2 Unix SMB/CIFS implementation.
3 pdb_ldap with ads schema
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "tldap_util.h"
23 #include "../libds/common/flags.h"
25 #include "../librpc/gen_ndr/samr.h"
26 #include "../libcli/ldap/ldap_ndr.h"
27 #include "../libcli/security/security.h"
29 struct pdb_ads_state {
30 struct sockaddr_un socket_address;
31 struct tldap_context *ld;
32 struct dom_sid domainsid;
33 struct GUID domainguid;
39 struct pdb_ads_samu_private {
41 struct tldap_message *ldapmsg;
44 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
45 struct samu *sam_acct,
46 const struct dom_sid *sid);
47 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
49 static bool pdb_ads_dnblob2sid(struct pdb_ads_state *state, DATA_BLOB *dnblob,
50 struct dom_sid *psid);
51 static NTSTATUS pdb_ads_sid2dn(struct pdb_ads_state *state,
52 const struct dom_sid *sid,
53 TALLOC_CTX *mem_ctx, char **pdn);
54 static struct tldap_context *pdb_ads_ld(struct pdb_ads_state *state);
55 static int pdb_ads_search_fmt(struct pdb_ads_state *state, const char *base,
56 int scope, const char *attrs[], int num_attrs,
58 TALLOC_CTX *mem_ctx, struct tldap_message ***res,
59 const char *fmt, ...);
60 static NTSTATUS pdb_ads_getsamupriv(struct pdb_ads_state *state,
63 struct pdb_ads_samu_private **presult);
65 static bool pdb_ads_pull_time(struct tldap_message *msg, const char *attr,
70 if (!tldap_pull_uint64(msg, attr, &tmp)) {
73 *ptime = uint64s_nt_time_to_unix_abs(&tmp);
77 static gid_t pdb_ads_sid2gid(const struct dom_sid *sid)
80 sid_peek_rid(sid, &rid);
84 static char *pdb_ads_domaindn2dns(TALLOC_CTX *mem_ctx, char *dn)
88 result = talloc_string_sub2(mem_ctx, dn, "DC=", "", false, false,
94 while ((p = strchr_m(result, ',')) != NULL) {
101 static struct pdb_domain_info *pdb_ads_get_domain_info(
102 struct pdb_methods *m, TALLOC_CTX *mem_ctx)
104 struct pdb_ads_state *state = talloc_get_type_abort(
105 m->private_data, struct pdb_ads_state);
106 struct pdb_domain_info *info;
107 struct tldap_message *rootdse;
110 info = talloc(mem_ctx, struct pdb_domain_info);
114 info->name = talloc_strdup(info, state->netbiosname);
115 if (info->name == NULL) {
118 info->dns_domain = pdb_ads_domaindn2dns(info, state->domaindn);
119 if (info->dns_domain == NULL) {
123 rootdse = tldap_rootdse(state->ld);
124 tmp = tldap_talloc_single_attribute(rootdse, "rootDomainNamingContext",
129 info->dns_forest = pdb_ads_domaindn2dns(info, tmp);
131 if (info->dns_forest == NULL) {
134 info->sid = state->domainsid;
135 info->guid = state->domainguid;
143 static struct pdb_ads_samu_private *pdb_ads_get_samu_private(
144 struct pdb_methods *m, struct samu *sam)
146 struct pdb_ads_state *state = talloc_get_type_abort(
147 m->private_data, struct pdb_ads_state);
148 struct pdb_ads_samu_private *result;
149 char *sidstr, *filter;
152 result = (struct pdb_ads_samu_private *)
153 pdb_get_backend_private_data(sam, m);
155 if (result != NULL) {
156 return talloc_get_type_abort(
157 result, struct pdb_ads_samu_private);
160 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), pdb_get_user_sid(sam));
161 if (sidstr == NULL) {
165 filter = talloc_asprintf(
166 talloc_tos(), "(&(objectsid=%s)(objectclass=user))", sidstr);
168 if (filter == NULL) {
172 status = pdb_ads_getsamupriv(state, filter, sam, &result);
174 if (!NT_STATUS_IS_OK(status)) {
181 static NTSTATUS pdb_ads_init_sam_from_priv(struct pdb_methods *m,
183 struct pdb_ads_samu_private *priv)
185 struct pdb_ads_state *state = talloc_get_type_abort(
186 m->private_data, struct pdb_ads_state);
187 TALLOC_CTX *frame = talloc_stackframe();
188 NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
189 struct tldap_message *entry = priv->ldapmsg;
196 str = tldap_talloc_single_attribute(entry, "samAccountName", sam);
198 DEBUG(10, ("no samAccountName\n"));
201 pdb_set_username(sam, str, PDB_SET);
203 if (pdb_ads_pull_time(entry, "lastLogon", &tmp_time)) {
204 pdb_set_logon_time(sam, tmp_time, PDB_SET);
206 if (pdb_ads_pull_time(entry, "lastLogoff", &tmp_time)) {
207 pdb_set_logoff_time(sam, tmp_time, PDB_SET);
209 if (pdb_ads_pull_time(entry, "pwdLastSet", &tmp_time)) {
210 pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
212 if (pdb_ads_pull_time(entry, "accountExpires", &tmp_time)) {
213 pdb_set_kickoff_time(sam, tmp_time, PDB_SET);
216 str = tldap_talloc_single_attribute(entry, "displayName",
219 pdb_set_fullname(sam, str, PDB_SET);
222 str = tldap_talloc_single_attribute(entry, "homeDirectory",
225 pdb_set_homedir(sam, str, PDB_SET);
228 str = tldap_talloc_single_attribute(entry, "homeDrive", talloc_tos());
230 pdb_set_dir_drive(sam, str, PDB_SET);
233 str = tldap_talloc_single_attribute(entry, "scriptPath", talloc_tos());
235 pdb_set_logon_script(sam, str, PDB_SET);
238 str = tldap_talloc_single_attribute(entry, "profilePath",
241 pdb_set_profile_path(sam, str, PDB_SET);
244 str = tldap_talloc_single_attribute(entry, "profilePath",
247 pdb_set_profile_path(sam, str, PDB_SET);
250 if (!tldap_pull_binsid(entry, "objectSid", &sid)) {
251 DEBUG(10, ("Could not pull SID\n"));
254 pdb_set_user_sid(sam, &sid, PDB_SET);
256 if (!tldap_pull_uint64(entry, "userAccountControl", &n)) {
257 DEBUG(10, ("Could not pull userAccountControl\n"));
260 pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET);
262 if (tldap_get_single_valueblob(entry, "unicodePwd", &blob)) {
263 if (blob.length != NT_HASH_LEN) {
264 DEBUG(0, ("Got NT hash of length %d, expected %d\n",
265 (int)blob.length, NT_HASH_LEN));
268 pdb_set_nt_passwd(sam, blob.data, PDB_SET);
271 if (tldap_get_single_valueblob(entry, "dBCSPwd", &blob)) {
272 if (blob.length != LM_HASH_LEN) {
273 DEBUG(0, ("Got LM hash of length %d, expected %d\n",
274 (int)blob.length, LM_HASH_LEN));
277 pdb_set_lanman_passwd(sam, blob.data, PDB_SET);
280 if (tldap_pull_uint64(entry, "primaryGroupID", &n)) {
281 sid_compose(&sid, &state->domainsid, n);
282 pdb_set_group_sid(sam, &sid, PDB_SET);
285 status = NT_STATUS_OK;
291 static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
292 struct tldap_message *existing,
294 int *pnum_mods, struct tldap_mod **pmods,
300 /* TODO: All fields :-) */
302 ret &= tldap_make_mod_fmt(
303 existing, mem_ctx, pnum_mods, pmods, "displayName",
304 "%s", pdb_get_fullname(sam));
306 blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN);
307 if (blob.data != NULL) {
308 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
309 "unicodePwd", 1, &blob);
312 blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN);
313 if (blob.data != NULL) {
314 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
315 "dBCSPwd", 1, &blob);
318 ret &= tldap_make_mod_fmt(
319 existing, mem_ctx, pnum_mods, pmods, "userAccountControl",
320 "%d", ds_acb2uf(pdb_get_acct_ctrl(sam)));
322 ret &= tldap_make_mod_fmt(
323 existing, mem_ctx, pnum_mods, pmods, "homeDirectory",
324 "%s", pdb_get_homedir(sam));
326 ret &= tldap_make_mod_fmt(
327 existing, mem_ctx, pnum_mods, pmods, "homeDrive",
328 "%s", pdb_get_dir_drive(sam));
330 ret &= tldap_make_mod_fmt(
331 existing, mem_ctx, pnum_mods, pmods, "scriptPath",
332 "%s", pdb_get_logon_script(sam));
334 ret &= tldap_make_mod_fmt(
335 existing, mem_ctx, pnum_mods, pmods, "profilePath",
336 "%s", pdb_get_profile_path(sam));
341 static NTSTATUS pdb_ads_getsamupriv(struct pdb_ads_state *state,
344 struct pdb_ads_samu_private **presult)
346 const char * attrs[] = {
347 "lastLogon", "lastLogoff", "pwdLastSet", "accountExpires",
348 "sAMAccountName", "displayName", "homeDirectory",
349 "homeDrive", "scriptPath", "profilePath", "description",
350 "userWorkstations", "comment", "userParameters", "objectSid",
351 "primaryGroupID", "userAccountControl", "logonHours",
352 "badPwdCount", "logonCount", "countryCode", "codePage",
353 "unicodePwd", "dBCSPwd" };
354 struct tldap_message **users;
356 struct pdb_ads_samu_private *result;
358 result = talloc(mem_ctx, struct pdb_ads_samu_private);
359 if (result == NULL) {
360 return NT_STATUS_NO_MEMORY;
363 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
364 attrs, ARRAY_SIZE(attrs), 0, result,
365 &users, "%s", filter);
366 if (rc != TLDAP_SUCCESS) {
367 DEBUG(10, ("ldap_search failed %s\n",
368 tldap_errstr(talloc_tos(), state->ld, rc)));
370 return NT_STATUS_LDAP(rc);
373 count = talloc_array_length(users);
375 DEBUG(10, ("Expected 1 user, got %d\n", count));
377 return NT_STATUS_INTERNAL_DB_CORRUPTION;
380 result->ldapmsg = users[0];
381 if (!tldap_entry_dn(result->ldapmsg, &result->dn)) {
382 DEBUG(10, ("Could not extract dn\n"));
384 return NT_STATUS_INTERNAL_DB_CORRUPTION;
391 static NTSTATUS pdb_ads_getsampwfilter(struct pdb_methods *m,
392 struct pdb_ads_state *state,
393 struct samu *sam_acct,
396 struct pdb_ads_samu_private *priv;
399 status = pdb_ads_getsamupriv(state, filter, sam_acct, &priv);
400 if (!NT_STATUS_IS_OK(status)) {
401 DEBUG(10, ("pdb_ads_getsamupriv failed: %s\n",
406 status = pdb_ads_init_sam_from_priv(m, sam_acct, priv);
407 if (!NT_STATUS_IS_OK(status)) {
408 DEBUG(10, ("pdb_ads_init_sam_from_priv failed: %s\n",
414 pdb_set_backend_private_data(sam_acct, priv, NULL, m, PDB_SET);
418 static NTSTATUS pdb_ads_getsampwnam(struct pdb_methods *m,
419 struct samu *sam_acct,
420 const char *username)
422 struct pdb_ads_state *state = talloc_get_type_abort(
423 m->private_data, struct pdb_ads_state);
426 filter = talloc_asprintf(
427 talloc_tos(), "(&(samaccountname=%s)(objectclass=user))",
429 NT_STATUS_HAVE_NO_MEMORY(filter);
431 return pdb_ads_getsampwfilter(m, state, sam_acct, filter);
434 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
435 struct samu *sam_acct,
436 const struct dom_sid *sid)
438 struct pdb_ads_state *state = talloc_get_type_abort(
439 m->private_data, struct pdb_ads_state);
440 char *sidstr, *filter;
442 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
443 NT_STATUS_HAVE_NO_MEMORY(sidstr);
445 filter = talloc_asprintf(
446 talloc_tos(), "(&(objectsid=%s)(objectclass=user))", sidstr);
448 NT_STATUS_HAVE_NO_MEMORY(filter);
450 return pdb_ads_getsampwfilter(m, state, sam_acct, filter);
453 static NTSTATUS pdb_ads_create_user(struct pdb_methods *m,
455 const char *name, uint32 acct_flags,
458 struct pdb_ads_state *state = talloc_get_type_abort(
459 m->private_data, struct pdb_ads_state);
460 struct tldap_context *ld;
461 const char *attrs[1] = { "objectSid" };
462 struct tldap_mod *mods = NULL;
464 struct tldap_message **user;
470 dn = talloc_asprintf(talloc_tos(), "cn=%s,cn=users,%s", name,
473 return NT_STATUS_NO_MEMORY;
476 ld = pdb_ads_ld(state);
478 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
481 /* TODO: Create machines etc */
484 ok &= tldap_make_mod_fmt(
485 NULL, talloc_tos(), &num_mods, &mods, "objectClass", "user");
486 ok &= tldap_make_mod_fmt(
487 NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
490 return NT_STATUS_NO_MEMORY;
494 rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
495 if (rc != TLDAP_SUCCESS) {
496 DEBUG(10, ("ldap_add failed %s\n",
497 tldap_errstr(talloc_tos(), ld, rc)));
499 return NT_STATUS_LDAP(rc);
502 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
503 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
505 "(&(objectclass=user)(samaccountname=%s))",
507 if (rc != TLDAP_SUCCESS) {
508 DEBUG(10, ("Could not find just created user %s: %s\n",
509 name, tldap_errstr(talloc_tos(), state->ld, rc)));
511 return NT_STATUS_LDAP(rc);
514 if (talloc_array_length(user) != 1) {
515 DEBUG(10, ("Got %d users, expected one\n",
516 (int)talloc_array_length(user)));
518 return NT_STATUS_LDAP(rc);
521 if (!tldap_pull_binsid(user[0], "objectSid", &sid)) {
522 DEBUG(10, ("Could not fetch objectSid from user %s\n",
525 return NT_STATUS_INTERNAL_DB_CORRUPTION;
528 sid_peek_rid(&sid, rid);
533 static NTSTATUS pdb_ads_delete_user(struct pdb_methods *m,
537 struct pdb_ads_state *state = talloc_get_type_abort(
538 m->private_data, struct pdb_ads_state);
540 struct tldap_context *ld;
544 ld = pdb_ads_ld(state);
546 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
549 status = pdb_ads_sid2dn(state, pdb_get_user_sid(sam), talloc_tos(),
551 if (!NT_STATUS_IS_OK(status)) {
555 rc = tldap_delete(ld, dn, NULL, 0, NULL, 0);
557 if (rc != TLDAP_SUCCESS) {
558 DEBUG(10, ("ldap_delete for %s failed: %s\n", dn,
559 tldap_errstr(talloc_tos(), ld, rc)));
560 return NT_STATUS_LDAP(rc);
565 static NTSTATUS pdb_ads_add_sam_account(struct pdb_methods *m,
566 struct samu *sampass)
568 return NT_STATUS_NOT_IMPLEMENTED;
571 static NTSTATUS pdb_ads_update_sam_account(struct pdb_methods *m,
574 struct pdb_ads_state *state = talloc_get_type_abort(
575 m->private_data, struct pdb_ads_state);
576 struct pdb_ads_samu_private *priv = pdb_ads_get_samu_private(m, sam);
577 struct tldap_context *ld;
578 struct tldap_mod *mods = NULL;
579 int rc, num_mods = 0;
581 ld = pdb_ads_ld(state);
583 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
586 if (!pdb_ads_init_ads_from_sam(state, priv->ldapmsg, talloc_tos(),
587 &num_mods, &mods, sam)) {
588 return NT_STATUS_NO_MEMORY;
592 /* Nothing to do, just return success */
596 rc = tldap_modify(ld, priv->dn, num_mods, mods, NULL, 0,
599 if (rc != TLDAP_SUCCESS) {
600 DEBUG(10, ("ldap_modify for %s failed: %s\n", priv->dn,
601 tldap_errstr(talloc_tos(), ld, rc)));
602 return NT_STATUS_LDAP(rc);
608 static NTSTATUS pdb_ads_delete_sam_account(struct pdb_methods *m,
609 struct samu *username)
611 return NT_STATUS_NOT_IMPLEMENTED;
614 static NTSTATUS pdb_ads_rename_sam_account(struct pdb_methods *m,
615 struct samu *oldname,
618 return NT_STATUS_NOT_IMPLEMENTED;
621 static NTSTATUS pdb_ads_update_login_attempts(struct pdb_methods *m,
622 struct samu *sam_acct,
625 return NT_STATUS_NOT_IMPLEMENTED;
628 static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
631 struct pdb_ads_state *state = talloc_get_type_abort(
632 m->private_data, struct pdb_ads_state);
633 const char *attrs[4] = { "objectSid", "description", "samAccountName",
636 struct tldap_message **group;
640 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
641 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
642 &group, "%s", filter);
643 if (rc != TLDAP_SUCCESS) {
644 DEBUG(10, ("ldap_search failed %s\n",
645 tldap_errstr(talloc_tos(), state->ld, rc)));
646 return NT_STATUS_LDAP(rc);
648 if (talloc_array_length(group) != 1) {
649 DEBUG(10, ("Expected 1 user, got %d\n",
650 (int)talloc_array_length(group)));
651 return NT_STATUS_INTERNAL_DB_CORRUPTION;
654 if (!tldap_pull_binsid(group[0], "objectSid", &map->sid)) {
655 return NT_STATUS_INTERNAL_DB_CORRUPTION;
657 map->gid = pdb_ads_sid2gid(&map->sid);
659 if (!tldap_pull_uint32(group[0], "groupType", &grouptype)) {
660 return NT_STATUS_INTERNAL_DB_CORRUPTION;
663 case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
664 case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
665 map->sid_name_use = SID_NAME_ALIAS;
667 case GTYPE_SECURITY_GLOBAL_GROUP:
668 map->sid_name_use = SID_NAME_DOM_GRP;
671 return NT_STATUS_INTERNAL_DB_CORRUPTION;
674 str = tldap_talloc_single_attribute(group[0], "samAccountName",
677 return NT_STATUS_INTERNAL_DB_CORRUPTION;
679 fstrcpy(map->nt_name, str);
682 str = tldap_talloc_single_attribute(group[0], "description",
685 fstrcpy(map->comment, str);
688 map->comment[0] = '\0';
695 static NTSTATUS pdb_ads_getgrsid(struct pdb_methods *m, GROUP_MAP *map,
701 filter = talloc_asprintf(talloc_tos(),
702 "(&(objectsid=%s)(objectclass=group))",
703 sid_string_talloc(talloc_tos(), &sid));
704 if (filter == NULL) {
705 return NT_STATUS_NO_MEMORY;
708 status = pdb_ads_getgrfilter(m, map, filter);
713 static NTSTATUS pdb_ads_getgrgid(struct pdb_methods *m, GROUP_MAP *map,
717 pdb_ads_gid_to_sid(m, gid, &sid);
718 return pdb_ads_getgrsid(m, map, sid);
721 static NTSTATUS pdb_ads_getgrnam(struct pdb_methods *m, GROUP_MAP *map,
727 filter = talloc_asprintf(talloc_tos(),
728 "(&(samaccountname=%s)(objectclass=group))",
730 if (filter == NULL) {
731 return NT_STATUS_NO_MEMORY;
734 status = pdb_ads_getgrfilter(m, map, filter);
739 static NTSTATUS pdb_ads_create_dom_group(struct pdb_methods *m,
740 TALLOC_CTX *mem_ctx, const char *name,
743 TALLOC_CTX *frame = talloc_stackframe();
744 struct pdb_ads_state *state = talloc_get_type_abort(
745 m->private_data, struct pdb_ads_state);
746 struct tldap_context *ld;
747 const char *attrs[1] = { "objectSid" };
749 struct tldap_mod *mods = NULL;
750 struct tldap_message **alias;
756 ld = pdb_ads_ld(state);
758 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
761 dn = talloc_asprintf(talloc_tos(), "cn=%s,cn=users,%s", name,
765 return NT_STATUS_NO_MEMORY;
768 ok &= tldap_make_mod_fmt(
769 NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
771 ok &= tldap_make_mod_fmt(
772 NULL, talloc_tos(), &num_mods, &mods, "objectClass", "group");
773 ok &= tldap_make_mod_fmt(
774 NULL, talloc_tos(), &num_mods, &mods, "groupType",
775 "%d", (int)GTYPE_SECURITY_GLOBAL_GROUP);
779 return NT_STATUS_NO_MEMORY;
782 rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
783 if (rc != TLDAP_SUCCESS) {
784 DEBUG(10, ("ldap_add failed %s\n",
785 tldap_errstr(talloc_tos(), state->ld, rc)));
787 return NT_STATUS_LDAP(rc);
790 rc = pdb_ads_search_fmt(
791 state, state->domaindn, TLDAP_SCOPE_SUB,
792 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &alias,
793 "(&(objectclass=group)(samaccountname=%s))", name);
794 if (rc != TLDAP_SUCCESS) {
795 DEBUG(10, ("Could not find just created alias %s: %s\n",
796 name, tldap_errstr(talloc_tos(), state->ld, rc)));
798 return NT_STATUS_LDAP(rc);
801 if (talloc_array_length(alias) != 1) {
802 DEBUG(10, ("Got %d alias, expected one\n",
803 (int)talloc_array_length(alias)));
805 return NT_STATUS_LDAP(rc);
808 if (!tldap_pull_binsid(alias[0], "objectSid", &sid)) {
809 DEBUG(10, ("Could not fetch objectSid from alias %s\n",
812 return NT_STATUS_INTERNAL_DB_CORRUPTION;
815 sid_peek_rid(&sid, rid);
820 static NTSTATUS pdb_ads_delete_dom_group(struct pdb_methods *m,
821 TALLOC_CTX *mem_ctx, uint32 rid)
823 struct pdb_ads_state *state = talloc_get_type_abort(
824 m->private_data, struct pdb_ads_state);
825 struct tldap_context *ld;
828 struct tldap_message **msg;
832 sid_compose(&sid, &state->domainsid, rid);
834 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid);
835 NT_STATUS_HAVE_NO_MEMORY(sidstr);
837 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
838 NULL, 0, 0, talloc_tos(), &msg,
839 ("(&(objectSid=%s)(objectClass=group))"),
842 if (rc != TLDAP_SUCCESS) {
843 DEBUG(10, ("ldap_search failed %s\n",
844 tldap_errstr(talloc_tos(), state->ld, rc)));
845 return NT_STATUS_LDAP(rc);
848 switch talloc_array_length(msg) {
850 return NT_STATUS_NO_SUCH_GROUP;
854 return NT_STATUS_INTERNAL_DB_CORRUPTION;
857 if (!tldap_entry_dn(msg[0], &dn)) {
859 return NT_STATUS_INTERNAL_DB_CORRUPTION;
862 ld = pdb_ads_ld(state);
865 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
868 rc = tldap_delete(ld, dn, NULL, 0, NULL, 0);
870 if (rc != TLDAP_SUCCESS) {
871 DEBUG(10, ("ldap_delete failed: %s\n",
872 tldap_errstr(talloc_tos(), state->ld, rc)));
873 return NT_STATUS_LDAP(rc);
879 static NTSTATUS pdb_ads_add_group_mapping_entry(struct pdb_methods *m,
882 return NT_STATUS_NOT_IMPLEMENTED;
885 static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
888 return NT_STATUS_NOT_IMPLEMENTED;
891 static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,
894 return NT_STATUS_NOT_IMPLEMENTED;
897 static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
898 const struct dom_sid *sid,
899 enum lsa_SidType sid_name_use,
901 size_t *p_num_entries,
904 return NT_STATUS_NOT_IMPLEMENTED;
907 static NTSTATUS pdb_ads_enum_group_members(struct pdb_methods *m,
909 const struct dom_sid *group,
911 size_t *pnum_members)
913 struct pdb_ads_state *state = talloc_get_type_abort(
914 m->private_data, struct pdb_ads_state);
915 const char *attrs[1] = { "member" };
917 struct tldap_message **msg;
918 int i, rc, num_members;
922 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), group);
923 NT_STATUS_HAVE_NO_MEMORY(sidstr);
925 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
926 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
927 &msg, "(objectsid=%s)", sidstr);
929 if (rc != TLDAP_SUCCESS) {
930 DEBUG(10, ("ldap_search failed %s\n",
931 tldap_errstr(talloc_tos(), state->ld, rc)));
932 return NT_STATUS_LDAP(rc);
934 switch talloc_array_length(msg) {
936 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
941 return NT_STATUS_INTERNAL_DB_CORRUPTION;
945 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) {
946 return NT_STATUS_INTERNAL_DB_CORRUPTION;
949 members = talloc_array(mem_ctx, uint32_t, num_members);
950 if (members == NULL) {
951 return NT_STATUS_NO_MEMORY;
954 for (i=0; i<num_members; i++) {
956 if (!pdb_ads_dnblob2sid(state, &blobs[i], &sid)
957 || !sid_peek_rid(&sid, &members[i])) {
958 TALLOC_FREE(members);
959 return NT_STATUS_INTERNAL_DB_CORRUPTION;
964 *pnum_members = num_members;
968 static NTSTATUS pdb_ads_enum_group_memberships(struct pdb_methods *m,
971 struct dom_sid **pp_sids,
973 size_t *p_num_groups)
975 struct pdb_ads_state *state = talloc_get_type_abort(
976 m->private_data, struct pdb_ads_state);
977 struct pdb_ads_samu_private *priv = pdb_ads_get_samu_private(
979 const char *attrs[1] = { "objectSid" };
980 struct tldap_message **groups;
983 struct dom_sid *group_sids;
986 rc = pdb_ads_search_fmt(
987 state, state->domaindn, TLDAP_SCOPE_SUB,
988 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups,
989 "(&(member=%s)(grouptype=%d)(objectclass=group))",
990 priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
991 if (rc != TLDAP_SUCCESS) {
992 DEBUG(10, ("ldap_search failed %s\n",
993 tldap_errstr(talloc_tos(), state->ld, rc)));
994 return NT_STATUS_LDAP(rc);
997 count = talloc_array_length(groups);
999 group_sids = talloc_array(mem_ctx, struct dom_sid, count);
1000 if (group_sids == NULL) {
1001 return NT_STATUS_NO_MEMORY;
1003 gids = talloc_array(mem_ctx, gid_t, count);
1005 TALLOC_FREE(group_sids);
1006 return NT_STATUS_NO_MEMORY;
1010 for (i=0; i<count; i++) {
1011 if (!tldap_pull_binsid(groups[i], "objectSid",
1012 &group_sids[num_groups])) {
1015 gids[num_groups] = pdb_ads_sid2gid(&group_sids[num_groups]);
1018 if (num_groups == count) {
1023 *pp_sids = group_sids;
1025 *p_num_groups = num_groups;
1026 return NT_STATUS_OK;
1029 static NTSTATUS pdb_ads_set_unix_primary_group(struct pdb_methods *m,
1030 TALLOC_CTX *mem_ctx,
1033 return NT_STATUS_NOT_IMPLEMENTED;
1036 static NTSTATUS pdb_ads_mod_groupmem(struct pdb_methods *m,
1037 TALLOC_CTX *mem_ctx,
1038 uint32 grouprid, uint32 memberrid,
1041 struct pdb_ads_state *state = talloc_get_type_abort(
1042 m->private_data, struct pdb_ads_state);
1043 TALLOC_CTX *frame = talloc_stackframe();
1044 struct tldap_context *ld;
1045 struct dom_sid groupsid, membersid;
1046 char *groupdn, *memberdn;
1047 struct tldap_mod *mods;
1051 ld = pdb_ads_ld(state);
1053 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
1056 sid_compose(&groupsid, &state->domainsid, grouprid);
1057 sid_compose(&membersid, &state->domainsid, memberrid);
1059 status = pdb_ads_sid2dn(state, &groupsid, talloc_tos(), &groupdn);
1060 if (!NT_STATUS_IS_OK(status)) {
1062 return NT_STATUS_NO_SUCH_GROUP;
1064 status = pdb_ads_sid2dn(state, &membersid, talloc_tos(), &memberdn);
1065 if (!NT_STATUS_IS_OK(status)) {
1067 return NT_STATUS_NO_SUCH_USER;
1072 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op,
1073 "member", memberdn)) {
1075 return NT_STATUS_NO_MEMORY;
1078 rc = tldap_modify(ld, groupdn, 1, mods, NULL, 0, NULL, 0);
1080 if (rc != TLDAP_SUCCESS) {
1081 DEBUG(10, ("ldap_modify failed: %s\n",
1082 tldap_errstr(talloc_tos(), state->ld, rc)));
1083 if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
1084 return NT_STATUS_MEMBER_IN_GROUP;
1086 if (rc == TLDAP_NO_SUCH_ATTRIBUTE) {
1087 return NT_STATUS_MEMBER_NOT_IN_GROUP;
1089 return NT_STATUS_LDAP(rc);
1092 return NT_STATUS_OK;
1095 static NTSTATUS pdb_ads_add_groupmem(struct pdb_methods *m,
1096 TALLOC_CTX *mem_ctx,
1097 uint32 group_rid, uint32 member_rid)
1099 return pdb_ads_mod_groupmem(m, mem_ctx, group_rid, member_rid,
1103 static NTSTATUS pdb_ads_del_groupmem(struct pdb_methods *m,
1104 TALLOC_CTX *mem_ctx,
1105 uint32 group_rid, uint32 member_rid)
1107 return pdb_ads_mod_groupmem(m, mem_ctx, group_rid, member_rid,
1111 static NTSTATUS pdb_ads_create_alias(struct pdb_methods *m,
1112 const char *name, uint32 *rid)
1114 TALLOC_CTX *frame = talloc_stackframe();
1115 struct pdb_ads_state *state = talloc_get_type_abort(
1116 m->private_data, struct pdb_ads_state);
1117 struct tldap_context *ld;
1118 const char *attrs[1] = { "objectSid" };
1120 struct tldap_mod *mods = NULL;
1121 struct tldap_message **alias;
1127 ld = pdb_ads_ld(state);
1129 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
1132 dn = talloc_asprintf(talloc_tos(), "cn=%s,cn=users,%s", name,
1136 return NT_STATUS_NO_MEMORY;
1139 ok &= tldap_make_mod_fmt(
1140 NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
1142 ok &= tldap_make_mod_fmt(
1143 NULL, talloc_tos(), &num_mods, &mods, "objectClass", "group");
1144 ok &= tldap_make_mod_fmt(
1145 NULL, talloc_tos(), &num_mods, &mods, "groupType",
1146 "%d", (int)GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
1150 return NT_STATUS_NO_MEMORY;
1153 rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
1154 if (rc != TLDAP_SUCCESS) {
1155 DEBUG(10, ("ldap_add failed %s\n",
1156 tldap_errstr(talloc_tos(), state->ld, rc)));
1158 return NT_STATUS_LDAP(rc);
1161 rc = pdb_ads_search_fmt(
1162 state, state->domaindn, TLDAP_SCOPE_SUB,
1163 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &alias,
1164 "(&(objectclass=group)(samaccountname=%s))", name);
1165 if (rc != TLDAP_SUCCESS) {
1166 DEBUG(10, ("Could not find just created alias %s: %s\n",
1167 name, tldap_errstr(talloc_tos(), state->ld, rc)));
1169 return NT_STATUS_LDAP(rc);
1172 if (talloc_array_length(alias) != 1) {
1173 DEBUG(10, ("Got %d alias, expected one\n",
1174 (int)talloc_array_length(alias)));
1176 return NT_STATUS_LDAP(rc);
1179 if (!tldap_pull_binsid(alias[0], "objectSid", &sid)) {
1180 DEBUG(10, ("Could not fetch objectSid from alias %s\n",
1183 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1186 sid_peek_rid(&sid, rid);
1188 return NT_STATUS_OK;
1191 static NTSTATUS pdb_ads_delete_alias(struct pdb_methods *m,
1192 const struct dom_sid *sid)
1194 struct pdb_ads_state *state = talloc_get_type_abort(
1195 m->private_data, struct pdb_ads_state);
1196 struct tldap_context *ld;
1197 struct tldap_message **alias;
1198 char *sidstr, *dn = NULL;
1201 ld = pdb_ads_ld(state);
1203 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
1206 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
1207 if (sidstr == NULL) {
1208 return NT_STATUS_NO_MEMORY;
1211 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
1212 NULL, 0, 0, talloc_tos(), &alias,
1213 "(&(objectSid=%s)(objectclass=group)"
1214 "(|(grouptype=%d)(grouptype=%d)))",
1215 sidstr, GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
1216 GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
1217 TALLOC_FREE(sidstr);
1218 if (rc != TLDAP_SUCCESS) {
1219 DEBUG(10, ("ldap_search failed: %s\n",
1220 tldap_errstr(talloc_tos(), state->ld, rc)));
1221 return NT_STATUS_LDAP(rc);
1223 if (talloc_array_length(alias) != 1) {
1224 DEBUG(10, ("Expected 1 alias, got %d\n",
1225 (int)talloc_array_length(alias)));
1226 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1228 if (!tldap_entry_dn(alias[0], &dn)) {
1229 DEBUG(10, ("Could not get DN for alias %s\n",
1230 sid_string_dbg(sid)));
1231 return NT_STATUS_INTERNAL_ERROR;
1234 rc = tldap_delete(ld, dn, NULL, 0, NULL, 0);
1235 if (rc != TLDAP_SUCCESS) {
1236 DEBUG(10, ("ldap_delete failed: %s\n",
1237 tldap_errstr(talloc_tos(), state->ld, rc)));
1238 return NT_STATUS_LDAP(rc);
1241 return NT_STATUS_OK;
1244 static NTSTATUS pdb_ads_set_aliasinfo(struct pdb_methods *m,
1245 const struct dom_sid *sid,
1246 struct acct_info *info)
1248 struct pdb_ads_state *state = talloc_get_type_abort(
1249 m->private_data, struct pdb_ads_state);
1250 struct tldap_context *ld;
1251 const char *attrs[3] = { "objectSid", "description",
1253 struct tldap_message **msg;
1256 struct tldap_mod *mods;
1260 ld = pdb_ads_ld(state);
1262 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
1265 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
1266 NT_STATUS_HAVE_NO_MEMORY(sidstr);
1268 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
1269 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
1270 &msg, "(&(objectSid=%s)(objectclass=group)"
1271 "(|(grouptype=%d)(grouptype=%d)))",
1272 sidstr, GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
1273 GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
1274 TALLOC_FREE(sidstr);
1275 if (rc != TLDAP_SUCCESS) {
1276 DEBUG(10, ("ldap_search failed %s\n",
1277 tldap_errstr(talloc_tos(), state->ld, rc)));
1278 return NT_STATUS_LDAP(rc);
1280 switch talloc_array_length(msg) {
1282 return NT_STATUS_NO_SUCH_ALIAS;
1286 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1289 if (!tldap_entry_dn(msg[0], &dn)) {
1291 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1298 ok &= tldap_make_mod_fmt(
1299 msg[0], msg, &num_mods, &mods, "description",
1300 "%s", info->acct_desc);
1301 ok &= tldap_make_mod_fmt(
1302 msg[0], msg, &num_mods, &mods, "samAccountName",
1303 "%s", info->acct_name);
1306 return NT_STATUS_NO_MEMORY;
1308 if (num_mods == 0) {
1311 return NT_STATUS_OK;
1314 rc = tldap_modify(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
1316 if (rc != TLDAP_SUCCESS) {
1317 DEBUG(10, ("ldap_modify failed: %s\n",
1318 tldap_errstr(talloc_tos(), state->ld, rc)));
1319 return NT_STATUS_LDAP(rc);
1321 return NT_STATUS_OK;
1324 static NTSTATUS pdb_ads_sid2dn(struct pdb_ads_state *state,
1325 const struct dom_sid *sid,
1326 TALLOC_CTX *mem_ctx, char **pdn)
1328 struct tldap_message **msg;
1332 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
1333 NT_STATUS_HAVE_NO_MEMORY(sidstr);
1335 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
1336 NULL, 0, 0, talloc_tos(), &msg,
1337 "(objectsid=%s)", sidstr);
1338 TALLOC_FREE(sidstr);
1339 if (rc != TLDAP_SUCCESS) {
1340 DEBUG(10, ("ldap_search failed %s\n",
1341 tldap_errstr(talloc_tos(), state->ld, rc)));
1342 return NT_STATUS_LDAP(rc);
1345 switch talloc_array_length(msg) {
1347 return NT_STATUS_NOT_FOUND;
1351 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1354 if (!tldap_entry_dn(msg[0], &dn)) {
1355 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1358 dn = talloc_strdup(mem_ctx, dn);
1360 return NT_STATUS_NO_MEMORY;
1365 return NT_STATUS_OK;
1368 static NTSTATUS pdb_ads_mod_aliasmem(struct pdb_methods *m,
1369 const struct dom_sid *alias,
1370 const struct dom_sid *member,
1373 struct pdb_ads_state *state = talloc_get_type_abort(
1374 m->private_data, struct pdb_ads_state);
1375 struct tldap_context *ld;
1376 TALLOC_CTX *frame = talloc_stackframe();
1377 struct tldap_mod *mods;
1379 char *aliasdn, *memberdn;
1382 ld = pdb_ads_ld(state);
1384 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
1387 status = pdb_ads_sid2dn(state, alias, talloc_tos(), &aliasdn);
1388 if (!NT_STATUS_IS_OK(status)) {
1389 DEBUG(10, ("pdb_ads_sid2dn (%s) failed: %s\n",
1390 sid_string_dbg(alias), nt_errstr(status)));
1392 return NT_STATUS_NO_SUCH_ALIAS;
1394 status = pdb_ads_sid2dn(state, member, talloc_tos(), &memberdn);
1395 if (!NT_STATUS_IS_OK(status)) {
1396 DEBUG(10, ("pdb_ads_sid2dn (%s) failed: %s\n",
1397 sid_string_dbg(member), nt_errstr(status)));
1404 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op,
1405 "member", memberdn)) {
1407 return NT_STATUS_NO_MEMORY;
1410 rc = tldap_modify(ld, aliasdn, 1, mods, NULL, 0, NULL, 0);
1412 if (rc != TLDAP_SUCCESS) {
1413 DEBUG(10, ("ldap_modify failed: %s\n",
1414 tldap_errstr(talloc_tos(), state->ld, rc)));
1415 if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
1416 return NT_STATUS_MEMBER_IN_ALIAS;
1418 if (rc == TLDAP_NO_SUCH_ATTRIBUTE) {
1419 return NT_STATUS_MEMBER_NOT_IN_ALIAS;
1421 return NT_STATUS_LDAP(rc);
1424 return NT_STATUS_OK;
1427 static NTSTATUS pdb_ads_add_aliasmem(struct pdb_methods *m,
1428 const struct dom_sid *alias,
1429 const struct dom_sid *member)
1431 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_ADD);
1434 static NTSTATUS pdb_ads_del_aliasmem(struct pdb_methods *m,
1435 const struct dom_sid *alias,
1436 const struct dom_sid *member)
1438 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_DELETE);
1441 static bool pdb_ads_dnblob2sid(struct pdb_ads_state *state, DATA_BLOB *dnblob,
1442 struct dom_sid *psid)
1444 const char *attrs[1] = { "objectSid" };
1445 struct tldap_message **msg;
1451 if (!convert_string_talloc(talloc_tos(), CH_UTF8, CH_UNIX,
1452 dnblob->data, dnblob->length, &dn, &len,
1456 rc = pdb_ads_search_fmt(state, dn, TLDAP_SCOPE_BASE,
1457 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
1458 &msg, "(objectclass=*)");
1460 if (talloc_array_length(msg) != 1) {
1461 DEBUG(10, ("Got %d objects, expected one\n",
1462 (int)talloc_array_length(msg)));
1467 ret = tldap_pull_binsid(msg[0], "objectSid", psid);
1472 static NTSTATUS pdb_ads_enum_aliasmem(struct pdb_methods *m,
1473 const struct dom_sid *alias,
1474 TALLOC_CTX *mem_ctx,
1475 struct dom_sid **pmembers,
1476 size_t *pnum_members)
1478 struct pdb_ads_state *state = talloc_get_type_abort(
1479 m->private_data, struct pdb_ads_state);
1480 const char *attrs[1] = { "member" };
1482 struct tldap_message **msg;
1483 int i, rc, num_members;
1485 struct dom_sid *members;
1487 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), alias);
1488 NT_STATUS_HAVE_NO_MEMORY(sidstr);
1490 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
1491 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
1492 &msg, "(objectsid=%s)", sidstr);
1493 TALLOC_FREE(sidstr);
1494 if (rc != TLDAP_SUCCESS) {
1495 DEBUG(10, ("ldap_search failed %s\n",
1496 tldap_errstr(talloc_tos(), state->ld, rc)));
1497 return NT_STATUS_LDAP(rc);
1499 switch talloc_array_length(msg) {
1501 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1506 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1510 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) {
1511 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1514 members = talloc_array(mem_ctx, struct dom_sid, num_members);
1515 if (members == NULL) {
1516 return NT_STATUS_NO_MEMORY;
1519 for (i=0; i<num_members; i++) {
1520 if (!pdb_ads_dnblob2sid(state, &blobs[i], &members[i])) {
1521 TALLOC_FREE(members);
1522 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1526 *pmembers = members;
1527 *pnum_members = num_members;
1528 return NT_STATUS_OK;
1531 static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m,
1532 TALLOC_CTX *mem_ctx,
1533 const struct dom_sid *domain_sid,
1534 const struct dom_sid *members,
1536 uint32_t **palias_rids,
1537 size_t *pnum_alias_rids)
1539 struct pdb_ads_state *state = talloc_get_type_abort(
1540 m->private_data, struct pdb_ads_state);
1541 const char *attrs[1] = { "objectSid" };
1542 struct tldap_message **msg = NULL;
1543 uint32_t *alias_rids = NULL;
1544 size_t num_alias_rids = 0;
1546 bool got_members = false;
1551 * TODO: Get the filter right so that we only get the aliases from
1552 * either the SAM or BUILTIN
1555 filter = talloc_asprintf(talloc_tos(),
1556 "(&(|(grouptype=%d)(grouptype=%d))"
1557 "(objectclass=group)(|",
1558 GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
1559 GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
1560 if (filter == NULL) {
1561 return NT_STATUS_NO_MEMORY;
1564 for (i=0; i<num_members; i++) {
1567 status = pdb_ads_sid2dn(state, &members[i], talloc_tos(), &dn);
1568 if (!NT_STATUS_IS_OK(status)) {
1569 DEBUG(10, ("pdb_ads_sid2dn failed for %s: %s\n",
1570 sid_string_dbg(&members[i]),
1571 nt_errstr(status)));
1574 filter = talloc_asprintf_append_buffer(
1575 filter, "(member=%s)", dn);
1577 if (filter == NULL) {
1578 return NT_STATUS_NO_MEMORY;
1587 rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
1588 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
1589 &msg, "%s))", filter);
1590 TALLOC_FREE(filter);
1591 if (rc != TLDAP_SUCCESS) {
1592 DEBUG(10, ("tldap_search failed %s\n",
1593 tldap_errstr(talloc_tos(), state->ld, rc)));
1594 return NT_STATUS_LDAP(rc);
1597 count = talloc_array_length(msg);
1602 alias_rids = talloc_array(mem_ctx, uint32_t, count);
1603 if (alias_rids == NULL) {
1605 return NT_STATUS_NO_MEMORY;
1608 for (i=0; i<count; i++) {
1611 if (!tldap_pull_binsid(msg[i], "objectSid", &sid)) {
1612 DEBUG(10, ("Could not pull SID for member %d\n", i));
1615 if (sid_peek_check_rid(domain_sid, &sid,
1616 &alias_rids[num_alias_rids])) {
1617 num_alias_rids += 1;
1622 *palias_rids = alias_rids;
1623 *pnum_alias_rids = 0;
1624 return NT_STATUS_OK;
1627 static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m,
1628 const struct dom_sid *domain_sid,
1632 enum lsa_SidType *lsa_attrs)
1634 struct pdb_ads_state *state = talloc_get_type_abort(
1635 m->private_data, struct pdb_ads_state);
1636 const char *attrs[2] = { "sAMAccountType", "sAMAccountName" };
1639 if (num_rids == 0) {
1640 return NT_STATUS_NONE_MAPPED;
1645 for (i=0; i<num_rids; i++) {
1647 struct tldap_message **msg;
1652 lsa_attrs[i] = SID_NAME_UNKNOWN;
1654 sid_compose(&sid, domain_sid, rids[i]);
1656 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid);
1657 NT_STATUS_HAVE_NO_MEMORY(sidstr);
1659 rc = pdb_ads_search_fmt(state, state->domaindn,
1660 TLDAP_SCOPE_SUB, attrs,
1661 ARRAY_SIZE(attrs), 0, talloc_tos(),
1662 &msg, "(objectsid=%s)", sidstr);
1663 TALLOC_FREE(sidstr);
1664 if (rc != TLDAP_SUCCESS) {
1665 DEBUG(10, ("ldap_search failed %s\n",
1666 tldap_errstr(talloc_tos(), state->ld, rc)));
1670 switch talloc_array_length(msg) {
1672 DEBUG(10, ("rid %d not found\n", (int)rids[i]));
1677 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1680 names[i] = tldap_talloc_single_attribute(
1681 msg[0], "samAccountName", talloc_tos());
1682 if (names[i] == NULL) {
1683 DEBUG(10, ("no samAccountName\n"));
1686 if (!tldap_pull_uint32(msg[0], "samAccountType", &attr)) {
1687 DEBUG(10, ("no samAccountType"));
1690 lsa_attrs[i] = ds_atype_map(attr);
1694 if (num_mapped == 0) {
1695 return NT_STATUS_NONE_MAPPED;
1697 if (num_mapped < num_rids) {
1698 return STATUS_SOME_UNMAPPED;
1700 return NT_STATUS_OK;
1703 static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m,
1704 const struct dom_sid *domain_sid,
1706 const char **pp_names,
1708 enum lsa_SidType *attrs)
1710 return NT_STATUS_NOT_IMPLEMENTED;
1713 static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
1714 enum pdb_policy_type type,
1717 return account_policy_get(type, value)
1718 ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1721 static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
1722 enum pdb_policy_type type,
1725 return account_policy_set(type, value)
1726 ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1729 static NTSTATUS pdb_ads_get_seq_num(struct pdb_methods *m,
1732 return NT_STATUS_NOT_IMPLEMENTED;
1735 struct pdb_ads_search_state {
1736 uint32_t acct_flags;
1737 struct samr_displayentry *entries;
1738 uint32_t num_entries;
1743 static bool pdb_ads_next_entry(struct pdb_search *search,
1744 struct samr_displayentry *entry)
1746 struct pdb_ads_search_state *state = talloc_get_type_abort(
1747 search->private_data, struct pdb_ads_search_state);
1749 if (state->current == state->num_entries) {
1753 entry->idx = state->entries[state->current].idx;
1754 entry->rid = state->entries[state->current].rid;
1755 entry->acct_flags = state->entries[state->current].acct_flags;
1757 entry->account_name = talloc_strdup(
1758 search, state->entries[state->current].account_name);
1759 entry->fullname = talloc_strdup(
1760 search, state->entries[state->current].fullname);
1761 entry->description = talloc_strdup(
1762 search, state->entries[state->current].description);
1764 if ((entry->account_name == NULL) || (entry->fullname == NULL)
1765 || (entry->description == NULL)) {
1766 DEBUG(0, ("talloc_strdup failed\n"));
1770 state->current += 1;
1774 static void pdb_ads_search_end(struct pdb_search *search)
1776 struct pdb_ads_search_state *state = talloc_get_type_abort(
1777 search->private_data, struct pdb_ads_search_state);
1781 static bool pdb_ads_search_filter(struct pdb_methods *m,
1782 struct pdb_search *search,
1784 struct pdb_ads_search_state **pstate)
1786 struct pdb_ads_state *state = talloc_get_type_abort(
1787 m->private_data, struct pdb_ads_state);
1788 struct pdb_ads_search_state *sstate;
1789 const char * attrs[] = { "objectSid", "sAMAccountName", "displayName",
1790 "userAccountControl", "description" };
1791 struct tldap_message **users;
1792 int i, rc, num_users;
1794 sstate = talloc_zero(search, struct pdb_ads_search_state);
1795 if (sstate == NULL) {
1799 rc = pdb_ads_search_fmt(
1800 state, state->domaindn, TLDAP_SCOPE_SUB,
1801 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &users,
1803 if (rc != TLDAP_SUCCESS) {
1804 DEBUG(10, ("ldap_search_ext_s failed: %s\n",
1805 tldap_errstr(talloc_tos(), state->ld, rc)));
1809 num_users = talloc_array_length(users);
1811 sstate->entries = talloc_array(sstate, struct samr_displayentry,
1813 if (sstate->entries == NULL) {
1814 DEBUG(10, ("talloc failed\n"));
1818 sstate->num_entries = 0;
1820 for (i=0; i<num_users; i++) {
1821 struct samr_displayentry *e;
1824 e = &sstate->entries[sstate->num_entries];
1826 e->idx = sstate->num_entries;
1827 if (!tldap_pull_binsid(users[i], "objectSid", &sid)) {
1828 DEBUG(10, ("Could not pull sid\n"));
1831 sid_peek_rid(&sid, &e->rid);
1832 e->acct_flags = ACB_NORMAL;
1833 e->account_name = tldap_talloc_single_attribute(
1834 users[i], "samAccountName", sstate->entries);
1835 if (e->account_name == NULL) {
1838 e->fullname = tldap_talloc_single_attribute(
1839 users[i], "displayName", sstate->entries);
1840 if (e->fullname == NULL) {
1843 e->description = tldap_talloc_single_attribute(
1844 users[i], "description", sstate->entries);
1845 if (e->description == NULL) {
1846 e->description = "";
1849 sstate->num_entries += 1;
1850 if (sstate->num_entries >= num_users) {
1855 search->private_data = sstate;
1856 search->next_entry = pdb_ads_next_entry;
1857 search->search_end = pdb_ads_search_end;
1862 static bool pdb_ads_search_users(struct pdb_methods *m,
1863 struct pdb_search *search,
1866 struct pdb_ads_search_state *sstate;
1869 ret = pdb_ads_search_filter(m, search, "(objectclass=user)", &sstate);
1873 sstate->acct_flags = acct_flags;
1877 static bool pdb_ads_search_groups(struct pdb_methods *m,
1878 struct pdb_search *search)
1880 struct pdb_ads_search_state *sstate;
1884 filter = talloc_asprintf(talloc_tos(),
1885 "(&(grouptype=%d)(objectclass=group))",
1886 GTYPE_SECURITY_GLOBAL_GROUP);
1887 if (filter == NULL) {
1890 ret = pdb_ads_search_filter(m, search, filter, &sstate);
1891 TALLOC_FREE(filter);
1895 sstate->acct_flags = 0;
1899 static bool pdb_ads_search_aliases(struct pdb_methods *m,
1900 struct pdb_search *search,
1901 const struct dom_sid *sid)
1903 struct pdb_ads_search_state *sstate;
1907 filter = talloc_asprintf(
1908 talloc_tos(), "(&(grouptype=%d)(objectclass=group))",
1909 sid_check_is_builtin(sid)
1910 ? GTYPE_SECURITY_BUILTIN_LOCAL_GROUP
1911 : GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
1913 if (filter == NULL) {
1916 ret = pdb_ads_search_filter(m, search, filter, &sstate);
1917 TALLOC_FREE(filter);
1921 sstate->acct_flags = 0;
1925 static bool pdb_ads_uid_to_sid(struct pdb_methods *m, uid_t uid,
1926 struct dom_sid *sid)
1928 struct pdb_ads_state *state = talloc_get_type_abort(
1929 m->private_data, struct pdb_ads_state);
1930 sid_compose(sid, &state->domainsid, uid);
1934 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
1935 struct dom_sid *sid)
1937 struct pdb_ads_state *state = talloc_get_type_abort(
1938 m->private_data, struct pdb_ads_state);
1939 sid_compose(sid, &state->domainsid, gid);
1943 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
1944 union unid_t *id, enum lsa_SidType *type)
1946 struct pdb_ads_state *state = talloc_get_type_abort(
1947 m->private_data, struct pdb_ads_state);
1948 struct tldap_message **msg;
1954 * This is a big, big hack: Just hard-code the rid as uid/gid.
1957 sid_peek_rid(sid, &rid);
1959 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
1960 if (sidstr == NULL) {
1964 rc = pdb_ads_search_fmt(
1965 state, state->domaindn, TLDAP_SCOPE_SUB,
1966 NULL, 0, 0, talloc_tos(), &msg,
1967 "(&(objectsid=%s)(objectclass=user))", sidstr);
1968 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
1970 *type = SID_NAME_USER;
1971 TALLOC_FREE(sidstr);
1975 rc = pdb_ads_search_fmt(
1976 state, state->domaindn, TLDAP_SCOPE_SUB,
1977 NULL, 0, 0, talloc_tos(), &msg,
1978 "(&(objectsid=%s)(objectclass=group))", sidstr);
1979 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
1981 *type = SID_NAME_DOM_GRP;
1982 TALLOC_FREE(sidstr);
1986 TALLOC_FREE(sidstr);
1990 static uint32_t pdb_ads_capabilities(struct pdb_methods *m)
1992 return PDB_CAP_STORE_RIDS | PDB_CAP_ADS;
1995 static bool pdb_ads_new_rid(struct pdb_methods *m, uint32 *rid)
2000 static bool pdb_ads_get_trusteddom_pw(struct pdb_methods *m,
2001 const char *domain, char** pwd,
2002 struct dom_sid *sid,
2003 time_t *pass_last_set_time)
2008 static bool pdb_ads_set_trusteddom_pw(struct pdb_methods *m,
2009 const char* domain, const char* pwd,
2010 const struct dom_sid *sid)
2015 static bool pdb_ads_del_trusteddom_pw(struct pdb_methods *m,
2021 static NTSTATUS pdb_ads_enum_trusteddoms(struct pdb_methods *m,
2022 TALLOC_CTX *mem_ctx,
2023 uint32 *num_domains,
2024 struct trustdom_info ***domains)
2028 return NT_STATUS_OK;
2031 static void pdb_ads_init_methods(struct pdb_methods *m)
2034 m->get_domain_info = pdb_ads_get_domain_info;
2035 m->getsampwnam = pdb_ads_getsampwnam;
2036 m->getsampwsid = pdb_ads_getsampwsid;
2037 m->create_user = pdb_ads_create_user;
2038 m->delete_user = pdb_ads_delete_user;
2039 m->add_sam_account = pdb_ads_add_sam_account;
2040 m->update_sam_account = pdb_ads_update_sam_account;
2041 m->delete_sam_account = pdb_ads_delete_sam_account;
2042 m->rename_sam_account = pdb_ads_rename_sam_account;
2043 m->update_login_attempts = pdb_ads_update_login_attempts;
2044 m->getgrsid = pdb_ads_getgrsid;
2045 m->getgrgid = pdb_ads_getgrgid;
2046 m->getgrnam = pdb_ads_getgrnam;
2047 m->create_dom_group = pdb_ads_create_dom_group;
2048 m->delete_dom_group = pdb_ads_delete_dom_group;
2049 m->add_group_mapping_entry = pdb_ads_add_group_mapping_entry;
2050 m->update_group_mapping_entry = pdb_ads_update_group_mapping_entry;
2051 m->delete_group_mapping_entry = pdb_ads_delete_group_mapping_entry;
2052 m->enum_group_mapping = pdb_ads_enum_group_mapping;
2053 m->enum_group_members = pdb_ads_enum_group_members;
2054 m->enum_group_memberships = pdb_ads_enum_group_memberships;
2055 m->set_unix_primary_group = pdb_ads_set_unix_primary_group;
2056 m->add_groupmem = pdb_ads_add_groupmem;
2057 m->del_groupmem = pdb_ads_del_groupmem;
2058 m->create_alias = pdb_ads_create_alias;
2059 m->delete_alias = pdb_ads_delete_alias;
2060 m->get_aliasinfo = pdb_default_get_aliasinfo;
2061 m->set_aliasinfo = pdb_ads_set_aliasinfo;
2062 m->add_aliasmem = pdb_ads_add_aliasmem;
2063 m->del_aliasmem = pdb_ads_del_aliasmem;
2064 m->enum_aliasmem = pdb_ads_enum_aliasmem;
2065 m->enum_alias_memberships = pdb_ads_enum_alias_memberships;
2066 m->lookup_rids = pdb_ads_lookup_rids;
2067 m->lookup_names = pdb_ads_lookup_names;
2068 m->get_account_policy = pdb_ads_get_account_policy;
2069 m->set_account_policy = pdb_ads_set_account_policy;
2070 m->get_seq_num = pdb_ads_get_seq_num;
2071 m->search_users = pdb_ads_search_users;
2072 m->search_groups = pdb_ads_search_groups;
2073 m->search_aliases = pdb_ads_search_aliases;
2074 m->uid_to_sid = pdb_ads_uid_to_sid;
2075 m->gid_to_sid = pdb_ads_gid_to_sid;
2076 m->sid_to_id = pdb_ads_sid_to_id;
2077 m->capabilities = pdb_ads_capabilities;
2078 m->new_rid = pdb_ads_new_rid;
2079 m->get_trusteddom_pw = pdb_ads_get_trusteddom_pw;
2080 m->set_trusteddom_pw = pdb_ads_set_trusteddom_pw;
2081 m->del_trusteddom_pw = pdb_ads_del_trusteddom_pw;
2082 m->enum_trusteddoms = pdb_ads_enum_trusteddoms;
2085 static void free_private_data(void **vp)
2087 struct pdb_ads_state *state = talloc_get_type_abort(
2088 *vp, struct pdb_ads_state);
2090 TALLOC_FREE(state->ld);
2095 this is used to catch debug messages from events
2097 static void s3_tldap_debug(void *context, enum tldap_debug_level level,
2098 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
2100 static void s3_tldap_debug(void *context, enum tldap_debug_level level,
2101 const char *fmt, va_list ap)
2103 int samba_level = -1;
2106 case TLDAP_DEBUG_FATAL:
2109 case TLDAP_DEBUG_ERROR:
2112 case TLDAP_DEBUG_WARNING:
2115 case TLDAP_DEBUG_TRACE:
2120 if (vasprintf(&s, fmt, ap) == -1) {
2123 DEBUG(samba_level, ("tldap: %s", s));
2127 static struct tldap_context *pdb_ads_ld(struct pdb_ads_state *state)
2132 if (tldap_connection_ok(state->ld)) {
2135 TALLOC_FREE(state->ld);
2137 status = open_socket_out(
2138 (struct sockaddr_storage *)(void *)&state->socket_address,
2140 if (!NT_STATUS_IS_OK(status)) {
2141 DEBUG(10, ("Could not connect to %s: %s\n",
2142 state->socket_address.sun_path, nt_errstr(status)));
2146 set_blocking(fd, false);
2148 state->ld = tldap_context_create(state, fd);
2149 if (state->ld == NULL) {
2153 tldap_set_debug(state->ld, s3_tldap_debug, NULL);
2158 int pdb_ads_search_fmt(struct pdb_ads_state *state, const char *base,
2159 int scope, const char *attrs[], int num_attrs,
2161 TALLOC_CTX *mem_ctx, struct tldap_message ***res,
2162 const char *fmt, ...)
2164 struct tldap_context *ld;
2168 ld = pdb_ads_ld(state);
2170 return TLDAP_SERVER_DOWN;
2174 ret = tldap_search_va(ld, base, scope, attrs, num_attrs, attrsonly,
2175 mem_ctx, res, fmt, ap);
2178 if (ret != TLDAP_SERVER_DOWN) {
2183 ld = pdb_ads_ld(state);
2185 return TLDAP_SERVER_DOWN;
2189 ret = tldap_search_va(ld, base, scope, attrs, num_attrs, attrsonly,
2190 mem_ctx, res, fmt, ap);
2195 static NTSTATUS pdb_ads_connect(struct pdb_ads_state *state,
2196 const char *location)
2198 const char *domain_attrs[2] = { "objectSid", "objectGUID" };
2199 const char *ncname_attrs[1] = { "netbiosname" };
2200 struct tldap_context *ld;
2201 struct tldap_message *rootdse, **domain, **ncname;
2202 TALLOC_CTX *frame = talloc_stackframe();
2207 ZERO_STRUCT(state->socket_address);
2208 state->socket_address.sun_family = AF_UNIX;
2209 strlcpy(state->socket_address.sun_path, location,
2210 sizeof(state->socket_address.sun_path));
2212 ld = pdb_ads_ld(state);
2214 status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
2218 rc = tldap_fetch_rootdse(ld);
2219 if (rc != TLDAP_SUCCESS) {
2220 DEBUG(10, ("Could not retrieve rootdse: %s\n",
2221 tldap_errstr(talloc_tos(), state->ld, rc)));
2222 status = NT_STATUS_LDAP(rc);
2225 rootdse = tldap_rootdse(state->ld);
2227 state->domaindn = tldap_talloc_single_attribute(
2228 rootdse, "defaultNamingContext", state);
2229 if (state->domaindn == NULL) {
2230 DEBUG(10, ("Could not get defaultNamingContext\n"));
2231 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2234 DEBUG(10, ("defaultNamingContext = %s\n", state->domaindn));
2236 state->configdn = tldap_talloc_single_attribute(
2237 rootdse, "configurationNamingContext", state);
2238 if (state->domaindn == NULL) {
2239 DEBUG(10, ("Could not get configurationNamingContext\n"));
2240 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2243 DEBUG(10, ("configurationNamingContext = %s\n", state->configdn));
2246 * Figure out our domain's SID
2248 rc = pdb_ads_search_fmt(
2249 state, state->domaindn, TLDAP_SCOPE_BASE,
2250 domain_attrs, ARRAY_SIZE(domain_attrs), 0,
2251 talloc_tos(), &domain, "(objectclass=*)");
2252 if (rc != TLDAP_SUCCESS) {
2253 DEBUG(10, ("Could not retrieve domain: %s\n",
2254 tldap_errstr(talloc_tos(), state->ld, rc)));
2255 status = NT_STATUS_LDAP(rc);
2259 num_domains = talloc_array_length(domain);
2260 if (num_domains != 1) {
2261 DEBUG(10, ("Got %d domains, expected one\n", num_domains));
2262 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2265 if (!tldap_pull_binsid(domain[0], "objectSid", &state->domainsid)) {
2266 DEBUG(10, ("Could not retrieve domain SID\n"));
2267 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2270 if (!tldap_pull_guid(domain[0], "objectGUID", &state->domainguid)) {
2271 DEBUG(10, ("Could not retrieve domain GUID\n"));
2272 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2275 DEBUG(10, ("Domain SID: %s\n", sid_string_dbg(&state->domainsid)));
2278 * Figure out our domain's short name
2280 rc = pdb_ads_search_fmt(
2281 state, state->configdn, TLDAP_SCOPE_SUB,
2282 ncname_attrs, ARRAY_SIZE(ncname_attrs), 0,
2283 talloc_tos(), &ncname, "(ncname=%s)", state->domaindn);
2284 if (rc != TLDAP_SUCCESS) {
2285 DEBUG(10, ("Could not retrieve ncname: %s\n",
2286 tldap_errstr(talloc_tos(), state->ld, rc)));
2287 status = NT_STATUS_LDAP(rc);
2290 if (talloc_array_length(ncname) != 1) {
2291 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2295 state->netbiosname = tldap_talloc_single_attribute(
2296 ncname[0], "netbiosname", state);
2297 if (state->netbiosname == NULL) {
2298 DEBUG(10, ("Could not get netbiosname\n"));
2299 status = NT_STATUS_INTERNAL_DB_CORRUPTION;
2302 DEBUG(10, ("netbiosname: %s\n", state->netbiosname));
2304 if (!strequal(lp_workgroup(), state->netbiosname)) {
2305 DEBUG(1, ("ADS is different domain (%s) than ours (%s)\n",
2306 state->netbiosname, lp_workgroup()));
2307 status = NT_STATUS_NO_SUCH_DOMAIN;
2311 secrets_store_domain_sid(state->netbiosname, &state->domainsid);
2313 status = NT_STATUS_OK;
2319 static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method,
2320 const char *location)
2322 struct pdb_methods *m;
2323 struct pdb_ads_state *state;
2327 m = talloc(NULL, struct pdb_methods);
2329 return NT_STATUS_NO_MEMORY;
2331 state = talloc_zero(m, struct pdb_ads_state);
2332 if (state == NULL) {
2335 m->private_data = state;
2336 m->free_private_data = free_private_data;
2337 pdb_ads_init_methods(m);
2339 if (location == NULL) {
2340 tmp = talloc_asprintf(talloc_tos(), "/%s/ldap_priv/ldapi",
2344 if (location == NULL) {
2348 status = pdb_ads_connect(state, location);
2349 if (!NT_STATUS_IS_OK(status)) {
2350 DEBUG(10, ("pdb_ads_connect failed: %s\n", nt_errstr(status)));
2355 return NT_STATUS_OK;
2357 status = NT_STATUS_NO_MEMORY;
2363 NTSTATUS pdb_ads_init(void);
2364 NTSTATUS pdb_ads_init(void)
2366 return smb_register_passdb(PASSDB_INTERFACE_VERSION, "ads",
git.samba.org / kai / samba.git / blob