static NTSTATUS row_to_sam_account ( PGresult *r, long row, SAM_ACCOUNT *u )
{
pstring temp ;
DOM_SID sid ;
if ( row >= PQntuples( r ) ) return NT_STATUS_INVALID_PARAMETER ;
pdb_set_logon_time ( u, PQgetlong ( r, row, 0 ), PDB_SET ) ;
pdb_set_logoff_time ( u, PQgetlong ( r, row, 1 ), PDB_SET ) ;
pdb_set_kickoff_time ( u, PQgetlong ( r, row, 2 ), PDB_SET ) ;
pdb_set_pass_last_set_time ( u, PQgetlong ( r, row, 3 ), PDB_SET ) ;
pdb_set_pass_can_change_time ( u, PQgetlong ( r, row, 4 ), PDB_SET ) ;
pdb_set_pass_must_change_time( u, PQgetlong ( r, row, 5 ), PDB_SET ) ;
pdb_set_username ( u, PQgetvalue( r, row, 6 ), PDB_SET ) ;
pdb_set_domain ( u, PQgetvalue( r, row, 7 ), PDB_SET ) ;
pdb_set_nt_username ( u, PQgetvalue( r, row, 8 ), PDB_SET ) ;
pdb_set_fullname ( u, PQgetvalue( r, row, 9 ), PDB_SET ) ;
pdb_set_homedir ( u, PQgetvalue( r, row, 10 ), PDB_SET ) ;
pdb_set_dir_drive ( u, PQgetvalue( r, row, 11 ), PDB_SET ) ;
pdb_set_logon_script ( u, PQgetvalue( r, row, 12 ), PDB_SET ) ;
pdb_set_profile_path ( u, PQgetvalue( r, row, 13 ), PDB_SET ) ;
pdb_set_acct_desc ( u, PQgetvalue( r, row, 14 ), PDB_SET ) ;
pdb_set_workstations ( u, PQgetvalue( r, row, 15 ), PDB_SET ) ;
pdb_set_unknown_str ( u, PQgetvalue( r, row, 16 ), PDB_SET ) ;
pdb_set_munged_dial ( u, PQgetvalue( r, row, 17 ), PDB_SET ) ;
pdb_set_acct_ctrl ( u, PQgetlong ( r, row, 23 ), PDB_SET ) ;
pdb_set_logon_divs ( u, PQgetlong ( r, row, 24 ), PDB_SET ) ;
pdb_set_hours_len ( u, PQgetlong ( r, row, 25 ), PDB_SET ) ;
pdb_set_bad_password_count ( u, PQgetlong (r, row, 26 ), PDB_SET ) ;
pdb_set_logon_count ( u, PQgetlong ( r, row, 27 ), PDB_SET ) ;
pdb_set_unknown_6 ( u, PQgetlong ( r, row, 28 ), PDB_SET ) ;
if ( !PQgetisnull( r, row, 18 ) ) {
string_to_sid( &sid, PQgetvalue( r, row, 18 ) ) ;
pdb_set_user_sid ( u, &sid, PDB_SET ) ;
}
if ( !PQgetisnull( r, row, 19 ) ) {
string_to_sid( &sid, PQgetvalue( r, row, 19 ) ) ;
pdb_set_group_sid( u, &sid, PDB_SET ) ;
}
if ( pdb_gethexpwd( PQgetvalue( r, row, 20 ), temp ), PDB_SET ) pdb_set_lanman_passwd( u, temp, PDB_SET ) ;
if ( pdb_gethexpwd( PQgetvalue( r, row, 21 ), temp ), PDB_SET ) pdb_set_nt_passwd ( u, temp, PDB_SET ) ;
/* Only use plaintext password storage when lanman and nt are NOT used */
if ( PQgetisnull( r, row, 20 ) || PQgetisnull( r, row, 21 ) ) pdb_set_plaintext_passwd( u, PQgetvalue( r, row, 22 ) ) ;
return NT_STATUS_OK ;
}
/**
* update the encrypted smbpasswd file from the plaintext username and password
*
* this ugly hack needs to die, but not quite yet, I think people still use it...
**/
static BOOL update_smbpassword_file(const char *user, const char *password)
{
struct samu *sampass;
BOOL ret;
if ( !(sampass = samu_new( NULL )) ) {
return False;
}
become_root();
ret = pdb_getsampwnam(sampass, user);
unbecome_root();
if(ret == False) {
DEBUG(0,("pdb_getsampwnam returned NULL\n"));
TALLOC_FREE(sampass);
return False;
}
/*
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
TALLOC_FREE(sampass);
return False;
}
if (!pdb_set_plaintext_passwd (sampass, password)) {
TALLOC_FREE(sampass);
return False;
}
/* Now write it into the file. */
become_root();
ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass));
unbecome_root();
if (ret) {
DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
}
TALLOC_FREE(sampass);
return ret;
}
static int set_machine_info(const char *machinename,
const char *account_control,
const char *machine_sid)
{
struct samu *sam_pwent = NULL;
TALLOC_CTX *tosctx;
uint32_t acb_flags;
uint32_t not_settable;
uint32_t new_flags;
struct dom_sid m_sid;
char *name;
int len;
bool ret;
len = strlen(machinename);
if (len == 0) {
fprintf(stderr, "No machine name given\n");
return -1;
}
tosctx = talloc_tos();
if (!tosctx) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
sam_pwent = samu_new(tosctx);
if (!sam_pwent) {
return 1;
}
if (machinename[len-1] == '$') {
name = talloc_strdup(sam_pwent, machinename);
} else {
name = talloc_asprintf(sam_pwent, "%s$", machinename);
}
if (!name) {
fprintf(stderr, "Out of memory!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (!strlower_m(name)) {
fprintf(stderr, "strlower_m %s failed\n", name);
TALLOC_FREE(sam_pwent);
return -1;
}
ret = pdb_getsampwnam(sam_pwent, name);
if (!ret) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (account_control) {
not_settable = ~(ACB_DISABLED);
new_flags = pdb_decode_acct_ctrl(account_control);
if (new_flags & not_settable) {
fprintf(stderr, "Can only set [D] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
acb_flags = pdb_get_acct_ctrl(sam_pwent);
pdb_set_acct_ctrl(sam_pwent,
(acb_flags & not_settable) | new_flags,
PDB_CHANGED);
}
if (machine_sid) {
if (get_sid_from_cli_string(&m_sid, machine_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
print_user_info(name, True, False);
} else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
static int set_user_info(const char *username, const char *fullname,
const char *homedir, const char *acct_desc,
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *user_domain,
const bool badpw, const bool hours,
const char *kickoff_time)
{
bool updated_autolock = False, updated_badpw = False;
struct samu *sam_pwent;
uint8_t hours_array[MAX_HOURS_LEN];
uint32_t hours_len;
uint32_t acb_flags;
uint32_t not_settable;
uint32_t new_flags;
struct dom_sid u_sid;
bool ret;
sam_pwent = samu_new(NULL);
if (!sam_pwent) {
return 1;
}
ret = pdb_getsampwnam(sam_pwent, username);
if (!ret) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (hours) {
hours_len = pdb_get_hours_len(sam_pwent);
memset(hours_array, 0xff, hours_len);
pdb_set_hours(sam_pwent, hours_array, hours_len, PDB_CHANGED);
}
if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
DEBUG(2,("pdb_update_autolock_flag failed.\n"));
}
if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
DEBUG(2,("pdb_update_bad_password_count failed.\n"));
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (acct_desc)
pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_domain)
pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
if (account_control) {
not_settable = ~(ACB_DISABLED | ACB_HOMDIRREQ |
ACB_PWNOTREQ | ACB_PWNOEXP | ACB_AUTOLOCK);
new_flags = pdb_decode_acct_ctrl(account_control);
if (new_flags & not_settable) {
fprintf(stderr, "Can only set [NDHLX] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
acb_flags = pdb_get_acct_ctrl(sam_pwent);
pdb_set_acct_ctrl(sam_pwent,
(acb_flags & not_settable) | new_flags,
PDB_CHANGED);
}
if (user_sid) {
if (get_sid_from_cli_string(&u_sid, user_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED);
}
if (badpw) {
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
if (kickoff_time) {
char *endptr;
time_t value = get_time_t_max();
if (strcmp(kickoff_time, "never") != 0) {
uint32_t num = strtoul(kickoff_time, &endptr, 10);
if ((endptr == kickoff_time) || (endptr[0] != '\0')) {
fprintf(stderr, "Failed to parse kickoff time\n");
return -1;
}
value = convert_uint32_t_to_time_t(num);
}
pdb_set_kickoff_time(sam_pwent, value, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
print_user_info(username, True, False);
} else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
/************************************************************************
makes a struct sam_passwd from a NIS+ object.
************************************************************************/
static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, nis_object *obj)
{
char *ptr;
pstring full_name; /* this must be translated to dos code page */
pstring acct_desc; /* this must be translated to dos code page */
pstring home_dir; /* set default value from smb.conf for user */
pstring home_drive; /* set default value from smb.conf for user */
pstring logon_script; /* set default value from smb.conf for user */
pstring profile_path; /* set default value from smb.conf for user */
pstring hours;
int hours_len;
unsigned char smbpwd[16];
unsigned char smbntpwd[16];
/*
* time values. note: this code assumes 32bit time_t!
*/
pdb_set_logon_time(pw_buf, (time_t)0);
ptr = ENTRY_VAL(obj, NPF_LOGON_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "LNT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_logon_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
pdb_set_logoff_time(pw_buf, get_time_t_max());
ptr = ENTRY_VAL(obj, NPF_LOGOFF_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "LOT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_logoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
pdb_set_kickoff_time(pw_buf, get_time_t_max());
ptr = ENTRY_VAL(obj, NPF_KICK_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "KOT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_kickoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
pdb_set_pass_last_set_time(pw_buf, (time_t)0);
ptr = ENTRY_VAL(obj, NPF_PWDLSET_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "LCT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_pass_last_set_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
pdb_set_pass_can_change_time(pw_buf, (time_t)0);
ptr = ENTRY_VAL(obj, NPF_PWDCCHG_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "CCT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_pass_can_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
pdb_set_pass_must_change_time(pw_buf, get_time_t_max()); /* Password never expires. */
ptr = ENTRY_VAL(obj, NPF_PWDMCHG_T);
if(ptr && *ptr && (StrnCaseCmp(ptr, "MCT-", 4)==0)) {
int i;
ptr += 4;
for(i = 0; i < 8; i++) {
if(ptr[i] == '\0' || !isxdigit(ptr[i]))
break;
}
if(i == 8) {
pdb_set_pass_must_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
}
}
/* string values */
pdb_set_username(pw_buf, ENTRY_VAL(obj, NPF_NAME));
pdb_set_domain(pw_buf, lp_workgroup());
/* pdb_set_nt_username() -- cant set it here... */
get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring));
unix_to_dos(full_name);
pdb_set_fullname(pw_buf, full_name);
pdb_set_acct_ctrl(pw_buf, pdb_decode_acct_ctrl(ENTRY_VAL(obj,
NPF_ACB)));
get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring));
unix_to_dos(acct_desc);
pdb_set_acct_desc(pw_buf, acct_desc);
pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS));
pdb_set_munged_dial(pw_buf, NULL);
/* Might want to consult sys_getpwnam for the following two.
for now, use same default as pdb_fill-default_sam */
ptr = ENTRY_VAL(obj, NPF_UID);
pdb_set_uid(pw_buf, ptr ? atoi(ptr) : -1);
ptr = ENTRY_VAL(obj, NPF_SMB_GRPID);
pdb_set_gid(pw_buf, ptr ? atoi(ptr) : -1);
ptr = ENTRY_VAL(obj, NPF_USER_RID);
pdb_set_user_rid(pw_buf, ptr ? atoi(ptr) :
pdb_uid_to_user_rid(pdb_get_uid(pw_buf)));
ptr = ENTRY_VAL(obj, NPF_GROUP_RID);
pdb_set_group_rid(pw_buf, ptr ? atoi(ptr) :
pdb_gid_to_group_rid(pdb_get_gid(pw_buf)));
/* values, must exist for user */
if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
/* FIXME!! This doesn't belong here.
Should be set in net_sam_logon()
--jerry */
pstrcpy(samlogon_user, pdb_get_username(pw_buf));
get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring));
if( !(home_dir && *home_dir) ) {
pstrcpy(home_dir, lp_logon_home());
pdb_set_homedir(pw_buf, home_dir, False);
}
else
pdb_set_homedir(pw_buf, home_dir, True);
get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring));
if( !(home_drive && *home_drive) ) {
pstrcpy(home_drive, lp_logon_drive());
pdb_set_dir_drive(pw_buf, home_drive, False);
}
else
pdb_set_dir_drive(pw_buf, home_drive, True);
get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script,
sizeof(pstring));
if( !(logon_script && *logon_script) ) {
pstrcpy(logon_script, lp_logon_script());
pdb_set_logon_script(pw_buf, logon_script, False);
}
else
pdb_set_logon_script(pw_buf, logon_script, True);
get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring));
if( !(profile_path && *profile_path) ) {
pstrcpy(profile_path, lp_logon_path());
pdb_set_profile_path(pw_buf, profile_path, False);
}
else
pdb_set_profile_path(pw_buf, profile_path, True);
}
else
{
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
}
/* Check the lanman password column. */
ptr = ENTRY_VAL(obj, NPF_LMPWD);
if (!pdb_set_lanman_passwd(pw_buf, NULL))
return False;
if (!strncasecmp(ptr, "NO PASSWORD", 11)) {
pdb_set_acct_ctrl(pw_buf, pdb_get_acct_ctrl(pw_buf) | ACB_PWNOTREQ);
} else {
if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbpwd)) {
DEBUG(0, ("malformed LM pwd entry: %s.\n",
pdb_get_username(pw_buf)));
return False;
}
if (!pdb_set_lanman_passwd(pw_buf, smbpwd))
return False;
}
/* Check the NT password column. */
ptr = ENTRY_VAL(obj, NPF_NTPWD);
if (!pdb_set_nt_passwd(pw_buf, NULL))
return False;
if (!(pdb_get_acct_ctrl(pw_buf) & ACB_PWNOTREQ) &&
strncasecmp(ptr, "NO PASSWORD", 11)) {
if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbntpwd)) {
DEBUG(0, ("malformed NT pwd entry:\
uid = %d.\n",
pdb_get_uid(pw_buf)));
return False;
}
if (!pdb_set_nt_passwd(pw_buf, smbntpwd))
return False;
}
void copy_id21_to_sam_passwd(const char *log_prefix,
struct samu *to,
struct samr_UserInfo21 *from)
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
const char *l;
if (from == NULL || to == NULL) {
return;
}
if (log_prefix) {
l = log_prefix;
} else {
l = "INFO_21";
}
if (from->fields_present & SAMR_FIELD_LAST_LOGON) {
unix_time = nt_time_to_unix(from->last_logon);
stored_time = pdb_get_logon_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_logon_time(to, unix_time, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) {
unix_time = nt_time_to_unix(from->last_logoff);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) {
unix_time = nt_time_to_unix(from->acct_expiry);
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
unix_time = nt_time_to_unix(from->last_password_change);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) &&
(from->account_name.string)) {
old_string = pdb_get_username(to);
new_string = from->account_name.string;
DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_username(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_FULL_NAME) &&
(from->full_name.string)) {
old_string = pdb_get_fullname(to);
new_string = from->full_name.string;
DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_fullname(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) &&
(from->home_directory.string)) {
old_string = pdb_get_homedir(to);
new_string = from->home_directory.string;
DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_homedir(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) &&
(from->home_drive.string)) {
old_string = pdb_get_dir_drive(to);
new_string = from->home_drive.string;
DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_dir_drive(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) &&
(from->logon_script.string)) {
old_string = pdb_get_logon_script(to);
new_string = from->logon_script.string;
DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_logon_script(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) &&
(from->profile_path.string)) {
old_string = pdb_get_profile_path(to);
new_string = from->profile_path.string;
DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_profile_path(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_DESCRIPTION) &&
(from->description.string)) {
old_string = pdb_get_acct_desc(to);
new_string = from->description.string;
DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_acct_desc(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) &&
(from->workstations.string)) {
old_string = pdb_get_workstations(to);
new_string = from->workstations.string;
DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_workstations(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_COMMENT) &&
(from->comment.string)) {
old_string = pdb_get_comment(to);
new_string = from->comment.string;
DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_comment(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_PARAMETERS) &&
(from->parameters.array)) {
char *newstr;
DATA_BLOB mung;
old_string = pdb_get_munged_dial(to);
mung = data_blob_const(from->parameters.array,
from->parameters.length);
newstr = (mung.length == 0) ?
NULL : base64_encode_data_blob(talloc_tos(), mung);
DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l,
old_string, newstr));
if (STRING_CHANGED_NC(old_string,newstr)) {
pdb_set_munged_dial(to, newstr, PDB_CHANGED);
}
TALLOC_FREE(newstr);
}
if (from->fields_present & SAMR_FIELD_RID) {
if (from->rid == 0) {
DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l));
} else if (from->rid != pdb_get_user_rid(to)) {
DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l,
pdb_get_user_rid(to), from->rid));
}
}
if (from->fields_present & SAMR_FIELD_PRIMARY_GID) {
if (from->primary_gid == 0) {
DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l));
} else if (from->primary_gid != pdb_get_group_rid(to)) {
DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l,
pdb_get_group_rid(to), from->primary_gid));
pdb_set_group_sid_from_rid(to,
from->primary_gid, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) {
DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l,
pdb_get_acct_ctrl(to), from->acct_flags));
if (from->acct_flags != pdb_get_acct_ctrl(to)) {
/* You cannot autolock an unlocked account via
* setuserinfo calls, so make sure to remove the
* ACB_AUTOLOCK bit here - gd */
if ((from->acct_flags & ACB_AUTOLOCK) &&
!(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
from->acct_flags &= ~ACB_AUTOLOCK;
}
if (!(from->acct_flags & ACB_AUTOLOCK) &&
(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
/* We're unlocking a previously locked user. Reset bad password counts.
Patch from Jianliang Lu. <*****@*****.**> */
pdb_set_bad_password_count(to, 0, PDB_CHANGED);
pdb_set_bad_password_time(to, 0, PDB_CHANGED);
}
pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LOGON_HOURS) {
char oldstr[44]; /* hours strings are 42 bytes. */
char newstr[44];
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l,
pdb_get_logon_divs(to), from->logon_hours.units_per_week));
if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) {
pdb_set_logon_divs(to,
from->logon_hours.units_per_week, PDB_CHANGED);
}
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l,
pdb_get_hours_len(to),
from->logon_hours.units_per_week/8));
if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) {
pdb_set_hours_len(to,
from->logon_hours.units_per_week/8, PDB_CHANGED);
}
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l,
pdb_get_hours(to), from->logon_hours.bits));
pdb_sethexhours(oldstr, pdb_get_hours(to));
pdb_sethexhours(newstr, from->logon_hours.bits);
if (!strequal(oldstr, newstr)) {
pdb_set_hours(to, from->logon_hours.bits,
from->logon_hours.units_per_week/8,
PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_BAD_PWD_COUNT) {
DEBUG(10,("%s SAMR_FIELD_BAD_PWD_COUNT: %08X -> %08X\n", l,
pdb_get_bad_password_count(to), from->bad_password_count));
if (from->bad_password_count != pdb_get_bad_password_count(to)) {
pdb_set_bad_password_count(to,
from->bad_password_count, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_NUM_LOGONS) {
DEBUG(10,("%s SAMR_FIELD_NUM_LOGONS: %08X -> %08X\n", l,
pdb_get_logon_count(to), from->logon_count));
if (from->logon_count != pdb_get_logon_count(to)) {
pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
}
}
/* If the must change flag is set, the last set time goes to zero.
the must change and can change fields also do, but they are
calculated from policy, not set from the wire */
if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) {
DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
from->password_expired));
if (from->password_expired != 0) {
/* Only allow the set_time to zero (which means
"User Must Change Password on Next Login"
if the user object allows password change. */
if (pdb_get_pass_can_change(to)) {
pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
} else {
DEBUG(10,("%s Disallowing set of 'User Must "
"Change Password on Next Login' as "
"user object disallows this.\n", l));
}
} else {
/* A subtlety here: some windows commands will
clear the expired flag even though it's not
set, and we don't want to reset the time
in these caess. "net user /dom <user> /active:y"
for example, to clear an autolocked acct.
We must check to see if it's expired first. jmcd */
uint32_t pwd_max_age = 0;
time_t now = time(NULL);
pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age);
if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) {
pwd_max_age = get_time_t_max();
}
stored_time = pdb_get_pass_last_set_time(to);
/* we will only *set* a pwdlastset date when
a) the last pwdlastset time was 0 (user was forced to
change password).
b) the users password has not expired. gd. */
if ((stored_time == 0) ||
((now - stored_time) > pwd_max_age)) {
pdb_set_pass_last_set_time(to, now, PDB_CHANGED);
}
}
}
if (from->fields_present & SAMR_FIELD_COUNTRY_CODE) {
DEBUG(10,("%s SAMR_FIELD_COUNTRY_CODE: %08X -> %08X\n", l,
pdb_get_country_code(to), from->country_code));
if (from->country_code != pdb_get_country_code(to)) {
pdb_set_country_code(to,
from->country_code, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_CODE_PAGE) {
DEBUG(10,("%s SAMR_FIELD_CODE_PAGE: %08X -> %08X\n", l,
pdb_get_code_page(to), from->code_page));
if (from->code_page != pdb_get_code_page(to)) {
pdb_set_code_page(to,
from->code_page, PDB_CHANGED);
}
}
}
void copy_id21_to_sam_passwd(const char *log_prefix,
struct samu *to,
struct samr_UserInfo21 *from)
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
const char *l;
if (from == NULL || to == NULL) {
return;
}
if (log_prefix) {
l = log_prefix;
} else {
l = "INFO_21";
}
if (from->fields_present & SAMR_FIELD_LAST_LOGON) {
unix_time = nt_time_to_unix(from->last_logon);
stored_time = pdb_get_logon_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_logon_time(to, unix_time, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) {
unix_time = nt_time_to_unix(from->last_logoff);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) {
unix_time = nt_time_to_unix(from->acct_expiry);
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
unix_time = nt_time_to_unix(from->last_password_change);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l,
(long unsigned int)stored_time,
(long unsigned int)unix_time));
if (stored_time != unix_time) {
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) &&
(from->account_name.string)) {
old_string = pdb_get_username(to);
new_string = from->account_name.string;
DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_username(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_FULL_NAME) &&
(from->full_name.string)) {
old_string = pdb_get_fullname(to);
new_string = from->full_name.string;
DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_fullname(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) &&
(from->home_directory.string)) {
old_string = pdb_get_homedir(to);
new_string = from->home_directory.string;
DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_homedir(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) &&
(from->home_drive.string)) {
old_string = pdb_get_dir_drive(to);
new_string = from->home_drive.string;
DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_dir_drive(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) &&
(from->logon_script.string)) {
old_string = pdb_get_logon_script(to);
new_string = from->logon_script.string;
DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_logon_script(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) &&
(from->profile_path.string)) {
old_string = pdb_get_profile_path(to);
new_string = from->profile_path.string;
DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_profile_path(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_DESCRIPTION) &&
(from->description.string)) {
old_string = pdb_get_acct_desc(to);
new_string = from->description.string;
DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_acct_desc(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) &&
(from->workstations.string)) {
old_string = pdb_get_workstations(to);
new_string = from->workstations.string;
DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_workstations(to , new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_COMMENT) &&
(from->comment.string)) {
old_string = pdb_get_comment(to);
new_string = from->comment.string;
DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l,
old_string, new_string));
if (STRING_CHANGED) {
pdb_set_comment(to, new_string, PDB_CHANGED);
}
}
if ((from->fields_present & SAMR_FIELD_PARAMETERS) &&
(from->parameters.array)) {
char *newstr;
DATA_BLOB mung;
old_string = pdb_get_munged_dial(to);
mung = data_blob_const(from->parameters.array,
from->parameters.length);
newstr = (mung.length == 0) ?
NULL : base64_encode_data_blob(talloc_tos(), mung);
DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l,
old_string, newstr));
if (STRING_CHANGED_NC(old_string,newstr)) {
pdb_set_munged_dial(to, newstr, PDB_CHANGED);
}
TALLOC_FREE(newstr);
}
if (from->fields_present & SAMR_FIELD_RID) {
if (from->rid == 0) {
DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l));
} else if (from->rid != pdb_get_user_rid(to)) {
DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l,
pdb_get_user_rid(to), from->rid));
}
}
if (from->fields_present & SAMR_FIELD_PRIMARY_GID) {
if (from->primary_gid == 0) {
DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l));
} else if (from->primary_gid != pdb_get_group_rid(to)) {
DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l,
pdb_get_group_rid(to), from->primary_gid));
pdb_set_group_sid_from_rid(to,
from->primary_gid, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) {
DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l,
pdb_get_acct_ctrl(to), from->acct_flags));
if (from->acct_flags != pdb_get_acct_ctrl(to)) {
/* You cannot autolock an unlocked account via
* setuserinfo calls, so make sure to remove the
* ACB_AUTOLOCK bit here - gd */
if ((from->acct_flags & ACB_AUTOLOCK) &&
!(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
from->acct_flags &= ~ACB_AUTOLOCK;
}
if (!(from->acct_flags & ACB_AUTOLOCK) &&
(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
/* We're unlocking a previously locked user. Reset bad password counts.
Patch from Jianliang Lu. <*****@*****.**> */
pdb_set_bad_password_count(to, 0, PDB_CHANGED);
pdb_set_bad_password_time(to, 0, PDB_CHANGED);
}
pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED);
}
}
if (from->fields_present & SAMR_FIELD_LOGON_HOURS) {
char oldstr[44]; /* hours strings are 42 bytes. */
char newstr[44];
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l,
pdb_get_logon_divs(to), from->logon_hours.units_per_week));
if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) {
pdb_set_logon_divs(to,
from->logon_hours.units_per_week, PDB_CHANGED);
}
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l,
pdb_get_hours_len(to),
from->logon_hours.units_per_week/8));
if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) {
pdb_set_hours_len(to,
from->logon_hours.units_per_week/8, PDB_CHANGED);
}
DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l,
pdb_get_hours(to), from->logon
static int new_machine (struct pdb_methods *in, const char *machine_in)
{
struct samu *sam_pwent=NULL;
fstring machinename;
fstring machineaccount;
struct passwd *pwd = NULL;
get_global_sam_sid();
if (strlen(machine_in) == 0) {
fprintf(stderr, "No machine name given\n");
return -1;
}
fstrcpy(machinename, machine_in);
machinename[15]= '\0';
if (machinename[strlen (machinename) -1] == '$')
machinename[strlen (machinename) -1] = '\0';
strlower_m(machinename);
fstrcpy(machineaccount, machinename);
fstrcat(machineaccount, "$");
if ((pwd = getpwnam_alloc(NULL, machineaccount))) {
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
fprintf(stderr, "Memory allocation error!\n");
TALLOC_FREE(pwd);
return -1;
}
if ( !NT_STATUS_IS_OK(samu_set_unix(sam_pwent, pwd )) ) {
fprintf(stderr, "Could not init sam from pw\n");
TALLOC_FREE(pwd);
return -1;
}
TALLOC_FREE(pwd);
} else {
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
fprintf(stderr, "Could not init sam from pw\n");
return -1;
}
}
pdb_set_plaintext_passwd (sam_pwent, machinename);
pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED);
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
print_user_info (in, machineaccount, True, False);
} else {
fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
/*********************************************************
Add New User
**********************************************************/
static int new_user (struct pdb_methods *in, const char *username,
const char *fullname, const char *homedir,
const char *drive, const char *script,
const char *profile, char *user_sid, BOOL stdin_get)
{
struct samu *sam_pwent;
char *password1, *password2;
int rc_pwd_cmp;
struct passwd *pwd;
get_global_sam_sid();
if ( !(pwd = getpwnam_alloc( NULL, username )) ) {
DEBUG(0,("Cannot locate Unix account for %s\n", username));
return -1;
}
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
DEBUG(0, ("Memory allocation failure!\n"));
return -1;
}
if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) {
TALLOC_FREE( sam_pwent );
TALLOC_FREE( pwd );
DEBUG(0, ("could not create account to add new user %s\n", username));
return -1;
}
password1 = get_pass( "new password:"******"retype new password:"******"Passwords do not match!\n");
TALLOC_FREE(sam_pwent);
} else {
pdb_set_plaintext_passwd(sam_pwent, password1);
}
memset(password1, 0, strlen(password1));
SAFE_FREE(password1);
memset(password2, 0, strlen(password2));
SAFE_FREE(password2);
/* pwds do _not_ match? */
if (rc_pwd_cmp)
return -1;
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
print_user_info (in, username, True, False);
} else {
fprintf (stderr, "Unable to add user! (does it already exist?)\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
static int set_user_info (struct pdb_methods *in, const char *username,
const char *fullname, const char *homedir,
const char *acct_desc,
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *user_domain,
const BOOL badpw, const BOOL hours)
{
BOOL updated_autolock = False, updated_badpw = False;
struct samu *sam_pwent=NULL;
BOOL ret;
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
return 1;
}
ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
if (ret==False) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (hours) {
uint8 hours_array[MAX_HOURS_LEN];
uint32 hours_len;
hours_len = pdb_get_hours_len(sam_pwent);
memset(hours_array, 0xff, hours_len);
pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED);
}
if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
DEBUG(2,("pdb_update_autolock_flag failed.\n"));
}
if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
DEBUG(2,("pdb_update_bad_password_count failed.\n"));
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (acct_desc)
pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_domain)
pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
if (account_control) {
uint32 not_settable = ~(ACB_DISABLED|ACB_HOMDIRREQ|ACB_PWNOTREQ|
ACB_PWNOEXP|ACB_AUTOLOCK);
uint32 newflag = pdb_decode_acct_ctrl(account_control);
if (newflag & not_settable) {
fprintf(stderr, "Can only set [NDHLX] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
pdb_set_acct_ctrl(sam_pwent,
(pdb_get_acct_ctrl(sam_pwent) & not_settable) | newflag,
PDB_CHANGED);
}
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
if (badpw) {
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(in->update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
DATA_BLOB mung;
if (from == NULL || to == NULL)
return;
if (from->fields_present & ACCT_LAST_LOGON) {
unix_time=nt_time_to_unix(&from->logon_time);
stored_time = pdb_get_logon_time(to);
DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_logon_time(to, unix_time, PDB_CHANGED);
}
if (from->fields_present & ACCT_LAST_LOGOFF) {
unix_time=nt_time_to_unix(&from->logoff_time);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
if (from->fields_present & ACCT_EXPIRY) {
unix_time=nt_time_to_unix(&from->kickoff_time);
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_can_change_time);
stored_time = pdb_get_pass_can_change_time(to);
DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
}
if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
if (from->fields_present & ACCT_FORCE_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_must_change_time);
stored_time=pdb_get_pass_must_change_time(to);
DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
}
if ((from->fields_present & ACCT_USERNAME) &&
(from->hdr_user_name.buffer)) {
old_string = pdb_get_username(to);
new_string = unistr2_static(&from->uni_user_name);
DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
if (STRING_CHANGED)
pdb_set_username(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_FULL_NAME) &&
(from->hdr_full_name.buffer)) {
old_string = pdb_get_fullname(to);
new_string = unistr2_static(&from->uni_full_name);
DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
pdb_set_fullname(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_HOME_DIR) &&
(from->hdr_home_dir.buffer)) {
old_string = pdb_get_homedir(to);
new_string = unistr2_static(&from->uni_home_dir);
DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
pdb_set_homedir(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_HOME_DRIVE) &&
(from->hdr_dir_drive.buffer)) {
old_string = pdb_get_dir_drive(to);
new_string = unistr2_static(&from->uni_dir_drive);
DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
pdb_set_dir_drive(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
(from->hdr_logon_script.buffer)) {
old_string = pdb_get_logon_script(to);
new_string = unistr2_static(&from->uni_logon_script);
DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
pdb_set_logon_script(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_PROFILE) &&
(from->hdr_profile_path.buffer)) {
old_string = pdb_get_profile_path(to);
new_string = unistr2_static(&from->uni_profile_path);
DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
pdb_set_profile_path(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_DESCRIPTION) &&
(from->hdr_acct_desc.buffer)) {
old_string = pdb_get_acct_desc(to);
new_string = unistr2_static(&from->uni_acct_desc);
DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
pdb_set_acct_desc(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_WORKSTATIONS) &&
(from->hdr_workstations.buffer)) {
old_string = pdb_get_workstations(to);
new_string = unistr2_static(&from->uni_workstations);
DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
pdb_set_workstations(to , new_string, PDB_CHANGED);
}
/* is this right? */
if ((from->fields_present & ACCT_ADMIN_DESC) &&
(from->hdr_unknown_str.buffer)) {
old_string = pdb_get_unknown_str(to);
new_string = unistr2_static(&from->uni_unknown_str);
DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
pdb_set_unknown_str(to , new_string, PDB_CHANGED);
}
if ((from->fields_present & ACCT_CALLBACK) &&
(from->hdr_munged_dial.buffer)) {
char *newstr;
old_string = pdb_get_munged_dial(to);
mung.length = from->hdr_munged_dial.uni_str_len;
mung.data = (uint8 *) from->uni_munged_dial.buffer;
newstr = (mung.length == 0) ?
NULL : base64_encode_data_blob(mung);
DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
if (STRING_CHANGED_NC(old_string,newstr))
pdb_set_munged_dial(to , newstr, PDB_CHANGED);
SAFE_FREE(newstr);
}
if (from->fields_present & ACCT_RID) {
if (from->user_rid == 0) {
DEBUG(10, ("INFO_21: Asked to set User RID to 0 !? Skipping change!\n"));
} else if (from->user_rid != pdb_get_user_rid(to)) {
DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
}
}
if (from->fields_present & ACCT_PRIMARY_GID) {
if (from->group_rid == 0) {
DEBUG(10, ("INFO_21: Asked to set Group RID to 0 !? Skipping change!\n"));
} else if (from->group_rid != pdb_get_group_rid(to)) {
DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
}
}
if (from->fields_present & ACCT_FLAGS) {
DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
if (from->acb_info != pdb_get_acct_ctrl(to)) {
if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
/* We're unlocking a previously locked user. Reset bad password counts.
Patch from Jianliang Lu. <*****@*****.**> */
pdb_set_bad_password_count(to, 0, PDB_CHANGED);
pdb_set_bad_password_time(to, 0, PDB_CHANGED);
}
pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
}
}
if (from->fields_present & ACCT_LOGON_HOURS) {
DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
if (from->logon_divs != pdb_get_logon_divs(to)) {
pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
}
DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
if (from->logon_hrs.len != pdb_get_hours_len(to)) {
pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
}
DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
/* Fix me: only update if it changes --metze */
pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
/* This is max logon hours */
DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
if (from->unknown_6 != pdb_get_unknown_6(to)) {
pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
}
}
if (from->fields_present & ACCT_BAD_PWD_COUNT) {
DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
if (from->bad_password_count != pdb_get_bad_password_count(to)) {
pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
}
}
if (from->fields_present & ACCT_NUM_LOGONS) {
DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
if (from->logon_count != pdb_get_logon_count(to)) {
pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
}
}
DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
}
DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
DEBUG(10,("INFO_21 PADDING_4: %08X\n",from->padding4));
}
