2
Unix SMB/CIFS implementation.
3
Password and authentication handling
4
Copyright (C) Andrew Bartlett 2002
5
Copyright (C) Jelmer Vernooij 2002
6
Copyright (C) Simo Sorce 2003
7
Copyright (C) Volker Lendecke 2006
9
This program is free software; you can redistribute it and/or modify
10
it under the terms of the GNU General Public License as published by
11
the Free Software Foundation; either version 3 of the License, or
12
(at your option) any later version.
14
This program is distributed in the hope that it will be useful,
15
but WITHOUT ANY WARRANTY; without even the implied warranty of
16
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
GNU General Public License for more details.
19
You should have received a copy of the GNU General Public License
20
along with this program. If not, see <http://www.gnu.org/licenses/>.
26
#define DBGC_CLASS DBGC_PASSDB
30
static struct pdb_init_function_entry *backends = NULL;
32
static void lazy_initialize_passdb(void)
34
static bool initialized = False;
42
static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
44
enum lsa_SidType *psid_name_use,
45
union unid_t *unix_id);
47
NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
49
struct pdb_init_function_entry *entry = backends;
51
if(version != PASSDB_INTERFACE_VERSION) {
52
DEBUG(0,("Can't register passdb backend!\n"
53
"You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
54
"while this version of samba uses version %d\n",
55
version,PASSDB_INTERFACE_VERSION));
56
return NT_STATUS_OBJECT_TYPE_MISMATCH;
60
return NT_STATUS_INVALID_PARAMETER;
63
DEBUG(5,("Attempting to register passdb backend %s\n", name));
65
/* Check for duplicates */
66
if (pdb_find_backend_entry(name)) {
67
DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
68
return NT_STATUS_OBJECT_NAME_COLLISION;
71
entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
72
entry->name = smb_xstrdup(name);
75
DLIST_ADD(backends, entry);
76
DEBUG(5,("Successfully added passdb backend '%s'\n", name));
80
struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
82
struct pdb_init_function_entry *entry = backends;
85
if (strcmp(entry->name, name)==0) return entry;
93
* The event context for the passdb backend. I know this is a bad hack and yet
94
* another static variable, but our pdb API is a global thing per
95
* definition. The first use for this is the LDAP idle function, more might be
98
* I don't feel too bad about this static variable, it replaces the
99
* smb_idle_event_list that used to exist in lib/module.c. -- VL
102
static struct event_context *pdb_event_ctx;
104
struct event_context *pdb_get_event_context(void)
106
return pdb_event_ctx;
109
/******************************************************************
110
Make a pdb_methods from scratch
111
*******************************************************************/
113
NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
115
char *module_name = smb_xstrdup(selected);
116
char *module_location = NULL, *p;
117
struct pdb_init_function_entry *entry;
118
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
120
lazy_initialize_passdb();
122
p = strchr(module_name, ':');
126
module_location = p+1;
127
trim_char(module_location, ' ', ' ');
130
trim_char(module_name, ' ', ' ');
133
DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
135
entry = pdb_find_backend_entry(module_name);
137
/* Try to find a module that contains this module */
139
DEBUG(2,("No builtin backend found, trying to load plugin\n"));
140
if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
141
DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
142
SAFE_FREE(module_name);
143
return NT_STATUS_UNSUCCESSFUL;
147
/* No such backend found */
149
DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
150
SAFE_FREE(module_name);
151
return NT_STATUS_INVALID_PARAMETER;
154
DEBUG(5,("Found pdb backend %s\n", module_name));
156
if ( !NT_STATUS_IS_OK( nt_status = entry->init(methods, module_location) ) ) {
157
DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
158
selected, nt_errstr(nt_status)));
159
SAFE_FREE(module_name);
163
SAFE_FREE(module_name);
165
DEBUG(5,("pdb backend %s has a valid init\n", selected));
170
/******************************************************************
171
Return an already initialized pdb_methods structure
172
*******************************************************************/
174
static struct pdb_methods *pdb_get_methods_reload( bool reload )
176
static struct pdb_methods *pdb = NULL;
178
if ( pdb && reload ) {
179
pdb->free_private_data( &(pdb->private_data) );
180
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
182
if (asprintf(&msg, "pdb_get_methods_reload: "
183
"failed to get pdb methods for backend %s\n",
184
lp_passdb_backend()) > 0) {
187
smb_panic("pdb_get_methods_reload");
193
if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
195
if (asprintf(&msg, "pdb_get_methods_reload: "
196
"failed to get pdb methods for backend %s\n",
197
lp_passdb_backend()) > 0) {
200
smb_panic("pdb_get_methods_reload");
208
static struct pdb_methods *pdb_get_methods(void)
210
return pdb_get_methods_reload(False);
213
bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
215
struct pdb_methods *pdb = pdb_get_methods();
216
struct samu *for_cache;
217
const struct dom_sid *user_sid;
219
if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
223
for_cache = samu_new(NULL);
224
if (for_cache == NULL) {
228
if (!pdb_copy_sam_account(for_cache, sam_acct)) {
229
TALLOC_FREE(for_cache);
233
user_sid = pdb_get_user_sid(for_cache);
235
memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
236
data_blob_const(user_sid, sizeof(*user_sid)),
242
/**********************************************************************
243
**********************************************************************/
245
bool guest_user_info( struct samu *user )
249
const char *guestname = lp_guestaccount();
251
if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) {
252
DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
257
result = samu_set_unix(user, pwd );
261
return NT_STATUS_IS_OK( result );
264
/**********************************************************************
265
**********************************************************************/
267
bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
269
struct pdb_methods *pdb = pdb_get_methods();
273
/* hard code the Guest RID of 501 */
275
if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
278
if ( rid == DOMAIN_USER_RID_GUEST ) {
279
DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
280
return guest_user_info( sam_acct );
283
/* check the cache first */
285
cache_data = memcache_lookup_talloc(
286
NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
288
if (cache_data != NULL) {
289
struct samu *cache_copy = talloc_get_type_abort(
290
cache_data, struct samu);
292
return pdb_copy_sam_account(sam_acct, cache_copy);
295
return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
298
static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
299
TALLOC_CTX *tmp_ctx, const char *name,
300
uint32 acb_info, uint32 *rid)
302
struct samu *sam_pass;
306
if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
307
return NT_STATUS_NO_MEMORY;
310
if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
311
char *add_script = NULL;
315
if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
316
add_script = talloc_strdup(tmp_ctx,
317
lp_adduser_script());
319
add_script = talloc_strdup(tmp_ctx,
320
lp_addmachine_script());
323
if (!add_script || add_script[0] == '\0') {
324
DEBUG(3, ("Could not find user %s and no add script "
326
return NT_STATUS_NO_SUCH_USER;
329
/* lowercase the username before creating the Unix account for
330
compatibility with previous Samba releases */
331
fstrcpy( name2, name );
333
add_script = talloc_all_string_sub(tmp_ctx,
338
return NT_STATUS_NO_MEMORY;
340
add_ret = smbrun(add_script,NULL);
341
DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
342
add_script, add_ret));
344
smb_nscd_flush_user_cache();
349
pwd = Get_Pwnam_alloc(tmp_ctx, name);
352
/* we have a valid SID coming out of this call */
354
status = samu_alloc_rid_unix( sam_pass, pwd );
358
if (!NT_STATUS_IS_OK(status)) {
359
DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
363
if (!sid_peek_check_rid(get_global_sam_sid(),
364
pdb_get_user_sid(sam_pass), rid)) {
365
DEBUG(0, ("Could not get RID of fresh user\n"));
366
return NT_STATUS_INTERNAL_ERROR;
369
/* Use the username case specified in the original request */
371
pdb_set_username( sam_pass, name, PDB_SET );
373
/* Disable the account on creation, it does not have a reasonable password yet. */
375
acb_info |= ACB_DISABLED;
377
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
379
status = pdb_add_sam_account(sam_pass);
381
TALLOC_FREE(sam_pass);
386
NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,
389
struct pdb_methods *pdb = pdb_get_methods();
390
return pdb->create_user(pdb, mem_ctx, name, flags, rid);
393
/****************************************************************************
394
Delete a UNIX user on demand.
395
****************************************************************************/
397
static int smb_delete_user(const char *unix_user)
399
char *del_script = NULL;
404
if ( strequal( unix_user, "root" ) ) {
405
DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
409
del_script = talloc_strdup(talloc_tos(), lp_deluser_script());
410
if (!del_script || !*del_script) {
413
del_script = talloc_all_string_sub(talloc_tos(),
420
ret = smbrun(del_script,NULL);
423
smb_nscd_flush_user_cache();
425
DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
430
static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
432
struct samu *sam_acct)
437
status = pdb_delete_sam_account(sam_acct);
438
if (!NT_STATUS_IS_OK(status)) {
443
* Now delete the unix side ....
444
* note: we don't check if the delete really happened as the script is
445
* not necessary present and maybe the sysadmin doesn't want to delete
449
/* always lower case the username before handing it off to
452
fstrcpy( username, pdb_get_username(sam_acct) );
453
strlower_m( username );
455
smb_delete_user( username );
460
NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
462
struct pdb_methods *pdb = pdb_get_methods();
465
/* sanity check to make sure we don't delete root */
467
if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
468
return NT_STATUS_NO_SUCH_USER;
472
return NT_STATUS_ACCESS_DENIED;
475
return pdb->delete_user(pdb, mem_ctx, sam_acct);
478
NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
480
struct pdb_methods *pdb = pdb_get_methods();
481
return pdb->add_sam_account(pdb, sam_acct);
484
NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
486
struct pdb_methods *pdb = pdb_get_methods();
488
memcache_flush(NULL, PDB_GETPWSID_CACHE);
490
return pdb->update_sam_account(pdb, sam_acct);
493
NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
495
struct pdb_methods *pdb = pdb_get_methods();
497
memcache_flush(NULL, PDB_GETPWSID_CACHE);
499
return pdb->delete_sam_account(pdb, sam_acct);
502
NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
504
struct pdb_methods *pdb = pdb_get_methods();
508
memcache_flush(NULL, PDB_GETPWSID_CACHE);
510
/* sanity check to make sure we don't rename root */
512
if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
513
return NT_STATUS_NO_SUCH_USER;
517
return NT_STATUS_ACCESS_DENIED;
520
status = pdb->rename_sam_account(pdb, oldname, newname);
522
/* always flush the cache here just to be safe */
528
NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
530
struct pdb_methods *pdb = pdb_get_methods();
531
return pdb->update_login_attempts(pdb, sam_acct, success);
534
bool pdb_getgrsid(GROUP_MAP *map, DOM_SID sid)
536
struct pdb_methods *pdb = pdb_get_methods();
537
return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
540
bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
542
struct pdb_methods *pdb = pdb_get_methods();
543
return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
546
bool pdb_getgrnam(GROUP_MAP *map, const char *name)
548
struct pdb_methods *pdb = pdb_get_methods();
549
return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
552
static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
561
grp = getgrnam(name);
566
if (smb_create_group(name, &gid) != 0) {
567
return NT_STATUS_ACCESS_DENIED;
574
return NT_STATUS_ACCESS_DENIED;
577
if (pdb_rid_algorithm()) {
578
*rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
580
if (!pdb_new_rid(rid)) {
581
return NT_STATUS_ACCESS_DENIED;
585
sid_compose(&group_sid, get_global_sam_sid(), *rid);
587
return add_initial_entry(grp->gr_gid, sid_to_fstring(tmp, &group_sid),
588
SID_NAME_DOM_GRP, name, NULL);
591
NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
594
struct pdb_methods *pdb = pdb_get_methods();
595
return pdb->create_dom_group(pdb, mem_ctx, name, rid);
598
static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
606
const char *grp_name;
609
map.gid = (gid_t) -1;
611
sid_compose(&group_sid, get_global_sam_sid(), rid);
613
if (!get_domain_group_from_sid(group_sid, &map)) {
614
DEBUG(10, ("Could not find group for rid %d\n", rid));
615
return NT_STATUS_NO_SUCH_GROUP;
618
/* We need the group name for the smb_delete_group later on */
620
if (map.gid == (gid_t)-1) {
621
return NT_STATUS_NO_SUCH_GROUP;
624
grp = getgrgid(map.gid);
626
return NT_STATUS_NO_SUCH_GROUP;
629
/* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
631
grp_name = talloc_strdup(mem_ctx, grp->gr_name);
632
if (grp_name == NULL) {
633
return NT_STATUS_NO_MEMORY;
636
status = pdb_delete_group_mapping_entry(group_sid);
638
if (!NT_STATUS_IS_OK(status)) {
642
/* Don't check the result of smb_delete_group */
644
smb_delete_group(grp_name);
649
NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)
651
struct pdb_methods *pdb = pdb_get_methods();
652
return pdb->delete_dom_group(pdb, mem_ctx, rid);
655
NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
657
struct pdb_methods *pdb = pdb_get_methods();
658
return pdb->add_group_mapping_entry(pdb, map);
661
NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
663
struct pdb_methods *pdb = pdb_get_methods();
664
return pdb->update_group_mapping_entry(pdb, map);
667
NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
669
struct pdb_methods *pdb = pdb_get_methods();
670
return pdb->delete_group_mapping_entry(pdb, sid);
673
bool pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
674
size_t *p_num_entries, bool unix_only)
676
struct pdb_methods *pdb = pdb_get_methods();
677
return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
678
pp_rmap, p_num_entries, unix_only));
681
NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
683
uint32 **pp_member_rids,
684
size_t *p_num_members)
686
struct pdb_methods *pdb = pdb_get_methods();
689
result = pdb->enum_group_members(pdb, mem_ctx,
690
sid, pp_member_rids, p_num_members);
692
/* special check for rid 513 */
694
if ( !NT_STATUS_IS_OK( result ) ) {
697
sid_peek_rid( sid, &rid );
699
if ( rid == DOMAIN_GROUP_RID_USERS ) {
701
*pp_member_rids = NULL;
710
NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
711
DOM_SID **pp_sids, gid_t **pp_gids,
712
size_t *p_num_groups)
714
struct pdb_methods *pdb = pdb_get_methods();
715
return pdb->enum_group_memberships(
717
pp_sids, pp_gids, p_num_groups);
720
static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
722
struct samu *sampass)
727
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
728
(grp = getgrgid(gid)) == NULL) {
729
return NT_STATUS_INVALID_PRIMARY_GROUP;
732
if (smb_set_primary_group(grp->gr_name,
733
pdb_get_username(sampass)) != 0) {
734
return NT_STATUS_ACCESS_DENIED;
740
NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
742
struct pdb_methods *pdb = pdb_get_methods();
743
return pdb->set_unix_primary_group(pdb, mem_ctx, user);
747
* Helper function to see whether a user is in a group. We can't use
748
* user_in_group_sid here because this creates dependencies only smbd can
752
static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
753
const DOM_SID *group_sid)
757
size_t i, num_groups;
759
if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
765
for (i=0; i<num_groups; i++) {
766
if (sid_equal(group_sid, &sids[i])) {
773
static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
778
DOM_SID group_sid, member_sid;
779
struct samu *account = NULL;
783
const char *group_name;
787
map.gid = (gid_t) -1;
789
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
790
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
792
if (!get_domain_group_from_sid(group_sid, &map) ||
793
(map.gid == (gid_t)-1) ||
794
((grp = getgrgid(map.gid)) == NULL)) {
795
return NT_STATUS_NO_SUCH_GROUP;
798
group_name = talloc_strdup(mem_ctx, grp->gr_name);
799
if (group_name == NULL) {
800
return NT_STATUS_NO_MEMORY;
803
if ( !(account = samu_new( NULL )) ) {
804
return NT_STATUS_NO_MEMORY;
807
if (!pdb_getsampwsid(account, &member_sid) ||
808
!sid_to_uid(&member_sid, &uid) ||
809
((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
810
return NT_STATUS_NO_SUCH_USER;
813
if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
814
return NT_STATUS_MEMBER_IN_GROUP;
818
* ok, the group exist, the user exist, the user is not in the group,
819
* we can (finally) add it to the group !
822
smb_add_user_group(group_name, pwd->pw_name);
824
if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
825
return NT_STATUS_ACCESS_DENIED;
831
NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
834
struct pdb_methods *pdb = pdb_get_methods();
835
return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
838
static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
843
DOM_SID group_sid, member_sid;
844
struct samu *account = NULL;
848
const char *group_name;
851
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
852
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
854
if (!get_domain_group_from_sid(group_sid, &map) ||
855
(map.gid == (gid_t)-1) ||
856
((grp = getgrgid(map.gid)) == NULL)) {
857
return NT_STATUS_NO_SUCH_GROUP;
860
group_name = talloc_strdup(mem_ctx, grp->gr_name);
861
if (group_name == NULL) {
862
return NT_STATUS_NO_MEMORY;
865
if ( !(account = samu_new( NULL )) ) {
866
return NT_STATUS_NO_MEMORY;
869
if (!pdb_getsampwsid(account, &member_sid) ||
870
!sid_to_uid(&member_sid, &uid) ||
871
((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
872
return NT_STATUS_NO_SUCH_USER;
875
if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
876
return NT_STATUS_MEMBER_NOT_IN_GROUP;
880
* ok, the group exist, the user exist, the user is in the group,
881
* we can (finally) delete it from the group!
884
smb_delete_user_group(group_name, pwd->pw_name);
886
if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
887
return NT_STATUS_ACCESS_DENIED;
893
NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,
896
struct pdb_methods *pdb = pdb_get_methods();
897
return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
900
NTSTATUS pdb_create_alias(const char *name, uint32 *rid)
902
struct pdb_methods *pdb = pdb_get_methods();
903
return pdb->create_alias(pdb, name, rid);
906
NTSTATUS pdb_delete_alias(const DOM_SID *sid)
908
struct pdb_methods *pdb = pdb_get_methods();
909
return pdb->delete_alias(pdb, sid);
912
NTSTATUS pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
914
struct pdb_methods *pdb = pdb_get_methods();
915
return pdb->get_aliasinfo(pdb, sid, info);
918
NTSTATUS pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
920
struct pdb_methods *pdb = pdb_get_methods();
921
return pdb->set_aliasinfo(pdb, sid, info);
924
NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
926
struct pdb_methods *pdb = pdb_get_methods();
927
return pdb->add_aliasmem(pdb, alias, member);
930
NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
932
struct pdb_methods *pdb = pdb_get_methods();
933
return pdb->del_aliasmem(pdb, alias, member);
936
NTSTATUS pdb_enum_aliasmem(const DOM_SID *alias,
937
DOM_SID **pp_members, size_t *p_num_members)
939
struct pdb_methods *pdb = pdb_get_methods();
940
return pdb->enum_aliasmem(pdb, alias, pp_members, p_num_members);
943
NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
944
const DOM_SID *domain_sid,
945
const DOM_SID *members, size_t num_members,
946
uint32 **pp_alias_rids,
947
size_t *p_num_alias_rids)
949
struct pdb_methods *pdb = pdb_get_methods();
950
return pdb->enum_alias_memberships(pdb, mem_ctx,
952
members, num_members,
957
NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid,
961
enum lsa_SidType *attrs)
963
struct pdb_methods *pdb = pdb_get_methods();
964
return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
968
* NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
970
* Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
971
* also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
972
* the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
973
* down to are pdb_getsampwnam and pdb_getgrnam instead of
975
* But in principle, it the call belongs to the API and might get
976
* used in this context some day.
979
NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
983
enum lsa_SidType *attrs)
985
struct pdb_methods *pdb = pdb_get_methods();
986
return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
990
bool pdb_get_account_policy(int policy_index, uint32 *value)
992
struct pdb_methods *pdb = pdb_get_methods();
996
status = pdb->get_account_policy(pdb, policy_index, value);
999
return NT_STATUS_IS_OK(status);
1002
bool pdb_set_account_policy(int policy_index, uint32 value)
1004
struct pdb_methods *pdb = pdb_get_methods();
1008
status = pdb->set_account_policy(pdb, policy_index, value);
1011
return NT_STATUS_IS_OK(status);
1014
bool pdb_get_seq_num(time_t *seq_num)
1016
struct pdb_methods *pdb = pdb_get_methods();
1017
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1020
bool pdb_uid_to_rid(uid_t uid, uint32 *rid)
1022
struct pdb_methods *pdb = pdb_get_methods();
1023
return pdb->uid_to_rid(pdb, uid, rid);
1026
bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
1028
struct pdb_methods *pdb = pdb_get_methods();
1029
return pdb->uid_to_sid(pdb, uid, sid);
1032
bool pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
1034
struct pdb_methods *pdb = pdb_get_methods();
1035
return pdb->gid_to_sid(pdb, gid, sid);
1038
bool pdb_sid_to_id(const DOM_SID *sid, union unid_t *id,
1039
enum lsa_SidType *type)
1041
struct pdb_methods *pdb = pdb_get_methods();
1042
return pdb->sid_to_id(pdb, sid, id, type);
1045
bool pdb_rid_algorithm(void)
1047
struct pdb_methods *pdb = pdb_get_methods();
1048
return pdb->rid_algorithm(pdb);
1051
/********************************************************************
1052
Allocate a new RID from the passdb backend. Verify that it is free
1053
by calling lookup_global_sam_rid() to verify that the RID is not
1054
in use. This handles servers that have existing users or groups
1055
with add RIDs (assigned from previous algorithmic mappings)
1056
********************************************************************/
1058
bool pdb_new_rid(uint32 *rid)
1060
struct pdb_methods *pdb = pdb_get_methods();
1061
const char *name = NULL;
1062
enum lsa_SidType type;
1063
uint32 allocated_rid = 0;
1067
if (pdb_rid_algorithm()) {
1068
DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1073
if (algorithmic_rid_base() != BASE_RID) {
1074
DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1075
"without algorithmic RIDs is chosen.\n"));
1076
DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1077
"add', set the maximum used RID\n"));
1078
DEBUGADD(0, ("and remove the parameter\n"));
1082
if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1083
DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1087
/* Attempt to get an unused RID (max tires is 250...yes that it is
1088
and arbitrary number I pulkled out of my head). -- jerry */
1090
for ( i=0; allocated_rid==0 && i<250; i++ ) {
1093
if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1097
/* validate that the RID is not in use */
1099
if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
1106
if ( allocated_rid == 0 ) {
1107
DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1111
*rid = allocated_rid;
1116
/***************************************************************
1117
Initialize the static context (at smbd startup etc).
1119
If uninitialised, context will auto-init on first use.
1120
***************************************************************/
1122
bool initialize_password_db(bool reload, struct event_context *event_ctx)
1124
pdb_event_ctx = event_ctx;
1125
return (pdb_get_methods_reload(reload) != NULL);
1129
/***************************************************************************
1130
Default implementations of some functions.
1131
****************************************************************************/
1133
static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
1135
return NT_STATUS_NO_SUCH_USER;
1138
static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
1140
return NT_STATUS_NO_SUCH_USER;
1143
static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1145
return NT_STATUS_NOT_IMPLEMENTED;
1148
static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1150
return NT_STATUS_NOT_IMPLEMENTED;
1153
static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
1155
return NT_STATUS_NOT_IMPLEMENTED;
1158
static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
1160
return NT_STATUS_NOT_IMPLEMENTED;
1163
static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
1165
/* Only the pdb_nds backend implements this, by
1166
* default just return ok. */
1167
return NT_STATUS_OK;
1170
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
1172
return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1175
static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
1177
return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1180
static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
1182
*seq_num = time(NULL);
1183
return NT_STATUS_OK;
1186
static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
1189
struct samu *sampw = NULL;
1190
struct passwd *unix_pw;
1193
unix_pw = sys_getpwuid( uid );
1196
DEBUG(4,("pdb_default_uid_to_rid: host has no idea of uid "
1197
"%lu\n", (unsigned long)uid));
1201
if ( !(sampw = samu_new( NULL )) ) {
1202
DEBUG(0,("pdb_default_uid_to_rid: samu_new() failed!\n"));
1207
ret = NT_STATUS_IS_OK(
1208
methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
1212
DEBUG(5, ("pdb_default_uid_to_rid: Did not find user "
1213
"%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1218
sid_copy(sid, pdb_get_user_sid(sampw));
1225
static bool pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
1231
ret = pdb_default_uid_to_sid(methods, uid, &sid);
1236
ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid);
1239
DEBUG(1, ("Could not peek rid out of sid %s\n",
1240
sid_string_dbg(&sid)));
1246
static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
1251
if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
1255
sid_copy(sid, &map.sid);
1259
static bool pdb_default_sid_to_id(struct pdb_methods *methods,
1261
union unid_t *id, enum lsa_SidType *type)
1263
TALLOC_CTX *mem_ctx;
1268
mem_ctx = talloc_new(NULL);
1270
if (mem_ctx == NULL) {
1271
DEBUG(0, ("talloc_new failed\n"));
1275
if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1276
/* Here we might have users as well as groups and aliases */
1277
ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id);
1281
/* check for "Unix User" */
1283
if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
1285
*type = SID_NAME_USER;
1290
/* check for "Unix Group" */
1292
if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
1294
*type = SID_NAME_ALIAS;
1301
if (sid_check_is_in_builtin(sid) ||
1302
sid_check_is_in_wellknown_domain(sid)) {
1303
/* Here we only have aliases */
1305
if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
1306
DEBUG(10, ("Could not find map for sid %s\n",
1307
sid_string_dbg(sid)));
1310
if ((map.sid_name_use != SID_NAME_ALIAS) &&
1311
(map.sid_name_use != SID_NAME_WKN_GRP)) {
1312
DEBUG(10, ("Map for sid %s is a %s, expected an "
1313
"alias\n", sid_string_dbg(sid),
1314
sid_type_lookup(map.sid_name_use)));
1319
*type = SID_NAME_ALIAS;
1324
DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1325
sid_string_dbg(sid)));
1329
TALLOC_FREE(mem_ctx);
1333
static bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx,
1334
uid_t uid, uid_t **pp_uids, size_t *p_num)
1338
for (i=0; i<*p_num; i++) {
1339
if ((*pp_uids)[i] == uid)
1343
*pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1);
1345
if (*pp_uids == NULL)
1348
(*pp_uids)[*p_num] = uid;
1353
static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)
1364
/* We only look at our own sam, so don't care about imported stuff */
1365
winbind_env = winbind_env_set();
1366
(void)winbind_off();
1368
if ((grp = getgrgid(gid)) == NULL) {
1369
/* allow winbindd lookups, but only if they weren't already disabled */
1373
/* Primary group members */
1375
while ((pwd = getpwent()) != NULL) {
1376
if (pwd->pw_gid == gid) {
1377
if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1385
/* Secondary group members */
1386
for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1387
struct passwd *pw = getpwnam(*gr);
1391
if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1400
/* allow winbindd lookups, but only if they weren't already disabled */
1408
static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1409
TALLOC_CTX *mem_ctx,
1410
const DOM_SID *group,
1411
uint32 **pp_member_rids,
1412
size_t *p_num_members)
1418
*pp_member_rids = NULL;
1421
if (!sid_to_gid(group, &gid))
1422
return NT_STATUS_NO_SUCH_GROUP;
1424
if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1425
return NT_STATUS_NO_SUCH_GROUP;
1428
return NT_STATUS_OK;
1430
*pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_uids);
1432
for (i=0; i<num_uids; i++) {
1435
uid_to_sid(&sid, uids[i]);
1437
if (!sid_check_is_in_our_domain(&sid)) {
1438
DEBUG(5, ("Inconsistent SAM -- group member uid not "
1439
"in our domain\n"));
1443
sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1444
*p_num_members += 1;
1447
return NT_STATUS_OK;
1450
static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
1451
TALLOC_CTX *mem_ctx,
1455
size_t *p_num_groups)
1460
const char *username = pdb_get_username(user);
1463
/* Ignore the primary group SID. Honor the real Unix primary group.
1464
The primary group SID is only of real use to Windows clients */
1466
if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
1467
return NT_STATUS_NO_SUCH_USER;
1474
if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1475
return NT_STATUS_NO_SUCH_USER;
1478
if (*p_num_groups == 0) {
1479
smb_panic("primary group missing");
1482
*pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
1484
if (*pp_sids == NULL) {
1485
TALLOC_FREE(*pp_gids);
1486
return NT_STATUS_NO_MEMORY;
1489
for (i=0; i<*p_num_groups; i++) {
1490
gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1493
return NT_STATUS_OK;
1496
/*******************************************************************
1497
Look up a rid in the SAM we're responsible for (i.e. passdb)
1498
********************************************************************/
1500
static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
1502
enum lsa_SidType *psid_name_use,
1503
union unid_t *unix_id)
1505
struct samu *sam_account = NULL;
1510
*psid_name_use = SID_NAME_UNKNOWN;
1512
DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1513
(unsigned int)rid));
1515
sid_copy(&sid, get_global_sam_sid());
1516
sid_append_rid(&sid, rid);
1518
/* see if the passdb can help us with the name of the user */
1520
if ( !(sam_account = samu_new( NULL )) ) {
1524
/* BEING ROOT BLLOCK */
1526
if (pdb_getsampwsid(sam_account, &sid)) {
1529
unbecome_root(); /* -----> EXIT BECOME_ROOT() */
1530
*name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1532
TALLOC_FREE(sam_account);
1536
*psid_name_use = SID_NAME_USER;
1538
TALLOC_FREE(sam_account);
1540
if (unix_id == NULL) {
1544
pw = Get_Pwnam_alloc(talloc_tos(), *name);
1548
unix_id->uid = pw->pw_uid;
1552
TALLOC_FREE(sam_account);
1554
ret = pdb_getgrsid(&map, sid);
1556
/* END BECOME_ROOT BLOCK */
1558
/* do not resolve SIDs to a name unless there is a valid
1559
gid associated with it */
1561
if ( ret && (map.gid != (gid_t)-1) ) {
1562
*name = talloc_strdup(mem_ctx, map.nt_name);
1563
*psid_name_use = map.sid_name_use;
1566
unix_id->gid = map.gid;
1572
/* Windows will always map RID 513 to something. On a non-domain
1573
controller, this gets mapped to SERVER\None. */
1576
DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1580
if ( rid == DOMAIN_GROUP_RID_USERS ) {
1581
*name = talloc_strdup(mem_ctx, "None" );
1582
*psid_name_use = SID_NAME_DOM_GRP;
1590
static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
1591
const DOM_SID *domain_sid,
1595
enum lsa_SidType *attrs)
1599
bool have_mapped = False;
1600
bool have_unmapped = False;
1602
if (sid_check_is_builtin(domain_sid)) {
1604
for (i=0; i<num_rids; i++) {
1607
if (lookup_builtin_rid(names, rids[i], &name)) {
1608
attrs[i] = SID_NAME_ALIAS;
1610
DEBUG(5,("lookup_rids: %s:%d\n",
1611
names[i], attrs[i]));
1614
have_unmapped = True;
1615
attrs[i] = SID_NAME_UNKNOWN;
1621
/* Should not happen, but better check once too many */
1622
if (!sid_check_is_domain(domain_sid)) {
1623
return NT_STATUS_INVALID_HANDLE;
1626
for (i = 0; i < num_rids; i++) {
1629
if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1632
return NT_STATUS_NO_MEMORY;
1635
DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1638
have_unmapped = True;
1639
attrs[i] = SID_NAME_UNKNOWN;
1645
result = NT_STATUS_NONE_MAPPED;
1648
result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1654
static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
1655
const DOM_SID *domain_sid,
1659
enum lsa_SidType *attrs)
1663
bool have_mapped = False;
1664
bool have_unmapped = False;
1666
if (sid_check_is_builtin(domain_sid)) {
1668
for (i=0; i<num_names; i++) {
1671
if (lookup_builtin_name(names[i], &rid)) {
1672
attrs[i] = SID_NAME_ALIAS;
1674
DEBUG(5,("lookup_rids: %s:%d\n",
1675
names[i], attrs[i]));
1678
have_unmapped = True;
1679
attrs[i] = SID_NAME_UNKNOWN;
1685
/* Should not happen, but better check once too many */
1686
if (!sid_check_is_domain(domain_sid)) {
1687
return NT_STATUS_INVALID_HANDLE;
1690
for (i = 0; i < num_names; i++) {
1691
if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
1692
DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
1693
rids[i], attrs[i]));
1696
have_unmapped = True;
1697
attrs[i] = SID_NAME_UNKNOWN;
1703
result = NT_STATUS_NONE_MAPPED;
1706
result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1712
static int pdb_search_destructor(struct pdb_search *search)
1714
if ((!search->search_ended) && (search->search_end != NULL)) {
1715
search->search_end(search);
1720
struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
1721
enum pdb_search_type type)
1723
struct pdb_search *result;
1725
result = talloc(mem_ctx, struct pdb_search);
1726
if (result == NULL) {
1727
DEBUG(0, ("talloc failed\n"));
1731
result->type = type;
1732
result->cache = NULL;
1733
result->num_entries = 0;
1734
result->cache_size = 0;
1735
result->search_ended = False;
1736
result->search_end = NULL;
1738
/* Segfault appropriately if not initialized */
1739
result->next_entry = NULL;
1740
result->search_end = NULL;
1742
talloc_set_destructor(result, pdb_search_destructor);
1747
static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,
1749
const char *account_name,
1750
const char *fullname,
1751
const char *description,
1752
struct samr_displayentry *entry)
1755
entry->acct_flags = acct_flags;
1757
if (account_name != NULL)
1758
entry->account_name = talloc_strdup(mem_ctx, account_name);
1760
entry->account_name = "";
1762
if (fullname != NULL)
1763
entry->fullname = talloc_strdup(mem_ctx, fullname);
1765
entry->fullname = "";
1767
if (description != NULL)
1768
entry->description = talloc_strdup(mem_ctx, description);
1770
entry->description = "";
1773
struct group_search {
1775
size_t num_groups, current_group;
1778
static bool next_entry_groups(struct pdb_search *s,
1779
struct samr_displayentry *entry)
1781
struct group_search *state = (struct group_search *)s->private_data;
1783
GROUP_MAP *map = &state->groups[state->current_group];
1785
if (state->current_group == state->num_groups)
1788
sid_peek_rid(&map->sid, &rid);
1790
fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
1792
state->current_group += 1;
1796
static void search_end_groups(struct pdb_search *search)
1798
struct group_search *state =
1799
(struct group_search *)search->private_data;
1800
SAFE_FREE(state->groups);
1803
static bool pdb_search_grouptype(struct pdb_search *search,
1804
const DOM_SID *sid, enum lsa_SidType type)
1806
struct group_search *state;
1808
state = talloc(search, struct group_search);
1809
if (state == NULL) {
1810
DEBUG(0, ("talloc failed\n"));
1814
if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
1816
DEBUG(0, ("Could not enum groups\n"));
1820
state->current_group = 0;
1821
search->private_data = state;
1822
search->next_entry = next_entry_groups;
1823
search->search_end = search_end_groups;
1827
static bool pdb_default_search_groups(struct pdb_methods *methods,
1828
struct pdb_search *search)
1830
return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
1833
static bool pdb_default_search_aliases(struct pdb_methods *methods,
1834
struct pdb_search *search,
1838
return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
1841
static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
1844
if (idx < search->num_entries)
1845
return &search->cache[idx];
1847
if (search->search_ended)
1850
while (idx >= search->num_entries) {
1851
struct samr_displayentry entry;
1853
if (!search->next_entry(search, &entry)) {
1854
search->search_end(search);
1855
search->search_ended = True;
1859
ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
1860
entry, &search->cache, &search->num_entries,
1861
&search->cache_size);
1864
return (search->num_entries > idx) ? &search->cache[idx] : NULL;
1867
struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32 acct_flags)
1869
struct pdb_methods *pdb = pdb_get_methods();
1870
struct pdb_search *result;
1872
result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
1873
if (result == NULL) {
1877
if (!pdb->search_users(pdb, result, acct_flags)) {
1878
TALLOC_FREE(result);
1884
struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
1886
struct pdb_methods *pdb = pdb_get_methods();
1887
struct pdb_search *result;
1889
result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
1890
if (result == NULL) {
1894
if (!pdb->search_groups(pdb, result)) {
1895
TALLOC_FREE(result);
1901
struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
1903
struct pdb_methods *pdb = pdb_get_methods();
1904
struct pdb_search *result;
1906
if (pdb == NULL) return NULL;
1908
result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
1909
if (result == NULL) {
1913
if (!pdb->search_aliases(pdb, result, sid)) {
1914
TALLOC_FREE(result);
1920
uint32 pdb_search_entries(struct pdb_search *search,
1921
uint32 start_idx, uint32 max_entries,
1922
struct samr_displayentry **result)
1924
struct samr_displayentry *end_entry;
1925
uint32 end_idx = start_idx+max_entries-1;
1927
/* The first entry needs to be searched after the last. Otherwise the
1928
* first entry might have moved due to a realloc during the search for
1929
* the last entry. */
1931
end_entry = pdb_search_getentry(search, end_idx);
1932
*result = pdb_search_getentry(search, start_idx);
1934
if (end_entry != NULL)
1937
if (start_idx >= search->num_entries)
1940
return search->num_entries - start_idx;
1943
/*******************************************************************
1945
*******************************************************************/
1947
bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid,
1948
time_t *pass_last_set_time)
1950
struct pdb_methods *pdb = pdb_get_methods();
1951
return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
1952
pass_last_set_time);
1955
bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
1958
struct pdb_methods *pdb = pdb_get_methods();
1959
return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
1962
bool pdb_del_trusteddom_pw(const char *domain)
1964
struct pdb_methods *pdb = pdb_get_methods();
1965
return pdb->del_trusteddom_pw(pdb, domain);
1968
NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,
1969
struct trustdom_info ***domains)
1971
struct pdb_methods *pdb = pdb_get_methods();
1972
return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
1975
/*******************************************************************
1976
the defaults for trustdom methods:
1977
these simply call the original passdb/secrets.c actions,
1978
to be replaced by pdb_ldap.
1979
*******************************************************************/
1981
static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
1985
time_t *pass_last_set_time)
1987
return secrets_fetch_trusted_domain_password(domain, pwd,
1988
sid, pass_last_set_time);
1992
static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
1997
return secrets_store_trusted_domain_password(domain, pwd, sid);
2000
static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
2003
return trusted_domain_password_delete(domain);
2006
static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
2007
TALLOC_CTX *mem_ctx,
2008
uint32 *num_domains,
2009
struct trustdom_info ***domains)
2011
return secrets_trusted_domains(mem_ctx, num_domains, domains);
2014
/*******************************************************************
2015
Create a pdb_methods structure and initialize it with the default
2016
operations. In this way a passdb module can simply implement
2017
the functionality it cares about. However, normally this is done
2018
in groups of related functions.
2019
*******************************************************************/
2021
NTSTATUS make_pdb_method( struct pdb_methods **methods )
2023
/* allocate memory for the structure as its own talloc CTX */
2025
if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) {
2026
return NT_STATUS_NO_MEMORY;
2029
(*methods)->getsampwnam = pdb_default_getsampwnam;
2030
(*methods)->getsampwsid = pdb_default_getsampwsid;
2031
(*methods)->create_user = pdb_default_create_user;
2032
(*methods)->delete_user = pdb_default_delete_user;
2033
(*methods)->add_sam_account = pdb_default_add_sam_account;
2034
(*methods)->update_sam_account = pdb_default_update_sam_account;
2035
(*methods)->delete_sam_account = pdb_default_delete_sam_account;
2036
(*methods)->rename_sam_account = pdb_default_rename_sam_account;
2037
(*methods)->update_login_attempts = pdb_default_update_login_attempts;
2039
(*methods)->getgrsid = pdb_default_getgrsid;
2040
(*methods)->getgrgid = pdb_default_getgrgid;
2041
(*methods)->getgrnam = pdb_default_getgrnam;
2042
(*methods)->create_dom_group = pdb_default_create_dom_group;
2043
(*methods)->delete_dom_group = pdb_default_delete_dom_group;
2044
(*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2045
(*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2046
(*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2047
(*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2048
(*methods)->enum_group_members = pdb_default_enum_group_members;
2049
(*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2050
(*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2051
(*methods)->add_groupmem = pdb_default_add_groupmem;
2052
(*methods)->del_groupmem = pdb_default_del_groupmem;
2053
(*methods)->create_alias = pdb_default_create_alias;
2054
(*methods)->delete_alias = pdb_default_delete_alias;
2055
(*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2056
(*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2057
(*methods)->add_aliasmem = pdb_default_add_aliasmem;
2058
(*methods)->del_aliasmem = pdb_default_del_aliasmem;
2059
(*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2060
(*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2061
(*methods)->lookup_rids = pdb_default_lookup_rids;
2062
(*methods)->get_account_policy = pdb_default_get_account_policy;
2063
(*methods)->set_account_policy = pdb_default_set_account_policy;
2064
(*methods)->get_seq_num = pdb_default_get_seq_num;
2065
(*methods)->uid_to_rid = pdb_default_uid_to_rid;
2066
(*methods)->uid_to_sid = pdb_default_uid_to_sid;
2067
(*methods)->gid_to_sid = pdb_default_gid_to_sid;
2068
(*methods)->sid_to_id = pdb_default_sid_to_id;
2070
(*methods)->search_groups = pdb_default_search_groups;
2071
(*methods)->search_aliases = pdb_default_search_aliases;
2073
(*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2074
(*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2075
(*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2076
(*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2078
return NT_STATUS_OK;