diff options
| author | CVS Import User <samba-bugs@samba.org> | 2004-04-04 11:27:30 +0000 |
|---|---|---|
| committer | CVS Import User <samba-bugs@samba.org> | 2004-04-04 11:27:30 +0000 |
| commit | f8db8e0ae8fa16894a5eb6367ca325e530ff506b (patch) | |
| tree | 753894e0b091990464ef5ce274cb149e4fd9cf0d /source/passdb | |
| parent | 139b1658ca30692835c1a7203c7cd003e587ac12 (diff) | |
| download | samba-f8db8e0ae8fa16894a5eb6367ca325e530ff506b.tar.gz samba-f8db8e0ae8fa16894a5eb6367ca325e530ff506b.tar.xz samba-f8db8e0ae8fa16894a5eb6367ca325e530ff506b.zip | |
r4: merge in the SAMBA_3_0 branch from cvs
to checkout try this:
svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 samba-3_0-work
metze
Diffstat (limited to 'source/passdb')
| -rw-r--r-- | source/passdb/lookup_sid.c | 38 | ||||
| -rw-r--r-- | source/passdb/passdb.c | 51 | ||||
| -rw-r--r-- | source/passdb/pdb_get_set.c | 19 | ||||
| -rw-r--r-- | source/passdb/pdb_guest.c | 15 | ||||
| -rw-r--r-- | source/passdb/pdb_gums.c | 464 | ||||
| -rw-r--r-- | source/passdb/pdb_interface.c | 715 | ||||
| -rw-r--r-- | source/passdb/pdb_ldap.c | 599 | ||||
| -rw-r--r-- | source/passdb/pdb_tdb.c | 627 | ||||
| -rw-r--r-- | source/passdb/pdb_xml.c | 18 | ||||
| -rw-r--r-- | source/passdb/secrets.c | 41 | ||||
| -rw-r--r-- | source/passdb/util_sam_sid.c | 25 |
11 files changed, 83 insertions, 2529 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index a365cba0082..842db8de5dc 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -105,44 +105,6 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM return True; } -BOOL sid_to_local_user_name(const DOM_SID *sid, fstring username) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_USER) - return False; - - fstrcpy(username, name); - return True; -} - -BOOL sid_to_local_dom_grp_name(const DOM_SID *sid, fstring groupname) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_DOM_GRP) - return False; - - fstrcpy(groupname, name); - return True; -} - /***************************************************************** Id mapping cache. This is to avoid Winbind mappings already diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 73f613535d9..04e41b79707 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -800,6 +800,8 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); + *psid_name_use = SID_NAME_ALIAS; + DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid, gr ? "succeeded" : "failed" )); @@ -1890,8 +1892,6 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen) done: - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); SAFE_FREE(username); SAFE_FREE(domain); SAFE_FREE(nt_username); @@ -2339,50 +2339,3 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass) return True; } - -BOOL get_sids_from_priv(const char *privname, DOM_SID **sids, int *num) -{ - char *sids_string; - char *s; - fstring tok; - - if (!pdb_get_privilege_entry(privname, &sids_string)) - return False; - - s = sids_string; - - while (next_token(&s, tok, ",", sizeof(tok))) { - DOM_SID sid; - DEBUG(10, ("converting SID %s\n", tok)); - - if (!string_to_sid(&sid, tok)) { - DEBUG(3, ("Could not convert SID\n")); - continue; - } - - add_sid_to_array(&sid, sids, num); - } - - SAFE_FREE(sids_string); - return True; -} - -BOOL get_priv_for_sid(const DOM_SID *sid, PRIVILEGE_SET *priv) -{ - extern PRIVS privs[]; - int i; - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - DOM_SID *sids; - int j, num; - - if (!get_sids_from_priv(privs[i].priv, &sids, &num)) - continue; - - for (j=0; j<num; j++) { - if (sid_compare(sid, &sids[j]) == 0) - add_privilege_by_name(priv, privs[i].priv); - } - SAFE_FREE(sids); - } - return True; -} diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 908588c8988..e69dac524f0 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -314,6 +314,14 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass) return (NULL); } +uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.fields_present); + else + return (-1); +} + uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass) { if (sampass) @@ -1001,6 +1009,16 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag); } +BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + sampass->private.fields_present = fields_present; + + return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag); +} + BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag) { if (!sampass) @@ -1155,4 +1173,3 @@ uint32 pdb_build_fields_present (SAM_ACCOUNT *sampass) /* value set to all for testing */ return 0x00ffffff; } - diff --git a/source/passdb/pdb_guest.c b/source/passdb/pdb_guest.c index 8c1d4c7b0fe..510cf6abc8b 100644 --- a/source/passdb/pdb_guest.c +++ b/source/passdb/pdb_guest.c @@ -152,21 +152,6 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping; - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid; - (*pdb_method)->get_group_list = pdb_nop_get_group_list; - (*pdb_method)->get_group_sids = pdb_nop_get_group_sids; - (*pdb_method)->add_group = pdb_nop_add_group; - (*pdb_method)->update_group = pdb_nop_update_group; - (*pdb_method)->delete_group = pdb_nop_delete_group; - (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = pdb_nop_get_group_uids; -*/ - /* There's not very much to initialise here */ return NT_STATUS_OK; diff --git a/source/passdb/pdb_gums.c b/source/passdb/pdb_gums.c deleted file mode 100644 index f34d3a94b5a..00000000000 --- a/source/passdb/pdb_gums.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * GUMS password backend for samba - * Copyright (C) Simo Sorce 2003-2004 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) -#define BOOL_SET_OR_FAIL(func, label) do { if (!func) { DEBUG(0, ("%s: Setting sam object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct gums_gw_data { - GUMS_FUNCTIONS *fns; - void *handle; -}; - -static NTSTATUS gums_object_to_sam_account(SAM_ACCOUNT *sa, GUMS_OBJECT *go) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; -/* - if (!NT_STATUS_IS_OK(ret = pdb_init_sam(sa))) { - DEBUG(0, ("gums_object_to_sam_account: error occurred while creating sam_account object!\n")); - goto error; - } -*/ - if (gums_get_object_type(go) != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - BOOL_SET_OR_FAIL(pdb_set_acct_ctrl(sa, gums_get_user_acct_ctrl(go), PDB_SET), error); - - /* domain */ - /* unix_homedir ? */ - - nt_time = gums_get_user_logon_time(go); - BOOL_SET_OR_FAIL(pdb_set_logon_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_logoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_logoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_kickoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_kickoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_last_set_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_last_set_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_can_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_can_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_must_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_must_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours_len(sa, gums_get_user_hours_len(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_divs(sa, gums_get_user_logon_divs(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_user_sid(sa, gums_get_object_sid(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_group_sid(sa, gums_get_user_pri_group(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_nt_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_fullname(sa, gums_get_user_fullname(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_script(sa, gums_get_user_logon_script(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_profile_path(sa, gums_get_user_profile_path(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_dir_drive(sa, gums_get_user_dir_drive(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_homedir(sa, gums_get_user_homedir(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_acct_desc(sa, gums_get_object_description(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_workstations(sa, gums_get_user_workstations(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_str(sa, gums_get_user_unknown_str(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_munged_dial(sa, gums_get_user_munged_dial(go), PDB_SET), error); - - pwd = gums_get_user_nt_pwd(go); - if (!pdb_set_nt_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set nt password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - pwd = gums_get_user_lm_pwd(go); - if (!pdb_set_lanman_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set lanman password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - - BOOL_SET_OR_FAIL(pdb_set_bad_password_count(sa, gums_get_user_bad_password_count(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_6(sa, gums_get_user_unknown_6(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours(sa, gums_get_user_hours(go), PDB_SET), error); - - return NT_STATUS_OK; - -error: - if (sa && (sa->free_fn)) { - sa->free_fn(&sa); - } - - return ret; -} - -static NTSTATUS sam_account_to_gums_object(GUMS_OBJECT *go, SAM_ACCOUNT *sa) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; - -/* - ret = gums_create_object(go, GUMS_OBJ_NORMAL_USER); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("sam_account_to_gums_object: error occurred while creating gums object!\n")); - goto error; - } -*/ - - /* sec_desc */ - - SET_OR_FAIL(gums_set_object_name(go, pdb_get_username(sa)), error); - - SET_OR_FAIL(gums_set_object_sid(go, pdb_get_user_sid(sa)), error); - SET_OR_FAIL(gums_set_user_pri_group(go, pdb_get_group_sid(sa)), error); - - if (pdb_get_acct_desc(sa)) - SET_OR_FAIL(gums_set_object_description(go, pdb_get_acct_desc(sa)), error); - if (pdb_get_fullname(sa)) - SET_OR_FAIL(gums_set_user_fullname(go, pdb_get_fullname(sa)), error); - if (pdb_get_homedir(sa)) - SET_OR_FAIL(gums_set_user_homedir(go, pdb_get_homedir(sa)), error); - if (pdb_get_dir_drive(sa)) - SET_OR_FAIL(gums_set_user_dir_drive(go, pdb_get_dir_drive(sa)), error); - if (pdb_get_logon_script(sa)) - SET_OR_FAIL(gums_set_user_logon_script(go, pdb_get_logon_script(sa)), error); - if (pdb_get_profile_path(sa)) - SET_OR_FAIL(gums_set_user_profile_path(go, pdb_get_profile_path(sa)), error); - if (pdb_get_workstations(sa)) - SET_OR_FAIL(gums_set_user_workstations(go, pdb_get_workstations(sa)), error); - if (pdb_get_unknown_str(sa)) - SET_OR_FAIL(gums_set_user_unknown_str(go, pdb_get_unknown_str(sa)), error); - if (pdb_get_munged_dial(sa)) - SET_OR_FAIL(gums_set_user_munged_dial(go, pdb_get_munged_dial(sa)), error); - SET_OR_FAIL(gums_set_user_logon_divs(go, pdb_get_logon_divs(sa)), error); - if (pdb_get_hours(sa)) - SET_OR_FAIL(gums_set_user_hours(go, pdb_get_hours_len(sa), pdb_get_hours(sa)), error); - SET_OR_FAIL(gums_set_user_bad_password_count(go, pdb_get_bad_password_count(sa)), error); - SET_OR_FAIL(gums_set_user_unknown_6(go, pdb_get_unknown_6(sa)), error); - - unix_to_nt_time(&nt_time, pdb_get_logon_time(sa)); - SET_OR_FAIL(gums_set_user_logon_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_logoff_time(sa)); - SET_OR_FAIL(gums_set_user_logoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_kickoff_time(sa)); - SET_OR_FAIL(gums_set_user_kickoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_last_set_time(sa)); - SET_OR_FAIL(gums_set_user_pass_last_set_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_can_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_can_change_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_must_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_must_change_time(go, nt_time), error); - - pwd = data_blob(pdb_get_nt_passwd(sa), NT_HASH_LEN); - ret = gums_set_user_nt_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set nt password!\n")); - goto error; - } - pwd = data_blob(pdb_get_lanman_passwd(sa), LM_HASH_LEN); - ret = gums_set_user_lm_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set lanman password!\n")); - goto error; - } - - SET_OR_FAIL(gums_set_user_acct_ctrl(go, pdb_get_acct_ctrl(sa)), error); - - return NT_STATUS_OK; - -error: - gums_reset_object(go); - return ret; -} - -static NTSTATUS gums_setsampwent(struct pdb_methods *methods, BOOL update) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - return ggwd->fns->enumerate_objects_start(&(ggwd->handle), NULL, GUMS_OBJ_NORMAL_USER); -} - -static NTSTATUS gums_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->enumerate_objects_get_next(&go, ggwd->handle))) { - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -static void gums_endsampwent(struct pdb_methods *methods) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - ggwd->fns->enumerate_objects_stop(ggwd->handle); -} - -/****************************************************************** - Lookup a name in the SAM database - ******************************************************************/ - -static NTSTATUS gums_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *account, const char *name) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_name(&go, global_myname(), name, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwnam: unable to find account with name %s", name)); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by SID - **************************************************************************/ - -static NTSTATUS gums_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT *account, const DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, sid, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwsid: unable to find account with sid %s", sid_string_static(sid))); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by rid - **************************************************************************/ - -#if 0 - -static NTSTATUS gums_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *account, uint32 rid) -{ - DOM_SID sid; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - gums_getsampwsid(methods, account, &sid); - - return NT_STATUS_OK; -} - -#endif - -/*************************************************************************** - Updates a SAM_ACCOUNT - - This isn't a particulary practical option for pdb_guest. We certainly don't - want to twidde the filesystem, so what should we do? - - Current plan is to transparently add the account. It should appear - as if the pdb_guest version was modified, but its actually stored somehwere. - ****************************************************************************/ - -static NTSTATUS gums_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_add_sam_account: error occurred while creating gums object!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_add_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, pdb_get_user_sid(account), GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_update_sam_account: update on invalid account!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_update_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_update_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->delete_object(pdb_get_user_sid(account)))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - } - - return ret; -} - - -static void free_gw_private_data(void **vp) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)vp; - ggwd->fns->free_private_data(&(ggwd->fns->private_data)); - ggwd->fns = NULL; - ggwd->handle = NULL; - SAFE_FREE(vp); -} - -NTSTATUS pdb_init_gums_gateway(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd; - - if (!pdb_context) { - DEBUG(0, ("invalid pdb_context specified\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(ret = gums_setup_backend(lp_gums_backend()))) { - DEBUG(0, ("pdb_init_gums_gateway: initialization error!\n")); - return ret; - } - - ggwd = (struct gums_gw_data *)malloc(sizeof(struct gums_gw_data)); - if (!ggwd) - return NT_STATUS_NO_MEMORY; - memset(ggwd, 0, sizeof(struct gums_gw_data)); - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&(ggwd->fns)))) { - goto error; - } - - if (!NT_STATUS_IS_OK(ret = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { - goto error; - } - - (*pdb_method)->name = "gums_gateway"; - - (*pdb_method)->setsampwent = gums_setsampwent; - (*pdb_method)->getsampwent = gums_getsampwent; - (*pdb_method)->endsampwent = gums_endsampwent; - (*pdb_method)->getsampwnam = gums_getsampwnam; - (*pdb_method)->getsampwsid = gums_getsampwsid; - (*pdb_method)->add_sam_account = gums_add_sam_account; - (*pdb_method)->update_sam_account = gums_update_sam_account; - (*pdb_method)->delete_sam_account = gums_delete_sam_account; - - /* we should do no group mapping here */ -/* (*pdb_method)->getgrsid = gums_getgrsid; - (*pdb_method)->getgrgid = gums_getgrgid; - (*pdb_method)->getgrnam = gums_getgrnam; - (*pdb_method)->add_group_mapping_entry = gums_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = gums_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = gums_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = gums_enum_group_mapping;*/ - - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = gums_get_group_info_by_sid; - (*pdb_method)->get_group_list = gums_get_group_list; - (*pdb_method)->get_group_sids = gums_get_group_sids; - (*pdb_method)->add_group = gums_add_group; - (*pdb_method)->update_group = gums_update_group; - (*pdb_method)->delete_group = gums_delete_group; - (*pdb_method)->add_sid_to_group = gums_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = gums_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = gums_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = gums_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = gums_get_group_uids; -*/ - - (*pdb_method)->private_data = ggwd; - (*pdb_method)->free_private_data = free_gw_private_data; - - return NT_STATUS_OK; - -error: - SAFE_FREE(ggwd); - return ret; -} - -NTSTATUS pdb_gums_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "gums", pdb_init_gums_gateway); -} - diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index b1620aa9eb6..06097d3557b 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -232,12 +232,25 @@ static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sa static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if ((!context) || (!context->pdb_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on add' should be done */ /* We now add a new account to the first database listed. * Should we? */ @@ -248,6 +261,8 @@ static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); @@ -259,6 +274,17 @@ static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCO return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on update' should be done */ return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); @@ -426,388 +452,6 @@ static NTSTATUS context_enum_group_mapping(struct pdb_context *context, num_entries, unix_only); } -static NTSTATUS context_find_alias(struct pdb_context *context, - const char *name, DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->find_alias(context->pdb_methods, - name, sid); -} - -static NTSTATUS context_create_alias(struct pdb_context *context, - const char *name, uint32 *rid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->create_alias(context->pdb_methods, - name, rid); -} - -static NTSTATUS context_delete_alias(struct pdb_context *context, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->delete_alias(context->pdb_methods, sid); -} - -static NTSTATUS context_enum_aliases(struct pdb_context *context, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliases(context->pdb_methods, - sid, start_idx, max_entries, - num_aliases, info); -} - -static NTSTATUS context_get_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->get_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_set_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->set_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_add_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_del_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->del_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_enum_aliasmem(struct pdb_context *context, - const DOM_SID *alias, DOM_SID **members, - int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliasmem(context->pdb_methods, - alias, members, num); -} - -static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, sid, aliases, - num); -} - -static NTSTATUS context_settrustpwent(struct pdb_context *context) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->settrustpwent(cur_methods); - if (NT_STATUS_IS_OK(ret)) { - context->pdb_methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwent(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwent(cur_methods, trust); - if (!NT_STATUS_IS_ERR(ret)) { - /* prevent from segfaulting when gettrustpwent - was called just to rewind enumeration */ - if (trust) trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwnam(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwnam(cur_methods, trust, name); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwsid(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwsid(cur_methods, trust, sid); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_add_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust); -} - -static NTSTATUS context_update_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->update_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_delete_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->delete_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_set(struct pdb_context *context, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, sid_list, num_sids, privset))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -923,27 +567,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry; (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry; (*context)->pdb_enum_group_mapping = context_enum_group_mapping; - (*context)->pdb_find_alias = context_find_alias; - (*context)->pdb_create_alias = context_create_alias; - (*context)->pdb_delete_alias = context_delete_alias; - (*context)->pdb_enum_aliases = context_enum_aliases; - (*context)->pdb_get_aliasinfo = context_get_aliasinfo; - (*context)->pdb_set_aliasinfo = context_set_aliasinfo; - (*context)->pdb_add_aliasmem = context_add_aliasmem; - (*context)->pdb_del_aliasmem = context_del_aliasmem; - (*context)->pdb_enum_aliasmem = context_enum_aliasmem; - (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships; - (*context)->pdb_settrustpwent = context_settrustpwent; - (*context)->pdb_gettrustpwent = context_gettrustpwent; - (*context)->pdb_gettrustpwnam = context_gettrustpwnam; - (*context)->pdb_gettrustpwsid = context_gettrustpwsid; - (*context)->pdb_add_trust_passwd = context_add_trust_passwd; - (*context)->pdb_update_trust_passwd = context_update_trust_passwd; - (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd; - (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege; - (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege; - (*context)->pdb_get_privilege_set = context_get_privilege_set; - (*context)->pdb_get_privilege_entry = context_get_privilege_entry; (*context)->free_fn = free_pdb_context; @@ -1111,48 +734,22 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid) BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct)); } BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct)); } @@ -1253,183 +850,6 @@ BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, rmap, num_entries, unix_only)); } -BOOL pdb_find_alias(const char *name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context, - name, sid)); -} - -BOOL pdb_create_alias(const char *name, uint32 *rid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_create_alias(pdb_context, - name, rid)); -} - -BOOL pdb_delete_alias(const DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context, - sid)); - -} - -BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid, - start_idx, - max_entries, - num_aliases, - info)); -} - -BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_del_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_enum_aliasmem(const DOM_SID *alias, - DOM_SID **members, int *num_members) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_aliasmem(pdb_context, alias, - members, num_members)); -} - -BOOL pdb_enum_alias_memberships(const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, sid, - aliases, num)); -} - -BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_sid_to_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_remove_sid_from_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_get_privilege_set(DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_set(pdb_context, sid_list, num_sids, privset)); -} - -BOOL pdb_get_privilege_entry(const char *privname, char **sid_list) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_entry(pdb_context, privname, sid_list)); -} - /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1487,66 +907,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods) return; /* NT_STATUS_NOT_IMPLEMENTED; */ } -static NTSTATUS pdb_default_settrustpwent(struct pdb_methods *methods) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const char* name) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const DOM_SID* sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - /* by default return the empty privilege set as otherwise login will - * be denied if a backend does not support privilege sets */ - return NT_STATUS_OK; -} - -static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { *methods = talloc(mem_ctx, sizeof(struct pdb_methods)); @@ -1573,29 +933,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry; (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry; (*methods)->enum_group_mapping = pdb_default_enum_group_mapping; - (*methods)->find_alias = pdb_default_find_alias; - (*methods)->create_alias = pdb_default_create_alias; - (*methods)->delete_alias = pdb_default_delete_alias; - (*methods)->enum_aliases = pdb_default_enum_aliases; - (*methods)->get_aliasinfo = pdb_default_get_aliasinfo; - (*methods)->set_aliasinfo = pdb_default_set_aliasinfo; - (*methods)->add_aliasmem = pdb_default_add_aliasmem; - (*methods)->del_aliasmem = pdb_default_del_aliasmem; - (*methods)->enum_aliasmem = pdb_default_enum_aliasmem; - (*methods)->enum_alias_memberships = pdb_default_alias_memberships; - - (*methods)->settrustpwent = pdb_default_settrustpwent; - (*methods)->gettrustpwent = pdb_default_gettrustpwent; - (*methods)->gettrustpwnam = pdb_default_gettrustpwnam; - (*methods)->gettrustpwsid = pdb_default_gettrustpwsid; - (*methods)->add_trust_passwd = pdb_default_add_trust_passwd; - (*methods)->update_trust_passwd = pdb_default_update_trust_passwd; - (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd; - - (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege; - (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege; - (*methods)->get_privilege_set = pdb_default_get_privilege_set; - (*methods)->get_privilege_entry = pdb_default_get_privilege_entry; return NT_STATUS_OK; } diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 23ab0f9965d..689c7010418 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -1990,8 +1990,8 @@ static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, { pstring filter; - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%lu))", - LDAP_OBJ_POSIXGROUP, LDAP_OBJ_IDMAP_ENTRY, + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))", + LDAP_OBJ_POSIXGROUP, get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), (unsigned long)gid); @@ -2033,37 +2033,6 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if ( count == 0 ) { - /* There's no posixGroup account, let's try to find an - * appropriate idmap entry for aliases */ - - pstring suffix; - pstring filter; - char **attr_list; - - ldap_msgfree(result); - - pstrcpy( suffix, lp_ldap_idmap_suffix() ); - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%u))", - LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_GIDNUMBER, - map->gid); - - attr_list = get_attr_list( sidmap_attr_list ); - rc = smbldap_search(ldap_state->smbldap_state, suffix, - LDAP_SCOPE_SUBTREE, filter, attr_list, - 0, &result); - - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(3,("Failure looking up entry (%s)\n", - ldap_err2string(rc) )); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - } - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); - if ( count == 0 ) { ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -2338,560 +2307,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member, - int modop) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - char *dn; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - LDAPMod **mods = NULL; - int rc; - - pstring filter; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - smbldap_set_mod(&mods, modop, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), - sid_string_static(member)); - - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - ldap_mods_free(mods, True); - ldap_msgfree(result); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->smbldap_state->ldap_struct, - LDAP_OPT_ERROR_STRING,&ld_error); - - DEBUG(0, ("ldapsam_delete_entry: Could not delete attributes " - "for %s, error: %s (%s)\n", dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - SAFE_FREE(dn); - return NT_STATUS_UNSUCCESSFUL; - } - - SAFE_FREE(dn); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, - LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - char **values; - int i; - pstring filter; - - *members = NULL; - *num_members = 0; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST)); - - if (values == NULL) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - count = ldap_count_values(values); - - for (i=0; i<count; i++) { - DOM_SID member; - - if (!string_to_sid(&member, values[i])) - continue; - - add_sid_to_array(&member, members, num_members); - } - - ldap_value_free(values); - ldap_msgfree(result); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - - fstring sid_string; - const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL }; - - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - int rc; - pstring filter; - - sid_to_string(sid_string, sid); - pstr_sprintf(filter, "(&(|(objectclass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), sid_string); - - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), - LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return NT_STATUS_UNSUCCESSFUL; - - *aliases = NULL; - *num = 0; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - - for (entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - entry != NULL; - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, - entry)) - { - DOM_SID alias; - char **vals; - vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, LDAP_ATTRIBUTE_SID); - - if (vals == NULL) - continue; - - if (vals[0] == NULL) { - ldap_value_free(vals); - continue; - } - - if (!string_to_sid(&alias, vals[0])) { - ldap_value_free(vals); - continue; - } - - add_sid_to_array(&alias, aliases, num); - ldap_value_free(vals); - } - - ldap_msgfree(result); - return NT_STATUS_OK; -} - -/********************************************************************** - Privileges related functions - *********************************************************************/ - -static NTSTATUS ldapsam_modify_sid_list_for_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid, int ldap_op) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - LDAPMod **mods = NULL; - fstring sid_str; - fstring filter; - char **attr_list, *dn; - int rc; - - if ((sid == NULL) || (!sid_to_string(sid_str, sid))) { - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Invalid SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - /* if the privilege does not exist and we are adding then - * create it */ - if (ldap_op == LDAP_MOD_ADD) { - - DEBUG(3, ("Privilege not found on ldap tree, creating a new entry\n")); - if (asprintf(&dn, "sambaPrivName=%s,%s", privname, lp_ldap_privilege_suffix()) < 0) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: Out of memory\n")); - goto done; - } - - smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaPrivName", privname); - - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_PRIVILEGE); - - rc = smbldap_add(ldap_state->smbldap_state, dn, mods); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to add privilege (%s) dn= %s with: %s\n\t%s\n", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - - SAFE_FREE(ld_error); - goto done; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - } else { - goto done; - } - } - /* entry found */ - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - /* retrieve the dn */ - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - goto done; - } - - /* prepare the modification */ - smbldap_set_mod(&mods, ldap_op, "sambaSIDList", sid_str); - - /* modify the privilege */ - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - /* free used structures */ - ldap_mods_free(mods, True); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to %s sid for privilege (%s) dn= %s with: %s\n\t%s\n", - (ldap_op == LDAP_MOD_ADD) ? "add" : "remove", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - SAFE_FREE(ld_error); - goto done; - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -static NTSTATUS ldapsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring sid_str; - fstring filter; - char **sid_list; - char **attr_list; - int rc, i; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pstr_sprintf(filter, "(objectclass=%s)", LDAP_OBJ_PRIVILEGE); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_set: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_set: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_set: No privileges in ldap tree\n")); - ret = NT_STATUS_OK; - goto done; - } - - DEBUG(2, ("ldapsam_get_privilege_set: %d entries in the base!\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result))); - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - while (entry != NULL) { - char **values = NULL; - - for(i=0; sid_list[i] != NULL; i++) { - pstring privname; - int j; - - if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "sambaPrivName", privname, sizeof(pstring))) { - goto loop; - } - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_set: SID List not found skipping privilege\n")); - goto loop; - } - - j = 0; - while (values[j] != 0) { - if (strcmp(values[j], sid_list[i]) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", privname)); - add_privilege_by_name(privset, privname); - goto loop; - } - j++; - } - - if (values) { - ldap_value_free(values); - values = NULL; - } - } - loop: - if (values) { - ldap_value_free(values); - } - - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - return ret; -} - -static NTSTATUS ldapsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, - char **sid_list) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring filter; - char **attr_list, **values; - int rc, i, len; - - *sid_list = NULL; - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_entry: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_entry: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_entry: No such privilege (%s) in ldap tree\n", privname)); - goto done; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_entry: SID List not found skipping privilege\n")); - ret = NT_STATUS_OK; - goto done; - } - - for (i = 0, len = 0; values[i] != 0; i++ ) { - len = len + strlen(values[i]) + 1; - } - - *sid_list = (char *)malloc(len); - if ((*sid_list) == NULL) { - DEBUG(0, ("ldapsam_get_privilege_entry: Out of memory!\n")); - ldap_value_free(values); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - (*sid_list)[0] = '\0'; - - for (i = 0; values[i] != 0; i++ ) { - if (i != 0) { - strlcat(*sid_list, ",", len); - } - strlcat(*sid_list, values[i], len); - } - - ldap_value_free(values); - ret = NT_STATUS_OK; -done: - return ret; -} - - /********************************************************************** Housekeeping *********************************************************************/ @@ -2945,11 +2360,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; - (*pdb_method)->add_sid_to_privilege = ldapsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = ldapsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = ldapsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = ldapsam_get_privilege_entry; - /* TODO: Setup private data and free */ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state)); @@ -3035,11 +2445,6 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met (*pdb_method)->name = "ldapsam"; - (*pdb_method)->add_aliasmem = ldapsam_add_aliasmem; - (*pdb_method)->del_aliasmem = ldapsam_del_aliasmem; - (*pdb_method)->enum_aliasmem = ldapsam_enum_aliasmem; - (*pdb_method)->enum_alias_memberships = ldapsam_alias_memberships; - ldap_state = (*pdb_method)->private_data; ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index 2af6609ef6c..9bfb10c4009 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -42,7 +42,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" #define RIDPREFIX "RID_" -#define PRIVPREFIX "PRIV_" #define tdbsamver_t int32 struct tdbsam_privates { @@ -698,620 +697,6 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } -/** - * Start trust passwords enumeration. This function is a simple - * wrapper for calling gettrustpwent with null pointer passed. - * - * @param methods methods belonging in pdb context (module) - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods) -{ - /* rewind enumeration from beginning */ - return methods->gettrustpwent(methods, NULL); -} - - -/** - * Enumerate across trust passwords (machine and interdomain nt/ads) - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct trust_passwd_data t; - TALLOC_CTX *mem_ctx; - - TRUSTDOM **trustdom; - static int enum_ctx; - int num_domains = 0; - unsigned int max_domains = 1; - char *dom_name, *dom_pass; - - smb_ucs2_t *uni_dom_name; - uint8 mach_pass[16]; - uint32 sec_chan; - - if (!methods) return NT_STATUS_UNSUCCESSFUL; - - /* - * NT domain trust passwords - */ - - /* rewind enumeration when passed NULL pointer as a trust */ - if (!trust) { - enum_ctx = 0; - return NT_STATUS_OK; - } - - mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration"); - - /* fetch next trusted domain (one at a time) and its full information */ - nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains, - &trustdom); - if (num_domains) { - pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name); - if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid, - &t.mod_time)) { - - t.uni_name_len = strnlen_w(trustdom[0]->name, 32); - strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len); - safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1); - t.flags = PASS_DOMAIN_TRUST_NT; - - SAFE_FREE(dom_pass); - talloc_destroy(mem_ctx); - trust->private = t; - return nt_status; - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* - * NT machine trust password - */ - - if (secrets_lock_trust_account_password(lp_workgroup(), True)) { - sec_chan = get_default_sec_channel(); - if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time, - &sec_chan)) { - - t.uni_name_len = strlen(lp_workgroup()); - push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup()); - strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len); - safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1); - t.flags = PASS_MACHINE_TRUST_NT; - if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - talloc_destroy(mem_ctx); - trust->private = t; - return NT_STATUS_NO_MORE_ENTRIES; - } - secrets_lock_trust_account_password(lp_workgroup(), False); - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - /* - * ADS machine trust password (TODO) - */ - - - /* - * if nothing is to be returned then reset domain name - * and return "no more entries" - */ - nt_status = NT_STATUS_NO_MORE_ENTRIES; - trust->private.uni_name_len = 0; - trust->private.uni_name[t.uni_name_len] = 0; - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Get trust password by trusted party name - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party name - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char domain_name[32]; - - if (!methods || !trust || !name) return nt_status; - - do { - /* get trust password (next in turn) */ - nt_status = tdbsam_gettrustpwent(methods, trust); - - /* convert unicode name and do case insensitive compare */ - pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name), - trust->private.uni_name_len, STR_TERMINATE); - if (!StrnCaseCmp(domain_name, name, sizeof(domain_name))) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Get trust password by trusted party sid - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party sid - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - if (!methods || !trust || !sid) return nt_status; - - do { - nt_status = tdbsam_gettrustpwent(methods, trust); - - if (sid_equal(&trust->private.domain_sid, sid)) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Add new trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - BOOL status = False; - TALLOC_CTX *mem_ctx; - - char* domain = NULL; - struct trust_passwd_data t = trust->private; - uint32 sec_chan; - - mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password"); - - /* convert unicode name to char* (used to form the key) */ - pull_ucs2_talloc(mem_ctx, &domain, t.uni_name); - - /* add nt machine trust password */ - if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) { - sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC; - status = secrets_store_machine_password(t.pass, domain, sec_chan); - if (status) - status = secrets_store_domain_sid(domain, &t.domain_sid); - - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add nt domain trust password */ - } else if (t.flags & PASS_DOMAIN_TRUST_NT) { - status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len, - t.pass, t.domain_sid); - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add ads machine trust password (TODO) */ - } else if (t.flags & PASS_MACHINE_TRUST_ADS) { - } - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Update trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/** - * Delete trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/*************************************************************************** - Add sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - size_t str_size; - int flag; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - if (data.dptr) { - /* check the list is not empty */ - if (*(data.dptr)) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - goto done; - } - } - SAFE_FREE(data.dptr); - - flag = TDB_MODIFY; - } else { - /* if privilege does not exist create one */ - flag = TDB_INSERT; - } - - /* add the given sid */ - sid_to_string(sid_str, sid); - - if (sid_list) { - str_size = strlen(sid_list) + strlen(sid_str) + 2; - s = realloc(sid_list, str_size); - if (!s) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - sid_list = s; - s = &sid_list[strlen(sid_list)]; - snprintf(s, strlen(sid_str) + 2, ",%s", sid_str); - - } else { - sid_list = strdup(sid_str); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - Reomve sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - /* if privilege does not exist, just leave */ - if (!data.dptr) { - ret = NT_STATUS_OK; - goto done; - } - - if (data.dptr) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n")); - goto done; - } - SAFE_FREE(data.dptr); - } - - /* remove the given sid */ - sid_to_string(sid_str, sid); - - s = strstr(sid_list, sid_str); - if (s) { - char *p; - p = strstr(s, ","); - if (p) { - size_t l = strlen(sid_list) + 1 - (s - sid_list); - memmove(s, ++p, l); - } else { - if (s != sid_list) - s--; - *s = '\0'; - } - } else { - /* sid not found */ - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - get the privilege list for the given token -****************************************************************************/ - -struct priv_traverse { - char **sid_list; - PRIVILEGE_SET *privset; -}; - -static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - struct priv_traverse *pt = (struct priv_traverse *)state; - int prefixlen = strlen(PRIVPREFIX); - - if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) { - - /* add to privilege_set if any of the sid in the token - * is contained in the privilege */ - int i; - - for(i=0; pt->sid_list[i] != NULL; i++) { - char *c, *s; - int len; - - s = data.dptr; - while ((c=strchr(s, ',')) !=NULL) { - len = MAX((c - s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - s = c + 1; - } - len = MAX(strlen(s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - } - } - - return 0; -} - -static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - struct priv_traverse pt; - fstring sid_str; - char **sid_list; - int i; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY ))) - return NT_STATUS_UNSUCCESSFUL; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pt.sid_list = sid_list; - pt.privset = privset; - tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt); - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - tdb_close(pwd_tdb); - - return ret; -} - -static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring name; - fstring keystr; - - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) - return ret; - - /* setup the PRIV index key */ - fstrcpy(name, privname); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(pwd_tdb, key); - if (!data.dptr) - goto done; - - *sid_list = strdup(data.dptr); - SAFE_FREE(data.dptr); - - if (!*sid_list) - goto done; - - ret = NT_STATUS_OK; -done: - tdb_close(pwd_tdb); - return ret; -} - - - - - - static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { @@ -1332,17 +717,6 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; - (*pdb_method)->settrustpwent = tdbsam_settrustpwent; - (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent; - (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam; - (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid; - (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd; - (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd; - (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd; - (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); @@ -1372,3 +746,4 @@ NTSTATUS pdb_tdbsam_init(void) { return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam); } + diff --git a/source/passdb/pdb_xml.c b/source/passdb/pdb_xml.c index 2738ad40e2a..64cb73ba5a4 100644 --- a/source/passdb/pdb_xml.c +++ b/source/passdb/pdb_xml.c @@ -534,17 +534,13 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method (*pdb_method)->getsampwsid = NULL; (*pdb_method)->update_sam_account = NULL; (*pdb_method)->delete_sam_account = NULL; - (*pdb_method)->get_group_info_by_sid = NULL; - (*pdb_method)->get_group_list = NULL; - (*pdb_method)->get_group_sids = NULL; - (*pdb_method)->add_group = NULL; - (*pdb_method)->update_group = NULL; - (*pdb_method)->delete_group = NULL; - (*pdb_method)->add_sid_to_group = NULL; - (*pdb_method)->remove_sid_from_group = NULL; - (*pdb_method)->get_group_info_by_name = NULL; - (*pdb_method)->get_group_info_by_nt_name = NULL; - (*pdb_method)->get_group_uids = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml")); diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 7531435e84f..308f95f395b 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Bartlett 2002 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Tim Potter 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -135,38 +135,39 @@ BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) return True; } -BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_store_domain_guid(const char *domain, GUID *guid) { fstring key; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - return secrets_store(key, guid, sizeof(struct uuid)); + return secrets_store(key, guid, sizeof(GUID)); } -BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid) { - struct uuid *dyn_guid; + GUID *dyn_guid; fstring key; size_t size; - struct uuid new_guid; + GUID new_guid; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); + + DEBUG(6,("key is %s, size is %d\n", key, (int)size)); - if ((!dyn_guid) && (lp_server_role() == ROLE_DOMAIN_PDC)) { + if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) { smb_uuid_generate_random(&new_guid); if (!secrets_store_domain_guid(domain, &new_guid)) return False; - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); if (dyn_guid == NULL) return False; } - if (size != sizeof(struct uuid)) + if (size != sizeof(GUID)) { - DEBUG(1,("UUID size %d is wrong!\n", (int)size)); SAFE_FREE(dyn_guid); return False; } @@ -244,7 +245,7 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. The user of this function must have locked the trust password file using - the above secrets_lock_trust_account_password(). + the above call. ************************************************************************/ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], @@ -332,6 +333,19 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, return True; } +/************************************************************************ + Routine to set the trust account password for a domain. +************************************************************************/ + +BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) +{ + struct machine_acct_pass pass; + + pass.mod_time = time(NULL); + memcpy(pass.hash, new_pwd, 16); + + return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); +} /** * Routine to store the password for trusted domain @@ -555,8 +569,7 @@ BOOL secrets_store_ldap_pw(const char* dn, char* pw) * @return nt status code of rpc response **/ -NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, - int *num_domains, TRUSTDOM ***domains) +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; diff --git a/source/passdb/util_sam_sid.c b/source/passdb/util_sam_sid.c index 3617498eec1..f6cc2491a8b 100644 --- a/source/passdb/util_sam_sid.c +++ b/source/passdb/util_sam_sid.c @@ -305,28 +305,3 @@ BOOL map_name_to_wellknown_sid(DOM_SID *sid, enum SID_NAME_USE *use, const char return False; } - -void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID)); - - if (*sids == NULL) - return; - - sid_copy(&((*sids)[*num]), sid); - *num += 1; - - return; -} - -void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - int i; - - for (i=0; i<*num; i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) - return; - } - - add_sid_to_array(sid, sids, num); -} |