diff options
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/pdb_interface.c | 176 | ||||
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 106 | ||||
| -rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 190 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 283 |
4 files changed, 281 insertions, 474 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 198960550b..0ab45bafc3 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -25,10 +25,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -/* Cache of latest SAM lookup query */ - -static struct samu *csamuser = NULL; - static_decl_pdb; static struct pdb_init_function_entry *backends = NULL; @@ -208,55 +204,32 @@ static struct pdb_methods *pdb_get_methods(void) return pdb_get_methods_reload(False); } -/****************************************************************** - Backward compatibility functions for the original passdb interface -*******************************************************************/ - -bool pdb_setsampwent(bool update, uint16 acb_mask) -{ - struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask)); -} - -void pdb_endsampwent(void) -{ - struct pdb_methods *pdb = pdb_get_methods(); - pdb->endsampwent(pdb); -} - -bool pdb_getsampwent(struct samu *user) -{ - struct pdb_methods *pdb = pdb_get_methods(); - - if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) { - return False; - } - - return True; -} - bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); + struct samu *cache_copy; + const struct dom_sid *user_sid; if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { return False; } - if ( csamuser ) { - TALLOC_FREE(csamuser); - } - - csamuser = samu_new( NULL ); - if (!csamuser) { + cache_copy = samu_new(NULL); + if (cache_copy == NULL) { return False; } - if (!pdb_copy_sam_account(csamuser, sam_acct)) { - TALLOC_FREE(csamuser); + if (!pdb_copy_sam_account(cache_copy, sam_acct)) { + TALLOC_FREE(cache_copy); return False; } + user_sid = pdb_get_user_sid(cache_copy); + + memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, + data_blob_const(user_sid, sizeof(*user_sid)), + cache_copy); + return True; } @@ -289,6 +262,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); uint32 rid; + void *cache_data; /* hard code the Guest RID of 501 */ @@ -301,9 +275,16 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) } /* check the cache first */ - - if ( csamuser && sid_equal(sid, pdb_get_user_sid(csamuser) ) ) - return pdb_copy_sam_account(sam_acct, csamuser); + + cache_data = memcache_lookup_talloc( + NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid))); + + if (cache_data != NULL) { + struct samu *cache_copy = talloc_get_type_abort( + cache_data, struct samu); + + return pdb_copy_sam_account(sam_acct, cache_copy); + } return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); } @@ -498,10 +479,7 @@ NTSTATUS pdb_update_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); return pdb->update_sam_account(pdb, sam_acct); } @@ -510,10 +488,7 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); return pdb->delete_sam_account(pdb, sam_acct); } @@ -524,10 +499,7 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname) uid_t uid; NTSTATUS status; - if (csamuser != NULL) { - TALLOC_FREE(csamuser); - csamuser = NULL; - } + memcache_flush(NULL, PDB_GETPWSID_CACHE); /* sanity check to make sure we don't rename root */ @@ -1181,21 +1153,6 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, return NT_STATUS_NOT_IMPLEMENTED; } -static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, bool update, uint32 acb_mask) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, struct samu *user) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static void pdb_default_endsampwent(struct pdb_methods *methods) -{ - return; /* NT_STATUS_NOT_IMPLEMENTED; */ -} - static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) { return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; @@ -1738,7 +1695,7 @@ static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, } #endif -static struct pdb_search *pdb_search_init(enum pdb_search_type type) +struct pdb_search *pdb_search_init(enum pdb_search_type type) { TALLOC_CTX *mem_ctx; struct pdb_search *result; @@ -1795,81 +1752,6 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid, entry->description = ""; } -static bool user_search_in_progress = False; -struct user_search { - uint16 acct_flags; -}; - -static bool next_entry_users(struct pdb_search *s, - struct samr_displayentry *entry) -{ - struct user_search *state = (struct user_search *)s->private_data; - struct samu *user = NULL; - - next: - if ( !(user = samu_new( NULL )) ) { - DEBUG(0, ("next_entry_users: samu_new() failed!\n")); - return False; - } - - if (!pdb_getsampwent(user)) { - TALLOC_FREE(user); - return False; - } - - if ((state->acct_flags != 0) && - ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) { - TALLOC_FREE(user); - goto next; - } - - fill_displayentry(s->mem_ctx, pdb_get_user_rid(user), - pdb_get_acct_ctrl(user), pdb_get_username(user), - pdb_get_fullname(user), pdb_get_acct_desc(user), - entry); - - TALLOC_FREE(user); - return True; -} - -static void search_end_users(struct pdb_search *search) -{ - pdb_endsampwent(); - user_search_in_progress = False; -} - -static bool pdb_default_search_users(struct pdb_methods *methods, - struct pdb_search *search, - uint32 acct_flags) -{ - struct user_search *state; - - if (user_search_in_progress) { - DEBUG(1, ("user search in progress\n")); - return False; - } - - if (!pdb_setsampwent(False, acct_flags)) { - DEBUG(5, ("Could not start search\n")); - return False; - } - - user_search_in_progress = True; - - state = TALLOC_P(search->mem_ctx, struct user_search); - if (state == NULL) { - DEBUG(0, ("talloc failed\n")); - return False; - } - - state->acct_flags = acct_flags; - - search->private_data = state; - search->next_entry = next_entry_users; - search->search_end = search_end_users; - return True; -} - struct group_search { GROUP_MAP *groups; size_t num_groups, current_group; @@ -2136,9 +2018,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) return NT_STATUS_NO_MEMORY; } - (*methods)->setsampwent = pdb_default_setsampwent; - (*methods)->endsampwent = pdb_default_endsampwent; - (*methods)->getsampwent = pdb_default_getsampwent; (*methods)->getsampwnam = pdb_default_getsampwnam; (*methods)->getsampwsid = pdb_default_getsampwsid; (*methods)->create_user = pdb_default_create_user; @@ -2180,7 +2059,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->gid_to_sid = pdb_default_gid_to_sid; (*methods)->sid_to_id = pdb_default_sid_to_id; - (*methods)->search_users = pdb_default_search_users; (*methods)->search_groups = pdb_default_search_groups; (*methods)->search_aliases = pdb_default_search_aliases; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index bc912ada29..205b178a93 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1454,79 +1454,6 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state, } /********************************************************************** - Connect to LDAP server for password enumeration. -*********************************************************************/ - -static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - int rc; - char *filter = NULL; - const char *suffix; - const char **attr_list; - bool machine_mask = False, user_mask = False; - NTSTATUS status = NT_STATUS_OK; - TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent"); - - if (!ctx) { - return NT_STATUS_NO_MEMORY; - } - filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)", - get_objclass_filter(ldap_state->schema_ver)); - if (!filter) { - status = NT_STATUS_NO_MEMORY; - goto out; - } - - filter = talloc_all_string_sub(ctx, filter, "%u", "*"); - if (!filter) { - status = NT_STATUS_NO_MEMORY; - goto out; - } - - machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))); - user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL)); - - if (machine_mask) { - suffix = lp_ldap_machine_suffix(); - } else if (user_mask) { - suffix = lp_ldap_user_suffix(); - } else { - suffix = lp_ldap_suffix(); - } - - DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n", - acb_mask, suffix)); - - attr_list = get_userattr_list(NULL, ldap_state->schema_ver); - rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - TALLOC_FREE( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - status = NT_STATUS_UNSUCCESSFUL; - goto out; - } - - DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - ldap_state->result), suffix)); - - ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - ldap_state->result); - ldap_state->index = 0; - - out: - - TALLOC_FREE(ctx); - return status; -} - -/********************************************************************** End enumeration of the LDAP password list. *********************************************************************/ @@ -1539,32 +1466,6 @@ static void ldapsam_endsampwent(struct pdb_methods *my_methods) } } -/********************************************************************** -Get the next entry in the LDAP password database. -*********************************************************************/ - -static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, - struct samu *user) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)my_methods->private_data; - bool bret = False; - - while (!bret) { - if (!ldap_state->entry) - return ret; - - ldap_state->index++; - bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry); - - ldap_state->entry = ldap_next_entry(priv2ld(ldap_state), - ldap_state->entry); - } - - return NT_STATUS_OK; -} - static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list, const char *new_attr) { @@ -1867,6 +1768,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); ber_bvfree(bv); +#if defined(LDAP_CONSTRAINT_VIOLATION) + if (rc == LDAP_CONSTRAINT_VIOLATION) + return NT_STATUS_PASSWORD_RESTRICTION; +#endif return NT_STATUS_UNSUCCESSFUL; } else { DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd))); @@ -6172,9 +6077,6 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c (*pdb_method)->name = "ldapsam"; - (*pdb_method)->setsampwent = ldapsam_setsampwent; - (*pdb_method)->endsampwent = ldapsam_endsampwent; - (*pdb_method)->getsampwent = ldapsam_getsampwent; (*pdb_method)->getsampwnam = ldapsam_getsampwnam; (*pdb_method)->getsampwsid = ldapsam_getsampwsid; (*pdb_method)->add_sam_account = ldapsam_add_sam_account; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 6a3bdb80a2..6cf54fbdf6 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1264,79 +1264,6 @@ static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state, Functions to be implemented by the new passdb API ****************************************************************/ -static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - - smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, - update ? PWF_UPDATE : PWF_READ, - &(smbpasswd_state->pw_file_lock_depth)); - - /* did we fail? Should we try to create it? */ - if (!smbpasswd_state->pw_file && update && errno == ENOENT) { - FILE *fp; - /* slprintf(msg_str,msg_str_len-1, - "smbpasswd file did not exist - attempting to create it.\n"); */ - DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n")); - fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w"); - if (fp) { - fprintf(fp, "# Samba SMB password file\n"); - fclose(fp); - } - - smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, - update ? PWF_UPDATE : PWF_READ, - &(smbpasswd_state->pw_file_lock_depth)); - } - - if (smbpasswd_state->pw_file != NULL) - return NT_STATUS_OK; - else - return NT_STATUS_UNSUCCESSFUL; -} - -static void smbpasswd_endsampwent (struct pdb_methods *my_methods) -{ - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth)); -} - -/***************************************************************** - ****************************************************************/ - -static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, struct samu *user) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; - struct smb_passwd *pw_buf=NULL; - bool done = False; - - DEBUG(5,("pdb_getsampwent\n")); - - if ( !user ) { - DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n")); - return nt_status; - } - - while (!done) { - /* do we have an entry? */ - pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file); - if (pw_buf == NULL) - return nt_status; - - /* build the struct samu entry from the smb_passwd struct. - We loop in case the user in the pdb does not exist in - the local system password file */ - if (build_sam_account(smbpasswd_state, user, pw_buf)) - done = True; - } - - DEBUG(5,("getsampwent (smbpasswd): done\n")); - - /* success */ - return NT_STATUS_OK; -} - /**************************************************************** Search smbpasswd file by iterating over the entries. Do not call getpwnam() for unix account information until we have found @@ -1606,6 +1533,119 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } +struct smbpasswd_search_state { + uint32_t acct_flags; + + struct samr_displayentry *entries; + uint32_t num_entries; + ssize_t array_size; + uint32_t current; +}; + +static void smbpasswd_search_end(struct pdb_search *search) +{ + struct smbpasswd_search_state *state = talloc_get_type_abort( + search->private_data, struct smbpasswd_search_state); + TALLOC_FREE(state); +} + +static bool smbpasswd_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) +{ + struct smbpasswd_search_state *state = talloc_get_type_abort( + search->private_data, struct smbpasswd_search_state); + + if (state->current == state->num_entries) { + return false; + } + + *entry = state->entries[state->current++]; + + return true; +} + +static bool smbpasswd_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32_t acct_flags) +{ + struct smbpasswd_privates *smbpasswd_state = + (struct smbpasswd_privates*)methods->private_data; + + struct smbpasswd_search_state *search_state; + struct smb_passwd *pwd; + FILE *fp; + + search_state = TALLOC_ZERO_P(search->mem_ctx, + struct smbpasswd_search_state); + if (search_state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + search_state->acct_flags = acct_flags; + + fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, + &smbpasswd_state->pw_file_lock_depth); + + if (fp == NULL) { + DEBUG(10, ("Unable to open smbpasswd file.\n")); + TALLOC_FREE(search_state); + return false; + } + + while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) { + struct samr_displayentry entry; + struct samu *user; + + if ((acct_flags != 0) + && ((acct_flags & pwd->acct_ctrl) == 0)) { + continue; + } + + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + break; + } + + if (!build_sam_account(smbpasswd_state, user, pwd)) { + /* Already got debug msgs... */ + break; + } + + ZERO_STRUCT(entry); + + entry.acct_flags = pdb_get_acct_ctrl(user); + sid_peek_rid(pdb_get_user_sid(user), &entry.rid); + entry.account_name = talloc_strdup( + search_state, pdb_get_username(user)); + entry.fullname = talloc_strdup( + search_state, pdb_get_fullname(user)); + entry.description = talloc_strdup( + search_state, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); + + if ((entry.account_name == NULL) || (entry.fullname == NULL) + || (entry.description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + break; + } + + ADD_TO_LARGE_ARRAY(search_state, struct samr_displayentry, + entry, &search_state->entries, + &search_state->num_entries, + &search_state->array_size); + } + + endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth)); + + search->private_data = search_state; + search->next_entry = smbpasswd_search_next_entry; + search->search_end = smbpasswd_search_end; + + return true; +} + static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char *location ) { NTSTATUS nt_status; @@ -1617,15 +1657,13 @@ static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char (*pdb_method)->name = "smbpasswd"; - (*pdb_method)->setsampwent = smbpasswd_setsampwent; - (*pdb_method)->endsampwent = smbpasswd_endsampwent; - (*pdb_method)->getsampwent = smbpasswd_getsampwent; (*pdb_method)->getsampwnam = smbpasswd_getsampwnam; (*pdb_method)->getsampwsid = smbpasswd_getsampwsid; (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; (*pdb_method)->rename_sam_account = smbpasswd_rename_sam_account; + (*pdb_method)->search_users = smbpasswd_search_users; (*pdb_method)->rid_algorithm = smbpasswd_rid_algorithm; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index b4282b1278..5ee1cdc0c0 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -44,13 +44,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define RIDPREFIX "RID_" #define PRIVPREFIX "PRIV_" -struct pwent_list { - struct pwent_list *prev, *next; - TDB_DATA key; -}; -static struct pwent_list *tdbsam_pwent_list; -static bool pwent_initialized; - /* GLOBAL TDB SAM CONTEXT */ static TDB_CONTEXT *tdbsam; @@ -891,134 +884,6 @@ void tdbsam_close( void ) return; } -/**************************************************************************** - creates a list of user keys -****************************************************************************/ - -static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - const char *prefix = USERPREFIX; - int prefixlen = strlen (prefix); - struct pwent_list *ptr; - - if ( strncmp((const char *)key.dptr, prefix, prefixlen) == 0 ) { - if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) { - DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n")); - - /* just return 0 and let the traversal continue */ - return 0; - } - ZERO_STRUCTP(ptr); - - /* save a copy of the key */ - - ptr->key.dptr = (uint8 *)memdup( key.dptr, key.dsize ); - if (!ptr->key.dptr) { - DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n")); - /* just return 0 and let the traversal continue */ - SAFE_FREE(ptr); - return 0; - } - - ptr->key.dsize = key.dsize; - - DLIST_ADD( tdbsam_pwent_list, ptr ); - - } - - return 0; -} - -/*************************************************************** - Open the TDB passwd database for SAM account enumeration. - Save a list of user keys for iteration. -****************************************************************/ - -static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask) -{ - if ( !tdbsam_open( tdbsam_filename ) ) { - DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); - return NT_STATUS_ACCESS_DENIED; - } - - tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL ); - pwent_initialized = True; - - return NT_STATUS_OK; -} - - -/*************************************************************** - End enumeration of the TDB passwd list. -****************************************************************/ - -static void tdbsam_endsampwent(struct pdb_methods *my_methods) -{ - struct pwent_list *ptr, *ptr_next; - - /* close the tdb only if we have a valid pwent state */ - - if ( pwent_initialized ) { - DEBUG(7, ("endtdbpwent: closed sam database.\n")); - tdbsam_close(); - } - - /* clear out any remaining entries in the list */ - - for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { - ptr_next = ptr->next; - DLIST_REMOVE( tdbsam_pwent_list, ptr ); - SAFE_FREE( ptr->key.dptr); - SAFE_FREE( ptr ); - } - - pwent_initialized = False; -} - -/***************************************************************** - Get one struct samu from the TDB (next in line) -*****************************************************************/ - -static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu *user) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data; - struct pwent_list *pkey; - - if ( !user ) { - DEBUG(0,("tdbsam_getsampwent: struct samu is NULL.\n")); - return nt_status; - } - - if ( !tdbsam_pwent_list ) { - DEBUG(4,("tdbsam_getsampwent: end of list\n")); - return nt_status; - } - - /* pull the next entry */ - - pkey = tdbsam_pwent_list; - DLIST_REMOVE( tdbsam_pwent_list, pkey ); - - data = tdb_fetch(tdbsam, pkey->key); - - SAFE_FREE( pkey->key.dptr); - SAFE_FREE( pkey); - - if ( !data.dptr ) { - DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n")); - return nt_status; - } - - if ( !init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize) ) { - DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); - } - - SAFE_FREE( data.dptr ); - - return NT_STATUS_OK; -} - /****************************************************************** Lookup a name in the SAM TDB ******************************************************************/ @@ -1306,10 +1171,6 @@ static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd, { bool result = True; - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); - #if 0 if ( !pdb_get_group_rid(newpwd) ) { DEBUG (0,("tdb_update_sam: Failing to store a struct samu for [%s] " @@ -1396,10 +1257,6 @@ static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods, return NT_STATUS_ACCESS_DENIED; } - /* invalidate the existing TDB iterator if it is open */ - - tdbsam_endsampwent( my_methods ); - if ( !(new_acct = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; } @@ -1592,6 +1449,139 @@ static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid) return ret; } +struct tdbsam_search_state { + struct pdb_methods *methods; + uint32_t acct_flags; + + uint32_t *rids; + uint32_t num_rids; + ssize_t array_size; + uint32_t current; +}; + +static int tdbsam_collect_rids(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, + void *private_data) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + private_data, struct tdbsam_search_state); + size_t prefixlen = strlen(RIDPREFIX); + uint32 rid; + + if ((key.dsize < prefixlen) + || (strncmp((char *)key.dptr, RIDPREFIX, prefixlen))) { + return 0; + } + + rid = strtoul((char *)key.dptr+prefixlen, NULL, 16); + + ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids, + &state->array_size); + + return 0; +} + +static void tdbsam_search_end(struct pdb_search *search) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + TALLOC_FREE(state); +} + +static bool tdbsam_search_next_entry(struct pdb_search *search, + struct samr_displayentry *entry) +{ + struct tdbsam_search_state *state = talloc_get_type_abort( + search->private_data, struct tdbsam_search_state); + struct samu *user = NULL; + NTSTATUS status; + uint32_t rid; + + again: + TALLOC_FREE(user); + user = samu_new(talloc_tos()); + if (user == NULL) { + DEBUG(0, ("samu_new failed\n")); + return false; + } + + if (state->current == state->num_rids) { + return false; + } + + rid = state->rids[state->current++]; + + status = tdbsam_getsampwrid(state->methods, user, rid); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + /* + * Someone has deleted that user since we listed the RIDs + */ + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("tdbsam_getsampwrid failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(user); + return false; + } + + if ((state->acct_flags != 0) && + ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) { + goto again; + } + + entry->acct_flags = pdb_get_acct_ctrl(user); + entry->rid = rid; + entry->account_name = talloc_strdup( + search->mem_ctx, pdb_get_username(user)); + entry->fullname = talloc_strdup( + search->mem_ctx, pdb_get_fullname(user)); + entry->description = talloc_strdup( + search->mem_ctx, pdb_get_acct_desc(user)); + + TALLOC_FREE(user); + + if ((entry->account_name == NULL) || (entry->fullname == NULL) + || (entry->description == NULL)) { + DEBUG(0, ("talloc_strdup failed\n")); + return false; + } + + return true; +} + +static bool tdbsam_search_users(struct pdb_methods *methods, + struct pdb_search *search, + uint32 acct_flags) +{ + struct tdbsam_search_state *state; + + if (!tdbsam_open(tdbsam_filename)) { + DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", + tdbsam_filename)); + return false; + } + + state = TALLOC_ZERO_P(search->mem_ctx, struct tdbsam_search_state); + if (state == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + state->acct_flags = acct_flags; + state->methods = methods; + + tdb_traverse(tdbsam, tdbsam_collect_rids, state); + + tdbsam_close(); + + search->private_data = state; + search->next_entry = tdbsam_search_next_entry; + search->search_end = tdbsam_search_end; + + return true; +} + /********************************************************************* Initialize the tdb sam backend. Setup the dispath table of methods, open the tdb, etc... @@ -1609,15 +1599,13 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc (*pdb_method)->name = "tdbsam"; - (*pdb_method)->setsampwent = tdbsam_setsampwent; - (*pdb_method)->endsampwent = tdbsam_endsampwent; - (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account; + (*pdb_method)->search_users = tdbsam_search_users; (*pdb_method)->rid_algorithm = tdbsam_rid_algorithm; (*pdb_method)->new_rid = tdbsam_new_rid; @@ -1625,7 +1613,8 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc /* save the path for later */ if (!location) { - if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(), PASSDB_FILE_NAME) < 0) { + if (asprintf(&tdbfile, "%s/%s", lp_private_dir(), + PASSDB_FILE_NAME) < 0) { return NT_STATUS_NO_MEMORY; } pfile = tdbfile; |