source3/passdb/pdb_interface.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett                        2002
   5    Copyright (C) Jelmer Vernooij                        2002
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 #undef DBGC_CLASS
  25 #define DBGC_CLASS DBGC_PASSDB
  26
  27 static struct pdb_init_function_entry *backends = NULL;
  28
  29 static void lazy_initialize_passdb(void)
  30 {
  31         static BOOL initialized = False;
  32         if(initialized)return;
  33         static_init_pdb;
  34         initialized = True;
  35 }
  36
  37 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
  38
  39 /*******************************************************************
  40  Clean up uninitialised passwords.  The only way to tell
  41  that these values are not 'real' is that they do not
  42  have a valid last set time.  Instead, the value is fixed at 0.
  43  Therefore we use that as the key for 'is this a valid password'.
  44  However, it is perfectly valid to have a 'default' last change
  45  time, such LDAP with a missing attribute would produce.
  46 ********************************************************************/
  47
  48 static void pdb_force_pw_initialization(SAM_ACCOUNT *pass)
  49 {
  50         const char *lm_pwd, *nt_pwd;
  51
  52         /* only reset a password if the last set time has been
  53            explicitly been set to zero.  A default last set time
  54            is ignored */
  55
  56         if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
  57                 && (pdb_get_pass_last_set_time(pass) == 0) )
  58         {
  59
  60                 if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT)
  61                 {
  62                         lm_pwd = pdb_get_lanman_passwd(pass);
  63                         if (lm_pwd)
  64                                 pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED);
  65                 }
  66                 if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT)
  67                 {
  68                         nt_pwd = pdb_get_nt_passwd(pass);
  69                         if (nt_pwd)
  70                                 pdb_set_nt_passwd(pass, NULL, PDB_CHANGED);
  71                 }
  72         }
  73
  74         return;
  75 }
  76
  77 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
  78 {
  79         struct pdb_init_function_entry *entry = backends;
  80
  81         if(version != PASSDB_INTERFACE_VERSION) {
  82                 DEBUG(0,("Can't register passdb backend!\n"
  83                          "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
  84                          "while this version of samba uses version %d\n",
  85                          version,PASSDB_INTERFACE_VERSION));
  86                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
  87         }
  88
  89         if (!name || !init) {
  90                 return NT_STATUS_INVALID_PARAMETER;
  91         }
  92
  93         DEBUG(5,("Attempting to register passdb backend %s\n", name));
  94
  95         /* Check for duplicates */
  96         if (pdb_find_backend_entry(name)) {
  97                 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
  98                 return NT_STATUS_OBJECT_NAME_COLLISION;
  99         }
 100
 101         entry = smb_xmalloc(sizeof(struct pdb_init_function_entry));
 102         entry->name = smb_xstrdup(name);
 103         entry->init = init;
 104
 105         DLIST_ADD(backends, entry);
 106         DEBUG(5,("Successfully added passdb backend '%s'\n", name));
 107         return NT_STATUS_OK;
 108 }
 109
 110 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
 111 {
 112         struct pdb_init_function_entry *entry = backends;
 113
 114         while(entry) {
 115                 if (strcmp(entry->name, name)==0) return entry;
 116                 entry = entry->next;
 117         }
 118
 119         return NULL;
 120 }
 121
 122 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
 123 {
 124         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 125
 126         if (!context) {
 127                 DEBUG(0, ("invalid pdb_context specified!\n"));
 128                 return ret;
 129         }
 130
 131         context->pwent_methods = context->pdb_methods;
 132
 133         if (!context->pwent_methods) {
 134                 /* No passdbs at all */
 135                 return ret;
 136         }
 137
 138         while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update))) {
 139                 context->pwent_methods = context->pwent_methods->next;
 140                 if (context->pwent_methods == NULL)
 141                         return NT_STATUS_UNSUCCESSFUL;
 142         }
 143         return ret;
 144 }
 145
 146 static void context_endsampwent(struct pdb_context *context)
 147 {
 148         if ((!context)){
 149                 DEBUG(0, ("invalid pdb_context specified!\n"));
 150                 return;
 151         }
 152
 153         if (context->pwent_methods && context->pwent_methods->endsampwent)
 154                 context->pwent_methods->endsampwent(context->pwent_methods);
 155
 156         /* So we won't get strange data when calling getsampwent now */
 157         context->pwent_methods = NULL;
 158 }
 159
 160 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
 161 {
 162         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 163
 164         if ((!context) || (!context->pwent_methods)) {
 165                 DEBUG(0, ("invalid pdb_context specified!\n"));
 166                 return ret;
 167         }
 168         /* Loop until we find something useful */
 169         while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
 170
 171                 context->pwent_methods->endsampwent(context->pwent_methods);
 172
 173                 context->pwent_methods = context->pwent_methods->next;
 174
 175                 /* All methods are checked now. There are no more entries */
 176                 if (context->pwent_methods == NULL)
 177                         return ret;
 178
 179                 context->pwent_methods->setsampwent(context->pwent_methods, False);
 180         }
 181         user->methods = context->pwent_methods;
 182         pdb_force_pw_initialization(user);
 183         return ret;
 184 }
 185
 186 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
 187 {
 188         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 189
 190         struct pdb_methods *curmethods;
 191         if ((!context)) {
 192                 DEBUG(0, ("invalid pdb_context specified!\n"));
 193                 return ret;
 194         }
 195         curmethods = context->pdb_methods;
 196         while (curmethods){
 197                 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
 198                         pdb_force_pw_initialization(sam_acct);
 199                         sam_acct->methods = curmethods;
 200                         return ret;
 201                 }
 202                 curmethods = curmethods->next;
 203         }
 204
 205         return ret;
 206 }
 207
 208 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 209 {
 210         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 211
 212         struct pdb_methods *curmethods;
 213         if ((!context)) {
 214                 DEBUG(0, ("invalid pdb_context specified!\n"));
 215                 return ret;
 216         }
 217
 218         curmethods = context->pdb_methods;
 219
 220         while (curmethods){
 221                 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
 222                         pdb_force_pw_initialization(sam_acct);
 223                         sam_acct->methods = curmethods;
 224                         return ret;
 225                 }
 226                 curmethods = curmethods->next;
 227         }
 228
 229         return ret;
 230 }
 231
 232 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 233 {
 234         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 235
 236         if ((!context) || (!context->pdb_methods)) {
 237                 DEBUG(0, ("invalid pdb_context specified!\n"));
 238                 return ret;
 239         }
 240
 241         /** @todo  This is where a 're-read on add' should be done */
 242         /* We now add a new account to the first database listed.
 243          * Should we? */
 244
 245         return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
 246 }
 247
 248 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 249 {
 250         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 251
 252         if (!context) {
 253                 DEBUG(0, ("invalid pdb_context specified!\n"));
 254                 return ret;
 255         }
 256
 257         if (!sam_acct || !sam_acct->methods){
 258                 DEBUG(0, ("invalid sam_acct specified\n"));
 259                 return ret;
 260         }
 261
 262         /** @todo  This is where a 're-read on update' should be done */
 263
 264         return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
 265 }
 266
 267 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
 268 {
 269         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 270
 271         struct pdb_methods *pdb_selected;
 272         if (!context) {
 273                 DEBUG(0, ("invalid pdb_context specified!\n"));
 274                 return ret;
 275         }
 276
 277         if (!sam_acct->methods){
 278                 pdb_selected = context->pdb_methods;
 279                 /* There's no passdb backend specified for this account.
 280                  * Try to delete it in every passdb available
 281                  * Needed to delete accounts in smbpasswd that are not
 282                  * in /etc/passwd.
 283                  */
 284                 while (pdb_selected){
 285                         if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
 286                                 return ret;
 287                         }
 288                         pdb_selected = pdb_selected->next;
 289                 }
 290                 return ret;
 291         }
 292
 293         if (!sam_acct->methods->delete_sam_account){
 294                 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
 295                 return ret;
 296         }
 297
 298         return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
 299 }
 300
 301 static NTSTATUS context_getgrsid(struct pdb_context *context,
 302                                  GROUP_MAP *map, DOM_SID sid)
 303 {
 304         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 305
 306         struct pdb_methods *curmethods;
 307         if ((!context)) {
 308                 DEBUG(0, ("invalid pdb_context specified!\n"));
 309                 return ret;
 310         }
 311         curmethods = context->pdb_methods;
 312         while (curmethods){
 313                 ret = curmethods->getgrsid(curmethods, map, sid);
 314                 if (NT_STATUS_IS_OK(ret)) {
 315                         map->methods = curmethods;
 316                         return ret;
 317                 }
 318                 curmethods = curmethods->next;
 319         }
 320
 321         return ret;
 322 }
 323
 324 static NTSTATUS context_getgrgid(struct pdb_context *context,
 325                                  GROUP_MAP *map, gid_t gid)
 326 {
 327         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 328
 329         struct pdb_methods *curmethods;
 330         if ((!context)) {
 331                 DEBUG(0, ("invalid pdb_context specified!\n"));
 332                 return ret;
 333         }
 334         curmethods = context->pdb_methods;
 335         while (curmethods){
 336                 ret = curmethods->getgrgid(curmethods, map, gid);
 337                 if (NT_STATUS_IS_OK(ret)) {
 338                         map->methods = curmethods;
 339                         return ret;
 340                 }
 341                 curmethods = curmethods->next;
 342         }
 343
 344         return ret;
 345 }
 346
 347 static NTSTATUS context_getgrnam(struct pdb_context *context,
 348                                  GROUP_MAP *map, const char *name)
 349 {
 350         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 351
 352         struct pdb_methods *curmethods;
 353         if ((!context)) {
 354                 DEBUG(0, ("invalid pdb_context specified!\n"));
 355                 return ret;
 356         }
 357         curmethods = context->pdb_methods;
 358         while (curmethods){
 359                 ret = curmethods->getgrnam(curmethods, map, name);
 360                 if (NT_STATUS_IS_OK(ret)) {
 361                         map->methods = curmethods;
 362                         return ret;
 363                 }
 364                 curmethods = curmethods->next;
 365         }
 366
 367         return ret;
 368 }
 369
 370 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
 371                                                 GROUP_MAP *map)
 372 {
 373         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 374
 375         if ((!context) || (!context->pdb_methods)) {
 376                 DEBUG(0, ("invalid pdb_context specified!\n"));
 377                 return ret;
 378         }
 379
 380         return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
 381                                                              map);
 382 }
 383
 384 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
 385                                                    GROUP_MAP *map)
 386 {
 387         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 388
 389         if ((!context) || (!context->pdb_methods)) {
 390                 DEBUG(0, ("invalid pdb_context specified!\n"));
 391                 return ret;
 392         }
 393
 394         return context->
 395                 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
 396 }
 397
 398 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
 399                                                    DOM_SID sid)
 400 {
 401         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 402
 403         if ((!context) || (!context->pdb_methods)) {
 404                 DEBUG(0, ("invalid pdb_context specified!\n"));
 405                 return ret;
 406         }
 407
 408         return context->
 409                 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
 410 }
 411
 412 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
 413                                            enum SID_NAME_USE sid_name_use,
 414                                            GROUP_MAP **rmap, int *num_entries,
 415                                            BOOL unix_only)
 416 {
 417         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 418
 419         if ((!context) || (!context->pdb_methods)) {
 420                 DEBUG(0, ("invalid pdb_context specified!\n"));
 421                 return ret;
 422         }
 423
 424         return context->pdb_methods->enum_group_mapping(context->pdb_methods,
 425                                                         sid_name_use, rmap,
 426                                                         num_entries, unix_only);
 427 }
 428
 429 static NTSTATUS context_add_aliasmem(struct pdb_context *context,
 430                                      const DOM_SID *alias,
 431                                      const DOM_SID *member)
 432 {
 433         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 434
 435         if ((!context) || (!context->pdb_methods)) {
 436                 DEBUG(0, ("invalid pdb_context specified!\n"));
 437                 return ret;
 438         }
 439
 440         return context->pdb_methods->add_aliasmem(context->pdb_methods,
 441                                                   alias, member);
 442 }
 443
 444 static NTSTATUS context_del_aliasmem(struct pdb_context *context,
 445                                      const DOM_SID *alias,
 446                                      const DOM_SID *member)
 447 {
 448         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 449
 450         if ((!context) || (!context->pdb_methods)) {
 451                 DEBUG(0, ("invalid pdb_context specified!\n"));
 452                 return ret;
 453         }
 454
 455         return context->pdb_methods->del_aliasmem(context->pdb_methods,
 456                                                   alias, member);
 457 }
 458
 459 static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
 460                                       const DOM_SID *alias, DOM_SID **members,
 461                                       int *num)
 462 {
 463         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 464
 465         if ((!context) || (!context->pdb_methods)) {
 466                 DEBUG(0, ("invalid pdb_context specified!\n"));
 467                 return ret;
 468         }
 469
 470         return context->pdb_methods->enum_aliasmem(context->pdb_methods,
 471                                                    alias, members, num);
 472 }
 473
 474 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
 475                                                const DOM_SID *sid,
 476                                                DOM_SID **aliases, int *num)
 477 {
 478         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 479
 480         if ((!context) || (!context->pdb_methods)) {
 481                 DEBUG(0, ("invalid pdb_context specified!\n"));
 482                 return ret;
 483         }
 484
 485         return context->pdb_methods->
 486                 enum_alias_memberships(context->pdb_methods, sid, aliases,
 487                                        num);
 488 }
 489
 490 static NTSTATUS context_gettrustpwent(struct pdb_context *context,
 491                                       SAM_TRUST_PASSWD *trust)
 492 {
 493         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 494         struct pdb_methods *cur_methods;
 495
 496         if (!context) {
 497                 DEBUG(0, ("invalid pdb_context specified!\n"));
 498                 return ret;
 499         }
 500
 501         cur_methods = context->pdb_methods;
 502
 503         while (cur_methods) {
 504                 ret = cur_methods->gettrustpwent(cur_methods, trust);
 505                 if (NT_STATUS_IS_OK(ret)) {
 506                         trust->methods = cur_methods;
 507                         return ret;
 508                 }
 509                 cur_methods = cur_methods->next;
 510         }
 511
 512         return ret;
 513 }
 514
 515 static NTSTATUS context_gettrustpwsid(struct pdb_context *context,
 516                                       SAM_TRUST_PASSWD *trust,
 517                                       const DOM_SID *sid)
 518 {
 519         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 520         struct pdb_methods *cur_methods;
 521
 522         if (!context) {
 523                 DEBUG(0, ("invalid pdb_context specified!\n"));
 524                 return ret;
 525         }
 526
 527         cur_methods = context->pdb_methods;
 528
 529         while (cur_methods) {
 530                 ret = cur_methods->gettrustpwsid(cur_methods, trust, sid);
 531                 if (NT_STATUS_IS_OK(ret)) {
 532                         trust->methods = cur_methods;
 533                         return ret;
 534                 }
 535                 cur_methods = cur_methods->next;
 536         }
 537
 538         return ret;
 539 }
 540
 541 static NTSTATUS context_add_trust_passwd(struct pdb_context *context,
 542                                          SAM_TRUST_PASSWD *trust)
 543 {
 544         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 545
 546         if (!context) {
 547                 DEBUG(0, ("invalid pdb_context specified!\n"));
 548                 return ret;
 549         }
 550
 551         return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust);
 552 }
 553
 554 static NTSTATUS context_update_trust_passwd(struct pdb_context *context,
 555                                             SAM_TRUST_PASSWD *trust)
 556 {
 557         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 558
 559         if (!context) {
 560                 DEBUG(0, ("invalid pdb_context specified!\n"));
 561                 return ret;
 562         }
 563
 564         if (!trust || !trust->methods) {
 565                 DEBUG(0, ("invalid trust pointer specified!\n"));
 566                 return ret;
 567         }
 568
 569         return trust->methods->update_trust_passwd(trust->methods, trust);
 570 }
 571
 572 static NTSTATUS context_delete_trust_passwd(struct pdb_context *context,
 573                                             SAM_TRUST_PASSWD *trust)
 574 {
 575         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 576
 577         if (!context) {
 578                 DEBUG(0, ("invalid pdb_context specified!\n"));
 579                 return ret;
 580         }
 581
 582         if (!trust || !trust->methods) {
 583                 DEBUG(0, ("invalid trust pointer specified!\n"));
 584                 return ret;
 585         }
 586
 587         return trust->methods->delete_trust_passwd(trust->methods, trust);
 588 }
 589
 590 static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid)
 591 {
 592         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 593
 594         struct pdb_methods *curmethods;
 595         if ((!context)) {
 596                 DEBUG(0, ("invalid pdb_context specified!\n"));
 597                 return ret;
 598         }
 599         curmethods = context->pdb_methods;
 600         while (curmethods){
 601                 if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) {
 602                         return ret;
 603                 }
 604                 curmethods = curmethods->next;
 605         }
 606
 607         return ret;
 608 }
 609
 610 static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid)
 611 {
 612         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 613
 614         struct pdb_methods *curmethods;
 615         if ((!context)) {
 616                 DEBUG(0, ("invalid pdb_context specified!\n"));
 617                 return ret;
 618         }
 619         curmethods = context->pdb_methods;
 620         while (curmethods){
 621                 if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) {
 622                         return ret;
 623                 }
 624                 curmethods = curmethods->next;
 625         }
 626
 627         return ret;
 628 }
 629
 630 static NTSTATUS context_get_privilege_set(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
 631 {
 632         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 633
 634         struct pdb_methods *curmethods;
 635         if ((!context)) {
 636                 DEBUG(0, ("invalid pdb_context specified!\n"));
 637                 return ret;
 638         }
 639         curmethods = context->pdb_methods;
 640         while (curmethods){
 641                 if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, token, privset))) {
 642                         return ret;
 643                 }
 644                 curmethods = curmethods->next;
 645         }
 646
 647         return ret;
 648 }
 649
 650 static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list)
 651 {
 652         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 653
 654         struct pdb_methods *curmethods;
 655         if ((!context)) {
 656                 DEBUG(0, ("invalid pdb_context specified!\n"));
 657                 return ret;
 658         }
 659         curmethods = context->pdb_methods;
 660         while (curmethods){
 661                 if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) {
 662                         return ret;
 663                 }
 664                 curmethods = curmethods->next;
 665         }
 666
 667         return ret;
 668 }
 669
 670 /******************************************************************
 671   Free and cleanup a pdb context, any associated data and anything
 672   that the attached modules might have associated.
 673  *******************************************************************/
 674
 675 static void free_pdb_context(struct pdb_context **context)
 676 {
 677         struct pdb_methods *pdb_selected = (*context)->pdb_methods;
 678
 679         while (pdb_selected){
 680                 if(pdb_selected->free_private_data)
 681                         pdb_selected->free_private_data(&(pdb_selected->private_data));
 682                 pdb_selected = pdb_selected->next;
 683         }
 684
 685         talloc_destroy((*context)->mem_ctx);
 686         *context = NULL;
 687 }
 688
 689 /******************************************************************
 690   Make a pdb_methods from scratch
 691  *******************************************************************/
 692
 693 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
 694 {
 695         char *module_name = smb_xstrdup(selected);
 696         char *module_location = NULL, *p;
 697         struct pdb_init_function_entry *entry;
 698         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 699
 700         lazy_initialize_passdb();
 701
 702         p = strchr(module_name, ':');
 703
 704         if (p) {
 705                 *p = 0;
 706                 module_location = p+1;
 707                 trim_char(module_location, ' ', ' ');
 708         }
 709
 710         trim_char(module_name, ' ', ' ');
 711
 712
 713         DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
 714
 715         entry = pdb_find_backend_entry(module_name);
 716
 717         /* Try to find a module that contains this module */
 718         if (!entry) {
 719                 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
 720                 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
 721                         DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
 722                         SAFE_FREE(module_name);
 723                         return NT_STATUS_UNSUCCESSFUL;
 724                 }
 725         }
 726
 727         /* No such backend found */
 728         if(!entry) {
 729                 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
 730                 SAFE_FREE(module_name);
 731                 return NT_STATUS_INVALID_PARAMETER;
 732         }
 733
 734         DEBUG(5,("Found pdb backend %s\n", module_name));
 735         nt_status = entry->init(context, methods, module_location);
 736         if (NT_STATUS_IS_OK(nt_status)) {
 737                 DEBUG(5,("pdb backend %s has a valid init\n", selected));
 738         } else {
 739                 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
 740         }
 741         SAFE_FREE(module_name);
 742         return nt_status;
 743 }
 744
 745 /******************************************************************
 746   Make a pdb_context from scratch.
 747  *******************************************************************/
 748
 749 static NTSTATUS make_pdb_context(struct pdb_context **context)
 750 {
 751         TALLOC_CTX *mem_ctx;
 752
 753         mem_ctx = talloc_init("pdb_context internal allocation context");
 754
 755         if (!mem_ctx) {
 756                 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
 757                 return NT_STATUS_NO_MEMORY;
 758         }
 759
 760         *context = talloc(mem_ctx, sizeof(**context));
 761         if (!*context) {
 762                 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
 763                 return NT_STATUS_NO_MEMORY;
 764         }
 765
 766         ZERO_STRUCTP(*context);
 767
 768         (*context)->mem_ctx = mem_ctx;
 769
 770         (*context)->pdb_setsampwent = context_setsampwent;
 771         (*context)->pdb_endsampwent = context_endsampwent;
 772         (*context)->pdb_getsampwent = context_getsampwent;
 773         (*context)->pdb_getsampwnam = context_getsampwnam;
 774         (*context)->pdb_getsampwsid = context_getsampwsid;
 775         (*context)->pdb_add_sam_account = context_add_sam_account;
 776         (*context)->pdb_update_sam_account = context_update_sam_account;
 777         (*context)->pdb_delete_sam_account = context_delete_sam_account;
 778         (*context)->pdb_getgrsid = context_getgrsid;
 779         (*context)->pdb_getgrgid = context_getgrgid;
 780         (*context)->pdb_getgrnam = context_getgrnam;
 781         (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
 782         (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
 783         (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
 784         (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
 785         (*context)->pdb_add_aliasmem = context_add_aliasmem;
 786         (*context)->pdb_del_aliasmem = context_del_aliasmem;
 787         (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
 788         (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
 789         (*context)->pdb_gettrustpwent = context_gettrustpwent;
 790         (*context)->pdb_gettrustpwsid = context_gettrustpwsid;
 791         (*context)->pdb_add_trust_passwd = context_add_trust_passwd;
 792         (*context)->pdb_update_trust_passwd = context_update_trust_passwd;
 793         (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd;
 794         (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege;
 795         (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege;
 796         (*context)->pdb_get_privilege_set = context_get_privilege_set;
 797         (*context)->pdb_get_privilege_entry = context_get_privilege_entry;
 798
 799         (*context)->free_fn = free_pdb_context;
 800
 801         return NT_STATUS_OK;
 802 }
 803
 804
 805 /******************************************************************
 806   Make a pdb_context, given an array of strings
 807  *******************************************************************/
 808
 809 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
 810 {
 811         int i = 0;
 812         struct pdb_methods *curmethods, *tmpmethods;
 813         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 814         BOOL have_guest = False;
 815
 816         if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
 817                 return nt_status;
 818         }
 819
 820         if (!selected) {
 821                 DEBUG(0, ("ERROR: empty passdb backend list!\n"));
 822                 return nt_status;
 823         }
 824
 825         while (selected[i]){
 826                 if (strcmp(selected[i], "guest") == 0) {
 827                         have_guest = True;
 828                 }
 829                 /* Try to initialise pdb */
 830                 DEBUG(5,("Trying to load: %s\n", selected[i]));
 831                 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
 832                         DEBUG(1, ("Loading %s failed!\n", selected[i]));
 833                         free_pdb_context(context);
 834                         return nt_status;
 835                 }
 836                 curmethods->parent = *context;
 837                 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
 838                 i++;
 839         }
 840
 841         if (have_guest)
 842                 return NT_STATUS_OK;
 843
 844         if ( (lp_guestaccount() == NULL) ||
 845              (*lp_guestaccount() == '\0') ) {
 846                 /* We explicitly don't want guest access. No idea what
 847                    else that breaks, but be it that way. */
 848                 return NT_STATUS_OK;
 849         }
 850
 851         if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods,
 852                                                                *context,
 853                                                                "guest"))) {
 854                 DEBUG(1, ("Loading guest module failed!\n"));
 855                 free_pdb_context(context);
 856                 return nt_status;
 857         }
 858
 859         curmethods->parent = *context;
 860         DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
 861
 862         return NT_STATUS_OK;
 863 }
 864
 865 /******************************************************************
 866   Make a pdb_context, given a text string.
 867  *******************************************************************/
 868
 869 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
 870 {
 871         NTSTATUS ret;
 872         char **newsel = str_list_make(selected, NULL);
 873         ret = make_pdb_context_list(context, (const char **)newsel);
 874         str_list_free(&newsel);
 875         return ret;
 876 }
 877
 878 /******************************************************************
 879  Return an already initialised pdb_context, to facilitate backward
 880  compatibility (see functions below).
 881 *******************************************************************/
 882
 883 static struct pdb_context *pdb_get_static_context(BOOL reload)
 884 {
 885         static struct pdb_context *pdb_context = NULL;
 886
 887         if ((pdb_context) && (reload)) {
 888                 pdb_context->free_fn(&pdb_context);
 889                 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
 890                         return NULL;
 891                 }
 892         }
 893
 894         if (!pdb_context) {
 895                 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
 896                         return NULL;
 897                 }
 898         }
 899
 900         return pdb_context;
 901 }
 902
 903 /******************************************************************
 904  Backward compatibility functions for the original passdb interface
 905 *******************************************************************/
 906
 907 BOOL pdb_setsampwent(BOOL update)
 908 {
 909         struct pdb_context *pdb_context = pdb_get_static_context(False);
 910
 911         if (!pdb_context) {
 912                 return False;
 913         }
 914
 915         return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update));
 916 }
 917
 918 void pdb_endsampwent(void)
 919 {
 920         struct pdb_context *pdb_context = pdb_get_static_context(False);
 921
 922         if (!pdb_context) {
 923                 return;
 924         }
 925
 926         pdb_context->pdb_endsampwent(pdb_context);
 927 }
 928
 929 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
 930 {
 931         struct pdb_context *pdb_context = pdb_get_static_context(False);
 932
 933         if (!pdb_context) {
 934                 return False;
 935         }
 936
 937         return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
 938 }
 939
 940 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
 941 {
 942         struct pdb_context *pdb_context = pdb_get_static_context(False);
 943
 944         if (!pdb_context) {
 945                 return False;
 946         }
 947
 948         return NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username));
 949 }
 950
 951 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 952 {
 953         struct pdb_context *pdb_context = pdb_get_static_context(False);
 954
 955         if (!pdb_context) {
 956                 return False;
 957         }
 958
 959         return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
 960 }
 961
 962 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
 963 {
 964         struct pdb_context *pdb_context = pdb_get_static_context(False);
 965         const char *lm_pw, *nt_pw;
 966         uint16 acb_flags;
 967
 968         if (!pdb_context) {
 969                 return False;
 970         }
 971
 972         /* disable acccounts with no passwords (that has not
 973            been allowed by the  ACB_PWNOTREQ bit */
 974
 975         lm_pw = pdb_get_lanman_passwd( sam_acct );
 976         nt_pw = pdb_get_nt_passwd( sam_acct );
 977         acb_flags = pdb_get_acct_ctrl( sam_acct );
 978         if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
 979                 acb_flags |= ACB_DISABLED;
 980                 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
 981         }
 982
 983         return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
 984 }
 985
 986 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
 987 {
 988         struct pdb_context *pdb_context = pdb_get_static_context(False);
 989         const char *lm_pw, *nt_pw;
 990         uint16 acb_flags;
 991
 992         if (!pdb_context) {
 993                 return False;
 994         }
 995
 996         /* disable acccounts with no passwords (that has not
 997            been allowed by the  ACB_PWNOTREQ bit */
 998
 999         lm_pw = pdb_get_lanman_passwd( sam_acct );
1000         nt_pw = pdb_get_nt_passwd( sam_acct );
1001         acb_flags = pdb_get_acct_ctrl( sam_acct );
1002         if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
1003                 acb_flags |= ACB_DISABLED;
1004                 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
1005         }
1006
1007         return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
1008 }
1009
1010 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
1011 {
1012         struct pdb_context *pdb_context = pdb_get_static_context(False);
1013
1014         if (!pdb_context) {
1015                 return False;
1016         }
1017
1018         return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
1019 }
1020
1021 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
1022 {
1023         struct pdb_context *pdb_context = pdb_get_static_context(False);
1024
1025         if (!pdb_context) {
1026                 return False;
1027         }
1028
1029         return NT_STATUS_IS_OK(pdb_context->
1030                                pdb_getgrsid(pdb_context, map, sid));
1031 }
1032
1033 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
1034 {
1035         struct pdb_context *pdb_context = pdb_get_static_context(False);
1036
1037         if (!pdb_context) {
1038                 return False;
1039         }
1040
1041         return NT_STATUS_IS_OK(pdb_context->
1042                                pdb_getgrgid(pdb_context, map, gid));
1043 }
1044
1045 BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
1046 {
1047         struct pdb_context *pdb_context = pdb_get_static_context(False);
1048
1049         if (!pdb_context) {
1050                 return False;
1051         }
1052
1053         return NT_STATUS_IS_OK(pdb_context->
1054                                pdb_getgrnam(pdb_context, map, name));
1055 }
1056
1057 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
1058 {
1059         struct pdb_context *pdb_context = pdb_get_static_context(False);
1060
1061         if (!pdb_context) {
1062                 return False;
1063         }
1064
1065         return NT_STATUS_IS_OK(pdb_context->
1066                                pdb_add_group_mapping_entry(pdb_context, map));
1067 }
1068
1069 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
1070 {
1071         struct pdb_context *pdb_context = pdb_get_static_context(False);
1072
1073         if (!pdb_context) {
1074                 return False;
1075         }
1076
1077         return NT_STATUS_IS_OK(pdb_context->
1078                                pdb_update_group_mapping_entry(pdb_context, map));
1079 }
1080
1081 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
1082 {
1083         struct pdb_context *pdb_context = pdb_get_static_context(False);
1084
1085         if (!pdb_context) {
1086                 return False;
1087         }
1088
1089         return NT_STATUS_IS_OK(pdb_context->
1090                                pdb_delete_group_mapping_entry(pdb_context, sid));
1091 }
1092
1093 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
1094                             int *num_entries, BOOL unix_only)
1095 {
1096         struct pdb_context *pdb_context = pdb_get_static_context(False);
1097
1098         if (!pdb_context) {
1099                 return False;
1100         }
1101
1102         return NT_STATUS_IS_OK(pdb_context->
1103                                pdb_enum_group_mapping(pdb_context, sid_name_use,
1104                                                       rmap, num_entries, unix_only));
1105 }
1106
1107 BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1108 {
1109         struct pdb_context *pdb_context = pdb_get_static_context(False);
1110
1111         if (!pdb_context) {
1112                 return False;
1113         }
1114
1115         return NT_STATUS_IS_OK(pdb_context->
1116                                pdb_add_aliasmem(pdb_context, alias, member));
1117 }
1118
1119 BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1120 {
1121         struct pdb_context *pdb_context = pdb_get_static_context(False);
1122
1123         if (!pdb_context) {
1124                 return False;
1125         }
1126
1127         return NT_STATUS_IS_OK(pdb_context->
1128                                pdb_del_aliasmem(pdb_context, alias, member));
1129 }
1130
1131 BOOL pdb_enum_aliasmem(const DOM_SID *alias,
1132                        DOM_SID **members, int *num_members)
1133 {
1134         struct pdb_context *pdb_context = pdb_get_static_context(False);
1135
1136         if (!pdb_context) {
1137                 return False;
1138         }
1139
1140         return NT_STATUS_IS_OK(pdb_context->
1141                                pdb_enum_aliasmem(pdb_context, alias,
1142                                                  members, num_members));
1143 }
1144
1145 BOOL pdb_enum_alias_memberships(const DOM_SID *sid,
1146                                 DOM_SID **aliases, int *num)
1147 {
1148         struct pdb_context *pdb_context = pdb_get_static_context(False);
1149
1150         if (!pdb_context) {
1151                 return False;
1152         }
1153
1154         return NT_STATUS_IS_OK(pdb_context->
1155                                pdb_enum_alias_memberships(pdb_context, sid,
1156                                                           aliases, num));
1157 }
1158
1159 BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid)
1160 {
1161         struct pdb_context *pdb_context = pdb_get_static_context(False);
1162
1163         if (!pdb_context) {
1164                 return False;
1165         }
1166
1167         return NT_STATUS_IS_OK(pdb_context->
1168                                pdb_add_sid_to_privilege(pdb_context, priv_name, sid));
1169 }
1170
1171 BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid)
1172 {
1173         struct pdb_context *pdb_context = pdb_get_static_context(False);
1174
1175         if (!pdb_context) {
1176                 return False;
1177         }
1178
1179         return NT_STATUS_IS_OK(pdb_context->
1180                                pdb_remove_sid_from_privilege(pdb_context, priv_name, sid));
1181 }
1182
1183 BOOL pdb_get_privilege_set(NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
1184 {
1185         struct pdb_context *pdb_context = pdb_get_static_context(False);
1186
1187         if (!pdb_context) {
1188                 return False;
1189         }
1190
1191         return NT_STATUS_IS_OK(pdb_context->
1192                                pdb_get_privilege_set(pdb_context, token, privset));
1193 }
1194
1195 BOOL pdb_get_privilege_entry(const char *privname, char **sid_list)
1196 {
1197         struct pdb_context *pdb_context = pdb_get_static_context(False);
1198
1199         if (!pdb_context) {
1200                 return False;
1201         }
1202
1203         return NT_STATUS_IS_OK(pdb_context->
1204                                pdb_get_privilege_entry(pdb_context, privname, sid_list));
1205 }
1206
1207 /***************************************************************
1208   Initialize the static context (at smbd startup etc).
1209
1210   If uninitialised, context will auto-init on first use.
1211  ***************************************************************/
1212
1213 BOOL initialize_password_db(BOOL reload)
1214 {
1215         return (pdb_get_static_context(reload) != NULL);
1216 }
1217
1218
1219 /***************************************************************************
1220   Default implementations of some functions.
1221  ****************************************************************************/
1222
1223 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
1224 {
1225         return NT_STATUS_NO_SUCH_USER;
1226 }
1227
1228 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
1229 {
1230         return NT_STATUS_NO_SUCH_USER;
1231 }
1232
1233 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1234 {
1235         DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
1236         return NT_STATUS_NOT_IMPLEMENTED;
1237 }
1238
1239 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1240 {
1241         return NT_STATUS_NOT_IMPLEMENTED;
1242 }
1243
1244 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
1245 {
1246         return NT_STATUS_NOT_IMPLEMENTED;
1247 }
1248
1249 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
1250 {
1251         return NT_STATUS_NOT_IMPLEMENTED;
1252 }
1253
1254 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
1255 {
1256         return NT_STATUS_NOT_IMPLEMENTED;
1257 }
1258
1259 static void pdb_default_endsampwent(struct pdb_methods *methods)
1260 {
1261         return; /* NT_STATUS_NOT_IMPLEMENTED; */
1262 }
1263
1264 static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust)
1265 {
1266         return NT_STATUS_NOT_IMPLEMENTED;
1267 }
1268
1269 static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust,
1270                                           const DOM_SID* sid)
1271 {
1272         return NT_STATUS_NOT_IMPLEMENTED;
1273 }
1274
1275 static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
1276 {
1277         return NT_STATUS_NOT_IMPLEMENTED;
1278 }
1279
1280 static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
1281 {
1282         return NT_STATUS_NOT_IMPLEMENTED;
1283 }
1284
1285 static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
1286 {
1287         return NT_STATUS_NOT_IMPLEMENTED;
1288 }
1289
1290 static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid)
1291 {
1292         return NT_STATUS_NOT_IMPLEMENTED;
1293 }
1294
1295 static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid)
1296 {
1297         return NT_STATUS_NOT_IMPLEMENTED;
1298 }
1299
1300 static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
1301 {
1302         /* by default return the empty privilege set as otherwise login will
1303          * be denied if a backend does not support privilege sets */
1304         return NT_STATUS_OK;
1305 }
1306
1307 static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list)
1308 {
1309         return NT_STATUS_NOT_IMPLEMENTED;
1310 }
1311
1312
1313 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
1314 {
1315         *methods = talloc(mem_ctx, sizeof(struct pdb_methods));
1316
1317         if (!*methods) {
1318                 return NT_STATUS_NO_MEMORY;
1319         }
1320
1321         ZERO_STRUCTP(*methods);
1322
1323         (*methods)->setsampwent = pdb_default_setsampwent;
1324         (*methods)->endsampwent = pdb_default_endsampwent;
1325         (*methods)->getsampwent = pdb_default_getsampwent;
1326         (*methods)->getsampwnam = pdb_default_getsampwnam;
1327         (*methods)->getsampwsid = pdb_default_getsampwsid;
1328         (*methods)->add_sam_account = pdb_default_add_sam_account;
1329         (*methods)->update_sam_account = pdb_default_update_sam_account;
1330         (*methods)->delete_sam_account = pdb_default_delete_sam_account;
1331
1332         (*methods)->getgrsid = pdb_default_getgrsid;
1333         (*methods)->getgrgid = pdb_default_getgrgid;
1334         (*methods)->getgrnam = pdb_default_getgrnam;
1335         (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
1336         (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
1337         (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
1338         (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
1339         (*methods)->add_aliasmem = pdb_default_add_aliasmem;
1340         (*methods)->del_aliasmem = pdb_default_del_aliasmem;
1341         (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
1342         (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
1343
1344         (*methods)->gettrustpwent = pdb_default_gettrustpwent;
1345         (*methods)->gettrustpwsid = pdb_default_gettrustpwsid;
1346         (*methods)->add_trust_passwd = pdb_default_add_trust_passwd;
1347         (*methods)->update_trust_passwd = pdb_default_update_trust_passwd;
1348         (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd;
1349
1350         (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege;
1351         (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege;
1352         (*methods)->get_privilege_set = pdb_default_get_privilege_set;
1353         (*methods)->get_privilege_entry = pdb_default_get_privilege_entry;
1354
1355         return NT_STATUS_OK;
1356 }