static NTSTATUS row_to_sam_account ( PGresult *r, long row, SAM_ACCOUNT *u ) { pstring temp ; DOM_SID sid ; if ( row >= PQntuples( r ) ) return NT_STATUS_INVALID_PARAMETER ; pdb_set_logon_time ( u, PQgetlong ( r, row, 0 ), PDB_SET ) ; pdb_set_logoff_time ( u, PQgetlong ( r, row, 1 ), PDB_SET ) ; pdb_set_kickoff_time ( u, PQgetlong ( r, row, 2 ), PDB_SET ) ; pdb_set_pass_last_set_time ( u, PQgetlong ( r, row, 3 ), PDB_SET ) ; pdb_set_pass_can_change_time ( u, PQgetlong ( r, row, 4 ), PDB_SET ) ; pdb_set_pass_must_change_time( u, PQgetlong ( r, row, 5 ), PDB_SET ) ; pdb_set_username ( u, PQgetvalue( r, row, 6 ), PDB_SET ) ; pdb_set_domain ( u, PQgetvalue( r, row, 7 ), PDB_SET ) ; pdb_set_nt_username ( u, PQgetvalue( r, row, 8 ), PDB_SET ) ; pdb_set_fullname ( u, PQgetvalue( r, row, 9 ), PDB_SET ) ; pdb_set_homedir ( u, PQgetvalue( r, row, 10 ), PDB_SET ) ; pdb_set_dir_drive ( u, PQgetvalue( r, row, 11 ), PDB_SET ) ; pdb_set_logon_script ( u, PQgetvalue( r, row, 12 ), PDB_SET ) ; pdb_set_profile_path ( u, PQgetvalue( r, row, 13 ), PDB_SET ) ; pdb_set_acct_desc ( u, PQgetvalue( r, row, 14 ), PDB_SET ) ; pdb_set_workstations ( u, PQgetvalue( r, row, 15 ), PDB_SET ) ; pdb_set_unknown_str ( u, PQgetvalue( r, row, 16 ), PDB_SET ) ; pdb_set_munged_dial ( u, PQgetvalue( r, row, 17 ), PDB_SET ) ; pdb_set_acct_ctrl ( u, PQgetlong ( r, row, 23 ), PDB_SET ) ; pdb_set_logon_divs ( u, PQgetlong ( r, row, 24 ), PDB_SET ) ; pdb_set_hours_len ( u, PQgetlong ( r, row, 25 ), PDB_SET ) ; pdb_set_bad_password_count ( u, PQgetlong (r, row, 26 ), PDB_SET ) ; pdb_set_logon_count ( u, PQgetlong ( r, row, 27 ), PDB_SET ) ; pdb_set_unknown_6 ( u, PQgetlong ( r, row, 28 ), PDB_SET ) ; if ( !PQgetisnull( r, row, 18 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 18 ) ) ; pdb_set_user_sid ( u, &sid, PDB_SET ) ; } if ( !PQgetisnull( r, row, 19 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 19 ) ) ; pdb_set_group_sid( u, &sid, PDB_SET ) ; } if ( pdb_gethexpwd( PQgetvalue( r, row, 20 ), temp ), PDB_SET ) pdb_set_lanman_passwd( u, temp, PDB_SET ) ; if ( pdb_gethexpwd( PQgetvalue( r, row, 21 ), temp ), PDB_SET ) pdb_set_nt_passwd ( u, temp, PDB_SET ) ; /* Only use plaintext password storage when lanman and nt are NOT used */ if ( PQgetisnull( r, row, 20 ) || PQgetisnull( r, row, 21 ) ) pdb_set_plaintext_passwd( u, PQgetvalue( r, row, 22 ) ) ; return NT_STATUS_OK ; }
/** * update the encrypted smbpasswd file from the plaintext username and password * * this ugly hack needs to die, but not quite yet, I think people still use it... **/ static BOOL update_smbpassword_file(const char *user, const char *password) { struct samu *sampass; BOOL ret; if ( !(sampass = samu_new( NULL )) ) { return False; } become_root(); ret = pdb_getsampwnam(sampass, user); unbecome_root(); if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); TALLOC_FREE(sampass); return False; } /* * Remove the account disabled flag - we are updating the * users password from a login. */ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) { TALLOC_FREE(sampass); return False; } if (!pdb_set_plaintext_passwd (sampass, password)) { TALLOC_FREE(sampass); return False; } /* Now write it into the file. */ become_root(); ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass)); unbecome_root(); if (ret) { DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } TALLOC_FREE(sampass); return ret; }
static int new_machine (struct pdb_methods *in, const char *machine_in) { struct samu *sam_pwent=NULL; fstring machinename; fstring machineaccount; struct passwd *pwd = NULL; get_global_sam_sid(); if (strlen(machine_in) == 0) { fprintf(stderr, "No machine name given\n"); return -1; } fstrcpy(machinename, machine_in); machinename[15]= '\0'; if (machinename[strlen (machinename) -1] == '$') machinename[strlen (machinename) -1] = '\0'; strlower_m(machinename); fstrcpy(machineaccount, machinename); fstrcat(machineaccount, "$"); if ((pwd = getpwnam_alloc(NULL, machineaccount))) { if ( (sam_pwent = samu_new( NULL )) == NULL ) { fprintf(stderr, "Memory allocation error!\n"); TALLOC_FREE(pwd); return -1; } if ( !NT_STATUS_IS_OK(samu_set_unix(sam_pwent, pwd )) ) { fprintf(stderr, "Could not init sam from pw\n"); TALLOC_FREE(pwd); return -1; } TALLOC_FREE(pwd); } else { if ( (sam_pwent = samu_new( NULL )) == NULL ) { fprintf(stderr, "Could not init sam from pw\n"); return -1; } } pdb_set_plaintext_passwd (sam_pwent, machinename); pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED); pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED); if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) { print_user_info (in, machineaccount, True, False); } else { fprintf (stderr, "Unable to add machine! (does it already exist?)\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
/********************************************************* Add New User **********************************************************/ static int new_user (struct pdb_methods *in, const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, const char *profile, char *user_sid, BOOL stdin_get) { struct samu *sam_pwent; char *password1, *password2; int rc_pwd_cmp; struct passwd *pwd; get_global_sam_sid(); if ( !(pwd = getpwnam_alloc( NULL, username )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", username)); return -1; } if ( (sam_pwent = samu_new( NULL )) == NULL ) { DEBUG(0, ("Memory allocation failure!\n")); return -1; } if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) { TALLOC_FREE( sam_pwent ); TALLOC_FREE( pwd ); DEBUG(0, ("could not create account to add new user %s\n", username)); return -1; } password1 = get_pass( "new password:"******"retype new password:"******"Passwords do not match!\n"); TALLOC_FREE(sam_pwent); } else { pdb_set_plaintext_passwd(sam_pwent, password1); } memset(password1, 0, strlen(password1)); SAFE_FREE(password1); memset(password2, 0, strlen(password2)); SAFE_FREE(password2); /* pwds do _not_ match? */ if (rc_pwd_cmp) return -1; if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); if (user_sid) { DOM_SID u_sid; if (!string_to_sid(&u_sid, user_sid)) { /* not a complete sid, may be a RID, try building a SID */ int u_rid; if (sscanf(user_sid, "%d", &u_rid) != 1) { fprintf(stderr, "Error passed string is not a complete user SID or RID!\n"); TALLOC_FREE(sam_pwent); return -1; } sid_copy(&u_sid, get_global_sam_sid()); sid_append_rid(&u_sid, u_rid); } pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED); } pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED); if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) { print_user_info (in, username, True, False); } else { fprintf (stderr, "Unable to add user! (does it already exist?)\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }