2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Volker Lendecke 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #define DBGC_CLASS DBGC_PASSDB
28 /* Cache of latest SAM lookup query */
30 static struct samu *csamuser = NULL;
34 static struct pdb_init_function_entry *backends = NULL;
36 static void lazy_initialize_passdb(void)
38 static BOOL initialized = False;
46 static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
48 enum lsa_SidType *psid_name_use,
49 union unid_t *unix_id);
51 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
53 struct pdb_init_function_entry *entry = backends;
55 if(version != PASSDB_INTERFACE_VERSION) {
56 DEBUG(0,("Can't register passdb backend!\n"
57 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
58 "while this version of samba uses version %d\n",
59 version,PASSDB_INTERFACE_VERSION));
60 return NT_STATUS_OBJECT_TYPE_MISMATCH;
64 return NT_STATUS_INVALID_PARAMETER;
67 DEBUG(5,("Attempting to register passdb backend %s\n", name));
69 /* Check for duplicates */
70 if (pdb_find_backend_entry(name)) {
71 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
72 return NT_STATUS_OBJECT_NAME_COLLISION;
75 entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
76 entry->name = smb_xstrdup(name);
79 DLIST_ADD(backends, entry);
80 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
84 struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
86 struct pdb_init_function_entry *entry = backends;
89 if (strcmp(entry->name, name)==0) return entry;
97 * The event context for the passdb backend. I know this is a bad hack and yet
98 * another static variable, but our pdb API is a global thing per
99 * definition. The first use for this is the LDAP idle function, more might be
102 * I don't feel too bad about this static variable, it replaces the
103 * smb_idle_event_list that used to exist in lib/module.c. -- VL
106 static struct event_context *pdb_event_ctx;
108 struct event_context *pdb_get_event_context(void)
110 return pdb_event_ctx;
113 /******************************************************************
114 Make a pdb_methods from scratch
115 *******************************************************************/
117 NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
119 char *module_name = smb_xstrdup(selected);
120 char *module_location = NULL, *p;
121 struct pdb_init_function_entry *entry;
122 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
124 lazy_initialize_passdb();
126 p = strchr(module_name, ':');
130 module_location = p+1;
131 trim_char(module_location, ' ', ' ');
134 trim_char(module_name, ' ', ' ');
137 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
139 entry = pdb_find_backend_entry(module_name);
141 /* Try to find a module that contains this module */
143 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
144 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
145 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
146 SAFE_FREE(module_name);
147 return NT_STATUS_UNSUCCESSFUL;
151 /* No such backend found */
153 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
154 SAFE_FREE(module_name);
155 return NT_STATUS_INVALID_PARAMETER;
158 DEBUG(5,("Found pdb backend %s\n", module_name));
160 if ( !NT_STATUS_IS_OK( nt_status = entry->init(methods, module_location) ) ) {
161 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
162 selected, nt_errstr(nt_status)));
163 SAFE_FREE(module_name);
167 SAFE_FREE(module_name);
169 DEBUG(5,("pdb backend %s has a valid init\n", selected));
174 /******************************************************************
175 Return an already initialised pdn_methods structure
176 *******************************************************************/
178 static struct pdb_methods *pdb_get_methods_reload( BOOL reload )
180 static struct pdb_methods *pdb = NULL;
182 if ( pdb && reload ) {
183 pdb->free_private_data( &(pdb->private_data) );
184 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
186 slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n",
187 lp_passdb_backend() );
193 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
195 slprintf(msg, sizeof(msg)-1, "pdb_get_methods_reload: failed to get pdb methods for backend %s\n",
196 lp_passdb_backend() );
204 static struct pdb_methods *pdb_get_methods(void)
206 return pdb_get_methods_reload(False);
209 /******************************************************************
210 Backward compatibility functions for the original passdb interface
211 *******************************************************************/
213 BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
215 struct pdb_methods *pdb = pdb_get_methods();
216 return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask));
219 void pdb_endsampwent(void)
221 struct pdb_methods *pdb = pdb_get_methods();
222 pdb->endsampwent(pdb);
225 BOOL pdb_getsampwent(struct samu *user)
227 struct pdb_methods *pdb = pdb_get_methods();
229 if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) {
236 BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username)
238 struct pdb_methods *pdb = pdb_get_methods();
240 if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
245 TALLOC_FREE(csamuser);
248 csamuser = samu_new( NULL );
253 if (!pdb_copy_sam_account(csamuser, sam_acct)) {
254 TALLOC_FREE(csamuser);
261 /**********************************************************************
262 **********************************************************************/
264 BOOL guest_user_info( struct samu *user )
268 const char *guestname = lp_guestaccount();
270 if ( !(pwd = getpwnam_alloc( NULL, guestname ) ) ) {
271 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
276 result = samu_set_unix(user, pwd );
280 return NT_STATUS_IS_OK( result );
283 /**********************************************************************
284 **********************************************************************/
286 BOOL pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
288 struct pdb_methods *pdb = pdb_get_methods();
291 /* hard code the Guest RID of 501 */
293 if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
296 if ( rid == DOMAIN_USER_RID_GUEST ) {
297 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
298 return guest_user_info( sam_acct );
301 /* check the cache first */
303 if ( csamuser && sid_equal(sid, pdb_get_user_sid(csamuser) ) )
304 return pdb_copy_sam_account(sam_acct, csamuser);
306 return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
309 static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
310 TALLOC_CTX *tmp_ctx, const char *name,
311 uint32 acb_info, uint32 *rid)
313 struct samu *sam_pass;
317 if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
318 return NT_STATUS_NO_MEMORY;
321 if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
326 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
327 pstrcpy(add_script, lp_adduser_script());
329 pstrcpy(add_script, lp_addmachine_script());
332 if (add_script[0] == '\0') {
333 DEBUG(3, ("Could not find user %s and no add script "
335 return NT_STATUS_NO_SUCH_USER;
338 /* lowercase the username before creating the Unix account for
339 compatibility with previous Samba releases */
340 fstrcpy( name2, name );
342 all_string_sub(add_script, "%u", name2, sizeof(add_script));
343 add_ret = smbrun(add_script,NULL);
344 DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
345 add_script, add_ret));
347 smb_nscd_flush_user_cache();
350 #ifdef ENABLE_BUILD_FARM_HACKS
352 DEBUG(1, ("Creating a faked user %s for build farm "
353 "purposes\n", name));
354 faked_create_user(name);
360 pwd = Get_Pwnam_alloc(tmp_ctx, name);
363 /* we have a valid SID coming out of this call */
365 status = samu_alloc_rid_unix( sam_pass, pwd );
369 if (!NT_STATUS_IS_OK(status)) {
370 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
374 if (!sid_peek_check_rid(get_global_sam_sid(),
375 pdb_get_user_sid(sam_pass), rid)) {
376 DEBUG(0, ("Could not get RID of fresh user\n"));
377 return NT_STATUS_INTERNAL_ERROR;
380 /* Use the username case specified in the original request */
382 pdb_set_username( sam_pass, name, PDB_SET );
384 /* Disable the account on creation, it does not have a reasonable password yet. */
386 acb_info |= ACB_DISABLED;
388 pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
390 status = pdb_add_sam_account(sam_pass);
392 TALLOC_FREE(sam_pass);
397 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
400 struct pdb_methods *pdb = pdb_get_methods();
401 return pdb->create_user(pdb, mem_ctx, name, flags, rid);
404 /****************************************************************************
405 Delete a UNIX user on demand.
406 ****************************************************************************/
408 static int smb_delete_user(const char *unix_user)
415 if ( strequal( unix_user, "root" ) ) {
416 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
420 pstrcpy(del_script, lp_deluser_script());
423 all_string_sub(del_script, "%u", unix_user, sizeof(del_script));
424 ret = smbrun(del_script,NULL);
427 smb_nscd_flush_user_cache();
429 DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
434 static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
436 struct samu *sam_acct)
441 status = pdb_delete_sam_account(sam_acct);
442 if (!NT_STATUS_IS_OK(status)) {
447 * Now delete the unix side ....
448 * note: we don't check if the delete really happened as the script is
449 * not necessary present and maybe the sysadmin doesn't want to delete
453 /* always lower case the username before handing it off to
456 fstrcpy( username, pdb_get_username(sam_acct) );
457 strlower_m( username );
459 smb_delete_user( username );
464 NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
466 struct pdb_methods *pdb = pdb_get_methods();
469 /* sanity check to make sure we don't delete root */
471 if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
472 return NT_STATUS_NO_SUCH_USER;
476 return NT_STATUS_ACCESS_DENIED;
479 return pdb->delete_user(pdb, mem_ctx, sam_acct);
482 NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
484 struct pdb_methods *pdb = pdb_get_methods();
485 return pdb->add_sam_account(pdb, sam_acct);
488 NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
490 struct pdb_methods *pdb = pdb_get_methods();
492 if (csamuser != NULL) {
493 TALLOC_FREE(csamuser);
497 return pdb->update_sam_account(pdb, sam_acct);
500 NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
502 struct pdb_methods *pdb = pdb_get_methods();
504 if (csamuser != NULL) {
505 TALLOC_FREE(csamuser);
509 return pdb->delete_sam_account(pdb, sam_acct);
512 NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
514 struct pdb_methods *pdb = pdb_get_methods();
518 if (csamuser != NULL) {
519 TALLOC_FREE(csamuser);
523 /* sanity check to make sure we don't rename root */
525 if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
526 return NT_STATUS_NO_SUCH_USER;
530 return NT_STATUS_ACCESS_DENIED;
533 status = pdb->rename_sam_account(pdb, oldname, newname);
535 /* always flush the cache here just to be safe */
541 NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, BOOL success)
543 struct pdb_methods *pdb = pdb_get_methods();
544 return pdb->update_login_attempts(pdb, sam_acct, success);
547 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
549 struct pdb_methods *pdb = pdb_get_methods();
550 return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
553 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid)
555 struct pdb_methods *pdb = pdb_get_methods();
556 return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
559 BOOL pdb_getgrnam(GROUP_MAP *map, const char *name)
561 struct pdb_methods *pdb = pdb_get_methods();
562 return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
565 static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
573 grp = getgrnam(name);
578 if (smb_create_group(name, &gid) != 0) {
579 return NT_STATUS_ACCESS_DENIED;
586 return NT_STATUS_ACCESS_DENIED;
589 if (pdb_rid_algorithm()) {
590 *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
592 if (!pdb_new_rid(rid)) {
593 return NT_STATUS_ACCESS_DENIED;
597 sid_compose(&group_sid, get_global_sam_sid(), *rid);
599 return add_initial_entry(grp->gr_gid, sid_string_static(&group_sid),
600 SID_NAME_DOM_GRP, name, NULL);
603 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
606 struct pdb_methods *pdb = pdb_get_methods();
607 return pdb->create_dom_group(pdb, mem_ctx, name, rid);
610 static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
618 const char *grp_name;
620 sid_compose(&group_sid, get_global_sam_sid(), rid);
622 if (!get_domain_group_from_sid(group_sid, &map)) {
623 DEBUG(10, ("Could not find group for rid %d\n", rid));
624 return NT_STATUS_NO_SUCH_GROUP;
627 /* We need the group name for the smb_delete_group later on */
629 if (map.gid == (gid_t)-1) {
630 return NT_STATUS_NO_SUCH_GROUP;
633 grp = getgrgid(map.gid);
635 return NT_STATUS_NO_SUCH_GROUP;
638 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
640 grp_name = talloc_strdup(mem_ctx, grp->gr_name);
641 if (grp_name == NULL) {
642 return NT_STATUS_NO_MEMORY;
645 status = pdb_delete_group_mapping_entry(group_sid);
647 if (!NT_STATUS_IS_OK(status)) {
651 /* Don't check the result of smb_delete_group */
653 smb_delete_group(grp_name);
658 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
660 struct pdb_methods *pdb = pdb_get_methods();
661 return pdb->delete_dom_group(pdb, mem_ctx, rid);
664 NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
666 struct pdb_methods *pdb = pdb_get_methods();
667 return pdb->add_group_mapping_entry(pdb, map);
670 NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
672 struct pdb_methods *pdb = pdb_get_methods();
673 return pdb->update_group_mapping_entry(pdb, map);
676 NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
678 struct pdb_methods *pdb = pdb_get_methods();
679 return pdb->delete_group_mapping_entry(pdb, sid);
682 BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
683 size_t *p_num_entries, BOOL unix_only)
685 struct pdb_methods *pdb = pdb_get_methods();
686 return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
687 pp_rmap, p_num_entries, unix_only));
690 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
692 uint32 **pp_member_rids,
693 size_t *p_num_members)
695 struct pdb_methods *pdb = pdb_get_methods();
698 result = pdb->enum_group_members(pdb, mem_ctx,
699 sid, pp_member_rids, p_num_members);
701 /* special check for rid 513 */
703 if ( !NT_STATUS_IS_OK( result ) ) {
706 sid_peek_rid( sid, &rid );
708 if ( rid == DOMAIN_GROUP_RID_USERS ) {
710 *pp_member_rids = NULL;
719 NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
720 DOM_SID **pp_sids, gid_t **pp_gids,
721 size_t *p_num_groups)
723 struct pdb_methods *pdb = pdb_get_methods();
724 return pdb->enum_group_memberships(
726 pp_sids, pp_gids, p_num_groups);
729 static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
731 struct samu *sampass)
736 if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
737 (grp = getgrgid(gid)) == NULL) {
738 return NT_STATUS_INVALID_PRIMARY_GROUP;
741 if (smb_set_primary_group(grp->gr_name,
742 pdb_get_username(sampass)) != 0) {
743 return NT_STATUS_ACCESS_DENIED;
749 NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
751 struct pdb_methods *pdb = pdb_get_methods();
752 return pdb->set_unix_primary_group(pdb, mem_ctx, user);
756 * Helper function to see whether a user is in a group. We can't use
757 * user_in_group_sid here because this creates dependencies only smbd can
761 static BOOL pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
762 const DOM_SID *group_sid)
766 size_t i, num_groups;
768 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
774 for (i=0; i<num_groups; i++) {
775 if (sid_equal(group_sid, &sids[i])) {
782 static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
787 DOM_SID group_sid, member_sid;
788 struct samu *account = NULL;
792 const char *group_name;
795 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
796 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
798 if (!get_domain_group_from_sid(group_sid, &map) ||
799 (map.gid == (gid_t)-1) ||
800 ((grp = getgrgid(map.gid)) == NULL)) {
801 return NT_STATUS_NO_SUCH_GROUP;
804 group_name = talloc_strdup(mem_ctx, grp->gr_name);
805 if (group_name == NULL) {
806 return NT_STATUS_NO_MEMORY;
809 if ( !(account = samu_new( NULL )) ) {
810 return NT_STATUS_NO_MEMORY;
813 if (!pdb_getsampwsid(account, &member_sid) ||
814 !sid_to_uid(&member_sid, &uid) ||
815 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
816 return NT_STATUS_NO_SUCH_USER;
819 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
820 return NT_STATUS_MEMBER_IN_GROUP;
824 * ok, the group exist, the user exist, the user is not in the group,
825 * we can (finally) add it to the group !
828 smb_add_user_group(group_name, pwd->pw_name);
830 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
831 return NT_STATUS_ACCESS_DENIED;
837 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
840 struct pdb_methods *pdb = pdb_get_methods();
841 return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
844 static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
849 DOM_SID group_sid, member_sid;
850 struct samu *account = NULL;
854 const char *group_name;
857 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
858 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
860 if (!get_domain_group_from_sid(group_sid, &map) ||
861 (map.gid == (gid_t)-1) ||
862 ((grp = getgrgid(map.gid)) == NULL)) {
863 return NT_STATUS_NO_SUCH_GROUP;
866 group_name = talloc_strdup(mem_ctx, grp->gr_name);
867 if (group_name == NULL) {
868 return NT_STATUS_NO_MEMORY;
871 if ( !(account = samu_new( NULL )) ) {
872 return NT_STATUS_NO_MEMORY;
875 if (!pdb_getsampwsid(account, &member_sid) ||
876 !sid_to_uid(&member_sid, &uid) ||
877 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
878 return NT_STATUS_NO_SUCH_USER;
881 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
882 return NT_STATUS_MEMBER_NOT_IN_GROUP;
886 * ok, the group exist, the user exist, the user is in the group,
887 * we can (finally) delete it from the group!
890 smb_delete_user_group(group_name, pwd->pw_name);
892 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
893 return NT_STATUS_ACCESS_DENIED;
899 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
902 struct pdb_methods *pdb = pdb_get_methods();
903 return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
906 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
908 struct pdb_methods *pdb = pdb_get_methods();
909 return pdb->create_alias(pdb, name, rid);
912 NTSTATUS pdb_delete_alias(const DOM_SID *sid)
914 struct pdb_methods *pdb = pdb_get_methods();
915 return pdb->delete_alias(pdb, sid);
918 NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
920 struct pdb_methods *pdb = pdb_get_methods();
921 return pdb->get_aliasinfo(pdb, sid, info);
924 NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
926 struct pdb_methods *pdb = pdb_get_methods();
927 return pdb->set_aliasinfo(pdb, sid, info);
930 NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
932 struct pdb_methods *pdb = pdb_get_methods();
933 return pdb->add_aliasmem(pdb, alias, member);
936 NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
938 struct pdb_methods *pdb = pdb_get_methods();
939 return pdb->del_aliasmem(pdb, alias, member);
942 NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
943 DOM_SID **pp_members, size_t *p_num_members)
945 struct pdb_methods *pdb = pdb_get_methods();
946 return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members);
949 NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
950 const DOM_SID *domain_sid,
951 const DOM_SID *members, size_t num_members,
952 uint32 **pp_alias_rids,
953 size_t *p_num_alias_rids)
955 struct pdb_methods *pdb = pdb_get_methods();
956 return pdb->enum_alias_memberships(pdb, mem_ctx,
958 members, num_members,
963 NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid,
967 enum lsa_SidType *attrs)
969 struct pdb_methods *pdb = pdb_get_methods();
970 return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
974 * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
976 * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
977 * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
978 * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
979 * down to are pdb_getsampwnam and pdb_getgrnam instead of
981 * But in principle, it the call belongs to the API and might get
982 * used in this context some day.
985 NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
989 enum lsa_SidType *attrs)
991 struct pdb_methods *pdb = pdb_get_methods();
992 return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
996 BOOL pdb_get_account_policy(int policy_index, uint32 *value)
998 struct pdb_methods *pdb = pdb_get_methods();
1002 status = pdb->get_account_policy(pdb, policy_index, value);
1005 return NT_STATUS_IS_OK(status);
1008 BOOL pdb_set_account_policy(int policy_index, uint32 value)
1010 struct pdb_methods *pdb = pdb_get_methods();
1014 status = pdb->set_account_policy(pdb, policy_index, value);
1017 return NT_STATUS_IS_OK(status);
1020 BOOL pdb_get_seq_num(time_t *seq_num)
1022 struct pdb_methods *pdb = pdb_get_methods();
1023 return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1026 BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid)
1028 struct pdb_methods *pdb = pdb_get_methods();
1029 return pdb->uid_to_rid(pdb, uid, rid);
1032 BOOL pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
1034 struct pdb_methods *pdb = pdb_get_methods();
1035 return pdb->uid_to_sid(pdb, uid, sid);
1038 BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
1040 struct pdb_methods *pdb = pdb_get_methods();
1041 return pdb->gid_to_sid(pdb, gid, sid);
1044 BOOL pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
1045 enum lsa_SidType *type)
1047 struct pdb_methods *pdb = pdb_get_methods();
1048 return pdb->sid_to_id(pdb, sid, id, type);
1051 BOOL pdb_rid_algorithm(void)
1053 struct pdb_methods *pdb = pdb_get_methods();
1054 return pdb->rid_algorithm(pdb);
1057 /********************************************************************
1058 Allocate a new RID from the passdb backend. Verify that it is free
1059 by calling lookup_global_sam_rid() to verify that the RID is not
1060 in use. This handles servers that have existing users or groups
1061 with add RIDs (assigned from previous algorithmic mappings)
1062 ********************************************************************/
1064 BOOL pdb_new_rid(uint32 *rid)
1066 struct pdb_methods *pdb = pdb_get_methods();
1067 const char *name = NULL;
1068 enum lsa_SidType type;
1069 uint32 allocated_rid = 0;
1073 if (pdb_rid_algorithm()) {
1074 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1079 if (algorithmic_rid_base() != BASE_RID) {
1080 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1081 "without algorithmic RIDs is chosen.\n"));
1082 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1083 "add', set the maximum used RID using\n"));
1084 DEBUGADD(0, ("'net setmaxrid' and remove the parameter\n"));
1088 if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1089 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1093 /* Attempt to get an unused RID (max tires is 250...yes that it is
1094 and arbitrary number I pulkled out of my head). -- jerry */
1096 for ( i=0; allocated_rid==0 && i<250; i++ ) {
1099 if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1103 /* validate that the RID is not in use */
1105 if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
1112 if ( allocated_rid == 0 ) {
1113 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1117 *rid = allocated_rid;
1122 /***************************************************************
1123 Initialize the static context (at smbd startup etc).
1125 If uninitialised, context will auto-init on first use.
1126 ***************************************************************/
1128 BOOL initialize_password_db(BOOL reload, struct event_context *event_ctx)
1130 pdb_event_ctx = event_ctx;
1131 return (pdb_get_methods_reload(reload) != NULL);
1135 /***************************************************************************
1136 Default implementations of some functions.
1137 ****************************************************************************/
1139 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
1141 return NT_STATUS_NO_SUCH_USER;
1144 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
1146 return NT_STATUS_NO_SUCH_USER;
1149 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1151 return NT_STATUS_NOT_IMPLEMENTED;
1154 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1156 return NT_STATUS_NOT_IMPLEMENTED;
1159 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
1161 return NT_STATUS_NOT_IMPLEMENTED;
1164 static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
1166 return NT_STATUS_NOT_IMPLEMENTED;
1169 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, BOOL success)
1171 return NT_STATUS_OK;
1174 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint32 acb_mask)
1176 return NT_STATUS_NOT_IMPLEMENTED;
1179 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, struct samu *user)
1181 return NT_STATUS_NOT_IMPLEMENTED;
1184 static void pdb_default_endsampwent(struct pdb_methods *methods)
1186 return; /* NT_STATUS_NOT_IMPLEMENTED; */
1189 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
1191 return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1194 static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
1196 return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1199 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
1201 *seq_num = time(NULL);
1202 return NT_STATUS_OK;
1205 static BOOL pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
1208 struct samu *sampw = NULL;
1209 struct passwd *unix_pw;
1212 unix_pw = sys_getpwuid( uid );
1215 DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid "
1216 "%lu\n", (unsigned long)uid));
1220 if ( !(sampw = samu_new( NULL )) ) {
1221 DEBUG(0,("pdb_default_uid_to_rid: samu_new() failed!\n"));
1226 ret = NT_STATUS_IS_OK(
1227 methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
1231 DEBUG(5, ("pdb_default_uid_to_rid: Did not find user "
1232 "%s (%d)\n", unix_pw->pw_name, uid));
1237 sid_copy(sid, pdb_get_user_sid(sampw));
1244 static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
1250 ret = pdb_default_uid_to_sid(methods, uid, &sid);
1255 ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid);
1258 DEBUG(1, ("Could not peek rid out of sid %s\n",
1259 sid_string_static(&sid)));
1265 static BOOL pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
1270 if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
1274 sid_copy(sid, &map.sid);
1278 static BOOL pdb_default_sid_to_id(struct pdb_methods *methods,
1280 union unid_t *id, enum lsa_SidType *type)
1282 TALLOC_CTX *mem_ctx;
1287 mem_ctx = talloc_new(NULL);
1289 if (mem_ctx == NULL) {
1290 DEBUG(0, ("talloc_new failed\n"));
1294 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1295 /* Here we might have users as well as groups and aliases */
1296 ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id);
1300 /* check for "Unix User" */
1302 if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
1304 *type = SID_NAME_USER;
1309 /* check for "Unix Group" */
1311 if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
1313 *type = SID_NAME_ALIAS;
1320 if (sid_check_is_in_builtin(sid) ||
1321 sid_check_is_in_wellknown_domain(sid)) {
1322 /* Here we only have aliases */
1324 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
1325 DEBUG(10, ("Could not find map for sid %s\n",
1326 sid_string_static(sid)));
1329 if ((map.sid_name_use != SID_NAME_ALIAS) &&
1330 (map.sid_name_use != SID_NAME_WKN_GRP)) {
1331 DEBUG(10, ("Map for sid %s is a %s, expected an "
1332 "alias\n", sid_string_static(sid),
1333 sid_type_lookup(map.sid_name_use)));
1338 *type = SID_NAME_ALIAS;
1343 DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1344 sid_string_static(sid)));
1348 TALLOC_FREE(mem_ctx);
1352 static BOOL add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
1353 uid_t uid, uid_t **pp_uids, size_t *p_num)
1357 for (i=0; i<*p_num; i++) {
1358 if ((*pp_uids)[i] == uid)
1362 *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1);
1364 if (*pp_uids == NULL)
1367 (*pp_uids)[*p_num] = uid;
1372 static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
1383 /* We only look at our own sam, so don't care about imported stuff */
1384 winbind_env = winbind_env_set();
1387 if ((grp = getgrgid(gid)) == NULL) {
1388 /* allow winbindd lookups, but only if they weren't already disabled */
1392 /* Primary group members */
1394 while ((pwd = getpwent()) != NULL) {
1395 if (pwd->pw_gid == gid) {
1396 if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1404 /* Secondary group members */
1405 for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1406 struct passwd *pw = getpwnam(*gr);
1410 if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1419 /* allow winbindd lookups, but only if they weren't already disabled */
1427 static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1428 TALLOC_CTX *mem_ctx,
1429 const DOM_SID *group,
1430 uint32 **pp_member_rids,
1431 size_t *p_num_members)
1437 *pp_member_rids = NULL;
1440 if (!sid_to_gid(group, &gid))
1441 return NT_STATUS_NO_SUCH_GROUP;
1443 if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1444 return NT_STATUS_NO_SUCH_GROUP;
1447 return NT_STATUS_OK;
1449 *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1451 for (i=0; i<num_uids; i++) {
1454 uid_to_sid(&sid, uids[i]);
1456 if (!sid_check_is_in_our_domain(&sid)) {
1457 DEBUG(5, ("Inconsistent SAM -- group member uid not "
1458 "in our domain\n"));
1462 sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1463 *p_num_members += 1;
1466 return NT_STATUS_OK;
1469 static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
1470 TALLOC_CTX *mem_ctx,
1474 size_t *p_num_groups)
1479 const char *username = pdb_get_username(user);
1482 /* Ignore the primary group SID. Honor the real Unix primary group.
1483 The primary group SID is only of real use to Windows clients */
1485 if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
1486 return NT_STATUS_NO_SUCH_USER;
1493 if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1494 return NT_STATUS_NO_SUCH_USER;
1497 if (*p_num_groups == 0) {
1498 smb_panic("primary group missing");
1501 *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
1503 if (*pp_sids == NULL) {
1504 TALLOC_FREE(*pp_gids);
1505 return NT_STATUS_NO_MEMORY;
1508 for (i=0; i<*p_num_groups; i++) {
1509 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1512 return NT_STATUS_OK;
1515 /*******************************************************************
1516 Look up a rid in the SAM we're responsible for (i.e. passdb)
1517 ********************************************************************/
1519 static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
1521 enum lsa_SidType *psid_name_use,
1522 union unid_t *unix_id)
1524 struct samu *sam_account = NULL;
1529 *psid_name_use = SID_NAME_UNKNOWN;
1531 DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1532 (unsigned int)rid));
1534 sid_copy(&sid, get_global_sam_sid());
1535 sid_append_rid(&sid, rid);
1537 /* see if the passdb can help us with the name of the user */
1539 if ( !(sam_account = samu_new( NULL )) ) {
1543 /* BEING ROOT BLLOCK */
1545 if (pdb_getsampwsid(sam_account, &sid)) {
1548 unbecome_root(); /* -----> EXIT BECOME_ROOT() */
1549 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1551 TALLOC_FREE(sam_account);
1555 *psid_name_use = SID_NAME_USER;
1557 TALLOC_FREE(sam_account);
1559 if (unix_id == NULL) {
1563 pw = Get_Pwnam(*name);
1567 unix_id->uid = pw->pw_uid;
1570 TALLOC_FREE(sam_account);
1572 ret = pdb_getgrsid(&map, sid);
1574 /* END BECOME_ROOT BLOCK */
1576 /* do not resolve SIDs to a name unless there is a valid
1577 gid associated with it */
1579 if ( ret && (map.gid != (gid_t)-1) ) {
1580 *name = talloc_strdup(mem_ctx, map.nt_name);
1581 *psid_name_use = map.sid_name_use;
1584 unix_id->gid = map.gid;
1590 /* Windows will always map RID 513 to something. On a non-domain
1591 controller, this gets mapped to SERVER\None. */
1594 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1598 if ( rid == DOMAIN_GROUP_RID_USERS ) {
1599 *name = talloc_strdup(mem_ctx, "None" );
1600 *psid_name_use = SID_NAME_DOM_GRP;
1608 static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
1609 const DOM_SID *domain_sid,
1613 enum lsa_SidType *attrs)
1617 BOOL have_mapped = False;
1618 BOOL have_unmapped = False;
1620 if (sid_check_is_builtin(domain_sid)) {
1622 for (i=0; i<num_rids; i++) {
1625 if (lookup_builtin_rid(names, rids[i], &name)) {
1626 attrs[i] = SID_NAME_ALIAS;
1628 DEBUG(5,("lookup_rids: %s:%d\n",
1629 names[i], attrs[i]));
1632 have_unmapped = True;
1633 attrs[i] = SID_NAME_UNKNOWN;
1639 /* Should not happen, but better check once too many */
1640 if (!sid_check_is_domain(domain_sid)) {
1641 return NT_STATUS_INVALID_HANDLE;
1644 for (i = 0; i < num_rids; i++) {
1647 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1650 return NT_STATUS_NO_MEMORY;
1653 DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1656 have_unmapped = True;
1657 attrs[i] = SID_NAME_UNKNOWN;
1663 result = NT_STATUS_NONE_MAPPED;
1666 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1672 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
1673 const DOM_SID *domain_sid,
1677 enum lsa_SidType *attrs)
1681 BOOL have_mapped = False;
1682 BOOL have_unmapped = False;
1684 if (sid_check_is_builtin(domain_sid)) {
1686 for (i=0; i<num_names; i++) {
1689 if (lookup_builtin_name(names[i], &rid)) {
1690 attrs[i] = SID_NAME_ALIAS;
1692 DEBUG(5,("lookup_rids: %s:%d\n",
1693 names[i], attrs[i]));
1696 have_unmapped = True;
1697 attrs[i] = SID_NAME_UNKNOWN;
1703 /* Should not happen, but better check once too many */
1704 if (!sid_check_is_domain(domain_sid)) {
1705 return NT_STATUS_INVALID_HANDLE;
1708 for (i = 0; i < num_names; i++) {
1709 if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
1710 DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
1711 rids[i], attrs[i]));
1714 have_unmapped = True;
1715 attrs[i] = SID_NAME_UNKNOWN;
1721 result = NT_STATUS_NONE_MAPPED;
1724 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1730 static struct pdb_search *pdb_search_init(enum pdb_search_type type)
1732 TALLOC_CTX *mem_ctx;
1733 struct pdb_search *result;
1735 mem_ctx = talloc_init("pdb_search");
1736 if (mem_ctx == NULL) {
1737 DEBUG(0, ("talloc_init failed\n"));
1741 result = TALLOC_P(mem_ctx, struct pdb_search);
1742 if (result == NULL) {
1743 DEBUG(0, ("talloc failed\n"));
1747 result->mem_ctx = mem_ctx;
1748 result->type = type;
1749 result->cache = NULL;
1750 result->num_entries = 0;
1751 result->cache_size = 0;
1752 result->search_ended = False;
1754 /* Segfault appropriately if not initialized */
1755 result->next_entry = NULL;
1756 result->search_end = NULL;
1761 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,
1763 const char *account_name,
1764 const char *fullname,
1765 const char *description,
1766 struct samr_displayentry *entry)
1769 entry->acct_flags = acct_flags;
1771 if (account_name != NULL)
1772 entry->account_name = talloc_strdup(mem_ctx, account_name);
1774 entry->account_name = "";
1776 if (fullname != NULL)
1777 entry->fullname = talloc_strdup(mem_ctx, fullname);
1779 entry->fullname = "";
1781 if (description != NULL)
1782 entry->description = talloc_strdup(mem_ctx, description);
1784 entry->description = "";
1787 static BOOL user_search_in_progress = False;
1788 struct user_search {
1792 static BOOL next_entry_users(struct pdb_search *s,
1793 struct samr_displayentry *entry)
1795 struct user_search *state = (struct user_search *)s->private_data;
1796 struct samu *user = NULL;
1799 if ( !(user = samu_new( NULL )) ) {
1800 DEBUG(0, ("next_entry_users: samu_new() failed!\n"));
1804 if (!pdb_getsampwent(user)) {
1809 if ((state->acct_flags != 0) &&
1810 ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) {
1815 fill_displayentry(s->mem_ctx, pdb_get_user_rid(user),
1816 pdb_get_acct_ctrl(user), pdb_get_username(user),
1817 pdb_get_fullname(user), pdb_get_acct_desc(user),
1824 static void search_end_users(struct pdb_search *search)
1827 user_search_in_progress = False;
1830 static BOOL pdb_default_search_users(struct pdb_methods *methods,
1831 struct pdb_search *search,
1834 struct user_search *state;
1836 if (user_search_in_progress) {
1837 DEBUG(1, ("user search in progress\n"));
1841 if (!pdb_setsampwent(False, acct_flags)) {
1842 DEBUG(5, ("Could not start search\n"));
1846 user_search_in_progress = True;
1848 state = TALLOC_P(search->mem_ctx, struct user_search);
1849 if (state == NULL) {
1850 DEBUG(0, ("talloc failed\n"));
1854 state->acct_flags = acct_flags;
1856 search->private_data = state;
1857 search->next_entry = next_entry_users;
1858 search->search_end = search_end_users;
1862 struct group_search {
1864 size_t num_groups, current_group;
1867 static BOOL next_entry_groups(struct pdb_search *s,
1868 struct samr_displayentry *entry)
1870 struct group_search *state = (struct group_search *)s->private_data;
1872 GROUP_MAP *map = &state->groups[state->current_group];
1874 if (state->current_group == state->num_groups)
1877 sid_peek_rid(&map->sid, &rid);
1879 fill_displayentry(s->mem_ctx, rid, 0, map->nt_name, NULL, map->comment,
1882 state->current_group += 1;
1886 static void search_end_groups(struct pdb_search *search)
1888 struct group_search *state =
1889 (struct group_search *)search->private_data;
1890 SAFE_FREE(state->groups);
1893 static BOOL pdb_search_grouptype(struct pdb_search *search,
1894 const DOM_SID *sid, enum lsa_SidType type)
1896 struct group_search *state;
1898 state = TALLOC_P(search->mem_ctx, struct group_search);
1899 if (state == NULL) {
1900 DEBUG(0, ("talloc failed\n"));
1904 if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
1906 DEBUG(0, ("Could not enum groups\n"));
1910 state->current_group = 0;
1911 search->private_data = state;
1912 search->next_entry = next_entry_groups;
1913 search->search_end = search_end_groups;
1917 static BOOL pdb_default_search_groups(struct pdb_methods *methods,
1918 struct pdb_search *search)
1920 return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
1923 static BOOL pdb_default_search_aliases(struct pdb_methods *methods,
1924 struct pdb_search *search,
1928 return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
1931 static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
1934 if (idx < search->num_entries)
1935 return &search->cache[idx];
1937 if (search->search_ended)
1940 while (idx >= search->num_entries) {
1941 struct samr_displayentry entry;
1943 if (!search->next_entry(search, &entry)) {
1944 search->search_end(search);
1945 search->search_ended = True;
1949 ADD_TO_LARGE_ARRAY(search->mem_ctx, struct samr_displayentry,
1950 entry, &search->cache, &search->num_entries,
1951 &search->cache_size);
1954 return (search->num_entries > idx) ? &search->cache[idx] : NULL;
1957 struct pdb_search *pdb_search_users(uint32 acct_flags)
1959 struct pdb_methods *pdb = pdb_get_methods();
1960 struct pdb_search *result;
1962 result = pdb_search_init(PDB_USER_SEARCH);
1963 if (result == NULL) {
1967 if (!pdb->search_users(pdb, result, acct_flags)) {
1968 talloc_destroy(result->mem_ctx);
1974 struct pdb_search *pdb_search_groups(void)
1976 struct pdb_methods *pdb = pdb_get_methods();
1977 struct pdb_search *result;
1979 result = pdb_search_init(PDB_GROUP_SEARCH);
1980 if (result == NULL) {
1984 if (!pdb->search_groups(pdb, result)) {
1985 talloc_destroy(result->mem_ctx);
1991 struct pdb_search *pdb_search_aliases(const DOM_SID *sid)
1993 struct pdb_methods *pdb = pdb_get_methods();
1994 struct pdb_search *result;
1996 if (pdb == NULL) return NULL;
1998 result = pdb_search_init(PDB_ALIAS_SEARCH);
1999 if (result == NULL) return NULL;
2001 if (!pdb->search_aliases(pdb, result, sid)) {
2002 talloc_destroy(result->mem_ctx);
2008 uint32 pdb_search_entries(struct pdb_search *search,
2009 uint32 start_idx, uint32 max_entries,
2010 struct samr_displayentry **result)
2012 struct samr_displayentry *end_entry;
2013 uint32 end_idx = start_idx+max_entries-1;
2015 /* The first entry needs to be searched after the last. Otherwise the
2016 * first entry might have moved due to a realloc during the search for
2017 * the last entry. */
2019 end_entry = pdb_search_getentry(search, end_idx);
2020 *result = pdb_search_getentry(search, start_idx);
2022 if (end_entry != NULL)
2025 if (start_idx >= search->num_entries)
2028 return search->num_entries - start_idx;
2031 void pdb_search_destroy(struct pdb_search *search)
2036 if (!search->search_ended)
2037 search->search_end(search);
2039 talloc_destroy(search->mem_ctx);
2042 /*******************************************************************
2044 *******************************************************************/
2046 BOOL pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid,
2047 time_t *pass_last_set_time)
2049 struct pdb_methods *pdb = pdb_get_methods();
2050 return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
2051 pass_last_set_time);
2054 BOOL pdb_set_trusteddom_pw(const char* domain, const char* pwd,
2057 struct pdb_methods *pdb = pdb_get_methods();
2058 return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
2061 BOOL pdb_del_trusteddom_pw(const char *domain)
2063 struct pdb_methods *pdb = pdb_get_methods();
2064 return pdb->del_trusteddom_pw(pdb, domain);
2067 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,
2068 struct trustdom_info ***domains)
2070 struct pdb_methods *pdb = pdb_get_methods();
2071 return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
2074 /*******************************************************************
2075 the defaults for trustdom methods:
2076 these simply call the original passdb/secrets.c actions,
2077 to be replaced by pdb_ldap.
2078 *******************************************************************/
2080 static BOOL pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
2084 time_t *pass_last_set_time)
2086 return secrets_fetch_trusted_domain_password(domain, pwd,
2087 sid, pass_last_set_time);
2091 static BOOL pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
2096 return secrets_store_trusted_domain_password(domain, pwd, sid);
2099 static BOOL pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
2102 return trusted_domain_password_delete(domain);
2105 static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
2106 TALLOC_CTX *mem_ctx,
2107 uint32 *num_domains,
2108 struct trustdom_info ***domains)
2110 return secrets_trusted_domains(mem_ctx, num_domains, domains);
2113 /*******************************************************************
2114 Create a pdb_methods structure and initialize it with the default
2115 operations. In this way a passdb module can simply implement
2116 the functionality it cares about. However, normally this is done
2117 in groups of related functions.
2118 *******************************************************************/
2120 NTSTATUS make_pdb_method( struct pdb_methods **methods )
2122 /* allocate memory for the structure as its own talloc CTX */
2124 if ( !(*methods = TALLOC_ZERO_P(NULL, struct pdb_methods) ) ) {
2125 return NT_STATUS_NO_MEMORY;
2128 (*methods)->setsampwent = pdb_default_setsampwent;
2129 (*methods)->endsampwent = pdb_default_endsampwent;
2130 (*methods)->getsampwent = pdb_default_getsampwent;
2131 (*methods)->getsampwnam = pdb_default_getsampwnam;
2132 (*methods)->getsampwsid = pdb_default_getsampwsid;
2133 (*methods)->create_user = pdb_default_create_user;
2134 (*methods)->delete_user = pdb_default_delete_user;
2135 (*methods)->add_sam_account = pdb_default_add_sam_account;
2136 (*methods)->update_sam_account = pdb_default_update_sam_account;
2137 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2138 (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2139 (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2141 (*methods)->getgrsid = pdb_default_getgrsid;
2142 (*methods)->getgrgid = pdb_default_getgrgid;
2143 (*methods)->getgrnam = pdb_default_getgrnam;
2144 (*methods)->create_dom_group = pdb_default_create_dom_group;
2145 (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2146 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2147 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2148 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2149 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2150 (*methods)->enum_group_members = pdb_default_enum_group_members;
2151 (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2152 (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2153 (*methods)->add_groupmem = pdb_default_add_groupmem;
2154 (*methods)->del_groupmem = pdb_default_del_groupmem;
2155 (*methods)->create_alias = pdb_default_create_alias;
2156 (*methods)->delete_alias = pdb_default_delete_alias;
2157 (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2158 (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2159 (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2160 (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2161 (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2162 (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2163 (*methods)->lookup_rids = pdb_default_lookup_rids;
2164 (*methods)->get_account_policy = pdb_default_get_account_policy;
2165 (*methods)->set_account_policy = pdb_default_set_account_policy;
2166 (*methods)->get_seq_num = pdb_default_get_seq_num;
2167 (*methods)->uid_to_rid = pdb_default_uid_to_rid;
2168 (*methods)->uid_to_sid = pdb_default_uid_to_sid;
2169 (*methods)->gid_to_sid = pdb_default_gid_to_sid;
2170 (*methods)->sid_to_id = pdb_default_sid_to_id;
2172 (*methods)->search_users = pdb_default_search_users;
2173 (*methods)->search_groups = pdb_default_search_groups;
2174 (*methods)->search_aliases = pdb_default_search_aliases;
2176 (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2177 (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2178 (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2179 (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2181 return NT_STATUS_OK;