summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-03-09 01:21:57 +0000
committerLuke Leighton <lkcl@samba.org>1999-03-09 01:21:57 +0000
commita3c6e96a22bfaaa5a2993e85327555266476013d (patch)
treed18c6f1a16ab14ab17d1e4157198a941e667931b
parentaecbc5b5d37690f145c42ed834a58565c12db6d3 (diff)
downloadsamba-a3c6e96a22bfaaa5a2993e85327555266476013d.tar.gz
samba-a3c6e96a22bfaaa5a2993e85327555266476013d.tar.bz2
samba-a3c6e96a22bfaaa5a2993e85327555266476013d.zip
mods to allow inter-domain trust accounts to be added to SAM database
using smbpasswd command. (This used to be commit 62d499f83256c6e8b3308dc4bd8e9f5df873b14b)
-rw-r--r--source3/include/proto.h11
-rw-r--r--source3/lib/util.c66
-rw-r--r--source3/nmbd/nmbd_packets.c55
-rw-r--r--source3/passdb/smbpass.c32
-rw-r--r--source3/passdb/smbpasschange.c99
-rw-r--r--source3/utils/smbpasswd.c254
-rw-r--r--source3/web/swat.c21
7 files changed, 318 insertions, 220 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index bf280df1cd..6d2264051f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1529,11 +1529,12 @@ struct smb_passdb_ops *file_initialise_password_db(void);
/*The following definitions come from passdb/smbpasschange.c */
-BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user,
- BOOL enable_user, BOOL disable_user, BOOL set_no_password,
- char *new_passwd,
- char *err_str, size_t err_str_len,
- char *msg_str, size_t msg_str_len);
+BOOL local_password_change(char *user_name,
+ BOOL add_user,
+ uint16 acb_info, uint16 acb_mask,
+ char *new_passwd,
+ char *err_str, size_t err_str_len,
+ char *msg_str, size_t msg_str_len);
/*The following definitions come from passdb/smbpassfile.c */
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 127f69dc7d..2bab2f0386 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2975,40 +2975,46 @@ void print_asc(int level, unsigned char *buf,int len)
{
int i;
for (i=0;i<len;i++)
- DEBUG(level,("%c", isprint(buf[i])?buf[i]:'.'));
+ {
+ DEBUGADD(level,("%c", isprint(buf[i])?buf[i]:'.'));
+ }
}
-void dump_data(int level,char *buf1,int len)
+void dump_data(int level,char *buf1, int len)
{
- unsigned char *buf = (unsigned char *)buf1;
- int i=0;
- if (len<=0) return;
+ unsigned char *buf = (unsigned char *)buf1;
+ int i=0;
+ if (len<=0) return;
- DEBUG(level,("[%03X] ",i));
- for (i=0;i<len;) {
- DEBUG(level,("%02X ",(int)buf[i]));
- i++;
- if (i%8 == 0) DEBUG(level,(" "));
- if (i%16 == 0) {
- print_asc(level,&buf[i-16],8); DEBUG(level,(" "));
- print_asc(level,&buf[i-8],8); DEBUG(level,("\n"));
- if (i<len) DEBUG(level,("[%03X] ",i));
- }
- }
- if (i%16) {
- int n;
-
- n = 16 - (i%16);
- DEBUG(level,(" "));
- if (n>8) DEBUG(level,(" "));
- while (n--) DEBUG(level,(" "));
-
- n = MIN(8,i%16);
- print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" "));
- n = (i%16) - n;
- if (n>0) print_asc(level,&buf[i-n],n);
- DEBUG(level,("\n"));
- }
+ DEBUG(level,("[%03X] ",i));
+ for (i=0;i<len;)
+ {
+ DEBUGADD(level,("%02X ",(int)buf[i]));
+ i++;
+ if (i%8 == 0) DEBUGADD(level,(" "));
+ if (i%16 == 0)
+ {
+ print_asc(level,&buf[i-16],8); DEBUGADD(level,(" "));
+ print_asc(level,&buf[i-8],8); DEBUGADD(level,("\n"));
+ if (i<len) DEBUGADD(level,("[%03X] ",i));
+ }
+ }
+
+ if (i%16 != 0) /* finish off a non-16-char-length row */
+ {
+ int n;
+
+ n = 16 - (i%16);
+ DEBUGADD(level,(" "));
+ if (n>8) DEBUGADD(level,(" "));
+ while (n--) DEBUGADD(level,(" "));
+
+ n = MIN(8,i%16);
+ print_asc(level,&buf[i-(i%16)],n); DEBUGADD(level,(" "));
+ n = (i%16) - n;
+ if (n>0) print_asc(level,&buf[i-n],n);
+ DEBUGADD(level,("\n"));
+ }
}
char *tab_depth(int depth)
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 7f27753352..a9803b363f 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -91,43 +91,6 @@ void set_nb_flags(char *buf, uint16 nb_flags)
}
/***************************************************************************
-Dumps out the browse packet data.
-**************************************************************************/
-
-static void debug_browse_data(char *outbuf, int len)
-{
- int i,j;
-
- DEBUG( 4, ( "debug_browse_data():\n" ) );
- for (i = 0; i < len; i+= 16)
- {
- DEBUGADD( 4, ( "%3x char ", i ) );
-
- for (j = 0; j < 16; j++)
- {
- unsigned char x = outbuf[i+j];
- if (x < 32 || x > 127)
- x = '.';
-
- if (i+j >= len)
- break;
- DEBUGADD( 4, ( "%c", x ) );
- }
-
- DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
-
- for (j = 0; j < 16; j++)
- {
- if (i+j >= len)
- break;
- DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
- }
-
- DEBUGADD( 4, ("\n") );
- }
-}
-
-/***************************************************************************
Generates the unique transaction identifier
**************************************************************************/
@@ -1041,37 +1004,31 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
{
case ANN_HostAnnouncement:
{
- debug_browse_data(buf, len);
process_host_announce(subrec, p, buf+1);
break;
}
case ANN_DomainAnnouncement:
{
- debug_browse_data(buf, len);
process_workgroup_announce(subrec, p, buf+1);
break;
}
case ANN_LocalMasterAnnouncement:
{
- debug_browse_data(buf, len);
process_local_master_announce(subrec, p, buf+1);
break;
}
case ANN_AnnouncementRequest:
{
- debug_browse_data(buf, len);
process_announce_request(subrec, p, buf+1);
break;
}
case ANN_Election:
{
- debug_browse_data(buf, len);
process_election(subrec, p, buf+1);
break;
}
case ANN_GetBackupListReq:
{
- debug_browse_data(buf, len);
/* This is one occasion where we change a subnet that is
given to us. If the packet was sent to WORKGROUP<1b> instead
@@ -1086,7 +1043,6 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
}
case ANN_GetBackupListResp:
{
- debug_browse_data(buf, len);
/* We never send ANN_GetBackupListReq so we
should never get these. */
DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
@@ -1095,7 +1051,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
}
case ANN_ResetBrowserState:
{
- debug_browse_data(buf, len);
process_reset_browser(subrec, p, buf+1);
break;
}
@@ -1105,7 +1060,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
on the unicast subnet. */
subrec = unicast_subnet;
- debug_browse_data(buf, len);
process_master_browser_announce(subrec, p, buf+1);
break;
}
@@ -1114,7 +1068,6 @@ packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
/*
* We don't currently implement this. Log it just in case.
*/
- debug_browse_data(buf, len);
DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
command ANN_BecomeBackup from %s IP %s to %s\n",
subrec->subnet_name, nmb_namestr(&dgram->source_name),
@@ -1123,7 +1076,6 @@ command ANN_BecomeBackup from %s IP %s to %s\n",
}
default:
{
- debug_browse_data(buf, len);
DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
command code %d from %s IP %s to %s\n",
subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
@@ -1162,7 +1114,7 @@ mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, scop
{
case ANN_HostAnnouncement:
{
- debug_browse_data(buf, len);
+ dump_data(4, buf, len);
process_lm_host_announce(subrec, p, buf+1);
break;
}
@@ -1247,10 +1199,11 @@ static void process_dgram(struct packet_struct *p)
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
-
if (len <= 0)
return;
+ dump_data(100, buf2, len);
+
/* Datagram packet received for the browser mailslot */
if (strequal(smb_buf(buf),BROWSE_MAILSLOT))
{
@@ -1958,7 +1911,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
- debug_browse_data(buf, len);
+ dump_data(4, buf, len);
if(loopback_this_packet)
{
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 2686f1d68f..2985af1ff8 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -139,16 +139,6 @@ struct smb_passwd *getsmbfilepwent(void *vp)
/* Skip the ':' */
p++;
- if (*p == '*' || *p == 'X')
- {
- /* Password deliberately invalid - end here. */
- DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
- pw_buf.smb_nt_passwd = NULL;
- pw_buf.smb_passwd = NULL;
- pw_buf.acct_ctrl |= ACB_DISABLED;
- return &pw_buf;
- }
-
if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
{
DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
@@ -240,6 +230,18 @@ struct smb_passwd *getsmbfilepwent(void *vp)
}
}
+ if (*p == '*' || *p == 'X')
+ {
+ /* Password deliberately invalid - end here. */
+ DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
+ pw_buf.smb_nt_passwd = NULL;
+ pw_buf.smb_passwd = NULL;
+ pw_buf.acct_ctrl |= ACB_DISABLED;
+ }
+
+ DEBUG(6,("unixuser:%s uid:%d acb:%x\n",
+ pw_buf.unix_name, pw_buf.unix_uid, pw_buf.acct_ctrl));
+
return &pw_buf;
}
@@ -410,8 +412,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
#ifdef DEBUG_PASSWORD
DEBUG(100,("mod_smbfilepwd_entry: password entries\n"));
- dump_data(100, pwd->smb_passwd, 16);
- dump_data(100, pwd->smb_nt_passwd, 16);
+ if (pwd->smb_passwd != NULL)
+ {
+ dump_data(100, pwd->smb_passwd, 16);
+ }
+ if (pwd->smb_nt_passwd != NULL)
+ {
+ dump_data(100, pwd->smb_nt_passwd, 16);
+ }
#endif
if (!*pfile) {
DEBUG(0, ("No SMB password file set\n"));
diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c
index f001040682..27bb26e0b3 100644
--- a/source3/passdb/smbpasschange.c
+++ b/source3/passdb/smbpasschange.c
@@ -25,9 +25,9 @@
/*************************************************************
add a new user to the local smbpasswd file
*************************************************************/
-static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
- BOOL disable_user, BOOL set_no_password,
- uchar *new_p16, uchar *new_nt_p16)
+static BOOL add_new_user(char *user_name, uid_t uid,
+ uint16 acb_info,
+ uchar *new_p16, uchar *new_nt_p16)
{
struct smb_passwd new_smb_pwent;
@@ -38,13 +38,10 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
new_smb_pwent.nt_name = user_name;
new_smb_pwent.smb_passwd = NULL;
new_smb_pwent.smb_nt_passwd = NULL;
- new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL);
+ new_smb_pwent.acct_ctrl = acb_info;
- if(disable_user) {
- new_smb_pwent.acct_ctrl |= ACB_DISABLED;
- } else if (set_no_password) {
- new_smb_pwent.acct_ctrl |= ACB_PWNOTREQ;
- } else {
+ if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ))
+ {
new_smb_pwent.smb_passwd = new_p16;
new_smb_pwent.smb_nt_passwd = new_nt_p16;
}
@@ -54,16 +51,27 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
/*************************************************************
-change a password entry in the local smbpasswd file
+change a password entry in the local smbpasswd file.
+
+when modifying an account, set acb_mask to those bits that
+require changing (to zero or one) and set acb_info to the
+value required in those bits. all bits NOT set in acb_mask
+will NOT be modified.
+
+when _adding_ an account, acb_mask must be set to 0xFFFF and
+it is ignored, btw :-)
+
*************************************************************/
-BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user,
- BOOL enable_user, BOOL disable_user, BOOL set_no_password,
- char *new_passwd,
- char *err_str, size_t err_str_len,
- char *msg_str, size_t msg_str_len)
+BOOL local_password_change(char *user_name,
+ BOOL add_user,
+ uint16 acb_info, uint16 acb_mask,
+ char *new_passwd,
+ char *err_str, size_t err_str_len,
+ char *msg_str, size_t msg_str_len)
{
struct passwd *pwd;
struct smb_passwd *smb_pwent;
+ struct smb_passwd new_pwent;
uchar new_p16[16];
uchar new_nt_p16[16];
fstring unix_name;
@@ -75,16 +83,21 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user,
pwd = getpwnam(user_name);
/*
- * Check for a machine account.
+ * Check for a trust account.
*/
+ if ((acb_info & acb_mask) != acb_info)
+ {
+ slprintf(err_str, err_str_len - 1, "programmer error: acb_info (%x) requests bits to be set outside of acb_mask (%x) range\n", acb_info, acb_mask);
+ }
+
if (pwd == NULL)
{
- if (trust_account)
+ if (!IS_BITS_SET_ALL(acb_info, ACB_NORMAL))
{
slprintf(err_str, err_str_len - 1, "User %s does not \
exist in system password file (usually /etc/passwd). \
-Cannot add machine account without a valid system user.\n", user_name);
+Cannot add trust account without a valid system user.\n", user_name);
}
else
{
@@ -102,22 +115,29 @@ exist in system password file (usually /etc/passwd).\n", user_name);
/* Get the smb passwd entry for this user */
smb_pwent = getsmbpwnam(user_name);
- if (smb_pwent == NULL) {
- if(add_user == False) {
+ if (smb_pwent == NULL)
+ {
+ if (!add_user)
+ {
slprintf(err_str, err_str_len-1,
"Failed to find entry for user %s.\n", unix_name);
return False;
}
- if (add_new_user(user_name, unix_uid, trust_account, disable_user,
- set_no_password, new_p16, new_nt_p16)) {
+ if (add_new_user(user_name, unix_uid, acb_info,
+ new_p16, new_nt_p16))
+ {
slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
return True;
- } else {
+ }
+ else
+ {
slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
return False;
}
- } else {
+ }
+ else
+ {
/* the entry already existed */
add_user = False;
}
@@ -127,26 +147,21 @@ exist in system password file (usually /etc/passwd).\n", user_name);
* and the valid last change time.
*/
- if(disable_user) {
- smb_pwent->acct_ctrl |= ACB_DISABLED;
- } else if (enable_user) {
- if(smb_pwent->smb_passwd == NULL) {
- smb_pwent->smb_passwd = new_p16;
- smb_pwent->smb_nt_passwd = new_nt_p16;
- }
- smb_pwent->acct_ctrl &= ~ACB_DISABLED;
- } else if (set_no_password) {
- smb_pwent->acct_ctrl |= ACB_PWNOTREQ;
- /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */
- smb_pwent->smb_passwd = NULL;
- smb_pwent->smb_nt_passwd = NULL;
- } else {
- smb_pwent->acct_ctrl &= ~ACB_PWNOTREQ;
- smb_pwent->smb_passwd = new_p16;
- smb_pwent->smb_nt_passwd = new_nt_p16;
+ memcpy(&new_pwent, smb_pwent, sizeof(new_pwent));
+ new_pwent.nt_name = user_name;
+ new_pwent.acct_ctrl &= ~acb_mask;
+ new_pwent.acct_ctrl |= (acb_info & acb_mask);
+ new_pwent.smb_passwd = NULL;
+ new_pwent.smb_nt_passwd = NULL;
+
+ if (IS_BITS_CLR_ALL(acb_info, ACB_DISABLED | ACB_PWNOTREQ))
+ {
+ new_pwent.smb_passwd = new_p16;
+ new_pwent.smb_nt_passwd = new_nt_p16;
}
- if(mod_smbpwd_entry(smb_pwent,True) == False) {
+ if (!mod_smbpwd_entry(&new_pwent, True))
+ {
slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n",
unix_name);
return False;
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 157583925b..83b9b0bdc9 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -1,6 +1,7 @@
/*
- * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright
- * (C) Jeremy Allison 1995-1998
+ * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module.
+ * Copyright (C) Jeremy Allison 1995-1999
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1999
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
@@ -67,7 +68,8 @@ static void usage(void)
printf(" -d disable user\n");
printf(" -e enable user\n");
printf(" -n set no password\n");
- printf(" -m machine trust account\n");
+ printf(" -m workstation trust account\n");
+ printf(" -i inter-domain trust account\n");
}
exit(1);
}
@@ -221,35 +223,47 @@ static char *prompt_for_new_password(BOOL stdin_get)
change a password either locally or remotely
*************************************************************/
static BOOL password_change(const char *remote_machine, char *user_name,
- char *old_passwd, char *new_passwd,
- BOOL add_user, BOOL enable_user,
- BOOL disable_user, BOOL set_no_password,
- BOOL trust_account)
+ char *old_passwd, char *new_passwd,
+ BOOL add_user,
+ uint16 acb_info, uint16 acb_mask)
{
BOOL ret;
pstring err_str;
pstring msg_str;
- if (remote_machine != NULL) {
- if (add_user || enable_user || disable_user || set_no_password || trust_account) {
+ if (remote_machine != NULL)
+ {
+ if (add_user ||
+ IS_BITS_SET_SOME(acb_info, ACB_PWNOTREQ | ACB_WSTRUST | ACB_DOMTRUST | ACB_SVRTRUST) ||
+ (IS_BITS_SET_SOME(acb_mask, ACB_DISABLED) &&
+ IS_BITS_CLR_ALL(acb_info, ACB_DISABLED)))
+ {
/* these things can't be done remotely yet */
return False;
}
ret = remote_password_change(remote_machine, user_name,
- old_passwd, new_passwd, err_str, sizeof(err_str));
- if(*err_str)
+ old_passwd, new_passwd,
+ err_str, sizeof(err_str));
+ if (*err_str != 0)
+ {
fprintf(stderr, err_str);
+ }
return ret;
}
- ret = local_password_change(user_name, trust_account, add_user, enable_user,
- disable_user, set_no_password, new_passwd,
- err_str, sizeof(err_str), msg_str, sizeof(msg_str));
+ ret = local_password_change(user_name, add_user, acb_info, acb_mask,
+ new_passwd,
+ err_str, sizeof(err_str),
+ msg_str, sizeof(msg_str));
- if(*msg_str)
+ if (*msg_str != 0)
+ {
printf(msg_str);
- if(*err_str)
+ }
+ if (*err_str != 0)
+ {
fprintf(stderr, err_str);
+ }
return ret;
}
@@ -262,8 +276,11 @@ static int process_root(int argc, char *argv[])
{
struct passwd *pwd;
int ch;
+ uint16 acb_info = 0;
+ uint16 acb_mask = 0;
BOOL joining_domain = False;
- BOOL trust_account = False;
+ BOOL wks_trust_account = False;
+ BOOL dom_trust_account = False;
BOOL add_user = False;
BOOL disable_user = False;
BOOL enable_user = False;
@@ -275,65 +292,97 @@ static int process_root(int argc, char *argv[])
char *old_passwd = NULL;
char *remote_machine = NULL;
- while ((ch = getopt(argc, argv, "adehmnj:r:sR:D:U:")) != EOF) {
- switch(ch) {
- case 'a':
- add_user = True;
- break;
- case 'd':
- disable_user = True;
- new_passwd = "XXXXXX";
- break;
- case 'e':
- enable_user = True;
- break;
- case 'D':
- DEBUGLEVEL = atoi(optarg);
- break;
- case 'n':
- set_no_password = True;
- new_passwd = "NO PASSWORD";
- case 'r':
- remote_machine = optarg;
- break;
- case 's':
- set_line_buffering(stdin);
- set_line_buffering(stdout);
- set_line_buffering(stderr);
- stdin_passwd_get = True;
- break;
- case 'R':
- lp_set_name_resolve_order(optarg);
- break;
- case 'm':
- trust_account = True;
- break;
- case 'j':
- new_domain = optarg;
- strupper(new_domain);
- joining_domain = True;
- break;
- case 'U':
- user_name = optarg;
- break;
- default:
- usage();
+ while ((ch = getopt(argc, argv, "adehimnj:r:sR:D:U:")) != EOF)
+ {
+ switch(ch)
+ {
+ case 'a':
+ {
+ add_user = True;
+ break;
+ }
+ case 'd':
+ {
+ disable_user = True;
+ new_passwd = "XXXXXX";
+ break;
+ }
+ case 'e':
+ {
+ enable_user = True;
+ break;
+ }
+ case 'D':
+ {
+ DEBUGLEVEL = atoi(optarg);
+ break;
+ }
+ case 'n':
+ {
+ set_no_password = True;
+ new_passwd = "NO PASSWORD";
+ }
+ case 'r':
+ {
+ remote_machine = optarg;
+ break;
+ }
+ case 's':
+ {
+ set_line_buffering(stdin);
+ set_line_buffering(stdout);
+ set_line_buffering(stderr);
+ stdin_passwd_get = True;
+ break;
+ }
+ case 'R':
+ {
+ lp_set_name_resolve_order(optarg);
+ break;
+ }
+ case 'i':
+ {
+ dom_trust_account = True;
+ break;
+ }
+ case 'm':
+ {
+ wks_trust_account = True;
+ break;
+ }
+ case 'j':
+ {
+ new_domain = optarg;
+ strupper(new_domain);
+ joining_domain = True;
+ break;
+ }
+ case 'U':
+ {
+ user_name = optarg;
+ break;
+ }
+ default:
+ {
+ usage();
+ }
}
}
argc -= optind;
argv += optind;
-
/*
* Ensure add_user and either remote machine or join domain are
* not both set.
*/
- if(add_user && ((remote_machine != NULL) || joining_domain)) {
+ if (add_user && ((remote_machine != NULL) || joining_domain))
+ {
usage();
}
- if(joining_domain) {
+ if (joining_domain)
+ {
if (argc != 0) usage();
return join_domain(new_domain, remote_machine);
}
@@ -365,7 +414,8 @@ static int process_root(int argc, char *argv[])
exit(1);
}
- if (trust_account) {
+ if (wks_trust_account || dom_trust_account)
+ {
/* add the $ automatically */
static fstring buf;
@@ -402,7 +452,8 @@ static int process_root(int argc, char *argv[])
old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
}
- if (!new_passwd) {
+ if (!new_passwd)
+ {
/*
* If we are trying to enable a user, first we need to find out
@@ -413,31 +464,76 @@ static int process_root(int argc, char *argv[])
* smbpasswd file) then we need to prompt for a new password.
*/
- if(enable_user) {
+ if (enable_user)
+ {
struct smb_passwd *smb_pass = getsmbpwnam(user_name);
- if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL)) {
+ if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL))
+ {
new_passwd = "XXXX"; /* Don't care. */
}
}
if(!new_passwd)
+ {
new_passwd = prompt_for_new_password(stdin_passwd_get);
+ }
}
+ if (enable_user)
+ {
+ acb_mask |= ACB_DISABLED;
+ acb_info &= ~ACB_DISABLED;
+ }
+
+ if (disable_user)
+ {
+ acb_mask |= ACB_DISABLED;
+ acb_info |= ACB_DISABLED;
+ }
+
+ if (set_no_password)
+ {
+ acb_mask |= ACB_PWNOTREQ;
+ acb_info |= ACB_PWNOTREQ;
+ }
+
+ if (wks_trust_account)
+ {
+ acb_mask |= ACB_WSTRUST;
+ acb_info |= ACB_WSTRUST;
+ }
+ else if (dom_trust_account)
+ {
+ acb_mask |= ACB_DOMTRUST;
+ acb_info |= ACB_DOMTRUST;
+ }
+ else
+ {
+ acb_mask |= ACB_NORMAL;
+ acb_info |= ACB_NORMAL;
+ }
+
if (!password_change(remote_machine, user_name, old_passwd, new_passwd,
- add_user, enable_user, disable_user, set_no_password,
- trust_account)) {
+ add_user, acb_info, acb_mask))
+ {
fprintf(stderr,"Failed to change password entry for %s\n", user_name);
return 1;
}
- if(disable_user) {
+ if (disable_user)
+ {
printf("User %s disabled.\n", user_name);
- } else if(enable_user) {
+ }
+ if (enable_user)
+ {
printf("User %s enabled.\n", user_name);
- } else if (set_no_password) {
+ }
+ if (set_no_password)
+ {
printf("User %s - set to no password.\n", user_name);
- } else {
+ }
+ if (!disable_user && !enable_user && !set_no_password)
+ {
printf("Password changed for user %s\n", user_name);
}
return 0;
@@ -457,8 +553,10 @@ static int process_nonroot(int argc, char *argv[])
char *user_name = NULL;
char *new_passwd = NULL;
- while ((ch = getopt(argc, argv, "hD:r:sU:")) != EOF) {
- switch(ch) {
+ while ((ch = getopt(argc, argv, "hD:r:sU:")) != EOF)
+ {
+ switch(ch)
+ {
case 'D':
DEBUGLEVEL = atoi(optarg);
break;
@@ -523,8 +621,10 @@ static int process_nonroot(int argc, char *argv[])
exit(0);
}
- if (!password_change(remote_machine, user_name, old_passwd, new_passwd,
- False, False, False, False, False)) {
+ if (!password_change(remote_machine, user_name,
+ old_passwd, new_passwd,
+ False, 0x0, 0x0))
+ {
fprintf(stderr,"Failed to change password for %s\n", user_name);
return 1;
}
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 3383b29f3b..ce7801ba5c 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -584,6 +584,8 @@ static BOOL change_password(const char *remote_machine, char *user_name,
BOOL add_user, BOOL enable_user, BOOL disable_user)
{
BOOL ret = False;
+ uint16 acb_info = 0;
+ uint16 acb_mask = 0;
pstring err_str;
pstring msg_str;
@@ -606,9 +608,22 @@ static BOOL change_password(const char *remote_machine, char *user_name,
return False;
}
- ret = local_password_change(user_name, False, add_user, enable_user,
- disable_user, False, new_passwd, err_str, sizeof(err_str),
- msg_str, sizeof(msg_str));
+ if (enable_user)
+ {
+ acb_mask |= ACB_DISABLED;
+ acb_info &= ~ACB_DISABLED;
+ }
+
+ if (disable_user)
+ {
+ acb_mask |= ACB_DISABLED;
+ acb_info |= ACB_DISABLED;
+ }
+
+ ret = local_password_change(user_name, add_user,
+ acb_info, acb_mask,
+ new_passwd, err_str, sizeof(err_str),
+ msg_str, sizeof(msg_str));
if(*msg_str)
printf("%s\n<p>", msg_str);