Copyright (C) Andrew Bartlett 2002
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Simo Sorce 2003
+ Copyright (C) Volker Lendecke 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
-/* Cache of latest SAM lookup query */
-
-static SAM_ACCOUNT *csamuser = NULL;
+static_decl_pdb;
static struct pdb_init_function_entry *backends = NULL;
static void lazy_initialize_passdb(void)
{
- static BOOL initialized = False;
- if(initialized)return;
+ static bool initialized = False;
+ if(initialized) {
+ return;
+ }
static_init_pdb;
initialized = True;
}
-static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
-static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
+static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
const char **name,
- enum SID_NAME_USE *psid_name_use,
+ enum lsa_SidType *psid_name_use,
union unid_t *unix_id);
-/*******************************************************************
- Clean up uninitialised passwords. The only way to tell
- that these values are not 'real' is that they do not
- have a valid last set time. Instead, the value is fixed at 0.
- Therefore we use that as the key for 'is this a valid password'.
- However, it is perfectly valid to have a 'default' last change
- time, such LDAP with a missing attribute would produce.
-********************************************************************/
-
-static void pdb_force_pw_initialization(SAM_ACCOUNT *pass)
-{
- const uint8 *lm_pwd, *nt_pwd;
-
- /* only reset a password if the last set time has been
- explicitly been set to zero. A default last set time
- is ignored */
-
- if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
- && (pdb_get_pass_last_set_time(pass) == 0) )
- {
-
- if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT)
- {
- lm_pwd = pdb_get_lanman_passwd(pass);
- if (lm_pwd)
- pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED);
- }
- if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT)
- {
- nt_pwd = pdb_get_nt_passwd(pass);
- if (nt_pwd)
- pdb_set_nt_passwd(pass, NULL, PDB_CHANGED);
- }
- }
-
- return;
-}
NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
{
return NT_STATUS_OK;
}
-static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
+struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
{
struct pdb_init_function_entry *entry = backends;
return NULL;
}
+/*
+ * The event context for the passdb backend. I know this is a bad hack and yet
+ * another static variable, but our pdb API is a global thing per
+ * definition. The first use for this is the LDAP idle function, more might be
+ * added later.
+ *
+ * I don't feel too bad about this static variable, it replaces the
+ * smb_idle_event_list that used to exist in lib/module.c. -- VL
+ */
+
+static struct event_context *pdb_event_ctx;
+
+struct event_context *pdb_get_event_context(void)
+{
+ return pdb_event_ctx;
+}
+
/******************************************************************
Make a pdb_methods from scratch
*******************************************************************/
trim_char(module_name, ' ', ' ');
- DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
+ DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
entry = pdb_find_backend_entry(module_name);
-
+
/* Try to find a module that contains this module */
if (!entry) {
DEBUG(2,("No builtin backend found, trying to load plugin\n"));
return NT_STATUS_UNSUCCESSFUL;
}
}
-
+
/* No such backend found */
if(!entry) {
DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
}
/******************************************************************
- Return an already initialised pdn_methods structure
+ Return an already initialized pdb_methods structure
*******************************************************************/
-static struct pdb_methods *pdb_get_methods( BOOL reload )
+static struct pdb_methods *pdb_get_methods_reload( bool reload )
{
static struct pdb_methods *pdb = NULL;
if ( pdb && reload ) {
pdb->free_private_data( &(pdb->private_data) );
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
- return NULL;
+ char *msg = NULL;
+ if (asprintf(&msg, "pdb_get_methods_reload: "
+ "failed to get pdb methods for backend %s\n",
+ lp_passdb_backend()) > 0) {
+ smb_panic(msg);
+ } else {
+ smb_panic("pdb_get_methods_reload");
+ }
}
}
if ( !pdb ) {
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
- return NULL;
+ char *msg = NULL;
+ if (asprintf(&msg, "pdb_get_methods_reload: "
+ "failed to get pdb methods for backend %s\n",
+ lp_passdb_backend()) > 0) {
+ smb_panic(msg);
+ } else {
+ smb_panic("pdb_get_methods_reload");
+ }
}
}
return pdb;
}
-/******************************************************************
- Backward compatibility functions for the original passdb interface
-*******************************************************************/
-
-BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
+static struct pdb_methods *pdb_get_methods(void)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask));
+ return pdb_get_methods_reload(False);
}
-void pdb_endsampwent(void)
+struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return;
- }
-
- pdb->endsampwent(pdb);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->get_domain_info(pdb, mem_ctx);
}
-BOOL pdb_getsampwent(SAM_ACCOUNT *user)
+bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
+ struct pdb_methods *pdb = pdb_get_methods();
+ struct samu *for_cache;
+ const struct dom_sid *user_sid;
- if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) {
+ if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
return False;
}
- pdb_force_pw_initialization( user );
-
- return True;
-}
-
-BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
-{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
+ for_cache = samu_new(NULL);
+ if (for_cache == NULL) {
return False;
}
- if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
+ if (!pdb_copy_sam_account(for_cache, sam_acct)) {
+ TALLOC_FREE(for_cache);
return False;
}
- if (csamuser != NULL) {
- pdb_free_sam(&csamuser);
- csamuser = NULL;
- }
+ user_sid = pdb_get_user_sid(for_cache);
- pdb_force_pw_initialization( sam_acct );
- pdb_copy_sam_account(sam_acct, &csamuser);
+ memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
+ data_blob_const(user_sid, sizeof(*user_sid)),
+ &for_cache);
return True;
}
/**********************************************************************
**********************************************************************/
-BOOL guest_user_info( SAM_ACCOUNT *user )
+bool guest_user_info( struct samu *user )
{
struct passwd *pwd;
- NTSTATUS ntstatus;
+ NTSTATUS result;
const char *guestname = lp_guestaccount();
-
- if ( !(pwd = getpwnam_alloc( NULL, guestname ) ) ) {
+
+ if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) {
DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
guestname));
return False;
}
-
- /* fill in from the users information */
-
- ntstatus = pdb_fill_sam_pw( user, pwd );
-
- return NT_STATUS_IS_OK(ntstatus);
+ result = samu_set_unix(user, pwd );
+
+ TALLOC_FREE( pwd );
+
+ return NT_STATUS_IS_OK( result );
}
/**********************************************************************
**********************************************************************/
-BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
+bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
{
- struct pdb_methods *pdb;
+ struct pdb_methods *pdb = pdb_get_methods();
uint32 rid;
-
- if ( !(pdb = pdb_get_methods(False)) ) {
- return False;
- }
+ void *cache_data;
/* hard code the Guest RID of 501 */
DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
return guest_user_info( sam_acct );
}
-
+
/* check the cache first */
-
- if ( csamuser && sid_equal(sid, pdb_get_user_sid(csamuser) ) )
- return pdb_copy_sam_account(csamuser, &sam_acct);
+
+ cache_data = memcache_lookup_talloc(
+ NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
+
+ if (cache_data != NULL) {
+ struct samu *cache_copy = talloc_get_type_abort(
+ cache_data, struct samu);
+
+ return pdb_copy_sam_account(sam_acct, cache_copy);
+ }
return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
}
-BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
+static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
+ TALLOC_CTX *tmp_ctx, const char *name,
+ uint32 acb_info, uint32 *rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct samu *sam_pass;
+ NTSTATUS status;
+ struct passwd *pwd;
- if ( !pdb ) {
- return False;
+ if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
+ char *add_script = NULL;
+ int add_ret;
+ fstring name2;
+
+ if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
+ add_script = talloc_strdup(tmp_ctx,
+ lp_adduser_script());
+ } else {
+ add_script = talloc_strdup(tmp_ctx,
+ lp_addmachine_script());
+ }
+
+ if (!add_script || add_script[0] == '\0') {
+ DEBUG(3, ("Could not find user %s and no add script "
+ "defined\n", name));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* lowercase the username before creating the Unix account for
+ compatibility with previous Samba releases */
+ fstrcpy( name2, name );
+ strlower_m( name2 );
+ add_script = talloc_all_string_sub(tmp_ctx,
+ add_script,
+ "%u",
+ name2);
+ if (!add_script) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ add_ret = smbrun(add_script,NULL);
+ DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
+ add_script, add_ret));
+ if (add_ret == 0) {
+ smb_nscd_flush_user_cache();
+ }
+
+ flush_pwnam_cache();
+
+ pwd = Get_Pwnam_alloc(tmp_ctx, name);
+ }
+
+ /* we have a valid SID coming out of this call */
+
+ status = samu_alloc_rid_unix( sam_pass, pwd );
+
+ TALLOC_FREE( pwd );
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
+ return status;
+ }
+
+ if (!sid_peek_check_rid(get_global_sam_sid(),
+ pdb_get_user_sid(sam_pass), rid)) {
+ DEBUG(0, ("Could not get RID of fresh user\n"));
+ return NT_STATUS_INTERNAL_ERROR;
}
-
- return NT_STATUS_IS_OK(pdb->add_sam_account(pdb, sam_acct));
+
+ /* Use the username case specified in the original request */
+
+ pdb_set_username( sam_pass, name, PDB_SET );
+
+ /* Disable the account on creation, it does not have a reasonable password yet. */
+
+ acb_info |= ACB_DISABLED;
+
+ pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
+
+ status = pdb_add_sam_account(sam_pass);
+
+ TALLOC_FREE(sam_pass);
+
+ return status;
}
-NTSTATUS pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
+NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
+ uint32 *rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->create_user(pdb, mem_ctx, name, flags, rid);
+}
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
+/****************************************************************************
+ Delete a UNIX user on demand.
+****************************************************************************/
+
+static int smb_delete_user(const char *unix_user)
+{
+ char *del_script = NULL;
+ int ret;
+
+ /* safety check */
+
+ if ( strequal( unix_user, "root" ) ) {
+ DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
+ return -1;
}
- if (csamuser != NULL) {
- pdb_free_sam(&csamuser);
- csamuser = NULL;
+ del_script = talloc_strdup(talloc_tos(), lp_deluser_script());
+ if (!del_script || !*del_script) {
+ return -1;
}
+ del_script = talloc_all_string_sub(talloc_tos(),
+ del_script,
+ "%u",
+ unix_user);
+ if (!del_script) {
+ return -1;
+ }
+ ret = smbrun(del_script,NULL);
+ flush_pwnam_cache();
+ if (ret == 0) {
+ smb_nscd_flush_user_cache();
+ }
+ DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
- return pdb->update_sam_account(pdb, sam_acct);
+ return ret;
}
-BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
+static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *sam_acct)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ NTSTATUS status;
+ fstring username;
- if ( !pdb ) {
- return False;
+ status = pdb_delete_sam_account(sam_acct);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (csamuser != NULL) {
- pdb_free_sam(&csamuser);
- csamuser = NULL;
- }
+ /*
+ * Now delete the unix side ....
+ * note: we don't check if the delete really happened as the script is
+ * not necessary present and maybe the sysadmin doesn't want to delete
+ * the unix side
+ */
+
+ /* always lower case the username before handing it off to
+ external scripts */
- return NT_STATUS_IS_OK(pdb->delete_sam_account(pdb, sam_acct));
+ fstrcpy( username, pdb_get_username(sam_acct) );
+ strlower_m( username );
+
+ smb_delete_user( username );
+
+ return status;
}
-NTSTATUS pdb_rename_sam_account(SAM_ACCOUNT *oldname, const char *newname)
+NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ uid_t uid = -1;
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
+ /* sanity check to make sure we don't delete root */
+
+ if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
+ return NT_STATUS_NO_SUCH_USER;
}
- if (csamuser != NULL) {
- pdb_free_sam(&csamuser);
- csamuser = NULL;
+ if ( uid == 0 ) {
+ return NT_STATUS_ACCESS_DENIED;
}
- return pdb->rename_sam_account(pdb, oldname, newname);
+ return pdb->delete_user(pdb, mem_ctx, sam_acct);
}
-NTSTATUS pdb_update_login_attempts(SAM_ACCOUNT *sam_acct, BOOL success)
+NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->add_sam_account(pdb, sam_acct);
+}
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
+NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
- return pdb->update_login_attempts(pdb, sam_acct, success);
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
+
+ return pdb->update_sam_account(pdb, sam_acct);
}
-BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
+NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
- if ( !pdb ) {
- return False;
- }
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
- return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
+ return pdb->delete_sam_account(pdb, sam_acct);
}
-BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
+NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ uid_t uid;
+ NTSTATUS status;
- if ( !pdb ) {
- return False;
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
+
+ /* sanity check to make sure we don't rename root */
+
+ if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
+ return NT_STATUS_NO_SUCH_USER;
}
- return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
+ if ( uid == 0 ) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = pdb->rename_sam_account(pdb, oldname, newname);
+
+ /* always flush the cache here just to be safe */
+ flush_pwnam_cache();
+
+ return status;
}
-BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
+NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->update_login_attempts(pdb, sam_acct, success);
+}
- if ( !pdb ) {
- return False;
- }
+bool pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
+}
+
+bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
+}
+bool pdb_getgrnam(GROUP_MAP *map, const char *name)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
}
-NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
+static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ const char *name,
+ uint32 *rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ DOM_SID group_sid;
+ struct group *grp;
+ fstring tmp;
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
+ grp = getgrnam(name);
+
+ if (grp == NULL) {
+ gid_t gid;
+
+ if (smb_create_group(name, &gid) != 0) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ grp = getgrgid(gid);
}
- return pdb->add_group_mapping_entry(pdb, map);
+ if (grp == NULL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
+ if (!pdb_new_rid(rid)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else {
+ *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
+ }
+
+ sid_compose(&group_sid, get_global_sam_sid(), *rid);
+
+ return add_initial_entry(grp->gr_gid, sid_to_fstring(tmp, &group_sid),
+ SID_NAME_DOM_GRP, name, NULL);
}
-NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
+NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
+ uint32 *rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->create_dom_group(pdb, mem_ctx, name, rid);
+}
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
+static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32 rid)
+{
+ DOM_SID group_sid;
+ GROUP_MAP map;
+ NTSTATUS status;
+ struct group *grp;
+ const char *grp_name;
+
+ /* coverity */
+ map.gid = (gid_t) -1;
+
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
+
+ if (!get_domain_group_from_sid(group_sid, &map)) {
+ DEBUG(10, ("Could not find group for rid %d\n", rid));
+ return NT_STATUS_NO_SUCH_GROUP;
}
- return pdb->update_group_mapping_entry(pdb, map);
-}
+ /* We need the group name for the smb_delete_group later on */
-BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
-{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ if (map.gid == (gid_t)-1) {
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
- if ( !pdb ) {
- return False;
+ grp = getgrgid(map.gid);
+ if (grp == NULL) {
+ return NT_STATUS_NO_SUCH_GROUP;
}
- return NT_STATUS_IS_OK(pdb->delete_group_mapping_entry(pdb, sid));
+ /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
+
+ grp_name = talloc_strdup(mem_ctx, grp->gr_name);
+ if (grp_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = pdb_delete_group_mapping_entry(group_sid);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* Don't check the result of smb_delete_group */
+
+ smb_delete_group(grp_name);
+
+ return NT_STATUS_OK;
}
-BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, BOOL unix_only)
+NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->delete_dom_group(pdb, mem_ctx, rid);
+}
- if ( !pdb ) {
- return False;
- }
+NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->add_group_mapping_entry(pdb, map);
+}
- return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid_name_use,
+NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->update_group_mapping_entry(pdb, map);
+}
+
+NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->delete_group_mapping_entry(pdb, sid);
+}
+
+bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, bool unix_only)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
pp_rmap, p_num_entries, unix_only));
}
uint32 **pp_member_rids,
size_t *p_num_members)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ NTSTATUS result;
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
+ result = pdb->enum_group_members(pdb, mem_ctx,
+ sid, pp_member_rids, p_num_members);
+
+ /* special check for rid 513 */
+
+ if ( !NT_STATUS_IS_OK( result ) ) {
+ uint32 rid;
+
+ sid_peek_rid( sid, &rid );
+
+ if ( rid == DOMAIN_GROUP_RID_USERS ) {
+ *p_num_members = 0;
+ *pp_member_rids = NULL;
+
+ return NT_STATUS_OK;
+ }
}
- return pdb->enum_group_members(pdb, mem_ctx, sid,
- pp_member_rids, p_num_members);
+ return result;
}
-NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, SAM_ACCOUNT *user,
+NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
DOM_SID **pp_sids, gid_t **pp_gids,
size_t *p_num_groups)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->enum_group_memberships(
pdb, mem_ctx, user,
pp_sids, pp_gids, p_num_groups);
}
-BOOL pdb_find_alias(const char *name, DOM_SID *sid)
+static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *sampass)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct group *grp;
+ gid_t gid;
- if ( !pdb ) {
- return False;
+ if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
+ (grp = getgrgid(gid)) == NULL) {
+ return NT_STATUS_INVALID_PRIMARY_GROUP;
}
- return NT_STATUS_IS_OK(pdb->find_alias(pdb,
- name, sid));
+ if (smb_set_primary_group(grp->gr_name,
+ pdb_get_username(sampass)) != 0) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return NT_STATUS_OK;
}
-NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
+NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->set_unix_primary_group(pdb, mem_ctx, user);
+}
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
+/*
+ * Helper function to see whether a user is in a group. We can't use
+ * user_in_group_sid here because this creates dependencies only smbd can
+ * fulfil.
+ */
+
+static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
+ const DOM_SID *group_sid)
+{
+ DOM_SID *sids;
+ gid_t *gids;
+ size_t i, num_groups;
+
+ if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
+ &sids, &gids,
+ &num_groups))) {
+ return False;
}
- return pdb->create_alias(pdb, name, rid);
+ for (i=0; i<num_groups; i++) {
+ if (sid_equal(group_sid, &sids[i])) {
+ return True;
+ }
+ }
+ return False;
}
-BOOL pdb_delete_alias(const DOM_SID *sid)
+static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32 group_rid,
+ uint32 member_rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ DOM_SID group_sid, member_sid;
+ struct samu *account = NULL;
+ GROUP_MAP map;
+ struct group *grp;
+ struct passwd *pwd;
+ const char *group_name;
+ uid_t uid;
- if ( !pdb ) {
- return False;
+ /* coverity */
+ map.gid = (gid_t) -1;
+
+ sid_compose(&group_sid, get_global_sam_sid(), group_rid);
+ sid_compose(&member_sid, get_global_sam_sid(), member_rid);
+
+ if (!get_domain_group_from_sid(group_sid, &map) ||
+ (map.gid == (gid_t)-1) ||
+ ((grp = getgrgid(map.gid)) == NULL)) {
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ group_name = talloc_strdup(mem_ctx, grp->gr_name);
+ if (group_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ( !(account = samu_new( NULL )) ) {
+ return NT_STATUS_NO_MEMORY;
}
- return NT_STATUS_IS_OK(pdb->delete_alias(pdb,
- sid));
-
+ if (!pdb_getsampwsid(account, &member_sid) ||
+ !sid_to_uid(&member_sid, &uid) ||
+ ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
+ return NT_STATUS_MEMBER_IN_GROUP;
+ }
+
+ /*
+ * ok, the group exist, the user exist, the user is not in the group,
+ * we can (finally) add it to the group !
+ */
+
+ smb_add_user_group(group_name, pwd->pw_name);
+
+ if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return NT_STATUS_OK;
}
-BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
+NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
+ uint32 member_rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
+}
- if ( !pdb ) {
- return False;
+static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32 group_rid,
+ uint32 member_rid)
+{
+ DOM_SID group_sid, member_sid;
+ struct samu *account = NULL;
+ GROUP_MAP map;
+ struct group *grp;
+ struct passwd *pwd;
+ const char *group_name;
+ uid_t uid;
+
+ sid_compose(&group_sid, get_global_sam_sid(), group_rid);
+ sid_compose(&member_sid, get_global_sam_sid(), member_rid);
+
+ if (!get_domain_group_from_sid(group_sid, &map) ||
+ (map.gid == (gid_t)-1) ||
+ ((grp = getgrgid(map.gid)) == NULL)) {
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ group_name = talloc_strdup(mem_ctx, grp->gr_name);
+ if (group_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- return NT_STATUS_IS_OK(pdb->get_aliasinfo(pdb, sid,
- info));
+ if ( !(account = samu_new( NULL )) ) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getsampwsid(account, &member_sid) ||
+ !sid_to_uid(&member_sid, &uid) ||
+ ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
+ return NT_STATUS_MEMBER_NOT_IN_GROUP;
+ }
+
+ /*
+ * ok, the group exist, the user exist, the user is in the group,
+ * we can (finally) delete it from the group!
+ */
+
+ smb_delete_user_group(group_name, pwd->pw_name);
+
+ if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return NT_STATUS_OK;
}
-BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
+NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
+ uint32 member_rid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
+}
- if ( !pdb ) {
- return False;
- }
+NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->create_alias(pdb, name, rid);
+}
- return NT_STATUS_IS_OK(pdb->set_aliasinfo(pdb, sid,
- info));
+NTSTATUS pdb_delete_alias(const DOM_SID *sid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->delete_alias(pdb, sid);
}
-NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->get_aliasinfo(pdb, sid, info);
+}
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->set_aliasinfo(pdb, sid, info);
+}
+NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->add_aliasmem(pdb, alias, member);
}
NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->del_aliasmem(pdb, alias, member);
}
-NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
+NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias, TALLOC_CTX *mem_ctx,
DOM_SID **pp_members, size_t *p_num_members)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return pdb->enum_aliasmem(pdb, alias,
- pp_members, p_num_members);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->enum_aliasmem(pdb, alias, mem_ctx, pp_members,
+ p_num_members);
}
NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
uint32 **pp_alias_rids,
size_t *p_num_alias_rids)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->enum_alias_memberships(pdb, mem_ctx,
domain_sid,
members, num_members,
int num_rids,
uint32 *rids,
const char **names,
- uint32 *attrs)
+ enum lsa_SidType *attrs)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- return pdb->lookup_rids(pdb, domain_sid,
- num_rids, rids, names, attrs);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
}
+/*
+ * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
+ * in the samba code.
+ * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
+ * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
+ * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
+ * down to are pdb_getsampwnam and pdb_getgrnam instead of
+ * pdb_lookup_names.
+ * But in principle, it the call belongs to the API and might get
+ * used in this context some day.
+ */
+#if 0
NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
int num_names,
const char **names,
uint32 *rids,
- uint32 *attrs)
+ enum lsa_SidType *attrs)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- return pdb->lookup_names(pdb, domain_sid,
- num_names, names, rids, attrs);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
}
+#endif
-BOOL pdb_get_account_policy(int policy_index, uint32 *value)
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
-}
-
-BOOL pdb_set_account_policy(int policy_index, uint32 value)
-{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ NTSTATUS status;
- if ( !pdb ) {
- return False;
- }
+ become_root();
+ status = pdb->get_account_policy(pdb, type, value);
+ unbecome_root();
- return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+ return NT_STATUS_IS_OK(status);
}
-BOOL pdb_get_seq_num(time_t *seq_num)
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
+ NTSTATUS status;
- if ( !pdb ) {
- return False;
- }
+ become_root();
+ status = pdb->set_account_policy(pdb, type, value);
+ unbecome_root();
- return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
+ return NT_STATUS_IS_OK(status);
}
-BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid)
+bool pdb_get_seq_num(time_t *seq_num)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
-
- return pdb->uid_to_rid(pdb, uid, rid);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
-BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
+bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->uid_to_sid(pdb, uid, sid);
+}
+bool pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->gid_to_sid(pdb, gid, sid);
}
-BOOL pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
- enum SID_NAME_USE *type)
+bool pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
+ enum lsa_SidType *type)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
-
+ struct pdb_methods *pdb = pdb_get_methods();
return pdb->sid_to_id(pdb, sid, id, type);
}
-BOOL pdb_rid_algorithm(void)
+uint32_t pdb_capabilities(void)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
-
- if ( !pdb ) {
- return False;
- }
-
- return pdb->rid_algorithm(pdb);
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->capabilities(pdb);
}
-BOOL pdb_new_rid(uint32 *rid)
-{
- struct pdb_methods *pdb = pdb_get_methods(False);
+/********************************************************************
+ Allocate a new RID from the passdb backend. Verify that it is free
+ by calling lookup_global_sam_rid() to verify that the RID is not
+ in use. This handles servers that have existing users or groups
+ with add RIDs (assigned from previous algorithmic mappings)
+********************************************************************/
- if ( !pdb ) {
- return False;
- }
+bool pdb_new_rid(uint32 *rid)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ const char *name = NULL;
+ enum lsa_SidType type;
+ uint32 allocated_rid = 0;
+ int i;
+ TALLOC_CTX *ctx;
- if (pdb_rid_algorithm()) {
+ if ((pdb_capabilities() & PDB_CAP_STORE_RIDS) == 0) {
DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
"are active\n"));
return False;
DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
"without algorithmic RIDs is chosen.\n"));
DEBUGADD(0, ("Please map all used groups using 'net groupmap "
- "add', set the maximum used RID using\n"));
- DEBUGADD(0, ("'net setmaxrid' and remove the parameter\n"));
+ "add', set the maximum used RID\n"));
+ DEBUGADD(0, ("and remove the parameter\n"));
+ return False;
+ }
+
+ if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
+ DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
+ return False;
+ }
+
+ /* Attempt to get an unused RID (max tires is 250...yes that it is
+ and arbitrary number I pulkled out of my head). -- jerry */
+
+ for ( i=0; allocated_rid==0 && i<250; i++ ) {
+ /* get a new RID */
+
+ if ( !pdb->new_rid(pdb, &allocated_rid) ) {
+ return False;
+ }
+
+ /* validate that the RID is not in use */
+
+ if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
+ allocated_rid = 0;
+ }
+ }
+
+ TALLOC_FREE( ctx );
+
+ if ( allocated_rid == 0 ) {
+ DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
return False;
}
- return pdb->new_rid(pdb, rid);
+ *rid = allocated_rid;
+
+ return True;
}
/***************************************************************
If uninitialised, context will auto-init on first use.
***************************************************************/
-BOOL initialize_password_db(BOOL reload)
-{
- return (pdb_get_methods(reload) != NULL);
+bool initialize_password_db(bool reload, struct event_context *event_ctx)
+{
+ pdb_event_ctx = event_ctx;
+ return (pdb_get_methods_reload(reload) != NULL);
}
Default implementations of some functions.
****************************************************************************/
-static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
{
return NT_STATUS_NO_SUCH_USER;
}
-static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
+static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
{
return NT_STATUS_NO_SUCH_USER;
}
-static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
+static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
{
- DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
+static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
+static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd, const char *newname)
+static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, SAM_ACCOUNT *newpwd, BOOL success)
+static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
{
+ /* Only the pdb_nds backend implements this, by
+ * default just return ok. */
return NT_STATUS_OK;
}
-static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static void pdb_default_endsampwent(struct pdb_methods *methods)
+static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
{
- return; /* NT_STATUS_NOT_IMPLEMENTED; */
+ return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
{
- return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
-{
- return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
return NT_STATUS_OK;
}
-static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
- uint32 *rid)
+static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
+ DOM_SID *sid)
{
- SAM_ACCOUNT *sampw = NULL;
+ struct samu *sampw = NULL;
struct passwd *unix_pw;
- BOOL ret;
-
+ bool ret;
+
unix_pw = sys_getpwuid( uid );
if ( !unix_pw ) {
- DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid "
+ DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
"%lu\n", (unsigned long)uid));
return False;
}
-
- if ( !NT_STATUS_IS_OK(pdb_init_sam(&sampw)) ) {
- DEBUG(0,("pdb_default_uid_to_rid: failed to allocate "
- "SAM_ACCOUNT object\n"));
+
+ if ( !(sampw = samu_new( NULL )) ) {
+ DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
return False;
}
-
+
become_root();
ret = NT_STATUS_IS_OK(
methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
unbecome_root();
if (!ret) {
- DEBUG(5, ("pdb_default_uid_to_rid: Did not find user "
- "%s (%d)\n", unix_pw->pw_name, uid));
- pdb_free_sam(&sampw);
+ DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
+ "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
+ TALLOC_FREE(sampw);
return False;
}
- ret = sid_peek_check_rid(get_global_sam_sid(),
- pdb_get_user_sid(sampw), rid);
+ sid_copy(sid, pdb_get_user_sid(sampw));
- if (!ret) {
- DEBUG(1, ("Could not peek rid out of sid %s\n",
- sid_string_static(pdb_get_user_sid(sampw))));
- }
+ TALLOC_FREE(sampw);
- pdb_free_sam(&sampw);
- return ret;
+ return True;
}
-static BOOL pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
+static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
DOM_SID *sid)
{
GROUP_MAP map;
return True;
}
-static BOOL pdb_default_sid_to_id(struct pdb_methods *methods,
+static bool pdb_default_sid_to_id(struct pdb_methods *methods,
const DOM_SID *sid,
- union unid_t *id, enum SID_NAME_USE *type)
+ union unid_t *id, enum lsa_SidType *type)
{
TALLOC_CTX *mem_ctx;
- BOOL ret = False;
+ bool ret = False;
const char *name;
uint32 rid;
goto done;
}
- if (sid_peek_check_rid(&global_sid_Builtin, sid, &rid)) {
+ /* check for "Unix User" */
+
+ if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
+ id->uid = rid;
+ *type = SID_NAME_USER;
+ ret = True;
+ goto done;
+ }
+
+ /* check for "Unix Group" */
+
+ if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
+ id->gid = rid;
+ *type = SID_NAME_ALIAS;
+ ret = True;
+ goto done;
+ }
+
+ /* BUILTIN */
+
+ if (sid_check_is_in_builtin(sid) ||
+ sid_check_is_in_wellknown_domain(sid)) {
/* Here we only have aliases */
GROUP_MAP map;
if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
DEBUG(10, ("Could not find map for sid %s\n",
- sid_string_static(sid)));
+ sid_string_dbg(sid)));
goto done;
}
if ((map.sid_name_use != SID_NAME_ALIAS) &&
(map.sid_name_use != SID_NAME_WKN_GRP)) {
DEBUG(10, ("Map for sid %s is a %s, expected an "
- "alias\n", sid_string_static(sid),
+ "alias\n", sid_string_dbg(sid),
sid_type_lookup(map.sid_name_use)));
goto done;
}
goto done;
}
- DEBUG(5, ("Sid %s is neither ours nor builtin, don't know it\n",
- sid_string_static(sid)));
+ DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
+ sid_string_dbg(sid)));
done:
- talloc_free(mem_ctx);
+ TALLOC_FREE(mem_ctx);
return ret;
}
-static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
- uid_t uid, uid_t **pp_uids, size_t *p_num)
-{
- size_t i;
-
- for (i=0; i<*p_num; i++) {
- if ((*pp_uids)[i] == uid)
- return;
- }
-
- *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1);
-
- if (*pp_uids == NULL)
- return;
-
- (*pp_uids)[*p_num] = uid;
- *p_num += 1;
-}
-
-static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
+static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
{
struct group *grp;
char **gr;
- struct sys_pwent *userlist, *user;
+ struct passwd *pwd;
+ bool winbind_env;
+ bool ret = False;
*pp_uids = NULL;
*p_num = 0;
/* We only look at our own sam, so don't care about imported stuff */
-
- winbind_off();
+ winbind_env = winbind_env_set();
+ (void)winbind_off();
if ((grp = getgrgid(gid)) == NULL) {
- winbind_on();
- return False;
+ /* allow winbindd lookups, but only if they weren't already disabled */
+ goto done;
}
/* Primary group members */
-
- userlist = getpwent_list();
-
- for (user = userlist; user != NULL; user = user->next) {
- if (user->pw_gid != gid)
- continue;
- add_uid_to_array_unique(mem_ctx, user->pw_uid, pp_uids, p_num);
+ setpwent();
+ while ((pwd = getpwent()) != NULL) {
+ if (pwd->pw_gid == gid) {
+ if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
+ pp_uids, p_num)) {
+ goto done;
+ }
+ }
}
-
- pwent_free(userlist);
+ endpwent();
/* Secondary group members */
-
for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
struct passwd *pw = getpwnam(*gr);
if (pw == NULL)
continue;
- add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num);
+ if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
+ goto done;
+ }
}
- winbind_on();
+ ret = True;
- return True;
+ done:
+
+ /* allow winbindd lookups, but only if they weren't already disabled */
+ if (!winbind_env) {
+ (void)winbind_on();
+ }
+
+ return ret;
}
-NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group,
- uint32 **pp_member_rids,
- size_t *p_num_members)
+static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *group,
+ uint32 **pp_member_rids,
+ size_t *p_num_members)
{
gid_t gid;
uid_t *uids;
uid_to_sid(&sid, uids[i]);
if (!sid_check_is_in_our_domain(&sid)) {
- DEBUG(1, ("Inconsistent SAM -- group member uid not "
+ DEBUG(5, ("Inconsistent SAM -- group member uid not "
"in our domain\n"));
continue;
}
return NT_STATUS_OK;
}
+static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *user,
+ DOM_SID **pp_sids,
+ gid_t **pp_gids,
+ size_t *p_num_groups)
+{
+ size_t i;
+ gid_t gid;
+ struct passwd *pw;
+ const char *username = pdb_get_username(user);
+
+
+ /* Ignore the primary group SID. Honor the real Unix primary group.
+ The primary group SID is only of real use to Windows clients */
+
+ if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ gid = pw->pw_gid;
+
+ TALLOC_FREE( pw );
+
+ if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ if (*p_num_groups == 0) {
+ smb_panic("primary group missing");
+ }
+
+ *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
+
+ if (*pp_sids == NULL) {
+ TALLOC_FREE(*pp_gids);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<*p_num_groups; i++) {
+ gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
+ }
+
+ return NT_STATUS_OK;
+}
+
/*******************************************************************
Look up a rid in the SAM we're responsible for (i.e. passdb)
********************************************************************/
-static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
+static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
const char **name,
- enum SID_NAME_USE *psid_name_use,
+ enum lsa_SidType *psid_name_use,
union unid_t *unix_id)
{
- SAM_ACCOUNT *sam_account = NULL;
+ struct samu *sam_account = NULL;
GROUP_MAP map;
- BOOL ret;
+ bool ret;
DOM_SID sid;
*psid_name_use = SID_NAME_UNKNOWN;
-
+
DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
(unsigned int)rid));
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, rid);
-
+
/* see if the passdb can help us with the name of the user */
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
+
+ if ( !(sam_account = samu_new( NULL )) ) {
return False;
}
unbecome_root(); /* -----> EXIT BECOME_ROOT() */
*name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
+ if (!*name) {
+ TALLOC_FREE(sam_account);
+ return False;
+ }
+
*psid_name_use = SID_NAME_USER;
- pdb_free_sam(&sam_account);
+ TALLOC_FREE(sam_account);
if (unix_id == NULL) {
return True;
}
- pw = Get_Pwnam(*name);
+ pw = Get_Pwnam_alloc(talloc_tos(), *name);
if (pw == NULL) {
return False;
}
unix_id->uid = pw->pw_uid;
+ TALLOC_FREE(pw);
return True;
}
- pdb_free_sam(&sam_account);
-
+ TALLOC_FREE(sam_account);
+
ret = pdb_getgrsid(&map, sid);
unbecome_root();
/* END BECOME_ROOT BLOCK */
-
- if ( ret ) {
- if (map.gid!=(gid_t)-1) {
- DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
- "gid %u\n", map.nt_name,
- (unsigned int)map.gid));
- } else {
- DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
- "no unix gid. Returning name.\n",
- map.nt_name));
- }
+ /* do not resolve SIDs to a name unless there is a valid
+ gid associated with it */
+
+ if ( ret && (map.gid != (gid_t)-1) ) {
*name = talloc_strdup(mem_ctx, map.nt_name);
*psid_name_use = map.sid_name_use;
- if (unix_id == NULL) {
- return True;
+ if ( unix_id ) {
+ unix_id->gid = map.gid;
}
- if (map.gid == (gid_t)-1) {
- DEBUG(5, ("Can't find a unix id for an unmapped "
- "group\n"));
- return False;
- }
+ return True;
+ }
+
+ /* Windows will always map RID 513 to something. On a non-domain
+ controller, this gets mapped to SERVER\None. */
+
+ if ( unix_id ) {
+ DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
+ return False;
+ }
+
+ if ( rid == DOMAIN_GROUP_RID_USERS ) {
+ *name = talloc_strdup(mem_ctx, "None" );
+ *psid_name_use = SID_NAME_DOM_GRP;
- unix_id->gid = map.gid;
return True;
}
return False;
}
-NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
- int num_rids,
- uint32 *rids,
- const char **names,
- uint32 *attrs)
+static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
+ const DOM_SID *domain_sid,
+ int num_rids,
+ uint32 *rids,
+ const char **names,
+ enum lsa_SidType *attrs)
{
int i;
NTSTATUS result;
- BOOL have_mapped = False;
- BOOL have_unmapped = False;
+ bool have_mapped = False;
+ bool have_unmapped = False;
if (sid_check_is_builtin(domain_sid)) {
if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
NULL)) {
+ if (name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
names[i] = name;
DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
have_mapped = True;
return result;
}
-NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
- int num_names,
- const char **names,
- uint32 *rids,
- uint32 *attrs)
+#if 0
+static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
+ const DOM_SID *domain_sid,
+ int num_names,
+ const char **names,
+ uint32 *rids,
+ enum lsa_SidType *attrs)
{
int i;
NTSTATUS result;
- BOOL have_mapped = False;
- BOOL have_unmapped = False;
+ bool have_mapped = False;
+ bool have_unmapped = False;
if (sid_check_is_builtin(domain_sid)) {
return result;
}
+#endif
-static struct pdb_search *pdb_search_init(enum pdb_search_type type)
+static int pdb_search_destructor(struct pdb_search *search)
{
- TALLOC_CTX *mem_ctx;
- struct pdb_search *result;
-
- mem_ctx = talloc_init("pdb_search");
- if (mem_ctx == NULL) {
- DEBUG(0, ("talloc_init failed\n"));
- return NULL;
+ if ((!search->search_ended) && (search->search_end != NULL)) {
+ search->search_end(search);
}
+ return 0;
+}
+
+struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
+ enum pdb_search_type type)
+{
+ struct pdb_search *result;
- result = TALLOC_P(mem_ctx, struct pdb_search);
+ result = talloc(mem_ctx, struct pdb_search);
if (result == NULL) {
DEBUG(0, ("talloc failed\n"));
return NULL;
}
- result->mem_ctx = mem_ctx;
result->type = type;
result->cache = NULL;
result->num_entries = 0;
result->cache_size = 0;
result->search_ended = False;
+ result->search_end = NULL;
/* Segfault appropriately if not initialized */
result->next_entry = NULL;
result->search_end = NULL;
+ talloc_set_destructor(result, pdb_search_destructor);
+
return result;
}
entry->description = "";
}
-static BOOL user_search_in_progress = False;
-struct user_search {
- uint16 acct_flags;
-};
-
-static BOOL next_entry_users(struct pdb_search *s,
- struct samr_displayentry *entry)
-{
- struct user_search *state = s->private_data;
- SAM_ACCOUNT *user = NULL;
- NTSTATUS status;
-
- next:
- status = pdb_init_sam(&user);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Could not pdb_init_sam\n"));
- return False;
- }
-
- if (!pdb_getsampwent(user)) {
- pdb_free_sam(&user);
- return False;
- }
-
- if ((state->acct_flags != 0) &&
- ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) {
- pdb_free_sam(&user);
- goto next;
- }
-
- fill_displayentry(s->mem_ctx, pdb_get_user_rid(user),
- pdb_get_acct_ctrl(user), pdb_get_username(user),
- pdb_get_fullname(user), pdb_get_acct_desc(user),
- entry);
-
- pdb_free_sam(&user);
- return True;
-}
-
-static void search_end_users(struct pdb_search *search)
-{
- pdb_endsampwent();
- user_search_in_progress = False;
-}
-
-static BOOL pdb_default_search_users(struct pdb_methods *methods,
- struct pdb_search *search,
- uint16 acct_flags)
-{
- struct user_search *state;
-
- if (user_search_in_progress) {
- DEBUG(1, ("user search in progress\n"));
- return False;
- }
-
- if (!pdb_setsampwent(False, acct_flags)) {
- DEBUG(5, ("Could not start search\n"));
- return False;
- }
-
- user_search_in_progress = True;
-
- state = TALLOC_P(search->mem_ctx, struct user_search);
- if (state == NULL) {
- DEBUG(0, ("talloc failed\n"));
- return False;
- }
-
- state->acct_flags = acct_flags;
-
- search->private_data = state;
- search->next_entry = next_entry_users;
- search->search_end = search_end_users;
- return True;
-}
-
struct group_search {
GROUP_MAP *groups;
size_t num_groups, current_group;
};
-static BOOL next_entry_groups(struct pdb_search *s,
+static bool next_entry_groups(struct pdb_search *s,
struct samr_displayentry *entry)
{
- struct group_search *state = s->private_data;
+ struct group_search *state = (struct group_search *)s->private_data;
uint32 rid;
GROUP_MAP *map = &state->groups[state->current_group];
sid_peek_rid(&map->sid, &rid);
- fill_displayentry(s->mem_ctx, rid, 0, map->nt_name, NULL, map->comment,
- entry);
+ fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
state->current_group += 1;
return True;
static void search_end_groups(struct pdb_search *search)
{
- struct group_search *state = search->private_data;
+ struct group_search *state =
+ (struct group_search *)search->private_data;
SAFE_FREE(state->groups);
}
-static BOOL pdb_search_grouptype(struct pdb_search *search,
- enum SID_NAME_USE type)
+static bool pdb_search_grouptype(struct pdb_search *search,
+ const DOM_SID *sid, enum lsa_SidType type)
{
struct group_search *state;
- state = TALLOC_P(search->mem_ctx, struct group_search);
+ state = talloc(search, struct group_search);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
}
- if (!pdb_enum_group_mapping(type, &state->groups, &state->num_groups,
+ if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
True)) {
DEBUG(0, ("Could not enum groups\n"));
return False;
return True;
}
-static BOOL pdb_default_search_groups(struct pdb_methods *methods,
+static bool pdb_default_search_groups(struct pdb_methods *methods,
struct pdb_search *search)
{
- return pdb_search_grouptype(search, SID_NAME_DOM_GRP);
+ return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
}
-static BOOL pdb_default_search_aliases(struct pdb_methods *methods,
+static bool pdb_default_search_aliases(struct pdb_methods *methods,
struct pdb_search *search,
const DOM_SID *sid)
{
- if (sid_equal(sid, get_global_sam_sid()))
- return pdb_search_grouptype(search, SID_NAME_ALIAS);
-
- if (sid_equal(sid, &global_sid_Builtin))
- return pdb_search_grouptype(search, SID_NAME_WKN_GRP);
-
- DEBUG(3, ("unknown domain sid: %s\n", sid_string_static(sid)));
- return False;
+ return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
}
static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
break;
}
- ADD_TO_LARGE_ARRAY(search->mem_ctx, struct samr_displayentry,
+ ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
entry, &search->cache, &search->num_entries,
&search->cache_size);
}
return (search->num_entries > idx) ? &search->cache[idx] : NULL;
}
-struct pdb_search *pdb_search_users(uint16 acct_flags)
+struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32 acct_flags)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
- if (pdb == NULL) return NULL;
-
- result = pdb_search_init(PDB_USER_SEARCH);
- if (result == NULL) return NULL;
+ result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
+ if (result == NULL) {
+ return NULL;
+ }
if (!pdb->search_users(pdb, result, acct_flags)) {
- talloc_destroy(result->mem_ctx);
+ TALLOC_FREE(result);
return NULL;
}
return result;
}
-struct pdb_search *pdb_search_groups(void)
+struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
- if (pdb == NULL) return NULL;
-
- result = pdb_search_init(PDB_GROUP_SEARCH);
- if (result == NULL) return NULL;
+ result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
+ if (result == NULL) {
+ return NULL;
+ }
if (!pdb->search_groups(pdb, result)) {
- talloc_destroy(result->mem_ctx);
+ TALLOC_FREE(result);
return NULL;
}
return result;
}
-struct pdb_search *pdb_search_aliases(const DOM_SID *sid)
+struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
{
- struct pdb_methods *pdb = pdb_get_methods(False);
+ struct pdb_methods *pdb = pdb_get_methods();
struct pdb_search *result;
if (pdb == NULL) return NULL;
- result = pdb_search_init(PDB_ALIAS_SEARCH);
- if (result == NULL) return NULL;
+ result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
+ if (result == NULL) {
+ return NULL;
+ }
if (!pdb->search_aliases(pdb, result, sid)) {
- talloc_destroy(result->mem_ctx);
+ TALLOC_FREE(result);
return NULL;
}
return result;
return search->num_entries - start_idx;
}
-void pdb_search_destroy(struct pdb_search *search)
+/*******************************************************************
+ trustdom methods
+ *******************************************************************/
+
+bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid,
+ time_t *pass_last_set_time)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
+ pass_last_set_time);
+}
+
+bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
+ const DOM_SID *sid)
{
- if (search == NULL)
- return;
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
+}
- if (!search->search_ended)
- search->search_end(search);
+bool pdb_del_trusteddom_pw(const char *domain)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->del_trusteddom_pw(pdb, domain);
+}
+
+NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+ struct trustdom_info ***domains)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
+}
+
+/*******************************************************************
+ the defaults for trustdom methods:
+ these simply call the original passdb/secrets.c actions,
+ to be replaced by pdb_ldap.
+ *******************************************************************/
- talloc_destroy(search->mem_ctx);
+static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
+ const char *domain,
+ char** pwd,
+ DOM_SID *sid,
+ time_t *pass_last_set_time)
+{
+ return secrets_fetch_trusted_domain_password(domain, pwd,
+ sid, pass_last_set_time);
+
+}
+
+static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
+ const char* domain,
+ const char* pwd,
+ const DOM_SID *sid)
+{
+ return secrets_store_trusted_domain_password(domain, pwd, sid);
+}
+
+static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
+ const char *domain)
+{
+ return trusted_domain_password_delete(domain);
+}
+
+static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_domains,
+ struct trustdom_info ***domains)
+{
+ return secrets_trusted_domains(mem_ctx, num_domains, domains);
+}
+
+static struct pdb_domain_info *pdb_default_get_domain_info(
+ struct pdb_methods *m, TALLOC_CTX *mem_ctx)
+{
+ return NULL;
}
/*******************************************************************
{
/* allocate memory for the structure as its own talloc CTX */
- if ( !(*methods = TALLOC_ZERO_P(NULL, struct pdb_methods) ) ) {
+ *methods = talloc_zero(talloc_autofree_context(), struct pdb_methods);
+ if (*methods == NULL) {
return NT_STATUS_NO_MEMORY;
}
- (*methods)->setsampwent = pdb_default_setsampwent;
- (*methods)->endsampwent = pdb_default_endsampwent;
- (*methods)->getsampwent = pdb_default_getsampwent;
+ (*methods)->get_domain_info = pdb_default_get_domain_info;
(*methods)->getsampwnam = pdb_default_getsampwnam;
(*methods)->getsampwsid = pdb_default_getsampwsid;
+ (*methods)->create_user = pdb_default_create_user;
+ (*methods)->delete_user = pdb_default_delete_user;
(*methods)->add_sam_account = pdb_default_add_sam_account;
(*methods)->update_sam_account = pdb_default_update_sam_account;
(*methods)->delete_sam_account = pdb_default_delete_sam_account;
(*methods)->getgrsid = pdb_default_getgrsid;
(*methods)->getgrgid = pdb_default_getgrgid;
(*methods)->getgrnam = pdb_default_getgrnam;
+ (*methods)->create_dom_group = pdb_default_create_dom_group;
+ (*methods)->delete_dom_group = pdb_default_delete_dom_group;
(*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
(*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
(*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
(*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
(*methods)->enum_group_members = pdb_default_enum_group_members;
(*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
- (*methods)->find_alias = pdb_default_find_alias;
+ (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
+ (*methods)->add_groupmem = pdb_default_add_groupmem;
+ (*methods)->del_groupmem = pdb_default_del_groupmem;
(*methods)->create_alias = pdb_default_create_alias;
(*methods)->delete_alias = pdb_default_delete_alias;
(*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
- (*methods)->uid_to_rid = pdb_default_uid_to_rid;
+ (*methods)->uid_to_sid = pdb_default_uid_to_sid;
(*methods)->gid_to_sid = pdb_default_gid_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
- (*methods)->search_users = pdb_default_search_users;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->search_aliases = pdb_default_search_aliases;
+ (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
+ (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
+ (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
+ (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
+
return NT_STATUS_OK;
}