diff options
Diffstat (limited to 'source3/sam')
| -rw-r--r-- | source3/sam/SAM-interface_handles.txt | 123 | ||||
| -rw-r--r-- | source3/sam/account.c | 305 | ||||
| -rw-r--r-- | source3/sam/get_set_account.c | 845 | ||||
| -rw-r--r-- | source3/sam/get_set_domain.c | 263 | ||||
| -rw-r--r-- | source3/sam/get_set_group.c | 106 | ||||
| -rw-r--r-- | source3/sam/group.c | 193 | ||||
| -rw-r--r-- | source3/sam/gumm_tdb.c | 1193 | ||||
| -rw-r--r-- | source3/sam/gums.c | 161 | ||||
| -rw-r--r-- | source3/sam/gums_api.c | 1470 | ||||
| -rw-r--r-- | source3/sam/gums_helper.c | 610 | ||||
| -rw-r--r-- | source3/sam/idmap.c | 193 | ||||
| -rw-r--r-- | source3/sam/idmap_tdb.c | 389 | ||||
| -rw-r--r-- | source3/sam/idmap_winbind.c | 155 | ||||
| -rw-r--r-- | source3/sam/interface.c | 1338 | ||||
| -rwxr-xr-x | source3/sam/sam_ads.c | 1378 | ||||
| -rw-r--r-- | source3/sam/sam_plugin.c | 79 | ||||
| -rw-r--r-- | source3/sam/sam_skel.c | 251 |
17 files changed, 0 insertions, 9052 deletions
diff --git a/source3/sam/SAM-interface_handles.txt b/source3/sam/SAM-interface_handles.txt deleted file mode 100644 index 1c164bd198..0000000000 --- a/source3/sam/SAM-interface_handles.txt +++ /dev/null @@ -1,123 +0,0 @@ -SAM API
-
-NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)
-NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)
-
-NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)
-NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)
-
-
-Domain API
-
-NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)
-
-NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)
-NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)
-
-NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-
-
-User API
-
-NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)
-NTSTATUS sam_add_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_update_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)
-
-NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)
-
-NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
-NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
-
-
-Group API
-
-NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)
-
-NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-
-NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)
-
-NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-
-NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)
-
-
-
-structures
-
-typedef _SAM_GROUP_MEMBER {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a user */
-
-} SAM_GROUP_MEMBER
-
-typedef struct sam_user_enum {
- DOM_SID sid;
- char *username;
- char *full_name;
- char *user_desc;
- uint16 acc_ctrl;
-} SAM_USER_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *groupname;
- char *comment;
-} SAM_GROUP_ENUM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
-NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
-NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
-NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)
-NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-
-NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)
-NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)
-NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)
-NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)
-NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)
-NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)
-NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)
-NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)
-NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)
-NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)
-NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)
-NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)
-NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)
-NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)
-NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)
-NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)
-NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)
-NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)
-NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)
-NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
-NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
-NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
-NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
-NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)
-NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)
-NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)
-NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)
-
-NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)
-NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)
-NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)
-NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)
-NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
\ No newline at end of file diff --git a/source3/sam/account.c b/source3/sam/account.c deleted file mode 100644 index b8336146cd..0000000000 --- a/source3/sam/account.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-2001 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - Copyright (C) Gerald (Jerry) Carter 2000-2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_ACCOUNT_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account) -{ - ZERO_STRUCT(account->private); /* Don't touch the talloc context */ - - /* Don't change these timestamp settings without a good reason. - They are important for NT member server compatibility. */ - - /* FIXME: We should actually call get_nt_time_max() or sthng - * here */ - unix_to_nt_time(&(account->private.logoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max()); - account->private.unknown_1 = 0x00ffffff; /* don't know */ - account->private.logon_divs = 168; /* hours per week */ - account->private.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */ - account->private.unknown_2 = 0x00000000; /* don't know */ - account->private.unknown_3 = 0x000004ec; /* don't know */ -} - -static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account) -{ - if (*account) { - data_blob_clear_free(&((*account)->private.lm_pw)); - data_blob_clear_free(&((*account)->private.nt_pw)); - if((*account)->private.plaintext_pw!=NULL) - memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw)); - - talloc_destroy((*account)->mem_ctx); - *account = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE)); - - if (*account==NULL) { - DEBUG(0,("sam_init_account_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*account)->mem_ctx = mem_ctx; - - (*account)->free_fn = NULL; - - sam_fill_default_account(*account); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct sam_passwd. - ************************************************************/ - -NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*account)->free_fn = destroy_sam_talloc; - - return NT_STATUS_OK; -} - -/** - * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure. - * - * Also wipes the LM and NT hashes and plaintext password from - * memory. - * - * @param account SAM_ACCOUNT_HANDLE to free members of. - **/ - -static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account) -{ - - /* Kill off sensitive data. Free()ed by the - talloc mechinism */ - - data_blob_clear_free(&(account->private.lm_pw)); - data_blob_clear_free(&(account->private.nt_pw)); - if (account->private.plaintext_pw) - memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw)); -} - - -/************************************************************ - Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes. - ***********************************************************/ - -NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account) -{ - SMB_ASSERT(account != NULL); - - sam_free_account_contents(account); - - sam_fill_default_account(account); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_ACCOUNT_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - sam_free_account_contents(*account); - - if ((*account)->free_fn) { - (*account)->free_fn(account); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) - acct_str[i] = ' '; - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - **********************************************************/ - -uint16 sam_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ - -void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ - -BOOL sam_gethexpwd(const char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) - return (False); - - for (i = 0; i < 32; i += 2) { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - return (False); - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} diff --git a/source3/sam/get_set_account.c b/source3/sam/get_set_account.c deleted file mode 100644 index acac281d21..0000000000 --- a/source3/sam/get_set_account.c +++ /dev/null @@ -1,845 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_ACCOUNT_HANDLE access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - NTSTATUS status; - SAM_DOMAIN_HANDLE *domain; - SAM_ASSERT(!sampass || !sid); - - if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){ - DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n")); - return status; - } - - return sam_get_domain_sid(domain, sid); -} - -NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name) -{ - NTSTATUS status; - SAM_DOMAIN_HANDLE *domain; - SAM_ASSERT(sampass && domain_name); - - if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){ - DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n")); - return status; - } - - return sam_get_domain_name(domain, domain_name); -} - -NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl) -{ - SAM_ASSERT(sampass && acct_ctrl); - - *acct_ctrl = sampass->private.acct_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time) -{ - SAM_ASSERT(sampass && logon_time) ; - - *logon_time = sampass->private.logon_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time) -{ - SAM_ASSERT(sampass && logoff_time) ; - - *logoff_time = sampass->private.logoff_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time) -{ - SAM_ASSERT(sampass && kickoff_time); - - *kickoff_time = sampass->private.kickoff_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time) -{ - SAM_ASSERT(sampass && pass_last_set_time); - - *pass_last_set_time = sampass->private.pass_last_set_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time) -{ - SAM_ASSERT(sampass && pass_can_change_time); - - *pass_can_change_time = sampass->private.pass_can_change_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time) -{ - SAM_ASSERT(sampass && pass_must_change_time); - - *pass_must_change_time = sampass->private.pass_must_change_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs) -{ - SAM_ASSERT(sampass && logon_divs); - - *logon_divs = sampass->private.logon_divs; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len) -{ - SAM_ASSERT(sampass && hours_len); - - *hours_len = sampass->private.hours_len; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours) -{ - SAM_ASSERT(sampass && hours); - - *hours = sampass->private.hours; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd) -{ - SAM_ASSERT(sampass); - - SMB_ASSERT((!sampass->private.nt_pw.data) - || sampass->private.nt_pw.length == NT_HASH_LEN); - - *nt_pwd = sampass->private.nt_pw; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd) -{ - SAM_ASSERT(sampass); - - SMB_ASSERT((!sampass->private.lm_pw.data) - || sampass->private.lm_pw.length == LM_HASH_LEN); - - *lm_pwd = sampass->private.lm_pw; - - return NT_STATUS_OK; -} - -/* Return the plaintext password if known. Most of the time - it isn't, so don't assume anything magic about this function. - - Used to pass the plaintext to sam backends that might - want to store more than just the NTLM hashes. -*/ - -NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd) -{ - SAM_ASSERT(sampass && plain_pwd); - - *plain_pwd = sampass->private.plaintext_pw; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - SAM_ASSERT(sampass); - - *sid = &(sampass->private.account_sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - SAM_ASSERT(sampass); - - *sid = &(sampass->private.group_sid); - - return NT_STATUS_OK; -} - -/** - * Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE - * @param sampass the SAM_ACCOUNT_HANDLE in question - * @return the flags indicating the members initialised in the struct. - **/ - -NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag) -{ - SAM_ASSERT(sampass); - - *initflag = sampass->private.init_flag; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name) -{ - SAM_ASSERT(sampass); - - *account_name = sampass->private.account_name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain) -{ - SAM_ASSERT(sampass); - - *domain = sampass->private.domain; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname) -{ - SAM_ASSERT(sampass); - - *fullname = sampass->private.full_name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir) -{ - SAM_ASSERT(sampass); - - *homedir = sampass->private.home_dir; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir) -{ - SAM_ASSERT(sampass); - - *uhomedir = sampass->private.unix_home_dir; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive) -{ - SAM_ASSERT(sampass); - - *dirdrive = sampass->private.dir_drive; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script) -{ - SAM_ASSERT(sampass); - - *logon_script = sampass->private.logon_script; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path) -{ - SAM_ASSERT(sampass); - - *profile_path = sampass->private.profile_path; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description) -{ - SAM_ASSERT(sampass); - - *description = sampass->private.acct_desc; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations) -{ - SAM_ASSERT(sampass); - - *workstations = sampass->private.workstations; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str) -{ - SAM_ASSERT(sampass); - - *unknown_str = sampass->private.unknown_str; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial) -{ - SAM_ASSERT(sampass); - - *munged_dial = sampass->private.munged_dial; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1) -{ - SAM_ASSERT(sampass && unknown1); - - *unknown1 = sampass->private.unknown_1; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2) -{ - SAM_ASSERT(sampass && unknown2); - - *unknown2 = sampass->private.unknown_2; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3) -{ - SAM_ASSERT(sampass && unknown3); - - *unknown3 = sampass->private.unknown_3; - - return NT_STATUS_OK; -} - -/********************************************************************* - Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO. - ********************************************************************/ - -NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl) -{ - SAM_ASSERT(sampass); - - sampass->private.acct_ctrl = acct_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.logon_time = mytime; - - - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.logoff_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.kickoff_time = mytime; - - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_can_change_time = mytime; - - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_must_change_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_last_set_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len) -{ - SAM_ASSERT(sampass); - - sampass->private.hours_len = len; - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours) -{ - SAM_ASSERT(sampass); - - sampass->private.logon_divs = hours; - return NT_STATUS_OK; -} - -/** - * Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE - * @param sampass the SAM_ACCOUNT_HANDLE in question - * @param flag The *new* flag to be set. Old flags preserved - * this flag is only added. - **/ - -NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag) -{ - SAM_ASSERT(sampass); - - sampass->private.init_flag |= flag; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid) -{ - SAM_ASSERT(sampass && u_sid); - - sid_copy(&sampass->private.account_sid, u_sid); - - DEBUG(10, ("sam_set_account_sid: setting account sid %s\n", - sid_string_static(&sampass->private.account_sid))); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid) -{ - DOM_SID new_sid; - SAM_ASSERT(sampass && u_sid); - - DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n", - u_sid)); - - if (!string_to_sid(&new_sid, u_sid)) { - DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) { - DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid) -{ - SAM_ASSERT(sampass && g_sid); - - sid_copy(&sampass->private.group_sid, g_sid); - - DEBUG(10, ("sam_set_group_sid: setting group sid %s\n", - sid_string_static(&sampass->private.group_sid))); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid) -{ - DOM_SID new_sid; - SAM_ASSERT(sampass && g_sid); - - DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n", - g_sid)); - - if (!string_to_sid(&new_sid, g_sid)) { - DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) { - DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - return NT_STATUS_OK; -} - -/********************************************************************* - Set the domain name. - ********************************************************************/ - -NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain) -{ - SAM_ASSERT(sampass); - - sampass->private.domain = domain; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's NT name. - ********************************************************************/ - -NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name)); - - sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's full name. - ********************************************************************/ - -NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name)); - - sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's logon script. - ********************************************************************/ - -NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script)); - - sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script); - - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's profile path. - ********************************************************************/ - -NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path)); - - sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's directory drive. - ********************************************************************/ - -NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive, - sampass->private.dir_drive)); - - sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's home directory. - ********************************************************************/ - -NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir, - sampass->private.home_dir)); - - sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's unix home directory. - ********************************************************************/ - -NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir, - sampass->private.unix_home_dir)); - - sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's account description. - ********************************************************************/ - -NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc) -{ - SAM_ASSERT(sampass); - - sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's workstation allowed list. - ********************************************************************/ - -NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations, - sampass->private.workstations)); - - sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's 'unknown_str', whatever the heck this actually is... - ********************************************************************/ - -NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's dial string. - ********************************************************************/ - -NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial) -{ - SAM_ASSERT(sampass); - - sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's NT hash. - ********************************************************************/ - -NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data) -{ - SAM_ASSERT(sampass); - - sampass->private.nt_pw = data; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's LM hash. - ********************************************************************/ - -NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data) -{ - SAM_ASSERT(sampass); - - sampass->private.lm_pw = data; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's plaintext password only (base procedure, see helper - below) - ********************************************************************/ - -NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd) -{ - SAM_ASSERT(sampass); - - sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_1 = unkn; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_2 = unkn; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_3 = unkn; - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours) -{ - SAM_ASSERT(sampass); - - if (!hours) { - memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN); - return NT_STATUS_OK; - } - - memcpy(sampass->private.hours, hours, MAX_HOURS_LEN); - - return NT_STATUS_OK; -} - -/* Helpful interfaces to the above */ - -/********************************************************************* - Sets the last changed times and must change times for a normal - password change. - ********************************************************************/ - -NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass) -{ - uint32 expire; - NTTIME temptime; - - SAM_ASSERT(sampass); - - unix_to_nt_time(&temptime, time(NULL)); - if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime))) - return NT_STATUS_UNSUCCESSFUL; - - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || (expire==(uint32)-1)) { - - get_nttime_max(&temptime); - if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False))) - return NT_STATUS_UNSUCCESSFUL; - - } else { - /* FIXME: Add expire to temptime */ - - if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True))) - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's PLAINTEXT password. Used as an interface to the above. - Also sets the last change time to NOW. - ********************************************************************/ - -NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext) -{ - DATA_BLOB data; - uchar new_lanman_p16[16]; - uchar new_nt_p16[16]; - - SAM_ASSERT(sampass && plaintext); - - nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16); - - data = data_blob(new_nt_p16, 16); - if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data))) - return NT_STATUS_UNSUCCESSFUL; - - data = data_blob(new_lanman_p16, 16); - - if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data))) - return NT_STATUS_UNSUCCESSFUL; - - if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext))) - return NT_STATUS_UNSUCCESSFUL; - - if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass))) - return NT_STATUS_UNSUCCESSFUL; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c deleted file mode 100644 index c70a4a3f09..0000000000 --- a/source3/sam/get_set_domain.c +++ /dev/null @@ -1,263 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_DOMAIN access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid) -{ - SAM_ASSERT(domain &&sid); - - *sid = &(domain->private.sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts) -{ - SAM_ASSERT(domain &&num_accounts); - - *num_accounts = domain->private.num_accounts; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups) -{ - SAM_ASSERT(domain &&num_groups); - - *num_groups = domain->private.num_groups; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases) -{ - SAM_ASSERT(domain &&num_aliases); - - *num_aliases = domain->private.num_aliases; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name) -{ - SAM_ASSERT(domain &&domain_name); - - *domain_name = domain->private.name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name) -{ - SAM_ASSERT(domain &&server_name); - - *server_name = domain->private.servername; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage) -{ - SAM_ASSERT(domain &&max_passwordage); - - *max_passwordage = domain->private.max_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage) -{ - SAM_ASSERT(domain &&min_passwordage); - - *min_passwordage = domain->private.min_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration) -{ - SAM_ASSERT(domain &&lockout_duration); - - *lockout_duration = domain->private.lockout_duration; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count) -{ - SAM_ASSERT(domain &&reset_lockout_count); - - *reset_lockout_count = domain->private.reset_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength) -{ - SAM_ASSERT(domain &&min_passwordlength); - - *min_passwordlength = domain->private.min_passwordlength; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history) -{ - SAM_ASSERT(domain &&password_history); - - *password_history = domain->private.password_history; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count) -{ - SAM_ASSERT(domain &&lockout_count); - - *lockout_count = domain->private.lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff) -{ - SAM_ASSERT(domain &&force_logoff); - - *force_logoff = domain->private.force_logoff; - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange) -{ - SAM_ASSERT(domain && login_pwdchange); - - *login_pwdchange = domain->private.login_pwdchange; - - return NT_STATUS_OK; -} - -/* Set */ - -NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name) -{ - SAM_ASSERT(domain); - - domain->private.name = talloc_strdup(domain->mem_ctx, domain_name); - - return NT_STATUS_OK; -} - - -NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage) -{ - SAM_ASSERT(domain); - - domain->private.max_passwordage = max_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage) -{ - SAM_ASSERT(domain); - - domain->private.min_passwordage = min_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration) -{ - SAM_ASSERT(domain); - - domain->private.lockout_duration = lockout_duration; - - return NT_STATUS_OK; -} -NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count) -{ - SAM_ASSERT(domain); - - domain->private.reset_count = reset_lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength) -{ - SAM_ASSERT(domain); - - domain->private.min_passwordlength = min_passwordlength; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history) -{ - SAM_ASSERT(domain); - - domain->private.password_history = password_history; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count) -{ - SAM_ASSERT(domain); - - domain->private.lockout_count = lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff) -{ - SAM_ASSERT(domain); - - domain->private.force_logoff = force_logoff; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange) -{ - SAM_ASSERT(domain); - - domain->private.login_pwdchange = login_pwdchange; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name) -{ - SAM_ASSERT(domain); - - domain->private.servername = talloc_strdup(domain->mem_ctx, server_name); - - return NT_STATUS_OK; -} diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c deleted file mode 100644 index 11ea9258a7..0000000000 --- a/source3/sam/get_set_group.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_USER_HANDLE access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/* sam group get functions */ - -NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid) -{ - SAM_ASSERT(group && sid); - - *sid = &(group->private.sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl) -{ - SAM_ASSERT(group && group_ctrl); - - *group_ctrl = group->private.group_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name) -{ - SAM_ASSERT(group); - - *group_name = group->private.group_name; - - return NT_STATUS_OK; - -} -NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc) -{ - SAM_ASSERT(group); - - *group_desc = group->private.group_desc; - - return NT_STATUS_OK; -} - -/* sam group set functions */ - -NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid) -{ - SAM_ASSERT(group); - - if (!sid) - ZERO_STRUCT(group->private.sid); - else - sid_copy(&(group->private.sid), sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl) -{ - SAM_ASSERT(group); - - group->private.group_ctrl = group_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name) -{ - SAM_ASSERT(group); - - group->private.group_name = talloc_strdup(group->mem_ctx, group_name); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc) -{ - SAM_ASSERT(group); - - group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc); - - return NT_STATUS_OK; - -} diff --git a/source3/sam/group.c b/source3/sam/group.c deleted file mode 100644 index 101e3dd7ce..0000000000 --- a/source3/sam/group.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers - - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_GROUP_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_group(SAM_GROUP_HANDLE *group) -{ - ZERO_STRUCT(group->private); /* Don't touch the talloc context */ - -} - -static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group) -{ - if (*group) { - - talloc_destroy((*group)->mem_ctx); - *group = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE)); - - if (*group==NULL) { - DEBUG(0,("sam_init_group_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*group)->mem_ctx = mem_ctx; - - (*group)->free_fn = NULL; - - sam_fill_default_group(*group); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct SAM_GROUP_HANDLE. - ************************************************************/ - -NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*group)->free_fn = destroy_sam_group_handle_talloc; - - return NT_STATUS_OK; -} - - -/************************************************************ - Reset the SAM_GROUP_HANDLE. - ***********************************************************/ - -NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group) -{ - SMB_ASSERT(group != NULL); - - sam_fill_default_group(group); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_GROUP_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if ((*group)->free_fn) { - (*group)->free_fn(group); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the group control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length) -{ - static fstring group_str; - size_t i = 0; - - group_str[i++] = '['; - - if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L'; - if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G'; - - for ( ; i < length - 2 ; i++ ) - group_str[i] = ' '; - - i = length - 2; - group_str[i++] = ']'; - group_str[i++] = '\0'; - - return group_str; -} - -/********************************************************** - Decode the group control bits from a string. - **********************************************************/ - -uint16 sam_decode_group_ctrl(const char *p) -{ - uint16 group_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ } - case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ } - - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return group_ctrl; -} - diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c deleted file mode 100644 index 5e390490cf..0000000000 --- a/source3/sam/gumm_tdb.c +++ /dev/null @@ -1,1193 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 - * Copyright (C) Simo Sorce 2000-2002 - * Copyright (C) Gerald Carter 2000 - * Copyright (C) Jeremy Allison 2001 - * Copyright (C) Andrew Bartlett 2002 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "tdbsam2.h" -#include "tdbsam2_parse_info.h" - -static int tdbgumm_debug_level = DBGC_ALL; -#undef DBGC_CLASS -#define DBGC_CLASS tdbgumm_debug_level - -#define TDBSAM_VERSION 20021215 -#define TDB_FILE_NAME "tdbsam2.tdb" -#define NAMEPREFIX "NAME_" -#define SIDPREFIX "SID_" -#define PRIVILEGEPREFIX "PRIV_" - -#define TDB_FORMAT_STRING "ddB" - -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct tdbsam2_enum_objs { - uint32 type; - fstring dom_sid; - TDB_CONTEXT *db; - TDB_DATA key; - struct tdbsam2_enum_objs *next; -}; - -union tdbsam2_data { - struct tdbsam2_domain_data *domain; - struct tdbsam2_user_data *user; - struct tdbsam2_group_data *group; -}; - -struct tdbsam2_object { - uint32 type; - uint32 version; - union tdbsam2_data data; -}; - -static TDB_CONTEXT *tdbsam2_db; - -struct tdbsam2_enum_objs **teo_handlers; - -static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - int iret; - char *obj_data; - int data_size = 0; - int len; - - len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, - &(object->version), - &(object->type), - &data_size, &obj_data); - - if (len == -1) - goto done; - - /* version is checked inside this function so that backward compatibility code can be - called eventually. - this way we can easily handle database format upgrades */ - if (object->version != TDBSAM_VERSION) { - DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data)); - TALLOC_CHECK(object->data.domain, ret, done); - memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data)); - TALLOC_CHECK(object->data.group, ret, done); - memset(object->data.group, 0, sizeof(struct tdbsam2_group_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data); - break; - case GUMS_OBJ_NORMAL_USER: - object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data)); - TALLOC_CHECK(object->data.user, ret, done); - memset(object->data.user, 0, sizeof(struct tdbsam2_user_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data); - break; - default: - DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n")); - goto done; - } - - if (iret != 0) { - DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?")); - goto done; - } - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object) -{ - - NTSTATUS ret; - char *buf1 = NULL; - size_t buflen; - - if (!buffer) - return NT_STATUS_INVALID_PARAMETER; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0); - break; - case GUMS_OBJ_NORMAL_USER: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0); - break; - default: - DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (buf1 == NULL) { - DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - strlen(buf1) + 1, buf1); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - strlen(buf1) + 1, buf1); - - if (*len != buflen) { - DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS opentdb(void) -{ - if (!tdbsam2_db) { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - - tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600); - if (!tdbsam2_db) - { - DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile)); - return NT_STATUS_UNSUCCESSFUL; - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid) -{ - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - - if (!obj || !mem_ctx || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - SAFE_FREE(data.dptr); - - return NT_STATUS_OK; - -} - -static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name) -{ - - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - fstring objname; - DOM_SID sid; - char *obj_sidstr; - int obj_version, obj_type, obj_sidstr_len, len; - - if (!obj || !mem_ctx || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - unix_strlower(name, -1, objname, sizeof(objname)); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - return NT_STATUS_UNSUCCESSFUL; - } - - len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING, - &obj_version, - &obj_type, - &obj_sidstr_len, &obj_sidstr); - - SAFE_FREE(data.dptr); - - if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) { - DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!string_to_sid(&sid, obj_sidstr)) { - DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); - SAFE_FREE(obj_sidstr); - return NT_STATUS_UNSUCCESSFUL; - } - SAFE_FREE(obj_sidstr); - - return get_object_by_sid(mem_ctx, obj, &sid); -} - -static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj) -{ - - NTSTATUS ret; - TDB_DATA data, key, key2; - fstring keystr; - fstring namestr; - int flag, r; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - if (new_obj) { - flag = TDB_INSERT; - } else { - flag = TDB_MODIFY; - } - - ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object); - if (NT_STATUS_IS_ERR(ret)) - return ret; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name); - break; - case GUMS_OBJ_NORMAL_USER: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name); - break; - default: - return NT_STATUS_UNSUCCESSFUL; - } - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify SAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_INTERNAL_DB_ERROR; - } - - key2.dptr = namestr; - key2.dsize = strlen(namestr) + 1; - - if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify SAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_INTERNAL_DB_ERROR; - } -/* TODO: update the general database counter */ -/* TODO: update this entry counter too */ - - return NT_STATUS_OK; -} - -static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - DOM_SID *dom_sid = get_global_sam_sid(); - uint32 new_rid; - -/* TODO: LOCK DOMAIN OBJECT */ - ret = get_object_by_sid(mem_ctx, &obj, dom_sid); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto error; - } - - new_rid = obj.data.domain->next_rid; - - /* Increment the RID Counter */ - obj.data.domain->next_rid++; - - /* Store back Domain object */ - ret = store_object(mem_ctx, &obj, False); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto error; - } -/* TODO: UNLOCK DOMAIN OBJECT */ - - *sid = sid_dup_talloc(mem_ctx, dom_sid); - TALLOC_CHECK(*sid, ret, error); - - if (!sid_append_rid(*sid, new_rid)) { - DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - - return NT_STATUS_OK; - -error: - return ret; -} - -static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata) -{ - NTSTATUS ret; - - if (!object || !userdata) { - DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* userdata->xcounter */ - /* userdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error); - - SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error); - - if (userdata->description) - SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error); - - if (userdata->full_name) - SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error); - - if (userdata->home_dir) - SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error); - - if (userdata->dir_drive) - SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error); - - if (userdata->logon_script) - SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error); - - if (userdata->profile_path) - SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error); - - if (userdata->workstations) - SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error); - - if (userdata->unknown_str) - SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error); - - if (userdata->munged_dial) - SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error); - - SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error); - SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error); - - if (userdata->hours) - SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error); - - SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error); - SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error); - SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error); - - SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error); - SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error); - SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error); - SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error); - SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error); - SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata) -{ - NTSTATUS ret; - - if (!object || !groupdata) { - DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* groupdata->xcounter */ - /* groupdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error); - - if (groupdata->description) - SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error); - - if (groupdata->count) - SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata) -{ - - NTSTATUS ret; - - if (!object || !*object || !domdata) { - DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* domdata->xcounter */ - /* domdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error); - - if (domdata->description) - SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) -{ - - NTSTATUS ret; - - if (!object || !data) { - DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n")); - ret = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - ret = gums_create_object(object, data->type); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n")); - goto done; - } - - switch (data->type) { - case GUMS_OBJ_DOMAIN: - ret = domain_data_to_gums_object(object, data->data.domain); - break; - - case GUMS_OBJ_NORMAL_USER: - ret = user_data_to_gums_object(object, data->data.user); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - ret = group_data_to_gums_object(object, data->data.group); - break; - - default: - ret = NT_STATUS_UNSUCCESSFUL; - } - -done: - return ret; -} - - -/* GUMM object functions */ - -static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - mem_ctx = talloc_init("tdbsam2_get_domain_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - - unix_strlower(name, -1, domname, sizeof(domname)); - - ret = get_object_by_name(mem_ctx, &obj, domname); - - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (obj.type != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - sid_copy(sid, obj.data.domain->dom_sid); - - ret = NT_STATUS_OK; - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - mem_ctx = talloc_init("tdbsam2_set_domain_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - } - - unix_strlower(name, -1, domname, sizeof(domname)); - -/* TODO: we need to lock this entry until updated! */ - - ret = get_object_by_name(mem_ctx, &obj, domname); - - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (obj.type != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - sid_copy(obj.data.domain->dom_sid, sid); - - ret = store_object(mem_ctx, &obj, False); - -done: -/* TODO: unlock here */ - if (mem_ctx) talloc_destroy(mem_ctx); - return ret; -} - -/* TODO */ - NTSTATUS (*get_sequence_number) (void); - - -extern DOM_SID global_sid_NULL; - -static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - NTTIME zero_time = {0,0}; - const char *defpw = "NOPASSWORDXXXXXX"; - uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; - - if (!sid || !name) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_new_object"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - obj.type = obj_type; - obj.version = TDBSAM_VERSION; - - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data)); - TALLOC_CHECK(obj.data.user, ret, done); - - get_next_sid(mem_ctx, &(obj.data.user->user_sid)); - TALLOC_CHECK(obj.data.user->user_sid, ret, done); - sid_copy(sid, obj.data.user->user_sid); - - obj.data.user->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.user, ret, done); - - obj.data.user->xcounter = 1; - /*obj.data.user->sec_desc*/ - obj.data.user->description = ""; - obj.data.user->group_sid = &global_sid_NULL; - obj.data.user->logon_time = &zero_time; - obj.data.user->logoff_time = &zero_time; - obj.data.user->kickoff_time = &zero_time; - obj.data.user->pass_last_set_time = &zero_time; - obj.data.user->pass_can_change_time = &zero_time; - obj.data.user->pass_must_change_time = &zero_time; - - obj.data.user->full_name = ""; - obj.data.user->home_dir = ""; - obj.data.user->dir_drive = ""; - obj.data.user->logon_script = ""; - obj.data.user->profile_path = ""; - obj.data.user->workstations = ""; - obj.data.user->unknown_str = ""; - obj.data.user->munged_dial = ""; - - obj.data.user->lm_pw_ptr = defpw; - obj.data.user->nt_pw_ptr = defpw; - - obj.data.user->logon_divs = 168; - obj.data.user->hours_len = 21; - obj.data.user->hours = &defhours; - - obj.data.user->unknown_3 = 0x00ffffff; - obj.data.user->unknown_5 = 0x00020000; - obj.data.user->unknown_6 = 0x000004ec; - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data)); - TALLOC_CHECK(obj.data.group, ret, done); - - get_next_sid(mem_ctx, &(obj.data.group->group_sid)); - TALLOC_CHECK(obj.data.group->group_sid, ret, done); - sid_copy(sid, obj.data.group->group_sid); - - obj.data.group->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.group, ret, done); - - obj.data.group->xcounter = 1; - /*obj.data.group->sec_desc*/ - obj.data.group->description = ""; - - break; - - case GUMS_OBJ_DOMAIN: - - /* FIXME: should we check against global_sam_sid to make it impossible - to store more than one domain ? */ - - obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data)); - TALLOC_CHECK(obj.data.domain, ret, done); - - obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid()); - TALLOC_CHECK(obj.data.domain->dom_sid, ret, done); - sid_copy(sid, obj.data.domain->dom_sid); - - obj.data.domain->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.domain, ret, done); - - obj.data.domain->xcounter = 1; - /*obj.data.domain->sec_desc*/ - obj.data.domain->next_rid = 0x3e9; - obj.data.domain->description = ""; - - ret = NT_STATUS_OK; - break; - - default: - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = store_object(mem_ctx, &obj, True); - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - TDB_DATA data, key; - fstring keystr; - - if (!sid) { - DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_delete_object"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - } - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - switch (obj.type) { - case GUMS_OBJ_DOMAIN: - /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */ - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name); - break; - case GUMS_OBJ_NORMAL_USER: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name); - break; - default: - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -/* TODO: update the general database counter */ - -done: - SAFE_FREE(data.dptr); - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - - if (!object || !sid) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - ret = get_object_by_sid(mem_ctx, &obj, sid); - if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); - goto done; - } - - ret = data_to_gums_object(object, &obj); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); - goto done; - } - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - - if (!object || !name) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - ret = get_object_by_name(mem_ctx, &obj, name); - if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); - goto done; - } - - ret = data_to_gums_object(object, &obj); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); - goto done; - } - -done: - talloc_destroy(mem_ctx); - return ret; -} - - /* This function is used to get the list of all objects changed since base_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - -static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type) -{ - struct tdbsam2_enum_objs *teo, *t; - pstring tdbfile; - - teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs)); - if (!teo) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - teo->type = obj_type; - if (sid) { - sid_to_string(teo->dom_sid, sid); - } - - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - - teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600); - if (!teo->db) - { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile)); - SAFE_FREE(teo); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!teo_handlers) { - *teo_handlers = teo; - } else { - t = *teo_handlers; - while (t->next) { - t = t->next; - } - t->next = teo; - } - - handle = teo; - - teo->key = tdb_firstkey(teo->db); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) -{ - NTSTATUS ret; - TALLOC_CTX *mem_ctx; - TDB_DATA data; - struct tdbsam2_enum_objs *teo; - struct tdbsam2_object obj; - const char *prefix = SIDPREFIX; - const int preflen = strlen(prefix); - - if (!object || !handle) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - teo = (struct tdbsam2_enum_objs *)handle; - - mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - while ((teo->key.dsize != 0)) { - int len, version, type, size; - char *ptr; - - if (strncmp(teo->key.dptr, prefix, preflen)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - if (teo->dom_sid) { - if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - } - - data = tdb_fetch(teo->db, teo->key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); - DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, - &version, - &type, - &size, &ptr); - - if (len == -1) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(ptr); - - if (teo->type && type != teo->type) { - SAFE_FREE(data.dptr); - data.dsize = 0; - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - break; - } - - if (data.dsize != 0) { - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(data.dptr); - } - - ret = data_to_gums_object(object, &obj); - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) -{ - struct tdbsam2_enum_objs *teo, *t, *p; - - teo = (struct tdbsam2_enum_objs *)handle; - - if (*teo_handlers == teo) { - *teo_handlers = teo->next; - } else { - t = *teo_handlers; - while (t != teo) { - p = t; - t = t->next; - if (t == NULL) { - DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - p = t->next; - } - - tdb_close(teo->db); - SAFE_FREE(teo); - - return NT_STATUS_OK; -} - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (const GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ - NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv); - NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid); - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - - -int gumm_init(GUMS_FUNCTIONS **storage) -{ - tdbsam2_db = NULL; - teo_handlers = 0; - - return 0; -} - -#if 0 -int main(int argc, char *argv[]) -{ - NTSTATUS ret; - DOM_SID dsid; - - if (argc < 2) { - printf ("not enough arguments!\n"); - exit(0); - } - - if (!lp_load(dyn_CONFIGFILE,True,False,False)) { - fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE); - exit(1); - } - - ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN); - if (NT_STATUS_IS_OK(ret)) { - printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid)); - } else { - printf ("_domain_ creation error n. 0x%08x\n", ret.v); - } - ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER); - if (NT_STATUS_IS_OK(ret)) { - printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid)); - } else { - printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v); - } - - exit(0); -} -#endif diff --git a/source3/sam/gums.c b/source3/sam/gums.c deleted file mode 100644 index a118740637..0000000000 --- a/source3/sam/gums.c +++ /dev/null @@ -1,161 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Grops and Users Management System initializations. - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_GUMS*/ - -#define GMV_MAJOR 0 -#define GMV_MINOR 1 - -#define PRIV_NONE 0 -#define PRIV_CREATE_TOKEN 1 -#define PRIV_ASSIGNPRIMARYTOKEN 2 -#define PRIV_LOCK_MEMORY 3 -#define PRIV_INCREASE_QUOTA 4 -#define PRIV_MACHINE_ACCOUNT 5 -#define PRIV_TCB 6 -#define PRIV_SECURITY 7 -#define PRIV_TAKE_OWNERSHIP 8 -#define PRIV_LOAD_DRIVER 9 -#define PRIV_SYSTEM_PROFILE 10 -#define PRIV_SYSTEMTIME 11 -#define PRIV_PROF_SINGLE_PROCESS 12 -#define PRIV_INC_BASE_PRIORITY 13 -#define PRIV_CREATE_PAGEFILE 14 -#define PRIV_CREATE_PERMANENT 15 -#define PRIV_BACKUP 16 -#define PRIV_RESTORE 17 -#define PRIV_SHUTDOWN 18 -#define PRIV_DEBUG 19 -#define PRIV_AUDIT 20 -#define PRIV_SYSTEM_ENVIRONMENT 21 -#define PRIV_CHANGE_NOTIFY 22 -#define PRIV_REMOTE_SHUTDOWN 23 -#define PRIV_UNDOCK 24 -#define PRIV_SYNC_AGENT 25 -#define PRIV_ENABLE_DELEGATION 26 -#define PRIV_ALL 255 - - -GUMS_FUNCTIONS *gums_storage; -static void *dl_handle; - -static PRIVS gums_privs[] = { - {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ - {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"}, - {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"}, - {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"}, - {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"}, - {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"}, - {PRIV_TCB, "SeTCB", "TCB"}, - {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"}, - {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"}, - {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {PRIV_AUDIT, "SeAudit", "Audit"}, - {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"}, - {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, - {PRIV_UNDOCK, "SeUndock", "Undock"}, - {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"}, - {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"}, - {PRIV_ALL, "SaAllPrivs", "All Privileges"} -}; - -NTSTATUS gums_init(const char *module_name) -{ - int (*module_version)(int); - NTSTATUS (*module_init)(); -/* gums_module_init module_init;*/ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5, ("Opening gums module %s\n", module_name)); - dl_handle = sys_dlopen(module_name, RTLD_NOW); - if (!dl_handle) { - DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } - - module_version = sys_dlsym(dl_handle, "gumm_version"); - if (!module_version) { - DEBUG(0, ("ERROR: Failed to find gums module version!\n")); - goto error; - } - - if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) { - DEBUG(0, ("ERROR: Module's major version does not match gums version!\n")); - goto error; - } - - if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) { - DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n")); - } - - module_init = sys_dlsym(dl_handle, "gumm_init"); - if (!module_init) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - goto error; - } - - DEBUG(5, ("Initializing module %s\n", module_name)); - - ret = module_init(&gums_storage); - goto done; - -error: - ret = NT_STATUS_UNSUCCESSFUL; - sys_dlclose(dl_handle); - -done: - return ret; -} - -NTSTATUS gums_unload(void) -{ - NTSTATUS ret; - NTSTATUS (*module_finalize)(); - - if (!dl_handle) - return NT_STATUS_UNSUCCESSFUL; - - module_finalize = sys_dlsym(dl_handle, "gumm_finalize"); - if (!module_finalize) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(5, ("Finalizing module")); - - ret = module_finalize(); - sys_dlclose(dl_handle); - - return ret; -} diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c deleted file mode 100644 index 2e5dcd143a..0000000000 --- a/source3/sam/gums_api.c +++ /dev/null @@ -1,1470 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -/******************************************************************* - Create a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) -{ - SEC_ACL *dst; - int i; - - if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) - return NULL; - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = SEC_ACL_HEADER_SIZE; - - /* Now we need to return a non-NULL address for the ace list even - if the number of aces required is zero. This is because there - is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by checking that num_aces is a - positive number. */ - - if ((num_aces) && - ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) - == NULL)) { - return NULL; - } - - for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - - - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) -{ - if(src == NULL) - return NULL; - - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); -} - - - -/******************************************************************* - Creates a SEC_DESC structure -********************************************************************/ - -static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) -{ - SEC_DESC *dst; - uint32 offset = 0; - uint32 offset_sid = SEC_DESC_HEADER_SIZE; - uint32 offset_acl = 0; - - *sd_size = 0; - - if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) - return NULL; - - dst->revision = revision; - dst->type = SEC_DESC_SELF_RELATIVE; - - if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) - goto error_exit; - - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) - goto error_exit; - - if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) - goto error_exit; - - if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) - goto error_exit; - - offset = 0; - - /* - * Work out the linearization sizes. - */ - if (dst->owner_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->owner_sid); - } - - if (dst->grp_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->grp_sid); - } - - if (dst->sacl != NULL) { - - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_sacl = offset_acl; - offset_acl += dst->sacl->size; - offset += dst->sacl->size; - offset_sid += dst->sacl->size; - } - - if (dst->dacl != NULL) { - - if (offset_acl == 0) - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_dacl = offset_acl; - offset_acl += dst->dacl->size; - offset += dst->dacl->size; - offset_sid += dst->dacl->size; - } - - *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); - - if (dst->owner_sid != NULL) - dst->off_owner_sid = offset_sid; - - /* sid_size() returns 0 if the sid is NULL so this is ok */ - - if (dst->grp_sid != NULL) - dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); - - return dst; - -error_exit: - - *sd_size = 0; - return NULL; -} - -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) -{ - size_t dummy; - - if(src == NULL) - return NULL; - - return make_sec_desc( ctx, src->revision, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} - - - - - - - -extern GUMS_FUNCTIONS *gums_storage; - -/* Functions to get/set info from a GUMS object */ - -NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - *type = obj->type; - return NT_STATUS_OK; -} - -NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) -{ - TALLOC_CTX *mem_ctx = talloc_init("gums_create_object"); - GUMS_OBJECT *go; - NTSTATUS ret; - - go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - go->mem_ctx = mem_ctx; - go->type = type; - go->version = GUMS_OBJECT_VERSION; - - switch(type) { - case GUMS_OBJ_DOMAIN: - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); - break; - - default: - /* TODO: throw error */ - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto error; - } - - if (!(go->data.user)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - *obj = go; - return NT_STATUS_OK; - -error: - talloc_destroy(go->mem_ctx); - *obj = NULL; - return ret; -} - -NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj) -{ - if (!version || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *version = obj->version; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->version = version; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj) -{ - if (!sec_desc || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *sec_desc = obj->sec_desc; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) -{ - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj) -{ - if (!sid || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *sid = obj->sid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj) -{ - if (!name || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *name = obj->name; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) -{ - if (!obj || !name) - return NT_STATUS_INVALID_PARAMETER; - - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj) -{ - if (!description || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *description = obj->description; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) -{ - if (!obj || !description) - return NT_STATUS_INVALID_PARAMETER; - - obj->description = (char *)talloc_strdup(obj->mem_ctx, description); - if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -/* User specific functions */ - -/* -NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) -{ - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; - - *priv_set = obj->priv_set; - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *rid = obj->data.domain->next_rid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.domain->next_rid = rid; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj) -{ - if (!sid || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *sid = obj->data.user->group_sid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj) -{ - if (!nt_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *nt_pwd = &(obj->data.user->nt_pw); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) -{ - if (!obj || nt_pwd.length != NT_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj) -{ - if (!lm_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *lm_pwd = &(obj->data.user->lm_pw); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) -{ - if (!obj || lm_pwd.length != LM_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj) -{ - if (!fullname || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *fullname = obj->data.user->full_name; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) -{ - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj) -{ - if (!homedir || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *homedir = obj->data.user->home_dir; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) -{ - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj) -{ - if (!dirdrive || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *dirdrive = obj->data.user->dir_drive; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) -{ - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj) -{ - if (!logon_script || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_script = obj->data.user->logon_script; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) -{ - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj) -{ - if (!profile_path || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *profile_path = obj->data.user->profile_path; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) -{ - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj) -{ - if (!workstations || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *workstations = obj->data.user->workstations; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) -{ - if (!obj || !workstations) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj) -{ - if (!unknown_str || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_str = obj->data.user->unknown_str; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) -{ - if (!obj || !unknown_str) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj) -{ - if (!munged_dial || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *munged_dial = obj->data.user->munged_dial; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) -{ - if (!obj || !munged_dial) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj) -{ - if (!logon_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_time = obj->data.user->logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_time = logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj) -{ - if (!logoff_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logoff_time = obj->data.user->logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logoff_time = logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj) -{ - if (!kickoff_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *kickoff_time = obj->data.user->kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->kickoff_time = kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj) -{ - if (!pass_last_set_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_last_set_time = obj->data.user->pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_last_set_time = pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj) -{ - if (!pass_can_change_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_can_change_time = obj->data.user->pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_can_change_time = pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj) -{ - if (!pass_must_change_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_must_change_time = obj->data.user->pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_must_change_time = pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj) -{ - if (!logon_divs || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_divs = obj->data.user->logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) -{ - if (!obj || !logon_divs) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_divs = logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj) -{ - if (!hours_len || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *hours_len = obj->data.user->hours_len; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->hours_len = hours_len; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj) -{ - if (!hours || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *hours = obj->data.user->hours; - return NT_STATUS_OK; -} - -/* WARNING: always set hours_len before hours */ -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours) -{ - if (!obj || !hours) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - if (obj->data.user->hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len); - if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj) -{ - if (!unknown_3 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_3 = obj->data.user->unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_3 = unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj) -{ - if (!unknown_5 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_5 = obj->data.user->unknown_5; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_5 = unknown_5; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj) -{ - if (!unknown_6 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_6 = obj->data.user->unknown_6; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_6 = unknown_6; - return NT_STATUS_OK; -} - -/* Group specific functions */ - -NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj) -{ - if (!count || !members || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *count = obj->data.group->count; - *members = *(obj->data.group->members); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members) -{ - uint32 n; - - if (!obj || !members || !members) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.group->count = count; - n = 0; - do { - obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]); - if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY; - n++; - } while (n < count); - return NT_STATUS_OK; -} - -/* data_store set functions */ - -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type) -{ - TALLOC_CTX *mem_ctx; - GUMS_COMMIT_SET *set; - - mem_ctx = talloc_init("commit_set"); - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; - set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (set == NULL) { - talloc_destroy(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - set->mem_ctx = mem_ctx; - set->type = type; - sid_copy(&(set->sid), sid); - set->count = 0; - set->data = NULL; - *com_set = set; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) -{ - GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!mem_ctx || !com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(mem_ctx, sec_desc); - if (new_sec_desc == NULL) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_sec_desc; - - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) -{ - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!mem_ctx || !com_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) -{ - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!mem_ctx || !com_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) -{ - GUMS_DATA_SET *data_set; - PRIVILEGE_SET *new_priv_set; - - if (!mem_ctx || !com_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_PRIVILEGE; - if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv_set; - - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str) -{ - GUMS_DATA_SET *data_set; - char *new_str; - - if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_str = talloc_strdup(mem_ctx, str); - if (new_str == NULL) - return NT_STATUS_NO_MEMORY; - - (char *)(data_set->data) = new_str; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name) -{ - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); -} - -NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc) -{ - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); -} - -NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); -} - -NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); -} - -NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); -} - -NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); -} - -NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); -} - -NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); -} - -NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); -} - -NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); -} - -NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) -{ - GUMS_DATA_SET *data_set; - NTTIME *new_time; - - if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_time = talloc(mem_ctx, sizeof(NTTIME)); - if (new_time == NULL) - return NT_STATUS_NO_MEMORY; - - new_time->low = nttime->low; - new_time->high = nttime->high; - (char *)(data_set->data) = new_time; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); -} - -NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); -} - -NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); -} - -NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); -} - -NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); -} - -NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); -} - -NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); -} - -NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); -} - -NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - - -NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) -{ - return gums_storage->set_object_values(&(set->sid), set->count, set->data); -} - -NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) -{ - talloc_destroy((*com_set)->mem_ctx); - *com_set = NULL; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c deleted file mode 100644 index c22e6cf7ff..0000000000 --- a/source3/sam/gums_helper.c +++ /dev/null @@ -1,610 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS backends helper functions - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern GUMS_FUNCTIONS *gums_storage; - -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Builtin_Administrators; -extern DOM_SID global_sid_Builtin_Power_Users; -extern DOM_SID global_sid_Builtin_Account_Operators; -extern DOM_SID global_sid_Builtin_Server_Operators; -extern DOM_SID global_sid_Builtin_Print_Operators; -extern DOM_SID global_sid_Builtin_Backup_Operators; -extern DOM_SID global_sid_Builtin_Replicator; -extern DOM_SID global_sid_Builtin_Users; -extern DOM_SID global_sid_Builtin_Guests; - - -/* defines */ - -#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } - - return result; -} -#endif - -/**************************************************************************** - duplicate alloc luid_attr - ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la) -{ - *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR)); - if (*new_la == NULL) { - DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n")); - return NT_STATUS_NO_MEMORY; - } - - (*new_la)->luid.high = old_la.luid.high; - (*new_la)->luid.low = old_la.luid.low; - (*new_la)->attr = old_la.attr; - - return NT_STATUS_OK; -} - -/**************************************************************************** - initialise a privilege list - ****************************************************************************/ -void gums_init_privilege(PRIVILEGE_SET *priv_set) -{ - priv_set->count=0; - priv_set->control=0; - priv_set->set=NULL; -} - -/**************************************************************************** - add a privilege to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - - /* check if the privilege is not already in the list */ - if (gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* we can allocate memory to add the new privilege */ - - new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); - return NT_STATUS_NO_MEMORY; - } - - new_set[priv_set->count].luid.high=set.luid.high; - new_set[priv_set->count].luid.low=set.luid.low; - new_set[priv_set->count].attr=set.attr; - - priv_set->count++; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - add all the privileges to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) -{ - NTSTATUS result = NT_STATUS_OK; - LUID_ATTR set; - - set.attr=0; - set.luid.high=0; - - set.luid.low=SE_PRIV_ADD_USERS; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_ADD_MACHINES; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_PRINT_OPERATOR; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - -done: - return result; -} - -/**************************************************************************** - check if the privilege list is empty - ****************************************************************************/ -BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set) -{ - return (priv_set->count == 0); -} - -/**************************************************************************** - check if the privilege is in the privilege list - ****************************************************************************/ -BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - int i; - - /* if the list is empty, obviously we can't have it */ - if (gums_check_empty_privilege(priv_set)) - return False; - - for (i=0; i<priv_set->count; i++) { - LUID_ATTR *cur_set; - - cur_set=&priv_set->set[i]; - /* check only the low and high part. Checking the attr field has no meaning */ - if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) - return True; - } - - return False; -} - -/**************************************************************************** - remove a privilege from a privilege array - ****************************************************************************/ -NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i,j; - - /* check if the privilege is in the list */ - if (!gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* special case if it's the only privilege in the list */ - if (priv_set->count==1) { - gums_init_privilege(priv_set); - return NT_STATUS_OK; - } - - /* - * the privilege is there, create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0, j=0; i<priv_set->count; i++) { - if ((old_set[i].luid.low == set.luid.low) && - (old_set[i].luid.high == set.luid.high)) { - continue; - } - - new_set[j].luid.low = old_set[i].luid.low; - new_set[j].luid.high = old_set[i].luid.high; - new_set[j].attr = old_set[i].attr; - - j++; - } - - if (j != priv_set->count - 1) { - DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); - DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); - return NT_STATUS_INTERNAL_ERROR; - } - - /* ok everything is fine */ - - priv_set->count--; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - duplicates a privilege array - ****************************************************************************/ -NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i; - - *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET)); - gums_init_privilege(*new_priv_set); - - /* special case if there are no privileges in the list */ - if (priv_set->count == 0) { - return NT_STATUS_OK; - } - - /* - * create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i < priv_set->count; i++) { - - new_set[i].luid.low = old_set[i].luid.low; - new_set[i].luid.high = old_set[i].luid.high; - new_set[i].attr = old_set[i].attr; - } - - (*new_priv_set)->count = priv_set->count; - (*new_priv_set)->control = priv_set->control; - (*new_priv_set)->set = new_set; - - return NT_STATUS_OK; -} - -#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 -#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ - (READ_CONTROL_ACCESS | \ - SA_RIGHT_ALIAS_LOOKUP_INFO | \ - SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ - -#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ - - -#if 0 -NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) -{ - DOM_SID *world = &global_sid_World; - DOM_SID *admins = &global_sid_Builtin_Administrators; - SEC_ACCESS sa; - SEC_ACE sacl_ace; - SEC_ACE dacl_aces[2]; - SEC_ACL *sacl = NULL; - SEC_ACL *dacl = NULL; - size_t psize; - - init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); - init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); - - sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); - init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); - init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize); - if (!(*sec_desc)) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) -{ - NTSTATUS result; - SEC_ACE *new_aces; - unsigned num_aces; - int i; - - num_aces = sec_desc->dacl->num_aces + 1; - result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); - if (NT_STATUS_IS_OK(result)) { - sec_desc->dacl->ace = new_aces; - sec_desc->dacl->num_aces = num_aces; - sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; - for (i = 0; i < num_aces; i++) { - sec_desc->dacl->size += sec_desc->dacl->ace[i].size; - } - } - return result; -} - -NTSTATUS gums_init_builtin_groups(void) -{ - NTSTATUS result; - GUMS_OBJECT g_obj; - GUMS_GROUP *g_grp; - GUMS_PRIVILEGE g_priv; - - /* Build the well known Builtin Local Groups */ - g_obj.type = GUMS_OBJ_GROUP; - g_obj.version = 1; - g_obj.seq_num = 0; - g_obj.mem_ctx = talloc_init("gums_init_backend_acct"); - if (g_obj.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Administrators * / - - /* alloc group structure */ - g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP)); - ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done); - - /* make admins sid */ - g_grp = (GUMS_GROUP *)g_obj.data.group; - sid_copy(g_obj.sid, &global_sid_Builtin_Administrators); - - /* make security descriptor */ - result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx); - NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done); - - /* make privilege set */ - /* From BDC join trace: - SeSecurityPrivilege - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege - SeTakeOwnershipPrivilege - SeDebugPrivilege - SeSystemEnvironmentPrivilege - SeSystemProfilePrivilege - SeProfileSingleProcessPrivilege - SeIncreaseBasePriorityPrivilege - SeLocalDriverPrivilege - SeCreatePagefilePrivilege - SeIncreaseQuotaPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* numebr of group members */ - g_grp->count = 0; - g_grp->members = NULL; - - /* store Administrators group */ - result = gums_storage->set_object(&g_obj); - - /* Power Users */ - /* Domain Controllers Does NOT have power Users */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users); - - /* make privilege set */ - /* SE_PRIV_??? */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ -/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Power Users group */ - result = gums_storage->set_object(&g_obj); - - /* Account Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Account Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Server Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Server Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Print Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Print Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Backup Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Backup Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Replicator */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Replicator); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Replicator group */ - result = gums_storage->set_object(&g_obj); - - /* Users */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Users); - - /* add ACE to sec dsec dacl */ - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Users group */ - result = gums_storage->set_object(&g_obj); - - /* Guests */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Guests); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Guests group */ - result = gums_storage->set_object(&g_obj); - - /* set default privileges */ - g_priv.type = GUMS_OBJ_GROUP; - g_priv.version = 1; - g_priv.seq_num = 0; - g_priv.mem_ctx = talloc_init("gums_init_backend_priv"); - if (g_priv.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - - -done: - talloc_destroy(g_obj.mem_ctx); - talloc_destroy(g_priv.mem_ctx); - return result; -} -#endif - diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c deleted file mode 100644 index 06fcc5a956..0000000000 --- a/source3/sam/idmap.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Winbind ID Mapping - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003 - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -static struct { - - const char *name; - /* Function to create a member of the idmap_methods list */ - NTSTATUS (*reg_meth)(struct idmap_methods **methods); - struct idmap_methods *methods; - -} remote_idmap_functions[] = { - - { "winbind", idmap_reg_winbind, NULL }, - { NULL, NULL, NULL } - -}; - -static struct idmap_methods *local_map; -static struct idmap_methods *remote_map; - -static struct idmap_methods *get_methods(const char *name) -{ - int i = 0; - struct idmap_methods *ret = NULL; - - while (remote_idmap_functions[i].name && strcmp(remote_idmap_functions[i].name, name)) { - i++; - } - - if (remote_idmap_functions[i].name) { - - if (!remote_idmap_functions[i].methods) { - remote_idmap_functions[i].reg_meth(&remote_idmap_functions[i].methods); - } - - ret = remote_idmap_functions[i].methods; - } - - return ret; -} - -/* Initialize backend */ -BOOL idmap_init(const char *remote_backend) -{ - if (!local_map) { - idmap_reg_tdb(&local_map); - local_map->init(); - } - - if (!remote_map && remote_backend && *remote_backend != 0) { - DEBUG(3, ("load_methods: using '%s' as remote backend\n", remote_backend)); - - remote_map = get_methods(remote_backend); - if (!remote_map) { - DEBUG(0, ("load_methods: could not load remote backend '%s'\n", remote_backend)); - return False; - } - remote_map->init(); - } - - return True; -} - -NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) -{ - NTSTATUS ret; - - ret = local_map->set_mapping(sid, id, id_type); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n")); - DEBUGADD(0, ("Error num. %d", NT_STATUS_V(ret))); - return ret; - } - - /* Being able to update the remote cache is seldomly right. - Generally this is a forbidden operation. */ - if (!(id_type & ID_CACHE) && (remote_map != NULL)) { - remote_map->set_mapping(sid, id, id_type); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n")); - DEBUGADD(0, ("Error num. %d", NT_STATUS_V(ret))); - } - } - - return ret; -} - -/* Get ID from SID */ -NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) -{ - NTSTATUS ret; - int loc_type; - - loc_type = *id_type; - if (remote_map) { /* We have a central remote idmap */ - loc_type |= ID_NOMAP; - } - ret = local_map->get_id_from_sid(id, &loc_type, sid); - if (NT_STATUS_IS_ERR(ret)) { - if (remote_map) { - ret = remote_map->get_id_from_sid(id, id_type, sid); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n")); - return ret; - } else { - loc_type |= ID_CACHE; - idmap_set_mapping(sid, *id, loc_type); - } - } - } else { - *id_type = loc_type & ID_TYPEMASK; - } - - return ret; -} - -/* Get SID from ID */ -NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) -{ - NTSTATUS ret; - int loc_type; - - loc_type = id_type; - if (remote_map) { - loc_type = id_type | ID_NOMAP; - } - ret = local_map->get_sid_from_id(sid, id, loc_type); - if (NT_STATUS_IS_ERR(ret)) { - if (remote_map) { - ret = remote_map->get_sid_from_id(sid, id, id_type); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n")); - return ret; - } else { - loc_type |= ID_CACHE; - idmap_set_mapping(sid, id, loc_type); - } - } - } - - return ret; -} - -/* Close backend */ -NTSTATUS idmap_close(void) -{ - NTSTATUS ret; - - ret = local_map->close(); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(3, ("idmap_close: failed to close local cache!\n")); - } - - if (remote_map) { - ret = remote_map->close(); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n")); - } - } - - return ret; -} - -/* Dump backend status */ -void idmap_status(void) -{ - local_map->status(); - if (remote_map) remote_map->status(); -} - diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c deleted file mode 100644 index 7080ac56e6..0000000000 --- a/source3/sam/idmap_tdb.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - idmap TDB backend - - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -/* High water mark keys */ -#define HWM_GROUP "GROUP HWM" -#define HWM_USER "USER HWM" - -/* idmap version determines auto-conversion */ -#define IDMAP_VERSION 2 - -/* Globals */ -static TDB_CONTEXT *idmap_tdb; - -static struct idmap_state { - - /* User and group id pool */ - - uid_t uid_low, uid_high; /* Range of uids to allocate */ - gid_t gid_low, gid_high; /* Range of gids to allocate */ -} idmap_state; - -/* Allocate either a user or group id from the pool */ -static NTSTATUS db_allocate_id(unid_t *id, int id_type) -{ - int hwm; - - if (!id) return NT_STATUS_INVALID_PARAMETER; - - /* Get current high water mark */ - switch (id_type & ID_TYPEMASK) { - case ID_USERID: - if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - return NT_STATUS_INTERNAL_DB_ERROR; - } - - if (hwm > idmap_state.uid_high) { - DEBUG(0, ("idmap Fatal Error: UID range full!!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - (*id).uid = hwm++; - - /* Store new high water mark */ - tdb_store_int32(idmap_tdb, HWM_USER, hwm); - break; - case ID_GROUPID: - if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - return NT_STATUS_INTERNAL_DB_ERROR; - } - - if (hwm > idmap_state.gid_high) { - DEBUG(0, ("idmap Fatal Error: GID range full!!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - (*id).gid = hwm++; - - /* Store new high water mark */ - tdb_store_int32(idmap_tdb, HWM_GROUP, hwm); - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - return NT_STATUS_OK; -} - -/* Get a sid from an id */ -static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) -{ - TDB_DATA key, data; - fstring keystr; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!sid) return NT_STATUS_INVALID_PARAMETER; - - switch (id_type & ID_TYPEMASK) { - case ID_USERID: - slprintf(keystr, sizeof(keystr), "UID %d", id.uid); - break; - case ID_GROUPID: - slprintf(keystr, sizeof(keystr), "GID %d", id.gid); - break; - default: - return NT_STATUS_UNSUCCESSFUL; - } - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - if (string_to_sid(sid, data.dptr)) { - ret = NT_STATUS_OK; - } - SAFE_FREE(data.dptr); - } - - return ret; -} - -/* Get an id from a sid */ -static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) -{ - TDB_DATA data, key; - fstring keystr; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!sid || !id || !id_type) return NT_STATUS_INVALID_PARAMETER; - - /* Check if sid is present in database */ - sid_to_string(keystr, sid); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - int type = *id_type & ID_TYPEMASK; - fstring scanstr; - - if (type == ID_EMPTY || type == ID_USERID) { - /* Parse and return existing uid */ - fstrcpy(scanstr, "UID %d"); - - if (sscanf(data.dptr, scanstr, &((*id).uid)) == 1) { - /* uid ok? */ - if (type == ID_EMPTY) { - *id_type = ID_USERID; - } - ret = NT_STATUS_OK; - goto idok; - } - } - - if (type == ID_EMPTY || type == ID_GROUPID) { - /* Parse and return existing gid */ - fstrcpy(scanstr, "GID %d"); - - if (sscanf(data.dptr, scanstr, &((*id).gid)) == 1) { - /* gid ok? */ - if (type == ID_EMPTY) { - *id_type = ID_GROUPID; - } - ret = NT_STATUS_OK; - } - } -idok: - SAFE_FREE(data.dptr); - - } else if (!(*id_type & ID_NOMAP) && - (((*id_type & ID_TYPEMASK) == ID_USERID) - || (*id_type & ID_TYPEMASK) == ID_GROUPID)) { - - /* Allocate a new id for this sid */ - ret = db_allocate_id(id, *id_type); - if (NT_STATUS_IS_OK(ret)) { - fstring keystr2; - - /* Store new id */ - if (*id_type & ID_USERID) { - slprintf(keystr2, sizeof(keystr2), "UID %d", (*id).uid); - } else { - slprintf(keystr2, sizeof(keystr2), "GID %d", (*id).gid); - } - - data.dptr = keystr2; - data.dsize = strlen(keystr2) + 1; - - if (tdb_store(idmap_tdb, key, data, TDB_REPLACE) == -1) { - /* TODO: print tdb error !! */ - return NT_STATUS_UNSUCCESSFUL; - } - if (tdb_store(idmap_tdb, data, key, TDB_REPLACE) == -1) { - /* TODO: print tdb error !! */ - return NT_STATUS_UNSUCCESSFUL; - } - - ret = NT_STATUS_OK; - } - } - - return ret; -} - -static NTSTATUS db_set_mapping(DOM_SID *sid, unid_t id, int id_type) -{ - TDB_DATA ksid, kid; - fstring ksidstr; - fstring kidstr; - - if (!sid) return NT_STATUS_INVALID_PARAMETER; - - sid_to_string(ksidstr, sid); - - ksid.dptr = ksidstr; - ksid.dsize = strlen(ksidstr) + 1; - - if (id_type & ID_USERID) { - slprintf(kidstr, sizeof(kidstr), "UID %d", id.uid); - } else if (id_type & ID_GROUPID) { - slprintf(kidstr, sizeof(kidstr), "GID %d", id.gid); - } else { - return NT_STATUS_INVALID_PARAMETER; - } - - kid.dptr = kidstr; - kid.dsize = strlen(kidstr) + 1; - - if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) { - DEBUG(0, ("idb_set_mapping: tdb_store 1 error: %s", tdb_errorstr(idmap_tdb))); - return NT_STATUS_UNSUCCESSFUL; - } - if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) { - DEBUG(0, ("idb_set_mapping: tdb_store 2 error: %s", tdb_errorstr(idmap_tdb))); - return NT_STATUS_UNSUCCESSFUL; - } - return NT_STATUS_OK; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static NTSTATUS db_idmap_init(void) -{ - SMB_STRUCT_STAT stbuf; - - /* move to the new database on first startup */ - if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { - if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) { - DEBUG(0, ("idmap_init: winbindd_idmap.tdb is present and idmap.tdb is not!\nPlease RUN winbindd first to convert the db to the new format!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* Open tdb cache */ - if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, - 0600))) { - DEBUG(0, ("idmap_init: Unable to open idmap database\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Create high water marks for group and user id */ - if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { - if (tdb_store_int32(idmap_tdb, HWM_USER, idmap_state.uid_low) == -1) { - DEBUG(0, ("idmap_init: Unable to initialise user hwm in idmap database\n")); - return NT_STATUS_INTERNAL_DB_ERROR; - } - } - - if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { - if (tdb_store_int32(idmap_tdb, HWM_GROUP, idmap_state.gid_low) == -1) { - DEBUG(0, ("idmap_init: Unable to initialise group hwm in idmap database\n")); - return NT_STATUS_INTERNAL_DB_ERROR; - } - } - - return NT_STATUS_OK; -} - -/* Close the tdb */ -static NTSTATUS db_idmap_close(void) -{ - if (idmap_tdb) { - if (tdb_close(idmap_tdb) == 0) { - return NT_STATUS_OK; - } else { - return NT_STATUS_UNSUCCESSFUL; - } - } - return NT_STATUS_OK; -} - - -/* Dump status information to log file. Display different stuff based on - the debug level: - - Debug Level Information Displayed - ================================================================= - 0 Percentage of [ug]id range allocated - 0 High water marks (next allocated ids) -*/ - -#define DUMP_INFO 0 - -static void db_idmap_status(void) -{ - int user_hwm, group_hwm; - - DEBUG(0, ("winbindd idmap status:\n")); - - /* Get current high water marks */ - - if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get userid high water mark!\n")); - } - - if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get groupid high water mark!\n")); - } - - /* Display next ids to allocate */ - - if (user_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext userid to allocate is %d\n", user_hwm)); - } - - if (group_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext groupid to allocate is %d\n", group_hwm)); - } - - /* Display percentage of id range already allocated. */ - - if (user_hwm != -1) { - int num_users = user_hwm - idmap_state.uid_low; - int total_users = - idmap_state.uid_high - idmap_state.uid_low; - - DEBUG(DUMP_INFO, - ("\tUser id range is %d%% full (%d of %d)\n", - num_users * 100 / total_users, num_users, - total_users)); - } - - if (group_hwm != -1) { - int num_groups = group_hwm - idmap_state.gid_low; - int total_groups = - idmap_state.gid_high - idmap_state.gid_low; - - DEBUG(DUMP_INFO, - ("\tGroup id range is %d%% full (%d of %d)\n", - num_groups * 100 / total_groups, num_groups, - total_groups)); - } - - /* Display complete mapping of users and groups to rids */ -} - -struct idmap_methods db_methods = { - - db_idmap_init, - db_get_sid_from_id, - db_get_id_from_sid, - db_set_mapping, - db_idmap_close, - db_idmap_status - -}; - -NTSTATUS idmap_reg_tdb(struct idmap_methods **meth) -{ - *meth = &db_methods; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/idmap_winbind.c b/source3/sam/idmap_winbind.c deleted file mode 100644 index d89c9e7bac..0000000000 --- a/source3/sam/idmap_winbind.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - idmap Winbind backend - - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "nsswitch/winbind_nss.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -extern DOM_SID global_sid_NULL; /* NULL sid */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); - -/* Get a sid from an id */ -static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) -{ - struct winbindd_request request; - struct winbindd_response response; - int result, operation; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - switch (id_type & ID_TYPEMASK) { - case ID_USERID: - request.data.uid = id.uid; - operation = WINBINDD_UID_TO_SID; - break; - case ID_GROUPID: - request.data.gid = id.gid; - operation = WINBINDD_GID_TO_SID; - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - /* Make The Request */ - result = winbindd_request(operation, &request, &response); - if (result == NSS_STATUS_SUCCESS) { - if (!string_to_sid(sid, response.data.sid.sid)) { - return NT_STATUS_INVALID_SID; - } - return NT_STATUS_OK; - } else { - sid_copy(sid, &global_sid_NULL); - } - - return NT_STATUS_UNSUCCESSFUL; -} - -/* Get an id from a sid */ -static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result, operation; - fstring sid_str; - - if (!id || !id_type) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* setup request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - switch (*id_type & ID_TYPEMASK) { - case ID_USERID: - operation = WINBINDD_SID_TO_UID; - break; - case ID_GROUPID: - operation = WINBINDD_SID_TO_GID; - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - sid_to_string(sid_str, sid); - fstrcpy(request.data.sid, sid_str); - - /* Make The Request */ - result = winbindd_request(operation, &request, &response); - - if (result == NSS_STATUS_SUCCESS) { - if (operation == WINBINDD_SID_TO_UID) { - (*id).uid = response.data.uid; - } else { - (*id).gid = response.data.gid; - } - return NT_STATUS_OK; - } - - return NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS db_set_mapping(DOM_SID *sid, unid_t id, int id_type) { - return NT_STATUS_UNSUCCESSFUL; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static NTSTATUS db_init(void) { - return NT_STATUS_OK; -} - -/* Close the tdb */ -static NTSTATUS db_close(void) { - return NT_STATUS_OK; -} - -static void db_status(void) { - return; -} - -struct idmap_methods winbind_methods = { - - db_init, - db_get_sid_from_id, - db_get_id_from_sid, - db_set_mapping, - db_close, - db_status - -}; - -NTSTATUS idmap_reg_winbind(struct idmap_methods **meth) -{ - *meth = &winbind_methods; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/interface.c b/source3/sam/interface.c deleted file mode 100644 index 51ae561999..0000000000 --- a/source3/sam/interface.c +++ /dev/null @@ -1,1338 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Kai Krüger 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -extern DOM_SID global_sid_Builtin; - -/** List of various built-in sam modules */ - -const struct sam_init_function_entry builtin_sam_init_functions[] = { - { "plugin", sam_init_plugin }, -#ifdef HAVE_LDAP - { "ads", sam_init_ads }, -#endif - { "skel", sam_init_skel }, - { NULL, NULL} -}; - - -static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (sid_equal(domainsid, &(tmp_methods->domain_sid))) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (strequal(domainname, tmp_methods->domain_name)) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) -{ - *methods = talloc(mem_ctx, sizeof(SAM_METHODS)); - - if (!*methods) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*methods); - - return NT_STATUS_OK; -} - -/****************************************************************** - Free and cleanup a sam context, any associated data and anything - that the attached modules might have associated. - *******************************************************************/ - -void free_sam_context(SAM_CONTEXT **context) -{ - SAM_METHODS *sam_selected = (*context)->methods; - - while (sam_selected) { - if (sam_selected->free_private_data) { - sam_selected->free_private_data(&(sam_selected->private_data)); - } - sam_selected = sam_selected->next; - } - - talloc_destroy((*context)->mem_ctx); - *context = NULL; -} - -/****************************************************************** - Make a backend_entry from scratch - *******************************************************************/ - -static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string) -{ - char *tmp = NULL; - char *tmp_string = sam_backend_string; - - DEBUG(5,("make_backend_entry: %d\n", __LINE__)); - - SAM_ASSERT(sam_backend_string && backend_entry); - - backend_entry->module_name = sam_backend_string; - - DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name)); - - if ((tmp = strrchr(tmp_string, '|')) != NULL) { - DEBUGADD(20,("a domain name has been specified\n")); - *tmp = 0; - backend_entry->domain_name = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if ((tmp = strchr(tmp_string, ':')) != NULL) { - DEBUG(20,("options for the backend have been specified\n")); - *tmp = 0; - backend_entry->module_params = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if (backend_entry->domain_name == NULL) { - DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n", - backend_entry->module_name, lp_workgroup())); - backend_entry->domain_name = smb_xstrdup(lp_workgroup()); - } - - if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) { - DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n")); - return NT_STATUS_NO_MEMORY; - } - - DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name)); - - if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) { - DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n", - backend_entry->domain_name)); - DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__)); - ZERO_STRUCTP(backend_entry->domain_sid); - } - - DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n", - backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid))); - - return NT_STATUS_OK; -} - -/****************************************************************** - create sam_methods struct based on sam_backend_entry - *****************************************************************/ - -static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SAM_METHODS *methods; - int i; - - DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__)); - - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) { - return nt_status; - } - - methods = *methods_ptr; - methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name); - methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name); - sid_copy(&methods->domain_sid, backend_entry->domain_sid); - methods->parent = context; - - DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name)); - for (i = 0; builtin_sam_init_functions[i].module_name; i++) - { - if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name)) - { - DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i)); - DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid))); - nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name)); - } else { - DEBUG(2,("sam backend %s did not correctly init (error was %s)\n", - backend_entry->module_name, nt_errstr(nt_status))); - } - return nt_status; - } - } - - DEBUG(2,("could not find backend %s\n", backend_entry->module_name)); - - return NT_STATUS_INVALID_PARAMETER; -} - -static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context) -{ - SAM_BACKEND_ENTRY entry; - DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */ - SAM_METHODS *methods, *tmpmethods; - NTSTATUS ntstatus; - - DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__)); - - /* Make sure domain lp_workgroup() is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n", - lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND)); - - SAM_ASSERT(global_sam_sid); - - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = lp_workgroup(); - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, global_sam_sid); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup())); - return ntstatus; - } - - /* Make sure the BUILTIN domain is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", - SAM_DEFAULT_BACKEND)); - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = "BUILTIN"; - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, &global_sid_Builtin); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - -static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends) -{ - int i, j; - - DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__)); - - for (i = 0; i < *nBackends; i++) { - for (j = i + 1; j < *nBackends; j++) { - if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) { - DEBUG(0,("two backend modules claim the same domain %s\n", - sid_string_static((*backend_entries)[j].domain_sid))); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - return NT_STATUS_OK; -} - -NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param) -{ - int i = 0, j = 0; - SAM_METHODS *curmethods, *tmpmethods; - int nBackends = 0; - SAM_BACKEND_ENTRY *backends = NULL; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__)); - - if (!sam_backends_param) { - DEBUG(1, ("no SAM backeds specified!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { - DEBUG(4,("make_sam_context failed\n")); - return nt_status; - } - - while (sam_backends_param[nBackends]) - nBackends++; - - DEBUG(6,("There are %d domains listed with their backends\n", nBackends)); - - if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) { - DEBUG(0,("make_sam_context_list: failed to allocate backends\n")); - return NT_STATUS_NO_MEMORY; - } - - memset(backends, '\0', sizeof(*backends)*nBackends); - - for (i = 0; i < nBackends; i++) { - DEBUG(8,("processing %s\n",sam_backends_param[i])); - if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) { - DEBUG(4,("make_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - } - - if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) { - DEBUG(4,("check_duplicate_backend_entries failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - - for (i = 0; i < nBackends; i++) { - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); - } - - for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid); - - SAFE_FREE(backends); - return NT_STATUS_OK; -} - -/****************************************************************** - Make a sam_context from scratch. - *******************************************************************/ - -NTSTATUS make_sam_context(SAM_CONTEXT **context) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("sam_context internal allocation context"); - - if (!mem_ctx) { - DEBUG(0, ("make_sam_context: talloc init failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - *context = talloc(mem_ctx, sizeof(**context)); - if (!*context) { - DEBUG(0, ("make_sam_context: talloc failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*context); - - (*context)->mem_ctx = mem_ctx; - - (*context)->free_fn = free_sam_context; - - return NT_STATUS_OK; -} - -/****************************************************************** - Return an already initialised sam_context, to facilitate backward - compatibility (see functions below). - *******************************************************************/ - -static struct sam_context *sam_get_static_context(BOOL reload) -{ - static SAM_CONTEXT *sam_context = NULL; - - if ((sam_context) && (reload)) { - sam_context->free_fn(&sam_context); - sam_context = NULL; - } - - if (!sam_context) { - if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { - DEBUG(4,("make_sam_context_list failed\n")); - return NULL; - } - - /* Make sure the required domains (default domain, builtin) are available */ - if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) { - DEBUG(4,("sam_context_check_default_backends failed\n")); - return NULL; - } - } - - return sam_context; -} - -/*************************************************************** - Initialize the static context (at smbd startup etc). - - If uninitialised, context will auto-init on first use. - ***************************************************************/ - -BOOL initialize_sam(BOOL reload) -{ - return (sam_get_static_context(reload) != NULL); -} - - -/************************************************************** - External API. This is what the rest of the world calls... -***************************************************************/ - -/****************************************************************** - sam_* functions are used to link the external SAM interface - with the internal backends. These functions lookup the appropriate - backends for the domain and pass on to the function in sam_methods - in the selected backend - - When the context parmater is NULL, the default is used. - *******************************************************************/ - -#define SAM_SETUP_CONTEXT if (!context) \ - context = sam_get_static_context(False);\ - if (!context) {\ - return NT_STATUS_UNSUCCESSFUL; \ - }\ - - - -NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_sec_desc) { - DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_set_sec_desc) { - DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_lookup_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_name) { - DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { - DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n", - tmp_methods->domain_name, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_lookup_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - sid_copy(&domainsid, sid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_lookup_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_sid) { - DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) { - DEBUG(4,("sam_lookup_name for %s in backend %s failed\n", - sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid domain specified */ - SAM_ASSERT(domain && domain->current_sam_methods); - - tmp_methods = domain->current_sam_methods; - - if (!tmp_methods->sam_update_domain) { - DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){ - DEBUG(4,("sam_update_domain in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - int i = 0; - - DEBUG(5,("sam_enum_domains: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters specified */ - SAM_ASSERT(domain_count && domains && domain_names); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) { - DEBUG(3,("sam_enum_domains: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - *domain_count = 0; - - while (tmp_methods) { - (*domain_count)++; - tmp_methods= tmp_methods->next; - } - - DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count))); - - tmp_methods = context->methods; - - if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n")); - return NT_STATUS_NO_MEMORY; - } - - if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n")); - SAFE_FREE((*domains)); - return NT_STATUS_NO_MEMORY; - } - - while (tmp_methods) { - DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid))); - sid_copy(domains[i],&tmp_methods->domain_sid); - *domain_names[i] = smb_xstrdup(tmp_methods->domain_name); - i++; - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - - DEBUG(5,("sam_lookup_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid paramters */ - SAM_ASSERT(access_token && domain && domainsid); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) { - DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - - while (tmp_methods) { - if (strcmp(domain, tmp_methods->domain_name) == 0) { - (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy((*domainsid), &tmp_methods->domain_sid); - return NT_STATUS_OK; - } - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_NO_SUCH_DOMAIN; -} - - -NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && domain); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_domain_handle) { - DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { - DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n", - sid_string_static(domainsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(access_token && domainsid && account_name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_account) { - DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) { - DEBUG(4,("sam_create_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - DOM_SID domainsid; - const DOM_SID *accountsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) { - DEBUG(0,("Can't get account SID\n")); - return nt_status; - } - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_account) { - DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){ - DEBUG(4,("sam_add_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_update_account) { - DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){ - DEBUG(4,("sam_update_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_delete_account) { - DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){ - DEBUG(4,("sam_delete_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_accounts: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && account_count && accounts); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) { - DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - DOM_SID domainsid; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && accountsid && account); - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_sid) { - DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) { - DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n", - sid_string_static(accountsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_name) { - DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) { - DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && group_name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_group) { - DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) { - DEBUG(4,("sam_create_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - DOM_SID domainsid; - const DOM_SID *groupsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) { - DEBUG(0,("Can't get group SID\n")); - return nt_status; - } - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_group) { - DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){ - DEBUG(4,("sam_add_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_update_group) { - DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){ - DEBUG(4,("sam_update_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_group) { - DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){ - DEBUG(4,("sam_delete_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_groups: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && groups_count && groups); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) { - DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && groupsid && group); - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_sid) { - DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { - DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n", - sid_string_static(groupsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_name) { - DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { - DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_add_member_to_group) { - DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) { - DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; - -} - -NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_member_from_group) { - DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) { - DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods && members_count && members); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_enum_groupmembers) { - DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) { - DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - uint32 tmp_group_count; - SAM_GROUP_ENUM *tmp_groups; - - DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid sam_context specified */ - SAM_ASSERT(access_token && sids && context && context->methods); - - *group_count = 0; - - *groups = NULL; - - tmp_methods= context->methods; - - while (tmp_methods) { - DEBUG(5,("getting groups from domain \n")); - if (!tmp_methods->sam_get_groups_of_sid) { - DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n")); - SAFE_FREE(*groups); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) { - DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname)); - SAFE_FREE(*groups); - return nt_status; - } - - *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM)); - - memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count); - - SAFE_FREE(tmp_groups); - - *group_count += tmp_group_count; - - tmp_methods = tmp_methods->next; - } - - return NT_STATUS_OK; -} - - diff --git a/source3/sam/sam_ads.c b/source3/sam/sam_ads.c deleted file mode 100755 index 13e0369004..0000000000 --- a/source3/sam/sam_ads.c +++ /dev/null @@ -1,1378 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Active Directory SAM backend, for simulate a W2K DC in mixed mode. - - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -#ifdef HAVE_LDAP - -static int sam_ads_debug_level = DBGC_SAM; - -#undef DBGC_CLASS -#define DBGC_CLASS sam_ads_debug_level - -#ifndef FIXME -#define FIXME( body ) { DEBUG(0,("FIXME: "));\ - DEBUGADD(0,(body));} -#endif - -#define ADS_STATUS_OK ADS_ERROR(0) -#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL) -#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED) - - -#define ADS_SUBTREE_BUILTIN "CN=Builtin," -#define ADS_SUBTREE_COMPUTERS "CN=Computers," -#define ADS_SUBTREE_DC "CN=Domain Controllers," -#define ADS_SUBTREE_USERS "CN=Users," -#define ADS_ROOT_TREE "" -/* Here are private module structs and functions */ - -typedef struct sam_ads_privates { - ADS_STRUCT *ads_struct; - TALLOC_CTX *mem_ctx; - BOOL bind_plaintext; - char *ads_bind_dn; - char *ads_bind_pw; - char *ldap_uri; - /* did we need something more? */ -}SAM_ADS_PRIVATES; - - -/* get only these LDAP attributes, witch we really need for an account */ -const char *account_attrs[] = { "objectSid", - "objectGUID", - "sAMAccountType", - "sAMAcountName", - "userPrincipalName", - "accountExpires", - "badPasswordTime", - "badPwdCount", - "lastLogoff", - "lastLogon", - "userWorkstations", - "dBCSPwd", - "unicodePwd", - "pwdLastSet", - "userAccountControl", - "profilePath", - "homeDrive", - "scriptPath", - "homeDirectory", - "cn", - "primaryGroupID",/* 513 */ - "nsNPAllowDialIn",/* TRUE */ - "userParameters",/* Dial Back number ...*/ - "codePage",/* 0 */ - "countryCode",/* 0 */ - "adminCount",/* 1 or 0 */ - "logonCount",/* 0 */ - "managedObjects", - "memberOf",/* dn */ - "instanceType",/* 4 */ - "name", /* sync with cn */ - "description", - /* "nTSecurityDescriptor", */ - NULL}; - -/* get only these LDAP attributes, witch we really need for a group */ -const char *group_attrs[] = {"objectSid", - /* "objectGUID", */ - "sAMAccountType", - "sAMAcountName", - "groupType", - /* "member", */ - "description", - "name", /* sync with cn */ - /* "nTSecurityDescriptor", */ - NULL}; - - -/*************************************************** - return our ads connection. We keep the connection - open to make things faster -****************************************************/ -static ADS_STATUS sam_ads_cached_connection(SAM_ADS_PRIVATES *privates) -{ - ADS_STRUCT *ads_struct; - ADS_STATUS ads_status; - - if (!privates->ads_struct) { - privates->ads_struct = ads_init_simple(); - ads_struct = privates->ads_struct; - ads_struct->server.ldap_uri = smb_xstrdup(privates->ldap_uri); - if ((!privates->ads_bind_dn) || (!*privates->ads_bind_dn)) { - ads_struct->auth.flags |= ADS_AUTH_ANON_BIND; - } else { - ads_struct->auth.user_name - = smb_xstrdup(privates->ads_bind_dn); - if (privates->ads_bind_pw) { - ads_struct->auth.password - = smb_xstrdup(privates->ads_bind_pw); - } - } - if (privates->bind_plaintext) { - ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND; - } - } else { - ads_struct = privates->ads_struct; - } - - if (ads_struct->ld != NULL) { - /* connection has been opened. ping server. */ - struct sockaddr_un addr; - socklen_t len; - int sd; - if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { - /* the other end has died. reopen. */ - ldap_unbind_ext(ads_struct->ld, NULL, NULL); - ads_struct->ld = NULL; - } - } - - if (ads_struct->ld != NULL) { - DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n")); - return ADS_SUCCESS; - } - - ads_status = ads_connect(ads_struct); - - ads_status = ads_server_info(ads_struct); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status))); - /* return ads_status; */ FIXME("for now we only warn!\n"); - } - - DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n")); - return ADS_SUCCESS; -} - -static ADS_STATUS sam_ads_do_search(SAM_ADS_PRIVATES *privates, const char *bind_path, int scope, const char *exp, const char **attrs, void **res) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - - ads_status = sam_ads_cached_connection(privates); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - return ads_do_search_retry(privates->ads_struct, bind_path, scope, exp, attrs, res); -} - - -/********************************************* -here we have to check the update serial number - - this is the core of the ldap cache -*********************************************/ -static ADS_STATUS sam_ads_usn_is_valid(SAM_ADS_PRIVATES *privates, uint32 usn_in, uint32 *usn_out) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - - SAM_ASSERT(privates && privates->ads_struct && usn_out); - - ads_status = ads_USN(privates->ads_struct, usn_out); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if (*usn_out == usn_in) - return ADS_SUCCESS; - - return ads_status; -} - -/*********************************************** -Initialize SAM_ACCOUNT_HANDLE from an ADS query -************************************************/ -/* not ready :-( */ -static ADS_STATUS ads_entry2sam_account_handle(SAM_ADS_PRIVATES *privates, SAM_ACCOUNT_HANDLE *account ,void *msg) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER); - NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = account->mem_ctx; - char *tmp_str = NULL; - - SAM_ASSERT(privates && ads_struct && account && mem_ctx && msg); - - FIXME("should we really use ads_pull_username()(or ads_pull_string())?\n"); - if ((account->private.account_name = ads_pull_username(ads_struct, mem_ctx, msg))==NULL) { - DEBUG(0,("ads_pull_username failed\n")); - return ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER); - } - - if ((account->private.full_name = ads_pull_string(ads_struct, mem_ctx, msg,"name"))==NULL) { - DEBUG(3,("ads_pull_string for 'name' failed - skip\n")); - } - - if ((account->private.acct_desc = ads_pull_string(ads_struct, mem_ctx, msg,"description"))!=NULL) { - DEBUG(3,("ads_pull_string for 'acct_desc' failed - skip\n")); - } - - if ((account->private.home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"homeDirectory"))!=NULL) { - DEBUG(3,("ads_pull_string for 'homeDirectory' failed - skip\n")); - } - - if ((account->private.dir_drive = ads_pull_string(ads_struct, mem_ctx, msg,"homeDrive"))!=NULL) { - DEBUG(3,("ads_pull_string for 'homeDrive' failed - skip\n")); - } - - if ((account->private.profile_path = ads_pull_string(ads_struct, mem_ctx, msg,"profilePath"))!=NULL) { - DEBUG(3,("ads_pull_string for 'profilePath' failed - skip\n")); - } - - if ((account->private.logon_script = ads_pull_string(ads_struct, mem_ctx, msg,"scriptPath"))!=NULL) { - DEBUG(3,("ads_pull_string for 'scriptPath' failed - skip\n")); - } - - FIXME("check 'nsNPAllowDialIn' for munged_dial!\n"); - if ((account->private.munged_dial = ads_pull_string(ads_struct, mem_ctx, msg,"userParameters"))!=NULL) { - DEBUG(3,("ads_pull_string for 'userParameters' failed - skip\n")); - } - - if ((account->private.unix_home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"msSFUHomeDrirectory"))!=NULL) { - DEBUG(3,("ads_pull_string for 'msSFUHomeDrirectory' failed - skip\n")); - } - -#if 0 - FIXME("use function intern mem_ctx for pwdLastSet\n"); - if ((tmp_str = ads_pull_string(ads_struct, mem_ctx, msg,"pwdLastSet"))!=NULL) { - DEBUG(3,("ads_pull_string for 'pwdLastSet' failed - skip\n")); - } else { - account->private.pass_last_set_time = ads_parse_nttime(tmp_str); - tmp_str = NULL; - - } -#endif - -#if 0 -typedef struct sam_account_handle { - TALLOC_CTX *mem_ctx; - uint32 access_granted; - const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */ - void (*free_fn)(struct sam_account_handle **); - struct sam_account_data { - uint32 init_flag; - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - char * account_name; /* account_name string */ - SAM_DOMAIN_HANDLE * domain; /* domain of account */ - char *full_name; /* account's full name string */ - char *unix_home_dir; /* UNIX home directory string */ - char *home_dir; /* home directory string */ - char *dir_drive; /* home directory drive string */ - char *logon_script; /* logon script string */ - char *profile_path; /* profile path string */ - char *acct_desc; /* account description string */ - char *workstations; /* login from workstations string */ - char *unknown_str; /* don't know what this is, yet. */ - char *munged_dial; /* munged path name and dial-back tel number */ - DOM_SID account_sid; /* Primary Account SID */ - DOM_SID group_sid; /* Primary Group SID */ - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - char *plaintext_pw; /* if Null not available */ - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - uint32 unknown_1; /* 0x00ff ffff */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 hours[MAX_HOURS_LEN]; - uint32 unknown_2; /* 0x0002 0000 */ - uint32 unknown_3; /* 0x0000 04ec */ - } private; -} SAM_ACCOUNT_HANDLE; -#endif - - return ads_status; -} - - -/*********************************************** -Initialize SAM_GROUP_ENUM from an ads entry -************************************************/ -/* not ready :-( */ -static ADS_STATUS ads_entry2sam_group_enum(SAM_ADS_PRIVATES *privates, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry) -{ - ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL; - ADS_STRUCT *ads_struct = privates->ads_struct; - SAM_GROUP_ENUM __group_enum; - SAM_GROUP_ENUM *_group_enum = &__group_enum; - - SAM_ASSERT(privates && ads_struct && mem_ctx && group_enum && entry); - - *group_enum = _group_enum; - - DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n")); - - if (!ads_pull_sid(ads_struct, &entry, "objectSid", &(_group_enum->sid))) { - DEBUG(0,("No sid for!?\n")); - return ADS_STATUS_UNSUCCESSFUL; - } - - if (!(_group_enum->group_name = ads_pull_string(ads_struct, mem_ctx, &entry, "sAMAccountName"))) { - DEBUG(0,("No groupname found")); - return ADS_STATUS_UNSUCCESSFUL; - } - - if (!(_group_enum->group_desc = ads_pull_string(ads_struct, mem_ctx, &entry, "desciption"))) { - DEBUG(0,("No description found")); - return ADS_STATUS_UNSUCCESSFUL; - } - - DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n", - _group_enum->group_name, - _group_enum->group_desc, - sid_string_static(&(_group_enum->sid)) - )); - - return ads_status; -} - -static ADS_STATUS sam_ads_access_check(SAM_ADS_PRIVATES *privates, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired, uint32 *acc_granted) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED); - NTSTATUS nt_status; - uint32 my_acc_granted; - - SAM_ASSERT(privates && sd && access_token); - /* acc_granted can be set to NULL */ - - /* the steps you need are: - 1. get_sec_desc for sid - 2. se_map_generic(accessdesired, generic_mapping) - 3. se_access_check() */ - - if (!se_access_check(sd, access_token, access_desired, (acc_granted)?acc_granted:&my_acc_granted, &nt_status)) { - DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n")); - ads_status = ADS_ERROR_NT(nt_status); - return ads_status; - } - ads_status = ADS_ERROR_NT(nt_status); - return ads_status; -} - -static ADS_STATUS sam_ads_get_tree_sec_desc(SAM_ADS_PRIVATES *privates, const char *subtree, SEC_DESC **sd) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - char *search_path; - void *sec_desc_res; - void *sec_desc_msg; - const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL}; - - SAM_ASSERT(privates && ads_struct && mem_ctx && sd); - *sd = NULL; - - if (subtree) { - asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path); - } else { - asprintf(&search_path, "%s",""); - } - ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res); - SAFE_FREE(search_path); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) { - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - return ads_status; - } - - if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) { - *sd = NULL; - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - return ads_status; - } - - return ads_status; -} - -static ADS_STATUS sam_ads_account_policy_get(SAM_ADS_PRIVATES *privates, int field, uint32 *value) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - ADS_STRUCT *ads_struct = privates->ads_struct; - void *ap_res; - void *ap_msg; - const char *ap_attrs[] = {"minPwdLength",/* AP_MIN_PASSWORD_LEN */ - "pwdHistoryLength",/* AP_PASSWORD_HISTORY */ - "AP_USER_MUST_LOGON_TO_CHG_PASS",/* AP_USER_MUST_LOGON_TO_CHG_PASS */ - "maxPwdAge",/* AP_MAX_PASSWORD_AGE */ - "minPwdAge",/* AP_MIN_PASSWORD_AGE */ - "lockoutDuration",/* AP_LOCK_ACCOUNT_DURATION */ - "AP_RESET_COUNT_TIME",/* AP_RESET_COUNT_TIME */ - "AP_BAD_ATTEMPT_LOCKOUT",/* AP_BAD_ATTEMPT_LOCKOUT */ - "AP_TIME_TO_LOGOUT",/* AP_TIME_TO_LOGOUT */ - NULL}; - /*lockOutObservationWindow - lockoutThreshold $ pwdProperties*/ - static uint32 ap[9]; - static uint32 ap_usn = 0; - uint32 tmp_usn = 0; - - SAM_ASSERT(privates && ads_struct && value); - - FIXME("We need to decode all account_policy attributes!\n"); - - ads_status = sam_ads_usn_is_valid(privates,ap_usn,&tmp_usn); - if (!ADS_ERR_OK(ads_status)) { - ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if (ads_count_replies(ads_struct, ap_res) != 1) { - ads_msgfree(ads_struct, ap_res); - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) { - ads_msgfree(ads_struct, ap_res); - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) { - /* AP_MIN_PASSWORD_LEN */ - ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) { - /* AP_PASSWORD_HISTORY */ - ap[1] = 0;/* don't keep any old password */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) { - /* AP_USER_MUST_LOGON_TO_CHG_PASS */ - ap[2] = 0;/* don't force user to logon */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) { - /* AP_MAX_PASSWORD_AGE */ - ap[3] = MAX_PASSWORD_AGE;/* 21 days */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) { - /* AP_MIN_PASSWORD_AGE */ - ap[4] = 0;/* 0 days */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) { - /* AP_LOCK_ACCOUNT_DURATION */ - ap[5] = 0;/* lockout for 0 minutes */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) { - /* AP_RESET_COUNT_TIME */ - ap[6] = 0;/* reset immediatly */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) { - /* AP_BAD_ATTEMPT_LOCKOUT */ - ap[7] = 0;/* don't lockout */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) { - /* AP_TIME_TO_LOGOUT */ - ap[8] = -1;/* don't force logout */ - } - - ads_msgfree(ads_struct, ap_res); - ap_usn = tmp_usn; - } - - switch(field) { - case AP_MIN_PASSWORD_LEN: - *value = ap[0]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_PASSWORD_HISTORY: - *value = ap[1]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_USER_MUST_LOGON_TO_CHG_PASS: - *value = ap[2]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_MAX_PASSWORD_AGE: - *value = ap[3]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_MIN_PASSWORD_AGE: - *value = ap[4]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_LOCK_ACCOUNT_DURATION: - *value = ap[5]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_RESET_COUNT_TIME: - *value = ap[6]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_BAD_ATTEMPT_LOCKOUT: - *value = ap[7]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_TIME_TO_LOGOUT: - *value = ap[8]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - default: *value = 0; break; - } - - return ads_status; -} - - -/********************************** -Now the functions off the SAM API -***********************************/ - -/* General API */ -static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const DOM_SID *sid, SEC_DESC **sd) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx; - char *sidstr,*filter; - void *sec_desc_res; - void *sec_desc_msg; - const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL}; - fstring sid_str; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && sid && sd); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - sidstr = sid_binstring(sid); - if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) { - SAFE_FREE(sidstr); - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(sidstr); - - ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path, - LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs, - &sec_desc_res); - SAFE_FREE(filter); - - if (!ADS_ERR_OK(ads_status)) { - return ads_ntstatus(ads_status); - } - - if (!(mem_ctx = talloc_init("sec_desc parse in sam_ads"))) { - DEBUG(1, ("talloc_init() failed for sec_desc parse context in sam_ads")); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_NO_MEMORY; - } - - if (ads_count_replies(ads_struct, sec_desc_res) != 1) { - DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n", - sid_to_string(sid_str, sid))); - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) { - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) { - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return ads_ntstatus(ads_status); - } - - /* now, were we allowed to see the SD we just got? */ - - ads_msgfree(ads_struct, sec_desc_res); - talloc_destroy(mem_ctx); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const DOM_SID *sid, const SEC_DESC *sd) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - - -static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, - enum SID_NAME_USE *type) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type); -} - -static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const char *name, DOM_SID *sid, enum SID_NAME_USE *type) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && name && sid && type); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - return ads_name_to_sid(ads_struct, name, sid, type); -} - - -/* Domain API */ - -static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const uint32 access_desired, SAM_DOMAIN_HANDLE **domain) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */ - SAM_DOMAIN_HANDLE *dom_handle = NULL; - SEC_DESC *sd; - uint32 acc_granted; - uint32 tmp_value; - - DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__)); - - SAM_ASSERT(sam_method && access_token && domain); - - (*domain) = NULL; - - if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) { - DEBUG(0,("failed to talloc dom_handle\n")); - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - return ads_ntstatus(ads_status); - } - - ZERO_STRUCTP(dom_handle); - - dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */ - dom_handle->free_fn = NULL; - dom_handle->current_sam_methods = sam_method; - - /* check if access can be granted as requested */ - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - dom_handle->access_granted = acc_granted; - - /* fill all the values of dom_handle */ - sid_copy(&dom_handle->private.sid, &sam_method->domain_sid); - dom_handle->private.name = smb_xstrdup(sam_method->domain_name); - dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */ - - /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */ - ads_status = sam_ads_account_policy_get(privates, AP_MAX_PASSWORD_AGE, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n")); - tmp_value = MAX_PASSWORD_AGE; - } - unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_AGE, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_LOCK_ACCOUNT_DURATION, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_RESET_COUNT_TIME, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_LEN, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.min_passwordlength = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_PASSWORD_HISTORY, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.password_history = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.lockout_count = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_TIME_TO_LOGOUT, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n")); - tmp_value = -1; - } - - ads_status = sam_ads_account_policy_get(privates, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n")); - tmp_value = 0; - } - - /* should the real values of num_accounts, num_groups and num_aliases be retreved? - * I think it is to expensive to bother - */ - dom_handle->private.num_accounts = 3; - dom_handle->private.num_groups = 4; - dom_handle->private.num_aliases = 5; - - *domain = dom_handle; - - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - return ads_ntstatus(ads_status); -} - -/* Account API */ -static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method, - const NT_USER_TOKEN *access_token, uint32 access_desired, - const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && access_token && account_name && account); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_SUBTREE_USERS, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - ADS_MODLIST mods; - uint16 acct_ctrl; - char *new_dn; - SEC_DESC *sd; - uint32 acc_granted; - - SAM_ASSERT(sam_method && account); - - ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) { - /* Computer account */ - char *name,*controlstr; - char *hostname,*host_upn,*host_spn; - const char *objectClass[] = {"top", "person", "organizationalPerson", - "user", "computer", NULL}; - - ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname, - ads_struct->config.bind_path))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(mods = ads_init_mods(mem_ctx))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - - ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba"); - if (!ADS_ERR_OK(ads_status)) - goto done; - *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION); - if (!ADS_ERR_OK(ads_status)) - goto done; - */ - /* End Computer account */ - } else { - /* User account*/ - char *upn, *controlstr; - char *name, *fullname; - const char *objectClass[] = {"top", "person", "organizationalPerson", - "user", NULL}; - - ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname, - ads_struct->config.bind_path))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(mods = ads_init_mods(mem_ctx))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - }/* End User account */ - - /* Finally at the account */ - ads_status = ads_gen_add(ads_struct, new_dn, mods); - -done: - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - - - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -#if 0 -static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_sid && account); - - ads_status = ADS_ERROR_NT(sam_ads_get_sec_desc(sam_method, access_token, account_sid, &my_sd)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} -#else -static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} -#endif - -#if 0 -static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_name && account); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} -#else -static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} -#endif - -/* Group API */ -static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - void *res = NULL; - void *msg = NULL; - char *filter = NULL; - int i = 0; - - /* get only these LDAP attributes, witch we really need for a group */ - const char *group_enum_attrs[] = {"objectSid", - "description", - "sAMAcountName", - NULL}; - - SAM_ASSERT(sam_method && access_token && groups_count && groups); - - *groups_count = 0; - - DEBUG(3,("ads: enum_dom_groups\n")); - - FIXME("get only group from the wanted Type!\n"); - asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*"); - ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status))); - } - - *groups_count = ads_count_replies(ads_struct, res); - if (*groups_count == 0) { - DEBUG(1,("enum_groups: No groups found\n")); - } - - (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups)); - if (!*groups) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) { - uint32 grouptype; - - if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) { - ; - } else { - (*groups)->group_ctrl = ads_gtype2gcb(grouptype); - } - - if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) { - ; - } - - if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) { - ; - } - - if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) { - DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name)); - continue; - } - - i++; - } - - (*groups_count) = i; - - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - - DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count))); - - if (res) ads_msgfree(ads_struct, res); - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -/********************************** -Free our private data -***********************************/ -static void sam_ads_free_private_data(void **vp) -{ - SAM_ADS_PRIVATES **sam_ads_state = (SAM_ADS_PRIVATES **)vp; - - if ((*sam_ads_state)->ads_struct->ld) { - ldap_unbind((*sam_ads_state)->ads_struct->ld); - } - - ads_destroy(&((*sam_ads_state)->ads_struct)); - - talloc_destroy((*sam_ads_state)->mem_ctx); - FIXME("maybe we must free some other stuff here\n"); - - *sam_ads_state = NULL; -} - - - -/***************************************************** -Init the ADS SAM backend -******************************************************/ -NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params) -{ - ADS_STATUS ads_status; - SAM_ADS_PRIVATES *sam_ads_state; - TALLOC_CTX *mem_ctx; - - SAM_ASSERT(sam_method && sam_method->parent); - - mem_ctx = sam_method->parent->mem_ctx; - - /* Here the SAM API functions of the sam_ads module */ - - /* General API */ - - sam_method->sam_get_sec_desc = sam_ads_get_sec_desc; - sam_method->sam_set_sec_desc = sam_ads_set_sec_desc; - - sam_method->sam_lookup_sid = sam_ads_lookup_sid; - sam_method->sam_lookup_name = sam_ads_lookup_name; - - /* Domain API */ - - sam_method->sam_update_domain = sam_ads_update_domain; - sam_method->sam_get_domain_handle = sam_ads_get_domain_handle; - - /* Account API */ - - sam_method->sam_create_account = sam_ads_create_account; - sam_method->sam_add_account = sam_ads_add_account; - sam_method->sam_update_account = sam_ads_update_account; - sam_method->sam_delete_account = sam_ads_delete_account; - sam_method->sam_enum_accounts = sam_ads_enum_accounts; - - sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid; - sam_method->sam_get_account_by_name = sam_ads_get_account_by_name; - - /* Group API */ - - sam_method->sam_create_group = sam_ads_create_group; - sam_method->sam_add_group = sam_ads_add_group; - sam_method->sam_update_group = sam_ads_update_group; - sam_method->sam_delete_group = sam_ads_delete_group; - sam_method->sam_enum_groups = sam_ads_enum_groups; - sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid; - sam_method->sam_get_group_by_name = sam_ads_get_group_by_name; - - sam_method->sam_add_member_to_group = sam_ads_add_member_to_group; - sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group; - sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers; - - sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid; - - sam_ads_state = talloc_zero(mem_ctx, sizeof(SAM_ADS_PRIVATES)); - if (!sam_ads_state) { - DEBUG(0, ("talloc() failed for sam_ads private_data!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!(sam_ads_state->mem_ctx = talloc_init("sam_ads_method"))) { - DEBUG(0, ("talloc_init() failed for sam_ads_state->mem_ctx\n")); - return NT_STATUS_NO_MEMORY; - } - - sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind as")); - sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind pw")); - - sam_ads_state->bind_plaintext = strequal(lp_parm_string(NULL, "sam_ads", "plaintext bind"), "yes"); - - if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) { - DEBUG(0, ("talloc_strdup() failed for bind dn or password\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Maybe we should not check the result here? Server down on startup? */ - - if (module_params && *module_params) { - sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params); - if (!sam_ads_state->ldap_uri) { - DEBUG(0, ("talloc_strdup() failed for bind dn or password\n")); - return NT_STATUS_NO_MEMORY; - } - } else { - sam_ads_state->ldap_uri = "ldapi://"; - } - - ads_status = sam_ads_cached_connection(sam_ads_state); - if (!ADS_ERR_OK(ads_status)) { - return ads_ntstatus(ads_status); - } - - sam_method->private_data = sam_ads_state; - sam_method->free_private_data = sam_ads_free_private_data; - - sam_ads_debug_level = debug_add_class("sam_ads"); - if (sam_ads_debug_level == -1) { - sam_ads_debug_level = DBGC_ALL; - DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n")); - } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level)); - - DEBUG(5, ("Initializing sam_ads\n")); - if (module_params) - DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params)); - return NT_STATUS_OK; -} - -#else /* HAVE_LDAP */ -void sam_ads_dummy(void) -{ - DEBUG(0,("sam_ads: not supported!\n")); -} -#endif /* HAVE_LDAP */ diff --git a/source3/sam/sam_plugin.c b/source3/sam/sam_plugin.c deleted file mode 100644 index fd26c4b8d3..0000000000 --- a/source3/sam/sam_plugin.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Loadable san module interface. - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params) -{ - void *dl_handle; - char *plugin_params, *plugin_name, *p; - sam_init_function plugin_init; - int (*plugin_version)(void); - - if (module_params == NULL) { - DEBUG(0, ("The plugin module needs an argument!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - plugin_name = smb_xstrdup(module_params); - p = strchr(plugin_name, ':'); - if (p) { - *p = 0; - plugin_params = p+1; - trim_string(plugin_params, " ", " "); - } else plugin_params = NULL; - trim_string(plugin_name, " ", " "); - - DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name)); - dl_handle = sys_dlopen(plugin_name, RTLD_NOW); - if (!dl_handle) { - DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } - - plugin_version = sys_dlsym(dl_handle, "sam_version"); - if (!plugin_version) { - sys_dlclose(dl_handle); - DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } - - if (plugin_version()!=SAM_INTERFACE_VERSION) { - sys_dlclose(dl_handle); - DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", - plugin_version(),SAM_INTERFACE_VERSION)); - return NT_STATUS_UNSUCCESSFUL; - } - - plugin_init = sys_dlsym(dl_handle, "sam_init"); - if (!plugin_init) { - sys_dlclose(dl_handle); - DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name)); - return plugin_init(sam_methods, plugin_params); -} diff --git a/source3/sam/sam_skel.c b/source3/sam/sam_skel.c deleted file mode 100644 index b4d64bb6da..0000000000 --- a/source3/sam/sam_skel.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - Unix SMB/CIFS implementation. - this is a skeleton for SAM backend modules. - - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static int sam_skel_debug_level = DBGC_SAM; - -#undef DBGC_CLASS -#define DBGC_CLASS sam_skel_debug_level - -/* define the version of the SAM interface */ -SAM_MODULE_VERSIONING_MAGIC - -/* General API */ - -static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Domain API */ - -static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Account API */ - -static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Group API */ - -static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params) -{ - /* Functions your SAM module doesn't provide should be set - * to NULL */ - - sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc; - sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc; - - sam_methods->sam_lookup_sid = sam_skel_lookup_sid; - sam_methods->sam_lookup_name = sam_skel_lookup_name; - - /* Domain API */ - - sam_methods->sam_update_domain = sam_skel_update_domain; - sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle; - - /* Account API */ - - sam_methods->sam_create_account = sam_skel_create_account; - sam_methods->sam_add_account = sam_skel_add_account; - sam_methods->sam_update_account = sam_skel_update_account; - sam_methods->sam_delete_account = sam_skel_delete_account; - sam_methods->sam_enum_accounts = sam_skel_enum_accounts; - - sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid; - sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name; - - /* Group API */ - - sam_methods->sam_create_group = sam_skel_create_group; - sam_methods->sam_add_group = sam_skel_add_group; - sam_methods->sam_update_group = sam_skel_update_group; - sam_methods->sam_delete_group = sam_skel_delete_group; - sam_methods->sam_enum_groups = sam_skel_enum_groups; - sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid; - sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name; - - sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group; - sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group; - sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers; - - sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid; - - sam_methods->free_private_data = NULL; - - - sam_skel_debug_level = debug_add_class("sam_skel"); - if (sam_skel_debug_level == -1) { - sam_skel_debug_level = DBGC_SAM; - DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n")); - } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level)); - - if(module_params) - DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name)); - else - DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name)); - - return NT_STATUS_OK; -} |