diff options
-rw-r--r-- | source3/passdb/pdb_interface.c | 22 | ||||
-rw-r--r-- | source3/utils/pdbedit.c | 41 |
2 files changed, 63 insertions, 0 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index ed05e5ad42..c656e08722 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -708,22 +708,44 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid) BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!pdb_context) { return False; } + /* disable acccounts with no passwords */ + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_lanman_passwd( sam_acct ); + if ( !lm_pw || !nt_pw ) { + acb_flags = pdb_get_acct_ctrl( sam_acct ) | ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET ); + pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET); + } + return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct)); } BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!pdb_context) { return False; } + /* disable acccounts with no passwords */ + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_lanman_passwd( sam_acct ); + if ( !lm_pw || !nt_pw ) { + acb_flags = pdb_get_acct_ctrl( sam_acct ) | ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET ); + pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET); + } + return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct)); } diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index d72634d78b..f402567b74 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -47,6 +47,7 @@ #define BIT_RESERV_7 0x00800000 #define BIT_IMPORT 0x01000000 #define BIT_EXPORT 0x02000000 +#define BIT_FIX_INIT 0x04000000 #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 @@ -234,6 +235,39 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd } /********************************************************* + Fix a list of Users for uninitialised passwords +**********************************************************/ +static int fix_users_list (struct pdb_context *in) +{ + SAM_ACCOUNT *sam_pwent=NULL; + BOOL check, ret; + + check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False)); + if (!check) { + return 1; + } + + check = True; + if (!(NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)))) return 1; + + while (check && (ret = NT_STATUS_IS_OK(in->pdb_getsampwent (in, sam_pwent)))) { + if (!pdb_update_sam_account(sam_pwent)) { + DEBUG(0, ("Update of user %s failed!\n", pdb_get_username(sam_pwent))); + } + pdb_free_sam(&sam_pwent); + check = NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)); + if (!check) { + DEBUG(0, ("Failed to initialise new SAM_ACCOUNT structure (out of memory?)\n")); + } + + } + if (check) pdb_free_sam(&sam_pwent); + + in->pdb_endsampwent(in); + return 0; +} + +/********************************************************* Set User Info **********************************************************/ @@ -550,6 +584,7 @@ int main (int argc, char **argv) static char *backend_in = NULL; static char *backend_out = NULL; static BOOL transfer_groups = False; + static BOOL force_initialised_password = False; static char *logon_script = NULL; static char *profile_path = NULL; static char *account_control = NULL; @@ -587,6 +622,7 @@ int main (int argc, char **argv) {"account-policy", 'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL}, {"value", 'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL}, {"account-control", 'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL}, + {"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL}, POPT_COMMON_SAMBA POPT_TABLEEND }; @@ -631,6 +667,7 @@ int main (int argc, char **argv) (machine ? BIT_MACHINE : 0) + (user_name ? BIT_USER : 0) + (list_users ? BIT_LIST : 0) + + (force_initialised_password ? BIT_FIX_INIT : 0) + (modify_user ? BIT_MODIFY : 0) + (add_user ? BIT_CREATE : 0) + (delete_user ? BIT_DELETE : 0) + @@ -655,6 +692,10 @@ int main (int argc, char **argv) /* the lowest bit options are always accepted */ checkparms = setparms & ~MASK_ALWAYS_GOOD; + if (checkparms & BIT_FIX_INIT) { + return fix_users_list(bdef); + } + /* account policy operations */ if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) { uint32 value; |