2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define DBGC_CLASS DBGC_PASSDB
27 static struct pdb_init_function_entry *backends = NULL;
29 static void lazy_initialize_passdb(void)
31 static BOOL initialized = False;
32 if(initialized)return;
37 BOOL smb_register_passdb(const char *name, pdb_init_function init, int version)
39 struct pdb_init_function_entry *entry = backends;
41 if(version != PASSDB_INTERFACE_VERSION)
44 DEBUG(5,("Attempting to register passdb backend %s\n", name));
46 /* Check for duplicates */
48 if(strcasecmp(name, entry->name) == 0) {
49 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
55 entry = smb_xmalloc(sizeof(struct pdb_init_function_entry));
56 entry->name = smb_xstrdup(name);
59 DLIST_ADD(backends, entry);
60 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
64 static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
66 struct pdb_init_function_entry *entry = backends;
69 module_path_get_name(name, stripped);
72 if (strequal(entry->name, stripped)) return entry;
79 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
81 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
84 DEBUG(0, ("invalid pdb_context specified!\n"));
88 context->pwent_methods = context->pdb_methods;
90 if (!context->pwent_methods) {
91 /* No passdbs at all */
95 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->setsampwent(context->pwent_methods, update))) {
96 context->pwent_methods = context->pwent_methods->next;
97 if (context->pwent_methods == NULL)
98 return NT_STATUS_UNSUCCESSFUL;
103 static void context_endsampwent(struct pdb_context *context)
106 DEBUG(0, ("invalid pdb_context specified!\n"));
110 if (context->pwent_methods && context->pwent_methods->endsampwent)
111 context->pwent_methods->endsampwent(context->pwent_methods);
113 /* So we won't get strange data when calling getsampwent now */
114 context->pwent_methods = NULL;
117 static NTSTATUS context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
119 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
121 if ((!context) || (!context->pwent_methods)) {
122 DEBUG(0, ("invalid pdb_context specified!\n"));
125 /* Loop until we find something useful */
126 while (NT_STATUS_IS_ERR(ret = context->pwent_methods->getsampwent(context->pwent_methods, user))) {
128 context->pwent_methods->endsampwent(context->pwent_methods);
130 context->pwent_methods = context->pwent_methods->next;
132 /* All methods are checked now. There are no more entries */
133 if (context->pwent_methods == NULL)
136 context->pwent_methods->setsampwent(context->pwent_methods, False);
138 user->methods = context->pwent_methods;
142 static NTSTATUS context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
144 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
146 struct pdb_methods *curmethods;
148 DEBUG(0, ("invalid pdb_context specified!\n"));
151 curmethods = context->pdb_methods;
153 if (NT_STATUS_IS_OK(ret = curmethods->getsampwnam(curmethods, sam_acct, username))) {
154 sam_acct->methods = curmethods;
157 curmethods = curmethods->next;
163 static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
165 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
167 struct pdb_methods *curmethods;
169 DEBUG(0, ("invalid pdb_context specified!\n"));
173 curmethods = context->pdb_methods;
176 if (NT_STATUS_IS_OK(ret = curmethods->getsampwsid(curmethods, sam_acct, sid))) {
177 sam_acct->methods = curmethods;
180 curmethods = curmethods->next;
186 static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
188 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
190 if ((!context) || (!context->pdb_methods)) {
191 DEBUG(0, ("invalid pdb_context specified!\n"));
195 /** @todo This is where a 're-read on add' should be done */
196 /* We now add a new account to the first database listed.
199 return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
202 static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
204 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
207 DEBUG(0, ("invalid pdb_context specified!\n"));
211 if (!sam_acct || !sam_acct->methods){
212 DEBUG(0, ("invalid sam_acct specified\n"));
216 /** @todo This is where a 're-read on update' should be done */
218 return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
221 static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
223 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
225 struct pdb_methods *pdb_selected;
227 DEBUG(0, ("invalid pdb_context specified!\n"));
231 if (!sam_acct->methods){
232 pdb_selected = context->pdb_methods;
233 /* There's no passdb backend specified for this account.
234 * Try to delete it in every passdb available
235 * Needed to delete accounts in smbpasswd that are not
238 while (pdb_selected){
239 if (NT_STATUS_IS_OK(ret = pdb_selected->delete_sam_account(pdb_selected, sam_acct))) {
242 pdb_selected = pdb_selected->next;
247 if (!sam_acct->methods->delete_sam_account){
248 DEBUG(0,("invalid sam_acct->methods->delete_sam_account\n"));
252 return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
255 static NTSTATUS context_getgrsid(struct pdb_context *context,
256 GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
258 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
260 struct pdb_methods *curmethods;
262 DEBUG(0, ("invalid pdb_context specified!\n"));
265 curmethods = context->pdb_methods;
267 ret = curmethods->getgrsid(curmethods, map, sid, with_priv);
268 if (NT_STATUS_IS_OK(ret)) {
269 map->methods = curmethods;
272 curmethods = curmethods->next;
278 static NTSTATUS context_getgrgid(struct pdb_context *context,
279 GROUP_MAP *map, gid_t gid, BOOL with_priv)
281 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
283 struct pdb_methods *curmethods;
285 DEBUG(0, ("invalid pdb_context specified!\n"));
288 curmethods = context->pdb_methods;
290 ret = curmethods->getgrgid(curmethods, map, gid, with_priv);
291 if (NT_STATUS_IS_OK(ret)) {
292 map->methods = curmethods;
295 curmethods = curmethods->next;
301 static NTSTATUS context_getgrnam(struct pdb_context *context,
302 GROUP_MAP *map, char *name, BOOL with_priv)
304 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
306 struct pdb_methods *curmethods;
308 DEBUG(0, ("invalid pdb_context specified!\n"));
311 curmethods = context->pdb_methods;
313 ret = curmethods->getgrnam(curmethods, map, name, with_priv);
314 if (NT_STATUS_IS_OK(ret)) {
315 map->methods = curmethods;
318 curmethods = curmethods->next;
324 static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
327 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
329 if ((!context) || (!context->pdb_methods)) {
330 DEBUG(0, ("invalid pdb_context specified!\n"));
334 return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
338 static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
341 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
343 if ((!context) || (!context->pdb_methods)) {
344 DEBUG(0, ("invalid pdb_context specified!\n"));
349 pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
352 static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
355 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
357 if ((!context) || (!context->pdb_methods)) {
358 DEBUG(0, ("invalid pdb_context specified!\n"));
363 pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
366 static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
367 enum SID_NAME_USE sid_name_use,
368 GROUP_MAP **rmap, int *num_entries,
369 BOOL unix_only, BOOL with_priv)
371 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
373 if ((!context) || (!context->pdb_methods)) {
374 DEBUG(0, ("invalid pdb_context specified!\n"));
378 return context->pdb_methods->enum_group_mapping(context->pdb_methods,
380 num_entries, unix_only,
384 /******************************************************************
385 Free and cleanup a pdb context, any associated data and anything
386 that the attached modules might have associated.
387 *******************************************************************/
389 static void free_pdb_context(struct pdb_context **context)
391 struct pdb_methods *pdb_selected = (*context)->pdb_methods;
393 while (pdb_selected){
394 if(pdb_selected->free_private_data)
395 pdb_selected->free_private_data(&(pdb_selected->private_data));
396 pdb_selected = pdb_selected->next;
399 talloc_destroy((*context)->mem_ctx);
403 /******************************************************************
404 Make a pdb_methods from scratch
405 *******************************************************************/
407 static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_context *context, const char *selected)
409 char *module_name = smb_xstrdup(selected);
410 char *module_location = NULL, *p;
411 struct pdb_init_function_entry *entry;
412 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
414 lazy_initialize_passdb();
416 p = strchr(module_name, ':');
420 module_location = p+1;
421 trim_string(module_location, " ", " ");
424 trim_string(module_name, " ", " ");
427 DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
429 entry = pdb_find_backend_entry(module_name);
431 /* Try to find a module that contains this module */
433 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
434 if(smb_probe_module("passdb", module_name) && !(entry = pdb_find_backend_entry(module_name))) {
435 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
436 SAFE_FREE(module_name);
437 return NT_STATUS_UNSUCCESSFUL;
441 /* No such backend found */
443 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
444 SAFE_FREE(module_name);
445 return NT_STATUS_INVALID_PARAMETER;
448 DEBUG(5,("Found pdb backend %s\n", module_name));
449 nt_status = entry->init(context, methods, module_location);
450 if (NT_STATUS_IS_OK(nt_status)) {
451 DEBUG(5,("pdb backend %s has a valid init\n", selected));
453 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
455 SAFE_FREE(module_name);
459 /******************************************************************
460 Make a pdb_context from scratch.
461 *******************************************************************/
463 static NTSTATUS make_pdb_context(struct pdb_context **context)
467 mem_ctx = talloc_init("pdb_context internal allocation context");
470 DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
471 return NT_STATUS_NO_MEMORY;
474 *context = talloc(mem_ctx, sizeof(**context));
476 DEBUG(0, ("make_pdb_context: talloc failed!\n"));
477 return NT_STATUS_NO_MEMORY;
480 ZERO_STRUCTP(*context);
482 (*context)->mem_ctx = mem_ctx;
484 (*context)->pdb_setsampwent = context_setsampwent;
485 (*context)->pdb_endsampwent = context_endsampwent;
486 (*context)->pdb_getsampwent = context_getsampwent;
487 (*context)->pdb_getsampwnam = context_getsampwnam;
488 (*context)->pdb_getsampwsid = context_getsampwsid;
489 (*context)->pdb_add_sam_account = context_add_sam_account;
490 (*context)->pdb_update_sam_account = context_update_sam_account;
491 (*context)->pdb_delete_sam_account = context_delete_sam_account;
492 (*context)->pdb_getgrsid = context_getgrsid;
493 (*context)->pdb_getgrgid = context_getgrgid;
494 (*context)->pdb_getgrnam = context_getgrnam;
495 (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
496 (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
497 (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
498 (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
500 (*context)->free_fn = free_pdb_context;
506 /******************************************************************
507 Make a pdb_context, given an array of strings
508 *******************************************************************/
510 NTSTATUS make_pdb_context_list(struct pdb_context **context, const char **selected)
513 struct pdb_methods *curmethods, *tmpmethods;
514 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
516 if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context))) {
521 /* Try to initialise pdb */
522 DEBUG(5,("Trying to load: %s\n", selected[i]));
523 if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods_name(&curmethods, *context, selected[i]))) {
524 DEBUG(1, ("Loading %s failed!\n", selected[i]));
525 free_pdb_context(context);
528 curmethods->parent = *context;
529 DLIST_ADD_END((*context)->pdb_methods, curmethods, tmpmethods);
536 /******************************************************************
537 Make a pdb_context, given a text string.
538 *******************************************************************/
540 NTSTATUS make_pdb_context_string(struct pdb_context **context, const char *selected)
543 char **newsel = str_list_make(selected, NULL);
544 ret = make_pdb_context_list(context, (const char **)newsel);
545 str_list_free(&newsel);
549 /******************************************************************
550 Return an already initialised pdb_context, to facilitate backward
551 compatibility (see functions below).
552 *******************************************************************/
554 static struct pdb_context *pdb_get_static_context(BOOL reload)
556 static struct pdb_context *pdb_context = NULL;
558 if ((pdb_context) && (reload)) {
559 pdb_context->free_fn(&pdb_context);
560 if (NT_STATUS_IS_ERR(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
566 if (NT_STATUS_IS_ERR(make_pdb_context_list(&pdb_context, lp_passdb_backend()))) {
574 /******************************************************************
575 Backward compatibility functions for the original passdb interface
576 *******************************************************************/
578 BOOL pdb_setsampwent(BOOL update)
580 struct pdb_context *pdb_context = pdb_get_static_context(False);
586 return NT_STATUS_IS_OK(pdb_context->pdb_setsampwent(pdb_context, update));
589 void pdb_endsampwent(void)
591 struct pdb_context *pdb_context = pdb_get_static_context(False);
597 pdb_context->pdb_endsampwent(pdb_context);
600 BOOL pdb_getsampwent(SAM_ACCOUNT *user)
602 struct pdb_context *pdb_context = pdb_get_static_context(False);
608 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwent(pdb_context, user));
611 BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
613 struct pdb_context *pdb_context = pdb_get_static_context(False);
619 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username));
622 BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
624 struct pdb_context *pdb_context = pdb_get_static_context(False);
630 return NT_STATUS_IS_OK(pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid));
633 BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
635 struct pdb_context *pdb_context = pdb_get_static_context(False);
641 return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
644 BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
646 struct pdb_context *pdb_context = pdb_get_static_context(False);
652 return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
655 BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
657 struct pdb_context *pdb_context = pdb_get_static_context(False);
663 return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
666 BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
668 struct pdb_context *pdb_context = pdb_get_static_context(False);
674 return NT_STATUS_IS_OK(pdb_context->
675 pdb_getgrsid(pdb_context, map, sid, with_priv));
678 BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid, BOOL with_priv)
680 struct pdb_context *pdb_context = pdb_get_static_context(False);
686 return NT_STATUS_IS_OK(pdb_context->
687 pdb_getgrgid(pdb_context, map, gid, with_priv));
690 BOOL pdb_getgrnam(GROUP_MAP *map, char *name, BOOL with_priv)
692 struct pdb_context *pdb_context = pdb_get_static_context(False);
698 return NT_STATUS_IS_OK(pdb_context->
699 pdb_getgrnam(pdb_context, map, name, with_priv));
702 BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
704 struct pdb_context *pdb_context = pdb_get_static_context(False);
710 return NT_STATUS_IS_OK(pdb_context->
711 pdb_add_group_mapping_entry(pdb_context, map));
714 BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
716 struct pdb_context *pdb_context = pdb_get_static_context(False);
722 return NT_STATUS_IS_OK(pdb_context->
723 pdb_update_group_mapping_entry(pdb_context, map));
726 BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
728 struct pdb_context *pdb_context = pdb_get_static_context(False);
734 return NT_STATUS_IS_OK(pdb_context->
735 pdb_delete_group_mapping_entry(pdb_context, sid));
738 BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
739 int *num_entries, BOOL unix_only, BOOL with_priv)
741 struct pdb_context *pdb_context = pdb_get_static_context(False);
747 return NT_STATUS_IS_OK(pdb_context->
748 pdb_enum_group_mapping(pdb_context, sid_name_use,
749 rmap, num_entries, unix_only,
753 /***************************************************************
754 Initialize the static context (at smbd startup etc).
756 If uninitialised, context will auto-init on first use.
757 ***************************************************************/
759 BOOL initialize_password_db(BOOL reload)
761 return (pdb_get_static_context(reload) != NULL);
765 /***************************************************************************
766 Default implementations of some functions.
767 ****************************************************************************/
769 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
771 return NT_STATUS_NO_SUCH_USER;
774 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
776 return NT_STATUS_NO_SUCH_USER;
779 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
781 DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
782 return NT_STATUS_NOT_IMPLEMENTED;
785 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
787 return NT_STATUS_NOT_IMPLEMENTED;
790 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
792 return NT_STATUS_NOT_IMPLEMENTED;
795 static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
797 return NT_STATUS_NOT_IMPLEMENTED;
800 static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
802 return NT_STATUS_NOT_IMPLEMENTED;
805 static void pdb_default_endsampwent(struct pdb_methods *methods)
807 return; /* NT_STATUS_NOT_IMPLEMENTED; */
810 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
812 *methods = talloc(mem_ctx, sizeof(struct pdb_methods));
815 return NT_STATUS_NO_MEMORY;
818 ZERO_STRUCTP(*methods);
820 (*methods)->setsampwent = pdb_default_setsampwent;
821 (*methods)->endsampwent = pdb_default_endsampwent;
822 (*methods)->getsampwent = pdb_default_getsampwent;
823 (*methods)->getsampwnam = pdb_default_getsampwnam;
824 (*methods)->getsampwsid = pdb_default_getsampwsid;
825 (*methods)->add_sam_account = pdb_default_add_sam_account;
826 (*methods)->update_sam_account = pdb_default_update_sam_account;
827 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
829 (*methods)->getgrsid = pdb_default_getgrsid;
830 (*methods)->getgrgid = pdb_default_getgrgid;
831 (*methods)->getgrnam = pdb_default_getgrnam;
832 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
833 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
834 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
835 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;