root/source3/passdb/pdb_interface.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. lazy_initialize_passdb
  2. smb_register_passdb
  3. pdb_find_backend_entry
  4. pdb_get_event_context
  5. make_pdb_method_name
  6. pdb_get_methods_reload
  7. pdb_get_methods
  8. pdb_getsampwnam
  9. guest_user_info
  10. pdb_getsampwsid
  11. pdb_default_create_user
  12. pdb_create_user
  13. smb_delete_user
  14. pdb_default_delete_user
  15. pdb_delete_user
  16. pdb_add_sam_account
  17. pdb_update_sam_account
  18. pdb_delete_sam_account
  19. pdb_rename_sam_account
  20. pdb_update_login_attempts
  21. pdb_getgrsid
  22. pdb_getgrgid
  23. pdb_getgrnam
  24. pdb_default_create_dom_group
  25. pdb_create_dom_group
  26. pdb_default_delete_dom_group
  27. pdb_delete_dom_group
  28. pdb_add_group_mapping_entry
  29. pdb_update_group_mapping_entry
  30. pdb_delete_group_mapping_entry
  31. pdb_enum_group_mapping
  32. pdb_enum_group_members
  33. pdb_enum_group_memberships
  34. pdb_default_set_unix_primary_group
  35. pdb_set_unix_primary_group
  36. pdb_user_in_group
  37. pdb_default_add_groupmem
  38. pdb_add_groupmem
  39. pdb_default_del_groupmem
  40. pdb_del_groupmem
  41. pdb_create_alias
  42. pdb_delete_alias
  43. pdb_get_aliasinfo
  44. pdb_set_aliasinfo
  45. pdb_add_aliasmem
  46. pdb_del_aliasmem
  47. pdb_enum_aliasmem
  48. pdb_enum_alias_memberships
  49. pdb_lookup_rids
  50. pdb_lookup_names
  51. pdb_get_account_policy
  52. pdb_set_account_policy
  53. pdb_get_seq_num
  54. pdb_uid_to_rid
  55. pdb_uid_to_sid
  56. pdb_gid_to_sid
  57. pdb_sid_to_id
  58. pdb_rid_algorithm
  59. pdb_new_rid
  60. initialize_password_db
  61. pdb_default_getsampwnam
  62. pdb_default_getsampwsid
  63. pdb_default_add_sam_account
  64. pdb_default_update_sam_account
  65. pdb_default_delete_sam_account
  66. pdb_default_rename_sam_account
  67. pdb_default_update_login_attempts
  68. pdb_default_get_account_policy
  69. pdb_default_set_account_policy
  70. pdb_default_get_seq_num
  71. pdb_default_uid_to_sid
  72. pdb_default_uid_to_rid
  73. pdb_default_gid_to_sid
  74. pdb_default_sid_to_id
  75. add_uid_to_array_unique
  76. get_memberuids
  77. pdb_default_enum_group_members
  78. pdb_default_enum_group_memberships
  79. lookup_global_sam_rid
  80. pdb_default_lookup_rids
  81. pdb_default_lookup_names
  82. pdb_search_destructor
  83. pdb_search_init
  84. fill_displayentry
  85. next_entry_groups
  86. search_end_groups
  87. pdb_search_grouptype
  88. pdb_default_search_groups
  89. pdb_default_search_aliases
  90. pdb_search_getentry
  91. pdb_search_users
  92. pdb_search_groups
  93. pdb_search_aliases
  94. pdb_search_entries
  95. pdb_get_trusteddom_pw
  96. pdb_set_trusteddom_pw
  97. pdb_del_trusteddom_pw
  98. pdb_enum_trusteddoms
  99. pdb_default_get_trusteddom_pw
  100. pdb_default_set_trusteddom_pw
  101. pdb_default_del_trusteddom_pw
  102. pdb_default_enum_trusteddoms
  103. make_pdb_method

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett                        2002
   5    Copyright (C) Jelmer Vernooij                        2002
   6    Copyright (C) Simo Sorce                             2003
   7    Copyright (C) Volker Lendecke                        2006
   8 
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13 
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18 
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_PASSDB
  27 
  28 static_decl_pdb;
  29 
  30 static struct pdb_init_function_entry *backends = NULL;
  31 
  32 static void lazy_initialize_passdb(void)
     /* [<][>][^][v][top][bottom][index][help] */
  33 {
  34         static bool initialized = False;
  35         if(initialized) {
  36                 return;
  37         }
  38         static_init_pdb;
  39         initialized = True;
  40 }
  41 
  42 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
  43                                   const char **name,
  44                                   enum lsa_SidType *psid_name_use,
  45                                   union unid_t *unix_id);
  46 
  47 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) 
     /* [<][>][^][v][top][bottom][index][help] */
  48 {
  49         struct pdb_init_function_entry *entry = backends;
  50 
  51         if(version != PASSDB_INTERFACE_VERSION) {
  52                 DEBUG(0,("Can't register passdb backend!\n"
  53                          "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
  54                          "while this version of samba uses version %d\n", 
  55                          version,PASSDB_INTERFACE_VERSION));
  56                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
  57         }
  58 
  59         if (!name || !init) {
  60                 return NT_STATUS_INVALID_PARAMETER;
  61         }
  62 
  63         DEBUG(5,("Attempting to register passdb backend %s\n", name));
  64 
  65         /* Check for duplicates */
  66         if (pdb_find_backend_entry(name)) {
  67                 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
  68                 return NT_STATUS_OBJECT_NAME_COLLISION;
  69         }
  70 
  71         entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
  72         entry->name = smb_xstrdup(name);
  73         entry->init = init;
  74 
  75         DLIST_ADD(backends, entry);
  76         DEBUG(5,("Successfully added passdb backend '%s'\n", name));
  77         return NT_STATUS_OK;
  78 }
  79 
  80 struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
  81 {
  82         struct pdb_init_function_entry *entry = backends;
  83 
  84         while(entry) {
  85                 if (strcmp(entry->name, name)==0) return entry;
  86                 entry = entry->next;
  87         }
  88 
  89         return NULL;
  90 }
  91 
  92 /*
  93  * The event context for the passdb backend. I know this is a bad hack and yet
  94  * another static variable, but our pdb API is a global thing per
  95  * definition. The first use for this is the LDAP idle function, more might be
  96  * added later.
  97  *
  98  * I don't feel too bad about this static variable, it replaces the
  99  * smb_idle_event_list that used to exist in lib/module.c.  -- VL
 100  */
 101 
 102 static struct event_context *pdb_event_ctx;
 103 
 104 struct event_context *pdb_get_event_context(void)
     /* [<][>][^][v][top][bottom][index][help] */
 105 {
 106         return pdb_event_ctx;
 107 }
 108 
 109 /******************************************************************
 110   Make a pdb_methods from scratch
 111  *******************************************************************/
 112 
 113 NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
     /* [<][>][^][v][top][bottom][index][help] */
 114 {
 115         char *module_name = smb_xstrdup(selected);
 116         char *module_location = NULL, *p;
 117         struct pdb_init_function_entry *entry;
 118         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 119 
 120         lazy_initialize_passdb();
 121 
 122         p = strchr(module_name, ':');
 123 
 124         if (p) {
 125                 *p = 0;
 126                 module_location = p+1;
 127                 trim_char(module_location, ' ', ' ');
 128         }
 129 
 130         trim_char(module_name, ' ', ' ');
 131 
 132 
 133         DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
 134 
 135         entry = pdb_find_backend_entry(module_name);
 136         
 137         /* Try to find a module that contains this module */
 138         if (!entry) { 
 139                 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
 140                 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
 141                         DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
 142                         SAFE_FREE(module_name);
 143                         return NT_STATUS_UNSUCCESSFUL;
 144                 }
 145         }
 146         
 147         /* No such backend found */
 148         if(!entry) { 
 149                 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
 150                 SAFE_FREE(module_name);
 151                 return NT_STATUS_INVALID_PARAMETER;
 152         }
 153 
 154         DEBUG(5,("Found pdb backend %s\n", module_name));
 155 
 156         if ( !NT_STATUS_IS_OK( nt_status = entry->init(methods, module_location) ) ) {
 157                 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", 
 158                         selected, nt_errstr(nt_status)));
 159                 SAFE_FREE(module_name);
 160                 return nt_status;
 161         }
 162 
 163         SAFE_FREE(module_name);
 164 
 165         DEBUG(5,("pdb backend %s has a valid init\n", selected));
 166 
 167         return nt_status;
 168 }
 169 
 170 /******************************************************************
 171  Return an already initialized pdb_methods structure
 172 *******************************************************************/
 173 
 174 static struct pdb_methods *pdb_get_methods_reload( bool reload ) 
     /* [<][>][^][v][top][bottom][index][help] */
 175 {
 176         static struct pdb_methods *pdb = NULL;
 177 
 178         if ( pdb && reload ) {
 179                 pdb->free_private_data( &(pdb->private_data) );
 180                 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
 181                         char *msg = NULL;
 182                         if (asprintf(&msg, "pdb_get_methods_reload: "
 183                                         "failed to get pdb methods for backend %s\n",
 184                                         lp_passdb_backend()) > 0) {
 185                                 smb_panic(msg);
 186                         } else {
 187                                 smb_panic("pdb_get_methods_reload");
 188                         }
 189                 }
 190         }
 191 
 192         if ( !pdb ) {
 193                 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
 194                         char *msg = NULL;
 195                         if (asprintf(&msg, "pdb_get_methods_reload: "
 196                                         "failed to get pdb methods for backend %s\n",
 197                                         lp_passdb_backend()) > 0) {
 198                                 smb_panic(msg);
 199                         } else {
 200                                 smb_panic("pdb_get_methods_reload");
 201                         }
 202                 }
 203         }
 204 
 205         return pdb;
 206 }
 207 
 208 static struct pdb_methods *pdb_get_methods(void)
     /* [<][>][^][v][top][bottom][index][help] */
 209 {
 210         return pdb_get_methods_reload(False);
 211 }
 212 
 213 bool pdb_getsampwnam(struct samu *sam_acct, const char *username) 
     /* [<][>][^][v][top][bottom][index][help] */
 214 {
 215         struct pdb_methods *pdb = pdb_get_methods();
 216         struct samu *for_cache;
 217         const struct dom_sid *user_sid;
 218 
 219         if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
 220                 return False;
 221         }
 222 
 223         for_cache = samu_new(NULL);
 224         if (for_cache == NULL) {
 225                 return False;
 226         }
 227 
 228         if (!pdb_copy_sam_account(for_cache, sam_acct)) {
 229                 TALLOC_FREE(for_cache);
 230                 return False;
 231         }
 232 
 233         user_sid = pdb_get_user_sid(for_cache);
 234 
 235         memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
 236                             data_blob_const(user_sid, sizeof(*user_sid)),
 237                             &for_cache);
 238 
 239         return True;
 240 }
 241 
 242 /**********************************************************************
 243 **********************************************************************/
 244 
 245 bool guest_user_info( struct samu *user )
     /* [<][>][^][v][top][bottom][index][help] */
 246 {
 247         struct passwd *pwd;
 248         NTSTATUS result;
 249         const char *guestname = lp_guestaccount();
 250         
 251         if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) {
 252                 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n", 
 253                         guestname));
 254                 return False;
 255         }
 256         
 257         result = samu_set_unix(user, pwd );
 258 
 259         TALLOC_FREE( pwd );
 260 
 261         return NT_STATUS_IS_OK( result );
 262 }
 263 
 264 /**********************************************************************
 265 **********************************************************************/
 266 
 267 bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) 
     /* [<][>][^][v][top][bottom][index][help] */
 268 {
 269         struct pdb_methods *pdb = pdb_get_methods();
 270         uint32 rid;
 271         void *cache_data;
 272 
 273         /* hard code the Guest RID of 501 */
 274 
 275         if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
 276                 return False;
 277 
 278         if ( rid == DOMAIN_USER_RID_GUEST ) {
 279                 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
 280                 return guest_user_info( sam_acct );
 281         }
 282         
 283         /* check the cache first */
 284 
 285         cache_data = memcache_lookup_talloc(
 286                 NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
 287 
 288         if (cache_data != NULL) {
 289                 struct samu *cache_copy = talloc_get_type_abort(
 290                         cache_data, struct samu);
 291 
 292                 return pdb_copy_sam_account(sam_acct, cache_copy);
 293         }
 294 
 295         return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
 296 }
 297 
 298 static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 299                                         TALLOC_CTX *tmp_ctx, const char *name,
 300                                         uint32 acb_info, uint32 *rid)
 301 {
 302         struct samu *sam_pass;
 303         NTSTATUS status;
 304         struct passwd *pwd;
 305 
 306         if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
 307                 return NT_STATUS_NO_MEMORY;
 308         }
 309 
 310         if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
 311                 char *add_script = NULL;
 312                 int add_ret;
 313                 fstring name2;
 314 
 315                 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
 316                         add_script = talloc_strdup(tmp_ctx,
 317                                         lp_adduser_script());
 318                 } else {
 319                         add_script = talloc_strdup(tmp_ctx,
 320                                         lp_addmachine_script());
 321                 }
 322 
 323                 if (!add_script || add_script[0] == '\0') {
 324                         DEBUG(3, ("Could not find user %s and no add script "
 325                                   "defined\n", name));
 326                         return NT_STATUS_NO_SUCH_USER;
 327                 }
 328 
 329                 /* lowercase the username before creating the Unix account for 
 330                    compatibility with previous Samba releases */
 331                 fstrcpy( name2, name );
 332                 strlower_m( name2 );
 333                 add_script = talloc_all_string_sub(tmp_ctx,
 334                                         add_script,
 335                                         "%u",
 336                                         name2);
 337                 if (!add_script) {
 338                         return NT_STATUS_NO_MEMORY;
 339                 }
 340                 add_ret = smbrun(add_script,NULL);
 341                 DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
 342                                         add_script, add_ret));
 343                 if (add_ret == 0) {
 344                         smb_nscd_flush_user_cache();
 345                 }
 346 
 347                 flush_pwnam_cache();
 348 
 349                 pwd = Get_Pwnam_alloc(tmp_ctx, name);
 350         }
 351 
 352         /* we have a valid SID coming out of this call */
 353 
 354         status = samu_alloc_rid_unix( sam_pass, pwd );
 355 
 356         TALLOC_FREE( pwd );
 357 
 358         if (!NT_STATUS_IS_OK(status)) {
 359                 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
 360                 return status;
 361         }
 362 
 363         if (!sid_peek_check_rid(get_global_sam_sid(),
 364                                 pdb_get_user_sid(sam_pass), rid)) {
 365                 DEBUG(0, ("Could not get RID of fresh user\n"));
 366                 return NT_STATUS_INTERNAL_ERROR;
 367         }
 368 
 369         /* Use the username case specified in the original request */
 370 
 371         pdb_set_username( sam_pass, name, PDB_SET );
 372 
 373         /* Disable the account on creation, it does not have a reasonable password yet. */
 374 
 375         acb_info |= ACB_DISABLED;
 376 
 377         pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
 378 
 379         status = pdb_add_sam_account(sam_pass);
 380 
 381         TALLOC_FREE(sam_pass);
 382 
 383         return status;
 384 }
 385 
 386 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
     /* [<][>][^][v][top][bottom][index][help] */
 387                          uint32 *rid)
 388 {
 389         struct pdb_methods *pdb = pdb_get_methods();
 390         return pdb->create_user(pdb, mem_ctx, name, flags, rid);
 391 }
 392 
 393 /****************************************************************************
 394  Delete a UNIX user on demand.
 395 ****************************************************************************/
 396 
 397 static int smb_delete_user(const char *unix_user)
     /* [<][>][^][v][top][bottom][index][help] */
 398 {
 399         char *del_script = NULL;
 400         int ret;
 401 
 402         /* safety check */
 403 
 404         if ( strequal( unix_user, "root" ) ) {
 405                 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
 406                 return -1;
 407         }
 408 
 409         del_script = talloc_strdup(talloc_tos(), lp_deluser_script());
 410         if (!del_script || !*del_script) {
 411                 return -1;
 412         }
 413         del_script = talloc_all_string_sub(talloc_tos(),
 414                                 del_script,
 415                                 "%u",
 416                                 unix_user);
 417         if (!del_script) {
 418                 return -1;
 419         }
 420         ret = smbrun(del_script,NULL);
 421         flush_pwnam_cache();
 422         if (ret == 0) {
 423                 smb_nscd_flush_user_cache();
 424         }
 425         DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
 426 
 427         return ret;
 428 }
 429 
 430 static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 431                                         TALLOC_CTX *mem_ctx,
 432                                         struct samu *sam_acct)
 433 {
 434         NTSTATUS status;
 435         fstring username;
 436 
 437         status = pdb_delete_sam_account(sam_acct);
 438         if (!NT_STATUS_IS_OK(status)) {
 439                 return status;
 440         }
 441 
 442         /*
 443          * Now delete the unix side ....
 444          * note: we don't check if the delete really happened as the script is
 445          * not necessary present and maybe the sysadmin doesn't want to delete
 446          * the unix side
 447          */
 448 
 449         /* always lower case the username before handing it off to 
 450            external scripts */
 451 
 452         fstrcpy( username, pdb_get_username(sam_acct) );
 453         strlower_m( username );
 454 
 455         smb_delete_user( username );
 456         
 457         return status;
 458 }
 459 
 460 NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
     /* [<][>][^][v][top][bottom][index][help] */
 461 {
 462         struct pdb_methods *pdb = pdb_get_methods();
 463         uid_t uid = -1;
 464 
 465         /* sanity check to make sure we don't delete root */
 466 
 467         if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
 468                 return NT_STATUS_NO_SUCH_USER;
 469         }
 470 
 471         if ( uid == 0 ) {
 472                 return NT_STATUS_ACCESS_DENIED;
 473         }
 474 
 475         return pdb->delete_user(pdb, mem_ctx, sam_acct);
 476 }
 477 
 478 NTSTATUS pdb_add_sam_account(struct samu *sam_acct) 
     /* [<][>][^][v][top][bottom][index][help] */
 479 {
 480         struct pdb_methods *pdb = pdb_get_methods();
 481         return pdb->add_sam_account(pdb, sam_acct);
 482 }
 483 
 484 NTSTATUS pdb_update_sam_account(struct samu *sam_acct) 
     /* [<][>][^][v][top][bottom][index][help] */
 485 {
 486         struct pdb_methods *pdb = pdb_get_methods();
 487 
 488         memcache_flush(NULL, PDB_GETPWSID_CACHE);
 489 
 490         return pdb->update_sam_account(pdb, sam_acct);
 491 }
 492 
 493 NTSTATUS pdb_delete_sam_account(struct samu *sam_acct) 
     /* [<][>][^][v][top][bottom][index][help] */
 494 {
 495         struct pdb_methods *pdb = pdb_get_methods();
 496 
 497         memcache_flush(NULL, PDB_GETPWSID_CACHE);
 498 
 499         return pdb->delete_sam_account(pdb, sam_acct);
 500 }
 501 
 502 NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
     /* [<][>][^][v][top][bottom][index][help] */
 503 {
 504         struct pdb_methods *pdb = pdb_get_methods();
 505         uid_t uid;
 506         NTSTATUS status;
 507 
 508         memcache_flush(NULL, PDB_GETPWSID_CACHE);
 509 
 510         /* sanity check to make sure we don't rename root */
 511 
 512         if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
 513                 return NT_STATUS_NO_SUCH_USER;
 514         }
 515 
 516         if ( uid == 0 ) {
 517                 return NT_STATUS_ACCESS_DENIED;
 518         }
 519 
 520         status = pdb->rename_sam_account(pdb, oldname, newname);
 521 
 522         /* always flush the cache here just to be safe */
 523         flush_pwnam_cache();
 524 
 525         return status;
 526 }
 527 
 528 NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
     /* [<][>][^][v][top][bottom][index][help] */
 529 {
 530         struct pdb_methods *pdb = pdb_get_methods();
 531         return pdb->update_login_attempts(pdb, sam_acct, success);
 532 }
 533 
 534 bool pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
     /* [<][>][^][v][top][bottom][index][help] */
 535 {
 536         struct pdb_methods *pdb = pdb_get_methods();
 537         return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
 538 }
 539 
 540 bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
     /* [<][>][^][v][top][bottom][index][help] */
 541 {
 542         struct pdb_methods *pdb = pdb_get_methods();
 543         return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
 544 }
 545 
 546 bool pdb_getgrnam(GROUP_MAP *map, const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
 547 {
 548         struct pdb_methods *pdb = pdb_get_methods();
 549         return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
 550 }
 551 
 552 static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 553                                              TALLOC_CTX *mem_ctx,
 554                                              const char *name,
 555                                              uint32 *rid)
 556 {
 557         DOM_SID group_sid;
 558         struct group *grp;
 559         fstring tmp;
 560 
 561         grp = getgrnam(name);
 562 
 563         if (grp == NULL) {
 564                 gid_t gid;
 565 
 566                 if (smb_create_group(name, &gid) != 0) {
 567                         return NT_STATUS_ACCESS_DENIED;
 568                 }
 569 
 570                 grp = getgrgid(gid);
 571         }
 572 
 573         if (grp == NULL) {
 574                 return NT_STATUS_ACCESS_DENIED;
 575         }
 576 
 577         if (pdb_rid_algorithm()) {
 578                 *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
 579         } else {
 580                 if (!pdb_new_rid(rid)) {
 581                         return NT_STATUS_ACCESS_DENIED;
 582                 }
 583         }
 584 
 585         sid_compose(&group_sid, get_global_sam_sid(), *rid);
 586                 
 587         return add_initial_entry(grp->gr_gid, sid_to_fstring(tmp, &group_sid),
 588                                  SID_NAME_DOM_GRP, name, NULL);
 589 }
 590 
 591 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
     /* [<][>][^][v][top][bottom][index][help] */
 592                               uint32 *rid)
 593 {
 594         struct pdb_methods *pdb = pdb_get_methods();
 595         return pdb->create_dom_group(pdb, mem_ctx, name, rid);
 596 }
 597 
 598 static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 599                                              TALLOC_CTX *mem_ctx,
 600                                              uint32 rid)
 601 {
 602         DOM_SID group_sid;
 603         GROUP_MAP map;
 604         NTSTATUS status;
 605         struct group *grp;
 606         const char *grp_name;
 607 
 608         /* coverity */
 609         map.gid = (gid_t) -1;
 610 
 611         sid_compose(&group_sid, get_global_sam_sid(), rid);
 612 
 613         if (!get_domain_group_from_sid(group_sid, &map)) {
 614                 DEBUG(10, ("Could not find group for rid %d\n", rid));
 615                 return NT_STATUS_NO_SUCH_GROUP;
 616         }
 617 
 618         /* We need the group name for the smb_delete_group later on */
 619 
 620         if (map.gid == (gid_t)-1) {
 621                 return NT_STATUS_NO_SUCH_GROUP;
 622         }
 623 
 624         grp = getgrgid(map.gid);
 625         if (grp == NULL) {
 626                 return NT_STATUS_NO_SUCH_GROUP;
 627         }
 628 
 629         /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
 630 
 631         grp_name = talloc_strdup(mem_ctx, grp->gr_name);
 632         if (grp_name == NULL) {
 633                 return NT_STATUS_NO_MEMORY;
 634         }
 635 
 636         status = pdb_delete_group_mapping_entry(group_sid);
 637 
 638         if (!NT_STATUS_IS_OK(status)) {
 639                 return status;
 640         }
 641 
 642         /* Don't check the result of smb_delete_group */
 643         
 644         smb_delete_group(grp_name);
 645 
 646         return NT_STATUS_OK;
 647 }
 648 
 649 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
     /* [<][>][^][v][top][bottom][index][help] */
 650 {
 651         struct pdb_methods *pdb = pdb_get_methods();
 652         return pdb->delete_dom_group(pdb, mem_ctx, rid);
 653 }
 654 
 655 NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
     /* [<][>][^][v][top][bottom][index][help] */
 656 {
 657         struct pdb_methods *pdb = pdb_get_methods();
 658         return pdb->add_group_mapping_entry(pdb, map);
 659 }
 660 
 661 NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
     /* [<][>][^][v][top][bottom][index][help] */
 662 {
 663         struct pdb_methods *pdb = pdb_get_methods();
 664         return pdb->update_group_mapping_entry(pdb, map);
 665 }
 666 
 667 NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
     /* [<][>][^][v][top][bottom][index][help] */
 668 {
 669         struct pdb_methods *pdb = pdb_get_methods();
 670         return pdb->delete_group_mapping_entry(pdb, sid);
 671 }
 672 
 673 bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
     /* [<][>][^][v][top][bottom][index][help] */
 674                             size_t *p_num_entries, bool unix_only)
 675 {
 676         struct pdb_methods *pdb = pdb_get_methods();
 677         return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
 678                 pp_rmap, p_num_entries, unix_only));
 679 }
 680 
 681 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 682                                 const DOM_SID *sid,
 683                                 uint32 **pp_member_rids,
 684                                 size_t *p_num_members)
 685 {
 686         struct pdb_methods *pdb = pdb_get_methods();
 687         NTSTATUS result;
 688 
 689         result = pdb->enum_group_members(pdb, mem_ctx, 
 690                         sid, pp_member_rids, p_num_members);
 691                 
 692         /* special check for rid 513 */
 693                 
 694         if ( !NT_STATUS_IS_OK( result ) ) {
 695                 uint32 rid;
 696                 
 697                 sid_peek_rid( sid, &rid );
 698                 
 699                 if ( rid == DOMAIN_GROUP_RID_USERS ) {
 700                         *p_num_members = 0;
 701                         *pp_member_rids = NULL;
 702                         
 703                         return NT_STATUS_OK;
 704                 }
 705         }
 706         
 707         return result;
 708 }
 709 
 710 NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
     /* [<][>][^][v][top][bottom][index][help] */
 711                                     DOM_SID **pp_sids, gid_t **pp_gids,
 712                                     size_t *p_num_groups)
 713 {
 714         struct pdb_methods *pdb = pdb_get_methods();
 715         return pdb->enum_group_memberships(
 716                 pdb, mem_ctx, user,
 717                 pp_sids, pp_gids, p_num_groups);
 718 }
 719 
 720 static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 721                                                    TALLOC_CTX *mem_ctx,
 722                                                    struct samu *sampass)
 723 {
 724         struct group *grp;
 725         gid_t gid;
 726 
 727         if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
 728             (grp = getgrgid(gid)) == NULL) {
 729                 return NT_STATUS_INVALID_PRIMARY_GROUP;
 730         }
 731 
 732         if (smb_set_primary_group(grp->gr_name,
 733                                   pdb_get_username(sampass)) != 0) {
 734                 return NT_STATUS_ACCESS_DENIED;
 735         }
 736 
 737         return NT_STATUS_OK;
 738 }
 739 
 740 NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
     /* [<][>][^][v][top][bottom][index][help] */
 741 {
 742         struct pdb_methods *pdb = pdb_get_methods();
 743         return pdb->set_unix_primary_group(pdb, mem_ctx, user);
 744 }
 745 
 746 /*
 747  * Helper function to see whether a user is in a group. We can't use
 748  * user_in_group_sid here because this creates dependencies only smbd can
 749  * fulfil.
 750  */
 751 
 752 static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
     /* [<][>][^][v][top][bottom][index][help] */
 753                               const DOM_SID *group_sid)
 754 {
 755         DOM_SID *sids;
 756         gid_t *gids;
 757         size_t i, num_groups;
 758 
 759         if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
 760                                                         &sids, &gids,
 761                                                         &num_groups))) {
 762                 return False;
 763         }
 764 
 765         for (i=0; i<num_groups; i++) {
 766                 if (sid_equal(group_sid, &sids[i])) {
 767                         return True;
 768                 }
 769         }
 770         return False;
 771 }
 772 
 773 static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 774                                          TALLOC_CTX *mem_ctx,
 775                                          uint32 group_rid,
 776                                          uint32 member_rid)
 777 {
 778         DOM_SID group_sid, member_sid;
 779         struct samu *account = NULL;
 780         GROUP_MAP map;
 781         struct group *grp;
 782         struct passwd *pwd;
 783         const char *group_name;
 784         uid_t uid;
 785 
 786         /* coverity */
 787         map.gid = (gid_t) -1;
 788 
 789         sid_compose(&group_sid, get_global_sam_sid(), group_rid);
 790         sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 791 
 792         if (!get_domain_group_from_sid(group_sid, &map) ||
 793             (map.gid == (gid_t)-1) ||
 794             ((grp = getgrgid(map.gid)) == NULL)) {
 795                 return NT_STATUS_NO_SUCH_GROUP;
 796         }
 797 
 798         group_name = talloc_strdup(mem_ctx, grp->gr_name);
 799         if (group_name == NULL) {
 800                 return NT_STATUS_NO_MEMORY;
 801         }
 802 
 803         if ( !(account = samu_new( NULL )) ) {
 804                 return NT_STATUS_NO_MEMORY;
 805         }
 806 
 807         if (!pdb_getsampwsid(account, &member_sid) ||
 808             !sid_to_uid(&member_sid, &uid) ||
 809             ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
 810                 return NT_STATUS_NO_SUCH_USER;
 811         }
 812 
 813         if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
 814                 return NT_STATUS_MEMBER_IN_GROUP;
 815         }
 816 
 817         /* 
 818          * ok, the group exist, the user exist, the user is not in the group,
 819          * we can (finally) add it to the group !
 820          */
 821 
 822         smb_add_user_group(group_name, pwd->pw_name);
 823 
 824         if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
 825                 return NT_STATUS_ACCESS_DENIED;
 826         }
 827 
 828         return NT_STATUS_OK;
 829 }
 830 
 831 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
     /* [<][>][^][v][top][bottom][index][help] */
 832                           uint32 member_rid)
 833 {
 834         struct pdb_methods *pdb = pdb_get_methods();
 835         return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
 836 }
 837 
 838 static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 839                                          TALLOC_CTX *mem_ctx,
 840                                          uint32 group_rid,
 841                                          uint32 member_rid)
 842 {
 843         DOM_SID group_sid, member_sid;
 844         struct samu *account = NULL;
 845         GROUP_MAP map;
 846         struct group *grp;
 847         struct passwd *pwd;
 848         const char *group_name;
 849         uid_t uid;
 850 
 851         sid_compose(&group_sid, get_global_sam_sid(), group_rid);
 852         sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 853 
 854         if (!get_domain_group_from_sid(group_sid, &map) ||
 855             (map.gid == (gid_t)-1) ||
 856             ((grp = getgrgid(map.gid)) == NULL)) {
 857                 return NT_STATUS_NO_SUCH_GROUP;
 858         }
 859 
 860         group_name = talloc_strdup(mem_ctx, grp->gr_name);
 861         if (group_name == NULL) {
 862                 return NT_STATUS_NO_MEMORY;
 863         }
 864 
 865         if ( !(account = samu_new( NULL )) ) {
 866                 return NT_STATUS_NO_MEMORY;
 867         }
 868 
 869         if (!pdb_getsampwsid(account, &member_sid) ||
 870             !sid_to_uid(&member_sid, &uid) ||
 871             ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
 872                 return NT_STATUS_NO_SUCH_USER;
 873         }
 874 
 875         if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
 876                 return NT_STATUS_MEMBER_NOT_IN_GROUP;
 877         }
 878 
 879         /* 
 880          * ok, the group exist, the user exist, the user is in the group,
 881          * we can (finally) delete it from the group!
 882          */
 883 
 884         smb_delete_user_group(group_name, pwd->pw_name);
 885 
 886         if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
 887                 return NT_STATUS_ACCESS_DENIED;
 888         }
 889 
 890         return NT_STATUS_OK;
 891 }
 892 
 893 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
     /* [<][>][^][v][top][bottom][index][help] */
 894                           uint32 member_rid)
 895 {
 896         struct pdb_methods *pdb = pdb_get_methods();
 897         return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
 898 }
 899 
 900 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
     /* [<][>][^][v][top][bottom][index][help] */
 901 {
 902         struct pdb_methods *pdb = pdb_get_methods();
 903         return pdb->create_alias(pdb, name, rid);
 904 }
 905 
 906 NTSTATUS pdb_delete_alias(const DOM_SID *sid)
     /* [<][>][^][v][top][bottom][index][help] */
 907 {
 908         struct pdb_methods *pdb = pdb_get_methods();
 909         return pdb->delete_alias(pdb, sid);
 910 }
 911 
 912 NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
     /* [<][>][^][v][top][bottom][index][help] */
 913 {
 914         struct pdb_methods *pdb = pdb_get_methods();
 915         return pdb->get_aliasinfo(pdb, sid, info);
 916 }
 917 
 918 NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
     /* [<][>][^][v][top][bottom][index][help] */
 919 {
 920         struct pdb_methods *pdb = pdb_get_methods();
 921         return pdb->set_aliasinfo(pdb, sid, info);
 922 }
 923 
 924 NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
     /* [<][>][^][v][top][bottom][index][help] */
 925 {
 926         struct pdb_methods *pdb = pdb_get_methods();
 927         return pdb->add_aliasmem(pdb, alias, member);
 928 }
 929 
 930 NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
     /* [<][>][^][v][top][bottom][index][help] */
 931 {
 932         struct pdb_methods *pdb = pdb_get_methods();
 933         return pdb->del_aliasmem(pdb, alias, member);
 934 }
 935 
 936 NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
     /* [<][>][^][v][top][bottom][index][help] */
 937                            DOM_SID **pp_members, size_t *p_num_members)
 938 {
 939         struct pdb_methods *pdb = pdb_get_methods();
 940         return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members);
 941 }
 942 
 943 NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 944                                     const DOM_SID *domain_sid,
 945                                     const DOM_SID *members, size_t num_members,
 946                                     uint32 **pp_alias_rids,
 947                                     size_t *p_num_alias_rids)
 948 {
 949         struct pdb_methods *pdb = pdb_get_methods();
 950         return pdb->enum_alias_memberships(pdb, mem_ctx,
 951                                                        domain_sid,
 952                                                        members, num_members,
 953                                                        pp_alias_rids,
 954                                                        p_num_alias_rids);
 955 }
 956 
 957 NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid,
     /* [<][>][^][v][top][bottom][index][help] */
 958                          int num_rids,
 959                          uint32 *rids,
 960                          const char **names,
 961                          enum lsa_SidType *attrs)
 962 {
 963         struct pdb_methods *pdb = pdb_get_methods();
 964         return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
 965 }
 966 
 967 /* 
 968  * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere 
 969  *       in the samba code.
 970  *       Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually 
 971  *       also ask pdb_lookup_rids, thus looking up a bunch of rids at a time, 
 972  *       the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
 973  *       down to are pdb_getsampwnam and pdb_getgrnam instead of
 974  *       pdb_lookup_names.
 975  *       But in principle, it the call belongs to the API and might get
 976  *       used in this context some day. 
 977  */
 978 #if 0
 979 NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
     /* [<][>][^][v][top][bottom][index][help] */
 980                           int num_names,
 981                           const char **names,
 982                           uint32 *rids,
 983                           enum lsa_SidType *attrs)
 984 {
 985         struct pdb_methods *pdb = pdb_get_methods();
 986         return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
 987 }
 988 #endif
 989 
 990 bool pdb_get_account_policy(int policy_index, uint32 *value)
     /* [<][>][^][v][top][bottom][index][help] */
 991 {
 992         struct pdb_methods *pdb = pdb_get_methods();
 993         NTSTATUS status;
 994         
 995         become_root();
 996         status = pdb->get_account_policy(pdb, policy_index, value);
 997         unbecome_root();
 998         
 999         return NT_STATUS_IS_OK(status); 
1000 }
1001 
1002 bool pdb_set_account_policy(int policy_index, uint32 value)
     /* [<][>][^][v][top][bottom][index][help] */
1003 {
1004         struct pdb_methods *pdb = pdb_get_methods();
1005         NTSTATUS status;
1006 
1007         become_root();
1008         status = pdb->set_account_policy(pdb, policy_index, value);
1009         unbecome_root();
1010 
1011         return NT_STATUS_IS_OK(status);
1012 }
1013 
1014 bool pdb_get_seq_num(time_t *seq_num)
     /* [<][>][^][v][top][bottom][index][help] */
1015 {
1016         struct pdb_methods *pdb = pdb_get_methods();
1017         return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1018 }
1019 
1020 bool pdb_uid_to_rid(uid_t uid, uint32 *rid)
     /* [<][>][^][v][top][bottom][index][help] */
1021 {
1022         struct pdb_methods *pdb = pdb_get_methods();
1023         return pdb->uid_to_rid(pdb, uid, rid);
1024 }
1025 
1026 bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
     /* [<][>][^][v][top][bottom][index][help] */
1027 {
1028         struct pdb_methods *pdb = pdb_get_methods();
1029         return pdb->uid_to_sid(pdb, uid, sid);
1030 }
1031 
1032 bool pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
     /* [<][>][^][v][top][bottom][index][help] */
1033 {
1034         struct pdb_methods *pdb = pdb_get_methods();
1035         return pdb->gid_to_sid(pdb, gid, sid);
1036 }
1037 
1038 bool pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
     /* [<][>][^][v][top][bottom][index][help] */
1039                    enum lsa_SidType *type)
1040 {
1041         struct pdb_methods *pdb = pdb_get_methods();
1042         return pdb->sid_to_id(pdb, sid, id, type);
1043 }
1044 
1045 bool pdb_rid_algorithm(void)
     /* [<][>][^][v][top][bottom][index][help] */
1046 {
1047         struct pdb_methods *pdb = pdb_get_methods();
1048         return pdb->rid_algorithm(pdb);
1049 }
1050 
1051 /********************************************************************
1052  Allocate a new RID from the passdb backend.  Verify that it is free
1053  by calling lookup_global_sam_rid() to verify that the RID is not
1054  in use.  This handles servers that have existing users or groups
1055  with add RIDs (assigned from previous algorithmic mappings)
1056 ********************************************************************/
1057 
1058 bool pdb_new_rid(uint32 *rid)
     /* [<][>][^][v][top][bottom][index][help] */
1059 {
1060         struct pdb_methods *pdb = pdb_get_methods();
1061         const char *name = NULL;
1062         enum lsa_SidType type;
1063         uint32 allocated_rid = 0;
1064         int i;
1065         TALLOC_CTX *ctx;
1066 
1067         if (pdb_rid_algorithm()) {
1068                 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1069                           "are active\n"));
1070                 return False;
1071         }
1072 
1073         if (algorithmic_rid_base() != BASE_RID) {
1074                 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1075                           "without algorithmic RIDs is chosen.\n"));
1076                 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1077                              "add', set the maximum used RID\n"));
1078                 DEBUGADD(0, ("and remove the parameter\n"));
1079                 return False;
1080         }
1081 
1082         if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1083                 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1084                 return False;
1085         }
1086 
1087         /* Attempt to get an unused RID (max tires is 250...yes that it is 
1088            and arbitrary number I pulkled out of my head).   -- jerry */
1089 
1090         for ( i=0; allocated_rid==0 && i<250; i++ ) {
1091                 /* get a new RID */
1092 
1093                 if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1094                         return False;
1095                 }
1096 
1097                 /* validate that the RID is not in use */
1098 
1099                 if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
1100                         allocated_rid = 0;
1101                 }
1102         }
1103 
1104         TALLOC_FREE( ctx );
1105 
1106         if ( allocated_rid == 0 ) {
1107                 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1108                 return False;
1109         }
1110 
1111         *rid = allocated_rid;
1112 
1113         return True;
1114 }
1115 
1116 /***************************************************************
1117   Initialize the static context (at smbd startup etc). 
1118 
1119   If uninitialised, context will auto-init on first use.
1120  ***************************************************************/
1121 
1122 bool initialize_password_db(bool reload, struct event_context *event_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
1123 {
1124         pdb_event_ctx = event_ctx;
1125         return (pdb_get_methods_reload(reload) != NULL);
1126 }
1127 
1128 
1129 /***************************************************************************
1130   Default implementations of some functions.
1131  ****************************************************************************/
1132 
1133 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
     /* [<][>][^][v][top][bottom][index][help] */
1134 {
1135         return NT_STATUS_NO_SUCH_USER;
1136 }
1137 
1138 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
     /* [<][>][^][v][top][bottom][index][help] */
1139 {
1140         return NT_STATUS_NO_SUCH_USER;
1141 }
1142 
1143 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
     /* [<][>][^][v][top][bottom][index][help] */
1144 {
1145         return NT_STATUS_NOT_IMPLEMENTED;
1146 }
1147 
1148 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
     /* [<][>][^][v][top][bottom][index][help] */
1149 {
1150         return NT_STATUS_NOT_IMPLEMENTED;
1151 }
1152 
1153 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
     /* [<][>][^][v][top][bottom][index][help] */
1154 {
1155         return NT_STATUS_NOT_IMPLEMENTED;
1156 }
1157 
1158 static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
     /* [<][>][^][v][top][bottom][index][help] */
1159 {
1160         return NT_STATUS_NOT_IMPLEMENTED;
1161 }
1162 
1163 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
     /* [<][>][^][v][top][bottom][index][help] */
1164 {
1165         /* Only the pdb_nds backend implements this, by
1166          * default just return ok. */
1167         return NT_STATUS_OK;
1168 }
1169 
1170 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
     /* [<][>][^][v][top][bottom][index][help] */
1171 {
1172         return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1173 }
1174 
1175 static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
     /* [<][>][^][v][top][bottom][index][help] */
1176 {
1177         return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1178 }
1179 
1180 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
     /* [<][>][^][v][top][bottom][index][help] */
1181 {
1182         *seq_num = time(NULL);
1183         return NT_STATUS_OK;
1184 }
1185 
1186 static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
     /* [<][>][^][v][top][bottom][index][help] */
1187                                    DOM_SID *sid)
1188 {
1189         struct samu *sampw = NULL;
1190         struct passwd *unix_pw;
1191         bool ret;
1192         
1193         unix_pw = sys_getpwuid( uid );
1194 
1195         if ( !unix_pw ) {
1196                 DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid "
1197                          "%lu\n", (unsigned long)uid));
1198                 return False;
1199         }
1200         
1201         if ( !(sampw = samu_new( NULL )) ) {
1202                 DEBUG(0,("pdb_default_uid_to_rid: samu_new() failed!\n"));
1203                 return False;
1204         }
1205 
1206         become_root();
1207         ret = NT_STATUS_IS_OK(
1208                 methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
1209         unbecome_root();
1210 
1211         if (!ret) {
1212                 DEBUG(5, ("pdb_default_uid_to_rid: Did not find user "
1213                           "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1214                 TALLOC_FREE(sampw);
1215                 return False;
1216         }
1217 
1218         sid_copy(sid, pdb_get_user_sid(sampw));
1219 
1220         TALLOC_FREE(sampw);
1221 
1222         return True;
1223 }
1224 
1225 static bool pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
     /* [<][>][^][v][top][bottom][index][help] */
1226                                    uint32 *rid)
1227 {
1228         DOM_SID sid;
1229         bool ret;
1230 
1231         ret = pdb_default_uid_to_sid(methods, uid, &sid);
1232         if (!ret) {
1233                 return ret;
1234         }
1235         
1236         ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid);
1237 
1238         if (!ret) {
1239                 DEBUG(1, ("Could not peek rid out of sid %s\n",
1240                           sid_string_dbg(&sid)));
1241         }
1242 
1243         return ret;
1244 }
1245 
1246 static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
     /* [<][>][^][v][top][bottom][index][help] */
1247                                    DOM_SID *sid)
1248 {
1249         GROUP_MAP map;
1250 
1251         if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
1252                 return False;
1253         }
1254 
1255         sid_copy(sid, &map.sid);
1256         return True;
1257 }
1258 
1259 static bool pdb_default_sid_to_id(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1260                                   const DOM_SID *sid,
1261                                   union unid_t *id, enum lsa_SidType *type)
1262 {
1263         TALLOC_CTX *mem_ctx;
1264         bool ret = False;
1265         const char *name;
1266         uint32 rid;
1267 
1268         mem_ctx = talloc_new(NULL);
1269 
1270         if (mem_ctx == NULL) {
1271                 DEBUG(0, ("talloc_new failed\n"));
1272                 return False;
1273         }
1274 
1275         if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1276                 /* Here we might have users as well as groups and aliases */
1277                 ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id);
1278                 goto done;
1279         }
1280 
1281         /* check for "Unix User" */
1282 
1283         if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
1284                 id->uid = rid;
1285                 *type = SID_NAME_USER;
1286                 ret = True;             
1287                 goto done;              
1288         }
1289         
1290         /* check for "Unix Group" */
1291 
1292         if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
1293                 id->gid = rid;
1294                 *type = SID_NAME_ALIAS;
1295                 ret = True;             
1296                 goto done;              
1297         }
1298         
1299         /* BUILTIN */
1300 
1301         if (sid_check_is_in_builtin(sid) ||
1302             sid_check_is_in_wellknown_domain(sid)) {
1303                 /* Here we only have aliases */
1304                 GROUP_MAP map;
1305                 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
1306                         DEBUG(10, ("Could not find map for sid %s\n",
1307                                    sid_string_dbg(sid)));
1308                         goto done;
1309                 }
1310                 if ((map.sid_name_use != SID_NAME_ALIAS) &&
1311                     (map.sid_name_use != SID_NAME_WKN_GRP)) {
1312                         DEBUG(10, ("Map for sid %s is a %s, expected an "
1313                                    "alias\n", sid_string_dbg(sid),
1314                                    sid_type_lookup(map.sid_name_use)));
1315                         goto done;
1316                 }
1317 
1318                 id->gid = map.gid;
1319                 *type = SID_NAME_ALIAS;
1320                 ret = True;
1321                 goto done;
1322         }
1323 
1324         DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1325                   sid_string_dbg(sid)));
1326 
1327  done:
1328 
1329         TALLOC_FREE(mem_ctx);
1330         return ret;
1331 }
1332 
1333 static bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1334                                     uid_t uid, uid_t **pp_uids, size_t *p_num)
1335 {
1336         size_t i;
1337 
1338         for (i=0; i<*p_num; i++) {
1339                 if ((*pp_uids)[i] == uid)
1340                         return True;
1341         }
1342         
1343         *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1);
1344 
1345         if (*pp_uids == NULL)
1346                 return False;
1347 
1348         (*pp_uids)[*p_num] = uid;
1349         *p_num += 1;
1350         return True;
1351 }
1352 
1353 static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
     /* [<][>][^][v][top][bottom][index][help] */
1354 {
1355         struct group *grp;
1356         char **gr;
1357         struct passwd *pwd;
1358         bool winbind_env;
1359         bool ret = False;
1360  
1361         *pp_uids = NULL;
1362         *p_num = 0;
1363 
1364         /* We only look at our own sam, so don't care about imported stuff */
1365         winbind_env = winbind_env_set();
1366         (void)winbind_off();
1367 
1368         if ((grp = getgrgid(gid)) == NULL) {
1369                 /* allow winbindd lookups, but only if they weren't already disabled */
1370                 goto done;
1371         }
1372 
1373         /* Primary group members */
1374         setpwent();
1375         while ((pwd = getpwent()) != NULL) {
1376                 if (pwd->pw_gid == gid) {
1377                         if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1378                                                 pp_uids, p_num)) {
1379                                 goto done;
1380                         }
1381                 }
1382         }
1383         endpwent();
1384 
1385         /* Secondary group members */
1386         for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1387                 struct passwd *pw = getpwnam(*gr);
1388 
1389                 if (pw == NULL)
1390                         continue;
1391                 if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1392                         goto done;
1393                 }
1394         }
1395 
1396         ret = True;
1397 
1398   done:
1399 
1400         /* allow winbindd lookups, but only if they weren't already disabled */
1401         if (!winbind_env) {
1402                 (void)winbind_on();
1403         }
1404         
1405         return ret;
1406 }
1407 
1408 static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1409                                                TALLOC_CTX *mem_ctx,
1410                                                const DOM_SID *group,
1411                                                uint32 **pp_member_rids,
1412                                                size_t *p_num_members)
1413 {
1414         gid_t gid;
1415         uid_t *uids;
1416         size_t i, num_uids;
1417 
1418         *pp_member_rids = NULL;
1419         *p_num_members = 0;
1420 
1421         if (!sid_to_gid(group, &gid))
1422                 return NT_STATUS_NO_SUCH_GROUP;
1423 
1424         if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1425                 return NT_STATUS_NO_SUCH_GROUP;
1426 
1427         if (num_uids == 0)
1428                 return NT_STATUS_OK;
1429 
1430         *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1431 
1432         for (i=0; i<num_uids; i++) {
1433                 DOM_SID sid;
1434 
1435                 uid_to_sid(&sid, uids[i]);
1436 
1437                 if (!sid_check_is_in_our_domain(&sid)) {
1438                         DEBUG(5, ("Inconsistent SAM -- group member uid not "
1439                                   "in our domain\n"));
1440                         continue;
1441                 }
1442 
1443                 sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1444                 *p_num_members += 1;
1445         }
1446 
1447         return NT_STATUS_OK;
1448 }
1449 
1450 static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1451                                                    TALLOC_CTX *mem_ctx,
1452                                                    struct samu *user,
1453                                                    DOM_SID **pp_sids,
1454                                                    gid_t **pp_gids,
1455                                                    size_t *p_num_groups)
1456 {
1457         size_t i;
1458         gid_t gid;
1459         struct passwd *pw;
1460         const char *username = pdb_get_username(user);
1461         
1462 
1463         /* Ignore the primary group SID.  Honor the real Unix primary group.
1464            The primary group SID is only of real use to Windows clients */
1465            
1466         if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
1467                 return NT_STATUS_NO_SUCH_USER;
1468         }
1469         
1470         gid = pw->pw_gid;
1471         
1472         TALLOC_FREE( pw );
1473 
1474         if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1475                 return NT_STATUS_NO_SUCH_USER;
1476         }
1477 
1478         if (*p_num_groups == 0) {
1479                 smb_panic("primary group missing");
1480         }
1481 
1482         *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
1483 
1484         if (*pp_sids == NULL) {
1485                 TALLOC_FREE(*pp_gids);
1486                 return NT_STATUS_NO_MEMORY;
1487         }
1488 
1489         for (i=0; i<*p_num_groups; i++) {
1490                 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1491         }
1492 
1493         return NT_STATUS_OK;
1494 }
1495 
1496 /*******************************************************************
1497  Look up a rid in the SAM we're responsible for (i.e. passdb)
1498  ********************************************************************/
1499 
1500 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
     /* [<][>][^][v][top][bottom][index][help] */
1501                                   const char **name,
1502                                   enum lsa_SidType *psid_name_use,
1503                                   union unid_t *unix_id)
1504 {
1505         struct samu *sam_account = NULL;
1506         GROUP_MAP map;
1507         bool ret;
1508         DOM_SID sid;
1509 
1510         *psid_name_use = SID_NAME_UNKNOWN;
1511         
1512         DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1513                  (unsigned int)rid));
1514 
1515         sid_copy(&sid, get_global_sam_sid());
1516         sid_append_rid(&sid, rid);
1517         
1518         /* see if the passdb can help us with the name of the user */
1519 
1520         if ( !(sam_account = samu_new( NULL )) ) {
1521                 return False;
1522         }
1523 
1524         /* BEING ROOT BLLOCK */
1525         become_root();
1526         if (pdb_getsampwsid(sam_account, &sid)) {
1527                 struct passwd *pw;
1528 
1529                 unbecome_root();                /* -----> EXIT BECOME_ROOT() */
1530                 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1531                 if (!*name) {
1532                         TALLOC_FREE(sam_account);
1533                         return False;
1534                 }
1535 
1536                 *psid_name_use = SID_NAME_USER;
1537 
1538                 TALLOC_FREE(sam_account);
1539 
1540                 if (unix_id == NULL) {
1541                         return True;
1542                 }
1543 
1544                 pw = Get_Pwnam_alloc(talloc_tos(), *name);
1545                 if (pw == NULL) {
1546                         return False;
1547                 }
1548                 unix_id->uid = pw->pw_uid;
1549                 TALLOC_FREE(pw);
1550                 return True;
1551         }
1552         TALLOC_FREE(sam_account);
1553         
1554         ret = pdb_getgrsid(&map, sid);
1555         unbecome_root();
1556         /* END BECOME_ROOT BLOCK */
1557   
1558         /* do not resolve SIDs to a name unless there is a valid 
1559            gid associated with it */
1560                    
1561         if ( ret && (map.gid != (gid_t)-1) ) {
1562                 *name = talloc_strdup(mem_ctx, map.nt_name);
1563                 *psid_name_use = map.sid_name_use;
1564 
1565                 if ( unix_id ) {
1566                         unix_id->gid = map.gid;
1567                 }
1568 
1569                 return True;
1570         }
1571         
1572         /* Windows will always map RID 513 to something.  On a non-domain 
1573            controller, this gets mapped to SERVER\None. */
1574 
1575         if ( unix_id ) {
1576                 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1577                 return False;
1578         }
1579         
1580         if ( rid == DOMAIN_GROUP_RID_USERS ) {
1581                 *name = talloc_strdup(mem_ctx, "None" );
1582                 *psid_name_use = SID_NAME_DOM_GRP;
1583                 
1584                 return True;
1585         }
1586 
1587         return False;
1588 }
1589 
1590 static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1591                                         const DOM_SID *domain_sid,
1592                                         int num_rids,
1593                                         uint32 *rids,
1594                                         const char **names,
1595                                         enum lsa_SidType *attrs)
1596 {
1597         int i;
1598         NTSTATUS result;
1599         bool have_mapped = False;
1600         bool have_unmapped = False;
1601 
1602         if (sid_check_is_builtin(domain_sid)) {
1603 
1604                 for (i=0; i<num_rids; i++) {
1605                         const char *name;
1606 
1607                         if (lookup_builtin_rid(names, rids[i], &name)) {
1608                                 attrs[i] = SID_NAME_ALIAS;
1609                                 names[i] = name;
1610                                 DEBUG(5,("lookup_rids: %s:%d\n",
1611                                          names[i], attrs[i]));
1612                                 have_mapped = True;
1613                         } else {
1614                                 have_unmapped = True;
1615                                 attrs[i] = SID_NAME_UNKNOWN;
1616                         }
1617                 }
1618                 goto done;
1619         }
1620 
1621         /* Should not happen, but better check once too many */
1622         if (!sid_check_is_domain(domain_sid)) {
1623                 return NT_STATUS_INVALID_HANDLE;
1624         }
1625 
1626         for (i = 0; i < num_rids; i++) {
1627                 const char *name;
1628 
1629                 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1630                                           NULL)) {
1631                         if (name == NULL) {
1632                                 return NT_STATUS_NO_MEMORY;
1633                         }
1634                         names[i] = name;
1635                         DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1636                         have_mapped = True;
1637                 } else {
1638                         have_unmapped = True;
1639                         attrs[i] = SID_NAME_UNKNOWN;
1640                 }
1641         }
1642 
1643  done:
1644 
1645         result = NT_STATUS_NONE_MAPPED;
1646 
1647         if (have_mapped)
1648                 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1649 
1650         return result;
1651 }
1652 
1653 #if 0
1654 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1655                                          const DOM_SID *domain_sid,
1656                                          int num_names,
1657                                          const char **names,
1658                                          uint32 *rids,
1659                                          enum lsa_SidType *attrs)
1660 {
1661         int i;
1662         NTSTATUS result;
1663         bool have_mapped = False;
1664         bool have_unmapped = False;
1665 
1666         if (sid_check_is_builtin(domain_sid)) {
1667 
1668                 for (i=0; i<num_names; i++) {
1669                         uint32 rid;
1670 
1671                         if (lookup_builtin_name(names[i], &rid)) {
1672                                 attrs[i] = SID_NAME_ALIAS;
1673                                 rids[i] = rid;
1674                                 DEBUG(5,("lookup_rids: %s:%d\n",
1675                                          names[i], attrs[i]));
1676                                 have_mapped = True;
1677                         } else {
1678                                 have_unmapped = True;
1679                                 attrs[i] = SID_NAME_UNKNOWN;
1680                         }
1681                 }
1682                 goto done;
1683         }
1684 
1685         /* Should not happen, but better check once too many */
1686         if (!sid_check_is_domain(domain_sid)) {
1687                 return NT_STATUS_INVALID_HANDLE;
1688         }
1689 
1690         for (i = 0; i < num_names; i++) {
1691                 if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
1692                         DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
1693                                  rids[i], attrs[i]));
1694                         have_mapped = True;
1695                 } else {
1696                         have_unmapped = True;
1697                         attrs[i] = SID_NAME_UNKNOWN;
1698                 }
1699         }
1700 
1701  done:
1702 
1703         result = NT_STATUS_NONE_MAPPED;
1704 
1705         if (have_mapped)
1706                 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1707 
1708         return result;
1709 }
1710 #endif
1711 
1712 static int pdb_search_destructor(struct pdb_search *search)
     /* [<][>][^][v][top][bottom][index][help] */
1713 {
1714         if (!search->search_ended) {
1715                 search->search_end(search);
1716         }
1717         return 0;
1718 }
1719 
1720 struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1721                                    enum pdb_search_type type)
1722 {
1723         struct pdb_search *result;
1724 
1725         result = talloc(mem_ctx, struct pdb_search);
1726         if (result == NULL) {
1727                 DEBUG(0, ("talloc failed\n"));
1728                 return NULL;
1729         }
1730 
1731         result->type = type;
1732         result->cache = NULL;
1733         result->num_entries = 0;
1734         result->cache_size = 0;
1735         result->search_ended = False;
1736 
1737         /* Segfault appropriately if not initialized */
1738         result->next_entry = NULL;
1739         result->search_end = NULL;
1740 
1741         talloc_set_destructor(result, pdb_search_destructor);
1742 
1743         return result;
1744 }
1745 
1746 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,
     /* [<][>][^][v][top][bottom][index][help] */
1747                               uint16 acct_flags,
1748                               const char *account_name,
1749                               const char *fullname,
1750                               const char *description,
1751                               struct samr_displayentry *entry)
1752 {
1753         entry->rid = rid;
1754         entry->acct_flags = acct_flags;
1755 
1756         if (account_name != NULL)
1757                 entry->account_name = talloc_strdup(mem_ctx, account_name);
1758         else
1759                 entry->account_name = "";
1760 
1761         if (fullname != NULL)
1762                 entry->fullname = talloc_strdup(mem_ctx, fullname);
1763         else
1764                 entry->fullname = "";
1765 
1766         if (description != NULL)
1767                 entry->description = talloc_strdup(mem_ctx, description);
1768         else
1769                 entry->description = "";
1770 }
1771 
1772 struct group_search {
1773         GROUP_MAP *groups;
1774         size_t num_groups, current_group;
1775 };
1776 
1777 static bool next_entry_groups(struct pdb_search *s,
     /* [<][>][^][v][top][bottom][index][help] */
1778                               struct samr_displayentry *entry)
1779 {
1780         struct group_search *state = (struct group_search *)s->private_data;
1781         uint32 rid;
1782         GROUP_MAP *map = &state->groups[state->current_group];
1783 
1784         if (state->current_group == state->num_groups)
1785                 return False;
1786 
1787         sid_peek_rid(&map->sid, &rid);
1788 
1789         fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
1790 
1791         state->current_group += 1;
1792         return True;
1793 }
1794 
1795 static void search_end_groups(struct pdb_search *search)
     /* [<][>][^][v][top][bottom][index][help] */
1796 {
1797         struct group_search *state =
1798                 (struct group_search *)search->private_data;
1799         SAFE_FREE(state->groups);
1800 }
1801 
1802 static bool pdb_search_grouptype(struct pdb_search *search,
     /* [<][>][^][v][top][bottom][index][help] */
1803                                  const DOM_SID *sid, enum lsa_SidType type)
1804 {
1805         struct group_search *state;
1806 
1807         state = talloc(search, struct group_search);
1808         if (state == NULL) {
1809                 DEBUG(0, ("talloc failed\n"));
1810                 return False;
1811         }
1812 
1813         if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
1814                                     True)) {
1815                 DEBUG(0, ("Could not enum groups\n"));
1816                 return False;
1817         }
1818 
1819         state->current_group = 0;
1820         search->private_data = state;
1821         search->next_entry = next_entry_groups;
1822         search->search_end = search_end_groups;
1823         return True;
1824 }
1825 
1826 static bool pdb_default_search_groups(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1827                                       struct pdb_search *search)
1828 {
1829         return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
1830 }
1831 
1832 static bool pdb_default_search_aliases(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1833                                        struct pdb_search *search,
1834                                        const DOM_SID *sid)
1835 {
1836 
1837         return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
1838 }
1839 
1840 static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
     /* [<][>][^][v][top][bottom][index][help] */
1841                                                      uint32 idx)
1842 {
1843         if (idx < search->num_entries)
1844                 return &search->cache[idx];
1845 
1846         if (search->search_ended)
1847                 return NULL;
1848 
1849         while (idx >= search->num_entries) {
1850                 struct samr_displayentry entry;
1851 
1852                 if (!search->next_entry(search, &entry)) {
1853                         search->search_end(search);
1854                         search->search_ended = True;
1855                         break;
1856                 }
1857 
1858                 ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
1859                                    entry, &search->cache, &search->num_entries,
1860                                    &search->cache_size);
1861         }
1862 
1863         return (search->num_entries > idx) ? &search->cache[idx] : NULL;
1864 }
1865 
1866 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32 acct_flags)
     /* [<][>][^][v][top][bottom][index][help] */
1867 {
1868         struct pdb_methods *pdb = pdb_get_methods();
1869         struct pdb_search *result;
1870 
1871         result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
1872         if (result == NULL) {
1873                 return NULL;
1874         }
1875 
1876         if (!pdb->search_users(pdb, result, acct_flags)) {
1877                 TALLOC_FREE(result);
1878                 return NULL;
1879         }
1880         return result;
1881 }
1882 
1883 struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
1884 {
1885         struct pdb_methods *pdb = pdb_get_methods();
1886         struct pdb_search *result;
1887 
1888         result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
1889         if (result == NULL) {
1890                  return NULL;
1891         }
1892 
1893         if (!pdb->search_groups(pdb, result)) {
1894                 TALLOC_FREE(result);
1895                 return NULL;
1896         }
1897         return result;
1898 }
1899 
1900 struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
     /* [<][>][^][v][top][bottom][index][help] */
1901 {
1902         struct pdb_methods *pdb = pdb_get_methods();
1903         struct pdb_search *result;
1904 
1905         if (pdb == NULL) return NULL;
1906 
1907         result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
1908         if (result == NULL) {
1909                 return NULL;
1910         }
1911 
1912         if (!pdb->search_aliases(pdb, result, sid)) {
1913                 TALLOC_FREE(result);
1914                 return NULL;
1915         }
1916         return result;
1917 }
1918 
1919 uint32 pdb_search_entries(struct pdb_search *search,
     /* [<][>][^][v][top][bottom][index][help] */
1920                           uint32 start_idx, uint32 max_entries,
1921                           struct samr_displayentry **result)
1922 {
1923         struct samr_displayentry *end_entry;
1924         uint32 end_idx = start_idx+max_entries-1;
1925 
1926         /* The first entry needs to be searched after the last. Otherwise the
1927          * first entry might have moved due to a realloc during the search for
1928          * the last entry. */
1929 
1930         end_entry = pdb_search_getentry(search, end_idx);
1931         *result = pdb_search_getentry(search, start_idx);
1932 
1933         if (end_entry != NULL)
1934                 return max_entries;
1935 
1936         if (start_idx >= search->num_entries)
1937                 return 0;
1938 
1939         return search->num_entries - start_idx;
1940 }
1941 
1942 /*******************************************************************
1943  trustdom methods
1944  *******************************************************************/
1945 
1946 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid, 
     /* [<][>][^][v][top][bottom][index][help] */
1947                            time_t *pass_last_set_time)
1948 {
1949         struct pdb_methods *pdb = pdb_get_methods();
1950         return pdb->get_trusteddom_pw(pdb, domain, pwd, sid, 
1951                         pass_last_set_time);
1952 }
1953 
1954 bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
     /* [<][>][^][v][top][bottom][index][help] */
1955                            const DOM_SID *sid)
1956 {
1957         struct pdb_methods *pdb = pdb_get_methods();
1958         return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
1959 }
1960 
1961 bool pdb_del_trusteddom_pw(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
1962 {
1963         struct pdb_methods *pdb = pdb_get_methods();
1964         return pdb->del_trusteddom_pw(pdb, domain);
1965 }
1966 
1967 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,
     /* [<][>][^][v][top][bottom][index][help] */
1968                               struct trustdom_info ***domains)
1969 {
1970         struct pdb_methods *pdb = pdb_get_methods();
1971         return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
1972 }
1973 
1974 /*******************************************************************
1975  the defaults for trustdom methods: 
1976  these simply call the original passdb/secrets.c actions,
1977  to be replaced by pdb_ldap.
1978  *******************************************************************/
1979 
1980 static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
1981                                           const char *domain, 
1982                                           char** pwd, 
1983                                           DOM_SID *sid, 
1984                                           time_t *pass_last_set_time)
1985 {
1986         return secrets_fetch_trusted_domain_password(domain, pwd,
1987                                 sid, pass_last_set_time);
1988 
1989 }
1990 
1991 static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods, 
     /* [<][>][^][v][top][bottom][index][help] */
1992                                           const char* domain, 
1993                                           const char* pwd,
1994                                           const DOM_SID *sid)
1995 {
1996         return secrets_store_trusted_domain_password(domain, pwd, sid);
1997 }
1998 
1999 static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods, 
     /* [<][>][^][v][top][bottom][index][help] */
2000                                           const char *domain)
2001 {
2002         return trusted_domain_password_delete(domain);
2003 }
2004 
2005 static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
2006                                              TALLOC_CTX *mem_ctx, 
2007                                              uint32 *num_domains,
2008                                              struct trustdom_info ***domains)
2009 {
2010         return secrets_trusted_domains(mem_ctx, num_domains, domains);
2011 }
2012 
2013 /*******************************************************************
2014  Create a pdb_methods structure and initialize it with the default
2015  operations.  In this way a passdb module can simply implement
2016  the functionality it cares about.  However, normally this is done 
2017  in groups of related functions.
2018 *******************************************************************/
2019 
2020 NTSTATUS make_pdb_method( struct pdb_methods **methods ) 
     /* [<][>][^][v][top][bottom][index][help] */
2021 {
2022         /* allocate memory for the structure as its own talloc CTX */
2023 
2024         if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) {
2025                 return NT_STATUS_NO_MEMORY;
2026         }
2027 
2028         (*methods)->getsampwnam = pdb_default_getsampwnam;
2029         (*methods)->getsampwsid = pdb_default_getsampwsid;
2030         (*methods)->create_user = pdb_default_create_user;
2031         (*methods)->delete_user = pdb_default_delete_user;
2032         (*methods)->add_sam_account = pdb_default_add_sam_account;
2033         (*methods)->update_sam_account = pdb_default_update_sam_account;
2034         (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2035         (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2036         (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2037 
2038         (*methods)->getgrsid = pdb_default_getgrsid;
2039         (*methods)->getgrgid = pdb_default_getgrgid;
2040         (*methods)->getgrnam = pdb_default_getgrnam;
2041         (*methods)->create_dom_group = pdb_default_create_dom_group;
2042         (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2043         (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2044         (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2045         (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2046         (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2047         (*methods)->enum_group_members = pdb_default_enum_group_members;
2048         (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2049         (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2050         (*methods)->add_groupmem = pdb_default_add_groupmem;
2051         (*methods)->del_groupmem = pdb_default_del_groupmem;
2052         (*methods)->create_alias = pdb_default_create_alias;
2053         (*methods)->delete_alias = pdb_default_delete_alias;
2054         (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2055         (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2056         (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2057         (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2058         (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2059         (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2060         (*methods)->lookup_rids = pdb_default_lookup_rids;
2061         (*methods)->get_account_policy = pdb_default_get_account_policy;
2062         (*methods)->set_account_policy = pdb_default_set_account_policy;
2063         (*methods)->get_seq_num = pdb_default_get_seq_num;
2064         (*methods)->uid_to_rid = pdb_default_uid_to_rid;
2065         (*methods)->uid_to_sid = pdb_default_uid_to_sid;
2066         (*methods)->gid_to_sid = pdb_default_gid_to_sid;
2067         (*methods)->sid_to_id = pdb_default_sid_to_id;
2068 
2069         (*methods)->search_groups = pdb_default_search_groups;
2070         (*methods)->search_aliases = pdb_default_search_aliases;
2071 
2072         (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2073         (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2074         (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2075         (*methods)->enum_trusteddoms  = pdb_default_enum_trusteddoms;
2076 
2077         return NT_STATUS_OK;
2078 }

/* [<][>][^][v][top][bottom][index][help] */