/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- lazy_initialize_passdb
- smb_register_passdb
- pdb_find_backend_entry
- pdb_get_event_context
- make_pdb_method_name
- pdb_get_methods_reload
- pdb_get_methods
- pdb_getsampwnam
- guest_user_info
- pdb_getsampwsid
- pdb_default_create_user
- pdb_create_user
- smb_delete_user
- pdb_default_delete_user
- pdb_delete_user
- pdb_add_sam_account
- pdb_update_sam_account
- pdb_delete_sam_account
- pdb_rename_sam_account
- pdb_update_login_attempts
- pdb_getgrsid
- pdb_getgrgid
- pdb_getgrnam
- pdb_default_create_dom_group
- pdb_create_dom_group
- pdb_default_delete_dom_group
- pdb_delete_dom_group
- pdb_add_group_mapping_entry
- pdb_update_group_mapping_entry
- pdb_delete_group_mapping_entry
- pdb_enum_group_mapping
- pdb_enum_group_members
- pdb_enum_group_memberships
- pdb_default_set_unix_primary_group
- pdb_set_unix_primary_group
- pdb_user_in_group
- pdb_default_add_groupmem
- pdb_add_groupmem
- pdb_default_del_groupmem
- pdb_del_groupmem
- pdb_create_alias
- pdb_delete_alias
- pdb_get_aliasinfo
- pdb_set_aliasinfo
- pdb_add_aliasmem
- pdb_del_aliasmem
- pdb_enum_aliasmem
- pdb_enum_alias_memberships
- pdb_lookup_rids
- pdb_lookup_names
- pdb_get_account_policy
- pdb_set_account_policy
- pdb_get_seq_num
- pdb_uid_to_rid
- pdb_uid_to_sid
- pdb_gid_to_sid
- pdb_sid_to_id
- pdb_rid_algorithm
- pdb_new_rid
- initialize_password_db
- pdb_default_getsampwnam
- pdb_default_getsampwsid
- pdb_default_add_sam_account
- pdb_default_update_sam_account
- pdb_default_delete_sam_account
- pdb_default_rename_sam_account
- pdb_default_update_login_attempts
- pdb_default_get_account_policy
- pdb_default_set_account_policy
- pdb_default_get_seq_num
- pdb_default_uid_to_sid
- pdb_default_uid_to_rid
- pdb_default_gid_to_sid
- pdb_default_sid_to_id
- add_uid_to_array_unique
- get_memberuids
- pdb_default_enum_group_members
- pdb_default_enum_group_memberships
- lookup_global_sam_rid
- pdb_default_lookup_rids
- pdb_default_lookup_names
- pdb_search_destructor
- pdb_search_init
- fill_displayentry
- next_entry_groups
- search_end_groups
- pdb_search_grouptype
- pdb_default_search_groups
- pdb_default_search_aliases
- pdb_search_getentry
- pdb_search_users
- pdb_search_groups
- pdb_search_aliases
- pdb_search_entries
- pdb_get_trusteddom_pw
- pdb_set_trusteddom_pw
- pdb_del_trusteddom_pw
- pdb_enum_trusteddoms
- pdb_default_get_trusteddom_pw
- pdb_default_set_trusteddom_pw
- pdb_default_del_trusteddom_pw
- pdb_default_enum_trusteddoms
- make_pdb_method
1 /*
2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Volker Lendecke 2006
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_PASSDB
27
28 static_decl_pdb;
29
30 static struct pdb_init_function_entry *backends = NULL;
31
32 static void lazy_initialize_passdb(void)
/* [<][>][^][v][top][bottom][index][help] */
33 {
34 static bool initialized = False;
35 if(initialized) {
36 return;
37 }
38 static_init_pdb;
39 initialized = True;
40 }
41
42 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
43 const char **name,
44 enum lsa_SidType *psid_name_use,
45 union unid_t *unix_id);
46
47 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
/* [<][>][^][v][top][bottom][index][help] */
48 {
49 struct pdb_init_function_entry *entry = backends;
50
51 if(version != PASSDB_INTERFACE_VERSION) {
52 DEBUG(0,("Can't register passdb backend!\n"
53 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
54 "while this version of samba uses version %d\n",
55 version,PASSDB_INTERFACE_VERSION));
56 return NT_STATUS_OBJECT_TYPE_MISMATCH;
57 }
58
59 if (!name || !init) {
60 return NT_STATUS_INVALID_PARAMETER;
61 }
62
63 DEBUG(5,("Attempting to register passdb backend %s\n", name));
64
65 /* Check for duplicates */
66 if (pdb_find_backend_entry(name)) {
67 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
68 return NT_STATUS_OBJECT_NAME_COLLISION;
69 }
70
71 entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
72 entry->name = smb_xstrdup(name);
73 entry->init = init;
74
75 DLIST_ADD(backends, entry);
76 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
77 return NT_STATUS_OK;
78 }
79
80 struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
/* [<][>][^][v][top][bottom][index][help] */
81 {
82 struct pdb_init_function_entry *entry = backends;
83
84 while(entry) {
85 if (strcmp(entry->name, name)==0) return entry;
86 entry = entry->next;
87 }
88
89 return NULL;
90 }
91
92 /*
93 * The event context for the passdb backend. I know this is a bad hack and yet
94 * another static variable, but our pdb API is a global thing per
95 * definition. The first use for this is the LDAP idle function, more might be
96 * added later.
97 *
98 * I don't feel too bad about this static variable, it replaces the
99 * smb_idle_event_list that used to exist in lib/module.c. -- VL
100 */
101
102 static struct event_context *pdb_event_ctx;
103
104 struct event_context *pdb_get_event_context(void)
/* [<][>][^][v][top][bottom][index][help] */
105 {
106 return pdb_event_ctx;
107 }
108
109 /******************************************************************
110 Make a pdb_methods from scratch
111 *******************************************************************/
112
113 NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
/* [<][>][^][v][top][bottom][index][help] */
114 {
115 char *module_name = smb_xstrdup(selected);
116 char *module_location = NULL, *p;
117 struct pdb_init_function_entry *entry;
118 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
119
120 lazy_initialize_passdb();
121
122 p = strchr(module_name, ':');
123
124 if (p) {
125 *p = 0;
126 module_location = p+1;
127 trim_char(module_location, ' ', ' ');
128 }
129
130 trim_char(module_name, ' ', ' ');
131
132
133 DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
134
135 entry = pdb_find_backend_entry(module_name);
136
137 /* Try to find a module that contains this module */
138 if (!entry) {
139 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
140 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
141 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
142 SAFE_FREE(module_name);
143 return NT_STATUS_UNSUCCESSFUL;
144 }
145 }
146
147 /* No such backend found */
148 if(!entry) {
149 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
150 SAFE_FREE(module_name);
151 return NT_STATUS_INVALID_PARAMETER;
152 }
153
154 DEBUG(5,("Found pdb backend %s\n", module_name));
155
156 if ( !NT_STATUS_IS_OK( nt_status = entry->init(methods, module_location) ) ) {
157 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
158 selected, nt_errstr(nt_status)));
159 SAFE_FREE(module_name);
160 return nt_status;
161 }
162
163 SAFE_FREE(module_name);
164
165 DEBUG(5,("pdb backend %s has a valid init\n", selected));
166
167 return nt_status;
168 }
169
170 /******************************************************************
171 Return an already initialized pdb_methods structure
172 *******************************************************************/
173
174 static struct pdb_methods *pdb_get_methods_reload( bool reload )
/* [<][>][^][v][top][bottom][index][help] */
175 {
176 static struct pdb_methods *pdb = NULL;
177
178 if ( pdb && reload ) {
179 pdb->free_private_data( &(pdb->private_data) );
180 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
181 char *msg = NULL;
182 if (asprintf(&msg, "pdb_get_methods_reload: "
183 "failed to get pdb methods for backend %s\n",
184 lp_passdb_backend()) > 0) {
185 smb_panic(msg);
186 } else {
187 smb_panic("pdb_get_methods_reload");
188 }
189 }
190 }
191
192 if ( !pdb ) {
193 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
194 char *msg = NULL;
195 if (asprintf(&msg, "pdb_get_methods_reload: "
196 "failed to get pdb methods for backend %s\n",
197 lp_passdb_backend()) > 0) {
198 smb_panic(msg);
199 } else {
200 smb_panic("pdb_get_methods_reload");
201 }
202 }
203 }
204
205 return pdb;
206 }
207
208 static struct pdb_methods *pdb_get_methods(void)
/* [<][>][^][v][top][bottom][index][help] */
209 {
210 return pdb_get_methods_reload(False);
211 }
212
213 bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
/* [<][>][^][v][top][bottom][index][help] */
214 {
215 struct pdb_methods *pdb = pdb_get_methods();
216 struct samu *for_cache;
217 const struct dom_sid *user_sid;
218
219 if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
220 return False;
221 }
222
223 for_cache = samu_new(NULL);
224 if (for_cache == NULL) {
225 return False;
226 }
227
228 if (!pdb_copy_sam_account(for_cache, sam_acct)) {
229 TALLOC_FREE(for_cache);
230 return False;
231 }
232
233 user_sid = pdb_get_user_sid(for_cache);
234
235 memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
236 data_blob_const(user_sid, sizeof(*user_sid)),
237 &for_cache);
238
239 return True;
240 }
241
242 /**********************************************************************
243 **********************************************************************/
244
245 bool guest_user_info( struct samu *user )
/* [<][>][^][v][top][bottom][index][help] */
246 {
247 struct passwd *pwd;
248 NTSTATUS result;
249 const char *guestname = lp_guestaccount();
250
251 if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) {
252 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
253 guestname));
254 return False;
255 }
256
257 result = samu_set_unix(user, pwd );
258
259 TALLOC_FREE( pwd );
260
261 return NT_STATUS_IS_OK( result );
262 }
263
264 /**********************************************************************
265 **********************************************************************/
266
267 bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
268 {
269 struct pdb_methods *pdb = pdb_get_methods();
270 uint32 rid;
271 void *cache_data;
272
273 /* hard code the Guest RID of 501 */
274
275 if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
276 return False;
277
278 if ( rid == DOMAIN_USER_RID_GUEST ) {
279 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
280 return guest_user_info( sam_acct );
281 }
282
283 /* check the cache first */
284
285 cache_data = memcache_lookup_talloc(
286 NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
287
288 if (cache_data != NULL) {
289 struct samu *cache_copy = talloc_get_type_abort(
290 cache_data, struct samu);
291
292 return pdb_copy_sam_account(sam_acct, cache_copy);
293 }
294
295 return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
296 }
297
298 static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
299 TALLOC_CTX *tmp_ctx, const char *name,
300 uint32 acb_info, uint32 *rid)
301 {
302 struct samu *sam_pass;
303 NTSTATUS status;
304 struct passwd *pwd;
305
306 if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
307 return NT_STATUS_NO_MEMORY;
308 }
309
310 if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
311 char *add_script = NULL;
312 int add_ret;
313 fstring name2;
314
315 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
316 add_script = talloc_strdup(tmp_ctx,
317 lp_adduser_script());
318 } else {
319 add_script = talloc_strdup(tmp_ctx,
320 lp_addmachine_script());
321 }
322
323 if (!add_script || add_script[0] == '\0') {
324 DEBUG(3, ("Could not find user %s and no add script "
325 "defined\n", name));
326 return NT_STATUS_NO_SUCH_USER;
327 }
328
329 /* lowercase the username before creating the Unix account for
330 compatibility with previous Samba releases */
331 fstrcpy( name2, name );
332 strlower_m( name2 );
333 add_script = talloc_all_string_sub(tmp_ctx,
334 add_script,
335 "%u",
336 name2);
337 if (!add_script) {
338 return NT_STATUS_NO_MEMORY;
339 }
340 add_ret = smbrun(add_script,NULL);
341 DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
342 add_script, add_ret));
343 if (add_ret == 0) {
344 smb_nscd_flush_user_cache();
345 }
346
347 flush_pwnam_cache();
348
349 pwd = Get_Pwnam_alloc(tmp_ctx, name);
350 }
351
352 /* we have a valid SID coming out of this call */
353
354 status = samu_alloc_rid_unix( sam_pass, pwd );
355
356 TALLOC_FREE( pwd );
357
358 if (!NT_STATUS_IS_OK(status)) {
359 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
360 return status;
361 }
362
363 if (!sid_peek_check_rid(get_global_sam_sid(),
364 pdb_get_user_sid(sam_pass), rid)) {
365 DEBUG(0, ("Could not get RID of fresh user\n"));
366 return NT_STATUS_INTERNAL_ERROR;
367 }
368
369 /* Use the username case specified in the original request */
370
371 pdb_set_username( sam_pass, name, PDB_SET );
372
373 /* Disable the account on creation, it does not have a reasonable password yet. */
374
375 acb_info |= ACB_DISABLED;
376
377 pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
378
379 status = pdb_add_sam_account(sam_pass);
380
381 TALLOC_FREE(sam_pass);
382
383 return status;
384 }
385
386 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
/* [<][>][^][v][top][bottom][index][help] */
387 uint32 *rid)
388 {
389 struct pdb_methods *pdb = pdb_get_methods();
390 return pdb->create_user(pdb, mem_ctx, name, flags, rid);
391 }
392
393 /****************************************************************************
394 Delete a UNIX user on demand.
395 ****************************************************************************/
396
397 static int smb_delete_user(const char *unix_user)
/* [<][>][^][v][top][bottom][index][help] */
398 {
399 char *del_script = NULL;
400 int ret;
401
402 /* safety check */
403
404 if ( strequal( unix_user, "root" ) ) {
405 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
406 return -1;
407 }
408
409 del_script = talloc_strdup(talloc_tos(), lp_deluser_script());
410 if (!del_script || !*del_script) {
411 return -1;
412 }
413 del_script = talloc_all_string_sub(talloc_tos(),
414 del_script,
415 "%u",
416 unix_user);
417 if (!del_script) {
418 return -1;
419 }
420 ret = smbrun(del_script,NULL);
421 flush_pwnam_cache();
422 if (ret == 0) {
423 smb_nscd_flush_user_cache();
424 }
425 DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
426
427 return ret;
428 }
429
430 static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
431 TALLOC_CTX *mem_ctx,
432 struct samu *sam_acct)
433 {
434 NTSTATUS status;
435 fstring username;
436
437 status = pdb_delete_sam_account(sam_acct);
438 if (!NT_STATUS_IS_OK(status)) {
439 return status;
440 }
441
442 /*
443 * Now delete the unix side ....
444 * note: we don't check if the delete really happened as the script is
445 * not necessary present and maybe the sysadmin doesn't want to delete
446 * the unix side
447 */
448
449 /* always lower case the username before handing it off to
450 external scripts */
451
452 fstrcpy( username, pdb_get_username(sam_acct) );
453 strlower_m( username );
454
455 smb_delete_user( username );
456
457 return status;
458 }
459
460 NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
/* [<][>][^][v][top][bottom][index][help] */
461 {
462 struct pdb_methods *pdb = pdb_get_methods();
463 uid_t uid = -1;
464
465 /* sanity check to make sure we don't delete root */
466
467 if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
468 return NT_STATUS_NO_SUCH_USER;
469 }
470
471 if ( uid == 0 ) {
472 return NT_STATUS_ACCESS_DENIED;
473 }
474
475 return pdb->delete_user(pdb, mem_ctx, sam_acct);
476 }
477
478 NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
/* [<][>][^][v][top][bottom][index][help] */
479 {
480 struct pdb_methods *pdb = pdb_get_methods();
481 return pdb->add_sam_account(pdb, sam_acct);
482 }
483
484 NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
/* [<][>][^][v][top][bottom][index][help] */
485 {
486 struct pdb_methods *pdb = pdb_get_methods();
487
488 memcache_flush(NULL, PDB_GETPWSID_CACHE);
489
490 return pdb->update_sam_account(pdb, sam_acct);
491 }
492
493 NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
/* [<][>][^][v][top][bottom][index][help] */
494 {
495 struct pdb_methods *pdb = pdb_get_methods();
496
497 memcache_flush(NULL, PDB_GETPWSID_CACHE);
498
499 return pdb->delete_sam_account(pdb, sam_acct);
500 }
501
502 NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
/* [<][>][^][v][top][bottom][index][help] */
503 {
504 struct pdb_methods *pdb = pdb_get_methods();
505 uid_t uid;
506 NTSTATUS status;
507
508 memcache_flush(NULL, PDB_GETPWSID_CACHE);
509
510 /* sanity check to make sure we don't rename root */
511
512 if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
513 return NT_STATUS_NO_SUCH_USER;
514 }
515
516 if ( uid == 0 ) {
517 return NT_STATUS_ACCESS_DENIED;
518 }
519
520 status = pdb->rename_sam_account(pdb, oldname, newname);
521
522 /* always flush the cache here just to be safe */
523 flush_pwnam_cache();
524
525 return status;
526 }
527
528 NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
/* [<][>][^][v][top][bottom][index][help] */
529 {
530 struct pdb_methods *pdb = pdb_get_methods();
531 return pdb->update_login_attempts(pdb, sam_acct, success);
532 }
533
534 bool pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
/* [<][>][^][v][top][bottom][index][help] */
535 {
536 struct pdb_methods *pdb = pdb_get_methods();
537 return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
538 }
539
540 bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
/* [<][>][^][v][top][bottom][index][help] */
541 {
542 struct pdb_methods *pdb = pdb_get_methods();
543 return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
544 }
545
546 bool pdb_getgrnam(GROUP_MAP *map, const char *name)
/* [<][>][^][v][top][bottom][index][help] */
547 {
548 struct pdb_methods *pdb = pdb_get_methods();
549 return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
550 }
551
552 static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
553 TALLOC_CTX *mem_ctx,
554 const char *name,
555 uint32 *rid)
556 {
557 DOM_SID group_sid;
558 struct group *grp;
559 fstring tmp;
560
561 grp = getgrnam(name);
562
563 if (grp == NULL) {
564 gid_t gid;
565
566 if (smb_create_group(name, &gid) != 0) {
567 return NT_STATUS_ACCESS_DENIED;
568 }
569
570 grp = getgrgid(gid);
571 }
572
573 if (grp == NULL) {
574 return NT_STATUS_ACCESS_DENIED;
575 }
576
577 if (pdb_rid_algorithm()) {
578 *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
579 } else {
580 if (!pdb_new_rid(rid)) {
581 return NT_STATUS_ACCESS_DENIED;
582 }
583 }
584
585 sid_compose(&group_sid, get_global_sam_sid(), *rid);
586
587 return add_initial_entry(grp->gr_gid, sid_to_fstring(tmp, &group_sid),
588 SID_NAME_DOM_GRP, name, NULL);
589 }
590
591 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
/* [<][>][^][v][top][bottom][index][help] */
592 uint32 *rid)
593 {
594 struct pdb_methods *pdb = pdb_get_methods();
595 return pdb->create_dom_group(pdb, mem_ctx, name, rid);
596 }
597
598 static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
599 TALLOC_CTX *mem_ctx,
600 uint32 rid)
601 {
602 DOM_SID group_sid;
603 GROUP_MAP map;
604 NTSTATUS status;
605 struct group *grp;
606 const char *grp_name;
607
608 /* coverity */
609 map.gid = (gid_t) -1;
610
611 sid_compose(&group_sid, get_global_sam_sid(), rid);
612
613 if (!get_domain_group_from_sid(group_sid, &map)) {
614 DEBUG(10, ("Could not find group for rid %d\n", rid));
615 return NT_STATUS_NO_SUCH_GROUP;
616 }
617
618 /* We need the group name for the smb_delete_group later on */
619
620 if (map.gid == (gid_t)-1) {
621 return NT_STATUS_NO_SUCH_GROUP;
622 }
623
624 grp = getgrgid(map.gid);
625 if (grp == NULL) {
626 return NT_STATUS_NO_SUCH_GROUP;
627 }
628
629 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
630
631 grp_name = talloc_strdup(mem_ctx, grp->gr_name);
632 if (grp_name == NULL) {
633 return NT_STATUS_NO_MEMORY;
634 }
635
636 status = pdb_delete_group_mapping_entry(group_sid);
637
638 if (!NT_STATUS_IS_OK(status)) {
639 return status;
640 }
641
642 /* Don't check the result of smb_delete_group */
643
644 smb_delete_group(grp_name);
645
646 return NT_STATUS_OK;
647 }
648
649 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
/* [<][>][^][v][top][bottom][index][help] */
650 {
651 struct pdb_methods *pdb = pdb_get_methods();
652 return pdb->delete_dom_group(pdb, mem_ctx, rid);
653 }
654
655 NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
/* [<][>][^][v][top][bottom][index][help] */
656 {
657 struct pdb_methods *pdb = pdb_get_methods();
658 return pdb->add_group_mapping_entry(pdb, map);
659 }
660
661 NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
/* [<][>][^][v][top][bottom][index][help] */
662 {
663 struct pdb_methods *pdb = pdb_get_methods();
664 return pdb->update_group_mapping_entry(pdb, map);
665 }
666
667 NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
/* [<][>][^][v][top][bottom][index][help] */
668 {
669 struct pdb_methods *pdb = pdb_get_methods();
670 return pdb->delete_group_mapping_entry(pdb, sid);
671 }
672
673 bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
/* [<][>][^][v][top][bottom][index][help] */
674 size_t *p_num_entries, bool unix_only)
675 {
676 struct pdb_methods *pdb = pdb_get_methods();
677 return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
678 pp_rmap, p_num_entries, unix_only));
679 }
680
681 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
682 const DOM_SID *sid,
683 uint32 **pp_member_rids,
684 size_t *p_num_members)
685 {
686 struct pdb_methods *pdb = pdb_get_methods();
687 NTSTATUS result;
688
689 result = pdb->enum_group_members(pdb, mem_ctx,
690 sid, pp_member_rids, p_num_members);
691
692 /* special check for rid 513 */
693
694 if ( !NT_STATUS_IS_OK( result ) ) {
695 uint32 rid;
696
697 sid_peek_rid( sid, &rid );
698
699 if ( rid == DOMAIN_GROUP_RID_USERS ) {
700 *p_num_members = 0;
701 *pp_member_rids = NULL;
702
703 return NT_STATUS_OK;
704 }
705 }
706
707 return result;
708 }
709
710 NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
/* [<][>][^][v][top][bottom][index][help] */
711 DOM_SID **pp_sids, gid_t **pp_gids,
712 size_t *p_num_groups)
713 {
714 struct pdb_methods *pdb = pdb_get_methods();
715 return pdb->enum_group_memberships(
716 pdb, mem_ctx, user,
717 pp_sids, pp_gids, p_num_groups);
718 }
719
720 static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
721 TALLOC_CTX *mem_ctx,
722 struct samu *sampass)
723 {
724 struct group *grp;
725 gid_t gid;
726
727 if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
728 (grp = getgrgid(gid)) == NULL) {
729 return NT_STATUS_INVALID_PRIMARY_GROUP;
730 }
731
732 if (smb_set_primary_group(grp->gr_name,
733 pdb_get_username(sampass)) != 0) {
734 return NT_STATUS_ACCESS_DENIED;
735 }
736
737 return NT_STATUS_OK;
738 }
739
740 NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
/* [<][>][^][v][top][bottom][index][help] */
741 {
742 struct pdb_methods *pdb = pdb_get_methods();
743 return pdb->set_unix_primary_group(pdb, mem_ctx, user);
744 }
745
746 /*
747 * Helper function to see whether a user is in a group. We can't use
748 * user_in_group_sid here because this creates dependencies only smbd can
749 * fulfil.
750 */
751
752 static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
/* [<][>][^][v][top][bottom][index][help] */
753 const DOM_SID *group_sid)
754 {
755 DOM_SID *sids;
756 gid_t *gids;
757 size_t i, num_groups;
758
759 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
760 &sids, &gids,
761 &num_groups))) {
762 return False;
763 }
764
765 for (i=0; i<num_groups; i++) {
766 if (sid_equal(group_sid, &sids[i])) {
767 return True;
768 }
769 }
770 return False;
771 }
772
773 static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
774 TALLOC_CTX *mem_ctx,
775 uint32 group_rid,
776 uint32 member_rid)
777 {
778 DOM_SID group_sid, member_sid;
779 struct samu *account = NULL;
780 GROUP_MAP map;
781 struct group *grp;
782 struct passwd *pwd;
783 const char *group_name;
784 uid_t uid;
785
786 /* coverity */
787 map.gid = (gid_t) -1;
788
789 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
790 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
791
792 if (!get_domain_group_from_sid(group_sid, &map) ||
793 (map.gid == (gid_t)-1) ||
794 ((grp = getgrgid(map.gid)) == NULL)) {
795 return NT_STATUS_NO_SUCH_GROUP;
796 }
797
798 group_name = talloc_strdup(mem_ctx, grp->gr_name);
799 if (group_name == NULL) {
800 return NT_STATUS_NO_MEMORY;
801 }
802
803 if ( !(account = samu_new( NULL )) ) {
804 return NT_STATUS_NO_MEMORY;
805 }
806
807 if (!pdb_getsampwsid(account, &member_sid) ||
808 !sid_to_uid(&member_sid, &uid) ||
809 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
810 return NT_STATUS_NO_SUCH_USER;
811 }
812
813 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
814 return NT_STATUS_MEMBER_IN_GROUP;
815 }
816
817 /*
818 * ok, the group exist, the user exist, the user is not in the group,
819 * we can (finally) add it to the group !
820 */
821
822 smb_add_user_group(group_name, pwd->pw_name);
823
824 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
825 return NT_STATUS_ACCESS_DENIED;
826 }
827
828 return NT_STATUS_OK;
829 }
830
831 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
/* [<][>][^][v][top][bottom][index][help] */
832 uint32 member_rid)
833 {
834 struct pdb_methods *pdb = pdb_get_methods();
835 return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
836 }
837
838 static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
839 TALLOC_CTX *mem_ctx,
840 uint32 group_rid,
841 uint32 member_rid)
842 {
843 DOM_SID group_sid, member_sid;
844 struct samu *account = NULL;
845 GROUP_MAP map;
846 struct group *grp;
847 struct passwd *pwd;
848 const char *group_name;
849 uid_t uid;
850
851 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
852 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
853
854 if (!get_domain_group_from_sid(group_sid, &map) ||
855 (map.gid == (gid_t)-1) ||
856 ((grp = getgrgid(map.gid)) == NULL)) {
857 return NT_STATUS_NO_SUCH_GROUP;
858 }
859
860 group_name = talloc_strdup(mem_ctx, grp->gr_name);
861 if (group_name == NULL) {
862 return NT_STATUS_NO_MEMORY;
863 }
864
865 if ( !(account = samu_new( NULL )) ) {
866 return NT_STATUS_NO_MEMORY;
867 }
868
869 if (!pdb_getsampwsid(account, &member_sid) ||
870 !sid_to_uid(&member_sid, &uid) ||
871 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
872 return NT_STATUS_NO_SUCH_USER;
873 }
874
875 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
876 return NT_STATUS_MEMBER_NOT_IN_GROUP;
877 }
878
879 /*
880 * ok, the group exist, the user exist, the user is in the group,
881 * we can (finally) delete it from the group!
882 */
883
884 smb_delete_user_group(group_name, pwd->pw_name);
885
886 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
887 return NT_STATUS_ACCESS_DENIED;
888 }
889
890 return NT_STATUS_OK;
891 }
892
893 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
/* [<][>][^][v][top][bottom][index][help] */
894 uint32 member_rid)
895 {
896 struct pdb_methods *pdb = pdb_get_methods();
897 return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
898 }
899
900 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
/* [<][>][^][v][top][bottom][index][help] */
901 {
902 struct pdb_methods *pdb = pdb_get_methods();
903 return pdb->create_alias(pdb, name, rid);
904 }
905
906 NTSTATUS pdb_delete_alias(const DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
907 {
908 struct pdb_methods *pdb = pdb_get_methods();
909 return pdb->delete_alias(pdb, sid);
910 }
911
912 NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
/* [<][>][^][v][top][bottom][index][help] */
913 {
914 struct pdb_methods *pdb = pdb_get_methods();
915 return pdb->get_aliasinfo(pdb, sid, info);
916 }
917
918 NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
/* [<][>][^][v][top][bottom][index][help] */
919 {
920 struct pdb_methods *pdb = pdb_get_methods();
921 return pdb->set_aliasinfo(pdb, sid, info);
922 }
923
924 NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
/* [<][>][^][v][top][bottom][index][help] */
925 {
926 struct pdb_methods *pdb = pdb_get_methods();
927 return pdb->add_aliasmem(pdb, alias, member);
928 }
929
930 NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
/* [<][>][^][v][top][bottom][index][help] */
931 {
932 struct pdb_methods *pdb = pdb_get_methods();
933 return pdb->del_aliasmem(pdb, alias, member);
934 }
935
936 NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
/* [<][>][^][v][top][bottom][index][help] */
937 DOM_SID **pp_members, size_t *p_num_members)
938 {
939 struct pdb_methods *pdb = pdb_get_methods();
940 return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members);
941 }
942
943 NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
944 const DOM_SID *domain_sid,
945 const DOM_SID *members, size_t num_members,
946 uint32 **pp_alias_rids,
947 size_t *p_num_alias_rids)
948 {
949 struct pdb_methods *pdb = pdb_get_methods();
950 return pdb->enum_alias_memberships(pdb, mem_ctx,
951 domain_sid,
952 members, num_members,
953 pp_alias_rids,
954 p_num_alias_rids);
955 }
956
957 NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid,
/* [<][>][^][v][top][bottom][index][help] */
958 int num_rids,
959 uint32 *rids,
960 const char **names,
961 enum lsa_SidType *attrs)
962 {
963 struct pdb_methods *pdb = pdb_get_methods();
964 return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
965 }
966
967 /*
968 * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
969 * in the samba code.
970 * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
971 * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
972 * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
973 * down to are pdb_getsampwnam and pdb_getgrnam instead of
974 * pdb_lookup_names.
975 * But in principle, it the call belongs to the API and might get
976 * used in this context some day.
977 */
978 #if 0
979 NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
/* [<][>][^][v][top][bottom][index][help] */
980 int num_names,
981 const char **names,
982 uint32 *rids,
983 enum lsa_SidType *attrs)
984 {
985 struct pdb_methods *pdb = pdb_get_methods();
986 return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
987 }
988 #endif
989
990 bool pdb_get_account_policy(int policy_index, uint32 *value)
/* [<][>][^][v][top][bottom][index][help] */
991 {
992 struct pdb_methods *pdb = pdb_get_methods();
993 NTSTATUS status;
994
995 become_root();
996 status = pdb->get_account_policy(pdb, policy_index, value);
997 unbecome_root();
998
999 return NT_STATUS_IS_OK(status);
1000 }
1001
1002 bool pdb_set_account_policy(int policy_index, uint32 value)
/* [<][>][^][v][top][bottom][index][help] */
1003 {
1004 struct pdb_methods *pdb = pdb_get_methods();
1005 NTSTATUS status;
1006
1007 become_root();
1008 status = pdb->set_account_policy(pdb, policy_index, value);
1009 unbecome_root();
1010
1011 return NT_STATUS_IS_OK(status);
1012 }
1013
1014 bool pdb_get_seq_num(time_t *seq_num)
/* [<][>][^][v][top][bottom][index][help] */
1015 {
1016 struct pdb_methods *pdb = pdb_get_methods();
1017 return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1018 }
1019
1020 bool pdb_uid_to_rid(uid_t uid, uint32 *rid)
/* [<][>][^][v][top][bottom][index][help] */
1021 {
1022 struct pdb_methods *pdb = pdb_get_methods();
1023 return pdb->uid_to_rid(pdb, uid, rid);
1024 }
1025
1026 bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
1027 {
1028 struct pdb_methods *pdb = pdb_get_methods();
1029 return pdb->uid_to_sid(pdb, uid, sid);
1030 }
1031
1032 bool pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
1033 {
1034 struct pdb_methods *pdb = pdb_get_methods();
1035 return pdb->gid_to_sid(pdb, gid, sid);
1036 }
1037
1038 bool pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
/* [<][>][^][v][top][bottom][index][help] */
1039 enum lsa_SidType *type)
1040 {
1041 struct pdb_methods *pdb = pdb_get_methods();
1042 return pdb->sid_to_id(pdb, sid, id, type);
1043 }
1044
1045 bool pdb_rid_algorithm(void)
/* [<][>][^][v][top][bottom][index][help] */
1046 {
1047 struct pdb_methods *pdb = pdb_get_methods();
1048 return pdb->rid_algorithm(pdb);
1049 }
1050
1051 /********************************************************************
1052 Allocate a new RID from the passdb backend. Verify that it is free
1053 by calling lookup_global_sam_rid() to verify that the RID is not
1054 in use. This handles servers that have existing users or groups
1055 with add RIDs (assigned from previous algorithmic mappings)
1056 ********************************************************************/
1057
1058 bool pdb_new_rid(uint32 *rid)
/* [<][>][^][v][top][bottom][index][help] */
1059 {
1060 struct pdb_methods *pdb = pdb_get_methods();
1061 const char *name = NULL;
1062 enum lsa_SidType type;
1063 uint32 allocated_rid = 0;
1064 int i;
1065 TALLOC_CTX *ctx;
1066
1067 if (pdb_rid_algorithm()) {
1068 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1069 "are active\n"));
1070 return False;
1071 }
1072
1073 if (algorithmic_rid_base() != BASE_RID) {
1074 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1075 "without algorithmic RIDs is chosen.\n"));
1076 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1077 "add', set the maximum used RID\n"));
1078 DEBUGADD(0, ("and remove the parameter\n"));
1079 return False;
1080 }
1081
1082 if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1083 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1084 return False;
1085 }
1086
1087 /* Attempt to get an unused RID (max tires is 250...yes that it is
1088 and arbitrary number I pulkled out of my head). -- jerry */
1089
1090 for ( i=0; allocated_rid==0 && i<250; i++ ) {
1091 /* get a new RID */
1092
1093 if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1094 return False;
1095 }
1096
1097 /* validate that the RID is not in use */
1098
1099 if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
1100 allocated_rid = 0;
1101 }
1102 }
1103
1104 TALLOC_FREE( ctx );
1105
1106 if ( allocated_rid == 0 ) {
1107 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1108 return False;
1109 }
1110
1111 *rid = allocated_rid;
1112
1113 return True;
1114 }
1115
1116 /***************************************************************
1117 Initialize the static context (at smbd startup etc).
1118
1119 If uninitialised, context will auto-init on first use.
1120 ***************************************************************/
1121
1122 bool initialize_password_db(bool reload, struct event_context *event_ctx)
/* [<][>][^][v][top][bottom][index][help] */
1123 {
1124 pdb_event_ctx = event_ctx;
1125 return (pdb_get_methods_reload(reload) != NULL);
1126 }
1127
1128
1129 /***************************************************************************
1130 Default implementations of some functions.
1131 ****************************************************************************/
1132
1133 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
/* [<][>][^][v][top][bottom][index][help] */
1134 {
1135 return NT_STATUS_NO_SUCH_USER;
1136 }
1137
1138 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
1139 {
1140 return NT_STATUS_NO_SUCH_USER;
1141 }
1142
1143 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
/* [<][>][^][v][top][bottom][index][help] */
1144 {
1145 return NT_STATUS_NOT_IMPLEMENTED;
1146 }
1147
1148 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
/* [<][>][^][v][top][bottom][index][help] */
1149 {
1150 return NT_STATUS_NOT_IMPLEMENTED;
1151 }
1152
1153 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
/* [<][>][^][v][top][bottom][index][help] */
1154 {
1155 return NT_STATUS_NOT_IMPLEMENTED;
1156 }
1157
1158 static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
/* [<][>][^][v][top][bottom][index][help] */
1159 {
1160 return NT_STATUS_NOT_IMPLEMENTED;
1161 }
1162
1163 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
/* [<][>][^][v][top][bottom][index][help] */
1164 {
1165 /* Only the pdb_nds backend implements this, by
1166 * default just return ok. */
1167 return NT_STATUS_OK;
1168 }
1169
1170 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
/* [<][>][^][v][top][bottom][index][help] */
1171 {
1172 return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1173 }
1174
1175 static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
/* [<][>][^][v][top][bottom][index][help] */
1176 {
1177 return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1178 }
1179
1180 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
/* [<][>][^][v][top][bottom][index][help] */
1181 {
1182 *seq_num = time(NULL);
1183 return NT_STATUS_OK;
1184 }
1185
1186 static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
/* [<][>][^][v][top][bottom][index][help] */
1187 DOM_SID *sid)
1188 {
1189 struct samu *sampw = NULL;
1190 struct passwd *unix_pw;
1191 bool ret;
1192
1193 unix_pw = sys_getpwuid( uid );
1194
1195 if ( !unix_pw ) {
1196 DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid "
1197 "%lu\n", (unsigned long)uid));
1198 return False;
1199 }
1200
1201 if ( !(sampw = samu_new( NULL )) ) {
1202 DEBUG(0,("pdb_default_uid_to_rid: samu_new() failed!\n"));
1203 return False;
1204 }
1205
1206 become_root();
1207 ret = NT_STATUS_IS_OK(
1208 methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
1209 unbecome_root();
1210
1211 if (!ret) {
1212 DEBUG(5, ("pdb_default_uid_to_rid: Did not find user "
1213 "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1214 TALLOC_FREE(sampw);
1215 return False;
1216 }
1217
1218 sid_copy(sid, pdb_get_user_sid(sampw));
1219
1220 TALLOC_FREE(sampw);
1221
1222 return True;
1223 }
1224
1225 static bool pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
/* [<][>][^][v][top][bottom][index][help] */
1226 uint32 *rid)
1227 {
1228 DOM_SID sid;
1229 bool ret;
1230
1231 ret = pdb_default_uid_to_sid(methods, uid, &sid);
1232 if (!ret) {
1233 return ret;
1234 }
1235
1236 ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid);
1237
1238 if (!ret) {
1239 DEBUG(1, ("Could not peek rid out of sid %s\n",
1240 sid_string_dbg(&sid)));
1241 }
1242
1243 return ret;
1244 }
1245
1246 static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
/* [<][>][^][v][top][bottom][index][help] */
1247 DOM_SID *sid)
1248 {
1249 GROUP_MAP map;
1250
1251 if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
1252 return False;
1253 }
1254
1255 sid_copy(sid, &map.sid);
1256 return True;
1257 }
1258
1259 static bool pdb_default_sid_to_id(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1260 const DOM_SID *sid,
1261 union unid_t *id, enum lsa_SidType *type)
1262 {
1263 TALLOC_CTX *mem_ctx;
1264 bool ret = False;
1265 const char *name;
1266 uint32 rid;
1267
1268 mem_ctx = talloc_new(NULL);
1269
1270 if (mem_ctx == NULL) {
1271 DEBUG(0, ("talloc_new failed\n"));
1272 return False;
1273 }
1274
1275 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1276 /* Here we might have users as well as groups and aliases */
1277 ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id);
1278 goto done;
1279 }
1280
1281 /* check for "Unix User" */
1282
1283 if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
1284 id->uid = rid;
1285 *type = SID_NAME_USER;
1286 ret = True;
1287 goto done;
1288 }
1289
1290 /* check for "Unix Group" */
1291
1292 if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
1293 id->gid = rid;
1294 *type = SID_NAME_ALIAS;
1295 ret = True;
1296 goto done;
1297 }
1298
1299 /* BUILTIN */
1300
1301 if (sid_check_is_in_builtin(sid) ||
1302 sid_check_is_in_wellknown_domain(sid)) {
1303 /* Here we only have aliases */
1304 GROUP_MAP map;
1305 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
1306 DEBUG(10, ("Could not find map for sid %s\n",
1307 sid_string_dbg(sid)));
1308 goto done;
1309 }
1310 if ((map.sid_name_use != SID_NAME_ALIAS) &&
1311 (map.sid_name_use != SID_NAME_WKN_GRP)) {
1312 DEBUG(10, ("Map for sid %s is a %s, expected an "
1313 "alias\n", sid_string_dbg(sid),
1314 sid_type_lookup(map.sid_name_use)));
1315 goto done;
1316 }
1317
1318 id->gid = map.gid;
1319 *type = SID_NAME_ALIAS;
1320 ret = True;
1321 goto done;
1322 }
1323
1324 DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1325 sid_string_dbg(sid)));
1326
1327 done:
1328
1329 TALLOC_FREE(mem_ctx);
1330 return ret;
1331 }
1332
1333 static bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
1334 uid_t uid, uid_t **pp_uids, size_t *p_num)
1335 {
1336 size_t i;
1337
1338 for (i=0; i<*p_num; i++) {
1339 if ((*pp_uids)[i] == uid)
1340 return True;
1341 }
1342
1343 *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1);
1344
1345 if (*pp_uids == NULL)
1346 return False;
1347
1348 (*pp_uids)[*p_num] = uid;
1349 *p_num += 1;
1350 return True;
1351 }
1352
1353 static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
/* [<][>][^][v][top][bottom][index][help] */
1354 {
1355 struct group *grp;
1356 char **gr;
1357 struct passwd *pwd;
1358 bool winbind_env;
1359 bool ret = False;
1360
1361 *pp_uids = NULL;
1362 *p_num = 0;
1363
1364 /* We only look at our own sam, so don't care about imported stuff */
1365 winbind_env = winbind_env_set();
1366 (void)winbind_off();
1367
1368 if ((grp = getgrgid(gid)) == NULL) {
1369 /* allow winbindd lookups, but only if they weren't already disabled */
1370 goto done;
1371 }
1372
1373 /* Primary group members */
1374 setpwent();
1375 while ((pwd = getpwent()) != NULL) {
1376 if (pwd->pw_gid == gid) {
1377 if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1378 pp_uids, p_num)) {
1379 goto done;
1380 }
1381 }
1382 }
1383 endpwent();
1384
1385 /* Secondary group members */
1386 for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1387 struct passwd *pw = getpwnam(*gr);
1388
1389 if (pw == NULL)
1390 continue;
1391 if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1392 goto done;
1393 }
1394 }
1395
1396 ret = True;
1397
1398 done:
1399
1400 /* allow winbindd lookups, but only if they weren't already disabled */
1401 if (!winbind_env) {
1402 (void)winbind_on();
1403 }
1404
1405 return ret;
1406 }
1407
1408 static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1409 TALLOC_CTX *mem_ctx,
1410 const DOM_SID *group,
1411 uint32 **pp_member_rids,
1412 size_t *p_num_members)
1413 {
1414 gid_t gid;
1415 uid_t *uids;
1416 size_t i, num_uids;
1417
1418 *pp_member_rids = NULL;
1419 *p_num_members = 0;
1420
1421 if (!sid_to_gid(group, &gid))
1422 return NT_STATUS_NO_SUCH_GROUP;
1423
1424 if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1425 return NT_STATUS_NO_SUCH_GROUP;
1426
1427 if (num_uids == 0)
1428 return NT_STATUS_OK;
1429
1430 *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1431
1432 for (i=0; i<num_uids; i++) {
1433 DOM_SID sid;
1434
1435 uid_to_sid(&sid, uids[i]);
1436
1437 if (!sid_check_is_in_our_domain(&sid)) {
1438 DEBUG(5, ("Inconsistent SAM -- group member uid not "
1439 "in our domain\n"));
1440 continue;
1441 }
1442
1443 sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1444 *p_num_members += 1;
1445 }
1446
1447 return NT_STATUS_OK;
1448 }
1449
1450 static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1451 TALLOC_CTX *mem_ctx,
1452 struct samu *user,
1453 DOM_SID **pp_sids,
1454 gid_t **pp_gids,
1455 size_t *p_num_groups)
1456 {
1457 size_t i;
1458 gid_t gid;
1459 struct passwd *pw;
1460 const char *username = pdb_get_username(user);
1461
1462
1463 /* Ignore the primary group SID. Honor the real Unix primary group.
1464 The primary group SID is only of real use to Windows clients */
1465
1466 if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
1467 return NT_STATUS_NO_SUCH_USER;
1468 }
1469
1470 gid = pw->pw_gid;
1471
1472 TALLOC_FREE( pw );
1473
1474 if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1475 return NT_STATUS_NO_SUCH_USER;
1476 }
1477
1478 if (*p_num_groups == 0) {
1479 smb_panic("primary group missing");
1480 }
1481
1482 *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
1483
1484 if (*pp_sids == NULL) {
1485 TALLOC_FREE(*pp_gids);
1486 return NT_STATUS_NO_MEMORY;
1487 }
1488
1489 for (i=0; i<*p_num_groups; i++) {
1490 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1491 }
1492
1493 return NT_STATUS_OK;
1494 }
1495
1496 /*******************************************************************
1497 Look up a rid in the SAM we're responsible for (i.e. passdb)
1498 ********************************************************************/
1499
1500 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
/* [<][>][^][v][top][bottom][index][help] */
1501 const char **name,
1502 enum lsa_SidType *psid_name_use,
1503 union unid_t *unix_id)
1504 {
1505 struct samu *sam_account = NULL;
1506 GROUP_MAP map;
1507 bool ret;
1508 DOM_SID sid;
1509
1510 *psid_name_use = SID_NAME_UNKNOWN;
1511
1512 DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1513 (unsigned int)rid));
1514
1515 sid_copy(&sid, get_global_sam_sid());
1516 sid_append_rid(&sid, rid);
1517
1518 /* see if the passdb can help us with the name of the user */
1519
1520 if ( !(sam_account = samu_new( NULL )) ) {
1521 return False;
1522 }
1523
1524 /* BEING ROOT BLLOCK */
1525 become_root();
1526 if (pdb_getsampwsid(sam_account, &sid)) {
1527 struct passwd *pw;
1528
1529 unbecome_root(); /* -----> EXIT BECOME_ROOT() */
1530 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1531 if (!*name) {
1532 TALLOC_FREE(sam_account);
1533 return False;
1534 }
1535
1536 *psid_name_use = SID_NAME_USER;
1537
1538 TALLOC_FREE(sam_account);
1539
1540 if (unix_id == NULL) {
1541 return True;
1542 }
1543
1544 pw = Get_Pwnam_alloc(talloc_tos(), *name);
1545 if (pw == NULL) {
1546 return False;
1547 }
1548 unix_id->uid = pw->pw_uid;
1549 TALLOC_FREE(pw);
1550 return True;
1551 }
1552 TALLOC_FREE(sam_account);
1553
1554 ret = pdb_getgrsid(&map, sid);
1555 unbecome_root();
1556 /* END BECOME_ROOT BLOCK */
1557
1558 /* do not resolve SIDs to a name unless there is a valid
1559 gid associated with it */
1560
1561 if ( ret && (map.gid != (gid_t)-1) ) {
1562 *name = talloc_strdup(mem_ctx, map.nt_name);
1563 *psid_name_use = map.sid_name_use;
1564
1565 if ( unix_id ) {
1566 unix_id->gid = map.gid;
1567 }
1568
1569 return True;
1570 }
1571
1572 /* Windows will always map RID 513 to something. On a non-domain
1573 controller, this gets mapped to SERVER\None. */
1574
1575 if ( unix_id ) {
1576 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1577 return False;
1578 }
1579
1580 if ( rid == DOMAIN_GROUP_RID_USERS ) {
1581 *name = talloc_strdup(mem_ctx, "None" );
1582 *psid_name_use = SID_NAME_DOM_GRP;
1583
1584 return True;
1585 }
1586
1587 return False;
1588 }
1589
1590 static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1591 const DOM_SID *domain_sid,
1592 int num_rids,
1593 uint32 *rids,
1594 const char **names,
1595 enum lsa_SidType *attrs)
1596 {
1597 int i;
1598 NTSTATUS result;
1599 bool have_mapped = False;
1600 bool have_unmapped = False;
1601
1602 if (sid_check_is_builtin(domain_sid)) {
1603
1604 for (i=0; i<num_rids; i++) {
1605 const char *name;
1606
1607 if (lookup_builtin_rid(names, rids[i], &name)) {
1608 attrs[i] = SID_NAME_ALIAS;
1609 names[i] = name;
1610 DEBUG(5,("lookup_rids: %s:%d\n",
1611 names[i], attrs[i]));
1612 have_mapped = True;
1613 } else {
1614 have_unmapped = True;
1615 attrs[i] = SID_NAME_UNKNOWN;
1616 }
1617 }
1618 goto done;
1619 }
1620
1621 /* Should not happen, but better check once too many */
1622 if (!sid_check_is_domain(domain_sid)) {
1623 return NT_STATUS_INVALID_HANDLE;
1624 }
1625
1626 for (i = 0; i < num_rids; i++) {
1627 const char *name;
1628
1629 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1630 NULL)) {
1631 if (name == NULL) {
1632 return NT_STATUS_NO_MEMORY;
1633 }
1634 names[i] = name;
1635 DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1636 have_mapped = True;
1637 } else {
1638 have_unmapped = True;
1639 attrs[i] = SID_NAME_UNKNOWN;
1640 }
1641 }
1642
1643 done:
1644
1645 result = NT_STATUS_NONE_MAPPED;
1646
1647 if (have_mapped)
1648 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1649
1650 return result;
1651 }
1652
1653 #if 0
1654 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1655 const DOM_SID *domain_sid,
1656 int num_names,
1657 const char **names,
1658 uint32 *rids,
1659 enum lsa_SidType *attrs)
1660 {
1661 int i;
1662 NTSTATUS result;
1663 bool have_mapped = False;
1664 bool have_unmapped = False;
1665
1666 if (sid_check_is_builtin(domain_sid)) {
1667
1668 for (i=0; i<num_names; i++) {
1669 uint32 rid;
1670
1671 if (lookup_builtin_name(names[i], &rid)) {
1672 attrs[i] = SID_NAME_ALIAS;
1673 rids[i] = rid;
1674 DEBUG(5,("lookup_rids: %s:%d\n",
1675 names[i], attrs[i]));
1676 have_mapped = True;
1677 } else {
1678 have_unmapped = True;
1679 attrs[i] = SID_NAME_UNKNOWN;
1680 }
1681 }
1682 goto done;
1683 }
1684
1685 /* Should not happen, but better check once too many */
1686 if (!sid_check_is_domain(domain_sid)) {
1687 return NT_STATUS_INVALID_HANDLE;
1688 }
1689
1690 for (i = 0; i < num_names; i++) {
1691 if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
1692 DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
1693 rids[i], attrs[i]));
1694 have_mapped = True;
1695 } else {
1696 have_unmapped = True;
1697 attrs[i] = SID_NAME_UNKNOWN;
1698 }
1699 }
1700
1701 done:
1702
1703 result = NT_STATUS_NONE_MAPPED;
1704
1705 if (have_mapped)
1706 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1707
1708 return result;
1709 }
1710 #endif
1711
1712 static int pdb_search_destructor(struct pdb_search *search)
/* [<][>][^][v][top][bottom][index][help] */
1713 {
1714 if (!search->search_ended) {
1715 search->search_end(search);
1716 }
1717 return 0;
1718 }
1719
1720 struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
1721 enum pdb_search_type type)
1722 {
1723 struct pdb_search *result;
1724
1725 result = talloc(mem_ctx, struct pdb_search);
1726 if (result == NULL) {
1727 DEBUG(0, ("talloc failed\n"));
1728 return NULL;
1729 }
1730
1731 result->type = type;
1732 result->cache = NULL;
1733 result->num_entries = 0;
1734 result->cache_size = 0;
1735 result->search_ended = False;
1736
1737 /* Segfault appropriately if not initialized */
1738 result->next_entry = NULL;
1739 result->search_end = NULL;
1740
1741 talloc_set_destructor(result, pdb_search_destructor);
1742
1743 return result;
1744 }
1745
1746 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,
/* [<][>][^][v][top][bottom][index][help] */
1747 uint16 acct_flags,
1748 const char *account_name,
1749 const char *fullname,
1750 const char *description,
1751 struct samr_displayentry *entry)
1752 {
1753 entry->rid = rid;
1754 entry->acct_flags = acct_flags;
1755
1756 if (account_name != NULL)
1757 entry->account_name = talloc_strdup(mem_ctx, account_name);
1758 else
1759 entry->account_name = "";
1760
1761 if (fullname != NULL)
1762 entry->fullname = talloc_strdup(mem_ctx, fullname);
1763 else
1764 entry->fullname = "";
1765
1766 if (description != NULL)
1767 entry->description = talloc_strdup(mem_ctx, description);
1768 else
1769 entry->description = "";
1770 }
1771
1772 struct group_search {
1773 GROUP_MAP *groups;
1774 size_t num_groups, current_group;
1775 };
1776
1777 static bool next_entry_groups(struct pdb_search *s,
/* [<][>][^][v][top][bottom][index][help] */
1778 struct samr_displayentry *entry)
1779 {
1780 struct group_search *state = (struct group_search *)s->private_data;
1781 uint32 rid;
1782 GROUP_MAP *map = &state->groups[state->current_group];
1783
1784 if (state->current_group == state->num_groups)
1785 return False;
1786
1787 sid_peek_rid(&map->sid, &rid);
1788
1789 fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
1790
1791 state->current_group += 1;
1792 return True;
1793 }
1794
1795 static void search_end_groups(struct pdb_search *search)
/* [<][>][^][v][top][bottom][index][help] */
1796 {
1797 struct group_search *state =
1798 (struct group_search *)search->private_data;
1799 SAFE_FREE(state->groups);
1800 }
1801
1802 static bool pdb_search_grouptype(struct pdb_search *search,
/* [<][>][^][v][top][bottom][index][help] */
1803 const DOM_SID *sid, enum lsa_SidType type)
1804 {
1805 struct group_search *state;
1806
1807 state = talloc(search, struct group_search);
1808 if (state == NULL) {
1809 DEBUG(0, ("talloc failed\n"));
1810 return False;
1811 }
1812
1813 if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
1814 True)) {
1815 DEBUG(0, ("Could not enum groups\n"));
1816 return False;
1817 }
1818
1819 state->current_group = 0;
1820 search->private_data = state;
1821 search->next_entry = next_entry_groups;
1822 search->search_end = search_end_groups;
1823 return True;
1824 }
1825
1826 static bool pdb_default_search_groups(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1827 struct pdb_search *search)
1828 {
1829 return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
1830 }
1831
1832 static bool pdb_default_search_aliases(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1833 struct pdb_search *search,
1834 const DOM_SID *sid)
1835 {
1836
1837 return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
1838 }
1839
1840 static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
/* [<][>][^][v][top][bottom][index][help] */
1841 uint32 idx)
1842 {
1843 if (idx < search->num_entries)
1844 return &search->cache[idx];
1845
1846 if (search->search_ended)
1847 return NULL;
1848
1849 while (idx >= search->num_entries) {
1850 struct samr_displayentry entry;
1851
1852 if (!search->next_entry(search, &entry)) {
1853 search->search_end(search);
1854 search->search_ended = True;
1855 break;
1856 }
1857
1858 ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
1859 entry, &search->cache, &search->num_entries,
1860 &search->cache_size);
1861 }
1862
1863 return (search->num_entries > idx) ? &search->cache[idx] : NULL;
1864 }
1865
1866 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32 acct_flags)
/* [<][>][^][v][top][bottom][index][help] */
1867 {
1868 struct pdb_methods *pdb = pdb_get_methods();
1869 struct pdb_search *result;
1870
1871 result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
1872 if (result == NULL) {
1873 return NULL;
1874 }
1875
1876 if (!pdb->search_users(pdb, result, acct_flags)) {
1877 TALLOC_FREE(result);
1878 return NULL;
1879 }
1880 return result;
1881 }
1882
1883 struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
/* [<][>][^][v][top][bottom][index][help] */
1884 {
1885 struct pdb_methods *pdb = pdb_get_methods();
1886 struct pdb_search *result;
1887
1888 result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
1889 if (result == NULL) {
1890 return NULL;
1891 }
1892
1893 if (!pdb->search_groups(pdb, result)) {
1894 TALLOC_FREE(result);
1895 return NULL;
1896 }
1897 return result;
1898 }
1899
1900 struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
1901 {
1902 struct pdb_methods *pdb = pdb_get_methods();
1903 struct pdb_search *result;
1904
1905 if (pdb == NULL) return NULL;
1906
1907 result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
1908 if (result == NULL) {
1909 return NULL;
1910 }
1911
1912 if (!pdb->search_aliases(pdb, result, sid)) {
1913 TALLOC_FREE(result);
1914 return NULL;
1915 }
1916 return result;
1917 }
1918
1919 uint32 pdb_search_entries(struct pdb_search *search,
/* [<][>][^][v][top][bottom][index][help] */
1920 uint32 start_idx, uint32 max_entries,
1921 struct samr_displayentry **result)
1922 {
1923 struct samr_displayentry *end_entry;
1924 uint32 end_idx = start_idx+max_entries-1;
1925
1926 /* The first entry needs to be searched after the last. Otherwise the
1927 * first entry might have moved due to a realloc during the search for
1928 * the last entry. */
1929
1930 end_entry = pdb_search_getentry(search, end_idx);
1931 *result = pdb_search_getentry(search, start_idx);
1932
1933 if (end_entry != NULL)
1934 return max_entries;
1935
1936 if (start_idx >= search->num_entries)
1937 return 0;
1938
1939 return search->num_entries - start_idx;
1940 }
1941
1942 /*******************************************************************
1943 trustdom methods
1944 *******************************************************************/
1945
1946 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid,
/* [<][>][^][v][top][bottom][index][help] */
1947 time_t *pass_last_set_time)
1948 {
1949 struct pdb_methods *pdb = pdb_get_methods();
1950 return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
1951 pass_last_set_time);
1952 }
1953
1954 bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
/* [<][>][^][v][top][bottom][index][help] */
1955 const DOM_SID *sid)
1956 {
1957 struct pdb_methods *pdb = pdb_get_methods();
1958 return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
1959 }
1960
1961 bool pdb_del_trusteddom_pw(const char *domain)
/* [<][>][^][v][top][bottom][index][help] */
1962 {
1963 struct pdb_methods *pdb = pdb_get_methods();
1964 return pdb->del_trusteddom_pw(pdb, domain);
1965 }
1966
1967 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,
/* [<][>][^][v][top][bottom][index][help] */
1968 struct trustdom_info ***domains)
1969 {
1970 struct pdb_methods *pdb = pdb_get_methods();
1971 return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
1972 }
1973
1974 /*******************************************************************
1975 the defaults for trustdom methods:
1976 these simply call the original passdb/secrets.c actions,
1977 to be replaced by pdb_ldap.
1978 *******************************************************************/
1979
1980 static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1981 const char *domain,
1982 char** pwd,
1983 DOM_SID *sid,
1984 time_t *pass_last_set_time)
1985 {
1986 return secrets_fetch_trusted_domain_password(domain, pwd,
1987 sid, pass_last_set_time);
1988
1989 }
1990
1991 static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
1992 const char* domain,
1993 const char* pwd,
1994 const DOM_SID *sid)
1995 {
1996 return secrets_store_trusted_domain_password(domain, pwd, sid);
1997 }
1998
1999 static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
2000 const char *domain)
2001 {
2002 return trusted_domain_password_delete(domain);
2003 }
2004
2005 static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
2006 TALLOC_CTX *mem_ctx,
2007 uint32 *num_domains,
2008 struct trustdom_info ***domains)
2009 {
2010 return secrets_trusted_domains(mem_ctx, num_domains, domains);
2011 }
2012
2013 /*******************************************************************
2014 Create a pdb_methods structure and initialize it with the default
2015 operations. In this way a passdb module can simply implement
2016 the functionality it cares about. However, normally this is done
2017 in groups of related functions.
2018 *******************************************************************/
2019
2020 NTSTATUS make_pdb_method( struct pdb_methods **methods )
/* [<][>][^][v][top][bottom][index][help] */
2021 {
2022 /* allocate memory for the structure as its own talloc CTX */
2023
2024 if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) {
2025 return NT_STATUS_NO_MEMORY;
2026 }
2027
2028 (*methods)->getsampwnam = pdb_default_getsampwnam;
2029 (*methods)->getsampwsid = pdb_default_getsampwsid;
2030 (*methods)->create_user = pdb_default_create_user;
2031 (*methods)->delete_user = pdb_default_delete_user;
2032 (*methods)->add_sam_account = pdb_default_add_sam_account;
2033 (*methods)->update_sam_account = pdb_default_update_sam_account;
2034 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2035 (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2036 (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2037
2038 (*methods)->getgrsid = pdb_default_getgrsid;
2039 (*methods)->getgrgid = pdb_default_getgrgid;
2040 (*methods)->getgrnam = pdb_default_getgrnam;
2041 (*methods)->create_dom_group = pdb_default_create_dom_group;
2042 (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2043 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2044 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2045 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2046 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2047 (*methods)->enum_group_members = pdb_default_enum_group_members;
2048 (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2049 (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2050 (*methods)->add_groupmem = pdb_default_add_groupmem;
2051 (*methods)->del_groupmem = pdb_default_del_groupmem;
2052 (*methods)->create_alias = pdb_default_create_alias;
2053 (*methods)->delete_alias = pdb_default_delete_alias;
2054 (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2055 (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2056 (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2057 (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2058 (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2059 (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2060 (*methods)->lookup_rids = pdb_default_lookup_rids;
2061 (*methods)->get_account_policy = pdb_default_get_account_policy;
2062 (*methods)->set_account_policy = pdb_default_set_account_policy;
2063 (*methods)->get_seq_num = pdb_default_get_seq_num;
2064 (*methods)->uid_to_rid = pdb_default_uid_to_rid;
2065 (*methods)->uid_to_sid = pdb_default_uid_to_sid;
2066 (*methods)->gid_to_sid = pdb_default_gid_to_sid;
2067 (*methods)->sid_to_id = pdb_default_sid_to_id;
2068
2069 (*methods)->search_groups = pdb_default_search_groups;
2070 (*methods)->search_aliases = pdb_default_search_aliases;
2071
2072 (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2073 (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2074 (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2075 (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2076
2077 return NT_STATUS_OK;
2078 }