Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Password and authentication handling
4 : Copyright (C) Andrew Bartlett 2002
5 : Copyright (C) Jelmer Vernooij 2002
6 : Copyright (C) Simo Sorce 2003
7 : Copyright (C) Volker Lendecke 2006
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "system/passwd.h"
25 : #include "passdb.h"
26 : #include "secrets.h"
27 : #include "messages.h"
28 : #include "serverid.h"
29 : #include "../librpc/gen_ndr/samr.h"
30 : #include "../librpc/gen_ndr/drsblobs.h"
31 : #include "../librpc/gen_ndr/ndr_drsblobs.h"
32 : #include "../librpc/gen_ndr/idmap.h"
33 : #include "../lib/util/memcache.h"
34 : #include "nsswitch/winbind_client.h"
35 : #include "../libcli/security/security.h"
36 : #include "../lib/util/util_pw.h"
37 : #include "passdb/pdb_secrets.h"
38 : #include "lib/util_sid_passdb.h"
39 : #include "idmap_cache.h"
40 : #include "lib/util/string_wrappers.h"
41 : #include "lib/global_contexts.h"
42 :
43 : #undef DBGC_CLASS
44 : #define DBGC_CLASS DBGC_PASSDB
45 :
46 : static_decl_pdb;
47 :
48 : static struct pdb_init_function_entry *backends = NULL;
49 :
50 6179 : static void lazy_initialize_passdb(void)
51 : {
52 : static bool initialized = False;
53 6179 : if(initialized) {
54 5302 : return;
55 : }
56 877 : static_init_pdb(NULL);
57 877 : initialized = True;
58 : }
59 :
60 : static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
61 : const char **name,
62 : enum lsa_SidType *psid_name_use,
63 : uid_t *uid, gid_t *gid);
64 :
65 5046 : NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
66 : {
67 5046 : struct pdb_init_function_entry *entry = NULL;
68 :
69 5046 : if(version != PASSDB_INTERFACE_VERSION) {
70 0 : DEBUG(0,("Can't register passdb backend!\n"
71 : "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
72 : "while this version of samba uses version %d\n",
73 : version,PASSDB_INTERFACE_VERSION));
74 0 : return NT_STATUS_OBJECT_TYPE_MISMATCH;
75 : }
76 :
77 5046 : if (!name || !init) {
78 0 : return NT_STATUS_INVALID_PARAMETER;
79 : }
80 :
81 5046 : DEBUG(5,("Attempting to register passdb backend %s\n", name));
82 :
83 : /* Check for duplicates */
84 5046 : if (pdb_find_backend_entry(name)) {
85 0 : DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
86 0 : return NT_STATUS_OBJECT_NAME_COLLISION;
87 : }
88 :
89 5046 : entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
90 5046 : entry->name = smb_xstrdup(name);
91 5046 : entry->init = init;
92 :
93 5046 : DLIST_ADD(backends, entry);
94 5046 : DEBUG(5,("Successfully added passdb backend '%s'\n", name));
95 5046 : return NT_STATUS_OK;
96 : }
97 :
98 11225 : struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
99 : {
100 11225 : struct pdb_init_function_entry *entry = backends;
101 :
102 51444 : while(entry) {
103 38905 : if (strcmp(entry->name, name)==0) return entry;
104 32726 : entry = entry->next;
105 : }
106 :
107 5046 : return NULL;
108 : }
109 :
110 0 : const struct pdb_init_function_entry *pdb_get_backends(void)
111 : {
112 0 : return backends;
113 : }
114 :
115 :
116 : /*
117 : * The event context for the passdb backend. I know this is a bad hack and yet
118 : * another static variable, but our pdb API is a global thing per
119 : * definition. The first use for this is the LDAP idle function, more might be
120 : * added later.
121 : *
122 : * I don't feel too bad about this static variable, it replaces the
123 : * smb_idle_event_list that used to exist in lib/module.c. -- VL
124 : */
125 :
126 : static struct tevent_context *pdb_tevent_ctx;
127 :
128 0 : struct tevent_context *pdb_get_tevent_context(void)
129 : {
130 0 : return pdb_tevent_ctx;
131 : }
132 :
133 : /******************************************************************
134 : Make a pdb_methods from scratch
135 : *******************************************************************/
136 :
137 6179 : NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
138 : {
139 6179 : char *module_name = smb_xstrdup(selected);
140 6179 : char *module_location = NULL, *p;
141 : struct pdb_init_function_entry *entry;
142 : NTSTATUS nt_status;
143 :
144 6179 : lazy_initialize_passdb();
145 :
146 6179 : p = strchr(module_name, ':');
147 :
148 6179 : if (p) {
149 58 : *p = 0;
150 58 : module_location = p+1;
151 58 : trim_char(module_location, ' ', ' ');
152 : }
153 :
154 6179 : trim_char(module_name, ' ', ' ');
155 :
156 :
157 6179 : DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
158 :
159 6179 : entry = pdb_find_backend_entry(module_name);
160 :
161 : /* Try to find a module that contains this module */
162 6179 : if (!entry) {
163 0 : DEBUG(2,("No builtin backend found, trying to load plugin\n"));
164 0 : if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
165 0 : DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
166 0 : SAFE_FREE(module_name);
167 0 : return NT_STATUS_UNSUCCESSFUL;
168 : }
169 : }
170 :
171 : /* No such backend found */
172 6179 : if(!entry) {
173 0 : DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
174 0 : SAFE_FREE(module_name);
175 0 : return NT_STATUS_INVALID_PARAMETER;
176 : }
177 :
178 6179 : DEBUG(5,("Found pdb backend %s\n", module_name));
179 :
180 6179 : nt_status = entry->init(methods, module_location);
181 6179 : if (!NT_STATUS_IS_OK(nt_status)) {
182 0 : DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
183 : selected, nt_errstr(nt_status)));
184 0 : SAFE_FREE(module_name);
185 0 : return nt_status;
186 : }
187 :
188 6179 : SAFE_FREE(module_name);
189 :
190 6179 : DEBUG(5,("pdb backend %s has a valid init\n", selected));
191 :
192 6179 : return nt_status;
193 : }
194 :
195 : /******************************************************************
196 : Return an already initialized pdb_methods structure
197 : *******************************************************************/
198 :
199 54286 : static struct pdb_methods *pdb_get_methods_reload( bool reload )
200 : {
201 : static struct pdb_methods *pdb = NULL;
202 54286 : const char *backend = lp_passdb_backend();
203 54286 : NTSTATUS status = NT_STATUS_OK;
204 :
205 54286 : if ( pdb && reload ) {
206 5272 : if (pdb->free_private_data != NULL) {
207 3738 : pdb->free_private_data( &(pdb->private_data) );
208 : }
209 5272 : status = make_pdb_method_name(&pdb, backend);
210 : }
211 :
212 54286 : if ( !pdb ) {
213 877 : status = make_pdb_method_name(&pdb, backend);
214 : }
215 :
216 54286 : if (!NT_STATUS_IS_OK(status)) {
217 0 : return NULL;
218 : }
219 :
220 54286 : return pdb;
221 : }
222 :
223 48572 : static struct pdb_methods *pdb_get_methods(void)
224 : {
225 : struct pdb_methods *pdb;
226 :
227 48572 : pdb = pdb_get_methods_reload(false);
228 48572 : if (!pdb) {
229 0 : char *msg = NULL;
230 0 : if (asprintf(&msg, "pdb_get_methods: "
231 : "failed to get pdb methods for backend %s\n",
232 : lp_passdb_backend()) > 0) {
233 0 : smb_panic(msg);
234 : } else {
235 0 : smb_panic("pdb_get_methods");
236 : }
237 : }
238 :
239 48572 : return pdb;
240 : }
241 :
242 81 : struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx)
243 : {
244 81 : struct pdb_methods *pdb = pdb_get_methods();
245 81 : return pdb->get_domain_info(pdb, mem_ctx);
246 : }
247 :
248 : /**
249 : * @brief Check if the user account has been locked out and try to unlock it.
250 : *
251 : * If the user has been automatically locked out and a lockout duration is set,
252 : * then check if we can unlock the account and reset the bad password values.
253 : *
254 : * @param[in] sampass The sam user to check.
255 : *
256 : * @return True if the function was successfull, false on an error.
257 : */
258 3809 : static bool pdb_try_account_unlock(struct samu *sampass)
259 : {
260 3809 : uint32_t acb_info = pdb_get_acct_ctrl(sampass);
261 :
262 3809 : if ((acb_info & ACB_NORMAL) && (acb_info & ACB_AUTOLOCK)) {
263 : uint32_t lockout_duration;
264 : time_t bad_password_time;
265 0 : time_t now = time(NULL);
266 : bool ok;
267 :
268 0 : ok = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
269 : &lockout_duration);
270 0 : if (!ok) {
271 0 : DEBUG(0, ("pdb_try_account_unlock: "
272 : "pdb_get_account_policy failed.\n"));
273 0 : return false;
274 : }
275 :
276 0 : if (lockout_duration == (uint32_t) -1 ||
277 0 : lockout_duration == 0) {
278 0 : DEBUG(9, ("pdb_try_account_unlock: No reset duration, "
279 : "can't reset autolock\n"));
280 0 : return false;
281 : }
282 0 : lockout_duration *= 60;
283 :
284 0 : bad_password_time = pdb_get_bad_password_time(sampass);
285 0 : if (bad_password_time == (time_t) 0) {
286 0 : DEBUG(2, ("pdb_try_account_unlock: Account %s "
287 : "administratively locked out "
288 : "with no bad password "
289 : "time. Leaving locked out.\n",
290 : pdb_get_username(sampass)));
291 0 : return true;
292 : }
293 :
294 0 : if ((bad_password_time +
295 0 : convert_uint32_t_to_time_t(lockout_duration)) < now) {
296 : NTSTATUS status;
297 :
298 0 : pdb_set_acct_ctrl(sampass, acb_info & ~ACB_AUTOLOCK,
299 : PDB_CHANGED);
300 0 : pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
301 0 : pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
302 :
303 0 : become_root();
304 0 : status = pdb_update_sam_account(sampass);
305 0 : unbecome_root();
306 0 : if (!NT_STATUS_IS_OK(status)) {
307 0 : DEBUG(0, ("_samr_OpenUser: Couldn't "
308 : "update account %s - %s\n",
309 : pdb_get_username(sampass),
310 : nt_errstr(status)));
311 0 : return false;
312 : }
313 : }
314 : }
315 :
316 3809 : return true;
317 : }
318 :
319 : /**
320 : * @brief Get a sam user structure by the given username.
321 : *
322 : * This functions also checks if the account has been automatically locked out
323 : * and unlocks it if a lockout duration time has been defined and the time has
324 : * elapsed.
325 : *
326 : * @param[in] sam_acct The sam user structure to fill.
327 : *
328 : * @param[in] username The username to look for.
329 : *
330 : * @return True on success, false on error.
331 : */
332 1967 : bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
333 : {
334 1967 : struct pdb_methods *pdb = pdb_get_methods();
335 : struct samu *for_cache;
336 : const struct dom_sid *user_sid;
337 : NTSTATUS status;
338 : bool ok;
339 :
340 1967 : status = pdb->getsampwnam(pdb, sam_acct, username);
341 1967 : if (!NT_STATUS_IS_OK(status)) {
342 512 : return false;
343 : }
344 :
345 1455 : ok = pdb_try_account_unlock(sam_acct);
346 1455 : if (!ok) {
347 0 : DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n",
348 : username));
349 : }
350 :
351 1455 : for_cache = samu_new(NULL);
352 1455 : if (for_cache == NULL) {
353 0 : return False;
354 : }
355 :
356 1455 : if (!pdb_copy_sam_account(for_cache, sam_acct)) {
357 0 : TALLOC_FREE(for_cache);
358 0 : return False;
359 : }
360 :
361 1455 : user_sid = pdb_get_user_sid(for_cache);
362 :
363 1455 : memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
364 : data_blob_const(user_sid, sizeof(*user_sid)),
365 : &for_cache);
366 :
367 1455 : return True;
368 : }
369 :
370 : /**********************************************************************
371 : **********************************************************************/
372 :
373 72 : static bool guest_user_info( struct samu *user )
374 : {
375 : struct passwd *pwd;
376 : NTSTATUS result;
377 72 : const char *guestname = lp_guest_account();
378 :
379 72 : pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
380 72 : if (pwd == NULL) {
381 0 : DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
382 : guestname));
383 0 : return False;
384 : }
385 :
386 72 : result = samu_set_unix(user, pwd );
387 :
388 72 : TALLOC_FREE( pwd );
389 :
390 72 : return NT_STATUS_IS_OK( result );
391 : }
392 :
393 : /**
394 : * @brief Get a sam user structure by the given username.
395 : *
396 : * This functions also checks if the account has been automatically locked out
397 : * and unlocks it if a lockout duration time has been defined and the time has
398 : * elapsed.
399 : *
400 : *
401 : * @param[in] sam_acct The sam user structure to fill.
402 : *
403 : * @param[in] sid The user SDI to look up.
404 : *
405 : * @return True on success, false on error.
406 : */
407 2651 : bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid)
408 : {
409 2651 : struct pdb_methods *pdb = pdb_get_methods();
410 : uint32_t rid;
411 : void *cache_data;
412 2651 : bool ok = false;
413 :
414 : /* hard code the Guest RID of 501 */
415 :
416 2651 : if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
417 0 : return False;
418 :
419 2651 : if ( rid == DOMAIN_RID_GUEST ) {
420 72 : DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
421 72 : return guest_user_info( sam_acct );
422 : }
423 :
424 : /* check the cache first */
425 :
426 2579 : cache_data = memcache_lookup_talloc(
427 : NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
428 :
429 2579 : if (cache_data != NULL) {
430 48 : struct samu *cache_copy = talloc_get_type_abort(
431 : cache_data, struct samu);
432 :
433 48 : ok = pdb_copy_sam_account(sam_acct, cache_copy);
434 : } else {
435 2531 : ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
436 : }
437 :
438 2579 : if (!ok) {
439 225 : return false;
440 : }
441 :
442 2354 : ok = pdb_try_account_unlock(sam_acct);
443 2354 : if (!ok) {
444 0 : DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n",
445 : sam_acct->username));
446 : }
447 :
448 2354 : return true;
449 : }
450 :
451 294 : static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
452 : TALLOC_CTX *tmp_ctx, const char *name,
453 : uint32_t acb_info, uint32_t *rid)
454 : {
455 183 : const struct loadparm_substitution *lp_sub =
456 111 : loadparm_s3_global_substitution();
457 : struct samu *sam_pass;
458 : NTSTATUS status;
459 : struct passwd *pwd;
460 :
461 294 : if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
462 0 : return NT_STATUS_NO_MEMORY;
463 : }
464 :
465 294 : if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
466 4 : char *add_script = NULL;
467 : int add_ret;
468 : fstring name2;
469 :
470 4 : if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
471 3 : add_script = lp_add_user_script(tmp_ctx, lp_sub);
472 : } else {
473 1 : add_script = lp_add_machine_script(tmp_ctx, lp_sub);
474 : }
475 :
476 4 : if (!add_script || add_script[0] == '\0') {
477 0 : DEBUG(3, ("Could not find user %s and no add script "
478 : "defined\n", name));
479 0 : return NT_STATUS_NO_SUCH_USER;
480 : }
481 :
482 : /* lowercase the username before creating the Unix account for
483 : compatibility with previous Samba releases */
484 4 : fstrcpy( name2, name );
485 4 : if (!strlower_m( name2 )) {
486 0 : return NT_STATUS_INVALID_PARAMETER;
487 : }
488 4 : add_script = talloc_all_string_sub(tmp_ctx,
489 : add_script,
490 : "%u",
491 : name2);
492 4 : if (!add_script) {
493 0 : return NT_STATUS_NO_MEMORY;
494 : }
495 4 : add_ret = smbrun(add_script, NULL, NULL);
496 3 : DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
497 : add_script, add_ret));
498 3 : if (add_ret == 0) {
499 3 : smb_nscd_flush_user_cache();
500 : }
501 :
502 3 : flush_pwnam_cache();
503 :
504 3 : pwd = Get_Pwnam_alloc(tmp_ctx, name);
505 :
506 3 : if(pwd == NULL) {
507 0 : DEBUG(3, ("Could not find user %s, add script did not work\n", name));
508 0 : return NT_STATUS_NO_SUCH_USER;
509 : }
510 : }
511 :
512 : /* we have a valid SID coming out of this call */
513 :
514 293 : status = samu_alloc_rid_unix(methods, sam_pass, pwd);
515 :
516 293 : TALLOC_FREE( pwd );
517 :
518 293 : if (!NT_STATUS_IS_OK(status)) {
519 0 : DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
520 0 : return status;
521 : }
522 :
523 293 : if (!sid_peek_check_rid(get_global_sam_sid(),
524 : pdb_get_user_sid(sam_pass), rid)) {
525 0 : DEBUG(0, ("Could not get RID of fresh user\n"));
526 0 : return NT_STATUS_INTERNAL_ERROR;
527 : }
528 :
529 : /* Use the username case specified in the original request */
530 :
531 293 : pdb_set_username( sam_pass, name, PDB_SET );
532 :
533 : /* Disable the account on creation, it does not have a reasonable password yet. */
534 :
535 293 : acb_info |= ACB_DISABLED;
536 :
537 293 : pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
538 :
539 293 : status = methods->add_sam_account(methods, sam_pass);
540 :
541 293 : TALLOC_FREE(sam_pass);
542 :
543 293 : return status;
544 : }
545 :
546 295 : NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32_t flags,
547 : uint32_t *rid)
548 : {
549 295 : struct pdb_methods *pdb = pdb_get_methods();
550 295 : return pdb->create_user(pdb, mem_ctx, name, flags, rid);
551 : }
552 :
553 : /****************************************************************************
554 : Delete a UNIX user on demand.
555 : ****************************************************************************/
556 :
557 3 : static int smb_delete_user(const char *unix_user)
558 : {
559 2 : const struct loadparm_substitution *lp_sub =
560 1 : loadparm_s3_global_substitution();
561 3 : char *del_script = NULL;
562 : int ret;
563 :
564 : /* safety check */
565 :
566 3 : if ( strequal( unix_user, "root" ) ) {
567 0 : DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
568 0 : return -1;
569 : }
570 :
571 3 : del_script = lp_delete_user_script(talloc_tos(), lp_sub);
572 3 : if (!del_script || !*del_script) {
573 0 : return -1;
574 : }
575 3 : del_script = talloc_all_string_sub(talloc_tos(),
576 : del_script,
577 : "%u",
578 : unix_user);
579 3 : if (!del_script) {
580 0 : return -1;
581 : }
582 3 : ret = smbrun(del_script, NULL, NULL);
583 2 : flush_pwnam_cache();
584 2 : if (ret == 0) {
585 2 : smb_nscd_flush_user_cache();
586 : }
587 2 : DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
588 :
589 2 : return ret;
590 : }
591 :
592 3 : static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
593 : TALLOC_CTX *mem_ctx,
594 : struct samu *sam_acct)
595 : {
596 : NTSTATUS status;
597 : fstring username;
598 :
599 3 : status = methods->delete_sam_account(methods, sam_acct);
600 3 : if (!NT_STATUS_IS_OK(status)) {
601 0 : return status;
602 : }
603 :
604 : /*
605 : * Now delete the unix side ....
606 : * note: we don't check if the delete really happened as the script is
607 : * not necessary present and maybe the sysadmin doesn't want to delete
608 : * the unix side
609 : */
610 :
611 : /* always lower case the username before handing it off to
612 : external scripts */
613 :
614 3 : fstrcpy( username, pdb_get_username(sam_acct) );
615 3 : if (!strlower_m( username )) {
616 0 : return status;
617 : }
618 :
619 3 : smb_delete_user( username );
620 :
621 2 : return status;
622 : }
623 :
624 3 : NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
625 : {
626 3 : struct pdb_methods *pdb = pdb_get_methods();
627 3 : uid_t uid = -1;
628 : NTSTATUS status;
629 : const struct dom_sid *user_sid;
630 : char *msg_data;
631 :
632 3 : user_sid = pdb_get_user_sid(sam_acct);
633 :
634 : /* sanity check to make sure we don't delete root */
635 :
636 3 : if ( !sid_to_uid(user_sid, &uid ) ) {
637 0 : return NT_STATUS_NO_SUCH_USER;
638 : }
639 :
640 3 : if ( uid == 0 ) {
641 0 : return NT_STATUS_ACCESS_DENIED;
642 : }
643 :
644 3 : memcache_delete(NULL,
645 : PDB_GETPWSID_CACHE,
646 : data_blob_const(user_sid, sizeof(*user_sid)));
647 :
648 3 : status = pdb->delete_user(pdb, mem_ctx, sam_acct);
649 2 : if (!NT_STATUS_IS_OK(status)) {
650 0 : return status;
651 : }
652 :
653 2 : msg_data = talloc_asprintf(mem_ctx, "USER %s",
654 : pdb_get_username(sam_acct));
655 2 : if (!msg_data) {
656 : /* not fatal, and too late to rollback,
657 : * just return */
658 0 : return status;
659 : }
660 2 : messaging_send_all(global_messaging_context(),
661 : ID_CACHE_DELETE,
662 : msg_data,
663 2 : strlen(msg_data) + 1);
664 :
665 2 : TALLOC_FREE(msg_data);
666 2 : return status;
667 : }
668 :
669 0 : NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
670 : {
671 0 : struct pdb_methods *pdb = pdb_get_methods();
672 0 : return pdb->add_sam_account(pdb, sam_acct);
673 : }
674 :
675 341 : NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
676 : {
677 341 : struct pdb_methods *pdb = pdb_get_methods();
678 :
679 341 : memcache_flush(NULL, PDB_GETPWSID_CACHE);
680 :
681 341 : return pdb->update_sam_account(pdb, sam_acct);
682 : }
683 :
684 1 : NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
685 : {
686 1 : struct pdb_methods *pdb = pdb_get_methods();
687 1 : const struct dom_sid *user_sid = pdb_get_user_sid(sam_acct);
688 :
689 1 : memcache_delete(NULL,
690 : PDB_GETPWSID_CACHE,
691 : data_blob_const(user_sid, sizeof(*user_sid)));
692 :
693 1 : return pdb->delete_sam_account(pdb, sam_acct);
694 : }
695 :
696 0 : NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
697 : {
698 0 : struct pdb_methods *pdb = pdb_get_methods();
699 : uid_t uid;
700 : NTSTATUS status;
701 :
702 0 : memcache_flush(NULL, PDB_GETPWSID_CACHE);
703 :
704 : /* sanity check to make sure we don't rename root */
705 :
706 0 : if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
707 0 : return NT_STATUS_NO_SUCH_USER;
708 : }
709 :
710 0 : if ( uid == 0 ) {
711 0 : return NT_STATUS_ACCESS_DENIED;
712 : }
713 :
714 0 : status = pdb->rename_sam_account(pdb, oldname, newname);
715 :
716 : /* always flush the cache here just to be safe */
717 0 : flush_pwnam_cache();
718 :
719 0 : return status;
720 : }
721 :
722 499 : NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
723 : {
724 499 : struct pdb_methods *pdb = pdb_get_methods();
725 499 : return pdb->update_login_attempts(pdb, sam_acct, success);
726 : }
727 :
728 6582 : bool pdb_getgrsid(GROUP_MAP *map, struct dom_sid sid)
729 : {
730 6582 : struct pdb_methods *pdb = pdb_get_methods();
731 6582 : return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
732 : }
733 :
734 99 : bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
735 : {
736 99 : struct pdb_methods *pdb = pdb_get_methods();
737 99 : return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
738 : }
739 :
740 308 : bool pdb_getgrnam(GROUP_MAP *map, const char *name)
741 : {
742 308 : struct pdb_methods *pdb = pdb_get_methods();
743 308 : return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
744 : }
745 :
746 0 : static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
747 : TALLOC_CTX *mem_ctx,
748 : const char *name,
749 : uint32_t *rid)
750 : {
751 : struct dom_sid group_sid;
752 : struct group *grp;
753 : struct dom_sid_buf tmp;
754 :
755 0 : grp = getgrnam(name);
756 :
757 0 : if (grp == NULL) {
758 : gid_t gid;
759 :
760 0 : if (smb_create_group(name, &gid) != 0) {
761 0 : return NT_STATUS_ACCESS_DENIED;
762 : }
763 :
764 0 : grp = getgrgid(gid);
765 : }
766 :
767 0 : if (grp == NULL) {
768 0 : return NT_STATUS_ACCESS_DENIED;
769 : }
770 :
771 0 : if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
772 0 : if (!pdb_new_rid(rid)) {
773 0 : return NT_STATUS_ACCESS_DENIED;
774 : }
775 : } else {
776 0 : *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
777 : }
778 :
779 0 : sid_compose(&group_sid, get_global_sam_sid(), *rid);
780 :
781 0 : return add_initial_entry(
782 : grp->gr_gid,
783 0 : dom_sid_str_buf(&group_sid, &tmp),
784 : SID_NAME_DOM_GRP,
785 : name,
786 : NULL);
787 : }
788 :
789 0 : NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
790 : uint32_t *rid)
791 : {
792 0 : struct pdb_methods *pdb = pdb_get_methods();
793 0 : return pdb->create_dom_group(pdb, mem_ctx, name, rid);
794 : }
795 :
796 0 : static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
797 : TALLOC_CTX *mem_ctx,
798 : uint32_t rid)
799 : {
800 : struct dom_sid group_sid;
801 : GROUP_MAP *map;
802 : NTSTATUS status;
803 : struct group *grp;
804 : const char *grp_name;
805 :
806 0 : map = talloc_zero(mem_ctx, GROUP_MAP);
807 0 : if (!map) {
808 0 : return NT_STATUS_NO_MEMORY;
809 : }
810 :
811 : /* coverity */
812 0 : map->gid = (gid_t) -1;
813 :
814 0 : sid_compose(&group_sid, get_global_sam_sid(), rid);
815 :
816 0 : if (!get_domain_group_from_sid(group_sid, map)) {
817 0 : DEBUG(10, ("Could not find group for rid %d\n", rid));
818 0 : return NT_STATUS_NO_SUCH_GROUP;
819 : }
820 :
821 : /* We need the group name for the smb_delete_group later on */
822 :
823 0 : if (map->gid == (gid_t)-1) {
824 0 : return NT_STATUS_NO_SUCH_GROUP;
825 : }
826 :
827 0 : grp = getgrgid(map->gid);
828 0 : if (grp == NULL) {
829 0 : return NT_STATUS_NO_SUCH_GROUP;
830 : }
831 :
832 0 : TALLOC_FREE(map);
833 :
834 : /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
835 :
836 0 : grp_name = talloc_strdup(mem_ctx, grp->gr_name);
837 0 : if (grp_name == NULL) {
838 0 : return NT_STATUS_NO_MEMORY;
839 : }
840 :
841 0 : status = pdb_delete_group_mapping_entry(group_sid);
842 :
843 0 : if (!NT_STATUS_IS_OK(status)) {
844 0 : return status;
845 : }
846 :
847 : /* Don't check the result of smb_delete_group */
848 :
849 0 : smb_delete_group(grp_name);
850 :
851 0 : return NT_STATUS_OK;
852 : }
853 :
854 0 : NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid)
855 : {
856 0 : struct pdb_methods *pdb = pdb_get_methods();
857 0 : return pdb->delete_dom_group(pdb, mem_ctx, rid);
858 : }
859 :
860 145 : NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
861 : {
862 145 : struct pdb_methods *pdb = pdb_get_methods();
863 145 : return pdb->add_group_mapping_entry(pdb, map);
864 : }
865 :
866 0 : NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
867 : {
868 0 : struct pdb_methods *pdb = pdb_get_methods();
869 0 : return pdb->update_group_mapping_entry(pdb, map);
870 : }
871 :
872 12 : NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
873 : {
874 12 : struct pdb_methods *pdb = pdb_get_methods();
875 12 : return pdb->delete_group_mapping_entry(pdb, sid);
876 : }
877 :
878 0 : bool pdb_enum_group_mapping(const struct dom_sid *sid,
879 : enum lsa_SidType sid_name_use,
880 : GROUP_MAP ***pp_rmap,
881 : size_t *p_num_entries,
882 : bool unix_only)
883 : {
884 0 : struct pdb_methods *pdb = pdb_get_methods();
885 0 : return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
886 : pp_rmap, p_num_entries, unix_only));
887 : }
888 :
889 0 : NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
890 : const struct dom_sid *sid,
891 : uint32_t **pp_member_rids,
892 : size_t *p_num_members)
893 : {
894 0 : struct pdb_methods *pdb = pdb_get_methods();
895 : NTSTATUS result;
896 :
897 0 : result = pdb->enum_group_members(pdb, mem_ctx,
898 : sid, pp_member_rids, p_num_members);
899 :
900 : /* special check for rid 513 */
901 :
902 0 : if ( !NT_STATUS_IS_OK( result ) ) {
903 : uint32_t rid;
904 :
905 0 : sid_peek_rid( sid, &rid );
906 :
907 0 : if ( rid == DOMAIN_RID_USERS ) {
908 0 : *p_num_members = 0;
909 0 : *pp_member_rids = NULL;
910 :
911 0 : return NT_STATUS_OK;
912 : }
913 : }
914 :
915 0 : return result;
916 : }
917 :
918 2799 : NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
919 : struct dom_sid **pp_sids, gid_t **pp_gids,
920 : uint32_t *p_num_groups)
921 : {
922 2799 : struct pdb_methods *pdb = pdb_get_methods();
923 2799 : return pdb->enum_group_memberships(
924 : pdb, mem_ctx, user,
925 : pp_sids, pp_gids, p_num_groups);
926 : }
927 :
928 0 : static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
929 : TALLOC_CTX *mem_ctx,
930 : struct samu *sampass)
931 : {
932 : struct group *grp;
933 : gid_t gid;
934 :
935 0 : if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
936 0 : (grp = getgrgid(gid)) == NULL) {
937 0 : return NT_STATUS_INVALID_PRIMARY_GROUP;
938 : }
939 :
940 0 : if (smb_set_primary_group(grp->gr_name,
941 : pdb_get_username(sampass)) != 0) {
942 0 : return NT_STATUS_ACCESS_DENIED;
943 : }
944 :
945 0 : return NT_STATUS_OK;
946 : }
947 :
948 0 : NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
949 : {
950 0 : struct pdb_methods *pdb = pdb_get_methods();
951 0 : return pdb->set_unix_primary_group(pdb, mem_ctx, user);
952 : }
953 :
954 : /*
955 : * Helper function to see whether a user is in a group. We can't use
956 : * user_in_group_sid here because this creates dependencies only smbd can
957 : * fulfil.
958 : */
959 :
960 0 : static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
961 : const struct dom_sid *group_sid)
962 : {
963 : struct dom_sid *sids;
964 : gid_t *gids;
965 : uint32_t i, num_groups;
966 :
967 0 : if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
968 : &sids, &gids,
969 : &num_groups))) {
970 0 : return False;
971 : }
972 :
973 0 : for (i=0; i<num_groups; i++) {
974 0 : if (dom_sid_equal(group_sid, &sids[i])) {
975 0 : return True;
976 : }
977 : }
978 0 : return False;
979 : }
980 :
981 0 : static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
982 : TALLOC_CTX *mem_ctx,
983 : uint32_t group_rid,
984 : uint32_t member_rid)
985 : {
986 : struct dom_sid group_sid, member_sid;
987 0 : struct samu *account = NULL;
988 : GROUP_MAP *map;
989 : struct group *grp;
990 : struct passwd *pwd;
991 : const char *group_name;
992 : uid_t uid;
993 :
994 0 : map = talloc_zero(mem_ctx, GROUP_MAP);
995 0 : if (!map) {
996 0 : return NT_STATUS_NO_MEMORY;
997 : }
998 :
999 : /* coverity */
1000 0 : map->gid = (gid_t) -1;
1001 :
1002 0 : sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1003 0 : sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1004 :
1005 0 : if (!get_domain_group_from_sid(group_sid, map) ||
1006 0 : (map->gid == (gid_t)-1) ||
1007 0 : ((grp = getgrgid(map->gid)) == NULL)) {
1008 0 : return NT_STATUS_NO_SUCH_GROUP;
1009 : }
1010 :
1011 0 : TALLOC_FREE(map);
1012 :
1013 0 : group_name = talloc_strdup(mem_ctx, grp->gr_name);
1014 0 : if (group_name == NULL) {
1015 0 : return NT_STATUS_NO_MEMORY;
1016 : }
1017 :
1018 0 : if ( !(account = samu_new( NULL )) ) {
1019 0 : return NT_STATUS_NO_MEMORY;
1020 : }
1021 :
1022 0 : if (!pdb_getsampwsid(account, &member_sid) ||
1023 0 : !sid_to_uid(&member_sid, &uid) ||
1024 0 : ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1025 0 : return NT_STATUS_NO_SUCH_USER;
1026 : }
1027 :
1028 0 : if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1029 0 : return NT_STATUS_MEMBER_IN_GROUP;
1030 : }
1031 :
1032 : /*
1033 : * ok, the group exist, the user exist, the user is not in the group,
1034 : * we can (finally) add it to the group !
1035 : */
1036 :
1037 0 : smb_add_user_group(group_name, pwd->pw_name);
1038 :
1039 0 : if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1040 0 : return NT_STATUS_ACCESS_DENIED;
1041 : }
1042 :
1043 0 : return NT_STATUS_OK;
1044 : }
1045 :
1046 0 : NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1047 : uint32_t member_rid)
1048 : {
1049 0 : struct pdb_methods *pdb = pdb_get_methods();
1050 0 : return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
1051 : }
1052 :
1053 0 : static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
1054 : TALLOC_CTX *mem_ctx,
1055 : uint32_t group_rid,
1056 : uint32_t member_rid)
1057 : {
1058 : struct dom_sid group_sid, member_sid;
1059 0 : struct samu *account = NULL;
1060 : GROUP_MAP *map;
1061 : struct group *grp;
1062 : struct passwd *pwd;
1063 : const char *group_name;
1064 : uid_t uid;
1065 :
1066 0 : map = talloc_zero(mem_ctx, GROUP_MAP);
1067 0 : if (!map) {
1068 0 : return NT_STATUS_NO_MEMORY;
1069 : }
1070 :
1071 0 : sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1072 0 : sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1073 :
1074 0 : if (!get_domain_group_from_sid(group_sid, map) ||
1075 0 : (map->gid == (gid_t)-1) ||
1076 0 : ((grp = getgrgid(map->gid)) == NULL)) {
1077 0 : return NT_STATUS_NO_SUCH_GROUP;
1078 : }
1079 :
1080 0 : TALLOC_FREE(map);
1081 :
1082 0 : group_name = talloc_strdup(mem_ctx, grp->gr_name);
1083 0 : if (group_name == NULL) {
1084 0 : return NT_STATUS_NO_MEMORY;
1085 : }
1086 :
1087 0 : if ( !(account = samu_new( NULL )) ) {
1088 0 : return NT_STATUS_NO_MEMORY;
1089 : }
1090 :
1091 0 : if (!pdb_getsampwsid(account, &member_sid) ||
1092 0 : !sid_to_uid(&member_sid, &uid) ||
1093 0 : ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1094 0 : return NT_STATUS_NO_SUCH_USER;
1095 : }
1096 :
1097 0 : if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1098 0 : return NT_STATUS_MEMBER_NOT_IN_GROUP;
1099 : }
1100 :
1101 : /*
1102 : * ok, the group exist, the user exist, the user is in the group,
1103 : * we can (finally) delete it from the group!
1104 : */
1105 :
1106 0 : smb_delete_user_group(group_name, pwd->pw_name);
1107 :
1108 0 : if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1109 0 : return NT_STATUS_ACCESS_DENIED;
1110 : }
1111 :
1112 0 : return NT_STATUS_OK;
1113 : }
1114 :
1115 0 : NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1116 : uint32_t member_rid)
1117 : {
1118 0 : struct pdb_methods *pdb = pdb_get_methods();
1119 0 : return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
1120 : }
1121 :
1122 0 : NTSTATUS pdb_create_alias(const char *name, uint32_t *rid)
1123 : {
1124 0 : struct pdb_methods *pdb = pdb_get_methods();
1125 0 : return pdb->create_alias(pdb, name, rid);
1126 : }
1127 :
1128 0 : NTSTATUS pdb_delete_alias(const struct dom_sid *sid)
1129 : {
1130 0 : struct pdb_methods *pdb = pdb_get_methods();
1131 0 : return pdb->delete_alias(pdb, sid);
1132 : }
1133 :
1134 6357 : NTSTATUS pdb_get_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1135 : {
1136 6357 : struct pdb_methods *pdb = pdb_get_methods();
1137 6357 : return pdb->get_aliasinfo(pdb, sid, info);
1138 : }
1139 :
1140 0 : NTSTATUS pdb_set_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1141 : {
1142 0 : struct pdb_methods *pdb = pdb_get_methods();
1143 0 : return pdb->set_aliasinfo(pdb, sid, info);
1144 : }
1145 :
1146 78 : NTSTATUS pdb_add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1147 : {
1148 78 : struct pdb_methods *pdb = pdb_get_methods();
1149 78 : return pdb->add_aliasmem(pdb, alias, member);
1150 : }
1151 :
1152 6 : NTSTATUS pdb_del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1153 : {
1154 6 : struct pdb_methods *pdb = pdb_get_methods();
1155 6 : return pdb->del_aliasmem(pdb, alias, member);
1156 : }
1157 :
1158 4 : NTSTATUS pdb_enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
1159 : struct dom_sid **pp_members, size_t *p_num_members)
1160 : {
1161 4 : struct pdb_methods *pdb = pdb_get_methods();
1162 4 : return pdb->enum_aliasmem(pdb, alias, mem_ctx, pp_members,
1163 : p_num_members);
1164 : }
1165 :
1166 4318 : NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
1167 : const struct dom_sid *domain_sid,
1168 : const struct dom_sid *members, size_t num_members,
1169 : uint32_t **pp_alias_rids,
1170 : size_t *p_num_alias_rids)
1171 : {
1172 4318 : struct pdb_methods *pdb = pdb_get_methods();
1173 4318 : return pdb->enum_alias_memberships(pdb, mem_ctx,
1174 : domain_sid,
1175 : members, num_members,
1176 : pp_alias_rids,
1177 : p_num_alias_rids);
1178 : }
1179 :
1180 2297 : NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid,
1181 : int num_rids,
1182 : uint32_t *rids,
1183 : const char **names,
1184 : enum lsa_SidType *attrs)
1185 : {
1186 2297 : struct pdb_methods *pdb = pdb_get_methods();
1187 2297 : return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
1188 : }
1189 :
1190 8695 : bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
1191 : {
1192 8695 : struct pdb_methods *pdb = pdb_get_methods();
1193 : NTSTATUS status;
1194 :
1195 8695 : become_root();
1196 8695 : status = pdb->get_account_policy(pdb, type, value);
1197 8695 : unbecome_root();
1198 :
1199 8695 : return NT_STATUS_IS_OK(status);
1200 : }
1201 :
1202 0 : bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
1203 : {
1204 0 : struct pdb_methods *pdb = pdb_get_methods();
1205 : NTSTATUS status;
1206 :
1207 0 : become_root();
1208 0 : status = pdb->set_account_policy(pdb, type, value);
1209 0 : unbecome_root();
1210 :
1211 0 : return NT_STATUS_IS_OK(status);
1212 : }
1213 :
1214 0 : bool pdb_get_seq_num(time_t *seq_num)
1215 : {
1216 0 : struct pdb_methods *pdb = pdb_get_methods();
1217 0 : return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1218 : }
1219 :
1220 : /*
1221 : * Instead of passing down a gid or uid, this function sends down a pointer
1222 : * to a unixid.
1223 : *
1224 : * This acts as an in-out variable so that the idmap functions can correctly
1225 : * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
1226 : * the cache to store ID_TYPE_UID or ID_TYPE_GID.
1227 : */
1228 2752 : bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
1229 : {
1230 2752 : struct pdb_methods *pdb = pdb_get_methods();
1231 : bool ret;
1232 :
1233 2752 : ret = pdb->id_to_sid(pdb, id, sid);
1234 :
1235 2752 : if (ret) {
1236 119 : idmap_cache_set_sid2unixid(sid, id);
1237 : }
1238 :
1239 2752 : return ret;
1240 : }
1241 :
1242 3295 : bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
1243 : {
1244 3295 : struct pdb_methods *pdb = pdb_get_methods();
1245 : bool ret;
1246 :
1247 : /* only ask the backend if it is responsible */
1248 3295 : if (!sid_check_object_is_for_passdb(sid)) {
1249 2096 : return false;
1250 : }
1251 :
1252 1199 : ret = pdb->sid_to_id(pdb, sid, id);
1253 :
1254 1199 : if (ret) {
1255 482 : idmap_cache_set_sid2unixid(sid, id);
1256 : }
1257 :
1258 1199 : return ret;
1259 : }
1260 :
1261 221 : uint32_t pdb_capabilities(void)
1262 : {
1263 221 : struct pdb_methods *pdb = pdb_get_methods();
1264 221 : return pdb->capabilities(pdb);
1265 : }
1266 :
1267 : /********************************************************************
1268 : Allocate a new RID from the passdb backend. Verify that it is free
1269 : by calling lookup_global_sam_rid() to verify that the RID is not
1270 : in use. This handles servers that have existing users or groups
1271 : with add RIDs (assigned from previous algorithmic mappings)
1272 : ********************************************************************/
1273 :
1274 0 : bool pdb_new_rid(uint32_t *rid)
1275 : {
1276 0 : struct pdb_methods *pdb = pdb_get_methods();
1277 0 : const char *name = NULL;
1278 : enum lsa_SidType type;
1279 0 : uint32_t allocated_rid = 0;
1280 : int i;
1281 : TALLOC_CTX *ctx;
1282 :
1283 0 : if ((pdb_capabilities() & PDB_CAP_STORE_RIDS) == 0) {
1284 0 : DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1285 : "are active\n"));
1286 0 : return False;
1287 : }
1288 :
1289 0 : if (algorithmic_rid_base() != BASE_RID) {
1290 0 : DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1291 : "without algorithmic RIDs is chosen.\n"));
1292 0 : DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1293 : "add', set the maximum used RID\n"));
1294 0 : DEBUGADD(0, ("and remove the parameter\n"));
1295 0 : return False;
1296 : }
1297 :
1298 0 : if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1299 0 : DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1300 0 : return False;
1301 : }
1302 :
1303 : /* Attempt to get an unused RID (max tires is 250...yes that it is
1304 : and arbitrary number I pulkled out of my head). -- jerry */
1305 :
1306 0 : for ( i=0; allocated_rid==0 && i<250; i++ ) {
1307 : /* get a new RID */
1308 :
1309 0 : if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1310 0 : return False;
1311 : }
1312 :
1313 : /* validate that the RID is not in use */
1314 :
1315 0 : if (lookup_global_sam_rid(ctx, allocated_rid, &name, &type, NULL, NULL)) {
1316 0 : allocated_rid = 0;
1317 : }
1318 : }
1319 :
1320 0 : TALLOC_FREE( ctx );
1321 :
1322 0 : if ( allocated_rid == 0 ) {
1323 0 : DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1324 0 : return False;
1325 : }
1326 :
1327 0 : *rid = allocated_rid;
1328 :
1329 0 : return True;
1330 : }
1331 :
1332 : /***************************************************************
1333 : Initialize the static context (at smbd startup etc).
1334 :
1335 : If uninitialised, context will auto-init on first use.
1336 : ***************************************************************/
1337 :
1338 5714 : bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx)
1339 : {
1340 5714 : if (tevent_ctx) {
1341 5384 : pdb_tevent_ctx = tevent_ctx;
1342 : }
1343 5714 : return (pdb_get_methods_reload(reload) != NULL);
1344 : }
1345 :
1346 : /***************************************************************************
1347 : Default implementations of some functions.
1348 : ****************************************************************************/
1349 :
1350 0 : static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
1351 : {
1352 0 : return NT_STATUS_NO_SUCH_USER;
1353 : }
1354 :
1355 0 : static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid)
1356 : {
1357 0 : return NT_STATUS_NO_SUCH_USER;
1358 : }
1359 :
1360 0 : static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1361 : {
1362 0 : return NT_STATUS_NOT_IMPLEMENTED;
1363 : }
1364 :
1365 0 : static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1366 : {
1367 0 : return NT_STATUS_NOT_IMPLEMENTED;
1368 : }
1369 :
1370 0 : static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
1371 : {
1372 0 : return NT_STATUS_NOT_IMPLEMENTED;
1373 : }
1374 :
1375 0 : static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
1376 : {
1377 0 : return NT_STATUS_NOT_IMPLEMENTED;
1378 : }
1379 :
1380 498 : static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
1381 : {
1382 : /* Only the pdb_nds backend implements this, by
1383 : * default just return ok. */
1384 498 : return NT_STATUS_OK;
1385 : }
1386 :
1387 8633 : static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
1388 : {
1389 8633 : return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1390 : }
1391 :
1392 0 : static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
1393 : {
1394 0 : return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1395 : }
1396 :
1397 0 : static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
1398 : {
1399 0 : *seq_num = time(NULL);
1400 0 : return NT_STATUS_OK;
1401 : }
1402 :
1403 0 : static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
1404 : struct dom_sid *sid)
1405 : {
1406 0 : struct samu *sampw = NULL;
1407 : struct passwd *unix_pw;
1408 0 : fstring pw_name = { 0 };
1409 : bool ret;
1410 :
1411 0 : unix_pw = getpwuid( uid );
1412 :
1413 0 : if ( !unix_pw ) {
1414 0 : DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
1415 : "%lu\n", (unsigned long)uid));
1416 0 : return False;
1417 : }
1418 :
1419 0 : if (unix_pw->pw_name == NULL) {
1420 0 : DBG_DEBUG("No pw_name for uid %d\n", (int)uid);
1421 0 : return false;
1422 : }
1423 :
1424 : /*
1425 : * Make a copy, "unix_pw" might go away soon.
1426 : */
1427 0 : fstrcpy(pw_name, unix_pw->pw_name);
1428 :
1429 0 : if ( !(sampw = samu_new( NULL )) ) {
1430 0 : DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
1431 0 : return False;
1432 : }
1433 :
1434 0 : become_root();
1435 0 : ret = NT_STATUS_IS_OK(methods->getsampwnam(methods, sampw, pw_name));
1436 0 : unbecome_root();
1437 :
1438 0 : if (!ret) {
1439 0 : DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
1440 : "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1441 0 : TALLOC_FREE(sampw);
1442 0 : return False;
1443 : }
1444 :
1445 0 : sid_copy(sid, pdb_get_user_sid(sampw));
1446 :
1447 0 : TALLOC_FREE(sampw);
1448 :
1449 0 : return True;
1450 : }
1451 :
1452 2634 : static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
1453 : struct dom_sid *sid)
1454 : {
1455 : GROUP_MAP *map;
1456 :
1457 2634 : map = talloc_zero(NULL, GROUP_MAP);
1458 2634 : if (!map) {
1459 0 : return false;
1460 : }
1461 :
1462 2634 : if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
1463 2633 : TALLOC_FREE(map);
1464 2633 : return false;
1465 : }
1466 :
1467 1 : sid_copy(sid, &map->sid);
1468 1 : TALLOC_FREE(map);
1469 1 : return true;
1470 : }
1471 :
1472 2634 : static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
1473 : struct dom_sid *sid)
1474 : {
1475 2634 : switch (id->type) {
1476 0 : case ID_TYPE_UID:
1477 0 : return pdb_default_uid_to_sid(methods, id->id, sid);
1478 :
1479 2634 : case ID_TYPE_GID:
1480 2634 : return pdb_default_gid_to_sid(methods, id->id, sid);
1481 :
1482 0 : default:
1483 0 : return false;
1484 : }
1485 : }
1486 : /**
1487 : * The "Unix User" and "Unix Group" domains have a special
1488 : * id mapping that is a rid-algorithm with range starting at 0.
1489 : */
1490 518 : bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
1491 : struct unixid *id)
1492 : {
1493 : uint32_t rid;
1494 :
1495 518 : id->id = -1;
1496 :
1497 518 : if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
1498 0 : id->id = rid;
1499 0 : id->type = ID_TYPE_UID;
1500 0 : return true;
1501 : }
1502 :
1503 518 : if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
1504 0 : id->id = rid;
1505 0 : id->type = ID_TYPE_GID;
1506 0 : return true;
1507 : }
1508 :
1509 518 : return false;
1510 : }
1511 :
1512 816 : static bool pdb_default_sid_to_id(struct pdb_methods *methods,
1513 : const struct dom_sid *sid,
1514 : struct unixid *id)
1515 : {
1516 : TALLOC_CTX *mem_ctx;
1517 816 : bool ret = False;
1518 : uint32_t rid;
1519 : struct dom_sid_buf buf;
1520 :
1521 816 : id->id = -1;
1522 :
1523 816 : mem_ctx = talloc_new(NULL);
1524 :
1525 816 : if (mem_ctx == NULL) {
1526 0 : DEBUG(0, ("talloc_new failed\n"));
1527 0 : return False;
1528 : }
1529 :
1530 816 : if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1531 : const char *name;
1532 : enum lsa_SidType type;
1533 298 : uid_t uid = (uid_t)-1;
1534 298 : gid_t gid = (gid_t)-1;
1535 : /* Here we might have users as well as groups and aliases */
1536 298 : ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid);
1537 298 : if (ret) {
1538 78 : switch (type) {
1539 3 : case SID_NAME_DOM_GRP:
1540 : case SID_NAME_ALIAS:
1541 3 : id->type = ID_TYPE_GID;
1542 3 : id->id = gid;
1543 3 : break;
1544 75 : case SID_NAME_USER:
1545 75 : id->type = ID_TYPE_UID;
1546 75 : id->id = uid;
1547 75 : break;
1548 0 : default:
1549 0 : DEBUG(5, ("SID %s belongs to our domain, and "
1550 : "an object exists in the database, "
1551 : "but it is neither a user nor a "
1552 : "group (got type %d).\n",
1553 : dom_sid_str_buf(sid, &buf),
1554 : type));
1555 0 : ret = false;
1556 : }
1557 : } else {
1558 220 : DEBUG(5, ("SID %s belongs to our domain, but there is "
1559 : "no corresponding object in the database.\n",
1560 : dom_sid_str_buf(sid, &buf)));
1561 : }
1562 298 : goto done;
1563 : }
1564 :
1565 : /*
1566 : * "Unix User" and "Unix Group"
1567 : */
1568 518 : ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
1569 518 : if (ret) {
1570 0 : goto done;
1571 : }
1572 :
1573 : /* BUILTIN */
1574 :
1575 518 : if (sid_check_is_in_builtin(sid) ||
1576 0 : sid_check_is_in_wellknown_domain(sid)) {
1577 : /* Here we only have aliases */
1578 : GROUP_MAP *map;
1579 :
1580 518 : map = talloc_zero(mem_ctx, GROUP_MAP);
1581 518 : if (!map) {
1582 0 : ret = false;
1583 0 : goto done;
1584 : }
1585 :
1586 518 : if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
1587 497 : DEBUG(10, ("Could not find map for sid %s\n",
1588 : dom_sid_str_buf(sid, &buf)));
1589 497 : goto done;
1590 : }
1591 21 : if ((map->sid_name_use != SID_NAME_ALIAS) &&
1592 0 : (map->sid_name_use != SID_NAME_WKN_GRP)) {
1593 0 : DEBUG(10, ("Map for sid %s is a %s, expected an "
1594 : "alias\n",
1595 : dom_sid_str_buf(sid, &buf),
1596 : sid_type_lookup(map->sid_name_use)));
1597 0 : goto done;
1598 : }
1599 :
1600 21 : id->id = map->gid;
1601 21 : id->type = ID_TYPE_GID;
1602 21 : ret = True;
1603 21 : goto done;
1604 : }
1605 :
1606 0 : DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1607 : dom_sid_str_buf(sid, &buf)));
1608 :
1609 816 : done:
1610 :
1611 816 : TALLOC_FREE(mem_ctx);
1612 816 : return ret;
1613 : }
1614 :
1615 0 : static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, uint32_t *p_num)
1616 : {
1617 : struct group *grp;
1618 : char **gr;
1619 : struct passwd *pwd;
1620 : bool winbind_env;
1621 0 : bool ret = False;
1622 :
1623 0 : *pp_uids = NULL;
1624 0 : *p_num = 0;
1625 :
1626 : /* We only look at our own sam, so don't care about imported stuff */
1627 0 : winbind_env = winbind_env_set();
1628 0 : (void)winbind_off();
1629 :
1630 0 : if ((grp = getgrgid(gid)) == NULL) {
1631 : /* allow winbindd lookups, but only if they weren't already disabled */
1632 0 : goto done;
1633 : }
1634 :
1635 : /* Primary group members */
1636 0 : setpwent();
1637 0 : while ((pwd = getpwent()) != NULL) {
1638 0 : if (pwd->pw_gid == gid) {
1639 0 : if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1640 : pp_uids, p_num)) {
1641 0 : goto done;
1642 : }
1643 : }
1644 : }
1645 0 : endpwent();
1646 :
1647 : /* Secondary group members */
1648 0 : for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1649 0 : struct passwd *pw = getpwnam(*gr);
1650 :
1651 0 : if (pw == NULL)
1652 0 : continue;
1653 0 : if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1654 0 : goto done;
1655 : }
1656 : }
1657 :
1658 0 : ret = True;
1659 :
1660 0 : done:
1661 :
1662 : /* allow winbindd lookups, but only if they weren't already disabled */
1663 0 : if (!winbind_env) {
1664 0 : (void)winbind_on();
1665 : }
1666 :
1667 0 : return ret;
1668 : }
1669 :
1670 0 : static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1671 : TALLOC_CTX *mem_ctx,
1672 : const struct dom_sid *group,
1673 : uint32_t **pp_member_rids,
1674 : size_t *p_num_members)
1675 : {
1676 : gid_t gid;
1677 : uid_t *uids;
1678 : uint32_t i, num_uids;
1679 :
1680 0 : *pp_member_rids = NULL;
1681 0 : *p_num_members = 0;
1682 :
1683 0 : if (!sid_to_gid(group, &gid))
1684 0 : return NT_STATUS_NO_SUCH_GROUP;
1685 :
1686 0 : if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1687 0 : return NT_STATUS_NO_SUCH_GROUP;
1688 :
1689 0 : if (num_uids == 0)
1690 0 : return NT_STATUS_OK;
1691 :
1692 0 : *pp_member_rids = talloc_zero_array(mem_ctx, uint32_t, num_uids);
1693 :
1694 0 : for (i=0; i<num_uids; i++) {
1695 : struct dom_sid sid;
1696 :
1697 0 : uid_to_sid(&sid, uids[i]);
1698 :
1699 0 : if (!sid_check_is_in_our_sam(&sid)) {
1700 0 : DEBUG(5, ("Inconsistent SAM -- group member uid not "
1701 : "in our domain\n"));
1702 0 : continue;
1703 : }
1704 :
1705 0 : sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1706 0 : *p_num_members += 1;
1707 : }
1708 :
1709 0 : return NT_STATUS_OK;
1710 : }
1711 :
1712 504 : static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
1713 : TALLOC_CTX *mem_ctx,
1714 : struct samu *user,
1715 : struct dom_sid **pp_sids,
1716 : gid_t **pp_gids,
1717 : uint32_t *p_num_groups)
1718 : {
1719 : size_t i;
1720 : gid_t gid;
1721 : struct passwd *pw;
1722 504 : const char *username = pdb_get_username(user);
1723 :
1724 :
1725 : /* Ignore the primary group SID. Honor the real Unix primary group.
1726 : The primary group SID is only of real use to Windows clients */
1727 :
1728 504 : if ( !(pw = Get_Pwnam_alloc(mem_ctx, username)) ) {
1729 0 : return NT_STATUS_NO_SUCH_USER;
1730 : }
1731 :
1732 504 : gid = pw->pw_gid;
1733 :
1734 504 : TALLOC_FREE( pw );
1735 :
1736 504 : if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1737 0 : return NT_STATUS_NO_SUCH_USER;
1738 : }
1739 :
1740 504 : if (*p_num_groups == 0) {
1741 0 : smb_panic("primary group missing");
1742 : }
1743 :
1744 504 : *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
1745 :
1746 504 : if (*pp_sids == NULL) {
1747 0 : TALLOC_FREE(*pp_gids);
1748 0 : return NT_STATUS_NO_MEMORY;
1749 : }
1750 :
1751 1503 : for (i=0; i<*p_num_groups; i++) {
1752 999 : gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1753 : }
1754 :
1755 504 : return NT_STATUS_OK;
1756 : }
1757 :
1758 : /*******************************************************************
1759 : Look up a rid in the SAM we're responsible for (i.e. passdb)
1760 : ********************************************************************/
1761 :
1762 301 : static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
1763 : const char **name,
1764 : enum lsa_SidType *psid_name_use,
1765 : uid_t *uid, gid_t *gid)
1766 : {
1767 301 : struct samu *sam_account = NULL;
1768 301 : GROUP_MAP *map = NULL;
1769 : bool ret;
1770 : struct dom_sid sid;
1771 :
1772 301 : *psid_name_use = SID_NAME_UNKNOWN;
1773 :
1774 301 : DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1775 : (unsigned int)rid));
1776 :
1777 301 : sid_compose(&sid, get_global_sam_sid(), rid);
1778 :
1779 : /* see if the passdb can help us with the name of the user */
1780 :
1781 301 : if ( !(sam_account = samu_new( NULL )) ) {
1782 0 : return False;
1783 : }
1784 :
1785 301 : map = talloc_zero(mem_ctx, GROUP_MAP);
1786 301 : if (!map) {
1787 0 : return false;
1788 : }
1789 :
1790 : /* BEING ROOT BLOCK */
1791 301 : become_root();
1792 301 : ret = pdb_getsampwsid(sam_account, &sid);
1793 301 : if (!ret) {
1794 225 : TALLOC_FREE(sam_account);
1795 225 : ret = pdb_getgrsid(map, sid);
1796 : }
1797 301 : unbecome_root();
1798 : /* END BECOME_ROOT BLOCK */
1799 :
1800 301 : if (sam_account || !ret) {
1801 296 : TALLOC_FREE(map);
1802 : }
1803 :
1804 301 : if (sam_account) {
1805 : struct passwd *pw;
1806 :
1807 76 : *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1808 76 : if (!*name) {
1809 0 : TALLOC_FREE(sam_account);
1810 0 : return False;
1811 : }
1812 :
1813 76 : *psid_name_use = SID_NAME_USER;
1814 :
1815 76 : TALLOC_FREE(sam_account);
1816 :
1817 76 : if (uid == NULL) {
1818 1 : return True;
1819 : }
1820 :
1821 75 : pw = Get_Pwnam_alloc(talloc_tos(), *name);
1822 75 : if (pw == NULL) {
1823 0 : return False;
1824 : }
1825 75 : *uid = pw->pw_uid;
1826 75 : TALLOC_FREE(pw);
1827 75 : return True;
1828 :
1829 225 : } else if (map && (map->gid != (gid_t)-1)) {
1830 :
1831 : /* do not resolve SIDs to a name unless there is a valid
1832 : gid associated with it */
1833 :
1834 5 : *name = talloc_steal(mem_ctx, map->nt_name);
1835 5 : *psid_name_use = map->sid_name_use;
1836 :
1837 5 : if (gid) {
1838 3 : *gid = map->gid;
1839 : }
1840 :
1841 5 : TALLOC_FREE(map);
1842 5 : return True;
1843 : }
1844 :
1845 220 : TALLOC_FREE(map);
1846 :
1847 : /* Windows will always map RID 513 to something. On a non-domain
1848 : controller, this gets mapped to SERVER\None. */
1849 :
1850 220 : if (uid || gid) {
1851 220 : DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1852 220 : return False;
1853 : }
1854 :
1855 0 : if ( rid == DOMAIN_RID_USERS ) {
1856 0 : *name = talloc_strdup(mem_ctx, "None" );
1857 0 : *psid_name_use = SID_NAME_DOM_GRP;
1858 :
1859 0 : return True;
1860 : }
1861 :
1862 0 : return False;
1863 : }
1864 :
1865 3 : static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
1866 : const struct dom_sid *domain_sid,
1867 : int num_rids,
1868 : uint32_t *rids,
1869 : const char **names,
1870 : enum lsa_SidType *attrs)
1871 : {
1872 : int i;
1873 : NTSTATUS result;
1874 3 : bool have_mapped = False;
1875 3 : bool have_unmapped = False;
1876 :
1877 3 : if (sid_check_is_builtin(domain_sid)) {
1878 :
1879 0 : for (i=0; i<num_rids; i++) {
1880 : const char *name;
1881 :
1882 0 : if (lookup_builtin_rid(names, rids[i], &name)) {
1883 0 : attrs[i] = SID_NAME_ALIAS;
1884 0 : names[i] = name;
1885 0 : DEBUG(5,("lookup_rids: %s:%d\n",
1886 : names[i], attrs[i]));
1887 0 : have_mapped = True;
1888 : } else {
1889 0 : have_unmapped = True;
1890 0 : attrs[i] = SID_NAME_UNKNOWN;
1891 : }
1892 : }
1893 0 : goto done;
1894 : }
1895 :
1896 : /* Should not happen, but better check once too many */
1897 3 : if (!sid_check_is_our_sam(domain_sid)) {
1898 0 : return NT_STATUS_INVALID_HANDLE;
1899 : }
1900 :
1901 6 : for (i = 0; i < num_rids; i++) {
1902 : const char *name;
1903 :
1904 3 : if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1905 : NULL, NULL)) {
1906 3 : if (name == NULL) {
1907 0 : return NT_STATUS_NO_MEMORY;
1908 : }
1909 3 : names[i] = name;
1910 3 : DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1911 3 : have_mapped = True;
1912 : } else {
1913 0 : have_unmapped = True;
1914 0 : attrs[i] = SID_NAME_UNKNOWN;
1915 : }
1916 : }
1917 :
1918 3 : done:
1919 :
1920 3 : result = NT_STATUS_NONE_MAPPED;
1921 :
1922 3 : if (have_mapped)
1923 3 : result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1924 :
1925 3 : return result;
1926 : }
1927 :
1928 0 : static int pdb_search_destructor(struct pdb_search *search)
1929 : {
1930 0 : if ((!search->search_ended) && (search->search_end != NULL)) {
1931 0 : search->search_end(search);
1932 : }
1933 0 : return 0;
1934 : }
1935 :
1936 0 : struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
1937 : enum pdb_search_type type)
1938 : {
1939 : struct pdb_search *result;
1940 :
1941 0 : result = talloc(mem_ctx, struct pdb_search);
1942 0 : if (result == NULL) {
1943 0 : DEBUG(0, ("talloc failed\n"));
1944 0 : return NULL;
1945 : }
1946 :
1947 0 : result->type = type;
1948 0 : result->cache = NULL;
1949 0 : result->num_entries = 0;
1950 0 : result->cache_size = 0;
1951 0 : result->search_ended = False;
1952 0 : result->search_end = NULL;
1953 :
1954 : /* Segfault appropriately if not initialized */
1955 0 : result->next_entry = NULL;
1956 0 : result->search_end = NULL;
1957 :
1958 0 : talloc_set_destructor(result, pdb_search_destructor);
1959 :
1960 0 : return result;
1961 : }
1962 :
1963 0 : static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
1964 : uint16_t acct_flags,
1965 : const char *account_name,
1966 : const char *fullname,
1967 : const char *description,
1968 : struct samr_displayentry *entry)
1969 : {
1970 0 : entry->rid = rid;
1971 0 : entry->acct_flags = acct_flags;
1972 :
1973 0 : if (account_name != NULL)
1974 0 : entry->account_name = talloc_strdup(mem_ctx, account_name);
1975 : else
1976 0 : entry->account_name = "";
1977 :
1978 0 : if (fullname != NULL)
1979 0 : entry->fullname = talloc_strdup(mem_ctx, fullname);
1980 : else
1981 0 : entry->fullname = "";
1982 :
1983 0 : if (description != NULL)
1984 0 : entry->description = talloc_strdup(mem_ctx, description);
1985 : else
1986 0 : entry->description = "";
1987 0 : }
1988 :
1989 : struct group_search {
1990 : GROUP_MAP **groups;
1991 : size_t num_groups, current_group;
1992 : };
1993 :
1994 0 : static bool next_entry_groups(struct pdb_search *s,
1995 : struct samr_displayentry *entry)
1996 : {
1997 0 : struct group_search *state = (struct group_search *)s->private_data;
1998 : uint32_t rid;
1999 : GROUP_MAP *map;
2000 :
2001 0 : if (state->current_group == state->num_groups)
2002 0 : return False;
2003 :
2004 0 : map = state->groups[state->current_group];
2005 :
2006 0 : sid_peek_rid(&map->sid, &rid);
2007 :
2008 0 : fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
2009 :
2010 0 : state->current_group += 1;
2011 0 : return True;
2012 : }
2013 :
2014 0 : static void search_end_groups(struct pdb_search *search)
2015 : {
2016 0 : struct group_search *state =
2017 : (struct group_search *)search->private_data;
2018 0 : TALLOC_FREE(state->groups);
2019 0 : }
2020 :
2021 0 : static bool pdb_search_grouptype(struct pdb_methods *methods,
2022 : struct pdb_search *search,
2023 : const struct dom_sid *sid, enum lsa_SidType type)
2024 : {
2025 : struct group_search *state;
2026 :
2027 0 : state = talloc_zero(search, struct group_search);
2028 0 : if (state == NULL) {
2029 0 : DEBUG(0, ("talloc failed\n"));
2030 0 : return False;
2031 : }
2032 :
2033 0 : if (!NT_STATUS_IS_OK(methods->enum_group_mapping(methods, sid, type,
2034 : &state->groups, &state->num_groups,
2035 : True))) {
2036 0 : DEBUG(0, ("Could not enum groups\n"));
2037 0 : return False;
2038 : }
2039 :
2040 0 : state->current_group = 0;
2041 0 : search->private_data = state;
2042 0 : search->next_entry = next_entry_groups;
2043 0 : search->search_end = search_end_groups;
2044 0 : return True;
2045 : }
2046 :
2047 0 : static bool pdb_default_search_groups(struct pdb_methods *methods,
2048 : struct pdb_search *search)
2049 : {
2050 0 : return pdb_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP);
2051 : }
2052 :
2053 0 : static bool pdb_default_search_aliases(struct pdb_methods *methods,
2054 : struct pdb_search *search,
2055 : const struct dom_sid *sid)
2056 : {
2057 :
2058 0 : return pdb_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
2059 : }
2060 :
2061 0 : static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
2062 : uint32_t idx)
2063 : {
2064 0 : if (idx < search->num_entries)
2065 0 : return &search->cache[idx];
2066 :
2067 0 : if (search->search_ended)
2068 0 : return NULL;
2069 :
2070 0 : while (idx >= search->num_entries) {
2071 : struct samr_displayentry entry;
2072 :
2073 0 : if (!search->next_entry(search, &entry)) {
2074 0 : search->search_end(search);
2075 0 : search->search_ended = True;
2076 0 : break;
2077 : }
2078 :
2079 0 : ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
2080 : entry, &search->cache, &search->num_entries,
2081 : &search->cache_size);
2082 : }
2083 :
2084 0 : return (search->num_entries > idx) ? &search->cache[idx] : NULL;
2085 : }
2086 :
2087 0 : struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags)
2088 : {
2089 0 : struct pdb_methods *pdb = pdb_get_methods();
2090 : struct pdb_search *result;
2091 :
2092 0 : result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
2093 0 : if (result == NULL) {
2094 0 : return NULL;
2095 : }
2096 :
2097 0 : if (!pdb->search_users(pdb, result, acct_flags)) {
2098 0 : TALLOC_FREE(result);
2099 0 : return NULL;
2100 : }
2101 0 : return result;
2102 : }
2103 :
2104 0 : struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
2105 : {
2106 0 : struct pdb_methods *pdb = pdb_get_methods();
2107 : struct pdb_search *result;
2108 :
2109 0 : result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
2110 0 : if (result == NULL) {
2111 0 : return NULL;
2112 : }
2113 :
2114 0 : if (!pdb->search_groups(pdb, result)) {
2115 0 : TALLOC_FREE(result);
2116 0 : return NULL;
2117 : }
2118 0 : return result;
2119 : }
2120 :
2121 0 : struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
2122 : {
2123 0 : struct pdb_methods *pdb = pdb_get_methods();
2124 : struct pdb_search *result;
2125 :
2126 0 : if (pdb == NULL) return NULL;
2127 :
2128 0 : result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
2129 0 : if (result == NULL) {
2130 0 : return NULL;
2131 : }
2132 :
2133 0 : if (!pdb->search_aliases(pdb, result, sid)) {
2134 0 : TALLOC_FREE(result);
2135 0 : return NULL;
2136 : }
2137 0 : return result;
2138 : }
2139 :
2140 0 : uint32_t pdb_search_entries(struct pdb_search *search,
2141 : uint32_t start_idx, uint32_t max_entries,
2142 : struct samr_displayentry **result)
2143 : {
2144 : struct samr_displayentry *end_entry;
2145 0 : uint32_t end_idx = start_idx+max_entries-1;
2146 :
2147 : /* The first entry needs to be searched after the last. Otherwise the
2148 : * first entry might have moved due to a realloc during the search for
2149 : * the last entry. */
2150 :
2151 0 : end_entry = pdb_search_getentry(search, end_idx);
2152 0 : *result = pdb_search_getentry(search, start_idx);
2153 :
2154 0 : if (end_entry != NULL)
2155 0 : return max_entries;
2156 :
2157 0 : if (start_idx >= search->num_entries)
2158 0 : return 0;
2159 :
2160 0 : return search->num_entries - start_idx;
2161 : }
2162 :
2163 : /*******************************************************************
2164 : trustdom methods
2165 : *******************************************************************/
2166 :
2167 0 : bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid,
2168 : time_t *pass_last_set_time)
2169 : {
2170 0 : struct pdb_methods *pdb = pdb_get_methods();
2171 0 : return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
2172 : pass_last_set_time);
2173 : }
2174 :
2175 0 : NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
2176 : struct cli_credentials **creds)
2177 : {
2178 0 : struct pdb_methods *pdb = pdb_get_methods();
2179 0 : return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds);
2180 : }
2181 :
2182 0 : bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
2183 : const struct dom_sid *sid)
2184 : {
2185 0 : struct pdb_methods *pdb = pdb_get_methods();
2186 0 : return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
2187 : }
2188 :
2189 0 : bool pdb_del_trusteddom_pw(const char *domain)
2190 : {
2191 0 : struct pdb_methods *pdb = pdb_get_methods();
2192 0 : return pdb->del_trusteddom_pw(pdb, domain);
2193 : }
2194 :
2195 2 : NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2196 : struct trustdom_info ***domains)
2197 : {
2198 2 : struct pdb_methods *pdb = pdb_get_methods();
2199 2 : return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
2200 : }
2201 :
2202 : /*******************************************************************
2203 : the defaults for trustdom methods:
2204 : these simply call the original passdb/secrets.c actions,
2205 : to be replaced by pdb_ldap.
2206 : *******************************************************************/
2207 :
2208 0 : static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
2209 : const char *domain,
2210 : char** pwd,
2211 : struct dom_sid *sid,
2212 : time_t *pass_last_set_time)
2213 : {
2214 0 : return secrets_fetch_trusted_domain_password(domain, pwd,
2215 : sid, pass_last_set_time);
2216 :
2217 : }
2218 :
2219 0 : static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods,
2220 : const char *domain,
2221 : TALLOC_CTX *mem_ctx,
2222 : struct cli_credentials **creds)
2223 : {
2224 0 : *creds = NULL;
2225 0 : return NT_STATUS_NOT_IMPLEMENTED;
2226 : }
2227 :
2228 0 : static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
2229 : const char* domain,
2230 : const char* pwd,
2231 : const struct dom_sid *sid)
2232 : {
2233 0 : return secrets_store_trusted_domain_password(domain, pwd, sid);
2234 : }
2235 :
2236 0 : static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
2237 : const char *domain)
2238 : {
2239 0 : return trusted_domain_password_delete(domain);
2240 : }
2241 :
2242 2 : static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
2243 : TALLOC_CTX *mem_ctx,
2244 : uint32_t *num_domains,
2245 : struct trustdom_info ***domains)
2246 : {
2247 2 : return secrets_trusted_domains(mem_ctx, num_domains, domains);
2248 : }
2249 :
2250 : /*******************************************************************
2251 : trusted_domain methods
2252 : *******************************************************************/
2253 :
2254 0 : NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain,
2255 : struct pdb_trusted_domain **td)
2256 : {
2257 0 : struct pdb_methods *pdb = pdb_get_methods();
2258 0 : return pdb->get_trusted_domain(pdb, mem_ctx, domain, td);
2259 : }
2260 :
2261 0 : NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid,
2262 : struct pdb_trusted_domain **td)
2263 : {
2264 0 : struct pdb_methods *pdb = pdb_get_methods();
2265 0 : return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td);
2266 : }
2267 :
2268 0 : NTSTATUS pdb_set_trusted_domain(const char* domain,
2269 : const struct pdb_trusted_domain *td)
2270 : {
2271 0 : struct pdb_methods *pdb = pdb_get_methods();
2272 0 : return pdb->set_trusted_domain(pdb, domain, td);
2273 : }
2274 :
2275 0 : NTSTATUS pdb_del_trusted_domain(const char *domain)
2276 : {
2277 0 : struct pdb_methods *pdb = pdb_get_methods();
2278 0 : return pdb->del_trusted_domain(pdb, domain);
2279 : }
2280 :
2281 198 : NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2282 : struct pdb_trusted_domain ***domains)
2283 : {
2284 198 : struct pdb_methods *pdb = pdb_get_methods();
2285 198 : return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains);
2286 : }
2287 :
2288 0 : static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods,
2289 : TALLOC_CTX *mem_ctx,
2290 : const char *domain,
2291 : struct pdb_trusted_domain **td)
2292 : {
2293 : struct trustAuthInOutBlob taiob;
2294 : struct AuthenticationInformation aia;
2295 : struct pdb_trusted_domain *tdom;
2296 : enum ndr_err_code ndr_err;
2297 : time_t last_set_time;
2298 : char *pwd;
2299 : bool ok;
2300 :
2301 0 : tdom = talloc(mem_ctx, struct pdb_trusted_domain);
2302 0 : if (!tdom) {
2303 0 : return NT_STATUS_NO_MEMORY;
2304 : }
2305 :
2306 0 : tdom->domain_name = talloc_strdup(tdom, domain);
2307 0 : tdom->netbios_name = talloc_strdup(tdom, domain);
2308 0 : if (!tdom->domain_name || !tdom->netbios_name) {
2309 0 : talloc_free(tdom);
2310 0 : return NT_STATUS_NO_MEMORY;
2311 : }
2312 :
2313 0 : tdom->trust_auth_incoming = data_blob_null;
2314 :
2315 0 : ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
2316 : &last_set_time);
2317 0 : if (!ok) {
2318 0 : talloc_free(tdom);
2319 0 : return NT_STATUS_UNSUCCESSFUL;
2320 : }
2321 :
2322 0 : ZERO_STRUCT(taiob);
2323 0 : ZERO_STRUCT(aia);
2324 0 : taiob.count = 1;
2325 0 : taiob.current.count = 1;
2326 0 : taiob.current.array = &aia;
2327 0 : unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
2328 :
2329 0 : aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
2330 0 : aia.AuthInfo.clear.size = strlen(pwd);
2331 0 : aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd,
2332 : aia.AuthInfo.clear.size);
2333 0 : SAFE_FREE(pwd);
2334 0 : if (aia.AuthInfo.clear.password == NULL) {
2335 0 : talloc_free(tdom);
2336 0 : return NT_STATUS_NO_MEMORY;
2337 : }
2338 :
2339 0 : taiob.previous.count = 0;
2340 0 : taiob.previous.array = NULL;
2341 :
2342 0 : ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
2343 : tdom, &taiob,
2344 : (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
2345 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2346 0 : talloc_free(tdom);
2347 0 : return NT_STATUS_UNSUCCESSFUL;
2348 : }
2349 :
2350 0 : tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
2351 0 : tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
2352 0 : tdom->trust_attributes = 0;
2353 0 : tdom->trust_forest_trust_info = data_blob_null;
2354 :
2355 0 : *td = tdom;
2356 0 : return NT_STATUS_OK;
2357 : }
2358 :
2359 0 : static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods,
2360 : TALLOC_CTX *mem_ctx,
2361 : struct dom_sid *sid,
2362 : struct pdb_trusted_domain **td)
2363 : {
2364 0 : return NT_STATUS_NOT_IMPLEMENTED;
2365 : }
2366 :
2367 : #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
2368 :
2369 0 : static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
2370 : const char* domain,
2371 : const struct pdb_trusted_domain *td)
2372 : {
2373 : struct trustAuthInOutBlob taiob;
2374 : struct AuthenticationInformation *aia;
2375 : enum ndr_err_code ndr_err;
2376 : char *pwd;
2377 : bool ok;
2378 :
2379 0 : if (td->trust_attributes != 0 ||
2380 0 : td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
2381 0 : td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
2382 0 : !IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
2383 0 : !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
2384 0 : return NT_STATUS_NOT_IMPLEMENTED;
2385 : }
2386 :
2387 0 : ZERO_STRUCT(taiob);
2388 0 : ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
2389 : &taiob,
2390 : (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
2391 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2392 0 : return NT_STATUS_UNSUCCESSFUL;
2393 : }
2394 :
2395 0 : aia = (struct AuthenticationInformation *) taiob.current.array;
2396 :
2397 0 : if (taiob.count != 1 || taiob.current.count != 1 ||
2398 0 : taiob.previous.count != 0 ||
2399 0 : aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
2400 0 : return NT_STATUS_NOT_IMPLEMENTED;
2401 : }
2402 :
2403 0 : pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
2404 0 : aia->AuthInfo.clear.size);
2405 0 : if (!pwd) {
2406 0 : return NT_STATUS_NO_MEMORY;
2407 : }
2408 :
2409 0 : ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
2410 0 : if (!ok) {
2411 0 : return NT_STATUS_UNSUCCESSFUL;
2412 : }
2413 :
2414 0 : return NT_STATUS_OK;
2415 : }
2416 :
2417 0 : static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods,
2418 : const char *domain)
2419 : {
2420 0 : return NT_STATUS_NOT_IMPLEMENTED;
2421 : }
2422 :
2423 0 : static NTSTATUS pdb_default_enum_trusted_domains(struct pdb_methods *methods,
2424 : TALLOC_CTX *mem_ctx,
2425 : uint32_t *num_domains,
2426 : struct pdb_trusted_domain ***domains)
2427 : {
2428 0 : return NT_STATUS_NOT_IMPLEMENTED;
2429 : }
2430 :
2431 37 : static struct pdb_domain_info *pdb_default_get_domain_info(
2432 : struct pdb_methods *m, TALLOC_CTX *mem_ctx)
2433 : {
2434 37 : return NULL;
2435 : }
2436 :
2437 : /*****************************************************************
2438 : UPN suffixes
2439 : *****************************************************************/
2440 0 : static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb,
2441 : TALLOC_CTX *mem_ctx,
2442 : uint32_t *num_suffixes,
2443 : char ***suffixes)
2444 : {
2445 0 : return NT_STATUS_NOT_IMPLEMENTED;
2446 : }
2447 :
2448 0 : static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb,
2449 : uint32_t num_suffixes,
2450 : const char **suffixes)
2451 : {
2452 0 : return NT_STATUS_NOT_IMPLEMENTED;
2453 : }
2454 :
2455 0 : NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
2456 : uint32_t *num_suffixes,
2457 : char ***suffixes)
2458 : {
2459 0 : struct pdb_methods *pdb = pdb_get_methods();
2460 0 : return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes);
2461 : }
2462 :
2463 0 : NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
2464 : const char **suffixes)
2465 : {
2466 0 : struct pdb_methods *pdb = pdb_get_methods();
2467 0 : return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes);
2468 : }
2469 :
2470 : /*******************************************************************
2471 : idmap control methods
2472 : *******************************************************************/
2473 419 : static bool pdb_default_is_responsible_for_our_sam(
2474 : struct pdb_methods *methods)
2475 : {
2476 419 : return true;
2477 : }
2478 :
2479 92 : static bool pdb_default_is_responsible_for_builtin(
2480 : struct pdb_methods *methods)
2481 : {
2482 92 : return true;
2483 : }
2484 :
2485 886 : static bool pdb_default_is_responsible_for_wellknown(
2486 : struct pdb_methods *methods)
2487 : {
2488 886 : return false;
2489 : }
2490 :
2491 0 : static bool pdb_default_is_responsible_for_unix_users(
2492 : struct pdb_methods *methods)
2493 : {
2494 0 : return true;
2495 : }
2496 :
2497 0 : static bool pdb_default_is_responsible_for_unix_groups(
2498 : struct pdb_methods *methods)
2499 : {
2500 0 : return true;
2501 : }
2502 :
2503 2096 : static bool pdb_default_is_responsible_for_everything_else(
2504 : struct pdb_methods *methods)
2505 : {
2506 2096 : return false;
2507 : }
2508 :
2509 419 : bool pdb_is_responsible_for_our_sam(void)
2510 : {
2511 419 : struct pdb_methods *pdb = pdb_get_methods();
2512 419 : return pdb->is_responsible_for_our_sam(pdb);
2513 : }
2514 :
2515 995 : bool pdb_is_responsible_for_builtin(void)
2516 : {
2517 995 : struct pdb_methods *pdb = pdb_get_methods();
2518 995 : return pdb->is_responsible_for_builtin(pdb);
2519 : }
2520 :
2521 1056 : bool pdb_is_responsible_for_wellknown(void)
2522 : {
2523 1056 : struct pdb_methods *pdb = pdb_get_methods();
2524 1056 : return pdb->is_responsible_for_wellknown(pdb);
2525 : }
2526 :
2527 0 : bool pdb_is_responsible_for_unix_users(void)
2528 : {
2529 0 : struct pdb_methods *pdb = pdb_get_methods();
2530 0 : return pdb->is_responsible_for_unix_users(pdb);
2531 : }
2532 :
2533 0 : bool pdb_is_responsible_for_unix_groups(void)
2534 : {
2535 0 : struct pdb_methods *pdb = pdb_get_methods();
2536 0 : return pdb->is_responsible_for_unix_groups(pdb);
2537 : }
2538 :
2539 2096 : bool pdb_is_responsible_for_everything_else(void)
2540 : {
2541 2096 : struct pdb_methods *pdb = pdb_get_methods();
2542 2096 : return pdb->is_responsible_for_everything_else(pdb);
2543 : }
2544 :
2545 : /*******************************************************************
2546 : secret methods
2547 : *******************************************************************/
2548 :
2549 0 : NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx,
2550 : const char *secret_name,
2551 : DATA_BLOB *secret_current,
2552 : NTTIME *secret_current_lastchange,
2553 : DATA_BLOB *secret_old,
2554 : NTTIME *secret_old_lastchange,
2555 : struct security_descriptor **sd)
2556 : {
2557 0 : struct pdb_methods *pdb = pdb_get_methods();
2558 0 : return pdb->get_secret(pdb, mem_ctx, secret_name,
2559 : secret_current, secret_current_lastchange,
2560 : secret_old, secret_old_lastchange,
2561 : sd);
2562 : }
2563 :
2564 0 : NTSTATUS pdb_set_secret(const char *secret_name,
2565 : DATA_BLOB *secret_current,
2566 : DATA_BLOB *secret_old,
2567 : struct security_descriptor *sd)
2568 : {
2569 0 : struct pdb_methods *pdb = pdb_get_methods();
2570 0 : return pdb->set_secret(pdb, secret_name,
2571 : secret_current,
2572 : secret_old,
2573 : sd);
2574 : }
2575 :
2576 0 : NTSTATUS pdb_delete_secret(const char *secret_name)
2577 : {
2578 0 : struct pdb_methods *pdb = pdb_get_methods();
2579 0 : return pdb->delete_secret(pdb, secret_name);
2580 : }
2581 :
2582 0 : static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods,
2583 : TALLOC_CTX *mem_ctx,
2584 : const char *secret_name,
2585 : DATA_BLOB *secret_current,
2586 : NTTIME *secret_current_lastchange,
2587 : DATA_BLOB *secret_old,
2588 : NTTIME *secret_old_lastchange,
2589 : struct security_descriptor **sd)
2590 : {
2591 0 : return lsa_secret_get(mem_ctx, secret_name,
2592 : secret_current,
2593 : secret_current_lastchange,
2594 : secret_old,
2595 : secret_old_lastchange,
2596 : sd);
2597 : }
2598 :
2599 0 : static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods,
2600 : const char *secret_name,
2601 : DATA_BLOB *secret_current,
2602 : DATA_BLOB *secret_old,
2603 : struct security_descriptor *sd)
2604 : {
2605 0 : return lsa_secret_set(secret_name,
2606 : secret_current,
2607 : secret_old,
2608 : sd);
2609 : }
2610 :
2611 0 : static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods,
2612 : const char *secret_name)
2613 : {
2614 0 : return lsa_secret_delete(secret_name);
2615 : }
2616 :
2617 : /*******************************************************************
2618 : Create a pdb_methods structure and initialize it with the default
2619 : operations. In this way a passdb module can simply implement
2620 : the functionality it cares about. However, normally this is done
2621 : in groups of related functions.
2622 : *******************************************************************/
2623 :
2624 6179 : NTSTATUS make_pdb_method( struct pdb_methods **methods )
2625 : {
2626 : /* allocate memory for the structure as its own talloc CTX */
2627 :
2628 6179 : *methods = talloc_zero(NULL, struct pdb_methods);
2629 6179 : if (*methods == NULL) {
2630 0 : return NT_STATUS_NO_MEMORY;
2631 : }
2632 :
2633 6179 : (*methods)->get_domain_info = pdb_default_get_domain_info;
2634 6179 : (*methods)->getsampwnam = pdb_default_getsampwnam;
2635 6179 : (*methods)->getsampwsid = pdb_default_getsampwsid;
2636 6179 : (*methods)->create_user = pdb_default_create_user;
2637 6179 : (*methods)->delete_user = pdb_default_delete_user;
2638 6179 : (*methods)->add_sam_account = pdb_default_add_sam_account;
2639 6179 : (*methods)->update_sam_account = pdb_default_update_sam_account;
2640 6179 : (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2641 6179 : (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2642 6179 : (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2643 :
2644 6179 : (*methods)->getgrsid = pdb_default_getgrsid;
2645 6179 : (*methods)->getgrgid = pdb_default_getgrgid;
2646 6179 : (*methods)->getgrnam = pdb_default_getgrnam;
2647 6179 : (*methods)->create_dom_group = pdb_default_create_dom_group;
2648 6179 : (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2649 6179 : (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2650 6179 : (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2651 6179 : (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2652 6179 : (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2653 6179 : (*methods)->enum_group_members = pdb_default_enum_group_members;
2654 6179 : (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2655 6179 : (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2656 6179 : (*methods)->add_groupmem = pdb_default_add_groupmem;
2657 6179 : (*methods)->del_groupmem = pdb_default_del_groupmem;
2658 6179 : (*methods)->create_alias = pdb_default_create_alias;
2659 6179 : (*methods)->delete_alias = pdb_default_delete_alias;
2660 6179 : (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2661 6179 : (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2662 6179 : (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2663 6179 : (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2664 6179 : (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2665 6179 : (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2666 6179 : (*methods)->lookup_rids = pdb_default_lookup_rids;
2667 6179 : (*methods)->get_account_policy = pdb_default_get_account_policy;
2668 6179 : (*methods)->set_account_policy = pdb_default_set_account_policy;
2669 6179 : (*methods)->get_seq_num = pdb_default_get_seq_num;
2670 6179 : (*methods)->id_to_sid = pdb_default_id_to_sid;
2671 6179 : (*methods)->sid_to_id = pdb_default_sid_to_id;
2672 :
2673 6179 : (*methods)->search_groups = pdb_default_search_groups;
2674 6179 : (*methods)->search_aliases = pdb_default_search_aliases;
2675 :
2676 6179 : (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2677 6179 : (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds;
2678 6179 : (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2679 6179 : (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2680 6179 : (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2681 :
2682 6179 : (*methods)->get_trusted_domain = pdb_default_get_trusted_domain;
2683 6179 : (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid;
2684 6179 : (*methods)->set_trusted_domain = pdb_default_set_trusted_domain;
2685 6179 : (*methods)->del_trusted_domain = pdb_default_del_trusted_domain;
2686 6179 : (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains;
2687 :
2688 6179 : (*methods)->get_secret = pdb_default_get_secret;
2689 6179 : (*methods)->set_secret = pdb_default_set_secret;
2690 6179 : (*methods)->delete_secret = pdb_default_delete_secret;
2691 :
2692 6179 : (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
2693 6179 : (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes;
2694 :
2695 6179 : (*methods)->is_responsible_for_our_sam =
2696 : pdb_default_is_responsible_for_our_sam;
2697 6179 : (*methods)->is_responsible_for_builtin =
2698 : pdb_default_is_responsible_for_builtin;
2699 6179 : (*methods)->is_responsible_for_wellknown =
2700 : pdb_default_is_responsible_for_wellknown;
2701 6179 : (*methods)->is_responsible_for_unix_users =
2702 : pdb_default_is_responsible_for_unix_users;
2703 6179 : (*methods)->is_responsible_for_unix_groups =
2704 : pdb_default_is_responsible_for_unix_groups;
2705 6179 : (*methods)->is_responsible_for_everything_else =
2706 : pdb_default_is_responsible_for_everything_else;
2707 :
2708 6179 : return NT_STATUS_OK;
2709 : }
|
