static BOOL logon_hours_ok(struct samu *sampass) { /* In logon hours first bit is Sunday from 12AM to 1AM */ const uint8 *hours; struct tm *utctime; time_t lasttime; const char *asct; uint8 bitmask, bitpos; hours = pdb_get_hours(sampass); if (!hours) { DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass))); return True; } lasttime = time(NULL); utctime = gmtime(&lasttime); if (!utctime) { DEBUG(1, ("logon_hours_ok: failed to get gmtime. Failing logon for user %s\n", pdb_get_username(sampass) )); return False; } /* find the corresponding byte and bit */ bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168; bitmask = 1 << (bitpos % 8); if (! (hours[bitpos/8] & bitmask)) { struct tm *t = localtime(&lasttime); if (!t) { asct = "INVALID TIME"; } else { asct = asctime(t); if (!asct) { asct = "INVALID TIME"; } } DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to " "logon at this time (%s).\n", pdb_get_username(sampass), asct )); return False; } asct = asctime(utctime); DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n", pdb_get_username(sampass), asct ? asct : "UNKNOWN TIME" )); return True; }
static int print_sam_info (struct samu *sam_pwent, bool verbosity, bool smbpwdstyle) { uid_t uid; time_t tmp; /* TODO: check if entry is a user or a workstation */ if (!sam_pwent) return -1; if (verbosity) { char temp[44]; const uint8_t *hours; printf ("Unix username: %s\n", pdb_get_username(sam_pwent)); printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent)); printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN)); printf ("User SID: %s\n", sid_string_tos(pdb_get_user_sid(sam_pwent))); printf ("Primary Group SID: %s\n", sid_string_tos(pdb_get_group_sid(sam_pwent))); printf ("Full Name: %s\n", pdb_get_fullname(sam_pwent)); printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent)); printf ("HomeDir Drive: %s\n", pdb_get_dir_drive(sam_pwent)); printf ("Logon Script: %s\n", pdb_get_logon_script(sam_pwent)); printf ("Profile Path: %s\n", pdb_get_profile_path(sam_pwent)); printf ("Domain: %s\n", pdb_get_domain(sam_pwent)); printf ("Account desc: %s\n", pdb_get_acct_desc(sam_pwent)); printf ("Workstations: %s\n", pdb_get_workstations(sam_pwent)); printf ("Munged dial: %s\n", pdb_get_munged_dial(sam_pwent)); tmp = pdb_get_logon_time(sam_pwent); printf ("Logon time: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_logoff_time(sam_pwent); printf ("Logoff time: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_kickoff_time(sam_pwent); printf ("Kickoff time: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_pass_last_set_time(sam_pwent); printf ("Password last set: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_pass_can_change_time(sam_pwent); printf ("Password can change: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_pass_must_change_time(sam_pwent); printf ("Password must change: %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); tmp = pdb_get_bad_password_time(sam_pwent); printf ("Last bad password : %s\n", tmp ? http_timestring(talloc_tos(), tmp) : "0"); printf ("Bad password count : %d\n", pdb_get_bad_password_count(sam_pwent)); hours = pdb_get_hours(sam_pwent); pdb_sethexhours(temp, hours); printf ("Logon hours : %s\n", temp); } else if (smbpwdstyle) { char lm_passwd[33]; char nt_passwd[33]; uid = nametouid(pdb_get_username(sam_pwent)); pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); printf("%s:%lu:%s:%s:%s:LCT-%08X:\n", pdb_get_username(sam_pwent), (unsigned long)uid, lm_passwd, nt_passwd, pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32_t)convert_time_t_to_uint32_t(pdb_get_pass_last_set_time(sam_pwent))); } else { uid = nametouid(pdb_get_username(sam_pwent)); printf ("%s:%lu:%s\n", pdb_get_username(sam_pwent), (unsigned long)uid, pdb_get_fullname(sam_pwent)); } return 0; }
void copy_id21_to_sam_passwd(const char *log_prefix, struct samu *to, struct samr_UserInfo21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; const char *l; if (from == NULL || to == NULL) { return; } if (log_prefix) { l = log_prefix; } else { l = "INFO_21"; } if (from->fields_present & SAMR_FIELD_LAST_LOGON) { unix_time = nt_time_to_unix(from->last_logon); stored_time = pdb_get_logon_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logon_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) { unix_time = nt_time_to_unix(from->last_logoff); stored_time = pdb_get_logoff_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) { unix_time = nt_time_to_unix(from->acct_expiry); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { unix_time = nt_time_to_unix(from->last_password_change); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) && (from->account_name.string)) { old_string = pdb_get_username(to); new_string = from->account_name.string; DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_username(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_FULL_NAME) && (from->full_name.string)) { old_string = pdb_get_fullname(to); new_string = from->full_name.string; DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_fullname(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) && (from->home_directory.string)) { old_string = pdb_get_homedir(to); new_string = from->home_directory.string; DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_homedir(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) && (from->home_drive.string)) { old_string = pdb_get_dir_drive(to); new_string = from->home_drive.string; DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_dir_drive(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) && (from->logon_script.string)) { old_string = pdb_get_logon_script(to); new_string = from->logon_script.string; DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_logon_script(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) && (from->profile_path.string)) { old_string = pdb_get_profile_path(to); new_string = from->profile_path.string; DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_profile_path(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_DESCRIPTION) && (from->description.string)) { old_string = pdb_get_acct_desc(to); new_string = from->description.string; DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_acct_desc(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) && (from->workstations.string)) { old_string = pdb_get_workstations(to); new_string = from->workstations.string; DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_workstations(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_COMMENT) && (from->comment.string)) { old_string = pdb_get_comment(to); new_string = from->comment.string; DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_comment(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PARAMETERS) && (from->parameters.array)) { char *newstr; DATA_BLOB mung; old_string = pdb_get_munged_dial(to); mung = data_blob_const(from->parameters.array, from->parameters.length); newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l, old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) { pdb_set_munged_dial(to, newstr, PDB_CHANGED); } TALLOC_FREE(newstr); } if (from->fields_present & SAMR_FIELD_RID) { if (from->rid == 0) { DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l)); } else if (from->rid != pdb_get_user_rid(to)) { DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l, pdb_get_user_rid(to), from->rid)); } } if (from->fields_present & SAMR_FIELD_PRIMARY_GID) { if (from->primary_gid == 0) { DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l)); } else if (from->primary_gid != pdb_get_group_rid(to)) { DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l, pdb_get_group_rid(to), from->primary_gid)); pdb_set_group_sid_from_rid(to, from->primary_gid, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) { DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l, pdb_get_acct_ctrl(to), from->acct_flags)); if (from->acct_flags != pdb_get_acct_ctrl(to)) { /* You cannot autolock an unlocked account via * setuserinfo calls, so make sure to remove the * ACB_AUTOLOCK bit here - gd */ if ((from->acct_flags & ACB_AUTOLOCK) && !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { from->acct_flags &= ~ACB_AUTOLOCK; } if (!(from->acct_flags & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LOGON_HOURS) { char oldstr[44]; /* hours strings are 42 bytes. */ char newstr[44]; DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l, pdb_get_logon_divs(to), from->logon_hours.units_per_week)); if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_hours.units_per_week, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l, pdb_get_hours_len(to), from->logon_hours.units_per_week/8)); if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hours.units_per_week/8, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l, pdb_get_hours(to), from->logon_hours.bits)); pdb_sethexhours(oldstr, pdb_get_hours(to)); pdb_sethexhours(newstr, from->logon_hours.bits); if (!strequal(oldstr, newstr)) { pdb_set_hours(to, from->logon_hours.bits, from->logon_hours.units_per_week/8, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_BAD_PWD_COUNT) { DEBUG(10,("%s SAMR_FIELD_BAD_PWD_COUNT: %08X -> %08X\n", l, pdb_get_bad_password_count(to), from->bad_password_count)); if (from->bad_password_count != pdb_get_bad_password_count(to)) { pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_NUM_LOGONS) { DEBUG(10,("%s SAMR_FIELD_NUM_LOGONS: %08X -> %08X\n", l, pdb_get_logon_count(to), from->logon_count)); if (from->logon_count != pdb_get_logon_count(to)) { pdb_set_logon_count(to, from->logon_count, PDB_CHANGED); } } /* If the must change flag is set, the last set time goes to zero. the must change and can change fields also do, but they are calculated from policy, not set from the wire */ if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) { DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l, from->password_expired)); if (from->password_expired != 0) { /* Only allow the set_time to zero (which means "User Must Change Password on Next Login" if the user object allows password change. */ if (pdb_get_pass_can_change(to)) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { DEBUG(10,("%s Disallowing set of 'User Must " "Change Password on Next Login' as " "user object disallows this.\n", l)); } } else { /* A subtlety here: some windows commands will clear the expired flag even though it's not set, and we don't want to reset the time in these caess. "net user /dom <user> /active:y" for example, to clear an autolocked acct. We must check to see if it's expired first. jmcd */ uint32_t pwd_max_age = 0; time_t now = time(NULL); pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age); if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) { pwd_max_age = get_time_t_max(); } stored_time = pdb_get_pass_last_set_time(to); /* we will only *set* a pwdlastset date when a) the last pwdlastset time was 0 (user was forced to change password). b) the users password has not expired. gd. */ if ((stored_time == 0) || ((now - stored_time) > pwd_max_age)) { pdb_set_pass_last_set_time(to, now, PDB_CHANGED); } } } if (from->fields_present & SAMR_FIELD_COUNTRY_CODE) { DEBUG(10,("%s SAMR_FIELD_COUNTRY_CODE: %08X -> %08X\n", l, pdb_get_country_code(to), from->country_code)); if (from->country_code != pdb_get_country_code(to)) { pdb_set_country_code(to, from->country_code, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_CODE_PAGE) { DEBUG(10,("%s SAMR_FIELD_CODE_PAGE: %08X -> %08X\n", l, pdb_get_code_page(to), from->code_page)); if (from->code_page != pdb_get_code_page(to)) { pdb_set_code_page(to, from->code_page, PDB_CHANGED); } } }
static BOOL samu_correct(struct samu *s1, struct samu *s2) { BOOL ret = True; uint32 s1_len, s2_len; const char *s1_buf, *s2_buf; const uint8 *d1_buf, *d2_buf; /* Check Unix username */ s1_buf = pdb_get_username(s1); s2_buf = pdb_get_username(s2); if (s2_buf == NULL && s1_buf != NULL) { DEBUG(0, ("Username is not set\n")); ret = False; } else if (s1_buf == NULL) { /* Do nothing */ } else if (strcmp(s1_buf,s2_buf)) { DEBUG(0, ("Username not written correctly, want %s, got \"%s\"\n", pdb_get_username(s1), pdb_get_username(s2))); ret = False; } /* Check NT username */ s1_buf = pdb_get_nt_username(s1); s2_buf = pdb_get_nt_username(s2); if (s2_buf == NULL && s1_buf != NULL) { DEBUG(0, ("NT Username is not set\n")); ret = False; } else if (s1_buf == NULL) { /* Do nothing */ } else if (strcmp(s1_buf, s2_buf)) { DEBUG(0, ("NT Username not written correctly, want \"%s\", got \"%s\"\n", pdb_get_nt_username(s1), pdb_get_nt_username(s2))); ret = False; } /* Check acct ctrl */ if (pdb_get_acct_ctrl(s1) != pdb_get_acct_ctrl(s2)) { DEBUG(0, ("Acct ctrl field not written correctly, want %d (0x%X), got %d (0x%X)\n", pdb_get_acct_ctrl(s1), pdb_get_acct_ctrl(s1), pdb_get_acct_ctrl(s2), pdb_get_acct_ctrl(s2))); ret = False; } /* Check NT password */ d1_buf = pdb_get_nt_passwd(s1); d2_buf = pdb_get_nt_passwd(s2); if (d2_buf == NULL && d1_buf != NULL) { DEBUG(0, ("NT password is not set\n")); ret = False; } else if (d1_buf == NULL) { /* Do nothing */ } else if (memcmp(d1_buf, d2_buf, NT_HASH_LEN)) { DEBUG(0, ("NT password not written correctly\n")); ret = False; } /* Check lanman password */ d1_buf = pdb_get_lanman_passwd(s1); d2_buf = pdb_get_lanman_passwd(s2); if (d2_buf == NULL && d1_buf != NULL) { DEBUG(0, ("Lanman password is not set\n")); } else if (d1_buf == NULL) { /* Do nothing */ } else if (memcmp(d1_buf, d2_buf, NT_HASH_LEN)) { DEBUG(0, ("Lanman password not written correctly\n")); ret = False; } /* Check password history */ d1_buf = pdb_get_pw_history(s1, &s1_len); d2_buf = pdb_get_pw_history(s2, &s2_len); if (d2_buf == NULL && d1_buf != NULL) { DEBUG(0, ("Password history is not set\n")); } else if (d1_buf == NULL) { /* Do nothing */ } else if (s1_len != s1_len) { DEBUG(0, ("Password history not written correctly, lengths differ, want %d, got %d\n", s1_len, s2_len)); ret = False; } else if (strncmp(s1_buf, s2_buf, s1_len)) { DEBUG(0, ("Password history not written correctly\n")); ret = False; } /* Check logon time */ if (pdb_get_logon_time(s1) != pdb_get_logon_time(s2)) { DEBUG(0, ("Logon time is not written correctly\n")); ret = False; } /* Check logoff time */ if (pdb_get_logoff_time(s1) != pdb_get_logoff_time(s2)) { DEBUG(0, ("Logoff time is not written correctly\n")); ret = False; } /* Check kickoff time */ if (pdb_get_kickoff_time(s1) != pdb_get_logoff_time(s2)) { DEBUG(0, ("Kickoff time is not written correctly\n")); ret = False; } /* Check bad password time */ if (pdb_get_bad_password_time(s1) != pdb_get_bad_password_time(s2)) { DEBUG(0, ("Bad password time is not written correctly\n")); ret = False; } /* Check password last set time */ if (pdb_get_pass_last_set_time(s1) != pdb_get_pass_last_set_time(s2)) { DEBUG(0, ("Password last set time is not written correctly\n")); ret = False; } /* Check password can change time */ if (pdb_get_pass_can_change_time(s1) != pdb_get_pass_can_change_time(s2)) { DEBUG(0, ("Password can change time is not written correctly\n")); ret = False; } /* Check password must change time */ if (pdb_get_pass_must_change_time(s1) != pdb_get_pass_must_change_time(s2)) { DEBUG(0, ("Password must change time is not written correctly\n")); ret = False; } /* Check logon divs */ if (pdb_get_logon_divs(s1) != pdb_get_logon_divs(s2)) { DEBUG(0, ("Logon divs not written correctly\n")); ret = False; } /* Check logon hours */ if (pdb_get_hours_len(s1) != pdb_get_hours_len(s2)) { DEBUG(0, ("Logon hours length not written correctly\n")); ret = False; } else if (pdb_get_hours_len(s1) != 0) { d1_buf = pdb_get_hours(s1); d2_buf = pdb_get_hours(s2); if (d2_buf == NULL && d2_buf != NULL) { DEBUG(0, ("Logon hours is not set\n")); ret = False; } else if (d1_buf == NULL) { /* Do nothing */ } else if (memcmp(d1_buf, d2_buf, MAX_HOURS_LEN)) { DEBUG(0, ("Logon hours is not written correctly\n")); ret = False; } } /* Check profile path */ s1_buf = pdb_get_profile_path(s1); s2_buf = pdb_get_profile_path(s2); if (s2_buf == NULL && s1_buf != NULL) { DEBUG(0, ("Profile path is not set\n")); ret = False; } else if (s1_buf == NULL) { /* Do nothing */ } else if (strcmp(s1_buf, s2_buf)) { DEBUG(0, ("Profile path is not written correctly\n")); ret = False; } /* Check home dir */ s1_buf = pdb_get_homedir(s1); s2_buf = pdb_get_homedir(s2); if (s2_buf == NULL && s1_buf != NULL) { DEBUG(0, ("Home dir is not set\n")); ret = False; } else if (s1_buf == NULL) { /* Do nothing */ } else if (strcmp(s1_buf, s2_buf)) { DEBUG(0, ("Home dir is not written correctly\n")); ret = False; } /* Check logon script */ s1_buf = pdb_get_logon_script(s1); s2_buf = pdb_get_logon_script(s2); if (s2_buf == NULL && s1_buf != NULL) { DEBUG(0, ("Logon script not set\n")); ret = False; } else if (s1_buf == NULL) { /* Do nothing */ } else if (strcmp(s1_buf, s2_buf)) { DEBUG(0, ("Logon script is not written correctly\n")); ret = False; } /* TODO Check user and group sids */ return ret; }
void copy_id21_to_sam_passwd(const char *log_prefix, struct samu *to, struct samr_UserInfo21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; const char *l; if (from == NULL || to == NULL) { return; } if (log_prefix) { l = log_prefix; } else { l = "INFO_21"; } if (from->fields_present & SAMR_FIELD_LAST_LOGON) { unix_time = nt_time_to_unix(from->last_logon); stored_time = pdb_get_logon_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logon_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) { unix_time = nt_time_to_unix(from->last_logoff); stored_time = pdb_get_logoff_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) { unix_time = nt_time_to_unix(from->acct_expiry); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { unix_time = nt_time_to_unix(from->last_password_change); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) && (from->account_name.string)) { old_string = pdb_get_username(to); new_string = from->account_name.string; DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_username(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_FULL_NAME) && (from->full_name.string)) { old_string = pdb_get_fullname(to); new_string = from->full_name.string; DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_fullname(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) && (from->home_directory.string)) { old_string = pdb_get_homedir(to); new_string = from->home_directory.string; DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_homedir(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) && (from->home_drive.string)) { old_string = pdb_get_dir_drive(to); new_string = from->home_drive.string; DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_dir_drive(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) && (from->logon_script.string)) { old_string = pdb_get_logon_script(to); new_string = from->logon_script.string; DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_logon_script(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) && (from->profile_path.string)) { old_string = pdb_get_profile_path(to); new_string = from->profile_path.string; DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_profile_path(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_DESCRIPTION) && (from->description.string)) { old_string = pdb_get_acct_desc(to); new_string = from->description.string; DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_acct_desc(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) && (from->workstations.string)) { old_string = pdb_get_workstations(to); new_string = from->workstations.string; DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_workstations(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_COMMENT) && (from->comment.string)) { old_string = pdb_get_comment(to); new_string = from->comment.string; DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_comment(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PARAMETERS) && (from->parameters.array)) { char *newstr; DATA_BLOB mung; old_string = pdb_get_munged_dial(to); mung = data_blob_const(from->parameters.array, from->parameters.length); newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l, old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) { pdb_set_munged_dial(to, newstr, PDB_CHANGED); } TALLOC_FREE(newstr); } if (from->fields_present & SAMR_FIELD_RID) { if (from->rid == 0) { DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l)); } else if (from->rid != pdb_get_user_rid(to)) { DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l, pdb_get_user_rid(to), from->rid)); } } if (from->fields_present & SAMR_FIELD_PRIMARY_GID) { if (from->primary_gid == 0) { DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l)); } else if (from->primary_gid != pdb_get_group_rid(to)) { DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l, pdb_get_group_rid(to), from->primary_gid)); pdb_set_group_sid_from_rid(to, from->primary_gid, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) { DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l, pdb_get_acct_ctrl(to), from->acct_flags)); if (from->acct_flags != pdb_get_acct_ctrl(to)) { /* You cannot autolock an unlocked account via * setuserinfo calls, so make sure to remove the * ACB_AUTOLOCK bit here - gd */ if ((from->acct_flags & ACB_AUTOLOCK) && !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { from->acct_flags &= ~ACB_AUTOLOCK; } if (!(from->acct_flags & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LOGON_HOURS) { char oldstr[44]; /* hours strings are 42 bytes. */ char newstr[44]; DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l, pdb_get_logon_divs(to), from->logon_hours.units_per_week)); if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_hours.units_per_week, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l, pdb_get_hours_len(to), from->logon_hours.units_per_week/8)); if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hours.units_per_week/8, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l, pdb_get_hours(to), from->logon
void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; DATA_BLOB mung; if (from == NULL || to == NULL) return; if (from->fields_present & ACCT_LAST_LOGON) { unix_time=nt_time_to_unix(&from->logon_time); stored_time = pdb_get_logon_time(to); DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_logon_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_LAST_LOGOFF) { unix_time=nt_time_to_unix(&from->logoff_time); stored_time = pdb_get_logoff_time(to); DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_EXPIRY) { unix_time=nt_time_to_unix(&from->kickoff_time); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_can_change_time); stored_time = pdb_get_pass_can_change_time(to); DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_must_change_time); stored_time=pdb_get_pass_must_change_time(to); DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); } if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { old_string = pdb_get_username(to); new_string = unistr2_static(&from->uni_user_name); DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string)); if (STRING_CHANGED) pdb_set_username(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_FULL_NAME) && (from->hdr_full_name.buffer)) { old_string = pdb_get_fullname(to); new_string = unistr2_static(&from->uni_full_name); DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_fullname(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_HOME_DIR) && (from->hdr_home_dir.buffer)) { old_string = pdb_get_homedir(to); new_string = unistr2_static(&from->uni_home_dir); DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_homedir(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_HOME_DRIVE) && (from->hdr_dir_drive.buffer)) { old_string = pdb_get_dir_drive(to); new_string = unistr2_static(&from->uni_dir_drive); DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_dir_drive(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_LOGON_SCRIPT) && (from->hdr_logon_script.buffer)) { old_string = pdb_get_logon_script(to); new_string = unistr2_static(&from->uni_logon_script); DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_logon_script(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_PROFILE) && (from->hdr_profile_path.buffer)) { old_string = pdb_get_profile_path(to); new_string = unistr2_static(&from->uni_profile_path); DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_profile_path(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_DESCRIPTION) && (from->hdr_acct_desc.buffer)) { old_string = pdb_get_acct_desc(to); new_string = unistr2_static(&from->uni_acct_desc); DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_acct_desc(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_WORKSTATIONS) && (from->hdr_workstations.buffer)) { old_string = pdb_get_workstations(to); new_string = unistr2_static(&from->uni_workstations); DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_workstations(to , new_string, PDB_CHANGED); } /* is this right? */ if ((from->fields_present & ACCT_ADMIN_DESC) && (from->hdr_unknown_str.buffer)) { old_string = pdb_get_unknown_str(to); new_string = unistr2_static(&from->uni_unknown_str); DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_unknown_str(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_CALLBACK) && (from->hdr_munged_dial.buffer)) { char *newstr; old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); SAFE_FREE(newstr); } if (from->fields_present & ACCT_RID) { if (from->user_rid == 0) { DEBUG(10, ("INFO_21: Asked to set User RID to 0 !? Skipping change!\n")); } else if (from->user_rid != pdb_get_user_rid(to)) { DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid)); } } if (from->fields_present & ACCT_PRIMARY_GID) { if (from->group_rid == 0) { DEBUG(10, ("INFO_21: Asked to set Group RID to 0 !? Skipping change!\n")); } else if (from->group_rid != pdb_get_group_rid(to)) { DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid)); pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED); } } if (from->fields_present & ACCT_FLAGS) { DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info)); if (from->acb_info != pdb_get_acct_ctrl(to)) { if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED); } } if (from->fields_present & ACCT_LOGON_HOURS) { DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs)); if (from->logon_divs != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED); } DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len)); if (from->logon_hrs.len != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED); } DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours)); /* Fix me: only update if it changes --metze */ pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); /* This is max logon hours */ DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6)); if (from->unknown_6 != pdb_get_unknown_6(to)) { pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED); } } if (from->fields_present & ACCT_BAD_PWD_COUNT) { DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count)); if (from->bad_password_count != pdb_get_bad_password_count(to)) { pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED); } } if (from->fields_present & ACCT_NUM_LOGONS) { DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count)); if (from->logon_count != pdb_get_logon_count(to)) { pdb_set_logon_count(to, from->logon_count, PDB_CHANGED); } } DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_must_change_time(to,0, PDB_CHANGED); } DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); DEBUG(10,("INFO_21 PADDING_4: %08X\n",from->padding4)); }