2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_PASSDB
28 static struct pdb_init_function_entry *backends = NULL;
30 static void lazy_initialize_passdb(void)
32 static BOOL initialized = False;
33 if(initialized)return;
38 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
40 /*******************************************************************
41 Clean up uninitialised passwords. The only way to tell
42 that these values are not 'real' is that they do not
43 have a valid last set time. Instead, the value is fixed at 0.
44 Therefore we use that as the key for 'is this a valid password'.
45 However, it is perfectly valid to have a 'default' last change
46 time, such LDAP with a missing attribute would produce.
47 ********************************************************************/
49 static void pdb_force_pw_initialization(SAM_ACCOUNT *pass)
51 const uint8 *lm_pwd, *nt_pwd;
53 /* only reset a password if the last set time has been
54 explicitly been set to zero. A default last set time
57 if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
58 && (pdb_get_pass_last_set_time(pass) == 0) )
61 if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT)
63 lm_pwd = pdb_get_lanman_passwd(pass);
65 pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED);
67 if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT)
69 nt_pwd = pdb_get_nt_passwd(pass);
71 pdb_set_nt_passwd(pass, NULL, PDB_CHANGED);
78 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
80 struct pdb_init_function_entry *entry = backends;
82 if(version != PASSDB_INTERFACE_VERSION) {
83 DEBUG(0,("Can't register passdb backend!\n"
84 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
85 "while this version of samba uses version %d\n",
86 version,PASSDB_INTERFACE_VERSION));
87 return NT_STATUS_OBJECT_TYPE_MISMATCH;
91 return NT_STATUS_INVALID_PARAMETER;
94 DEBUG(5,("Attempting to register passdb backend %s\n", name));
96 /* Check for duplicates */
97 if (pdb_find_backend_entry(name)) {
98 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
99 return NT_STATUS_OBJECT_NAME_COLLISION;
102 entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
103 entry->name = smb_xstrdup(name);
106 DLIST_ADD(backends, entry);
107 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
111 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
113 struct pdb_init_function_entry *entry = backends;
116 if (strcmp(entry->name, name)==0) return entry;
123 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update, uint16 acb_mask)
125 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
128 DEBUG(0, ("invalid pdb_context specified!\n"));
132 context->pwent_methods = context->pdb_methods;
134 if (!context->pwent_methods) {
135 /* No passdbs at all */
139 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update, acb_mask))) {
140 context->pwent_methods = context->pwent_methods->next;
141 if (context->pwent_methods == NULL)
142 return NT_STATUS_UNSUCCESSFUL;
147 static void context_endsampwent(struct pdb_context *context)
150 DEBUG(0, ("invalid pdb_context specified!\n"));
154 if (context->pwent_methods && context->pwent_methods->endsampwent)
155 context->pwent_methods->endsampwent(context->pwent_methods);
157 /* So we won't get strange data when calling getsampwent now */
158 context->pwent_methods = NULL;
161 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
163 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
165 if ((!context) || (!context->pwent_methods)) {
166 DEBUG(0, ("invalid pdb_context specified!\n"));
169 /* Loop until we find something useful */
170 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
172 context->pwent_methods->endsampwent(context->pwent_methods);
174 context->pwent_methods = context->pwent_methods->next;
176 /* All methods are checked now. There are no more entries */
177 if (context->pwent_methods == NULL)
180 context->pwent_methods->setsampwent(context->pwent_methods, False, 0);
182 user->methods = context->pwent_methods;
183 pdb_force_pw_initialization(user);
187 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
189 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
191 struct pdb_methods *curmethods;
193 DEBUG(0, ("invalid pdb_context specified!\n"));
196 curmethods = context->pdb_methods;
198 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
199 pdb_force_pw_initialization(sam_acct);
200 sam_acct->methods = curmethods;
203 curmethods = curmethods->next;
209 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
211 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
213 struct pdb_methods *curmethods;
215 DEBUG(0, ("invalid pdb_context specified!\n"));
219 curmethods = context->pdb_methods;
222 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
223 pdb_force_pw_initialization(sam_acct);
224 sam_acct->methods = curmethods;
227 curmethods = curmethods->next;
233 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
235 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
236 const uint8 *lm_pw, *nt_pw;
239 if ((!context) || (!context->pdb_methods)) {
240 DEBUG(0, ("invalid pdb_context specified!\n"));
244 /* disable acccounts with no passwords (that has not
245 been allowed by the ACB_PWNOTREQ bit */
247 lm_pw = pdb_get_lanman_passwd( sam_acct );
248 nt_pw = pdb_get_nt_passwd( sam_acct );
249 acb_flags = pdb_get_acct_ctrl( sam_acct );
250 if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
251 acb_flags |= ACB_DISABLED;
252 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
255 /** @todo This is where a 're-read on add' should be done */
256 /* We now add a new account to the first database listed.
259 return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
262 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
264 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
265 const uint8 *lm_pw, *nt_pw;
269 DEBUG(0, ("invalid pdb_context specified!\n"));
273 if (!sam_acct || !sam_acct->methods){
274 DEBUG(0, ("invalid sam_acct specified\n"));
278 /* disable acccounts with no passwords (that has not
279 been allowed by the ACB_PWNOTREQ bit */
281 lm_pw = pdb_get_lanman_passwd( sam_acct );
282 nt_pw = pdb_get_nt_passwd( sam_acct );
283 acb_flags = pdb_get_acct_ctrl( sam_acct );
284 if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
285 acb_flags |= ACB_DISABLED;
286 pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
289 /** @todo This is where a 're-read on update' should be done */
291 return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
294 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
296 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
298 struct pdb_methods *pdb_selected;
300 DEBUG(0, ("invalid pdb_context specified!\n"));
304 if (!sam_acct->methods){
305 pdb_selected = context->pdb_methods;
306 /* There's no passdb backend specified for this account.
307 * Try to delete it in every passdb available
308 * Needed to delete accounts in smbpasswd that are not
311 while (pdb_selected){
312 if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
315 pdb_selected = pdb_selected->next;
320 if (!sam_acct->methods->delete_sam_account){
321 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
325 return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
328 static NTSTATUS context_update_login_attempts(struct pdb_context *context,
329 SAM_ACCOUNT *sam_acct, BOOL success)
331 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
334 DEBUG(0, ("invalid pdb_context specified!\n"));
338 if (!sam_acct || !sam_acct->methods){
339 DEBUG(0, ("invalid sam_acct specified\n"));
343 return sam_acct->methods->update_login_attempts(sam_acct->methods, sam_acct, success);
346 static NTSTATUS context_getgrsid(struct pdb_context *context,
347 GROUP_MAP *map, DOM_SID sid)
349 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
351 struct pdb_methods *curmethods;
353 DEBUG(0, ("invalid pdb_context specified!\n"));
356 curmethods = context->pdb_methods;
358 ret = curmethods->getgrsid(curmethods, map, sid);
359 if (NT_STATUS_IS_OK(ret)) {
360 map->methods = curmethods;
363 curmethods = curmethods->next;
369 static NTSTATUS context_getgrgid(struct pdb_context *context,
370 GROUP_MAP *map, gid_t gid)
372 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
374 struct pdb_methods *curmethods;
376 DEBUG(0, ("invalid pdb_context specified!\n"));
379 curmethods = context->pdb_methods;
381 ret = curmethods->getgrgid(curmethods, map, gid);
382 if (NT_STATUS_IS_OK(ret)) {
383 map->methods = curmethods;
386 curmethods = curmethods->next;
392 static NTSTATUS context_getgrnam(struct pdb_context *context,
393 GROUP_MAP *map, const char *name)
395 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
397 struct pdb_methods *curmethods;
399 DEBUG(0, ("invalid pdb_context specified!\n"));
402 curmethods = context->pdb_methods;
404 ret = curmethods->getgrnam(curmethods, map, name);
405 if (NT_STATUS_IS_OK(ret)) {
406 map->methods = curmethods;
409 curmethods = curmethods->next;
415 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
418 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
420 if ((!context) || (!context->pdb_methods)) {
421 DEBUG(0, ("invalid pdb_context specified!\n"));
425 return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
429 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
432 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
434 if ((!context) || (!context->pdb_methods)) {
435 DEBUG(0, ("invalid pdb_context specified!\n"));
440 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
443 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
446 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
448 if ((!context) || (!context->pdb_methods)) {
449 DEBUG(0, ("invalid pdb_context specified!\n"));
454 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
457 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
458 enum SID_NAME_USE sid_name_use,
459 GROUP_MAP **rmap, int *num_entries,
462 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
464 if ((!context) || (!context->pdb_methods)) {
465 DEBUG(0, ("invalid pdb_context specified!\n"));
469 return context->pdb_methods->enum_group_mapping(context->pdb_methods,
471 num_entries, unix_only);
474 static NTSTATUS context_enum_group_members(struct pdb_context *context,
476 const DOM_SID *group,
477 uint32 **member_rids,
480 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
482 if ((!context) || (!context->pdb_methods)) {
483 DEBUG(0, ("invalid pdb_context specified!\n"));
487 return context->pdb_methods->enum_group_members(context->pdb_methods,
493 static NTSTATUS context_enum_group_memberships(struct pdb_context *context,
494 const char *username,
496 DOM_SID **sids, gid_t **gids,
499 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
501 if ((!context) || (!context->pdb_methods)) {
502 DEBUG(0, ("invalid pdb_context specified!\n"));
506 return context->pdb_methods->
507 enum_group_memberships(context->pdb_methods, username,
508 primary_gid, sids, gids, num_groups);
511 static NTSTATUS context_find_alias(struct pdb_context *context,
512 const char *name, DOM_SID *sid)
514 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
516 if ((!context) || (!context->pdb_methods)) {
517 DEBUG(0, ("invalid pdb_context specified!\n"));
521 return context->pdb_methods->find_alias(context->pdb_methods,
525 static NTSTATUS context_create_alias(struct pdb_context *context,
526 const char *name, uint32 *rid)
528 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
530 if ((!context) || (!context->pdb_methods)) {
531 DEBUG(0, ("invalid pdb_context specified!\n"));
535 return context->pdb_methods->create_alias(context->pdb_methods,
539 static NTSTATUS context_delete_alias(struct pdb_context *context,
542 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
544 if ((!context) || (!context->pdb_methods)) {
545 DEBUG(0, ("invalid pdb_context specified!\n"));
549 return context->pdb_methods->delete_alias(context->pdb_methods, sid);
552 static NTSTATUS context_enum_aliases(struct pdb_context *context,
554 uint32 start_idx, uint32 max_entries,
556 struct acct_info **info)
558 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
560 if ((!context) || (!context->pdb_methods)) {
561 DEBUG(0, ("invalid pdb_context specified!\n"));
565 return context->pdb_methods->enum_aliases(context->pdb_methods,
566 sid, start_idx, max_entries,
570 static NTSTATUS context_get_aliasinfo(struct pdb_context *context,
572 struct acct_info *info)
574 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
576 if ((!context) || (!context->pdb_methods)) {
577 DEBUG(0, ("invalid pdb_context specified!\n"));
581 return context->pdb_methods->get_aliasinfo(context->pdb_methods,
585 static NTSTATUS context_set_aliasinfo(struct pdb_context *context,
587 struct acct_info *info)
589 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
591 if ((!context) || (!context->pdb_methods)) {
592 DEBUG(0, ("invalid pdb_context specified!\n"));
596 return context->pdb_methods->set_aliasinfo(context->pdb_methods,
600 static NTSTATUS context_add_aliasmem(struct pdb_context *context,
601 const DOM_SID *alias,
602 const DOM_SID *member)
604 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
606 if ((!context) || (!context->pdb_methods)) {
607 DEBUG(0, ("invalid pdb_context specified!\n"));
611 return context->pdb_methods->add_aliasmem(context->pdb_methods,
615 static NTSTATUS context_del_aliasmem(struct pdb_context *context,
616 const DOM_SID *alias,
617 const DOM_SID *member)
619 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
621 if ((!context) || (!context->pdb_methods)) {
622 DEBUG(0, ("invalid pdb_context specified!\n"));
626 return context->pdb_methods->del_aliasmem(context->pdb_methods,
630 static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
631 const DOM_SID *alias, DOM_SID **members,
634 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
636 if ((!context) || (!context->pdb_methods)) {
637 DEBUG(0, ("invalid pdb_context specified!\n"));
641 return context->pdb_methods->enum_aliasmem(context->pdb_methods,
642 alias, members, num);
645 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
646 const DOM_SID *members,
648 DOM_SID **aliases, int *num)
650 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
652 if ((!context) || (!context->pdb_methods)) {
653 DEBUG(0, ("invalid pdb_context specified!\n"));
657 return context->pdb_methods->
658 enum_alias_memberships(context->pdb_methods, members,
659 num_members, aliases, num);
662 /******************************************************************
663 Free and cleanup a pdb context, any associated data and anything
664 that the attached modules might have associated.
665 *******************************************************************/
667 static void free_pdb_context(struct pdb_context **context)
669 struct pdb_methods *pdb_selected = (*context)->pdb_methods;
671 while (pdb_selected){
672 if(pdb_selected->free_private_data)
673 pdb_selected->free_private_data(&(pdb_selected->private_data));
674 pdb_selected = pdb_selected->next;
677 talloc_destroy((*context)->mem_ctx);
681 /******************************************************************
682 Make a pdb_methods from scratch
683 *******************************************************************/
685 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
687 char *module_name = smb_xstrdup(selected);
688 char *module_location = NULL, *p;
689 struct pdb_init_function_entry *entry;
690 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
692 lazy_initialize_passdb();
694 p = strchr(module_name, ':');
698 module_location = p+1;
699 trim_char(module_location, ' ', ' ');
702 trim_char(module_name, ' ', ' ');
705 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
707 entry = pdb_find_backend_entry(module_name);
709 /* Try to find a module that contains this module */
711 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
712 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
713 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
714 SAFE_FREE(module_name);
715 return NT_STATUS_UNSUCCESSFUL;
719 /* No such backend found */
721 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
722 SAFE_FREE(module_name);
723 return NT_STATUS_INVALID_PARAMETER;
726 DEBUG(5,("Found pdb backend %s\n", module_name));
727 nt_status = entry->init(context, methods, module_location);
728 if (NT_STATUS_IS_OK(nt_status)) {
729 DEBUG(5,("pdb backend %s has a valid init\n", selected));
731 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
733 SAFE_FREE(module_name);
737 /******************************************************************
738 Make a pdb_context from scratch.
739 *******************************************************************/
741 static NTSTATUS make_pdb_context(struct pdb_context **context)
745 mem_ctx = talloc_init("pdb_context internal allocation context");
748 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
749 return NT_STATUS_NO_MEMORY;
752 *context = TALLOC_P(mem_ctx, struct pdb_context);
754 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
755 return NT_STATUS_NO_MEMORY;
758 ZERO_STRUCTP(*context);
760 (*context)->mem_ctx = mem_ctx;
762 (*context)->pdb_setsampwent = context_setsampwent;
763 (*context)->pdb_endsampwent = context_endsampwent;
764 (*context)->pdb_getsampwent = context_getsampwent;
765 (*context)->pdb_getsampwnam = context_getsampwnam;
766 (*context)->pdb_getsampwsid = context_getsampwsid;
767 (*context)->pdb_add_sam_account = context_add_sam_account;
768 (*context)->pdb_update_sam_account = context_update_sam_account;
769 (*context)->pdb_delete_sam_account = context_delete_sam_account;
770 (*context)->pdb_update_login_attempts = context_update_login_attempts;
771 (*context)->pdb_getgrsid = context_getgrsid;
772 (*context)->pdb_getgrgid = context_getgrgid;
773 (*context)->pdb_getgrnam = context_getgrnam;
774 (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
775 (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
776 (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
777 (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
778 (*context)->pdb_enum_group_members = context_enum_group_members;
779 (*context)->pdb_enum_group_memberships = context_enum_group_memberships;
781 (*context)->pdb_find_alias = context_find_alias;
782 (*context)->pdb_create_alias = context_create_alias;
783 (*context)->pdb_delete_alias = context_delete_alias;
784 (*context)->pdb_enum_aliases = context_enum_aliases;
785 (*context)->pdb_get_aliasinfo = context_get_aliasinfo;
786 (*context)->pdb_set_aliasinfo = context_set_aliasinfo;
787 (*context)->pdb_add_aliasmem = context_add_aliasmem;
788 (*context)->pdb_del_aliasmem = context_del_aliasmem;
789 (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
790 (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
792 (*context)->free_fn = free_pdb_context;
798 /******************************************************************
799 Make a pdb_context, given an array of strings
800 *******************************************************************/
802 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
805 struct pdb_methods *curmethods, *tmpmethods;
806 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
807 BOOL have_guest = False;
809 if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
814 DEBUG(0, ("ERROR: empty passdb backend list!\n"));
819 if (strcmp(selected[i], "guest") == 0) {
822 /* Try to initialise pdb */
823 DEBUG(5,("Trying to load: %s\n", selected[i]));
824 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
825 DEBUG(1, ("Loading %s failed!\n", selected[i]));
826 free_pdb_context(context);
829 curmethods->parent = *context;
830 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
837 if ( (lp_guestaccount() == NULL) ||
838 (*lp_guestaccount() == '\0') ) {
839 /* We explicitly don't want guest access. No idea what
840 else that breaks, but be it that way. */
844 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods,
847 DEBUG(1, ("Loading guest module failed!\n"));
848 free_pdb_context(context);
852 curmethods->parent = *context;
853 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
858 /******************************************************************
859 Make a pdb_context, given a text string.
860 *******************************************************************/
862 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
865 char **newsel = str_list_make(selected, NULL);
866 ret = make_pdb_context_list(context, (const char **)newsel);
867 str_list_free(&newsel);
871 /******************************************************************
872 Return an already initialised pdb_context, to facilitate backward
873 compatibility (see functions below).
874 *******************************************************************/
876 static struct pdb_context *pdb_get_static_context(BOOL reload)
878 static struct pdb_context *pdb_context = NULL;
880 if ((pdb_context) && (reload)) {
881 pdb_context->free_fn(&pdb_context);
882 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
888 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
896 /******************************************************************
897 Backward compatibility functions for the original passdb interface
898 *******************************************************************/
900 BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
902 struct pdb_context *pdb_context = pdb_get_static_context(False);
908 return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update, acb_mask));
911 void pdb_endsampwent(void)
913 struct pdb_context *pdb_context = pdb_get_static_context(False);
919 pdb_context->pdb_endsampwent(pdb_context);
922 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
924 struct pdb_context *pdb_context = pdb_get_static_context(False);
930 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
933 static SAM_ACCOUNT *sam_account_cache = NULL;
935 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
937 struct pdb_context *pdb_context = pdb_get_static_context(False);
943 if (!NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context,
944 sam_acct, username)))
947 if (sam_account_cache != NULL) {
948 pdb_free_sam(&sam_account_cache);
949 sam_account_cache = NULL;
952 pdb_copy_sam_account(sam_acct, &sam_account_cache);
956 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
958 struct pdb_context *pdb_context = pdb_get_static_context(False);
964 if ((sam_account_cache != NULL) &&
965 (sid_equal(sid, pdb_get_user_sid(sam_account_cache))))
966 return pdb_copy_sam_account(sam_account_cache, &sam_acct);
968 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
971 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
973 struct pdb_context *pdb_context = pdb_get_static_context(False);
979 return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
982 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
984 struct pdb_context *pdb_context = pdb_get_static_context(False);
990 if (sam_account_cache != NULL) {
991 pdb_free_sam(&sam_account_cache);
992 sam_account_cache = NULL;
995 return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
998 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
1000 struct pdb_context *pdb_context = pdb_get_static_context(False);
1006 if (sam_account_cache != NULL) {
1007 pdb_free_sam(&sam_account_cache);
1008 sam_account_cache = NULL;
1011 return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
1014 NTSTATUS pdb_update_login_attempts(SAM_ACCOUNT *sam_acct, BOOL success)
1016 struct pdb_context *pdb_context = pdb_get_static_context(False);
1019 return NT_STATUS_NOT_IMPLEMENTED;
1022 return pdb_context->pdb_update_login_attempts(pdb_context, sam_acct, success);
1025 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
1027 struct pdb_context *pdb_context = pdb_get_static_context(False);
1033 return NT_STATUS_IS_OK(pdb_context->
1034 pdb_getgrsid(pdb_context, map, sid));
1037 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
1039 struct pdb_context *pdb_context = pdb_get_static_context(False);
1045 return NT_STATUS_IS_OK(pdb_context->
1046 pdb_getgrgid(pdb_context, map, gid));
1049 BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
1051 struct pdb_context *pdb_context = pdb_get_static_context(False);
1057 return NT_STATUS_IS_OK(pdb_context->
1058 pdb_getgrnam(pdb_context, map, name));
1061 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
1063 struct pdb_context *pdb_context = pdb_get_static_context(False);
1069 return NT_STATUS_IS_OK(pdb_context->
1070 pdb_add_group_mapping_entry(pdb_context, map));
1073 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
1075 struct pdb_context *pdb_context = pdb_get_static_context(False);
1081 return NT_STATUS_IS_OK(pdb_context->
1082 pdb_update_group_mapping_entry(pdb_context, map));
1085 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
1087 struct pdb_context *pdb_context = pdb_get_static_context(False);
1093 return NT_STATUS_IS_OK(pdb_context->
1094 pdb_delete_group_mapping_entry(pdb_context, sid));
1097 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
1098 int *num_entries, BOOL unix_only)
1100 struct pdb_context *pdb_context = pdb_get_static_context(False);
1106 return NT_STATUS_IS_OK(pdb_context->
1107 pdb_enum_group_mapping(pdb_context, sid_name_use,
1108 rmap, num_entries, unix_only));
1111 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
1113 uint32 **member_rids,
1116 struct pdb_context *pdb_context = pdb_get_static_context(False);
1119 return NT_STATUS_UNSUCCESSFUL;
1122 return pdb_context->pdb_enum_group_members(pdb_context, mem_ctx, sid,
1123 member_rids, num_members);
1126 NTSTATUS pdb_enum_group_memberships(const char *username, gid_t primary_gid,
1127 DOM_SID **sids, gid_t **gids,
1130 struct pdb_context *pdb_context = pdb_get_static_context(False);
1133 return NT_STATUS_UNSUCCESSFUL;
1136 return pdb_context->pdb_enum_group_memberships(pdb_context, username,
1137 primary_gid, sids, gids,
1141 BOOL pdb_find_alias(const char *name, DOM_SID *sid)
1143 struct pdb_context *pdb_context = pdb_get_static_context(False);
1149 return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context,
1153 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
1155 struct pdb_context *pdb_context = pdb_get_static_context(False);
1158 return NT_STATUS_NOT_IMPLEMENTED;
1161 return pdb_context->pdb_create_alias(pdb_context, name, rid);
1164 BOOL pdb_delete_alias(const DOM_SID *sid)
1166 struct pdb_context *pdb_context = pdb_get_static_context(False);
1172 return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context,
1177 BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries,
1178 uint32 *num_aliases, struct acct_info **info)
1180 struct pdb_context *pdb_context = pdb_get_static_context(False);
1186 return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid,
1193 BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1195 struct pdb_context *pdb_context = pdb_get_static_context(False);
1201 return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid,
1205 BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
1207 struct pdb_context *pdb_context = pdb_get_static_context(False);
1213 return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid,
1217 BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1219 struct pdb_context *pdb_context = pdb_get_static_context(False);
1225 return NT_STATUS_IS_OK(pdb_context->
1226 pdb_add_aliasmem(pdb_context, alias, member));
1229 BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
1231 struct pdb_context *pdb_context = pdb_get_static_context(False);
1237 return NT_STATUS_IS_OK(pdb_context->
1238 pdb_del_aliasmem(pdb_context, alias, member));
1241 BOOL pdb_enum_aliasmem(const DOM_SID *alias,
1242 DOM_SID **members, int *num_members)
1244 struct pdb_context *pdb_context = pdb_get_static_context(False);
1250 return NT_STATUS_IS_OK(pdb_context->
1251 pdb_enum_aliasmem(pdb_context, alias,
1252 members, num_members));
1255 BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
1256 DOM_SID **aliases, int *num)
1258 struct pdb_context *pdb_context = pdb_get_static_context(False);
1264 return NT_STATUS_IS_OK(pdb_context->
1265 pdb_enum_alias_memberships(pdb_context, members,
1270 /***************************************************************
1271 Initialize the static context (at smbd startup etc).
1273 If uninitialised, context will auto-init on first use.
1274 ***************************************************************/
1276 BOOL initialize_password_db(BOOL reload)
1278 return (pdb_get_static_context(reload) != NULL);
1282 /***************************************************************************
1283 Default implementations of some functions.
1284 ****************************************************************************/
1286 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
1288 return NT_STATUS_NO_SUCH_USER;
1291 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
1293 return NT_STATUS_NO_SUCH_USER;
1296 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1298 DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
1299 return NT_STATUS_NOT_IMPLEMENTED;
1302 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
1304 return NT_STATUS_NOT_IMPLEMENTED;
1307 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
1309 return NT_STATUS_NOT_IMPLEMENTED;
1312 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, SAM_ACCOUNT *newpwd, BOOL success)
1314 return NT_STATUS_OK;
1317 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
1319 return NT_STATUS_NOT_IMPLEMENTED;
1322 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
1324 return NT_STATUS_NOT_IMPLEMENTED;
1327 static void pdb_default_endsampwent(struct pdb_methods *methods)
1329 return; /* NT_STATUS_NOT_IMPLEMENTED; */
1332 static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
1333 uid_t uid, uid_t **uids, int *num)
1337 for (i=0; i<*num; i++) {
1338 if ((*uids)[i] == uid)
1342 *uids = TALLOC_REALLOC_ARRAY(mem_ctx, *uids, uid_t, *num+1);
1347 (*uids)[*num] = uid;
1351 static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **uids,
1356 struct sys_pwent *userlist, *user;
1361 /* We only look at our own sam, so don't care about imported stuff */
1365 if ((grp = getgrgid(gid)) == NULL) {
1370 /* Primary group members */
1372 userlist = getpwent_list();
1374 for (user = userlist; user != NULL; user = user->next) {
1375 if (user->pw_gid != gid)
1377 add_uid_to_array_unique(mem_ctx, user->pw_uid, uids, num);
1380 pwent_free(userlist);
1382 /* Secondary group members */
1384 for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1385 struct passwd *pw = getpwnam(*gr);
1389 add_uid_to_array_unique(mem_ctx, pw->pw_uid, uids, num);
1397 NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1398 TALLOC_CTX *mem_ctx,
1399 const DOM_SID *group,
1400 uint32 **member_rids,
1407 *member_rids = NULL;
1410 if (!NT_STATUS_IS_OK(sid_to_gid(group, &gid)))
1411 return NT_STATUS_NO_SUCH_GROUP;
1413 if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1414 return NT_STATUS_NO_SUCH_GROUP;
1417 return NT_STATUS_OK;
1419 *member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1421 for (i=0; i<num_uids; i++) {
1424 if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) {
1425 DEBUG(1, ("Could not map member uid to SID\n"));
1429 if (!sid_check_is_in_our_domain(&sid)) {
1430 DEBUG(1, ("Inconsistent SAM -- group member uid not "
1431 "in our domain\n"));
1435 sid_peek_rid(&sid, &(*member_rids)[*num_members]);
1439 return NT_STATUS_OK;
1442 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
1444 *methods = TALLOC_P(mem_ctx, struct pdb_methods);
1447 return NT_STATUS_NO_MEMORY;
1450 ZERO_STRUCTP(*methods);
1452 (*methods)->setsampwent = pdb_default_setsampwent;
1453 (*methods)->endsampwent = pdb_default_endsampwent;
1454 (*methods)->getsampwent = pdb_default_getsampwent;
1455 (*methods)->getsampwnam = pdb_default_getsampwnam;
1456 (*methods)->getsampwsid = pdb_default_getsampwsid;
1457 (*methods)->add_sam_account = pdb_default_add_sam_account;
1458 (*methods)->update_sam_account = pdb_default_update_sam_account;
1459 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
1460 (*methods)->update_login_attempts = pdb_default_update_login_attempts;
1462 (*methods)->getgrsid = pdb_default_getgrsid;
1463 (*methods)->getgrgid = pdb_default_getgrgid;
1464 (*methods)->getgrnam = pdb_default_getgrnam;
1465 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
1466 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
1467 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
1468 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
1469 (*methods)->enum_group_members = pdb_default_enum_group_members;
1470 (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
1471 (*methods)->find_alias = pdb_default_find_alias;
1472 (*methods)->create_alias = pdb_default_create_alias;
1473 (*methods)->delete_alias = pdb_default_delete_alias;
1474 (*methods)->enum_aliases = pdb_default_enum_aliases;
1475 (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
1476 (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
1477 (*methods)->add_aliasmem = pdb_default_add_aliasmem;
1478 (*methods)->del_aliasmem = pdb_default_del_aliasmem;
1479 (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
1480 (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
1482 return NT_STATUS_OK;