/* Helper function for adding a user to the db. */ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, const char *name, struct samu *sampass, bool exist) { char *err_str = NULL; char *msg_str = NULL; const char *pass = NULL; int retval; TALLOC_CTX *frame = talloc_stackframe(); /* Get the authtok; if we don't have one, silently fail. */ retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass ); if (retval != PAM_SUCCESS) { _log_err(pamh, LOG_ALERT , "pam_get_item returned error to pam_sm_authenticate" ); TALLOC_FREE(frame); return PAM_AUTHTOK_RECOVER_ERR; } /* Add the user to the db if they aren't already there. */ if (!exist) { retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, pass, &err_str, &msg_str)); if (!retval && err_str) { make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); } else if (msg_str) { make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); } pass = NULL; SAFE_FREE(err_str); SAFE_FREE(msg_str); TALLOC_FREE(frame); return PAM_IGNORE; } else { /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) { retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD, pass, &err_str, &msg_str)); if (!retval && err_str) { make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); } else if (msg_str) { make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); } } } SAFE_FREE(err_str); SAFE_FREE(msg_str); pass = NULL; TALLOC_FREE(frame); return PAM_IGNORE; }
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new ) { int retval; pstring err_str; pstring msg_str; err_str[0] = '\0'; msg_str[0] = '\0'; retval = local_password_change( user, LOCAL_SET_PASSWORD, pass_new, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); if (!retval) { if (*err_str) { err_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); } /* FIXME: what value is appropriate here? */ retval = PAM_AUTHTOK_ERR; } else { if (*msg_str) { msg_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); } retval = PAM_SUCCESS; } return retval; }
static NTSTATUS password_change(const char *remote_mach, char *username, char *old_passwd, char *new_pw, int local_flags) { NTSTATUS ret; pstring err_str; pstring msg_str; if (remote_mach != NULL) { if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER| LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) { /* these things can't be done remotely yet */ return NT_STATUS_UNSUCCESSFUL; } ret = remote_password_change(remote_mach, username, old_passwd, new_pw, err_str, sizeof(err_str)); if(*err_str) fprintf(stderr, "%s", err_str); return ret; } ret = local_password_change(username, local_flags, new_pw, err_str, sizeof(err_str), msg_str, sizeof(msg_str)); if(*msg_str) printf("%s", msg_str); if(*err_str) fprintf(stderr, "%s", err_str); return ret; }
static NTSTATUS password_change(const char *remote_mach, char *username, char *old_passwd, char *new_pw, int local_flags) { NTSTATUS ret; char *err_str = NULL; char *msg_str = NULL; if (remote_mach != NULL) { if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER| LOCAL_DISABLE_USER|LOCAL_ENABLE_USER| LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) { /* these things can't be done remotely yet */ fprintf(stderr, "Invalid remote operation!\n"); return NT_STATUS_UNSUCCESSFUL; } ret = remote_password_change(remote_mach, username, old_passwd, new_pw, &err_str); } else { ret = local_password_change(username, local_flags, new_pw, &err_str, &msg_str); } if (msg_str) { printf("%s", msg_str); } if (err_str) { fprintf(stderr, "%s", err_str); } if (!NT_STATUS_IS_OK(ret) && !err_str) { fprintf(stderr, "Failed to change password!\n"); } SAFE_FREE(msg_str); SAFE_FREE(err_str); return ret; }
static int new_machine(const char *machinename, char *machine_sid) { char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid m_sid; char *compatpwd; char *name; int flags; int len; int ret; len = strlen(machinename); if (len == 0) { fprintf(stderr, "No machine name given\n"); return -1; } tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machine_sid) { if (get_sid_from_cli_string(&m_sid, machine_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } compatpwd = talloc_strdup(tosctx, machinename); if (!compatpwd) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machinename[len-1] == '$') { name = talloc_strdup(tosctx, machinename); compatpwd[len-1] = '\0'; } else { name = talloc_asprintf(tosctx, "%s$", machinename); } if (!name) { fprintf(stderr, "Out of memory!\n"); return -1; } if (!strlower_m(name)) { fprintf(stderr, "strlower_m %s failed\n", name); return -1; } flags = LOCAL_ADD_USER | LOCAL_TRUST_ACCOUNT | LOCAL_SET_PASSWORD; status = local_password_change(name, flags, compatpwd, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, name)) { fprintf(stderr, "Machine %s not found!\n", name); ret = -1; goto done; } if (machine_sid) pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for %s.!\n", name); ret = -1; goto done; } print_user_info(name, True, False); ret = 0; done: SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
/********************************************************* Add New User **********************************************************/ static int new_user(const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, const char *profile, char *user_sid, bool stdin_get) { char *pwd1 = NULL, *pwd2 = NULL; char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid u_sid; int flags; int ret; tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (user_sid) { if (get_sid_from_cli_string(&u_sid, user_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n"); return -1; } ret = strcmp(pwd1, pwd2); if (ret != 0) { fprintf (stderr, "Passwords do not match!\n"); goto done; } flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD; status = local_password_change(username, flags, pwd1, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; goto done; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, username)) { fprintf(stderr, "User %s not found!\n", username); ret = -1; goto done; } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED); if (user_sid) pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for user %s.!\n", username); ret = -1; goto done; } print_user_info(username, True, False); ret = 0; done: if (pwd1) memset(pwd1, 0, strlen(pwd1)); if (pwd2) memset(pwd2, 0, strlen(pwd2)); SAFE_FREE(pwd1); SAFE_FREE(pwd2); SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
/* Helper function for adding a user to the db. */ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, const char *name, SAM_ACCOUNT *sampass, BOOL exist) { pstring err_str; pstring msg_str; const char *pass = NULL; int retval; err_str[0] = '\0'; msg_str[0] = '\0'; /* Get the authtok; if we don't have one, silently fail. */ retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); if (retval != PAM_SUCCESS) { _log_err( LOG_ALERT , "pam_get_item returned error to pam_sm_authenticate" ); return PAM_AUTHTOK_RECOVER_ERR; } else if (pass == NULL) { return PAM_AUTHTOK_RECOVER_ERR; } /* Add the user to the db if they aren't already there. */ if (!exist) { retval = local_password_change( name, LOCAL_ADD_USER, pass, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); if (!retval && *err_str) { err_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); } else if (*msg_str) { msg_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); } pass = NULL; return PAM_IGNORE; } else { /* Change the user's password IFF it's null. */ if ((pdb_get_lanman_passwd(sampass) == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) { retval = local_password_change( name, 0, pass, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); if (!retval && *err_str) { err_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); } else if (*msg_str) { msg_str[PSTRING_LEN-1] = '\0'; make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); } } } pass = NULL; return PAM_IGNORE; }