2 Unix SMB/CIFS implementation.
4 interface functions for the sam database
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_netlogon.h"
25 #include "lib/ldb/include/ldb.h"
26 #include "system/time.h"
27 #include "system/filesys.h"
31 connect to the SAM database
32 return an opaque context pointer on success, or NULL on failure
34 struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx)
36 return ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL);
40 search the sam for the specified attributes in a specific domain, filter on
41 objectSid being in domain_sid.
43 int samdb_search_domain(struct ldb_context *sam_ldb,
46 struct ldb_message ***res,
47 const char * const *attrs,
48 const struct dom_sid *domain_sid,
49 const char *format, ...) _PRINTF_ATTRIBUTE(7,8)
55 count = gendb_search_v(sam_ldb, mem_ctx, basedn, res, attrs,
62 struct dom_sid *entry_sid;
64 entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i],
67 if ((entry_sid == NULL) ||
68 (!dom_sid_in_domain(domain_sid, entry_sid))) {
70 /* Delete that entry from the result set */
71 (*res)[i] = (*res)[count-1];
82 free up a search result
84 int samdb_search_free(struct ldb_context *sam_ldb,
85 TALLOC_CTX *mem_ctx, struct ldb_message **res)
87 return ldb_search_free(sam_ldb, res);
91 search the sam for a single string attribute in exactly 1 record
93 const char *samdb_search_string_v(struct ldb_context *sam_ldb,
96 const char *attr_name,
97 const char *format, va_list ap) _PRINTF_ATTRIBUTE(5,0)
100 const char * const attrs[2] = { attr_name, NULL };
101 struct ldb_message **res = NULL;
103 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
105 DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
106 attr_name, format, count));
109 samdb_search_free(sam_ldb, mem_ctx, res);
113 return samdb_result_string(res[0], attr_name, NULL);
118 search the sam for a single string attribute in exactly 1 record
120 const char *samdb_search_string(struct ldb_context *sam_ldb,
123 const char *attr_name,
124 const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
129 va_start(ap, format);
130 str = samdb_search_string_v(sam_ldb, mem_ctx, basedn, attr_name, format, ap);
137 return the count of the number of records in the sam matching the query
139 int samdb_search_count(struct ldb_context *sam_ldb,
142 const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
145 struct ldb_message **res;
146 const char * const attrs[] = { NULL };
149 va_start(ap, format);
150 ret = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
158 search the sam for a single integer attribute in exactly 1 record
160 uint_t samdb_search_uint(struct ldb_context *sam_ldb,
162 uint_t default_value,
164 const char *attr_name,
165 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
169 struct ldb_message **res;
170 const char * const attrs[2] = { attr_name, NULL };
172 va_start(ap, format);
173 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
177 return default_value;
180 return samdb_result_uint(res[0], attr_name, default_value);
184 search the sam for a single signed 64 bit integer attribute in exactly 1 record
186 int64_t samdb_search_int64(struct ldb_context *sam_ldb,
188 int64_t default_value,
190 const char *attr_name,
191 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
195 struct ldb_message **res;
196 const char * const attrs[2] = { attr_name, NULL };
198 va_start(ap, format);
199 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
203 return default_value;
206 return samdb_result_int64(res[0], attr_name, default_value);
210 search the sam for multipe records each giving a single string attribute
211 return the number of matches, or -1 on error
213 int samdb_search_string_multiple(struct ldb_context *sam_ldb,
217 const char *attr_name,
218 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
222 const char * const attrs[2] = { attr_name, NULL };
223 struct ldb_message **res = NULL;
225 va_start(ap, format);
226 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
233 /* make sure its single valued */
234 for (i=0;i<count;i++) {
235 if (res[i]->num_elements != 1) {
236 DEBUG(1,("samdb: search for %s %s not single valued\n",
238 samdb_search_free(sam_ldb, mem_ctx, res);
243 *strs = talloc_array(mem_ctx, const char *, count+1);
245 samdb_search_free(sam_ldb, mem_ctx, res);
249 for (i=0;i<count;i++) {
250 (*strs)[i] = samdb_result_string(res[i], attr_name, NULL);
252 (*strs)[count] = NULL;
258 pull a uint from a result set.
260 uint_t samdb_result_uint(struct ldb_message *msg, const char *attr, uint_t default_value)
262 return ldb_msg_find_uint(msg, attr, default_value);
266 pull a (signed) int64 from a result set.
268 int64_t samdb_result_int64(struct ldb_message *msg, const char *attr, int64_t default_value)
270 return ldb_msg_find_int64(msg, attr, default_value);
274 pull a string from a result set.
276 const char *samdb_result_string(struct ldb_message *msg, const char *attr,
277 const char *default_value)
279 return ldb_msg_find_string(msg, attr, default_value);
283 pull a rid from a objectSid in a result set.
285 uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
286 const char *attr, uint32_t default_value)
289 const char *sidstr = ldb_msg_find_string(msg, attr, NULL);
290 if (!sidstr) return default_value;
292 sid = dom_sid_parse_talloc(mem_ctx, sidstr);
293 if (!sid) return default_value;
295 return sid->sub_auths[sid->num_auths-1];
299 pull a dom_sid structure from a objectSid in a result set.
301 struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
304 const char *sidstr = ldb_msg_find_string(msg, attr, NULL);
305 if (!sidstr) return NULL;
307 return dom_sid_parse_talloc(mem_ctx, sidstr);
311 pull a guid structure from a objectGUID in a result set.
313 struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
317 const char *guidstr = ldb_msg_find_string(msg, attr, NULL);
321 if (!guidstr) return guid;
323 status = GUID_from_string(guidstr, &guid);
324 if (!NT_STATUS_IS_OK(status)) {
333 pull a sid prefix from a objectSid in a result set.
334 this is used to find the domain sid for a user
336 const char *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
339 struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg, attr);
340 if (!sid || sid->num_auths < 1) return NULL;
344 return dom_sid_string(mem_ctx, sid);
348 pull a NTTIME in a result set.
350 NTTIME samdb_result_nttime(struct ldb_message *msg, const char *attr, const char *default_value)
352 const char *str = ldb_msg_find_string(msg, attr, default_value);
353 return nttime_from_string(str);
357 pull a uint64_t from a result set.
359 uint64_t samdb_result_uint64(struct ldb_message *msg, const char *attr, uint64_t default_value)
361 return ldb_msg_find_uint64(msg, attr, default_value);
366 construct the allow_password_change field from the PwdLastSet attribute and the
367 domain password settings
369 NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb,
371 const char *domain_dn,
372 struct ldb_message *msg,
375 uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
378 if (attr_time == 0) {
382 minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, NULL,
383 "minPwdAge", "dn=%s", domain_dn);
385 /* yes, this is a -= not a += as minPwdAge is stored as the negative
386 of the number of 100-nano-seconds */
387 attr_time -= minPwdAge;
393 construct the force_password_change field from the PwdLastSet attribute and the
394 domain password settings
396 NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
398 const char *domain_dn,
399 struct ldb_message *msg,
402 uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
405 if (attr_time == 0) {
409 maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, NULL, "maxPwdAge", "dn=%s", domain_dn);
410 if (maxPwdAge == 0) {
413 attr_time -= maxPwdAge;
420 pull a samr_Password structutre from a result set.
422 struct samr_Password samdb_result_hash(struct ldb_message *msg, const char *attr)
424 struct samr_Password hash;
425 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
428 memcpy(hash.hash, val->data, MIN(val->length, sizeof(hash.hash)));
434 pull an array of samr_Password structutres from a result set.
436 uint_t samdb_result_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
437 const char *attr, struct samr_Password **hashes)
440 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
447 count = val->length / 16;
452 *hashes = talloc_array(mem_ctx, struct samr_Password, count);
457 for (i=0;i<count;i++) {
458 memcpy((*hashes)[i].hash, (i*16)+(char *)val->data, 16);
464 NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
465 struct samr_Password **lm_pwd, struct samr_Password **nt_pwd)
468 const char *unicodePwd = samdb_result_string(msg, "unicodePwd", NULL);
470 struct samr_Password *lmPwdHash, *ntPwdHash;
473 ntPwdHash = talloc(mem_ctx, struct samr_Password);
475 return NT_STATUS_NO_MEMORY;
478 E_md4hash(unicodePwd, ntPwdHash->hash);
485 lmPwdHash = talloc(mem_ctx, struct samr_Password);
487 return NT_STATUS_NO_MEMORY;
490 /* compute the new nt and lm hashes */
491 lm_hash_ok = E_deshash(unicodePwd, lmPwdHash->hash);
502 num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHash", &ntPwdHash);
505 } else if (num_nt > 1) {
506 return NT_STATUS_INTERNAL_DB_CORRUPTION;
508 *nt_pwd = &ntPwdHash[0];
513 num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHash", &lmPwdHash);
516 } else if (num_lm > 1) {
517 return NT_STATUS_INTERNAL_DB_CORRUPTION;
519 *lm_pwd = &lmPwdHash[0];
528 pull a samr_LogonHours structutre from a result set.
530 struct samr_LogonHours samdb_result_logon_hours(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr)
532 struct samr_LogonHours hours;
533 const int units_per_week = 168;
534 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
536 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
540 hours.units_per_week = units_per_week;
541 memset(hours.bits, 0xFF, units_per_week);
543 memcpy(hours.bits, val->data, MIN(val->length, units_per_week));
549 pull a set of account_flags from a result set.
551 uint16_t samdb_result_acct_flags(struct ldb_message *msg, const char *attr)
553 uint_t userAccountControl = ldb_msg_find_uint(msg, attr, 0);
554 return samdb_uf2acb(userAccountControl);
558 copy from a template record to a message
560 int samdb_copy_template(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
561 struct ldb_message *msg, const char *expression)
563 struct ldb_message **res, *t;
567 /* pull the template record */
568 ret = gendb_search(sam_ldb, mem_ctx, NULL, &res, NULL, "%s", expression);
570 DEBUG(1,("samdb: ERROR: template '%s' matched %d records\n",
576 for (i=0;i<t->num_elements;i++) {
577 struct ldb_message_element *el = &t->elements[i];
578 /* some elements should not be copied from the template */
579 if (strcasecmp(el->name, "cn") == 0 ||
580 strcasecmp(el->name, "name") == 0 ||
581 strcasecmp(el->name, "sAMAccountName") == 0) {
584 for (j=0;j<el->num_values;j++) {
585 if (strcasecmp(el->name, "objectClass") == 0 &&
586 (strcasecmp((char *)el->values[j].data, "Template") == 0 ||
587 strcasecmp((char *)el->values[j].data, "userTemplate") == 0 ||
588 strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 ||
589 strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 ||
590 strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 ||
591 strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 ||
592 strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) {
595 samdb_msg_add_string(sam_ldb, mem_ctx, msg, el->name,
596 (char *)el->values[j].data);
605 allocate a new id, attempting to do it atomically
606 return 0 on failure, the id on success
608 static NTSTATUS _samdb_allocate_next_id(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn,
609 const char *attr, uint32_t *id)
611 struct ldb_message msg;
614 struct ldb_val vals[2];
615 struct ldb_message_element els[2];
617 str = samdb_search_string(sam_ldb, mem_ctx, NULL, attr, "dn=%s", dn);
619 DEBUG(1,("id not found at %s %s\n", dn, attr));
620 return NT_STATUS_OBJECT_NAME_INVALID;
623 *id = strtol(str, NULL, 0);
626 return NT_STATUS_INSUFFICIENT_RESOURCES;
629 /* we do a delete and add as a single operation. That prevents
632 msg.dn = talloc_strdup(mem_ctx, dn);
634 return NT_STATUS_NO_MEMORY;
636 msg.num_elements = 2;
639 els[0].num_values = 1;
640 els[0].values = &vals[0];
641 els[0].flags = LDB_FLAG_MOD_DELETE;
642 els[0].name = talloc_strdup(mem_ctx, attr);
644 return NT_STATUS_NO_MEMORY;
647 els[1].num_values = 1;
648 els[1].values = &vals[1];
649 els[1].flags = LDB_FLAG_MOD_ADD;
650 els[1].name = els[0].name;
652 vals[0].data = talloc_asprintf(mem_ctx, "%u", *id);
654 return NT_STATUS_NO_MEMORY;
656 vals[0].length = strlen(vals[0].data);
658 vals[1].data = talloc_asprintf(mem_ctx, "%u", (*id)+1);
660 return NT_STATUS_NO_MEMORY;
662 vals[1].length = strlen(vals[1].data);
664 ret = ldb_modify(sam_ldb, &msg);
666 return NT_STATUS_UNEXPECTED_IO_ERROR;
675 allocate a new id, attempting to do it atomically
676 return 0 on failure, the id on success
678 NTSTATUS samdb_allocate_next_id(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn, const char *attr,
684 /* we need to try multiple times to cope with two account
685 creations at the same time */
687 status = _samdb_allocate_next_id(sam_ldb, mem_ctx, dn, attr, id);
688 if (!NT_STATUS_EQUAL(NT_STATUS_UNEXPECTED_IO_ERROR, status)) {
693 if (NT_STATUS_EQUAL(NT_STATUS_UNEXPECTED_IO_ERROR, status)) {
694 DEBUG(1,("Failed to increment id %s at %s\n", attr, dn));
702 add a string element to a message
704 int samdb_msg_add_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
705 const char *attr_name, const char *str)
707 char *s = talloc_strdup(mem_ctx, str);
708 char *a = talloc_strdup(mem_ctx, attr_name);
709 if (s == NULL || a == NULL) {
712 return ldb_msg_add_string(sam_ldb, msg, a, s);
716 add a delete element operation to a message
718 int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
719 const char *attr_name)
721 char *a = talloc_strdup(mem_ctx, attr_name);
725 /* we use an empty replace rather than a delete, as it allows for
726 samdb_replace() to be used everywhere */
727 return ldb_msg_add_empty(sam_ldb, msg, a, LDB_FLAG_MOD_REPLACE);
731 add a add attribute value to a message
733 int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
734 const char *attr_name, const char *value)
736 struct ldb_message_element *el;
739 a = talloc_strdup(mem_ctx, attr_name);
742 v = talloc_strdup(mem_ctx, value);
745 ret = ldb_msg_add_string(sam_ldb, msg, a, v);
748 el = ldb_msg_find_element(msg, a);
751 el->flags = LDB_FLAG_MOD_ADD;
756 add a delete attribute value to a message
758 int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
759 const char *attr_name, const char *value)
761 struct ldb_message_element *el;
764 a = talloc_strdup(mem_ctx, attr_name);
767 v = talloc_strdup(mem_ctx, value);
770 ret = ldb_msg_add_string(sam_ldb, msg, a, v);
773 el = ldb_msg_find_element(msg, a);
776 el->flags = LDB_FLAG_MOD_DELETE;
781 add a uint_t element to a message
783 int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
784 const char *attr_name, uint_t v)
786 const char *s = talloc_asprintf(mem_ctx, "%u", v);
787 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
791 add a (signed) int64_t element to a message
793 int samdb_msg_add_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
794 const char *attr_name, int64_t v)
796 const char *s = talloc_asprintf(mem_ctx, "%lld", v);
797 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
801 add a uint64_t element to a message
803 int samdb_msg_add_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
804 const char *attr_name, uint64_t v)
806 const char *s = talloc_asprintf(mem_ctx, "%llu", v);
807 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
811 add a samr_Password element to a message
813 int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
814 const char *attr_name, struct samr_Password *hash)
817 val.data = talloc_memdup(mem_ctx, hash->hash, 16);
822 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
826 add a samr_Password array to a message
828 int samdb_msg_add_hashes(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
829 const char *attr_name, struct samr_Password *hashes, uint_t count)
833 val.data = talloc_array_size(mem_ctx, 16, count);
834 val.length = count*16;
838 for (i=0;i<count;i++) {
839 memcpy(i*16 + (char *)val.data, hashes[i].hash, 16);
841 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
845 add a acct_flags element to a message
847 int samdb_msg_add_acct_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
848 const char *attr_name, uint32_t v)
850 return samdb_msg_add_uint(sam_ldb, mem_ctx, msg, attr_name, samdb_acb2uf(v));
854 add a logon_hours element to a message
856 int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
857 const char *attr_name, struct samr_LogonHours *hours)
860 val.length = hours->units_per_week / 8;
861 val.data = hours->bits;
862 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
866 add a general value element to a message
868 int samdb_msg_add_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
869 const char *attr_name, const struct ldb_val *val)
871 return ldb_msg_add_value(sam_ldb, msg, attr_name, val);
875 sets a general value element to a message
877 int samdb_msg_set_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
878 const char *attr_name, const struct ldb_val *val)
880 struct ldb_message_element *el;
882 el = ldb_msg_find_element(msg, attr_name);
886 return ldb_msg_add_value(sam_ldb, msg, attr_name, val);
890 set a string element in a message
892 int samdb_msg_set_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
893 const char *attr_name, const char *str)
895 struct ldb_message_element *el;
897 el = ldb_msg_find_element(msg, attr_name);
901 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, str);
905 set a ldaptime element in a message
907 int samdb_msg_set_ldaptime(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
908 const char *attr_name, time_t t)
910 char *str = ldap_timestring(mem_ctx, t);
914 return samdb_msg_set_string(sam_ldb, mem_ctx, msg, attr_name, str);
920 int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
924 time_t now = time(NULL);
926 guid = GUID_random();
927 guidstr = GUID_string(mem_ctx, &guid);
932 samdb_msg_add_string(sam_ldb, mem_ctx, msg, "objectGUID", guidstr);
933 samdb_msg_set_ldaptime(sam_ldb, mem_ctx, msg, "whenCreated", now);
934 samdb_msg_set_ldaptime(sam_ldb, mem_ctx, msg, "whenChanged", now);
935 return ldb_add(sam_ldb, msg);
941 int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn)
943 return ldb_delete(sam_ldb, dn);
949 int samdb_modify(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
951 time_t now = time(NULL);
952 samdb_msg_set_ldaptime(sam_ldb, mem_ctx, msg, "whenChanged", now);
953 return ldb_modify(sam_ldb, msg);
957 replace elements in a record
959 int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
963 /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
964 for (i=0;i<msg->num_elements;i++) {
965 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
968 /* modify the samdb record */
969 return samdb_modify(sam_ldb, mem_ctx, msg);
973 return a default security descriptor
975 struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
977 struct security_descriptor *sd;
979 sd = security_descriptor_initialise(mem_ctx);