BOOL pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value_state flag)
{
DOM_SID u_sid;
const DOM_SID *global_sam_sid;
if (!sampass)
return False;
if (!(global_sam_sid = get_global_sam_sid())) {
DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
return False;
}
sid_copy(&u_sid, global_sam_sid);
if (!sid_append_rid(&u_sid, rid))
return False;
if (!pdb_set_user_sid(sampass, &u_sid, flag))
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
sid_string_static(&u_sid),rid));
return True;
}
bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_value_state flag)
{
struct dom_sid u_sid;
const struct dom_sid *global_sam_sid;
if (!sampass)
return False;
if (!(global_sam_sid = get_global_sam_sid())) {
DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
return False;
}
if (!sid_compose(&u_sid, global_sam_sid, rid)) {
return False;
}
if (!pdb_set_user_sid(sampass, &u_sid, flag))
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
sid_string_dbg(&u_sid),rid));
return True;
}
static NTSTATUS row_to_sam_account ( PGresult *r, long row, SAM_ACCOUNT *u )
{
pstring temp ;
DOM_SID sid ;
if ( row >= PQntuples( r ) ) return NT_STATUS_INVALID_PARAMETER ;
pdb_set_logon_time ( u, PQgetlong ( r, row, 0 ), PDB_SET ) ;
pdb_set_logoff_time ( u, PQgetlong ( r, row, 1 ), PDB_SET ) ;
pdb_set_kickoff_time ( u, PQgetlong ( r, row, 2 ), PDB_SET ) ;
pdb_set_pass_last_set_time ( u, PQgetlong ( r, row, 3 ), PDB_SET ) ;
pdb_set_pass_can_change_time ( u, PQgetlong ( r, row, 4 ), PDB_SET ) ;
pdb_set_pass_must_change_time( u, PQgetlong ( r, row, 5 ), PDB_SET ) ;
pdb_set_username ( u, PQgetvalue( r, row, 6 ), PDB_SET ) ;
pdb_set_domain ( u, PQgetvalue( r, row, 7 ), PDB_SET ) ;
pdb_set_nt_username ( u, PQgetvalue( r, row, 8 ), PDB_SET ) ;
pdb_set_fullname ( u, PQgetvalue( r, row, 9 ), PDB_SET ) ;
pdb_set_homedir ( u, PQgetvalue( r, row, 10 ), PDB_SET ) ;
pdb_set_dir_drive ( u, PQgetvalue( r, row, 11 ), PDB_SET ) ;
pdb_set_logon_script ( u, PQgetvalue( r, row, 12 ), PDB_SET ) ;
pdb_set_profile_path ( u, PQgetvalue( r, row, 13 ), PDB_SET ) ;
pdb_set_acct_desc ( u, PQgetvalue( r, row, 14 ), PDB_SET ) ;
pdb_set_workstations ( u, PQgetvalue( r, row, 15 ), PDB_SET ) ;
pdb_set_unknown_str ( u, PQgetvalue( r, row, 16 ), PDB_SET ) ;
pdb_set_munged_dial ( u, PQgetvalue( r, row, 17 ), PDB_SET ) ;
pdb_set_acct_ctrl ( u, PQgetlong ( r, row, 23 ), PDB_SET ) ;
pdb_set_logon_divs ( u, PQgetlong ( r, row, 24 ), PDB_SET ) ;
pdb_set_hours_len ( u, PQgetlong ( r, row, 25 ), PDB_SET ) ;
pdb_set_bad_password_count ( u, PQgetlong (r, row, 26 ), PDB_SET ) ;
pdb_set_logon_count ( u, PQgetlong ( r, row, 27 ), PDB_SET ) ;
pdb_set_unknown_6 ( u, PQgetlong ( r, row, 28 ), PDB_SET ) ;
if ( !PQgetisnull( r, row, 18 ) ) {
string_to_sid( &sid, PQgetvalue( r, row, 18 ) ) ;
pdb_set_user_sid ( u, &sid, PDB_SET ) ;
}
if ( !PQgetisnull( r, row, 19 ) ) {
string_to_sid( &sid, PQgetvalue( r, row, 19 ) ) ;
pdb_set_group_sid( u, &sid, PDB_SET ) ;
}
if ( pdb_gethexpwd( PQgetvalue( r, row, 20 ), temp ), PDB_SET ) pdb_set_lanman_passwd( u, temp, PDB_SET ) ;
if ( pdb_gethexpwd( PQgetvalue( r, row, 21 ), temp ), PDB_SET ) pdb_set_nt_passwd ( u, temp, PDB_SET ) ;
/* Only use plaintext password storage when lanman and nt are NOT used */
if ( PQgetisnull( r, row, 20 ) || PQgetisnull( r, row, 21 ) ) pdb_set_plaintext_passwd( u, PQgetvalue( r, row, 22 ) ) ;
return NT_STATUS_OK ;
}
bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
{
DOM_SID new_sid;
if (!u_sid)
return False;
DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
u_sid));
if (!string_to_sid(&new_sid, u_sid)) {
DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
return False;
}
if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
return False;
}
return True;
}
static int new_machine(const char *machinename, char *machine_sid)
{
char *err = NULL, *msg = NULL;
struct samu *sam_pwent = NULL;
TALLOC_CTX *tosctx;
NTSTATUS status;
struct dom_sid m_sid;
char *compatpwd;
char *name;
int flags;
int len;
int ret;
len = strlen(machinename);
if (len == 0) {
fprintf(stderr, "No machine name given\n");
return -1;
}
tosctx = talloc_tos();
if (!tosctx) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
if (machine_sid) {
if (get_sid_from_cli_string(&m_sid, machine_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
}
compatpwd = talloc_strdup(tosctx, machinename);
if (!compatpwd) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
if (machinename[len-1] == '$') {
name = talloc_strdup(tosctx, machinename);
compatpwd[len-1] = '\0';
} else {
name = talloc_asprintf(tosctx, "%s$", machinename);
}
if (!name) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
if (!strlower_m(name)) {
fprintf(stderr, "strlower_m %s failed\n", name);
return -1;
}
flags = LOCAL_ADD_USER | LOCAL_TRUST_ACCOUNT | LOCAL_SET_PASSWORD;
status = local_password_change(name, flags, compatpwd, &err, &msg);
if (!NT_STATUS_IS_OK(status)) {
if (err) fprintf(stderr, "%s", err);
ret = -1;
}
sam_pwent = samu_new(tosctx);
if (!sam_pwent) {
fprintf(stderr, "Out of memory!\n");
ret = -1;
goto done;
}
if (!pdb_getsampwnam(sam_pwent, name)) {
fprintf(stderr, "Machine %s not found!\n", name);
ret = -1;
goto done;
}
if (machine_sid)
pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED);
status = pdb_update_sam_account(sam_pwent);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to modify entry for %s.!\n", name);
ret = -1;
goto done;
}
print_user_info(name, True, False);
ret = 0;
done:
SAFE_FREE(err);
SAFE_FREE(msg);
TALLOC_FREE(sam_pwent);
return ret;
}
/*********************************************************
Add New User
**********************************************************/
static int new_user(const char *username, const char *fullname,
const char *homedir, const char *drive,
const char *script, const char *profile,
char *user_sid, bool stdin_get)
{
char *pwd1 = NULL, *pwd2 = NULL;
char *err = NULL, *msg = NULL;
struct samu *sam_pwent = NULL;
TALLOC_CTX *tosctx;
NTSTATUS status;
struct dom_sid u_sid;
int flags;
int ret;
tosctx = talloc_tos();
if (!tosctx) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
if (user_sid) {
if (get_sid_from_cli_string(&u_sid, user_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
}
pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n");
return -1;
}
ret = strcmp(pwd1, pwd2);
if (ret != 0) {
fprintf (stderr, "Passwords do not match!\n");
goto done;
}
flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD;
status = local_password_change(username, flags, pwd1, &err, &msg);
if (!NT_STATUS_IS_OK(status)) {
if (err) fprintf(stderr, "%s", err);
ret = -1;
goto done;
}
sam_pwent = samu_new(tosctx);
if (!sam_pwent) {
fprintf(stderr, "Out of memory!\n");
ret = -1;
goto done;
}
if (!pdb_getsampwnam(sam_pwent, username)) {
fprintf(stderr, "User %s not found!\n", username);
ret = -1;
goto done;
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED);
if (user_sid)
pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED);
status = pdb_update_sam_account(sam_pwent);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to modify entry for user %s.!\n",
username);
ret = -1;
goto done;
}
print_user_info(username, True, False);
ret = 0;
done:
if (pwd1) memset(pwd1, 0, strlen(pwd1));
if (pwd2) memset(pwd2, 0, strlen(pwd2));
SAFE_FREE(pwd1);
SAFE_FREE(pwd2);
SAFE_FREE(err);
SAFE_FREE(msg);
TALLOC_FREE(sam_pwent);
return ret;
}
static int set_machine_info(const char *machinename,
const char *account_control,
const char *machine_sid)
{
struct samu *sam_pwent = NULL;
TALLOC_CTX *tosctx;
uint32_t acb_flags;
uint32_t not_settable;
uint32_t new_flags;
struct dom_sid m_sid;
char *name;
int len;
bool ret;
len = strlen(machinename);
if (len == 0) {
fprintf(stderr, "No machine name given\n");
return -1;
}
tosctx = talloc_tos();
if (!tosctx) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
sam_pwent = samu_new(tosctx);
if (!sam_pwent) {
return 1;
}
if (machinename[len-1] == '$') {
name = talloc_strdup(sam_pwent, machinename);
} else {
name = talloc_asprintf(sam_pwent, "%s$", machinename);
}
if (!name) {
fprintf(stderr, "Out of memory!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (!strlower_m(name)) {
fprintf(stderr, "strlower_m %s failed\n", name);
TALLOC_FREE(sam_pwent);
return -1;
}
ret = pdb_getsampwnam(sam_pwent, name);
if (!ret) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (account_control) {
not_settable = ~(ACB_DISABLED);
new_flags = pdb_decode_acct_ctrl(account_control);
if (new_flags & not_settable) {
fprintf(stderr, "Can only set [D] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
acb_flags = pdb_get_acct_ctrl(sam_pwent);
pdb_set_acct_ctrl(sam_pwent,
(acb_flags & not_settable) | new_flags,
PDB_CHANGED);
}
if (machine_sid) {
if (get_sid_from_cli_string(&m_sid, machine_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
print_user_info(name, True, False);
} else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
static int set_user_info(const char *username, const char *fullname,
const char *homedir, const char *acct_desc,
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *user_domain,
const bool badpw, const bool hours,
const char *kickoff_time)
{
bool updated_autolock = False, updated_badpw = False;
struct samu *sam_pwent;
uint8_t hours_array[MAX_HOURS_LEN];
uint32_t hours_len;
uint32_t acb_flags;
uint32_t not_settable;
uint32_t new_flags;
struct dom_sid u_sid;
bool ret;
sam_pwent = samu_new(NULL);
if (!sam_pwent) {
return 1;
}
ret = pdb_getsampwnam(sam_pwent, username);
if (!ret) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (hours) {
hours_len = pdb_get_hours_len(sam_pwent);
memset(hours_array, 0xff, hours_len);
pdb_set_hours(sam_pwent, hours_array, hours_len, PDB_CHANGED);
}
if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
DEBUG(2,("pdb_update_autolock_flag failed.\n"));
}
if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
DEBUG(2,("pdb_update_bad_password_count failed.\n"));
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (acct_desc)
pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_domain)
pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
if (account_control) {
not_settable = ~(ACB_DISABLED | ACB_HOMDIRREQ |
ACB_PWNOTREQ | ACB_PWNOEXP | ACB_AUTOLOCK);
new_flags = pdb_decode_acct_ctrl(account_control);
if (new_flags & not_settable) {
fprintf(stderr, "Can only set [NDHLX] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
acb_flags = pdb_get_acct_ctrl(sam_pwent);
pdb_set_acct_ctrl(sam_pwent,
(acb_flags & not_settable) | new_flags,
PDB_CHANGED);
}
if (user_sid) {
if (get_sid_from_cli_string(&u_sid, user_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED);
}
if (badpw) {
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
if (kickoff_time) {
char *endptr;
time_t value = get_time_t_max();
if (strcmp(kickoff_time, "never") != 0) {
uint32_t num = strtoul(kickoff_time, &endptr, 10);
if ((endptr == kickoff_time) || (endptr[0] != '\0')) {
fprintf(stderr, "Failed to parse kickoff time\n");
return -1;
}
value = convert_uint32_t_to_time_t(num);
}
pdb_set_kickoff_time(sam_pwent, value, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) {
print_user_info(username, True, False);
} else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
char *unix_username,
struct passwd *pwd)
{
NTSTATUS status;
struct samu *sampass = NULL;
char *qualified_name = NULL;
TALLOC_CTX *mem_ctx = NULL;
struct dom_sid u_sid;
enum lsa_SidType type;
struct auth_serversupplied_info *result;
/*
* The SID returned in server_info->sam_account is based
* on our SAM sid even though for a pure UNIX account this should
* not be the case as it doesn't really exist in the SAM db.
* This causes lookups on "[in]valid users" to fail as they
* will lookup this name as a "Unix User" SID to check against
* the user token. Fix this by adding the "Unix User"\unix_username
* SID to the sid array. The correct fix should probably be
* changing the server_info->sam_account user SID to be a
* S-1-22 Unix SID, but this might break old configs where
* plaintext passwords were used with no SAM backend.
*/
mem_ctx = talloc_init("make_server_info_pw_tmp");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
unix_users_domain_name(),
unix_username );
if (!qualified_name) {
TALLOC_FREE(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
NULL, NULL,
&u_sid, &type)) {
TALLOC_FREE(mem_ctx);
return NT_STATUS_NO_SUCH_USER;
}
TALLOC_FREE(mem_ctx);
if (type != SID_NAME_USER) {
return NT_STATUS_NO_SUCH_USER;
}
if ( !(sampass = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
}
status = samu_set_unix( sampass, pwd );
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* In pathological cases the above call can set the account
* name to the DOMAIN\username form. Reset the account name
* using unix_username */
pdb_set_username(sampass, unix_username, PDB_SET);
/* set the user sid to be the calculated u_sid */
pdb_set_user_sid(sampass, &u_sid, PDB_SET);
result = make_server_info(NULL);
if (result == NULL) {
TALLOC_FREE(sampass);
return NT_STATUS_NO_MEMORY;
}
status = samu_to_SamInfo3(result, sampass, global_myname(),
&result->info3, &result->extra);
TALLOC_FREE(sampass);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("Failed to convert samu to info3: %s\n",
nt_errstr(status)));
TALLOC_FREE(result);
return status;
}
result->unix_name = talloc_strdup(result, unix_username);
result->sanitized_username = sanitize_username(result, unix_username);
if ((result->unix_name == NULL)
|| (result->sanitized_username == NULL)) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
}
result->utok.uid = pwd->pw_uid;
result->utok.gid = pwd->pw_gid;
*server_info = result;
return NT_STATUS_OK;
}
/*********************************************************
Add New User
**********************************************************/
static int new_user (struct pdb_methods *in, const char *username,
const char *fullname, const char *homedir,
const char *drive, const char *script,
const char *profile, char *user_sid, BOOL stdin_get)
{
struct samu *sam_pwent;
char *password1, *password2;
int rc_pwd_cmp;
struct passwd *pwd;
get_global_sam_sid();
if ( !(pwd = getpwnam_alloc( NULL, username )) ) {
DEBUG(0,("Cannot locate Unix account for %s\n", username));
return -1;
}
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
DEBUG(0, ("Memory allocation failure!\n"));
return -1;
}
if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) {
TALLOC_FREE( sam_pwent );
TALLOC_FREE( pwd );
DEBUG(0, ("could not create account to add new user %s\n", username));
return -1;
}
password1 = get_pass( "new password:"******"retype new password:"******"Passwords do not match!\n");
TALLOC_FREE(sam_pwent);
} else {
pdb_set_plaintext_passwd(sam_pwent, password1);
}
memset(password1, 0, strlen(password1));
SAFE_FREE(password1);
memset(password2, 0, strlen(password2));
SAFE_FREE(password2);
/* pwds do _not_ match? */
if (rc_pwd_cmp)
return -1;
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
print_user_info (in, username, True, False);
} else {
fprintf (stderr, "Unable to add user! (does it already exist?)\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
static int set_user_info (struct pdb_methods *in, const char *username,
const char *fullname, const char *homedir,
const char *acct_desc,
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *user_domain,
const BOOL badpw, const BOOL hours)
{
BOOL updated_autolock = False, updated_badpw = False;
struct samu *sam_pwent=NULL;
BOOL ret;
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
return 1;
}
ret = NT_STATUS_IS_OK(in->getsampwnam (in, sam_pwent, username));
if (ret==False) {
fprintf (stderr, "Username not found!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
if (hours) {
uint8 hours_array[MAX_HOURS_LEN];
uint32 hours_len;
hours_len = pdb_get_hours_len(sam_pwent);
memset(hours_array, 0xff, hours_len);
pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED);
}
if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
DEBUG(2,("pdb_update_autolock_flag failed.\n"));
}
if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
DEBUG(2,("pdb_update_bad_password_count failed.\n"));
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (acct_desc)
pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_domain)
pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED);
if (account_control) {
uint32 not_settable = ~(ACB_DISABLED|ACB_HOMDIRREQ|ACB_PWNOTREQ|
ACB_PWNOEXP|ACB_AUTOLOCK);
uint32 newflag = pdb_decode_acct_ctrl(account_control);
if (newflag & not_settable) {
fprintf(stderr, "Can only set [NDHLX] flags\n");
TALLOC_FREE(sam_pwent);
return -1;
}
pdb_set_acct_ctrl(sam_pwent,
(pdb_get_acct_ctrl(sam_pwent) & not_settable) | newflag,
PDB_CHANGED);
}
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
if (badpw) {
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
if (NT_STATUS_IS_OK(in->update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
else {
fprintf (stderr, "Unable to modify entry!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
