* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
-#define PASSDB_INTERFACE_VERSION 5
+#define PASSDB_INTERFACE_VERSION 6
typedef struct pdb_context
{
/* These functions are wrappers for the functions listed above.
They may do extra things like re-reading a SAM_ACCOUNT on update */
- NTSTATUS (*pdb_setsampwent)(struct pdb_context *, BOOL update);
+ NTSTATUS (*pdb_setsampwent)(struct pdb_context *, BOOL update, uint16 acb_mask);
void (*pdb_endsampwent)(struct pdb_context *);
struct pdb_methods *next;
struct pdb_methods *prev;
- NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update);
+ NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint16 acb_mask);
void (*endsampwent)(struct pdb_methods *);
return NULL;
}
-static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
+static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update, uint16 acb_mask)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
return ret;
}
- while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update))) {
+ while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update, acb_mask))) {
context->pwent_methods = context->pwent_methods->next;
if (context->pwent_methods == NULL)
return NT_STATUS_UNSUCCESSFUL;
if (context->pwent_methods == NULL)
return ret;
- context->pwent_methods->setsampwent(context->pwent_methods, False);
+ context->pwent_methods->setsampwent(context->pwent_methods, False, 0);
}
user->methods = context->pwent_methods;
pdb_force_pw_initialization(user);
Backward compatibility functions for the original passdb interface
*******************************************************************/
-BOOL pdb_setsampwent(BOOL update)
+BOOL pdb_setsampwent(BOOL update, uint16 acb_mask)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
return False;
}
- return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update));
+ return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update, acb_mask));
}
void pdb_endsampwent(void)
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
+static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
Connect to LDAP server for password enumeration.
*********************************************************************/
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
+static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
- pstring filter;
+ pstring filter, suffix;
char **attr_list;
+ BOOL machine_mask = False, user_mask = False;
pstr_sprintf( filter, "(&%s%s)", lp_ldap_filter(),
get_objclass_filter(ldap_state->schema_ver));
all_string_sub(filter, "%u", "*", sizeof(pstring));
+ machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
+ user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
+
+ if (machine_mask) {
+ pstrcpy(suffix, lp_ldap_machine_suffix());
+ } else if (user_mask) {
+ pstrcpy(suffix, lp_ldap_user_suffix());
+ } else {
+ pstrcpy(suffix, lp_ldap_suffix());
+ }
+
+ DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
+ acb_mask, suffix));
+
attr_list = get_userattr_list(ldap_state->schema_ver);
- rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
- attr_list, &ldap_state->result);
+ rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
+ attr_list, 0, &ldap_state->result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", lp_ldap_suffix(), filter));
+ DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
return NT_STATUS_UNSUCCESSFUL;
}
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result)));
+ DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
+ ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
+ ldap_state->result), suffix));
ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->result);
return NT_STATUS_OK;
}
-static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
+static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
{
struct pdb_mysql_data *data =
(struct pdb_mysql_data *) methods->private_data;
return NT_STATUS_OK ;
}
-static NTSTATUS pgsqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
+static NTSTATUS pgsqlsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
{
struct pdb_pgsql_data *data ;
char *query ;
Functions to be implemented by the new passdb API
****************************************************************/
-static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update)
+static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
Save a list of user keys for iteration.
****************************************************************/
-static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
+static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask)
{
uint32 flags = update ? (O_RDWR|O_CREAT) : O_RDONLY;
return cur;
}
-static NTSTATUS xmlsam_setsampwent(struct pdb_methods *methods, BOOL update)
+static NTSTATUS xmlsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
{
pdb_xml *data;
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
uint16 acb_mask;
- BOOL all_machines;
+ BOOL only_machines;
DISP_INFO disp_info;
TALLOC_CTX *mem_ctx;
}
-static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL all_machines)
+static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL only_machines)
{
SAM_ACCOUNT *pwd = NULL;
SAM_ACCOUNT *pwd_array = NULL;
NTSTATUS nt_status = NT_STATUS_OK;
TALLOC_CTX *mem_ctx = info->mem_ctx;
+ uint16 query_acb_mask = acb_mask;
DEBUG(10,("load_sampwd_entries\n"));
/* if the snapshoot is already loaded, return */
if ((info->disp_info.user_dbloaded==True)
&& (info->acb_mask == acb_mask)
- && (info->all_machines == all_machines)) {
+ && (info->only_machines == only_machines)) {
DEBUG(10,("load_sampwd_entries: already in memory\n"));
return NT_STATUS_OK;
}
free_samr_users(info);
+
+ if (only_machines) {
+ query_acb_mask |= ACB_WSTRUST;
+ query_acb_mask |= ACB_SVRTRUST;
+ }
- if (!pdb_setsampwent(False)) {
+ if (!pdb_setsampwent(False, query_acb_mask)) {
DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
return NT_STATUS_ACCESS_DENIED;
}
for (; (NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, &pwd)))
&& pdb_getsampwent(pwd) == True; pwd=NULL) {
-
- if (all_machines) {
+
+ if (only_machines) {
if (!((pdb_get_acct_ctrl(pwd) & ACB_WSTRUST)
|| (pdb_get_acct_ctrl(pwd) & ACB_SVRTRUST))) {
DEBUG(5,("load_sampwd_entries: '%s' is not a machine account - ACB: %x - skipping\n", pdb_get_username(pwd), acb_mask));
/* the snapshoot is in memory, we're ready to enumerate fast */
info->acb_mask = acb_mask;
- info->all_machines = all_machines;
+ info->only_machines = only_machines;
info->disp_info.user_dbloaded=True;
DEBUG(10,("load_sampwd_entries: done\n"));
/* Open the passgrp file - not for update. */
become_root();
- if(!pdb_setsampwent(False)) {
+ if(!pdb_setsampwent(False, 0)) {
DEBUG(0, ("api_RNetUserEnum:unable to open sam database.\n"));
unbecome_root();
return False;
DEBUG(3, ("called with username=\"%s\"\n", username));
- if (NT_STATUS_IS_ERR(in->pdb_setsampwent(in, 0))) {
+ if (NT_STATUS_IS_ERR(in->pdb_setsampwent(in, 0, 0))) {
fprintf(stderr, "Can't sampwent!\n");
return 1;
}
SAM_ACCOUNT *sam_pwent=NULL;
BOOL check, ret;
- check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False));
+ check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False, 0));
if (!check) {
return 1;
}
SAM_ACCOUNT *sam_pwent=NULL;
BOOL check, ret;
- check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False));
+ check = NT_STATUS_IS_OK(in->pdb_setsampwent(in, False, 0));
if (!check) {
return 1;
}