2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define DBGC_CLASS DBGC_PASSDB
27 /** List of various built-in passdb modules */
29 const struct pdb_init_function_entry builtin_pdb_init_functions[] = {
30 { "smbpasswd", pdb_init_smbpasswd },
31 { "smbpasswd_nua", pdb_init_smbpasswd_nua },
32 { "tdbsam", pdb_init_tdbsam },
33 { "tdbsam_nua", pdb_init_tdbsam_nua },
34 { "ldapsam", pdb_init_ldapsam },
35 { "ldapsam_nua", pdb_init_ldapsam_nua },
36 { "unixsam", pdb_init_unixsam },
37 { "guest", pdb_init_guestsam },
38 { "nisplussam", pdb_init_nisplussam },
39 { "plugin", pdb_init_plugin },
43 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
45 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
48 DEBUG(0, ("invalid pdb_context specified!\n"));
52 context->pwent_methods = context->pdb_methods;
54 if (!context->pwent_methods) {
55 /* No passdbs at all */
59 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update))) {
60 context->pwent_methods = context->pwent_methods->next;
61 if (context->pwent_methods == NULL)
62 return NT_STATUS_UNSUCCESSFUL;
67 static void context_endsampwent(struct pdb_context *context)
70 DEBUG(0, ("invalid pdb_context specified!\n"));
74 if (context->pwent_methods && context->pwent_methods->endsampwent)
75 context->pwent_methods->endsampwent(context->pwent_methods);
77 /* So we won't get strange data when calling getsampwent now */
78 context->pwent_methods = NULL;
81 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
83 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
85 if ((!context) || (!context->pwent_methods)) {
86 DEBUG(0, ("invalid pdb_context specified!\n"));
89 /* Loop until we find something useful */
90 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
92 context->pwent_methods->endsampwent(context->pwent_methods);
94 context->pwent_methods = context->pwent_methods->next;
96 /* All methods are checked now. There are no more entries */
97 if (context->pwent_methods == NULL)
100 context->pwent_methods->setsampwent(context->pwent_methods, False);
102 user->methods = context->pwent_methods;
106 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
108 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
110 struct pdb_methods *curmethods;
112 DEBUG(0, ("invalid pdb_context specified!\n"));
115 curmethods = context->pdb_methods;
117 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
118 sam_acct->methods = curmethods;
121 curmethods = curmethods->next;
127 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
129 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
131 struct pdb_methods *curmethods;
133 DEBUG(0, ("invalid pdb_context specified!\n"));
137 curmethods = context->pdb_methods;
140 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
141 sam_acct->methods = curmethods;
144 curmethods = curmethods->next;
150 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
152 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
154 if ((!context) || (!context->pdb_methods)) {
155 DEBUG(0, ("invalid pdb_context specified!\n"));
159 /** @todo This is where a 're-read on add' should be done */
160 /* We now add a new account to the first database listed.
163 return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
166 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
168 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
171 DEBUG(0, ("invalid pdb_context specified!\n"));
175 if (!sam_acct || !sam_acct->methods){
176 DEBUG(0, ("invalid sam_acct specified\n"));
180 /** @todo This is where a 're-read on update' should be done */
182 return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
185 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
187 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
189 struct pdb_methods *pdb_selected;
191 DEBUG(0, ("invalid pdb_context specified!\n"));
195 if (!sam_acct->methods){
196 pdb_selected = context->pdb_methods;
197 /* There's no passdb backend specified for this account.
198 * Try to delete it in every passdb available
199 * Needed to delete accounts in smbpasswd that are not
202 while (pdb_selected){
203 if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
206 pdb_selected = pdb_selected->next;
211 if (!sam_acct->methods->delete_sam_account){
212 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
216 return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
219 static NTSTATUS context_getgrsid(struct pdb_context *context,
220 GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
222 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
224 struct pdb_methods *curmethods;
226 DEBUG(0, ("invalid pdb_context specified!\n"));
229 curmethods = context->pdb_methods;
231 ret = curmethods->getgrsid(curmethods, map, sid, with_priv);
232 if (NT_STATUS_IS_OK(ret)) {
233 map->methods = curmethods;
236 curmethods = curmethods->next;
242 static NTSTATUS context_getgrgid(struct pdb_context *context,
243 GROUP_MAP *map, gid_t gid, BOOL with_priv)
245 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
247 struct pdb_methods *curmethods;
249 DEBUG(0, ("invalid pdb_context specified!\n"));
252 curmethods = context->pdb_methods;
254 ret = curmethods->getgrgid(curmethods, map, gid, with_priv);
255 if (NT_STATUS_IS_OK(ret)) {
256 map->methods = curmethods;
259 curmethods = curmethods->next;
265 static NTSTATUS context_getgrnam(struct pdb_context *context,
266 GROUP_MAP *map, char *name, BOOL with_priv)
268 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
270 struct pdb_methods *curmethods;
272 DEBUG(0, ("invalid pdb_context specified!\n"));
275 curmethods = context->pdb_methods;
277 ret = curmethods->getgrnam(curmethods, map, name, with_priv);
278 if (NT_STATUS_IS_OK(ret)) {
279 map->methods = curmethods;
282 curmethods = curmethods->next;
288 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
291 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
293 if ((!context) || (!context->pdb_methods)) {
294 DEBUG(0, ("invalid pdb_context specified!\n"));
298 return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
302 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
305 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
307 if ((!context) || (!context->pdb_methods)) {
308 DEBUG(0, ("invalid pdb_context specified!\n"));
313 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
316 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
319 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
321 if ((!context) || (!context->pdb_methods)) {
322 DEBUG(0, ("invalid pdb_context specified!\n"));
327 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
330 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
331 enum SID_NAME_USE sid_name_use,
332 GROUP_MAP **rmap, int *num_entries,
333 BOOL unix_only, BOOL with_priv)
335 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
337 if ((!context) || (!context->pdb_methods)) {
338 DEBUG(0, ("invalid pdb_context specified!\n"));
342 return context->pdb_methods->enum_group_mapping(context->pdb_methods,
344 num_entries, unix_only,
348 /******************************************************************
349 Free and cleanup a pdb context, any associated data and anything
350 that the attached modules might have associated.
351 *******************************************************************/
353 static void free_pdb_context(struct pdb_context **context)
355 struct pdb_methods *pdb_selected = (*context)->pdb_methods;
357 while (pdb_selected){
358 if(pdb_selected->free_private_data)
359 pdb_selected->free_private_data(&(pdb_selected->private_data));
360 pdb_selected = pdb_selected->next;
363 talloc_destroy((*context)->mem_ctx);
367 /******************************************************************
368 Make a pdb_methods from scratch
369 *******************************************************************/
371 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
373 char *module_name = smb_xstrdup(selected);
374 char *module_location = NULL, *p;
375 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
378 p = strchr(module_name, ':');
382 module_location = p+1;
383 trim_string(module_location, " ", " ");
386 trim_string(module_name, " ", " ");
388 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
389 for (i = 0; builtin_pdb_init_functions[i].name; i++)
391 if (strequal(builtin_pdb_init_functions[i].name, module_name))
393 DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i));
394 nt_status = builtin_pdb_init_functions[i].init(context, methods, module_location);
395 if (NT_STATUS_IS_OK(nt_status)) {
396 DEBUG(5,("pdb backend %s has a valid init\n", selected));
398 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
400 SAFE_FREE(module_name);
402 break; /* unreached */
406 /* No such backend found */
407 SAFE_FREE(module_name);
408 return NT_STATUS_INVALID_PARAMETER;
411 /******************************************************************
412 Make a pdb_context from scratch.
413 *******************************************************************/
415 static NTSTATUS make_pdb_context(struct pdb_context **context)
419 mem_ctx = talloc_init("pdb_context internal allocation context");
422 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
423 return NT_STATUS_NO_MEMORY;
426 *context = talloc(mem_ctx, sizeof(**context));
428 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
429 return NT_STATUS_NO_MEMORY;
432 ZERO_STRUCTP(*context);
434 (*context)->mem_ctx = mem_ctx;
436 (*context)->pdb_setsampwent = context_setsampwent;
437 (*context)->pdb_endsampwent = context_endsampwent;
438 (*context)->pdb_getsampwent = context_getsampwent;
439 (*context)->pdb_getsampwnam = context_getsampwnam;
440 (*context)->pdb_getsampwsid = context_getsampwsid;
441 (*context)->pdb_add_sam_account = context_add_sam_account;
442 (*context)->pdb_update_sam_account = context_update_sam_account;
443 (*context)->pdb_delete_sam_account = context_delete_sam_account;
444 (*context)->pdb_getgrsid = context_getgrsid;
445 (*context)->pdb_getgrgid = context_getgrgid;
446 (*context)->pdb_getgrnam = context_getgrnam;
447 (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
448 (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
449 (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
450 (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
452 (*context)->free_fn = free_pdb_context;
458 /******************************************************************
459 Make a pdb_context, given an array of strings
460 *******************************************************************/
462 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
465 struct pdb_methods *curmethods, *tmpmethods;
466 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
468 if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
473 /* Try to initialise pdb */
474 DEBUG(5,("Trying to load: %s\n", selected[i]));
475 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
476 DEBUG(1, ("Loading %s failed!\n", selected[i]));
477 free_pdb_context(context);
480 curmethods->parent = *context;
481 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
488 /******************************************************************
489 Make a pdb_context, given a text string.
490 *******************************************************************/
492 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
495 char **newsel = str_list_make(selected, NULL);
496 ret = make_pdb_context_list(context, (const char **)newsel);
497 str_list_free(&newsel);
501 /******************************************************************
502 Return an already initialised pdb_context, to facilitate backward
503 compatibility (see functions below).
504 *******************************************************************/
506 static struct pdb_context *pdb_get_static_context(BOOL reload)
508 static struct pdb_context *pdb_context = NULL;
510 if ((pdb_context) && (reload)) {
511 pdb_context->free_fn(&pdb_context);
512 if (NT_STATUS_IS_ERR(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
518 if (NT_STATUS_IS_ERR(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
526 /******************************************************************
527 Backward compatibility functions for the original passdb interface
528 *******************************************************************/
530 BOOL pdb_setsampwent(BOOL update)
532 struct pdb_context *pdb_context = pdb_get_static_context(False);
538 return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update));
541 void pdb_endsampwent(void)
543 struct pdb_context *pdb_context = pdb_get_static_context(False);
549 pdb_context->pdb_endsampwent(pdb_context);
552 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
554 struct pdb_context *pdb_context = pdb_get_static_context(False);
560 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
563 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
565 struct pdb_context *pdb_context = pdb_get_static_context(False);
571 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username));
574 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
576 struct pdb_context *pdb_context = pdb_get_static_context(False);
582 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
585 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
587 struct pdb_context *pdb_context = pdb_get_static_context(False);
593 return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
596 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
598 struct pdb_context *pdb_context = pdb_get_static_context(False);
604 return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
607 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
609 struct pdb_context *pdb_context = pdb_get_static_context(False);
615 return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
618 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
620 struct pdb_context *pdb_context = pdb_get_static_context(False);
626 return NT_STATUS_IS_OK(pdb_context->
627 pdb_getgrsid(pdb_context, map, sid, with_priv));
630 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid, BOOL with_priv)
632 struct pdb_context *pdb_context = pdb_get_static_context(False);
638 return NT_STATUS_IS_OK(pdb_context->
639 pdb_getgrgid(pdb_context, map, gid, with_priv));
642 BOOL pdb_getgrnam(GROUP_MAP *map, char *name, BOOL with_priv)
644 struct pdb_context *pdb_context = pdb_get_static_context(False);
650 return NT_STATUS_IS_OK(pdb_context->
651 pdb_getgrnam(pdb_context, map, name, with_priv));
654 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
656 struct pdb_context *pdb_context = pdb_get_static_context(False);
662 return NT_STATUS_IS_OK(pdb_context->
663 pdb_add_group_mapping_entry(pdb_context, map));
666 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
668 struct pdb_context *pdb_context = pdb_get_static_context(False);
674 return NT_STATUS_IS_OK(pdb_context->
675 pdb_update_group_mapping_entry(pdb_context, map));
678 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
680 struct pdb_context *pdb_context = pdb_get_static_context(False);
686 return NT_STATUS_IS_OK(pdb_context->
687 pdb_delete_group_mapping_entry(pdb_context, sid));
690 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
691 int *num_entries, BOOL unix_only, BOOL with_priv)
693 struct pdb_context *pdb_context = pdb_get_static_context(False);
699 return NT_STATUS_IS_OK(pdb_context->
700 pdb_enum_group_mapping(pdb_context, sid_name_use,
701 rmap, num_entries, unix_only,
705 /***************************************************************
706 Initialize the static context (at smbd startup etc).
708 If uninitialised, context will auto-init on first use.
709 ***************************************************************/
711 BOOL initialize_password_db(BOOL reload)
713 return (pdb_get_static_context(reload) != NULL);
717 /***************************************************************************
718 Default implementations of some functions.
719 ****************************************************************************/
721 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
723 return NT_STATUS_NO_SUCH_USER;
726 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
728 return NT_STATUS_NO_SUCH_USER;
731 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
733 DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
734 return NT_STATUS_NOT_IMPLEMENTED;
737 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
739 return NT_STATUS_NOT_IMPLEMENTED;
742 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
744 return NT_STATUS_NOT_IMPLEMENTED;
747 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
749 return NT_STATUS_NOT_IMPLEMENTED;
752 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
754 return NT_STATUS_NOT_IMPLEMENTED;
757 static void pdb_default_endsampwent(struct pdb_methods *methods)
759 return; /* NT_STATUS_NOT_IMPLEMENTED; */
762 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
764 *methods = talloc(mem_ctx, sizeof(struct pdb_methods));
767 return NT_STATUS_NO_MEMORY;
770 ZERO_STRUCTP(*methods);
772 (*methods)->setsampwent = pdb_default_setsampwent;
773 (*methods)->endsampwent = pdb_default_endsampwent;
774 (*methods)->getsampwent = pdb_default_getsampwent;
775 (*methods)->getsampwnam = pdb_default_getsampwnam;
776 (*methods)->getsampwsid = pdb_default_getsampwsid;
777 (*methods)->add_sam_account = pdb_default_add_sam_account;
778 (*methods)->update_sam_account = pdb_default_update_sam_account;
779 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
781 (*methods)->getgrsid = pdb_default_getgrsid;
782 (*methods)->getgrgid = pdb_default_getgrgid;
783 (*methods)->getgrnam = pdb_default_getgrnam;
784 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
785 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
786 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
787 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;