Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Password and authentication handling
4 : Copyright (C) Andrew Bartlett 2002
5 : Copyright (C) Jelmer Vernooij 2002
6 : Copyright (C) Simo Sorce 2003
7 : Copyright (C) Volker Lendecke 2006
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "system/passwd.h"
25 : #include "passdb.h"
26 : #include "secrets.h"
27 : #include "messages.h"
28 : #include "serverid.h"
29 : #include "../librpc/gen_ndr/samr.h"
30 : #include "../librpc/gen_ndr/drsblobs.h"
31 : #include "../librpc/gen_ndr/ndr_drsblobs.h"
32 : #include "../librpc/gen_ndr/idmap.h"
33 : #include "../lib/util/memcache.h"
34 : #include "nsswitch/winbind_client.h"
35 : #include "../libcli/security/security.h"
36 : #include "../lib/util/util_pw.h"
37 : #include "passdb/pdb_secrets.h"
38 : #include "lib/util_sid_passdb.h"
39 : #include "idmap_cache.h"
40 : #include "lib/util/string_wrappers.h"
41 : #include "lib/global_contexts.h"
42 :
43 : #undef DBGC_CLASS
44 : #define DBGC_CLASS DBGC_PASSDB
45 :
46 : static_decl_pdb;
47 :
48 : static struct pdb_init_function_entry *backends = NULL;
49 :
50 28561 : static void lazy_initialize_passdb(void)
51 : {
52 : static bool initialized = False;
53 28561 : if(initialized) {
54 27001 : return;
55 : }
56 1011 : static_init_pdb(NULL);
57 1011 : initialized = True;
58 : }
59 :
60 : static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
61 : const char **name,
62 : enum lsa_SidType *psid_name_use,
63 : uid_t *uid, gid_t *gid);
64 :
65 5042 : NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
66 : {
67 5042 : struct pdb_init_function_entry *entry = NULL;
68 :
69 5042 : if(version != PASSDB_INTERFACE_VERSION) {
70 0 : DEBUG(0,("Can't register passdb backend!\n"
71 : "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
72 : "while this version of samba uses version %d\n",
73 : version,PASSDB_INTERFACE_VERSION));
74 0 : return NT_STATUS_OBJECT_TYPE_MISMATCH;
75 : }
76 :
77 5042 : if (!name || !init) {
78 0 : return NT_STATUS_INVALID_PARAMETER;
79 : }
80 :
81 5042 : DEBUG(5,("Attempting to register passdb backend %s\n", name));
82 :
83 : /* Check for duplicates */
84 5042 : if (pdb_find_backend_entry(name)) {
85 0 : DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
86 0 : return NT_STATUS_OBJECT_NAME_COLLISION;
87 : }
88 :
89 5042 : entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
90 5042 : entry->name = smb_xstrdup(name);
91 5042 : entry->init = init;
92 :
93 5042 : DLIST_ADD(backends, entry);
94 5042 : DEBUG(5,("Successfully added passdb backend '%s'\n", name));
95 5042 : return NT_STATUS_OK;
96 : }
97 :
98 33603 : struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
99 : {
100 33603 : struct pdb_init_function_entry *entry = backends;
101 :
102 133957 : while(entry) {
103 100532 : if (strcmp(entry->name, name)==0) return entry;
104 71971 : entry = entry->next;
105 : }
106 :
107 4910 : return NULL;
108 : }
109 :
110 0 : const struct pdb_init_function_entry *pdb_get_backends(void)
111 : {
112 0 : return backends;
113 : }
114 :
115 :
116 : /*
117 : * The event context for the passdb backend. I know this is a bad hack and yet
118 : * another static variable, but our pdb API is a global thing per
119 : * definition. The first use for this is the LDAP idle function, more might be
120 : * added later.
121 : *
122 : * I don't feel too bad about this static variable, it replaces the
123 : * smb_idle_event_list that used to exist in lib/module.c. -- VL
124 : */
125 :
126 : static struct tevent_context *pdb_tevent_ctx;
127 :
128 0 : struct tevent_context *pdb_get_tevent_context(void)
129 : {
130 0 : return pdb_tevent_ctx;
131 : }
132 :
133 : /******************************************************************
134 : Make a pdb_methods from scratch
135 : *******************************************************************/
136 :
137 28561 : NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
138 : {
139 28561 : char *module_name = smb_xstrdup(selected);
140 28561 : char *module_location = NULL, *p;
141 : struct pdb_init_function_entry *entry;
142 : NTSTATUS nt_status;
143 :
144 28561 : lazy_initialize_passdb();
145 :
146 28561 : p = strchr(module_name, ':');
147 :
148 28561 : if (p) {
149 144 : *p = 0;
150 144 : module_location = p+1;
151 144 : trim_char(module_location, ' ', ' ');
152 : }
153 :
154 28561 : trim_char(module_name, ' ', ' ');
155 :
156 :
157 28561 : DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
158 :
159 28561 : entry = pdb_find_backend_entry(module_name);
160 :
161 : /* Try to find a module that contains this module */
162 28561 : if (!entry) {
163 0 : DEBUG(2,("No builtin backend found, trying to load plugin\n"));
164 0 : if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
165 0 : DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
166 0 : SAFE_FREE(module_name);
167 0 : return NT_STATUS_UNSUCCESSFUL;
168 : }
169 : }
170 :
171 : /* No such backend found */
172 28561 : if(!entry) {
173 0 : DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
174 0 : SAFE_FREE(module_name);
175 0 : return NT_STATUS_INVALID_PARAMETER;
176 : }
177 :
178 28561 : DEBUG(5,("Found pdb backend %s\n", module_name));
179 :
180 28561 : if ( !NT_STATUS_IS_OK( nt_status = entry->init(methods, module_location) ) ) {
181 0 : DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
182 : selected, nt_errstr(nt_status)));
183 0 : SAFE_FREE(module_name);
184 0 : return nt_status;
185 : }
186 :
187 28561 : SAFE_FREE(module_name);
188 :
189 28561 : DEBUG(5,("pdb backend %s has a valid init\n", selected));
190 :
191 28561 : return nt_status;
192 : }
193 :
194 : /******************************************************************
195 : Return an already initialized pdb_methods structure
196 : *******************************************************************/
197 :
198 844854 : static struct pdb_methods *pdb_get_methods_reload( bool reload )
199 : {
200 : static struct pdb_methods *pdb = NULL;
201 :
202 844854 : if ( pdb && reload ) {
203 27339 : if (pdb->free_private_data != NULL) {
204 8539 : pdb->free_private_data( &(pdb->private_data) );
205 : }
206 27339 : if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
207 0 : return NULL;
208 : }
209 : }
210 :
211 844854 : if ( !pdb ) {
212 1010 : if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
213 0 : return NULL;
214 : }
215 : }
216 :
217 844854 : return pdb;
218 : }
219 :
220 816975 : static struct pdb_methods *pdb_get_methods(void)
221 : {
222 : struct pdb_methods *pdb;
223 :
224 816975 : pdb = pdb_get_methods_reload(false);
225 816975 : if (!pdb) {
226 0 : char *msg = NULL;
227 0 : if (asprintf(&msg, "pdb_get_methods: "
228 : "failed to get pdb methods for backend %s\n",
229 : lp_passdb_backend()) > 0) {
230 0 : smb_panic(msg);
231 : } else {
232 0 : smb_panic("pdb_get_methods");
233 : }
234 : }
235 :
236 816975 : return pdb;
237 : }
238 :
239 3035 : struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx)
240 : {
241 3035 : struct pdb_methods *pdb = pdb_get_methods();
242 3035 : return pdb->get_domain_info(pdb, mem_ctx);
243 : }
244 :
245 : /**
246 : * @brief Check if the user account has been locked out and try to unlock it.
247 : *
248 : * If the user has been automatically locked out and a lockout duration is set,
249 : * then check if we can unlock the account and reset the bad password values.
250 : *
251 : * @param[in] sampass The sam user to check.
252 : *
253 : * @return True if the function was successfull, false on an error.
254 : */
255 29309 : static bool pdb_try_account_unlock(struct samu *sampass)
256 : {
257 29309 : uint32_t acb_info = pdb_get_acct_ctrl(sampass);
258 :
259 29309 : if ((acb_info & ACB_NORMAL) && (acb_info & ACB_AUTOLOCK)) {
260 : uint32_t lockout_duration;
261 : time_t bad_password_time;
262 78 : time_t now = time(NULL);
263 : bool ok;
264 :
265 78 : ok = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
266 : &lockout_duration);
267 78 : if (!ok) {
268 0 : DEBUG(0, ("pdb_try_account_unlock: "
269 : "pdb_get_account_policy failed.\n"));
270 0 : return false;
271 : }
272 :
273 156 : if (lockout_duration == (uint32_t) -1 ||
274 78 : lockout_duration == 0) {
275 0 : DEBUG(9, ("pdb_try_account_unlock: No reset duration, "
276 : "can't reset autolock\n"));
277 0 : return false;
278 : }
279 78 : lockout_duration *= 60;
280 :
281 78 : bad_password_time = pdb_get_bad_password_time(sampass);
282 78 : if (bad_password_time == (time_t) 0) {
283 0 : DEBUG(2, ("pdb_try_account_unlock: Account %s "
284 : "administratively locked out "
285 : "with no bad password "
286 : "time. Leaving locked out.\n",
287 : pdb_get_username(sampass)));
288 0 : return true;
289 : }
290 :
291 78 : if ((bad_password_time +
292 78 : convert_uint32_t_to_time_t(lockout_duration)) < now) {
293 : NTSTATUS status;
294 :
295 2 : pdb_set_acct_ctrl(sampass, acb_info & ~ACB_AUTOLOCK,
296 : PDB_CHANGED);
297 2 : pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
298 2 : pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
299 :
300 2 : become_root();
301 2 : status = pdb_update_sam_account(sampass);
302 2 : unbecome_root();
303 2 : if (!NT_STATUS_IS_OK(status)) {
304 0 : DEBUG(0, ("_samr_OpenUser: Couldn't "
305 : "update account %s - %s\n",
306 : pdb_get_username(sampass),
307 : nt_errstr(status)));
308 0 : return false;
309 : }
310 : }
311 : }
312 :
313 29033 : return true;
314 : }
315 :
316 : /**
317 : * @brief Get a sam user structure by the given username.
318 : *
319 : * This functions also checks if the account has been automatically locked out
320 : * and unlocks it if a lockout duration time has been defined and the time has
321 : * elapsed.
322 : *
323 : * @param[in] sam_acct The sam user structure to fill.
324 : *
325 : * @param[in] username The username to look for.
326 : *
327 : * @return True on success, false on error.
328 : */
329 24006 : bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
330 : {
331 24006 : struct pdb_methods *pdb = pdb_get_methods();
332 : struct samu *for_cache;
333 : const struct dom_sid *user_sid;
334 : NTSTATUS status;
335 : bool ok;
336 :
337 24006 : status = pdb->getsampwnam(pdb, sam_acct, username);
338 24006 : if (!NT_STATUS_IS_OK(status)) {
339 3509 : return false;
340 : }
341 :
342 20497 : ok = pdb_try_account_unlock(sam_acct);
343 20497 : if (!ok) {
344 0 : DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n",
345 : username));
346 : }
347 :
348 20497 : for_cache = samu_new(NULL);
349 20497 : if (for_cache == NULL) {
350 0 : return False;
351 : }
352 :
353 20497 : if (!pdb_copy_sam_account(for_cache, sam_acct)) {
354 0 : TALLOC_FREE(for_cache);
355 0 : return False;
356 : }
357 :
358 20497 : user_sid = pdb_get_user_sid(for_cache);
359 :
360 20497 : memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
361 : data_blob_const(user_sid, sizeof(*user_sid)),
362 : &for_cache);
363 :
364 20497 : return True;
365 : }
366 :
367 : /**********************************************************************
368 : **********************************************************************/
369 :
370 27 : static bool guest_user_info( struct samu *user )
371 : {
372 : struct passwd *pwd;
373 : NTSTATUS result;
374 27 : const char *guestname = lp_guest_account();
375 :
376 27 : pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
377 27 : if (pwd == NULL) {
378 0 : DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
379 : guestname));
380 0 : return False;
381 : }
382 :
383 27 : result = samu_set_unix(user, pwd );
384 :
385 27 : TALLOC_FREE( pwd );
386 :
387 27 : return NT_STATUS_IS_OK( result );
388 : }
389 :
390 : /**
391 : * @brief Get a sam user structure by the given username.
392 : *
393 : * This functions also checks if the account has been automatically locked out
394 : * and unlocks it if a lockout duration time has been defined and the time has
395 : * elapsed.
396 : *
397 : *
398 : * @param[in] sam_acct The sam user structure to fill.
399 : *
400 : * @param[in] sid The user SDI to look up.
401 : *
402 : * @return True on success, false on error.
403 : */
404 11001 : bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid)
405 : {
406 11001 : struct pdb_methods *pdb = pdb_get_methods();
407 : uint32_t rid;
408 : void *cache_data;
409 11001 : bool ok = false;
410 :
411 : /* hard code the Guest RID of 501 */
412 :
413 11001 : if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
414 0 : return False;
415 :
416 11001 : if ( rid == DOMAIN_RID_GUEST ) {
417 27 : DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
418 27 : return guest_user_info( sam_acct );
419 : }
420 :
421 : /* check the cache first */
422 :
423 10974 : cache_data = memcache_lookup_talloc(
424 : NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
425 :
426 10974 : if (cache_data != NULL) {
427 1925 : struct samu *cache_copy = talloc_get_type_abort(
428 : cache_data, struct samu);
429 :
430 1925 : ok = pdb_copy_sam_account(sam_acct, cache_copy);
431 : } else {
432 9049 : ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
433 : }
434 :
435 10974 : if (!ok) {
436 2156 : return false;
437 : }
438 :
439 8812 : ok = pdb_try_account_unlock(sam_acct);
440 8812 : if (!ok) {
441 0 : DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n",
442 : sam_acct->username));
443 : }
444 :
445 8536 : return true;
446 : }
447 :
448 710 : static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
449 : TALLOC_CTX *tmp_ctx, const char *name,
450 : uint32_t acb_info, uint32_t *rid)
451 : {
452 645 : const struct loadparm_substitution *lp_sub =
453 65 : loadparm_s3_global_substitution();
454 : struct samu *sam_pass;
455 : NTSTATUS status;
456 : struct passwd *pwd;
457 :
458 710 : if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
459 0 : return NT_STATUS_NO_MEMORY;
460 : }
461 :
462 710 : if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
463 396 : char *add_script = NULL;
464 : int add_ret;
465 : fstring name2;
466 :
467 396 : if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
468 333 : add_script = lp_add_user_script(tmp_ctx, lp_sub);
469 : } else {
470 63 : add_script = lp_add_machine_script(tmp_ctx, lp_sub);
471 : }
472 :
473 396 : if (!add_script || add_script[0] == '\0') {
474 0 : DEBUG(3, ("Could not find user %s and no add script "
475 : "defined\n", name));
476 0 : return NT_STATUS_NO_SUCH_USER;
477 : }
478 :
479 : /* lowercase the username before creating the Unix account for
480 : compatibility with previous Samba releases */
481 396 : fstrcpy( name2, name );
482 396 : if (!strlower_m( name2 )) {
483 0 : return NT_STATUS_INVALID_PARAMETER;
484 : }
485 396 : add_script = talloc_all_string_sub(tmp_ctx,
486 : add_script,
487 : "%u",
488 : name2);
489 396 : if (!add_script) {
490 0 : return NT_STATUS_NO_MEMORY;
491 : }
492 396 : add_ret = smbrun(add_script, NULL, NULL);
493 391 : DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
494 : add_script, add_ret));
495 391 : if (add_ret == 0) {
496 391 : smb_nscd_flush_user_cache();
497 : }
498 :
499 391 : flush_pwnam_cache();
500 :
501 391 : pwd = Get_Pwnam_alloc(tmp_ctx, name);
502 :
503 391 : if(pwd == NULL) {
504 0 : DEBUG(3, ("Could not find user %s, add script did not work\n", name));
505 0 : return NT_STATUS_NO_SUCH_USER;
506 : }
507 : }
508 :
509 : /* we have a valid SID coming out of this call */
510 :
511 705 : status = samu_alloc_rid_unix(methods, sam_pass, pwd);
512 :
513 705 : TALLOC_FREE( pwd );
514 :
515 705 : if (!NT_STATUS_IS_OK(status)) {
516 0 : DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
517 0 : return status;
518 : }
519 :
520 705 : if (!sid_peek_check_rid(get_global_sam_sid(),
521 : pdb_get_user_sid(sam_pass), rid)) {
522 0 : DEBUG(0, ("Could not get RID of fresh user\n"));
523 0 : return NT_STATUS_INTERNAL_ERROR;
524 : }
525 :
526 : /* Use the username case specified in the original request */
527 :
528 705 : pdb_set_username( sam_pass, name, PDB_SET );
529 :
530 : /* Disable the account on creation, it does not have a reasonable password yet. */
531 :
532 705 : acb_info |= ACB_DISABLED;
533 :
534 705 : pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
535 :
536 705 : status = methods->add_sam_account(methods, sam_pass);
537 :
538 705 : TALLOC_FREE(sam_pass);
539 :
540 705 : return status;
541 : }
542 :
543 711 : NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32_t flags,
544 : uint32_t *rid)
545 : {
546 711 : struct pdb_methods *pdb = pdb_get_methods();
547 711 : return pdb->create_user(pdb, mem_ctx, name, flags, rid);
548 : }
549 :
550 : /****************************************************************************
551 : Delete a UNIX user on demand.
552 : ****************************************************************************/
553 :
554 87 : static int smb_delete_user(const char *unix_user)
555 : {
556 86 : const struct loadparm_substitution *lp_sub =
557 1 : loadparm_s3_global_substitution();
558 87 : char *del_script = NULL;
559 : int ret;
560 :
561 : /* safety check */
562 :
563 87 : if ( strequal( unix_user, "root" ) ) {
564 0 : DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
565 0 : return -1;
566 : }
567 :
568 87 : del_script = lp_delete_user_script(talloc_tos(), lp_sub);
569 87 : if (!del_script || !*del_script) {
570 0 : return -1;
571 : }
572 87 : del_script = talloc_all_string_sub(talloc_tos(),
573 : del_script,
574 : "%u",
575 : unix_user);
576 87 : if (!del_script) {
577 0 : return -1;
578 : }
579 87 : ret = smbrun(del_script, NULL, NULL);
580 47 : flush_pwnam_cache();
581 47 : if (ret == 0) {
582 47 : smb_nscd_flush_user_cache();
583 : }
584 47 : DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
585 :
586 47 : return ret;
587 : }
588 :
589 87 : static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
590 : TALLOC_CTX *mem_ctx,
591 : struct samu *sam_acct)
592 : {
593 : NTSTATUS status;
594 : fstring username;
595 :
596 87 : status = methods->delete_sam_account(methods, sam_acct);
597 87 : if (!NT_STATUS_IS_OK(status)) {
598 0 : return status;
599 : }
600 :
601 : /*
602 : * Now delete the unix side ....
603 : * note: we don't check if the delete really happened as the script is
604 : * not necessary present and maybe the sysadmin doesn't want to delete
605 : * the unix side
606 : */
607 :
608 : /* always lower case the username before handing it off to
609 : external scripts */
610 :
611 87 : fstrcpy( username, pdb_get_username(sam_acct) );
612 87 : if (!strlower_m( username )) {
613 0 : return status;
614 : }
615 :
616 87 : smb_delete_user( username );
617 :
618 47 : return status;
619 : }
620 :
621 87 : NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
622 : {
623 87 : struct pdb_methods *pdb = pdb_get_methods();
624 87 : uid_t uid = -1;
625 : NTSTATUS status;
626 : const struct dom_sid *user_sid;
627 : char *msg_data;
628 :
629 87 : user_sid = pdb_get_user_sid(sam_acct);
630 :
631 : /* sanity check to make sure we don't delete root */
632 :
633 87 : if ( !sid_to_uid(user_sid, &uid ) ) {
634 0 : return NT_STATUS_NO_SUCH_USER;
635 : }
636 :
637 87 : if ( uid == 0 ) {
638 0 : return NT_STATUS_ACCESS_DENIED;
639 : }
640 :
641 87 : memcache_delete(NULL,
642 : PDB_GETPWSID_CACHE,
643 : data_blob_const(user_sid, sizeof(*user_sid)));
644 :
645 87 : status = pdb->delete_user(pdb, mem_ctx, sam_acct);
646 47 : if (!NT_STATUS_IS_OK(status)) {
647 0 : return status;
648 : }
649 :
650 47 : msg_data = talloc_asprintf(mem_ctx, "USER %s",
651 : pdb_get_username(sam_acct));
652 47 : if (!msg_data) {
653 : /* not fatal, and too late to rollback,
654 : * just return */
655 0 : return status;
656 : }
657 47 : messaging_send_all(global_messaging_context(),
658 : ID_CACHE_DELETE,
659 : msg_data,
660 47 : strlen(msg_data) + 1);
661 :
662 47 : TALLOC_FREE(msg_data);
663 47 : return status;
664 : }
665 :
666 0 : NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
667 : {
668 0 : struct pdb_methods *pdb = pdb_get_methods();
669 0 : return pdb->add_sam_account(pdb, sam_acct);
670 : }
671 :
672 1418 : NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
673 : {
674 1418 : struct pdb_methods *pdb = pdb_get_methods();
675 :
676 1418 : memcache_flush(NULL, PDB_GETPWSID_CACHE);
677 :
678 1418 : return pdb->update_sam_account(pdb, sam_acct);
679 : }
680 :
681 3 : NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
682 : {
683 3 : struct pdb_methods *pdb = pdb_get_methods();
684 3 : const struct dom_sid *user_sid = pdb_get_user_sid(sam_acct);
685 :
686 3 : memcache_delete(NULL,
687 : PDB_GETPWSID_CACHE,
688 : data_blob_const(user_sid, sizeof(*user_sid)));
689 :
690 3 : return pdb->delete_sam_account(pdb, sam_acct);
691 : }
692 :
693 12 : NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
694 : {
695 12 : struct pdb_methods *pdb = pdb_get_methods();
696 : uid_t uid;
697 : NTSTATUS status;
698 :
699 12 : memcache_flush(NULL, PDB_GETPWSID_CACHE);
700 :
701 : /* sanity check to make sure we don't rename root */
702 :
703 12 : if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
704 0 : return NT_STATUS_NO_SUCH_USER;
705 : }
706 :
707 12 : if ( uid == 0 ) {
708 0 : return NT_STATUS_ACCESS_DENIED;
709 : }
710 :
711 12 : status = pdb->rename_sam_account(pdb, oldname, newname);
712 :
713 : /* always flush the cache here just to be safe */
714 12 : flush_pwnam_cache();
715 :
716 12 : return status;
717 : }
718 :
719 18064 : NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
720 : {
721 18064 : struct pdb_methods *pdb = pdb_get_methods();
722 18064 : return pdb->update_login_attempts(pdb, sam_acct, success);
723 : }
724 :
725 59475 : bool pdb_getgrsid(GROUP_MAP *map, struct dom_sid sid)
726 : {
727 59475 : struct pdb_methods *pdb = pdb_get_methods();
728 59475 : return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
729 : }
730 :
731 119 : bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
732 : {
733 119 : struct pdb_methods *pdb = pdb_get_methods();
734 119 : return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
735 : }
736 :
737 1818 : bool pdb_getgrnam(GROUP_MAP *map, const char *name)
738 : {
739 1818 : struct pdb_methods *pdb = pdb_get_methods();
740 1818 : return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
741 : }
742 :
743 302 : static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
744 : TALLOC_CTX *mem_ctx,
745 : const char *name,
746 : uint32_t *rid)
747 : {
748 : struct dom_sid group_sid;
749 : struct group *grp;
750 : struct dom_sid_buf tmp;
751 :
752 302 : grp = getgrnam(name);
753 :
754 302 : if (grp == NULL) {
755 : gid_t gid;
756 :
757 302 : if (smb_create_group(name, &gid) != 0) {
758 0 : return NT_STATUS_ACCESS_DENIED;
759 : }
760 :
761 301 : grp = getgrgid(gid);
762 : }
763 :
764 301 : if (grp == NULL) {
765 0 : return NT_STATUS_ACCESS_DENIED;
766 : }
767 :
768 301 : if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
769 301 : if (!pdb_new_rid(rid)) {
770 0 : return NT_STATUS_ACCESS_DENIED;
771 : }
772 : } else {
773 0 : *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
774 : }
775 :
776 301 : sid_compose(&group_sid, get_global_sam_sid(), *rid);
777 :
778 301 : return add_initial_entry(
779 : grp->gr_gid,
780 301 : dom_sid_str_buf(&group_sid, &tmp),
781 : SID_NAME_DOM_GRP,
782 : name,
783 : NULL);
784 : }
785 :
786 302 : NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
787 : uint32_t *rid)
788 : {
789 302 : struct pdb_methods *pdb = pdb_get_methods();
790 302 : return pdb->create_dom_group(pdb, mem_ctx, name, rid);
791 : }
792 :
793 2 : static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
794 : TALLOC_CTX *mem_ctx,
795 : uint32_t rid)
796 : {
797 : struct dom_sid group_sid;
798 : GROUP_MAP *map;
799 : NTSTATUS status;
800 : struct group *grp;
801 : const char *grp_name;
802 :
803 2 : map = talloc_zero(mem_ctx, GROUP_MAP);
804 2 : if (!map) {
805 0 : return NT_STATUS_NO_MEMORY;
806 : }
807 :
808 : /* coverity */
809 2 : map->gid = (gid_t) -1;
810 :
811 2 : sid_compose(&group_sid, get_global_sam_sid(), rid);
812 :
813 2 : if (!get_domain_group_from_sid(group_sid, map)) {
814 0 : DEBUG(10, ("Could not find group for rid %d\n", rid));
815 0 : return NT_STATUS_NO_SUCH_GROUP;
816 : }
817 :
818 : /* We need the group name for the smb_delete_group later on */
819 :
820 2 : if (map->gid == (gid_t)-1) {
821 0 : return NT_STATUS_NO_SUCH_GROUP;
822 : }
823 :
824 2 : grp = getgrgid(map->gid);
825 2 : if (grp == NULL) {
826 0 : return NT_STATUS_NO_SUCH_GROUP;
827 : }
828 :
829 2 : TALLOC_FREE(map);
830 :
831 : /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
832 :
833 2 : grp_name = talloc_strdup(mem_ctx, grp->gr_name);
834 2 : if (grp_name == NULL) {
835 0 : return NT_STATUS_NO_MEMORY;
836 : }
837 :
838 2 : status = pdb_delete_group_mapping_entry(group_sid);
839 :
840 2 : if (!NT_STATUS_IS_OK(status)) {
841 0 : return status;
842 : }
843 :
844 : /* Don't check the result of smb_delete_group */
845 :
846 2 : smb_delete_group(grp_name);
847 :
848 0 : return NT_STATUS_OK;
849 : }
850 :
851 2 : NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid)
852 : {
853 2 : struct pdb_methods *pdb = pdb_get_methods();
854 2 : return pdb->delete_dom_group(pdb, mem_ctx, rid);
855 : }
856 :
857 639 : NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
858 : {
859 639 : struct pdb_methods *pdb = pdb_get_methods();
860 639 : return pdb->add_group_mapping_entry(pdb, map);
861 : }
862 :
863 8 : NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
864 : {
865 8 : struct pdb_methods *pdb = pdb_get_methods();
866 8 : return pdb->update_group_mapping_entry(pdb, map);
867 : }
868 :
869 6 : NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
870 : {
871 6 : struct pdb_methods *pdb = pdb_get_methods();
872 6 : return pdb->delete_group_mapping_entry(pdb, sid);
873 : }
874 :
875 0 : bool pdb_enum_group_mapping(const struct dom_sid *sid,
876 : enum lsa_SidType sid_name_use,
877 : GROUP_MAP ***pp_rmap,
878 : size_t *p_num_entries,
879 : bool unix_only)
880 : {
881 0 : struct pdb_methods *pdb = pdb_get_methods();
882 0 : return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
883 : pp_rmap, p_num_entries, unix_only));
884 : }
885 :
886 18 : NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
887 : const struct dom_sid *sid,
888 : uint32_t **pp_member_rids,
889 : size_t *p_num_members)
890 : {
891 18 : struct pdb_methods *pdb = pdb_get_methods();
892 : NTSTATUS result;
893 :
894 18 : result = pdb->enum_group_members(pdb, mem_ctx,
895 : sid, pp_member_rids, p_num_members);
896 :
897 : /* special check for rid 513 */
898 :
899 18 : if ( !NT_STATUS_IS_OK( result ) ) {
900 : uint32_t rid;
901 :
902 0 : sid_peek_rid( sid, &rid );
903 :
904 0 : if ( rid == DOMAIN_RID_USERS ) {
905 0 : *p_num_members = 0;
906 0 : *pp_member_rids = NULL;
907 :
908 0 : return NT_STATUS_OK;
909 : }
910 : }
911 :
912 18 : return result;
913 : }
914 :
915 22174 : NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
916 : struct dom_sid **pp_sids, gid_t **pp_gids,
917 : uint32_t *p_num_groups)
918 : {
919 22174 : struct pdb_methods *pdb = pdb_get_methods();
920 22174 : return pdb->enum_group_memberships(
921 : pdb, mem_ctx, user,
922 : pp_sids, pp_gids, p_num_groups);
923 : }
924 :
925 0 : static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
926 : TALLOC_CTX *mem_ctx,
927 : struct samu *sampass)
928 : {
929 : struct group *grp;
930 : gid_t gid;
931 :
932 0 : if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
933 0 : (grp = getgrgid(gid)) == NULL) {
934 0 : return NT_STATUS_INVALID_PRIMARY_GROUP;
935 : }
936 :
937 0 : if (smb_set_primary_group(grp->gr_name,
938 : pdb_get_username(sampass)) != 0) {
939 0 : return NT_STATUS_ACCESS_DENIED;
940 : }
941 :
942 0 : return NT_STATUS_OK;
943 : }
944 :
945 0 : NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
946 : {
947 0 : struct pdb_methods *pdb = pdb_get_methods();
948 0 : return pdb->set_unix_primary_group(pdb, mem_ctx, user);
949 : }
950 :
951 : /*
952 : * Helper function to see whether a user is in a group. We can't use
953 : * user_in_group_sid here because this creates dependencies only smbd can
954 : * fulfil.
955 : */
956 :
957 16 : static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
958 : const struct dom_sid *group_sid)
959 : {
960 : struct dom_sid *sids;
961 : gid_t *gids;
962 : uint32_t i, num_groups;
963 :
964 16 : if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
965 : &sids, &gids,
966 : &num_groups))) {
967 0 : return False;
968 : }
969 :
970 32 : for (i=0; i<num_groups; i++) {
971 24 : if (dom_sid_equal(group_sid, &sids[i])) {
972 8 : return True;
973 : }
974 : }
975 8 : return False;
976 : }
977 :
978 6 : static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
979 : TALLOC_CTX *mem_ctx,
980 : uint32_t group_rid,
981 : uint32_t member_rid)
982 : {
983 : struct dom_sid group_sid, member_sid;
984 6 : struct samu *account = NULL;
985 : GROUP_MAP *map;
986 : struct group *grp;
987 : struct passwd *pwd;
988 : const char *group_name;
989 : uid_t uid;
990 :
991 6 : map = talloc_zero(mem_ctx, GROUP_MAP);
992 6 : if (!map) {
993 0 : return NT_STATUS_NO_MEMORY;
994 : }
995 :
996 : /* coverity */
997 6 : map->gid = (gid_t) -1;
998 :
999 6 : sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1000 6 : sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1001 :
1002 12 : if (!get_domain_group_from_sid(group_sid, map) ||
1003 12 : (map->gid == (gid_t)-1) ||
1004 6 : ((grp = getgrgid(map->gid)) == NULL)) {
1005 0 : return NT_STATUS_NO_SUCH_GROUP;
1006 : }
1007 :
1008 6 : TALLOC_FREE(map);
1009 :
1010 6 : group_name = talloc_strdup(mem_ctx, grp->gr_name);
1011 6 : if (group_name == NULL) {
1012 0 : return NT_STATUS_NO_MEMORY;
1013 : }
1014 :
1015 6 : if ( !(account = samu_new( NULL )) ) {
1016 0 : return NT_STATUS_NO_MEMORY;
1017 : }
1018 :
1019 12 : if (!pdb_getsampwsid(account, &member_sid) ||
1020 12 : !sid_to_uid(&member_sid, &uid) ||
1021 6 : ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1022 0 : return NT_STATUS_NO_SUCH_USER;
1023 : }
1024 :
1025 6 : if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1026 2 : return NT_STATUS_MEMBER_IN_GROUP;
1027 : }
1028 :
1029 : /*
1030 : * ok, the group exist, the user exist, the user is not in the group,
1031 : * we can (finally) add it to the group !
1032 : */
1033 :
1034 4 : smb_add_user_group(group_name, pwd->pw_name);
1035 :
1036 4 : if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1037 0 : return NT_STATUS_ACCESS_DENIED;
1038 : }
1039 :
1040 4 : return NT_STATUS_OK;
1041 : }
1042 :
1043 6 : NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1044 : uint32_t member_rid)
1045 : {
1046 6 : struct pdb_methods *pdb = pdb_get_methods();
1047 6 : return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
1048 : }
1049 :
1050 4 : static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
1051 : TALLOC_CTX *mem_ctx,
1052 : uint32_t group_rid,
1053 : uint32_t member_rid)
1054 : {
1055 : struct dom_sid group_sid, member_sid;
1056 4 : struct samu *account = NULL;
1057 : GROUP_MAP *map;
1058 : struct group *grp;
1059 : struct passwd *pwd;
1060 : const char *group_name;
1061 : uid_t uid;
1062 :
1063 4 : map = talloc_zero(mem_ctx, GROUP_MAP);
1064 4 : if (!map) {
1065 0 : return NT_STATUS_NO_MEMORY;
1066 : }
1067 :
1068 4 : sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1069 4 : sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1070 :
1071 8 : if (!get_domain_group_from_sid(group_sid, map) ||
1072 8 : (map->gid == (gid_t)-1) ||
1073 4 : ((grp = getgrgid(map->gid)) == NULL)) {
1074 0 : return NT_STATUS_NO_SUCH_GROUP;
1075 : }
1076 :
1077 4 : TALLOC_FREE(map);
1078 :
1079 4 : group_name = talloc_strdup(mem_ctx, grp->gr_name);
1080 4 : if (group_name == NULL) {
1081 0 : return NT_STATUS_NO_MEMORY;
1082 : }
1083 :
1084 4 : if ( !(account = samu_new( NULL )) ) {
1085 0 : return NT_STATUS_NO_MEMORY;
1086 : }
1087 :
1088 8 : if (!pdb_getsampwsid(account, &member_sid) ||
1089 8 : !sid_to_uid(&member_sid, &uid) ||
1090 4 : ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1091 0 : return NT_STATUS_NO_SUCH_USER;
1092 : }
1093 :
1094 4 : if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1095 2 : return NT_STATUS_MEMBER_NOT_IN_GROUP;
1096 : }
1097 :
1098 : /*
1099 : * ok, the group exist, the user exist, the user is in the group,
1100 : * we can (finally) delete it from the group!
1101 : */
1102 :
1103 2 : smb_delete_user_group(group_name, pwd->pw_name);
1104 :
1105 2 : if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1106 0 : return NT_STATUS_ACCESS_DENIED;
1107 : }
1108 :
1109 2 : return NT_STATUS_OK;
1110 : }
1111 :
1112 4 : NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1113 : uint32_t member_rid)
1114 : {
1115 4 : struct pdb_methods *pdb = pdb_get_methods();
1116 4 : return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
1117 : }
1118 :
1119 152 : NTSTATUS pdb_create_alias(const char *name, uint32_t *rid)
1120 : {
1121 152 : struct pdb_methods *pdb = pdb_get_methods();
1122 152 : return pdb->create_alias(pdb, name, rid);
1123 : }
1124 :
1125 2 : NTSTATUS pdb_delete_alias(const struct dom_sid *sid)
1126 : {
1127 2 : struct pdb_methods *pdb = pdb_get_methods();
1128 2 : return pdb->delete_alias(pdb, sid);
1129 : }
1130 :
1131 57245 : NTSTATUS pdb_get_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1132 : {
1133 57245 : struct pdb_methods *pdb = pdb_get_methods();
1134 57245 : return pdb->get_aliasinfo(pdb, sid, info);
1135 : }
1136 :
1137 2 : NTSTATUS pdb_set_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1138 : {
1139 2 : struct pdb_methods *pdb = pdb_get_methods();
1140 2 : return pdb->set_aliasinfo(pdb, sid, info);
1141 : }
1142 :
1143 107 : NTSTATUS pdb_add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1144 : {
1145 107 : struct pdb_methods *pdb = pdb_get_methods();
1146 107 : return pdb->add_aliasmem(pdb, alias, member);
1147 : }
1148 :
1149 10 : NTSTATUS pdb_del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1150 : {
1151 10 : struct pdb_methods *pdb = pdb_get_methods();
1152 10 : return pdb->del_aliasmem(pdb, alias, member);
1153 : }
1154 :
1155 313 : NTSTATUS pdb_enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
1156 : struct dom_sid **pp_members, size_t *p_num_members)
1157 : {
1158 313 : struct pdb_methods *pdb = pdb_get_methods();
1159 313 : return pdb->enum_aliasmem(pdb, alias, mem_ctx, pp_members,
1160 : p_num_members);
1161 : }
1162 :
1163 38154 : NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
1164 : const struct dom_sid *domain_sid,
1165 : const struct dom_sid *members, size_t num_members,
1166 : uint32_t **pp_alias_rids,
1167 : size_t *p_num_alias_rids)
1168 : {
1169 38154 : struct pdb_methods *pdb = pdb_get_methods();
1170 38154 : return pdb->enum_alias_memberships(pdb, mem_ctx,
1171 : domain_sid,
1172 : members, num_members,
1173 : pp_alias_rids,
1174 : p_num_alias_rids);
1175 : }
1176 :
1177 7834 : NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid,
1178 : int num_rids,
1179 : uint32_t *rids,
1180 : const char **names,
1181 : enum lsa_SidType *attrs)
1182 : {
1183 7834 : struct pdb_methods *pdb = pdb_get_methods();
1184 7834 : return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
1185 : }
1186 :
1187 151260 : bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
1188 : {
1189 151260 : struct pdb_methods *pdb = pdb_get_methods();
1190 : NTSTATUS status;
1191 :
1192 151260 : become_root();
1193 151260 : status = pdb->get_account_policy(pdb, type, value);
1194 151260 : unbecome_root();
1195 :
1196 151260 : return NT_STATUS_IS_OK(status);
1197 : }
1198 :
1199 156 : bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
1200 : {
1201 156 : struct pdb_methods *pdb = pdb_get_methods();
1202 : NTSTATUS status;
1203 :
1204 156 : become_root();
1205 156 : status = pdb->set_account_policy(pdb, type, value);
1206 156 : unbecome_root();
1207 :
1208 156 : return NT_STATUS_IS_OK(status);
1209 : }
1210 :
1211 53 : bool pdb_get_seq_num(time_t *seq_num)
1212 : {
1213 53 : struct pdb_methods *pdb = pdb_get_methods();
1214 53 : return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1215 : }
1216 :
1217 : /*
1218 : * Instead of passing down a gid or uid, this function sends down a pointer
1219 : * to a unixid.
1220 : *
1221 : * This acts as an in-out variable so that the idmap functions can correctly
1222 : * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
1223 : * the cache to store ID_TYPE_UID or ID_TYPE_GID.
1224 : */
1225 191111 : bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
1226 : {
1227 191111 : struct pdb_methods *pdb = pdb_get_methods();
1228 : bool ret;
1229 :
1230 191111 : ret = pdb->id_to_sid(pdb, id, sid);
1231 :
1232 191111 : if (ret) {
1233 182 : idmap_cache_set_sid2unixid(sid, id);
1234 : }
1235 :
1236 191111 : return ret;
1237 : }
1238 :
1239 75347 : bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
1240 : {
1241 75347 : struct pdb_methods *pdb = pdb_get_methods();
1242 : bool ret;
1243 :
1244 : /* only ask the backend if it is responsible */
1245 75347 : if (!sid_check_object_is_for_passdb(sid)) {
1246 46020 : return false;
1247 : }
1248 :
1249 29311 : ret = pdb->sid_to_id(pdb, sid, id);
1250 :
1251 29311 : if (ret) {
1252 662 : idmap_cache_set_sid2unixid(sid, id);
1253 : }
1254 :
1255 29248 : return ret;
1256 : }
1257 :
1258 1359 : uint32_t pdb_capabilities(void)
1259 : {
1260 1359 : struct pdb_methods *pdb = pdb_get_methods();
1261 1359 : return pdb->capabilities(pdb);
1262 : }
1263 :
1264 : /********************************************************************
1265 : Allocate a new RID from the passdb backend. Verify that it is free
1266 : by calling lookup_global_sam_rid() to verify that the RID is not
1267 : in use. This handles servers that have existing users or groups
1268 : with add RIDs (assigned from previous algorithmic mappings)
1269 : ********************************************************************/
1270 :
1271 453 : bool pdb_new_rid(uint32_t *rid)
1272 : {
1273 453 : struct pdb_methods *pdb = pdb_get_methods();
1274 453 : const char *name = NULL;
1275 : enum lsa_SidType type;
1276 453 : uint32_t allocated_rid = 0;
1277 : int i;
1278 : TALLOC_CTX *ctx;
1279 :
1280 453 : if ((pdb_capabilities() & PDB_CAP_STORE_RIDS) == 0) {
1281 0 : DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1282 : "are active\n"));
1283 0 : return False;
1284 : }
1285 :
1286 453 : if (algorithmic_rid_base() != BASE_RID) {
1287 0 : DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1288 : "without algorithmic RIDs is chosen.\n"));
1289 0 : DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1290 : "add', set the maximum used RID\n"));
1291 0 : DEBUGADD(0, ("and remove the parameter\n"));
1292 0 : return False;
1293 : }
1294 :
1295 453 : if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1296 0 : DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1297 0 : return False;
1298 : }
1299 :
1300 : /* Attempt to get an unused RID (max tires is 250...yes that it is
1301 : and arbitrary number I pulkled out of my head). -- jerry */
1302 :
1303 906 : for ( i=0; allocated_rid==0 && i<250; i++ ) {
1304 : /* get a new RID */
1305 :
1306 453 : if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1307 0 : return False;
1308 : }
1309 :
1310 : /* validate that the RID is not in use */
1311 :
1312 453 : if (lookup_global_sam_rid(ctx, allocated_rid, &name, &type, NULL, NULL)) {
1313 0 : allocated_rid = 0;
1314 : }
1315 : }
1316 :
1317 453 : TALLOC_FREE( ctx );
1318 :
1319 453 : if ( allocated_rid == 0 ) {
1320 0 : DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1321 0 : return False;
1322 : }
1323 :
1324 453 : *rid = allocated_rid;
1325 :
1326 453 : return True;
1327 : }
1328 :
1329 : /***************************************************************
1330 : Initialize the static context (at smbd startup etc).
1331 :
1332 : If uninitialised, context will auto-init on first use.
1333 : ***************************************************************/
1334 :
1335 27879 : bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx)
1336 : {
1337 27879 : if (tevent_ctx) {
1338 27473 : pdb_tevent_ctx = tevent_ctx;
1339 : }
1340 27879 : return (pdb_get_methods_reload(reload) != NULL);
1341 : }
1342 :
1343 : /***************************************************************************
1344 : Default implementations of some functions.
1345 : ****************************************************************************/
1346 :
1347 0 : static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
1348 : {
1349 0 : return NT_STATUS_NO_SUCH_USER;
1350 : }
1351 :
1352 0 : static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid)
1353 : {
1354 0 : return NT_STATUS_NO_SUCH_USER;
1355 : }
1356 :
1357 0 : static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1358 : {
1359 0 : return NT_STATUS_NOT_IMPLEMENTED;
1360 : }
1361 :
1362 0 : static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1363 : {
1364 0 : return NT_STATUS_NOT_IMPLEMENTED;
1365 : }
1366 :
1367 0 : static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
1368 : {
1369 0 : return NT_STATUS_NOT_IMPLEMENTED;
1370 : }
1371 :
1372 0 : static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
1373 : {
1374 0 : return NT_STATUS_NOT_IMPLEMENTED;
1375 : }
1376 :
1377 18063 : static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
1378 : {
1379 : /* Only the pdb_nds backend implements this, by
1380 : * default just return ok. */
1381 18063 : return NT_STATUS_OK;
1382 : }
1383 :
1384 151241 : static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
1385 : {
1386 151241 : return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1387 : }
1388 :
1389 156 : static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
1390 : {
1391 156 : return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1392 : }
1393 :
1394 53 : static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
1395 : {
1396 53 : *seq_num = time(NULL);
1397 53 : return NT_STATUS_OK;
1398 : }
1399 :
1400 91 : static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
1401 : struct dom_sid *sid)
1402 : {
1403 91 : struct samu *sampw = NULL;
1404 : struct passwd *unix_pw;
1405 : bool ret;
1406 :
1407 91 : unix_pw = getpwuid( uid );
1408 :
1409 91 : if ( !unix_pw ) {
1410 36 : DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
1411 : "%lu\n", (unsigned long)uid));
1412 36 : return False;
1413 : }
1414 :
1415 55 : if ( !(sampw = samu_new( NULL )) ) {
1416 0 : DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
1417 0 : return False;
1418 : }
1419 :
1420 55 : become_root();
1421 55 : ret = NT_STATUS_IS_OK(
1422 : methods->getsampwnam(methods, sampw, unix_pw->pw_name ));
1423 55 : unbecome_root();
1424 :
1425 55 : if (!ret) {
1426 41 : DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
1427 : "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1428 41 : TALLOC_FREE(sampw);
1429 41 : return False;
1430 : }
1431 :
1432 14 : sid_copy(sid, pdb_get_user_sid(sampw));
1433 :
1434 14 : TALLOC_FREE(sampw);
1435 :
1436 14 : return True;
1437 : }
1438 :
1439 190866 : static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
1440 : struct dom_sid *sid)
1441 : {
1442 : GROUP_MAP *map;
1443 :
1444 190866 : map = talloc_zero(NULL, GROUP_MAP);
1445 190866 : if (!map) {
1446 0 : return false;
1447 : }
1448 :
1449 190866 : if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
1450 190852 : TALLOC_FREE(map);
1451 190852 : return false;
1452 : }
1453 :
1454 14 : sid_copy(sid, &map->sid);
1455 14 : TALLOC_FREE(map);
1456 14 : return true;
1457 : }
1458 :
1459 190957 : static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
1460 : struct dom_sid *sid)
1461 : {
1462 190957 : switch (id->type) {
1463 91 : case ID_TYPE_UID:
1464 91 : return pdb_default_uid_to_sid(methods, id->id, sid);
1465 :
1466 190866 : case ID_TYPE_GID:
1467 190866 : return pdb_default_gid_to_sid(methods, id->id, sid);
1468 :
1469 0 : default:
1470 0 : return false;
1471 : }
1472 : }
1473 : /**
1474 : * The "Unix User" and "Unix Group" domains have a special
1475 : * id mapping that is a rid-algorithm with range starting at 0.
1476 : */
1477 28548 : bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
1478 : struct unixid *id)
1479 : {
1480 : uint32_t rid;
1481 :
1482 28548 : id->id = -1;
1483 :
1484 28548 : if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
1485 0 : id->id = rid;
1486 0 : id->type = ID_TYPE_UID;
1487 0 : return true;
1488 : }
1489 :
1490 28548 : if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
1491 0 : id->id = rid;
1492 0 : id->type = ID_TYPE_GID;
1493 0 : return true;
1494 : }
1495 :
1496 28548 : return false;
1497 : }
1498 :
1499 28719 : static bool pdb_default_sid_to_id(struct pdb_methods *methods,
1500 : const struct dom_sid *sid,
1501 : struct unixid *id)
1502 : {
1503 : TALLOC_CTX *mem_ctx;
1504 28719 : bool ret = False;
1505 : uint32_t rid;
1506 : struct dom_sid_buf buf;
1507 :
1508 28719 : id->id = -1;
1509 :
1510 28719 : mem_ctx = talloc_new(NULL);
1511 :
1512 28719 : if (mem_ctx == NULL) {
1513 0 : DEBUG(0, ("talloc_new failed\n"));
1514 0 : return False;
1515 : }
1516 :
1517 28719 : if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1518 : const char *name;
1519 : enum lsa_SidType type;
1520 171 : uid_t uid = (uid_t)-1;
1521 171 : gid_t gid = (gid_t)-1;
1522 : /* Here we might have users as well as groups and aliases */
1523 171 : ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid);
1524 171 : if (ret) {
1525 61 : switch (type) {
1526 13 : case SID_NAME_DOM_GRP:
1527 : case SID_NAME_ALIAS:
1528 13 : id->type = ID_TYPE_GID;
1529 13 : id->id = gid;
1530 13 : break;
1531 48 : case SID_NAME_USER:
1532 48 : id->type = ID_TYPE_UID;
1533 48 : id->id = uid;
1534 48 : break;
1535 0 : default:
1536 0 : DEBUG(5, ("SID %s belongs to our domain, and "
1537 : "an object exists in the database, "
1538 : "but it is neither a user nor a "
1539 : "group (got type %d).\n",
1540 : dom_sid_str_buf(sid, &buf),
1541 : type));
1542 0 : ret = false;
1543 : }
1544 : } else {
1545 110 : DEBUG(5, ("SID %s belongs to our domain, but there is "
1546 : "no corresponding object in the database.\n",
1547 : dom_sid_str_buf(sid, &buf)));
1548 : }
1549 159 : goto done;
1550 : }
1551 :
1552 : /*
1553 : * "Unix User" and "Unix Group"
1554 : */
1555 28548 : ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
1556 28548 : if (ret) {
1557 0 : goto done;
1558 : }
1559 :
1560 : /* BUILTIN */
1561 :
1562 28548 : if (sid_check_is_in_builtin(sid) ||
1563 0 : sid_check_is_in_wellknown_domain(sid)) {
1564 : /* Here we only have aliases */
1565 : GROUP_MAP *map;
1566 :
1567 28548 : map = talloc_zero(mem_ctx, GROUP_MAP);
1568 28548 : if (!map) {
1569 0 : ret = false;
1570 0 : goto done;
1571 : }
1572 :
1573 28548 : if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
1574 28542 : DEBUG(10, ("Could not find map for sid %s\n",
1575 : dom_sid_str_buf(sid, &buf)));
1576 28542 : goto done;
1577 : }
1578 6 : if ((map->sid_name_use != SID_NAME_ALIAS) &&
1579 0 : (map->sid_name_use != SID_NAME_WKN_GRP)) {
1580 0 : DEBUG(10, ("Map for sid %s is a %s, expected an "
1581 : "alias\n",
1582 : dom_sid_str_buf(sid, &buf),
1583 : sid_type_lookup(map->sid_name_use)));
1584 0 : goto done;
1585 : }
1586 :
1587 6 : id->id = map->gid;
1588 6 : id->type = ID_TYPE_GID;
1589 6 : ret = True;
1590 6 : goto done;
1591 : }
1592 :
1593 0 : DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1594 : dom_sid_str_buf(sid, &buf)));
1595 :
1596 28719 : done:
1597 :
1598 28719 : TALLOC_FREE(mem_ctx);
1599 28719 : return ret;
1600 : }
1601 :
1602 18 : static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, uint32_t *p_num)
1603 : {
1604 : struct group *grp;
1605 : char **gr;
1606 : struct passwd *pwd;
1607 : bool winbind_env;
1608 18 : bool ret = False;
1609 :
1610 18 : *pp_uids = NULL;
1611 18 : *p_num = 0;
1612 :
1613 : /* We only look at our own sam, so don't care about imported stuff */
1614 18 : winbind_env = winbind_env_set();
1615 18 : (void)winbind_off();
1616 :
1617 18 : if ((grp = getgrgid(gid)) == NULL) {
1618 : /* allow winbindd lookups, but only if they weren't already disabled */
1619 0 : goto done;
1620 : }
1621 :
1622 : /* Primary group members */
1623 18 : setpwent();
1624 18 : while ((pwd = getpwent()) != NULL) {
1625 288 : if (pwd->pw_gid == gid) {
1626 16 : if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1627 : pp_uids, p_num)) {
1628 0 : goto done;
1629 : }
1630 : }
1631 : }
1632 18 : endpwent();
1633 :
1634 : /* Secondary group members */
1635 26 : for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1636 8 : struct passwd *pw = getpwnam(*gr);
1637 :
1638 8 : if (pw == NULL)
1639 0 : continue;
1640 8 : if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1641 0 : goto done;
1642 : }
1643 : }
1644 :
1645 18 : ret = True;
1646 :
1647 18 : done:
1648 :
1649 : /* allow winbindd lookups, but only if they weren't already disabled */
1650 18 : if (!winbind_env) {
1651 18 : (void)winbind_on();
1652 : }
1653 :
1654 18 : return ret;
1655 : }
1656 :
1657 27 : static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1658 : TALLOC_CTX *mem_ctx,
1659 : const struct dom_sid *group,
1660 : uint32_t **pp_member_rids,
1661 : size_t *p_num_members)
1662 : {
1663 : gid_t gid;
1664 : uid_t *uids;
1665 : uint32_t i, num_uids;
1666 :
1667 27 : *pp_member_rids = NULL;
1668 27 : *p_num_members = 0;
1669 :
1670 27 : if (!sid_to_gid(group, &gid))
1671 9 : return NT_STATUS_NO_SUCH_GROUP;
1672 :
1673 18 : if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1674 0 : return NT_STATUS_NO_SUCH_GROUP;
1675 :
1676 18 : if (num_uids == 0)
1677 6 : return NT_STATUS_OK;
1678 :
1679 12 : *pp_member_rids = talloc_zero_array(mem_ctx, uint32_t, num_uids);
1680 :
1681 36 : for (i=0; i<num_uids; i++) {
1682 : struct dom_sid sid;
1683 :
1684 24 : uid_to_sid(&sid, uids[i]);
1685 :
1686 24 : if (!sid_check_is_in_our_sam(&sid)) {
1687 0 : DEBUG(5, ("Inconsistent SAM -- group member uid not "
1688 : "in our domain\n"));
1689 0 : continue;
1690 : }
1691 :
1692 24 : sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1693 24 : *p_num_members += 1;
1694 : }
1695 :
1696 12 : return NT_STATUS_OK;
1697 : }
1698 :
1699 17739 : static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
1700 : TALLOC_CTX *mem_ctx,
1701 : struct samu *user,
1702 : struct dom_sid **pp_sids,
1703 : gid_t **pp_gids,
1704 : uint32_t *p_num_groups)
1705 : {
1706 : size_t i;
1707 : gid_t gid;
1708 : struct passwd *pw;
1709 17739 : const char *username = pdb_get_username(user);
1710 :
1711 :
1712 : /* Ignore the primary group SID. Honor the real Unix primary group.
1713 : The primary group SID is only of real use to Windows clients */
1714 :
1715 17739 : if ( !(pw = Get_Pwnam_alloc(mem_ctx, username)) ) {
1716 3 : return NT_STATUS_NO_SUCH_USER;
1717 : }
1718 :
1719 17736 : gid = pw->pw_gid;
1720 :
1721 17736 : TALLOC_FREE( pw );
1722 :
1723 17736 : if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1724 0 : return NT_STATUS_NO_SUCH_USER;
1725 : }
1726 :
1727 17736 : if (*p_num_groups == 0) {
1728 0 : smb_panic("primary group missing");
1729 : }
1730 :
1731 17736 : *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
1732 :
1733 17736 : if (*pp_sids == NULL) {
1734 0 : TALLOC_FREE(*pp_gids);
1735 0 : return NT_STATUS_NO_MEMORY;
1736 : }
1737 :
1738 52880 : for (i=0; i<*p_num_groups; i++) {
1739 35147 : gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1740 : }
1741 :
1742 17736 : return NT_STATUS_OK;
1743 : }
1744 :
1745 : /*******************************************************************
1746 : Look up a rid in the SAM we're responsible for (i.e. passdb)
1747 : ********************************************************************/
1748 :
1749 4019 : static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
1750 : const char **name,
1751 : enum lsa_SidType *psid_name_use,
1752 : uid_t *uid, gid_t *gid)
1753 : {
1754 4019 : struct samu *sam_account = NULL;
1755 4019 : GROUP_MAP *map = NULL;
1756 : bool ret;
1757 : struct dom_sid sid;
1758 :
1759 4019 : *psid_name_use = SID_NAME_UNKNOWN;
1760 :
1761 4019 : DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1762 : (unsigned int)rid));
1763 :
1764 4019 : sid_compose(&sid, get_global_sam_sid(), rid);
1765 :
1766 : /* see if the passdb can help us with the name of the user */
1767 :
1768 4019 : if ( !(sam_account = samu_new( NULL )) ) {
1769 0 : return False;
1770 : }
1771 :
1772 4019 : map = talloc_zero(mem_ctx, GROUP_MAP);
1773 4019 : if (!map) {
1774 0 : return false;
1775 : }
1776 :
1777 : /* BEING ROOT BLOCK */
1778 4019 : become_root();
1779 4019 : ret = pdb_getsampwsid(sam_account, &sid);
1780 4019 : if (!ret) {
1781 2162 : TALLOC_FREE(sam_account);
1782 2162 : ret = pdb_getgrsid(map, sid);
1783 : }
1784 4019 : unbecome_root();
1785 : /* END BECOME_ROOT BLOCK */
1786 :
1787 4019 : if (sam_account || !ret) {
1788 2417 : TALLOC_FREE(map);
1789 : }
1790 :
1791 4019 : if (sam_account) {
1792 : struct passwd *pw;
1793 :
1794 1857 : *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1795 1857 : if (!*name) {
1796 0 : TALLOC_FREE(sam_account);
1797 0 : return False;
1798 : }
1799 :
1800 1857 : *psid_name_use = SID_NAME_USER;
1801 :
1802 1857 : TALLOC_FREE(sam_account);
1803 :
1804 1857 : if (uid == NULL) {
1805 1806 : return True;
1806 : }
1807 :
1808 51 : pw = Get_Pwnam_alloc(talloc_tos(), *name);
1809 51 : if (pw == NULL) {
1810 0 : return False;
1811 : }
1812 48 : *uid = pw->pw_uid;
1813 48 : TALLOC_FREE(pw);
1814 48 : return True;
1815 :
1816 2162 : } else if (map && (map->gid != (gid_t)-1)) {
1817 :
1818 : /* do not resolve SIDs to a name unless there is a valid
1819 : gid associated with it */
1820 :
1821 1601 : *name = talloc_steal(mem_ctx, map->nt_name);
1822 1601 : *psid_name_use = map->sid_name_use;
1823 :
1824 1601 : if (gid) {
1825 13 : *gid = map->gid;
1826 : }
1827 :
1828 1601 : TALLOC_FREE(map);
1829 1601 : return True;
1830 : }
1831 :
1832 561 : TALLOC_FREE(map);
1833 :
1834 : /* Windows will always map RID 513 to something. On a non-domain
1835 : controller, this gets mapped to SERVER\None. */
1836 :
1837 561 : if (uid || gid) {
1838 107 : DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1839 102 : return False;
1840 : }
1841 :
1842 454 : if ( rid == DOMAIN_RID_USERS ) {
1843 0 : *name = talloc_strdup(mem_ctx, "None" );
1844 0 : *psid_name_use = SID_NAME_DOM_GRP;
1845 :
1846 0 : return True;
1847 : }
1848 :
1849 454 : return False;
1850 : }
1851 :
1852 3394 : static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
1853 : const struct dom_sid *domain_sid,
1854 : int num_rids,
1855 : uint32_t *rids,
1856 : const char **names,
1857 : enum lsa_SidType *attrs)
1858 : {
1859 : int i;
1860 : NTSTATUS result;
1861 3394 : bool have_mapped = False;
1862 3394 : bool have_unmapped = False;
1863 :
1864 3394 : if (sid_check_is_builtin(domain_sid)) {
1865 :
1866 0 : for (i=0; i<num_rids; i++) {
1867 : const char *name;
1868 :
1869 0 : if (lookup_builtin_rid(names, rids[i], &name)) {
1870 0 : attrs[i] = SID_NAME_ALIAS;
1871 0 : names[i] = name;
1872 0 : DEBUG(5,("lookup_rids: %s:%d\n",
1873 : names[i], attrs[i]));
1874 0 : have_mapped = True;
1875 : } else {
1876 0 : have_unmapped = True;
1877 0 : attrs[i] = SID_NAME_UNKNOWN;
1878 : }
1879 : }
1880 0 : goto done;
1881 : }
1882 :
1883 : /* Should not happen, but better check once too many */
1884 3394 : if (!sid_check_is_our_sam(domain_sid)) {
1885 0 : return NT_STATUS_INVALID_HANDLE;
1886 : }
1887 :
1888 6789 : for (i = 0; i < num_rids; i++) {
1889 : const char *name;
1890 :
1891 3395 : if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1892 : NULL, NULL)) {
1893 3394 : if (name == NULL) {
1894 0 : return NT_STATUS_NO_MEMORY;
1895 : }
1896 3394 : names[i] = name;
1897 3394 : DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1898 3394 : have_mapped = True;
1899 : } else {
1900 1 : have_unmapped = True;
1901 1 : attrs[i] = SID_NAME_UNKNOWN;
1902 : }
1903 : }
1904 :
1905 3394 : done:
1906 :
1907 3394 : result = NT_STATUS_NONE_MAPPED;
1908 :
1909 3394 : if (have_mapped)
1910 3394 : result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1911 :
1912 3394 : return result;
1913 : }
1914 :
1915 61 : static int pdb_search_destructor(struct pdb_search *search)
1916 : {
1917 61 : if ((!search->search_ended) && (search->search_end != NULL)) {
1918 0 : search->search_end(search);
1919 : }
1920 61 : return 0;
1921 : }
1922 :
1923 61 : struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
1924 : enum pdb_search_type type)
1925 : {
1926 : struct pdb_search *result;
1927 :
1928 61 : result = talloc(mem_ctx, struct pdb_search);
1929 61 : if (result == NULL) {
1930 0 : DEBUG(0, ("talloc failed\n"));
1931 0 : return NULL;
1932 : }
1933 :
1934 61 : result->type = type;
1935 61 : result->cache = NULL;
1936 61 : result->num_entries = 0;
1937 61 : result->cache_size = 0;
1938 61 : result->search_ended = False;
1939 61 : result->search_end = NULL;
1940 :
1941 : /* Segfault appropriately if not initialized */
1942 61 : result->next_entry = NULL;
1943 61 : result->search_end = NULL;
1944 :
1945 61 : talloc_set_destructor(result, pdb_search_destructor);
1946 :
1947 61 : return result;
1948 : }
1949 :
1950 1397 : static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
1951 : uint16_t acct_flags,
1952 : const char *account_name,
1953 : const char *fullname,
1954 : const char *description,
1955 : struct samr_displayentry *entry)
1956 : {
1957 1397 : entry->rid = rid;
1958 1397 : entry->acct_flags = acct_flags;
1959 :
1960 1397 : if (account_name != NULL)
1961 1397 : entry->account_name = talloc_strdup(mem_ctx, account_name);
1962 : else
1963 0 : entry->account_name = "";
1964 :
1965 1397 : if (fullname != NULL)
1966 0 : entry->fullname = talloc_strdup(mem_ctx, fullname);
1967 : else
1968 1397 : entry->fullname = "";
1969 :
1970 1397 : if (description != NULL)
1971 1397 : entry->description = talloc_strdup(mem_ctx, description);
1972 : else
1973 0 : entry->description = "";
1974 1397 : }
1975 :
1976 : struct group_search {
1977 : GROUP_MAP **groups;
1978 : size_t num_groups, current_group;
1979 : };
1980 :
1981 1427 : static bool next_entry_groups(struct pdb_search *s,
1982 : struct samr_displayentry *entry)
1983 : {
1984 1427 : struct group_search *state = (struct group_search *)s->private_data;
1985 : uint32_t rid;
1986 : GROUP_MAP *map;
1987 :
1988 1427 : if (state->current_group == state->num_groups)
1989 28 : return False;
1990 :
1991 1397 : map = state->groups[state->current_group];
1992 :
1993 1397 : sid_peek_rid(&map->sid, &rid);
1994 :
1995 1397 : fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
1996 :
1997 1397 : state->current_group += 1;
1998 1397 : return True;
1999 : }
2000 :
2001 30 : static void search_end_groups(struct pdb_search *search)
2002 : {
2003 30 : struct group_search *state =
2004 : (struct group_search *)search->private_data;
2005 30 : TALLOC_FREE(state->groups);
2006 30 : }
2007 :
2008 30 : static bool pdb_search_grouptype(struct pdb_methods *methods,
2009 : struct pdb_search *search,
2010 : const struct dom_sid *sid, enum lsa_SidType type)
2011 : {
2012 : struct group_search *state;
2013 :
2014 30 : state = talloc_zero(search, struct group_search);
2015 30 : if (state == NULL) {
2016 0 : DEBUG(0, ("talloc failed\n"));
2017 0 : return False;
2018 : }
2019 :
2020 30 : if (!NT_STATUS_IS_OK(methods->enum_group_mapping(methods, sid, type,
2021 : &state->groups, &state->num_groups,
2022 : True))) {
2023 0 : DEBUG(0, ("Could not enum groups\n"));
2024 0 : return False;
2025 : }
2026 :
2027 30 : state->current_group = 0;
2028 30 : search->private_data = state;
2029 30 : search->next_entry = next_entry_groups;
2030 30 : search->search_end = search_end_groups;
2031 30 : return True;
2032 : }
2033 :
2034 10 : static bool pdb_default_search_groups(struct pdb_methods *methods,
2035 : struct pdb_search *search)
2036 : {
2037 10 : return pdb_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP);
2038 : }
2039 :
2040 20 : static bool pdb_default_search_aliases(struct pdb_methods *methods,
2041 : struct pdb_search *search,
2042 : const struct dom_sid *sid)
2043 : {
2044 :
2045 20 : return pdb_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
2046 : }
2047 :
2048 450 : static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
2049 : uint32_t idx)
2050 : {
2051 450 : if (idx < search->num_entries)
2052 142 : return &search->cache[idx];
2053 :
2054 308 : if (search->search_ended)
2055 239 : return NULL;
2056 :
2057 2311 : while (idx >= search->num_entries) {
2058 : struct samr_displayentry entry;
2059 :
2060 2234 : if (!search->next_entry(search, &entry)) {
2061 61 : search->search_end(search);
2062 61 : search->search_ended = True;
2063 61 : break;
2064 : }
2065 :
2066 2173 : ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
2067 : entry, &search->cache, &search->num_entries,
2068 : &search->cache_size);
2069 : }
2070 :
2071 69 : return (search->num_entries > idx) ? &search->cache[idx] : NULL;
2072 : }
2073 :
2074 33 : struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags)
2075 : {
2076 33 : struct pdb_methods *pdb = pdb_get_methods();
2077 : struct pdb_search *result;
2078 :
2079 33 : result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
2080 33 : if (result == NULL) {
2081 0 : return NULL;
2082 : }
2083 :
2084 33 : if (!pdb->search_users(pdb, result, acct_flags)) {
2085 0 : TALLOC_FREE(result);
2086 0 : return NULL;
2087 : }
2088 33 : return result;
2089 : }
2090 :
2091 10 : struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
2092 : {
2093 10 : struct pdb_methods *pdb = pdb_get_methods();
2094 : struct pdb_search *result;
2095 :
2096 10 : result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
2097 10 : if (result == NULL) {
2098 0 : return NULL;
2099 : }
2100 :
2101 10 : if (!pdb->search_groups(pdb, result)) {
2102 0 : TALLOC_FREE(result);
2103 0 : return NULL;
2104 : }
2105 10 : return result;
2106 : }
2107 :
2108 18 : struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
2109 : {
2110 18 : struct pdb_methods *pdb = pdb_get_methods();
2111 : struct pdb_search *result;
2112 :
2113 18 : if (pdb == NULL) return NULL;
2114 :
2115 18 : result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
2116 18 : if (result == NULL) {
2117 0 : return NULL;
2118 : }
2119 :
2120 18 : if (!pdb->search_aliases(pdb, result, sid)) {
2121 0 : TALLOC_FREE(result);
2122 0 : return NULL;
2123 : }
2124 18 : return result;
2125 : }
2126 :
2127 225 : uint32_t pdb_search_entries(struct pdb_search *search,
2128 : uint32_t start_idx, uint32_t max_entries,
2129 : struct samr_displayentry **result)
2130 : {
2131 : struct samr_displayentry *end_entry;
2132 225 : uint32_t end_idx = start_idx+max_entries-1;
2133 :
2134 : /* The first entry needs to be searched after the last. Otherwise the
2135 : * first entry might have moved due to a realloc during the search for
2136 : * the last entry. */
2137 :
2138 225 : end_entry = pdb_search_getentry(search, end_idx);
2139 225 : *result = pdb_search_getentry(search, start_idx);
2140 :
2141 225 : if (end_entry != NULL)
2142 38 : return max_entries;
2143 :
2144 187 : if (start_idx >= search->num_entries)
2145 113 : return 0;
2146 :
2147 74 : return search->num_entries - start_idx;
2148 : }
2149 :
2150 : /*******************************************************************
2151 : trustdom methods
2152 : *******************************************************************/
2153 :
2154 230 : bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid,
2155 : time_t *pass_last_set_time)
2156 : {
2157 230 : struct pdb_methods *pdb = pdb_get_methods();
2158 230 : return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
2159 : pass_last_set_time);
2160 : }
2161 :
2162 0 : NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
2163 : struct cli_credentials **creds)
2164 : {
2165 0 : struct pdb_methods *pdb = pdb_get_methods();
2166 0 : return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds);
2167 : }
2168 :
2169 0 : bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
2170 : const struct dom_sid *sid)
2171 : {
2172 0 : struct pdb_methods *pdb = pdb_get_methods();
2173 0 : return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
2174 : }
2175 :
2176 0 : bool pdb_del_trusteddom_pw(const char *domain)
2177 : {
2178 0 : struct pdb_methods *pdb = pdb_get_methods();
2179 0 : return pdb->del_trusteddom_pw(pdb, domain);
2180 : }
2181 :
2182 8 : NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2183 : struct trustdom_info ***domains)
2184 : {
2185 8 : struct pdb_methods *pdb = pdb_get_methods();
2186 8 : return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
2187 : }
2188 :
2189 : /*******************************************************************
2190 : the defaults for trustdom methods:
2191 : these simply call the original passdb/secrets.c actions,
2192 : to be replaced by pdb_ldap.
2193 : *******************************************************************/
2194 :
2195 230 : static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
2196 : const char *domain,
2197 : char** pwd,
2198 : struct dom_sid *sid,
2199 : time_t *pass_last_set_time)
2200 : {
2201 230 : return secrets_fetch_trusted_domain_password(domain, pwd,
2202 : sid, pass_last_set_time);
2203 :
2204 : }
2205 :
2206 0 : static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods,
2207 : const char *domain,
2208 : TALLOC_CTX *mem_ctx,
2209 : struct cli_credentials **creds)
2210 : {
2211 0 : *creds = NULL;
2212 0 : return NT_STATUS_NOT_IMPLEMENTED;
2213 : }
2214 :
2215 0 : static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
2216 : const char* domain,
2217 : const char* pwd,
2218 : const struct dom_sid *sid)
2219 : {
2220 0 : return secrets_store_trusted_domain_password(domain, pwd, sid);
2221 : }
2222 :
2223 0 : static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
2224 : const char *domain)
2225 : {
2226 0 : return trusted_domain_password_delete(domain);
2227 : }
2228 :
2229 8 : static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
2230 : TALLOC_CTX *mem_ctx,
2231 : uint32_t *num_domains,
2232 : struct trustdom_info ***domains)
2233 : {
2234 8 : return secrets_trusted_domains(mem_ctx, num_domains, domains);
2235 : }
2236 :
2237 : /*******************************************************************
2238 : trusted_domain methods
2239 : *******************************************************************/
2240 :
2241 0 : NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain,
2242 : struct pdb_trusted_domain **td)
2243 : {
2244 0 : struct pdb_methods *pdb = pdb_get_methods();
2245 0 : return pdb->get_trusted_domain(pdb, mem_ctx, domain, td);
2246 : }
2247 :
2248 0 : NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid,
2249 : struct pdb_trusted_domain **td)
2250 : {
2251 0 : struct pdb_methods *pdb = pdb_get_methods();
2252 0 : return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td);
2253 : }
2254 :
2255 0 : NTSTATUS pdb_set_trusted_domain(const char* domain,
2256 : const struct pdb_trusted_domain *td)
2257 : {
2258 0 : struct pdb_methods *pdb = pdb_get_methods();
2259 0 : return pdb->set_trusted_domain(pdb, domain, td);
2260 : }
2261 :
2262 0 : NTSTATUS pdb_del_trusted_domain(const char *domain)
2263 : {
2264 0 : struct pdb_methods *pdb = pdb_get_methods();
2265 0 : return pdb->del_trusted_domain(pdb, domain);
2266 : }
2267 :
2268 205 : NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2269 : struct pdb_trusted_domain ***domains)
2270 : {
2271 205 : struct pdb_methods *pdb = pdb_get_methods();
2272 205 : return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains);
2273 : }
2274 :
2275 0 : static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods,
2276 : TALLOC_CTX *mem_ctx,
2277 : const char *domain,
2278 : struct pdb_trusted_domain **td)
2279 : {
2280 : struct trustAuthInOutBlob taiob;
2281 : struct AuthenticationInformation aia;
2282 : struct pdb_trusted_domain *tdom;
2283 : enum ndr_err_code ndr_err;
2284 : time_t last_set_time;
2285 : char *pwd;
2286 : bool ok;
2287 :
2288 0 : tdom = talloc(mem_ctx, struct pdb_trusted_domain);
2289 0 : if (!tdom) {
2290 0 : return NT_STATUS_NO_MEMORY;
2291 : }
2292 :
2293 0 : tdom->domain_name = talloc_strdup(tdom, domain);
2294 0 : tdom->netbios_name = talloc_strdup(tdom, domain);
2295 0 : if (!tdom->domain_name || !tdom->netbios_name) {
2296 0 : talloc_free(tdom);
2297 0 : return NT_STATUS_NO_MEMORY;
2298 : }
2299 :
2300 0 : tdom->trust_auth_incoming = data_blob_null;
2301 :
2302 0 : ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
2303 : &last_set_time);
2304 0 : if (!ok) {
2305 0 : talloc_free(tdom);
2306 0 : return NT_STATUS_UNSUCCESSFUL;
2307 : }
2308 :
2309 0 : ZERO_STRUCT(taiob);
2310 0 : ZERO_STRUCT(aia);
2311 0 : taiob.count = 1;
2312 0 : taiob.current.count = 1;
2313 0 : taiob.current.array = &aia;
2314 0 : unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
2315 :
2316 0 : aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
2317 0 : aia.AuthInfo.clear.size = strlen(pwd);
2318 0 : aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd,
2319 : aia.AuthInfo.clear.size);
2320 0 : SAFE_FREE(pwd);
2321 0 : if (aia.AuthInfo.clear.password == NULL) {
2322 0 : talloc_free(tdom);
2323 0 : return NT_STATUS_NO_MEMORY;
2324 : }
2325 :
2326 0 : taiob.previous.count = 0;
2327 0 : taiob.previous.array = NULL;
2328 :
2329 0 : ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
2330 : tdom, &taiob,
2331 : (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
2332 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2333 0 : talloc_free(tdom);
2334 0 : return NT_STATUS_UNSUCCESSFUL;
2335 : }
2336 :
2337 0 : tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
2338 0 : tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
2339 0 : tdom->trust_attributes = 0;
2340 0 : tdom->trust_forest_trust_info = data_blob_null;
2341 :
2342 0 : *td = tdom;
2343 0 : return NT_STATUS_OK;
2344 : }
2345 :
2346 0 : static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods,
2347 : TALLOC_CTX *mem_ctx,
2348 : struct dom_sid *sid,
2349 : struct pdb_trusted_domain **td)
2350 : {
2351 0 : return NT_STATUS_NOT_IMPLEMENTED;
2352 : }
2353 :
2354 : #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
2355 :
2356 0 : static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
2357 : const char* domain,
2358 : const struct pdb_trusted_domain *td)
2359 : {
2360 : struct trustAuthInOutBlob taiob;
2361 : struct AuthenticationInformation *aia;
2362 : enum ndr_err_code ndr_err;
2363 : char *pwd;
2364 : bool ok;
2365 :
2366 0 : if (td->trust_attributes != 0 ||
2367 0 : td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
2368 0 : td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
2369 0 : !IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
2370 0 : !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
2371 0 : return NT_STATUS_NOT_IMPLEMENTED;
2372 : }
2373 :
2374 0 : ZERO_STRUCT(taiob);
2375 0 : ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
2376 : &taiob,
2377 : (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
2378 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2379 0 : return NT_STATUS_UNSUCCESSFUL;
2380 : }
2381 :
2382 0 : aia = (struct AuthenticationInformation *) taiob.current.array;
2383 :
2384 0 : if (taiob.count != 1 || taiob.current.count != 1 ||
2385 0 : taiob.previous.count != 0 ||
2386 0 : aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
2387 0 : return NT_STATUS_NOT_IMPLEMENTED;
2388 : }
2389 :
2390 0 : pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
2391 0 : aia->AuthInfo.clear.size);
2392 0 : if (!pwd) {
2393 0 : return NT_STATUS_NO_MEMORY;
2394 : }
2395 :
2396 0 : ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
2397 0 : if (!ok) {
2398 0 : return NT_STATUS_UNSUCCESSFUL;
2399 : }
2400 :
2401 0 : return NT_STATUS_OK;
2402 : }
2403 :
2404 0 : static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods,
2405 : const char *domain)
2406 : {
2407 0 : return NT_STATUS_NOT_IMPLEMENTED;
2408 : }
2409 :
2410 0 : static NTSTATUS pdb_default_enum_trusted_domains(struct pdb_methods *methods,
2411 : TALLOC_CTX *mem_ctx,
2412 : uint32_t *num_domains,
2413 : struct pdb_trusted_domain ***domains)
2414 : {
2415 0 : return NT_STATUS_NOT_IMPLEMENTED;
2416 : }
2417 :
2418 2987 : static struct pdb_domain_info *pdb_default_get_domain_info(
2419 : struct pdb_methods *m, TALLOC_CTX *mem_ctx)
2420 : {
2421 2987 : return NULL;
2422 : }
2423 :
2424 : /*****************************************************************
2425 : UPN suffixes
2426 : *****************************************************************/
2427 0 : static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb,
2428 : TALLOC_CTX *mem_ctx,
2429 : uint32_t *num_suffixes,
2430 : char ***suffixes)
2431 : {
2432 0 : return NT_STATUS_NOT_IMPLEMENTED;
2433 : }
2434 :
2435 0 : static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb,
2436 : uint32_t num_suffixes,
2437 : const char **suffixes)
2438 : {
2439 0 : return NT_STATUS_NOT_IMPLEMENTED;
2440 : }
2441 :
2442 0 : NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
2443 : uint32_t *num_suffixes,
2444 : char ***suffixes)
2445 : {
2446 0 : struct pdb_methods *pdb = pdb_get_methods();
2447 0 : return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes);
2448 : }
2449 :
2450 0 : NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
2451 : const char **suffixes)
2452 : {
2453 0 : struct pdb_methods *pdb = pdb_get_methods();
2454 0 : return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes);
2455 : }
2456 :
2457 : /*******************************************************************
2458 : idmap control methods
2459 : *******************************************************************/
2460 373 : static bool pdb_default_is_responsible_for_our_sam(
2461 : struct pdb_methods *methods)
2462 : {
2463 373 : return true;
2464 : }
2465 :
2466 124 : static bool pdb_default_is_responsible_for_builtin(
2467 : struct pdb_methods *methods)
2468 : {
2469 124 : return true;
2470 : }
2471 :
2472 45990 : static bool pdb_default_is_responsible_for_wellknown(
2473 : struct pdb_methods *methods)
2474 : {
2475 45990 : return false;
2476 : }
2477 :
2478 0 : static bool pdb_default_is_responsible_for_unix_users(
2479 : struct pdb_methods *methods)
2480 : {
2481 0 : return true;
2482 : }
2483 :
2484 0 : static bool pdb_default_is_responsible_for_unix_groups(
2485 : struct pdb_methods *methods)
2486 : {
2487 0 : return true;
2488 : }
2489 :
2490 46036 : static bool pdb_default_is_responsible_for_everything_else(
2491 : struct pdb_methods *methods)
2492 : {
2493 46036 : return false;
2494 : }
2495 :
2496 373 : bool pdb_is_responsible_for_our_sam(void)
2497 : {
2498 373 : struct pdb_methods *pdb = pdb_get_methods();
2499 373 : return pdb->is_responsible_for_our_sam(pdb);
2500 : }
2501 :
2502 57132 : bool pdb_is_responsible_for_builtin(void)
2503 : {
2504 57132 : struct pdb_methods *pdb = pdb_get_methods();
2505 57132 : return pdb->is_responsible_for_builtin(pdb);
2506 : }
2507 :
2508 46256 : bool pdb_is_responsible_for_wellknown(void)
2509 : {
2510 46256 : struct pdb_methods *pdb = pdb_get_methods();
2511 46256 : return pdb->is_responsible_for_wellknown(pdb);
2512 : }
2513 :
2514 0 : bool pdb_is_responsible_for_unix_users(void)
2515 : {
2516 0 : struct pdb_methods *pdb = pdb_get_methods();
2517 0 : return pdb->is_responsible_for_unix_users(pdb);
2518 : }
2519 :
2520 0 : bool pdb_is_responsible_for_unix_groups(void)
2521 : {
2522 0 : struct pdb_methods *pdb = pdb_get_methods();
2523 0 : return pdb->is_responsible_for_unix_groups(pdb);
2524 : }
2525 :
2526 46036 : bool pdb_is_responsible_for_everything_else(void)
2527 : {
2528 46036 : struct pdb_methods *pdb = pdb_get_methods();
2529 46036 : return pdb->is_responsible_for_everything_else(pdb);
2530 : }
2531 :
2532 : /*******************************************************************
2533 : secret methods
2534 : *******************************************************************/
2535 :
2536 80 : NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx,
2537 : const char *secret_name,
2538 : DATA_BLOB *secret_current,
2539 : NTTIME *secret_current_lastchange,
2540 : DATA_BLOB *secret_old,
2541 : NTTIME *secret_old_lastchange,
2542 : struct security_descriptor **sd)
2543 : {
2544 80 : struct pdb_methods *pdb = pdb_get_methods();
2545 80 : return pdb->get_secret(pdb, mem_ctx, secret_name,
2546 : secret_current, secret_current_lastchange,
2547 : secret_old, secret_old_lastchange,
2548 : sd);
2549 : }
2550 :
2551 80 : NTSTATUS pdb_set_secret(const char *secret_name,
2552 : DATA_BLOB *secret_current,
2553 : DATA_BLOB *secret_old,
2554 : struct security_descriptor *sd)
2555 : {
2556 80 : struct pdb_methods *pdb = pdb_get_methods();
2557 80 : return pdb->set_secret(pdb, secret_name,
2558 : secret_current,
2559 : secret_old,
2560 : sd);
2561 : }
2562 :
2563 48 : NTSTATUS pdb_delete_secret(const char *secret_name)
2564 : {
2565 48 : struct pdb_methods *pdb = pdb_get_methods();
2566 48 : return pdb->delete_secret(pdb, secret_name);
2567 : }
2568 :
2569 80 : static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods,
2570 : TALLOC_CTX *mem_ctx,
2571 : const char *secret_name,
2572 : DATA_BLOB *secret_current,
2573 : NTTIME *secret_current_lastchange,
2574 : DATA_BLOB *secret_old,
2575 : NTTIME *secret_old_lastchange,
2576 : struct security_descriptor **sd)
2577 : {
2578 80 : return lsa_secret_get(mem_ctx, secret_name,
2579 : secret_current,
2580 : secret_current_lastchange,
2581 : secret_old,
2582 : secret_old_lastchange,
2583 : sd);
2584 : }
2585 :
2586 80 : static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods,
2587 : const char *secret_name,
2588 : DATA_BLOB *secret_current,
2589 : DATA_BLOB *secret_old,
2590 : struct security_descriptor *sd)
2591 : {
2592 80 : return lsa_secret_set(secret_name,
2593 : secret_current,
2594 : secret_old,
2595 : sd);
2596 : }
2597 :
2598 48 : static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods,
2599 : const char *secret_name)
2600 : {
2601 48 : return lsa_secret_delete(secret_name);
2602 : }
2603 :
2604 : /*******************************************************************
2605 : Create a pdb_methods structure and initialize it with the default
2606 : operations. In this way a passdb module can simply implement
2607 : the functionality it cares about. However, normally this is done
2608 : in groups of related functions.
2609 : *******************************************************************/
2610 :
2611 28561 : NTSTATUS make_pdb_method( struct pdb_methods **methods )
2612 : {
2613 : /* allocate memory for the structure as its own talloc CTX */
2614 :
2615 28561 : *methods = talloc_zero(NULL, struct pdb_methods);
2616 28561 : if (*methods == NULL) {
2617 0 : return NT_STATUS_NO_MEMORY;
2618 : }
2619 :
2620 28561 : (*methods)->get_domain_info = pdb_default_get_domain_info;
2621 28561 : (*methods)->getsampwnam = pdb_default_getsampwnam;
2622 28561 : (*methods)->getsampwsid = pdb_default_getsampwsid;
2623 28561 : (*methods)->create_user = pdb_default_create_user;
2624 28561 : (*methods)->delete_user = pdb_default_delete_user;
2625 28561 : (*methods)->add_sam_account = pdb_default_add_sam_account;
2626 28561 : (*methods)->update_sam_account = pdb_default_update_sam_account;
2627 28561 : (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2628 28561 : (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2629 28561 : (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2630 :
2631 28561 : (*methods)->getgrsid = pdb_default_getgrsid;
2632 28561 : (*methods)->getgrgid = pdb_default_getgrgid;
2633 28561 : (*methods)->getgrnam = pdb_default_getgrnam;
2634 28561 : (*methods)->create_dom_group = pdb_default_create_dom_group;
2635 28561 : (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2636 28561 : (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2637 28561 : (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2638 28561 : (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2639 28561 : (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2640 28561 : (*methods)->enum_group_members = pdb_default_enum_group_members;
2641 28561 : (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2642 28561 : (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2643 28561 : (*methods)->add_groupmem = pdb_default_add_groupmem;
2644 28561 : (*methods)->del_groupmem = pdb_default_del_groupmem;
2645 28561 : (*methods)->create_alias = pdb_default_create_alias;
2646 28561 : (*methods)->delete_alias = pdb_default_delete_alias;
2647 28561 : (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2648 28561 : (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2649 28561 : (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2650 28561 : (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2651 28561 : (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2652 28561 : (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2653 28561 : (*methods)->lookup_rids = pdb_default_lookup_rids;
2654 28561 : (*methods)->get_account_policy = pdb_default_get_account_policy;
2655 28561 : (*methods)->set_account_policy = pdb_default_set_account_policy;
2656 28561 : (*methods)->get_seq_num = pdb_default_get_seq_num;
2657 28561 : (*methods)->id_to_sid = pdb_default_id_to_sid;
2658 28561 : (*methods)->sid_to_id = pdb_default_sid_to_id;
2659 :
2660 28561 : (*methods)->search_groups = pdb_default_search_groups;
2661 28561 : (*methods)->search_aliases = pdb_default_search_aliases;
2662 :
2663 28561 : (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2664 28561 : (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds;
2665 28561 : (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2666 28561 : (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2667 28561 : (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2668 :
2669 28561 : (*methods)->get_trusted_domain = pdb_default_get_trusted_domain;
2670 28561 : (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid;
2671 28561 : (*methods)->set_trusted_domain = pdb_default_set_trusted_domain;
2672 28561 : (*methods)->del_trusted_domain = pdb_default_del_trusted_domain;
2673 28561 : (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains;
2674 :
2675 28561 : (*methods)->get_secret = pdb_default_get_secret;
2676 28561 : (*methods)->set_secret = pdb_default_set_secret;
2677 28561 : (*methods)->delete_secret = pdb_default_delete_secret;
2678 :
2679 28561 : (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
2680 28561 : (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes;
2681 :
2682 28561 : (*methods)->is_responsible_for_our_sam =
2683 : pdb_default_is_responsible_for_our_sam;
2684 28561 : (*methods)->is_responsible_for_builtin =
2685 : pdb_default_is_responsible_for_builtin;
2686 28561 : (*methods)->is_responsible_for_wellknown =
2687 : pdb_default_is_responsible_for_wellknown;
2688 28561 : (*methods)->is_responsible_for_unix_users =
2689 : pdb_default_is_responsible_for_unix_users;
2690 28561 : (*methods)->is_responsible_for_unix_groups =
2691 : pdb_default_is_responsible_for_unix_groups;
2692 28561 : (*methods)->is_responsible_for_everything_else =
2693 : pdb_default_is_responsible_for_everything_else;
2694 :
2695 28561 : return NT_STATUS_OK;
2696 : }
|
