X-Git-Url: http://git.samba.org/samba.git/?p=jra%2Fsamba%2F.git;a=blobdiff_plain;f=source3%2Fpassdb%2Fpdb_tdb.c;h=dd6e678c99ec1d88217579eed80927b6569e3baf;hp=370c8adc7dc988f3349359d2832120a77d34b860;hb=c57b32c5ab754cdf99527e4dfc4bb6ff3ca93e25;hpb=b2e8358b3d76d88d5dc090095a4e62647c823aa5 diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 370c8adc7dc..dd6e678c99e 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -3,14 +3,14 @@ * SMB parameters and setup * Copyright (C) Andrew Tridgell 1992-1998 * Copyright (C) Simo Sorce 2000-2003 - * Copyright (C) Gerald Carter 2000 - * Copyright (C) Jeremy Allison 2001 + * Copyright (C) Gerald Carter 2000-2006 + * Copyright (C) Jeremy Allison 2001-2009 * Copyright (C) Andrew Bartlett 2002 * Copyright (C) Jim McDonough 2005 * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) + * Software Foundation; either version 3 of the License, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT @@ -19,8 +19,7 @@ * more details. * * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. + * this program; if not, see . */ #include "includes.h" @@ -38,369 +37,503 @@ static int tdbsam_debug_level = DBGC_ALL; #endif -#define TDBSAM_VERSION 2 /* Most recent TDBSAM version */ +#define TDBSAM_VERSION 4 /* Most recent TDBSAM version */ +#define TDBSAM_MINOR_VERSION 0 /* Most recent TDBSAM minor version */ #define TDBSAM_VERSION_STRING "INFO/version" +#define TDBSAM_MINOR_VERSION_STRING "INFO/minor_version" #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" +#define USERPREFIX_LEN 5 #define RIDPREFIX "RID_" #define PRIVPREFIX "PRIV_" -#define tdbsamver_t int32 +#define NEXT_RID_STRING "NEXT_RID" -struct tdbsam_privates { - TDB_CONTEXT *passwd_tdb; +/* GLOBAL TDB SAM CONTEXT */ - /* retrive-once info */ - const char *tdbsam_location; -}; +static struct db_context *db_sam; +static char *tdbsam_filename; -struct pwent_list { - struct pwent_list *prev, *next; - TDB_DATA key; +struct tdbsam_convert_state { + int32_t from; + bool success; }; -static struct pwent_list *tdbsam_pwent_list; - - -/** - * Convert old TDBSAM to the latest version. - * @param pdb_tdb A pointer to the opened TDBSAM file which must be converted. - * This file must be opened with read/write access. - * @param from Current version of the TDBSAM file. - * @return True if the conversion has been successful, false otherwise. - **/ -static BOOL tdbsam_convert(TDB_CONTEXT *pdb_tdb, tdbsamver_t from) +static int tdbsam_convert_one(struct db_record *rec, void *priv) { - const char * vstring = TDBSAM_VERSION_STRING; - SAM_ACCOUNT *user = NULL; - const char *prefix = USERPREFIX; - TDB_DATA data, key, old_key; - uint8 *buf = NULL; - BOOL ret; + struct tdbsam_convert_state *state = + (struct tdbsam_convert_state *)priv; + struct samu *user; + TDB_DATA data; + NTSTATUS status; + bool ret; + + if (rec->key.dsize < USERPREFIX_LEN) { + return 0; + } + if (strncmp((char *)rec->key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) { + return 0; + } - if (pdb_tdb == NULL) { - DEBUG(0,("tdbsam_convert: Bad TDB Context pointer.\n")); - return False; + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0,("tdbsam_convert: samu_new() failed!\n")); + state->success = false; + return -1; } - /* handle a Samba upgrade */ - tdb_lock_bystring(pdb_tdb, vstring, 0); - - if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) { - DEBUG(0,("tdbsam_convert: cannot initialized a SAM_ACCOUNT.\n")); - return False; + DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) " + "(version:%d)\n", rec->key.dptr, state->from)); + + switch (state->from) { + case 0: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V0, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 1: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V1, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 2: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V2, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 3: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V3, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 4: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V4, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + default: + /* unknown tdbsam version */ + ret = False; + } + if (!ret) { + DEBUG(0,("tdbsam_convert: Bad struct samu entry returned " + "from TDB (key:%s) (version:%d)\n", rec->key.dptr, + state->from)); + TALLOC_FREE(user); + state->success = false; + return -1; } - /* Enumerate all records and convert them */ - key = tdb_firstkey(pdb_tdb); + data.dsize = init_buffer_from_samu(&data.dptr, user, false); + TALLOC_FREE(user); - while (key.dptr) { - - /* skip all non-USER entries (eg. RIDs) */ - while ((key.dsize != 0) && (strncmp(key.dptr, prefix, strlen (prefix)))) { - old_key = key; - /* increment to next in line */ - key = tdb_nextkey(pdb_tdb, key); - SAFE_FREE(old_key.dptr); - } - - if (key.dptr) { - - /* read from tdbsam */ - data = tdb_fetch(pdb_tdb, key); - if (!data.dptr) { - DEBUG(0,("tdbsam_convert: database entry not found: %s.\n",key.dptr)); - return False; - } - - if (!NT_STATUS_IS_OK(pdb_reset_sam(user))) { - DEBUG(0,("tdbsam_convert: cannot reset SAM_ACCOUNT.\n")); - SAFE_FREE(data.dptr); - return False; - } - - /* unpack the buffer from the former format */ - DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) (version:%d)\n", key.dptr, from)); - switch (from) { - case 0: - ret = init_sam_from_buffer_v0(user, (uint8 *)data.dptr, data.dsize); - break; - case 1: - ret = init_sam_from_buffer_v1(user, (uint8 *)data.dptr, data.dsize); - break; - case 2: - ret = init_sam_from_buffer_v2(user, (uint8 *)data.dptr, data.dsize); - break; - default: - /* unknown tdbsam version */ - ret = False; - } - if (!ret) { - DEBUG(0,("tdbsam_convert: Bad SAM_ACCOUNT entry returned from TDB (key:%s) (version:%d)\n", key.dptr, from)); - SAFE_FREE(data.dptr); - return False; - } - - /* We're finished with the old data. */ - SAFE_FREE(data.dptr); - - /* pack from the buffer into the new format */ - DEBUG(10,("tdbsam_convert: Try packing a record (key:%s) (version:%d)\n", key.dptr, from)); - if ((data.dsize=init_buffer_from_sam (&buf, user, False)) == -1) { - DEBUG(0,("tdbsam_convert: cannot pack the SAM_ACCOUNT into the new format\n")); - SAFE_FREE(data.dptr); - return False; - } - data.dptr = (char *)buf; - - /* Store the buffer inside the TDBSAM */ - if (tdb_store(pdb_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0,("tdbsam_convert: cannot store the SAM_ACCOUNT (key:%s) in new format\n",key.dptr)); - SAFE_FREE(data.dptr); - return False; - } - - SAFE_FREE(data.dptr); - - /* increment to next in line */ - old_key = key; - key = tdb_nextkey(pdb_tdb, key); - SAFE_FREE(old_key.dptr); - } - + if (data.dsize == -1) { + DEBUG(0,("tdbsam_convert: cannot pack the struct samu into " + "the new format\n")); + state->success = false; + return -1; } - pdb_free_sam(&user); - - /* upgrade finished */ - tdb_store_int32(pdb_tdb, vstring, TDBSAM_VERSION); - tdb_unlock_bystring(pdb_tdb, vstring); + status = rec->store(rec, data, TDB_MODIFY); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not store the new record: %s\n", + nt_errstr(status))); + state->success = false; + return -1; + } - return(True); + return 0; } -/** - * Open the TDB passwd database, check version and convert it if needed. - * @param name filename of the tdbsam file. - * @param open_flags file access mode. - * @return a TDB_CONTEXT handle on the tdbsam file. - **/ +/********************************************************************** + Struct and function to backup an old record. + *********************************************************************/ + +struct tdbsam_backup_state { + struct db_context *new_db; + bool success; +}; -static TDB_CONTEXT * tdbsam_tdbopen (const char *name, int open_flags) +static int backup_copy_fn(struct db_record *orig_rec, void *state) { - TDB_CONTEXT *pdb_tdb; - tdbsamver_t version; - - /* Try to open tdb passwd */ - if (!(pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, - open_flags, 0600))) { - DEBUG(0, ("Unable to open/create TDB passwd\n")); - return NULL; + struct tdbsam_backup_state *bs = (struct tdbsam_backup_state *)state; + struct db_record *new_rec; + NTSTATUS status; + + new_rec = bs->new_db->fetch_locked(bs->new_db, talloc_tos(), orig_rec->key); + if (new_rec == NULL) { + bs->success = false; + return 1; } - /* Check the version */ - version = (tdbsamver_t) tdb_fetch_int32(pdb_tdb, - TDBSAM_VERSION_STRING); - if (version == -1) - version = 0; /* Version not found, assume version 0 */ - - /* Compare the version */ - if (version > TDBSAM_VERSION) { - /* Version more recent than the latest known */ - DEBUG(0, ("TDBSAM version unknown: %d\n", version)); - tdb_close(pdb_tdb); - pdb_tdb = NULL; - } - else if (version < TDBSAM_VERSION) { - /* Older version, must be converted */ - DEBUG(1, ("TDBSAM version too old (%d), trying to convert it.\n", version)); - - /* Reopen the pdb file with read-write access if needed */ - if (!(open_flags & O_RDWR)) { - DEBUG(10, ("tdbsam_tdbopen: TDB file opened with read only access, reopen it with read-write access.\n")); - tdb_close(pdb_tdb); - pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, (open_flags & 07777770) | O_RDWR, 0600); - } - - /* Convert */ - if (!tdbsam_convert(pdb_tdb, version)){ - DEBUG(0, ("tdbsam_tdbopen: Error when trying to convert tdbsam: %s\n",name)); - tdb_close(pdb_tdb); - pdb_tdb = NULL; - } else { - DEBUG(1, ("TDBSAM converted successfully.\n")); - } + status = new_rec->store(new_rec, orig_rec->value, TDB_INSERT); - /* Reopen the pdb file as it must be */ - if (!(open_flags & O_RDWR)) { - tdb_close(pdb_tdb); - pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, open_flags, 0600); - } - } - - return pdb_tdb; + TALLOC_FREE(new_rec); + + if (!NT_STATUS_IS_OK(status)) { + bs->success = false; + return 1; + } + return 0; } -/***************************************************************************** - Utility functions to close the tdb sam database - ****************************************************************************/ +/********************************************************************** + Make a backup of an old passdb and replace the new one with it. We + have to do this as between 3.0.x and 3.2.x the hash function changed + by mistake (used unsigned char * instead of char *). This means the + previous simple update code will fail due to not being able to find + existing records to replace in the tdbsam_convert_one() function. JRA. + *********************************************************************/ -static void tdbsam_tdbclose ( struct tdbsam_privates *state ) +static bool tdbsam_convert_backup(const char *dbname, struct db_context **pp_db) { - if ( !state ) - return; - - if ( state->passwd_tdb ) { - tdb_close( state->passwd_tdb ); - state->passwd_tdb = NULL; + TALLOC_CTX *frame = talloc_stackframe(); + const char *tmp_fname = NULL; + struct db_context *tmp_db = NULL; + struct db_context *orig_db = *pp_db; + struct tdbsam_backup_state bs; + int ret; + + tmp_fname = talloc_asprintf(frame, "%s.tmp", dbname); + if (!tmp_fname) { + TALLOC_FREE(frame); + return false; } - - return; - -} -/**************************************************************************** - creates a list of user keys -****************************************************************************/ + unlink(tmp_fname); + + /* Remember to open this on the NULL context. We need + * it to stay around after we return from here. */ + + tmp_db = db_open(NULL, tmp_fname, 0, + TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (tmp_db == NULL) { + DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB passwd " + "[%s]\n", tmp_fname)); + TALLOC_FREE(frame); + return false; + } + + if (orig_db->transaction_start(orig_db) != 0) { + DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (1)\n")); + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; + } + if (tmp_db->transaction_start(tmp_db) != 0) { + DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (2)\n")); + orig_db->transaction_cancel(orig_db); + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; + } + + bs.new_db = tmp_db; + bs.success = true; + + ret = orig_db->traverse(orig_db, backup_copy_fn, (void *)&bs); + if (ret < 0) { + DEBUG(0, ("tdbsam_convert_backup: traverse failed\n")); + goto cancel; + } + + if (!bs.success) { + DEBUG(0, ("tdbsam_convert_backup: Rewriting records failed\n")); + goto cancel; + } + + if (orig_db->transaction_commit(orig_db) != 0) { + smb_panic("tdbsam_convert_backup: orig commit failed\n"); + } + if (tmp_db->transaction_commit(tmp_db) != 0) { + smb_panic("tdbsam_convert_backup: orig commit failed\n"); + } + + /* be sure to close the DBs _before_ renaming the file */ + + TALLOC_FREE(orig_db); + TALLOC_FREE(tmp_db); + + /* This is safe from other users as we know we're + * under a mutex here. */ + + if (rename(tmp_fname, dbname) == -1) { + DEBUG(0, ("tdbsam_convert_backup: rename of %s to %s failed %s\n", + tmp_fname, + dbname, + strerror(errno))); + smb_panic("tdbsam_convert_backup: replace passdb failed\n"); + } + + TALLOC_FREE(frame); + + /* re-open the converted TDB */ + + orig_db = db_open(NULL, dbname, 0, + TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (orig_db == NULL) { + DEBUG(0, ("tdbsam_convert_backup: Failed to re-open " + "converted passdb TDB [%s]\n", dbname)); + return false; + } + + DEBUG(1, ("tdbsam_convert_backup: updated %s file.\n", + dbname )); + + /* Replace the global db pointer. */ + *pp_db = orig_db; + return true; + + cancel: + + if (orig_db->transaction_cancel(orig_db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); + } -static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) + if (tmp_db->transaction_cancel(tmp_db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); + } + + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; +} + +static bool tdbsam_upgrade_next_rid(struct db_context *db) { - const char *prefix = USERPREFIX; - int prefixlen = strlen (prefix); - struct pwent_list *ptr; - - if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) { - if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) { - DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n")); - - /* just return 0 and let the traversal continue */ - return 0; + TDB_CONTEXT *tdb; + uint32 rid; + bool ok = false; + + ok = dbwrap_fetch_uint32(db, NEXT_RID_STRING, &rid); + if (ok) { + return true; + } + + tdb = tdb_open_log(state_path("winbindd_idmap.tdb"), 0, + TDB_DEFAULT, O_RDONLY, 0644); + + if (tdb) { + ok = tdb_fetch_uint32(tdb, "RID_COUNTER", &rid); + if (!ok) { + rid = BASE_RID; } - ZERO_STRUCTP(ptr); - - /* save a copy of the key */ - - ptr->key.dptr = memdup( key.dptr, key.dsize ); - ptr->key.dsize = key.dsize; - - DLIST_ADD( tdbsam_pwent_list, ptr ); - + tdb_close(tdb); + } else { + rid = BASE_RID; + } + + if (dbwrap_store_uint32(db, NEXT_RID_STRING, rid) != 0) { + return false; } - - - return 0; -} -/*************************************************************** - Open the TDB passwd database for SAM account enumeration. - Save a list of user keys for iteration. -****************************************************************/ + return true; +} -static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask) +static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32 from) { - uint32 flags = update ? (O_RDWR|O_CREAT) : O_RDONLY; - - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - - if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, flags )) ) - return NT_STATUS_UNSUCCESSFUL; + struct tdbsam_convert_state state; + struct db_context *db = NULL; + int ret; + + /* We only need the update backup for local db's. */ + if (db_is_local(name) && !tdbsam_convert_backup(name, pp_db)) { + DEBUG(0, ("tdbsam_convert: Could not backup %s\n", name)); + return false; + } - tdb_traverse( tdb_state->passwd_tdb, tdbsam_traverse_setpwent, NULL ); - - return NT_STATUS_OK; -} + db = *pp_db; + state.from = from; + state.success = true; + if (db->transaction_start(db) != 0) { + DEBUG(0, ("tdbsam_convert: Could not start transaction\n")); + return false; + } -/*************************************************************** - End enumeration of the TDB passwd list. -****************************************************************/ + if (!tdbsam_upgrade_next_rid(db)) { + DEBUG(0, ("tdbsam_convert: tdbsam_upgrade_next_rid failed\n")); + goto cancel; + } -static void tdbsam_endsampwent(struct pdb_methods *my_methods) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - struct pwent_list *ptr, *ptr_next; - - tdbsam_tdbclose( tdb_state ); - - /* clear out any remaining entries in the list */ - - for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { - ptr_next = ptr->next; - DLIST_REMOVE( tdbsam_pwent_list, ptr ); - SAFE_FREE( ptr->key.dptr); - SAFE_FREE( ptr ); + ret = db->traverse(db, tdbsam_convert_one, &state); + if (ret < 0) { + DEBUG(0, ("tdbsam_convert: traverse failed\n")); + goto cancel; } - - DEBUG(7, ("endtdbpwent: closed sam database.\n")); + + if (!state.success) { + DEBUG(0, ("tdbsam_convert: Converting records failed\n")); + goto cancel; + } + + if (dbwrap_store_int32(db, TDBSAM_VERSION_STRING, + TDBSAM_VERSION) != 0) { + DEBUG(0, ("tdbsam_convert: Could not store tdbsam version\n")); + goto cancel; + } + + if (dbwrap_store_int32(db, TDBSAM_MINOR_VERSION_STRING, + TDBSAM_MINOR_VERSION) != 0) { + DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor version\n")); + goto cancel; + } + + if (db->transaction_commit(db) != 0) { + DEBUG(0, ("tdbsam_convert: Could not commit transaction\n")); + return false; + } + + return true; + + cancel: + if (db->transaction_cancel(db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); + } + + return false; } -/***************************************************************** - Get one SAM_ACCOUNT from the TDB (next in line) -*****************************************************************/ +/********************************************************************* + Open the tdbsam file based on the absolute path specified. + Uses a reference count to allow multiple open calls. +*********************************************************************/ -static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) +static bool tdbsam_open( const char *name ) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_DATA data; - struct pwent_list *pkey; + int32 version; + int32 minor_version; - if ( !user ) { - DEBUG(0,("tdbsam_getsampwent: SAM_ACCOUNT is NULL.\n")); - return nt_status; + /* check if we are already open */ + + if ( db_sam ) { + return true; } - if ( !tdbsam_pwent_list ) { - DEBUG(4,("tdbsam_getsampwent: end of list\n")); - tdbsam_tdbclose( tdb_state ); - return nt_status; + /* Try to open tdb passwd. Create a new one if necessary */ + + db_sam = db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (db_sam == NULL) { + DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd " + "[%s]\n", name)); + return false; } - - if ( !tdb_state->passwd_tdb ) { - if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)) ) - return nt_status; + + /* Check the version */ + version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); + if (version == -1) { + version = 0; /* Version not found, assume version 0 */ } - /* pull the next entry */ - - pkey = tdbsam_pwent_list; - DLIST_REMOVE( tdbsam_pwent_list, pkey ); - - data = tdb_fetch(tdb_state->passwd_tdb, pkey->key); + /* Get the minor version */ + minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); + if (minor_version == -1) { + minor_version = 0; /* Minor version not found, assume 0 */ + } - SAFE_FREE( pkey->key.dptr); - SAFE_FREE( pkey); - - if (!data.dptr) { - DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n")); - return nt_status; + /* Compare the version */ + if (version > TDBSAM_VERSION) { + /* Version more recent than the latest known */ + DEBUG(0, ("tdbsam_open: unknown version => %d\n", version)); + TALLOC_FREE(db_sam); + return false; } - - if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) { - DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n")); + + if ( version < TDBSAM_VERSION || + (version == TDBSAM_VERSION && + minor_version < TDBSAM_MINOR_VERSION) ) { + /* + * Ok - we think we're going to have to convert. + * Due to the backup process we now must do to + * upgrade we have to get a mutex and re-check + * the version. Someone else may have upgraded + * whilst we were checking. + */ + + struct named_mutex *mtx = grab_named_mutex(NULL, + "tdbsam_upgrade_mutex", + 600); + + if (!mtx) { + DEBUG(0, ("tdbsam_open: failed to grab mutex.\n")); + TALLOC_FREE(db_sam); + return false; + } + + /* Re-check the version */ + version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); + if (version == -1) { + version = 0; /* Version not found, assume version 0 */ + } + + /* Re-check the minor version */ + minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); + if (minor_version == -1) { + minor_version = 0; /* Minor version not found, assume 0 */ + } + + /* Compare the version */ + if (version > TDBSAM_VERSION) { + /* Version more recent than the latest known */ + DEBUG(0, ("tdbsam_open: unknown version => %d\n", version)); + TALLOC_FREE(db_sam); + TALLOC_FREE(mtx); + return false; + } + + if ( version < TDBSAM_VERSION || + (version == TDBSAM_VERSION && + minor_version < TDBSAM_MINOR_VERSION) ) { + /* + * Note that minor versions we read that are greater + * than the current minor version we have hard coded + * are assumed to be compatible if they have the same + * major version. That allows previous versions of the + * passdb code that don't know about minor versions to + * still use this database. JRA. + */ + + DEBUG(1, ("tdbsam_open: Converting version %d.%d database to " + "version %d.%d.\n", + version, + minor_version, + TDBSAM_VERSION, + TDBSAM_MINOR_VERSION)); + + if ( !tdbsam_convert(&db_sam, name, version) ) { + DEBUG(0, ("tdbsam_open: Error when trying to convert " + "tdbsam [%s]\n",name)); + TALLOC_FREE(db_sam); + TALLOC_FREE(mtx); + return false; + } + + DEBUG(3, ("TDBSAM converted successfully.\n")); + } + TALLOC_FREE(mtx); } - - SAFE_FREE( data.dptr ); - - return NT_STATUS_OK; + DEBUG(4,("tdbsam_open: successfully opened %s\n", name )); + + return true; } /****************************************************************** Lookup a name in the SAM TDB ******************************************************************/ -static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) +static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, + struct samu *user, const char *sname) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb; - TDB_DATA data, key; + TDB_DATA data; fstring keystr; fstring name; if ( !user ) { - DEBUG(0,("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n")); - return nt_status; + DEBUG(0,("pdb_getsampwnam: struct samu is NULL.\n")); + return NT_STATUS_NO_MEMORY; } /* Data is stored in all lower-case */ @@ -409,56 +542,35 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT /* set search key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - /* open the accounts TDB */ - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) { - - if (errno == ENOENT) { - /* - * TDB file doesn't exist, so try to create new one. This is useful to avoid - * confusing error msg when adding user account first time - */ - if ((pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_CREAT|O_RDWR )) != NULL) { - DEBUG(0, ("pdb_getsampwnam: TDB passwd (%s) did not exist. File successfully created.\n", - tdb_state->tdbsam_location)); - tdb_close(pwd_tdb); - } else { - DEBUG(0, ("pdb_getsampwnam: TDB passwd (%s) does not exist. Couldn't create new one. Error was: %s\n", - tdb_state->tdbsam_location, strerror(errno))); - } - - /* requested user isn't there anyway */ - nt_status = NT_STATUS_NO_SUCH_USER; - return nt_status; - } - DEBUG(0, ("pdb_getsampwnam: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location)); - return nt_status; + /* open the database */ + + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); + return NT_STATUS_ACCESS_DENIED; } /* get the record */ - data = tdb_fetch(pwd_tdb, key); + + data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr); if (!data.dptr) { DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); DEBUGADD(5, (" Key: %s\n", keystr)); - tdb_close(pwd_tdb); - return nt_status; + return NT_STATUS_NO_SUCH_USER; } - + /* unpack the buffer */ - if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) { - DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n")); + + if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) { + DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); SAFE_FREE(data.dptr); - tdb_close(pwd_tdb); - return nt_status; + return NT_STATUS_NO_MEMORY; } - SAFE_FREE(data.dptr); - /* no further use for database, close it now */ - tdb_close(pwd_tdb); - + /* success */ + + TALLOC_FREE(data.dptr); + return NT_STATUS_OK; } @@ -466,225 +578,235 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT Search by rid **************************************************************************/ -static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid) +static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, + struct samu *user, uint32 rid) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb; - TDB_DATA data, key; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + TDB_DATA data; fstring keystr; fstring name; - - if (user==NULL) { - DEBUG(0,("pdb_getsampwrid: SAM_ACCOUNT is NULL.\n")); + + if ( !user ) { + DEBUG(0,("pdb_getsampwrid: struct samu is NULL.\n")); return nt_status; } /* set search key */ + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - /* open the accounts TDB */ - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) { - DEBUG(0, ("pdb_getsampwrid: Unable to open TDB rid database!\n")); - return nt_status; + /* open the database */ + + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdbsam_getsampwrid: failed to open %s!\n", tdbsam_filename)); + return NT_STATUS_ACCESS_DENIED; } /* get the record */ - data = tdb_fetch (pwd_tdb, key); + + data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr); if (!data.dptr) { DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr)); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close (pwd_tdb); - return nt_status; + return NT_STATUS_UNSUCCESSFUL; } + fstrcpy(name, (const char *)data.dptr); + TALLOC_FREE(data.dptr); - fstrcpy(name, data.dptr); - SAFE_FREE(data.dptr); - - tdb_close (pwd_tdb); - return tdbsam_getsampwnam (my_methods, user, name); } -static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) +static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, + struct samu * user, const DOM_SID *sid) { uint32 rid; - if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + + if ( !sid_peek_check_rid(get_global_sam_sid(), sid, &rid) ) return NT_STATUS_UNSUCCESSFUL; + return tdbsam_getsampwrid(my_methods, user, rid); } -static BOOL tdb_delete_samacct_only(TDB_CONTEXT *pwd_tdb, - struct pdb_methods *my_methods, - SAM_ACCOUNT *sam_pass) +static bool tdb_delete_samacct_only( struct samu *sam_pass ) { - TDB_DATA key; fstring keystr; fstring name; + NTSTATUS status; fstrcpy(name, pdb_get_username(sam_pass)); strlower_m(name); - + /* set the search key */ + slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + /* it's outaa here! 8^) */ - if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("Error deleting entry from tdb passwd database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close(pwd_tdb); - return False; + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdb_delete_samacct_only: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Error deleting entry from tdb passwd " + "database: %s!\n", nt_errstr(status))); + return false; } - return True; + + return true; } /*************************************************************************** - Delete a SAM_ACCOUNT + Delete a struct samu records for the username and RID key ****************************************************************************/ -static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_pass) +static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, + struct samu *sam_pass) { - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb; - TDB_DATA key; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; fstring keystr; uint32 rid; fstring name; - + + /* open the database */ + + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdbsam_delete_sam_account: failed to open %s!\n", + tdbsam_filename)); + return NT_STATUS_ACCESS_DENIED; + } + fstrcpy(name, pdb_get_username(sam_pass)); strlower_m(name); - - /* open the TDB */ - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR))) { - DEBUG(0, ("Unable to open TDB passwd!")); - return nt_status; - } - + /* set the search key */ + slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + rid = pdb_get_user_rid(sam_pass); /* it's outaa here! 8^) */ - if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("Error deleting entry from tdb passwd database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close(pwd_tdb); - return nt_status; - } - /* delete also the RID key */ + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + nt_status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5, ("Error deleting entry from tdb passwd " + "database: %s!\n", nt_errstr(nt_status))); + goto cancel; + } /* set the search key */ + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; /* it's outaa here! 8^) */ - if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("Error deleting entry from tdb rid database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - tdb_close(pwd_tdb); - return nt_status; + + nt_status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5, ("Error deleting entry from tdb rid " + "database: %s!\n", nt_errstr(nt_status))); + goto cancel; } - - tdb_close(pwd_tdb); - + + if (db_sam->transaction_commit(db_sam) != 0) { + DEBUG(0, ("Could not commit transaction\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + return NT_STATUS_OK; + + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); + } + + return nt_status; } /*************************************************************************** Update the TDB SAM account record only + Assumes that the tdbsam is already open ****************************************************************************/ -static BOOL tdb_update_samacct_only(TDB_CONTEXT *pwd_tdb, - struct pdb_methods *my_methods, - SAM_ACCOUNT* newpwd, int flag) +static bool tdb_update_samacct_only( struct samu* newpwd, int flag ) { - TDB_DATA key, data; + TDB_DATA data; uint8 *buf = NULL; fstring keystr; fstring name; - BOOL ret = True; + bool ret = false; + NTSTATUS status; - /* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */ - if ((data.dsize=init_buffer_from_sam (&buf, newpwd, False)) == -1) { - DEBUG(0,("tdb_update_sam: ERROR - Unable to copy SAM_ACCOUNT info BYTE buffer!\n")); - ret = False; + /* copy the struct samu struct into a BYTE buffer for storage */ + + if ( (data.dsize=init_buffer_from_samu(&buf, newpwd, False)) == -1 ) { + DEBUG(0,("tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer!\n")); goto done; } - data.dptr = (char *)buf; + data.dptr = buf; fstrcpy(name, pdb_get_username(newpwd)); strlower_m(name); - - DEBUG(5, ("Storing %saccount %s with RID %d\n", - flag == TDB_INSERT ? "(new) " : "", name, + + DEBUG(5, ("Storing %saccount %s with RID %d\n", + flag == TDB_INSERT ? "(new) " : "", name, pdb_get_user_rid(newpwd))); /* setup the USER index key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; /* add the account */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", - keystr)); - ret = False; + + status = dbwrap_store_bystring(db_sam, keystr, data, flag); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to modify passwd TDB: %s!", + nt_errstr(status))); goto done; } -done: + ret = true; + +done: /* cleanup */ SAFE_FREE(buf); - - return (ret); + return ret; } /*************************************************************************** Update the TDB SAM RID record only + Assumes that the tdbsam is already open ****************************************************************************/ -static BOOL tdb_update_ridrec_only(TDB_CONTEXT *pwd_tdb, - struct pdb_methods *my_methods, - SAM_ACCOUNT* newpwd, int flag) +static bool tdb_update_ridrec_only( struct samu* newpwd, int flag ) { - TDB_DATA key, data; + TDB_DATA data; fstring keystr; fstring name; + NTSTATUS status; fstrcpy(name, pdb_get_username(newpwd)); strlower_m(name); /* setup RID data */ - data.dsize = strlen(name) + 1; - data.dptr = name; + data = string_term_tdb_data(name); /* setup the RID index key */ - slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, pdb_get_user_rid(newpwd)); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + /* add the reference */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify TDB passwd !")); - DEBUGADD(0, (" Error: %s\n", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the RID index (%s)\n", keystr)); - return False; + status = dbwrap_store_bystring(db_sam, keystr, data, flag); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to modify TDB passwd: %s!\n", + nt_errstr(status))); + return false; } - return True; + return true; } @@ -692,82 +814,126 @@ static BOOL tdb_update_ridrec_only(TDB_CONTEXT *pwd_tdb, Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, int flag) +static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd, + int flag) { - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - BOOL ret = True; - uint32 user_rid; + uint32_t oldrid; + uint32_t newrid; - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; + if (!(newrid = pdb_get_user_rid(newpwd))) { + DEBUG(0,("tdb_update_sam: struct samu (%s) with no RID!\n", + pdb_get_username(newpwd))); + return False; } - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); + oldrid = newrid; + + /* open the database */ + + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); return False; } - if (!pdb_get_group_rid(newpwd)) { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n", - pdb_get_username(newpwd))); - ret = False; - goto done; + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + return false; } - if ( !(user_rid = pdb_get_user_rid(newpwd)) ) { - DEBUG(0,("tdb_update_sam: SAM_ACCOUNT (%s) with no RID!\n", pdb_get_username(newpwd))); - ret = False; - goto done; + /* If we are updating, we may be changing this users RID. Retrieve the old RID + so we can check. */ + + if (flag == TDB_MODIFY) { + struct samu *account = samu_new(talloc_tos()); + if (account == NULL) { + DEBUG(0,("tdb_update_sam: samu_new() failed\n")); + goto cancel; + } + if (!NT_STATUS_IS_OK(tdbsam_getsampwnam(my_methods, account, pdb_get_username(newpwd)))) { + DEBUG(0,("tdb_update_sam: tdbsam_getsampwnam() for %s failed\n", + pdb_get_username(newpwd))); + TALLOC_FREE(account); + goto cancel; + } + if (!(oldrid = pdb_get_user_rid(account))) { + DEBUG(0,("tdb_update_sam: pdb_get_user_rid() failed\n")); + TALLOC_FREE(account); + goto cancel; + } + TALLOC_FREE(account); } - if (!tdb_update_samacct_only(pwd_tdb, my_methods, newpwd, flag) || - !tdb_update_ridrec_only(pwd_tdb, my_methods, newpwd, flag)) { - ret = False; - goto done; + /* Update the new samu entry. */ + if (!tdb_update_samacct_only(newpwd, flag)) { + goto cancel; } -done: - /* cleanup */ - tdb_close (pwd_tdb); - - return (ret); + /* Now take care of the case where the RID changed. We need + * to delete the old RID key and add the new. */ + + if (flag == TDB_MODIFY && newrid != oldrid) { + fstring keystr; + + /* Delete old RID key */ + DEBUG(10, ("tdb_update_sam: Deleting key for RID %u\n", oldrid)); + slprintf(keystr, sizeof(keystr) - 1, "%s%.8x", RIDPREFIX, oldrid); + if (!NT_STATUS_IS_OK(dbwrap_delete_bystring(db_sam, keystr))) { + DEBUG(0, ("tdb_update_sam: Can't delete %s\n", keystr)); + goto cancel; + } + /* Insert new RID key */ + DEBUG(10, ("tdb_update_sam: Inserting key for RID %u\n", newrid)); + if (!tdb_update_ridrec_only(newpwd, TDB_INSERT)) { + goto cancel; + } + } else { + DEBUG(10, ("tdb_update_sam: %s key for RID %u\n", + flag == TDB_MODIFY ? "Updating" : "Inserting", newrid)); + if (!tdb_update_ridrec_only(newpwd, flag)) { + goto cancel; + } + } + + if (db_sam->transaction_commit(db_sam) != 0) { + DEBUG(0, ("Could not commit transaction\n")); + return false; + } + + return true; + + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); + } + return false; } /*************************************************************************** - Modifies an existing SAM_ACCOUNT + Modifies an existing struct samu ****************************************************************************/ -static NTSTATUS tdbsam_update_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) +static NTSTATUS tdbsam_update_sam_account (struct pdb_methods *my_methods, struct samu *newpwd) { - if (tdb_update_sam(my_methods, newpwd, TDB_MODIFY)) - return NT_STATUS_OK; - else + if ( !tdb_update_sam(my_methods, newpwd, TDB_MODIFY) ) return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; } /*************************************************************************** - Adds an existing SAM_ACCOUNT + Adds an existing struct samu ****************************************************************************/ -static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd) +static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, struct samu *newpwd) { - if (tdb_update_sam(my_methods, newpwd, TDB_INSERT)) - return NT_STATUS_OK; - else + if ( !tdb_update_sam(my_methods, newpwd, TDB_INSERT) ) return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; } /*************************************************************************** - Renames a SAM_ACCOUNT + Renames a struct samu - check for the posix user/rename user script - Add and lock the new user record - rename the posix user @@ -776,158 +942,332 @@ static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCO - unlock the new user record ***************************************************************************/ static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods, - SAM_ACCOUNT *old_acct, + struct samu *old_acct, const char *newname) { - struct tdbsam_privates *tdb_state = - (struct tdbsam_privates *)my_methods->private_data; - SAM_ACCOUNT *new_acct = NULL; - pstring rename_script; - TDB_CONTEXT *pwd_tdb = NULL; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - BOOL interim_account = False; - - if (!*(lp_renameuser_script())) - goto done; + struct samu *new_acct = NULL; + char *rename_script = NULL; + int rename_ret; + fstring oldname_lower; + fstring newname_lower; - if (!pdb_copy_sam_account(old_acct, &new_acct) || - !pdb_set_username(new_acct, newname, PDB_CHANGED)) - goto done; + /* can't do anything without an external script */ - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; + if ( !(new_acct = samu_new( talloc_tos() )) ) { + return NT_STATUS_NO_MEMORY; } - /* open the account TDB passwd */ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - goto done; + rename_script = talloc_strdup(new_acct, lp_renameuser_script()); + if (!rename_script) { + TALLOC_FREE(new_acct); + return NT_STATUS_NO_MEMORY; + } + if (!*rename_script) { + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; } - /* add the new account and lock it */ - if (!tdb_update_samacct_only(pwd_tdb, my_methods, new_acct, - TDB_INSERT)) - goto done; - interim_account = True; + if ( !pdb_copy_sam_account(new_acct, old_acct) + || !pdb_set_username(new_acct, newname, PDB_CHANGED)) + { + TALLOC_FREE(new_acct); + return NT_STATUS_NO_MEMORY; + } - if (tdb_lock_bystring(pwd_tdb, newname, 30) == -1) { - goto done; + /* open the database */ + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0, ("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; } - /* rename the posix user */ - pstrcpy(rename_script, lp_renameuser_script()); + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; - if (*rename_script) { - int rename_ret; + } + + /* add the new account and lock it */ + if ( !tdb_update_samacct_only(new_acct, TDB_INSERT) ) { + goto cancel; + } - pstring_sub(rename_script, "%unew", newname); - pstring_sub(rename_script, "%uold", - pdb_get_username(old_acct)); - rename_ret = smbrun(rename_script, NULL); + /* Rename the posix user. Follow the semantics of _samr_create_user() + so that we lower case the posix name but preserve the case in passdb */ - DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret)); + fstrcpy( oldname_lower, pdb_get_username(old_acct) ); + strlower_m( oldname_lower ); - if (rename_ret) - goto done; - } else { - goto done; + fstrcpy( newname_lower, newname ); + strlower_m( newname_lower ); + + rename_script = talloc_string_sub2(new_acct, + rename_script, + "%unew", + newname_lower, + true, + false, + true); + if (!rename_script) { + goto cancel; } + rename_script = talloc_string_sub2(new_acct, + rename_script, + "%uold", + oldname_lower, + true, + false, + true); + if (!rename_script) { + goto cancel; + } + rename_ret = smbrun(rename_script, NULL); + + DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", + rename_script, rename_ret)); + + if (rename_ret != 0) { + goto cancel; + } + + smb_nscd_flush_user_cache(); /* rewrite the rid->username record */ - if (!tdb_update_ridrec_only(pwd_tdb, my_methods, new_acct, TDB_MODIFY)) - goto done; - interim_account = False; - tdb_unlock_bystring(pwd_tdb, newname); - tdb_delete_samacct_only(pwd_tdb, my_methods, old_acct); + if ( !tdb_update_ridrec_only( new_acct, TDB_MODIFY) ) { + goto cancel; + } - ret = NT_STATUS_OK; + tdb_delete_samacct_only( old_acct ); + + if (db_sam->transaction_commit(db_sam) != 0) { + /* + * Ok, we're screwed. We've changed the posix account, but + * could not adapt passdb.tdb. Shall we change the posix + * account back? + */ + DEBUG(0, ("transaction_commit failed\n")); + TALLOC_FREE(new_acct); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + TALLOC_FREE(new_acct ); + return NT_STATUS_OK; -done: - /* cleanup */ - if (interim_account) { - tdb_unlock_bystring(pwd_tdb, newname); - tdb_delete_samacct_only(pwd_tdb, my_methods, new_acct); - } - if (pwd_tdb) - tdb_close (pwd_tdb); - if (new_acct) - pdb_free_sam(&new_acct); - - return (ret); + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); + } + + TALLOC_FREE(new_acct); + + return NT_STATUS_ACCESS_DENIED; } - -static void free_private_data(void **vp) + +static bool tdbsam_rid_algorithm(struct pdb_methods *methods) +{ + return False; +} + +static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) +{ + uint32 rid; + + rid = BASE_RID; /* Default if not set */ + + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_new_rid: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + if (dbwrap_change_uint32_atomic(db_sam, NEXT_RID_STRING, &rid, 1) != 0) { + DEBUG(3, ("tdbsam_new_rid: Failed to increase %s\n", + NEXT_RID_STRING)); + return false; + } + + *prid = rid; + + return true; +} + +struct tdbsam_search_state { + struct pdb_methods *methods; + uint32_t acct_flags; + + uint32_t *rids; + uint32_t num_rids; + ssize_t array_size; + uint32_t current; +}; + +static int tdbsam_collect_rids(struct db_record *rec, void *private_data) { - struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp; - tdbsam_tdbclose(*tdb_state); - *tdb_state = NULL; + struct tdbsam_search_state *state = talloc_get_type_abort( + private_data, struct tdbsam_search_state); + size_t prefixlen = strlen(RIDPREFIX); + uint32 rid; + + if ((rec->key.dsize < prefixlen) + || (strncmp((char *)rec->key.dptr, RIDPREFIX, prefixlen))) { + return 0; + } + + rid = strtoul((char *)rec->key.dptr+prefixlen, NULL, 16); + + ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids, + &state->array_size); + + return 0; +} + +static void tdbsam_search_end(struct pdb_search *search) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + TALLOC_FREE(state); +} + +static bool tdbsam_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + struct samu *user = NULL; + NTSTATUS status; + uint32_t rid; + + again: + TALLOC_FREE(user); + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + return false; + } + + if (state->current == state->num_rids) { + return false; + } + + rid = state->rids[state->current++]; + + status = tdbsam_getsampwrid(state->methods, user, rid); - /* No need to free any further, as it is talloc()ed */ + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + /* + * Someone has deleted that user since we listed the RIDs + */ + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("tdbsam_getsampwrid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(user); + return false; + } + + if ((state->acct_flags != 0) && + ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) { + goto again; + } + + entry->acct_flags = pdb_get_acct_ctrl(user); + entry->rid = rid; + entry->account_name = talloc_strdup(search, pdb_get_username(user)); + entry->fullname = talloc_strdup(search, pdb_get_fullname(user)); + entry->description = talloc_strdup(search, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); + + if ((entry->account_name == NULL) || (entry->fullname == NULL) + || (entry->description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + return false; + } + + return true; } +static bool tdbsam_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32 acct_flags) +{ + struct tdbsam_search_state *state; + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + return false; + } + state = talloc_zero(search, struct tdbsam_search_state); + if (state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + state->acct_flags = acct_flags; + state->methods = methods; + + db_sam->traverse_read(db_sam, tdbsam_collect_rids, state); + + search->private_data = state; + search->next_entry = tdbsam_search_next_entry; + search->search_end = tdbsam_search_end; -/** - * Init tdbsam backend - * - * @param pdb_context initialised passdb context - * @param pdb_method backend methods structure to be filled with function pointers - * @param location the backend tdb file location - * - * @return nt_status code - **/ + return true; +} + +/********************************************************************* + Initialize the tdb sam backend. Setup the dispath table of methods, + open the tdb, etc... +*********************************************************************/ -static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *location) { NTSTATUS nt_status; - struct tdbsam_privates *tdb_state; + char *tdbfile = NULL; + const char *pfile = location; - if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) { return nt_status; } (*pdb_method)->name = "tdbsam"; - (*pdb_method)->setsampwent = tdbsam_setsampwent; - (*pdb_method)->endsampwent = tdbsam_endsampwent; - (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account; + (*pdb_method)->search_users = tdbsam_search_users; - tdb_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct tdbsam_privates); + (*pdb_method)->rid_algorithm = tdbsam_rid_algorithm; + (*pdb_method)->new_rid = tdbsam_new_rid; - if (!tdb_state) { - DEBUG(0, ("talloc() failed for tdbsam private_data!\n")); - return NT_STATUS_NO_MEMORY; - } + /* save the path for later */ - if (location) { - tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, location); - } else { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, PASSDB_FILE_NAME); - tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile); + if (!location) { + if (asprintf(&tdbfile, "%s/%s", lp_private_dir(), + PASSDB_FILE_NAME) < 0) { + return NT_STATUS_NO_MEMORY; + } + pfile = tdbfile; + } + tdbsam_filename = SMB_STRDUP(pfile); + if (!tdbsam_filename) { + return NT_STATUS_NO_MEMORY; } + SAFE_FREE(tdbfile); - (*pdb_method)->private_data = tdb_state; + /* no private data */ - (*pdb_method)->free_private_data = free_private_data; + (*pdb_method)->private_data = NULL; + (*pdb_method)->free_private_data = NULL; return NT_STATUS_OK; }