sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

mods to allow inter-domain trust accounts to be added to SAM database

Browse Source 
using smbpasswd command.
This commit is contained in:
Luke Leighton
-
parent 74c7d626cd
commit 62d499f832
7 changed files with 316 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/include/proto.h
View File

@ -1529,8 +1529,9 @@ struct smb_passdb_ops *file_initialise_password_db(void);
/*The following definitions come from passdb/smbpasschange.c */ /*The following definitions come from passdb/smbpasschange.c */
BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, BOOL local_password_change(char *user_name,
BOOL enable_user, BOOL disable_user, BOOL set_no_password, BOOL add_user,
uint16 acb_info, uint16 acb_mask,
char *new_passwd, char *new_passwd,
char *err_str, size_t err_str_len, char *err_str, size_t err_str_len,
char *msg_str, size_t msg_str_len); char *msg_str, size_t msg_str_len);

34
source/lib/util.c
View File

@ -2975,7 +2975,9 @@ void print_asc(int level, unsigned char *buf,int len)
{ {
int i; int i;
for (i=0;i<len;i++) for (i=0;i<len;i++)
DEBUG(level,("%c", isprint(buf[i])?buf[i]:'.')); {
DEBUGADD(level,("%c", isprint(buf[i])?buf[i]:'.'));
}
} }
void dump_data(int level,char *buf1, int len) void dump_data(int level,char *buf1, int len)
@ -2985,29 +2987,33 @@ void dump_data(int level,char *buf1,int len)
if (len<=0) return; if (len<=0) return;
DEBUG(level,("[%03X] ",i)); DEBUG(level,("[%03X] ",i));
for (i=0;i<len;) { for (i=0;i<len;)
DEBUG(level,("%02X ",(int)buf[i])); {
DEBUGADD(level,("%02X ",(int)buf[i]));
i++; i++;
if (i%8 == 0) DEBUG(level,(" ")); if (i%8 == 0) DEBUGADD(level,(" "));
if (i%16 == 0) { if (i%16 == 0)
print_asc(level,&buf[i-16],8); DEBUG(level,(" ")); {
print_asc(level,&buf[i-8],8); DEBUG(level,("\n")); print_asc(level,&buf[i-16],8); DEBUGADD(level,(" "));
if (i<len) DEBUG(level,("[%03X] ",i)); print_asc(level,&buf[i-8],8); DEBUGADD(level,("\n"));
if (i<len) DEBUGADD(level,("[%03X] ",i));
} }
} }
if (i%16) {
if (i%16 != 0) /* finish off a non-16-char-length row */
{
int n; int n;
n = 16 - (i%16); n = 16 - (i%16);
DEBUG(level,(" ")); DEBUGADD(level,(" "));
if (n>8) DEBUG(level,(" ")); if (n>8) DEBUGADD(level,(" "));
while (n--) DEBUG(level,(" ")); while (n--) DEBUGADD(level,(" "));
n = MIN(8,i%16); n = MIN(8,i%16);
print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" ")); print_asc(level,&buf[i-(i%16)],n); DEBUGADD(level,(" "));
n = (i%16) - n; n = (i%16) - n;
if (n>0) print_asc(level,&buf[i-n],n); if (n>0) print_asc(level,&buf[i-n],n);
DEBUG(level,("\n")); DEBUGADD(level,("\n"));
} }
} }

55
source/nmbd/nmbd_packets.c
View File

@ -90,43 +90,6 @@ void set_nb_flags(char *buf, uint16 nb_flags)
*buf = '\0'; *buf = '\0';
} }
/***************************************************************************
Dumps out the browse packet data.
**************************************************************************/
static void debug_browse_data(char *outbuf, int len)
{
int i,j;
DEBUG( 4, ( "debug_browse_data():\n" ) );
for (i = 0; i < len; i+= 16)
{
DEBUGADD( 4, ( "%3x char ", i ) );
for (j = 0; j < 16; j++)
{
unsigned char x = outbuf[i+j];
if (x < 32 || x > 127)
x = '.';
if (i+j >= len)
break;
DEBUGADD( 4, ( "%c", x ) );
}
DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
for (j = 0; j < 16; j++)
{
if (i+j >= len)
break;
DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
}
DEBUGADD( 4, ("\n") );
}
}
/*************************************************************************** /***************************************************************************
Generates the unique transaction identifier Generates the unique transaction identifier
**************************************************************************/ **************************************************************************/
@ -1041,37 +1004,31 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
{ {
case ANN_HostAnnouncement: case ANN_HostAnnouncement:
{ {
debug_browse_data(buf, len);
process_host_announce(subrec, p, buf+1); process_host_announce(subrec, p, buf+1);
break; break;
} }
case ANN_DomainAnnouncement: case ANN_DomainAnnouncement:
{ {
debug_browse_data(buf, len);
process_workgroup_announce(subrec, p, buf+1); process_workgroup_announce(subrec, p, buf+1);
break; break;
} }
case ANN_LocalMasterAnnouncement: case ANN_LocalMasterAnnouncement:
{ {
debug_browse_data(buf, len);
process_local_master_announce(subrec, p, buf+1); process_local_master_announce(subrec, p, buf+1);
break; break;
} }
case ANN_AnnouncementRequest: case ANN_AnnouncementRequest:
{ {
debug_browse_data(buf, len);
process_announce_request(subrec, p, buf+1); process_announce_request(subrec, p, buf+1);
break; break;
} }
case ANN_Election: case ANN_Election:
{ {
debug_browse_data(buf, len);
process_election(subrec, p, buf+1); process_election(subrec, p, buf+1);
break; break;
} }
case ANN_GetBackupListReq: case ANN_GetBackupListReq:
{ {
debug_browse_data(buf, len);
/* This is one occasion where we change a subnet that is /* This is one occasion where we change a subnet that is
given to us. If the packet was sent to WORKGROUP<1b> instead given to us. If the packet was sent to WORKGROUP<1b> instead
@ -1086,7 +1043,6 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
} }
case ANN_GetBackupListResp: case ANN_GetBackupListResp:
{ {
debug_browse_data(buf, len);
/* We never send ANN_GetBackupListReq so we /* We never send ANN_GetBackupListReq so we
should never get these. */ should never get these. */
DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \ DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
@ -1095,7 +1051,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
} }
case ANN_ResetBrowserState: case ANN_ResetBrowserState:
{ {
debug_browse_data(buf, len);
process_reset_browser(subrec, p, buf+1); process_reset_browser(subrec, p, buf+1);
break; break;
} }
@ -1105,7 +1060,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
on the unicast subnet. */ on the unicast subnet. */
subrec = unicast_subnet; subrec = unicast_subnet;
debug_browse_data(buf, len);
process_master_browser_announce(subrec, p, buf+1); process_master_browser_announce(subrec, p, buf+1);
break; break;
} }
@ -1114,7 +1068,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
/* /*
* We don't currently implement this. Log it just in case. * We don't currently implement this. Log it just in case.
*/ */
debug_browse_data(buf, len);
DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \ DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
command ANN_BecomeBackup from %s IP %s to %s\n", command ANN_BecomeBackup from %s IP %s to %s\n",
subrec->subnet_name, nmb_namestr(&dgram->source_name), subrec->subnet_name, nmb_namestr(&dgram->source_name),
@ -1123,7 +1076,6 @@ command ANN_BecomeBackup from %s IP %s to %s\n",
} }
default: default:
{ {
debug_browse_data(buf, len);
DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \ DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
command code %d from %s IP %s to %s\n", command code %d from %s IP %s to %s\n",
subrec->subnet_name, command, nmb_namestr(&dgram->source_name), subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
@ -1162,7 +1114,7 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
{ {
case ANN_HostAnnouncement: case ANN_HostAnnouncement:
{ {
debug_browse_data(buf, len); dump_data(4, buf, len);
process_lm_host_announce(subrec, p, buf+1); process_lm_host_announce(subrec, p, buf+1);
break; break;
} }
@ -1247,10 +1199,11 @@ static void process_dgram(struct packet_struct *p)
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name), nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len)); inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
if (len <= 0) if (len <= 0)
return; return;
dump_data(100, buf2, len);
/* Datagram packet received for the browser mailslot */ /* Datagram packet received for the browser mailslot */
if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) if (strequal(smb_buf(buf),BROWSE_MAILSLOT))
{ {
@ -1958,7 +1911,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
nmb_namestr(&dgram->source_name), inet_ntoa(src_ip))); nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip))); DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
debug_browse_data(buf, len); dump_data(4, buf, len);
if(loopback_this_packet) if(loopback_this_packet)
{ {

28
source/passdb/smbpass.c
View File

@ -139,16 +139,6 @@ struct smb_passwd *getsmbfilepwent(void *vp)
/* Skip the ':' */ /* Skip the ':' */
p++; p++;
if (*p == '*' || *p == 'X')
{
/* Password deliberately invalid - end here. */
DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
pw_buf.smb_nt_passwd = NULL;
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_DISABLED;
return &pw_buf;
}
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
{ {
DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
@ -240,6 +230,18 @@ struct smb_passwd *getsmbfilepwent(void *vp)
} }
} }
if (*p == '*' || *p == 'X')
{
/* Password deliberately invalid - end here. */
DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
pw_buf.smb_nt_passwd = NULL;
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_DISABLED;
}
DEBUG(6,("unixuser:%s uid:%d acb:%x\n",
pw_buf.unix_name, pw_buf.unix_uid, pw_buf.acct_ctrl));
return &pw_buf; return &pw_buf;
} }
@ -410,8 +412,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
#ifdef DEBUG_PASSWORD #ifdef DEBUG_PASSWORD
DEBUG(100,("mod_smbfilepwd_entry: password entries\n")); DEBUG(100,("mod_smbfilepwd_entry: password entries\n"));
if (pwd->smb_passwd != NULL)
{
dump_data(100, pwd->smb_passwd, 16); dump_data(100, pwd->smb_passwd, 16);
}
if (pwd->smb_nt_passwd != NULL)
{
dump_data(100, pwd->smb_nt_passwd, 16); dump_data(100, pwd->smb_nt_passwd, 16);
}
#endif #endif
if (!*pfile) { if (!*pfile) {
DEBUG(0, ("No SMB password file set\n")); DEBUG(0, ("No SMB password file set\n"));

91
source/passdb/smbpasschange.c
View File

@ -25,8 +25,8 @@
/************************************************************* /*************************************************************
add a new user to the local smbpasswd file add a new user to the local smbpasswd file
*************************************************************/ *************************************************************/
static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, static BOOL add_new_user(char *user_name, uid_t uid,
BOOL disable_user, BOOL set_no_password, uint16 acb_info,
uchar *new_p16, uchar *new_nt_p16) uchar *new_p16, uchar *new_nt_p16)
{ {
struct smb_passwd new_smb_pwent; struct smb_passwd new_smb_pwent;
@ -38,13 +38,10 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
new_smb_pwent.nt_name = user_name; new_smb_pwent.nt_name = user_name;
new_smb_pwent.smb_passwd = NULL; new_smb_pwent.smb_passwd = NULL;
new_smb_pwent.smb_nt_passwd = NULL; new_smb_pwent.smb_nt_passwd = NULL;
new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL); new_smb_pwent.acct_ctrl = acb_info;
if(disable_user) { if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ))
new_smb_pwent.acct_ctrl |= ACB_DISABLED; {
} else if (set_no_password) {
new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ;
} else {
new_smb_pwent.smb_passwd = new_p16; new_smb_pwent.smb_passwd = new_p16;
new_smb_pwent.smb_nt_passwd = new_nt_p16; new_smb_pwent.smb_nt_passwd = new_nt_p16;
} }
@ -54,16 +51,27 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
/************************************************************* /*************************************************************
change a password entry in the local smbpasswd file change a password entry in the local smbpasswd file.
when modifying an account, set acb_mask to those bits that
require changing (to zero or one) and set acb_info to the
value required in those bits. all bits NOT set in acb_mask
will NOT be modified.
when _adding_ an account, acb_mask must be set to 0xFFFF and
it is ignored, btw :-)
*************************************************************/ *************************************************************/
BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, BOOL local_password_change(char *user_name,
BOOL enable_user, BOOL disable_user, BOOL set_no_password, BOOL add_user,
uint16 acb_info, uint16 acb_mask,
char *new_passwd, char *new_passwd,
char *err_str, size_t err_str_len, char *err_str, size_t err_str_len,
char *msg_str, size_t msg_str_len) char *msg_str, size_t msg_str_len)
{ {
struct passwd *pwd; struct passwd *pwd;
struct smb_passwd *smb_pwent; struct smb_passwd *smb_pwent;
struct smb_passwd new_pwent;
uchar new_p16[16]; uchar new_p16[16];
uchar new_nt_p16[16]; uchar new_nt_p16[16];
fstring unix_name; fstring unix_name;
@ -75,16 +83,21 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user,
pwd = getpwnam(user_name); pwd = getpwnam(user_name);
/* /*
* Check for a machine account. * Check for a trust account.
*/ */
if ((acb_info & acb_mask) != acb_info)
{
slprintf(err_str, err_str_len - 1, "programmer error: acb_info (%x) requests bits to be set outside of acb_mask (%x) range\n", acb_info, acb_mask);
}
if (pwd == NULL) if (pwd == NULL)
{ {
if (trust_account) if (!IS_BITS_SET_ALL(acb_info, ACB_NORMAL))
{ {
slprintf(err_str, err_str_len - 1, "User %s does not \ slprintf(err_str, err_str_len - 1, "User %s does not \
exist in system password file (usually /etc/passwd). \ exist in system password file (usually /etc/passwd). \
Cannot add machine account without a valid system user.\n", user_name); Cannot add trust account without a valid system user.\n", user_name);
} }
else else
{ {
@ -102,22 +115,29 @@ exist in system password file (usually /etc/passwd).\n", user_name);
/* Get the smb passwd entry for this user */ /* Get the smb passwd entry for this user */
smb_pwent = getsmbpwnam(user_name); smb_pwent = getsmbpwnam(user_name);
if (smb_pwent == NULL) { if (smb_pwent == NULL)
if(add_user == False) { {
if (!add_user)
{
slprintf(err_str, err_str_len-1, slprintf(err_str, err_str_len-1,
"Failed to find entry for user %s.\n", unix_name); "Failed to find entry for user %s.\n", unix_name);
return False; return False;
} }
if (add_new_user(user_name, unix_uid, trust_account, disable_user, if (add_new_user(user_name, unix_uid, acb_info,
set_no_password, new_p16, new_nt_p16)) { new_p16, new_nt_p16))
{
slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
return True; return True;
} else { }
else
{
slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
return False; return False;
} }
} else { }
else
{
/* the entry already existed */ /* the entry already existed */
add_user = False; add_user = False;
} }
@ -127,26 +147,21 @@ exist in system password file (usually /etc/passwd).\n", user_name);
* and the valid last change time. * and the valid last change time.
*/ */
if(disable_user) { memcpy(&new_pwent, smb_pwent, sizeof(new_pwent));
smb_pwent->acct_ctrl |= ACB_DISABLED; new_pwent.nt_name = user_name;
} else if (enable_user) { new_pwent.acct_ctrl &= ~acb_mask;
if(smb_pwent->smb_passwd == NULL) { new_pwent.acct_ctrl |= (acb_info & acb_mask);
smb_pwent->smb_passwd = new_p16; new_pwent.smb_passwd = NULL;
smb_pwent->smb_nt_passwd = new_nt_p16; new_pwent.smb_nt_passwd = NULL;
}
smb_pwent->acct_ctrl &= ~ACB_DISABLED; if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ))
} else if (set_no_password) { {
smb_pwent->acct_ctrl |= ACB_PWNOTREQ; new_pwent.smb_passwd = new_p16;
/* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ new_pwent.smb_nt_passwd = new_nt_p16;
smb_pwent->smb_passwd = NULL;
smb_pwent->smb_nt_passwd = NULL;
} else {
smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ;
smb_pwent->smb_passwd = new_p16;
smb_pwent->smb_nt_passwd = new_nt_p16;
} }
if(mod_smbpwd_entry(smb_pwent,True) == False) { if (!mod_smbpwd_entry(&new_pwent, True))
{
slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n",
unix_name); unix_name);
return False; return False;

174
source/utils/smbpasswd.c
View File

@ -1,6 +1,7 @@
/* /*
* Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module.
* (C) Jeremy Allison 1995-1998 * Copyright (C) Jeremy Allison 1995-1999
* Copyright (C) Luke Kenneth Casson Leighton 1996-1999
* *
* This program is free software; you can redistribute it and/or modify it under * This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free * the terms of the GNU General Public License as published by the Free
@ -67,7 +68,8 @@ static void usage(void)
printf(" -d disable user\n"); printf(" -d disable user\n");
printf(" -e enable user\n"); printf(" -e enable user\n");
printf(" -n set no password\n"); printf(" -n set no password\n");
printf(" -m machine trust account\n"); printf(" -m workstation trust account\n");
printf(" -i inter-domain trust account\n");
} }
exit(1); exit(1);
} }
@ -222,34 +224,46 @@ change a password either locally or remotely
*************************************************************/ *************************************************************/
static BOOL password_change(const char *remote_machine, char *user_name, static BOOL password_change(const char *remote_machine, char *user_name,
char *old_passwd, char *new_passwd, char *old_passwd, char *new_passwd,
BOOL add_user, BOOL enable_user, BOOL add_user,
BOOL disable_user, BOOL set_no_password, uint16 acb_info, uint16 acb_mask)
BOOL trust_account)
{ {
BOOL ret; BOOL ret;
pstring err_str; pstring err_str;
pstring msg_str; pstring msg_str;
if (remote_machine != NULL) { if (remote_machine != NULL)
if (add_user || enable_user || disable_user || set_no_password || trust_account) { {
if (add_user ||
IS_BITS_SET_SOME(acb_info, ACB_PWNOTREQ | ACB_WSTRUST | ACB_DOMTRUST | ACB_SVRTRUST) ||
(IS_BITS_SET_SOME(acb_mask, ACB_DISABLED) &&
IS_BITS_CLR_ALL(acb_info, ACB_DISABLED)))
{
/* these things can't be done remotely yet */ /* these things can't be done remotely yet */
return False; return False;
} }
ret = remote_password_change(remote_machine, user_name, ret = remote_password_change(remote_machine, user_name,
old_passwd, new_passwd, err_str, sizeof(err_str)); old_passwd, new_passwd,
if(*err_str) err_str, sizeof(err_str));
if (*err_str != 0)
{
fprintf(stderr, err_str); fprintf(stderr, err_str);
}
return ret; return ret;
} }
ret = local_password_change(user_name, trust_account, add_user, enable_user, ret = local_password_change(user_name, add_user, acb_info, acb_mask,
disable_user, set_no_password, new_passwd, new_passwd,
err_str, sizeof(err_str), msg_str, sizeof(msg_str)); err_str, sizeof(err_str),
msg_str, sizeof(msg_str));
if(*msg_str) if (*msg_str != 0)
{
printf(msg_str); printf(msg_str);
if(*err_str) }
if (*err_str != 0)
{
fprintf(stderr, err_str); fprintf(stderr, err_str);
}
return ret; return ret;
} }
@ -262,8 +276,11 @@ static int process_root(int argc, char *argv[])
{ {
struct passwd *pwd; struct passwd *pwd;
int ch; int ch;
uint16 acb_info = 0;
uint16 acb_mask = 0;
BOOL joining_domain = False; BOOL joining_domain = False;
BOOL trust_account = False; BOOL wks_trust_account = False;
BOOL dom_trust_account = False;
BOOL add_user = False; BOOL add_user = False;
BOOL disable_user = False; BOOL disable_user = False;
BOOL enable_user = False; BOOL enable_user = False;
@ -275,65 +292,97 @@ static int process_root(int argc, char *argv[])
char *old_passwd = NULL; char *old_passwd = NULL;
char *remote_machine = NULL; char *remote_machine = NULL;
while ((ch = getopt(argc, argv, "adehmnj:r:sR:D:U:")) != EOF) { while ((ch = getopt(argc, argv, "adehimnj:r:sR:D:U:")) != EOF)
switch(ch) { {
switch(ch)
{
case 'a': case 'a':
{
add_user = True; add_user = True;
break; break;
}
case 'd': case 'd':
{
disable_user = True; disable_user = True;
new_passwd = "XXXXXX"; new_passwd = "XXXXXX";
break; break;
}
case 'e': case 'e':
{
enable_user = True; enable_user = True;
break; break;
}
case 'D': case 'D':
{
DEBUGLEVEL = atoi(optarg); DEBUGLEVEL = atoi(optarg);
break; break;
}
case 'n': case 'n':
{
set_no_password = True; set_no_password = True;
new_passwd = "NO PASSWORD"; new_passwd = "NO PASSWORD";
}
case 'r': case 'r':
{
remote_machine = optarg; remote_machine = optarg;
break; break;
}
case 's': case 's':
{
set_line_buffering(stdin); set_line_buffering(stdin);
set_line_buffering(stdout); set_line_buffering(stdout);
set_line_buffering(stderr); set_line_buffering(stderr);
stdin_passwd_get = True; stdin_passwd_get = True;
break; break;
}
case 'R': case 'R':
{
lp_set_name_resolve_order(optarg); lp_set_name_resolve_order(optarg);
break; break;
case 'm': }
trust_account = True; case 'i':
{
dom_trust_account = True;
break; break;
}
case 'm':
{
wks_trust_account = True;
break;
}
case 'j': case 'j':
{
new_domain = optarg; new_domain = optarg;
strupper(new_domain); strupper(new_domain);
joining_domain = True; joining_domain = True;
break; break;
}
case 'U': case 'U':
{
user_name = optarg; user_name = optarg;
break; break;
}
default: default:
{
usage(); usage();
} }
} }
}
argc -= optind; argc -= optind;
argv += optind; argv += optind;
/* /*
* Ensure add_user and either remote machine or join domain are * Ensure add_user and either remote machine or join domain are
* not both set. * not both set.
*/ */
if(add_user && ((remote_machine != NULL) || joining_domain)) { if (add_user && ((remote_machine != NULL) || joining_domain))
{
usage(); usage();
} }
if(joining_domain) { if (joining_domain)
{
if (argc != 0) usage(); if (argc != 0) usage();
return join_domain(new_domain, remote_machine); return join_domain(new_domain, remote_machine);
} }
@ -365,7 +414,8 @@ static int process_root(int argc, char *argv[])
exit(1); exit(1);
} }
if (trust_account) { if (wks_trust_account || dom_trust_account)
{
/* add the $ automatically */ /* add the $ automatically */
static fstring buf; static fstring buf;
@ -402,7 +452,8 @@ static int process_root(int argc, char *argv[])
old_passwd = get_pass("Old SMB password:",stdin_passwd_get); old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
} }
if (!new_passwd) { if (!new_passwd)
{
/* /*
* If we are trying to enable a user, first we need to find out * If we are trying to enable a user, first we need to find out
@ -413,31 +464,76 @@ static int process_root(int argc, char *argv[])
* smbpasswd file) then we need to prompt for a new password. * smbpasswd file) then we need to prompt for a new password.
*/ */
if(enable_user) { if (enable_user)
{
struct smb_passwd *smb_pass = getsmbpwnam(user_name); struct smb_passwd *smb_pass = getsmbpwnam(user_name);
if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL)) { if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL))
{
new_passwd = "XXXX"; /* Don't care. */ new_passwd = "XXXX"; /* Don't care. */
} }
} }
if(!new_passwd) if(!new_passwd)
{
new_passwd = prompt_for_new_password(stdin_passwd_get); new_passwd = prompt_for_new_password(stdin_passwd_get);
} }
}
if (enable_user)
{
acb_mask |= ACB_DISABLED;
acb_info &= ~ACB_DISABLED;
}
if (disable_user)
{
acb_mask |= ACB_DISABLED;
acb_info |= ACB_DISABLED;
}
if (set_no_password)
{
acb_mask |= ACB_PWNOTREQ;
acb_info |= ACB_PWNOTREQ;
}
if (wks_trust_account)
{
acb_mask |= ACB_WSTRUST;
acb_info |= ACB_WSTRUST;
}
else if (dom_trust_account)
{
acb_mask |= ACB_DOMTRUST;
acb_info |= ACB_DOMTRUST;
}
else
{
acb_mask |= ACB_NORMAL;
acb_info |= ACB_NORMAL;
}
if (!password_change(remote_machine, user_name, old_passwd, new_passwd, if (!password_change(remote_machine, user_name, old_passwd, new_passwd,
add_user, enable_user, disable_user, set_no_password, add_user, acb_info, acb_mask))
trust_account)) { {
fprintf(stderr,"Failed to change password entry for %s\n", user_name); fprintf(stderr,"Failed to change password entry for %s\n", user_name);
return 1; return 1;
} }
if(disable_user) { if (disable_user)
{
printf("User %s disabled.\n", user_name); printf("User %s disabled.\n", user_name);
} else if(enable_user) { }
if (enable_user)
{
printf("User %s enabled.\n", user_name); printf("User %s enabled.\n", user_name);
} else if (set_no_password) { }
if (set_no_password)
{
printf("User %s - set to no password.\n", user_name); printf("User %s - set to no password.\n", user_name);
} else { }
if (!disable_user && !enable_user && !set_no_password)
{
printf("Password changed for user %s\n", user_name); printf("Password changed for user %s\n", user_name);
} }
return 0; return 0;
@ -457,8 +553,10 @@ static int process_nonroot(int argc, char *argv[])
char *user_name = NULL; char *user_name = NULL;
char *new_passwd = NULL; char *new_passwd = NULL;
while ((ch = getopt(argc, argv, "hD:r:sU:")) != EOF) { while ((ch = getopt(argc, argv, "hD:r:sU:")) != EOF)
switch(ch) { {
switch(ch)
{
case 'D': case 'D':
DEBUGLEVEL = atoi(optarg); DEBUGLEVEL = atoi(optarg);
break; break;
@ -523,8 +621,10 @@ static int process_nonroot(int argc, char *argv[])
exit(0); exit(0);
} }
if (!password_change(remote_machine, user_name, old_passwd, new_passwd, if (!password_change(remote_machine, user_name,
False, False, False, False, False)) { old_passwd, new_passwd,
False, 0x0, 0x0))
{
fprintf(stderr,"Failed to change password for %s\n", user_name); fprintf(stderr,"Failed to change password for %s\n", user_name);
return 1; return 1;
} }

19
source/web/swat.c
View File

@ -584,6 +584,8 @@ static BOOL change_password(const char *remote_machine, char *user_name,
BOOL add_user, BOOL enable_user, BOOL disable_user) BOOL add_user, BOOL enable_user, BOOL disable_user)
{ {
BOOL ret = False; BOOL ret = False;
uint16 acb_info = 0;
uint16 acb_mask = 0;
pstring err_str; pstring err_str;
pstring msg_str; pstring msg_str;
@ -606,8 +608,21 @@ static BOOL change_password(const char *remote_machine, char *user_name,
return False; return False;
} }
ret = local_password_change(user_name, False, add_user, enable_user, if (enable_user)
disable_user, False, new_passwd, err_str, sizeof(err_str), {
acb_mask |= ACB_DISABLED;
acb_info &= ~ACB_DISABLED;
}
if (disable_user)
{
acb_mask |= ACB_DISABLED;
acb_info |= ACB_DISABLED;
}
ret = local_password_change(user_name, add_user,
acb_info, acb_mask,
new_passwd, err_str, sizeof(err_str),
msg_str, sizeof(msg_str)); msg_str, sizeof(msg_str));
if(*msg_str) if(*msg_str)