X-Git-Url: http://git.samba.org/idra/samba.git/?p=idra%2Fsamba.git;a=blobdiff_plain;f=source3%2Fpassdb%2Fpdb_interface.c;h=94ed355e2c57dff373ddf45c455a135ea38bda6c;hp=5a79f09db063e9b667673730c53c1db173d0c685;hb=d5661467e17cc233fe8605e8138991b4a459e78f;hpb=a226d86dcec393b2cd657d5441c3041dfdf5cd8f diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 5a79f09db06..94ed355e2c5 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -21,6 +21,16 @@ */ #include "includes.h" +#include "system/passwd.h" +#include "passdb.h" +#include "secrets.h" +#include "../librpc/gen_ndr/samr.h" +#include "../librpc/gen_ndr/drsblobs.h" +#include "../librpc/gen_ndr/ndr_drsblobs.h" +#include "memcache.h" +#include "nsswitch/winbind_client.h" +#include "../libcli/security/security.h" +#include "../lib/util/util_pw.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -133,7 +143,7 @@ NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name)); entry = pdb_find_backend_entry(module_name); - + /* Try to find a module that contains this module */ if (!entry) { DEBUG(2,("No builtin backend found, trying to load plugin\n")); @@ -143,7 +153,7 @@ NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected return NT_STATUS_UNSUCCESSFUL; } } - + /* No such backend found */ if(!entry) { DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); @@ -179,20 +189,26 @@ static struct pdb_methods *pdb_get_methods_reload( bool reload ) pdb->free_private_data( &(pdb->private_data) ); if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { char *msg = NULL; - asprintf(&msg, "pdb_get_methods_reload: " - "failed to get pdb methods for backend %s\n", - lp_passdb_backend()); - smb_panic(msg); + if (asprintf(&msg, "pdb_get_methods_reload: " + "failed to get pdb methods for backend %s\n", + lp_passdb_backend()) > 0) { + smb_panic(msg); + } else { + smb_panic("pdb_get_methods_reload"); + } } } if ( !pdb ) { if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { char *msg = NULL; - asprintf(&msg, "pdb_get_methods_reload: " - "failed to get pdb methods for backend %s\n", - lp_passdb_backend()); - smb_panic(msg); + if (asprintf(&msg, "pdb_get_methods_reload: " + "failed to get pdb methods for backend %s\n", + lp_passdb_backend()) > 0) { + smb_panic(msg); + } else { + smb_panic("pdb_get_methods_reload"); + } } } @@ -204,14 +220,113 @@ static struct pdb_methods *pdb_get_methods(void) return pdb_get_methods_reload(False); } +struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_domain_info(pdb, mem_ctx); +} + +/** + * @brief Check if the user account has been locked out and try to unlock it. + * + * If the user has been automatically locked out and a lockout duration is set, + * then check if we can unlock the account and reset the bad password values. + * + * @param[in] sampass The sam user to check. + * + * @return True if the function was successfull, false on an error. + */ +static bool pdb_try_account_unlock(struct samu *sampass) +{ + uint32_t acb_info = pdb_get_acct_ctrl(sampass); + + if ((acb_info & ACB_NORMAL) && (acb_info & ACB_AUTOLOCK)) { + uint32_t lockout_duration; + time_t bad_password_time; + time_t now = time(NULL); + bool ok; + + ok = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, + &lockout_duration); + if (!ok) { + DEBUG(0, ("pdb_try_account_unlock: " + "pdb_get_account_policy failed.\n")); + return false; + } + + if (lockout_duration == (uint32_t) -1 || + lockout_duration == 0) { + DEBUG(9, ("pdb_try_account_unlock: No reset duration, " + "can't reset autolock\n")); + return false; + } + lockout_duration *= 60; + + bad_password_time = pdb_get_bad_password_time(sampass); + if (bad_password_time == (time_t) 0) { + DEBUG(2, ("pdb_try_account_unlock: Account %s " + "administratively locked out " + "with no bad password " + "time. Leaving locked out.\n", + pdb_get_username(sampass))); + return true; + } + + if ((bad_password_time + + convert_uint32_t_to_time_t(lockout_duration)) < now) { + NTSTATUS status; + + pdb_set_acct_ctrl(sampass, acb_info & ~ACB_AUTOLOCK, + PDB_CHANGED); + pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); + pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); + + become_root(); + status = pdb_update_sam_account(sampass); + unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("_samr_OpenUser: Couldn't " + "update account %s - %s\n", + pdb_get_username(sampass), + nt_errstr(status))); + return false; + } + } + } + + return true; +} + +/** + * @brief Get a sam user structure by the given username. + * + * This functions also checks if the account has been automatically locked out + * and unlocks it if a lockout duration time has been defined and the time has + * elapsed. + * + * @param[in] sam_acct The sam user structure to fill. + * + * @param[in] username The username to look for. + * + * @return True on success, false on error. + */ bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); struct samu *for_cache; const struct dom_sid *user_sid; + NTSTATUS status; + bool ok; - if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { - return False; + status = pdb->getsampwnam(pdb, sam_acct, username); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + ok = pdb_try_account_unlock(sam_acct); + if (!ok) { + DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n", + username)); } for_cache = samu_new(NULL); @@ -236,18 +351,19 @@ bool pdb_getsampwnam(struct samu *sam_acct, const char *username) /********************************************************************** **********************************************************************/ -bool guest_user_info( struct samu *user ) +static bool guest_user_info( struct samu *user ) { struct passwd *pwd; NTSTATUS result; const char *guestname = lp_guestaccount(); - - if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) { + + pwd = Get_Pwnam_alloc(talloc_tos(), guestname); + if (pwd == NULL) { DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n", guestname)); return False; } - + result = samu_set_unix(user, pwd ); TALLOC_FREE( pwd ); @@ -255,25 +371,37 @@ bool guest_user_info( struct samu *user ) return NT_STATUS_IS_OK( result ); } -/********************************************************************** -**********************************************************************/ - -bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) +/** + * @brief Get a sam user structure by the given username. + * + * This functions also checks if the account has been automatically locked out + * and unlocks it if a lockout duration time has been defined and the time has + * elapsed. + * + * + * @param[in] sam_acct The sam user structure to fill. + * + * @param[in] sid The user SDI to look up. + * + * @return True on success, false on error. + */ +bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); - uint32 rid; + uint32_t rid; void *cache_data; + bool ok = false; /* hard code the Guest RID of 501 */ if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) ) return False; - if ( rid == DOMAIN_USER_RID_GUEST ) { + if ( rid == DOMAIN_RID_GUEST ) { DEBUG(6,("pdb_getsampwsid: Building guest account\n")); return guest_user_info( sam_acct ); } - + /* check the cache first */ cache_data = memcache_lookup_talloc( @@ -283,15 +411,27 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) struct samu *cache_copy = talloc_get_type_abort( cache_data, struct samu); - return pdb_copy_sam_account(sam_acct, cache_copy); + ok = pdb_copy_sam_account(sam_acct, cache_copy); + } else { + ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); } - return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); + if (!ok) { + return false; + } + + ok = pdb_try_account_unlock(sam_acct); + if (!ok) { + DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n", + sam_acct->username)); + } + + return true; } static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, TALLOC_CTX *tmp_ctx, const char *name, - uint32 acb_info, uint32 *rid) + uint32_t acb_info, uint32_t *rid) { struct samu *sam_pass; NTSTATUS status; @@ -341,6 +481,11 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, flush_pwnam_cache(); pwd = Get_Pwnam_alloc(tmp_ctx, name); + + if(pwd == NULL) { + DEBUG(3, ("Could not find user %s, add script did not work\n", name)); + return NT_STATUS_NO_SUCH_USER; + } } /* we have a valid SID coming out of this call */ @@ -377,8 +522,8 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, return status; } -NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags, - uint32 *rid) +NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32_t flags, + uint32_t *rid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->create_user(pdb, mem_ctx, name, flags, rid); @@ -447,7 +592,7 @@ static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods, strlower_m( username ); smb_delete_user( username ); - + return status; } @@ -525,7 +670,7 @@ NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success) return pdb->update_login_attempts(pdb, sam_acct, success); } -bool pdb_getgrsid(GROUP_MAP *map, DOM_SID sid) +bool pdb_getgrsid(GROUP_MAP *map, struct dom_sid sid) { struct pdb_methods *pdb = pdb_get_methods(); return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid)); @@ -546,9 +691,9 @@ bool pdb_getgrnam(GROUP_MAP *map, const char *name) static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const char *name, - uint32 *rid) + uint32_t *rid) { - DOM_SID group_sid; + struct dom_sid group_sid; struct group *grp; fstring tmp; @@ -568,22 +713,22 @@ static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods, return NT_STATUS_ACCESS_DENIED; } - if (pdb_rid_algorithm()) { - *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); - } else { + if (pdb_capabilities() & PDB_CAP_STORE_RIDS) { if (!pdb_new_rid(rid)) { return NT_STATUS_ACCESS_DENIED; } + } else { + *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } sid_compose(&group_sid, get_global_sam_sid(), *rid); - + return add_initial_entry(grp->gr_gid, sid_to_fstring(tmp, &group_sid), SID_NAME_DOM_GRP, name, NULL); } NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, - uint32 *rid) + uint32_t *rid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->create_dom_group(pdb, mem_ctx, name, rid); @@ -591,14 +736,17 @@ NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, - uint32 rid) + uint32_t rid) { - DOM_SID group_sid; + struct dom_sid group_sid; GROUP_MAP map; NTSTATUS status; struct group *grp; const char *grp_name; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), rid); if (!get_domain_group_from_sid(group_sid, &map)) { @@ -631,13 +779,13 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, } /* Don't check the result of smb_delete_group */ - + smb_delete_group(grp_name); return NT_STATUS_OK; } -NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid) +NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->delete_dom_group(pdb, mem_ctx, rid); @@ -655,13 +803,13 @@ NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map) return pdb->update_group_mapping_entry(pdb, map); } -NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid) +NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->delete_group_mapping_entry(pdb, sid); } -bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, +bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, bool unix_only) { struct pdb_methods *pdb = pdb_get_methods(); @@ -670,8 +818,8 @@ bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, G } NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - uint32 **pp_member_rids, + const struct dom_sid *sid, + uint32_t **pp_member_rids, size_t *p_num_members) { struct pdb_methods *pdb = pdb_get_methods(); @@ -679,28 +827,28 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, result = pdb->enum_group_members(pdb, mem_ctx, sid, pp_member_rids, p_num_members); - + /* special check for rid 513 */ - + if ( !NT_STATUS_IS_OK( result ) ) { - uint32 rid; - + uint32_t rid; + sid_peek_rid( sid, &rid ); - - if ( rid == DOMAIN_GROUP_RID_USERS ) { + + if ( rid == DOMAIN_RID_USERS ) { *p_num_members = 0; *pp_member_rids = NULL; - + return NT_STATUS_OK; } } - + return result; } NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user, - DOM_SID **pp_sids, gid_t **pp_gids, - size_t *p_num_groups) + struct dom_sid **pp_sids, gid_t **pp_gids, + uint32_t *p_num_groups) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->enum_group_memberships( @@ -741,11 +889,11 @@ NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user) */ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account, - const DOM_SID *group_sid) + const struct dom_sid *group_sid) { - DOM_SID *sids; + struct dom_sid *sids; gid_t *gids; - size_t i, num_groups; + uint32_t i, num_groups; if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account, &sids, &gids, @@ -754,7 +902,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account, } for (i=0; iadd_groupmem(pdb, mem_ctx, group_rid, member_rid); @@ -825,10 +976,10 @@ NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid, static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, - uint32 group_rid, - uint32 member_rid) + uint32_t group_rid, + uint32_t member_rid) { - DOM_SID group_sid, member_sid; + struct dom_sid group_sid, member_sid; struct samu *account = NULL; GROUP_MAP map; struct group *grp; @@ -878,60 +1029,61 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods, return NT_STATUS_OK; } -NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid, - uint32 member_rid) +NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid, + uint32_t member_rid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid); } -NTSTATUS pdb_create_alias(const char *name, uint32 *rid) +NTSTATUS pdb_create_alias(const char *name, uint32_t *rid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->create_alias(pdb, name, rid); } -NTSTATUS pdb_delete_alias(const DOM_SID *sid) +NTSTATUS pdb_delete_alias(const struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->delete_alias(pdb, sid); } -NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) +NTSTATUS pdb_get_aliasinfo(const struct dom_sid *sid, struct acct_info *info) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->get_aliasinfo(pdb, sid, info); } -NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) +NTSTATUS pdb_set_aliasinfo(const struct dom_sid *sid, struct acct_info *info) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->set_aliasinfo(pdb, sid, info); } -NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) +NTSTATUS pdb_add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->add_aliasmem(pdb, alias, member); } -NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) +NTSTATUS pdb_del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->del_aliasmem(pdb, alias, member); } -NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias, - DOM_SID **pp_members, size_t *p_num_members) +NTSTATUS pdb_enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, + struct dom_sid **pp_members, size_t *p_num_members) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members); + return pdb->enum_aliasmem(pdb, alias, mem_ctx, pp_members, + p_num_members); } NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - const DOM_SID *members, size_t num_members, - uint32 **pp_alias_rids, + const struct dom_sid *domain_sid, + const struct dom_sid *members, size_t num_members, + uint32_t **pp_alias_rids, size_t *p_num_alias_rids) { struct pdb_methods *pdb = pdb_get_methods(); @@ -942,9 +1094,9 @@ NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, p_num_alias_rids); } -NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid, +NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid, int num_rids, - uint32 *rids, + uint32_t *rids, const char **names, enum lsa_SidType *attrs) { @@ -964,10 +1116,10 @@ NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid, * used in this context some day. */ #if 0 -NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, +NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid, int num_names, const char **names, - uint32 *rids, + uint32_t *rids, enum lsa_SidType *attrs) { struct pdb_methods *pdb = pdb_get_methods(); @@ -975,25 +1127,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, } #endif -bool pdb_get_account_policy(int policy_index, uint32 *value) +bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value) { struct pdb_methods *pdb = pdb_get_methods(); NTSTATUS status; - + become_root(); - status = pdb->get_account_policy(pdb, policy_index, value); + status = pdb->get_account_policy(pdb, type, value); unbecome_root(); - + return NT_STATUS_IS_OK(status); } -bool pdb_set_account_policy(int policy_index, uint32 value) +bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value) { struct pdb_methods *pdb = pdb_get_methods(); NTSTATUS status; become_root(); - status = pdb->set_account_policy(pdb, policy_index, value); + status = pdb->set_account_policy(pdb, type, value); unbecome_root(); return NT_STATUS_IS_OK(status); @@ -1005,35 +1157,29 @@ bool pdb_get_seq_num(time_t *seq_num) return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num)); } -bool pdb_uid_to_rid(uid_t uid, uint32 *rid) -{ - struct pdb_methods *pdb = pdb_get_methods(); - return pdb->uid_to_rid(pdb, uid, rid); -} - -bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid) +bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->uid_to_sid(pdb, uid, sid); } -bool pdb_gid_to_sid(gid_t gid, DOM_SID *sid) +bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->gid_to_sid(pdb, gid, sid); } -bool pdb_sid_to_id(const DOM_SID *sid, union unid_t *id, +bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id, enum lsa_SidType *type) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->sid_to_id(pdb, sid, id, type); } -bool pdb_rid_algorithm(void) +uint32_t pdb_capabilities(void) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->rid_algorithm(pdb); + return pdb->capabilities(pdb); } /******************************************************************** @@ -1043,16 +1189,16 @@ bool pdb_rid_algorithm(void) with add RIDs (assigned from previous algorithmic mappings) ********************************************************************/ -bool pdb_new_rid(uint32 *rid) +bool pdb_new_rid(uint32_t *rid) { struct pdb_methods *pdb = pdb_get_methods(); const char *name = NULL; enum lsa_SidType type; - uint32 allocated_rid = 0; + uint32_t allocated_rid = 0; int i; TALLOC_CTX *ctx; - if (pdb_rid_algorithm()) { + if ((pdb_capabilities() & PDB_CAP_STORE_RIDS) == 0) { DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs " "are active\n")); return False; @@ -1062,8 +1208,8 @@ bool pdb_new_rid(uint32 *rid) DEBUG(0, ("'algorithmic rid base' is set but a passdb backend " "without algorithmic RIDs is chosen.\n")); DEBUGADD(0, ("Please map all used groups using 'net groupmap " - "add', set the maximum used RID using\n")); - DEBUGADD(0, ("'net setmaxrid' and remove the parameter\n")); + "add', set the maximum used RID\n")); + DEBUGADD(0, ("and remove the parameter\n")); return False; } @@ -1123,7 +1269,7 @@ static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct sam return NT_STATUS_NO_SUCH_USER; } -static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid) +static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid) { return NT_STATUS_NO_SUCH_USER; } @@ -1155,14 +1301,14 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) +static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value) { - return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value) +static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value) { - return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num) @@ -1172,22 +1318,22 @@ static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq } static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, - DOM_SID *sid) + struct dom_sid *sid) { struct samu *sampw = NULL; struct passwd *unix_pw; bool ret; - + unix_pw = sys_getpwuid( uid ); if ( !unix_pw ) { - DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid " + DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid " "%lu\n", (unsigned long)uid)); return False; } - + if ( !(sampw = samu_new( NULL )) ) { - DEBUG(0,("pdb_default_uid_to_rid: samu_new() failed!\n")); + DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n")); return False; } @@ -1197,8 +1343,8 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, unbecome_root(); if (!ret) { - DEBUG(5, ("pdb_default_uid_to_rid: Did not find user " - "%s (%d)\n", unix_pw->pw_name, uid)); + DEBUG(5, ("pdb_default_uid_to_sid: Did not find user " + "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid)); TALLOC_FREE(sampw); return False; } @@ -1210,29 +1356,8 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, return True; } -static bool pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid, - uint32 *rid) -{ - DOM_SID sid; - bool ret; - - ret = pdb_default_uid_to_sid(methods, uid, &sid); - if (!ret) { - return ret; - } - - ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid); - - if (!ret) { - DEBUG(1, ("Could not peek rid out of sid %s\n", - sid_string_dbg(&sid))); - } - - return ret; -} - static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, - DOM_SID *sid) + struct dom_sid *sid) { GROUP_MAP map; @@ -1245,13 +1370,13 @@ static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, } static bool pdb_default_sid_to_id(struct pdb_methods *methods, - const DOM_SID *sid, + const struct dom_sid *sid, union unid_t *id, enum lsa_SidType *type) { TALLOC_CTX *mem_ctx; bool ret = False; const char *name; - uint32 rid; + uint32_t rid; mem_ctx = talloc_new(NULL); @@ -1274,7 +1399,7 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, ret = True; goto done; } - + /* check for "Unix Group" */ if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) { @@ -1283,7 +1408,7 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, ret = True; goto done; } - + /* BUILTIN */ if (sid_check_is_in_builtin(sid) || @@ -1318,27 +1443,7 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, return ret; } -static bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx, - uid_t uid, uid_t **pp_uids, size_t *p_num) -{ - size_t i; - - for (i=0; i<*p_num; i++) { - if ((*pp_uids)[i] == uid) - return True; - } - - *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1); - - if (*pp_uids == NULL) - return False; - - (*pp_uids)[*p_num] = uid; - *p_num += 1; - return True; -} - -static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num) +static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, uint32_t *p_num) { struct group *grp; char **gr; @@ -1389,19 +1494,19 @@ static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if (!winbind_env) { (void)winbind_on(); } - + return ret; } static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, - const DOM_SID *group, - uint32 **pp_member_rids, + const struct dom_sid *group, + uint32_t **pp_member_rids, size_t *p_num_members) { gid_t gid; uid_t *uids; - size_t i, num_uids; + uint32_t i, num_uids; *pp_member_rids = NULL; *p_num_members = 0; @@ -1415,10 +1520,10 @@ static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, if (num_uids == 0) return NT_STATUS_OK; - *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids); + *pp_member_rids = talloc_zero_array(mem_ctx, uint32_t, num_uids); for (i=0; ipw_gid; - + TALLOC_FREE( pw ); if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) { @@ -1467,7 +1572,7 @@ static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, smb_panic("primary group missing"); } - *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups); + *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups); if (*pp_sids == NULL) { TALLOC_FREE(*pp_gids); @@ -1485,7 +1590,7 @@ static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, Look up a rid in the SAM we're responsible for (i.e. passdb) ********************************************************************/ -static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, +static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, const char **name, enum lsa_SidType *psid_name_use, union unid_t *unix_id) @@ -1493,23 +1598,22 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, struct samu *sam_account = NULL; GROUP_MAP map; bool ret; - DOM_SID sid; + struct dom_sid sid; *psid_name_use = SID_NAME_UNKNOWN; - + DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n", (unsigned int)rid)); - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - + sid_compose(&sid, get_global_sam_sid(), rid); + /* see if the passdb can help us with the name of the user */ if ( !(sam_account = samu_new( NULL )) ) { return False; } - /* BEING ROOT BLLOCK */ + /* BEING ROOT BLOCK */ become_root(); if (pdb_getsampwsid(sam_account, &sid)) { struct passwd *pw; @@ -1538,14 +1642,14 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, return True; } TALLOC_FREE(sam_account); - + ret = pdb_getgrsid(&map, sid); unbecome_root(); /* END BECOME_ROOT BLOCK */ - + /* do not resolve SIDs to a name unless there is a valid gid associated with it */ - + if ( ret && (map.gid != (gid_t)-1) ) { *name = talloc_strdup(mem_ctx, map.nt_name); *psid_name_use = map.sid_name_use; @@ -1556,7 +1660,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, return True; } - + /* Windows will always map RID 513 to something. On a non-domain controller, this gets mapped to SERVER\None. */ @@ -1564,11 +1668,11 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, DEBUG(5, ("Can't find a unix id for an unmapped group\n")); return False; } - - if ( rid == DOMAIN_GROUP_RID_USERS ) { + + if ( rid == DOMAIN_RID_USERS ) { *name = talloc_strdup(mem_ctx, "None" ); *psid_name_use = SID_NAME_DOM_GRP; - + return True; } @@ -1576,9 +1680,9 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, } static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, - const DOM_SID *domain_sid, + const struct dom_sid *domain_sid, int num_rids, - uint32 *rids, + uint32_t *rids, const char **names, enum lsa_SidType *attrs) { @@ -1640,10 +1744,10 @@ static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, #if 0 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, - const DOM_SID *domain_sid, + const struct dom_sid *domain_sid, int num_names, const char **names, - uint32 *rids, + uint32_t *rids, enum lsa_SidType *attrs) { int i; @@ -1654,7 +1758,7 @@ static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, if (sid_check_is_builtin(domain_sid)) { for (i=0; isearch_ended) && (search->search_end != NULL)) { + search->search_end(search); } + return 0; +} - result = TALLOC_P(mem_ctx, struct pdb_search); +struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx, + enum pdb_search_type type) +{ + struct pdb_search *result; + + result = talloc(mem_ctx, struct pdb_search); if (result == NULL) { DEBUG(0, ("talloc failed\n")); return NULL; } - result->mem_ctx = mem_ctx; result->type = type; result->cache = NULL; result->num_entries = 0; result->cache_size = 0; result->search_ended = False; + result->search_end = NULL; /* Segfault appropriately if not initialized */ result->next_entry = NULL; result->search_end = NULL; + talloc_set_destructor(result, pdb_search_destructor); + return result; } -static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid, - uint16 acct_flags, +static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid, + uint16_t acct_flags, const char *account_name, const char *fullname, const char *description, @@ -1763,7 +1871,7 @@ static bool next_entry_groups(struct pdb_search *s, struct samr_displayentry *entry) { struct group_search *state = (struct group_search *)s->private_data; - uint32 rid; + uint32_t rid; GROUP_MAP *map = &state->groups[state->current_group]; if (state->current_group == state->num_groups) @@ -1771,8 +1879,7 @@ static bool next_entry_groups(struct pdb_search *s, sid_peek_rid(&map->sid, &rid); - fill_displayentry(s->mem_ctx, rid, 0, map->nt_name, NULL, map->comment, - entry); + fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry); state->current_group += 1; return True; @@ -1786,11 +1893,11 @@ static void search_end_groups(struct pdb_search *search) } static bool pdb_search_grouptype(struct pdb_search *search, - const DOM_SID *sid, enum lsa_SidType type) + const struct dom_sid *sid, enum lsa_SidType type) { struct group_search *state; - state = TALLOC_P(search->mem_ctx, struct group_search); + state = talloc(search, struct group_search); if (state == NULL) { DEBUG(0, ("talloc failed\n")); return False; @@ -1817,14 +1924,14 @@ static bool pdb_default_search_groups(struct pdb_methods *methods, static bool pdb_default_search_aliases(struct pdb_methods *methods, struct pdb_search *search, - const DOM_SID *sid) + const struct dom_sid *sid) { return pdb_search_grouptype(search, sid, SID_NAME_ALIAS); } static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search, - uint32 idx) + uint32_t idx) { if (idx < search->num_entries) return &search->cache[idx]; @@ -1841,7 +1948,7 @@ static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search, break; } - ADD_TO_LARGE_ARRAY(search->mem_ctx, struct samr_displayentry, + ADD_TO_LARGE_ARRAY(search, struct samr_displayentry, entry, &search->cache, &search->num_entries, &search->cache_size); } @@ -1849,63 +1956,65 @@ static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search, return (search->num_entries > idx) ? &search->cache[idx] : NULL; } -struct pdb_search *pdb_search_users(uint32 acct_flags) +struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags) { struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; - result = pdb_search_init(PDB_USER_SEARCH); + result = pdb_search_init(mem_ctx, PDB_USER_SEARCH); if (result == NULL) { return NULL; } if (!pdb->search_users(pdb, result, acct_flags)) { - talloc_destroy(result->mem_ctx); + TALLOC_FREE(result); return NULL; } return result; } -struct pdb_search *pdb_search_groups(void) +struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx) { struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; - result = pdb_search_init(PDB_GROUP_SEARCH); + result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH); if (result == NULL) { return NULL; } if (!pdb->search_groups(pdb, result)) { - talloc_destroy(result->mem_ctx); + TALLOC_FREE(result); return NULL; } return result; } -struct pdb_search *pdb_search_aliases(const DOM_SID *sid) +struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; if (pdb == NULL) return NULL; - result = pdb_search_init(PDB_ALIAS_SEARCH); - if (result == NULL) return NULL; + result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH); + if (result == NULL) { + return NULL; + } if (!pdb->search_aliases(pdb, result, sid)) { - talloc_destroy(result->mem_ctx); + TALLOC_FREE(result); return NULL; } return result; } -uint32 pdb_search_entries(struct pdb_search *search, - uint32 start_idx, uint32 max_entries, +uint32_t pdb_search_entries(struct pdb_search *search, + uint32_t start_idx, uint32_t max_entries, struct samr_displayentry **result) { struct samr_displayentry *end_entry; - uint32 end_idx = start_idx+max_entries-1; + uint32_t end_idx = start_idx+max_entries-1; /* The first entry needs to be searched after the last. Otherwise the * first entry might have moved due to a realloc during the search for @@ -1923,22 +2032,11 @@ uint32 pdb_search_entries(struct pdb_search *search, return search->num_entries - start_idx; } -void pdb_search_destroy(struct pdb_search *search) -{ - if (search == NULL) - return; - - if (!search->search_ended) - search->search_end(search); - - talloc_destroy(search->mem_ctx); -} - /******************************************************************* - trustodm methods + trustdom methods *******************************************************************/ -bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid, +bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid, time_t *pass_last_set_time) { struct pdb_methods *pdb = pdb_get_methods(); @@ -1947,7 +2045,7 @@ bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid, } bool pdb_set_trusteddom_pw(const char* domain, const char* pwd, - const DOM_SID *sid) + const struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->set_trusteddom_pw(pdb, domain, pwd, sid); @@ -1959,7 +2057,7 @@ bool pdb_del_trusteddom_pw(const char *domain) return pdb->del_trusteddom_pw(pdb, domain); } -NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains, +NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct trustdom_info ***domains) { struct pdb_methods *pdb = pdb_get_methods(); @@ -1975,7 +2073,7 @@ NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains, static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods, const char *domain, char** pwd, - DOM_SID *sid, + struct dom_sid *sid, time_t *pass_last_set_time) { return secrets_fetch_trusted_domain_password(domain, pwd, @@ -1986,7 +2084,7 @@ static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods, static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods, const char* domain, const char* pwd, - const DOM_SID *sid) + const struct dom_sid *sid) { return secrets_store_trusted_domain_password(domain, pwd, sid); } @@ -1999,12 +2097,191 @@ static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods, static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, - uint32 *num_domains, + uint32_t *num_domains, struct trustdom_info ***domains) { return secrets_trusted_domains(mem_ctx, num_domains, domains); } +/******************************************************************* + trusted_domain methods + *******************************************************************/ + +NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, + struct pdb_trusted_domain **td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusted_domain(pdb, mem_ctx, domain, td); +} + +NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td); +} + +NTSTATUS pdb_set_trusted_domain(const char* domain, + const struct pdb_trusted_domain *td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->set_trusted_domain(pdb, domain, td); +} + +NTSTATUS pdb_del_trusted_domain(const char *domain) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->del_trusted_domain(pdb, domain); +} + +NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains, + struct pdb_trusted_domain ***domains) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains); +} + +static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const char *domain, + struct pdb_trusted_domain **td) +{ + struct trustAuthInOutBlob taiob; + struct AuthenticationInformation aia; + struct pdb_trusted_domain *tdom; + enum ndr_err_code ndr_err; + time_t last_set_time; + char *pwd; + bool ok; + + tdom = talloc(mem_ctx, struct pdb_trusted_domain); + if (!tdom) { + return NT_STATUS_NO_MEMORY; + } + + tdom->domain_name = talloc_strdup(tdom, domain); + tdom->netbios_name = talloc_strdup(tdom, domain); + if (!tdom->domain_name || !tdom->netbios_name) { + talloc_free(tdom); + return NT_STATUS_NO_MEMORY; + } + + tdom->trust_auth_incoming = data_blob_null; + + ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier, + &last_set_time); + if (!ok) { + talloc_free(tdom); + return NT_STATUS_UNSUCCESSFUL; + } + + ZERO_STRUCT(taiob); + ZERO_STRUCT(aia); + taiob.count = 1; + taiob.current.count = 1; + taiob.current.array = &aia; + unix_to_nt_time(&aia.LastUpdateTime, last_set_time); + aia.AuthType = TRUST_AUTH_TYPE_CLEAR; + aia.AuthInfo.clear.password = (uint8_t *) pwd; + aia.AuthInfo.clear.size = strlen(pwd); + taiob.previous.count = 0; + taiob.previous.array = NULL; + + ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing, + tdom, &taiob, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(tdom); + return NT_STATUS_UNSUCCESSFUL; + } + + tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND; + tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL; + tdom->trust_attributes = 0; + tdom->trust_forest_trust_info = data_blob_null; + + *td = tdom; + return NT_STATUS_OK; +} + +static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +#define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0) + +static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods, + const char* domain, + const struct pdb_trusted_domain *td) +{ + struct trustAuthInOutBlob taiob; + struct AuthenticationInformation *aia; + enum ndr_err_code ndr_err; + char *pwd; + bool ok; + + if (td->trust_attributes != 0 || + td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL || + td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND || + !IS_NULL_DATA_BLOB(td->trust_auth_incoming) || + !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + ZERO_STRUCT(taiob); + ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(), + &taiob, + (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return NT_STATUS_UNSUCCESSFUL; + } + + aia = (struct AuthenticationInformation *) taiob.current.array; + + if (taiob.count != 1 || taiob.current.count != 1 || + taiob.previous.count != 0 || + aia->AuthType != TRUST_AUTH_TYPE_CLEAR) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password, + aia->AuthInfo.clear.size); + if (!pwd) { + return NT_STATUS_NO_MEMORY; + } + + ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier); + if (!ok) { + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} + +static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods, + const char *domain) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_enum_trusted_domains(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + uint32_t *num_domains, + struct pdb_trusted_domain ***domains) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static struct pdb_domain_info *pdb_default_get_domain_info( + struct pdb_methods *m, TALLOC_CTX *mem_ctx) +{ + return NULL; +} + /******************************************************************* Create a pdb_methods structure and initialize it with the default operations. In this way a passdb module can simply implement @@ -2016,10 +2293,12 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) { /* allocate memory for the structure as its own talloc CTX */ - if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) { + *methods = talloc_zero(NULL, struct pdb_methods); + if (*methods == NULL) { return NT_STATUS_NO_MEMORY; } + (*methods)->get_domain_info = pdb_default_get_domain_info; (*methods)->getsampwnam = pdb_default_getsampwnam; (*methods)->getsampwsid = pdb_default_getsampwsid; (*methods)->create_user = pdb_default_create_user; @@ -2056,7 +2335,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->get_account_policy = pdb_default_get_account_policy; (*methods)->set_account_policy = pdb_default_set_account_policy; (*methods)->get_seq_num = pdb_default_get_seq_num; - (*methods)->uid_to_rid = pdb_default_uid_to_rid; (*methods)->uid_to_sid = pdb_default_uid_to_sid; (*methods)->gid_to_sid = pdb_default_gid_to_sid; (*methods)->sid_to_id = pdb_default_sid_to_id; @@ -2069,5 +2347,11 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw; (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms; + (*methods)->get_trusted_domain = pdb_default_get_trusted_domain; + (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid; + (*methods)->set_trusted_domain = pdb_default_set_trusted_domain; + (*methods)->del_trusted_domain = pdb_default_del_trusted_domain; + (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains; + return NT_STATUS_OK; }