source3/passdb/pdb_interface.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett                        2002
   5    Copyright (C) Jelmer Vernooij                        2002
   6    Copyright (C) Simo Sorce                             2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_PASSDB
  27
  28 static struct pdb_init_function_entry *backends = NULL;
  29
  30 static void lazy_initialize_passdb(void)
  31 {
  32         static BOOL initialized = False;
  33         if(initialized)return;
  34         static_init_pdb;
  35         initialized = True;
  36 }
  37
  38 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
  39
  40 /*******************************************************************
  41  Clean up uninitialised passwords.  The only way to tell
  42  that these values are not 'real' is that they do not
  43  have a valid last set time.  Instead, the value is fixed at 0.
  44  Therefore we use that as the key for 'is this a valid password'.
  45  However, it is perfectly valid to have a 'default' last change
  46  time, such LDAP with a missing attribute would produce.
  47 ********************************************************************/
  48
  49 static void pdb_force_pw_initialization(SAM_ACCOUNT *pass)
  50 {
  51         const char *lm_pwd, *nt_pwd;
  52
  53         /* only reset a password if the last set time has been
  54            explicitly been set to zero.  A default last set time
  55            is ignored */
  56
  57         if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
  58                 && (pdb_get_pass_last_set_time(pass) == 0) )
  59         {
  60
  61                 if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT)
  62                 {
  63                         lm_pwd = pdb_get_lanman_passwd(pass);
  64                         if (lm_pwd)
  65                                 pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED);
  66                 }
  67                 if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT)
  68                 {
  69                         nt_pwd = pdb_get_nt_passwd(pass);
  70                         if (nt_pwd)
  71                                 pdb_set_nt_passwd(pass, NULL, PDB_CHANGED);
  72                 }
  73         }
  74
  75         return;
  76 }
  77
  78 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
  79 {
  80         struct pdb_init_function_entry *entry = backends;
  81
  82         if(version != PASSDB_INTERFACE_VERSION) {
  83                 DEBUG(0,("Can't register passdb backend!\n"
  84                          "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
  85                          "while this version of samba uses version %d\n",
  86                          version,PASSDB_INTERFACE_VERSION));
  87                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
  88         }
  89
  90         if (!name || !init) {
  91                 return NT_STATUS_INVALID_PARAMETER;
  92         }
  93
  94         DEBUG(5,("Attempting to register passdb backend %s\n", name));
  95
  96         /* Check for duplicates */
  97         if (pdb_find_backend_entry(name)) {
  98                 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
  99                 return NT_STATUS_OBJECT_NAME_COLLISION;
 100         }
 101
 102         entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
 103         entry->name = smb_xstrdup(name);
 104         entry->init = init;
 105
 106         DLIST_ADD(backends, entry);
 107         DEBUG(5,("Successfully added passdb backend '%s'\n", name));
 108         return NT_STATUS_OK;
 109 }
 110
 111 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
 112 {
 113         struct pdb_init_function_entry *entry = backends;
 114
 115         while(entry) {
 116                 if (strcmp(entry->name, name)==0) return entry;
 117                 entry = entry->next;
 118         }
 119
 120         return NULL;
 121 }
 122
 123 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update, uint16 acb_mask)
 124 {
 125         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 126
 127         if (!context) {
 128                 DEBUG(0, ("invalid pdb_context specified!\n"));
 129                 return ret;
 130         }
 131
 132         context->pwent_methods = context->pdb_methods;
 133
 134         if (!context->pwent_methods) {
 135                 /* No passdbs at all */
 136                 return ret;
 137         }
 138
 139         while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update, acb_mask))) {
 140                 context->pwent_methods = context->pwent_methods->next;
 141                 if (context->pwent_methods == NULL)
 142                         return NT_STATUS_UNSUCCESSFUL;
 143         }
 144         return ret;
 145 }
 146
 147 static void context_endsampwent(struct pdb_context *context)
 148 {
 149         if ((!context)){
 150                 DEBUG(0, ("invalid pdb_context specified!\n"));
 151                 return;
 152         }
 153
 154         if (context->pwent_methods && context->pwent_methods->endsampwent)
 155                 context->pwent_methods->endsampwent(context->pwent_methods);
 156
 157         /* So we won't get strange data when calling getsampwent now */
 158         context->pwent_methods = NULL;
 159 }
 160
 161 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
 162 {
 163         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 164
 165         if ((!context) || (!context->pwent_methods)) {
 166                 DEBUG(0, ("invalid pdb_context specified!\n"));
 167                 return ret;
 168         }
 169         /* Loop until we find something useful */
 170         while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
 171
 172                 context->pwent_methods->endsampwent(context->pwent_methods);
 173
 174                 context->pwent_methods = context->pwent_methods->next;
 175
 176                 /* All methods are checked now. There are no more entries */
 177                 if (context->pwent_methods == NULL)
 178                         return ret;
 179
 180                 context->pwent_methods->setsampwent(context->pwent_methods, False, 0);
 181         }
 182         user->methods = context->pwent_methods;
 183         pdb_force_pw_initialization(user);
 184         return ret;
 185 }
 186
 187 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
 188 {
 189         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 190
 191         struct pdb_methods *curmethods;
 192         if ((!context)) {
 193                 DEBUG(0, ("invalid pdb_context specified!\n"));
 194                 return ret;
 195         }
 196         curmethods = context->pdb_methods;
 197         while (curmethods){
 198                 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
 199                         pdb_force_pw_initialization(sam_acct);
 200                         sam_acct->methods = curmethods;
 201                         return ret;
 202                 }
 203                 curmethods = curmethods->next;
 204         }
 205
 206         return ret;
 207 }
 208
 209 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 210 {
 211         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 212
 213         struct pdb_methods *curmethods;
 214         if ((!context)) {
 215                 DEBUG(0, ("invalid pdb_context specified!\n"));
 216                 return ret;
 217         }
 218
 219         curmethods = context->pdb_methods;
 220
 221         while (curmethods){
 222                 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
 223                         pdb_force_pw_initialization(sam_acct);
 224                         sam_acct->methods = curmethods;
 225                         return ret;
 226                 }
 227                 curmethods = curmethods->next;
 228         }
 229
 230         return ret;
 231 }
 232
 233 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 234 {
 235         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 236         const char *lm_pw, *nt_pw;
 237         uint16 acb_flags;
 238
 239         if ((!context) || (!context->pdb_methods)) {
 240                 DEBUG(0, ("invalid pdb_context specified!\n"));
 241                 return ret;
 242         }
 243
 244         /* disable acccounts with no passwords (that has not
 245            been allowed by the  ACB_PWNOTREQ bit */
 246
 247         lm_pw = pdb_get_lanman_passwd( sam_acct );
 248         nt_pw = pdb_get_nt_passwd( sam_acct );
 249         acb_flags = pdb_get_acct_ctrl( sam_acct );
 250         if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
 251                 acb_flags |= ACB_DISABLED;
 252                 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
 253         }
 254
 255         /** @todo  This is where a 're-read on add' should be done */
 256         /* We now add a new account to the first database listed.
 257          * Should we? */
 258
 259         return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
 260 }
 261
 262 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 263 {
 264         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 265         const char *lm_pw, *nt_pw;
 266         uint16 acb_flags;
 267
 268         if (!context) {
 269                 DEBUG(0, ("invalid pdb_context specified!\n"));
 270                 return ret;
 271         }
 272
 273         if (!sam_acct || !sam_acct->methods){
 274                 DEBUG(0, ("invalid sam_acct specified\n"));
 275                 return ret;
 276         }
 277
 278         /* disable acccounts with no passwords (that has not
 279            been allowed by the  ACB_PWNOTREQ bit */
 280
 281         lm_pw = pdb_get_lanman_passwd( sam_acct );
 282         nt_pw = pdb_get_nt_passwd( sam_acct );
 283         acb_flags = pdb_get_acct_ctrl( sam_acct );
 284         if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
 285                 acb_flags |= ACB_DISABLED;
 286                 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
 287         }
 288
 289         /** @todo  This is where a 're-read on update' should be done */
 290
 291         return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
 292 }
 293
 294 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 295 {
 296         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 297
 298         struct pdb_methods *pdb_selected;
 299         if (!context) {
 300                 DEBUG(0, ("invalid pdb_context specified!\n"));
 301                 return ret;
 302         }
 303
 304         if (!sam_acct->methods){
 305                 pdb_selected = context->pdb_methods;
 306                 /* There's no passdb backend specified for this account.
 307                  * Try to delete it in every passdb available
 308                  * Needed to delete accounts in smbpasswd that are not
 309                  * in /etc/passwd.
 310                  */
 311                 while (pdb_selected){
 312                         if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
 313                                 return ret;
 314                         }
 315                         pdb_selected = pdb_selected->next;
 316                 }
 317                 return ret;
 318         }
 319
 320         if (!sam_acct->methods->delete_sam_account){
 321                 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
 322                 return ret;
 323         }
 324
 325         return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
 326 }
 327
 328 static NTSTATUS context_getgrsid(struct pdb_context *context,
 329                                  GROUP_MAP *map, DOM_SID sid)
 330 {
 331         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 332
 333         struct pdb_methods *curmethods;
 334         if ((!context)) {
 335                 DEBUG(0, ("invalid pdb_context specified!\n"));
 336                 return ret;
 337         }
 338         curmethods = context->pdb_methods;
 339         while (curmethods){
 340                 ret = curmethods->getgrsid(curmethods, map, sid);
 341                 if (NT_STATUS_IS_OK(ret)) {
 342                         map->methods = curmethods;
 343                         return ret;
 344                 }
 345                 curmethods = curmethods->next;
 346         }
 347
 348         return ret;
 349 }
 350
 351 static NTSTATUS context_getgrgid(struct pdb_context *context,
 352                                  GROUP_MAP *map, gid_t gid)
 353 {
 354         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 355
 356         struct pdb_methods *curmethods;
 357         if ((!context)) {
 358                 DEBUG(0, ("invalid pdb_context specified!\n"));
 359                 return ret;
 360         }
 361         curmethods = context->pdb_methods;
 362         while (curmethods){
 363                 ret = curmethods->getgrgid(curmethods, map, gid);
 364                 if (NT_STATUS_IS_OK(ret)) {
 365                         map->methods = curmethods;
 366                         return ret;
 367                 }
 368                 curmethods = curmethods->next;
 369         }
 370
 371         return ret;
 372 }
 373
 374 static NTSTATUS context_getgrnam(struct pdb_context *context,
 375                                  GROUP_MAP *map, const char *name)
 376 {
 377         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 378
 379         struct pdb_methods *curmethods;
 380         if ((!context)) {
 381                 DEBUG(0, ("invalid pdb_context specified!\n"));
 382                 return ret;
 383         }
 384         curmethods = context->pdb_methods;
 385         while (curmethods){
 386                 ret = curmethods->getgrnam(curmethods, map, name);
 387                 if (NT_STATUS_IS_OK(ret)) {
 388                         map->methods = curmethods;
 389                         return ret;
 390                 }
 391                 curmethods = curmethods->next;
 392         }
 393
 394         return ret;
 395 }
 396
 397 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
 398                                                 GROUP_MAP *map)
 399 {
 400         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 401
 402         if ((!context) || (!context->pdb_methods)) {
 403                 DEBUG(0, ("invalid pdb_context specified!\n"));
 404                 return ret;
 405         }
 406
 407         return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
 408                                                              map);
 409 }
 410
 411 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
 412                                                    GROUP_MAP *map)
 413 {
 414         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 415
 416         if ((!context) || (!context->pdb_methods)) {
 417                 DEBUG(0, ("invalid pdb_context specified!\n"));
 418                 return ret;
 419         }
 420
 421         return context->
 422                 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
 423 }
 424
 425 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
 426                                                    DOM_SID sid)
 427 {
 428         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 429
 430         if ((!context) || (!context->pdb_methods)) {
 431                 DEBUG(0, ("invalid pdb_context specified!\n"));
 432                 return ret;
 433         }
 434
 435         return context->
 436                 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
 437 }
 438
 439 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
 440                                            enum SID_NAME_USE sid_name_use,
 441                                            GROUP_MAP **rmap, int *num_entries,
 442                                            BOOL unix_only)
 443 {
 444         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 445
 446         if ((!context) || (!context->pdb_methods)) {
 447                 DEBUG(0, ("invalid pdb_context specified!\n"));
 448                 return ret;
 449         }
 450
 451         return context->pdb_methods->enum_group_mapping(context->pdb_methods,
 452                                                         sid_name_use, rmap,
 453                                                         num_entries, unix_only);
 454 }
 455
 456 static NTSTATUS context_enum_group_members(struct pdb_context *context,
 457                                            TALLOC_CTX *mem_ctx,
 458                                            const DOM_SID *group,
 459                                            uint32 **member_rids,
 460                                            int *num_members)
 461 {
 462         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 463
 464         if ((!context) || (!context->pdb_methods)) {
 465                 DEBUG(0, ("invalid pdb_context specified!\n"));
 466                 return ret;
 467         }
 468
 469         return context->pdb_methods->enum_group_members(context->pdb_methods,
 470                                                         mem_ctx, group,
 471                                                         member_rids,
 472                                                         num_members);
 473 }
 474
 475 static NTSTATUS context_enum_group_memberships(struct pdb_context *context,
 476                                                const char *username,
 477                                                gid_t primary_gid,
 478                                                DOM_SID **sids, gid_t **gids,
 479                                                int *num_groups)
 480 {
 481         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 482
 483         if ((!context) || (!context->pdb_methods)) {
 484                 DEBUG(0, ("invalid pdb_context specified!\n"));
 485                 return ret;
 486         }
 487
 488         return context->pdb_methods->
 489                 enum_group_memberships(context->pdb_methods, username,
 490                                        primary_gid, sids, gids, num_groups);
 491 }
 492
 493 static NTSTATUS context_find_alias(struct pdb_context *context,
 494                                    const char *name, DOM_SID *sid)
 495 {
 496         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 497
 498         if ((!context) || (!context->pdb_methods)) {
 499                 DEBUG(0, ("invalid pdb_context specified!\n"));
 500                 return ret;
 501         }
 502
 503         return context->pdb_methods->find_alias(context->pdb_methods,
 504                                                 name, sid);
 505 }
 506
 507 static NTSTATUS context_create_alias(struct pdb_context *context,
 508                                      const char *name, uint32 *rid)
 509 {
 510         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 511
 512         if ((!context) || (!context->pdb_methods)) {
 513                 DEBUG(0, ("invalid pdb_context specified!\n"));
 514                 return ret;
 515         }
 516
 517         return context->pdb_methods->create_alias(context->pdb_methods,
 518                                                   name, rid);
 519 }
 520
 521 static NTSTATUS context_delete_alias(struct pdb_context *context,
 522                                      const DOM_SID *sid)
 523 {
 524         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 525
 526         if ((!context) || (!context->pdb_methods)) {
 527                 DEBUG(0, ("invalid pdb_context specified!\n"));
 528                 return ret;
 529         }
 530
 531         return context->pdb_methods->delete_alias(context->pdb_methods, sid);
 532 }
 533
 534 static NTSTATUS context_enum_aliases(struct pdb_context *context,
 535                                      const DOM_SID *sid,
 536                                      uint32 start_idx, uint32 max_entries,
 537                                      uint32 *num_aliases,
 538                                      struct acct_info **info)
 539 {
 540         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 541
 542         if ((!context) || (!context->pdb_methods)) {
 543                 DEBUG(0, ("invalid pdb_context specified!\n"));
 544                 return ret;
 545         }
 546
 547         return context->pdb_methods->enum_aliases(context->pdb_methods,
 548                                                   sid, start_idx, max_entries,
 549                                                   num_aliases, info);
 550 }
 551
 552 static NTSTATUS context_get_aliasinfo(struct pdb_context *context,
 553                                       const DOM_SID *sid,
 554                                       struct acct_info *info)
 555 {
 556         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 557
 558         if ((!context) || (!context->pdb_methods)) {
 559                 DEBUG(0, ("invalid pdb_context specified!\n"));
 560                 return ret;
 561         }
 562
 563         return context->pdb_methods->get_aliasinfo(context->pdb_methods,
 564                                                    sid, info);
 565 }
 566
 567 static NTSTATUS context_set_aliasinfo(struct pdb_context *context,
 568                                       const DOM_SID *sid,
 569                                       struct acct_info *info)
 570 {
 571         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 572
 573         if ((!context) || (!context->pdb_methods)) {
 574                 DEBUG(0, ("invalid pdb_context specified!\n"));
 575                 return ret;
 576         }
 577
 578         return context->pdb_methods->set_aliasinfo(context->pdb_methods,
 579                                                    sid, info);
 580 }
 581
 582 static NTSTATUS context_add_aliasmem(struct pdb_context *context,
 583                                      const DOM_SID *alias,
 584                                      const DOM_SID *member)
 585 {
 586         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 587
 588         if ((!context) || (!context->pdb_methods)) {
 589                 DEBUG(0, ("invalid pdb_context specified!\n"));
 590                 return ret;
 591         }
 592
 593         return context->pdb_methods->add_aliasmem(context->pdb_methods,
 594                                                   alias, member);
 595 }
 596
 597 static NTSTATUS context_del_aliasmem(struct pdb_context *context,
 598                                      const DOM_SID *alias,
 599                                      const DOM_SID *member)
 600 {
 601         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 602
 603         if ((!context) || (!context->pdb_methods)) {
 604                 DEBUG(0, ("invalid pdb_context specified!\n"));
 605                 return ret;
 606         }
 607
 608         return context->pdb_methods->del_aliasmem(context->pdb_methods,
 609                                                   alias, member);
 610 }
 611
 612 static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
 613                                       const DOM_SID *alias, DOM_SID **members,
 614                                       int *num)
 615 {
 616         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 617
 618         if ((!context) || (!context->pdb_methods)) {
 619                 DEBUG(0, ("invalid pdb_context specified!\n"));
 620                 return ret;
 621         }
 622
 623         return context->pdb_methods->enum_aliasmem(context->pdb_methods,
 624                                                    alias, members, num);
 625 }
 626
 627 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
 628                                                const DOM_SID *members,
 629                                                int num_members,
 630                                                DOM_SID **aliases, int *num)
 631 {
 632         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 633
 634         if ((!context) || (!context->pdb_methods)) {
 635                 DEBUG(0, ("invalid pdb_context specified!\n"));
 636                 return ret;
 637         }
 638
 639         return context->pdb_methods->
 640                 enum_alias_memberships(context->pdb_methods, members,
 641                                        num_members, aliases, num);
 642 }
 643
 644 /******************************************************************
 645   Free and cleanup a pdb context, any associated data and anything
 646   that the attached modules might have associated.
 647  *******************************************************************/
 648
 649 static void free_pdb_context(struct pdb_context **context)
 650 {
 651         struct pdb_methods *pdb_selected = (*context)->pdb_methods;
 652
 653         while (pdb_selected){
 654                 if(pdb_selected->free_private_data)
 655                         pdb_selected->free_private_data(&(pdb_selected->private_data));
 656                 pdb_selected = pdb_selected->next;
 657         }
 658
 659         talloc_destroy((*context)->mem_ctx);
 660         *context = NULL;
 661 }
 662
 663 /******************************************************************
 664   Make a pdb_methods from scratch
 665  *******************************************************************/
 666
 667 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
 668 {
 669         char *module_name = smb_xstrdup(selected);
 670         char *module_location = NULL, *p;
 671         struct pdb_init_function_entry *entry;
 672         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 673
 674         lazy_initialize_passdb();
 675
 676         p = strchr(module_name, ':');
 677
 678         if (p) {
 679                 *p = 0;
 680                 module_location = p+1;
 681                 trim_char(module_location, ' ', ' ');
 682         }
 683
 684         trim_char(module_name, ' ', ' ');
 685
 686
 687         DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
 688
 689         entry = pdb_find_backend_entry(module_name);
 690
 691         /* Try to find a module that contains this module */
 692         if (!entry) {
 693                 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
 694                 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
 695                         DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
 696                         SAFE_FREE(module_name);
 697                         return NT_STATUS_UNSUCCESSFUL;
 698                 }
 699         }
 700
 701         /* No such backend found */
 702         if(!entry) {
 703                 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
 704                 SAFE_FREE(module_name);
 705                 return NT_STATUS_INVALID_PARAMETER;
 706         }
 707
 708         DEBUG(5,("Found pdb backend %s\n", module_name));
 709         nt_status = entry->init(context, methods, module_location);
 710         if (NT_STATUS_IS_OK(nt_status)) {
 711                 DEBUG(5,("pdb backend %s has a valid init\n", selected));
 712         } else {
 713                 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
 714         }
 715         SAFE_FREE(module_name);
 716         return nt_status;
 717 }
 718
 719 /******************************************************************
 720   Make a pdb_context from scratch.
 721  *******************************************************************/
 722
 723 static NTSTATUS make_pdb_context(struct pdb_context **context)
 724 {
 725         TALLOC_CTX *mem_ctx;
 726
 727         mem_ctx = talloc_init("pdb_context internal allocation context");
 728
 729         if (!mem_ctx) {
 730                 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
 731                 return NT_STATUS_NO_MEMORY;
 732         }
 733
 734         *context = TALLOC_P(mem_ctx, struct pdb_context);
 735         if (!*context) {
 736                 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
 737                 return NT_STATUS_NO_MEMORY;
 738         }
 739
 740         ZERO_STRUCTP(*context);
 741
 742         (*context)->mem_ctx = mem_ctx;
 743
 744         (*context)->pdb_setsampwent = context_setsampwent;
 745         (*context)->pdb_endsampwent = context_endsampwent;
 746         (*context)->pdb_getsampwent = context_getsampwent;
 747         (*context)->pdb_getsampwnam = context_getsampwnam;
 748         (*context)->pdb_getsampwsid = context_getsampwsid;
 749         (*context)->pdb_add_sam_account = context_add_sam_account;
 750         (*context)->pdb_update_sam_account = context_update_sam_account;
 751         (*context)->pdb_delete_sam_account = context_delete_sam_account;
 752         (*context)->pdb_getgrsid = context_getgrsid;
 753         (*context)->pdb_getgrgid = context_getgrgid;
 754         (*context)->pdb_getgrnam = context_getgrnam;
 755         (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
 756         (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
 757         (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
 758         (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
 759         (*context)->pdb_enum_group_members = context_enum_group_members;
 760         (*context)->pdb_enum_group_memberships = context_enum_group_memberships;
 761
 762         (*context)->pdb_find_alias = context_find_alias;
 763         (*context)->pdb_create_alias = context_create_alias;
 764         (*context)->pdb_delete_alias = context_delete_alias;
 765         (*context)->pdb_enum_aliases = context_enum_aliases;
 766         (*context)->pdb_get_aliasinfo = context_get_aliasinfo;
 767         (*context)->pdb_set_aliasinfo = context_set_aliasinfo;
 768         (*context)->pdb_add_aliasmem = context_add_aliasmem;
 769         (*context)->pdb_del_aliasmem = context_del_aliasmem;
 770         (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
 771         (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
 772
 773         (*context)->free_fn = free_pdb_context;
 774
 775         return NT_STATUS_OK;
 776 }
 777
 778
 779 /******************************************************************
 780   Make a pdb_context, given an array of strings
 781  *******************************************************************/
 782
 783 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
 784 {
 785         int i = 0;
 786         struct pdb_methods *curmethods, *tmpmethods;
 787         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 788         BOOL have_guest = False;
 789
 790         if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
 791                 return nt_status;
 792         }
 793
 794         if (!selected) {
 795                 DEBUG(0, ("ERROR: empty passdb backend list!\n"));
 796                 return nt_status;
 797         }
 798
 799         while (selected[i]){
 800                 if (strcmp(selected[i], "guest") == 0) {
 801                         have_guest = True;
 802                 }
 803                 /* Try to initialise pdb */
 804                 DEBUG(5,("Trying to load: %s\n", selected[i]));
 805                 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
 806                         DEBUG(1, ("Loading %s failed!\n", selected[i]));
 807                         free_pdb_context(context);
 808                         return nt_status;
 809                 }
 810                 curmethods->parent = *context;
 811                 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
 812                 i++;
 813         }
 814
 815         if (have_guest)
 816                 return NT_STATUS_OK;
 817
 818         if ( (lp_guestaccount() == NULL) ||
 819              (*lp_guestaccount() == '\0') ) {
 820                 /* We explicitly don't want guest access. No idea what
 821                    else that breaks, but be it that way. */
 822                 return NT_STATUS_OK;
 823         }
 824
 825         if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods,
 826                                                                *context,
 827                                                                "guest"))) {
 828                 DEBUG(1, ("Loading guest module failed!\n"));
 829                 free_pdb_context(context);
 830                 return nt_status;
 831         }
 832
 833         curmethods->parent = *context;
 834         DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
 835
 836         return NT_STATUS_OK;
 837 }
 838
 839 /******************************************************************
 840   Make a pdb_context, given a text string.
 841  *******************************************************************/
 842
 843 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
 844 {
 845         NTSTATUS ret;
 846         char **newsel = str_list_make(selected, NULL);
 847         ret = make_pdb_context_list(context, (const char **)newsel);
 848         str_list_free(&newsel);
 849         return ret;
 850 }
 851
 852 /******************************************************************
 853  Return an already initialised pdb_context, to facilitate backward
 854  compatibility (see functions below).
 855 *******************************************************************/
 856
 857 static struct pdb_context *pdb_get_static_context(BOOL reload)
 858 {
 859         static struct pdb_context *pdb_context = NULL;
 860
 861         if ((pdb_context) && (reload)) {
 862                 pdb_context->free_fn(&pdb_context);
 863                 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
 864                         return NULL;
 865                 }
 866         }
 867
 868         if (!pdb_context) {
 869                 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
 870                         return NULL;
 871                 }
 872         }
 873
 874         return pdb_context;
 875 }
 876
 877 /******************************************************************
 878  Backward compatibility functions for the original passdb interface
 879 *******************************************************************/
 880
 881 BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
 882 {
 883         struct pdb_context *pdb_context = pdb_get_static_context(False);
 884
 885         if (!pdb_context) {
 886                 return False;
 887         }
 888
 889         return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update, acb_mask));
 890 }
 891
 892 void pdb_endsampwent(void)
 893 {
 894         struct pdb_context *pdb_context = pdb_get_static_context(False);
 895
 896         if (!pdb_context) {
 897                 return;
 898         }
 899
 900         pdb_context->pdb_endsampwent(pdb_context);
 901 }
 902
 903 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
 904 {
 905         struct pdb_context *pdb_context = pdb_get_static_context(False);
 906
 907         if (!pdb_context) {
 908                 return False;
 909         }
 910
 911         return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
 912 }
 913
 914 static SAM_ACCOUNT *sam_account_cache = NULL;
 915
 916 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
 917 {
 918         struct pdb_context *pdb_context = pdb_get_static_context(False);
 919
 920         if (!pdb_context) {
 921                 return False;
 922         }
 923
 924         if (!NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context,
 925                                                           sam_acct, username)))
 926                 return False;
 927
 928         if (sam_account_cache != NULL) {
 929                 pdb_free_sam(&sam_account_cache);
 930                 sam_account_cache = NULL;
 931         }
 932
 933         pdb_copy_sam_account(sam_acct, &sam_account_cache);
 934         return True;
 935 }
 936
 937 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 938 {
 939         struct pdb_context *pdb_context = pdb_get_static_context(False);
 940
 941         if (!pdb_context) {
 942                 return False;
 943         }
 944
 945         if ((sam_account_cache != NULL) &&
 946             (sid_equal(sid, pdb_get_user_sid(sam_account_cache))))
 947                 return pdb_copy_sam_account(sam_account_cache, &sam_acct);
 948
 949         return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
 950 }
 951
 952 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
 953 {
 954         struct pdb_context *pdb_context = pdb_get_static_context(False);
 955
 956         if (!pdb_context) {
 957                 return False;
 958         }
 959
 960         return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
 961 }
 962
 963 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
 964 {
 965         struct pdb_context *pdb_context = pdb_get_static_context(False);
 966
 967         if (!pdb_context) {
 968                 return False;
 969         }
 970
 971         if (sam_account_cache != NULL) {
 972                 pdb_free_sam(&sam_account_cache);
 973                 sam_account_cache = NULL;
 974         }
 975
 976         return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
 977 }
 978
 979 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
 980 {
 981         struct pdb_context *pdb_context = pdb_get_static_context(False);
 982
 983         if (!pdb_context) {
 984                 return False;
 985         }
 986
 987         if (sam_account_cache != NULL) {
 988                 pdb_free_sam(&sam_account_cache);
 989                 sam_account_cache = NULL;
 990         }
 991
 992         return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
 993 }
 994
 995 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
 996 {
 997         struct pdb_context *pdb_context = pdb_get_static_context(False);
 998
 999         if (!pdb_context) {
1000                 return False;
1001         }
1002
1003         return NT_STATUS_IS_OK(pdb_context->
1004                                pdb_getgrsid(pdb_context, map, sid));
1005 }
1006
1007 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
1008 {
1009         struct pdb_context *pdb_context = pdb_get_static_context(False);
1010
1011         if (!pdb_context) {
1012                 return False;
1013         }
1014
1015         return NT_STATUS_IS_OK(pdb_context->
1016                                pdb_getgrgid(pdb_context, map, gid));
1017 }
1018
1019 BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
1020 {
1021         struct pdb_context *pdb_context = pdb_get_static_context(False);
1022
1023         if (!pdb_context) {
1024                 return False;
1025         }
1026
1027         return NT_STATUS_IS_OK(pdb_context->
1028                                pdb_getgrnam(pdb_context, map, name));
1029 }
1030
1031 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
1032 {
1033         struct pdb_context *pdb_context = pdb_get_static_context(False);
1034
1035         if (!pdb_context) {
1036                 return False;
1037         }
1038
1039         return NT_STATUS_IS_OK(pdb_context->
1040                                pdb_add_group_mapping_entry(pdb_context, map));
1041 }
1042
1043 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
1044 {
1045         struct pdb_context *pdb_context = pdb_get_static_context(False);
1046
1047         if (!pdb_context) {
1048                 return False;
1049         }
1050
1051         return NT_STATUS_IS_OK(pdb_context->
1052                                pdb_update_group_mapping_entry(pdb_context, map));
1053 }
1054
1055 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
1056 {
1057         struct pdb_context *pdb_context = pdb_get_static_context(False);
1058
1059         if (!pdb_context) {
1060                 return False;
1061         }
1062
1063         return NT_STATUS_IS_OK(pdb_context->
1064                                pdb_delete_group_mapping_entry(pdb_context, sid));
1065 }
1066
1067 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
1068                             int *num_entries, BOOL unix_only)
1069 {
1070         struct pdb_context *pdb_context = pdb_get_static_context(False);
1071
1072         if (!pdb_context) {
1073                 return False;
1074         }
1075
1076         return NT_STATUS_IS_OK(pdb_context->
1077                                pdb_enum_group_mapping(pdb_context, sid_name_use,
1078                                                       rmap, num_entries, unix_only));
1079 }
1080
1081 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
1082                                 const DOM_SID *sid,
1083                                 uint32 **member_rids,
1084                                 int *num_members)
1085 {
1086         struct pdb_context *pdb_context = pdb_get_static_context(False);
1087
1088         if (!pdb_context) {
1089                 return NT_STATUS_UNSUCCESSFUL;
1090         }
1091
1092         return pdb_context->pdb_enum_group_members(pdb_context, mem_ctx, sid,
1093                                                    member_rids, num_members);
1094 }
1095
1096 NTSTATUS pdb_enum_group_memberships(const char *username, gid_t primary_gid,
1097                                     DOM_SID **sids, gid_t **gids,
1098                                     int *num_groups)
1099 {
1100         struct pdb_context *pdb_context = pdb_get_static_context(False);
1101
1102         if (!pdb_context) {
1103                 return NT_STATUS_UNSUCCESSFUL;
1104         }
1105
1106         return pdb_context->pdb_enum_group_memberships(pdb_context, username,
1107                                                        primary_gid, sids, gids,
1108                                                        num_groups);
1109 }
1110
1111 BOOL pdb_find_alias(const char *name, DOM_SID *sid)
1112 {
1113         struct pdb_context *pdb_context = pdb_get_static_context(False);
1114
1115         if (!pdb_context) {
1116                 return False;
1117         }
1118
1119         return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context,
1120                                                              name, sid));
1121 }
1122
1123 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
1124 {
1125         struct pdb_context *pdb_context = pdb_get_static_context(False);
1126
1127         if (!pdb_context) {
1128                 return NT_STATUS_NOT_IMPLEMENTED;
1129         }
1130
1131         return pdb_context->pdb_create_alias(pdb_context, name, rid);
1132 }
1133
1134 BOOL pdb_delete_alias(const DOM_SID *sid)
1135 {
1136         struct pdb_context *pdb_context = pdb_get_static_context(False);
1137
1138         if (!pdb_context) {
1139                 return False;
1140         }
1141
1142         return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context,
1143                                                              sid));
1144
1145 }
1146
1147 BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries,
1148                       uint32 *num_aliases, struct acct_info **info)
1149 {
1150         struct pdb_context *pdb_context = pdb_get_static_context(False);
1151
1152         if (!pdb_context) {
1153                 return False;
1154         }
1155
1156         return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid,
1157                                                              start_idx,
1158                                                              max_entries,
1159                                                              num_aliases,
1160                                                              info));
1161 }
1162
1163 BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1164 {
1165         struct pdb_context *pdb_context = pdb_get_static_context(False);
1166
1167         if (!pdb_context) {
1168                 return False;
1169         }
1170
1171         return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid,
1172                                                               info));
1173 }
1174
1175 BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1176 {
1177         struct pdb_context *pdb_context = pdb_get_static_context(False);
1178
1179         if (!pdb_context) {
1180                 return False;
1181         }
1182
1183         return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid,
1184                                                               info));
1185 }
1186
1187 BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1188 {
1189         struct pdb_context *pdb_context = pdb_get_static_context(False);
1190
1191         if (!pdb_context) {
1192                 return False;
1193         }
1194
1195         return NT_STATUS_IS_OK(pdb_context->
1196                                pdb_add_aliasmem(pdb_context, alias, member));
1197 }
1198
1199 BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1200 {
1201         struct pdb_context *pdb_context = pdb_get_static_context(False);
1202
1203         if (!pdb_context) {
1204                 return False;
1205         }
1206
1207         return NT_STATUS_IS_OK(pdb_context->
1208                                pdb_del_aliasmem(pdb_context, alias, member));
1209 }
1210
1211 BOOL pdb_enum_aliasmem(const DOM_SID *alias,
1212                        DOM_SID **members, int *num_members)
1213 {
1214         struct pdb_context *pdb_context = pdb_get_static_context(False);
1215
1216         if (!pdb_context) {
1217                 return False;
1218         }
1219
1220         return NT_STATUS_IS_OK(pdb_context->
1221                                pdb_enum_aliasmem(pdb_context, alias,
1222                                                  members, num_members));
1223 }
1224
1225 BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
1226                                 DOM_SID **aliases, int *num)
1227 {
1228         struct pdb_context *pdb_context = pdb_get_static_context(False);
1229
1230         if (!pdb_context) {
1231                 return False;
1232         }
1233
1234         return NT_STATUS_IS_OK(pdb_context->
1235                                pdb_enum_alias_memberships(pdb_context, members,
1236                                                           num_members,
1237                                                           aliases, num));
1238 }
1239
1240 /***************************************************************
1241   Initialize the static context (at smbd startup etc).
1242
1243   If uninitialised, context will auto-init on first use.
1244  ***************************************************************/
1245
1246 BOOL initialize_password_db(BOOL reload)
1247 {
1248         return (pdb_get_static_context(reload) != NULL);
1249 }
1250
1251
1252 /***************************************************************************
1253   Default implementations of some functions.
1254  ****************************************************************************/
1255
1256 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
1257 {
1258         return NT_STATUS_NO_SUCH_USER;
1259 }
1260
1261 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
1262 {
1263         return NT_STATUS_NO_SUCH_USER;
1264 }
1265
1266 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1267 {
1268         DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
1269         return NT_STATUS_NOT_IMPLEMENTED;
1270 }
1271
1272 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1273 {
1274         return NT_STATUS_NOT_IMPLEMENTED;
1275 }
1276
1277 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
1278 {
1279         return NT_STATUS_NOT_IMPLEMENTED;
1280 }
1281
1282 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
1283 {
1284         return NT_STATUS_NOT_IMPLEMENTED;
1285 }
1286
1287 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
1288 {
1289         return NT_STATUS_NOT_IMPLEMENTED;
1290 }
1291
1292 static void pdb_default_endsampwent(struct pdb_methods *methods)
1293 {
1294         return; /* NT_STATUS_NOT_IMPLEMENTED; */
1295 }
1296
1297 static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
1298                                     uid_t uid, uid_t **uids, int *num)
1299 {
1300         int i;
1301
1302         for (i=0; i<*num; i++) {
1303                 if ((*uids)[i] == uid)
1304                         return;
1305         }
1306
1307         *uids = TALLOC_REALLOC_ARRAY(mem_ctx, *uids, uid_t, *num+1);
1308
1309         if (*uids == NULL)
1310                 return;
1311
1312         (*uids)[*num] = uid;
1313         *num += 1;
1314 }
1315
1316 static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **uids,
1317                            int *num)
1318 {
1319         struct group *grp;
1320         char **gr;
1321         struct sys_pwent *userlist, *user;
1322
1323         *uids = NULL;
1324         *num = 0;
1325
1326         /* We only look at our own sam, so don't care about imported stuff */
1327
1328         winbind_off();
1329
1330         if ((grp = getgrgid(gid)) == NULL) {
1331                 winbind_on();
1332                 return False;
1333         }
1334
1335         /* Primary group members */
1336
1337         userlist = getpwent_list();
1338
1339         for (user = userlist; user != NULL; user = user->next) {
1340                 if (user->pw_gid != gid)
1341                         continue;
1342                 add_uid_to_array_unique(mem_ctx, user->pw_uid, uids, num);
1343         }
1344
1345         pwent_free(userlist);
1346
1347         /* Secondary group members */
1348
1349         for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1350                 struct passwd *pw = getpwnam(*gr);
1351
1352                 if (pw == NULL)
1353                         continue;
1354                 add_uid_to_array_unique(mem_ctx, pw->pw_uid, uids, num);
1355         }
1356
1357         winbind_on();
1358
1359         return True;
1360 }
1361
1362 NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1363                                         TALLOC_CTX *mem_ctx,
1364                                         const DOM_SID *group,
1365                                         uint32 **member_rids,
1366                                         int *num_members)
1367 {
1368         gid_t gid;
1369         uid_t *uids;
1370         int i, num_uids;
1371
1372         *member_rids = NULL;
1373         *num_members = 0;
1374
1375         if (!NT_STATUS_IS_OK(sid_to_gid(group, &gid)))
1376                 return NT_STATUS_NO_SUCH_GROUP;
1377
1378         if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1379                 return NT_STATUS_NO_SUCH_GROUP;
1380
1381         if (num_uids == 0)
1382                 return NT_STATUS_OK;
1383
1384         *member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1385
1386         for (i=0; i<num_uids; i++) {
1387                 DOM_SID sid;
1388
1389                 if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) {
1390                         DEBUG(1, ("Could not map member uid to SID\n"));
1391                         continue;
1392                 }
1393
1394                 if (!sid_check_is_in_our_domain(&sid)) {
1395                         DEBUG(1, ("Inconsistent SAM -- group member uid not "
1396                                   "in our domain\n"));
1397                         continue;
1398                 }
1399
1400                 sid_peek_rid(&sid, &(*member_rids)[*num_members]);
1401                 *num_members += 1;
1402         }
1403
1404         return NT_STATUS_OK;
1405 }
1406
1407 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
1408 {
1409         *methods = TALLOC_P(mem_ctx, struct pdb_methods);
1410
1411         if (!*methods) {
1412                 return NT_STATUS_NO_MEMORY;
1413         }
1414
1415         ZERO_STRUCTP(*methods);
1416
1417         (*methods)->setsampwent = pdb_default_setsampwent;
1418         (*methods)->endsampwent = pdb_default_endsampwent;
1419         (*methods)->getsampwent = pdb_default_getsampwent;
1420         (*methods)->getsampwnam = pdb_default_getsampwnam;
1421         (*methods)->getsampwsid = pdb_default_getsampwsid;
1422         (*methods)->add_sam_account = pdb_default_add_sam_account;
1423         (*methods)->update_sam_account = pdb_default_update_sam_account;
1424         (*methods)->delete_sam_account = pdb_default_delete_sam_account;
1425
1426         (*methods)->getgrsid = pdb_default_getgrsid;
1427         (*methods)->getgrgid = pdb_default_getgrgid;
1428         (*methods)->getgrnam = pdb_default_getgrnam;
1429         (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
1430         (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
1431         (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
1432         (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
1433         (*methods)->enum_group_members = pdb_default_enum_group_members;
1434         (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
1435         (*methods)->find_alias = pdb_default_find_alias;
1436         (*methods)->create_alias = pdb_default_create_alias;
1437         (*methods)->delete_alias = pdb_default_delete_alias;
1438         (*methods)->enum_aliases = pdb_default_enum_aliases;
1439         (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
1440         (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
1441         (*methods)->add_aliasmem = pdb_default_add_aliasmem;
1442         (*methods)->del_aliasmem = pdb_default_del_aliasmem;
1443         (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
1444         (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
1445
1446         return NT_STATUS_OK;
1447 }