void copy_id20_to_sam_passwd(struct samu *to, struct samr_UserInfo20 *from) { const char *old_string; char *new_string; DATA_BLOB mung; if (from == NULL || to == NULL) { return; } if (from->parameters.array) { old_string = pdb_get_munged_dial(to); mung = data_blob_const(from->parameters.array, from->parameters.length); new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); DEBUG(10,("INFO_20 PARAMETERS: %s -> %s\n", old_string, new_string)); if (STRING_CHANGED_NC(old_string,new_string)) { pdb_set_munged_dial(to, new_string, PDB_CHANGED); } TALLOC_FREE(new_string); } }
static NTSTATUS row_to_sam_account ( PGresult *r, long row, SAM_ACCOUNT *u ) { pstring temp ; DOM_SID sid ; if ( row >= PQntuples( r ) ) return NT_STATUS_INVALID_PARAMETER ; pdb_set_logon_time ( u, PQgetlong ( r, row, 0 ), PDB_SET ) ; pdb_set_logoff_time ( u, PQgetlong ( r, row, 1 ), PDB_SET ) ; pdb_set_kickoff_time ( u, PQgetlong ( r, row, 2 ), PDB_SET ) ; pdb_set_pass_last_set_time ( u, PQgetlong ( r, row, 3 ), PDB_SET ) ; pdb_set_pass_can_change_time ( u, PQgetlong ( r, row, 4 ), PDB_SET ) ; pdb_set_pass_must_change_time( u, PQgetlong ( r, row, 5 ), PDB_SET ) ; pdb_set_username ( u, PQgetvalue( r, row, 6 ), PDB_SET ) ; pdb_set_domain ( u, PQgetvalue( r, row, 7 ), PDB_SET ) ; pdb_set_nt_username ( u, PQgetvalue( r, row, 8 ), PDB_SET ) ; pdb_set_fullname ( u, PQgetvalue( r, row, 9 ), PDB_SET ) ; pdb_set_homedir ( u, PQgetvalue( r, row, 10 ), PDB_SET ) ; pdb_set_dir_drive ( u, PQgetvalue( r, row, 11 ), PDB_SET ) ; pdb_set_logon_script ( u, PQgetvalue( r, row, 12 ), PDB_SET ) ; pdb_set_profile_path ( u, PQgetvalue( r, row, 13 ), PDB_SET ) ; pdb_set_acct_desc ( u, PQgetvalue( r, row, 14 ), PDB_SET ) ; pdb_set_workstations ( u, PQgetvalue( r, row, 15 ), PDB_SET ) ; pdb_set_unknown_str ( u, PQgetvalue( r, row, 16 ), PDB_SET ) ; pdb_set_munged_dial ( u, PQgetvalue( r, row, 17 ), PDB_SET ) ; pdb_set_acct_ctrl ( u, PQgetlong ( r, row, 23 ), PDB_SET ) ; pdb_set_logon_divs ( u, PQgetlong ( r, row, 24 ), PDB_SET ) ; pdb_set_hours_len ( u, PQgetlong ( r, row, 25 ), PDB_SET ) ; pdb_set_bad_password_count ( u, PQgetlong (r, row, 26 ), PDB_SET ) ; pdb_set_logon_count ( u, PQgetlong ( r, row, 27 ), PDB_SET ) ; pdb_set_unknown_6 ( u, PQgetlong ( r, row, 28 ), PDB_SET ) ; if ( !PQgetisnull( r, row, 18 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 18 ) ) ; pdb_set_user_sid ( u, &sid, PDB_SET ) ; } if ( !PQgetisnull( r, row, 19 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 19 ) ) ; pdb_set_group_sid( u, &sid, PDB_SET ) ; } if ( pdb_gethexpwd( PQgetvalue( r, row, 20 ), temp ), PDB_SET ) pdb_set_lanman_passwd( u, temp, PDB_SET ) ; if ( pdb_gethexpwd( PQgetvalue( r, row, 21 ), temp ), PDB_SET ) pdb_set_nt_passwd ( u, temp, PDB_SET ) ; /* Only use plaintext password storage when lanman and nt are NOT used */ if ( PQgetisnull( r, row, 20 ) || PQgetisnull( r, row, 21 ) ) pdb_set_plaintext_passwd( u, PQgetvalue( r, row, 22 ) ) ; return NT_STATUS_OK ; }
void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from) { const char *old_string; char *new_string; DATA_BLOB mung; if (from == NULL || to == NULL) return; if (from->hdr_munged_dial.buffer) { old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED_NC(old_string,new_string)) pdb_set_munged_dial(to , new_string, PDB_CHANGED); SAFE_FREE(new_string); } }
/************************************************************************ makes a struct sam_passwd from a NIS+ object. ************************************************************************/ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, nis_object *obj) { char *ptr; pstring full_name; /* this must be translated to dos code page */ pstring acct_desc; /* this must be translated to dos code page */ pstring home_dir; /* set default value from smb.conf for user */ pstring home_drive; /* set default value from smb.conf for user */ pstring logon_script; /* set default value from smb.conf for user */ pstring profile_path; /* set default value from smb.conf for user */ pstring hours; int hours_len; unsigned char smbpwd[16]; unsigned char smbntpwd[16]; /* * time values. note: this code assumes 32bit time_t! */ pdb_set_logon_time(pw_buf, (time_t)0); ptr = ENTRY_VAL(obj, NPF_LOGON_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "LNT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_logon_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } pdb_set_logoff_time(pw_buf, get_time_t_max()); ptr = ENTRY_VAL(obj, NPF_LOGOFF_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "LOT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_logoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } pdb_set_kickoff_time(pw_buf, get_time_t_max()); ptr = ENTRY_VAL(obj, NPF_KICK_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "KOT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_kickoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } pdb_set_pass_last_set_time(pw_buf, (time_t)0); ptr = ENTRY_VAL(obj, NPF_PWDLSET_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "LCT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_pass_last_set_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } pdb_set_pass_can_change_time(pw_buf, (time_t)0); ptr = ENTRY_VAL(obj, NPF_PWDCCHG_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "CCT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_pass_can_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } pdb_set_pass_must_change_time(pw_buf, get_time_t_max()); /* Password never expires. */ ptr = ENTRY_VAL(obj, NPF_PWDMCHG_T); if(ptr && *ptr && (StrnCaseCmp(ptr, "MCT-", 4)==0)) { int i; ptr += 4; for(i = 0; i < 8; i++) { if(ptr[i] == '\0' || !isxdigit(ptr[i])) break; } if(i == 8) { pdb_set_pass_must_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16)); } } /* string values */ pdb_set_username(pw_buf, ENTRY_VAL(obj, NPF_NAME)); pdb_set_domain(pw_buf, lp_workgroup()); /* pdb_set_nt_username() -- cant set it here... */ get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring)); unix_to_dos(full_name); pdb_set_fullname(pw_buf, full_name); pdb_set_acct_ctrl(pw_buf, pdb_decode_acct_ctrl(ENTRY_VAL(obj, NPF_ACB))); get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring)); unix_to_dos(acct_desc); pdb_set_acct_desc(pw_buf, acct_desc); pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS)); pdb_set_munged_dial(pw_buf, NULL); /* Might want to consult sys_getpwnam for the following two. for now, use same default as pdb_fill-default_sam */ ptr = ENTRY_VAL(obj, NPF_UID); pdb_set_uid(pw_buf, ptr ? atoi(ptr) : -1); ptr = ENTRY_VAL(obj, NPF_SMB_GRPID); pdb_set_gid(pw_buf, ptr ? atoi(ptr) : -1); ptr = ENTRY_VAL(obj, NPF_USER_RID); pdb_set_user_rid(pw_buf, ptr ? atoi(ptr) : pdb_uid_to_user_rid(pdb_get_uid(pw_buf))); ptr = ENTRY_VAL(obj, NPF_GROUP_RID); pdb_set_group_rid(pw_buf, ptr ? atoi(ptr) : pdb_gid_to_group_rid(pdb_get_gid(pw_buf))); /* values, must exist for user */ if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { /* FIXME!! This doesn't belong here. Should be set in net_sam_logon() --jerry */ pstrcpy(samlogon_user, pdb_get_username(pw_buf)); get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); if( !(home_dir && *home_dir) ) { pstrcpy(home_dir, lp_logon_home()); pdb_set_homedir(pw_buf, home_dir, False); } else pdb_set_homedir(pw_buf, home_dir, True); get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring)); if( !(home_drive && *home_drive) ) { pstrcpy(home_drive, lp_logon_drive()); pdb_set_dir_drive(pw_buf, home_drive, False); } else pdb_set_dir_drive(pw_buf, home_drive, True); get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script, sizeof(pstring)); if( !(logon_script && *logon_script) ) { pstrcpy(logon_script, lp_logon_script()); pdb_set_logon_script(pw_buf, logon_script, False); } else pdb_set_logon_script(pw_buf, logon_script, True); get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring)); if( !(profile_path && *profile_path) ) { pstrcpy(profile_path, lp_logon_path()); pdb_set_profile_path(pw_buf, profile_path, False); } else pdb_set_profile_path(pw_buf, profile_path, True); } else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); } /* Check the lanman password column. */ ptr = ENTRY_VAL(obj, NPF_LMPWD); if (!pdb_set_lanman_passwd(pw_buf, NULL)) return False; if (!strncasecmp(ptr, "NO PASSWORD", 11)) { pdb_set_acct_ctrl(pw_buf, pdb_get_acct_ctrl(pw_buf) | ACB_PWNOTREQ); } else { if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbpwd)) { DEBUG(0, ("malformed LM pwd entry: %s.\n", pdb_get_username(pw_buf))); return False; } if (!pdb_set_lanman_passwd(pw_buf, smbpwd)) return False; } /* Check the NT password column. */ ptr = ENTRY_VAL(obj, NPF_NTPWD); if (!pdb_set_nt_passwd(pw_buf, NULL)) return False; if (!(pdb_get_acct_ctrl(pw_buf) & ACB_PWNOTREQ) && strncasecmp(ptr, "NO PASSWORD", 11)) { if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbntpwd)) { DEBUG(0, ("malformed NT pwd entry:\ uid = %d.\n", pdb_get_uid(pw_buf))); return False; } if (!pdb_set_nt_passwd(pw_buf, smbntpwd)) return False; }
void copy_id21_to_sam_passwd(const char *log_prefix, struct samu *to, struct samr_UserInfo21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; const char *l; if (from == NULL || to == NULL) { return; } if (log_prefix) { l = log_prefix; } else { l = "INFO_21"; } if (from->fields_present & SAMR_FIELD_LAST_LOGON) { unix_time = nt_time_to_unix(from->last_logon); stored_time = pdb_get_logon_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logon_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) { unix_time = nt_time_to_unix(from->last_logoff); stored_time = pdb_get_logoff_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) { unix_time = nt_time_to_unix(from->acct_expiry); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { unix_time = nt_time_to_unix(from->last_password_change); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) && (from->account_name.string)) { old_string = pdb_get_username(to); new_string = from->account_name.string; DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_username(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_FULL_NAME) && (from->full_name.string)) { old_string = pdb_get_fullname(to); new_string = from->full_name.string; DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_fullname(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) && (from->home_directory.string)) { old_string = pdb_get_homedir(to); new_string = from->home_directory.string; DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_homedir(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) && (from->home_drive.string)) { old_string = pdb_get_dir_drive(to); new_string = from->home_drive.string; DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_dir_drive(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) && (from->logon_script.string)) { old_string = pdb_get_logon_script(to); new_string = from->logon_script.string; DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_logon_script(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) && (from->profile_path.string)) { old_string = pdb_get_profile_path(to); new_string = from->profile_path.string; DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_profile_path(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_DESCRIPTION) && (from->description.string)) { old_string = pdb_get_acct_desc(to); new_string = from->description.string; DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_acct_desc(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) && (from->workstations.string)) { old_string = pdb_get_workstations(to); new_string = from->workstations.string; DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_workstations(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_COMMENT) && (from->comment.string)) { old_string = pdb_get_comment(to); new_string = from->comment.string; DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_comment(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PARAMETERS) && (from->parameters.array)) { char *newstr; DATA_BLOB mung; old_string = pdb_get_munged_dial(to); mung = data_blob_const(from->parameters.array, from->parameters.length); newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l, old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) { pdb_set_munged_dial(to, newstr, PDB_CHANGED); } TALLOC_FREE(newstr); } if (from->fields_present & SAMR_FIELD_RID) { if (from->rid == 0) { DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l)); } else if (from->rid != pdb_get_user_rid(to)) { DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l, pdb_get_user_rid(to), from->rid)); } } if (from->fields_present & SAMR_FIELD_PRIMARY_GID) { if (from->primary_gid == 0) { DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l)); } else if (from->primary_gid != pdb_get_group_rid(to)) { DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l, pdb_get_group_rid(to), from->primary_gid)); pdb_set_group_sid_from_rid(to, from->primary_gid, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) { DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l, pdb_get_acct_ctrl(to), from->acct_flags)); if (from->acct_flags != pdb_get_acct_ctrl(to)) { /* You cannot autolock an unlocked account via * setuserinfo calls, so make sure to remove the * ACB_AUTOLOCK bit here - gd */ if ((from->acct_flags & ACB_AUTOLOCK) && !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { from->acct_flags &= ~ACB_AUTOLOCK; } if (!(from->acct_flags & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LOGON_HOURS) { char oldstr[44]; /* hours strings are 42 bytes. */ char newstr[44]; DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l, pdb_get_logon_divs(to), from->logon_hours.units_per_week)); if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_hours.units_per_week, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l, pdb_get_hours_len(to), from->logon_hours.units_per_week/8)); if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hours.units_per_week/8, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l, pdb_get_hours(to), from->logon_hours.bits)); pdb_sethexhours(oldstr, pdb_get_hours(to)); pdb_sethexhours(newstr, from->logon_hours.bits); if (!strequal(oldstr, newstr)) { pdb_set_hours(to, from->logon_hours.bits, from->logon_hours.units_per_week/8, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_BAD_PWD_COUNT) { DEBUG(10,("%s SAMR_FIELD_BAD_PWD_COUNT: %08X -> %08X\n", l, pdb_get_bad_password_count(to), from->bad_password_count)); if (from->bad_password_count != pdb_get_bad_password_count(to)) { pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_NUM_LOGONS) { DEBUG(10,("%s SAMR_FIELD_NUM_LOGONS: %08X -> %08X\n", l, pdb_get_logon_count(to), from->logon_count)); if (from->logon_count != pdb_get_logon_count(to)) { pdb_set_logon_count(to, from->logon_count, PDB_CHANGED); } } /* If the must change flag is set, the last set time goes to zero. the must change and can change fields also do, but they are calculated from policy, not set from the wire */ if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) { DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l, from->password_expired)); if (from->password_expired != 0) { /* Only allow the set_time to zero (which means "User Must Change Password on Next Login" if the user object allows password change. */ if (pdb_get_pass_can_change(to)) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { DEBUG(10,("%s Disallowing set of 'User Must " "Change Password on Next Login' as " "user object disallows this.\n", l)); } } else { /* A subtlety here: some windows commands will clear the expired flag even though it's not set, and we don't want to reset the time in these caess. "net user /dom <user> /active:y" for example, to clear an autolocked acct. We must check to see if it's expired first. jmcd */ uint32_t pwd_max_age = 0; time_t now = time(NULL); pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age); if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) { pwd_max_age = get_time_t_max(); } stored_time = pdb_get_pass_last_set_time(to); /* we will only *set* a pwdlastset date when a) the last pwdlastset time was 0 (user was forced to change password). b) the users password has not expired. gd. */ if ((stored_time == 0) || ((now - stored_time) > pwd_max_age)) { pdb_set_pass_last_set_time(to, now, PDB_CHANGED); } } } if (from->fields_present & SAMR_FIELD_COUNTRY_CODE) { DEBUG(10,("%s SAMR_FIELD_COUNTRY_CODE: %08X -> %08X\n", l, pdb_get_country_code(to), from->country_code)); if (from->country_code != pdb_get_country_code(to)) { pdb_set_country_code(to, from->country_code, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_CODE_PAGE) { DEBUG(10,("%s SAMR_FIELD_CODE_PAGE: %08X -> %08X\n", l, pdb_get_code_page(to), from->code_page)); if (from->code_page != pdb_get_code_page(to)) { pdb_set_code_page(to, from->code_page, PDB_CHANGED); } } }
void copy_id21_to_sam_passwd(const char *log_prefix, struct samu *to, struct samr_UserInfo21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; const char *l; if (from == NULL || to == NULL) { return; } if (log_prefix) { l = log_prefix; } else { l = "INFO_21"; } if (from->fields_present & SAMR_FIELD_LAST_LOGON) { unix_time = nt_time_to_unix(from->last_logon); stored_time = pdb_get_logon_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logon_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) { unix_time = nt_time_to_unix(from->last_logoff); stored_time = pdb_get_logoff_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) { unix_time = nt_time_to_unix(from->acct_expiry); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { unix_time = nt_time_to_unix(from->last_password_change); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l, (long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) { pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) && (from->account_name.string)) { old_string = pdb_get_username(to); new_string = from->account_name.string; DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_username(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_FULL_NAME) && (from->full_name.string)) { old_string = pdb_get_fullname(to); new_string = from->full_name.string; DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_fullname(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) && (from->home_directory.string)) { old_string = pdb_get_homedir(to); new_string = from->home_directory.string; DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_homedir(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) && (from->home_drive.string)) { old_string = pdb_get_dir_drive(to); new_string = from->home_drive.string; DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_dir_drive(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) && (from->logon_script.string)) { old_string = pdb_get_logon_script(to); new_string = from->logon_script.string; DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_logon_script(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) && (from->profile_path.string)) { old_string = pdb_get_profile_path(to); new_string = from->profile_path.string; DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_profile_path(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_DESCRIPTION) && (from->description.string)) { old_string = pdb_get_acct_desc(to); new_string = from->description.string; DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_acct_desc(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) && (from->workstations.string)) { old_string = pdb_get_workstations(to); new_string = from->workstations.string; DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_workstations(to , new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_COMMENT) && (from->comment.string)) { old_string = pdb_get_comment(to); new_string = from->comment.string; DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l, old_string, new_string)); if (STRING_CHANGED) { pdb_set_comment(to, new_string, PDB_CHANGED); } } if ((from->fields_present & SAMR_FIELD_PARAMETERS) && (from->parameters.array)) { char *newstr; DATA_BLOB mung; old_string = pdb_get_munged_dial(to); mung = data_blob_const(from->parameters.array, from->parameters.length); newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l, old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) { pdb_set_munged_dial(to, newstr, PDB_CHANGED); } TALLOC_FREE(newstr); } if (from->fields_present & SAMR_FIELD_RID) { if (from->rid == 0) { DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l)); } else if (from->rid != pdb_get_user_rid(to)) { DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l, pdb_get_user_rid(to), from->rid)); } } if (from->fields_present & SAMR_FIELD_PRIMARY_GID) { if (from->primary_gid == 0) { DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l)); } else if (from->primary_gid != pdb_get_group_rid(to)) { DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l, pdb_get_group_rid(to), from->primary_gid)); pdb_set_group_sid_from_rid(to, from->primary_gid, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) { DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l, pdb_get_acct_ctrl(to), from->acct_flags)); if (from->acct_flags != pdb_get_acct_ctrl(to)) { /* You cannot autolock an unlocked account via * setuserinfo calls, so make sure to remove the * ACB_AUTOLOCK bit here - gd */ if ((from->acct_flags & ACB_AUTOLOCK) && !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { from->acct_flags &= ~ACB_AUTOLOCK; } if (!(from->acct_flags & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED); } } if (from->fields_present & SAMR_FIELD_LOGON_HOURS) { char oldstr[44]; /* hours strings are 42 bytes. */ char newstr[44]; DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l, pdb_get_logon_divs(to), from->logon_hours.units_per_week)); if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_hours.units_per_week, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l, pdb_get_hours_len(to), from->logon_hours.units_per_week/8)); if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hours.units_per_week/8, PDB_CHANGED); } DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l, pdb_get_hours(to), from->logon
void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) { time_t unix_time, stored_time; const char *old_string, *new_string; DATA_BLOB mung; if (from == NULL || to == NULL) return; if (from->fields_present & ACCT_LAST_LOGON) { unix_time=nt_time_to_unix(&from->logon_time); stored_time = pdb_get_logon_time(to); DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_logon_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_LAST_LOGOFF) { unix_time=nt_time_to_unix(&from->logoff_time); stored_time = pdb_get_logoff_time(to); DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_logoff_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_EXPIRY) { unix_time=nt_time_to_unix(&from->kickoff_time); stored_time = pdb_get_kickoff_time(to); DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_can_change_time); stored_time = pdb_get_pass_can_change_time(to); DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_must_change_time); stored_time=pdb_get_pass_must_change_time(to); DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); if (stored_time != unix_time) pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); } if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { old_string = pdb_get_username(to); new_string = unistr2_static(&from->uni_user_name); DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string)); if (STRING_CHANGED) pdb_set_username(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_FULL_NAME) && (from->hdr_full_name.buffer)) { old_string = pdb_get_fullname(to); new_string = unistr2_static(&from->uni_full_name); DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_fullname(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_HOME_DIR) && (from->hdr_home_dir.buffer)) { old_string = pdb_get_homedir(to); new_string = unistr2_static(&from->uni_home_dir); DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_homedir(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_HOME_DRIVE) && (from->hdr_dir_drive.buffer)) { old_string = pdb_get_dir_drive(to); new_string = unistr2_static(&from->uni_dir_drive); DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_dir_drive(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_LOGON_SCRIPT) && (from->hdr_logon_script.buffer)) { old_string = pdb_get_logon_script(to); new_string = unistr2_static(&from->uni_logon_script); DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_logon_script(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_PROFILE) && (from->hdr_profile_path.buffer)) { old_string = pdb_get_profile_path(to); new_string = unistr2_static(&from->uni_profile_path); DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_profile_path(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_DESCRIPTION) && (from->hdr_acct_desc.buffer)) { old_string = pdb_get_acct_desc(to); new_string = unistr2_static(&from->uni_acct_desc); DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string)); if (STRING_CHANGED) pdb_set_acct_desc(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_WORKSTATIONS) && (from->hdr_workstations.buffer)) { old_string = pdb_get_workstations(to); new_string = unistr2_static(&from->uni_workstations); DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_workstations(to , new_string, PDB_CHANGED); } /* is this right? */ if ((from->fields_present & ACCT_ADMIN_DESC) && (from->hdr_unknown_str.buffer)) { old_string = pdb_get_unknown_str(to); new_string = unistr2_static(&from->uni_unknown_str); DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_unknown_str(to , new_string, PDB_CHANGED); } if ((from->fields_present & ACCT_CALLBACK) && (from->hdr_munged_dial.buffer)) { char *newstr; old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); SAFE_FREE(newstr); } if (from->fields_present & ACCT_RID) { if (from->user_rid == 0) { DEBUG(10, ("INFO_21: Asked to set User RID to 0 !? Skipping change!\n")); } else if (from->user_rid != pdb_get_user_rid(to)) { DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid)); } } if (from->fields_present & ACCT_PRIMARY_GID) { if (from->group_rid == 0) { DEBUG(10, ("INFO_21: Asked to set Group RID to 0 !? Skipping change!\n")); } else if (from->group_rid != pdb_get_group_rid(to)) { DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid)); pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED); } } if (from->fields_present & ACCT_FLAGS) { DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info)); if (from->acb_info != pdb_get_acct_ctrl(to)) { if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. Patch from Jianliang Lu. <*****@*****.**> */ pdb_set_bad_password_count(to, 0, PDB_CHANGED); pdb_set_bad_password_time(to, 0, PDB_CHANGED); } pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED); } } if (from->fields_present & ACCT_LOGON_HOURS) { DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs)); if (from->logon_divs != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED); } DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len)); if (from->logon_hrs.len != pdb_get_hours_len(to)) { pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED); } DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours)); /* Fix me: only update if it changes --metze */ pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); /* This is max logon hours */ DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6)); if (from->unknown_6 != pdb_get_unknown_6(to)) { pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED); } } if (from->fields_present & ACCT_BAD_PWD_COUNT) { DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count)); if (from->bad_password_count != pdb_get_bad_password_count(to)) { pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED); } } if (from->fields_present & ACCT_NUM_LOGONS) { DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count)); if (from->logon_count != pdb_get_logon_count(to)) { pdb_set_logon_count(to, from->logon_count, PDB_CHANGED); } } DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_must_change_time(to,0, PDB_CHANGED); } DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); DEBUG(10,("INFO_21 PADDING_4: %08X\n",from->padding4)); }