LCOV - code coverage report
Current view: top level - source3/passdb - pdb_get_set.c (source / functions) Hit Total Coverage
Test: coverage report for fix-15632 9995c5c2 Lines: 336 462 72.7 %
Date: 2024-04-13 12:30:31 Functions: 79 82 96.3 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    struct samu access routines
       4             :    Copyright (C) Jeremy Allison                 1996-2001
       5             :    Copyright (C) Luke Kenneth Casson Leighton   1996-1998
       6             :    Copyright (C) Gerald (Jerry) Carter          2000-2006
       7             :    Copyright (C) Andrew Bartlett                2001-2002
       8             :    Copyright (C) Stefan (metze) Metzmacher      2002
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "passdb.h"
      26             : #include "../libcli/auth/libcli_auth.h"
      27             : #include "../libcli/security/security.h"
      28             : #include "../lib/util/bitmap.h"
      29             : 
      30             : #undef DBGC_CLASS
      31             : #define DBGC_CLASS DBGC_PASSDB
      32             : 
      33             : /**
      34             :  * @todo Redefine this to NULL, but this changes the API because
      35             :  *       much of samba assumes that the pdb_get...() functions
      36             :  *       return strings.  (ie not null-pointers).
      37             :  *       See also pdb_fill_default_sam().
      38             :  */
      39             : 
      40             : #define PDB_NOT_QUITE_NULL ""
      41             : 
      42             : /*********************************************************************
      43             :  Test if a change time is a max value. Copes with old and new values
      44             :  of max.
      45             :  ********************************************************************/
      46             : 
      47       20944 : bool pdb_is_password_change_time_max(time_t test_time)
      48             : {
      49       20944 :         if (test_time == get_time_t_max()) {
      50          35 :                 return true;
      51             :         }
      52             : #if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
      53       20909 :         if (test_time == 0x7FFFFFFFFFFFFFFFLL) {
      54           0 :                 return true;
      55             :         }
      56             : #endif
      57       20909 :         if (test_time == 0x7FFFFFFF) {
      58          13 :                 return true;
      59             :         }
      60       20895 :         return false;
      61             : }
      62             : 
      63             : /*********************************************************************
      64             :  Return an unchanging version of max password change time - 0x7FFFFFFF.
      65             :  ********************************************************************/
      66             : 
      67         275 : static time_t pdb_password_change_time_max(void)
      68             : {
      69         275 :         return 0x7FFFFFFF;
      70             : }
      71             : 
      72             : /*********************************************************************
      73             :  Collection of get...() functions for struct samu.
      74             :  ********************************************************************/
      75             : 
      76      274664 : uint32_t pdb_get_acct_ctrl(const struct samu *sampass)
      77             : {
      78      274664 :         return sampass->acct_ctrl;
      79             : }
      80             : 
      81       65476 : time_t pdb_get_logon_time(const struct samu *sampass)
      82             : {
      83       65476 :         return sampass->logon_time;
      84             : }
      85             : 
      86       45120 : time_t pdb_get_logoff_time(const struct samu *sampass)
      87             : {
      88       45120 :         return sampass->logoff_time;
      89             : }
      90             : 
      91       65484 : time_t pdb_get_kickoff_time(const struct samu *sampass)
      92             : {
      93       65484 :         return sampass->kickoff_time;
      94             : }
      95             : 
      96       44671 : time_t pdb_get_bad_password_time(const struct samu *sampass)
      97             : {
      98       44671 :         return sampass->bad_password_time;
      99             : }
     100             : 
     101       85846 : time_t pdb_get_pass_last_set_time(const struct samu *sampass)
     102             : {
     103       85846 :         return sampass->pass_last_set_time;
     104             : }
     105             : 
     106       20863 : time_t pdb_get_pass_can_change_time(const struct samu *sampass)
     107             : {
     108           1 :         uint32_t allow;
     109             : 
     110             :         /* if the last set time is zero, it means the user cannot
     111             :            change their password, and this time must be zero.   jmcd
     112             :         */
     113       20863 :         if (sampass->pass_last_set_time == 0)
     114         405 :                 return (time_t) 0;
     115             : 
     116             :         /* if the time is max, and the field has been changed,
     117             :            we're trying to update this real value from the sampass
     118             :            to indicate that the user cannot change their password.  jmcd
     119             :         */
     120       20458 :         if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
     121           0 :             IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME))
     122           0 :                 return sampass->pass_can_change_time;
     123             : 
     124       20458 :         if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
     125           0 :                 allow = 0;
     126             : 
     127             :         /* in normal cases, just calculate it from policy */
     128       20458 :         return sampass->pass_last_set_time + allow;
     129             : }
     130             : 
     131             : /* we need this for loading from the backend, so that we don't overwrite
     132             :    non-changed max times, otherwise the pass_can_change checking won't work */
     133       44622 : time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
     134             : {
     135       44622 :         return sampass->pass_can_change_time;
     136             : }
     137             : 
     138       86205 : time_t pdb_get_pass_must_change_time(const struct samu *sampass)
     139             : {
     140           7 :         uint32_t expire;
     141             : 
     142       86205 :         if (sampass->pass_last_set_time == 0)
     143        2021 :                 return (time_t) 0;
     144             : 
     145       84184 :         if (sampass->acct_ctrl & ACB_PWNOEXP)
     146         275 :                 return pdb_password_change_time_max();
     147             : 
     148       83909 :         if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
     149       83909 :             || expire == (uint32_t)-1 || expire == 0)
     150       83902 :                 return get_time_t_max();
     151             : 
     152           7 :         return sampass->pass_last_set_time + expire;
     153             : }
     154             : 
     155          46 : bool pdb_get_pass_can_change(const struct samu *sampass)
     156             : {
     157          46 :         if (pdb_is_password_change_time_max(sampass->pass_can_change_time))
     158           0 :                 return False;
     159          46 :         return True;
     160             : }
     161             : 
     162       89261 : uint16_t pdb_get_logon_divs(const struct samu *sampass)
     163             : {
     164       89261 :         return sampass->logon_divs;
     165             : }
     166             : 
     167       90241 : uint32_t pdb_get_hours_len(const struct samu *sampass)
     168             : {
     169       90241 :         return sampass->hours_len;
     170             : }
     171             : 
     172      110602 : const uint8_t *pdb_get_hours(const struct samu *sampass)
     173             : {
     174      110602 :         return (sampass->hours);
     175             : }
     176             : 
     177       65495 : const uint8_t *pdb_get_nt_passwd(const struct samu *sampass)
     178             : {
     179       65495 :         SMB_ASSERT((!sampass->nt_pw.data)
     180             :                    || sampass->nt_pw.length == NT_HASH_LEN);
     181       65495 :         return (uint8_t *)sampass->nt_pw.data;
     182             : }
     183             : 
     184       65937 : const uint8_t *pdb_get_lanman_passwd(const struct samu *sampass)
     185             : {
     186       65937 :         SMB_ASSERT((!sampass->lm_pw.data)
     187             :                    || sampass->lm_pw.length == LM_HASH_LEN);
     188       65937 :         return (uint8_t *)sampass->lm_pw.data;
     189             : }
     190             : 
     191       44676 : const uint8_t *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len)
     192             : {
     193       44676 :         SMB_ASSERT((!sampass->nt_pw_his.data)
     194             :            || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0));
     195       44676 :         *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN;
     196       44676 :         return (uint8_t *)sampass->nt_pw_his.data;
     197             : }
     198             : 
     199             : /* Return the plaintext password if known.  Most of the time
     200             :    it isn't, so don't assume anything magic about this function.
     201             : 
     202             :    Used to pass the plaintext to passdb backends that might
     203             :    want to store more than just the NTLM hashes.
     204             : */
     205          22 : const char *pdb_get_plaintext_passwd(const struct samu *sampass)
     206             : {
     207          22 :         return sampass->plaintext_pw;
     208             : }
     209             : 
     210      114236 : const struct dom_sid *pdb_get_user_sid(const struct samu *sampass)
     211             : {
     212      114236 :         return &sampass->user_sid;
     213             : }
     214             : 
     215       67704 : const struct dom_sid *pdb_get_group_sid(struct samu *sampass)
     216             : {
     217           7 :         NTSTATUS status;
     218             : 
     219             :         /* Return the cached group SID if we have that */
     220       67704 :         if (sampass->group_sid) {
     221       21290 :                 return sampass->group_sid;
     222             :         }
     223             : 
     224             :         /* No algorithmic mapping, meaning that we have to figure out the
     225             :            primary group SID according to group mapping and the user SID must
     226             :            be a newly allocated one.  We rely on the user's Unix primary gid.
     227             :            We have no choice but to fail if we can't find it. */
     228       46408 :         status = get_primary_group_sid(sampass,
     229             :                                         pdb_get_username(sampass),
     230             :                                         &sampass->unix_pw,
     231             :                                         &sampass->group_sid);
     232       46408 :         if (!NT_STATUS_IS_OK(status)) {
     233           0 :                 return NULL;
     234             :         }
     235             : 
     236       46408 :         return sampass->group_sid;
     237             : }
     238             : 
     239             : /**
     240             :  * Get flags showing what is initialised in the struct samu
     241             :  * @param sampass the struct samu in question
     242             :  * @return the flags indicating the members initialised in the struct.
     243             :  **/
     244             : 
     245      179190 : enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
     246             : {
     247      179190 :         enum pdb_value_state ret = PDB_DEFAULT;
     248             : 
     249      179190 :         if (!sampass->change_flags || !sampass->set_flags)
     250           0 :                 return ret;
     251             : 
     252      179190 :         if (bitmap_query(sampass->set_flags, element)) {
     253         671 :                 DEBUG(11, ("element %d: SET\n", element));
     254         560 :                 ret = PDB_SET;
     255             :         }
     256             : 
     257      179190 :         if (bitmap_query(sampass->change_flags, element)) {
     258          46 :                 DEBUG(11, ("element %d: CHANGED\n", element));
     259          40 :                 ret = PDB_CHANGED;
     260             :         }
     261             : 
     262      179184 :         if (ret == PDB_DEFAULT) {
     263      178519 :                 DEBUG(11, ("element %d: DEFAULT\n", element));
     264             :         }
     265             : 
     266      178902 :         return ret;
     267             : }
     268             : 
     269      228217 : const char *pdb_get_username(const struct samu *sampass)
     270             : {
     271      228217 :         return sampass->username;
     272             : }
     273             : 
     274       64994 : const char *pdb_get_domain(const struct samu *sampass)
     275             : {
     276       64994 :         return sampass->domain;
     277             : }
     278             : 
     279       44638 : const char *pdb_get_nt_username(const struct samu *sampass)
     280             : {
     281       44638 :         return sampass->nt_username;
     282             : }
     283             : 
     284       66816 : const char *pdb_get_fullname(const struct samu *sampass)
     285             : {
     286       66816 :         return sampass->full_name;
     287             : }
     288             : 
     289       20981 : const char *pdb_get_homedir(const struct samu *sampass)
     290             : {
     291       20981 :         return sampass->home_dir;
     292             : }
     293             : 
     294       21014 : const char *pdb_get_dir_drive(const struct samu *sampass)
     295             : {
     296       21014 :         return sampass->dir_drive;
     297             : }
     298             : 
     299       20981 : const char *pdb_get_logon_script(const struct samu *sampass)
     300             : {
     301       20981 :         return sampass->logon_script;
     302             : }
     303             : 
     304       20974 : const char *pdb_get_profile_path(const struct samu *sampass)
     305             : {
     306       20974 :         return sampass->profile_path;
     307             : }
     308             : 
     309       46315 : const char *pdb_get_acct_desc(const struct samu *sampass)
     310             : {
     311       46315 :         return sampass->acct_desc;
     312             : }
     313             : 
     314       65496 : const char *pdb_get_workstations(const struct samu *sampass)
     315             : {
     316       65496 :         return sampass->workstations;
     317             : }
     318             : 
     319       45181 : const char *pdb_get_comment(const struct samu *sampass)
     320             : {
     321       45181 :         return sampass->comment;
     322             : }
     323             : 
     324       45100 : const char *pdb_get_munged_dial(const struct samu *sampass)
     325             : {
     326       45100 :         return sampass->munged_dial;
     327             : }
     328             : 
     329      130415 : uint16_t pdb_get_bad_password_count(const struct samu *sampass)
     330             : {
     331      130415 :         return sampass->bad_password_count;
     332             : }
     333             : 
     334      110076 : uint16_t pdb_get_logon_count(const struct samu *sampass)
     335             : {
     336      110076 :         return sampass->logon_count;
     337             : }
     338             : 
     339         453 : uint16_t pdb_get_country_code(const struct samu *sampass)
     340             : {
     341         453 :         return sampass->country_code;
     342             : }
     343             : 
     344         453 : uint16_t pdb_get_code_page(const struct samu *sampass)
     345             : {
     346         453 :         return sampass->code_page;
     347             : }
     348             : 
     349       89244 : uint32_t pdb_get_unknown_6(const struct samu *sampass)
     350             : {
     351       89244 :         return sampass->unknown_6;
     352             : }
     353             : 
     354        4687 : void *pdb_get_backend_private_data(const struct samu *sampass, const struct pdb_methods *my_methods)
     355             : {
     356        4687 :         if (my_methods == sampass->backend_private_methods) {
     357        4687 :                 return sampass->backend_private_data;
     358             :         } else {
     359           0 :                 return NULL;
     360             :         }
     361             : }
     362             : 
     363             : /*********************************************************************
     364             :  Collection of set...() functions for struct samu.
     365             :  ********************************************************************/
     366             : 
     367      104547 : bool pdb_set_acct_ctrl(struct samu *sampass, uint32_t acct_ctrl, enum pdb_value_state flag)
     368             : {
     369      104547 :         sampass->acct_ctrl = acct_ctrl;
     370      104547 :         return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
     371             : }
     372             : 
     373       99742 : bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     374             : {
     375       99742 :         sampass->logon_time = mytime;
     376       99742 :         return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
     377             : }
     378             : 
     379       99664 : bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     380             : {
     381       99664 :         sampass->logoff_time = mytime;
     382       99664 :         return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
     383             : }
     384             : 
     385      100295 : bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     386             : {
     387      100295 :         sampass->kickoff_time = mytime;
     388      100295 :         return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
     389             : }
     390             : 
     391       95624 : bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     392             : {
     393       95624 :         sampass->bad_password_time = mytime;
     394       95624 :         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
     395             : }
     396             : 
     397       95593 : bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     398             : {
     399       95593 :         sampass->pass_can_change_time = mytime;
     400       95593 :         return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
     401             : }
     402             : 
     403      100895 : bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
     404             : {
     405      100895 :         sampass->pass_last_set_time = mytime;
     406      100895 :         return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
     407             : }
     408             : 
     409       95588 : bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag)
     410             : {
     411       95588 :         sampass->hours_len = len;
     412       95588 :         return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
     413             : }
     414             : 
     415       95588 : bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag)
     416             : {
     417       95588 :         sampass->logon_divs = hours;
     418       95588 :         return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
     419             : }
     420             : 
     421             : /**
     422             :  * Set flags showing what is initialised in the struct samu
     423             :  * @param sampass the struct samu in question
     424             :  * @param flag The *new* flag to be set.  Old flags preserved
     425             :  *             this flag is only added.
     426             :  **/
     427             : 
     428     2831354 : bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
     429             : {
     430     2831354 :         if (!sampass->set_flags) {
     431      100891 :                 if ((sampass->set_flags =
     432      100891 :                         bitmap_talloc(sampass,
     433             :                                         PDB_COUNT))==NULL) {
     434           0 :                         DEBUG(0,("bitmap_talloc failed\n"));
     435           0 :                         return False;
     436             :                 }
     437             :         }
     438     2831354 :         if (!sampass->change_flags) {
     439      100891 :                 if ((sampass->change_flags =
     440      100891 :                         bitmap_talloc(sampass,
     441             :                                         PDB_COUNT))==NULL) {
     442           0 :                         DEBUG(0,("bitmap_talloc failed\n"));
     443           0 :                         return False;
     444             :                 }
     445             :         }
     446             : 
     447     2831354 :         switch(value_flag) {
     448        4740 :         case PDB_CHANGED:
     449        4740 :                 if (!bitmap_set(sampass->change_flags, element)) {
     450           0 :                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
     451           0 :                                 return False;
     452             :                         }
     453        4740 :                         if (!bitmap_set(sampass->set_flags, element)) {
     454           0 :                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
     455           0 :                                 return False;
     456             :                         }
     457        4740 :                         DEBUG(11, ("element %d -> now CHANGED\n", element));
     458        4734 :                         break;
     459     2426578 :                 case PDB_SET:
     460     2426578 :                         if (!bitmap_clear(sampass->change_flags, element)) {
     461           0 :                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
     462           0 :                                 return False;
     463             :                         }
     464     2426578 :                         if (!bitmap_set(sampass->set_flags, element)) {
     465           0 :                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
     466           0 :                                 return False;
     467             :                         }
     468     2426578 :                         DEBUG(11, ("element %d -> now SET\n", element));
     469     2422609 :                         break;
     470      400036 :                 case PDB_DEFAULT:
     471             :                 default:
     472      400036 :                         if (!bitmap_clear(sampass->change_flags, element)) {
     473           0 :                                 DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
     474           0 :                                 return False;
     475             :                         }
     476      400036 :                         if (!bitmap_clear(sampass->set_flags, element)) {
     477           0 :                                 DEBUG(0,("Can't set flag: %d in set_flags.\n",element));
     478           0 :                                 return False;
     479             :                         }
     480      400036 :                         DEBUG(11, ("element %d -> now DEFAULT\n", element));
     481      399876 :                         break;
     482             :         }
     483             : 
     484     2827219 :         return True;
     485             : }
     486             : 
     487      103115 : bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag)
     488             : {
     489         313 :         struct dom_sid_buf buf;
     490             : 
     491      103115 :         if (!u_sid)
     492           0 :                 return False;
     493             : 
     494      103115 :         sid_copy(&sampass->user_sid, u_sid);
     495             : 
     496      103115 :         DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
     497             :                    dom_sid_str_buf(&sampass->user_sid, &buf)));
     498             : 
     499      103115 :         return pdb_set_init_flags(sampass, PDB_USERSID, flag);
     500             : }
     501             : 
     502           0 : bool pdb_set_user_sid_from_string(struct samu *sampass, const char *u_sid, enum pdb_value_state flag)
     503             : {
     504           0 :         struct dom_sid new_sid;
     505             : 
     506           0 :         if (!u_sid)
     507           0 :                 return False;
     508             : 
     509           0 :         DEBUG(10, ("pdb_set_user_sid_from_string: setting user sid %s\n",
     510             :                    u_sid));
     511             : 
     512           0 :         if (!string_to_sid(&new_sid, u_sid)) {
     513           0 :                 DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
     514           0 :                 return False;
     515             :         }
     516             : 
     517           0 :         if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
     518           0 :                 DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
     519           0 :                 return False;
     520             :         }
     521             : 
     522           0 :         return True;
     523             : }
     524             : 
     525             : /********************************************************************
     526             :  We never fill this in from a passdb backend but rather set is
     527             :  based on the user's primary group membership.  However, the
     528             :  struct samu* is overloaded and reused in domain memship code
     529             :  as well and built from the netr_SamInfo3 or PAC so we
     530             :  have to allow the explicitly setting of a group SID here.
     531             : ********************************************************************/
     532             : 
     533       47738 : bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum pdb_value_state flag)
     534             : {
     535         279 :         gid_t gid;
     536         279 :         struct dom_sid dug_sid;
     537         279 :         struct dom_sid_buf buf;
     538             : 
     539       47738 :         if (!g_sid)
     540           0 :                 return False;
     541             : 
     542       47738 :         if ( !(sampass->group_sid = talloc( sampass, struct dom_sid )) ) {
     543           0 :                 return False;
     544             :         }
     545             : 
     546             :         /* if we cannot resolve the SID to gid, then just ignore it and
     547             :            store DOMAIN_USERS as the primary groupSID */
     548             : 
     549       47738 :         sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
     550             : 
     551       47738 :         if (dom_sid_equal(&dug_sid, g_sid)) {
     552       47732 :                 sid_copy(sampass->group_sid, &dug_sid);
     553           6 :         } else if (sid_to_gid( g_sid, &gid ) ) {
     554           1 :                 sid_copy(sampass->group_sid, g_sid);
     555             :         } else {
     556           5 :                 sid_copy(sampass->group_sid, &dug_sid);
     557             :         }
     558             : 
     559       47738 :         DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
     560             :                    dom_sid_str_buf(sampass->group_sid, &buf)));
     561             : 
     562       47738 :         return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
     563             : }
     564             : 
     565             : /*********************************************************************
     566             :  Set the user's UNIX name.
     567             :  ********************************************************************/
     568             : 
     569      103633 : bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
     570             : {
     571      103633 :         if (username) {
     572      103633 :                 DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
     573             :                         (sampass->username)?(sampass->username):"NULL"));
     574             : 
     575      103633 :                 sampass->username = talloc_strdup(sampass, username);
     576             : 
     577      103633 :                 if (!sampass->username) {
     578           0 :                         DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
     579           0 :                         return False;
     580             :                 }
     581             :         } else {
     582           0 :                 sampass->username = PDB_NOT_QUITE_NULL;
     583             :         }
     584             : 
     585      103633 :         return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
     586             : }
     587             : 
     588             : /*********************************************************************
     589             :  Set the domain name.
     590             :  ********************************************************************/
     591             : 
     592       98418 : bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
     593             : {
     594       98418 :         if (domain) {
     595       98418 :                 DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
     596             :                         (sampass->domain)?(sampass->domain):"NULL"));
     597             : 
     598       98418 :                 sampass->domain = talloc_strdup(sampass, domain);
     599             : 
     600       98418 :                 if (!sampass->domain) {
     601           0 :                         DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
     602           0 :                         return False;
     603             :                 }
     604             :         } else {
     605           0 :                 sampass->domain = PDB_NOT_QUITE_NULL;
     606             :         }
     607             : 
     608       98418 :         return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
     609             : }
     610             : 
     611             : /*********************************************************************
     612             :  Set the user's NT name.
     613             :  ********************************************************************/
     614             : 
     615       95588 : bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
     616             : {
     617       95588 :         if (nt_username) {
     618       95588 :                 DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
     619             :                         (sampass->nt_username)?(sampass->nt_username):"NULL"));
     620             : 
     621       95588 :                 sampass->nt_username = talloc_strdup(sampass, nt_username);
     622             : 
     623       95588 :                 if (!sampass->nt_username) {
     624           0 :                         DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
     625           0 :                         return False;
     626             :                 }
     627             :         } else {
     628           0 :                 sampass->nt_username = PDB_NOT_QUITE_NULL;
     629             :         }
     630             : 
     631       95588 :         return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
     632             : }
     633             : 
     634             : /*********************************************************************
     635             :  Set the user's full name.
     636             :  ********************************************************************/
     637             : 
     638       98518 : bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
     639             : {
     640       98518 :         if (full_name) {
     641       98518 :                 DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
     642             :                         (sampass->full_name)?(sampass->full_name):"NULL"));
     643             : 
     644       98518 :                 sampass->full_name = talloc_strdup(sampass, full_name);
     645             : 
     646       98518 :                 if (!sampass->full_name) {
     647           0 :                         DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
     648           0 :                         return False;
     649             :                 }
     650             :         } else {
     651           0 :                 sampass->full_name = PDB_NOT_QUITE_NULL;
     652             :         }
     653             : 
     654       98518 :         return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
     655             : }
     656             : 
     657             : /*********************************************************************
     658             :  Set the user's logon script.
     659             :  ********************************************************************/
     660             : 
     661       98298 : bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
     662             : {
     663       98298 :         if (logon_script) {
     664       98298 :                 DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
     665             :                         (sampass->logon_script)?(sampass->logon_script):"NULL"));
     666             : 
     667       98298 :                 sampass->logon_script = talloc_strdup(sampass, logon_script);
     668             : 
     669       98298 :                 if (!sampass->logon_script) {
     670           0 :                         DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
     671           0 :                         return False;
     672             :                 }
     673             :         } else {
     674           0 :                 sampass->logon_script = PDB_NOT_QUITE_NULL;
     675             :         }
     676             : 
     677       98298 :         return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
     678             : }
     679             : 
     680             : /*********************************************************************
     681             :  Set the user's profile path.
     682             :  ********************************************************************/
     683             : 
     684       98298 : bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
     685             : {
     686       98298 :         if (profile_path) {
     687       98298 :                 DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
     688             :                         (sampass->profile_path)?(sampass->profile_path):"NULL"));
     689             : 
     690       98298 :                 sampass->profile_path = talloc_strdup(sampass, profile_path);
     691             : 
     692       98298 :                 if (!sampass->profile_path) {
     693           0 :                         DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
     694           0 :                         return False;
     695             :                 }
     696             :         } else {
     697           0 :                 sampass->profile_path = PDB_NOT_QUITE_NULL;
     698             :         }
     699             : 
     700       98298 :         return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
     701             : }
     702             : 
     703             : /*********************************************************************
     704             :  Set the user's directory drive.
     705             :  ********************************************************************/
     706             : 
     707       98309 : bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
     708             : {
     709       98309 :         if (dir_drive) {
     710       98309 :                 DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
     711             :                         (sampass->dir_drive)?(sampass->dir_drive):"NULL"));
     712             : 
     713       98309 :                 sampass->dir_drive = talloc_strdup(sampass, dir_drive);
     714             : 
     715       98309 :                 if (!sampass->dir_drive) {
     716           0 :                         DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
     717           0 :                         return False;
     718             :                 }
     719             : 
     720             :         } else {
     721           0 :                 sampass->dir_drive = PDB_NOT_QUITE_NULL;
     722             :         }
     723             : 
     724       98309 :         return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
     725             : }
     726             : 
     727             : /*********************************************************************
     728             :  Set the user's home directory.
     729             :  ********************************************************************/
     730             : 
     731       98299 : bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
     732             : {
     733       98299 :         if (home_dir) {
     734       98299 :                 DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
     735             :                         (sampass->home_dir)?(sampass->home_dir):"NULL"));
     736             : 
     737       98299 :                 sampass->home_dir = talloc_strdup(sampass, home_dir);
     738             : 
     739       98299 :                 if (!sampass->home_dir) {
     740           0 :                         DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
     741           0 :                         return False;
     742             :                 }
     743             :         } else {
     744           0 :                 sampass->home_dir = PDB_NOT_QUITE_NULL;
     745             :         }
     746             : 
     747       98299 :         return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
     748             : }
     749             : 
     750             : /*********************************************************************
     751             :  Set the user's account description.
     752             :  ********************************************************************/
     753             : 
     754      100316 : bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
     755             : {
     756      100316 :         if (acct_desc) {
     757      100316 :                 sampass->acct_desc = talloc_strdup(sampass, acct_desc);
     758             : 
     759      100316 :                 if (!sampass->acct_desc) {
     760           0 :                         DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
     761           0 :                         return False;
     762             :                 }
     763             :         } else {
     764           0 :                 sampass->acct_desc = PDB_NOT_QUITE_NULL;
     765             :         }
     766             : 
     767      100316 :         return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
     768             : }
     769             : 
     770             : /*********************************************************************
     771             :  Set the user's workstation allowed list.
     772             :  ********************************************************************/
     773             : 
     774       95595 : bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
     775             : {
     776       95595 :         if (workstations) {
     777       95595 :                 DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
     778             :                         (sampass->workstations)?(sampass->workstations):"NULL"));
     779             : 
     780       95595 :                 sampass->workstations = talloc_strdup(sampass, workstations);
     781             : 
     782       95595 :                 if (!sampass->workstations) {
     783           0 :                         DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
     784           0 :                         return False;
     785             :                 }
     786             :         } else {
     787           0 :                 sampass->workstations = PDB_NOT_QUITE_NULL;
     788             :         }
     789             : 
     790       95595 :         return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
     791             : }
     792             : 
     793             : /*********************************************************************
     794             :  ********************************************************************/
     795             : 
     796       95634 : bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
     797             : {
     798       95634 :         if (comment) {
     799       95634 :                 sampass->comment = talloc_strdup(sampass, comment);
     800             : 
     801       95634 :                 if (!sampass->comment) {
     802           0 :                         DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
     803           0 :                         return False;
     804             :                 }
     805             :         } else {
     806           0 :                 sampass->comment = PDB_NOT_QUITE_NULL;
     807             :         }
     808             : 
     809       95634 :         return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
     810             : }
     811             : 
     812             : /*********************************************************************
     813             :  Set the user's dial string.
     814             :  ********************************************************************/
     815             : 
     816       95597 : bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
     817             : {
     818       95597 :         if (munged_dial) {
     819       95591 :                 sampass->munged_dial = talloc_strdup(sampass, munged_dial);
     820             : 
     821       95591 :                 if (!sampass->munged_dial) {
     822           0 :                         DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
     823           0 :                         return False;
     824             :                 }
     825             :         } else {
     826           6 :                 sampass->munged_dial = PDB_NOT_QUITE_NULL;
     827             :         }
     828             : 
     829       95597 :         return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
     830             : }
     831             : 
     832             : /*********************************************************************
     833             :  Set the user's NT hash.
     834             :  ********************************************************************/
     835             : 
     836       93928 : bool pdb_set_nt_passwd(struct samu *sampass, const uint8_t pwd[NT_HASH_LEN], enum pdb_value_state flag)
     837             : {
     838       93928 :         data_blob_clear_free(&sampass->nt_pw);
     839             : 
     840       93928 :        if (pwd) {
     841         316 :                sampass->nt_pw =
     842       92609 :                        data_blob_talloc(sampass, pwd, NT_HASH_LEN);
     843             :        } else {
     844        1319 :                sampass->nt_pw = data_blob_null;
     845             :        }
     846             : 
     847       93928 :         return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
     848             : }
     849             : 
     850             : /*********************************************************************
     851             :  Set the user's LM hash.
     852             :  ********************************************************************/
     853             : 
     854       38740 : bool pdb_set_lanman_passwd(struct samu *sampass, const uint8_t pwd[LM_HASH_LEN], enum pdb_value_state flag)
     855             : {
     856       38740 :         data_blob_clear_free(&sampass->lm_pw);
     857             : 
     858             :         /* on keep the password if we are allowing LANMAN authentication */
     859             : 
     860       38740 :         if (pwd && lp_lanman_auth() ) {
     861       36989 :                 sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
     862             :         } else {
     863        1751 :                 sampass->lm_pw = data_blob_null;
     864             :         }
     865             : 
     866       38740 :         return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
     867             : }
     868             : 
     869             : /*********************************************************************
     870             :  Set the user's password history hash. historyLen is the number of
     871             :  PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length
     872             :  entries to store in the history - this must match the size of the uint8_t array
     873             :  in pwd.
     874             : ********************************************************************/
     875             : 
     876       96124 : bool pdb_set_pw_history(struct samu *sampass, const uint8_t *pwd, uint32_t historyLen, enum pdb_value_state flag)
     877             : {
     878       96124 :         DATA_BLOB new_nt_pw_his = {};
     879             : 
     880       96124 :         if (historyLen && pwd){
     881         343 :                 new_nt_pw_his = data_blob_talloc(sampass,
     882             :                                                  pwd, historyLen*PW_HISTORY_ENTRY_LEN);
     883         343 :                 if (new_nt_pw_his.length == 0) {
     884           0 :                         DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
     885           0 :                         return False;
     886             :                 }
     887             :         }
     888             : 
     889       96124 :         data_blob_clear_free(&sampass->nt_pw_his);
     890       96124 :         sampass->nt_pw_his = new_nt_pw_his;
     891             : 
     892       96124 :         return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag);
     893             : }
     894             : 
     895             : /*********************************************************************
     896             :  Set the user's plaintext password only (base procedure, see helper
     897             :  below)
     898             :  ********************************************************************/
     899             : 
     900         581 : bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
     901             : {
     902         581 :         BURN_STR(sampass->plaintext_pw);
     903             : 
     904         581 :         if (password != NULL) {
     905         581 :                 sampass->plaintext_pw = talloc_strdup(sampass, password);
     906             : 
     907         581 :                 if (!sampass->plaintext_pw) {
     908           0 :                         DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
     909           0 :                         return False;
     910             :                 }
     911             :         } else {
     912           0 :                 sampass->plaintext_pw = NULL;
     913             :         }
     914             : 
     915         581 :         return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
     916             : }
     917             : 
     918       95624 : bool pdb_set_bad_password_count(struct samu *sampass, uint16_t bad_password_count, enum pdb_value_state flag)
     919             : {
     920       95624 :         sampass->bad_password_count = bad_password_count;
     921       95624 :         return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
     922             : }
     923             : 
     924       95588 : bool pdb_set_logon_count(struct samu *sampass, uint16_t logon_count, enum pdb_value_state flag)
     925             : {
     926       95588 :         sampass->logon_count = logon_count;
     927       95588 :         return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
     928             : }
     929             : 
     930           0 : bool pdb_set_country_code(struct samu *sampass, uint16_t country_code,
     931             :                           enum pdb_value_state flag)
     932             : {
     933           0 :         sampass->country_code = country_code;
     934           0 :         return pdb_set_init_flags(sampass, PDB_COUNTRY_CODE, flag);
     935             : }
     936             : 
     937           0 : bool pdb_set_code_page(struct samu *sampass, uint16_t code_page,
     938             :                        enum pdb_value_state flag)
     939             : {
     940           0 :         sampass->code_page = code_page;
     941           0 :         return pdb_set_init_flags(sampass, PDB_CODE_PAGE, flag);
     942             : }
     943             : 
     944       95588 : bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag)
     945             : {
     946       95588 :         sampass->unknown_6 = unkn;
     947       95588 :         return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
     948             : }
     949             : 
     950       95592 : bool pdb_set_hours(struct samu *sampass, const uint8_t *hours, int hours_len,
     951             :                    enum pdb_value_state flag)
     952             : {
     953       95592 :         if (hours_len > sizeof(sampass->hours)) {
     954           0 :                 return false;
     955             :         }
     956             : 
     957       95592 :         if (!hours) {
     958           0 :                 memset ((char *)sampass->hours, 0, hours_len);
     959             :         } else {
     960       95592 :                 memcpy (sampass->hours, hours, hours_len);
     961             :         }
     962             : 
     963       95592 :         return pdb_set_init_flags(sampass, PDB_HOURS, flag);
     964             : }
     965             : 
     966        4697 : bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
     967             :                                    void (*free_fn)(void **),
     968             :                                    const struct pdb_methods *my_methods,
     969             :                                    enum pdb_value_state flag)
     970             : {
     971        4697 :         if (sampass->backend_private_data &&
     972           0 :             sampass->backend_private_data_free_fn) {
     973           0 :                 sampass->backend_private_data_free_fn(
     974             :                         &sampass->backend_private_data);
     975             :         }
     976             : 
     977        4697 :         sampass->backend_private_data = private_data;
     978        4697 :         sampass->backend_private_data_free_fn = free_fn;
     979        4697 :         sampass->backend_private_methods = my_methods;
     980             : 
     981        4697 :         return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
     982             : }
     983             : 
     984             : 
     985             : /* Helpful interfaces to the above */
     986             : 
     987           2 : bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
     988             : {
     989           2 :         return pdb_set_pass_can_change_time(sampass,
     990           0 :                                      canchange ? 0 : pdb_password_change_time_max(),
     991             :                                      PDB_CHANGED);
     992             : }
     993             : 
     994             : 
     995             : /*********************************************************************
     996             :  Set the user's PLAINTEXT password.  Used as an interface to the above.
     997             :  Also sets the last change time to NOW.
     998             :  ********************************************************************/
     999             : 
    1000         581 : bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
    1001             : {
    1002           0 :         uchar new_lanman_p16[LM_HASH_LEN];
    1003           0 :         uchar new_nt_p16[NT_HASH_LEN];
    1004           0 :         bool ok;
    1005             : 
    1006         581 :         if (!plaintext)
    1007           0 :                 return False;
    1008             : 
    1009             :         /* Calculate the MD4 hash (NT compatible) of the password */
    1010         581 :         E_md4hash(plaintext, new_nt_p16);
    1011             : 
    1012         581 :         if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) {
    1013           0 :                 ZERO_STRUCT(new_nt_p16);
    1014           0 :                 return False;
    1015             :         }
    1016             : 
    1017         581 :         if (!E_deshash(plaintext, new_lanman_p16)) {
    1018             :                 /* E_deshash returns false for 'long' passwords (> 14
    1019             :                    DOS chars).  This allows us to match Win2k, which
    1020             :                    does not store a LM hash for these passwords (which
    1021             :                    would reduce the effective password length to 14 */
    1022             : 
    1023         278 :                 if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) {
    1024           0 :                         ZERO_STRUCT(new_nt_p16);
    1025           0 :                         ZERO_STRUCT(new_lanman_p16);
    1026           0 :                         return False;
    1027             :                 }
    1028             :         } else {
    1029         303 :                 if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) {
    1030           0 :                         ZERO_STRUCT(new_nt_p16);
    1031           0 :                         ZERO_STRUCT(new_lanman_p16);
    1032           0 :                         return False;
    1033             :                 }
    1034             :         }
    1035         581 :         ZERO_STRUCT(new_lanman_p16);
    1036             : 
    1037         581 :         if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) {
    1038           0 :                 ZERO_STRUCT(new_nt_p16);
    1039           0 :                 return False;
    1040             :         }
    1041             : 
    1042         581 :         if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) {
    1043           0 :                 ZERO_STRUCT(new_nt_p16);
    1044           0 :                 return False;
    1045             :         }
    1046             : 
    1047         581 :         ok = pdb_update_history(sampass, new_nt_p16);
    1048         581 :         ZERO_STRUCT(new_nt_p16);
    1049         581 :         return ok;
    1050             : }
    1051             : 
    1052             : /*********************************************************************
    1053             :  Update password history after change
    1054             :  ********************************************************************/
    1055             : 
    1056         584 : bool pdb_update_history(struct samu *sampass, const uint8_t new_nt[NT_HASH_LEN])
    1057             : {
    1058           0 :         uchar *pwhistory;
    1059           0 :         uint32_t pwHistLen;
    1060           0 :         uint32_t current_history_len;
    1061           0 :         const uint8_t *current_history;
    1062             : 
    1063         584 :         if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
    1064             :                 /*
    1065             :                  * No password history for non-user accounts
    1066             :                  */
    1067          51 :                 return true;
    1068             :         }
    1069             : 
    1070         533 :         pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
    1071             : 
    1072         533 :         if (pwHistLen == 0) {
    1073             :                 /* Set the history length to zero. */
    1074         533 :                 pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
    1075         533 :                 return true;
    1076             :         }
    1077             : 
    1078             :         /*
    1079             :          * We need to make sure we don't have a race condition here -
    1080             :          * the account policy history length can change between when
    1081             :          * the pw_history was first loaded into the struct samu struct
    1082             :          * and now.... JRA.
    1083             :          */
    1084           0 :         current_history = pdb_get_pw_history(sampass, &current_history_len);
    1085           0 :         if ((current_history_len != 0) && (current_history == NULL)) {
    1086           0 :                 DEBUG(1, ("pdb_update_history: pwhistory == NULL!\n"));
    1087           0 :                 return false;
    1088             :         }
    1089             : 
    1090             :         /*
    1091             :          * Ensure we have space for the needed history. This
    1092             :          * also takes care of an account which did not have
    1093             :          * any history at all so far, i.e. pwhistory==NULL
    1094             :          */
    1095           0 :         pwhistory = talloc_zero_array(
    1096             :                         sampass, uchar,
    1097             :                         pwHistLen*PW_HISTORY_ENTRY_LEN);
    1098           0 :         if (!pwhistory) {
    1099           0 :                 return false;
    1100             :         }
    1101             : 
    1102           0 :         memcpy(pwhistory, current_history,
    1103           0 :                current_history_len*PW_HISTORY_ENTRY_LEN);
    1104             : 
    1105             :         /*
    1106             :          * Make room for the new password in the history list.
    1107             :          */
    1108           0 :         if (pwHistLen > 1) {
    1109           0 :                 memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
    1110           0 :                         (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
    1111             :         }
    1112             : 
    1113             :         /*
    1114             :          * Fill the salt area with 0-s: this indicates that
    1115             :          * a plain nt hash is stored in the has area.
    1116             :          * The old format was to store a 16 byte salt and
    1117             :          * then an md5hash of the nt_hash concatenated with
    1118             :          * the salt.
    1119             :          */
    1120           0 :         memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
    1121             : 
    1122             :         /*
    1123             :          * Store the plain nt hash in the second 16 bytes.
    1124             :          * The old format was to store the md5 hash of
    1125             :          * the salt+newpw.
    1126             :          */
    1127           0 :         memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt, SALTED_MD5_HASH_LEN);
    1128             : 
    1129           0 :         pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
    1130             : 
    1131           0 :         return True;
    1132             : 
    1133             : }
    1134             : 
    1135             : /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */
    1136         440 : uint32_t pdb_build_fields_present(struct samu *sampass)
    1137             : {
    1138             :         /* value set to all for testing */
    1139         440 :         return 0x00ffffff;
    1140             : }
    1141             : 
    1142             : /**********************************************************************
    1143             :  Helper function to determine for update_sam_account whether
    1144             :  we need LDAP modification.
    1145             : *********************************************************************/
    1146             : 
    1147         324 : bool pdb_element_is_changed(const struct samu *sampass,
    1148             :                             enum pdb_elements element)
    1149             : {
    1150         324 :         return IS_SAM_CHANGED(sampass, element);
    1151             : }
    1152             : 
    1153             : /**********************************************************************
    1154             :  Helper function to determine for update_sam_account whether
    1155             :  we need LDAP modification.
    1156             :  *********************************************************************/
    1157             : 
    1158         162 : bool pdb_element_is_set_or_changed(const struct samu *sampass,
    1159             :                                    enum pdb_elements element)
    1160             : {
    1161         227 :         return (IS_SAM_SET(sampass, element) ||
    1162          65 :                 IS_SAM_CHANGED(sampass, element));
    1163             : }

Generated by: LCOV version 1.14