bool login_cache_delentry(const struct samu *sampass)
{
int ret;
char *keystr;
if (!login_cache_init())
return False;
if (pdb_get_nt_username(sampass) == NULL) {
return False;
}
keystr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keystr || !keystr[0]) {
SAFE_FREE(keystr);
return False;
}
DEBUG(9, ("About to delete entry for %s\n", keystr));
ret = tdb_delete_bystring(cache, keystr);
DEBUG(9, ("tdb_delete returned %d\n", ret));
SAFE_FREE(keystr);
return ret == 0;
}
BOOL login_cache_delentry(const struct samu *sampass)
{
int ret;
TDB_DATA keybuf;
if (!login_cache_init())
return False;
if (pdb_get_nt_username(sampass) == NULL) {
return False;
}
keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keybuf.dptr || !strlen(keybuf.dptr)) {
SAFE_FREE(keybuf.dptr);
return False;
}
keybuf.dsize = strlen(keybuf.dptr) + 1;
DEBUG(9, ("About to delete entry for %s\n", keybuf.dptr));
ret = tdb_delete(cache, keybuf);
DEBUG(9, ("tdb_delete returned %d\n", ret));
SAFE_FREE(keybuf.dptr);
return ret == 0;
}
/* if we can't read the cache, oh well, no need to return anything */
bool login_cache_read(struct samu *sampass, struct login_cache *entry)
{
char *keystr;
TDB_DATA databuf;
uint32_t entry_timestamp = 0, bad_password_time = 0;
uint16_t acct_ctrl;
if (!login_cache_init()) {
return false;
}
if (pdb_get_nt_username(sampass) == NULL) {
return false;
}
keystr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keystr || !keystr[0]) {
SAFE_FREE(keystr);
return false;
}
DEBUG(7, ("Looking up login cache for user %s\n",
keystr));
databuf = tdb_fetch_bystring(cache, keystr);
SAFE_FREE(keystr);
ZERO_STRUCTP(entry);
if (tdb_unpack (databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT,
&entry_timestamp,
&acct_ctrl,
&entry->bad_password_count,
&bad_password_time) == -1) {
DEBUG(7, ("No cache entry found\n"));
SAFE_FREE(databuf.dptr);
return false;
}
/*
* Deal with 32-bit acct_ctrl. In the tdb we only store 16-bit
* ("w" in SAM_CACHE_FORMAT). Fixes bug 7253.
*/
entry->acct_ctrl = acct_ctrl;
/* Deal with possible 64-bit time_t. */
entry->entry_timestamp = (time_t)entry_timestamp;
entry->bad_password_time = (time_t)bad_password_time;
SAFE_FREE(databuf.dptr);
DEBUG(5, ("Found login cache entry: timestamp %12u, flags 0x%x, count %d, time %12u\n",
(unsigned int)entry->entry_timestamp, entry->acct_ctrl,
entry->bad_password_count, (unsigned int)entry->bad_password_time));
return true;
}
bool login_cache_write(const struct samu *sampass,
const struct login_cache *entry)
{
char *keystr;
TDB_DATA databuf;
bool ret;
uint32_t entry_timestamp;
uint32_t bad_password_time = entry->bad_password_time;
if (!login_cache_init())
return False;
if (pdb_get_nt_username(sampass) == NULL) {
return False;
}
keystr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keystr || !keystr[0]) {
SAFE_FREE(keystr);
return False;
}
entry_timestamp = (uint32_t)time(NULL);
databuf.dsize =
tdb_pack(NULL, 0, SAM_CACHE_FORMAT,
entry_timestamp,
entry->acct_ctrl,
entry->bad_password_count,
bad_password_time);
databuf.dptr = SMB_MALLOC_ARRAY(uint8_t, databuf.dsize);
if (!databuf.dptr) {
SAFE_FREE(keystr);
return False;
}
if (tdb_pack(databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT,
entry_timestamp,
entry->acct_ctrl,
entry->bad_password_count,
bad_password_time)
!= databuf.dsize) {
SAFE_FREE(keystr);
SAFE_FREE(databuf.dptr);
return False;
}
ret = tdb_store_bystring(cache, keystr, databuf, 0);
SAFE_FREE(keystr);
SAFE_FREE(databuf.dptr);
return ret == 0;
}
BOOL login_cache_write(const struct samu *sampass, LOGIN_CACHE entry)
{
TDB_DATA keybuf, databuf;
BOOL ret;
if (!login_cache_init())
return False;
if (pdb_get_nt_username(sampass) == NULL) {
return False;
}
keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keybuf.dptr || !strlen(keybuf.dptr)) {
SAFE_FREE(keybuf.dptr);
return False;
}
keybuf.dsize = strlen(keybuf.dptr) + 1;
entry.entry_timestamp = time(NULL);
databuf.dsize =
tdb_pack(NULL, 0, SAM_CACHE_FORMAT,
entry.entry_timestamp,
entry.acct_ctrl,
entry.bad_password_count,
entry.bad_password_time);
databuf.dptr = SMB_MALLOC_ARRAY(char, databuf.dsize);
if (!databuf.dptr) {
SAFE_FREE(keybuf.dptr);
return False;
}
if (tdb_pack(databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT,
entry.entry_timestamp,
entry.acct_ctrl,
entry.bad_password_count,
entry.bad_password_time)
!= databuf.dsize) {
SAFE_FREE(keybuf.dptr);
SAFE_FREE(databuf.dptr);
return False;
}
ret = tdb_store(cache, keybuf, databuf, 0);
SAFE_FREE(keybuf.dptr);
SAFE_FREE(databuf.dptr);
return ret == 0;
}
/* if we can't read the cache, oh well, no need to return anything */
LOGIN_CACHE * login_cache_read(struct samu *sampass)
{
char *keystr;
TDB_DATA databuf;
LOGIN_CACHE *entry;
if (!login_cache_init())
return NULL;
if (pdb_get_nt_username(sampass) == NULL) {
return NULL;
}
keystr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keystr || !keystr[0]) {
SAFE_FREE(keystr);
return NULL;
}
DEBUG(7, ("Looking up login cache for user %s\n",
keystr));
databuf = tdb_fetch_bystring(cache, keystr);
SAFE_FREE(keystr);
if (!(entry = SMB_MALLOC_P(LOGIN_CACHE))) {
DEBUG(1, ("Unable to allocate cache entry buffer!\n"));
SAFE_FREE(databuf.dptr);
return NULL;
}
if (tdb_unpack (databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT,
&entry->entry_timestamp, &entry->acct_ctrl,
&entry->bad_password_count,
&entry->bad_password_time) == -1) {
DEBUG(7, ("No cache entry found\n"));
SAFE_FREE(entry);
SAFE_FREE(databuf.dptr);
return NULL;
}
SAFE_FREE(databuf.dptr);
DEBUG(5, ("Found login cache entry: timestamp %12u, flags 0x%x, count %d, time %12u\n",
(unsigned int)entry->entry_timestamp, entry->acct_ctrl,
entry->bad_password_count, (unsigned int)entry->bad_password_time));
return entry;
}
static int print_sam_info (struct samu *sam_pwent, bool verbosity, bool smbpwdstyle)
{
uid_t uid;
time_t tmp;
/* TODO: check if entry is a user or a workstation */
if (!sam_pwent) return -1;
if (verbosity) {
char temp[44];
const uint8_t *hours;
printf ("Unix username: %s\n", pdb_get_username(sam_pwent));
printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent));
printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN));
printf ("User SID: %s\n",
sid_string_tos(pdb_get_user_sid(sam_pwent)));
printf ("Primary Group SID: %s\n",
sid_string_tos(pdb_get_group_sid(sam_pwent)));
printf ("Full Name: %s\n", pdb_get_fullname(sam_pwent));
printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
printf ("HomeDir Drive: %s\n", pdb_get_dir_drive(sam_pwent));
printf ("Logon Script: %s\n", pdb_get_logon_script(sam_pwent));
printf ("Profile Path: %s\n", pdb_get_profile_path(sam_pwent));
printf ("Domain: %s\n", pdb_get_domain(sam_pwent));
printf ("Account desc: %s\n", pdb_get_acct_desc(sam_pwent));
printf ("Workstations: %s\n", pdb_get_workstations(sam_pwent));
printf ("Munged dial: %s\n", pdb_get_munged_dial(sam_pwent));
tmp = pdb_get_logon_time(sam_pwent);
printf ("Logon time: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_logoff_time(sam_pwent);
printf ("Logoff time: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_kickoff_time(sam_pwent);
printf ("Kickoff time: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_pass_last_set_time(sam_pwent);
printf ("Password last set: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_pass_can_change_time(sam_pwent);
printf ("Password can change: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_pass_must_change_time(sam_pwent);
printf ("Password must change: %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
tmp = pdb_get_bad_password_time(sam_pwent);
printf ("Last bad password : %s\n",
tmp ? http_timestring(talloc_tos(), tmp) : "0");
printf ("Bad password count : %d\n",
pdb_get_bad_password_count(sam_pwent));
hours = pdb_get_hours(sam_pwent);
pdb_sethexhours(temp, hours);
printf ("Logon hours : %s\n", temp);
} else if (smbpwdstyle) {
char lm_passwd[33];
char nt_passwd[33];
uid = nametouid(pdb_get_username(sam_pwent));
pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
printf("%s:%lu:%s:%s:%s:LCT-%08X:\n",
pdb_get_username(sam_pwent),
(unsigned long)uid,
lm_passwd,
nt_passwd,
pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
(uint32_t)convert_time_t_to_uint32_t(pdb_get_pass_last_set_time(sam_pwent)));
} else {
uid = nametouid(pdb_get_username(sam_pwent));
printf ("%s:%lu:%s\n", pdb_get_username(sam_pwent), (unsigned long)uid,
pdb_get_fullname(sam_pwent));
}
return 0;
}
static BOOL samu_correct(struct samu *s1, struct samu *s2)
{
BOOL ret = True;
uint32 s1_len, s2_len;
const char *s1_buf, *s2_buf;
const uint8 *d1_buf, *d2_buf;
/* Check Unix username */
s1_buf = pdb_get_username(s1);
s2_buf = pdb_get_username(s2);
if (s2_buf == NULL && s1_buf != NULL) {
DEBUG(0, ("Username is not set\n"));
ret = False;
} else if (s1_buf == NULL) {
/* Do nothing */
} else if (strcmp(s1_buf,s2_buf)) {
DEBUG(0, ("Username not written correctly, want %s, got \"%s\"\n",
pdb_get_username(s1),
pdb_get_username(s2)));
ret = False;
}
/* Check NT username */
s1_buf = pdb_get_nt_username(s1);
s2_buf = pdb_get_nt_username(s2);
if (s2_buf == NULL && s1_buf != NULL) {
DEBUG(0, ("NT Username is not set\n"));
ret = False;
} else if (s1_buf == NULL) {
/* Do nothing */
} else if (strcmp(s1_buf, s2_buf)) {
DEBUG(0, ("NT Username not written correctly, want \"%s\", got \"%s\"\n",
pdb_get_nt_username(s1),
pdb_get_nt_username(s2)));
ret = False;
}
/* Check acct ctrl */
if (pdb_get_acct_ctrl(s1) != pdb_get_acct_ctrl(s2)) {
DEBUG(0, ("Acct ctrl field not written correctly, want %d (0x%X), got %d (0x%X)\n",
pdb_get_acct_ctrl(s1),
pdb_get_acct_ctrl(s1),
pdb_get_acct_ctrl(s2),
pdb_get_acct_ctrl(s2)));
ret = False;
}
/* Check NT password */
d1_buf = pdb_get_nt_passwd(s1);
d2_buf = pdb_get_nt_passwd(s2);
if (d2_buf == NULL && d1_buf != NULL) {
DEBUG(0, ("NT password is not set\n"));
ret = False;
} else if (d1_buf == NULL) {
/* Do nothing */
} else if (memcmp(d1_buf, d2_buf, NT_HASH_LEN)) {
DEBUG(0, ("NT password not written correctly\n"));
ret = False;
}
/* Check lanman password */
d1_buf = pdb_get_lanman_passwd(s1);
d2_buf = pdb_get_lanman_passwd(s2);
if (d2_buf == NULL && d1_buf != NULL) {
DEBUG(0, ("Lanman password is not set\n"));
} else if (d1_buf == NULL) {
/* Do nothing */
} else if (memcmp(d1_buf, d2_buf, NT_HASH_LEN)) {
DEBUG(0, ("Lanman password not written correctly\n"));
ret = False;
}
/* Check password history */
d1_buf = pdb_get_pw_history(s1, &s1_len);
d2_buf = pdb_get_pw_history(s2, &s2_len);
if (d2_buf == NULL && d1_buf != NULL) {
DEBUG(0, ("Password history is not set\n"));
} else if (d1_buf == NULL) {
/* Do nothing */
} else if (s1_len != s1_len) {
DEBUG(0, ("Password history not written correctly, lengths differ, want %d, got %d\n",
s1_len, s2_len));
ret = False;
} else if (strncmp(s1_buf, s2_buf, s1_len)) {
DEBUG(0, ("Password history not written correctly\n"));
ret = False;
}
/* Check logon time */
if (pdb_get_logon_time(s1) != pdb_get_logon_time(s2)) {
DEBUG(0, ("Logon time is not written correctly\n"));
ret = False;
}
/* Check logoff time */
if (pdb_get_logoff_time(s1) != pdb_get_logoff_time(s2)) {
DEBUG(0, ("Logoff time is not written correctly\n"));
ret = False;
}
/* Check kickoff time */
if (pdb_get_kickoff_time(s1) != pdb_get_logoff_time(s2)) {
DEBUG(0, ("Kickoff time is not written correctly\n"));
ret = False;
}
/* Check bad password time */
if (pdb_get_bad_password_time(s1) != pdb_get_bad_password_time(s2)) {
DEBUG(0, ("Bad password time is not written correctly\n"));
ret = False;
}
/* Check password last set time */
if (pdb_get_pass_last_set_time(s1) != pdb_get_pass_last_set_time(s2)) {
DEBUG(0, ("Password last set time is not written correctly\n"));
ret = False;
}
/* Check password can change time */
if (pdb_get_pass_can_change_time(s1) != pdb_get_pass_can_change_time(s2)) {
DEBUG(0, ("Password can change time is not written correctly\n"));
ret = False;
}
/* Check password must change time */
if (pdb_get_pass_must_change_time(s1) != pdb_get_pass_must_change_time(s2)) {
DEBUG(0, ("Password must change time is not written correctly\n"));
ret = False;
}
/* Check logon divs */
if (pdb_get_logon_divs(s1) != pdb_get_logon_divs(s2)) {
DEBUG(0, ("Logon divs not written correctly\n"));
ret = False;
}
/* Check logon hours */
if (pdb_get_hours_len(s1) != pdb_get_hours_len(s2)) {
DEBUG(0, ("Logon hours length not written correctly\n"));
ret = False;
} else if (pdb_get_hours_len(s1) != 0) {
d1_buf = pdb_get_hours(s1);
d2_buf = pdb_get_hours(s2);
if (d2_buf == NULL && d2_buf != NULL) {
DEBUG(0, ("Logon hours is not set\n"));
ret = False;
} else if (d1_buf == NULL) {
/* Do nothing */
} else if (memcmp(d1_buf, d2_buf, MAX_HOURS_LEN)) {
DEBUG(0, ("Logon hours is not written correctly\n"));
ret = False;
}
}
/* Check profile path */
s1_buf = pdb_get_profile_path(s1);
s2_buf = pdb_get_profile_path(s2);
if (s2_buf == NULL && s1_buf != NULL) {
DEBUG(0, ("Profile path is not set\n"));
ret = False;
} else if (s1_buf == NULL) {
/* Do nothing */
} else if (strcmp(s1_buf, s2_buf)) {
DEBUG(0, ("Profile path is not written correctly\n"));
ret = False;
}
/* Check home dir */
s1_buf = pdb_get_homedir(s1);
s2_buf = pdb_get_homedir(s2);
if (s2_buf == NULL && s1_buf != NULL) {
DEBUG(0, ("Home dir is not set\n"));
ret = False;
} else if (s1_buf == NULL) {
/* Do nothing */
} else if (strcmp(s1_buf, s2_buf)) {
DEBUG(0, ("Home dir is not written correctly\n"));
ret = False;
}
/* Check logon script */
s1_buf = pdb_get_logon_script(s1);
s2_buf = pdb_get_logon_script(s2);
if (s2_buf == NULL && s1_buf != NULL) {
DEBUG(0, ("Logon script not set\n"));
ret = False;
} else if (s1_buf == NULL) {
/* Do nothing */
} else if (strcmp(s1_buf, s2_buf)) {
DEBUG(0, ("Logon script is not written correctly\n"));
ret = False;
}
/* TODO Check user and group sids */
return ret;
}
