BOOL pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value_state flag) { DOM_SID u_sid; const DOM_SID *global_sam_sid; if (!sampass) return False; if (!(global_sam_sid = get_global_sam_sid())) { DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); return False; } sid_copy(&u_sid, global_sam_sid); if (!sid_append_rid(&u_sid, rid)) return False; if (!pdb_set_user_sid(sampass, &u_sid, flag)) return False; DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", sid_string_static(&u_sid),rid)); return True; }
bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_value_state flag) { struct dom_sid u_sid; const struct dom_sid *global_sam_sid; if (!sampass) return False; if (!(global_sam_sid = get_global_sam_sid())) { DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); return False; } if (!sid_compose(&u_sid, global_sam_sid, rid)) { return False; } if (!pdb_set_user_sid(sampass, &u_sid, flag)) return False; DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", sid_string_dbg(&u_sid),rid)); return True; }
static NTSTATUS row_to_sam_account ( PGresult *r, long row, SAM_ACCOUNT *u ) { pstring temp ; DOM_SID sid ; if ( row >= PQntuples( r ) ) return NT_STATUS_INVALID_PARAMETER ; pdb_set_logon_time ( u, PQgetlong ( r, row, 0 ), PDB_SET ) ; pdb_set_logoff_time ( u, PQgetlong ( r, row, 1 ), PDB_SET ) ; pdb_set_kickoff_time ( u, PQgetlong ( r, row, 2 ), PDB_SET ) ; pdb_set_pass_last_set_time ( u, PQgetlong ( r, row, 3 ), PDB_SET ) ; pdb_set_pass_can_change_time ( u, PQgetlong ( r, row, 4 ), PDB_SET ) ; pdb_set_pass_must_change_time( u, PQgetlong ( r, row, 5 ), PDB_SET ) ; pdb_set_username ( u, PQgetvalue( r, row, 6 ), PDB_SET ) ; pdb_set_domain ( u, PQgetvalue( r, row, 7 ), PDB_SET ) ; pdb_set_nt_username ( u, PQgetvalue( r, row, 8 ), PDB_SET ) ; pdb_set_fullname ( u, PQgetvalue( r, row, 9 ), PDB_SET ) ; pdb_set_homedir ( u, PQgetvalue( r, row, 10 ), PDB_SET ) ; pdb_set_dir_drive ( u, PQgetvalue( r, row, 11 ), PDB_SET ) ; pdb_set_logon_script ( u, PQgetvalue( r, row, 12 ), PDB_SET ) ; pdb_set_profile_path ( u, PQgetvalue( r, row, 13 ), PDB_SET ) ; pdb_set_acct_desc ( u, PQgetvalue( r, row, 14 ), PDB_SET ) ; pdb_set_workstations ( u, PQgetvalue( r, row, 15 ), PDB_SET ) ; pdb_set_unknown_str ( u, PQgetvalue( r, row, 16 ), PDB_SET ) ; pdb_set_munged_dial ( u, PQgetvalue( r, row, 17 ), PDB_SET ) ; pdb_set_acct_ctrl ( u, PQgetlong ( r, row, 23 ), PDB_SET ) ; pdb_set_logon_divs ( u, PQgetlong ( r, row, 24 ), PDB_SET ) ; pdb_set_hours_len ( u, PQgetlong ( r, row, 25 ), PDB_SET ) ; pdb_set_bad_password_count ( u, PQgetlong (r, row, 26 ), PDB_SET ) ; pdb_set_logon_count ( u, PQgetlong ( r, row, 27 ), PDB_SET ) ; pdb_set_unknown_6 ( u, PQgetlong ( r, row, 28 ), PDB_SET ) ; if ( !PQgetisnull( r, row, 18 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 18 ) ) ; pdb_set_user_sid ( u, &sid, PDB_SET ) ; } if ( !PQgetisnull( r, row, 19 ) ) { string_to_sid( &sid, PQgetvalue( r, row, 19 ) ) ; pdb_set_group_sid( u, &sid, PDB_SET ) ; } if ( pdb_gethexpwd( PQgetvalue( r, row, 20 ), temp ), PDB_SET ) pdb_set_lanman_passwd( u, temp, PDB_SET ) ; if ( pdb_gethexpwd( PQgetvalue( r, row, 21 ), temp ), PDB_SET ) pdb_set_nt_passwd ( u, temp, PDB_SET ) ; /* Only use plaintext password storage when lanman and nt are NOT used */ if ( PQgetisnull( r, row, 20 ) || PQgetisnull( r, row, 21 ) ) pdb_set_plaintext_passwd( u, PQgetvalue( r, row, 22 ) ) ; return NT_STATUS_OK ; }
bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag) { DOM_SID new_sid; if (!u_sid) return False; DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n", u_sid)); if (!string_to_sid(&new_sid, u_sid)) { DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid)); return False; } if (!pdb_set_user_sid(sampass, &new_sid, flag)) { DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid)); return False; } return True; }
static int new_machine(const char *machinename, char *machine_sid) { char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid m_sid; char *compatpwd; char *name; int flags; int len; int ret; len = strlen(machinename); if (len == 0) { fprintf(stderr, "No machine name given\n"); return -1; } tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machine_sid) { if (get_sid_from_cli_string(&m_sid, machine_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } compatpwd = talloc_strdup(tosctx, machinename); if (!compatpwd) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machinename[len-1] == '$') { name = talloc_strdup(tosctx, machinename); compatpwd[len-1] = '\0'; } else { name = talloc_asprintf(tosctx, "%s$", machinename); } if (!name) { fprintf(stderr, "Out of memory!\n"); return -1; } if (!strlower_m(name)) { fprintf(stderr, "strlower_m %s failed\n", name); return -1; } flags = LOCAL_ADD_USER | LOCAL_TRUST_ACCOUNT | LOCAL_SET_PASSWORD; status = local_password_change(name, flags, compatpwd, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, name)) { fprintf(stderr, "Machine %s not found!\n", name); ret = -1; goto done; } if (machine_sid) pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for %s.!\n", name); ret = -1; goto done; } print_user_info(name, True, False); ret = 0; done: SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
/********************************************************* Add New User **********************************************************/ static int new_user(const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, const char *profile, char *user_sid, bool stdin_get) { char *pwd1 = NULL, *pwd2 = NULL; char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid u_sid; int flags; int ret; tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (user_sid) { if (get_sid_from_cli_string(&u_sid, user_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n"); return -1; } ret = strcmp(pwd1, pwd2); if (ret != 0) { fprintf (stderr, "Passwords do not match!\n"); goto done; } flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD; status = local_password_change(username, flags, pwd1, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; goto done; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, username)) { fprintf(stderr, "User %s not found!\n", username); ret = -1; goto done; } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED); if (user_sid) pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for user %s.!\n", username); ret = -1; goto done; } print_user_info(username, True, False); ret = 0; done: if (pwd1) memset(pwd1, 0, strlen(pwd1)); if (pwd2) memset(pwd2, 0, strlen(pwd2)); SAFE_FREE(pwd1); SAFE_FREE(pwd2); SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
static int set_machine_info(const char *machinename, const char *account_control, const char *machine_sid) { struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; uint32_t acb_flags; uint32_t not_settable; uint32_t new_flags; struct dom_sid m_sid; char *name; int len; bool ret; len = strlen(machinename); if (len == 0) { fprintf(stderr, "No machine name given\n"); return -1; } tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { return 1; } if (machinename[len-1] == '$') { name = talloc_strdup(sam_pwent, machinename); } else { name = talloc_asprintf(sam_pwent, "%s$", machinename); } if (!name) { fprintf(stderr, "Out of memory!\n"); TALLOC_FREE(sam_pwent); return -1; } if (!strlower_m(name)) { fprintf(stderr, "strlower_m %s failed\n", name); TALLOC_FREE(sam_pwent); return -1; } ret = pdb_getsampwnam(sam_pwent, name); if (!ret) { fprintf (stderr, "Username not found!\n"); TALLOC_FREE(sam_pwent); return -1; } if (account_control) { not_settable = ~(ACB_DISABLED); new_flags = pdb_decode_acct_ctrl(account_control); if (new_flags & not_settable) { fprintf(stderr, "Can only set [D] flags\n"); TALLOC_FREE(sam_pwent); return -1; } acb_flags = pdb_get_acct_ctrl(sam_pwent); pdb_set_acct_ctrl(sam_pwent, (acb_flags & not_settable) | new_flags, PDB_CHANGED); } if (machine_sid) { if (get_sid_from_cli_string(&m_sid, machine_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED); } if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { print_user_info(name, True, False); } else { fprintf (stderr, "Unable to modify entry!\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
static int set_user_info(const char *username, const char *fullname, const char *homedir, const char *acct_desc, const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *user_domain, const bool badpw, const bool hours, const char *kickoff_time) { bool updated_autolock = False, updated_badpw = False; struct samu *sam_pwent; uint8_t hours_array[MAX_HOURS_LEN]; uint32_t hours_len; uint32_t acb_flags; uint32_t not_settable; uint32_t new_flags; struct dom_sid u_sid; bool ret; sam_pwent = samu_new(NULL); if (!sam_pwent) { return 1; } ret = pdb_getsampwnam(sam_pwent, username); if (!ret) { fprintf (stderr, "Username not found!\n"); TALLOC_FREE(sam_pwent); return -1; } if (hours) { hours_len = pdb_get_hours_len(sam_pwent); memset(hours_array, 0xff, hours_len); pdb_set_hours(sam_pwent, hours_array, hours_len, PDB_CHANGED); } if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) { DEBUG(2,("pdb_update_bad_password_count failed.\n")); } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (acct_desc) pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); if (user_domain) pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED); if (account_control) { not_settable = ~(ACB_DISABLED | ACB_HOMDIRREQ | ACB_PWNOTREQ | ACB_PWNOEXP | ACB_AUTOLOCK); new_flags = pdb_decode_acct_ctrl(account_control); if (new_flags & not_settable) { fprintf(stderr, "Can only set [NDHLX] flags\n"); TALLOC_FREE(sam_pwent); return -1; } acb_flags = pdb_get_acct_ctrl(sam_pwent); pdb_set_acct_ctrl(sam_pwent, (acb_flags & not_settable) | new_flags, PDB_CHANGED); } if (user_sid) { if (get_sid_from_cli_string(&u_sid, user_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED); } if (badpw) { pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED); pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED); } if (kickoff_time) { char *endptr; time_t value = get_time_t_max(); if (strcmp(kickoff_time, "never") != 0) { uint32_t num = strtoul(kickoff_time, &endptr, 10); if ((endptr == kickoff_time) || (endptr[0] != '\0')) { fprintf(stderr, "Failed to parse kickoff time\n"); return -1; } value = convert_uint32_t_to_time_t(num); } pdb_set_kickoff_time(sam_pwent, value, PDB_CHANGED); } if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { print_user_info(username, True, False); } else { fprintf (stderr, "Unable to modify entry!\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, char *unix_username, struct passwd *pwd) { NTSTATUS status; struct samu *sampass = NULL; char *qualified_name = NULL; TALLOC_CTX *mem_ctx = NULL; struct dom_sid u_sid; enum lsa_SidType type; struct auth_serversupplied_info *result; /* * The SID returned in server_info->sam_account is based * on our SAM sid even though for a pure UNIX account this should * not be the case as it doesn't really exist in the SAM db. * This causes lookups on "[in]valid users" to fail as they * will lookup this name as a "Unix User" SID to check against * the user token. Fix this by adding the "Unix User"\unix_username * SID to the sid array. The correct fix should probably be * changing the server_info->sam_account user SID to be a * S-1-22 Unix SID, but this might break old configs where * plaintext passwords were used with no SAM backend. */ mem_ctx = talloc_init("make_server_info_pw_tmp"); if (!mem_ctx) { return NT_STATUS_NO_MEMORY; } qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", unix_users_domain_name(), unix_username ); if (!qualified_name) { TALLOC_FREE(mem_ctx); return NT_STATUS_NO_MEMORY; } if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, NULL, NULL, &u_sid, &type)) { TALLOC_FREE(mem_ctx); return NT_STATUS_NO_SUCH_USER; } TALLOC_FREE(mem_ctx); if (type != SID_NAME_USER) { return NT_STATUS_NO_SUCH_USER; } if ( !(sampass = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; } status = samu_set_unix( sampass, pwd ); if (!NT_STATUS_IS_OK(status)) { return status; } /* In pathological cases the above call can set the account * name to the DOMAIN\username form. Reset the account name * using unix_username */ pdb_set_username(sampass, unix_username, PDB_SET); /* set the user sid to be the calculated u_sid */ pdb_set_user_sid(sampass, &u_sid, PDB_SET); result = make_server_info(NULL); if (result == NULL) { TALLOC_FREE(sampass); return NT_STATUS_NO_MEMORY; } status = samu_to_SamInfo3(result, sampass, global_myname(), &result->info3, &result->extra); TALLOC_FREE(sampass); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("Failed to convert samu to info3: %s\n", nt_errstr(status))); TALLOC_FREE(result); return status; } result->unix_name = talloc_strdup(result, unix_username); result->sanitized_username = sanitize_username(result, unix_username); if ((result->unix_name == NULL) || (result->sanitized_username == NULL)) { TALLOC_FREE(result); return NT_STATUS_NO_MEMORY; } result->utok.uid = pwd->pw_uid; result->utok.gid = pwd->pw_gid; *server_info = result; return NT_STATUS_OK; }
/********************************************************* Add New User **********************************************************/ static int new_user (struct pdb_methods *in, const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, const char *profile, char *user_sid, BOOL stdin_get) { struct samu *sam_pwent; char *password1, *password2; int rc_pwd_cmp; struct passwd *pwd; get_global_sam_sid(); if ( !(pwd = getpwnam_alloc( NULL, username )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", username)); return -1; } if ( (sam_pwent = samu_new( NULL )) == NULL ) { DEBUG(0, ("Memory allocation failure!\n")); return -1; } if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) { TALLOC_FREE( sam_pwent ); TALLOC_FREE( pwd ); DEBUG(0, ("could not create account to add new user %s\n", username)); return -1; } password1 = get_pass( "new password:"******"retype new password:"******"Passwords do not match!\n"); TALLOC_FREE(sam_pwent); } else { pdb_set_plaintext_passwd(sam_pwent, password1); } memset(password1, 0, strlen(password1)); SAFE_FREE(password1); memset(password2, 0, strlen(password2)); SAFE_FREE(password2); /* pwds do _not_ match? */ if (rc_pwd_cmp) return -1; if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); if (user_sid) { DOM_SID u_sid; if (!string_to_sid(&u_sid, user_sid)) { /* not a complete sid, may be a RID, try building a SID */ int u_rid; if (sscanf(user_sid, "%d", &u_rid) != 1) { fprintf(stderr, "Error passed string is not a complete user SID or RID!\n"); TALLOC_FREE(sam_pwent); return -1; } sid_copy(&u_sid, get_global_sam_sid()); sid_append_rid(&u_sid, u_rid); } pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED); } pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED); if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) { print_user_info (in, username, True, False); } else { fprintf (stderr, "Unable to add user! (does it already exist?)\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
static int set_user_info (struct pdb_methods *in, const char *username, const char *fullname, const char *homedir, const char *acct_desc, const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *user_domain, const BOOL badpw, const BOOL hours) { BOOL updated_autolock = False, updated_badpw = False; struct samu *sam_pwent=NULL; BOOL ret; if ( (sam_pwent = samu_new( NULL )) == NULL ) { return 1; } ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username)); if (ret==False) { fprintf (stderr, "Username not found!\n"); TALLOC_FREE(sam_pwent); return -1; } if (hours) { uint8 hours_array[MAX_HOURS_LEN]; uint32 hours_len; hours_len = pdb_get_hours_len(sam_pwent); memset(hours_array, 0xff, hours_len); pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED); } if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) { DEBUG(2,("pdb_update_bad_password_count failed.\n")); } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (acct_desc) pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); if (user_domain) pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED); if (account_control) { uint32 not_settable = ~(ACB_DISABLED|ACB_HOMDIRREQ|ACB_PWNOTREQ| ACB_PWNOEXP|ACB_AUTOLOCK); uint32 newflag = pdb_decode_acct_ctrl(account_control); if (newflag & not_settable) { fprintf(stderr, "Can only set [NDHLX] flags\n"); TALLOC_FREE(sam_pwent); return -1; } pdb_set_acct_ctrl(sam_pwent, (pdb_get_acct_ctrl(sam_pwent) & not_settable) | newflag, PDB_CHANGED); } if (user_sid) { DOM_SID u_sid; if (!string_to_sid(&u_sid, user_sid)) { /* not a complete sid, may be a RID, try building a SID */ int u_rid; if (sscanf(user_sid, "%d", &u_rid) != 1) { fprintf(stderr, "Error passed string is not a complete user SID or RID!\n"); return -1; } sid_copy(&u_sid, get_global_sam_sid()); sid_append_rid(&u_sid, u_rid); } pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED); } if (badpw) { pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED); pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED); } if (NT_STATUS_IS_OK(in->update_sam_account (in, sam_pwent))) print_user_info (in, username, True, False); else { fprintf (stderr, "Unable to modify entry!\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }