/******************************************************************* Store the LDAP admin password in secrets.tdb ******************************************************************/ static BOOL store_ldap_admin_pw (char* pw) { if (!pw) return False; if (!secrets_init()) return False; return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw); }
/******************************************************************* Store the LDAP admin password in secrets.tdb ******************************************************************/ static bool store_ldap_admin_pw (char* pw) { if (!pw) return False; if (!secrets_init()) return False; return secrets_store_ldap_pw(lp_ldap_admin_dn(talloc_tos()), pw); }
bool fetch_ldap_pw(char **dn, char** pw) { char *key = NULL; size_t size = 0; *dn = smb_xstrdup(lp_ldap_admin_dn()); if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { SAFE_FREE(*dn); DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n")); return false; } *pw=(char *)secrets_fetch(key, &size); SAFE_FREE(key); if (!size) { /* Upgrade 2.2 style entry */ char *p; char* old_style_key = SMB_STRDUP(*dn); char *data; fstring old_style_pw; if (!old_style_key) { DEBUG(0, ("fetch_ldap_pw: strdup failed!\n")); return False; } for (p=old_style_key; *p; p++) if (*p == ',') *p = '/'; data=(char *)secrets_fetch(old_style_key, &size); if ((data == NULL) || (size < sizeof(old_style_pw))) { DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); SAFE_FREE(old_style_key); SAFE_FREE(*dn); SAFE_FREE(data); return False; } size = MIN(size, sizeof(fstring)-1); strncpy(old_style_pw, data, size); old_style_pw[size] = 0; SAFE_FREE(data); if (!secrets_store_ldap_pw(*dn, old_style_pw)) { DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); SAFE_FREE(old_style_key); SAFE_FREE(*dn); return False; } if (!secrets_delete(old_style_key)) { DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); } SAFE_FREE(old_style_key); *pw = smb_xstrdup(old_style_pw); } return True; }
static int process_root(int local_flags) { struct passwd *pwd; int result = 0; char *old_passwd = NULL; if (local_flags & LOCAL_SET_LDAP_ADMIN_PW) { char *ldap_admin_dn = lp_ldap_admin_dn(); if ( ! *ldap_admin_dn ) { DEBUG(0,("ERROR: 'ldap admin dn' not defined! Please check your smb.conf\n")); goto done; } printf("Setting stored password for \"%s\" in secrets.tdb\n", ldap_admin_dn); if ( ! *ldap_secret ) { new_passwd = prompt_for_new_password(stdin_passwd_get); fstrcpy(ldap_secret, new_passwd); } if (!store_ldap_admin_pw(ldap_secret)) { DEBUG(0,("ERROR: Failed to store the ldap admin password!\n")); } goto done; } /* Ensure passdb startup(). */ if(!initialize_password_db(False)) { DEBUG(0, ("Failed to open passdb!\n")); exit(1); } /* Ensure we have a SAM sid. */ get_global_sam_sid(); /* * Ensure both add/delete user are not set * Ensure add/delete user and either remote machine or join domain are * not both set. */ if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && (remote_machine != NULL))) { usage(); } /* Only load interfaces if we are doing network operations. */ if (remote_machine) { load_interfaces(); } if (!user_name[0] && (pwd = getpwuid_alloc(NULL, geteuid()))) { fstrcpy(user_name, pwd->pw_name); TALLOC_FREE(pwd); } if (!user_name[0]) { fprintf(stderr,"You must specify a username\n"); exit(1); } if (local_flags & LOCAL_TRUST_ACCOUNT) { /* add the $ automatically */ static fstring buf; /* * Remove any trailing '$' before we * generate the initial machine password. */ if (user_name[strlen(user_name)-1] == '$') { user_name[strlen(user_name)-1] = 0; } if (local_flags & LOCAL_ADD_USER) { SAFE_FREE(new_passwd); new_passwd = smb_xstrdup(user_name); strlower_m(new_passwd); } /* * Now ensure the username ends in '$' for * the machine add. */ slprintf(buf, sizeof(buf)-1, "%s$", user_name); fstrcpy(user_name, buf); } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { static fstring buf; if ((local_flags & LOCAL_ADD_USER) && (new_passwd == NULL)) { /* * Prompt for trusting domain's account password */ new_passwd = prompt_for_new_password(stdin_passwd_get); if(!new_passwd) { fprintf(stderr, "Unable to get newpassword.\n"); exit(1); } } /* prepare uppercased and '$' terminated username */ slprintf(buf, sizeof(buf) - 1, "%s$", user_name); fstrcpy(user_name, buf); } else { if (remote_machine != NULL) { old_passwd = get_pass("Old SMB password:"******"talloc fail for struct samu.\n"); exit(1); } if (!pdb_getsampwnam(sampass, user_name)) { fprintf(stderr, "Failed to find user %s in passdb backend.\n", user_name ); exit(1); } if(pdb_get_nt_passwd(sampass) == NULL) { local_flags |= LOCAL_SET_PASSWORD; } TALLOC_FREE(sampass); } } if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) { new_passwd = prompt_for_new_password(stdin_passwd_get); if(!new_passwd) { fprintf(stderr, "Unable to get new password.\n"); exit(1); } } } if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags))) { fprintf(stderr,"Failed to modify password entry for user %s\n", user_name); result = 1; goto done; } if(remote_machine) { printf("Password changed for user %s on %s.\n", user_name, remote_machine ); } else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) { struct samu *sampass = NULL; sampass = samu_new( NULL ); if (!sampass) { fprintf(stderr, "talloc fail for struct samu.\n"); exit(1); } if (!pdb_getsampwnam(sampass, user_name)) { fprintf(stderr, "Failed to find user %s in passdb backend.\n", user_name ); exit(1); } printf("Password changed for user %s.", user_name ); if(pdb_get_acct_ctrl(sampass)&ACB_DISABLED) { printf(" User has disabled flag set."); } if(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) { printf(" User has no password flag set."); } printf("\n"); TALLOC_FREE(sampass); } done: SAFE_FREE(new_passwd); return result; }