/* Unix SMB/Netbios implementation. passdb editing frontend Version 3.0 Copyright (C) Simo Sorce 2000 Copyright (C) Andrew Bartlett 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* base uid for trust accounts is set to 60000 ! * May be we should add the defines in smb.h to make it possible having * different values on different platforms? */ #define BASE_MACHINE_UID 60000 #define MAX_MACHINE_UID 65500 /* 5500 trust accounts aren't enough? */ #include "includes.h" extern pstring global_myname; extern BOOL AllowDebugChange; /* * Next two lines needed for SunOS and don't * hurt anything else... */ extern char *optarg; extern int optind; /********************************************************* Print command usage on stderr and die. **********************************************************/ static void usage(void) { if (getuid() == 0) { printf("pdbedit options\n"); } else { printf("You need to be root to use this tool!\n"); } printf("(actually to add a user you need to use smbpasswd)\n"); printf("options:\n"); printf(" -l list usernames\n"); printf(" -v verbose output\n"); printf(" -w smbpasswd file style\n"); printf(" -u username print user's info\n"); printf(" -f fullname set Full Name\n"); printf(" -h homedir set home directory\n"); printf(" -d drive set home dir drive\n"); printf(" -s script set logon script\n"); printf(" -p profile set profile path\n"); printf(" -a create new account\n"); printf(" -m it is a machine trust\n"); printf(" -x delete this user\n"); printf(" -i file import account from file (smbpasswd style)\n"); exit(1); } /********************************************************* Print info from sam structure **********************************************************/ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle) { /* TODO: chaeck if entry is a user or a workstation */ if (!sam_pwent) return -1; if (verbosity) { printf ("username: %s\n", sam_pwent->username); printf ("user ID/Group: %d/%d\n", sam_pwent->uid, sam_pwent->gid); printf ("user RID/GRID: %d/%d\n", sam_pwent->user_rid, sam_pwent->group_rid); printf ("Full Name: %s\n", sam_pwent->full_name); printf ("Home Directory: %s\n", sam_pwent->home_dir); printf ("HomeDir Drive: %s\n", sam_pwent->dir_drive); printf ("Logon Script: %s\n", sam_pwent->logon_script); printf ("Profile Path: %s\n", sam_pwent->profile_path); } else if (smbpwdstyle) { char lm_passwd[33]; char nt_passwd[33]; pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); printf("%s:%d:%s:%s:%s:LCT-%08X:\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), lm_passwd, nt_passwd, pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)pdb_get_pass_last_set_time(sam_pwent)); } else { printf ("%s:%d:%s\n", sam_pwent->username, sam_pwent->uid, sam_pwent->full_name); } return 0; } /********************************************************* Get an Print User Info **********************************************************/ static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle) { SAM_ACCOUNT *sam_pwent=NULL; BOOL ret; pdb_init_sam(&sam_pwent); ret = pdb_getsampwnam (sam_pwent, username); if (ret==False) { fprintf (stderr, "Username not found!\n"); pdb_free_sam(sam_pwent); return -1; } ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle); pdb_free_sam(sam_pwent); return ret; } /********************************************************* List Users **********************************************************/ static int print_users_list (BOOL verbosity, BOOL smbpwdstyle) { SAM_ACCOUNT *sam_pwent=NULL; BOOL ret; pdb_init_sam(&sam_pwent); ret = pdb_setsampwent(False); if (ret && errno == ENOENT) { fprintf (stderr,"Password database not found!\n"); pdb_free_sam(sam_pwent); exit(1); } while ((ret = pdb_getsampwent (sam_pwent))) { if (verbosity) printf ("---------------\n"); print_sam_info (sam_pwent, verbosity, smbpwdstyle); pdb_reset_sam(sam_pwent); } pdb_endsampwent (); pdb_free_sam(sam_pwent); return 0; } /********************************************************* Set User Info **********************************************************/ static int set_user_info (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile) { SAM_ACCOUNT *sam_pwent=NULL; BOOL ret; pdb_init_sam(&sam_pwent); ret = pdb_getsampwnam (sam_pwent, username); if (ret==False) { fprintf (stderr, "Username not found!\n"); pdb_free_sam(sam_pwent); return -1; } if (fullname) pdb_set_fullname(sam_pwent, fullname); if (homedir) pdb_set_homedir(sam_pwent, homedir, True); if (drive) pdb_set_dir_drive(sam_pwent, drive, True); if (script) pdb_set_logon_script(sam_pwent, script, True); if (profile) pdb_set_profile_path (sam_pwent, profile, True); if (pdb_update_sam_account (sam_pwent, True)) print_user_info (username, True, False); else { fprintf (stderr, "Unable to modify entry!\n"); pdb_free_sam(sam_pwent); return -1; } pdb_free_sam(sam_pwent); return 0; } /********************************************************* A strdup with exit **********************************************************/ static char *strdup_x(const char *s) { char *new_s = strdup(s); if (!new_s) { fprintf(stderr,"out of memory\n"); exit(1); } return new_s; } /************************************************************* Utility function to prompt for passwords from stdin. Each password entered must end with a newline. *************************************************************/ static char *stdin_new_passwd(void) { static fstring new_passwd; size_t len; ZERO_ARRAY(new_passwd); /* * if no error is reported from fgets() and string at least contains * the newline that ends the password, then replace the newline with * a null terminator. */ if ( fgets(new_passwd, sizeof(new_passwd), stdin) != NULL) { if ((len = strlen(new_passwd)) > 0) { if(new_passwd[len-1] == '\n') new_passwd[len - 1] = 0; } } return(new_passwd); } /************************************************************* Utility function to get passwords via tty or stdin Used if the '-s' option is set to silently get passwords to enable scripting. _copied_ from smbpasswd *************************************************************/ static char *get_pass( char *prompt, BOOL stdin_get) { char *p; if (stdin_get) { p = stdin_new_passwd(); } else { p = getpass(prompt); } return strdup_x(p); } /************************************************************* Utility function to prompt for new password. _copied_ from smbpasswd *************************************************************/ static char *prompt_for_new_password(BOOL stdin_get) { char *p; fstring new_passwd; ZERO_ARRAY(new_passwd); p = get_pass("New SMB password:", stdin_get); fstrcpy(new_passwd, p); safe_free(p); p = get_pass("Retype new SMB password:", stdin_get); if (strcmp(p, new_passwd)) { fprintf(stderr, "Mismatch - password unchanged.\n"); ZERO_ARRAY(new_passwd); safe_free(p); return NULL; } return p; } /********************************************************* Add New User **********************************************************/ static int new_user (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile) { SAM_ACCOUNT *sam_pwent=NULL; struct passwd *pwd = NULL; char *password; ZERO_STRUCT(sam_pwent); pdb_init_sam (&sam_pwent); if (!(pwd = sys_getpwnam(username))) { fprintf (stderr, "User %s does not exist in system passwd!\n", username); pdb_free_sam (sam_pwent); return -1; } password = prompt_for_new_password(0); if (!password) { fprintf (stderr, "Passwords do not match!\n"); pdb_free_sam (sam_pwent); return -1; } pdb_set_plaintext_passwd(sam_pwent, password); pdb_set_username(sam_pwent, username); if (fullname) pdb_set_fullname(sam_pwent, fullname); if (homedir) pdb_set_homedir (sam_pwent, homedir, True); if (drive) pdb_set_dir_drive (sam_pwent, drive, True); if (script) pdb_set_logon_script(sam_pwent, script, True); if (profile) pdb_set_profile_path (sam_pwent, profile, True); /* TODO: Check uid not being in MACHINE UID range!! */ pdb_set_uid (sam_pwent, pwd->pw_uid); pdb_set_gid (sam_pwent, pwd->pw_gid); pdb_set_user_rid (sam_pwent, pdb_uid_to_user_rid (pwd->pw_uid)); pdb_set_group_rid (sam_pwent, pdb_gid_to_group_rid (pwd->pw_gid)); pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL); if (pdb_add_sam_account (sam_pwent)) { print_user_info (username, True, False); } else { fprintf (stderr, "Unable to add user! (does it alredy exist?)\n"); pdb_free_sam (sam_pwent); return -1; } pdb_free_sam (sam_pwent); return 0; } /********************************************************* Add New Machine **********************************************************/ static int new_machine (char *machinename) { SAM_ACCOUNT *sam_pwent=NULL; SAM_ACCOUNT *sam_trust=NULL; char name[16]; char *password = NULL; uid_t uid; pdb_init_sam (&sam_pwent); if (machinename[strlen (machinename) -1] == '$') machinename[strlen (machinename) -1] = '\0'; safe_strcpy (name, machinename, 16); safe_strcat (name, "$", 16); string_set (&password, machinename); strlower(password); pdb_set_plaintext_passwd (sam_pwent, password); pdb_set_username (sam_pwent, name); for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++) { pdb_init_sam (&sam_trust); if (pdb_getsampwuid (sam_trust, uid)) { pdb_free_sam (sam_trust); } else { break; } } if (uid>MAX_MACHINE_UID) { fprintf (stderr, "No more free UIDs available to Machine accounts!\n"); pdb_free_sam(sam_pwent); return -1; } pdb_set_uid (sam_pwent, uid); pdb_set_gid (sam_pwent, BASE_MACHINE_UID); /* TODO: set there more appropriate value!! */ pdb_set_user_rid (sam_pwent,pdb_uid_to_user_rid (uid)); pdb_set_group_rid (sam_pwent, pdb_gid_to_group_rid (BASE_MACHINE_UID)); pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST); if (pdb_add_sam_account (sam_pwent)) { print_user_info (name, True, False); } else { fprintf (stderr, "Unable to add machine! (does it already exist?)\n"); pdb_free_sam (sam_pwent); return -1; } pdb_free_sam (sam_pwent); return 0; } /********************************************************* Delete user entry **********************************************************/ static int delete_user_entry (char *username) { return pdb_delete_sam_account (username); } /********************************************************* Delete machine entry **********************************************************/ static int delete_machine_entry (char *machinename) { char name[16]; safe_strcpy (name, machinename, 16); if (name[strlen(name)] != '$') safe_strcat (name, "$", 16); return pdb_delete_sam_account (name); } /********************************************************* Import smbpasswd style file **********************************************************/ static int import_users (char *filename) { FILE *fp = NULL; SAM_ACCOUNT *sam_pwent = NULL; static pstring user_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; char linebuf[256]; size_t linebuf_len; unsigned char c; unsigned char *p; long uidval; int line = 0; int good = 0; if (!pdb_init_sam (&sam_pwent)) { fprintf (stderr, "pdb_init_sam FAILED!\n"); } if((fp = sys_fopen(filename, "rb")) == NULL) { fprintf (stderr, "%s\n", strerror (ferror (fp))); return -1; } while (!feof(fp)) { /*Get a new line*/ linebuf[0] = '\0'; fgets(linebuf, 256, fp); if (ferror(fp)) { fprintf (stderr, "%s\n", strerror (ferror (fp))); pdb_free_sam(sam_pwent); return -1; } if ((linebuf_len = strlen(linebuf)) == 0) { line++; continue; } if (linebuf[linebuf_len - 1] != '\n') { c = '\0'; while (!ferror(fp) && !feof(fp)) { c = fgetc(fp); if (c == '\n') break; } } else linebuf[linebuf_len - 1] = '\0'; linebuf[linebuf_len] = '\0'; if ((linebuf[0] == 0) && feof(fp)) { /*end of file!!*/ pdb_free_sam(sam_pwent); return 0; } line++; if (linebuf[0] == '#' || linebuf[0] == '\0') continue; pdb_set_acct_ctrl (sam_pwent,ACB_NORMAL); /* Get user name */ p = (unsigned char *) strchr(linebuf, ':'); if (p == NULL) { fprintf (stderr, "Error: malformed password entry at line %d !!\n", line); pdb_reset_sam (sam_pwent); continue; } strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); user_name[PTR_DIFF(p, linebuf)] = '\0'; /* Get smb uid. */ p++; if(*p == '-') { fprintf (stderr, "Error: negative uid at line %d\n", line); pdb_reset_sam (sam_pwent); continue; } if (!isdigit(*p)) { fprintf (stderr, "Error: malformed password entry at line %d (uid not number)\n", line); pdb_reset_sam (sam_pwent); continue; } uidval = atoi((char *) p); while (*p && isdigit(*p)) p++; if (*p != ':') { fprintf (stderr, "Error: malformed password entry at line %d (no : after uid)\n", line); pdb_reset_sam (sam_pwent); continue; } pdb_set_username(sam_pwent, user_name); pdb_set_uid (sam_pwent, uidval); /* Get passwords */ p++; if (*p == '*' || *p == 'X') { /* Password deliberately invalid */ fprintf (stderr, "Warning: entry invalidated for user %s\n", user_name); pdb_set_lanman_passwd(sam_pwent, NULL); pdb_set_nt_passwd(sam_pwent,NULL); pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_DISABLED); } else { if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { fprintf (stderr, "Error: malformed password entry at line %d (password too short)\n",line); pdb_reset_sam (sam_pwent); continue; } if (p[32] != ':') { fprintf (stderr, "Error: malformed password entry at line %d (no terminating :)\n",line); pdb_reset_sam (sam_pwent); continue; } if (!strncasecmp((char *) p, "NO PASSWORD", 11)) { pdb_set_lanman_passwd(sam_pwent, NULL); pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_PWNOTREQ); } else { if (!pdb_gethexpwd((char *)p, smbpwd)) { fprintf (stderr, "Error: malformed Lanman password entry at line %d (non hex chars)\n", line); pdb_reset_sam (sam_pwent); continue; } pdb_set_lanman_passwd(sam_pwent, smbpwd); } /* NT password */ pdb_set_nt_passwd(sam_pwent, smbpwd); p += 33; if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { if (*p != '*' && *p != 'X') { if (pdb_gethexpwd((char *)p,smbntpwd)) { pdb_set_nt_passwd(sam_pwent, smbntpwd); } } p += 33; } } /* Get ACCT_CTRL field if any */ if (*p == '[') { uint16 acct_ctrl; unsigned char *end_p = (unsigned char *)strchr((char *)p, ']'); acct_ctrl = pdb_decode_acct_ctrl((char*)p); if (acct_ctrl) acct_ctrl = ACB_NORMAL; pdb_set_acct_ctrl(sam_pwent, acct_ctrl); /* Get last change time */ if(end_p) p = end_p + 1; if(*p == ':') { p++; if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) { int i; p += 4; for(i = 0; i < 8; i++) { if(p[i] == '\0' || !isxdigit(p[i])) break; } if(i == 8) { pdb_set_pass_last_set_time (sam_pwent, (time_t)strtol((char *)p, NULL, 16)); } } } } /* Old-style workstation account code droped. */ if (pdb_get_acct_ctrl(sam_pwent) & ACB_WSTRUST) { if ((uidval < BASE_MACHINE_UID) || (uidval > MAX_MACHINE_UID)) { fprintf (stderr, "Warning: Machine UID out of normal range %d-%d\n", BASE_MACHINE_UID, MAX_MACHINE_UID); } pdb_set_uid(sam_pwent, BASE_MACHINE_UID); } /* Test if user is valid */ if (pdb_get_acct_ctrl(sam_pwent) & ACB_NORMAL) { struct passwd *pwd = NULL; if (!(pwd = sys_getpwnam(user_name))) { fprintf (stderr, "Error: User %s does not exist in system passwd!\n", user_name); continue; } pdb_set_gid(sam_pwent, pwd->pw_gid); } /* Fill in sam_pwent structure */ pdb_set_user_rid(sam_pwent, pdb_uid_to_user_rid (pdb_get_uid(sam_pwent))); pdb_set_group_rid(sam_pwent, pdb_gid_to_group_rid (pdb_get_gid(sam_pwent))); /* TODO: set also full_name, home_dir, dir_drive, logon_script, profile_path, ecc... * when defaults will be available (after passdb redesign) * let them blank just now they are not used anyway */ /* Now ADD the entry */ if (!(pdb_add_sam_account (sam_pwent))) { fprintf (stderr, "Unable to add user entry!\n"); pdb_reset_sam (sam_pwent); continue; } printf ("%s imported!\n", user_name); good++; pdb_reset_sam (sam_pwent); } printf ("%d lines read.\n%d entries imported\n", line, good); pdb_free_sam(sam_pwent); return 0; } /********************************************************* Start here. **********************************************************/ int main (int argc, char **argv) { int ch; static pstring servicesf = CONFIGFILE; BOOL list_users = False; BOOL verbose = False; BOOL spstyle = False; BOOL setparms = False; BOOL machine = False; BOOL add_user = False; BOOL delete_user = False; BOOL import = False; char *user_name = NULL; char *full_name = NULL; char *home_dir = NULL; char *home_drive = NULL; char *logon_script = NULL; char *profile_path = NULL; char *smbpasswd = NULL; TimeInit(); setup_logging("pdbedit", True); charset_initialise(); if (argc < 2) { usage(); return 0; } DEBUGLEVEL = 0; AllowDebugChange = False; if (!lp_load(servicesf,True,False,False)) { fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf); exit(1); } secrets_init(); if(!initialize_password_db(True)) { fprintf(stderr, "Can't setup password database vectors.\n"); exit(1); } codepage_initialise(lp_client_code_page()); while ((ch = getopt(argc, argv, "ad:f:h:i:lmp:s:u:vwxD:")) != EOF) { switch(ch) { case 'a': add_user = True; break; case 'm': machine = True; break; case 'l': list_users = True; break; case 'v': verbose = True; break; case 'w': spstyle = True; break; case 'u': user_name = optarg; break; case 'f': setparms = True; full_name = optarg; break; case 'h': setparms = True; home_dir = optarg; break; case 'd': setparms = True; home_drive = optarg; break; case 's': setparms = True; logon_script = optarg; break; case 'p': setparms = True; profile_path = optarg; break; case 'x': delete_user = True; break; case 'i': import = True; smbpasswd = optarg; break; case 'D': DEBUGLEVEL = atoi(optarg); break; default: usage(); } } if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) > 1) { fprintf (stderr, "Incompatible options on command line!\n"); usage(); exit(1); } if (add_user) { if (!user_name) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } if (machine) return new_machine (user_name); else return new_user (user_name, full_name, home_dir, home_drive, logon_script, profile_path); } if (delete_user) { if (!user_name) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } if (machine) return delete_machine_entry (user_name); else return delete_user_entry (user_name); } if (user_name) { if (setparms) set_user_info ( user_name, full_name, home_dir, home_drive, logon_script, profile_path); else return print_user_info (user_name, verbose, spstyle); return 0; } if (list_users) return print_users_list (verbose, spstyle); if (import) return import_users (smbpasswd); usage(); return 0; }