---|
689 | DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
|
---|
690 | return False;
|
---|
691 | }
|
---|
692 | } else {
|
---|
693 | sampass->nt_username = PDB_NOT_QUITE_NULL;
|
---|
694 | }
|
---|
695 |
|
---|
696 | return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
|
---|
697 | }
|
---|
698 |
|
---|
699 | /*********************************************************************
|
---|
700 | Set the user's full name.
|
---|
701 | ********************************************************************/
|
---|
702 |
|
---|
703 | bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
|
---|
704 | {
|
---|
705 | if (full_name) {
|
---|
706 | DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
|
---|
707 | (sampass->full_name)?(sampass->full_name):"NULL"));
|
---|
708 |
|
---|
709 | sampass->full_name = talloc_strdup(sampass, full_name);
|
---|
710 |
|
---|
711 | if (!sampass->full_name) {
|
---|
712 | DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
|
---|
713 | return False;
|
---|
714 | }
|
---|
715 | } else {
|
---|
716 | sampass->full_name = PDB_NOT_QUITE_NULL;
|
---|
717 | }
|
---|
718 |
|
---|
719 | return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
|
---|
720 | }
|
---|
721 |
|
---|
722 | /*********************************************************************
|
---|
723 | Set the user's logon script.
|
---|
724 | ********************************************************************/
|
---|
725 |
|
---|
726 | bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
|
---|
727 | {
|
---|
728 | if (logon_script) {
|
---|
729 | DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
|
---|
730 | (sampass->logon_script)?(sampass->logon_script):"NULL"));
|
---|
731 |
|
---|
732 | sampass->logon_script = talloc_strdup(sampass, logon_script);
|
---|
733 |
|
---|
734 | if (!sampass->logon_script) {
|
---|
735 | DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
|
---|
736 | return False;
|
---|
737 | }
|
---|
738 | } else {
|
---|
739 | sampass->logon_script = PDB_NOT_QUITE_NULL;
|
---|
740 | }
|
---|
741 |
|
---|
742 | return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
|
---|
743 | }
|
---|
744 |
|
---|
745 | /*********************************************************************
|
---|
746 | Set the user's profile path.
|
---|
747 | ********************************************************************/
|
---|
748 |
|
---|
749 | bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
|
---|
750 | {
|
---|
751 | if (profile_path) {
|
---|
752 | DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
|
---|
753 | (sampass->profile_path)?(sampass->profile_path):"NULL"));
|
---|
754 |
|
---|
755 | sampass->profile_path = talloc_strdup(sampass, profile_path);
|
---|
756 |
|
---|
757 | if (!sampass->profile_path) {
|
---|
758 | DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
|
---|
759 | return False;
|
---|
760 | }
|
---|
761 | } else {
|
---|
762 | sampass->profile_path = PDB_NOT_QUITE_NULL;
|
---|
763 | }
|
---|
764 |
|
---|
765 | return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
|
---|
766 | }
|
---|
767 |
|
---|
768 | /*********************************************************************
|
---|
769 | Set the user's directory drive.
|
---|
770 | ********************************************************************/
|
---|
771 |
|
---|
772 | bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
|
---|
773 | {
|
---|
774 | if (dir_drive) {
|
---|
775 | DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
|
---|
776 | (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
|
---|
777 |
|
---|
778 | sampass->dir_drive = talloc_strdup(sampass, dir_drive);
|
---|
779 |
|
---|
780 | if (!sampass->dir_drive) {
|
---|
781 | DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
|
---|
782 | return False;
|
---|
783 | }
|
---|
784 |
|
---|
785 | } else {
|
---|
786 | sampass->dir_drive = PDB_NOT_QUITE_NULL;
|
---|
787 | }
|
---|
788 |
|
---|
789 | return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
|
---|
790 | }
|
---|
791 |
|
---|
792 | /*********************************************************************
|
---|
793 | Set the user's home directory.
|
---|
794 | ********************************************************************/
|
---|
795 |
|
---|
796 | bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
|
---|
797 | {
|
---|
798 | if (home_dir) {
|
---|
799 | DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
|
---|
800 | (sampass->home_dir)?(sampass->home_dir):"NULL"));
|
---|
801 |
|
---|
802 | sampass->home_dir = talloc_strdup(sampass, home_dir);
|
---|
803 |
|
---|
804 | if (!sampass->home_dir) {
|
---|
805 | DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
|
---|
806 | return False;
|
---|
807 | }
|
---|
808 | } else {
|
---|
809 | sampass->home_dir = PDB_NOT_QUITE_NULL;
|
---|
810 | }
|
---|
811 |
|
---|
812 | return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
|
---|
813 | }
|
---|
814 |
|
---|
815 | /*********************************************************************
|
---|
816 | Set the user's account description.
|
---|
817 | ********************************************************************/
|
---|
818 |
|
---|
819 | bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
|
---|
820 | {
|
---|
821 | if (acct_desc) {
|
---|
822 | sampass->acct_desc = talloc_strdup(sampass, acct_desc);
|
---|
823 |
|
---|
824 | if (!sampass->acct_desc) {
|
---|
825 | DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
|
---|
826 | return False;
|
---|
827 | }
|
---|
828 | } else {
|
---|
829 | sampass->acct_desc = PDB_NOT_QUITE_NULL;
|
---|
830 | }
|
---|
831 |
|
---|
832 | return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
|
---|
833 | }
|
---|
834 |
|
---|
835 | /*********************************************************************
|
---|
836 | Set the user's workstation allowed list.
|
---|
837 | ********************************************************************/
|
---|
838 |
|
---|
839 | bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
|
---|
840 | {
|
---|
841 | if (workstations) {
|
---|
842 | DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
|
---|
843 | (sampass->workstations)?(sampass->workstations):"NULL"));
|
---|
844 |
|
---|
845 | sampass->workstations = talloc_strdup(sampass, workstations);
|
---|
846 |
|
---|
847 | if (!sampass->workstations) {
|
---|
848 | DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
|
---|
849 | return False;
|
---|
850 | }
|
---|
851 | } else {
|
---|
852 | sampass->workstations = PDB_NOT_QUITE_NULL;
|
---|
853 | }
|
---|
854 |
|
---|
855 | return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
|
---|
856 | }
|
---|
857 |
|
---|
858 | /*********************************************************************
|
---|
859 | ********************************************************************/
|
---|
860 |
|
---|
861 | bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
|
---|
862 | {
|
---|
863 | if (comment) {
|
---|
864 | sampass->comment = talloc_strdup(sampass, comment);
|
---|
865 |
|
---|
866 | if (!sampass->comment) {
|
---|
867 | DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
|
---|
868 | return False;
|
---|
869 | }
|
---|
870 | } else {
|
---|
871 | sampass->comment = PDB_NOT_QUITE_NULL;
|
---|
872 | }
|
---|
873 |
|
---|
874 | return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
|
---|
875 | }
|
---|
876 |
|
---|
877 | /*********************************************************************
|
---|
878 | Set the user's dial string.
|
---|
879 | ********************************************************************/
|
---|
880 |
|
---|
881 | bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
|
---|
882 | {
|
---|
883 | if (munged_dial) {
|
---|
884 | sampass->munged_dial = talloc_strdup(sampass, munged_dial);
|
---|
885 |
|
---|
886 | if (!sampass->munged_dial) {
|
---|
887 | DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
|
---|
888 | return False;
|
---|
889 | }
|
---|
890 | } else {
|
---|
891 | sampass->munged_dial = PDB_NOT_QUITE_NULL;
|
---|
892 | }
|
---|
893 |
|
---|
894 | return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
|
---|
895 | }
|
---|
896 |
|
---|
897 | /*********************************************************************
|
---|
898 | Set the user's NT hash.
|
---|
899 | ********************************************************************/
|
---|
900 |
|
---|
901 | bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
|
---|
902 | {
|
---|
903 | data_blob_clear_free(&sampass->nt_pw);
|
---|
904 |
|
---|
905 | if (pwd) {
|
---|
906 | sampass->nt_pw =
|
---|
907 | data_blob_talloc(sampass, pwd, NT_HASH_LEN);
|
---|
908 | } else {
|
---|
909 | sampass->nt_pw = data_blob_null;
|
---|
910 | }
|
---|
911 |
|
---|
912 | return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
|
---|
913 | }
|
---|
914 |
|
---|
915 | /*********************************************************************
|
---|
916 | Set the user's LM hash.
|
---|
917 | ********************************************************************/
|
---|
918 |
|
---|
919 | bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
|
---|
920 | {
|
---|
921 | data_blob_clear_free(&sampass->lm_pw);
|
---|
922 |
|
---|
923 | /* on keep the password if we are allowing LANMAN authentication */
|
---|
924 |
|
---|
925 | if (pwd && lp_lanman_auth() ) {
|
---|
926 | sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
|
---|
927 | } else {
|
---|
928 | sampass->lm_pw = data_blob_null;
|
---|
929 | }
|
---|
930 |
|
---|
931 | return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
|
---|
932 | }
|
---|
933 |
|
---|
934 | /*********************************************************************
|
---|
935 | Set the user's password history hash. historyLen is the number of
|
---|
936 | PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
|
---|
937 | entries to store in the history - this must match the size of the uint8 array
|
---|
938 | in pwd.
|
---|
939 | ********************************************************************/
|
---|
940 |
|
---|
941 | bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
|
---|
942 | {
|
---|
943 | if (historyLen && pwd){
|
---|
944 | sampass->nt_pw_his = data_blob_talloc(sampass,
|
---|
945 | pwd, historyLen*PW_HISTORY_ENTRY_LEN);
|
---|
946 | if (!sampass->nt_pw_his.length) {
|
---|
947 | DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
|
---|
948 | return False;
|
---|
949 | }
|
---|
950 | } else {
|
---|
951 | sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0);
|
---|
952 | }
|
---|
953 |
|
---|
954 | return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
|
---|
955 | }
|
---|
956 |
|
---|
957 | /*********************************************************************
|
---|
958 | Set the user's plaintext password only (base procedure, see helper
|
---|
959 | below)
|
---|
960 | ********************************************************************/
|
---|
961 |
|
---|
962 | bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
|
---|
963 | {
|
---|
964 | if (password) {
|
---|
965 | if (sampass->plaintext_pw!=NULL)
|
---|
966 | memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
|
---|
967 |
|
---|
968 | sampass->plaintext_pw = talloc_strdup(sampass, password);
|
---|
969 |
|
---|
970 | if (!sampass->plaintext_pw) {
|
---|
971 | DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
|
---|
972 | return False;
|
---|
973 | }
|
---|
974 | } else {
|
---|
975 | sampass->plaintext_pw = NULL;
|
---|
976 | }
|
---|
977 |
|
---|
978 | return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
|
---|
979 | }
|
---|
980 |
|
---|
981 | bool pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
|
---|
982 | {
|
---|
983 | sampass->bad_password_count = bad_password_count;
|
---|
984 | return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
|
---|
985 | }
|
---|
986 |
|
---|
987 | bool pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
|
---|
988 | {
|
---|
989 | sampass->logon_count = logon_count;
|
---|
990 | return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
|
---|
991 | }
|
---|
992 |
|
---|
993 | bool pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
|
---|
994 | {
|
---|
995 | sampass->unknown_6 = unkn;
|
---|
996 | return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
|
---|
997 | }
|
---|
998 |
|
---|
999 | bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
|
---|
1000 | {
|
---|
1001 | if (!hours) {
|
---|
1002 | memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
|
---|
1003 | } else {
|
---|
1004 | memcpy (sampass->hours, hours, MAX_HOURS_LEN);
|
---|
1005 | }
|
---|
1006 |
|
---|
1007 | return pdb_set_init_flags(sampass, PDB_HOURS, flag);
|
---|
1008 | }
|
---|
1009 |
|
---|
1010 | bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
|
---|
1011 | void (*free_fn)(void **),
|
---|
1012 | const struct pdb_methods *my_methods,
|
---|
1013 | enum pdb_value_state flag)
|
---|
1014 | {
|
---|
1015 | if (sampass->backend_private_data &&
|
---|
1016 | sampass->backend_private_data_free_fn) {
|
---|
1017 | sampass->backend_private_data_free_fn(
|
---|
1018 | &sampass->backend_private_data);
|
---|
1019 | }
|
---|
1020 |
|
---|
1021 | sampass->backend_private_data = private_data;
|
---|
1022 | sampass->backend_private_data_free_fn = free_fn;
|
---|
1023 | sampass->backend_private_methods = my_methods;
|
---|
1024 |
|
---|
1025 | return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
|
---|
1026 | }
|
---|
1027 |
|
---|
1028 |
|
---|
1029 | /* Helpful interfaces to the above */
|
---|
1030 |
|
---|
1031 | bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
|
---|
1032 | {
|
---|
1033 | return pdb_set_pass_can_change_time(sampass,
|
---|
1034 | canchange ? 0 : pdb_password_change_time_max(),
|
---|
1035 | PDB_CHANGED);
|
---|
1036 | }
|
---|
1037 |
|
---|
1038 |
|
---|
1039 | /*********************************************************************
|
---|
1040 | Set the user's PLAINTEXT password. Used as an interface to the above.
|
---|
1041 | Also sets the last change time to NOW.
|
---|
1042 | ********************************************************************/
|
---|
1043 |
|
---|
1044 | bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
|
---|
1045 | {
|
---|
1046 | uchar new_lanman_p16[LM_HASH_LEN];
|
---|
1047 | uchar new_nt_p16[NT_HASH_LEN];
|
---|
1048 | uchar *pwhistory;
|
---|
1049 | uint32 pwHistLen;
|
---|
1050 | uint32 current_history_len;
|
---|
1051 |
|
---|
1052 | if (!plaintext)
|
---|
1053 | return False;
|
---|
1054 |
|
---|
1055 | /* Calculate the MD4 hash (NT compatible) of the password */
|
---|
1056 | E_md4hash(plaintext, new_nt_p16);
|
---|
1057 |
|
---|
1058 | if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
|
---|
1059 | return False;
|
---|
1060 |
|
---|
1061 | if (!E_deshash(plaintext, new_lanman_p16)) {
|
---|
1062 | /* E_deshash returns false for 'long' passwords (> 14
|
---|
1063 | DOS chars). This allows us to match Win2k, which
|
---|
1064 | does not store a LM hash for these passwords (which
|
---|
1065 | would reduce the effective password length to 14 */
|
---|
1066 |
|
---|
1067 | if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
|
---|
1068 | return False;
|
---|
1069 | } else {
|
---|
1070 | if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
|
---|
1071 | return False;
|
---|
1072 | }
|
---|
1073 |
|
---|
1074 | if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
|
---|
1075 | return False;
|
---|
1076 |
|
---|
1077 | if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
|
---|
1078 | return False;
|
---|
1079 |
|
---|
1080 | if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
|
---|
1081 | /*
|
---|
1082 | * No password history for non-user accounts
|
---|
1083 | */
|
---|
1084 | return true;
|
---|
1085 | }
|
---|
1086 |
|
---|
1087 | pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
|
---|
1088 |
|
---|
1089 | if (pwHistLen == 0) {
|
---|
1090 | /* Set the history length to zero. */
|
---|
1091 | pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
|
---|
1092 | return true;
|
---|
1093 | }
|
---|
1094 |
|
---|
1095 | /*
|
---|
1096 | * We need to make sure we don't have a race condition here -
|
---|
1097 | * the account policy history length can change between when
|
---|
1098 | * the pw_history was first loaded into the struct samu struct
|
---|
1099 | * and now.... JRA.
|
---|
1100 | */
|
---|
1101 | pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len);
|
---|
1102 |
|
---|
1103 | if ((current_history_len != 0) && (pwhistory == NULL)) {
|
---|
1104 | DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
|
---|
1105 | return false;
|
---|
1106 | }
|
---|
1107 |
|
---|
1108 | if (current_history_len < pwHistLen) {
|
---|
1109 | /*
|
---|
1110 | * Ensure we have space for the needed history. This
|
---|
1111 | * also takes care of an account which did not have
|
---|
1112 | * any history at all so far, i.e. pwhistory==NULL
|
---|
1113 | */
|
---|
1114 | uchar *new_history = talloc_zero_array(
|
---|
1115 | sampass, uchar,
|
---|
1116 | pwHistLen*PW_HISTORY_ENTRY_LEN);
|
---|
1117 |
|
---|
1118 | if (!new_history) {
|
---|
1119 | return False;
|
---|
1120 | }
|
---|
1121 |
|
---|
1122 | memcpy(new_history, pwhistory,
|
---|
1123 | current_history_len*PW_HISTORY_ENTRY_LEN);
|
---|
1124 |
|
---|
1125 | pwhistory = new_history;
|
---|
1126 | }
|
---|
1127 |
|
---|
1128 | /*
|
---|
1129 | * Make room for the new password in the history list.
|
---|
1130 | */
|
---|
1131 | if (pwHistLen > 1) {
|
---|
1132 | memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
|
---|
1133 | (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
|
---|
1134 | }
|
---|
1135 |
|
---|
1136 | /*
|
---|
1137 | * Fill the salt area with 0-s: this indicates that
|
---|
1138 | * a plain nt hash is stored in the has area.
|
---|
1139 | * The old format was to store a 16 byte salt and
|
---|
1140 | * then an md5hash of the nt_hash concatenated with
|
---|
1141 | * the salt.
|
---|
1142 | */
|
---|
1143 | memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
|
---|
1144 |
|
---|
1145 | /*
|
---|
1146 | * Store the plain nt hash in the second 16 bytes.
|
---|
1147 | * The old format was to store the md5 hash of
|
---|
1148 | * the salt+newpw.
|
---|
1149 | */
|
---|
1150 | memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
|
---|
1151 |
|
---|
1152 | pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
|
---|
1153 |
|
---|
1154 | return True;
|
---|
1155 | }
|
---|
1156 |
|
---|
1157 | /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
|
---|
1158 | uint32 pdb_build_fields_present(struct samu *sampass)
|
---|
1159 | {
|
---|
1160 | /* value set to all for testing */
|
---|
1161 | return 0x00ffffff;
|
---|
1162 | }
|
---|