00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "includes.h"
00027
00028 #undef DBGC_CLASS
00029 #define DBGC_CLASS DBGC_PASSDB
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039 const char *my_sam_name(void)
00040 {
00041
00042 if ( lp_server_role() == ROLE_STANDALONE )
00043 return global_myname();
00044
00045
00046
00047 return lp_workgroup();
00048 }
00049
00050
00051
00052
00053 static int samu_destroy(struct samu *user)
00054 {
00055 data_blob_clear_free( &user->lm_pw );
00056 data_blob_clear_free( &user->nt_pw );
00057
00058 if ( user->plaintext_pw )
00059 memset( user->plaintext_pw, 0x0, strlen(user->plaintext_pw) );
00060
00061 return 0;
00062 }
00063
00064
00065
00066
00067
00068 struct samu *samu_new( TALLOC_CTX *ctx )
00069 {
00070 struct samu *user;
00071
00072 if ( !(user = TALLOC_ZERO_P( ctx, struct samu )) ) {
00073 DEBUG(0,("samuser_new: Talloc failed!\n"));
00074 return NULL;
00075 }
00076
00077 talloc_set_destructor( user, samu_destroy );
00078
00079
00080
00081 user->methods = NULL;
00082
00083
00084
00085
00086 user->logon_time = (time_t)0;
00087 user->pass_last_set_time = (time_t)0;
00088 user->pass_can_change_time = (time_t)0;
00089 user->logoff_time = get_time_t_max();
00090 user->kickoff_time = get_time_t_max();
00091 user->pass_must_change_time = get_time_t_max();
00092 user->fields_present = 0x00ffffff;
00093 user->logon_divs = 168;
00094 user->hours_len = 21;
00095 memset(user->hours, 0xff, user->hours_len);
00096 user->bad_password_count = 0;
00097 user->logon_count = 0;
00098 user->unknown_6 = 0x000004ec;
00099
00100
00101
00102
00103 user->username = "";
00104 user->domain = "";
00105 user->nt_username = "";
00106 user->full_name = "";
00107 user->home_dir = "";
00108 user->logon_script = "";
00109 user->profile_path = "";
00110 user->acct_desc = "";
00111 user->workstations = "";
00112 user->comment = "";
00113 user->munged_dial = "";
00114
00115 user->plaintext_pw = NULL;
00116
00117
00118
00119
00120
00121 user->acct_ctrl = ACB_NORMAL;
00122
00123
00124 return user;
00125 }
00126
00127
00128
00129
00130
00131
00132
00133 static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *pwd, BOOL create)
00134 {
00135 const char *guest_account = lp_guestaccount();
00136 const char *domain = global_myname();
00137 uint32 urid;
00138
00139 if ( !pwd ) {
00140 return NT_STATUS_NO_SUCH_USER;
00141 }
00142
00143
00144
00145 pdb_set_username(user, pwd->pw_name, PDB_SET);
00146 pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
00147 pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT);
00148 #if 0
00149
00150
00151
00152
00153
00154 gid_to_sid(&group_sid, pwd->pw_gid);
00155 pdb_set_group_sid(user, &group_sid, PDB_SET);
00156 #endif
00157
00158
00159
00160 user->unix_pw = tcopy_passwd( user, pwd );
00161
00162
00163
00164 if ( strequal( pwd->pw_name, guest_account ) ) {
00165 if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
00166 return NT_STATUS_NO_SUCH_USER;
00167 }
00168 return NT_STATUS_OK;
00169 }
00170
00171
00172
00173 if (pwd->pw_name[strlen(pwd->pw_name)-1] == '$') {
00174
00175
00176 if (!pdb_set_acct_ctrl(user, ACB_WSTRUST, PDB_DEFAULT)) {
00177 DEBUG(1, ("Failed to set 'workstation account' flags for user %s.\n",
00178 pwd->pw_name));
00179 return NT_STATUS_INVALID_COMPUTER_NAME;
00180 }
00181 }
00182 else {
00183
00184
00185 if (!pdb_set_acct_ctrl(user, ACB_NORMAL, PDB_DEFAULT)) {
00186 DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n",
00187 pwd->pw_name));
00188 return NT_STATUS_INVALID_ACCOUNT_NAME;
00189 }
00190
00191
00192
00193 pdb_set_profile_path(user, talloc_sub_specified(user,
00194 lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
00195 PDB_DEFAULT);
00196 pdb_set_homedir(user, talloc_sub_specified(user,
00197 lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
00198 PDB_DEFAULT);
00199 pdb_set_dir_drive(user, talloc_sub_specified(user,
00200 lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
00201 PDB_DEFAULT);
00202 pdb_set_logon_script(user, talloc_sub_specified(user,
00203 lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
00204 PDB_DEFAULT);
00205 }
00206
00207
00208
00209
00210
00211
00212 if ( create && !pdb_rid_algorithm() ) {
00213 uint32 user_rid;
00214 DOM_SID user_sid;
00215
00216 if ( !pdb_new_rid( &user_rid ) ) {
00217 DEBUG(3, ("Could not allocate a new RID\n"));
00218 return NT_STATUS_ACCESS_DENIED;
00219 }
00220
00221 sid_copy( &user_sid, get_global_sam_sid() );
00222 sid_append_rid( &user_sid, user_rid );
00223
00224 if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) {
00225 DEBUG(3, ("pdb_set_user_sid failed\n"));
00226 return NT_STATUS_INTERNAL_ERROR;
00227 }
00228
00229 return NT_STATUS_OK;
00230 }
00231
00232
00233
00234 urid = algorithmic_pdb_uid_to_user_rid( user->unix_pw->pw_uid );
00235
00236 if ( !pdb_set_user_sid_from_rid( user, urid, PDB_SET) ) {
00237 return NT_STATUS_INTERNAL_ERROR;
00238 }
00239
00240 return NT_STATUS_OK;
00241 }
00242
00243
00244
00245
00246
00247 NTSTATUS samu_set_unix(struct samu *user, const struct passwd *pwd)
00248 {
00249 return samu_set_unix_internal( user, pwd, False );
00250 }
00251
00252 NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd)
00253 {
00254 return samu_set_unix_internal( user, pwd, True );
00255 }
00256
00257
00258
00259
00260
00261
00262
00263 char *pdb_encode_acct_ctrl(uint32 acct_ctrl, size_t length)
00264 {
00265 static fstring acct_str;
00266
00267 size_t i = 0;
00268
00269 SMB_ASSERT(length <= sizeof(acct_str));
00270
00271 acct_str[i++] = '[';
00272
00273 if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
00274 if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
00275 if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
00276 if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
00277 if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
00278 if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
00279 if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
00280 if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
00281 if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
00282 if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
00283 if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
00284
00285 for ( ; i < length - 2 ; i++ )
00286 acct_str[i] = ' ';
00287
00288 i = length - 2;
00289 acct_str[i++] = ']';
00290 acct_str[i++] = '\0';
00291
00292 return acct_str;
00293 }
00294
00295
00296
00297
00298
00299 uint32 pdb_decode_acct_ctrl(const char *p)
00300 {
00301 uint32 acct_ctrl = 0;
00302 BOOL finished = False;
00303
00304
00305
00306
00307
00308
00309 if (*p != '[')
00310 return 0;
00311
00312 for (p++; *p && !finished; p++) {
00313 switch (*p) {
00314 case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; }
00315 case 'D': { acct_ctrl |= ACB_DISABLED ; break; }
00316 case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; }
00317 case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; }
00318 case 'U': { acct_ctrl |= ACB_NORMAL ; break; }
00319 case 'M': { acct_ctrl |= ACB_MNS ; break; }
00320 case 'W': { acct_ctrl |= ACB_WSTRUST ; break; }
00321 case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; }
00322 case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; }
00323 case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; }
00324 case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; }
00325 case ' ': { break; }
00326 case ':':
00327 case '\n':
00328 case '\0':
00329 case ']':
00330 default: { finished = True; }
00331 }
00332 }
00333
00334 return acct_ctrl;
00335 }
00336
00337
00338
00339
00340
00341 void pdb_sethexpwd(char *p, const unsigned char *pwd, uint32 acct_ctrl)
00342 {
00343 if (pwd != NULL) {
00344 int i;
00345 for (i = 0; i < 16; i++)
00346 slprintf(&p[i*2], 3, "%02X", pwd[i]);
00347 } else {
00348 if (acct_ctrl & ACB_PWNOTREQ)
00349 safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32);
00350 else
00351 safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
00352 }
00353 }
00354
00355
00356
00357
00358
00359
00360 BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
00361 {
00362 int i;
00363 unsigned char lonybble, hinybble;
00364 const char *hexchars = "0123456789ABCDEF";
00365 char *p1, *p2;
00366
00367 if (!p)
00368 return (False);
00369
00370 for (i = 0; i < 32; i += 2) {
00371 hinybble = toupper_ascii(p[i]);
00372 lonybble = toupper_ascii(p[i + 1]);
00373
00374 p1 = strchr(hexchars, hinybble);
00375 p2 = strchr(hexchars, lonybble);
00376
00377 if (!p1 || !p2)
00378 return (False);
00379
00380 hinybble = PTR_DIFF(p1, hexchars);
00381 lonybble = PTR_DIFF(p2, hexchars);
00382
00383 pwd[i / 2] = (hinybble << 4) | lonybble;
00384 }
00385 return (True);
00386 }
00387
00388
00389
00390
00391
00392 void pdb_sethexhours(char *p, const unsigned char *hours)
00393 {
00394 if (hours != NULL) {
00395 int i;
00396 for (i = 0; i < 21; i++) {
00397 slprintf(&p[i*2], 3, "%02X", hours[i]);
00398 }
00399 } else {
00400 safe_strcpy(p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 43);
00401 }
00402 }
00403
00404
00405
00406
00407
00408
00409 BOOL pdb_gethexhours(const char *p, unsigned char *hours)
00410 {
00411 int i;
00412 unsigned char lonybble, hinybble;
00413 const char *hexchars = "0123456789ABCDEF";
00414 char *p1, *p2;
00415
00416 if (!p) {
00417 return (False);
00418 }
00419
00420 for (i = 0; i < 42; i += 2) {
00421 hinybble = toupper_ascii(p[i]);
00422 lonybble = toupper_ascii(p[i + 1]);
00423
00424 p1 = strchr(hexchars, hinybble);
00425 p2 = strchr(hexchars, lonybble);
00426
00427 if (!p1 || !p2) {
00428 return (False);
00429 }
00430
00431 hinybble = PTR_DIFF(p1, hexchars);
00432 lonybble = PTR_DIFF(p2, hexchars);
00433
00434 hours[i / 2] = (hinybble << 4) | lonybble;
00435 }
00436 return (True);
00437 }
00438
00439
00440
00441
00442 int algorithmic_rid_base(void)
00443 {
00444 static int rid_offset = 0;
00445
00446 if (rid_offset != 0)
00447 return rid_offset;
00448
00449 rid_offset = lp_algorithmic_rid_base();
00450
00451 if (rid_offset < BASE_RID) {
00452
00453
00454 DEBUG(0, ("'algorithmic rid base' must be equal to or above %ld\n", BASE_RID));
00455 rid_offset = BASE_RID;
00456 }
00457 if (rid_offset & 1) {
00458 DEBUG(0, ("algorithmic rid base must be even\n"));
00459 rid_offset += 1;
00460 }
00461 return rid_offset;
00462 }
00463
00464
00465
00466
00467
00468 uid_t algorithmic_pdb_user_rid_to_uid(uint32 user_rid)
00469 {
00470 int rid_offset = algorithmic_rid_base();
00471 return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
00472 }
00473
00474 uid_t max_algorithmic_uid(void)
00475 {
00476 return algorithmic_pdb_user_rid_to_uid(0xfffffffe);
00477 }
00478
00479
00480
00481
00482
00483 uint32 algorithmic_pdb_uid_to_user_rid(uid_t uid)
00484 {
00485 int rid_offset = algorithmic_rid_base();
00486 return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
00487 }
00488
00489
00490
00491
00492
00493 gid_t pdb_group_rid_to_gid(uint32 group_rid)
00494 {
00495 int rid_offset = algorithmic_rid_base();
00496 return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
00497 }
00498
00499 gid_t max_algorithmic_gid(void)
00500 {
00501 return pdb_group_rid_to_gid(0xffffffff);
00502 }
00503
00504
00505
00506
00507
00508
00509
00510
00511
00512 uint32 algorithmic_pdb_gid_to_group_rid(gid_t gid)
00513 {
00514 int rid_offset = algorithmic_rid_base();
00515 return (((((uint32)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE);
00516 }
00517
00518
00519
00520
00521
00522 static BOOL rid_is_well_known(uint32 rid)
00523 {
00524
00525
00526
00527 return (rid < BASE_RID);
00528 }
00529
00530
00531
00532
00533
00534 BOOL algorithmic_pdb_rid_is_user(uint32 rid)
00535 {
00536 if ( rid_is_well_known(rid) ) {
00537
00538
00539
00540
00541 if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
00542 return True;
00543 } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
00544 return True;
00545 }
00546 return False;
00547 }
00548
00549
00550
00551
00552
00553 BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
00554 enum lsa_SidType *type)
00555 {
00556 GROUP_MAP map;
00557 BOOL ret;
00558
00559
00560
00561
00562
00563
00564 if ( strequal( user, "None" ) ) {
00565 *rid = DOMAIN_GROUP_RID_USERS;
00566 *type = SID_NAME_DOM_GRP;
00567
00568 return True;
00569 }
00570
00571
00572
00573
00574
00575 if ((flags & LOOKUP_NAME_GROUP) == 0) {
00576 struct samu *sam_account = NULL;
00577 DOM_SID user_sid;
00578
00579 if ( !(sam_account = samu_new( NULL )) ) {
00580 return False;
00581 }
00582
00583 become_root();
00584 ret = pdb_getsampwnam(sam_account, user);
00585 unbecome_root();
00586
00587 if (ret) {
00588 sid_copy(&user_sid, pdb_get_user_sid(sam_account));
00589 }
00590
00591 TALLOC_FREE(sam_account);
00592
00593 if (ret) {
00594 if (!sid_check_is_in_our_domain(&user_sid)) {
00595 DEBUG(0, ("User %s with invalid SID %s in passdb\n",
00596 user, sid_string_static(&user_sid)));
00597 return False;
00598 }
00599
00600 sid_peek_rid(&user_sid, rid);
00601 *type = SID_NAME_USER;
00602 return True;
00603 }
00604 }
00605
00606
00607
00608
00609
00610 become_root();
00611 ret = pdb_getgrnam(&map, user);
00612 unbecome_root();
00613
00614 if (!ret) {
00615 return False;
00616 }
00617
00618
00619 if (!sid_check_is_in_our_domain(&map.sid)) {
00620 DEBUG(10, ("Found group %s (%s) not in our domain -- "
00621 "ignoring.", user,
00622 sid_string_static(&map.sid)));
00623 return False;
00624 }
00625
00626
00627 sid_peek_rid(&map.sid, rid);
00628 *type = map.sid_name_use;
00629 return True;
00630 }
00631
00632
00633
00634
00635
00636 NTSTATUS local_password_change(const char *user_name, int local_flags,
00637 const char *new_passwd,
00638 char *err_str, size_t err_str_len,
00639 char *msg_str, size_t msg_str_len)
00640 {
00641 struct samu *sam_pass=NULL;
00642 uint32 other_acb;
00643 NTSTATUS result;
00644
00645 *err_str = '\0';
00646 *msg_str = '\0';
00647
00648
00649
00650 if ( !(sam_pass = samu_new( NULL )) ) {
00651 return NT_STATUS_NO_MEMORY;
00652 }
00653
00654 become_root();
00655 if(!pdb_getsampwnam(sam_pass, user_name)) {
00656 unbecome_root();
00657 TALLOC_FREE(sam_pass);
00658
00659 if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
00660 int tmp_debug = DEBUGLEVEL;
00661 struct passwd *pwd;
00662
00663
00664
00665 if (tmp_debug < 1) {
00666 DEBUGLEVEL = 1;
00667 }
00668
00669 if ( !(pwd = getpwnam_alloc( NULL, user_name)) ) {
00670 return NT_STATUS_NO_SUCH_USER;
00671 }
00672
00673
00674
00675 if ( !(sam_pass = samu_new( NULL )) ) {
00676 return NT_STATUS_NO_MEMORY;
00677 }
00678
00679 result = samu_set_unix( sam_pass, pwd );
00680
00681 DEBUGLEVEL = tmp_debug;
00682
00683 TALLOC_FREE( pwd );
00684
00685 if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PRIMARY_GROUP)) {
00686 return result;
00687 }
00688
00689 if (!NT_STATUS_IS_OK(result)) {
00690 slprintf(err_str, err_str_len-1, "Failed to " "initialize account for user %s: %s\n",
00691 user_name, nt_errstr(result));
00692 return result;
00693 }
00694 } else {
00695 slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
00696 return NT_STATUS_NO_SUCH_USER;
00697 }
00698 } else {
00699 unbecome_root();
00700
00701 local_flags &= ~LOCAL_ADD_USER;
00702 }
00703
00704
00705 other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
00706 if (local_flags & LOCAL_TRUST_ACCOUNT) {
00707 if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
00708 slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
00709 TALLOC_FREE(sam_pass);
00710 return NT_STATUS_UNSUCCESSFUL;
00711 }
00712 } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
00713 if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
00714 slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
00715 TALLOC_FREE(sam_pass);
00716 return NT_STATUS_UNSUCCESSFUL;
00717 }
00718 } else {
00719 if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
00720 slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
00721 TALLOC_FREE(sam_pass);
00722 return NT_STATUS_UNSUCCESSFUL;
00723 }
00724 }
00725
00726
00727
00728
00729
00730
00731 if (local_flags & LOCAL_DISABLE_USER) {
00732 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
00733 slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
00734 TALLOC_FREE(sam_pass);
00735 return NT_STATUS_UNSUCCESSFUL;
00736 }
00737 } else if (local_flags & LOCAL_ENABLE_USER) {
00738 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
00739 slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
00740 TALLOC_FREE(sam_pass);
00741 return NT_STATUS_UNSUCCESSFUL;
00742 }
00743 }
00744
00745 if (local_flags & LOCAL_SET_NO_PASSWORD) {
00746 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
00747 slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
00748 TALLOC_FREE(sam_pass);
00749 return NT_STATUS_UNSUCCESSFUL;
00750 }
00751 } else if (local_flags & LOCAL_SET_PASSWORD) {
00752
00753
00754
00755
00756
00757
00758
00759
00760
00761 if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
00762 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
00763 slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
00764 TALLOC_FREE(sam_pass);
00765 return NT_STATUS_UNSUCCESSFUL;
00766 }
00767 }
00768 if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
00769 slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
00770 TALLOC_FREE(sam_pass);
00771 return NT_STATUS_UNSUCCESSFUL;
00772 }
00773
00774 if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
00775 slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
00776 TALLOC_FREE(sam_pass);
00777 return NT_STATUS_UNSUCCESSFUL;
00778 }
00779 }
00780
00781 if (local_flags & LOCAL_ADD_USER) {
00782 if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) {
00783 slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
00784 TALLOC_FREE(sam_pass);
00785 return NT_STATUS_OK;
00786 } else {
00787 slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
00788 TALLOC_FREE(sam_pass);
00789 return NT_STATUS_UNSUCCESSFUL;
00790 }
00791 } else if (local_flags & LOCAL_DELETE_USER) {
00792 if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) {
00793 slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
00794 TALLOC_FREE(sam_pass);
00795 return NT_STATUS_UNSUCCESSFUL;
00796 }
00797 slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
00798 } else {
00799 result = pdb_update_sam_account(sam_pass);
00800 if(!NT_STATUS_IS_OK(result)) {
00801 slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
00802 TALLOC_FREE(sam_pass);
00803 return result;
00804 }
00805 if(local_flags & LOCAL_DISABLE_USER)
00806 slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
00807 else if (local_flags & LOCAL_ENABLE_USER)
00808 slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
00809 else if (local_flags & LOCAL_SET_NO_PASSWORD)
00810 slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
00811 }
00812
00813 TALLOC_FREE(sam_pass);
00814 return NT_STATUS_OK;
00815 }
00816
00817
00818
00819
00820
00821 #define TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd"
00822
00823
00824
00825
00826 BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
00827 {
00828
00829
00830
00831
00832 uint32 logon_time,
00833 logoff_time,
00834 kickoff_time,
00835 bad_password_time,
00836 pass_last_set_time,
00837 pass_can_change_time,
00838 pass_must_change_time;
00839 char *username = NULL;
00840 char *domain = NULL;
00841 char *nt_username = NULL;
00842 char *dir_drive = NULL;
00843 char *unknown_str = NULL;
00844 char *munged_dial = NULL;
00845 char *fullname = NULL;
00846 char *homedir = NULL;
00847 char *logon_script = NULL;
00848 char *profile_path = NULL;
00849 char *acct_desc = NULL;
00850 char *workstations = NULL;
00851 uint32 username_len, domain_len, nt_username_len,
00852 dir_drive_len, unknown_str_len, munged_dial_len,
00853 fullname_len, homedir_len, logon_script_len,
00854 profile_path_len, acct_desc_len, workstations_len;
00855
00856 uint32 user_rid, group_rid, hours_len, unknown_6, acct_ctrl;
00857 uint16 logon_divs;
00858 uint16 bad_password_count, logon_count;
00859 uint8 *hours = NULL;
00860 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
00861 uint32 len = 0;
00862 uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
00863 uint32 pwHistLen = 0;
00864 BOOL ret = True;
00865 fstring tmpstring;
00866 BOOL expand_explicit = lp_passdb_expand_explicit();
00867
00868 if(sampass == NULL || buf == NULL) {
00869 DEBUG(0, ("init_sam_from_buffer_v3: NULL parameters found!\n"));
00870 return False;
00871 }
00872
00873
00874
00875
00876 len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V3,
00877 &logon_time,
00878 &logoff_time,
00879 &kickoff_time,
00880 &bad_password_time,
00881 &pass_last_set_time,
00882 &pass_can_change_time,
00883 &pass_must_change_time,
00884 &username_len, &username,
00885 &domain_len, &domain,
00886 &nt_username_len, &nt_username,
00887 &fullname_len, &fullname,
00888 &homedir_len, &homedir,
00889 &dir_drive_len, &dir_drive,
00890 &logon_script_len, &logon_script,
00891 &profile_path_len, &profile_path,
00892 &acct_desc_len, &acct_desc,
00893 &workstations_len, &workstations,
00894 &unknown_str_len, &unknown_str,
00895 &munged_dial_len, &munged_dial,
00896 &user_rid,
00897 &group_rid,
00898 &lm_pw_len, &lm_pw_ptr,
00899 &nt_pw_len, &nt_pw_ptr,
00900
00901 &nt_pw_hist_len, &nt_pw_hist_ptr,
00902
00903 &acct_ctrl,
00904
00905 &logon_divs,
00906 &hours_len,
00907 &hourslen, &hours,
00908 &bad_password_count,
00909 &logon_count,
00910 &unknown_6);
00911
00912 if (len == (uint32) -1) {
00913 ret = False;
00914 goto done;
00915 }
00916
00917 pdb_set_logon_time(sampass, convert_uint32_to_time_t(logon_time), PDB_SET);
00918 pdb_set_logoff_time(sampass, convert_uint32_to_time_t(logoff_time), PDB_SET);
00919 pdb_set_kickoff_time(sampass, convert_uint32_to_time_t(kickoff_time), PDB_SET);
00920 pdb_set_bad_password_time(sampass, convert_uint32_to_time_t(bad_password_time), PDB_SET);
00921 pdb_set_pass_can_change_time(sampass, convert_uint32_to_time_t(pass_can_change_time), PDB_SET);
00922 pdb_set_pass_must_change_time(sampass, convert_uint32_to_time_t(pass_must_change_time), PDB_SET);
00923 pdb_set_pass_last_set_time(sampass, convert_uint32_to_time_t(pass_last_set_time), PDB_SET);
00924
00925 pdb_set_username(sampass, username, PDB_SET);
00926 pdb_set_domain(sampass, domain, PDB_SET);
00927 pdb_set_nt_username(sampass, nt_username, PDB_SET);
00928 pdb_set_fullname(sampass, fullname, PDB_SET);
00929
00930 if (homedir) {
00931 fstrcpy( tmpstring, homedir );
00932 if (expand_explicit) {
00933 standard_sub_basic( username, domain, tmpstring,
00934 sizeof(tmpstring) );
00935 }
00936 pdb_set_homedir(sampass, tmpstring, PDB_SET);
00937 }
00938 else {
00939 pdb_set_homedir(sampass,
00940 talloc_sub_basic(sampass, username, domain,
00941 lp_logon_home()),
00942 PDB_DEFAULT);
00943 }
00944
00945 if (dir_drive)
00946 pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
00947 else
00948 pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT );
00949
00950 if (logon_script) {
00951 fstrcpy( tmpstring, logon_script );
00952 if (expand_explicit) {
00953 standard_sub_basic( username, domain, tmpstring,
00954 sizeof(tmpstring) );
00955 }
00956 pdb_set_logon_script(sampass, tmpstring, PDB_SET);
00957 }
00958 else {
00959 pdb_set_logon_script(sampass,
00960 talloc_sub_basic(sampass, username, domain,
00961 lp_logon_script()),
00962 PDB_DEFAULT);
00963 }
00964
00965 if (profile_path) {
00966 fstrcpy( tmpstring, profile_path );
00967 if (expand_explicit) {
00968 standard_sub_basic( username, domain, tmpstring,
00969 sizeof(tmpstring) );
00970 }
00971 pdb_set_profile_path(sampass, tmpstring, PDB_SET);
00972 }
00973 else {
00974 pdb_set_profile_path(sampass,
00975 talloc_sub_basic(sampass, username, domain, lp_logon_path()),
00976 PDB_DEFAULT);
00977 }
00978
00979 pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
00980 pdb_set_workstations(sampass, workstations, PDB_SET);
00981 pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
00982
00983 if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
00984 if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
00985 ret = False;
00986 goto done;
00987 }
00988 }
00989
00990 if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
00991 if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
00992 ret = False;
00993 goto done;
00994 }
00995 }
00996
00997 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
00998 if (pwHistLen) {
00999 uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
01000 if (!pw_hist) {
01001 ret = False;
01002 goto done;
01003 }
01004 memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
01005 if (nt_pw_hist_ptr && nt_pw_hist_len) {
01006 int i;
01007 SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0);
01008 nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN;
01009 for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) {
01010 memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN],
01011 &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN],
01012 PW_HISTORY_ENTRY_LEN);
01013 }
01014 }
01015 if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) {
01016 SAFE_FREE(pw_hist);
01017 ret = False;
01018 goto done;
01019 }
01020 SAFE_FREE(pw_hist);
01021 } else {
01022 pdb_set_pw_history(sampass, NULL, 0, PDB_SET);
01023 }
01024
01025 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
01026 pdb_set_hours_len(sampass, hours_len, PDB_SET);
01027 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
01028 pdb_set_logon_count(sampass, logon_count, PDB_SET);
01029 pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
01030
01031 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
01032 pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
01033 pdb_set_hours(sampass, hours, PDB_SET);
01034
01035 done:
01036
01037 SAFE_FREE(username);
01038 SAFE_FREE(domain);
01039 SAFE_FREE(nt_username);
01040 SAFE_FREE(fullname);
01041 SAFE_FREE(homedir);
01042 SAFE_FREE(dir_drive);
01043 SAFE_FREE(logon_script);
01044 SAFE_FREE(profile_path);
01045 SAFE_FREE(acct_desc);
01046 SAFE_FREE(workstations);
01047 SAFE_FREE(munged_dial);
01048 SAFE_FREE(unknown_str);
01049 SAFE_FREE(lm_pw_ptr);
01050 SAFE_FREE(nt_pw_ptr);
01051 SAFE_FREE(nt_pw_hist_ptr);
01052 SAFE_FREE(hours);
01053
01054 return ret;
01055 }
01056
01057
01058
01059
01060 uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_only)
01061 {
01062 size_t len, buflen;
01063
01064
01065
01066
01067 uint32 logon_time,
01068 logoff_time,
01069 kickoff_time,
01070 bad_password_time,
01071 pass_last_set_time,
01072 pass_can_change_time,
01073 pass_must_change_time;
01074
01075 uint32 user_rid, group_rid;
01076
01077 const char *username;
01078 const char *domain;
01079 const char *nt_username;
01080 const char *dir_drive;
01081 const char *unknown_str;
01082 const char *munged_dial;
01083 const char *fullname;
01084 const char *homedir;
01085 const char *logon_script;
01086 const char *profile_path;
01087 const char *acct_desc;
01088 const char *workstations;
01089 uint32 username_len, domain_len, nt_username_len,
01090 dir_drive_len, unknown_str_len, munged_dial_len,
01091 fullname_len, homedir_len, logon_script_len,
01092 profile_path_len, acct_desc_len, workstations_len;
01093
01094 const uint8 *lm_pw;
01095 const uint8 *nt_pw;
01096 const uint8 *nt_pw_hist;
01097 uint32 lm_pw_len = 16;
01098 uint32 nt_pw_len = 16;
01099 uint32 nt_pw_hist_len;
01100 uint32 pwHistLen = 0;
01101
01102 *buf = NULL;
01103 buflen = 0;
01104
01105 logon_time = convert_time_t_to_uint32(pdb_get_logon_time(sampass));
01106 logoff_time = convert_time_t_to_uint32(pdb_get_logoff_time(sampass));
01107 kickoff_time = convert_time_t_to_uint32(pdb_get_kickoff_time(sampass));
01108 bad_password_time = convert_time_t_to_uint32(pdb_get_bad_password_time(sampass));
01109 pass_can_change_time = convert_time_t_to_uint32(pdb_get_pass_can_change_time_noncalc(sampass));
01110 pass_must_change_time = convert_time_t_to_uint32(pdb_get_pass_must_change_time(sampass));
01111 pass_last_set_time = convert_time_t_to_uint32(pdb_get_pass_last_set_time(sampass));
01112
01113 user_rid = pdb_get_user_rid(sampass);
01114 group_rid = pdb_get_group_rid(sampass);
01115
01116 username = pdb_get_username(sampass);
01117 if (username) {
01118 username_len = strlen(username) +1;
01119 } else {
01120 username_len = 0;
01121 }
01122
01123 domain = pdb_get_domain(sampass);
01124 if (domain) {
01125 domain_len = strlen(domain) +1;
01126 } else {
01127 domain_len = 0;
01128 }
01129
01130 nt_username = pdb_get_nt_username(sampass);
01131 if (nt_username) {
01132 nt_username_len = strlen(nt_username) +1;
01133 } else {
01134 nt_username_len = 0;
01135 }
01136
01137 fullname = pdb_get_fullname(sampass);
01138 if (fullname) {
01139 fullname_len = strlen(fullname) +1;
01140 } else {
01141 fullname_len = 0;
01142 }
01143
01144
01145
01146
01147
01148 if (!IS_SAM_DEFAULT(sampass, PDB_DRIVE)) {
01149 dir_drive = pdb_get_dir_drive(sampass);
01150 } else {
01151 dir_drive = NULL;
01152 }
01153 if (dir_drive) {
01154 dir_drive_len = strlen(dir_drive) +1;
01155 } else {
01156 dir_drive_len = 0;
01157 }
01158
01159 if (!IS_SAM_DEFAULT(sampass, PDB_SMBHOME)) {
01160 homedir = pdb_get_homedir(sampass);
01161 } else {
01162 homedir = NULL;
01163 }
01164 if (homedir) {
01165 homedir_len = strlen(homedir) +1;
01166 } else {
01167 homedir_len = 0;
01168 }
01169
01170 if (!IS_SAM_DEFAULT(sampass, PDB_LOGONSCRIPT)) {
01171 logon_script = pdb_get_logon_script(sampass);
01172 } else {
01173 logon_script = NULL;
01174 }
01175 if (logon_script) {
01176 logon_script_len = strlen(logon_script) +1;
01177 } else {
01178 logon_script_len = 0;
01179 }
01180
01181 if (!IS_SAM_DEFAULT(sampass, PDB_PROFILE)) {
01182 profile_path = pdb_get_profile_path(sampass);
01183 } else {
01184 profile_path = NULL;
01185 }
01186 if (profile_path) {
01187 profile_path_len = strlen(profile_path) +1;
01188 } else {
01189 profile_path_len = 0;
01190 }
01191
01192 lm_pw = pdb_get_lanman_passwd(sampass);
01193 if (!lm_pw) {
01194 lm_pw_len = 0;
01195 }
01196
01197 nt_pw = pdb_get_nt_passwd(sampass);
01198 if (!nt_pw) {
01199 nt_pw_len = 0;
01200 }
01201
01202 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
01203 nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len);
01204 if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
01205 nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
01206 } else {
01207 nt_pw_hist_len = 0;
01208 }
01209
01210 acct_desc = pdb_get_acct_desc(sampass);
01211 if (acct_desc) {
01212 acct_desc_len = strlen(acct_desc) +1;
01213 } else {
01214 acct_desc_len = 0;
01215 }
01216
01217 workstations = pdb_get_workstations(sampass);
01218 if (workstations) {
01219 workstations_len = strlen(workstations) +1;
01220 } else {
01221 workstations_len = 0;
01222 }
01223
01224 unknown_str = NULL;
01225 unknown_str_len = 0;
01226
01227 munged_dial = pdb_get_munged_dial(sampass);
01228 if (munged_dial) {
01229 munged_dial_len = strlen(munged_dial) +1;
01230 } else {
01231 munged_dial_len = 0;
01232 }
01233
01234
01235
01236
01237 len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V3,
01238 logon_time,
01239 logoff_time,
01240 kickoff_time,
01241 bad_password_time,
01242 pass_last_set_time,
01243 pass_can_change_time,
01244 pass_must_change_time,
01245 username_len, username,
01246 domain_len, domain,
01247 nt_username_len, nt_username,
01248 fullname_len, fullname,
01249 homedir_len, homedir,
01250 dir_drive_len, dir_drive,
01251 logon_script_len, logon_script,
01252 profile_path_len, profile_path,
01253 acct_desc_len, acct_desc,
01254 workstations_len, workstations,
01255 unknown_str_len, unknown_str,
01256 munged_dial_len, munged_dial,
01257 user_rid,
01258 group_rid,
01259 lm_pw_len, lm_pw,
01260 nt_pw_len, nt_pw,
01261 nt_pw_hist_len, nt_pw_hist,
01262 pdb_get_acct_ctrl(sampass),
01263 pdb_get_logon_divs(sampass),
01264 pdb_get_hours_len(sampass),
01265 MAX_HOURS_LEN, pdb_get_hours(sampass),
01266 pdb_get_bad_password_count(sampass),
01267 pdb_get_logon_count(sampass),
01268 pdb_get_unknown_6(sampass));
01269
01270 if (size_only) {
01271 return buflen;
01272 }
01273
01274
01275 if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) {
01276 DEBUG(0,("init_buffer_from_sam_v3: Unable to malloc() memory for buffer!\n"));
01277 return (-1);
01278 }
01279
01280
01281 buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V3,
01282 logon_time,
01283 logoff_time,
01284 kickoff_time,
01285 bad_password_time,
01286 pass_last_set_time,
01287 pass_can_change_time,
01288 pass_must_change_time,
01289 username_len, username,
01290 domain_len, domain,
01291 nt_username_len, nt_username,
01292 fullname_len, fullname,
01293 homedir_len, homedir,
01294 dir_drive_len, dir_drive,
01295 logon_script_len, logon_script,
01296 profile_path_len, profile_path,
01297 acct_desc_len, acct_desc,
01298 workstations_len, workstations,
01299 unknown_str_len, unknown_str,
01300 munged_dial_len, munged_dial,
01301 user_rid,
01302 group_rid,
01303 lm_pw_len, lm_pw,
01304 nt_pw_len, nt_pw,
01305 nt_pw_hist_len, nt_pw_hist,
01306 pdb_get_acct_ctrl(sampass),
01307 pdb_get_logon_divs(sampass),
01308 pdb_get_hours_len(sampass),
01309 MAX_HOURS_LEN, pdb_get_hours(sampass),
01310 pdb_get_bad_password_count(sampass),
01311 pdb_get_logon_count(sampass),
01312 pdb_get_unknown_6(sampass));
01313
01314
01315 if (buflen != len) {
01316 DEBUG(0, ("init_buffer_from_sam_v3: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n",
01317 (unsigned long)buflen, (unsigned long)len));
01318
01319 SAFE_FREE (*buf);
01320 return (-1);
01321 }
01322
01323 return (buflen);
01324 }
01325
01326
01327
01328
01329
01330 BOOL pdb_copy_sam_account(struct samu *dst, struct samu *src )
01331 {
01332 uint8 *buf = NULL;
01333 int len;
01334
01335 len = init_buffer_from_sam_v3(&buf, src, False);
01336 if (len == -1 || !buf) {
01337 SAFE_FREE(buf);
01338 return False;
01339 }
01340
01341 if (!init_sam_from_buffer_v3( dst, buf, len )) {
01342 free(buf);
01343 return False;
01344 }
01345
01346 dst->methods = src->methods;
01347
01348 if ( src->unix_pw ) {
01349 dst->unix_pw = tcopy_passwd( dst, src->unix_pw );
01350 if (!dst->unix_pw) {
01351 free(buf);
01352 return False;
01353 }
01354 }
01355
01356 free(buf);
01357 return True;
01358 }
01359
01360
01361
01362
01363
01364 BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
01365 {
01366 time_t LastBadPassword;
01367 uint16 BadPasswordCount;
01368 uint32 resettime;
01369 BOOL res;
01370
01371 BadPasswordCount = pdb_get_bad_password_count(sampass);
01372 if (!BadPasswordCount) {
01373 DEBUG(9, ("No bad password attempts.\n"));
01374 return True;
01375 }
01376
01377 become_root();
01378 res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
01379 unbecome_root();
01380
01381 if (!res) {
01382 DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n"));
01383 return False;
01384 }
01385
01386
01387 if ((resettime == (uint32) -1) || (resettime == 0)) {
01388 DEBUG(9, ("No reset time, can't reset bad pw count\n"));
01389 return True;
01390 }
01391
01392 LastBadPassword = pdb_get_bad_password_time(sampass);
01393 DEBUG(7, ("LastBadPassword=%d, resettime=%d, current time=%d.\n",
01394 (uint32) LastBadPassword, resettime, (uint32)time(NULL)));
01395 if (time(NULL) > (LastBadPassword + convert_uint32_to_time_t(resettime)*60)){
01396 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
01397 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
01398 if (updated) {
01399 *updated = True;
01400 }
01401 }
01402
01403 return True;
01404 }
01405
01406
01407
01408
01409
01410 BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
01411 {
01412 uint32 duration;
01413 time_t LastBadPassword;
01414 BOOL res;
01415
01416 if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) {
01417 DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n",
01418 pdb_get_username(sampass)));
01419 return True;
01420 }
01421
01422 become_root();
01423 res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
01424 unbecome_root();
01425
01426 if (!res) {
01427 DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n"));
01428 return False;
01429 }
01430
01431
01432 if ((duration == (uint32) -1) || (duration == 0)) {
01433 DEBUG(9, ("pdb_update_autolock_flag: No reset duration, can't reset autolock\n"));
01434 return True;
01435 }
01436
01437 LastBadPassword = pdb_get_bad_password_time(sampass);
01438 DEBUG(7, ("pdb_update_autolock_flag: Account %s, LastBadPassword=%d, duration=%d, current time =%d.\n",
01439 pdb_get_username(sampass), (uint32)LastBadPassword, duration*60, (uint32)time(NULL)));
01440
01441 if (LastBadPassword == (time_t)0) {
01442 DEBUG(1,("pdb_update_autolock_flag: Account %s administratively locked out with no \
01443 bad password time. Leaving locked out.\n",
01444 pdb_get_username(sampass) ));
01445 return True;
01446 }
01447
01448 if ((time(NULL) > (LastBadPassword + convert_uint32_to_time_t(duration) * 60))) {
01449 pdb_set_acct_ctrl(sampass,
01450 pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK,
01451 PDB_CHANGED);
01452 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
01453 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
01454 if (updated) {
01455 *updated = True;
01456 }
01457 }
01458
01459 return True;
01460 }
01461
01462
01463
01464
01465
01466 BOOL pdb_increment_bad_password_count(struct samu *sampass)
01467 {
01468 uint32 account_policy_lockout;
01469 BOOL autolock_updated = False, badpw_updated = False;
01470 BOOL ret;
01471
01472
01473 become_root();
01474 ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
01475 unbecome_root();
01476 if ( !ret ) {
01477 DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));
01478 return False;
01479 }
01480
01481
01482 if (!account_policy_lockout) {
01483 DEBUG(9, ("No lockout policy, don't track bad passwords\n"));
01484 return True;
01485 }
01486
01487
01488 if (!pdb_update_autolock_flag(sampass, &autolock_updated))
01489 return False;
01490
01491
01492 if (!pdb_update_bad_password_count(sampass, &badpw_updated))
01493 return False;
01494
01495
01496
01497
01498
01499
01500
01501 pdb_set_bad_password_count(sampass,
01502 pdb_get_bad_password_count(sampass)+1,
01503 PDB_CHANGED);
01504 pdb_set_bad_password_time(sampass, time(NULL), PDB_CHANGED);
01505
01506
01507 if (pdb_get_bad_password_count(sampass) < account_policy_lockout)
01508 return True;
01509
01510 if (!pdb_set_acct_ctrl(sampass,
01511 pdb_get_acct_ctrl(sampass) | ACB_AUTOLOCK,
01512 PDB_CHANGED)) {
01513 DEBUG(1, ("pdb_increment_bad_password_count:failed to set 'autolock' flag. \n"));
01514 return False;
01515 }
01516
01517 return True;
01518 }