diff options
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/passdb.c | 4 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 68 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_mysql.c | 1034 | ||||
-rw-r--r-- | source3/passdb/pdb_plugin.c | 78 | ||||
-rw-r--r-- | source3/passdb/pdb_tdb.c | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_xml.c | 567 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 2 | ||||
-rw-r--r-- | source3/passdb/util_sam_sid.c | 16 |
9 files changed, 1701 insertions, 72 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index e13f0e9dfb..ed5ddda4da 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -304,7 +304,7 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) /** * Free the contets of the SAM_ACCOUNT, but not the structure. * - * Also wipes the LM and NT hashes and plaintext password from + * Also wipes the LM and NT hashes and plaintext passwrod from * memory. * * @param user SAM_ACCOUNT to free members of. @@ -473,7 +473,7 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd) { int i; unsigned char lonybble, hinybble; - const char *hexchars = "0123456789ABCDEF"; + char *hexchars = "0123456789ABCDEF"; char *p1, *p2; if (!p) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 778cb9425c..d21cc1d355 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -25,11 +25,8 @@ #define DBGC_CLASS DBGC_PASSDB /** List of various built-in passdb modules */ -static const struct { - const char *name; - /* Function to create a member of the pdb_methods list */ - pdb_init_function init; -} builtin_pdb_init_functions[] = { + +const struct pdb_init_function_entry builtin_pdb_init_functions[] = { { "smbpasswd", pdb_init_smbpasswd }, { "smbpasswd_nua", pdb_init_smbpasswd_nua }, { "tdbsam", pdb_init_tdbsam }, @@ -38,53 +35,10 @@ static const struct { { "ldapsam_nua", pdb_init_ldapsam_nua }, { "unixsam", pdb_init_unixsam }, { "nisplussam", pdb_init_nisplussam }, + { "plugin", pdb_init_plugin }, { NULL, NULL} }; -static struct pdb_init_function_entry *backends; -static void lazy_initialize_passdb(void); - -static void lazy_initialize_passdb() -{ - int i; - static BOOL initialised = False; - - if(!initialised) { - initialised = True; - - for(i = 0; builtin_pdb_init_functions[i].name; i++) { - smb_register_passdb(builtin_pdb_init_functions[i].name, builtin_pdb_init_functions[i].init, PASSDB_INTERFACE_VERSION); - } - } -} - -BOOL smb_register_passdb(const char *name, pdb_init_function init, int version) -{ - struct pdb_init_function_entry *entry = backends; - - if(version != PASSDB_INTERFACE_VERSION) - return False; - - DEBUG(5,("Attempting to register passdb backend %s\n", name)); - - /* Check for duplicates */ - while(entry) { - if(strcasecmp(name, entry->name) == 0) { - DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name)); - return False; - } - entry = entry->next; - } - - entry = smb_xmalloc(sizeof(struct pdb_init_function_entry)); - entry->name = name; - entry->init = init; - - DLIST_ADD(backends, entry); - DEBUG(5,("Successfully added passdb backend '%s'\n", name)); - return True; -} - static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -417,12 +371,8 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c { char *module_name = smb_xstrdup(selected); char *module_location = NULL, *p; - struct pdb_init_function_entry *entry; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - lazy_initialize_passdb(); - - entry = backends; + int i; p = strchr(module_name, ':'); @@ -435,11 +385,12 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c trim_string(module_name, " ", " "); DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name)); - while(entry) { - if (strequal(entry->name, module_name)) + for (i = 0; builtin_pdb_init_functions[i].name; i++) + { + if (strequal(builtin_pdb_init_functions[i].name, module_name)) { - DEBUG(5,("Found pdb backend %s\n", module_name)); - nt_status = entry->init(context, methods, module_location); + DEBUG(5,("Found pdb backend %s (at pos %d)\n", module_name, i)); + nt_status = builtin_pdb_init_functions[i].init(context, methods, module_location); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(5,("pdb backend %s has a valid init\n", selected)); } else { @@ -449,7 +400,6 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c return nt_status; break; /* unreached */ } - entry = entry->next; } /* No such backend found */ diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 7c3c6f1f1f..884db4c26c 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -728,7 +728,7 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, search an attribute and return the first value found. ******************************************************************/ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value) + char *attribute, pstring value) { char **values; diff --git a/source3/passdb/pdb_mysql.c b/source3/passdb/pdb_mysql.c new file mode 100644 index 0000000000..d0f30c6394 --- /dev/null +++ b/source3/passdb/pdb_mysql.c @@ -0,0 +1,1034 @@ +/* + * MySQL password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" +#include <mysql/mysql.h> + +#define CONFIG_TABLE_DEFAULT "user" +#define CONFIG_LOGON_TIME_DEFAULT "logon_time" +#define CONFIG_LOGOFF_TIME_DEFAULT "logoff_time" +#define CONFIG_KICKOFF_TIME_DEFAULT "kickoff_time" +#define CONFIG_PASS_LAST_SET_TIME_DEFAULT "pass_last_set_time" +#define CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT "pass_can_change_time" +#define CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT "pass_must_change_time" +#define CONFIG_USERNAME_DEFAULT "username" +#define CONFIG_DOMAIN_DEFAULT "domain" +#define CONFIG_NT_USERNAME_DEFAULT "nt_username" +#define CONFIG_FULLNAME_DEFAULT "nt_fullname" +#define CONFIG_HOME_DIR_DEFAULT "home_dir" +#define CONFIG_DIR_DRIVE_DEFAULT "dir_drive" +#define CONFIG_LOGON_SCRIPT_DEFAULT "logon_script" +#define CONFIG_PROFILE_PATH_DEFAULT "profile_path" +#define CONFIG_ACCT_DESC_DEFAULT "acct_desc" +#define CONFIG_WORKSTATIONS_DEFAULT "workstations" +#define CONFIG_UNKNOWN_STR_DEFAULT "unknown_str" +#define CONFIG_MUNGED_DIAL_DEFAULT "munged_dial" +#define CONFIG_UID_DEFAULT "uid" +#define CONFIG_GID_DEFAULT "gid" +#define CONFIG_USER_SID_DEFAULT "user_sid" +#define CONFIG_GROUP_SID_DEFAULT "group_sid" +#define CONFIG_LM_PW_DEFAULT "lm_pw" +#define CONFIG_NT_PW_DEFAULT "nt_pw" +#define CONFIG_PLAIN_PW_DEFAULT "NULL" +#define CONFIG_ACCT_CTRL_DEFAULT "acct_ctrl" +#define CONFIG_UNKNOWN_3_DEFAULT "unknown_3" +#define CONFIG_LOGON_DIVS_DEFAULT "logon_divs" +#define CONFIG_HOURS_LEN_DEFAULT "hours_len" +#define CONFIG_UNKNOWN_5_DEFAULT "unknown_5" +#define CONFIG_UNKNOWN_6_DEFAULT "unknown_6" +#define CONFIG_HOST_DEFAULT "localhost" +#define CONFIG_USER_DEFAULT "samba" +#define CONFIG_PASS_DEFAULT "" +#define CONFIG_PORT_DEFAULT "3306" +#define CONFIG_DB_DEFAULT "samba" + +static int mysqlsam_debug_level = DBGC_ALL; + +#undef DBGC_CLASS +#define DBGC_CLASS mysqlsam_debug_level + +PDB_MODULE_VERSIONING_MAGIC + +typedef struct pdb_mysql_data { + MYSQL *handle; + MYSQL_RES *pwent; + char *location; +} pdb_mysql_data; + +/* Used to construct insert and update queries */ + +typedef struct pdb_mysql_query { + char update; + TALLOC_CTX *mem_ctx; + char *part1; + char *part2; +} pdb_mysql_query; +#define SET_DATA(data,methods) { \ + if(!methods){ \ + DEBUG(0, ("invalid methods!\n")); \ + return NT_STATUS_INVALID_PARAMETER; \ + } \ + data = (struct pdb_mysql_data *)methods->private_data; \ + if(!data || !(data->handle)){ \ + DEBUG(0, ("invalid handle!\n")); \ + return NT_STATUS_INVALID_HANDLE; \ + } \ +} + +static void pdb_mysql_int_field(struct pdb_methods *m, + struct pdb_mysql_query *q, char *name, int value) +{ + if (!name || strchr(name, '\'')) + return; /* This field shouldn't be set by us */ + + if (q->update) { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, + "%s = %d,", name, value); + } else { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name); + q->part2 = + talloc_asprintf_append(q->mem_ctx, q->part2, "%d,", value); + } +} + +static NTSTATUS pdb_mysql_string_field(struct pdb_methods *methods, + struct pdb_mysql_query *q, + char *name, const char *value) +{ + char *esc_value; + struct pdb_mysql_data *data; + char *tmp_value; + + SET_DATA(data, methods); + + if (!name || !value || !strcmp(value, "") || strchr(name, '\'')) + return NT_STATUS_INVALID_PARAMETER; /* This field shouldn't be set by module */ + + esc_value = malloc(strlen(value) * 2 + 1); + + tmp_value = smb_xstrdup(value); + mysql_real_escape_string(data->handle, esc_value, tmp_value, + strlen(tmp_value)); + SAFE_FREE(tmp_value); + + if (q->update) { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, + "%s = '%s',", name, esc_value); + } else { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name); + q->part2 = + talloc_asprintf_append(q->mem_ctx, q->part2, "'%s',", + esc_value); + } + + SAFE_FREE(esc_value); + + return NT_STATUS_OK; +} + +static char * config_value(pdb_mysql_data * data, char *name, char *default_value) +{ + if (lp_parm_string(NULL, data->location, name)) + return lp_parm_string(NULL, data->location, name); + + return default_value; +} + +static char * config_value_write(pdb_mysql_data * data, char *name, char *default_value) { + char *v = config_value(data, name, NULL); + char *swrite; + + if (!v) + return default_value; + + swrite = strchr(v, ':'); + + /* Default to the same field as read field */ + if (!swrite) + return v; + + swrite++; + + /* If the field is 0 chars long, we shouldn't write to it */ + if (!strlen(swrite) || !strcmp(swrite, "NULL")) + return NULL; + + /* Otherwise, use the additionally specified */ + return swrite; +} + +static const char * config_value_read(pdb_mysql_data * data, char *name, char *default_value) +{ + char *v = config_value(data, name, NULL); + char *swrite; + + if (!v) + return default_value; + + swrite = strchr(v, ':'); + + /* If no write is specified, there are no problems */ + if (!swrite) { + if (strlen(v) == 0) + return "NULL"; + return v; + } + + /* Otherwise, we have to cut the ':write_part' */ + *swrite = '\0'; + if (strlen(v) == 0) + return "NULL"; + + return v; +} + +/* Wrapper for atol that returns 0 if 'a' points to NULL */ +static long xatol(char *a) +{ + long ret = 0; + + if (a != NULL) + ret = atol(a); + + return ret; +} + +static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u) +{ + MYSQL_ROW row; + pstring temp; + unsigned int num_fields; + DOM_SID sid; + + num_fields = mysql_num_fields(r); + row = mysql_fetch_row(r); + if (!row) + return NT_STATUS_INVALID_PARAMETER; + + pdb_set_logon_time(u, xatol(row[0]), PDB_SET); + pdb_set_logoff_time(u, xatol(row[1]), PDB_SET); + pdb_set_kickoff_time(u, xatol(row[2]), PDB_SET); + pdb_set_pass_last_set_time(u, xatol(row[3]), PDB_SET); + pdb_set_pass_can_change_time(u, xatol(row[4]), PDB_SET); + pdb_set_pass_must_change_time(u, xatol(row[5]), PDB_SET); + pdb_set_username(u, row[6], PDB_SET); + pdb_set_domain(u, row[7], PDB_SET); + pdb_set_nt_username(u, row[8], PDB_SET); + pdb_set_fullname(u, row[9], PDB_SET); + pdb_set_homedir(u, row[10], PDB_SET); + pdb_set_dir_drive(u, row[11], PDB_SET); + pdb_set_logon_script(u, row[12], PDB_SET); + pdb_set_profile_path(u, row[13], PDB_SET); + pdb_set_acct_desc(u, row[14], PDB_SET); + pdb_set_workstations(u, row[15], PDB_SET); + pdb_set_unknown_str(u, row[16], PDB_SET); + pdb_set_munged_dial(u, row[17], PDB_SET); + + if (row[18]) + pdb_set_uid(u, xatol(row[18]), PDB_SET); + if (row[19]) + pdb_set_gid(u, xatol(row[19]), PDB_SET); + + string_to_sid(&sid, row[20]); + pdb_set_user_sid(u, &sid, PDB_SET); + string_to_sid(&sid, row[21]); + pdb_set_group_sid(u, &sid, PDB_SET); + + if (pdb_gethexpwd(row[22], temp), PDB_SET) + pdb_set_lanman_passwd(u, temp, PDB_SET); + if (pdb_gethexpwd(row[23], temp), PDB_SET) + pdb_set_nt_passwd(u, temp, PDB_SET); + + /* Only use plaintext password storage when lanman and nt are + * NOT used */ + if (!row[22] || !row[23]) + pdb_set_plaintext_passwd(u, row[24]); + + pdb_set_acct_ctrl(u, xatol(row[25]), PDB_SET); + pdb_set_unknown_3(u, xatol(row[26]), PDB_SET); + pdb_set_logon_divs(u, xatol(row[27]), PDB_SET); + pdb_set_hours_len(u, xatol(row[28]), PDB_SET); + pdb_set_unknown_5(u, xatol(row[29]), PDB_SET); + pdb_set_unknown_6(u, xatol(row[30]), PDB_SET); + + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update) +{ + struct pdb_mysql_data *data = + (struct pdb_mysql_data *) methods->private_data; + char *query; + int ret; + + if (!data || !(data->handle)) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + + asprintf(&query, + "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s", + config_value_read(data, "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + config_value_read(data, "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + config_value_read(data, "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + config_value_read(data, "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + config_value_read(data, "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + config_value_read(data, "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), + config_value_read(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + config_value_read(data, "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + config_value_read(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + config_value_read(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + config_value_read(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + config_value_read(data, "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + config_value_read(data, "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + config_value_read(data, "acct desc column", + CONFIG_ACCT_DESC_DEFAULT), + config_value_read(data, "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + config_value_read(data, "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + config_value_read(data, "munged dial column", + CONFIG_MUNGED_DIAL_DEFAULT), + config_value_read(data, "uid column", CONFIG_UID_DEFAULT), + config_value_read(data, "gid column", CONFIG_GID_DEFAULT), + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + config_value_read(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + config_value_read(data, "lanman pass column", + CONFIG_LM_PW_DEFAULT), + config_value_read(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), + config_value_read(data, "plain pass column", + CONFIG_PLAIN_PW_DEFAULT), + config_value_read(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + config_value_read(data, "unknown 3 column", + CONFIG_UNKNOWN_3_DEFAULT), + config_value_read(data, "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + config_value_read(data, "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + config_value_read(data, "unknown 5 column", + CONFIG_UNKNOWN_5_DEFAULT), + config_value_read(data, "unknown 6 column", + CONFIG_UNKNOWN_6_DEFAULT), + config_value(data, "table", CONFIG_TABLE_DEFAULT) + ); + DEBUG(5, ("Executing query %s\n", query)); + + ret = mysql_query(data->handle, query); + SAFE_FREE(query); + + if (ret) { + DEBUG(0, + ("Error executing MySQL query %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + data->pwent = mysql_store_result(data->handle); + + if (data->pwent == NULL) { + DEBUG(0, + ("Error storing results: %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, + ("mysqlsam_setsampwent succeeded(%lu results)!\n", + mysql_num_rows(data->pwent))); + + return NT_STATUS_OK; +} + +/*************************************************************** + End enumeration of the passwd list. + ****************************************************************/ + +static void mysqlsam_endsampwent(struct pdb_methods *methods) +{ + struct pdb_mysql_data *data = + (struct pdb_mysql_data *) methods->private_data; + + if (data == NULL) { + DEBUG(0, ("invalid handle!\n")); + return; + } + + if (data->pwent != NULL) + mysql_free_result(data->pwent); + + data->pwent = NULL; + + DEBUG(5, ("mysql_endsampwent called\n")); +} + +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) + *****************************************************************/ + +static NTSTATUS mysqlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user) +{ + struct pdb_mysql_data *data; + + SET_DATA(data, methods); + + if (data->pwent == NULL) { + DEBUG(0, ("invalid pwent\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + return row_to_sam_account(data->pwent, user); +} + +static NTSTATUS mysqlsam_select_by_field(struct pdb_methods * methods, SAM_ACCOUNT * user, + const char *field, const char *sname) +{ + char *esc_sname; + char *query; + NTSTATUS ret; + MYSQL_RES *res; + int mysql_ret; + struct pdb_mysql_data *data; + char *tmp_sname; + + SET_DATA(data, methods); + + esc_sname = malloc(strlen(sname) * 2 + 1); + if (!esc_sname) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, + ("mysqlsam_select_by_field: getting data where %s = %s(nonescaped)\n", + field, sname)); + + tmp_sname = smb_xstrdup(sname); + + /* Escape sname */ + mysql_real_escape_string(data->handle, esc_sname, tmp_sname, + strlen(tmp_sname)); + + SAFE_FREE(tmp_sname); + + if (user == NULL) { + DEBUG(0, ("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n")); + SAFE_FREE(esc_sname); + return NT_STATUS_INVALID_PARAMETER; + } + + asprintf(&query, + "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s = '%s'", + config_value_read(data, "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + config_value_read(data, "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + config_value_read(data, "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + config_value_read(data, "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + config_value_read(data, "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + config_value_read(data, "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), + config_value_read(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + config_value_read(data, "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + config_value_read(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + config_value_read(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + config_value_read(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + config_value_read(data, "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + config_value_read(data, "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + config_value_read(data, "acct desc column", + CONFIG_ACCT_DESC_DEFAULT), + config_value_read(data, "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + config_value_read(data, "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + config_value_read(data, "munged dial column", + CONFIG_MUNGED_DIAL_DEFAULT), + config_value_read(data, "uid column", CONFIG_UID_DEFAULT), + config_value_read(data, "gid column", CONFIG_GID_DEFAULT), + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + config_value_read(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + config_value_read(data, "lanman pass column", + CONFIG_LM_PW_DEFAULT), + config_value_read(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), + config_value_read(data, "plain pass column", + CONFIG_PLAIN_PW_DEFAULT), + config_value_read(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + config_value_read(data, "unknown 3 column", + CONFIG_UNKNOWN_3_DEFAULT), + config_value_read(data, "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + config_value_read(data, "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + config_value_read(data, "unknown 5 column", + CONFIG_UNKNOWN_5_DEFAULT), + config_value_read(data, "unknown 6 column", + CONFIG_UNKNOWN_6_DEFAULT), + config_value(data, "table", CONFIG_TABLE_DEFAULT), field, + esc_sname); + + SAFE_FREE(esc_sname); + + DEBUG(5, ("Executing query %s\n", query)); + + mysql_ret = mysql_query(data->handle, query); + + SAFE_FREE(query); + + if (mysql_ret) { + DEBUG(0, + ("Error while executing MySQL query %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + res = mysql_store_result(data->handle); + if (res == NULL) { + DEBUG(0, + ("Error storing results: %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + ret = row_to_sam_account(res, user); + mysql_free_result(res); + + return ret; +} + +/****************************************************************** + Lookup a name in the SAM database + ******************************************************************/ + +static NTSTATUS mysqlsam_getsampwnam(struct pdb_methods *methods, SAM_ACCOUNT * user, + const char *sname) +{ + struct pdb_mysql_data *data; + + SET_DATA(data, methods); + + if (!sname) { + DEBUG(0, ("invalid name specified")); + return NT_STATUS_INVALID_PARAMETER; + } + + return mysqlsam_select_by_field(methods, user, + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), sname); +} + + +/*************************************************************************** + Search by sid + **************************************************************************/ + +static NTSTATUS mysqlsam_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT * user, + const DOM_SID * sid) +{ + struct pdb_mysql_data *data; + fstring sid_str; + + SET_DATA(data, methods); + + sid_to_string(sid_str, sid); + + return mysqlsam_select_by_field(methods, user, + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), sid_str); +} + +/*************************************************************************** + Delete a SAM_ACCOUNT + ****************************************************************************/ + +static NTSTATUS mysqlsam_delete_sam_account(struct pdb_methods *methods, + SAM_ACCOUNT * sam_pass) +{ + const char *sname = pdb_get_username(sam_pass); + char *esc; + char *query; + int ret; + struct pdb_mysql_data *data; + char *tmp_sname; + + SET_DATA(data, methods); + + if (!methods) { + DEBUG(0, ("invalid methods!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (struct pdb_mysql_data *) methods->private_data; + if (!data || !(data->handle)) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + + if (!sname) { + DEBUG(0, ("invalid name specified\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* Escape sname */ + esc = malloc(strlen(sname) * 2 + 1); + if (!esc) { + DEBUG(0, ("Can't allocate memory to store escaped name\n")); + return NT_STATUS_NO_MEMORY; + } + + tmp_sname = smb_xstrdup(sname); + + mysql_real_escape_string(data->handle, esc, tmp_sname, + strlen(tmp_sname)); + + SAFE_FREE(tmp_sname); + + asprintf(&query, "DELETE FROM %s WHERE %s = '%s'", + config_value(data, "table", CONFIG_TABLE_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), esc); + + SAFE_FREE(esc); + + ret = mysql_query(data->handle, query); + + SAFE_FREE(query); + + if (ret) { + DEBUG(0, + ("Error while executing query: %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("User '%s' deleted\n", sname)); + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_replace_sam_account(struct pdb_methods *methods, + const SAM_ACCOUNT * newpwd, char isupdate) +{ + pstring temp; + struct pdb_mysql_data *data; + pdb_mysql_query query; + fstring sid_str; + + if (!methods) { + DEBUG(0, ("invalid methods!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (struct pdb_mysql_data *) methods->private_data; + if (data == NULL || data->handle == NULL) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + query.update = isupdate; + + /* I know this is somewhat overkill but only the talloc + * functions have asprint_append and the 'normal' asprintf + * is a GNU extension */ + query.mem_ctx = talloc_init("mysqlsam_replace_sam_account"); + query.part2 = talloc_asprintf(query.mem_ctx, "%s", ""); + if (query.update) { + query.part1 = + talloc_asprintf(query.mem_ctx, "UPDATE %s SET ", + config_value(data, "table", + CONFIG_TABLE_DEFAULT)); + } else { + query.part1 = + talloc_asprintf(query.mem_ctx, "INSERT INTO %s (", + config_value(data, "table", + CONFIG_TABLE_DEFAULT)); + } + + pdb_mysql_int_field(methods, &query, + config_value_write(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + pdb_get_acct_ctrl(newpwd)); + + if (pdb_get_init_flags(newpwd, PDB_LOGONTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + pdb_get_logon_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_LOGOFFTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + pdb_get_logoff_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_KICKOFFTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + pdb_get_kickoff_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_CANCHANGETIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + pdb_get_pass_can_change_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_MUSTCHANGETIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + pdb_get_pass_must_change_time(newpwd)); + } + + if (pdb_get_pass_last_set_time(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + pdb_get_pass_last_set_time(newpwd)); + } + + if (pdb_get_hours_len(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + pdb_get_hours_len(newpwd)); + } + + if (pdb_get_logon_divs(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + pdb_get_logon_divs(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_UID) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, "uid column", + CONFIG_UID_DEFAULT), + pdb_get_uid(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_GID) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, "gid column", + CONFIG_GID_DEFAULT), + pdb_get_gid(newpwd)); + } + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + sid_to_string(sid_str, + pdb_get_user_sid(newpwd))); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + sid_to_string(sid_str, + pdb_get_group_sid(newpwd))); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "username column", + CONFIG_USERNAME_DEFAULT), + pdb_get_username(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + pdb_get_domain(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + pdb_get_nt_username(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + pdb_get_fullname(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + pdb_get_logon_script(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + pdb_get_profile_path(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + pdb_get_dir_drive(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + pdb_get_homedir(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + pdb_get_workstations(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + pdb_get_workstations(newpwd)); + + pdb_sethexpwd(temp, pdb_get_lanman_passwd(newpwd), + pdb_get_acct_ctrl(newpwd)); + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "lanman pass column", + CONFIG_LM_PW_DEFAULT), temp); + + pdb_sethexpwd(temp, pdb_get_nt_passwd(newpwd), + pdb_get_acct_ctrl(newpwd)); + pdb_mysql_string_field(methods, &query, + config_value_write(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), temp); + + if (query.update) { + query.part1[strlen(query.part1) - 1] = '\0'; + query.part1 = + talloc_asprintf_append(query.mem_ctx, query.part1, + " WHERE %s = '%s'", + config_value_read(data, + "user sid column", + CONFIG_USER_SID_DEFAULT), + sid_to_string(sid_str, pdb_get_user_sid (newpwd))); + } else { + query.part2[strlen(query.part2) - 1] = ')'; + query.part1[strlen(query.part1) - 1] = ')'; + query.part1 = + talloc_asprintf_append(query.mem_ctx, query.part1, + " VALUES (%s", query.part2); + } + + DEBUG(0, ("%s\n", query.part1)); + /* Execute the query */ + if (mysql_query(data->handle, query.part1)) { + DEBUG(0, + ("Error executing %s, %s\n", query.part1, + mysql_error(data->handle))); + return NT_STATUS_INVALID_PARAMETER; + } + talloc_destroy(query.mem_ctx); + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * newpwd) +{ + return mysqlsam_replace_sam_account(methods, newpwd, 0); +} + +static NTSTATUS mysqlsam_update_sam_account(struct pdb_methods *methods, + SAM_ACCOUNT * newpwd) +{ + return mysqlsam_replace_sam_account(methods, newpwd, 1); +} + +static NTSTATUS mysqlsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid, BOOL with_priv) +{ + return get_group_map_from_sid(sid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid, BOOL with_priv) +{ + return get_group_map_from_gid(gid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + char *name, BOOL with_priv) +{ + return get_group_map_from_ntname(name, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return group_map_remove(sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) +{ + return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, + with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + + +NTSTATUS pdb_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method, + char *location) +{ + NTSTATUS nt_status; + struct pdb_mysql_data *data; + + mysqlsam_debug_level = debug_add_class("mysqlsam"); + if (mysqlsam_debug_level == -1) { + mysqlsam_debug_level = DBGC_ALL; + DEBUG(0, + ("mysqlsam: Couldn't register custom debugging class!\n")); + } + + if (!pdb_context) { + DEBUG(0, ("invalid pdb_methods specified\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK + (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "mysqlsam"; + + (*pdb_method)->setsampwent = mysqlsam_setsampwent; + (*pdb_method)->endsampwent = mysqlsam_endsampwent; + (*pdb_method)->getsampwent = mysqlsam_getsampwent; + (*pdb_method)->getsampwnam = mysqlsam_getsampwnam; + (*pdb_method)->getsampwsid = mysqlsam_getsampwsid; + (*pdb_method)->add_sam_account = mysqlsam_add_sam_account; + (*pdb_method)->update_sam_account = mysqlsam_update_sam_account; + (*pdb_method)->delete_sam_account = mysqlsam_delete_sam_account; + (*pdb_method)->getgrsid = mysqlsam_getgrsid; + (*pdb_method)->getgrgid = mysqlsam_getgrgid; + (*pdb_method)->getgrnam = mysqlsam_getgrnam; + (*pdb_method)->add_group_mapping_entry = mysqlsam_add_group_mapping_entry; + (*pdb_method)->update_group_mapping_entry = mysqlsam_update_group_mapping_entry; + (*pdb_method)->delete_group_mapping_entry = mysqlsam_delete_group_mapping_entry; + (*pdb_method)->enum_group_mapping = mysqlsam_enum_group_mapping; + + data = talloc(pdb_context->mem_ctx, sizeof(struct pdb_mysql_data)); + (*pdb_method)->private_data = data; + data->handle = NULL; + data->pwent = NULL; + + if (!location) { + DEBUG(0, ("No identifier specified. See README for details\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data->location = smb_xstrdup(location); + + DEBUG(1, + ("Connecting to database server, host: %s, user: %s, password: %s, database: %s, port: %ld\n", + config_value(data, "mysql host", CONFIG_HOST_DEFAULT), + config_value(data, "mysql user", CONFIG_USER_DEFAULT), + config_value(data, "mysql password", CONFIG_PASS_DEFAULT), + config_value(data, "mysql database", CONFIG_DB_DEFAULT), + xatol(config_value(data, "mysql port", CONFIG_PORT_DEFAULT)))); + + /* Do the mysql initialization */ + data->handle = mysql_init(NULL); + if (!data->handle) { + DEBUG(0, ("Failed to connect to server\n")); + return NT_STATUS_UNSUCCESSFUL; + } + /* Process correct entry in $HOME/.my.conf */ + if (!mysql_real_connect(data->handle, + config_value(data, "mysql host", CONFIG_HOST_DEFAULT), + config_value(data, "mysql user", CONFIG_USER_DEFAULT), + config_value(data, "mysql password", CONFIG_PASS_DEFAULT), + config_value(data, "mysql database", CONFIG_DB_DEFAULT), + xatol(config_value (data, "mysql port", CONFIG_PORT_DEFAULT)), + NULL, 0)) { + DEBUG(0, + ("Failed to connect to mysql database: error: %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Connected to mysql db\n")); + + return NT_STATUS_OK; +} diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c new file mode 100644 index 0000000000..ea67da23a5 --- /dev/null +++ b/source3/passdb/pdb_plugin.c @@ -0,0 +1,78 @@ +/* + Unix SMB/CIFS implementation. + Loadable passdb module interface. + Copyright (C) Jelmer Vernooij 2002 + Copyright (C) Andrew Bartlett 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +{ + void * dl_handle; + char *plugin_location, *plugin_name, *p; + pdb_init_function plugin_init; + int (*plugin_version)(void); + + if (location == NULL) { + DEBUG(0, ("The plugin module needs an argument!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_name = smb_xstrdup(location); + p = strchr(plugin_name, ':'); + if (p) { + *p = 0; + plugin_location = p+1; + trim_string(plugin_location, " ", " "); + } else plugin_location = NULL; + trim_string(plugin_name, " ", " "); + + DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name)); + dl_handle = sys_dlopen(plugin_name, RTLD_NOW ); + if (!dl_handle) { + DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_version = sys_dlsym(dl_handle, "pdb_version"); + if (!plugin_version) { + sys_dlclose(dl_handle); + DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + if (plugin_version() != PASSDB_INTERFACE_VERSION) { + sys_dlclose(dl_handle); + DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", + plugin_version(),PASSDB_INTERFACE_VERSION)); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_init = sys_dlsym(dl_handle, "pdb_init"); + if (!plugin_init) { + sys_dlclose(dl_handle); + DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Starting sam plugin %s with location %s\n", plugin_name, plugin_location)); + return plugin_init(pdb_context, pdb_method, plugin_location); +} diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index a1f786c8cd..2aa2e504d7 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -529,7 +529,7 @@ static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT * NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; TDB_DATA data; - const char *prefix = USERPREFIX; + char *prefix = USERPREFIX; int prefixlen = strlen (prefix); diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c new file mode 100644 index 0000000000..edf70250e2 --- /dev/null +++ b/source3/passdb/pdb_xml.c @@ -0,0 +1,567 @@ + +/* + * XML password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * Some parts based on the libxml gjobread example by Daniel Veillard + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +/* FIXME: + * - Support stdin input by using '-' + * - Be faster. Don't rewrite the whole file when adding a user, but store it in the memory and save it when exiting. Requires changes to samba source. + * - Gives the ability to read/write to standard input/output + * - Do locking! + * - Better names! + */ + + +#define XML_URL "http://www.samba.org/ns" + +#include "includes.h" + +#include <libxml/xmlmemory.h> +#include <libxml/parser.h> + +static int xmlsam_debug_level = DBGC_ALL; + +#undef DBGC_CLASS +#define DBGC_CLASS xmlsam_debug_level + +PDB_MODULE_VERSIONING_MAGIC + +static char * iota(int a) { + static char tmp[10]; + + snprintf(tmp, 9, "%d", a); + return tmp; +} + +BOOL parsePass(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u) +{ + pstring temp; + + cur = cur->xmlChildrenNode; + while (cur != NULL) { + if (strcmp(cur->name, "crypt")) + DEBUG(0, ("Unknown element %s\n", cur->name)); + else { + if (!strcmp(xmlGetProp(cur, "type"), "nt") + && + pdb_gethexpwd(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1), temp)) + pdb_set_nt_passwd(u, temp, PDB_SET); + else if (!strcmp(xmlGetProp(cur, "type"), "lanman") + && + pdb_gethexpwd(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1), temp)) + pdb_set_lanman_passwd(u, temp, PDB_SET); + else + DEBUG(0, + ("Unknown crypt type: %s\n", + xmlGetProp(cur, "type"))); + } + cur = cur->next; + } + return True; +} + +BOOL parseUser(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u) +{ + char *tmp; + DOM_SID sid; + + tmp = xmlGetProp(cur, "sid"); + if (tmp){ + string_to_sid(&sid, tmp); + pdb_set_user_sid(u, &sid, PDB_SET); + } + tmp = xmlGetProp(cur, "uid"); + if (tmp) + pdb_set_uid(u, atol(tmp), PDB_SET); + pdb_set_username(u, xmlGetProp(cur, "name"), PDB_SET); + /* We don't care what the top level element name is */ + cur = cur->xmlChildrenNode; + while (cur != NULL) { + if ((!strcmp(cur->name, "group")) && (cur->ns == ns)) { + tmp = xmlGetProp(cur, "gid"); + if (tmp) + pdb_set_gid(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "sid"); + if (tmp){ + string_to_sid(&sid, tmp); + pdb_set_group_sid(u, &sid, PDB_SET); + } + } + + else if ((!strcmp(cur->name, "domain")) && (cur->ns == ns)) + pdb_set_domain(u, + xmlNodeListGetString(doc, cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "fullname") && cur->ns == ns) + pdb_set_fullname(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "nt_username") && cur->ns == ns) + pdb_set_nt_username(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "logon_script") && cur->ns == ns) + pdb_set_logon_script(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "profile_path") && cur->ns == ns) + pdb_set_profile_path(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "logon_time") && cur->ns == ns) + pdb_set_logon_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "logoff_time") && cur->ns == ns) + pdb_set_logoff_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), + PDB_SET); + + else if (!strcmp(cur->name, "kickoff_time") && cur->ns == ns) + pdb_set_kickoff_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), + PDB_SET); + + else if (!strcmp(cur->name, "logon_divs") && cur->ns == ns) + pdb_set_logon_divs(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "hours_len") && cur->ns == ns) + pdb_set_hours_len(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_3") && cur->ns == ns) + pdb_set_unknown_3(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_5") && cur->ns == ns) + pdb_set_unknown_5(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_6") && cur->ns == ns) + pdb_set_unknown_6(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "homedir") && cur->ns == ns) + pdb_set_homedir(u, + xmlNodeListGetString(doc, cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "unknown_str") && cur->ns == ns) + pdb_set_unknown_str(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "dir_drive") && cur->ns == ns) + pdb_set_dir_drive(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "munged_dial") && cur->ns == ns) + pdb_set_munged_dial(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "acct_desc") && cur->ns == ns) + pdb_set_acct_desc(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "acct_ctrl") && cur->ns == ns) + pdb_set_acct_ctrl(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "workstations") && cur->ns == ns) + pdb_set_workstations(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if ((!strcmp(cur->name, "password")) && (cur->ns == ns)) { + tmp = xmlGetProp(cur, "last_set"); + if (tmp) + pdb_set_pass_last_set_time(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "must_change"); + if (tmp) + pdb_set_pass_must_change_time(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "can_change"); + if (tmp) + pdb_set_pass_can_change_time(u, atol(tmp), PDB_SET); + parsePass(doc, ns, cur, u); + } + + else + DEBUG(0, ("Unknown element %s\n", cur->name)); + cur = cur->next; + } + + return True; +} + +typedef struct pdb_xml { + char *location; + char written; + xmlDocPtr doc; + xmlNodePtr users; + xmlNodePtr pwent; + xmlNsPtr ns; +} pdb_xml; + +xmlNodePtr parseSambaXMLFile(struct pdb_xml *data) +{ + xmlNodePtr cur; + + data->doc = xmlParseFile(data->location); + if (data->doc == NULL) + return NULL; + + cur = xmlDocGetRootElement(data->doc); + if (!cur) { + DEBUG(0, ("empty document\n")); + xmlFreeDoc(data->doc); + return NULL; + } + data->ns = xmlSearchNsByHref(data->doc, cur, XML_URL); + if (!data->ns) { + DEBUG(0, + ("document of the wrong type, samba user namespace not found\n")); + xmlFreeDoc(data->doc); + return NULL; + } + if (strcmp(cur->name, "samba")) { + DEBUG(0, ("document of the wrong type, root node != samba")); + xmlFreeDoc(data->doc); + return NULL; + } + + cur = cur->xmlChildrenNode; + while (cur && xmlIsBlankNode(cur)) { + cur = cur->next; + } + if (!cur) + return NULL; + if ((strcmp(cur->name, "users")) || (cur->ns != data->ns)) { + DEBUG(0, ("document of the wrong type, was '%s', users expected", + cur->name)); + DEBUG(0, ("xmlDocDump follows\n")); + xmlDocDump(stderr, data->doc); + DEBUG(0, ("xmlDocDump finished\n")); + xmlFreeDoc(data->doc); + return NULL; + } + data->users = cur; + cur = cur->xmlChildrenNode; + return cur; +} + +static NTSTATUS xmlsam_setsampwent(struct pdb_methods *methods, BOOL update) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data = (pdb_xml *) methods->private_data; + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data->pwent = parseSambaXMLFile(data); + if (!data->pwent) + return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; +} + +/*************************************************************** + End enumeration of the passwd list. + ****************************************************************/ + +static void xmlsam_endsampwent(struct pdb_methods *methods) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return; + } + + data = (pdb_xml *) methods->private_data; + + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return; + } + + xmlFreeDoc(data->doc); + data->doc = NULL; + data->pwent = NULL; +} + +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) + *****************************************************************/ + +static NTSTATUS xmlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data = (pdb_xml *) methods->private_data; + + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + while (data->pwent) { + if ((!strcmp(data->pwent->name, "user")) && + (data->pwent->ns == data->ns)) { + + parseUser(data->doc, data->ns, data->pwent, user); + data->pwent = data->pwent->next; + return NT_STATUS_OK; + } + data->pwent = data->pwent->next; + } + return NT_STATUS_UNSUCCESSFUL; +} + +/*************************************************************************** + Adds an existing SAM_ACCOUNT + ****************************************************************************/ + +static NTSTATUS xmlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * u) +{ + pstring temp; + fstring sid_str; + xmlNodePtr cur, user, pass, root; + pdb_xml *data; + + DEBUG(10, ("xmlsam_add_sam_account called!\n")); + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (pdb_xml *) methods->private_data; + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* Create a new document if we can't open the current one */ + if (!parseSambaXMLFile(data)) { + DEBUG(0, ("Can't load current XML file, creating a new one\n")); + data->doc = xmlNewDoc(XML_DEFAULT_VERSION); + root = xmlNewDocNode(data->doc, NULL, "samba", NULL); + cur = xmlDocSetRootElement(data->doc, root); + data->ns = xmlNewNs(root, XML_URL, "samba"); + data->users = xmlNewChild(root, data->ns, "users", NULL); + } + + user = xmlNewChild(data->users, data->ns, "user", NULL); + xmlNewProp(user, "sid", + sid_to_string(sid_str, pdb_get_user_sid(u))); + if (pdb_get_init_flags(u, PDB_UID) != PDB_DEFAULT) + xmlNewProp(user, "uid", iota(pdb_get_uid(u))); + + if (pdb_get_username(u) && strcmp(pdb_get_username(u), "")) + xmlNewProp(user, "name", pdb_get_username(u)); + + cur = xmlNewChild(user, data->ns, "group", NULL); + + xmlNewProp(cur, "sid", + sid_to_string(sid_str, pdb_get_group_sid(u))); + if (pdb_get_init_flags(u, PDB_GID) != PDB_DEFAULT) + xmlNewProp(cur, "gid", iota(pdb_get_gid(u))); + + if (pdb_get_init_flags(u, PDB_LOGONTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "login_time", + iota(pdb_get_logon_time(u))); + + if (pdb_get_init_flags(u, PDB_LOGOFFTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "logoff_time", + iota(pdb_get_logoff_time(u))); + + if (pdb_get_init_flags(u, PDB_KICKOFFTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "kickoff_time", + iota(pdb_get_kickoff_time(u))); + + if (pdb_get_domain(u) && strcmp(pdb_get_domain(u), "")) + xmlNewChild(user, data->ns, "domain", pdb_get_domain(u)); + + if (pdb_get_nt_username(u) && strcmp(pdb_get_nt_username(u), "")) + xmlNewChild(user, data->ns, "nt_username", pdb_get_nt_username(u)); + + if (pdb_get_fullname(u) && strcmp(pdb_get_fullname(u), "")) + xmlNewChild(user, data->ns, "fullname", pdb_get_fullname(u)); + + if (pdb_get_homedir(u) && strcmp(pdb_get_homedir(u), "")) + xmlNewChild(user, data->ns, "homedir", pdb_get_homedir(u)); + + if (pdb_get_dir_drive(u) && strcmp(pdb_get_dir_drive(u), "")) + xmlNewChild(user, data->ns, "dir_drive", pdb_get_dir_drive(u)); + + if (pdb_get_logon_script(u) && strcmp(pdb_get_logon_script(u), "")) + xmlNewChild(user, data->ns, "logon_script", + pdb_get_logon_script(u)); + + if (pdb_get_profile_path(u) && strcmp(pdb_get_profile_path(u), "")) + xmlNewChild(user, data->ns, "profile_path", + pdb_get_profile_path(u)); + + if (pdb_get_acct_desc(u) && strcmp(pdb_get_acct_desc(u), "")) + xmlNewChild(user, data->ns, "acct_desc", pdb_get_acct_desc(u)); + + if (pdb_get_workstations(u) && strcmp(pdb_get_workstations(u), "")) + xmlNewChild(user, data->ns, "workstations", + pdb_get_workstations(u)); + + if (pdb_get_unknown_str(u) && strcmp(pdb_get_unknown_str(u), "")) + xmlNewChild(user, data->ns, "unknown_str", pdb_get_unknown_str(u)); + + if (pdb_get_munged_dial(u) && strcmp(pdb_get_munged_dial(u), "")) + xmlNewChild(user, data->ns, "munged_dial", pdb_get_munged_dial(u)); + + + /* Password stuff */ + pass = xmlNewChild(user, data->ns, "password", NULL); + if (pdb_get_pass_last_set_time(u)) + xmlNewProp(pass, "last_set", iota(pdb_get_pass_last_set_time(u))); + if (pdb_get_init_flags(u, PDB_CANCHANGETIME) != PDB_DEFAULT) + xmlNewProp(pass, "can_change", + iota(pdb_get_pass_can_change_time(u))); + + if (pdb_get_init_flags(u, PDB_MUSTCHANGETIME) != PDB_DEFAULT) + xmlNewProp(pass, "must_change", + iota(pdb_get_pass_must_change_time(u))); + + + if (pdb_get_lanman_passwd(u)) { + pdb_sethexpwd(temp, pdb_get_lanman_passwd(u), + pdb_get_acct_ctrl(u)); + cur = xmlNewChild(pass, data->ns, "crypt", temp); + xmlNewProp(cur, "type", "lanman"); + } + + if (pdb_get_nt_passwd(u)) { + pdb_sethexpwd(temp, pdb_get_nt_passwd(u), pdb_get_acct_ctrl(u)); + cur = xmlNewChild(pass, data->ns, "crypt", temp); + xmlNewProp(cur, "type", "nt"); + } + + xmlNewChild(user, data->ns, "acct_ctrl", iota(pdb_get_acct_ctrl(u))); + xmlNewChild(user, data->ns, "unknown_3", iota(pdb_get_unknown_3(u))); + + if (pdb_get_logon_divs(u)) + xmlNewChild(user, data->ns, "logon_divs", + iota(pdb_get_logon_divs(u))); + + if (pdb_get_hours_len(u)) + xmlNewChild(user, data->ns, "hours_len", + iota(pdb_get_hours_len(u))); + + xmlNewChild(user, data->ns, "unknown_5", iota(pdb_get_unknown_5(u))); + xmlNewChild(user, data->ns, "unknown_6", iota(pdb_get_unknown_6(u))); + xmlSaveFile(data->location, data->doc); + + return NT_STATUS_OK; +} + +NTSTATUS pdb_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method, + const char *location) +{ + NTSTATUS nt_status; + pdb_xml *data; + + xmlsam_debug_level = debug_add_class("xmlsam"); + if (xmlsam_debug_level == -1) { + xmlsam_debug_level = DBGC_ALL; + DEBUG(0, ("xmlsam: Couldn't register custom debugging class!\n")); + } + + if (!pdb_context) { + DEBUG(0, ("invalid pdb_methods specified\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK + (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "xmlsam"; + + (*pdb_method)->setsampwent = xmlsam_setsampwent; + (*pdb_method)->endsampwent = xmlsam_endsampwent; + (*pdb_method)->getsampwent = xmlsam_getsampwent; + (*pdb_method)->add_sam_account = xmlsam_add_sam_account; + (*pdb_method)->getsampwnam = NULL; + (*pdb_method)->getsampwsid = NULL; + (*pdb_method)->update_sam_account = NULL; + (*pdb_method)->delete_sam_account = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; + + data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); + data->location = + (location ? talloc_strdup(pdb_context->mem_ctx, location) : "-"); + data->pwent = NULL; + data->written = 0; + (*pdb_method)->private_data = data; + + LIBXML_TEST_VERSION xmlKeepBlanksDefault(0); + + return NT_STATUS_OK; +} diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index d30b13c3b6..b93ea74d8b 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -324,7 +324,7 @@ BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) **/ BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name, - size_t uni_name_len, const char* pwd, + size_t uni_name_len, char* pwd, DOM_SID sid) { struct trusted_dom_pass pass; diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index 6a7675a12a..0881531db8 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -27,14 +27,14 @@ typedef struct _known_sid_users { uint32 rid; enum SID_NAME_USE sid_name_use; - const char *known_user_name; + char *known_user_name; } known_sid_users; static struct sid_name_map_info { DOM_SID *sid; - const char *name; - const known_sid_users *known_users; + char *name; + known_sid_users *known_users; } sid_name_map[MAX_SID_NAMES]; extern DOM_SID global_sid_Builtin; /* Local well-known domain */ @@ -46,16 +46,16 @@ extern DOM_SID global_sid_NT_Authority; /* NT Authority */ static BOOL sid_name_map_initialized = False; /* static known_sid_users no_users[] = {{0, 0, NULL}}; */ -static const known_sid_users everyone_users[] = { +static known_sid_users everyone_users[] = { { 0, SID_NAME_WKN_GRP, "Everyone" }, {0, (enum SID_NAME_USE)0, NULL}}; -static const known_sid_users creator_owner_users[] = { +static known_sid_users creator_owner_users[] = { { 0, SID_NAME_WKN_GRP, "Creator Owner" }, { 1, SID_NAME_WKN_GRP, "Creator Group" }, {0, (enum SID_NAME_USE)0, NULL}}; -static const known_sid_users nt_authority_users[] = { +static known_sid_users nt_authority_users[] = { { 1, SID_NAME_ALIAS, "Dialup" }, { 2, SID_NAME_ALIAS, "Network"}, { 3, SID_NAME_ALIAS, "Batch"}, @@ -68,7 +68,7 @@ static const known_sid_users nt_authority_users[] = { { 18, SID_NAME_ALIAS, "SYSTEM"}, { 0, (enum SID_NAME_USE)0, NULL}}; -static const known_sid_users builtin_groups[] = { +static known_sid_users builtin_groups[] = { { BUILTIN_ALIAS_RID_ADMINS, SID_NAME_ALIAS, "Administrators" }, { BUILTIN_ALIAS_RID_USERS, SID_NAME_ALIAS, "Users" }, { BUILTIN_ALIAS_RID_GUESTS, SID_NAME_ALIAS, "Guests" }, @@ -284,7 +284,7 @@ BOOL map_name_to_wellknown_sid(DOM_SID *sid, enum SID_NAME_USE *use, const char init_sid_name_map(); for (i=0; sid_name_map[i].sid != NULL; i++) { - const known_sid_users *users = sid_name_map[i].known_users; + known_sid_users *users = sid_name_map[i].known_users; if (users == NULL) continue; |