* changed to version 14 to move lookup_rids and lookup_names to return
* enum lsa_SidType rather than uint32.
* Changed to 16 for access to the trusted domain passwords (obnox).
+ * Changed to 17, the sampwent interface is gone.
*/
-#define PASSDB_INTERFACE_VERSION 16
+#define PASSDB_INTERFACE_VERSION 17
struct pdb_methods
{
const char *name; /* What name got this module */
- NTSTATUS (*setsampwent)(struct pdb_methods *, bool update, uint32 acb_mask);
-
- void (*endsampwent)(struct pdb_methods *);
-
- NTSTATUS (*getsampwent)(struct pdb_methods *, struct samu *user);
-
NTSTATUS (*getsampwnam)(struct pdb_methods *, struct samu *sam_acct, const char *username);
NTSTATUS (*getsampwsid)(struct pdb_methods *, struct samu *sam_acct, const DOM_SID *sid);
return pdb_get_methods_reload(False);
}
-/******************************************************************
- Backward compatibility functions for the original passdb interface
-*******************************************************************/
-
-bool pdb_setsampwent(bool update, uint16 acb_mask)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask));
-}
-
-void pdb_endsampwent(void)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- pdb->endsampwent(pdb);
-}
-
-bool pdb_getsampwent(struct samu *user)
-{
- struct pdb_methods *pdb = pdb_get_methods();
-
- if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) {
- return False;
- }
-
- return True;
-}
-
bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
{
struct pdb_methods *pdb = pdb_get_methods();
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, bool update, uint32 acb_mask)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, struct samu *user)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static void pdb_default_endsampwent(struct pdb_methods *methods)
-{
- return; /* NT_STATUS_NOT_IMPLEMENTED; */
-}
-
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
{
return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
#endif
-static struct pdb_search *pdb_search_init(enum pdb_search_type type)
+struct pdb_search *pdb_search_init(enum pdb_search_type type)
{
TALLOC_CTX *mem_ctx;
struct pdb_search *result;
entry->description = "";
}
-static bool user_search_in_progress = False;
-struct user_search {
- uint16 acct_flags;
-};
-
-static bool next_entry_users(struct pdb_search *s,
- struct samr_displayentry *entry)
-{
- struct user_search *state = (struct user_search *)s->private_data;
- struct samu *user = NULL;
-
- next:
- if ( !(user = samu_new( NULL )) ) {
- DEBUG(0, ("next_entry_users: samu_new() failed!\n"));
- return False;
- }
-
- if (!pdb_getsampwent(user)) {
- TALLOC_FREE(user);
- return False;
- }
-
- if ((state->acct_flags != 0) &&
- ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) {
- TALLOC_FREE(user);
- goto next;
- }
-
- fill_displayentry(s->mem_ctx, pdb_get_user_rid(user),
- pdb_get_acct_ctrl(user), pdb_get_username(user),
- pdb_get_fullname(user), pdb_get_acct_desc(user),
- entry);
-
- TALLOC_FREE(user);
- return True;
-}
-
-static void search_end_users(struct pdb_search *search)
-{
- pdb_endsampwent();
- user_search_in_progress = False;
-}
-
-static bool pdb_default_search_users(struct pdb_methods *methods,
- struct pdb_search *search,
- uint32 acct_flags)
-{
- struct user_search *state;
-
- if (user_search_in_progress) {
- DEBUG(1, ("user search in progress\n"));
- return False;
- }
-
- if (!pdb_setsampwent(False, acct_flags)) {
- DEBUG(5, ("Could not start search\n"));
- return False;
- }
-
- user_search_in_progress = True;
-
- state = TALLOC_P(search->mem_ctx, struct user_search);
- if (state == NULL) {
- DEBUG(0, ("talloc failed\n"));
- return False;
- }
-
- state->acct_flags = acct_flags;
-
- search->private_data = state;
- search->next_entry = next_entry_users;
- search->search_end = search_end_users;
- return True;
-}
-
struct group_search {
GROUP_MAP *groups;
size_t num_groups, current_group;
return NT_STATUS_NO_MEMORY;
}
- (*methods)->setsampwent = pdb_default_setsampwent;
- (*methods)->endsampwent = pdb_default_endsampwent;
- (*methods)->getsampwent = pdb_default_getsampwent;
(*methods)->getsampwnam = pdb_default_getsampwnam;
(*methods)->getsampwsid = pdb_default_getsampwsid;
(*methods)->create_user = pdb_default_create_user;
(*methods)->gid_to_sid = pdb_default_gid_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
- (*methods)->search_users = pdb_default_search_users;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->search_aliases = pdb_default_search_aliases;
return True;
}
-/**********************************************************************
- Connect to LDAP server for password enumeration.
-*********************************************************************/
-
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- int rc;
- char *filter = NULL;
- const char *suffix;
- const char **attr_list;
- bool machine_mask = False, user_mask = False;
- NTSTATUS status = NT_STATUS_OK;
- TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent");
-
- if (!ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)",
- get_objclass_filter(ldap_state->schema_ver));
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- filter = talloc_all_string_sub(ctx, filter, "%u", "*");
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
- user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
-
- if (machine_mask) {
- suffix = lp_ldap_machine_suffix();
- } else if (user_mask) {
- suffix = lp_ldap_user_suffix();
- } else {
- suffix = lp_ldap_suffix();
- }
-
- DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
- acb_mask, suffix));
-
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
- rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- TALLOC_FREE( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- status = NT_STATUS_UNSUCCESSFUL;
- goto out;
- }
-
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result), suffix));
-
- ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result);
- ldap_state->index = 0;
-
- out:
-
- TALLOC_FREE(ctx);
- return status;
-}
-
/**********************************************************************
End enumeration of the LDAP password list.
*********************************************************************/
}
}
-/**********************************************************************
-Get the next entry in the LDAP password database.
-*********************************************************************/
-
-static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods,
- struct samu *user)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)my_methods->private_data;
- bool bret = False;
-
- while (!bret) {
- if (!ldap_state->entry)
- return ret;
-
- ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
-
- ldap_state->entry = ldap_next_entry(priv2ld(ldap_state),
- ldap_state->entry);
- }
-
- return NT_STATUS_OK;
-}
-
static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
const char *new_attr)
{
(*pdb_method)->name = "ldapsam";
- (*pdb_method)->setsampwent = ldapsam_setsampwent;
- (*pdb_method)->endsampwent = ldapsam_endsampwent;
- (*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
(*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
Functions to be implemented by the new passdb API
****************************************************************/
-static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
-
- smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
- update ? PWF_UPDATE : PWF_READ,
- &(smbpasswd_state->pw_file_lock_depth));
-
- /* did we fail? Should we try to create it? */
- if (!smbpasswd_state->pw_file && update && errno == ENOENT) {
- FILE *fp;
- /* slprintf(msg_str,msg_str_len-1,
- "smbpasswd file did not exist - attempting to create it.\n"); */
- DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
- fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
- if (fp) {
- fprintf(fp, "# Samba SMB password file\n");
- fclose(fp);
- }
-
- smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
- update ? PWF_UPDATE : PWF_READ,
- &(smbpasswd_state->pw_file_lock_depth));
- }
-
- if (smbpasswd_state->pw_file != NULL)
- return NT_STATUS_OK;
- else
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-static void smbpasswd_endsampwent (struct pdb_methods *my_methods)
-{
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
- endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
-}
-
-/*****************************************************************
- ****************************************************************/
-
-static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, struct samu *user)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
- struct smb_passwd *pw_buf=NULL;
- bool done = False;
-
- DEBUG(5,("pdb_getsampwent\n"));
-
- if ( !user ) {
- DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
- return nt_status;
- }
-
- while (!done) {
- /* do we have an entry? */
- pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
- if (pw_buf == NULL)
- return nt_status;
-
- /* build the struct samu entry from the smb_passwd struct.
- We loop in case the user in the pdb does not exist in
- the local system password file */
- if (build_sam_account(smbpasswd_state, user, pw_buf))
- done = True;
- }
-
- DEBUG(5,("getsampwent (smbpasswd): done\n"));
-
- /* success */
- return NT_STATUS_OK;
-}
-
/****************************************************************
Search smbpasswd file by iterating over the entries. Do not
call getpwnam() for unix account information until we have found
(*pdb_method)->name = "smbpasswd";
- (*pdb_method)->setsampwent = smbpasswd_setsampwent;
- (*pdb_method)->endsampwent = smbpasswd_endsampwent;
- (*pdb_method)->getsampwent = smbpasswd_getsampwent;
(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
(*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
#define RIDPREFIX "RID_"
#define PRIVPREFIX "PRIV_"
-struct pwent_list {
- struct pwent_list *prev, *next;
- TDB_DATA key;
-};
-static struct pwent_list *tdbsam_pwent_list;
-static bool pwent_initialized;
-
/* GLOBAL TDB SAM CONTEXT */
static TDB_CONTEXT *tdbsam;
return;
}
-/****************************************************************************
- creates a list of user keys
-****************************************************************************/
-
-static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
-{
- const char *prefix = USERPREFIX;
- int prefixlen = strlen (prefix);
- struct pwent_list *ptr;
-
- if ( strncmp((const char *)key.dptr, prefix, prefixlen) == 0 ) {
- if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) {
- DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n"));
-
- /* just return 0 and let the traversal continue */
- return 0;
- }
- ZERO_STRUCTP(ptr);
-
- /* save a copy of the key */
-
- ptr->key.dptr = (uint8 *)memdup( key.dptr, key.dsize );
- if (!ptr->key.dptr) {
- DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
- /* just return 0 and let the traversal continue */
- SAFE_FREE(ptr);
- return 0;
- }
-
- ptr->key.dsize = key.dsize;
-
- DLIST_ADD( tdbsam_pwent_list, ptr );
-
- }
-
- return 0;
-}
-
-/***************************************************************
- Open the TDB passwd database for SAM account enumeration.
- Save a list of user keys for iteration.
-****************************************************************/
-
-static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- if ( !tdbsam_open( tdbsam_filename ) ) {
- DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL );
- pwent_initialized = True;
-
- return NT_STATUS_OK;
-}
-
-
-/***************************************************************
- End enumeration of the TDB passwd list.
-****************************************************************/
-
-static void tdbsam_endsampwent(struct pdb_methods *my_methods)
-{
- struct pwent_list *ptr, *ptr_next;
-
- /* close the tdb only if we have a valid pwent state */
-
- if ( pwent_initialized ) {
- DEBUG(7, ("endtdbpwent: closed sam database.\n"));
- tdbsam_close();
- }
-
- /* clear out any remaining entries in the list */
-
- for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) {
- ptr_next = ptr->next;
- DLIST_REMOVE( tdbsam_pwent_list, ptr );
- SAFE_FREE( ptr->key.dptr);
- SAFE_FREE( ptr );
- }
-
- pwent_initialized = False;
-}
-
-/*****************************************************************
- Get one struct samu from the TDB (next in line)
-*****************************************************************/
-
-static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu *user)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- TDB_DATA data;
- struct pwent_list *pkey;
-
- if ( !user ) {
- DEBUG(0,("tdbsam_getsampwent: struct samu is NULL.\n"));
- return nt_status;
- }
-
- if ( !tdbsam_pwent_list ) {
- DEBUG(4,("tdbsam_getsampwent: end of list\n"));
- return nt_status;
- }
-
- /* pull the next entry */
-
- pkey = tdbsam_pwent_list;
- DLIST_REMOVE( tdbsam_pwent_list, pkey );
-
- data = tdb_fetch(tdbsam, pkey->key);
-
- SAFE_FREE( pkey->key.dptr);
- SAFE_FREE( pkey);
-
- if ( !data.dptr ) {
- DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n"));
- return nt_status;
- }
-
- if ( !init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize) ) {
- DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n"));
- }
-
- SAFE_FREE( data.dptr );
-
- return NT_STATUS_OK;
-}
-
/******************************************************************
Lookup a name in the SAM TDB
******************************************************************/
{
bool result = True;
- /* invalidate the existing TDB iterator if it is open */
-
- tdbsam_endsampwent( my_methods );
-
#if 0
if ( !pdb_get_group_rid(newpwd) ) {
DEBUG (0,("tdb_update_sam: Failing to store a struct samu for [%s] "
return NT_STATUS_ACCESS_DENIED;
}
- /* invalidate the existing TDB iterator if it is open */
-
- tdbsam_endsampwent( my_methods );
-
if ( !(new_acct = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
}
(*pdb_method)->name = "tdbsam";
- (*pdb_method)->setsampwent = tdbsam_setsampwent;
- (*pdb_method)->endsampwent = tdbsam_endsampwent;
- (*pdb_method)->getsampwent = tdbsam_getsampwent;
(*pdb_method)->getsampwnam = tdbsam_getsampwnam;
(*pdb_method)->getsampwsid = tdbsam_getsampwsid;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
get_friendly_nt_error_msg(rv));
}
- pdb->setsampwent(pdb, False, 0);
- while (NT_STATUS_IS_OK(pdb->getsampwent(pdb, out))) {
- if (pdb_get_username(out) == NULL) {
- fprintf(stderr, "Got bad username through getsampwent()\n");
- error = True;
- break;
- }
- if (NT_STATUS_IS_ERR(pdb->getsampwnam(pdb, in, pdb_get_username(out)))) {
- fprintf(stderr, "Error getting samu through getsampwnam() of an account we got through getsampwent!\n");
- error = True;
- continue;
- }
- if (!samu_correct(out, in)) {
- printf("Record gotten through getsampwnam() differs from same record through getsampwent()\n");
- }
- }
- pdb->endsampwent(pdb);
-
TALLOC_FREE(ctx);
if (error) {
git.samba.org / amitay / samba.git / commitdiff