Put in intermediate version of new SAM system. It's not stable yet, code

might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam

Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c

source/Makefile.in

@@ -214,8 +214,12 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
 PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
 		passdb/machine_sid.o passdb/pdb_smbpasswd.o \
 		passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \
-		passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \
-		passdb/pdb_compat.o
+		passdb/pdb_unix.o passdb/util_sam_sid.o \
+		passdb/pdb_compat.o passdb/pdb_nisplus.o
+
+SAM_OBJ = sam/account.o sam/get_set_user.o sam/get_set_group.o sam/get_set_domain.o sam/interface.o
+
+SAMTEST_OBJ = torture/samtest.o $(SAM_OBJ) $(LIB_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(READLINE_OBJ)
 
 GROUPDB_OBJ = groupdb/mapping.o
 
@@ -446,7 +450,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \
 	    $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
 	    $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
 	    $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
-	    $(LIB_SMBD_OBJ) 
+	    $(LIB_SMBD_OBJ) $(SAM_OBJ)
 
 NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
 	    $(LIB_OBJ) $(NSSWINS_OBJ)
@@ -675,6 +679,10 @@ bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@
 
+bin/samtest: $(SAMTEST_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@
+
 bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)

source/acconfig.h

@@ -166,6 +166,7 @@
 #undef MMAP_BLACKLIST
 #undef HAVE_IMMEDIATE_STRUCTURES
 #undef HAVE_CUPS
+#undef WITH_SAM
 #undef WITH_LDAP_SAM
 #undef WITH_NISPLUS_SAM
 #undef WITH_TDB_SAM

source/configure.in

@@ -2138,6 +2138,22 @@ if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
 fi
 fi
 
+# New experimental SAM system
+
+AC_MSG_CHECKING([whether to build the new (experimental) SAM database])
+AC_ARG_WITH(sam,
+[  --with-sam              Build new (experimental) SAM database (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_SAM)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
 
 
 ########################################################################################

source/groupdb/aliasdb.c

@@ -41,9 +41,7 @@ BOOL initialise_alias_db(void)
     return True;
   }
 
-#ifdef WITH_NISPLUS
-  aldb_ops =  nisplus_initialise_alias_db();
-#elif defined(WITH_LDAP)
+#ifdef WITH_LDAP
   aldb_ops = ldap_initialise_alias_db();
 #else 
   aldb_ops = file_initialise_alias_db();

source/groupdb/groupdb.c

@@ -39,9 +39,7 @@ BOOL initialise_group_db(void)
     return True;
   }
 
-#ifdef WITH_NISPLUS
-  gpdb_ops =  nisplus_initialise_group_db();
-#elif defined(WITH_LDAP)
+#ifdef WITH_LDAP
   gpdb_ops = ldap_initialise_group_db();
 #else 
   gpdb_ops = file_initialise_group_db();

source/include/config.h.in

@@ -1,4 +1,4 @@
-/* include/config.h.in.  Generated automatically from configure.in by autoheader.  */
+/* include/config.h.in.  Generated automatically from configure.in by autoheader 2.13.  */
 
 /* Define if on AIX 3.
    System headers sometimes define this.
@@ -232,6 +232,7 @@
 #undef MMAP_BLACKLIST
 #undef HAVE_IMMEDIATE_STRUCTURES
 #undef HAVE_CUPS
+#undef WITH_SAM
 #undef WITH_LDAP_SAM
 #undef WITH_NISPLUS_SAM
 #undef WITH_TDB_SAM

source/include/debug.h

@@ -89,8 +89,9 @@ extern int DEBUGLEVEL;
 #define DBGC_RPC_SRV		6
 #define DBGC_RPC_CLI		7
 #define DBGC_PASSDB		8
-#define DBGC_AUTH		9
-#define DBGC_WINBIND		10
+#define DBGC_SAM		9
+#define DBGC_AUTH		10
+#define DBGC_WINBIND		11
 
 
 /* So you can define DBGC_CLASS before including debug.h */

source/include/includes.h

@@ -751,6 +751,10 @@ extern int errno;
 
 #include "passdb.h"
 
+#ifdef WITH_SAM
+#include "sam.h"
+#endif
+
 #include "session.h"
 
 #include "asn_1.h"

source/include/sam.h

@@ -0,0 +1,258 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM structures
+   Copyright (C) Kai Krueger 2002
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Simo Sorce 2002
+   Copyright (C) Andrew Bartlett 2002
+   Copyright (C) Jelmer Vernooij 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SAM_H
+#define _SAM_H
+
+#define SAM_INTERFACE_VERSION 1
+
+/* use this inside a passdb module */
+#define SAM_MODULE_VERSIONING_MAGIC \
+int sam_version(void)\
+{\
+	return SAM_INTERFACE_VERSION;\
+}
+
+typedef struct sam_domain {
+ TALLOC_CTX *mem_ctx;
+ uint32 access_granted;
+ struct sam_methods *current_sam_methods; /* sam_methods creating this
+handle */
+ void (*free_fn)(struct sam_domain **);
+ struct domain_data {
+  DOM_SID sid; /*SID of the domain. Should not be changed */
+  char *name; /* Name of the domain */
+  char *servername; /* */
+  NTTIME max_passwordage; /* time till next password expiration */
+  NTTIME min_passwordage; /* time till password can be changed again */
+  NTTIME lockout_duration; /* time till login is allowed again after
+lockout*/
+  NTTIME reset_count; /* time till bad login counter is reset */
+  uint16 min_passwordlength; /* minimum number of characters for a password
+*/
+  uint16 password_history; /* number of passwords stored in history */
+  uint16 lockout_count; /* number of bad login attempts before lockout */
+  BOOL force_logoff; /* force logoff after logon hours have expired */
+  BOOL login_pwdchange; /* Users need to logon to change their password */
+  uint32 num_users; /* number of users in the domain */
+  uint32 num_groups; /* number of global groups */
+  uint32 num_aliases; /* number of local groups */
+ } private;
+} SAM_DOMAIN_HANDLE;
+
+typedef struct sam_user {
+ TALLOC_CTX *mem_ctx;
+ uint32 access_granted;
+ struct sam_methods *current_sam_methods; /* sam_methods creating this
+handle */
+ void (*free_fn)(struct sam_user **);
+ struct sam_user_data {
+  uint32 init_flag;
+  NTTIME logon_time; /* logon time */
+  NTTIME logoff_time; /* logoff time */
+  NTTIME kickoff_time; /* kickoff time */
+  NTTIME pass_last_set_time; /* password last set time */
+  NTTIME pass_can_change_time; /* password can change time */
+  NTTIME pass_must_change_time; /* password must change time */
+  char * username; /* username string */
+  SAM_DOMAIN_HANDLE * domain; /* domain of user */
+  char * full_name; /* user's full name string */
+  char * unix_home_dir; /* UNIX home directory string */
+  char * home_dir; /* home directory string */
+  char * dir_drive; /* home directory drive string */
+  char * logon_script; /* logon script string */
+  char * profile_path; /* profile path string */
+  char * acct_desc; /* user description string */
+  char * workstations; /* login from workstations string */
+  char * unknown_str; /* don't know what this is, yet. */
+  char * munged_dial; /* munged path name and dial-back tel number */
+  DOM_SID user_sid; /* Primary User SID */
+  DOM_SID group_sid; /* Primary Group SID */
+  DATA_BLOB lm_pw; /* .data is Null if no password */
+  DATA_BLOB nt_pw; /* .data is Null if no password */
+  DATA_BLOB plaintext_pw; /* .data is Null if not available */
+  uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+  uint32 unknown_1; /* 0x00ff ffff */
+  uint16 logon_divs; /* 168 - number of hours in a week */
+  uint32 hours_len; /* normally 21 bytes */
+  uint8 hours[MAX_HOURS_LEN];
+  uint32 unknown_2; /* 0x0002 0000 */
+  uint32 unknown_3; /* 0x0000 04ec */
+ } private;
+} SAM_USER_HANDLE;
+
+typedef struct sam_group {
+ TALLOC_CTX *mem_ctx;
+ uint32 access_granted;
+ struct sam_methods *current_sam_methods; /* sam_methods creating this
+handle */
+ void (*free_fn)(struct sam_group **);
+ struct sam_group_data {
+  char *name;
+  char *comment;
+  DOM_SID sid;
+  int32 flags; /* specifies if the group is a lokal group or a global group
+*/
+  uint32 num_members;
+  PRIVILEGE_SET privileges;
+ } private;
+} SAM_GROUP_HANDLE;
+
+
+typedef struct sam_group_member {
+	DOM_SID sid; 
+	BOOL group; /* specifies if it is a group or a user */ 
+
+} SAM_GROUP_MEMBER;
+
+typedef struct sam_user_enum {
+	DOM_SID sid; 
+	char *username; 
+	char *full_name; 
+	char *user_desc; 
+	uint16 acc_ctrl; 
+} SAM_USER_ENUM;
+
+typedef struct sam_group_enum {
+	DOM_SID sid;
+	char *groupname;
+	char *comment;
+} SAM_GROUP_ENUM;
+
+typedef struct sam_context 
+{
+	struct sam_methods *methods;
+	TALLOC_CTX *mem_ctx;
+	
+	/* General API */
+	
+	NTSTATUS (*sam_get_sec_desc) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd);
+	NTSTATUS (*sam_set_sec_desc) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd);
+	
+	NTSTATUS (*sam_lookup_sid) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type);
+	NTSTATUS (*sam_lookup_name) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID **sid,  uint32 *type);	
+
+
+	/* Domain API */
+
+	NTSTATUS (*sam_update_domain) ( const struct sam_context *, SAM_DOMAIN_HANDLE *domain);
+
+	NTSTATUS (*sam_enum_domains) ( const struct sam_context *, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char **domain_names);
+	NTSTATUS (*sam_lookup_domain) ( const struct sam_context *, const NT_USER_TOKEN * access_token, const char *domain, DOM_SID **domainsid);
+
+	NTSTATUS (*sam_get_domain_by_sid) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain);
+
+
+	/* User API */
+
+	NTSTATUS (*sam_create_user) ( const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, DOM_SID *domainsid, SAM_USER_HANDLE **user);
+	NTSTATUS (*sam_add_user) ( const struct sam_context *, DOM_SID *domainsid, SAM_USER_HANDLE *user);
+	NTSTATUS (*sam_update_user) ( const struct sam_context *, SAM_USER_HANDLE *user);
+	NTSTATUS (*sam_delete_user) ( const struct sam_context *, SAM_USER_HANDLE * user);
+	NTSTATUS (*sam_enum_users) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users);
+
+	NTSTATUS (*sam_get_user_by_sid) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *usersid, SAM_USER_HANDLE **user);
+	NTSTATUS (*sam_get_user_by_name) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_USER_HANDLE **user);
+
+	/* Group API */
+
+
+	NTSTATUS (*sam_add_group) ( const struct sam_context *, DOM_SID *domainsid, SAM_GROUP_HANDLE *samgroup);
+	NTSTATUS (*sam_update_group) ( const struct sam_context *, SAM_GROUP_HANDLE *samgroup);
+	NTSTATUS (*sam_delete_group) ( const struct sam_context *, SAM_GROUP_HANDLE *groupsid);
+	NTSTATUS (*sam_enum_groups) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups);
+	NTSTATUS (*sam_get_group_by_sid) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group);
+	NTSTATUS (*sam_get_group_by_name) ( const struct sam_context *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group);
+
+	NTSTATUS (*sam_add_member_to_group) ( const struct sam_context *, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member);
+	NTSTATUS (*sam_delete_member_from_group) ( const struct sam_context *, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member);
+	NTSTATUS (*sam_enum_groupmembers) ( const struct sam_context *, SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members);
+
+	NTSTATUS (*sam_get_groups_of_user) ( const struct sam_context *, SAM_USER_HANDLE *user, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups);
+
+	void (*free_fn)(struct sam_context **);
+} SAM_CONTEXT;
+
+typedef struct sam_methods 
+{
+	struct sam_context	*parent;
+	struct sam_methods	*next;
+	struct sam_methods	*prev;
+	const char			*backendname;
+	struct sam_domain   *domain;
+	void				*private_data;
+	
+	/* General API */
+	
+	NTSTATUS (*sam_get_sec_desc) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd);
+	NTSTATUS (*sam_set_sec_desc) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd);
+	
+	NTSTATUS (*sam_lookup_sid) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type);
+	NTSTATUS (*sam_lookup_name) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const char *name, DOM_SID **sid,  uint32 *type);	
+	
+	/* Domain API */
+
+	NTSTATUS (*sam_update_domain) ( const struct sam_methods *, SAM_DOMAIN_HANDLE *domain);
+	NTSTATUS (*sam_get_domain_handle) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, SAM_DOMAIN_HANDLE **domain);
+
+	/* User API */
+
+	NTSTATUS (*sam_create_user) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, SAM_USER_HANDLE **user);
+	NTSTATUS (*sam_add_user) ( const struct sam_methods *, const SAM_USER_HANDLE *user);
+	NTSTATUS (*sam_update_user) ( const struct sam_methods *, const SAM_USER_HANDLE *user);
+	NTSTATUS (*sam_delete_user) ( const struct sam_methods *, const SAM_USER_HANDLE *user);
+	NTSTATUS (*sam_enum_users) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, int32 *user_count, SAM_USER_ENUM **users);
+
+	NTSTATUS (*sam_get_user_by_sid) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *usersid, SAM_USER_HANDLE **user);
+	NTSTATUS (*sam_get_user_by_name) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_USER_HANDLE **user);
+
+	/* Group API */
+
+	NTSTATUS (*sam_create_group) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const uint32 type, SAM_GROUP_HANDLE **group);
+	NTSTATUS (*sam_add_group) ( const struct sam_methods *, SAM_GROUP_HANDLE *samgroup);
+	NTSTATUS (*sam_update_group) ( const struct sam_methods *, SAM_GROUP_HANDLE *samgroup);
+	NTSTATUS (*sam_delete_group) ( const struct sam_methods *, SAM_GROUP_HANDLE *groupsid);
+	NTSTATUS (*sam_enum_groups) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups);
+	NTSTATUS (*sam_get_group_by_sid) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group);
+	NTSTATUS (*sam_get_group_by_name) ( const struct sam_methods *, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group);
+
+	NTSTATUS (*sam_add_member_to_group) ( const struct sam_methods *, SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
+	NTSTATUS (*sam_delete_member_from_group) ( const struct sam_methods *, SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
+	NTSTATUS (*sam_enum_groupmembers) ( const struct sam_methods *, SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members);
+
+	NTSTATUS (*sam_get_groups_of_user) ( const struct sam_methods *, SAM_USER_HANDLE *user, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups);
+
+	void (*free_private_data)(void **);
+} SAM_METHODS;
+
+typedef NTSTATUS (*sam_init_function)( const struct sam_context *, struct sam_methods **, const char *);
+
+struct sam_init_function_entry {
+	char *name;
+	/* Function to create a member of the sam_methods list */
+	sam_init_function init;
+};
+
+
+#endif /* _SAM_H */

source/lib/debug.c

@@ -153,6 +153,7 @@ static const char *default_classname_table[] = {
 	"rpc_srv",           /* DBGC_RPC_SRV      */
 	"rpc_cli",           /* DBGC_RPC_CLI      */
 	"passdb",            /* DBGC_PASSDB       */
+	"sam"                /* DBGC_SAM          */
 	"auth",              /* DBGC_AUTH         */
 	"winbind",           /* DBGC_WINBIND      */
 	NULL

source/lib/time.c

@@ -40,6 +40,12 @@ int extra_time_offset = 0;
 #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
 #endif
 
+void get_nttime_max(NTTIME *t)
+{
+	/* FIXME: This is incorrect */
+	unix_to_nt_time(get_time_t_max(),t);
+}
+
 /*******************************************************************
  External access to time_t_min and time_t_max.
 ********************************************************************/

source/passdb/passgrp.c

@@ -1,219 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   Password and authentication handling
-   Copyright (C) Jeremy Allison 1996-1998
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
-      
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_PASSDB
-
-/*
- * NOTE. All these functions are abstracted into a structure
- * that points to the correct function for the selected database. JRA.
- *
- * the API does NOT fill in the gaps if you set an API function
- * to NULL: it will deliberately attempt to call the NULL function.
- *
- */
-
-static struct passgrp_ops *pwgrp_ops;
-
-/***************************************************************
- Initialise the passgrp operations.
-***************************************************************/
-
-BOOL initialise_passgrp_db(void)
-{
-  if (pwgrp_ops)
-  {
-    return True;
-  }
-
-#ifdef WITH_NISPLUS
-  pwgrp_ops =  nisplus_initialise_password_grp();
-#elif defined(WITH_LDAP)
-  pwgrp_ops = ldap_initialize_password_grp();
-#else 
-  pwgrp_ops = file_initialise_password_grp();
-#endif 
-
-  return (pwgrp_ops != NULL);
-}
-
-/*
- * Functions that return/manipulate a struct smb_passwd.
- */
-
-/************************************************************************
- Utility function to search smb passwd by rid.  
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid),
-	                            grps, num_grps, alss, num_alss);
-}
-
-/************************************************************************
- Utility function to search smb passwd by uid.  use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	struct smb_passwd *pwd = NULL;
-	void *fp = NULL;
-
-	DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
-
-	/* Open the smb password database - not for update. */
-	fp = startsmbgrpent(False);
-
-	if (fp == NULL)
-	{
-		DEBUG(0, ("unable to open smb passgrp database.\n"));
-		return NULL;
-	}
-
-	while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid)
-      ;
-
-	if (pwd != NULL)
-	{
-		DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
-	}
-
-	endsmbgrpent(fp);
-	return pwd;
-}
-
-/************************************************************************
- Utility function to search smb passwd by name.  use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbgrpnam(char *name,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	struct smb_passwd *pwd = NULL;
-	void *fp = NULL;
-
-	DEBUG(10, ("search by name: %s\n", name));
-
-	/* Open the passgrp file - not for update. */
-	fp = startsmbgrpent(False);
-
-	if (fp == NULL)
-	{
-		DEBUG(0, ("unable to open smb passgrp database.\n"));
-		return NULL;
-	}
-
-	while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name))
-      ;
-
-	if (pwd != NULL)
-	{
-		DEBUG(10, ("found by name: %s\n", name));
-	}
-
-	endsmbgrpent(fp);
-	return pwd;
-}
-
-/***************************************************************
- Start to enumerate the smb or sam passwd list. Returns a void pointer
- to ensure no modification outside this module.
-
- Note that currently it is being assumed that a pointer returned
- from this function may be used to enumerate struct sam_passwd
- entries as well as struct smb_passwd entries. This may need
- to change. JRA.
-
-****************************************************************/
-
-void *startsmbgrpent(BOOL update)
-{
-  return pwgrp_ops->startsmbgrpent(update);
-}
-
-/***************************************************************
- End enumeration of the smb or sam passwd list.
-
- Note that currently it is being assumed that a pointer returned
- from this function may be used to enumerate struct sam_passwd
- entries as well as struct smb_passwd entries. This may need
- to change. JRA.
-
-****************************************************************/
-
-void endsmbgrpent(void *vp)
-{
-  pwgrp_ops->endsmbgrpent(vp);
-}
-
-/*************************************************************************
- Routine to return the next entry in the smb passwd list.
- *************************************************************************/
-
-struct smb_passwd *getsmbgrpent(void *vp,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	return pwgrp_ops->getsmbgrpent(vp, grps, num_grps, alss, num_alss);
-}
-
-/************************************************************************
- Routine to search smb passwd by name.
-*************************************************************************/
-
-struct smb_passwd *getsmbgrpnam(char *name,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss);
-}
-
-/************************************************************************
- Routine to search smb passwd by user rid.
-*************************************************************************/
-
-struct smb_passwd *getsmbgrprid(uint32 user_rid,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	return pwgrp_ops->getsmbgrprid(user_rid, grps, num_grps, alss, num_alss);
-}
-
-/************************************************************************
- Routine to search smb passwd by uid.
-*************************************************************************/
-
-struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
-		uint32 **grps, int *num_grps,
-		uint32 **alss, int *num_alss)
-{
-	return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss);
-}

source/rpc_server/srv_samr_nt.c

@@ -68,8 +68,6 @@ struct generic_mapping usr_generic_mapping = {USER_READ, USER_WRITE, USER_EXECUT
 struct generic_mapping grp_generic_mapping = {GROUP_READ, GROUP_WRITE, GROUP_EXECUTE, GROUP_ALL_ACCESS};
 struct generic_mapping ali_generic_mapping = {ALIAS_READ, ALIAS_WRITE, ALIAS_EXECUTE, ALIAS_ALL_ACCESS};
 
-static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *d_size);
-
 
 /*******************************************************************
  Checks if access to an object should be granted, and returns that
@@ -411,7 +409,7 @@ NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u,
  samr_make_sam_obj_sd
  ********************************************************************/
 
-static NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
+NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 {
 	extern DOM_SID global_sid_World;
 	DOM_SID adm_sid;

source/sam/account.c

@@ -0,0 +1,301 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 		1996-2001
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Gerald (Jerry) Carter		2000-2001
+   Copyright (C) Andrew Bartlett		2001-2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_PASSDB
+
+/************************************************************
+ Fill the SAM_USER_HANDLE with default values.
+ ***********************************************************/
+
+static void sam_fill_default_user(SAM_USER_HANDLE *user)
+{
+	ZERO_STRUCT(user->private); /* Don't touch the talloc context */
+
+        /* Don't change these timestamp settings without a good reason.
+           They are important for NT member server compatibility. */
+
+	user->private.init_flag		    = FLAG_SAM_UNINIT;
+
+	/* FIXME: We should actually call get_nt_time_max() or sthng 
+	 * here */
+	unix_to_nt_time(&(user->private.logoff_time),get_time_t_max());
+	unix_to_nt_time(&(user->private.kickoff_time),get_time_t_max());
+	unix_to_nt_time(&(user->private.pass_must_change_time),get_time_t_max());
+	user->private.unknown_1 = 0x00ffffff; 	/* don't know */
+	user->private.logon_divs = 168; 	/* hours per week */
+	user->private.hours_len = 21; 		/* 21 times 8 bits = 168 */
+	memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */
+	user->private.unknown_2 = 0x00000000; /* don't know */
+	user->private.unknown_3 = 0x000004ec; /* don't know */
+}	
+
+static void destroy_sam_talloc(SAM_USER_HANDLE **user) 
+{
+	if (*user) {
+		talloc_destroy((*user)->mem_ctx);
+		*user = NULL;
+	}
+}
+
+
+/**********************************************************************
+ Alloc memory and initialises a SAM_USER_HANDLE on supplied mem_ctx.
+***********************************************************************/
+
+NTSTATUS sam_init_user_talloc(TALLOC_CTX *mem_ctx, SAM_USER_HANDLE **user)
+{
+	SMB_ASSERT(*user != NULL);
+
+	if (!mem_ctx) {
+		DEBUG(0,("sam_init_user_talloc: mem_ctx was NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*user=(SAM_USER_HANDLE *)talloc(mem_ctx, sizeof(SAM_USER_HANDLE));
+
+	if (*user==NULL) {
+		DEBUG(0,("sam_init_user_talloc: error while allocating memory\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*user)->mem_ctx = mem_ctx;
+
+	(*user)->free_fn = NULL;
+
+	sam_fill_default_user(*user);
+	
+	return NT_STATUS_OK;
+}
+
+
+/*************************************************************
+ Alloc memory and initialises a struct sam_passwd.
+ ************************************************************/
+
+NTSTATUS sam_init_user(SAM_USER_HANDLE **user)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS nt_status;
+	
+	mem_ctx = talloc_init_named("passdb internal SAM_USER_HANDLE allocation");
+
+	if (!mem_ctx) {
+		DEBUG(0,("sam_init_user: error while doing talloc_init()\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_init_user_talloc(mem_ctx, user))) {
+		talloc_destroy(mem_ctx);
+		return nt_status;
+	}
+	
+	(*user)->free_fn = destroy_sam_talloc;
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Free the contets of the SAM_USER_HANDLE, but not the structure.
+ *
+ * Also wipes the LM and NT hashes and plaintext passwrod from 
+ * memory.
+ *
+ * @param user SAM_USER_HANDLE to free members of.
+ **/
+
+static void sam_free_user_contents(SAM_USER_HANDLE *user)
+{
+
+	/* Kill off sensitive data.  Free()ed by the
+	   talloc mechinism */
+
+	data_blob_clear_free(&(user->private.lm_pw));
+	data_blob_clear_free(&(user->private.nt_pw));
+	data_blob_clear_free(&(user->private.plaintext_pw));
+}
+
+
+/************************************************************
+ Reset the SAM_USER_HANDLE and free the NT/LM hashes.
+ ***********************************************************/
+
+NTSTATUS sam_reset_sam(SAM_USER_HANDLE *user)
+{
+	SMB_ASSERT(user != NULL);
+	
+	sam_free_user_contents(user);
+
+	sam_fill_default_user(user);
+
+	return NT_STATUS_OK;
+}
+
+
+/************************************************************
+ Free the SAM_USER_HANDLE and the member pointers.
+ ***********************************************************/
+
+NTSTATUS sam_free_user(SAM_USER_HANDLE **user)
+{
+	SMB_ASSERT(*user != NULL);
+
+	sam_free_user_contents(*user);
+	
+	if ((*user)->free_fn) {
+		(*user)->free_fn(user);
+	}
+
+	return NT_STATUS_OK;	
+}
+
+
+/**********************************************************
+ Encode the account control bits into a string.
+ length = length of string to encode into (including terminating
+ null). length *MUST BE MORE THAN 2* !
+ **********************************************************/
+
+char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+{
+	static fstring acct_str;
+	size_t i = 0;
+
+	acct_str[i++] = '[';
+
+	if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+	if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
+	if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+	if (acct_ctrl & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
+	if (acct_ctrl & ACB_NORMAL   ) acct_str[i++] = 'U';
+	if (acct_ctrl & ACB_MNS      ) acct_str[i++] = 'M';
+	if (acct_ctrl & ACB_WSTRUST  ) acct_str[i++] = 'W';
+	if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
+	if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+	if (acct_ctrl & ACB_PWNOEXP  ) acct_str[i++] = 'X';
+	if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+	for ( ; i < length - 2 ; i++ )
+		acct_str[i] = ' ';
+
+	i = length - 2;
+	acct_str[i++] = ']';
+	acct_str[i++] = '\0';
+
+	return acct_str;
+}     
+
+/**********************************************************
+ Decode the account control bits from a string.
+ **********************************************************/
+
+uint16 sam_decode_acct_ctrl(const char *p)
+{
+	uint16 acct_ctrl = 0;
+	BOOL finished = False;
+
+	/*
+	 * Check if the account type bits have been encoded after the
+	 * NT password (in the form [NDHTUWSLXI]).
+	 */
+
+	if (*p != '[')
+		return 0;
+
+	for (p++; *p && !finished; p++) {
+		switch (*p) {
+			case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
+			case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
+			case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
+			case 'T': { acct_ctrl |= ACB_TEMPDUP  ; break; /* 'T'emp account. */ } 
+			case 'U': { acct_ctrl |= ACB_NORMAL   ; break; /* 'U'ser account (normal). */ } 
+			case 'M': { acct_ctrl |= ACB_MNS      ; break; /* 'M'NS logon user account. What is this ? */ } 
+			case 'W': { acct_ctrl |= ACB_WSTRUST  ; break; /* 'W'orkstation account. */ } 
+			case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 
+			case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
+			case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
+			case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
+            case ' ': { break; }
+			case ':':
+			case '\n':
+			case '\0': 
+			case ']':
+			default:  { finished = True; }
+		}
+	}
+
+	return acct_ctrl;
+}
+
+/*************************************************************
+ Routine to set 32 hex password characters from a 16 byte array.
+**************************************************************/
+
+void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
+{
+	if (pwd != NULL) {
+		int i;
+		for (i = 0; i < 16; i++)
+			slprintf(&p[i*2], 3, "%02X", pwd[i]);
+	} else {
+		if (acct_ctrl & ACB_PWNOTREQ)
+			safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+		else
+			safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
+	}
+}
+
+/*************************************************************
+ Routine to get the 32 hex characters and turn them
+ into a 16 byte array.
+**************************************************************/
+
+BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
+{
+	int i;
+	unsigned char   lonybble, hinybble;
+	char           *hexchars = "0123456789ABCDEF";
+	char           *p1, *p2;
+	
+	if (!p)
+		return (False);
+	
+	for (i = 0; i < 32; i += 2) {
+		hinybble = toupper(p[i]);
+		lonybble = toupper(p[i + 1]);
+
+		p1 = strchr(hexchars, hinybble);
+		p2 = strchr(hexchars, lonybble);
+
+		if (!p1 || !p2)
+			return (False);
+
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		pwd[i / 2] = (hinybble << 4) | lonybble;
+	}
+	return (True);
+}

source/sam/get_set_domain.c

@@ -0,0 +1,263 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_DOMAIN access routines
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
+{
+	if (!domain || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &domain->private.sid;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
+{
+	if (!domain || !num_users)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_users = domain->private.num_users;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
+{
+	if (!domain || !num_groups)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_groups = domain->private.num_groups;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
+{
+	if (!domain || !num_aliases)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_aliases = domain->private.num_aliases;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
+{
+	if (!domain || !domain_name)return NT_STATUS_UNSUCCESSFUL;
+
+	*domain_name = domain->private.name;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, char *domain_name)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
+{
+	if (!domain || !server_name)return NT_STATUS_UNSUCCESSFUL;
+
+	*server_name = domain->private.servername;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, char *server_name)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
+{
+	if (!domain || !max_passwordage)return NT_STATUS_UNSUCCESSFUL;
+
+	*max_passwordage = domain->private.max_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
+{
+	if (!domain || !min_passwordage)return NT_STATUS_UNSUCCESSFUL;
+
+	*min_passwordage = domain->private.min_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
+{
+	if (!domain || !lockout_duration)return NT_STATUS_UNSUCCESSFUL;
+
+	*lockout_duration = domain->private.lockout_duration;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
+{
+	if (!domain || !reset_lockout_count)return NT_STATUS_UNSUCCESSFUL;
+	
+	*reset_lockout_count = domain->private.reset_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
+{
+	if (!domain || !min_passwordlength)return NT_STATUS_UNSUCCESSFUL;
+
+	*min_passwordlength = domain->private.min_passwordlength;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
+{
+	if (!domain || !password_history)return NT_STATUS_UNSUCCESSFUL;
+
+	*password_history = domain->private.password_history;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
+{
+	if (!domain || !lockout_count)return NT_STATUS_UNSUCCESSFUL;
+
+	*lockout_count = domain->private.lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
+{
+	if (!domain || !force_logoff)return NT_STATUS_UNSUCCESSFUL;
+
+	*force_logoff = domain->private.force_logoff;
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
+{
+	if (!domain || !login_pwdchange)return NT_STATUS_UNSUCCESSFUL;
+
+	*login_pwdchange = domain->private.login_pwdchange;
+
+	return NT_STATUS_OK;
+}
+
+/* Set */
+
+NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.max_passwordage = max_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.min_passwordage = min_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.lockout_duration = lockout_duration;
+
+	return NT_STATUS_OK;
+}
+NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.reset_count = reset_lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.min_passwordlength = min_passwordlength;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
+{
+	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.password_history = password_history;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.lockout_count = lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.force_logoff = force_logoff;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
+{
+	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.login_pwdchange = login_pwdchange;
+
+	return NT_STATUS_OK;
+}

source/sam/get_set_group.c

@@ -0,0 +1,123 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_USER_HANDLE access routines
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+/* sam group get functions */
+
+NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, DOM_SID **sid)
+{
+	if (!group || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &group->private.sid;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_typ(const SAM_GROUP_HANDLE *group, uint32 *typ)
+{
+	if (!group || !typ) return NT_STATUS_UNSUCCESSFUL;
+
+	*typ = group->private.flags;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, char **group_name)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*group_name = group->private.name;
+
+	return NT_STATUS_OK;
+
+}
+NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, char **comment)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*comment = group->private.comment;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_priv_set(const SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*priv_set = group->private.privileges;
+
+	return NT_STATUS_OK;
+}
+
+/* sam group set functions */
+
+NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, DOM_SID *sid)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!sid) ZERO_STRUCT(group->private.sid);
+	else sid_copy(&(group->private.sid), sid);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_typ(SAM_GROUP_HANDLE *group, uint32 typ)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.flags = typ;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, char *group_name)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.name = talloc_strdup(group->mem_ctx, group_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_comment(SAM_GROUP_HANDLE *group, char *comment)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.comment = talloc_strdup(group->mem_ctx, comment);
+
+	return NT_STATUS_OK;
+
+}
+
+NTSTATUS sam_set_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!priv_set) ZERO_STRUCT(group->private.privileges);
+	else memcpy(&(group->private.privileges), priv_set, sizeof(PRIVILEGE_SET));
+
+	return NT_STATUS_OK;
+}

source/sam/get_set_user.c

@@ -0,0 +1,903 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_USER_HANDLE access routines
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+NTSTATUS sam_get_user_domain_sid (const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	NTSTATUS status;
+	SAM_DOMAIN_HANDLE *domain;
+	if (!sampass || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){
+		DEBUG(0, ("sam_get_user_domain_sid: Can't get domain for user\n"));
+		return status;
+	}
+
+	return sam_get_domain_sid(domain, sid);
+}
+
+NTSTATUS sam_get_user_domain_name (const SAM_USER_HANDLE *sampass, char **domain_name)
+{
+	NTSTATUS status;
+	SAM_DOMAIN_HANDLE *domain;
+	if (!sampass || !domain_name) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){
+		DEBUG(0, ("sam_get_user_domain_name: Can't get domain for user\n"));
+		return status;
+	}
+
+	return sam_get_domain_name(domain, domain_name);
+}
+
+NTSTATUS sam_get_user_acct_ctrl (const SAM_USER_HANDLE *sampass, uint16 *acct_ctrl)
+{
+	if(!sampass || !acct_ctrl)return NT_STATUS_UNSUCCESSFUL;
+
+	*acct_ctrl = sampass->private.acct_ctrl;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_time (const SAM_USER_HANDLE *sampass, NTTIME *logon_time)
+{
+	if(!sampass || !logon_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_time = sampass->private.logon_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logoff_time (const SAM_USER_HANDLE *sampass, NTTIME *logoff_time)
+{
+	if(!sampass || !logoff_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*logoff_time = sampass->private.logoff_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_kickoff_time (const SAM_USER_HANDLE *sampass, NTTIME *kickoff_time)
+{
+	if (!sampass || !kickoff_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*kickoff_time = sampass->private.kickoff_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_last_set_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_last_set_time)
+{
+	if (!sampass || !pass_last_set_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_last_set_time = sampass->private.pass_last_set_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_can_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_can_change_time)
+{
+	if (!sampass || !pass_can_change_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_can_change_time = sampass->private.pass_can_change_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_must_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_must_change_time)
+{
+	if (!sampass || !pass_must_change_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_must_change_time = sampass->private.pass_must_change_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_divs (const SAM_USER_HANDLE *sampass, uint16 *logon_divs)
+{
+	if (!sampass || !logon_divs)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_divs = sampass->private.logon_divs;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_hours_len (const SAM_USER_HANDLE *sampass, uint32 *hours_len)
+{
+	if (!sampass || !hours_len)return NT_STATUS_UNSUCCESSFUL;
+
+	*hours_len = sampass->private.hours_len;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_hours (const SAM_USER_HANDLE *sampass, uint8 **hours)
+{
+	if (!sampass || !hours)return NT_STATUS_UNSUCCESSFUL;
+
+	*hours = sampass->private.hours;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_nt_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *nt_pwd)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	SMB_ASSERT((!sampass->private.nt_pw.data) 
+		   || sampass->private.nt_pw.length == NT_HASH_LEN);
+
+	*nt_pwd = sampass->private.nt_pw;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_lm_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *lm_pwd)
+{ 
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	SMB_ASSERT((!sampass->private.lm_pw.data) 
+		   || sampass->private.lm_pw.length == LM_HASH_LEN);
+
+	*lm_pwd = sampass->private.lm_pw;
+
+	return NT_STATUS_OK;
+}
+
+/* Return the plaintext password if known.  Most of the time
+   it isn't, so don't assume anything magic about this function.
+   
+   Used to pass the plaintext to sam backends that might 
+   want to store more than just the NTLM hashes.
+*/
+
+NTSTATUS sam_get_user_plaintext_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB **plain_pwd)
+{
+	if (!sampass || !plain_pwd)return NT_STATUS_UNSUCCESSFUL;
+
+	*plain_pwd = &(sampass->private.plaintext_pw);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_sid(const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &(sampass->private.user_sid);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pgroup(const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &(sampass->private.group_sid);
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Get flags showing what is initalised in the SAM_USER_HANDLE
+ * @param sampass the SAM_USER_HANDLE in question
+ * @return the flags indicating the members initialised in the struct.
+ **/
+ 
+NTSTATUS sam_get_user_init_flag (const SAM_USER_HANDLE *sampass, uint32 *initflag)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*initflag = sampass->private.init_flag;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_name (const SAM_USER_HANDLE *sampass, char **username)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*username = sampass->private.username;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_domain (const SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*domain = sampass->private.domain;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_fullname (const SAM_USER_HANDLE *sampass, char **fullname)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*fullname = sampass->private.full_name;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_homedir (const SAM_USER_HANDLE *sampass, char **homedir)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*homedir = sampass->private.home_dir;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unix_home_dir (const SAM_USER_HANDLE *sampass, char **uhomedir)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*uhomedir = sampass->private.unix_home_dir;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_dir_drive (const SAM_USER_HANDLE *sampass, char **dirdrive)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*dirdrive = sampass->private.dir_drive;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_script (const SAM_USER_HANDLE *sampass, char **logon_script)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_script = sampass->private.logon_script;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_profile_path (const SAM_USER_HANDLE *sampass, char **profile_path)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*profile_path = sampass->private.profile_path;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_description (const SAM_USER_HANDLE *sampass, char **description)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*description = sampass->private.acct_desc;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_workstations (const SAM_USER_HANDLE *sampass, char **workstations)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*workstations = sampass->private.workstations;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_str (const SAM_USER_HANDLE *sampass, char **unknown_str)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown_str = sampass->private.unknown_str;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_munged_dial (const SAM_USER_HANDLE *sampass, char **munged_dial)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*munged_dial = sampass->private.munged_dial;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_1 (const SAM_USER_HANDLE *sampass, uint32 *unknown1)
+{
+	if (!sampass || !unknown1)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown1 = sampass->private.unknown_1;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_2 (const SAM_USER_HANDLE *sampass, uint32 *unknown2)
+{
+	if (!sampass || !unknown2)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown2 = sampass->private.unknown_2;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_3 (const SAM_USER_HANDLE *sampass, uint32 *unknown3)
+{
+	if (!sampass || !unknown3)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown3 = sampass->private.unknown_3;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Collection of set...() functions for SAM_USER_HANDLE_INFO.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_acct_ctrl (SAM_USER_HANDLE *sampass, uint16 flags)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+		
+	sampass->private.acct_ctrl = flags;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_logon_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logon_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_LOGONTIME); 
+
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS sam_set_user_logoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logoff_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_LOGOFFTIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_kickoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.kickoff_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_KICKOFFTIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_can_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_can_change_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_CANCHANGETIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_must_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_must_change_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_last_set_time (SAM_USER_HANDLE *sampass, NTTIME mytime)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_last_set_time = mytime;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_hours_len (SAM_USER_HANDLE *sampass, uint32 len)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.hours_len = len;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_logon_divs (SAM_USER_HANDLE *sampass, uint16 hours)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logon_divs = hours;
+	return NT_STATUS_OK;
+}
+
+/**
+ * Set flags showing what is initalised in the SAM_USER_HANDLE
+ * @param sampass the SAM_USER_HANDLE in question
+ * @param flag The *new* flag to be set.  Old flags preserved
+ *             this flag is only added.  
+ **/
+ 
+NTSTATUS sam_set_user_init_flag (SAM_USER_HANDLE *sampass, uint32 flag)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.init_flag |= flag;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_sid (SAM_USER_HANDLE *sampass, DOM_SID *u_sid)
+{
+	if (!sampass || !u_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	sid_copy(&sampass->private.user_sid, u_sid);
+
+	DEBUG(10, ("sam_set_user_sid: setting user sid %s\n", 
+		    sid_string_static(&sampass->private.user_sid)));
+	
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_sid_from_string (SAM_USER_HANDLE *sampass, fstring u_sid)
+{
+	DOM_SID new_sid;
+	if (!sampass || !u_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_sid_from_string: setting user sid %s\n",
+		   u_sid));
+
+	if (!string_to_sid(&new_sid, u_sid)) { 
+		DEBUG(1, ("sam_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	 
+	if (!NT_STATUS_IS_OK(sam_set_user_sid(sampass, &new_sid))) {
+		DEBUG(1, ("sam_set_user_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", u_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pgroup_sid (SAM_USER_HANDLE *sampass, DOM_SID *g_sid)
+{
+	if (!sampass || !g_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sid_copy(&sampass->private.group_sid, g_sid);
+
+	DEBUG(10, ("sam_set_group_sid: setting group sid %s\n", 
+		    sid_string_static(&sampass->private.group_sid)));
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pgroup_string (SAM_USER_HANDLE *sampass, fstring g_sid)
+{
+	DOM_SID new_sid;
+	if (!sampass || !g_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
+		   g_sid));
+
+	if (!string_to_sid(&new_sid, g_sid)) { 
+		DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	 
+	if (!NT_STATUS_IS_OK(sam_set_user_pgroup_sid(sampass, &new_sid))) {
+		DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", g_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the domain name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_domain(SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
+{	
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.domain = domain;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's NT name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_username(SAM_USER_HANDLE *sampass, const char *nt_username)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_username: setting nt username %s, was %s\n", nt_username, sampass->private.username));
+
+	sampass->private.username = talloc_strdup(sampass->mem_ctx, nt_username);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's full name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_fullname(SAM_USER_HANDLE *sampass, const char *full_name)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
+
+	sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's logon script.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_logon_script(SAM_USER_HANDLE *sampass, const char *logon_script, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
+
+	sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
+	
+	sam_set_user_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's profile path.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_profile_path (SAM_USER_HANDLE *sampass, const char *profile_path, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
+ 
+	sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_profile_path: setting profile path sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_PROFILE);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's directory drive.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_dir_drive (SAM_USER_HANDLE *sampass, const char *dir_drive, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
+			sampass->private.dir_drive));
+ 
+	sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_dir_drive: setting dir drive sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_DRIVE);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's home directory.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_homedir (SAM_USER_HANDLE *sampass, const char *home_dir, BOOL store)
+{
+	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
+		sampass->private.home_dir));
+ 
+	sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_homedir: setting home dir sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_SMBHOME);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's unix home directory.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_unix_homedir (SAM_USER_HANDLE *sampass, const char *unix_home_dir)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
+		sampass->private.unix_home_dir));
+ 
+	sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
+		
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's account description.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_acct_desc (SAM_USER_HANDLE *sampass, const char *acct_desc)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's workstation allowed list.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_workstations (SAM_USER_HANDLE *sampass, const char *workstations)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
+			sampass->private.workstations));
+ 
+	sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's 'unknown_str', whatever the heck this actually is...
+ ********************************************************************/
+
+NTSTATUS sam_set_user_unknown_str (SAM_USER_HANDLE *sampass, const char *unknown_str)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
+		
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's dial string.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_munged_dial (SAM_USER_HANDLE *sampass, const char *munged_dial)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's NT hash.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_nt_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.nt_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's LM hash.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_lm_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.lm_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's plaintext password only (base procedure, see helper
+ below)
+ ********************************************************************/
+
+NTSTATUS sam_set_user_plaintext_pw_only (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.plaintext_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_1 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_1 = unkn;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_2 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_2 = unkn;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_3 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_3 = unkn;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_hours (SAM_USER_HANDLE *sampass, const uint8 *hours)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!hours) {
+		memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
+		return NT_STATUS_OK;
+	}
+	
+	memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
+
+	return NT_STATUS_OK;
+}
+
+/* Helpful interfaces to the above */
+
+/*********************************************************************
+ Sets the last changed times and must change times for a normal
+ password change.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_pass_changed_now (SAM_USER_HANDLE *sampass)
+{
+	uint32 expire;
+	NTTIME temptime;
+
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	unix_to_nt_time(&temptime, time(NULL));
+	if (!NT_STATUS_IS_OK(sam_set_user_pass_last_set_time (sampass, temptime)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
+	    || (expire==(uint32)-1)) {
+
+		get_nttime_max(&temptime);
+		if (!NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime, False)))
+			return NT_STATUS_UNSUCCESSFUL;
+
+	} else {
+		/* FIXME: Add expire to temptime */
+		
+		if (!NT_STATUS_IS_OK(sam_get_user_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime,True)))
+			return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's PLAINTEXT password.  Used as an interface to the above.
+ Also sets the last change time to NOW.
+ ********************************************************************/
+
+NTSTATUS sam_set_plaintext_passwd (SAM_USER_HANDLE *sampass, const char *plaintext)
+{
+	DATA_BLOB data;
+	uchar new_lanman_p16[16];
+	uchar new_nt_p16[16];
+
+	if (!sampass || !plaintext)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
+
+	data = data_blob(new_nt_p16, 16);
+	if (!NT_STATUS_IS_OK(sam_set_user_nt_pwd (sampass, data)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	data = data_blob(new_lanman_p16, 16);
+
+	if (!NT_STATUS_IS_OK(sam_set_user_lm_pwd (sampass, data)))
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	if (!NT_STATUS_IS_OK(sam_set_user_pass_changed_now (sampass)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	return NT_STATUS_OK;
+}
+

source/utils/testparm.c

@@ -48,7 +48,7 @@ static int do_global_checks(void)
 	SMB_STRUCT_STAT st;
 
 	if (lp_security() >= SEC_DOMAIN && !lp_encrypted_passwords()) {
-		printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
+		printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must always be set to 'true'.\n");
 		ret = 1;
 	}