root/source3/libnet/libnet_samsync_passdb.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. sam_account_from_delta
  2. fetch_account_info
  3. fetch_group_info
  4. fetch_group_mem_info
  5. fetch_alias_info
  6. fetch_alias_mem
  7. fetch_domain_info
  8. fetch_sam_entry
  9. fetch_sam_entries

   1 /*
   2    Unix SMB/CIFS implementation.
   3    dump the remote SAM using rpc samsync operations
   4 
   5    Copyright (C) Andrew Tridgell 2002
   6    Copyright (C) Tim Potter 2001,2002
   7    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
   8    Modified by Volker Lendecke 2002
   9    Copyright (C) Jeremy Allison 2005.
  10    Copyright (C) Guenther Deschner 2008.
  11 
  12    This program is free software; you can redistribute it and/or modify
  13    it under the terms of the GNU General Public License as published by
  14    the Free Software Foundation; either version 3 of the License, or
  15    (at your option) any later version.
  16 
  17    This program is distributed in the hope that it will be useful,
  18    but WITHOUT ANY WARRANTY; without even the implied warranty of
  19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20    GNU General Public License for more details.
  21 
  22    You should have received a copy of the GNU General Public License
  23    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  24 */
  25 
  26 #include "includes.h"
  27 #include "libnet/libnet.h"
  28 
  29 /* Convert a struct samu_DELTA to a struct samu. */
  30 #define STRING_CHANGED (old_string && !new_string) ||\
  31                     (!old_string && new_string) ||\
  32                 (old_string && new_string && (strcmp(old_string, new_string) != 0))
  33 
  34 #define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\
  35                     (!(s1) && (s2)) ||\
  36                 ((s1) && (s2) && (strcmp((s1), (s2)) != 0))
  37 
  38 /****************************************************************
  39 ****************************************************************/
  40 
  41 static NTSTATUS sam_account_from_delta(struct samu *account,
     /* [<][>][^][v][top][bottom][index][help] */
  42                                        struct netr_DELTA_USER *r)
  43 {
  44         const char *old_string, *new_string;
  45         time_t unix_time, stored_time;
  46         uchar zero_buf[16];
  47 
  48         memset(zero_buf, '\0', sizeof(zero_buf));
  49 
  50         /* Username, fullname, home dir, dir drive, logon script, acct
  51            desc, workstations, profile. */
  52 
  53         if (r->account_name.string) {
  54                 old_string = pdb_get_nt_username(account);
  55                 new_string = r->account_name.string;
  56 
  57                 if (STRING_CHANGED) {
  58                         pdb_set_nt_username(account, new_string, PDB_CHANGED);
  59                 }
  60 
  61                 /* Unix username is the same - for sanity */
  62                 old_string = pdb_get_username( account );
  63                 if (STRING_CHANGED) {
  64                         pdb_set_username(account, new_string, PDB_CHANGED);
  65                 }
  66         }
  67 
  68         if (r->full_name.string) {
  69                 old_string = pdb_get_fullname(account);
  70                 new_string = r->full_name.string;
  71 
  72                 if (STRING_CHANGED)
  73                         pdb_set_fullname(account, new_string, PDB_CHANGED);
  74         }
  75 
  76         if (r->home_directory.string) {
  77                 old_string = pdb_get_homedir(account);
  78                 new_string = r->home_directory.string;
  79 
  80                 if (STRING_CHANGED)
  81                         pdb_set_homedir(account, new_string, PDB_CHANGED);
  82         }
  83 
  84         if (r->home_drive.string) {
  85                 old_string = pdb_get_dir_drive(account);
  86                 new_string = r->home_drive.string;
  87 
  88                 if (STRING_CHANGED)
  89                         pdb_set_dir_drive(account, new_string, PDB_CHANGED);
  90         }
  91 
  92         if (r->logon_script.string) {
  93                 old_string = pdb_get_logon_script(account);
  94                 new_string = r->logon_script.string;
  95 
  96                 if (STRING_CHANGED)
  97                         pdb_set_logon_script(account, new_string, PDB_CHANGED);
  98         }
  99 
 100         if (r->description.string) {
 101                 old_string = pdb_get_acct_desc(account);
 102                 new_string = r->description.string;
 103 
 104                 if (STRING_CHANGED)
 105                         pdb_set_acct_desc(account, new_string, PDB_CHANGED);
 106         }
 107 
 108         if (r->workstations.string) {
 109                 old_string = pdb_get_workstations(account);
 110                 new_string = r->workstations.string;
 111 
 112                 if (STRING_CHANGED)
 113                         pdb_set_workstations(account, new_string, PDB_CHANGED);
 114         }
 115 
 116         if (r->profile_path.string) {
 117                 old_string = pdb_get_profile_path(account);
 118                 new_string = r->profile_path.string;
 119 
 120                 if (STRING_CHANGED)
 121                         pdb_set_profile_path(account, new_string, PDB_CHANGED);
 122         }
 123 
 124         if (r->parameters.array) {
 125                 DATA_BLOB mung;
 126                 char *newstr;
 127                 old_string = pdb_get_munged_dial(account);
 128                 mung.length = r->parameters.length * 2;
 129                 mung.data = (uint8_t *) r->parameters.array;
 130                 newstr = (mung.length == 0) ? NULL :
 131                         base64_encode_data_blob(talloc_tos(), mung);
 132 
 133                 if (STRING_CHANGED_NC(old_string, newstr))
 134                         pdb_set_munged_dial(account, newstr, PDB_CHANGED);
 135                 TALLOC_FREE(newstr);
 136         }
 137 
 138         /* User and group sid */
 139         if (pdb_get_user_rid(account) != r->rid)
 140                 pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED);
 141         if (pdb_get_group_rid(account) != r->primary_gid)
 142                 pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED);
 143 
 144         /* Logon and password information */
 145         if (!nt_time_is_zero(&r->last_logon)) {
 146                 unix_time = nt_time_to_unix(r->last_logon);
 147                 stored_time = pdb_get_logon_time(account);
 148                 if (stored_time != unix_time)
 149                         pdb_set_logon_time(account, unix_time, PDB_CHANGED);
 150         }
 151 
 152         if (!nt_time_is_zero(&r->last_logoff)) {
 153                 unix_time = nt_time_to_unix(r->last_logoff);
 154                 stored_time = pdb_get_logoff_time(account);
 155                 if (stored_time != unix_time)
 156                         pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
 157         }
 158 
 159         /* Logon Divs */
 160         if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week)
 161                 pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED);
 162 
 163 #if 0
 164         /* no idea what to do with this one - gd */
 165         /* Max Logon Hours */
 166         if (delta->unknown1 != pdb_get_unknown_6(account)) {
 167                 pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED);
 168         }
 169 #endif
 170         /* Logon Hours Len */
 171         if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) {
 172                 pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED);
 173         }
 174 
 175         /* Logon Hours */
 176         if (r->logon_hours.bits) {
 177                 char oldstr[44], newstr[44];
 178                 pdb_sethexhours(oldstr, pdb_get_hours(account));
 179                 pdb_sethexhours(newstr, r->logon_hours.bits);
 180                 if (!strequal(oldstr, newstr))
 181                         pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED);
 182         }
 183 
 184         if (pdb_get_bad_password_count(account) != r->bad_password_count)
 185                 pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED);
 186 
 187         if (pdb_get_logon_count(account) != r->logon_count)
 188                 pdb_set_logon_count(account, r->logon_count, PDB_CHANGED);
 189 
 190         if (!nt_time_is_zero(&r->last_password_change)) {
 191                 unix_time = nt_time_to_unix(r->last_password_change);
 192                 stored_time = pdb_get_pass_last_set_time(account);
 193                 if (stored_time != unix_time)
 194                         pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED);
 195         } else {
 196                 /* no last set time, make it now */
 197                 pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED);
 198         }
 199 
 200         if (!nt_time_is_zero(&r->acct_expiry)) {
 201                 unix_time = nt_time_to_unix(r->acct_expiry);
 202                 stored_time = pdb_get_kickoff_time(account);
 203                 if (stored_time != unix_time)
 204                         pdb_set_kickoff_time(account, unix_time, PDB_CHANGED);
 205         }
 206 
 207         /* Decode hashes from password hash
 208            Note that win2000 may send us all zeros for the hashes if it doesn't
 209            think this channel is secure enough - don't set the passwords at all
 210            in that case
 211         */
 212         if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
 213                 pdb_set_lanman_passwd(account, r->lmpassword.hash, PDB_CHANGED);
 214         }
 215 
 216         if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
 217                 pdb_set_nt_passwd(account, r->ntpassword.hash, PDB_CHANGED);
 218         }
 219 
 220         /* TODO: account expiry time */
 221 
 222         pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED);
 223 
 224         pdb_set_domain(account, lp_workgroup(), PDB_CHANGED);
 225 
 226         return NT_STATUS_OK;
 227 }
 228 
 229 /****************************************************************
 230 ****************************************************************/
 231 
 232 static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 233                                    uint32_t rid,
 234                                    struct netr_DELTA_USER *r)
 235 {
 236 
 237         NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
 238         fstring account;
 239         struct samu *sam_account=NULL;
 240         GROUP_MAP map;
 241         struct group *grp;
 242         DOM_SID user_sid;
 243         DOM_SID group_sid;
 244         struct passwd *passwd = NULL;
 245         fstring sid_string;
 246 
 247         fstrcpy(account, r->account_name.string);
 248         d_printf("Creating account: %s\n", account);
 249 
 250         if ( !(sam_account = samu_new(mem_ctx)) ) {
 251                 return NT_STATUS_NO_MEMORY;
 252         }
 253 
 254         nt_ret = smb_create_user(sam_account, r->acct_flags, account, &passwd);
 255         if (!NT_STATUS_IS_OK(nt_ret)) {
 256                 d_fprintf(stderr, "Could not create posix account info for '%s'\n",
 257                         account);
 258                 goto done;
 259         }
 260 
 261         sid_copy(&user_sid, get_global_sam_sid());
 262         sid_append_rid(&user_sid, r->rid);
 263 
 264         DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
 265                   sid_to_fstring(sid_string, &user_sid), account));
 266         if (!pdb_getsampwsid(sam_account, &user_sid)) {
 267                 sam_account_from_delta(sam_account, r);
 268                 DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
 269                           sid_to_fstring(sid_string, &user_sid),
 270                           pdb_get_username(sam_account)));
 271                 if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) {
 272                         DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
 273                                   account));
 274                         return NT_STATUS_ACCESS_DENIED;
 275                 }
 276         } else {
 277                 sam_account_from_delta(sam_account, r);
 278                 DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
 279                           sid_to_fstring(sid_string, &user_sid),
 280                           pdb_get_username(sam_account)));
 281                 if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) {
 282                         DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
 283                                   account));
 284                         TALLOC_FREE(sam_account);
 285                         return NT_STATUS_ACCESS_DENIED;
 286                 }
 287         }
 288 
 289         if (pdb_get_group_sid(sam_account) == NULL) {
 290                 return NT_STATUS_UNSUCCESSFUL;
 291         }
 292 
 293         group_sid = *pdb_get_group_sid(sam_account);
 294 
 295         if (!pdb_getgrsid(&map, group_sid)) {
 296                 DEBUG(0, ("Primary group of %s has no mapping!\n",
 297                           pdb_get_username(sam_account)));
 298         } else {
 299                 if (map.gid != passwd->pw_gid) {
 300                         if (!(grp = getgrgid(map.gid))) {
 301                                 DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
 302                                           (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
 303                         } else {
 304                                 smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
 305                         }
 306                 }
 307         }
 308 
 309         if ( !passwd ) {
 310                 DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
 311                         pdb_get_username(sam_account)));
 312         }
 313 
 314  done:
 315         TALLOC_FREE(sam_account);
 316         return nt_ret;
 317 }
 318 
 319 /****************************************************************
 320 ****************************************************************/
 321 
 322 static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 323                                  uint32_t rid,
 324                                  struct netr_DELTA_GROUP *r)
 325 {
 326         fstring name;
 327         fstring comment;
 328         struct group *grp = NULL;
 329         DOM_SID group_sid;
 330         fstring sid_string;
 331         GROUP_MAP map;
 332         bool insert = true;
 333 
 334         fstrcpy(name, r->group_name.string);
 335         fstrcpy(comment, r->description.string);
 336 
 337         /* add the group to the mapping table */
 338         sid_copy(&group_sid, get_global_sam_sid());
 339         sid_append_rid(&group_sid, rid);
 340         sid_to_fstring(sid_string, &group_sid);
 341 
 342         if (pdb_getgrsid(&map, group_sid)) {
 343                 if ( map.gid != -1 )
 344                         grp = getgrgid(map.gid);
 345                 insert = false;
 346         }
 347 
 348         if (grp == NULL) {
 349                 gid_t gid;
 350 
 351                 /* No group found from mapping, find it from its name. */
 352                 if ((grp = getgrnam(name)) == NULL) {
 353 
 354                         /* No appropriate group found, create one */
 355 
 356                         d_printf("Creating unix group: '%s'\n", name);
 357 
 358                         if (smb_create_group(name, &gid) != 0)
 359                                 return NT_STATUS_ACCESS_DENIED;
 360 
 361                         if ((grp = getgrnam(name)) == NULL)
 362                                 return NT_STATUS_ACCESS_DENIED;
 363                 }
 364         }
 365 
 366         map.gid = grp->gr_gid;
 367         map.sid = group_sid;
 368         map.sid_name_use = SID_NAME_DOM_GRP;
 369         fstrcpy(map.nt_name, name);
 370         if (r->description.string) {
 371                 fstrcpy(map.comment, comment);
 372         } else {
 373                 fstrcpy(map.comment, "");
 374         }
 375 
 376         if (insert)
 377                 pdb_add_group_mapping_entry(&map);
 378         else
 379                 pdb_update_group_mapping_entry(&map);
 380 
 381         return NT_STATUS_OK;
 382 }
 383 
 384 /****************************************************************
 385 ****************************************************************/
 386 
 387 static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 388                                      uint32_t rid,
 389                                      struct netr_DELTA_GROUP_MEMBER *r)
 390 {
 391         int i;
 392         char **nt_members = NULL;
 393         char **unix_members;
 394         DOM_SID group_sid;
 395         GROUP_MAP map;
 396         struct group *grp;
 397 
 398         if (r->num_rids == 0) {
 399                 return NT_STATUS_OK;
 400         }
 401 
 402         sid_copy(&group_sid, get_global_sam_sid());
 403         sid_append_rid(&group_sid, rid);
 404 
 405         if (!get_domain_group_from_sid(group_sid, &map)) {
 406                 DEBUG(0, ("Could not find global group %d\n", rid));
 407                 return NT_STATUS_NO_SUCH_GROUP;
 408         }
 409 
 410         if (!(grp = getgrgid(map.gid))) {
 411                 DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
 412                 return NT_STATUS_NO_SUCH_GROUP;
 413         }
 414 
 415         d_printf("Group members of %s: ", grp->gr_name);
 416 
 417         if (r->num_rids) {
 418                 if ((nt_members = TALLOC_ZERO_ARRAY(mem_ctx, char *, r->num_rids)) == NULL) {
 419                         DEBUG(0, ("talloc failed\n"));
 420                         return NT_STATUS_NO_MEMORY;
 421                 }
 422         } else {
 423                 nt_members = NULL;
 424         }
 425 
 426         for (i=0; i < r->num_rids; i++) {
 427                 struct samu *member = NULL;
 428                 DOM_SID member_sid;
 429 
 430                 if ( !(member = samu_new(mem_ctx)) ) {
 431                         return NT_STATUS_NO_MEMORY;
 432                 }
 433 
 434                 sid_copy(&member_sid, get_global_sam_sid());
 435                 sid_append_rid(&member_sid, r->rids[i]);
 436 
 437                 if (!pdb_getsampwsid(member, &member_sid)) {
 438                         DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
 439                                   r->rids[i], sid_string_tos(&member_sid), grp->gr_name));
 440                         TALLOC_FREE(member);
 441                         continue;
 442                 }
 443 
 444                 if (pdb_get_group_rid(member) == rid) {
 445                         d_printf("%s(primary),", pdb_get_username(member));
 446                         TALLOC_FREE(member);
 447                         continue;
 448                 }
 449 
 450                 d_printf("%s,", pdb_get_username(member));
 451                 nt_members[i] = talloc_strdup(mem_ctx, pdb_get_username(member));
 452                 TALLOC_FREE(member);
 453         }
 454 
 455         d_printf("\n");
 456 
 457         unix_members = grp->gr_mem;
 458 
 459         while (*unix_members) {
 460                 bool is_nt_member = false;
 461                 for (i=0; i < r->num_rids; i++) {
 462                         if (nt_members[i] == NULL) {
 463                                 /* This was a primary group */
 464                                 continue;
 465                         }
 466 
 467                         if (strcmp(*unix_members, nt_members[i]) == 0) {
 468                                 is_nt_member = true;
 469                                 break;
 470                         }
 471                 }
 472                 if (!is_nt_member) {
 473                         /* We look at a unix group member that is not
 474                            an nt group member. So, remove it. NT is
 475                            boss here. */
 476                         smb_delete_user_group(grp->gr_name, *unix_members);
 477                 }
 478                 unix_members += 1;
 479         }
 480 
 481         for (i=0; i < r->num_rids; i++) {
 482                 bool is_unix_member = false;
 483 
 484                 if (nt_members[i] == NULL) {
 485                         /* This was the primary group */
 486                         continue;
 487                 }
 488 
 489                 unix_members = grp->gr_mem;
 490 
 491                 while (*unix_members) {
 492                         if (strcmp(*unix_members, nt_members[i]) == 0) {
 493                                 is_unix_member = true;
 494                                 break;
 495                         }
 496                         unix_members += 1;
 497                 }
 498 
 499                 if (!is_unix_member) {
 500                         /* We look at a nt group member that is not a
 501                            unix group member currently. So, add the nt
 502                            group member. */
 503                         smb_add_user_group(grp->gr_name, nt_members[i]);
 504                 }
 505         }
 506 
 507         return NT_STATUS_OK;
 508 }
 509 
 510 /****************************************************************
 511 ****************************************************************/
 512 
 513 static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 514                                  uint32_t rid,
 515                                  struct netr_DELTA_ALIAS *r,
 516                                  const DOM_SID *dom_sid)
 517 {
 518         fstring name;
 519         fstring comment;
 520         struct group *grp = NULL;
 521         DOM_SID alias_sid;
 522         fstring sid_string;
 523         GROUP_MAP map;
 524         bool insert = true;
 525 
 526         fstrcpy(name, r->alias_name.string);
 527         fstrcpy(comment, r->description.string);
 528 
 529         /* Find out whether the group is already mapped */
 530         sid_copy(&alias_sid, dom_sid);
 531         sid_append_rid(&alias_sid, rid);
 532         sid_to_fstring(sid_string, &alias_sid);
 533 
 534         if (pdb_getgrsid(&map, alias_sid)) {
 535                 grp = getgrgid(map.gid);
 536                 insert = false;
 537         }
 538 
 539         if (grp == NULL) {
 540                 gid_t gid;
 541 
 542                 /* No group found from mapping, find it from its name. */
 543                 if ((grp = getgrnam(name)) == NULL) {
 544                         /* No appropriate group found, create one */
 545                         d_printf("Creating unix group: '%s'\n", name);
 546                         if (smb_create_group(name, &gid) != 0)
 547                                 return NT_STATUS_ACCESS_DENIED;
 548                         if ((grp = getgrgid(gid)) == NULL)
 549                                 return NT_STATUS_ACCESS_DENIED;
 550                 }
 551         }
 552 
 553         map.gid = grp->gr_gid;
 554         map.sid = alias_sid;
 555 
 556         if (sid_equal(dom_sid, &global_sid_Builtin))
 557                 map.sid_name_use = SID_NAME_WKN_GRP;
 558         else
 559                 map.sid_name_use = SID_NAME_ALIAS;
 560 
 561         fstrcpy(map.nt_name, name);
 562         fstrcpy(map.comment, comment);
 563 
 564         if (insert)
 565                 pdb_add_group_mapping_entry(&map);
 566         else
 567                 pdb_update_group_mapping_entry(&map);
 568 
 569         return NT_STATUS_OK;
 570 }
 571 
 572 /****************************************************************
 573 ****************************************************************/
 574 
 575 static NTSTATUS fetch_alias_mem(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 576                                 uint32_t rid,
 577                                 struct netr_DELTA_ALIAS_MEMBER *r,
 578                                 const DOM_SID *dom_sid)
 579 {
 580         return NT_STATUS_OK;
 581 }
 582 
 583 /****************************************************************
 584 ****************************************************************/
 585 
 586 static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 587                                   uint32_t rid,
 588                                   struct netr_DELTA_DOMAIN *r)
 589 {
 590         time_t u_max_age, u_min_age, u_logout;
 591         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 592         const char *domname;
 593         struct netr_AcctLockStr *lockstr = NULL;
 594         NTSTATUS status;
 595 
 596         status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout,
 597                                        &lockstr);
 598         if (!NT_STATUS_IS_OK(status)) {
 599                 d_printf("failed to pull account lockout string: %s\n",
 600                         nt_errstr(status));
 601         }
 602 
 603         u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age);
 604         u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age);
 605         u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time);
 606 
 607         domname = r->domain_name.string;
 608         if (!domname) {
 609                 return NT_STATUS_NO_MEMORY;
 610         }
 611 
 612         /* we don't handle BUILTIN account policies */
 613         if (!strequal(domname, get_global_sam_name())) {
 614                 printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname);
 615                 return NT_STATUS_OK;
 616         }
 617 
 618 
 619         if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
 620                                     r->password_history_length))
 621                 return nt_status;
 622 
 623         if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
 624                                     r->min_password_length))
 625                 return nt_status;
 626 
 627         if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
 628                 return nt_status;
 629 
 630         if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
 631                 return nt_status;
 632 
 633         if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
 634                 return nt_status;
 635 
 636         if (lockstr) {
 637                 time_t u_lockoutreset, u_lockouttime;
 638 
 639                 u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
 640                 u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration);
 641 
 642                 if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
 643                                             lockstr->bad_attempt_lockout))
 644                         return nt_status;
 645 
 646                 if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60))
 647                         return nt_status;
 648 
 649                 if (u_lockouttime != -1)
 650                         u_lockouttime /= 60;
 651 
 652                 if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime))
 653                         return nt_status;
 654         }
 655 
 656         if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
 657                                     r->logon_to_chgpass))
 658                 return nt_status;
 659 
 660         return NT_STATUS_OK;
 661 }
 662 
 663 /****************************************************************
 664 ****************************************************************/
 665 
 666 static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 667                                 enum netr_SamDatabaseID database_id,
 668                                 struct netr_DELTA_ENUM *r,
 669                                 struct samsync_context *ctx)
 670 {
 671         NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
 672 
 673         switch (r->delta_type) {
 674         case NETR_DELTA_USER:
 675                 status = fetch_account_info(mem_ctx,
 676                                             r->delta_id_union.rid,
 677                                             r->delta_union.user);
 678                 break;
 679         case NETR_DELTA_GROUP:
 680                 status = fetch_group_info(mem_ctx,
 681                                           r->delta_id_union.rid,
 682                                           r->delta_union.group);
 683                 break;
 684         case NETR_DELTA_GROUP_MEMBER:
 685                 status = fetch_group_mem_info(mem_ctx,
 686                                               r->delta_id_union.rid,
 687                                               r->delta_union.group_member);
 688                 break;
 689         case NETR_DELTA_ALIAS:
 690                 status = fetch_alias_info(mem_ctx,
 691                                           r->delta_id_union.rid,
 692                                           r->delta_union.alias,
 693                                           ctx->domain_sid);
 694                 break;
 695         case NETR_DELTA_ALIAS_MEMBER:
 696                 status = fetch_alias_mem(mem_ctx,
 697                                          r->delta_id_union.rid,
 698                                          r->delta_union.alias_member,
 699                                          ctx->domain_sid);
 700                 break;
 701         case NETR_DELTA_DOMAIN:
 702                 status = fetch_domain_info(mem_ctx,
 703                                            r->delta_id_union.rid,
 704                                            r->delta_union.domain);
 705                 break;
 706         /* The following types are recognised but not handled */
 707         case NETR_DELTA_RENAME_GROUP:
 708                 d_printf("NETR_DELTA_RENAME_GROUP not handled\n");
 709                 break;
 710         case NETR_DELTA_RENAME_USER:
 711                 d_printf("NETR_DELTA_RENAME_USER not handled\n");
 712                 break;
 713         case NETR_DELTA_RENAME_ALIAS:
 714                 d_printf("NETR_DELTA_RENAME_ALIAS not handled\n");
 715                 break;
 716         case NETR_DELTA_POLICY:
 717                 d_printf("NETR_DELTA_POLICY not handled\n");
 718                 break;
 719         case NETR_DELTA_TRUSTED_DOMAIN:
 720                 d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n");
 721                 break;
 722         case NETR_DELTA_ACCOUNT:
 723                 d_printf("NETR_DELTA_ACCOUNT not handled\n");
 724                 break;
 725         case NETR_DELTA_SECRET:
 726                 d_printf("NETR_DELTA_SECRET not handled\n");
 727                 break;
 728         case NETR_DELTA_DELETE_GROUP:
 729                 d_printf("NETR_DELTA_DELETE_GROUP not handled\n");
 730                 break;
 731         case NETR_DELTA_DELETE_USER:
 732                 d_printf("NETR_DELTA_DELETE_USER not handled\n");
 733                 break;
 734         case NETR_DELTA_MODIFY_COUNT:
 735                 d_printf("NETR_DELTA_MODIFY_COUNT not handled\n");
 736                 break;
 737         case NETR_DELTA_DELETE_ALIAS:
 738                 d_printf("NETR_DELTA_DELETE_ALIAS not handled\n");
 739                 break;
 740         case NETR_DELTA_DELETE_TRUST:
 741                 d_printf("NETR_DELTA_DELETE_TRUST not handled\n");
 742                 break;
 743         case NETR_DELTA_DELETE_ACCOUNT:
 744                 d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n");
 745                 break;
 746         case NETR_DELTA_DELETE_SECRET:
 747                 d_printf("NETR_DELTA_DELETE_SECRET not handled\n");
 748                 break;
 749         case NETR_DELTA_DELETE_GROUP2:
 750                 d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n");
 751                 break;
 752         case NETR_DELTA_DELETE_USER2:
 753                 d_printf("NETR_DELTA_DELETE_USER2 not handled\n");
 754                 break;
 755         default:
 756                 d_printf("Unknown delta record type %d\n", r->delta_type);
 757                 status = NT_STATUS_INVALID_PARAMETER;
 758                 break;
 759         }
 760 
 761         return status;
 762 }
 763 
 764 /****************************************************************
 765 ****************************************************************/
 766 
 767 static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 768                                   enum netr_SamDatabaseID database_id,
 769                                   struct netr_DELTA_ENUM_ARRAY *r,
 770                                   uint64_t *sequence_num,
 771                                   struct samsync_context *ctx)
 772 {
 773         int i;
 774 
 775         for (i = 0; i < r->num_deltas; i++) {
 776                 fetch_sam_entry(mem_ctx, database_id, &r->delta_enum[i], ctx);
 777         }
 778 
 779         return NT_STATUS_OK;
 780 }
 781 
 782 /****************************************************************
 783 ****************************************************************/
 784 
 785 const struct samsync_ops libnet_samsync_passdb_ops = {
 786         .process_objects        = fetch_sam_entries,
 787 };

/* [<][>][^][v][top][bottom][index][help] */