summaryrefslogtreecommitdiff
path: root/source3/sam
diff options
context:
space:
mode:
Diffstat (limited to 'source3/sam')
-rw-r--r--source3/sam/api.c322
-rw-r--r--source3/sam/interface.c1005
-rwxr-xr-xsource3/sam/sam_ads.c1204
-rw-r--r--source3/sam/sam_skel.c251
4 files changed, 774 insertions, 2008 deletions
diff --git a/source3/sam/api.c b/source3/sam/api.c
new file mode 100644
index 0000000000..fb2f015e95
--- /dev/null
+++ b/source3/sam/api.c
@@ -0,0 +1,322 @@
+/*
+ Unix SMB/CIFS implementation.
+ SAM interface API.
+
+ Copyright (C) Stefan (metze) Metzmacher 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+/* these functions should be used by the rest of SAMBA --metze */
+
+/* General API */
+
+NTSTATUS sam_get_sec_desc(const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_sec_desc(sam_context, access_token, sid, sd);
+}
+
+NTSTATUS sam_set_sec_desc(const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_set_sec_desc(sam_context, access_token, sid, sd);
+}
+
+NTSTATUS sam_lookup_sid(const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_lookup_sid(sam_context, access_token, sid, name, type);
+}
+
+NTSTATUS sam_lookup_name(const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID **sid, uint32 *type)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_lookup_name(sam_context, access_token, domain, name, sid, type);
+}
+
+/* Domain API */
+
+NTSTATUS sam_update_domain(const SAM_DOMAIN_HANDLE *domain)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_update_domain(sam_context, domain);
+}
+
+NTSTATUS sam_enum_domains(const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char **domain_names)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_enum_domains(sam_context, access_token, domain_count, domains, domain_names);
+}
+
+NTSTATUS sam_lookup_domain(const NT_USER_TOKEN * access_token, const char *domain, DOM_SID **domainsid)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_lookup_domain(sam_context, access_token, domain, domainsid);
+}
+
+NTSTATUS sam_get_domain_by_sid(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_domain_by_sid(sam_context, access_token, access_desired, domainsid, domain);
+}
+
+/* Account API */
+
+NTSTATUS sam_create_account(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_create_account(sam_context, access_token, access_desired, domainsid, account_name, acct_ctrl, account);
+}
+
+NTSTATUS sam_add_account(const DOM_SID *domainsid, const SAM_ACCOUNT_HANDLE *account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_add_account(sam_context, domainsid, account);
+}
+
+NTSTATUS sam_update_account(const SAM_ACCOUNT_HANDLE *account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_update_account(sam_context, account);
+}
+
+NTSTATUS sam_delete_account(const SAM_ACCOUNT_HANDLE *account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_delete_account(sam_context, account);
+}
+
+NTSTATUS sam_enum_accounts(const NT_USER_TOKEN *access_token, const DOM_SID *domain, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_enum_accounts(sam_context, access_token, domain, acct_ctrl, account_count, accounts);
+}
+
+NTSTATUS sam_get_account_by_sid(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_account_by_sid(sam_context, access_token, access_desired, accountsid, account);
+}
+
+NTSTATUS sam_get_account_by_name(const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_account_by_name(sam_context, access_token, access_desired, domain, name, account);
+}
+
+/* Group API */
+
+NTSTATUS sam_create_group(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_create_group(sam_context, access_token, access_desired, domainsid, group_name, group_ctrl, group);
+}
+
+NTSTATUS sam_add_group(const DOM_SID *domainsid, const SAM_GROUP_HANDLE *group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_add_group(sam_context, domainsid, group);
+}
+
+NTSTATUS sam_update_group(const SAM_GROUP_HANDLE *group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_update_group(sam_context, group);
+}
+
+NTSTATUS sam_delete_group(const SAM_GROUP_HANDLE *group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_delete_group(sam_context, group);
+}
+
+NTSTATUS sam_enum_groups(const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_enum_groups(sam_context, access_token, domainsid, group_ctrl, groups_count, groups);
+}
+
+NTSTATUS sam_get_group_by_sid(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_group_by_sid(sam_context, access_token, access_desired, groupsid, group);
+}
+
+NTSTATUS sam_get_group_by_name(const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_group_by_name(sam_context, access_token, access_desired, domain, name, group);
+}
+
+NTSTATUS sam_add_member_to_group(const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_add_member_to_group(sam_context, group, member);
+}
+
+NTSTATUS sam_delete_member_from_group(const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_delete_member_from_group(sam_context, group, member);
+}
+
+NTSTATUS sam_enum_groupmembers(const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_enum_groupmembers(sam_context, group, members_count, members);
+}
+
+NTSTATUS sam_get_groups_of_sid(const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
+{
+ SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+ if (!sam_context) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return sam_context->sam_get_groups_of_sid(sam_context, access_token, sids, group_ctrl, group_count, groups);
+}
+
diff --git a/source3/sam/interface.c b/source3/sam/interface.c
index 4f5e565d2e..0943a0e8f1 100644
--- a/source3/sam/interface.c
+++ b/source3/sam/interface.c
@@ -32,15 +32,17 @@ extern DOM_SID global_sid_Builtin;
const struct sam_init_function_entry builtin_sam_init_functions[] = {
{ "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
{ NULL, NULL}
};
+/******************************************************************
+ context_sam_* functions are used to link the external SAM interface
+ with the internal backends. These functions lookup the appropriate
+ backends for the domain and pass on to the function in sam_methods
+ in the selected backend
+ *******************************************************************/
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
+NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
{
SAM_METHODS *tmp_methods;
@@ -65,7 +67,7 @@ static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS *
return NT_STATUS_NO_SUCH_DOMAIN;
}
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
+NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
{
SAM_METHODS *tmp_methods;
@@ -77,7 +79,7 @@ static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS
tmp_methods = context->methods;
while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
+ if (!strcmp(domainname, tmp_methods->domain_name))
{
(*sam_method) = tmp_methods;
return NT_STATUS_OK;
@@ -90,393 +92,12 @@ static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS
return NT_STATUS_NO_SUCH_DOMAIN;
}
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init_named("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
+NTSTATUS context_sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
+ DEBUG(5,("context_sam_get_sec_desc: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -484,7 +105,7 @@ NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
}
if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
+ DEBUG(3, ("context_sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -496,22 +117,20 @@ NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
return NT_STATUS_OK;
}
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
+NTSTATUS context_sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
+ DEBUG(5,("context_sam_set_sec_desc: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
+ DEBUG(3, ("context_sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -524,14 +143,12 @@ NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
}
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
+NTSTATUS context_sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID **sid, uint32 *type)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
+ DEBUG(5,("context_sam_lookup_name: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
@@ -539,7 +156,7 @@ NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access
}
if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
+ DEBUG(3, ("context_sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -552,20 +169,18 @@ NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access
return NT_STATUS_OK;
}
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
+NTSTATUS context_sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type)
{
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DOM_SID domainsid;
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
+ DEBUG(5,("context_sam_lookup_sid: %d\n", __LINE__));
sid_copy(&domainsid, sid);
if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
+ DEBUG(3,("context_sam_lookup_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
@@ -575,11 +190,11 @@ NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_
}
if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
+ DEBUG(3, ("context_sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
+ if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, sid, name, type))) {
DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
sid_string_static(sid), tmp_methods->backendname));
return nt_status;
@@ -589,22 +204,20 @@ NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_
}
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
+NTSTATUS context_sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
+ DEBUG(5,("context_sam_update_domain: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
/* invalid domain specified */
SAM_ASSERT(domain && domain->current_sam_methods);
tmp_methods = domain->current_sam_methods;
if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
+ DEBUG(3, ("context_sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -617,7 +230,7 @@ NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *
return NT_STATUS_OK;
}
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
+NTSTATUS context_sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
@@ -627,12 +240,10 @@ NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
uint32 acc_granted;
int i = 0;
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
+ DEBUG(5,("context_sam_enum_domains: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
+ /* invalid sam_context specified */
+ SAM_ASSERT(context && context->methods);
if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
DEBUG(4,("samr_make_sam_obj_sd failed\n"));
@@ -640,7 +251,7 @@ NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
}
if (!se_access_check(sd, access_token, SAMR_ACCESS_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
+ DEBUG(3,("context_sam_enum_domains: ACCESS DENIED\n"));
return nt_status;
}
@@ -652,17 +263,17 @@ NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
tmp_methods= tmp_methods->next;
}
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
+ DEBUG(6,("context_sam_enum_domains: enumerating %d domains\n", (*domain_count)));
tmp_methods = context->methods;
if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
+ DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain SID list\n"));
return NT_STATUS_NO_MEMORY;
}
if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
+ DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain name list\n"));
SAFE_FREE((*domains));
return NT_STATUS_NO_MEMORY;
}
@@ -678,7 +289,7 @@ NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
return NT_STATUS_OK;
}
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
+NTSTATUS context_sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
@@ -687,12 +298,10 @@ NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *acce
size_t sd_size;
uint32 acc_granted;
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
+ DEBUG(5,("context_sam_lookup_domain: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
+ /* invalid sam_context specified */
+ SAM_ASSERT(context && context->methods);
if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
DEBUG(4,("samr_make_sam_obj_sd failed\n"));
@@ -700,7 +309,7 @@ NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *acce
}
if (!se_access_check(sd, access_token, SAMR_ACCESS_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
+ DEBUG(3,("context_sam_lookup_domain: ACCESS DENIED\n"));
return nt_status;
}
@@ -719,16 +328,12 @@ NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *acce
}
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
+NTSTATUS context_sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
+ DEBUG(5,("context_sam_get_domain_by_sid: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -736,7 +341,7 @@ NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *
}
if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
+ DEBUG(3, ("context_sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -749,17 +354,12 @@ NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *
return NT_STATUS_OK;
}
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
+NTSTATUS context_sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
+ DEBUG(5,("context_sam_create_account: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -767,7 +367,7 @@ NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *acc
}
if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
+ DEBUG(3, ("context_sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -780,7 +380,7 @@ NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *acc
return NT_STATUS_OK;
}
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
+NTSTATUS context_sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
DOM_SID domainsid;
const DOM_SID *accountsid;
@@ -788,12 +388,7 @@ NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *a
uint32 rid;
NTSTATUS nt_status;
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
+ DEBUG(5,("context_sam_add_account: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
DEBUG(0,("Can't get account SID\n"));
@@ -802,7 +397,7 @@ NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *a
sid_copy(&domainsid, accountsid);
if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
+ DEBUG(3,("context_sam_get_account_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
@@ -812,7 +407,7 @@ NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *a
}
if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
+ DEBUG(3, ("context_sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -825,22 +420,20 @@ NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *a
return NT_STATUS_OK;
}
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
+NTSTATUS context_sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
+ DEBUG(5,("context_sam_update_account: %d\n", __LINE__));
+
/* invalid account specified */
SAM_ASSERT(account && account->current_sam_methods);
tmp_methods = account->current_sam_methods;
if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
+ DEBUG(3, ("context_sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -853,22 +446,20 @@ NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE
return NT_STATUS_OK;
}
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
+NTSTATUS context_sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
+ DEBUG(5,("context_sam_delete_account: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
/* invalid account specified */
SAM_ASSERT(account && account->current_sam_methods);
tmp_methods = account->current_sam_methods;
if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
+ DEBUG(3, ("context_sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -881,16 +472,12 @@ NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE
return NT_STATUS_OK;
}
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
+NTSTATUS context_sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
+ DEBUG(5,("context_sam_enum_accounts: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -898,7 +485,7 @@ NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *acce
}
if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
+ DEBUG(3, ("context_sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -912,22 +499,18 @@ NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *acce
}
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
+NTSTATUS context_sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
uint32 rid;
DOM_SID domainsid;
NTSTATUS nt_status;
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
+ DEBUG(5,("context_sam_get_account_by_sid: %d\n", __LINE__));
sid_copy(&domainsid, accountsid);
if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
+ DEBUG(3,("context_sam_get_account_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
@@ -938,7 +521,7 @@ NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN
}
if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
+ DEBUG(3, ("context_sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -951,16 +534,12 @@ NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN
return NT_STATUS_OK;
}
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
+NTSTATUS context_sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
+ DEBUG(5,("context_sam_get_account_by_name: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
@@ -968,7 +547,7 @@ NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN
}
if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
+ DEBUG(3, ("context_sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -981,16 +560,12 @@ NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN
return NT_STATUS_OK;
}
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
+NTSTATUS context_sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
+ DEBUG(5,("context_sam_create_group: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -998,7 +573,7 @@ NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
}
if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
+ DEBUG(3, ("context_sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -1011,7 +586,7 @@ NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *acces
return NT_STATUS_OK;
}
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
+NTSTATUS context_sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
DOM_SID domainsid;
const DOM_SID *groupsid;
@@ -1019,11 +594,7 @@ NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group
uint32 rid;
NTSTATUS nt_status;
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
+ DEBUG(5,("context_sam_add_group: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
DEBUG(0,("Can't get group SID\n"));
@@ -1032,7 +603,7 @@ NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group
sid_copy(&domainsid, groupsid);
if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
+ DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
@@ -1042,7 +613,7 @@ NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group
}
if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
+ DEBUG(3, ("context_sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1055,22 +626,20 @@ NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group
return NT_STATUS_OK;
}
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
+NTSTATUS context_sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
+ DEBUG(5,("context_sam_update_group: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
/* invalid group specified */
SAM_ASSERT(group && group->current_sam_methods);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
+ DEBUG(3, ("context_sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1083,22 +652,20 @@ NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *gr
return NT_STATUS_OK;
}
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
+NTSTATUS context_sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
+ DEBUG(5,("context_sam_delete_group: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
/* invalid group specified */
SAM_ASSERT(group && group->current_sam_methods);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
+ DEBUG(3, ("context_sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1111,16 +678,12 @@ NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *gr
return NT_STATUS_OK;
}
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
+NTSTATUS context_sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
+ DEBUG(5,("context_sam_enum_groups: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
@@ -1128,7 +691,7 @@ NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access
}
if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
+ DEBUG(3, ("context_sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1141,22 +704,18 @@ NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access
return NT_STATUS_OK;
}
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
+NTSTATUS context_sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DOM_SID domainsid;
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
+ DEBUG(5,("context_sam_get_group_by_sid: %d\n", __LINE__));
sid_copy(&domainsid, groupsid);
if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
+ DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
@@ -1167,7 +726,7 @@ NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *a
}
if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
+ DEBUG(3, ("context_sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1180,16 +739,12 @@ NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *a
return NT_STATUS_OK;
}
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
+NTSTATUS context_sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
+ DEBUG(5,("context_sam_get_group_by_name: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
@@ -1197,7 +752,7 @@ NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *
}
if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
+ DEBUG(3, ("context_sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1210,12 +765,11 @@ NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *
return NT_STATUS_OK;
}
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
+NTSTATUS context_sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- SAM_SETUP_CONTEXT;
/* invalid group or member specified */
SAM_ASSERT(group && group->current_sam_methods && member);
@@ -1223,7 +777,7 @@ NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HAN
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
+ DEBUG(3, ("context_sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1236,20 +790,18 @@ NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HAN
}
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
+NTSTATUS context_sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
/* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
+ SAM_ASSERT(group && group->current_sam_methods &&member);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
+ DEBUG(3, ("context_sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1261,20 +813,18 @@ NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROU
return NT_STATUS_OK;
}
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
+NTSTATUS context_sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
- SAM_SETUP_CONTEXT;
-
/* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
+ SAM_ASSERT(group && group->current_sam_methods);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
+ DEBUG(3, ("context_sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1286,7 +836,7 @@ NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDL
return NT_STATUS_OK;
}
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
+NTSTATUS context_sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
@@ -1294,12 +844,10 @@ NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *
uint32 tmp_group_count;
SAM_GROUP_ENUM *tmp_groups;
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
+ DEBUG(5,("context_sam_get_groups_of_sid: %d\n", __LINE__));
- SAM_SETUP_CONTEXT;
-
/* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
+ SAM_ASSERT(context && context->methods);
*group_count = 0;
@@ -1310,7 +858,7 @@ NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *
while (tmp_methods) {
DEBUG(5,("getting groups from domain \n"));
if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
+ DEBUG(3, ("context_sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
SAFE_FREE(*groups);
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -1336,3 +884,354 @@ NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *
}
+/******************************************************************
+ Free and cleanup a sam context, any associated data and anything
+ that the attached modules might have associated.
+ *******************************************************************/
+
+void free_sam_context(SAM_CONTEXT **context)
+{
+ SAM_METHODS *sam_selected = (*context)->methods;
+
+ while (sam_selected) {
+ if (sam_selected->free_private_data) {
+ sam_selected->free_private_data(&(sam_selected->private_data));
+ }
+ sam_selected = sam_selected->next;
+ }
+
+ talloc_destroy((*context)->mem_ctx);
+ *context = NULL;
+}
+
+/******************************************************************
+ Make a backend_entry from scratch
+ *******************************************************************/
+
+static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
+{
+ char *tmp = NULL;
+ char *tmp_string = sam_backend_string;
+
+ DEBUG(5,("make_backend_entry: %d\n", __LINE__));
+
+ SAM_ASSERT(sam_backend_string && backend_entry);
+
+ backend_entry->module_name = sam_backend_string;
+
+ DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
+
+ if ((tmp = strchr(tmp_string, '|')) != NULL) {
+ DEBUGADD(20,("a domain name has been specified\n"));
+ *tmp = 0;
+ backend_entry->domain_name = tmp + 1;
+ tmp_string = tmp + 1;
+ }
+
+ if ((tmp = strchr(tmp_string, ':')) != NULL) {
+ DEBUG(20,("options for the backend have been specified\n"));
+ *tmp = 0;
+ backend_entry->module_params = tmp + 1;
+ tmp_string = tmp + 1;
+ }
+
+ if (backend_entry->domain_name == NULL) {
+ DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Useing default domain %s\n",
+ backend_entry->module_name, lp_workgroup()));
+ backend_entry->domain_name = lp_workgroup();
+ }
+
+ if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
+ DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
+
+ if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
+ DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
+ backend_entry->domain_name));
+ /* FIXME */
+ ZERO_STRUCTP(backend_entry->domain_sid);
+ }
+
+ DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
+ backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
+
+ return NT_STATUS_OK;
+}
+
+/******************************************************************
+ create sam_methods struct based on sam_backend_entry
+ *****************************************************************/
+
+static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ SAM_METHODS *methods;
+ int i;
+
+ DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
+
+ if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
+ return nt_status;
+ }
+
+ methods = *methods_ptr;
+ methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
+ methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
+ sid_copy(&methods->domain_sid, backend_entry->domain_sid);
+ methods->parent = context;
+
+ DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
+ for (i = 0; builtin_sam_init_functions[i].module_name; i++)
+ {
+ if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
+ {
+ DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
+ DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
+ nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
+ } else {
+ DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
+ backend_entry->module_name, nt_errstr(nt_status)));
+ }
+ return nt_status;
+ }
+ }
+
+ DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
+
+ return NT_STATUS_INVALID_PARAMETER;
+}
+
+static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
+{
+ SAM_BACKEND_ENTRY entry;
+ DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
+ SAM_METHODS *methods, *tmpmethods;
+ NTSTATUS ntstatus;
+
+ DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
+
+ /* Make sure domain lp_workgroup() is available */
+
+ ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
+
+ if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
+ DEBUG(4,("There was no backend specified for domain %s; using %s\n",
+ lp_workgroup(), SAM_DEFAULT_BACKEND));
+
+ SAM_ASSERT(global_sam_sid);
+
+ entry.module_name = SAM_DEFAULT_BACKEND;
+ entry.module_params = NULL;
+ entry.domain_name = lp_workgroup();
+ entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
+ sid_copy(entry.domain_sid, global_sam_sid);
+
+ if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
+ DEBUG(4,("make_sam_methods_backend_entry failed\n"));
+ return ntstatus;
+ }
+
+ DLIST_ADD_END(context->methods, methods, tmpmethods);
+
+ } else if (!NT_STATUS_IS_OK(ntstatus)) {
+ DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
+ return ntstatus;
+ }
+
+ /* Make sure the BUILTIN domain is available */
+
+ ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
+
+ if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
+ DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
+ SAM_DEFAULT_BACKEND));
+ entry.module_name = SAM_DEFAULT_BACKEND;
+ entry.module_params = NULL;
+ entry.domain_name = "BUILTIN";
+ entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
+ sid_copy(entry.domain_sid, &global_sid_Builtin);
+
+ if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
+ DEBUG(4,("make_sam_methods_backend_entry failed\n"));
+ return ntstatus;
+ }
+
+ DLIST_ADD_END(context->methods, methods, tmpmethods);
+ } else if (!NT_STATUS_IS_OK(ntstatus)) {
+ DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
+ return ntstatus;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
+{
+ int i, j;
+
+ DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
+
+ for (i = 0; i < *nBackends; i++) {
+ for (j = i + 1; j < *nBackends; j++) {
+ if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
+ DEBUG(0,("two backend modules claim the same domain %s\n",
+ sid_string_static((*backend_entries)[j].domain_sid)));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
+{
+ int i = 0, j = 0;
+ SAM_METHODS *curmethods, *tmpmethods;
+ int nBackends = 0;
+ SAM_BACKEND_ENTRY *backends = NULL;
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+
+ DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
+
+ if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
+ DEBUG(4,("make_sam_context failed\n"));
+ return nt_status;
+ }
+
+ while (sam_backends_param[nBackends])
+ nBackends++;
+
+ DEBUG(6,("There are %d domains listed with there backends\n", nBackends));
+
+ if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(SAM_BACKEND_ENTRY)*nBackends)) == NULL) {
+ DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ ZERO_STRUCTP(backends);
+
+ for (i = 0; i < nBackends; i++) {
+ DEBUG(8,("processing %s\n",sam_backends_param[i]));
+ if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
+ DEBUG(4,("make_backend_entry failed\n"));
+ for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
+ SAFE_FREE(backends);
+ free_sam_context(context);
+ return nt_status;
+ }
+ }
+
+ if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
+ DEBUG(4,("check_duplicate_backend_entries failed\n"));
+ for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
+ SAFE_FREE(backends);
+ free_sam_context(context);
+ return nt_status;
+ }
+
+ for (i = 0; i < nBackends; i++) {
+ if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
+ DEBUG(4,("make_sam_methods_backend_entry failed\n"));
+ for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
+ SAFE_FREE(backends);
+ free_sam_context(context);
+ return nt_status;
+ }
+ DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
+ }
+
+ for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
+
+ SAFE_FREE(backends);
+ return NT_STATUS_OK;
+}
+
+/******************************************************************
+ Make a sam_context from scratch.
+ *******************************************************************/
+
+NTSTATUS make_sam_context(SAM_CONTEXT **context)
+{
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_init_named("sam_context internal allocation context");
+
+ if (!mem_ctx) {
+ DEBUG(0, ("make_sam_context: talloc init failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *context = talloc(mem_ctx, sizeof(**context));
+ if (!*context) {
+ DEBUG(0, ("make_sam_context: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(*context);
+
+ (*context)->mem_ctx = mem_ctx;
+
+ (*context)->free_fn = free_sam_context;
+
+ return NT_STATUS_OK;
+}
+
+/******************************************************************
+ Return an already initialised sam_context, to facilitate backward
+ compatibility (see functions below).
+ *******************************************************************/
+
+struct sam_context *sam_get_static_context(BOOL reload)
+{
+ static SAM_CONTEXT *sam_context = NULL;
+
+ if ((sam_context) && (reload)) {
+ sam_context->free_fn(&sam_context);
+ sam_context = NULL;
+ }
+
+ if (!sam_context) {
+ if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
+ DEBUG(4,("make_sam_context_list failed\n"));
+ return NULL;
+ }
+
+ /* Make sure the required domains (default domain, builtin) are available */
+ if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
+ DEBUG(4,("sam_context_check_default_backends failed\n"));
+ return NULL;
+ }
+ }
+
+ return sam_context;
+}
+
+/***************************************************************
+ Initialize the static context (at smbd startup etc).
+
+ If uninitialised, context will auto-init on first use.
+ ***************************************************************/
+
+BOOL initialize_sam(BOOL reload)
+{
+ return (sam_get_static_context(reload) != NULL);
+}
+
+
+NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
+{
+ *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
+
+ if (!*methods) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCTP(*methods);
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/sam/sam_ads.c b/source3/sam/sam_ads.c
deleted file mode 100755
index e10b476997..0000000000
--- a/source3/sam/sam_ads.c
+++ /dev/null
@@ -1,1204 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Active Directory SAM backend, for simulate a W2K DC in mixed mode.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-#ifdef HAVE_LDAP
-
-static int sam_ads_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_ads_debug_level
-
-#define ADS_STATUS_OK ADS_ERROR(0)
-#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL)
-#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED)
-
-
-#define ADS_SUBTREE_BUILTIN "CN=Builtin,"
-#define ADS_SUBTREE_COMPUTERS "CN=Computers,"
-#define ADS_SUBTREE_DC "CN=Domain Controllers,"
-#define ADS_SUBTREE_USERS "CN=Users,"
-#define ADS_ROOT_TREE ""
-/* Here are private module structs and functions */
-
-struct sam_ads_privates {
- ADS_STRUCT *ads_struct;
- TALLOC_CTX *mem_ctx;
- BOOL bind_plaintext;
- char *ads_bind_dn;
- char *ads_bind_pw;
- char *ldap_uri;
- /* did we need something more? */
-};
-
-
-/* get only these LDAP attributes, witch we really need for an account */
-const char *account_attrs[] = { "objectSid",
- "objectGUID",
- "sAMAccountType",
- "sAMAcountName",
- "userPrincipalName",
- "accountExpires",
- "badPasswordTime",
- "badPwdCount",
- "lastLogoff",
- "lastLogon",
- "userWorkstations",
- "dBCSPwd",
- "unicodePwd",
- "pwdLastSet",
- "userAccountControl",
- "profilePath",
- "homeDrive",
- "scriptPath",
- "homeDirectory",
- "cn",
- "primaryGroupID",/* 513 */
- "nsNPAllowDialIn",/* TRUE */
- "userParameters",/* Dial Back number ...*/
- "codePage",/* 0 */
- "countryCode",/* 0 */
- "adminCount",/* 1 or 0 */
- "logonCount",/* 0 */
- "managedObjects",
- "memberOf",/* dn */
- "instanceType",/* 4 */
- "name", /* sync with cn */
- "description",
- /* "nTSecurityDescriptor", */
- NULL};
-
-/* get only these LDAP attributes, witch we really need for a group */
-const char *group_attrs[] = {"objectSid",
- /* "objectGUID", */
- "sAMAccountType",
- "sAMAcountName",
- "groupType",
- /* "member", */
- "description",
- "name", /* sync with cn */
- /* "nTSecurityDescriptor", */
- NULL};
-
-
-/***************************************************
- return our ads connection. We keep the connection
- open to make things faster
-****************************************************/
-static ADS_STATUS sam_ads_cached_connection(struct sam_ads_privates *private)
-{
- ADS_STRUCT *ads_struct;
- ADS_STATUS ads_status;
-
- if (!private->ads_struct) {
- private->ads_struct = ads_init_simple();
- ads_struct = private->ads_struct;
- ads_struct->server.ldap_uri = smb_xstrdup(private->ldap_uri);
- if ((!private->ads_bind_dn) || (!*private->ads_bind_dn)) {
- ads_struct->auth.flags |= ADS_AUTH_ANON_BIND;
- } else {
- ads_struct->auth.user_name
- = smb_xstrdup(private->ads_bind_dn);
- if (private->ads_bind_pw) {
- ads_struct->auth.password
- = smb_xstrdup(private->ads_bind_pw);
- }
- }
- if (private->bind_plaintext) {
- ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND;
- }
- } else {
- ads_struct = private->ads_struct;
- }
-
- if (ads_struct->ld != NULL) {
- /* connection has been opened. ping server. */
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ads_struct->ld, NULL, NULL);
- ads_struct->ld = NULL;
- }
- }
-
- if (ads_struct->ld != NULL) {
- DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n"));
- return ADS_SUCCESS;
- }
-
- ads_status = ads_connect(ads_struct);
-
- ads_status = ads_server_info(ads_struct);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status)));
- /* return ads_status; */ /*for now we only warn! */
- }
-
- DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n"));
- return ADS_SUCCESS;
-}
-
-static ADS_STATUS sam_ads_do_search(struct sam_ads_privates *private, const char *bind_path, int scope, const char *exp, const char **attrs, void **res)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- ads_status = sam_ads_cached_connection(private);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- return ads_do_search_retry(private->ads_struct, bind_path, scope, exp, attrs, res);
-}
-
-
-/*********************************************
-here we have to check the update serial number
- - this is the core of the ldap cache
-*********************************************/
-static ADS_STATUS sam_ads_usn_is_valid(ADS_STRUCT *ads_struct, uint32 usn_in, uint32 *usn_out)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- SAM_ASSERT(ads_struct && usn_out);
-
- ads_status = ads_USN(ads_struct, usn_out);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (*usn_out == usn_in)
- return ADS_SUCCESS;
-
- return ads_status;
-}
-
-/***********************************************
-Initialize SAM_ACCOUNT_HANDLE from an ADS query
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_account_handle(ADS_STRUCT *ads_struct, SAM_ACCOUNT_HANDLE *account ,const void *entry)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(ads_struct && account && entry);
-
-
-
- return ads_status;
-}
-
-
-/***********************************************
-Initialize SAM_GROUP_ENUM from an ads entry
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_group_enum(ADS_STRUCT *ads_struct, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry)
-{
- ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL;
- SAM_GROUP_ENUM __group_enum;
- SAM_GROUP_ENUM *_group_enum = &__group_enum;
-
- SAM_ASSERT(ads_struct && mem_ctx && group_enum && entry);
-
- *group_enum = _group_enum;
-
- DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n"));
-
- if (!ads_pull_sid((ADS_STRUCT *)ads_struct, &entry, "objectSid", &(_group_enum->sid))) {
- DEBUG(0,("No sid for!?\n"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_name = ads_pull_string((ADS_STRUCT *)ads_struct, mem_ctx, &entry, "sAMAccountName"))) {
- DEBUG(0,("No groupname found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_desc = ads_pull_string((ADS_STRUCT *)ads_struct, mem_ctx, &entry, "desciption"))) {
- DEBUG(0,("No description found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n",
- _group_enum->group_name,
- _group_enum->group_desc,
- sid_string_static(&(_group_enum->sid))
- ));
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_access_check(const SAM_METHODS *sam_method, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
- NTSTATUS nt_status;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && sd && access_token);
- /* the steps you need are:
- 1. get_sec_desc for sid
- 2. se_map_generic(accessdesired, generic_mapping)
- 3. se_access_check() */
-
- if (!se_access_check(sd, access_token, access_desired, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n"));
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
- }
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_get_tree_sec_desc(const SAM_METHODS *sam_method, const char *subtree, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- char *search_path;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
-
- SAM_ASSERT(sam_method && ads_struct && sd);
- *sd = NULL;
-
- if (subtree) {
- asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path);
- } else {
- asprintf(&search_path, "%s","");
- }
- ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res);
- SAFE_FREE(search_path);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- *sd = NULL;
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_account_policy_get(const SAM_METHODS *sam_method, int field, uint32 *value)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- void *ap_res;
- void *ap_msg;
- const char *ap_attrs[] = {"minPwdLength","pwdHistoryLength",
- /*"mustLogonToChangePass",*/"lockoutDuration"
- "maxPwdAge","minPwdAge",NULL};
- /*lockOutObservationWindow
- lockoutThreshold $ pwdProperties*/
- static uint32 ap[9];
- static uint32 ap_usn = 0;
- uint32 tmp_usn = 0;
-
- SAM_ASSERT(sam_method && value);
-
- ads_status = sam_ads_usn_is_valid(ads_struct,ap_usn,&tmp_usn);
- if (!ADS_ERR_OK(ads_status)) {
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (ads_count_replies(ads_struct, ap_res) != 1) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) {
- /* AP_MIN_PASSWORD_LEN */
- ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) {
- /* AP_PASSWORD_HISTORY */
- ap[1] = 0;/* don't keep any old password */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) {
- /* AP_USER_MUST_LOGON_TO_CHG_PASS */
- ap[2] = 0;/* don't force user to logon */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) {
- /* AP_MAX_PASSWORD_AGE */
- ap[3] = MAX_PASSWORD_AGE;/* 21 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) {
- /* AP_MIN_PASSWORD_AGE */
- ap[4] = 0;/* 0 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) {
- /* AP_LOCK_ACCOUNT_DURATION */
- ap[5] = 0;/* lockout for 0 minutes */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) {
- /* AP_RESET_COUNT_TIME */
- ap[6] = 0;/* reset immediatly */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) {
- /* AP_BAD_ATTEMPT_LOCKOUT */
- ap[7] = 0;/* don't lockout */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) {
- /* AP_TIME_TO_LOGOUT */
- ap[8] = -1;/* don't force logout */
- }
-
- ads_msgfree(ads_struct, ap_res);
- ap_usn = tmp_usn;
- }
-
- switch(field) {
- case AP_MIN_PASSWORD_LEN:
- *value = ap[0];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_PASSWORD_HISTORY:
- *value = ap[1];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_USER_MUST_LOGON_TO_CHG_PASS:
- *value = ap[2];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MAX_PASSWORD_AGE:
- *value = ap[3];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MIN_PASSWORD_AGE:
- *value = ap[4];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_LOCK_ACCOUNT_DURATION:
- *value = ap[5];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_RESET_COUNT_TIME:
- *value = ap[6];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_BAD_ATTEMPT_LOCKOUT:
- *value = ap[7];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_TIME_TO_LOGOUT:
- *value = ap[8];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- default: *value = 0; break;
- }
-
- return ads_status;
-}
-
-/**********************************
-Now the functions off the SAM API
-***********************************/
-
-/* General API */
-static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx;
- char *sidstr,*filter;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
- fstring sid_str;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && sid && sd);
-
- ads_status = sam_ads_get_tree_sec_desc(sam_method, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(sam_method, my_sd, access_token, DOMAIN_READ);
-
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- sidstr = sid_binstring(sid);
- if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) {
- SAFE_FREE(sidstr);
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(sidstr);
-
- ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs,
- &sec_desc_res);
- SAFE_FREE(filter);
-
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- if (!(mem_ctx = talloc_init_named("sec_desc parse in sam_ads"))) {
- DEBUG(1, ("talloc_init_named() failed for sec_desc parse context in sam_ads"));
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (ads_count_replies(ads_struct, sec_desc_res) != 1) {
- DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n",
- sid_to_string(sid_str, sid)));
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) {
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return ads_ntstatus(ads_status);
- }
-
- /* now, were we allowed to see the SD we just got? */
-
- ads_msgfree(ads_struct, sec_desc_res);
- talloc_destroy(mem_ctx);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, const SEC_DESC *sd)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-
-static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
- enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type);
-
- ads_status = sam_ads_get_tree_sec_desc(sam_method, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(sam_method, my_sd, access_token, DOMAIN_READ);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type);
-}
-
-static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const char *name, DOM_SID *sid, enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && name && sid && type);
-
- ads_status = sam_ads_get_tree_sec_desc(sam_method, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(sam_method, my_sd, access_token, DOMAIN_READ);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_name_to_sid(ads_struct, name, sid, type);
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */
- SAM_DOMAIN_HANDLE *dom_handle = NULL;
- SEC_DESC *sd;
- uint32 acc_granted;
- uint32 tmp_value;
-
- DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__));
-
- SAM_ASSERT(sam_method && access_token && domain);
-
- (*domain) = NULL;
-
- if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) {
- DEBUG(0,("failed to talloc dom_handle\n"));
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- return ads_ntstatus(ads_status);
- }
-
- ZERO_STRUCTP(dom_handle);
-
- dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */
- dom_handle->free_fn = NULL;
- dom_handle->current_sam_methods = sam_method;
-
- /* check if access can be granted as requested */
-
- ads_status = sam_ads_get_tree_sec_desc(sam_method, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(sam_method, sd, access_token, access_desired);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- dom_handle->access_granted = acc_granted;
-
- /* fill all the values of dom_handle */
- sid_copy(&dom_handle->private.sid, &sam_method->domain_sid);
- dom_handle->private.name = smb_xstrdup(sam_method->domain_name);
- dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */
-
- /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */
- ads_status = sam_ads_account_policy_get(sam_method, AP_MAX_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n"));
- tmp_value = MAX_PASSWORD_AGE;
- }
- unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value);
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_MIN_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value);
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_LOCK_ACCOUNT_DURATION, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value);
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_RESET_COUNT_TIME, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value);
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_MIN_PASSWORD_LEN, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.min_passwordlength = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_PASSWORD_HISTORY, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.password_history = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.lockout_count = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_TIME_TO_LOGOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n"));
- tmp_value = -1;
- }
-
- ads_status = sam_ads_account_policy_get(sam_method, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n"));
- tmp_value = 0;
- }
-
- /* should the real values of num_accounts, num_groups and num_aliases be retreved?
- * I think it is to expensive to bother
- */
- dom_handle->private.num_accounts = 3;
- dom_handle->private.num_groups = 4;
- dom_handle->private.num_aliases = 5;
-
- *domain = dom_handle;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- return ads_ntstatus(ads_status);
-}
-
-/* Account API */
-static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method,
- const NT_USER_TOKEN *access_token, uint32 access_desired,
- const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SEC_DESC *sd = NULL;
-
- SAM_ASSERT(sam_method && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(sam_method, ADS_SUBTREE_USERS, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(sam_method, sd, access_token, access_desired);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY);
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- ADS_MODLIST mods;
- uint16 acct_ctrl;
- char *new_dn;
-
- SAM_ASSERT(sam_method && account);
-
- ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) {
- /* Computer account */
- char *name,*controlstr;
- char *hostname,*host_upn,*host_spn;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", "computer", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba");
- if (!ADS_ERR_OK(ads_status))
- goto done;
- *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- */
- /* End Computer account */
- } else {
- /* User account*/
- char *upn, *controlstr;
- char *name, *fullname;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- }/* End User account */
-
- /* Finally at the account */
- ads_status = ads_gen_add(ads_struct, new_dn, mods);
-
-done:
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
-
-
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-
-/* Group API */
-static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- struct sam_ads_privates *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- void *res = NULL;
- void *msg = NULL;
- char *filter = NULL;
- int i = 0;
-
- /* get only these LDAP attributes, witch we really need for a group */
- const char *group_enum_attrs[] = {"objectSid",
- "description",
- "sAMAcountName",
- NULL};
-
- SAM_ASSERT(sam_method && access_token && groups_count && groups);
-
- *groups_count = 0;
-
- DEBUG(3,("ads: enum_dom_groups\n"));
-
- /* Fix Me: get only group from the wanted Type */
- asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*");
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status)));
- }
-
- *groups_count = ads_count_replies(ads_struct, res);
- if (*groups_count == 0) {
- DEBUG(1,("enum_groups: No groups found\n"));
- }
-
- (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups));
- if (!*groups) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) {
- uint32 grouptype;
-
- if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) {
- ;
- } else {
- (*groups)->group_ctrl = ads_gtype2gcb(grouptype);
- }
-
- if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) {
- ;
- }
-
- if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) {
- ;
- }
-
- if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) {
- DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name));
- continue;
- }
-
- i++;
- }
-
- (*groups_count) = i;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
-
- DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count)));
-
- if (res) ads_msgfree(ads_struct, res);
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-/**********************************
-Free our private data
-***********************************/
-static void sam_ads_free_private_data(void **vp)
-{
- struct sam_ads_privates **sam_ads_state = (struct sam_ads_privates **)vp;
-
- if ((*sam_ads_state)->ads_struct->ld) {
- ldap_unbind((*sam_ads_state)->ads_struct->ld);
- }
-
- ads_destroy(&((*sam_ads_state)->ads_struct));
-
- talloc_destroy((*sam_ads_state)->mem_ctx);
- /* Fix me: maybe we must free some other stuff here */
-
- *sam_ads_state = NULL;
-}
-
-
-
-/*****************************************************
-Init the ADS SAM backend
-******************************************************/
-NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params)
-{
- ADS_STATUS ads_status;
- struct sam_ads_privates *sam_ads_state;
- TALLOC_CTX *mem_ctx;
-
- SAM_ASSERT(sam_method && sam_method->parent);
-
- mem_ctx = sam_method->parent->mem_ctx;
-
- /* Here the SAM API functions of the sam_ads module */
-
- /* General API */
-
- sam_method->sam_get_sec_desc = sam_ads_get_sec_desc;
- sam_method->sam_set_sec_desc = sam_ads_set_sec_desc;
-
- sam_method->sam_lookup_sid = sam_ads_lookup_sid;
- sam_method->sam_lookup_name = sam_ads_lookup_name;
-
- /* Domain API */
-
- sam_method->sam_update_domain = sam_ads_update_domain;
- sam_method->sam_get_domain_handle = sam_ads_get_domain_handle;
-
- /* Account API */
-
- sam_method->sam_create_account = sam_ads_create_account;
- sam_method->sam_add_account = sam_ads_add_account;
- sam_method->sam_update_account = sam_ads_update_account;
- sam_method->sam_delete_account = sam_ads_delete_account;
- sam_method->sam_enum_accounts = sam_ads_enum_accounts;
-
- sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid;
- sam_method->sam_get_account_by_name = sam_ads_get_account_by_name;
-
- /* Group API */
-
- sam_method->sam_create_group = sam_ads_create_group;
- sam_method->sam_add_group = sam_ads_add_group;
- sam_method->sam_update_group = sam_ads_update_group;
- sam_method->sam_delete_group = sam_ads_delete_group;
- sam_method->sam_enum_groups = sam_ads_enum_groups;
- sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid;
- sam_method->sam_get_group_by_name = sam_ads_get_group_by_name;
-
- sam_method->sam_add_member_to_group = sam_ads_add_member_to_group;
- sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group;
- sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers;
-
- sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid;
-
- /*Fix me: use talloc !*/
- sam_ads_state = talloc_zero(mem_ctx, sizeof(struct sam_ads_privates));
- if (!sam_ads_state) {
- DEBUG(0, ("talloc() failed for sam_ads private_data!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!(sam_ads_state->mem_ctx = talloc_init_named("sam_ads_method"))) {
- DEBUG(0, ("talloc_init_named() failed for sam_ads_state->mem_ctx\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind as"));
- sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind pw"));
-
- sam_ads_state->bind_plaintext = strequal(lp_parm_string(NULL, "sam_ads", "plaintext bind"), "yes");
-
- if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Maybe we should not check the result here? Server down on startup? */
-
- if (module_params && *module_params) {
- sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params);
- if (!sam_ads_state->ldap_uri) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- sam_ads_state->ldap_uri = "ldapi://";
- }
-
- ads_status = sam_ads_cached_connection(sam_ads_state);
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- sam_method->private_data = sam_ads_state;
- sam_method->free_private_data = sam_ads_free_private_data;
-
- sam_ads_debug_level = debug_add_class("sam_ads");
- if (sam_ads_debug_level == -1) {
- sam_ads_debug_level = DBGC_ALL;
- DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level));
-
- DEBUG(5, ("Initializing sam_ads\n"));
- if (module_params)
- DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params));
- return NT_STATUS_OK;
-}
-
-#else /* HAVE_LDAP */
-void sam_ads_dummy(void)
-{
- DEBUG(0,("sam_ads: not supported!\n"));
-}
-#endif /* HAVE_LDAP */
diff --git a/source3/sam/sam_skel.c b/source3/sam/sam_skel.c
deleted file mode 100644
index 8073470716..0000000000
--- a/source3/sam/sam_skel.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- this is a skeleton for SAM backend modules.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static int sam_skel_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_skel_debug_level
-
-/* define the version of the SAM interface */
-SAM_MODULE_VERSIONING_MAGIC
-
-/* General API */
-
-static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Account API */
-
-static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Group API */
-
-static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params)
-{
- /* Functions your SAM module doesn't provide should be set
- * to NULL */
-
- sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
- sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
-
- sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
- sam_methods->sam_lookup_name = sam_skel_lookup_name;
-
- /* Domain API */
-
- sam_methods->sam_update_domain = sam_skel_update_domain;
- sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
-
- /* Account API */
-
- sam_methods->sam_create_account = sam_skel_create_account;
- sam_methods->sam_add_account = sam_skel_add_account;
- sam_methods->sam_update_account = sam_skel_update_account;
- sam_methods->sam_delete_account = sam_skel_delete_account;
- sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
-
- sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
- sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
-
- /* Group API */
-
- sam_methods->sam_create_group = sam_skel_create_group;
- sam_methods->sam_add_group = sam_skel_add_group;
- sam_methods->sam_update_group = sam_skel_update_group;
- sam_methods->sam_delete_group = sam_skel_delete_group;
- sam_methods->sam_enum_groups = sam_skel_enum_groups;
- sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
- sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
-
- sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
- sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
- sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
-
- sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
-
- sam_methods->free_private_data = NULL;
-
-
- sam_skel_debug_level = debug_add_class("sam_skel");
- if (sam_skel_debug_level == -1) {
- sam_skel_debug_level = DBGC_SAM;
- DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
-
- if(module_params)
- DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
- else
- DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
-
- return NT_STATUS_OK;
-}
generated by cgit (git 2.34.1) at 2024-11-09 17:28:50 +0000