import HEAD into svn+ssh://svn.samba.org/home/svn/samba/trunk
[metze/old/v3-2-winbind-ndr.git] / source / passdb / pdb_tdb.c
1 /*
2  * Unix SMB/CIFS implementation. 
3  * SMB parameters and setup
4  * Copyright (C) Andrew Tridgell   1992-1998
5  * Copyright (C) Simo Sorce        2000-2002
6  * Copyright (C) Gerald Carter     2000
7  * Copyright (C) Jeremy Allison    2001
8  * Copyright (C) Andrew Bartlett   2002
9  * 
10  * This program is free software; you can redistribute it and/or modify it under
11  * the terms of the GNU General Public License as published by the Free
12  * Software Foundation; either version 2 of the License, or (at your option)
13  * any later version.
14  * 
15  * This program is distributed in the hope that it will be useful, but WITHOUT
16  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
18  * more details.
19  * 
20  * You should have received a copy of the GNU General Public License along with
21  * this program; if not, write to the Free Software Foundation, Inc., 675
22  * Mass Ave, Cambridge, MA 02139, USA.
23  */
24
25 #include "includes.h"
26
27 #if 0 /* when made a module use this */
28
29 static int tdbsam_debug_level = DBGC_ALL;
30 #undef DBGC_CLASS
31 #define DBGC_CLASS tdbsam_debug_level
32
33 #else
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_PASSDB
37
38 #endif
39
40 #define TDBSAM_VERSION  1       /* Most recent TDBSAM version */
41 #define TDBSAM_VERSION_STRING   "INFO/version"
42 #define PASSDB_FILE_NAME        "passdb.tdb"
43 #define USERPREFIX              "USER_"
44 #define RIDPREFIX               "RID_"
45 #define PRIVPREFIX              "PRIV_"
46 #define tdbsamver_t     int32
47
48 struct tdbsam_privates {
49         TDB_CONTEXT     *passwd_tdb;
50
51         /* retrive-once info */
52         const char *tdbsam_location;
53 };
54
55 struct pwent_list {
56         struct pwent_list *prev, *next;
57         TDB_DATA key;
58 };
59 static struct pwent_list *tdbsam_pwent_list;
60
61
62 /**
63  * Convert old TDBSAM to the latest version.
64  * @param pdb_tdb A pointer to the opened TDBSAM file which must be converted. 
65  *                This file must be opened with read/write access.
66  * @param from Current version of the TDBSAM file.
67  * @return True if the conversion has been successful, false otherwise. 
68  **/
69
70 static BOOL tdbsam_convert(TDB_CONTEXT *pdb_tdb, tdbsamver_t from) 
71 {
72         const char * vstring = TDBSAM_VERSION_STRING;
73         SAM_ACCOUNT *user = NULL;
74         const char *prefix = USERPREFIX;
75         TDB_DATA        data, key, old_key;
76         uint8           *buf = NULL;
77         BOOL            ret;
78
79         if (pdb_tdb == NULL) {
80                 DEBUG(0,("tdbsam_convert: Bad TDB Context pointer.\n"));
81                 return False;
82         }
83
84         /* handle a Samba upgrade */
85         tdb_lock_bystring(pdb_tdb, vstring, 0);
86         
87         if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
88                 DEBUG(0,("tdbsam_convert: cannot initialized a SAM_ACCOUNT.\n"));
89                 return False;
90         }
91
92         /* Enumerate all records and convert them */
93         key = tdb_firstkey(pdb_tdb);
94
95         while (key.dptr) {
96         
97                 /* skip all non-USER entries (eg. RIDs) */
98                 while ((key.dsize != 0) && (strncmp(key.dptr, prefix, strlen (prefix)))) {
99                         old_key = key;
100                         /* increment to next in line */
101                         key = tdb_nextkey(pdb_tdb, key);
102                         SAFE_FREE(old_key.dptr);
103                 }
104         
105                 if (key.dptr) {
106                         
107                         /* read from tdbsam */
108                         data = tdb_fetch(pdb_tdb, key);
109                         if (!data.dptr) {
110                                 DEBUG(0,("tdbsam_convert: database entry not found: %s.\n",key.dptr));
111                                 return False;
112                         }
113         
114                         if (!NT_STATUS_IS_OK(pdb_reset_sam(user))) {
115                                 DEBUG(0,("tdbsam_convert: cannot reset SAM_ACCOUNT.\n"));
116                                 SAFE_FREE(data.dptr);
117                                 return False;
118                         }
119                         
120                         /* unpack the buffer from the former format */
121                         DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) (version:%d)\n", key.dptr, from));
122                         switch (from) {
123                                 case 0:
124                                         ret = init_sam_from_buffer_v0(user, (uint8 *)data.dptr, data.dsize);
125                                         break;
126                                 case 1:
127                                         ret = init_sam_from_buffer_v1(user, (uint8 *)data.dptr, data.dsize);
128                                         break;
129                                 default:
130                                         /* unknown tdbsam version */
131                                         ret = False;
132                         }
133                         if (!ret) {
134                                 DEBUG(0,("tdbsam_convert: Bad SAM_ACCOUNT entry returned from TDB (key:%s) (version:%d)\n", key.dptr, from));
135                                 SAFE_FREE(data.dptr);
136                                 return False;
137                         }
138         
139                         /* pack from the buffer into the new format */
140                         DEBUG(10,("tdbsam_convert: Try packing a record (key:%s) (version:%d)\n", key.dptr, from));
141                         if ((data.dsize=init_buffer_from_sam (&buf, user, False)) == -1) {
142                                 DEBUG(0,("tdbsam_convert: cannot pack the SAM_ACCOUNT into the new format\n"));
143                                 SAFE_FREE(data.dptr);
144                                 return False;
145                         }
146                         data.dptr = (char *)buf;
147                         
148                         /* Store the buffer inside the TDBSAM */
149                         if (tdb_store(pdb_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) {
150                                 DEBUG(0,("tdbsam_convert: cannot store the SAM_ACCOUNT (key:%s) in new format\n",key.dptr));
151                                 SAFE_FREE(data.dptr);
152                                 return False;
153                         }
154                         
155                         SAFE_FREE(data.dptr);
156                         
157                         /* increment to next in line */
158                         old_key = key;
159                         key = tdb_nextkey(pdb_tdb, key);
160                         SAFE_FREE(old_key.dptr);
161                 }
162                 
163         }
164
165         pdb_free_sam(&user);
166         
167         /* upgrade finished */
168         tdb_store_int32(pdb_tdb, vstring, TDBSAM_VERSION);
169         tdb_unlock_bystring(pdb_tdb, vstring);
170
171         return(True);   
172 }
173
174 /**
175  * Open the TDB passwd database, check version and convert it if needed.
176  * @param name filename of the tdbsam file.
177  * @param open_flags file access mode.
178  * @return a TDB_CONTEXT handle on the tdbsam file.
179  **/
180
181 static TDB_CONTEXT * tdbsam_tdbopen (const char *name, int open_flags)
182 {
183         TDB_CONTEXT     *pdb_tdb;
184         tdbsamver_t     version;
185         
186         /* Try to open tdb passwd */
187         if (!(pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, 
188                                      open_flags, 0600))) {
189                 DEBUG(0, ("Unable to open/create TDB passwd\n"));
190                 return NULL;
191         }
192
193         /* Check the version */
194         version = (tdbsamver_t) tdb_fetch_int32(pdb_tdb, 
195                                                 TDBSAM_VERSION_STRING);
196         if (version == -1)
197                 version = 0;    /* Version not found, assume version 0 */
198         
199         /* Compare the version */
200         if (version > TDBSAM_VERSION) {
201                 /* Version more recent than the latest known */ 
202                 DEBUG(0, ("TDBSAM version unknown: %d\n", version));
203                 tdb_close(pdb_tdb);
204                 pdb_tdb = NULL;
205         } 
206         else if (version < TDBSAM_VERSION) {
207                 /* Older version, must be converted */
208                 DEBUG(1, ("TDBSAM version too old (%d), trying to convert it.\n", version));
209                 
210                 /* Reopen the pdb file with read-write access if needed */
211                 if (!(open_flags & O_RDWR)) {
212                         DEBUG(10, ("tdbsam_tdbopen: TDB file opened with read only access, reopen it with read-write access.\n"));
213                         tdb_close(pdb_tdb);
214                         pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, (open_flags & 07777770) | O_RDWR, 0600);
215                 }
216                 
217                 /* Convert */
218                 if (!tdbsam_convert(pdb_tdb, version)){
219                         DEBUG(0, ("tdbsam_tdbopen: Error when trying to convert tdbsam: %s\n",name));
220                         tdb_close(pdb_tdb);
221                         pdb_tdb = NULL;
222                 } else {
223                         DEBUG(1, ("TDBSAM converted successfully.\n"));
224                 }
225
226                 /* Reopen the pdb file as it must be */
227                 if (!(open_flags & O_RDWR)) {
228                         tdb_close(pdb_tdb);
229                         pdb_tdb = tdb_open_log(name, 0, TDB_DEFAULT, open_flags, 0600);
230                 }
231         }
232         
233         return pdb_tdb;
234 }
235
236 /*****************************************************************************
237  Utility functions to close the tdb sam database
238  ****************************************************************************/
239
240 static void tdbsam_tdbclose ( struct tdbsam_privates *state )
241 {
242         if ( !state )
243                 return;
244                 
245         if ( state->passwd_tdb ) {
246                 tdb_close( state->passwd_tdb );
247                 state->passwd_tdb = NULL;
248         }
249         
250         return;
251                 
252 }
253
254 /****************************************************************************
255  creates a list of user keys
256 ****************************************************************************/
257
258 static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
259 {
260         const char *prefix = USERPREFIX;
261         int  prefixlen = strlen (prefix);
262         struct pwent_list *ptr;
263         
264         if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) {
265                 if ( !(ptr=(struct pwent_list*)malloc(sizeof(struct pwent_list))) ) {
266                         DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n"));
267                         
268                         /* just return 0 and let the traversal continue */
269                         return 0;
270                 }
271                 ZERO_STRUCTP(ptr);
272                 
273                 /* save a copy of the key */
274                 
275                 ptr->key.dptr = memdup( key.dptr, key.dsize );
276                 ptr->key.dsize = key.dsize;
277                 
278                 DLIST_ADD( tdbsam_pwent_list, ptr );
279         
280         }
281         
282         
283         return 0;
284 }
285
286 /***************************************************************
287  Open the TDB passwd database for SAM account enumeration.
288  Save a list of user keys for iteration.
289 ****************************************************************/
290
291 static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
292 {
293         uint32 flags = update ? (O_RDWR|O_CREAT) : O_RDONLY;
294         
295         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
296         
297         if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, flags )) ) 
298                 return NT_STATUS_UNSUCCESSFUL;
299
300         tdb_traverse( tdb_state->passwd_tdb, tdbsam_traverse_setpwent, NULL );
301         
302         return NT_STATUS_OK;
303 }
304
305
306 /***************************************************************
307  End enumeration of the TDB passwd list.
308 ****************************************************************/
309
310 static void tdbsam_endsampwent(struct pdb_methods *my_methods)
311 {
312         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
313         struct pwent_list *ptr, *ptr_next;
314         
315         tdbsam_tdbclose( tdb_state );
316         
317         /* clear out any remaining entries in the list */
318         
319         for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) {
320                 ptr_next = ptr->next;
321                 DLIST_REMOVE( tdbsam_pwent_list, ptr );
322                 SAFE_FREE( ptr->key.dptr);
323                 SAFE_FREE( ptr );
324         }
325         
326         DEBUG(7, ("endtdbpwent: closed sam database.\n"));
327 }
328
329 /*****************************************************************
330  Get one SAM_ACCOUNT from the TDB (next in line)
331 *****************************************************************/
332
333 static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user)
334 {
335         NTSTATUS                nt_status = NT_STATUS_UNSUCCESSFUL;
336         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
337         TDB_DATA                data;
338         struct pwent_list       *pkey;
339
340         if ( !user ) {
341                 DEBUG(0,("tdbsam_getsampwent: SAM_ACCOUNT is NULL.\n"));
342                 return nt_status;
343         }
344
345         if ( !tdbsam_pwent_list ) {
346                 DEBUG(4,("tdbsam_getsampwent: end of list\n"));
347                 tdbsam_tdbclose( tdb_state );
348                 return nt_status;
349         }
350         
351         if ( !tdb_state->passwd_tdb ) {
352                 if ( !(tdb_state->passwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)) )
353                         return nt_status;
354         }
355
356         /* pull the next entry */
357                 
358         pkey = tdbsam_pwent_list;
359         DLIST_REMOVE( tdbsam_pwent_list, pkey );
360         
361         data = tdb_fetch(tdb_state->passwd_tdb, pkey->key);
362
363         SAFE_FREE( pkey->key.dptr);
364         SAFE_FREE( pkey);
365         
366         if (!data.dptr) {
367                 DEBUG(5,("pdb_getsampwent: database entry not found.  Was the user deleted?\n"));
368                 return nt_status;
369         }
370   
371         if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) {
372                 DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
373         }
374         
375         SAFE_FREE( data.dptr );
376         
377
378         return NT_STATUS_OK;
379 }
380
381 /******************************************************************
382  Lookup a name in the SAM TDB
383 ******************************************************************/
384
385 static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname)
386 {
387         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
388         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
389         TDB_CONTEXT     *pwd_tdb;
390         TDB_DATA        data, key;
391         fstring         keystr;
392         fstring         name;
393
394         if ( !user ) {
395                 DEBUG(0,("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n"));
396                 return nt_status;
397         }
398
399         /* Data is stored in all lower-case */
400         fstrcpy(name, sname);
401         strlower_m(name);
402
403         /* set search key */
404         slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
405         key.dptr = keystr;
406         key.dsize = strlen(keystr) + 1;
407
408         /* open the accounts TDB */
409         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) {
410         
411                 if (errno == ENOENT) {
412                         /*
413                          * TDB file doesn't exist, so try to create new one. This is useful to avoid
414                          * confusing error msg when adding user account first time
415                          */
416                         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_CREAT ))) {
417                                 DEBUG(0, ("pdb_getsampwnam: TDB passwd (%s) did not exist. File successfully created.\n",
418                                           tdb_state->tdbsam_location));
419                         } else {
420                                 DEBUG(0, ("pdb_getsampwnam: TDB passwd (%s) does not exist. Couldn't create new one. Error was: %s\n",
421                                           tdb_state->tdbsam_location, strerror(errno)));
422                         }
423                         
424                         /* requested user isn't there anyway */
425                         nt_status = NT_STATUS_NO_SUCH_USER;
426                         return nt_status;
427                 }
428                 DEBUG(0, ("pdb_getsampwnam: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
429                 return nt_status;
430         }
431
432         /* get the record */
433         data = tdb_fetch(pwd_tdb, key);
434         if (!data.dptr) {
435                 DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
436                 DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
437                 DEBUGADD(5, (" Key: %s\n", keystr));
438                 tdb_close(pwd_tdb);
439                 return nt_status;
440         }
441   
442         /* unpack the buffer */
443         if (!init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize)) {
444                 DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
445                 SAFE_FREE(data.dptr);
446                 tdb_close(pwd_tdb);
447                 return nt_status;
448         }
449         SAFE_FREE(data.dptr);
450
451         /* no further use for database, close it now */
452         tdb_close(pwd_tdb);
453         
454         return NT_STATUS_OK;
455 }
456
457 /***************************************************************************
458  Search by rid
459  **************************************************************************/
460
461 static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid)
462 {
463         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
464         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
465         TDB_CONTEXT             *pwd_tdb;
466         TDB_DATA                data, key;
467         fstring                 keystr;
468         fstring                 name;
469         
470         if (user==NULL) {
471                 DEBUG(0,("pdb_getsampwrid: SAM_ACCOUNT is NULL.\n"));
472                 return nt_status;
473         }
474
475         /* set search key */
476         slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
477         key.dptr = keystr;
478         key.dsize = strlen (keystr) + 1;
479
480         /* open the accounts TDB */
481         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) {
482                 DEBUG(0, ("pdb_getsampwrid: Unable to open TDB rid database!\n"));
483                 return nt_status;
484         }
485
486         /* get the record */
487         data = tdb_fetch (pwd_tdb, key);
488         if (!data.dptr) {
489                 DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr));
490                 DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
491                 tdb_close (pwd_tdb);
492                 return nt_status;
493         }
494
495
496         fstrcpy(name, data.dptr);
497         SAFE_FREE(data.dptr);
498         
499         tdb_close (pwd_tdb);
500         
501         return tdbsam_getsampwnam (my_methods, user, name);
502 }
503
504 static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
505 {
506         uint32 rid;
507         if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
508                 return NT_STATUS_UNSUCCESSFUL;
509         return tdbsam_getsampwrid(my_methods, user, rid);
510 }
511
512 /***************************************************************************
513  Delete a SAM_ACCOUNT
514 ****************************************************************************/
515
516 static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_pass)
517 {
518         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
519         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
520         TDB_CONTEXT     *pwd_tdb;
521         TDB_DATA        key;
522         fstring         keystr;
523         uint32          rid;
524         fstring         name;
525         
526         fstrcpy(name, pdb_get_username(sam_pass));
527         strlower_m(name);
528         
529         /* open the TDB */
530         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR))) {
531                 DEBUG(0, ("Unable to open TDB passwd!"));
532                 return nt_status;
533         }
534   
535         /* set the search key */
536         slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
537         key.dptr = keystr;
538         key.dsize = strlen (keystr) + 1;
539         
540         rid = pdb_get_user_rid(sam_pass);
541
542         /* it's outaa here!  8^) */
543         if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) {
544                 DEBUG(5, ("Error deleting entry from tdb passwd database!\n"));
545                 DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
546                 tdb_close(pwd_tdb); 
547                 return nt_status;
548         }       
549
550         /* delete also the RID key */
551
552         /* set the search key */
553         slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
554         key.dptr = keystr;
555         key.dsize = strlen (keystr) + 1;
556
557         /* it's outaa here!  8^) */
558         if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) {
559                 DEBUG(5, ("Error deleting entry from tdb rid database!\n"));
560                 DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
561                 tdb_close(pwd_tdb); 
562                 return nt_status;
563         }
564         
565         tdb_close(pwd_tdb);
566         
567         return NT_STATUS_OK;
568 }
569
570 /***************************************************************************
571  Update the TDB SAM
572 ****************************************************************************/
573
574 static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, int flag)
575 {
576         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
577         TDB_CONTEXT     *pwd_tdb = NULL;
578         TDB_DATA        key, data;
579         uint8           *buf = NULL;
580         fstring         keystr;
581         fstring         name;
582         BOOL            ret = True;
583         uint32          user_rid;
584
585         /* invalidate the existing TDB iterator if it is open */
586         
587         if (tdb_state->passwd_tdb) {
588                 tdb_close(tdb_state->passwd_tdb);
589                 tdb_state->passwd_tdb = NULL;
590         }
591
592         /* open the account TDB passwd*/
593         
594         pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT);
595         
596         if (!pwd_tdb) {
597                 DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n", 
598                         tdb_state->tdbsam_location));
599                 return False;
600         }
601
602         if (!pdb_get_group_rid(newpwd)) {
603                 DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",
604                         pdb_get_username(newpwd)));
605                 ret = False;
606                 goto done;
607         }
608
609         if ( !(user_rid = pdb_get_user_rid(newpwd)) ) {
610                 DEBUG(0,("tdb_update_sam: SAM_ACCOUNT (%s) with no RID!\n", pdb_get_username(newpwd)));
611                 ret = False;
612                 goto done;
613         }
614
615         /* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */
616         if ((data.dsize=init_buffer_from_sam (&buf, newpwd, False)) == -1) {
617                 DEBUG(0,("tdb_update_sam: ERROR - Unable to copy SAM_ACCOUNT info BYTE buffer!\n"));
618                 ret = False;
619                 goto done;
620         }
621         data.dptr = (char *)buf;
622
623         fstrcpy(name, pdb_get_username(newpwd));
624         strlower_m(name);
625         
626         DEBUG(5, ("Storing %saccount %s with RID %d\n", flag == TDB_INSERT ? "(new) " : "", name, user_rid));
627
628         /* setup the USER index key */
629         slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
630         key.dptr = keystr;
631         key.dsize = strlen(keystr) + 1;
632
633         /* add the account */
634         if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
635                 DEBUG(0, ("Unable to modify passwd TDB!"));
636                 DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
637                 DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
638                 ret = False;
639                 goto done;
640         }
641         
642         /* setup RID data */
643         data.dsize = strlen(name) + 1;
644         data.dptr = name;
645
646         /* setup the RID index key */
647         slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, user_rid);
648         key.dptr = keystr;
649         key.dsize = strlen (keystr) + 1;
650         
651         /* add the reference */
652         if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
653                 DEBUG(0, ("Unable to modify TDB passwd !"));
654                 DEBUGADD(0, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
655                 DEBUGADD(0, (" occured while storing the RID index (%s)\n", keystr));
656                 ret = False;
657                 goto done;
658         }
659
660 done:   
661         /* cleanup */
662         tdb_close (pwd_tdb);
663         SAFE_FREE(buf);
664         
665         return (ret);   
666 }
667
668 /***************************************************************************
669  Modifies an existing SAM_ACCOUNT
670 ****************************************************************************/
671
672 static NTSTATUS tdbsam_update_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd)
673 {
674         if (tdb_update_sam(my_methods, newpwd, TDB_MODIFY))
675                 return NT_STATUS_OK;
676         else
677                 return NT_STATUS_UNSUCCESSFUL;
678 }
679
680 /***************************************************************************
681  Adds an existing SAM_ACCOUNT
682 ****************************************************************************/
683
684 static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd)
685 {
686         if (tdb_update_sam(my_methods, newpwd, TDB_INSERT))
687                 return NT_STATUS_OK;
688         else
689                 return NT_STATUS_UNSUCCESSFUL;
690 }
691
692 static void free_private_data(void **vp) 
693 {
694         struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
695         tdbsam_tdbclose(*tdb_state);
696         *tdb_state = NULL;
697
698         /* No need to free any further, as it is talloc()ed */
699 }
700
701 /**
702  * Start trust passwords enumeration. This function is a simple
703  * wrapper for calling gettrustpwent with null pointer passed.
704  *
705  * @param methods methods belonging in pdb context (module)
706  * @return nt status of performed operation
707  **/
708
709 static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods)
710 {
711         /* rewind enumeration from beginning */
712         return methods->gettrustpwent(methods, NULL);
713 }
714
715
716 /**
717  * Enumerate across trust passwords (machine and interdomain nt/ads)
718  *
719  * @param methods methods belonging in pdb context (module)
720  * @param trust trust password structure
721  *
722  * @return nt status of performed operation
723  **/
724
725 static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust)
726 {
727         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
728         struct trust_passwd_data t;
729         TALLOC_CTX *mem_ctx;
730         
731         TRUSTDOM **trustdom;
732         static int enum_ctx;
733         int num_domains = 0;
734         unsigned int max_domains = 1;
735         char *dom_name, *dom_pass;
736         
737         smb_ucs2_t *uni_dom_name;
738         uint8 mach_pass[16];
739         uint32 sec_chan;
740         
741         if (!methods) return NT_STATUS_UNSUCCESSFUL;
742         
743         /*
744          * NT domain trust passwords
745          */
746         
747         /* rewind enumeration when passed NULL pointer as a trust */
748         if (!trust) {
749                 enum_ctx = 0;
750                 return NT_STATUS_OK;
751         }
752         
753         mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration");
754
755         /* fetch next trusted domain (one at a time) and its full information */
756         nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains,
757                                                 &trustdom);
758         if (num_domains) {
759                 pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name);
760                 if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid,
761                                                           &t.mod_time)) {
762
763                         t.uni_name_len = strnlen_w(trustdom[0]->name, 32);
764                         strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len);
765                         safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1);
766                         t.flags = PASS_DOMAIN_TRUST_NT;
767
768                         SAFE_FREE(dom_pass);
769                         talloc_destroy(mem_ctx);
770                         trust->private = t;
771                         return nt_status;
772                 } else {
773                         talloc_destroy(mem_ctx);
774                         return NT_STATUS_UNSUCCESSFUL;
775                 }
776         }
777         
778         /*
779          * NT machine trust password
780          */
781         
782         if (secrets_lock_trust_account_password(lp_workgroup(), True)) {
783                 sec_chan = get_default_sec_channel();
784                 if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time,
785                                                          &sec_chan)) {
786                         
787                         t.uni_name_len = strlen(lp_workgroup());
788                         push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup());
789                         strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len);
790                         safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1);
791                         t.flags = PASS_MACHINE_TRUST_NT;
792                         if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) {
793                                 talloc_destroy(mem_ctx);
794                                 return NT_STATUS_UNSUCCESSFUL;
795                         }
796                         
797                         talloc_destroy(mem_ctx);
798                         trust->private = t;
799                         return NT_STATUS_NO_MORE_ENTRIES;
800                 }
801                 secrets_lock_trust_account_password(lp_workgroup(), False);
802         } else {
803                 talloc_destroy(mem_ctx);
804                 return NT_STATUS_UNSUCCESSFUL;
805         }
806
807         /*
808          * ADS machine trust password (TODO)
809          */
810          
811
812         /*
813          * if nothing is to be returned then reset domain name
814          * and return "no more entries"
815          */
816         nt_status = NT_STATUS_NO_MORE_ENTRIES;
817         trust->private.uni_name_len = 0;
818         trust->private.uni_name[t.uni_name_len] = 0;
819
820         talloc_destroy(mem_ctx);
821         return nt_status;
822 }
823
824
825 /**
826  * Get trust password by trusted party name
827  *
828  * @param methods methods belonging to pdb context (module)
829  * @param trust trust password structure
830  * @param sid trusted party name
831  *
832  * @return nt status of performed operation
833  **/
834
835 static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust,
836                                      const char *name)
837 {
838         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
839         char domain_name[32];
840         
841         if (!methods || !trust || !name) return nt_status;
842         
843         do {
844                 /* get trust password (next in turn) */
845                 nt_status = tdbsam_gettrustpwent(methods, trust);
846                 
847                 /* convert unicode name and do case insensitive compare */
848                 pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name),
849                           trust->private.uni_name_len, STR_TERMINATE);
850                 if (!StrnCaseCmp(domain_name, name, sizeof(domain_name)))
851                         return NT_STATUS_OK;
852
853         } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
854         
855         return nt_status;
856 }
857
858
859 /**
860  * Get trust password by trusted party sid
861  *
862  * @param methods methods belonging to pdb context (module)
863  * @param trust trust password structure
864  * @param sid trusted party sid
865  *
866  * @return nt status of performed operation
867  **/
868  
869 static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust,
870                                      const DOM_SID *sid)
871 {
872         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;    
873         
874         if (!methods || !trust || !sid) return nt_status;
875         
876         do {
877                 nt_status = tdbsam_gettrustpwent(methods, trust);
878
879                 if (sid_equal(&trust->private.domain_sid, sid))
880                         return NT_STATUS_OK;
881         
882         } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
883         
884         return nt_status;
885 }
886
887
888 /**
889  * Add new trust password.
890  *
891  * @param methods methods belonging in pdb context (module)
892  * @param trust trust password structure
893  *
894  * @return nt status of performed operation
895  **/
896
897 static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust)
898 {
899         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
900         BOOL status = False;
901         TALLOC_CTX *mem_ctx;
902         
903         char* domain = NULL;
904         struct trust_passwd_data t = trust->private;
905         uint32 sec_chan;
906
907         mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password");
908                 
909         /* convert unicode name to char* (used to form the key) */
910         pull_ucs2_talloc(mem_ctx, &domain, t.uni_name);
911         
912         /* add nt machine trust password */
913         if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) {
914                 sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC;
915                 status = secrets_store_machine_password(t.pass, domain, sec_chan);
916                 if (status)
917                         status = secrets_store_domain_sid(domain, &t.domain_sid);
918                 
919                 nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
920                 
921         /* add nt domain trust password */
922         } else if (t.flags & PASS_DOMAIN_TRUST_NT) {
923                 status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len,
924                                                                t.pass, t.domain_sid);
925                 nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
926                 
927         /* add ads machine trust password (TODO) */
928         } else if (t.flags & PASS_MACHINE_TRUST_ADS) {
929         }
930
931         talloc_destroy(mem_ctx);        
932         return nt_status;
933 }
934
935
936 /**
937  * Update trust password.
938  *
939  * @param methods methods belonging in pdb context (module)
940  * @param trust trust password structure
941  *
942  * @return nt status of performed operation
943  **/
944
945 static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
946 {
947         NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
948         return nt_status;
949 }
950
951
952 /**
953  * Delete trust password.
954  *
955  * @param methods methods belonging in pdb context (module)
956  * @param trust trust password structure
957  *
958  * @return nt status of performed operation
959  **/
960
961 static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
962 {
963         NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
964         return nt_status;
965 }
966
967
968 /***************************************************************************
969  Add sid to privilege  
970 ****************************************************************************/
971
972 static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid)
973 {
974         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
975         TDB_CONTEXT     *pwd_tdb = NULL;
976         TDB_DATA        key, data;
977         fstring         keystr;
978         fstring         name;
979         NTSTATUS        ret = NT_STATUS_UNSUCCESSFUL;
980         fstring         sid_str;
981         char            *sid_list = NULL, *s = NULL;
982         size_t          str_size;
983         int             flag;
984
985         /* invalidate the existing TDB iterator if it is open */
986         
987         if (tdb_state->passwd_tdb) {
988                 tdb_close(tdb_state->passwd_tdb);
989                 tdb_state->passwd_tdb = NULL;
990         }
991
992         /* open the account TDB passwd*/
993         
994         pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT);
995         
996         if (!pwd_tdb) {
997                 DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n", 
998                         tdb_state->tdbsam_location));
999                 return NT_STATUS_UNSUCCESSFUL;
1000         }
1001
1002         /* setup the PRIV index key */
1003         fstrcpy(name, priv_name);
1004         strlower_m(name);
1005         
1006         slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
1007         key.dptr = keystr;
1008         key.dsize = strlen(keystr) + 1;
1009
1010         /* check if the privilege already exist in the database */
1011
1012         /* get the record */
1013         data = tdb_fetch (pwd_tdb, key);
1014
1015         if (data.dptr) {
1016                 /* check the list is not empty */
1017                 if (*(data.dptr)) {
1018                         sid_list = strdup(data.dptr);
1019                         if (!sid_list) {
1020                                 DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
1021                                 goto done;
1022                         }
1023                 }
1024                 SAFE_FREE(data.dptr);
1025
1026                 flag = TDB_MODIFY;
1027         } else {
1028                 /* if privilege does not exist create one */
1029                 flag = TDB_INSERT;
1030         }
1031
1032         /* add the given sid */
1033         sid_to_string(sid_str, sid);
1034
1035         if (sid_list) {
1036                 str_size = strlen(sid_list) + strlen(sid_str) + 2;
1037                 s = realloc(sid_list, str_size);
1038                 if (!s) {
1039                         DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
1040                         ret = NT_STATUS_NO_MEMORY;
1041                         goto done;
1042                 }
1043                 sid_list = s;
1044                 s = &sid_list[strlen(sid_list)];
1045                 snprintf(s, strlen(sid_str) + 2, ",%s", sid_str);
1046
1047         } else {
1048                 sid_list = strdup(sid_str);
1049                 if (!sid_list) {
1050                         DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
1051                         ret = NT_STATUS_NO_MEMORY;
1052                         goto done;
1053                 }
1054
1055         }
1056
1057         /* copy the PRIVILEGE struct into a BYTE buffer for storage */
1058         data.dsize = strlen(sid_list) + 1;
1059         data.dptr = sid_list;
1060
1061         /* add the account */
1062         if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
1063                 DEBUG(0, ("Unable to modify passwd TDB!"));
1064                 DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
1065                 DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
1066                 goto done;
1067         }
1068
1069         ret = NT_STATUS_OK;
1070         
1071 done:   
1072         /* cleanup */
1073         tdb_close (pwd_tdb);
1074         SAFE_FREE(sid_list);
1075         
1076         return (ret);   
1077 }
1078
1079 /***************************************************************************
1080  Reomve sid to privilege  
1081 ****************************************************************************/
1082
1083 static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid)
1084 {
1085         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
1086         TDB_CONTEXT     *pwd_tdb = NULL;
1087         TDB_DATA        key, data;
1088         fstring         keystr;
1089         fstring         name;
1090         NTSTATUS        ret = NT_STATUS_UNSUCCESSFUL;
1091         fstring         sid_str;
1092         char            *sid_list = NULL, *s = NULL;
1093
1094         /* invalidate the existing TDB iterator if it is open */
1095         
1096         if (tdb_state->passwd_tdb) {
1097                 tdb_close(tdb_state->passwd_tdb);
1098                 tdb_state->passwd_tdb = NULL;
1099         }
1100
1101         /* open the account TDB passwd*/
1102         
1103         pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT);
1104         
1105         if (!pwd_tdb) {
1106                 DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n", 
1107                         tdb_state->tdbsam_location));
1108                 return NT_STATUS_UNSUCCESSFUL;
1109         }
1110
1111         /* setup the PRIV index key */
1112         fstrcpy(name, priv_name);
1113         strlower_m(name);
1114         
1115         slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
1116         key.dptr = keystr;
1117         key.dsize = strlen(keystr) + 1;
1118
1119         /* check if the privilege already exist in the database */
1120
1121         /* get the record */
1122         data = tdb_fetch (pwd_tdb, key);
1123
1124         /* if privilege does not exist, just leave */
1125         if (!data.dptr) {
1126                 ret = NT_STATUS_OK;
1127                 goto done;
1128         }
1129
1130         if (data.dptr) {
1131                 sid_list = strdup(data.dptr);
1132                 if (!sid_list) {
1133                         DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n"));
1134                         goto done;
1135                 }
1136                 SAFE_FREE(data.dptr);
1137         }
1138
1139         /* remove the given sid */
1140         sid_to_string(sid_str, sid);
1141
1142         s = strstr(sid_list, sid_str);
1143         if (s) {
1144                 char *p;
1145                 p = strstr(s, ",");
1146                 if (p) {
1147                         size_t l = strlen(sid_list) + 1 - (s - sid_list);
1148                         memmove(s, ++p, l);
1149                 } else {
1150                         if (s != sid_list)
1151                                 s--;
1152                         *s = '\0';
1153                 }
1154         } else {
1155                 /* sid not found */
1156                 ret = NT_STATUS_UNSUCCESSFUL;
1157                 goto done;
1158         }
1159
1160         /* copy the PRIVILEGE struct into a BYTE buffer for storage */
1161         data.dsize = strlen(sid_list) + 1;
1162         data.dptr = sid_list;
1163
1164         /* add the account */
1165         if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) {
1166                 DEBUG(0, ("Unable to modify passwd TDB!"));
1167                 DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
1168                 DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
1169                 goto done;
1170         }
1171
1172         ret = NT_STATUS_OK;
1173         
1174 done:   
1175         /* cleanup */
1176         tdb_close (pwd_tdb);
1177         SAFE_FREE(sid_list);
1178         
1179         return (ret);   
1180 }
1181
1182 /***************************************************************************
1183  get the privilege list for the given token 
1184 ****************************************************************************/
1185
1186 struct priv_traverse {
1187         char **sid_list;
1188         PRIVILEGE_SET *privset;
1189 };
1190
1191 static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
1192 {
1193         struct priv_traverse *pt = (struct priv_traverse *)state;
1194         int  prefixlen = strlen(PRIVPREFIX);
1195
1196         if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) {
1197         
1198                 /* add to privilege_set if any of the sid in the token
1199                  * is contained in the privilege */
1200                 int i;
1201
1202                 for(i=0; pt->sid_list[i] != NULL; i++) {
1203                         char *c, *s;
1204                         int len;
1205
1206                         s = data.dptr;
1207                         while ((c=strchr(s, ',')) !=NULL) {
1208                                 len = MAX((c - s), strlen(pt->sid_list[i]));
1209                                 if (strncmp(s, pt->sid_list[i], len) == 0) {
1210                                         DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i]));
1211                                         DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen])));
1212                                         add_privilege_by_name(pt->privset, &(key.dptr[prefixlen]));
1213                                         return 0;
1214                                 }
1215                                 s = c + 1;
1216                         }
1217                         len = MAX(strlen(s), strlen(pt->sid_list[i]));
1218                         if (strncmp(s, pt->sid_list[i], len) == 0) {
1219                                 DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i]));
1220                                 DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen])));
1221                                 add_privilege_by_name(pt->privset, &(key.dptr[prefixlen]));
1222                                 return 0;
1223                         }
1224                 }
1225         }
1226
1227         return 0;
1228 }
1229
1230 static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset)
1231 {
1232         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
1233         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
1234         TDB_CONTEXT     *pwd_tdb = NULL;
1235         struct priv_traverse pt;
1236         fstring sid_str;
1237         char **sid_list;
1238         int i;
1239
1240         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY ))) 
1241                 return NT_STATUS_UNSUCCESSFUL;
1242
1243         sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1));
1244         for (i = 0; i < num_sids; i++) {
1245                 sid_to_string(sid_str, &user_sids[i]);
1246                 sid_list[i] = strdup(sid_str);
1247                 if ( ! sid_list[i]) {
1248                         ret = NT_STATUS_NO_MEMORY;
1249                         goto done;
1250                 }
1251         }
1252         sid_list[i] = NULL;
1253
1254         pt.sid_list = sid_list;
1255         pt.privset = privset;
1256         tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt);
1257
1258         ret = NT_STATUS_OK;
1259
1260 done:
1261         i = 0;
1262         while (sid_list[i]) {
1263                 free(sid_list[i]);
1264                 i++;
1265         }
1266         free(sid_list);
1267
1268         tdb_close(pwd_tdb);
1269
1270         return ret;
1271 }       
1272
1273 static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list)
1274 {
1275         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
1276         TDB_CONTEXT     *pwd_tdb = NULL;
1277         TDB_DATA key, data;
1278         fstring name;
1279         fstring keystr;
1280         
1281         struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
1282         
1283         if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)))
1284                 return ret;
1285
1286         /* setup the PRIV index key */
1287         fstrcpy(name, privname);
1288         strlower_m(name);
1289         
1290         slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
1291         key.dptr = keystr;
1292         key.dsize = strlen(keystr) + 1;
1293
1294         data = tdb_fetch(pwd_tdb, key);
1295         if (!data.dptr)
1296                 goto done;
1297
1298         *sid_list = strdup(data.dptr);
1299         SAFE_FREE(data.dptr);
1300
1301         if (!*sid_list)
1302                 goto done;
1303
1304         ret = NT_STATUS_OK;
1305 done:
1306         tdb_close(pwd_tdb);
1307         return ret;
1308 }       
1309
1310
1311
1312
1313
1314
1315
1316 static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
1317 {
1318         NTSTATUS nt_status;
1319         struct tdbsam_privates *tdb_state;
1320
1321         if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
1322                 return nt_status;
1323         }
1324
1325         (*pdb_method)->name = "tdbsam";
1326
1327         (*pdb_method)->setsampwent = tdbsam_setsampwent;
1328         (*pdb_method)->endsampwent = tdbsam_endsampwent;
1329         (*pdb_method)->getsampwent = tdbsam_getsampwent;
1330         (*pdb_method)->getsampwnam = tdbsam_getsampwnam;
1331         (*pdb_method)->getsampwsid = tdbsam_getsampwsid;
1332         (*pdb_method)->add_sam_account = tdbsam_add_sam_account;
1333         (*pdb_method)->update_sam_account = tdbsam_update_sam_account;
1334         (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
1335         (*pdb_method)->settrustpwent = tdbsam_settrustpwent;
1336         (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent;
1337         (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam;
1338         (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid;
1339         (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd;
1340         (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd;
1341         (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd;
1342         (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege;
1343         (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege;
1344         (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set;
1345         (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry;
1346
1347         tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
1348
1349         if (!tdb_state) {
1350                 DEBUG(0, ("talloc() failed for tdbsam private_data!\n"));
1351                 return NT_STATUS_NO_MEMORY;
1352         }
1353
1354         if (location) {
1355                 tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, location);
1356         } else {
1357                 pstring tdbfile;
1358                 get_private_directory(tdbfile);
1359                 pstrcat(tdbfile, "/");
1360                 pstrcat(tdbfile, PASSDB_FILE_NAME);
1361                 tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
1362         }
1363
1364         (*pdb_method)->private_data = tdb_state;
1365
1366         (*pdb_method)->free_private_data = free_private_data;
1367
1368         return NT_STATUS_OK;
1369 }
1370
1371 NTSTATUS pdb_tdbsam_init(void)
1372 {
1373         return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
1374 }