2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define DBGC_CLASS DBGC_PASSDB
27 static struct pdb_init_function_entry *backends = NULL;
29 static void lazy_initialize_passdb(void)
31 static BOOL initialized = False;
32 if(initialized)return;
37 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
39 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
41 struct pdb_init_function_entry *entry = backends;
43 if(version != PASSDB_INTERFACE_VERSION) {
44 DEBUG(0,("Can't register passdb backend!\n"
45 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
46 "while this version of samba uses version %d\n",
47 version,PASSDB_INTERFACE_VERSION));
48 return NT_STATUS_OBJECT_TYPE_MISMATCH;
52 return NT_STATUS_INVALID_PARAMETER;
55 DEBUG(5,("Attempting to register passdb backend %s\n", name));
57 /* Check for duplicates */
58 if (pdb_find_backend_entry(name)) {
59 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
60 return NT_STATUS_OBJECT_NAME_COLLISION;
63 entry = smb_xmalloc(sizeof(struct pdb_init_function_entry));
64 entry->name = smb_xstrdup(name);
67 DLIST_ADD(backends, entry);
68 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
72 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
74 struct pdb_init_function_entry *entry = backends;
77 if (strcmp(entry->name, name)==0) return entry;
84 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
86 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
89 DEBUG(0, ("invalid pdb_context specified!\n"));
93 context->pwent_methods = context->pdb_methods;
95 if (!context->pwent_methods) {
96 /* No passdbs at all */
100 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update))) {
101 context->pwent_methods = context->pwent_methods->next;
102 if (context->pwent_methods == NULL)
103 return NT_STATUS_UNSUCCESSFUL;
108 static void context_endsampwent(struct pdb_context *context)
111 DEBUG(0, ("invalid pdb_context specified!\n"));
115 if (context->pwent_methods && context->pwent_methods->endsampwent)
116 context->pwent_methods->endsampwent(context->pwent_methods);
118 /* So we won't get strange data when calling getsampwent now */
119 context->pwent_methods = NULL;
122 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
124 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
126 if ((!context) || (!context->pwent_methods)) {
127 DEBUG(0, ("invalid pdb_context specified!\n"));
130 /* Loop until we find something useful */
131 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
133 context->pwent_methods->endsampwent(context->pwent_methods);
135 context->pwent_methods = context->pwent_methods->next;
137 /* All methods are checked now. There are no more entries */
138 if (context->pwent_methods == NULL)
141 context->pwent_methods->setsampwent(context->pwent_methods, False);
143 user->methods = context->pwent_methods;
147 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
149 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
151 struct pdb_methods *curmethods;
153 DEBUG(0, ("invalid pdb_context specified!\n"));
156 curmethods = context->pdb_methods;
158 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
159 sam_acct->methods = curmethods;
162 curmethods = curmethods->next;
168 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
170 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
172 struct pdb_methods *curmethods;
174 DEBUG(0, ("invalid pdb_context specified!\n"));
178 curmethods = context->pdb_methods;
181 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
182 sam_acct->methods = curmethods;
185 curmethods = curmethods->next;
191 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
193 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
195 if ((!context) || (!context->pdb_methods)) {
196 DEBUG(0, ("invalid pdb_context specified!\n"));
200 /** @todo This is where a 're-read on add' should be done */
201 /* We now add a new account to the first database listed.
204 return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
207 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
209 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
212 DEBUG(0, ("invalid pdb_context specified!\n"));
216 if (!sam_acct || !sam_acct->methods){
217 DEBUG(0, ("invalid sam_acct specified\n"));
221 /** @todo This is where a 're-read on update' should be done */
223 return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
226 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
228 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
230 struct pdb_methods *pdb_selected;
232 DEBUG(0, ("invalid pdb_context specified!\n"));
236 if (!sam_acct->methods){
237 pdb_selected = context->pdb_methods;
238 /* There's no passdb backend specified for this account.
239 * Try to delete it in every passdb available
240 * Needed to delete accounts in smbpasswd that are not
243 while (pdb_selected){
244 if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
247 pdb_selected = pdb_selected->next;
252 if (!sam_acct->methods->delete_sam_account){
253 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
257 return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
260 static NTSTATUS context_getgrsid(struct pdb_context *context,
261 GROUP_MAP *map, DOM_SID sid)
263 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
265 struct pdb_methods *curmethods;
267 DEBUG(0, ("invalid pdb_context specified!\n"));
270 curmethods = context->pdb_methods;
272 ret = curmethods->getgrsid(curmethods, map, sid);
273 if (NT_STATUS_IS_OK(ret)) {
274 map->methods = curmethods;
277 curmethods = curmethods->next;
283 static NTSTATUS context_getgrgid(struct pdb_context *context,
284 GROUP_MAP *map, gid_t gid)
286 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
288 struct pdb_methods *curmethods;
290 DEBUG(0, ("invalid pdb_context specified!\n"));
293 curmethods = context->pdb_methods;
295 ret = curmethods->getgrgid(curmethods, map, gid);
296 if (NT_STATUS_IS_OK(ret)) {
297 map->methods = curmethods;
300 curmethods = curmethods->next;
306 static NTSTATUS context_getgrnam(struct pdb_context *context,
307 GROUP_MAP *map, const char *name)
309 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
311 struct pdb_methods *curmethods;
313 DEBUG(0, ("invalid pdb_context specified!\n"));
316 curmethods = context->pdb_methods;
318 ret = curmethods->getgrnam(curmethods, map, name);
319 if (NT_STATUS_IS_OK(ret)) {
320 map->methods = curmethods;
323 curmethods = curmethods->next;
329 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
332 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
334 if ((!context) || (!context->pdb_methods)) {
335 DEBUG(0, ("invalid pdb_context specified!\n"));
339 return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
343 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
346 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
348 if ((!context) || (!context->pdb_methods)) {
349 DEBUG(0, ("invalid pdb_context specified!\n"));
354 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
357 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
360 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
362 if ((!context) || (!context->pdb_methods)) {
363 DEBUG(0, ("invalid pdb_context specified!\n"));
368 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
371 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
372 enum SID_NAME_USE sid_name_use,
373 GROUP_MAP **rmap, int *num_entries,
376 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
378 if ((!context) || (!context->pdb_methods)) {
379 DEBUG(0, ("invalid pdb_context specified!\n"));
383 return context->pdb_methods->enum_group_mapping(context->pdb_methods,
385 num_entries, unix_only);
388 /******************************************************************
389 Free and cleanup a pdb context, any associated data and anything
390 that the attached modules might have associated.
391 *******************************************************************/
393 static void free_pdb_context(struct pdb_context **context)
395 struct pdb_methods *pdb_selected = (*context)->pdb_methods;
397 while (pdb_selected){
398 if(pdb_selected->free_private_data)
399 pdb_selected->free_private_data(&(pdb_selected->private_data));
400 pdb_selected = pdb_selected->next;
403 talloc_destroy((*context)->mem_ctx);
407 /******************************************************************
408 Make a pdb_methods from scratch
409 *******************************************************************/
411 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
413 char *module_name = smb_xstrdup(selected);
414 char *module_location = NULL, *p;
415 struct pdb_init_function_entry *entry;
416 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
418 lazy_initialize_passdb();
420 p = strchr(module_name, ':');
424 module_location = p+1;
425 trim_string(module_location, " ", " ");
428 trim_string(module_name, " ", " ");
431 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
433 entry = pdb_find_backend_entry(module_name);
435 /* Try to find a module that contains this module */
437 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
438 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
439 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
440 SAFE_FREE(module_name);
441 return NT_STATUS_UNSUCCESSFUL;
445 /* No such backend found */
447 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
448 SAFE_FREE(module_name);
449 return NT_STATUS_INVALID_PARAMETER;
452 DEBUG(5,("Found pdb backend %s\n", module_name));
453 nt_status = entry->init(context, methods, module_location);
454 if (NT_STATUS_IS_OK(nt_status)) {
455 DEBUG(5,("pdb backend %s has a valid init\n", selected));
457 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
459 SAFE_FREE(module_name);
463 /******************************************************************
464 Make a pdb_context from scratch.
465 *******************************************************************/
467 static NTSTATUS make_pdb_context(struct pdb_context **context)
471 mem_ctx = talloc_init("pdb_context internal allocation context");
474 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
475 return NT_STATUS_NO_MEMORY;
478 *context = talloc(mem_ctx, sizeof(**context));
480 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
481 return NT_STATUS_NO_MEMORY;
484 ZERO_STRUCTP(*context);
486 (*context)->mem_ctx = mem_ctx;
488 (*context)->pdb_setsampwent = context_setsampwent;
489 (*context)->pdb_endsampwent = context_endsampwent;
490 (*context)->pdb_getsampwent = context_getsampwent;
491 (*context)->pdb_getsampwnam = context_getsampwnam;
492 (*context)->pdb_getsampwsid = context_getsampwsid;
493 (*context)->pdb_add_sam_account = context_add_sam_account;
494 (*context)->pdb_update_sam_account = context_update_sam_account;
495 (*context)->pdb_delete_sam_account = context_delete_sam_account;
496 (*context)->pdb_getgrsid = context_getgrsid;
497 (*context)->pdb_getgrgid = context_getgrgid;
498 (*context)->pdb_getgrnam = context_getgrnam;
499 (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
500 (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
501 (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
502 (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
504 (*context)->free_fn = free_pdb_context;
510 /******************************************************************
511 Make a pdb_context, given an array of strings
512 *******************************************************************/
514 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
517 struct pdb_methods *curmethods, *tmpmethods;
518 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
519 BOOL have_guest = False;
521 if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
526 DEBUG(0, ("ERROR: empty passdb backend list!\n"));
531 if (strcmp(selected[i], "guest") == 0) {
534 /* Try to initialise pdb */
535 DEBUG(5,("Trying to load: %s\n", selected[i]));
536 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
537 DEBUG(1, ("Loading %s failed!\n", selected[i]));
538 free_pdb_context(context);
541 curmethods->parent = *context;
542 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
549 if ( (lp_guestaccount() == NULL) ||
550 (*lp_guestaccount() == '\0') ) {
551 /* We explicitly don't want guest access. No idea what
552 else that breaks, but be it that way. */
556 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods,
559 DEBUG(1, ("Loading guest module failed!\n"));
560 free_pdb_context(context);
564 curmethods->parent = *context;
565 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
570 /******************************************************************
571 Make a pdb_context, given a text string.
572 *******************************************************************/
574 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
577 char **newsel = str_list_make(selected, NULL);
578 ret = make_pdb_context_list(context, (const char **)newsel);
579 str_list_free(&newsel);
583 /******************************************************************
584 Return an already initialised pdb_context, to facilitate backward
585 compatibility (see functions below).
586 *******************************************************************/
588 static struct pdb_context *pdb_get_static_context(BOOL reload)
590 static struct pdb_context *pdb_context = NULL;
592 if ((pdb_context) && (reload)) {
593 pdb_context->free_fn(&pdb_context);
594 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
600 if (!NT_STATUS_IS_OK(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
608 /******************************************************************
609 Backward compatibility functions for the original passdb interface
610 *******************************************************************/
612 BOOL pdb_setsampwent(BOOL update)
614 struct pdb_context *pdb_context = pdb_get_static_context(False);
620 return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update));
623 void pdb_endsampwent(void)
625 struct pdb_context *pdb_context = pdb_get_static_context(False);
631 pdb_context->pdb_endsampwent(pdb_context);
634 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
636 struct pdb_context *pdb_context = pdb_get_static_context(False);
642 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
645 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
647 struct pdb_context *pdb_context = pdb_get_static_context(False);
653 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username));
656 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
658 struct pdb_context *pdb_context = pdb_get_static_context(False);
664 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
667 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
669 struct pdb_context *pdb_context = pdb_get_static_context(False);
675 return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
678 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
680 struct pdb_context *pdb_context = pdb_get_static_context(False);
686 return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
689 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
691 struct pdb_context *pdb_context = pdb_get_static_context(False);
697 return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
700 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
702 struct pdb_context *pdb_context = pdb_get_static_context(False);
708 return NT_STATUS_IS_OK(pdb_context->
709 pdb_getgrsid(pdb_context, map, sid));
712 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
714 struct pdb_context *pdb_context = pdb_get_static_context(False);
720 return NT_STATUS_IS_OK(pdb_context->
721 pdb_getgrgid(pdb_context, map, gid));
724 BOOL pdb_getgrnam(GROUP_MAP *map, char *name)
726 struct pdb_context *pdb_context = pdb_get_static_context(False);
732 return NT_STATUS_IS_OK(pdb_context->
733 pdb_getgrnam(pdb_context, map, name));
736 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
738 struct pdb_context *pdb_context = pdb_get_static_context(False);
744 return NT_STATUS_IS_OK(pdb_context->
745 pdb_add_group_mapping_entry(pdb_context, map));
748 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
750 struct pdb_context *pdb_context = pdb_get_static_context(False);
756 return NT_STATUS_IS_OK(pdb_context->
757 pdb_update_group_mapping_entry(pdb_context, map));
760 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
762 struct pdb_context *pdb_context = pdb_get_static_context(False);
768 return NT_STATUS_IS_OK(pdb_context->
769 pdb_delete_group_mapping_entry(pdb_context, sid));
772 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
773 int *num_entries, BOOL unix_only)
775 struct pdb_context *pdb_context = pdb_get_static_context(False);
781 return NT_STATUS_IS_OK(pdb_context->
782 pdb_enum_group_mapping(pdb_context, sid_name_use,
783 rmap, num_entries, unix_only));
786 /***************************************************************
787 Initialize the static context (at smbd startup etc).
789 If uninitialised, context will auto-init on first use.
790 ***************************************************************/
792 BOOL initialize_password_db(BOOL reload)
794 return (pdb_get_static_context(reload) != NULL);
798 /***************************************************************************
799 Default implementations of some functions.
800 ****************************************************************************/
802 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
804 return NT_STATUS_NO_SUCH_USER;
807 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
809 return NT_STATUS_NO_SUCH_USER;
812 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
814 DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
815 return NT_STATUS_NOT_IMPLEMENTED;
818 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
820 return NT_STATUS_NOT_IMPLEMENTED;
823 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
825 return NT_STATUS_NOT_IMPLEMENTED;
828 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
830 return NT_STATUS_NOT_IMPLEMENTED;
833 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
835 return NT_STATUS_NOT_IMPLEMENTED;
838 static void pdb_default_endsampwent(struct pdb_methods *methods)
840 return; /* NT_STATUS_NOT_IMPLEMENTED; */
843 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
845 *methods = talloc(mem_ctx, sizeof(struct pdb_methods));
848 return NT_STATUS_NO_MEMORY;
851 ZERO_STRUCTP(*methods);
853 (*methods)->setsampwent = pdb_default_setsampwent;
854 (*methods)->endsampwent = pdb_default_endsampwent;
855 (*methods)->getsampwent = pdb_default_getsampwent;
856 (*methods)->getsampwnam = pdb_default_getsampwnam;
857 (*methods)->getsampwsid = pdb_default_getsampwsid;
858 (*methods)->add_sam_account = pdb_default_add_sam_account;
859 (*methods)->update_sam_account = pdb_default_update_sam_account;
860 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
862 (*methods)->getgrsid = pdb_default_getgrsid;
863 (*methods)->getgrgid = pdb_default_getgrgid;
864 (*methods)->getgrnam = pdb_default_getgrnam;
865 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
866 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
867 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
868 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
git.samba.org / samba.git / blob