X-Git-Url: http://git.samba.org/samba.git/?p=jra%2Fsamba%2F.git;a=blobdiff_plain;f=source3%2Fpassdb%2Fpdb_tdb.c;h=dd6e678c99ec1d88217579eed80927b6569e3baf;hp=b38ebe436a7ccbc4975b97917a04a9b41fd87b09;hb=c57b32c5ab754cdf99527e4dfc4bb6ff3ca93e25;hpb=ddf14cc286944e11cebfcf550cf57a7a9436a5a0 diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index b38ebe436a7..dd6e678c99e 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -4,13 +4,13 @@ * Copyright (C) Andrew Tridgell 1992-1998 * Copyright (C) Simo Sorce 2000-2003 * Copyright (C) Gerald Carter 2000-2006 - * Copyright (C) Jeremy Allison 2001 + * Copyright (C) Jeremy Allison 2001-2009 * Copyright (C) Andrew Bartlett 2002 * Copyright (C) Jim McDonough 2005 * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) + * Software Foundation; either version 3 of the License, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT @@ -19,8 +19,7 @@ * more details. * * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. + * this program; if not, see . */ #include "includes.h" @@ -38,756 +37,363 @@ static int tdbsam_debug_level = DBGC_ALL; #endif -#define TDBSAM_VERSION 3 /* Most recent TDBSAM version */ +#define TDBSAM_VERSION 4 /* Most recent TDBSAM version */ +#define TDBSAM_MINOR_VERSION 0 /* Most recent TDBSAM minor version */ #define TDBSAM_VERSION_STRING "INFO/version" +#define TDBSAM_MINOR_VERSION_STRING "INFO/minor_version" #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" +#define USERPREFIX_LEN 5 #define RIDPREFIX "RID_" #define PRIVPREFIX "PRIV_" - -struct pwent_list { - struct pwent_list *prev, *next; - TDB_DATA key; -}; -static struct pwent_list *tdbsam_pwent_list; -static BOOL pwent_initialized; +#define NEXT_RID_STRING "NEXT_RID" /* GLOBAL TDB SAM CONTEXT */ -static TDB_CONTEXT *tdbsam; -static int ref_count = 0; -static pstring tdbsam_filename; +static struct db_context *db_sam; +static char *tdbsam_filename; -/********************************************************************** - Marshall/unmarshall struct samu structs. - *********************************************************************/ - -#define TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd" -#define TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd" -#define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" - -/********************************************************************* -*********************************************************************/ +struct tdbsam_convert_state { + int32_t from; + bool success; +}; -static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buflen) +static int tdbsam_convert_one(struct db_record *rec, void *priv) { - - /* times are stored as 32bit integer - take care on system with 64bit wide time_t - --SSS */ - uint32 logon_time, - logoff_time, - kickoff_time, - pass_last_set_time, - pass_can_change_time, - pass_must_change_time; - char *username = NULL; - char *domain = NULL; - char *nt_username = NULL; - char *dir_drive = NULL; - char *unknown_str = NULL; - char *munged_dial = NULL; - char *fullname = NULL; - char *homedir = NULL; - char *logon_script = NULL; - char *profile_path = NULL; - char *acct_desc = NULL; - char *workstations = NULL; - uint32 username_len, domain_len, nt_username_len, - dir_drive_len, unknown_str_len, munged_dial_len, - fullname_len, homedir_len, logon_script_len, - profile_path_len, acct_desc_len, workstations_len; - - uint32 user_rid, group_rid, remove_me, hours_len, unknown_6; - uint16 acct_ctrl, logon_divs; - uint16 bad_password_count, logon_count; - uint8 *hours = NULL; - uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL; - uint32 len = 0; - uint32 lm_pw_len, nt_pw_len, hourslen; - BOOL ret = True; - - if(sampass == NULL || buf == NULL) { - DEBUG(0, ("init_sam_from_buffer_v0: NULL parameters found!\n")); - return False; - } - -/* TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd" */ - - /* unpack the buffer into variables */ - len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V0, - &logon_time, /* d */ - &logoff_time, /* d */ - &kickoff_time, /* d */ - &pass_last_set_time, /* d */ - &pass_can_change_time, /* d */ - &pass_must_change_time, /* d */ - &username_len, &username, /* B */ - &domain_len, &domain, /* B */ - &nt_username_len, &nt_username, /* B */ - &fullname_len, &fullname, /* B */ - &homedir_len, &homedir, /* B */ - &dir_drive_len, &dir_drive, /* B */ - &logon_script_len, &logon_script, /* B */ - &profile_path_len, &profile_path, /* B */ - &acct_desc_len, &acct_desc, /* B */ - &workstations_len, &workstations, /* B */ - &unknown_str_len, &unknown_str, /* B */ - &munged_dial_len, &munged_dial, /* B */ - &user_rid, /* d */ - &group_rid, /* d */ - &lm_pw_len, &lm_pw_ptr, /* B */ - &nt_pw_len, &nt_pw_ptr, /* B */ - &acct_ctrl, /* w */ - &remove_me, /* remove on the next TDB_FORMAT upgarde */ /* d */ - &logon_divs, /* w */ - &hours_len, /* d */ - &hourslen, &hours, /* B */ - &bad_password_count, /* w */ - &logon_count, /* w */ - &unknown_6); /* d */ - - if (len == (uint32) -1) { + struct tdbsam_convert_state *state = + (struct tdbsam_convert_state *)priv; + struct samu *user; + TDB_DATA data; + NTSTATUS status; + bool ret; + + if (rec->key.dsize < USERPREFIX_LEN) { + return 0; + } + if (strncmp((char *)rec->key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) { + return 0; + } + + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0,("tdbsam_convert: samu_new() failed!\n")); + state->success = false; + return -1; + } + + DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) " + "(version:%d)\n", rec->key.dptr, state->from)); + + switch (state->from) { + case 0: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V0, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 1: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V1, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 2: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V2, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 3: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V3, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + case 4: + ret = init_samu_from_buffer(user, SAMU_BUFFER_V4, + (uint8 *)rec->value.dptr, + rec->value.dsize); + break; + default: + /* unknown tdbsam version */ ret = False; - goto done; + } + if (!ret) { + DEBUG(0,("tdbsam_convert: Bad struct samu entry returned " + "from TDB (key:%s) (version:%d)\n", rec->key.dptr, + state->from)); + TALLOC_FREE(user); + state->success = false; + return -1; } - pdb_set_logon_time(sampass, logon_time, PDB_SET); - pdb_set_logoff_time(sampass, logoff_time, PDB_SET); - pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); - pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); - pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET); - pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); - - pdb_set_username(sampass, username, PDB_SET); - pdb_set_domain(sampass, domain, PDB_SET); - pdb_set_nt_username(sampass, nt_username, PDB_SET); - pdb_set_fullname(sampass, fullname, PDB_SET); + data.dsize = init_buffer_from_samu(&data.dptr, user, false); + TALLOC_FREE(user); - if (homedir) { - pdb_set_homedir(sampass, homedir, PDB_SET); - } - else { - pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), - PDB_DEFAULT); + if (data.dsize == -1) { + DEBUG(0,("tdbsam_convert: cannot pack the struct samu into " + "the new format\n")); + state->success = false; + return -1; } - if (dir_drive) - pdb_set_dir_drive(sampass, dir_drive, PDB_SET); - else { - pdb_set_dir_drive(sampass, - talloc_sub_basic(sampass, username, lp_logon_drive()), - PDB_DEFAULT); + status = rec->store(rec, data, TDB_MODIFY); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not store the new record: %s\n", + nt_errstr(status))); + state->success = false; + return -1; } - if (logon_script) - pdb_set_logon_script(sampass, logon_script, PDB_SET); - else { - pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), - PDB_DEFAULT); - } - - if (profile_path) { - pdb_set_profile_path(sampass, profile_path, PDB_SET); - } else { - pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), - PDB_DEFAULT); - } + return 0; +} + +/********************************************************************** + Struct and function to backup an old record. + *********************************************************************/ - pdb_set_acct_desc(sampass, acct_desc, PDB_SET); - pdb_set_workstations(sampass, workstations, PDB_SET); - pdb_set_munged_dial(sampass, munged_dial, PDB_SET); +struct tdbsam_backup_state { + struct db_context *new_db; + bool success; +}; - if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { - if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } - } +static int backup_copy_fn(struct db_record *orig_rec, void *state) +{ + struct tdbsam_backup_state *bs = (struct tdbsam_backup_state *)state; + struct db_record *new_rec; + NTSTATUS status; - if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { - if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } + new_rec = bs->new_db->fetch_locked(bs->new_db, talloc_tos(), orig_rec->key); + if (new_rec == NULL) { + bs->success = false; + return 1; } - pdb_set_pw_history(sampass, NULL, 0, PDB_SET); - pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); - pdb_set_hours_len(sampass, hours_len, PDB_SET); - pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); - pdb_set_logon_count(sampass, logon_count, PDB_SET); - pdb_set_unknown_6(sampass, unknown_6, PDB_SET); - pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); - pdb_set_logon_divs(sampass, logon_divs, PDB_SET); - pdb_set_hours(sampass, hours, PDB_SET); - -done: + status = new_rec->store(new_rec, orig_rec->value, TDB_INSERT); - SAFE_FREE(username); - SAFE_FREE(domain); - SAFE_FREE(nt_username); - SAFE_FREE(fullname); - SAFE_FREE(homedir); - SAFE_FREE(dir_drive); - SAFE_FREE(logon_script); - SAFE_FREE(profile_path); - SAFE_FREE(acct_desc); - SAFE_FREE(workstations); - SAFE_FREE(munged_dial); - SAFE_FREE(unknown_str); - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); - SAFE_FREE(hours); + TALLOC_FREE(new_rec); - return ret; + if (!NT_STATUS_IS_OK(status)) { + bs->success = false; + return 1; + } + return 0; } -/********************************************************************* -*********************************************************************/ +/********************************************************************** + Make a backup of an old passdb and replace the new one with it. We + have to do this as between 3.0.x and 3.2.x the hash function changed + by mistake (used unsigned char * instead of char *). This means the + previous simple update code will fail due to not being able to find + existing records to replace in the tdbsam_convert_one() function. JRA. + *********************************************************************/ -static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buflen) +static bool tdbsam_convert_backup(const char *dbname, struct db_context **pp_db) { + TALLOC_CTX *frame = talloc_stackframe(); + const char *tmp_fname = NULL; + struct db_context *tmp_db = NULL; + struct db_context *orig_db = *pp_db; + struct tdbsam_backup_state bs; + int ret; - /* times are stored as 32bit integer - take care on system with 64bit wide time_t - --SSS */ - uint32 logon_time, - logoff_time, - kickoff_time, - bad_password_time, - pass_last_set_time, - pass_can_change_time, - pass_must_change_time; - char *username = NULL; - char *domain = NULL; - char *nt_username = NULL; - char *dir_drive = NULL; - char *unknown_str = NULL; - char *munged_dial = NULL; - char *fullname = NULL; - char *homedir = NULL; - char *logon_script = NULL; - char *profile_path = NULL; - char *acct_desc = NULL; - char *workstations = NULL; - uint32 username_len, domain_len, nt_username_len, - dir_drive_len, unknown_str_len, munged_dial_len, - fullname_len, homedir_len, logon_script_len, - profile_path_len, acct_desc_len, workstations_len; - - uint32 user_rid, group_rid, remove_me, hours_len, unknown_6; - uint16 acct_ctrl, logon_divs; - uint16 bad_password_count, logon_count; - uint8 *hours = NULL; - uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL; - uint32 len = 0; - uint32 lm_pw_len, nt_pw_len, hourslen; - BOOL ret = True; - - if(sampass == NULL || buf == NULL) { - DEBUG(0, ("init_sam_from_buffer_v1: NULL parameters found!\n")); - return False; - } - -/* TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd" */ - - /* unpack the buffer into variables */ - len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V1, - &logon_time, /* d */ - &logoff_time, /* d */ - &kickoff_time, /* d */ - /* Change from V0 is addition of bad_password_time field. */ - &bad_password_time, /* d */ - &pass_last_set_time, /* d */ - &pass_can_change_time, /* d */ - &pass_must_change_time, /* d */ - &username_len, &username, /* B */ - &domain_len, &domain, /* B */ - &nt_username_len, &nt_username, /* B */ - &fullname_len, &fullname, /* B */ - &homedir_len, &homedir, /* B */ - &dir_drive_len, &dir_drive, /* B */ - &logon_script_len, &logon_script, /* B */ - &profile_path_len, &profile_path, /* B */ - &acct_desc_len, &acct_desc, /* B */ - &workstations_len, &workstations, /* B */ - &unknown_str_len, &unknown_str, /* B */ - &munged_dial_len, &munged_dial, /* B */ - &user_rid, /* d */ - &group_rid, /* d */ - &lm_pw_len, &lm_pw_ptr, /* B */ - &nt_pw_len, &nt_pw_ptr, /* B */ - &acct_ctrl, /* w */ - &remove_me, /* d */ - &logon_divs, /* w */ - &hours_len, /* d */ - &hourslen, &hours, /* B */ - &bad_password_count, /* w */ - &logon_count, /* w */ - &unknown_6); /* d */ - - if (len == (uint32) -1) { - ret = False; - goto done; + tmp_fname = talloc_asprintf(frame, "%s.tmp", dbname); + if (!tmp_fname) { + TALLOC_FREE(frame); + return false; } - pdb_set_logon_time(sampass, logon_time, PDB_SET); - pdb_set_logoff_time(sampass, logoff_time, PDB_SET); - pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); + unlink(tmp_fname); - /* Change from V0 is addition of bad_password_time field. */ - pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); - pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); - pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET); - pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); + /* Remember to open this on the NULL context. We need + * it to stay around after we return from here. */ - pdb_set_username(sampass, username, PDB_SET); - pdb_set_domain(sampass, domain, PDB_SET); - pdb_set_nt_username(sampass, nt_username, PDB_SET); - pdb_set_fullname(sampass, fullname, PDB_SET); + tmp_db = db_open(NULL, tmp_fname, 0, + TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (tmp_db == NULL) { + DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB passwd " + "[%s]\n", tmp_fname)); + TALLOC_FREE(frame); + return false; + } - if (homedir) { - pdb_set_homedir(sampass, homedir, PDB_SET); + if (orig_db->transaction_start(orig_db) != 0) { + DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (1)\n")); + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; } - else { - pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), - PDB_DEFAULT); + if (tmp_db->transaction_start(tmp_db) != 0) { + DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (2)\n")); + orig_db->transaction_cancel(orig_db); + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; } - if (dir_drive) - pdb_set_dir_drive(sampass, dir_drive, PDB_SET); - else { - pdb_set_dir_drive(sampass, - talloc_sub_basic(sampass, username, lp_logon_drive()), - PDB_DEFAULT); + bs.new_db = tmp_db; + bs.success = true; + + ret = orig_db->traverse(orig_db, backup_copy_fn, (void *)&bs); + if (ret < 0) { + DEBUG(0, ("tdbsam_convert_backup: traverse failed\n")); + goto cancel; + } + + if (!bs.success) { + DEBUG(0, ("tdbsam_convert_backup: Rewriting records failed\n")); + goto cancel; } - if (logon_script) - pdb_set_logon_script(sampass, logon_script, PDB_SET); - else { - pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), - PDB_DEFAULT); + if (orig_db->transaction_commit(orig_db) != 0) { + smb_panic("tdbsam_convert_backup: orig commit failed\n"); } - - if (profile_path) { - pdb_set_profile_path(sampass, profile_path, PDB_SET); - } else { - pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), - PDB_DEFAULT); + if (tmp_db->transaction_commit(tmp_db) != 0) { + smb_panic("tdbsam_convert_backup: orig commit failed\n"); } - pdb_set_acct_desc(sampass, acct_desc, PDB_SET); - pdb_set_workstations(sampass, workstations, PDB_SET); - pdb_set_munged_dial(sampass, munged_dial, PDB_SET); + /* be sure to close the DBs _before_ renaming the file */ - if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { - if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } - } + TALLOC_FREE(orig_db); + TALLOC_FREE(tmp_db); - if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { - if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } + /* This is safe from other users as we know we're + * under a mutex here. */ + + if (rename(tmp_fname, dbname) == -1) { + DEBUG(0, ("tdbsam_convert_backup: rename of %s to %s failed %s\n", + tmp_fname, + dbname, + strerror(errno))); + smb_panic("tdbsam_convert_backup: replace passdb failed\n"); } - pdb_set_pw_history(sampass, NULL, 0, PDB_SET); + TALLOC_FREE(frame); - pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); - pdb_set_hours_len(sampass, hours_len, PDB_SET); - pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); - pdb_set_logon_count(sampass, logon_count, PDB_SET); - pdb_set_unknown_6(sampass, unknown_6, PDB_SET); - pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); - pdb_set_logon_divs(sampass, logon_divs, PDB_SET); - pdb_set_hours(sampass, hours, PDB_SET); + /* re-open the converted TDB */ -done: + orig_db = db_open(NULL, dbname, 0, + TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (orig_db == NULL) { + DEBUG(0, ("tdbsam_convert_backup: Failed to re-open " + "converted passdb TDB [%s]\n", dbname)); + return false; + } - SAFE_FREE(username); - SAFE_FREE(domain); - SAFE_FREE(nt_username); - SAFE_FREE(fullname); - SAFE_FREE(homedir); - SAFE_FREE(dir_drive); - SAFE_FREE(logon_script); - SAFE_FREE(profile_path); - SAFE_FREE(acct_desc); - SAFE_FREE(workstations); - SAFE_FREE(munged_dial); - SAFE_FREE(unknown_str); - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); - SAFE_FREE(hours); + DEBUG(1, ("tdbsam_convert_backup: updated %s file.\n", + dbname )); - return ret; -} + /* Replace the global db pointer. */ + *pp_db = orig_db; + return true; -BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) -{ + cancel: - /* times are stored as 32bit integer - take care on system with 64bit wide time_t - --SSS */ - uint32 logon_time, - logoff_time, - kickoff_time, - bad_password_time, - pass_last_set_time, - pass_can_change_time, - pass_must_change_time; - char *username = NULL; - char *domain = NULL; - char *nt_username = NULL; - char *dir_drive = NULL; - char *unknown_str = NULL; - char *munged_dial = NULL; - char *fullname = NULL; - char *homedir = NULL; - char *logon_script = NULL; - char *profile_path = NULL; - char *acct_desc = NULL; - char *workstations = NULL; - uint32 username_len, domain_len, nt_username_len, - dir_drive_len, unknown_str_len, munged_dial_len, - fullname_len, homedir_len, logon_script_len, - profile_path_len, acct_desc_len, workstations_len; - - uint32 user_rid, group_rid, hours_len, unknown_6; - uint16 acct_ctrl, logon_divs; - uint16 bad_password_count, logon_count; - uint8 *hours = NULL; - uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; - uint32 len = 0; - uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen; - uint32 pwHistLen = 0; - BOOL ret = True; - fstring tmpstring; - BOOL expand_explicit = lp_passdb_expand_explicit(); - - if(sampass == NULL || buf == NULL) { - DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n")); - return False; - } - -/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */ - - /* unpack the buffer into variables */ - len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V2, - &logon_time, /* d */ - &logoff_time, /* d */ - &kickoff_time, /* d */ - &bad_password_time, /* d */ - &pass_last_set_time, /* d */ - &pass_can_change_time, /* d */ - &pass_must_change_time, /* d */ - &username_len, &username, /* B */ - &domain_len, &domain, /* B */ - &nt_username_len, &nt_username, /* B */ - &fullname_len, &fullname, /* B */ - &homedir_len, &homedir, /* B */ - &dir_drive_len, &dir_drive, /* B */ - &logon_script_len, &logon_script, /* B */ - &profile_path_len, &profile_path, /* B */ - &acct_desc_len, &acct_desc, /* B */ - &workstations_len, &workstations, /* B */ - &unknown_str_len, &unknown_str, /* B */ - &munged_dial_len, &munged_dial, /* B */ - &user_rid, /* d */ - &group_rid, /* d */ - &lm_pw_len, &lm_pw_ptr, /* B */ - &nt_pw_len, &nt_pw_ptr, /* B */ - /* Change from V1 is addition of password history field. */ - &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */ - &acct_ctrl, /* w */ - /* Also "remove_me" field was removed. */ - &logon_divs, /* w */ - &hours_len, /* d */ - &hourslen, &hours, /* B */ - &bad_password_count, /* w */ - &logon_count, /* w */ - &unknown_6); /* d */ - - if (len == (uint32) -1) { - ret = False; - goto done; + if (orig_db->transaction_cancel(orig_db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); } - pdb_set_logon_time(sampass, logon_time, PDB_SET); - pdb_set_logoff_time(sampass, logoff_time, PDB_SET); - pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); - pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); - pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); - pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET); - pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); - - pdb_set_username(sampass, username, PDB_SET); - pdb_set_domain(sampass, domain, PDB_SET); - pdb_set_nt_username(sampass, nt_username, PDB_SET); - pdb_set_fullname(sampass, fullname, PDB_SET); - - if (homedir) { - fstrcpy( tmpstring, homedir ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } - pdb_set_homedir(sampass, tmpstring, PDB_SET); - } - else { - pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), - PDB_DEFAULT); + if (tmp_db->transaction_cancel(tmp_db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); } - if (dir_drive) - pdb_set_dir_drive(sampass, dir_drive, PDB_SET); - else - pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT ); + unlink(tmp_fname); + TALLOC_FREE(tmp_db); + TALLOC_FREE(frame); + return false; +} - if (logon_script) { - fstrcpy( tmpstring, logon_script ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } - pdb_set_logon_script(sampass, tmpstring, PDB_SET); - } - else { - pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), - PDB_DEFAULT); - } - - if (profile_path) { - fstrcpy( tmpstring, profile_path ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } - pdb_set_profile_path(sampass, tmpstring, PDB_SET); - } - else { - pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), - PDB_DEFAULT); - } - - pdb_set_acct_desc(sampass, acct_desc, PDB_SET); - pdb_set_workstations(sampass, workstations, PDB_SET); - pdb_set_munged_dial(sampass, munged_dial, PDB_SET); - - if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { - if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } - } +static bool tdbsam_upgrade_next_rid(struct db_context *db) +{ + TDB_CONTEXT *tdb; + uint32 rid; + bool ok = false; - if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { - if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) { - ret = False; - goto done; - } + ok = dbwrap_fetch_uint32(db, NEXT_RID_STRING, &rid); + if (ok) { + return true; } - /* Change from V1 is addition of password history field. */ - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); - if (pwHistLen) { - uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); - if (!pw_hist) { - ret = False; - goto done; - } - memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); - if (nt_pw_hist_ptr && nt_pw_hist_len) { - int i; - SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0); - nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN; - for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) { - memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN], - &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN], - PW_HISTORY_ENTRY_LEN); - } - } - if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) { - SAFE_FREE(pw_hist); - ret = False; - goto done; + tdb = tdb_open_log(state_path("winbindd_idmap.tdb"), 0, + TDB_DEFAULT, O_RDONLY, 0644); + + if (tdb) { + ok = tdb_fetch_uint32(tdb, "RID_COUNTER", &rid); + if (!ok) { + rid = BASE_RID; } - SAFE_FREE(pw_hist); + tdb_close(tdb); } else { - pdb_set_pw_history(sampass, NULL, 0, PDB_SET); + rid = BASE_RID; } - pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); - pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); - pdb_set_hours_len(sampass, hours_len, PDB_SET); - pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); - pdb_set_logon_count(sampass, logon_count, PDB_SET); - pdb_set_unknown_6(sampass, unknown_6, PDB_SET); - pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); - pdb_set_logon_divs(sampass, logon_divs, PDB_SET); - pdb_set_hours(sampass, hours, PDB_SET); - -done: - - SAFE_FREE(username); - SAFE_FREE(domain); - SAFE_FREE(nt_username); - SAFE_FREE(fullname); - SAFE_FREE(homedir); - SAFE_FREE(dir_drive); - SAFE_FREE(logon_script); - SAFE_FREE(profile_path); - SAFE_FREE(acct_desc); - SAFE_FREE(workstations); - SAFE_FREE(munged_dial); - SAFE_FREE(unknown_str); - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); - SAFE_FREE(nt_pw_hist_ptr); - SAFE_FREE(hours); + if (dbwrap_store_uint32(db, NEXT_RID_STRING, rid) != 0) { + return false; + } - return ret; + return true; } +static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32 from) +{ + struct tdbsam_convert_state state; + struct db_context *db = NULL; + int ret; -/********************************************************************** - Intialize a struct samu struct from a BYTE buffer of size len - *********************************************************************/ + /* We only need the update backup for local db's. */ + if (db_is_local(name) && !tdbsam_convert_backup(name, pp_db)) { + DEBUG(0, ("tdbsam_convert: Could not backup %s\n", name)); + return false; + } -static BOOL init_sam_from_buffer(struct samu *sampass, uint8 *buf, uint32 buflen) -{ - return init_sam_from_buffer_v3(sampass, buf, buflen); -} + db = *pp_db; + state.from = from; + state.success = true; -/********************************************************************** - Intialize a BYTE buffer from a struct samu struct - *********************************************************************/ + if (db->transaction_start(db) != 0) { + DEBUG(0, ("tdbsam_convert: Could not start transaction\n")); + return false; + } -static uint32 init_buffer_from_sam (uint8 **buf, struct samu *sampass, BOOL size_only) -{ - return init_buffer_from_sam_v3(buf, sampass, size_only); -} + if (!tdbsam_upgrade_next_rid(db)) { + DEBUG(0, ("tdbsam_convert: tdbsam_upgrade_next_rid failed\n")); + goto cancel; + } -/********************************************************************** - Intialize a BYTE buffer from a struct samu struct - *********************************************************************/ + ret = db->traverse(db, tdbsam_convert_one, &state); + if (ret < 0) { + DEBUG(0, ("tdbsam_convert: traverse failed\n")); + goto cancel; + } -static BOOL tdbsam_convert(int32 from) -{ - const char *vstring = TDBSAM_VERSION_STRING; - const char *prefix = USERPREFIX; - TDB_DATA data, key, old_key; - uint8 *buf = NULL; - BOOL ret; + if (!state.success) { + DEBUG(0, ("tdbsam_convert: Converting records failed\n")); + goto cancel; + } - /* handle a Samba upgrade */ - tdb_lock_bystring(tdbsam, vstring, 0); - - /* Enumerate all records and convert them */ - key = tdb_firstkey(tdbsam); + if (dbwrap_store_int32(db, TDBSAM_VERSION_STRING, + TDBSAM_VERSION) != 0) { + DEBUG(0, ("tdbsam_convert: Could not store tdbsam version\n")); + goto cancel; + } - while (key.dptr) { - - /* skip all non-USER entries (eg. RIDs) */ - while ((key.dsize != 0) && (strncmp(key.dptr, prefix, strlen (prefix)))) { - old_key = key; - /* increment to next in line */ - key = tdb_nextkey(tdbsam, key); - SAFE_FREE(old_key.dptr); - } - - if (key.dptr) { - struct samu *user = NULL; - - /* read from tdbsam */ - data = tdb_fetch(tdbsam, key); - if (!data.dptr) { - DEBUG(0,("tdbsam_convert: database entry not found: %s.\n",key.dptr)); - return False; - } - - /* unpack the buffer from the former format */ - if ( !(user = samu_new( NULL )) ) { - DEBUG(0,("tdbsam_convert: samu_new() failed!\n")); - SAFE_FREE( data.dptr ); - return False; - } - DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) (version:%d)\n", key.dptr, from)); - switch (from) { - case 0: - ret = init_sam_from_buffer_v0(user, (uint8 *)data.dptr, data.dsize); - break; - case 1: - ret = init_sam_from_buffer_v1(user, (uint8 *)data.dptr, data.dsize); - break; - case 2: - ret = init_sam_from_buffer_v2(user, (uint8 *)data.dptr, data.dsize); - break; - case 3: - ret = init_sam_from_buffer_v3(user, (uint8 *)data.dptr, data.dsize); - break; - default: - /* unknown tdbsam version */ - ret = False; - } - if (!ret) { - DEBUG(0,("tdbsam_convert: Bad struct samu entry returned from TDB (key:%s) (version:%d)\n", key.dptr, from)); - SAFE_FREE(data.dptr); - TALLOC_FREE(user ); - return False; - } - - /* We're finished with the old data. */ - SAFE_FREE(data.dptr); - - /* pack from the buffer into the new format */ - - DEBUG(10,("tdbsam_convert: Try packing a record (key:%s) (version:%d)\n", key.dptr, from)); - data.dsize = init_buffer_from_sam (&buf, user, False); - TALLOC_FREE(user ); - - if ( data.dsize == -1 ) { - DEBUG(0,("tdbsam_convert: cannot pack the struct samu into the new format\n")); - return False; - } - data.dptr = (char *)buf; - - /* Store the buffer inside the TDBSAM */ - if (tdb_store(tdbsam, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0,("tdbsam_convert: cannot store the struct samu (key:%s) in new format\n",key.dptr)); - SAFE_FREE(data.dptr); - return False; - } - - SAFE_FREE(data.dptr); - - /* increment to next in line */ - old_key = key; - key = tdb_nextkey(tdbsam, key); - SAFE_FREE(old_key.dptr); - } - + if (dbwrap_store_int32(db, TDBSAM_MINOR_VERSION_STRING, + TDBSAM_MINOR_VERSION) != 0) { + DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor version\n")); + goto cancel; } - - /* upgrade finished */ - tdb_store_int32(tdbsam, vstring, TDBSAM_VERSION); - tdb_unlock_bystring(tdbsam, vstring); + if (db->transaction_commit(db) != 0) { + DEBUG(0, ("tdbsam_convert: Could not commit transaction\n")); + return false; + } - return(True); + return true; + + cancel: + if (db->transaction_cancel(db) != 0) { + smb_panic("tdbsam_convert: transaction_cancel failed"); + } + + return false; } /********************************************************************* @@ -795,219 +401,133 @@ static BOOL tdbsam_convert(int32 from) Uses a reference count to allow multiple open calls. *********************************************************************/ -static BOOL tdbsam_open( const char *name ) +static bool tdbsam_open( const char *name ) { int32 version; - + int32 minor_version; + /* check if we are already open */ - - if ( tdbsam ) { - ref_count++; - DEBUG(8,("tdbsam_open: Incrementing open reference count. Ref count is now %d\n", - ref_count)); - return True; - } - - SMB_ASSERT( ref_count == 0 ); - - /* Try to open tdb passwd. Create a new one if necessary */ - - if (!(tdbsam = tdb_open_log(name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600))) { - DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd [%s]\n", name)); - return False; + + if ( db_sam ) { + return true; } - /* set the initial reference count - must be done before tdbsam_convert - as that calls tdbsam_open()/tdbsam_close(). */ + /* Try to open tdb passwd. Create a new one if necessary */ - ref_count = 1; + db_sam = db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600); + if (db_sam == NULL) { + DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd " + "[%s]\n", name)); + return false; + } /* Check the version */ - version = tdb_fetch_int32( tdbsam, TDBSAM_VERSION_STRING ); - + version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); if (version == -1) { version = 0; /* Version not found, assume version 0 */ } - + + /* Get the minor version */ + minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); + if (minor_version == -1) { + minor_version = 0; /* Minor version not found, assume 0 */ + } + /* Compare the version */ if (version > TDBSAM_VERSION) { - /* Version more recent than the latest known */ + /* Version more recent than the latest known */ DEBUG(0, ("tdbsam_open: unknown version => %d\n", version)); - tdb_close( tdbsam ); - ref_count = 0; - return False; - } - - - if ( version < TDBSAM_VERSION ) { - DEBUG(1, ("tdbsam_open: Converting version %d database to version %d.\n", - version, TDBSAM_VERSION)); - - if ( !tdbsam_convert(version) ) { - DEBUG(0, ("tdbsam_open: Error when trying to convert tdbsam [%s]\n",name)); - tdb_close(tdbsam); - ref_count = 0; - return False; + TALLOC_FREE(db_sam); + return false; + } + + if ( version < TDBSAM_VERSION || + (version == TDBSAM_VERSION && + minor_version < TDBSAM_MINOR_VERSION) ) { + /* + * Ok - we think we're going to have to convert. + * Due to the backup process we now must do to + * upgrade we have to get a mutex and re-check + * the version. Someone else may have upgraded + * whilst we were checking. + */ + + struct named_mutex *mtx = grab_named_mutex(NULL, + "tdbsam_upgrade_mutex", + 600); + + if (!mtx) { + DEBUG(0, ("tdbsam_open: failed to grab mutex.\n")); + TALLOC_FREE(db_sam); + return false; } - - DEBUG(3, ("TDBSAM converted successfully.\n")); - } - - DEBUG(4,("tdbsam_open: successfully opened %s\n", name )); - - return True; -} - -/**************************************************************************** - wrapper atound tdb_close() to handle the reference count -****************************************************************************/ - -void tdbsam_close( void ) -{ - ref_count--; - - DEBUG(8,("tdbsam_close: Reference count is now %d.\n", ref_count)); - - SMB_ASSERT(ref_count >= 0 ); - - if ( ref_count == 0 ) { - tdb_close( tdbsam ); - tdbsam = NULL; - } - - return; -} - -/**************************************************************************** - creates a list of user keys -****************************************************************************/ -static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - const char *prefix = USERPREFIX; - int prefixlen = strlen (prefix); - struct pwent_list *ptr; - - if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) { - if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) { - DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n")); - - /* just return 0 and let the traversal continue */ - return 0; + /* Re-check the version */ + version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); + if (version == -1) { + version = 0; /* Version not found, assume version 0 */ } - ZERO_STRUCTP(ptr); - - /* save a copy of the key */ - - ptr->key.dptr = memdup( key.dptr, key.dsize ); - ptr->key.dsize = key.dsize; - - DLIST_ADD( tdbsam_pwent_list, ptr ); - - } - - - return 0; -} - -/*************************************************************** - Open the TDB passwd database for SAM account enumeration. - Save a list of user keys for iteration. -****************************************************************/ - -static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask) -{ - if ( !tdbsam_open( tdbsam_filename ) ) { - DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); - return NT_STATUS_ACCESS_DENIED; - } - - tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL ); - pwent_initialized = True; - - return NT_STATUS_OK; -} - -/*************************************************************** - End enumeration of the TDB passwd list. -****************************************************************/ - -static void tdbsam_endsampwent(struct pdb_methods *my_methods) -{ - struct pwent_list *ptr, *ptr_next; - - /* close the tdb only if we have a valid pwent state */ - - if ( pwent_initialized ) { - DEBUG(7, ("endtdbpwent: closed sam database.\n")); - tdbsam_close(); - } - - /* clear out any remaining entries in the list */ - - for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { - ptr_next = ptr->next; - DLIST_REMOVE( tdbsam_pwent_list, ptr ); - SAFE_FREE( ptr->key.dptr); - SAFE_FREE( ptr ); - } - - pwent_initialized = False; -} - -/***************************************************************** - Get one struct samu from the TDB (next in line) -*****************************************************************/ + /* Re-check the minor version */ + minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); + if (minor_version == -1) { + minor_version = 0; /* Minor version not found, assume 0 */ + } -static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu *user) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data; - struct pwent_list *pkey; + /* Compare the version */ + if (version > TDBSAM_VERSION) { + /* Version more recent than the latest known */ + DEBUG(0, ("tdbsam_open: unknown version => %d\n", version)); + TALLOC_FREE(db_sam); + TALLOC_FREE(mtx); + return false; + } - if ( !user ) { - DEBUG(0,("tdbsam_getsampwent: struct samu is NULL.\n")); - return nt_status; - } + if ( version < TDBSAM_VERSION || + (version == TDBSAM_VERSION && + minor_version < TDBSAM_MINOR_VERSION) ) { + /* + * Note that minor versions we read that are greater + * than the current minor version we have hard coded + * are assumed to be compatible if they have the same + * major version. That allows previous versions of the + * passdb code that don't know about minor versions to + * still use this database. JRA. + */ + + DEBUG(1, ("tdbsam_open: Converting version %d.%d database to " + "version %d.%d.\n", + version, + minor_version, + TDBSAM_VERSION, + TDBSAM_MINOR_VERSION)); + + if ( !tdbsam_convert(&db_sam, name, version) ) { + DEBUG(0, ("tdbsam_open: Error when trying to convert " + "tdbsam [%s]\n",name)); + TALLOC_FREE(db_sam); + TALLOC_FREE(mtx); + return false; + } - if ( !tdbsam_pwent_list ) { - DEBUG(4,("tdbsam_getsampwent: end of list\n")); - return nt_status; + DEBUG(3, ("TDBSAM converted successfully.\n")); + } + TALLOC_FREE(mtx); } - - /* pull the next entry */ - - pkey = tdbsam_pwent_list; - DLIST_REMOVE( tdbsam_pwent_list, pkey ); - - data = tdb_fetch(tdbsam, pkey->key); - SAFE_FREE( pkey->key.dptr); - SAFE_FREE( pkey); - - if ( !data.dptr ) { - DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n")); - return nt_status; - } - - if ( !init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize) ) { - DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); - } - - SAFE_FREE( data.dptr ); + DEBUG(4,("tdbsam_open: successfully opened %s\n", name )); - return NT_STATUS_OK; + return true; } /****************************************************************** Lookup a name in the SAM TDB ******************************************************************/ -static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, struct samu *user, const char *sname) +static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, + struct samu *user, const char *sname) { - NTSTATUS result; - TDB_DATA data, key; + TDB_DATA data; fstring keystr; fstring name; @@ -1022,53 +542,47 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, struct samu /* set search key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; /* open the database */ - + if ( !tdbsam_open( tdbsam_filename ) ) { DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); return NT_STATUS_ACCESS_DENIED; } - + /* get the record */ - - data = tdb_fetch(tdbsam, key); + + data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr); if (!data.dptr) { DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); DEBUGADD(5, (" Key: %s\n", keystr)); - result = NT_STATUS_NO_SUCH_USER; - goto done; + return NT_STATUS_NO_SUCH_USER; } - + /* unpack the buffer */ - - if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) { + + if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) { DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); SAFE_FREE(data.dptr); - result = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } - - result = NT_STATUS_OK; - - done: - SAFE_FREE(data.dptr); - tdbsam_close(); - - return result; + + /* success */ + + TALLOC_FREE(data.dptr); + + return NT_STATUS_OK; } /*************************************************************************** Search by rid **************************************************************************/ -static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, struct samu *user, uint32 rid) +static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, + struct samu *user, uint32 rid) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data, key; + TDB_DATA data; fstring keystr; fstring name; @@ -1076,93 +590,87 @@ static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, struct samu DEBUG(0,("pdb_getsampwrid: struct samu is NULL.\n")); return nt_status; } - + /* set search key */ - + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; /* open the database */ - + if ( !tdbsam_open( tdbsam_filename ) ) { - DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); + DEBUG(0,("tdbsam_getsampwrid: failed to open %s!\n", tdbsam_filename)); return NT_STATUS_ACCESS_DENIED; } /* get the record */ - - data = tdb_fetch (tdbsam, key); + + data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr); if (!data.dptr) { DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr)); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto done; + return NT_STATUS_UNSUCCESSFUL; } - fstrcpy(name, data.dptr); - SAFE_FREE(data.dptr); - - nt_status = tdbsam_getsampwnam (my_methods, user, name); + fstrcpy(name, (const char *)data.dptr); + TALLOC_FREE(data.dptr); - done: - /* cleanup */ - - tdbsam_close(); - - return nt_status; + return tdbsam_getsampwnam (my_methods, user, name); } -static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid) +static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, + struct samu * user, const DOM_SID *sid) { uint32 rid; - + if ( !sid_peek_check_rid(get_global_sam_sid(), sid, &rid) ) return NT_STATUS_UNSUCCESSFUL; return tdbsam_getsampwrid(my_methods, user, rid); } -static BOOL tdb_delete_samacct_only( struct samu *sam_pass ) +static bool tdb_delete_samacct_only( struct samu *sam_pass ) { - TDB_DATA key; fstring keystr; fstring name; + NTSTATUS status; fstrcpy(name, pdb_get_username(sam_pass)); strlower_m(name); - + /* set the search key */ - + slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + /* it's outaa here! 8^) */ - - if (tdb_delete(tdbsam, key) != TDB_SUCCESS) { - DEBUG(5, ("Error deleting entry from tdb passwd database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); - return False; + if ( !tdbsam_open( tdbsam_filename ) ) { + DEBUG(0,("tdb_delete_samacct_only: failed to open %s!\n", + tdbsam_filename)); + return false; } - - return True; + + status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Error deleting entry from tdb passwd " + "database: %s!\n", nt_errstr(status))); + return false; + } + + return true; } /*************************************************************************** Delete a struct samu records for the username and RID key ****************************************************************************/ -static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, struct samu *sam_pass) +static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, + struct samu *sam_pass) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - TDB_DATA key; fstring keystr; uint32 rid; fstring name; - + /* open the database */ - + if ( !tdbsam_open( tdbsam_filename ) ) { DEBUG(0,("tdbsam_delete_sam_account: failed to open %s!\n", tdbsam_filename)); @@ -1171,44 +679,52 @@ static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, struct fstrcpy(name, pdb_get_username(sam_pass)); strlower_m(name); - + /* set the search key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + rid = pdb_get_user_rid(sam_pass); /* it's outaa here! 8^) */ - if ( tdb_delete(tdbsam, key) != TDB_SUCCESS ) { - DEBUG(5, ("Error deleting entry from tdb passwd database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto done; + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + nt_status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5, ("Error deleting entry from tdb passwd " + "database: %s!\n", nt_errstr(nt_status))); + goto cancel; } /* set the search key */ - + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; /* it's outaa here! 8^) */ - - if ( tdb_delete(tdbsam, key) != TDB_SUCCESS ) { - DEBUG(5, ("Error deleting entry from tdb rid database!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam))); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto done; + + nt_status = dbwrap_delete_bystring(db_sam, keystr); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5, ("Error deleting entry from tdb rid " + "database: %s!\n", nt_errstr(nt_status))); + goto cancel; + } + + if (db_sam->transaction_commit(db_sam) != 0) { + DEBUG(0, ("Could not commit transaction\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + return NT_STATUS_OK; + + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); } - nt_status = NT_STATUS_OK; - - done: - tdbsam_close(); - return nt_status; } @@ -1217,84 +733,80 @@ static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, struct Update the TDB SAM account record only Assumes that the tdbsam is already open ****************************************************************************/ -static BOOL tdb_update_samacct_only( struct samu* newpwd, int flag ) +static bool tdb_update_samacct_only( struct samu* newpwd, int flag ) { - TDB_DATA key, data; + TDB_DATA data; uint8 *buf = NULL; fstring keystr; fstring name; - BOOL ret = True; + bool ret = false; + NTSTATUS status; /* copy the struct samu struct into a BYTE buffer for storage */ - - if ( (data.dsize=init_buffer_from_sam (&buf, newpwd, False)) == -1 ) { + + if ( (data.dsize=init_buffer_from_samu(&buf, newpwd, False)) == -1 ) { DEBUG(0,("tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer!\n")); - ret = False; goto done; } - data.dptr = (char *)buf; + data.dptr = buf; fstrcpy(name, pdb_get_username(newpwd)); strlower_m(name); - - DEBUG(5, ("Storing %saccount %s with RID %d\n", - flag == TDB_INSERT ? "(new) " : "", name, + + DEBUG(5, ("Storing %saccount %s with RID %d\n", + flag == TDB_INSERT ? "(new) " : "", name, pdb_get_user_rid(newpwd))); /* setup the USER index key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; /* add the account */ - - if ( tdb_store(tdbsam, key, data, flag) != TDB_SUCCESS ) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", - keystr)); - ret = False; + + status = dbwrap_store_bystring(db_sam, keystr, data, flag); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to modify passwd TDB: %s!", + nt_errstr(status))); goto done; } -done: + ret = true; + +done: /* cleanup */ SAFE_FREE(buf); - return ret; } /*************************************************************************** Update the TDB SAM RID record only - Assumes that the tdbsam is already open + Assumes that the tdbsam is already open ****************************************************************************/ -static BOOL tdb_update_ridrec_only( struct samu* newpwd, int flag ) +static bool tdb_update_ridrec_only( struct samu* newpwd, int flag ) { - TDB_DATA key, data; + TDB_DATA data; fstring keystr; fstring name; + NTSTATUS status; fstrcpy(name, pdb_get_username(newpwd)); strlower_m(name); /* setup RID data */ - data.dsize = strlen(name) + 1; - data.dptr = name; + data = string_term_tdb_data(name); /* setup the RID index key */ - slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, pdb_get_user_rid(newpwd)); - key.dptr = keystr; - key.dsize = strlen (keystr) + 1; - + slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, + pdb_get_user_rid(newpwd)); + /* add the reference */ - if (tdb_store(tdbsam, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify TDB passwd !")); - DEBUGADD(0, (" Error: %s\n", tdb_errorstr(tdbsam))); - DEBUGADD(0, (" occured while storing the RID index (%s)\n", keystr)); - return False; + status = dbwrap_store_bystring(db_sam, keystr, data, flag); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Unable to modify TDB passwd: %s!\n", + nt_errstr(status))); + return false; } - return True; + return true; } @@ -1302,42 +814,98 @@ static BOOL tdb_update_ridrec_only( struct samu* newpwd, int flag ) Update the TDB SAM ****************************************************************************/ -static BOOL tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd, int flag) +static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd, + int flag) { - uint32 user_rid; - BOOL result = True; + uint32_t oldrid; + uint32_t newrid; - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); - - if ( !pdb_get_group_rid(newpwd) ) { - DEBUG (0,("tdb_update_sam: Failing to store a struct samu for [%s] " - "without a primary group RID\n", pdb_get_username(newpwd))); + if (!(newrid = pdb_get_user_rid(newpwd))) { + DEBUG(0,("tdb_update_sam: struct samu (%s) with no RID!\n", + pdb_get_username(newpwd))); return False; } - if ( !(user_rid = pdb_get_user_rid(newpwd)) ) { - DEBUG(0,("tdb_update_sam: struct samu (%s) with no RID!\n", pdb_get_username(newpwd))); - return False; - } + oldrid = newrid; /* open the database */ - + if ( !tdbsam_open( tdbsam_filename ) ) { DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); return False; } - - if ( !tdb_update_samacct_only(newpwd, flag) || !tdb_update_ridrec_only(newpwd, flag)) { - result = False; + + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + return false; } - /* cleanup */ + /* If we are updating, we may be changing this users RID. Retrieve the old RID + so we can check. */ - tdbsam_close(); - - return result; + if (flag == TDB_MODIFY) { + struct samu *account = samu_new(talloc_tos()); + if (account == NULL) { + DEBUG(0,("tdb_update_sam: samu_new() failed\n")); + goto cancel; + } + if (!NT_STATUS_IS_OK(tdbsam_getsampwnam(my_methods, account, pdb_get_username(newpwd)))) { + DEBUG(0,("tdb_update_sam: tdbsam_getsampwnam() for %s failed\n", + pdb_get_username(newpwd))); + TALLOC_FREE(account); + goto cancel; + } + if (!(oldrid = pdb_get_user_rid(account))) { + DEBUG(0,("tdb_update_sam: pdb_get_user_rid() failed\n")); + TALLOC_FREE(account); + goto cancel; + } + TALLOC_FREE(account); + } + + /* Update the new samu entry. */ + if (!tdb_update_samacct_only(newpwd, flag)) { + goto cancel; + } + + /* Now take care of the case where the RID changed. We need + * to delete the old RID key and add the new. */ + + if (flag == TDB_MODIFY && newrid != oldrid) { + fstring keystr; + + /* Delete old RID key */ + DEBUG(10, ("tdb_update_sam: Deleting key for RID %u\n", oldrid)); + slprintf(keystr, sizeof(keystr) - 1, "%s%.8x", RIDPREFIX, oldrid); + if (!NT_STATUS_IS_OK(dbwrap_delete_bystring(db_sam, keystr))) { + DEBUG(0, ("tdb_update_sam: Can't delete %s\n", keystr)); + goto cancel; + } + /* Insert new RID key */ + DEBUG(10, ("tdb_update_sam: Inserting key for RID %u\n", newrid)); + if (!tdb_update_ridrec_only(newpwd, TDB_INSERT)) { + goto cancel; + } + } else { + DEBUG(10, ("tdb_update_sam: %s key for RID %u\n", + flag == TDB_MODIFY ? "Updating" : "Inserting", newrid)); + if (!tdb_update_ridrec_only(newpwd, flag)) { + goto cancel; + } + } + + if (db_sam->transaction_commit(db_sam) != 0) { + DEBUG(0, ("Could not commit transaction\n")); + return false; + } + + return true; + + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); + } + return false; } /*************************************************************************** @@ -1374,194 +942,283 @@ static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, struct s - unlock the new user record ***************************************************************************/ static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods, - struct samu *old_acct, + struct samu *old_acct, const char *newname) { struct samu *new_acct = NULL; - pstring rename_script; - BOOL interim_account = False; + char *rename_script = NULL; int rename_ret; + fstring oldname_lower; + fstring newname_lower; - /* make sure we have an open handle to the tdb. Should have happened - at module initialization time */ - - if ( !tdbsam ) { - DEBUG(0,("tdbsam_getsampwrid: tdbsam not open!\n")); - return NT_STATUS_NO_SUCH_USER; - } - /* can't do anything without an external script */ - - pstrcpy(rename_script, lp_renameuser_script() ); - if ( ! *rename_script ) - return NT_STATUS_ACCESS_DENIED; - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); + if ( !(new_acct = samu_new( talloc_tos() )) ) { + return NT_STATUS_NO_MEMORY; + } - if ( !(new_acct = samu_new( NULL )) ) { + rename_script = talloc_strdup(new_acct, lp_renameuser_script()); + if (!rename_script) { + TALLOC_FREE(new_acct); return NT_STATUS_NO_MEMORY; } - - if ( !pdb_copy_sam_account(new_acct, old_acct) - || !pdb_set_username(new_acct, newname, PDB_CHANGED)) + if (!*rename_script) { + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; + } + + if ( !pdb_copy_sam_account(new_acct, old_acct) + || !pdb_set_username(new_acct, newname, PDB_CHANGED)) { - TALLOC_FREE(new_acct ); + TALLOC_FREE(new_acct); return NT_STATUS_NO_MEMORY; } /* open the database */ - if ( !tdbsam_open( tdbsam_filename ) ) { - DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); - TALLOC_FREE(new_acct ); + DEBUG(0, ("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + TALLOC_FREE(new_acct); return NT_STATUS_ACCESS_DENIED; } - /* add the new account and lock it */ - - if ( !tdb_update_samacct_only(new_acct, TDB_INSERT) ) - { - goto done; - } - - interim_account = True; + if (db_sam->transaction_start(db_sam) != 0) { + DEBUG(0, ("Could not start transaction\n")); + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; - if ( tdb_lock_bystring(tdbsam, newname, 30) == -1 ) { - goto done; } - /* rename the posix user */ - string_sub2(rename_script, "%unew", newname, sizeof(pstring), - True, False, True); - string_sub2(rename_script, "%uold", pdb_get_username(old_acct), - sizeof(pstring), True, False, True); + /* add the new account and lock it */ + if ( !tdb_update_samacct_only(new_acct, TDB_INSERT) ) { + goto cancel; + } + + /* Rename the posix user. Follow the semantics of _samr_create_user() + so that we lower case the posix name but preserve the case in passdb */ + + fstrcpy( oldname_lower, pdb_get_username(old_acct) ); + strlower_m( oldname_lower ); + + fstrcpy( newname_lower, newname ); + strlower_m( newname_lower ); + + rename_script = talloc_string_sub2(new_acct, + rename_script, + "%unew", + newname_lower, + true, + false, + true); + if (!rename_script) { + goto cancel; + } + rename_script = talloc_string_sub2(new_acct, + rename_script, + "%uold", + oldname_lower, + true, + false, + true); + if (!rename_script) { + goto cancel; + } rename_ret = smbrun(rename_script, NULL); - DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret)); + DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", + rename_script, rename_ret)); + + if (rename_ret != 0) { + goto cancel; + } - if (rename_ret) - goto done; + smb_nscd_flush_user_cache(); /* rewrite the rid->username record */ - - if ( !tdb_update_ridrec_only( new_acct, TDB_MODIFY) ) - goto done; - interim_account = False; - tdb_unlock_bystring( tdbsam, newname ); + + if ( !tdb_update_ridrec_only( new_acct, TDB_MODIFY) ) { + goto cancel; + } tdb_delete_samacct_only( old_acct ); - - tdbsam_close(); - + + if (db_sam->transaction_commit(db_sam) != 0) { + /* + * Ok, we're screwed. We've changed the posix account, but + * could not adapt passdb.tdb. Shall we change the posix + * account back? + */ + DEBUG(0, ("transaction_commit failed\n")); + TALLOC_FREE(new_acct); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + TALLOC_FREE(new_acct ); return NT_STATUS_OK; -done: - /* cleanup */ - if (interim_account) { - tdb_unlock_bystring(tdbsam, newname); - tdb_delete_samacct_only(new_acct); + cancel: + if (db_sam->transaction_cancel(db_sam) != 0) { + smb_panic("transaction_cancel failed"); } - - tdbsam_close(); - - if (new_acct) - TALLOC_FREE(new_acct); - + + TALLOC_FREE(new_acct); + return NT_STATUS_ACCESS_DENIED; } -static BOOL tdbsam_rid_algorithm(struct pdb_methods *methods) +static bool tdbsam_rid_algorithm(struct pdb_methods *methods) { return False; } -/* - * Historically, winbind was responsible for allocating RIDs, so the next RID - * value was stored in winbindd_idmap.tdb. It has been moved to passdb now, - * but for compatibility reasons we still keep the the next RID counter in - * winbindd_idmap.tdb. - */ +static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) +{ + uint32 rid; + + rid = BASE_RID; /* Default if not set */ + + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_new_rid: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + if (dbwrap_change_uint32_atomic(db_sam, NEXT_RID_STRING, &rid, 1) != 0) { + DEBUG(3, ("tdbsam_new_rid: Failed to increase %s\n", + NEXT_RID_STRING)); + return false; + } + + *prid = rid; + + return true; +} -/***************************************************************************** - Initialise idmap database. For now (Dec 2005) this is a copy of the code in - sam/idmap_tdb.c. Maybe at a later stage we can remove that capability from - winbind completely and store the RID counter in passdb.tdb. +struct tdbsam_search_state { + struct pdb_methods *methods; + uint32_t acct_flags; - Dont' fully initialize with the HWM values, if it's new, we're only - interested in the RID counter. -*****************************************************************************/ + uint32_t *rids; + uint32_t num_rids; + ssize_t array_size; + uint32_t current; +}; -static BOOL init_idmap_tdb(TDB_CONTEXT *tdb) +static int tdbsam_collect_rids(struct db_record *rec, void *private_data) { - int32 version; + struct tdbsam_search_state *state = talloc_get_type_abort( + private_data, struct tdbsam_search_state); + size_t prefixlen = strlen(RIDPREFIX); + uint32 rid; - if (tdb_lock_bystring(tdb, "IDMAP_VERSION", 0) != 0) { - DEBUG(0, ("Could not lock IDMAP_VERSION\n")); - return False; + if ((rec->key.dsize < prefixlen) + || (strncmp((char *)rec->key.dptr, RIDPREFIX, prefixlen))) { + return 0; } - version = tdb_fetch_int32(tdb, "IDMAP_VERSION"); + rid = strtoul((char *)rec->key.dptr+prefixlen, NULL, 16); - if (version == -1) { - /* No key found, must be a new db */ - if (tdb_store_int32(tdb, "IDMAP_VERSION", - IDMAP_VERSION) != 0) { - DEBUG(0, ("Could not store IDMAP_VERSION\n")); - tdb_unlock_bystring(tdb, "IDMAP_VERSION"); - return False; - } - version = IDMAP_VERSION; - } + ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids, + &state->array_size); - if (version != IDMAP_VERSION) { - DEBUG(0, ("Expected IDMAP_VERSION=%d, found %d. Please " - "start winbind once\n", IDMAP_VERSION, version)); - tdb_unlock_bystring(tdb, "IDMAP_VERSION"); - return False; - } + return 0; +} - tdb_unlock_bystring(tdb, "IDMAP_VERSION"); - return True; +static void tdbsam_search_end(struct pdb_search *search) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + TALLOC_FREE(state); } -static BOOL tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) +static bool tdbsam_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) { - TDB_CONTEXT *tdb; - uint32 rid; - BOOL ret = False; + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + struct samu *user = NULL; + NTSTATUS status; + uint32_t rid; - tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, 0644); + again: + TALLOC_FREE(user); + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + return false; + } - if (tdb == NULL) { - DEBUG(1, ("Could not open idmap: %s\n", strerror(errno))); - goto done; + if (state->current == state->num_rids) { + return false; } - if (!init_idmap_tdb(tdb)) { - DEBUG(1, ("Could not init idmap\n")); - goto done; + rid = state->rids[state->current++]; + + status = tdbsam_getsampwrid(state->methods, user, rid); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + /* + * Someone has deleted that user since we listed the RIDs + */ + goto again; } - rid = BASE_RID; /* Default if not set */ + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("tdbsam_getsampwrid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(user); + return false; + } - if (!tdb_change_uint32_atomic(tdb, "RID_COUNTER", &rid, 1)) { - DEBUG(3, ("tdbsam_new_rid: Failed to increase RID_COUNTER\n")); - goto done; + if ((state->acct_flags != 0) && + ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) { + goto again; } - *prid = rid; - ret = True; + entry->acct_flags = pdb_get_acct_ctrl(user); + entry->rid = rid; + entry->account_name = talloc_strdup(search, pdb_get_username(user)); + entry->fullname = talloc_strdup(search, pdb_get_fullname(user)); + entry->description = talloc_strdup(search, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); - done: - if ((tdb != NULL) && (tdb_close(tdb) != 0)) { - smb_panic("tdb_close(idmap_tdb) failed\n"); + if ((entry->account_name == NULL) || (entry->fullname == NULL) + || (entry->description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + return false; } - return ret; + return true; +} + +static bool tdbsam_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32 acct_flags) +{ + struct tdbsam_search_state *state; + + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + state = talloc_zero(search, struct tdbsam_search_state); + if (state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + state->acct_flags = acct_flags; + state->methods = methods; + + db_sam->traverse_read(db_sam, tdbsam_collect_rids, state); + + search->private_data = state; + search->next_entry = tdbsam_search_next_entry; + search->search_end = tdbsam_search_end; + + return true; } /********************************************************************* @@ -1572,7 +1229,7 @@ static BOOL tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *location) { NTSTATUS nt_status; - pstring tdbfile; + char *tdbfile = NULL; const char *pfile = location; if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) { @@ -1581,29 +1238,34 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc (*pdb_method)->name = "tdbsam"; - (*pdb_method)->setsampwent = tdbsam_setsampwent; - (*pdb_method)->endsampwent = tdbsam_endsampwent; - (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account; + (*pdb_method)->search_users = tdbsam_search_users; (*pdb_method)->rid_algorithm = tdbsam_rid_algorithm; (*pdb_method)->new_rid = tdbsam_new_rid; /* save the path for later */ - - if ( !location ) { - pstr_sprintf( tdbfile, "%s/%s", lp_private_dir(), PASSDB_FILE_NAME ); + + if (!location) { + if (asprintf(&tdbfile, "%s/%s", lp_private_dir(), + PASSDB_FILE_NAME) < 0) { + return NT_STATUS_NO_MEMORY; + } pfile = tdbfile; } - pstrcpy( tdbsam_filename, pfile ); + tdbsam_filename = SMB_STRDUP(pfile); + if (!tdbsam_filename) { + return NT_STATUS_NO_MEMORY; + } + SAFE_FREE(tdbfile); /* no private data */ - + (*pdb_method)->private_data = NULL; (*pdb_method)->free_private_data = NULL;