2 Unix SMB/CIFS implementation.
3 IPA helper functions for SAMBA
4 Copyright (C) Sumit Bose <sbose@redhat.com> 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/security/dom_sid.h"
24 #include "../librpc/ndr/libndr.h"
28 #define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
30 #define LDAP_TRUST_CONTAINER "ou=system"
31 #define LDAP_ATTRIBUTE_CN "cn"
32 #define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType"
33 #define LDAP_ATTRIBUTE_TRUST_ATTRIBUTES "sambaTrustAttributes"
34 #define LDAP_ATTRIBUTE_TRUST_DIRECTION "sambaTrustDirection"
35 #define LDAP_ATTRIBUTE_TRUST_PARTNER "sambaTrustPartner"
36 #define LDAP_ATTRIBUTE_FLAT_NAME "sambaFlatName"
37 #define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "sambaTrustAuthOutgoing"
38 #define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming"
39 #define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier"
40 #define LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO "sambaTrustForestTrustInfo"
42 #define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal"
43 #define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux"
44 #define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName"
46 struct ipasam_privates {
48 NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *,
49 struct samu *sampass);
50 NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *,
51 struct samu *sampass);
54 static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods,
58 time_t *pass_last_set_time)
63 static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods,
66 const struct dom_sid *sid)
71 static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods,
77 static char *get_account_dn(const char *name)
82 escape_name = escape_rdn_val_string_alloc(name);
87 if (name[strlen(name)-1] == '$') {
88 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
89 lp_ldap_machine_suffix());
91 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
92 lp_ldap_user_suffix());
95 SAFE_FREE(escape_name);
100 static char *trusted_domain_dn(struct ldapsam_privates *ldap_state,
103 return talloc_asprintf(talloc_tos(), "%s=%s,%s,%s",
104 LDAP_ATTRIBUTE_CN, domain,
105 LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
108 static char *trusted_domain_base_dn(struct ldapsam_privates *ldap_state)
110 return talloc_asprintf(talloc_tos(), "%s,%s",
111 LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
114 static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state,
116 const char *filter, LDAPMessage **entry)
119 char *base_dn = NULL;
120 LDAPMessage *result = NULL;
123 base_dn = trusted_domain_base_dn(ldap_state);
124 if (base_dn == NULL) {
128 rc = smbldap_search(ldap_state->smbldap_state, base_dn,
129 LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result);
130 TALLOC_FREE(base_dn);
132 if (result != NULL) {
133 talloc_autofree_ldapmsg(mem_ctx, result);
136 if (rc == LDAP_NO_SUCH_OBJECT) {
141 if (rc != LDAP_SUCCESS) {
145 num_result = ldap_count_entries(priv2ld(ldap_state), result);
147 if (num_result > 1) {
148 DEBUG(1, ("get_trusted_domain_int: more than one "
149 "%s object with filter '%s'?!\n",
150 LDAP_OBJ_TRUSTED_DOMAIN, filter));
154 if (num_result == 0) {
155 DEBUG(1, ("get_trusted_domain_int: no "
156 "%s object with filter '%s'.\n",
157 LDAP_OBJ_TRUSTED_DOMAIN, filter));
160 *entry = ldap_first_entry(priv2ld(ldap_state), result);
166 static bool get_trusted_domain_by_name_int(struct ldapsam_privates *ldap_state,
173 filter = talloc_asprintf(talloc_tos(),
174 "(&(objectClass=%s)(|(%s=%s)(%s=%s)(cn=%s)))",
175 LDAP_OBJ_TRUSTED_DOMAIN,
176 LDAP_ATTRIBUTE_FLAT_NAME, domain,
177 LDAP_ATTRIBUTE_TRUST_PARTNER, domain, domain);
178 if (filter == NULL) {
182 return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
185 static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state,
187 const char *sid, LDAPMessage **entry)
191 filter = talloc_asprintf(talloc_tos(), "(&(objectClass=%s)(%s=%s))",
192 LDAP_OBJ_TRUSTED_DOMAIN,
193 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid);
194 if (filter == NULL) {
198 return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
201 static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
210 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
213 DEBUG(9, ("Attribute %s not present.\n", attr));
218 l = strtoul(dummy, &endptr, 10);
221 if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
230 static void get_data_blob_from_ldap_msg(TALLOC_CTX *mem_ctx,
231 struct ldapsam_privates *ldap_state,
232 LDAPMessage *entry, const char *attr,
238 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, attr,
241 DEBUG(9, ("Attribute %s not present.\n", attr));
244 blob = base64_decode_data_blob(dummy);
245 if (blob.length == 0) {
248 _blob->length = blob.length;
249 _blob->data = talloc_steal(mem_ctx, blob.data);
255 static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
256 struct ldapsam_privates *ldap_state,
258 struct pdb_trusted_domain **_td)
262 struct pdb_trusted_domain *td;
268 td = talloc_zero(mem_ctx, struct pdb_trusted_domain);
273 /* All attributes are MAY */
275 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
276 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
279 DEBUG(9, ("Attribute %s not present.\n",
280 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER));
281 ZERO_STRUCT(td->security_identifier);
283 res = string_to_sid(&td->security_identifier, dummy);
290 get_data_blob_from_ldap_msg(td, ldap_state, entry,
291 LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
292 &td->trust_auth_incoming);
294 get_data_blob_from_ldap_msg(td, ldap_state, entry,
295 LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
296 &td->trust_auth_outgoing);
298 td->netbios_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
300 LDAP_ATTRIBUTE_FLAT_NAME,
302 if (td->netbios_name == NULL) {
303 DEBUG(9, ("Attribute %s not present.\n",
304 LDAP_ATTRIBUTE_FLAT_NAME));
307 td->domain_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
309 LDAP_ATTRIBUTE_TRUST_PARTNER,
311 if (td->domain_name == NULL) {
312 DEBUG(9, ("Attribute %s not present.\n",
313 LDAP_ATTRIBUTE_TRUST_PARTNER));
316 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
317 LDAP_ATTRIBUTE_TRUST_DIRECTION,
318 &td->trust_direction);
323 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
324 LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
325 &td->trust_attributes);
330 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
331 LDAP_ATTRIBUTE_TRUST_TYPE,
337 get_data_blob_from_ldap_msg(td, ldap_state, entry,
338 LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
339 &td->trust_forest_trust_info);
346 static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods,
349 struct pdb_trusted_domain **td)
351 struct ldapsam_privates *ldap_state =
352 (struct ldapsam_privates *)methods->private_data;
353 LDAPMessage *entry = NULL;
355 DEBUG(10, ("ipasam_get_trusted_domain called for domain %s\n", domain));
357 if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
359 return NT_STATUS_UNSUCCESSFUL;
362 DEBUG(5, ("ipasam_get_trusted_domain: no such trusted domain: "
364 return NT_STATUS_NO_SUCH_DOMAIN;
367 if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
368 return NT_STATUS_UNSUCCESSFUL;
374 static NTSTATUS ipasam_get_trusted_domain_by_sid(struct pdb_methods *methods,
377 struct pdb_trusted_domain **td)
379 struct ldapsam_privates *ldap_state =
380 (struct ldapsam_privates *)methods->private_data;
381 LDAPMessage *entry = NULL;
384 sid_str = sid_string_tos(sid);
386 DEBUG(10, ("ipasam_get_trusted_domain_by_sid called for sid %s\n",
389 if (!get_trusted_domain_by_sid_int(ldap_state, talloc_tos(), sid_str,
391 return NT_STATUS_UNSUCCESSFUL;
394 DEBUG(5, ("ipasam_get_trusted_domain_by_sid: no trusted domain "
395 "with sid: %s\n", sid_str));
396 return NT_STATUS_NO_SUCH_DOMAIN;
399 if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
400 return NT_STATUS_UNSUCCESSFUL;
406 static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry,
407 LDAPMod ***mods, const char *attribute,
412 dummy = talloc_asprintf(talloc_tos(), "%lu", (unsigned long) val);
416 smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
422 static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods,
424 const struct pdb_trusted_domain *td)
426 struct ldapsam_privates *ldap_state =
427 (struct ldapsam_privates *)methods->private_data;
428 LDAPMessage *entry = NULL;
431 char *trusted_dn = NULL;
434 DEBUG(10, ("ipasam_set_trusted_domain called for domain %s\n", domain));
436 res = get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
439 return NT_STATUS_UNSUCCESSFUL;
443 smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
444 LDAP_OBJ_TRUSTED_DOMAIN);
446 if (td->netbios_name != NULL) {
447 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
448 LDAP_ATTRIBUTE_FLAT_NAME,
452 if (td->domain_name != NULL) {
453 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
454 LDAP_ATTRIBUTE_TRUST_PARTNER,
458 if (!is_null_sid(&td->security_identifier)) {
459 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
460 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
461 sid_string_tos(&td->security_identifier));
464 if (td->trust_type != 0) {
465 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
466 &mods, LDAP_ATTRIBUTE_TRUST_TYPE,
469 return NT_STATUS_UNSUCCESSFUL;
473 if (td->trust_attributes != 0) {
474 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
476 LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
477 td->trust_attributes);
479 return NT_STATUS_UNSUCCESSFUL;
483 if (td->trust_direction != 0) {
484 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
486 LDAP_ATTRIBUTE_TRUST_DIRECTION,
487 td->trust_direction);
489 return NT_STATUS_UNSUCCESSFUL;
493 if (td->trust_auth_outgoing.data != NULL) {
494 smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
495 LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
496 &td->trust_auth_outgoing);
499 if (td->trust_auth_incoming.data != NULL) {
500 smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
501 LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
502 &td->trust_auth_incoming);
505 if (td->trust_forest_trust_info.data != NULL) {
506 smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
507 LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
508 &td->trust_forest_trust_info);
511 talloc_autofree_ldapmod(talloc_tos(), mods);
513 trusted_dn = trusted_domain_dn(ldap_state, domain);
514 if (trusted_dn == NULL) {
515 return NT_STATUS_NO_MEMORY;
518 ret = smbldap_add(ldap_state->smbldap_state, trusted_dn, mods);
520 ret = smbldap_modify(ldap_state->smbldap_state, trusted_dn, mods);
523 if (ret != LDAP_SUCCESS) {
524 DEBUG(1, ("error writing trusted domain data!\n"));
525 return NT_STATUS_UNSUCCESSFUL;
530 static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods,
534 struct ldapsam_privates *ldap_state =
535 (struct ldapsam_privates *)methods->private_data;
536 LDAPMessage *entry = NULL;
539 if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
541 return NT_STATUS_UNSUCCESSFUL;
545 DEBUG(5, ("ipasam_del_trusted_domain: no such trusted domain: "
547 return NT_STATUS_NO_SUCH_DOMAIN;
550 dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state), entry);
552 DEBUG(0,("ipasam_del_trusted_domain: Out of memory!\n"));
553 return NT_STATUS_NO_MEMORY;
556 ret = smbldap_delete(ldap_state->smbldap_state, dn);
557 if (ret != LDAP_SUCCESS) {
558 return NT_STATUS_UNSUCCESSFUL;
564 static NTSTATUS ipasam_enum_trusted_domains(struct pdb_methods *methods,
566 uint32_t *num_domains,
567 struct pdb_trusted_domain ***domains)
570 struct ldapsam_privates *ldap_state =
571 (struct ldapsam_privates *)methods->private_data;
572 char *base_dn = NULL;
574 int scope = LDAP_SCOPE_SUBTREE;
575 LDAPMessage *result = NULL;
576 LDAPMessage *entry = NULL;
578 filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
579 LDAP_OBJ_TRUSTED_DOMAIN);
580 if (filter == NULL) {
581 return NT_STATUS_NO_MEMORY;
584 base_dn = trusted_domain_base_dn(ldap_state);
585 if (base_dn == NULL) {
587 return NT_STATUS_NO_MEMORY;
590 rc = smbldap_search(ldap_state->smbldap_state, base_dn, scope, filter,
593 TALLOC_FREE(base_dn);
595 if (result != NULL) {
596 talloc_autofree_ldapmsg(mem_ctx, result);
599 if (rc == LDAP_NO_SUCH_OBJECT) {
605 if (rc != LDAP_SUCCESS) {
606 return NT_STATUS_UNSUCCESSFUL;
610 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct pdb_trusted_domain *, 1))) {
611 DEBUG(1, ("talloc failed\n"));
612 return NT_STATUS_NO_MEMORY;
615 for (entry = ldap_first_entry(priv2ld(ldap_state), result);
617 entry = ldap_next_entry(priv2ld(ldap_state), entry))
619 struct pdb_trusted_domain *dom_info;
621 if (!fill_pdb_trusted_domain(*domains, ldap_state, entry,
623 return NT_STATUS_UNSUCCESSFUL;
626 ADD_TO_ARRAY(*domains, struct pdb_trusted_domain *, dom_info,
627 domains, num_domains);
629 if (*domains == NULL) {
630 DEBUG(1, ("talloc failed\n"));
631 return NT_STATUS_NO_MEMORY;
635 DEBUG(5, ("ipasam_enum_trusted_domains: got %d domains\n", *num_domains));
639 static NTSTATUS ipasam_enum_trusteddoms(struct pdb_methods *methods,
641 uint32_t *num_domains,
642 struct trustdom_info ***domains)
645 struct pdb_trusted_domain **td;
648 status = ipasam_enum_trusted_domains(methods, talloc_tos(),
650 if (!NT_STATUS_IS_OK(status)) {
654 if (*num_domains == 0) {
658 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *,
660 DEBUG(1, ("talloc failed\n"));
661 return NT_STATUS_NO_MEMORY;
664 for (i = 0; i < *num_domains; i++) {
665 struct trustdom_info *dom_info;
667 dom_info = TALLOC_P(*domains, struct trustdom_info);
668 if (dom_info == NULL) {
669 DEBUG(1, ("talloc failed\n"));
670 return NT_STATUS_NO_MEMORY;
673 dom_info->name = talloc_steal(mem_ctx, td[i]->netbios_name);
674 sid_copy(&dom_info->sid, &td[i]->security_identifier);
676 (*domains)[i] = dom_info;
682 static uint32_t pdb_ipasam_capabilities(struct pdb_methods *methods)
684 return PDB_CAP_STORE_RIDS | PDB_CAP_ADS | PDB_CAP_TRUSTED_DOMAINS_EX;
687 static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pdb_methods,
690 struct pdb_domain_info *info;
692 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)pdb_methods->private_data;
694 info = talloc(mem_ctx, struct pdb_domain_info);
699 info->name = talloc_strdup(info, ldap_state->domain_name);
700 if (info->name == NULL) {
704 /* TODO: read dns_domain, dns_forest and guid from LDAP */
705 info->dns_domain = talloc_strdup(info, lp_realm());
706 if (info->dns_domain == NULL) {
709 strlower_m(info->dns_domain);
710 info->dns_forest = talloc_strdup(info, info->dns_domain);
711 sid_copy(&info->sid, &ldap_state->domain_sid);
713 status = GUID_from_string("testguid", &info->guid);
722 static NTSTATUS modify_ipa_password_exop(struct ldapsam_privates *ldap_state,
723 struct samu *sampass)
726 BerElement *ber = NULL;
727 struct berval *bv = NULL;
729 struct berval *retdata = NULL;
730 const char *password;
733 password = pdb_get_plaintext_passwd(sampass);
734 if (password == NULL || *password == '\0') {
735 return NT_STATUS_INVALID_PARAMETER;
738 dn = get_account_dn(pdb_get_username(sampass));
740 return NT_STATUS_INVALID_PARAMETER;
743 ber = ber_alloc_t( LBER_USE_DER );
745 DEBUG(7, ("ber_alloc_t failed.\n"));
746 return NT_STATUS_NO_MEMORY;
749 ret = ber_printf(ber, "{tsts}", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, dn,
750 LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, password);
752 DEBUG(7, ("ber_printf failed.\n"));
754 return NT_STATUS_UNSUCCESSFUL;
757 ret = ber_flatten(ber, &bv);
760 DEBUG(1, ("ber_flatten failed.\n"));
761 return NT_STATUS_UNSUCCESSFUL;
764 ret = smbldap_extended_operation(ldap_state->smbldap_state,
765 LDAP_EXOP_MODIFY_PASSWD, bv, NULL,
766 NULL, &retoid, &retdata);
772 ldap_memfree(retoid);
774 if (ret != LDAP_SUCCESS) {
775 DEBUG(1, ("smbldap_extended_operation LDAP_EXOP_MODIFY_PASSWD failed.\n"));
776 return NT_STATUS_UNSUCCESSFUL;
782 static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
783 struct samu *sampass)
786 LDAPMod **mods = NULL;
790 char *domain_with_dot;
792 dn = get_account_dn(pdb_get_username(sampass));
794 return NT_STATUS_INVALID_PARAMETER;
797 princ = talloc_asprintf(talloc_tos(), "%s@%s", pdb_get_username(sampass), lp_realm());
799 return NT_STATUS_NO_MEMORY;
802 domain = pdb_get_domain(sampass);
803 if (domain == NULL) {
804 return NT_STATUS_INVALID_PARAMETER;
807 domain_with_dot = talloc_asprintf(talloc_tos(), "%s.", domain);
808 if (domain_with_dot == NULL) {
809 return NT_STATUS_NO_MEMORY;
812 smbldap_set_mod(&mods, LDAP_MOD_ADD,
813 "objectclass", LDAP_OBJ_KRB_PRINCIPAL);
814 smbldap_set_mod(&mods, LDAP_MOD_ADD,
815 LDAP_ATTRIBUTE_KRB_PRINCIPAL, princ);
816 smbldap_set_mod(&mods, LDAP_MOD_ADD,
817 "objectclass", LDAP_OBJ_KRB_PRINCIPAL_AUX);
818 smbldap_set_mod(&mods, LDAP_MOD_ADD,
819 "objectclass", "ipaHost");
820 smbldap_set_mod(&mods, LDAP_MOD_ADD,
822 smbldap_set_mod(&mods, LDAP_MOD_ADD,
823 "objectclass", "posixAccount");
824 smbldap_set_mod(&mods, LDAP_MOD_ADD,
825 "cn", pdb_get_username(sampass));
826 smbldap_set_mod(&mods, LDAP_MOD_ADD,
827 "gidNumber", "12345");
828 smbldap_set_mod(&mods, LDAP_MOD_ADD,
829 "homeDirectory", "/dev/null");
830 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", domain);
831 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", domain_with_dot);
833 ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
834 ldap_mods_free(mods, true);
835 if (ret != LDAP_SUCCESS) {
836 DEBUG(1, ("failed to modify/add user with uid = %s (dn = %s)\n",
837 pdb_get_username(sampass),dn));
838 return NT_STATUS_LDAP(ret);
844 static NTSTATUS pdb_ipasam_add_sam_account(struct pdb_methods *pdb_methods,
845 struct samu *sampass)
848 struct ldapsam_privates *ldap_state;
850 ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
852 status =ldap_state->ipasam_privates->ldapsam_add_sam_account(pdb_methods,
854 if (!NT_STATUS_IS_OK(status)) {
858 status = ipasam_add_objectclasses(ldap_state, sampass);
859 if (!NT_STATUS_IS_OK(status)) {
863 if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
864 status = modify_ipa_password_exop(ldap_state, sampass);
865 if (!NT_STATUS_IS_OK(status)) {
873 static NTSTATUS pdb_ipasam_update_sam_account(struct pdb_methods *pdb_methods,
874 struct samu *sampass)
877 struct ldapsam_privates *ldap_state;
878 ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
880 status = ldap_state->ipasam_privates->ldapsam_update_sam_account(pdb_methods,
882 if (!NT_STATUS_IS_OK(status)) {
886 if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
887 status = modify_ipa_password_exop(ldap_state, sampass);
888 if (!NT_STATUS_IS_OK(status)) {
896 static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location)
898 struct ldapsam_privates *ldap_state;
901 status = pdb_init_ldapsam(pdb_method, location);
902 if (!NT_STATUS_IS_OK(status)) {
906 (*pdb_method)->name = "IPA_ldapsam";
908 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
909 ldap_state->ipasam_privates = talloc_zero(ldap_state,
910 struct ipasam_privates);
911 if (ldap_state->ipasam_privates == NULL) {
912 return NT_STATUS_NO_MEMORY;
914 ldap_state->is_ipa_ldap = True;
916 ldap_state->ipasam_privates->server_is_ipa = smbldap_has_extension(
917 priv2ld(ldap_state), IPA_KEYTAB_SET_OID);
918 ldap_state->ipasam_privates->ldapsam_add_sam_account = (*pdb_method)->add_sam_account;
919 ldap_state->ipasam_privates->ldapsam_update_sam_account = (*pdb_method)->update_sam_account;
921 (*pdb_method)->add_sam_account = pdb_ipasam_add_sam_account;
922 (*pdb_method)->update_sam_account = pdb_ipasam_update_sam_account;
924 (*pdb_method)->capabilities = pdb_ipasam_capabilities;
925 (*pdb_method)->get_domain_info = pdb_ipasam_get_domain_info;
927 (*pdb_method)->get_trusteddom_pw = ipasam_get_trusteddom_pw;
928 (*pdb_method)->set_trusteddom_pw = ipasam_set_trusteddom_pw;
929 (*pdb_method)->del_trusteddom_pw = ipasam_del_trusteddom_pw;
930 (*pdb_method)->enum_trusteddoms = ipasam_enum_trusteddoms;
932 (*pdb_method)->get_trusted_domain = ipasam_get_trusted_domain;
933 (*pdb_method)->get_trusted_domain_by_sid = ipasam_get_trusted_domain_by_sid;
934 (*pdb_method)->set_trusted_domain = ipasam_set_trusted_domain;
935 (*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain;
936 (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains;
941 NTSTATUS pdb_ipa_init(void)
945 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "IPA_ldapsam", pdb_init_IPA_ldapsam)))
git.samba.org / samba.git / blob