2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_PASSDB
28 static struct pdb_init_function_entry *backends = NULL;
30 static void lazy_initialize_passdb(void)
32 static BOOL initialized = False;
33 if(initialized)return;
38 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
40 /*******************************************************************
41 Clean up uninitialised passwords. The only way to tell
42 that these values are not 'real' is that they do not
43 have a valid last set time. Instead, the value is fixed at 0.
44 Therefore we use that as the key for 'is this a valid password'.
45 However, it is perfectly valid to have a 'default' last change
46 time, such LDAP with a missing attribute would produce.
47 ********************************************************************/
49 static void pdb_force_pw_initialization(SAM_ACCOUNT *pass)
51 const char *lm_pwd, *nt_pwd;
53 /* only reset a password if the last set time has been
54 explicitly been set to zero. A default last set time
57 if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
58 && (pdb_get_pass_last_set_time(pass) == 0) )
61 if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT)
63 lm_pwd = pdb_get_lanman_passwd(pass);
65 pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED);
67 if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT)
69 nt_pwd = pdb_get_nt_passwd(pass);
71 pdb_set_nt_passwd(pass, NULL, PDB_CHANGED);
78 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
80 struct pdb_init_function_entry *entry = backends;
82 if(version != PASSDB_INTERFACE_VERSION) {
83 DEBUG(0,("Can't register passdb backend!\n"
84 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
85 "while this version of samba uses version %d\n",
86 version,PASSDB_INTERFACE_VERSION));
87 return NT_STATUS_OBJECT_TYPE_MISMATCH;
91 return NT_STATUS_INVALID_PARAMETER;
94 DEBUG(5,("Attempting to register passdb backend %s\n", name));
96 /* Check for duplicates */
97 if (pdb_find_backend_entry(name)) {
98 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
99 return NT_STATUS_OBJECT_NAME_COLLISION;
102 entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
103 entry->name = smb_xstrdup(name);
106 DLIST_ADD(backends, entry);
107 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
111 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
113 struct pdb_init_function_entry *entry = backends;
116 if (strcmp(entry->name, name)==0) return entry;
123 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update, uint16 acb_mask)
125 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
128 DEBUG(0, ("invalid pdb_context specified!\n"));
132 context->pwent_methods = context->pdb_methods;
134 if (!context->pwent_methods) {
135 /* No passdbs at all */
139 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update, acb_mask))) {
140 context->pwent_methods = context->pwent_methods->next;
141 if (context->pwent_methods == NULL)
142 return NT_STATUS_UNSUCCESSFUL;
147 static void context_endsampwent(struct pdb_context *context)
150 DEBUG(0, ("invalid pdb_context specified!\n"));
154 if (context->pwent_methods && context->pwent_methods->endsampwent)
155 context->pwent_methods->endsampwent(context->pwent_methods);
157 /* So we won't get strange data when calling getsampwent now */
158 context->pwent_methods = NULL;
161 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
163 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
165 if ((!context) || (!context->pwent_methods)) {
166 DEBUG(0, ("invalid pdb_context specified!\n"));
169 /* Loop until we find something useful */
170 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
172 context->pwent_methods->endsampwent(context->pwent_methods);
174 context->pwent_methods = context->pwent_methods->next;
176 /* All methods are checked now. There are no more entries */
177 if (context->pwent_methods == NULL)
180 context->pwent_methods->setsampwent(context->pwent_methods, False, 0);
182 user->methods = context->pwent_methods;
183 pdb_force_pw_initialization(user);
187 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
189 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
191 struct pdb_methods *curmethods;
193 DEBUG(0, ("invalid pdb_context specified!\n"));
196 curmethods = context->pdb_methods;
198 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
199 pdb_force_pw_initialization(sam_acct);
200 sam_acct->methods = curmethods;
203 curmethods = curmethods->next;
209 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
211 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
213 struct pdb_methods *curmethods;
215 DEBUG(0, ("invalid pdb_context specified!\n"));
219 curmethods = context->pdb_methods;
222 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
223 pdb_force_pw_initialization(sam_acct);
224 sam_acct->methods = curmethods;
227 curmethods = curmethods->next;
233 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
235 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
236 const char *lm_pw, *nt_pw;
239 if ((!context) || (!context->pdb_methods)) {
240 DEBUG(0, ("invalid pdb_context specified!\n"));
244 /* disable acccounts with no passwords (that has not
245 been allowed by the ACB_PWNOTREQ bit */
247 lm_pw = pdb_get_lanman_passwd( sam_acct );
248 nt_pw = pdb_get_nt_passwd( sam_acct );
249 acb_flags = pdb_get_acct_ctrl( sam_acct );
250 if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
251 acb_flags |= ACB_DISABLED;
252 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
255 /** @todo This is where a 're-read on add' should be done */
256 /* We now add a new account to the first database listed.
259 return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
262 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
264 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
265 const char *lm_pw, *nt_pw;
269 DEBUG(0, ("invalid pdb_context specified!\n"));
273 if (!sam_acct || !sam_acct->methods){
274 DEBUG(0, ("invalid sam_acct specified\n"));
278 /* disable acccounts with no passwords (that has not
279 been allowed by the ACB_PWNOTREQ bit */
281 lm_pw = pdb_get_lanman_passwd( sam_acct );
282 nt_pw = pdb_get_nt_passwd( sam_acct );
283 acb_flags = pdb_get_acct_ctrl( sam_acct );
284 if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
285 acb_flags |= ACB_DISABLED;
286 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
289 /** @todo This is where a 're-read on update' should be done */
291 return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
294 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
296 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
298 struct pdb_methods *pdb_selected;
300 DEBUG(0, ("invalid pdb_context specified!\n"));
304 if (!sam_acct->methods){
305 pdb_selected = context->pdb_methods;
306 /* There's no passdb backend specified for this account.
307 * Try to delete it in every passdb available
308 * Needed to delete accounts in smbpasswd that are not
311 while (pdb_selected){
312 if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
315 pdb_selected = pdb_selected->next;
320 if (!sam_acct->methods->delete_sam_account){
321 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
325 return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
328 static NTSTATUS context_getgrsid(struct pdb_context *context,
329 GROUP_MAP *map, DOM_SID sid)
331 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
333 struct pdb_methods *curmethods;
335 DEBUG(0, ("invalid pdb_context specified!\n"));
338 curmethods = context->pdb_methods;
340 ret = curmethods->getgrsid(curmethods, map, sid);
341 if (NT_STATUS_IS_OK(ret)) {
342 map->methods = curmethods;
345 curmethods = curmethods->next;
351 static NTSTATUS context_getgrgid(struct pdb_context *context,
352 GROUP_MAP *map, gid_t gid)
354 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
356 struct pdb_methods *curmethods;
358 DEBUG(0, ("invalid pdb_context specified!\n"));
361 curmethods = context->pdb_methods;
363 ret = curmethods->getgrgid(curmethods, map, gid);
364 if (NT_STATUS_IS_OK(ret)) {
365 map->methods = curmethods;
368 curmethods = curmethods->next;
374 static NTSTATUS context_getgrnam(struct pdb_context *context,
375 GROUP_MAP *map, const char *name)
377 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
379 struct pdb_methods *curmethods;
381 DEBUG(0, ("invalid pdb_context specified!\n"));
384 curmethods = context->pdb_methods;
386 ret = curmethods->getgrnam(curmethods, map, name);
387 if (NT_STATUS_IS_OK(ret)) {
388 map->methods = curmethods;
391 curmethods = curmethods->next;
397 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
400 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
402 if ((!context) || (!context->pdb_methods)) {
403 DEBUG(0, ("invalid pdb_context specified!\n"));
407 return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
411 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
414 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
416 if ((!context) || (!context->pdb_methods)) {
417 DEBUG(0, ("invalid pdb_context specified!\n"));
422 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
425 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
428 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
430 if ((!context) || (!context->pdb_methods)) {
431 DEBUG(0, ("invalid pdb_context specified!\n"));
436 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
439 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
440 enum SID_NAME_USE sid_name_use,
441 GROUP_MAP **rmap, int *num_entries,
444 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
446 if ((!context) || (!context->pdb_methods)) {
447 DEBUG(0, ("invalid pdb_context specified!\n"));
451 return context->pdb_methods->enum_group_mapping(context->pdb_methods,
453 num_entries, unix_only);
456 static NTSTATUS context_enum_group_members(struct pdb_context *context,
458 const DOM_SID *group,
459 uint32 **member_rids,
462 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
464 if ((!context) || (!context->pdb_methods)) {
465 DEBUG(0, ("invalid pdb_context specified!\n"));
469 return context->pdb_methods->enum_group_members(context->pdb_methods,
475 static NTSTATUS context_enum_group_memberships(struct pdb_context *context,
476 const char *username,
478 DOM_SID **sids, gid_t **gids,
481 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
483 if ((!context) || (!context->pdb_methods)) {
484 DEBUG(0, ("invalid pdb_context specified!\n"));
488 return context->pdb_methods->
489 enum_group_memberships(context->pdb_methods, username,
490 primary_gid, sids, gids, num_groups);
493 static NTSTATUS context_find_alias(struct pdb_context *context,
494 const char *name, DOM_SID *sid)
496 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
498 if ((!context) || (!context->pdb_methods)) {
499 DEBUG(0, ("invalid pdb_context specified!\n"));
503 return context->pdb_methods->find_alias(context->pdb_methods,
507 static NTSTATUS context_create_alias(struct pdb_context *context,
508 const char *name, uint32 *rid)
510 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
512 if ((!context) || (!context->pdb_methods)) {
513 DEBUG(0, ("invalid pdb_context specified!\n"));
517 return context->pdb_methods->create_alias(context->pdb_methods,
521 static NTSTATUS context_delete_alias(struct pdb_context *context,
524 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
526 if ((!context) || (!context->pdb_methods)) {
527 DEBUG(0, ("invalid pdb_context specified!\n"));
531 return context->pdb_methods->delete_alias(context->pdb_methods, sid);
534 static NTSTATUS context_enum_aliases(struct pdb_context *context,
536 uint32 start_idx, uint32 max_entries,
538 struct acct_info **info)
540 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
542 if ((!context) || (!context->pdb_methods)) {
543 DEBUG(0, ("invalid pdb_context specified!\n"));
547 return context->pdb_methods->enum_aliases(context->pdb_methods,
548 sid, start_idx, max_entries,
552 static NTSTATUS context_get_aliasinfo(struct pdb_context *context,
554 struct acct_info *info)
556 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
558 if ((!context) || (!context->pdb_methods)) {
559 DEBUG(0, ("invalid pdb_context specified!\n"));
563 return context->pdb_methods->get_aliasinfo(context->pdb_methods,
567 static NTSTATUS context_set_aliasinfo(struct pdb_context *context,
569 struct acct_info *info)
571 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
573 if ((!context) || (!context->pdb_methods)) {
574 DEBUG(0, ("invalid pdb_context specified!\n"));
578 return context->pdb_methods->set_aliasinfo(context->pdb_methods,
582 static NTSTATUS context_add_aliasmem(struct pdb_context *context,
583 const DOM_SID *alias,
584 const DOM_SID *member)
586 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
588 if ((!context) || (!context->pdb_methods)) {
589 DEBUG(0, ("invalid pdb_context specified!\n"));
593 return context->pdb_methods->add_aliasmem(context->pdb_methods,
597 static NTSTATUS context_del_aliasmem(struct pdb_context *context,
598 const DOM_SID *alias,
599 const DOM_SID *member)
601 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
603 if ((!context) || (!context->pdb_methods)) {
604 DEBUG(0, ("invalid pdb_context specified!\n"));
608 return context->pdb_methods->del_aliasmem(context->pdb_methods,
612 static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
613 const DOM_SID *alias, DOM_SID **members,
616 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
618 if ((!context) || (!context->pdb_methods)) {
619 DEBUG(0, ("invalid pdb_context specified!\n"));
623 return context->pdb_methods->enum_aliasmem(context->pdb_methods,
624 alias, members, num);
627 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
628 const DOM_SID *members,
630 DOM_SID **aliases, int *num)
632 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
634 if ((!context) || (!context->pdb_methods)) {
635 DEBUG(0, ("invalid pdb_context specified!\n"));
639 return context->pdb_methods->
640 enum_alias_memberships(context->pdb_methods, members,
641 num_members, aliases, num);
644 /******************************************************************
645 Free and cleanup a pdb context, any associated data and anything
646 that the attached modules might have associated.
647 *******************************************************************/
649 static void free_pdb_context(struct pdb_context **context)
651 struct pdb_methods *pdb_selected = (*context)->pdb_methods;
653 while (pdb_selected){
654 if(pdb_selected->free_private_data)
655 pdb_selected->free_private_data(&(pdb_selected->private_data));
656 pdb_selected = pdb_selected->next;
659 talloc_destroy((*context)->mem_ctx);
663 /******************************************************************
664 Make a pdb_methods from scratch
665 *******************************************************************/
667 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
669 char *module_name = smb_xstrdup(selected);
670 char *module_location = NULL, *p;
671 struct pdb_init_function_entry *entry;
672 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
674 lazy_initialize_passdb();
676 p = strchr(module_name, ':');
680 module_location = p+1;
681 trim_char(module_location, ' ', ' ');
684 trim_char(module_name, ' ', ' ');
687 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
689 entry = pdb_find_backend_entry(module_name);
691 /* Try to find a module that contains this module */
693 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
694 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
695 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
696 SAFE_FREE(module_name);
697 return NT_STATUS_UNSUCCESSFUL;
701 /* No such backend found */
703 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
704 SAFE_FREE(module_name);
705 return NT_STATUS_INVALID_PARAMETER;
708 DEBUG(5,("Found pdb backend %s\n", module_name));
709 nt_status = entry->init(context, methods, module_location);
710 if (NT_STATUS_IS_OK(nt_status)) {
711 DEBUG(5,("pdb backend %s has a valid init\n", selected));
713 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
715 SAFE_FREE(module_name);
719 /******************************************************************
720 Make a pdb_context from scratch.
721 *******************************************************************/
723 static NTSTATUS make_pdb_context(struct pdb_context **context)
727 mem_ctx = talloc_init("pdb_context internal allocation context");
730 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
731 return NT_STATUS_NO_MEMORY;
734 *context = TALLOC_P(mem_ctx, struct pdb_context);
736 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
737 return NT_STATUS_NO_MEMORY;
740 ZERO_STRUCTP(*context);
742 (*context)->mem_ctx = mem_ctx;
744 (*context)->pdb_setsampwent = context_setsampwent;
745 (*context)->pdb_endsampwent = context_endsampwent;
746 (*context)->pdb_getsampwent = context_getsampwent;
747 (*context)->pdb_getsampwnam = context_getsampwnam;
748 (*context)->pdb_getsampwsid = context_getsampwsid;
749 (*context)->pdb_add_sam_account = context_add_sam_account;
750 (*context)->pdb_update_sam_account = context_update_sam_account;
751 (*context)->pdb_delete_sam_account = context_delete_sam_account;
752 (*context)->pdb_getgrsid = context_getgrsid;
753 (*context)->pdb_getgrgid = context_getgrgid;
754 (*context)->pdb_getgrnam = context_getgrnam;
755 (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
756 (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
757 (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
758 (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
759 (*context)->pdb_enum_group_members = context_enum_group_members;
760 (*context)->pdb_enum_group_memberships = context_enum_group_memberships;
762 (*context)->pdb_find_alias = context_find_alias;
763 (*context)->pdb_create_alias = context_create_alias;
764 (*context)->pdb_delete_alias = context_delete_alias;
765 (*context)->pdb_enum_aliases = context_enum_aliases;
766 (*context)->pdb_get_aliasinfo = context_get_aliasinfo;
767 (*context)->pdb_set_aliasinfo = context_set_aliasinfo;
768 (*context)->pdb_add_aliasmem = context_add_aliasmem;
769 (*context)->pdb_del_aliasmem = context_del_aliasmem;
770 (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
771 (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
773 (*context)->free_fn = free_pdb_context;
779 /******************************************************************
780 Make a pdb_context, given an array of strings
781 *******************************************************************/
783 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
786 struct pdb_methods *curmethods, *tmpmethods;
787 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
788 BOOL have_guest = False;
790 if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
795 DEBUG(0, ("ERROR: empty passdb backend list!\n"));
800 if (strcmp(selected[i], "guest") == 0) {
803 /* Try to initialise pdb */
804 DEBUG(5,("Trying to load: %s\n", selected[i]));
805 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
806 DEBUG(1, ("Loading %s failed!\n", selected[i]));
807 free_pdb_context(context);
810 curmethods->parent = *context;
811 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
818 if ( (lp_guestaccount() == NULL) ||
819 (*lp_guestaccount() == '\0') ) {
820 /* We explicitly don't want guest access. No idea what
821 else that breaks, but be it that way. */
825 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods,
828 DEBUG(1, ("Loading guest module failed!\n"));
829 free_pdb_context(context);
833 curmethods->parent = *context;
834 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
839 /******************************************************************
840 Make a pdb_context, given a text string.
841 *******************************************************************/
843 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
846 char **newsel = str_list_make(selected, NULL);
847 ret = make_pdb_context_list(context, (const char **)newsel);
848 str_list_free(&newsel);
852 /******************************************************************
853 Return an already initialised pdb_context, to facilitate backward
854 compatibility (see functions below).
855 *******************************************************************/
857 static struct pdb_context *pdb_get_static_context(BOOL reload)
859 static struct pdb_context *pdb_context = NULL;
861 if ((pdb_context) && (reload)) {
862 pdb_context->free_fn(&pdb_context);
863 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
869 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
877 /******************************************************************
878 Backward compatibility functions for the original passdb interface
879 *******************************************************************/
881 BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
883 struct pdb_context *pdb_context = pdb_get_static_context(False);
889 return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update, acb_mask));
892 void pdb_endsampwent(void)
894 struct pdb_context *pdb_context = pdb_get_static_context(False);
900 pdb_context->pdb_endsampwent(pdb_context);
903 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
905 struct pdb_context *pdb_context = pdb_get_static_context(False);
911 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
914 static SAM_ACCOUNT *sam_account_cache = NULL;
916 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
918 struct pdb_context *pdb_context = pdb_get_static_context(False);
924 if (!NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context,
925 sam_acct, username)))
928 if (sam_account_cache != NULL) {
929 pdb_free_sam(&sam_account_cache);
930 sam_account_cache = NULL;
933 pdb_copy_sam_account(sam_acct, &sam_account_cache);
937 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
939 struct pdb_context *pdb_context = pdb_get_static_context(False);
945 if ((sam_account_cache != NULL) &&
946 (sid_equal(sid, pdb_get_user_sid(sam_account_cache))))
947 return pdb_copy_sam_account(sam_account_cache, &sam_acct);
949 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
952 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
954 struct pdb_context *pdb_context = pdb_get_static_context(False);
960 return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
963 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
965 struct pdb_context *pdb_context = pdb_get_static_context(False);
971 if (sam_account_cache != NULL) {
972 pdb_free_sam(&sam_account_cache);
973 sam_account_cache = NULL;
976 return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
979 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
981 struct pdb_context *pdb_context = pdb_get_static_context(False);
987 if (sam_account_cache != NULL) {
988 pdb_free_sam(&sam_account_cache);
989 sam_account_cache = NULL;
992 return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
995 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
997 struct pdb_context *pdb_context = pdb_get_static_context(False);
1003 return NT_STATUS_IS_OK(pdb_context->
1004 pdb_getgrsid(pdb_context, map, sid));
1007 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
1009 struct pdb_context *pdb_context = pdb_get_static_context(False);
1015 return NT_STATUS_IS_OK(pdb_context->
1016 pdb_getgrgid(pdb_context, map, gid));
1019 BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
1021 struct pdb_context *pdb_context = pdb_get_static_context(False);
1027 return NT_STATUS_IS_OK(pdb_context->
1028 pdb_getgrnam(pdb_context, map, name));
1031 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
1033 struct pdb_context *pdb_context = pdb_get_static_context(False);
1039 return NT_STATUS_IS_OK(pdb_context->
1040 pdb_add_group_mapping_entry(pdb_context, map));
1043 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
1045 struct pdb_context *pdb_context = pdb_get_static_context(False);
1051 return NT_STATUS_IS_OK(pdb_context->
1052 pdb_update_group_mapping_entry(pdb_context, map));
1055 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
1057 struct pdb_context *pdb_context = pdb_get_static_context(False);
1063 return NT_STATUS_IS_OK(pdb_context->
1064 pdb_delete_group_mapping_entry(pdb_context, sid));
1067 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
1068 int *num_entries, BOOL unix_only)
1070 struct pdb_context *pdb_context = pdb_get_static_context(False);
1076 return NT_STATUS_IS_OK(pdb_context->
1077 pdb_enum_group_mapping(pdb_context, sid_name_use,
1078 rmap, num_entries, unix_only));
1081 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
1083 uint32 **member_rids,
1086 struct pdb_context *pdb_context = pdb_get_static_context(False);
1089 return NT_STATUS_UNSUCCESSFUL;
1092 return pdb_context->pdb_enum_group_members(pdb_context, mem_ctx, sid,
1093 member_rids, num_members);
1096 NTSTATUS pdb_enum_group_memberships(const char *username, gid_t primary_gid,
1097 DOM_SID **sids, gid_t **gids,
1100 struct pdb_context *pdb_context = pdb_get_static_context(False);
1103 return NT_STATUS_UNSUCCESSFUL;
1106 return pdb_context->pdb_enum_group_memberships(pdb_context, username,
1107 primary_gid, sids, gids,
1111 BOOL pdb_find_alias(const char *name, DOM_SID *sid)
1113 struct pdb_context *pdb_context = pdb_get_static_context(False);
1119 return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context,
1123 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
1125 struct pdb_context *pdb_context = pdb_get_static_context(False);
1128 return NT_STATUS_NOT_IMPLEMENTED;
1131 return pdb_context->pdb_create_alias(pdb_context, name, rid);
1134 BOOL pdb_delete_alias(const DOM_SID *sid)
1136 struct pdb_context *pdb_context = pdb_get_static_context(False);
1142 return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context,
1147 BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries,
1148 uint32 *num_aliases, struct acct_info **info)
1150 struct pdb_context *pdb_context = pdb_get_static_context(False);
1156 return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid,
1163 BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1165 struct pdb_context *pdb_context = pdb_get_static_context(False);
1171 return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid,
1175 BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1177 struct pdb_context *pdb_context = pdb_get_static_context(False);
1183 return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid,
1187 BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1189 struct pdb_context *pdb_context = pdb_get_static_context(False);
1195 return NT_STATUS_IS_OK(pdb_context->
1196 pdb_add_aliasmem(pdb_context, alias, member));
1199 BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1201 struct pdb_context *pdb_context = pdb_get_static_context(False);
1207 return NT_STATUS_IS_OK(pdb_context->
1208 pdb_del_aliasmem(pdb_context, alias, member));
1211 BOOL pdb_enum_aliasmem(const DOM_SID *alias,
1212 DOM_SID **members, int *num_members)
1214 struct pdb_context *pdb_context = pdb_get_static_context(False);
1220 return NT_STATUS_IS_OK(pdb_context->
1221 pdb_enum_aliasmem(pdb_context, alias,
1222 members, num_members));
1225 BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
1226 DOM_SID **aliases, int *num)
1228 struct pdb_context *pdb_context = pdb_get_static_context(False);
1234 return NT_STATUS_IS_OK(pdb_context->
1235 pdb_enum_alias_memberships(pdb_context, members,
1240 /***************************************************************
1241 Initialize the static context (at smbd startup etc).
1243 If uninitialised, context will auto-init on first use.
1244 ***************************************************************/
1246 BOOL initialize_password_db(BOOL reload)
1248 return (pdb_get_static_context(reload) != NULL);
1252 /***************************************************************************
1253 Default implementations of some functions.
1254 ****************************************************************************/
1256 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
1258 return NT_STATUS_NO_SUCH_USER;
1261 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
1263 return NT_STATUS_NO_SUCH_USER;
1266 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1268 DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
1269 return NT_STATUS_NOT_IMPLEMENTED;
1272 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1274 return NT_STATUS_NOT_IMPLEMENTED;
1277 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
1279 return NT_STATUS_NOT_IMPLEMENTED;
1282 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
1284 return NT_STATUS_NOT_IMPLEMENTED;
1287 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
1289 return NT_STATUS_NOT_IMPLEMENTED;
1292 static void pdb_default_endsampwent(struct pdb_methods *methods)
1294 return; /* NT_STATUS_NOT_IMPLEMENTED; */
1297 static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
1298 uid_t uid, uid_t **uids, int *num)
1302 for (i=0; i<*num; i++) {
1303 if ((*uids)[i] == uid)
1307 *uids = TALLOC_REALLOC_ARRAY(mem_ctx, *uids, uid_t, *num+1);
1312 (*uids)[*num] = uid;
1316 static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **uids,
1321 struct sys_pwent *userlist, *user;
1326 /* We only look at our own sam, so don't care about imported stuff */
1330 if ((grp = getgrgid(gid)) == NULL) {
1335 /* Primary group members */
1337 userlist = getpwent_list();
1339 for (user = userlist; user != NULL; user = user->next) {
1340 if (user->pw_gid != gid)
1342 add_uid_to_array_unique(mem_ctx, user->pw_uid, uids, num);
1345 pwent_free(userlist);
1347 /* Secondary group members */
1349 for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1350 struct passwd *pw = getpwnam(*gr);
1354 add_uid_to_array_unique(mem_ctx, pw->pw_uid, uids, num);
1362 NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1363 TALLOC_CTX *mem_ctx,
1364 const DOM_SID *group,
1365 uint32 **member_rids,
1372 *member_rids = NULL;
1375 if (!NT_STATUS_IS_OK(sid_to_gid(group, &gid)))
1376 return NT_STATUS_NO_SUCH_GROUP;
1378 if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1379 return NT_STATUS_NO_SUCH_GROUP;
1382 return NT_STATUS_OK;
1384 *member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1386 for (i=0; i<num_uids; i++) {
1389 if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) {
1390 DEBUG(1, ("Could not map member uid to SID\n"));
1394 if (!sid_check_is_in_our_domain(&sid)) {
1395 DEBUG(1, ("Inconsistent SAM -- group member uid not "
1396 "in our domain\n"));
1400 sid_peek_rid(&sid, &(*member_rids)[*num_members]);
1404 return NT_STATUS_OK;
1407 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
1409 *methods = TALLOC_P(mem_ctx, struct pdb_methods);
1412 return NT_STATUS_NO_MEMORY;
1415 ZERO_STRUCTP(*methods);
1417 (*methods)->setsampwent = pdb_default_setsampwent;
1418 (*methods)->endsampwent = pdb_default_endsampwent;
1419 (*methods)->getsampwent = pdb_default_getsampwent;
1420 (*methods)->getsampwnam = pdb_default_getsampwnam;
1421 (*methods)->getsampwsid = pdb_default_getsampwsid;
1422 (*methods)->add_sam_account = pdb_default_add_sam_account;
1423 (*methods)->update_sam_account = pdb_default_update_sam_account;
1424 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
1426 (*methods)->getgrsid = pdb_default_getgrsid;
1427 (*methods)->getgrgid = pdb_default_getgrgid;
1428 (*methods)->getgrnam = pdb_default_getgrnam;
1429 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
1430 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
1431 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
1432 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
1433 (*methods)->enum_group_members = pdb_default_enum_group_members;
1434 (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
1435 (*methods)->find_alias = pdb_default_find_alias;
1436 (*methods)->create_alias = pdb_default_create_alias;
1437 (*methods)->delete_alias = pdb_default_delete_alias;
1438 (*methods)->enum_aliases = pdb_default_enum_aliases;
1439 (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
1440 (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
1441 (*methods)->add_aliasmem = pdb_default_add_aliasmem;
1442 (*methods)->del_aliasmem = pdb_default_del_aliasmem;
1443 (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
1444 (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
1446 return NT_STATUS_OK;