From d4420dc9023677461570eaedd1f1ca0e6c0ef758 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 29 Jan 2004 22:16:58 +0000
Subject: more initialization fixes (This used to be commit
 9e590d603547ef1e8388bea66eb5d44e4dfd6412)

---
 source3/passdb/pdb_interface.c | 22 ++++++++++++++++++++++
 source3/utils/pdbedit.c        | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index ed05e5ad42..c656e08722 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -708,22 +708,44 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) 
 {
 	struct pdb_context *pdb_context = pdb_get_static_context(False);
+	const char *lm_pw, *nt_pw;
+	uint16 acb_flags;
 
 	if (!pdb_context) {
 		return False;
 	}
 
+	/* disable acccounts with no passwords */
+	lm_pw = pdb_get_lanman_passwd( sam_acct );
+	nt_pw = pdb_get_lanman_passwd( sam_acct );
+	if ( !lm_pw || !nt_pw ) {
+		acb_flags = pdb_get_acct_ctrl( sam_acct ) | ACB_DISABLED;
+		pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET );
+		pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET);
+	}
+
 	return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
 }
 
 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) 
 {
 	struct pdb_context *pdb_context = pdb_get_static_context(False);
+	const char *lm_pw, *nt_pw;
+	uint16 acb_flags;
 
 	if (!pdb_context) {
 		return False;
 	}
 
+	/* disable acccounts with no passwords */
+	lm_pw = pdb_get_lanman_passwd( sam_acct );
+	nt_pw = pdb_get_lanman_passwd( sam_acct );
+	if ( !lm_pw || !nt_pw ) {
+		acb_flags = pdb_get_acct_ctrl( sam_acct ) | ACB_DISABLED;
+		pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_SET );
+		pdb_set_init_flags(sam_acct, PDB_ACCTCTRL, PDB_SET);
+	}
+
 	return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
 }
 
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index d72634d78b..f402567b74 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -47,6 +47,7 @@
 #define BIT_RESERV_7	0x00800000
 #define BIT_IMPORT	0x01000000
 #define BIT_EXPORT	0x02000000
+#define BIT_FIX_INIT    0x04000000
 
 #define MASK_ALWAYS_GOOD	0x0000001F
 #define MASK_USER_GOOD		0x00401F00
@@ -233,6 +234,39 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd
 	return 0;
 }
 
+/*********************************************************
+ Fix a list of Users for uninitialised passwords
+**********************************************************/
+static int fix_users_list (struct pdb_context *in)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	BOOL check, ret;
+	
+	check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False));
+	if (!check) {
+		return 1;
+	}
+
+	check = True;
+	if (!(NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)))) return 1;
+
+	while (check && (ret = NT_STATUS_IS_OK(in->pdb_getsampwent (in, sam_pwent)))) {
+		if (!pdb_update_sam_account(sam_pwent)) {
+			DEBUG(0, ("Update of user %s failed!\n", pdb_get_username(sam_pwent)));
+		}
+		pdb_free_sam(&sam_pwent);
+		check = NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent));
+		if (!check) {
+			DEBUG(0, ("Failed to initialise new SAM_ACCOUNT structure (out of memory?)\n"));
+		}
+			
+	}
+	if (check) pdb_free_sam(&sam_pwent);
+	
+	in->pdb_endsampwent(in);
+	return 0;
+}
+
 /*********************************************************
  Set User Info
 **********************************************************/
@@ -550,6 +584,7 @@ int main (int argc, char **argv)
 	static char *backend_in = NULL;
 	static char *backend_out = NULL;
 	static BOOL transfer_groups = False;
+	static BOOL  force_initialised_password = False;
 	static char *logon_script = NULL;
 	static char *profile_path = NULL;
 	static char *account_control = NULL;
@@ -587,6 +622,7 @@ int main (int argc, char **argv)
 		{"account-policy",	'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
 		{"value",       'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
 		{"account-control",	'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
+		{"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
 		POPT_COMMON_SAMBA
 		POPT_TABLEEND
 	};
@@ -631,6 +667,7 @@ int main (int argc, char **argv)
 			(machine ? BIT_MACHINE : 0) +
 			(user_name ? BIT_USER : 0) +
 			(list_users ? BIT_LIST : 0) +
+			(force_initialised_password ? BIT_FIX_INIT : 0) +
 			(modify_user ? BIT_MODIFY : 0) +
 			(add_user ? BIT_CREATE : 0) +
 			(delete_user ? BIT_DELETE : 0) +
@@ -655,6 +692,10 @@ int main (int argc, char **argv)
 	/* the lowest bit options are always accepted */
 	checkparms = setparms & ~MASK_ALWAYS_GOOD;
 
+	if (checkparms & BIT_FIX_INIT) {
+		return fix_users_list(bdef);
+	}
+
 	/* account policy operations */
 	if ((checkparms & BIT_ACCPOLICY) && !(checkparms & ~(BIT_ACCPOLICY + BIT_ACCPOLVAL))) {
 		uint32 value;
-- 
cgit