Beispiel #1
0
/* Helper function for adding a user to the db. */
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                         const char *name, struct samu *sampass, bool exist)
{
	char *err_str = NULL;
	char *msg_str = NULL;
	const char *pass = NULL;
	int retval;
	TALLOC_CTX *frame = talloc_stackframe();

	/* Get the authtok; if we don't have one, silently fail. */
	retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass );

	if (retval != PAM_SUCCESS) {
		_log_err(pamh, LOG_ALERT
			, "pam_get_item returned error to pam_sm_authenticate" );
		TALLOC_FREE(frame);
		return PAM_AUTHTOK_RECOVER_ERR;
	}

	/* Add the user to the db if they aren't already there. */
	if (!exist) {
		retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
					pass, &err_str, &msg_str));
		if (!retval && err_str) {
			make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
		} else if (msg_str) {
			make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
		}
		pass = NULL;

		SAFE_FREE(err_str);
		SAFE_FREE(msg_str);
		TALLOC_FREE(frame);
		return PAM_IGNORE;
	} else {
		/* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
		if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) {
			retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD,
					pass, &err_str, &msg_str));
			if (!retval && err_str) {
				make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
			} else if (msg_str) {
				make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
			}
		}
	}
    
	SAFE_FREE(err_str);
	SAFE_FREE(msg_str);
	pass = NULL;
	TALLOC_FREE(frame);
	return PAM_IGNORE;
}
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
{
	int retval;
	pstring err_str;
	pstring msg_str;

	err_str[0] = '\0';
	msg_str[0] = '\0';

	retval = local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
	                                err_str, sizeof(err_str),
	                                msg_str, sizeof(msg_str) );

	if (!retval) {
		if (*err_str) {
			err_str[PSTRING_LEN-1] = '\0';
			make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
		}

		/* FIXME: what value is appropriate here? */
		retval = PAM_AUTHTOK_ERR;
	} else {
		if (*msg_str) {
			msg_str[PSTRING_LEN-1] = '\0';
			make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
		}
		retval = PAM_SUCCESS;
	}

	return retval;      
}
Beispiel #3
0
static NTSTATUS password_change(const char *remote_mach, char *username, 
				char *old_passwd, char *new_pw,
				int local_flags)
{
	NTSTATUS ret;
	pstring err_str;
	pstring msg_str;

	if (remote_mach != NULL) {
		if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
							LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
			/* these things can't be done remotely yet */
			return NT_STATUS_UNSUCCESSFUL;
		}
		ret = remote_password_change(remote_mach, username, 
					     old_passwd, new_pw, err_str, sizeof(err_str));
		if(*err_str)
			fprintf(stderr, "%s", err_str);
		return ret;
	}
	
	ret = local_password_change(username, local_flags, new_pw, 
				     err_str, sizeof(err_str), msg_str, sizeof(msg_str));

	if(*msg_str)
		printf("%s", msg_str);
	if(*err_str)
		fprintf(stderr, "%s", err_str);

	return ret;
}
Beispiel #4
0
static NTSTATUS password_change(const char *remote_mach, char *username, 
				char *old_passwd, char *new_pw,
				int local_flags)
{
	NTSTATUS ret;
	char *err_str = NULL;
	char *msg_str = NULL;

	if (remote_mach != NULL) {
		if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|
				   LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
				   LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
			/* these things can't be done remotely yet */
			fprintf(stderr, "Invalid remote operation!\n");
			return NT_STATUS_UNSUCCESSFUL;
		}
		ret = remote_password_change(remote_mach, username,
					     old_passwd, new_pw, &err_str);
	} else {
		ret = local_password_change(username, local_flags, new_pw,
					    &err_str, &msg_str);
	}

	if (msg_str) {
		printf("%s", msg_str);
	}
	if (err_str) {
		fprintf(stderr, "%s", err_str);
	}
	if (!NT_STATUS_IS_OK(ret) && !err_str) {
		fprintf(stderr, "Failed to change password!\n");
	}

	SAFE_FREE(msg_str);
	SAFE_FREE(err_str);
	return ret;
}
Beispiel #5
0
static int new_machine(const char *machinename, char *machine_sid)
{
	char *err = NULL, *msg = NULL;
	struct samu *sam_pwent = NULL;
	TALLOC_CTX *tosctx;
	NTSTATUS status;
	struct dom_sid m_sid;
	char *compatpwd;
	char *name;
	int flags;
	int len;
	int ret;

	len = strlen(machinename);
	if (len == 0) {
		fprintf(stderr, "No machine name given\n");
		return -1;
	}

	tosctx = talloc_tos();
	if (!tosctx) {
		fprintf(stderr, "Out of memory!\n");
		return -1;
	}

	if (machine_sid) {
		if (get_sid_from_cli_string(&m_sid, machine_sid)) {
			fprintf(stderr, "Failed to parse SID\n");
			return -1;
		}
	}

	compatpwd = talloc_strdup(tosctx, machinename);
	if (!compatpwd) {
		fprintf(stderr, "Out of memory!\n");
		return -1;
	}

	if (machinename[len-1] == '$') {
		name = talloc_strdup(tosctx, machinename);
		compatpwd[len-1] = '\0';
	} else {
		name = talloc_asprintf(tosctx, "%s$", machinename);
	}
	if (!name) {
		fprintf(stderr, "Out of memory!\n");
		return -1;
	}

	if (!strlower_m(name)) {
		fprintf(stderr, "strlower_m %s failed\n", name);
		return -1;
	}

	flags = LOCAL_ADD_USER | LOCAL_TRUST_ACCOUNT | LOCAL_SET_PASSWORD;

	status = local_password_change(name, flags, compatpwd, &err, &msg);

	if (!NT_STATUS_IS_OK(status)) {
		if (err) fprintf(stderr, "%s", err);
		ret = -1;
	}

	sam_pwent = samu_new(tosctx);
	if (!sam_pwent) {
		fprintf(stderr, "Out of memory!\n");
		ret = -1;
		goto done;
	}

	if (!pdb_getsampwnam(sam_pwent, name)) {
		fprintf(stderr, "Machine %s not found!\n", name);
		ret = -1;
		goto done;
	}

	if (machine_sid)
		pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED);

	status = pdb_update_sam_account(sam_pwent);
	if (!NT_STATUS_IS_OK(status)) {
		fprintf(stderr,
			"Failed to modify entry for %s.!\n", name);
		ret = -1;
		goto done;
	}

	print_user_info(name, True, False);
	ret = 0;

done:
	SAFE_FREE(err);
	SAFE_FREE(msg);
	TALLOC_FREE(sam_pwent);
	return ret;
}
Beispiel #6
0
/*********************************************************
 Add New User
**********************************************************/
static int new_user(const char *username, const char *fullname,
		    const char *homedir, const char *drive,
		    const char *script, const char *profile,
		    char *user_sid, bool stdin_get)
{
	char *pwd1 = NULL, *pwd2 = NULL;
	char *err = NULL, *msg = NULL;
	struct samu *sam_pwent = NULL;
	TALLOC_CTX *tosctx;
	NTSTATUS status;
	struct dom_sid u_sid;
	int flags;
	int ret;

	tosctx = talloc_tos();
	if (!tosctx) {
		fprintf(stderr, "Out of memory!\n");
		return -1;
	}

	if (user_sid) {
		if (get_sid_from_cli_string(&u_sid, user_sid)) {
			fprintf(stderr, "Failed to parse SID\n");
			return -1;
		}
	}

	pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n");
		return -1;
	}
	ret = strcmp(pwd1, pwd2);
	if (ret != 0) {
		fprintf (stderr, "Passwords do not match!\n");
		goto done;
	}

	flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD;

	status = local_password_change(username, flags, pwd1, &err, &msg);
	if (!NT_STATUS_IS_OK(status)) {
		if (err) fprintf(stderr, "%s", err);
		ret = -1;
		goto done;
	}

	sam_pwent = samu_new(tosctx);
	if (!sam_pwent) {
		fprintf(stderr, "Out of memory!\n");
		ret = -1;
		goto done;
	}

	if (!pdb_getsampwnam(sam_pwent, username)) {
		fprintf(stderr, "User %s not found!\n", username);
		ret = -1;
		goto done;
	}

	if (fullname)
		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
	if (homedir)
		pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
	if (drive)
		pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED);
	if (script)
		pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
	if (profile)
		pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED);
	if (user_sid)
		pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED);

	status = pdb_update_sam_account(sam_pwent);
	if (!NT_STATUS_IS_OK(status)) {
		fprintf(stderr,
			"Failed to modify entry for user %s.!\n",
			username);
		ret = -1;
		goto done;
	}

	print_user_info(username, True, False);
	ret = 0;

done:
	if (pwd1) memset(pwd1, 0, strlen(pwd1));
	if (pwd2) memset(pwd2, 0, strlen(pwd2));
	SAFE_FREE(pwd1);
	SAFE_FREE(pwd2);
	SAFE_FREE(err);
	SAFE_FREE(msg);
	TALLOC_FREE(sam_pwent);
	return ret;
}
Beispiel #7
0
/* Helper function for adding a user to the db. */
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                         const char *name, SAM_ACCOUNT *sampass, BOOL exist)
{
    pstring err_str;
    pstring msg_str;
    const char *pass = NULL;
    int retval;

    err_str[0] = '\0';
    msg_str[0] = '\0';

    /* Get the authtok; if we don't have one, silently fail. */
    retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );

    if (retval != PAM_SUCCESS) {
	_log_err( LOG_ALERT
	          , "pam_get_item returned error to pam_sm_authenticate" );
	return PAM_AUTHTOK_RECOVER_ERR;
    } else if (pass == NULL) {
	return PAM_AUTHTOK_RECOVER_ERR;
    }

    /* Add the user to the db if they aren't already there. */
   if (!exist) {
	retval = local_password_change( name, LOCAL_ADD_USER,
	                                 pass, err_str,
	                                 sizeof(err_str),
	                                 msg_str, sizeof(msg_str) );
	if (!retval && *err_str)
	{
	    err_str[PSTRING_LEN-1] = '\0';
	    make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
	}
	else if (*msg_str)
	{
	    msg_str[PSTRING_LEN-1] = '\0';
	    make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
	}
	pass = NULL;

	return PAM_IGNORE;
   }
   else {
    /* Change the user's password IFF it's null. */
    if ((pdb_get_lanman_passwd(sampass) == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
    {
	retval = local_password_change( name, 0, pass, err_str, sizeof(err_str),
	                                 msg_str, sizeof(msg_str) );
	if (!retval && *err_str)
	{
	    err_str[PSTRING_LEN-1] = '\0';
	    make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
	}
	else if (*msg_str)
	{
	    msg_str[PSTRING_LEN-1] = '\0';
	    make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
	}
    }
   }
    
    pass = NULL;

    return PAM_IGNORE;
}