summaryrefslogtreecommitdiff
path: root/source3/sam
diff options
context:
space:
mode:
Diffstat (limited to 'source3/sam')
-rw-r--r--source3/sam/SAM-interface_handles.txt123
-rw-r--r--source3/sam/account.c305
-rw-r--r--source3/sam/get_set_account.c845
-rw-r--r--source3/sam/get_set_domain.c263
-rw-r--r--source3/sam/get_set_group.c106
-rw-r--r--source3/sam/group.c193
-rw-r--r--source3/sam/gumm_tdb.c1193
-rw-r--r--source3/sam/gums.c161
-rw-r--r--source3/sam/gums_api.c1470
-rw-r--r--source3/sam/gums_helper.c610
-rw-r--r--source3/sam/idmap.c214
-rw-r--r--source3/sam/idmap_tdb.c526
-rw-r--r--source3/sam/interface.c1338
-rwxr-xr-xsource3/sam/sam_ads.c1378
-rw-r--r--source3/sam/sam_plugin.c79
-rw-r--r--source3/sam/sam_skel.c251
16 files changed, 0 insertions, 9055 deletions
diff --git a/source3/sam/SAM-interface_handles.txt b/source3/sam/SAM-interface_handles.txt
deleted file mode 100644
index 1c164bd198..0000000000
--- a/source3/sam/SAM-interface_handles.txt
+++ /dev/null
@@ -1,123 +0,0 @@
-SAM API
-
-NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)
-NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)
-
-NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)
-NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)
-
-
-Domain API
-
-NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)
-
-NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)
-NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)
-
-NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-
-
-User API
-
-NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)
-NTSTATUS sam_add_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_update_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)
-
-NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)
-
-NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
-NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
-
-
-Group API
-
-NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)
-
-NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-
-NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)
-
-NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-
-NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)
-
-
-
-structures
-
-typedef _SAM_GROUP_MEMBER {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a user */
-
-} SAM_GROUP_MEMBER
-
-typedef struct sam_user_enum {
- DOM_SID sid;
- char *username;
- char *full_name;
- char *user_desc;
- uint16 acc_ctrl;
-} SAM_USER_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *groupname;
- char *comment;
-} SAM_GROUP_ENUM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
-NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
-NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
-NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)
-NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-
-NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)
-NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)
-NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)
-NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)
-NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)
-NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)
-NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)
-NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)
-NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)
-NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)
-NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)
-NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)
-NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)
-NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)
-NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)
-NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)
-NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)
-NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)
-NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)
-NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
-NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
-NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
-NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
-NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)
-NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)
-NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)
-NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)
-
-NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)
-NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)
-NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)
-NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)
-NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set) \ No newline at end of file
diff --git a/source3/sam/account.c b/source3/sam/account.c
deleted file mode 100644
index b8336146cd..0000000000
--- a/source3/sam/account.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2001
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
- Copyright (C) Gerald (Jerry) Carter 2000-2001
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_ACCOUNT_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
-{
- ZERO_STRUCT(account->private); /* Don't touch the talloc context */
-
- /* Don't change these timestamp settings without a good reason.
- They are important for NT member server compatibility. */
-
- /* FIXME: We should actually call get_nt_time_max() or sthng
- * here */
- unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
- account->private.unknown_1 = 0x00ffffff; /* don't know */
- account->private.logon_divs = 168; /* hours per week */
- account->private.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
- account->private.unknown_2 = 0x00000000; /* don't know */
- account->private.unknown_3 = 0x000004ec; /* don't know */
-}
-
-static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
-{
- if (*account) {
- data_blob_clear_free(&((*account)->private.lm_pw));
- data_blob_clear_free(&((*account)->private.nt_pw));
- if((*account)->private.plaintext_pw!=NULL)
- memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
-
- talloc_destroy((*account)->mem_ctx);
- *account = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
-
- if (*account==NULL) {
- DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*account)->mem_ctx = mem_ctx;
-
- (*account)->free_fn = NULL;
-
- sam_fill_default_account(*account);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct sam_passwd.
- ************************************************************/
-
-NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*account)->free_fn = destroy_sam_talloc;
-
- return NT_STATUS_OK;
-}
-
-/**
- * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
- *
- * Also wipes the LM and NT hashes and plaintext password from
- * memory.
- *
- * @param account SAM_ACCOUNT_HANDLE to free members of.
- **/
-
-static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
-{
-
- /* Kill off sensitive data. Free()ed by the
- talloc mechinism */
-
- data_blob_clear_free(&(account->private.lm_pw));
- data_blob_clear_free(&(account->private.nt_pw));
- if (account->private.plaintext_pw)
- memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
-}
-
-
-/************************************************************
- Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
- ***********************************************************/
-
-NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
-{
- SMB_ASSERT(account != NULL);
-
- sam_free_account_contents(account);
-
- sam_fill_default_account(account);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_ACCOUNT_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- sam_free_account_contents(*account);
-
- if ((*account)->free_fn) {
- (*account)->free_fn(account);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return acct_ctrl;
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-
-void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-
-BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p)
- return (False);
-
- for (i = 0; i < 32; i += 2) {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
-
- if (!p1 || !p2)
- return (False);
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
diff --git a/source3/sam/get_set_account.c b/source3/sam/get_set_account.c
deleted file mode 100644
index acac281d21..0000000000
--- a/source3/sam/get_set_account.c
+++ /dev/null
@@ -1,845 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_ACCOUNT_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(!sampass || !sid);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_sid(domain, sid);
-}
-
-NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(sampass && domain_name);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_name(domain, domain_name);
-}
-
-NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl)
-{
- SAM_ASSERT(sampass && acct_ctrl);
-
- *acct_ctrl = sampass->private.acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time)
-{
- SAM_ASSERT(sampass && logon_time) ;
-
- *logon_time = sampass->private.logon_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time)
-{
- SAM_ASSERT(sampass && logoff_time) ;
-
- *logoff_time = sampass->private.logoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time)
-{
- SAM_ASSERT(sampass && kickoff_time);
-
- *kickoff_time = sampass->private.kickoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time)
-{
- SAM_ASSERT(sampass && pass_last_set_time);
-
- *pass_last_set_time = sampass->private.pass_last_set_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time)
-{
- SAM_ASSERT(sampass && pass_can_change_time);
-
- *pass_can_change_time = sampass->private.pass_can_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time)
-{
- SAM_ASSERT(sampass && pass_must_change_time);
-
- *pass_must_change_time = sampass->private.pass_must_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs)
-{
- SAM_ASSERT(sampass && logon_divs);
-
- *logon_divs = sampass->private.logon_divs;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len)
-{
- SAM_ASSERT(sampass && hours_len);
-
- *hours_len = sampass->private.hours_len;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours)
-{
- SAM_ASSERT(sampass && hours);
-
- *hours = sampass->private.hours;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.nt_pw.data)
- || sampass->private.nt_pw.length == NT_HASH_LEN);
-
- *nt_pwd = sampass->private.nt_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.lm_pw.data)
- || sampass->private.lm_pw.length == LM_HASH_LEN);
-
- *lm_pwd = sampass->private.lm_pw;
-
- return NT_STATUS_OK;
-}
-
-/* Return the plaintext password if known. Most of the time
- it isn't, so don't assume anything magic about this function.
-
- Used to pass the plaintext to sam backends that might
- want to store more than just the NTLM hashes.
-*/
-
-NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd)
-{
- SAM_ASSERT(sampass && plain_pwd);
-
- *plain_pwd = sampass->private.plaintext_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.account_sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.group_sid);
-
- return NT_STATUS_OK;
-}
-
-/**
- * Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @return the flags indicating the members initialised in the struct.
- **/
-
-NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag)
-{
- SAM_ASSERT(sampass);
-
- *initflag = sampass->private.init_flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name)
-{
- SAM_ASSERT(sampass);
-
- *account_name = sampass->private.account_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_ASSERT(sampass);
-
- *domain = sampass->private.domain;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname)
-{
- SAM_ASSERT(sampass);
-
- *fullname = sampass->private.full_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir)
-{
- SAM_ASSERT(sampass);
-
- *homedir = sampass->private.home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir)
-{
- SAM_ASSERT(sampass);
-
- *uhomedir = sampass->private.unix_home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive)
-{
- SAM_ASSERT(sampass);
-
- *dirdrive = sampass->private.dir_drive;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script)
-{
- SAM_ASSERT(sampass);
-
- *logon_script = sampass->private.logon_script;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path)
-{
- SAM_ASSERT(sampass);
-
- *profile_path = sampass->private.profile_path;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description)
-{
- SAM_ASSERT(sampass);
-
- *description = sampass->private.acct_desc;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations)
-{
- SAM_ASSERT(sampass);
-
- *workstations = sampass->private.workstations;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str)
-{
- SAM_ASSERT(sampass);
-
- *unknown_str = sampass->private.unknown_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial)
-{
- SAM_ASSERT(sampass);
-
- *munged_dial = sampass->private.munged_dial;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1)
-{
- SAM_ASSERT(sampass && unknown1);
-
- *unknown1 = sampass->private.unknown_1;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2)
-{
- SAM_ASSERT(sampass && unknown2);
-
- *unknown2 = sampass->private.unknown_2;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3)
-{
- SAM_ASSERT(sampass && unknown3);
-
- *unknown3 = sampass->private.unknown_3;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_ctrl = acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_time = mytime;
-
-
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logoff_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.kickoff_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_can_change_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_must_change_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_last_set_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.hours_len = len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_divs = hours;
- return NT_STATUS_OK;
-}
-
-/**
- * Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @param flag The *new* flag to be set. Old flags preserved
- * this flag is only added.
- **/
-
-NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.init_flag |= flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid)
-{
- SAM_ASSERT(sampass && u_sid);
-
- sid_copy(&sampass->private.account_sid, u_sid);
-
- DEBUG(10, ("sam_set_account_sid: setting account sid %s\n",
- sid_string_static(&sampass->private.account_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && u_sid);
-
- DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n",
- u_sid));
-
- if (!string_to_sid(&new_sid, u_sid)) {
- DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid)
-{
- SAM_ASSERT(sampass && g_sid);
-
- sid_copy(&sampass->private.group_sid, g_sid);
-
- DEBUG(10, ("sam_set_group_sid: setting group sid %s\n",
- sid_string_static(&sampass->private.group_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && g_sid);
-
- DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
- g_sid));
-
- if (!string_to_sid(&new_sid, g_sid)) {
- DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the domain name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.domain = domain;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name));
-
- sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's full name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
-
- sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's logon script.
- ********************************************************************/
-
-NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
-
- sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
-
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's profile path.
- ********************************************************************/
-
-NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
-
- sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's directory drive.
- ********************************************************************/
-
-NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
- sampass->private.dir_drive));
-
- sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
- sampass->private.home_dir));
-
- sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's unix home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
- sampass->private.unix_home_dir));
-
- sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's account description.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's workstation allowed list.
- ********************************************************************/
-
-NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
- sampass->private.workstations));
-
- sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's 'unknown_str', whatever the heck this actually is...
- ********************************************************************/
-
-NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's dial string.
- ********************************************************************/
-
-NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.nt_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's LM hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.lm_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's plaintext password only (base procedure, see helper
- below)
- ********************************************************************/
-
-NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_1 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_2 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_3 = unkn;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours)
-{
- SAM_ASSERT(sampass);
-
- if (!hours) {
- memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
- return NT_STATUS_OK;
- }
-
- memcpy(sampass->private.hours, hours, MAX_HOURS_LEN);
-
- return NT_STATUS_OK;
-}
-
-/* Helpful interfaces to the above */
-
-/*********************************************************************
- Sets the last changed times and must change times for a normal
- password change.
- ********************************************************************/
-
-NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass)
-{
- uint32 expire;
- NTTIME temptime;
-
- SAM_ASSERT(sampass);
-
- unix_to_nt_time(&temptime, time(NULL));
- if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
- || (expire==(uint32)-1)) {
-
- get_nttime_max(&temptime);
- if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False)))
- return NT_STATUS_UNSUCCESSFUL;
-
- } else {
- /* FIXME: Add expire to temptime */
-
- if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True)))
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's PLAINTEXT password. Used as an interface to the above.
- Also sets the last change time to NOW.
- ********************************************************************/
-
-NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext)
-{
- DATA_BLOB data;
- uchar new_lanman_p16[16];
- uchar new_nt_p16[16];
-
- SAM_ASSERT(sampass && plaintext);
-
- nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16);
-
- data = data_blob(new_nt_p16, 16);
- if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- data = data_blob(new_lanman_p16, 16);
-
- if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass)))
- return NT_STATUS_UNSUCCESSFUL;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c
deleted file mode 100644
index c70a4a3f09..0000000000
--- a/source3/sam/get_set_domain.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_DOMAIN access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid)
-{
- SAM_ASSERT(domain &&sid);
-
- *sid = &(domain->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts)
-{
- SAM_ASSERT(domain &&num_accounts);
-
- *num_accounts = domain->private.num_accounts;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-{
- SAM_ASSERT(domain &&num_groups);
-
- *num_groups = domain->private.num_groups;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-{
- SAM_ASSERT(domain &&num_aliases);
-
- *num_aliases = domain->private.num_aliases;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name)
-{
- SAM_ASSERT(domain &&domain_name);
-
- *domain_name = domain->private.name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name)
-{
- SAM_ASSERT(domain &&server_name);
-
- *server_name = domain->private.servername;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-{
- SAM_ASSERT(domain &&max_passwordage);
-
- *max_passwordage = domain->private.max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-{
- SAM_ASSERT(domain &&min_passwordage);
-
- *min_passwordage = domain->private.min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-{
- SAM_ASSERT(domain &&lockout_duration);
-
- *lockout_duration = domain->private.lockout_duration;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-{
- SAM_ASSERT(domain &&reset_lockout_count);
-
- *reset_lockout_count = domain->private.reset_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-{
- SAM_ASSERT(domain &&min_passwordlength);
-
- *min_passwordlength = domain->private.min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
-{
- SAM_ASSERT(domain &&password_history);
-
- *password_history = domain->private.password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-{
- SAM_ASSERT(domain &&lockout_count);
-
- *lockout_count = domain->private.lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-{
- SAM_ASSERT(domain &&force_logoff);
-
- *force_logoff = domain->private.force_logoff;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-{
- SAM_ASSERT(domain && login_pwdchange);
-
- *login_pwdchange = domain->private.login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-/* Set */
-
-NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.max_passwordage = max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordage = min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_duration = lockout_duration;
-
- return NT_STATUS_OK;
-}
-NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.reset_count = reset_lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordlength = min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
-{
- SAM_ASSERT(domain);
-
- domain->private.password_history = password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_count = lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
-{
- SAM_ASSERT(domain);
-
- domain->private.force_logoff = force_logoff;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
-{
- SAM_ASSERT(domain);
-
- domain->private.login_pwdchange = login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
-
- return NT_STATUS_OK;
-}
diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c
deleted file mode 100644
index 11ea9258a7..0000000000
--- a/source3/sam/get_set_group.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_USER_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/* sam group get functions */
-
-NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid)
-{
- SAM_ASSERT(group && sid);
-
- *sid = &(group->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl)
-{
- SAM_ASSERT(group && group_ctrl);
-
- *group_ctrl = group->private.group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name)
-{
- SAM_ASSERT(group);
-
- *group_name = group->private.group_name;
-
- return NT_STATUS_OK;
-
-}
-NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc)
-{
- SAM_ASSERT(group);
-
- *group_desc = group->private.group_desc;
-
- return NT_STATUS_OK;
-}
-
-/* sam group set functions */
-
-NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid)
-{
- SAM_ASSERT(group);
-
- if (!sid)
- ZERO_STRUCT(group->private.sid);
- else
- sid_copy(&(group->private.sid), sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl)
-{
- SAM_ASSERT(group);
-
- group->private.group_ctrl = group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name)
-{
- SAM_ASSERT(group);
-
- group->private.group_name = talloc_strdup(group->mem_ctx, group_name);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc)
-{
- SAM_ASSERT(group);
-
- group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc);
-
- return NT_STATUS_OK;
-
-}
diff --git a/source3/sam/group.c b/source3/sam/group.c
deleted file mode 100644
index 101e3dd7ce..0000000000
--- a/source3/sam/group.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
-
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_GROUP_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
-{
- ZERO_STRUCT(group->private); /* Don't touch the talloc context */
-
-}
-
-static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
-{
- if (*group) {
-
- talloc_destroy((*group)->mem_ctx);
- *group = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
-
- if (*group==NULL) {
- DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*group)->mem_ctx = mem_ctx;
-
- (*group)->free_fn = NULL;
-
- sam_fill_default_group(*group);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct SAM_GROUP_HANDLE.
- ************************************************************/
-
-NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*group)->free_fn = destroy_sam_group_handle_talloc;
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Reset the SAM_GROUP_HANDLE.
- ***********************************************************/
-
-NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
-{
- SMB_ASSERT(group != NULL);
-
- sam_fill_default_group(group);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_GROUP_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if ((*group)->free_fn) {
- (*group)->free_fn(group);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the group control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
-{
- static fstring group_str;
- size_t i = 0;
-
- group_str[i++] = '[';
-
- if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
- if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
-
- for ( ; i < length - 2 ; i++ )
- group_str[i] = ' ';
-
- i = length - 2;
- group_str[i++] = ']';
- group_str[i++] = '\0';
-
- return group_str;
-}
-
-/**********************************************************
- Decode the group control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_group_ctrl(const char *p)
-{
- uint16 group_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
- case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
-
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return group_ctrl;
-}
-
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c
deleted file mode 100644
index 5e390490cf..0000000000
--- a/source3/sam/gumm_tdb.c
+++ /dev/null
@@ -1,1193 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998
- * Copyright (C) Simo Sorce 2000-2002
- * Copyright (C) Gerald Carter 2000
- * Copyright (C) Jeremy Allison 2001
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "tdbsam2.h"
-#include "tdbsam2_parse_info.h"
-
-static int tdbgumm_debug_level = DBGC_ALL;
-#undef DBGC_CLASS
-#define DBGC_CLASS tdbgumm_debug_level
-
-#define TDBSAM_VERSION 20021215
-#define TDB_FILE_NAME "tdbsam2.tdb"
-#define NAMEPREFIX "NAME_"
-#define SIDPREFIX "SID_"
-#define PRIVILEGEPREFIX "PRIV_"
-
-#define TDB_FORMAT_STRING "ddB"
-
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-
-struct tdbsam2_enum_objs {
- uint32 type;
- fstring dom_sid;
- TDB_CONTEXT *db;
- TDB_DATA key;
- struct tdbsam2_enum_objs *next;
-};
-
-union tdbsam2_data {
- struct tdbsam2_domain_data *domain;
- struct tdbsam2_user_data *user;
- struct tdbsam2_group_data *group;
-};
-
-struct tdbsam2_object {
- uint32 type;
- uint32 version;
- union tdbsam2_data data;
-};
-
-static TDB_CONTEXT *tdbsam2_db;
-
-struct tdbsam2_enum_objs **teo_handlers;
-
-static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- int iret;
- char *obj_data;
- int data_size = 0;
- int len;
-
- len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
- &(object->version),
- &(object->type),
- &data_size, &obj_data);
-
- if (len == -1)
- goto done;
-
- /* version is checked inside this function so that backward compatibility code can be
- called eventually.
- this way we can easily handle database format upgrades */
- if (object->version != TDBSAM_VERSION) {
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
- goto done;
- }
-
- /* be sure the string is terminated before trying to parse it */
- if (obj_data[data_size - 1] != '\0')
- obj_data[data_size - 1] = '\0';
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(object->data.domain, ret, done);
- memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(object->data.group, ret, done);
- memset(object->data.group, 0, sizeof(struct tdbsam2_group_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data);
- break;
- case GUMS_OBJ_NORMAL_USER:
- object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(object->data.user, ret, done);
- memset(object->data.user, 0, sizeof(struct tdbsam2_user_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data);
- break;
- default:
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n"));
- goto done;
- }
-
- if (iret != 0) {
- DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n"));
- DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?"));
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- SAFE_FREE(obj_data);
- return ret;
-}
-
-static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object)
-{
-
- NTSTATUS ret;
- char *buf1 = NULL;
- size_t buflen;
-
- if (!buffer)
- return NT_STATUS_INVALID_PARAMETER;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0);
- break;
- case GUMS_OBJ_NORMAL_USER:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0);
- break;
- default:
- DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (buf1 == NULL) {
- DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- *buffer = talloc(mem_ctx, buflen);
- TALLOC_CHECK(*buffer, ret, done);
-
- *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- if (*len != buflen) {
- DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
- buflen, *len));
- *buffer = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-static NTSTATUS opentdb(void)
-{
- if (!tdbsam2_db) {
- pstring tdbfile;
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
- if (!tdbsam2_db)
- {
- DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid)
-{
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!obj || !mem_ctx || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(data.dptr);
-
- return NT_STATUS_OK;
-
-}
-
-static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
- fstring objname;
- DOM_SID sid;
- char *obj_sidstr;
- int obj_version, obj_type, obj_sidstr_len, len;
-
- if (!obj || !mem_ctx || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- unix_strlower(name, -1, objname, sizeof(objname));
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
- &obj_version,
- &obj_type,
- &obj_sidstr_len, &obj_sidstr);
-
- SAFE_FREE(data.dptr);
-
- if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) {
- DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!string_to_sid(&sid, obj_sidstr)) {
- DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
- SAFE_FREE(obj_sidstr);
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(obj_sidstr);
-
- return get_object_by_sid(mem_ctx, obj, &sid);
-}
-
-static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key, key2;
- fstring keystr;
- fstring namestr;
- int flag, r;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- if (new_obj) {
- flag = TDB_INSERT;
- } else {
- flag = TDB_MODIFY;
- }
-
- ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object);
- if (NT_STATUS_IS_ERR(ret))
- return ret;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name);
- break;
- default:
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- key2.dptr = namestr;
- key2.dsize = strlen(namestr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-/* TODO: update the general database counter */
-/* TODO: update this entry counter too */
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- DOM_SID *dom_sid = get_global_sam_sid();
- uint32 new_rid;
-
-/* TODO: LOCK DOMAIN OBJECT */
- ret = get_object_by_sid(mem_ctx, &obj, dom_sid);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-
- new_rid = obj.data.domain->next_rid;
-
- /* Increment the RID Counter */
- obj.data.domain->next_rid++;
-
- /* Store back Domain object */
- ret = store_object(mem_ctx, &obj, False);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-/* TODO: UNLOCK DOMAIN OBJECT */
-
- *sid = sid_dup_talloc(mem_ctx, dom_sid);
- TALLOC_CHECK(*sid, ret, error);
-
- if (!sid_append_rid(*sid, new_rid)) {
- DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto error;
- }
-
- return NT_STATUS_OK;
-
-error:
- return ret;
-}
-
-static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata)
-{
- NTSTATUS ret;
-
- if (!object || !userdata) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* userdata->xcounter */
- /* userdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error);
-
- SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error);
-
- if (userdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error);
-
- if (userdata->full_name)
- SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error);
-
- if (userdata->home_dir)
- SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error);
-
- if (userdata->dir_drive)
- SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error);
-
- if (userdata->logon_script)
- SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error);
-
- if (userdata->profile_path)
- SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error);
-
- if (userdata->workstations)
- SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error);
-
- if (userdata->unknown_str)
- SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error);
-
- if (userdata->munged_dial)
- SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error);
-
- SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error);
- SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error);
-
- if (userdata->hours)
- SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error);
-
- SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error);
- SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
- SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
-
- SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
- SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error);
- SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error);
- SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error);
- SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error);
- SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata)
-{
- NTSTATUS ret;
-
- if (!object || !groupdata) {
- DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* groupdata->xcounter */
- /* groupdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error);
-
- if (groupdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error);
-
- if (groupdata->count)
- SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata)
-{
-
- NTSTATUS ret;
-
- if (!object || !*object || !domdata) {
- DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* domdata->xcounter */
- /* domdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error);
-
- if (domdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data)
-{
-
- NTSTATUS ret;
-
- if (!object || !data) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
- ret = gums_create_object(object, data->type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n"));
- goto done;
- }
-
- switch (data->type) {
- case GUMS_OBJ_DOMAIN:
- ret = domain_data_to_gums_object(object, data->data.domain);
- break;
-
- case GUMS_OBJ_NORMAL_USER:
- ret = user_data_to_gums_object(object, data->data.user);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- ret = group_data_to_gums_object(object, data->data.group);
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- }
-
-done:
- return ret;
-}
-
-
-/* GUMM object functions */
-
-static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_get_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
-
- unix_strlower(name, -1, domname, sizeof(domname));
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(sid, obj.data.domain->dom_sid);
-
- ret = NT_STATUS_OK;
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_set_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- unix_strlower(name, -1, domname, sizeof(domname));
-
-/* TODO: we need to lock this entry until updated! */
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(obj.data.domain->dom_sid, sid);
-
- ret = store_object(mem_ctx, &obj, False);
-
-done:
-/* TODO: unlock here */
- if (mem_ctx) talloc_destroy(mem_ctx);
- return ret;
-}
-
-/* TODO */
- NTSTATUS (*get_sequence_number) (void);
-
-
-extern DOM_SID global_sid_NULL;
-
-static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- NTTIME zero_time = {0,0};
- const char *defpw = "NOPASSWORDXXXXXX";
- uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
-
- if (!sid || !name) {
- DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_new_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- obj.type = obj_type;
- obj.version = TDBSAM_VERSION;
-
- switch (obj_type) {
- case GUMS_OBJ_NORMAL_USER:
- obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(obj.data.user, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.user->user_sid));
- TALLOC_CHECK(obj.data.user->user_sid, ret, done);
- sid_copy(sid, obj.data.user->user_sid);
-
- obj.data.user->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.user, ret, done);
-
- obj.data.user->xcounter = 1;
- /*obj.data.user->sec_desc*/
- obj.data.user->description = "";
- obj.data.user->group_sid = &global_sid_NULL;
- obj.data.user->logon_time = &zero_time;
- obj.data.user->logoff_time = &zero_time;
- obj.data.user->kickoff_time = &zero_time;
- obj.data.user->pass_last_set_time = &zero_time;
- obj.data.user->pass_can_change_time = &zero_time;
- obj.data.user->pass_must_change_time = &zero_time;
-
- obj.data.user->full_name = "";
- obj.data.user->home_dir = "";
- obj.data.user->dir_drive = "";
- obj.data.user->logon_script = "";
- obj.data.user->profile_path = "";
- obj.data.user->workstations = "";
- obj.data.user->unknown_str = "";
- obj.data.user->munged_dial = "";
-
- obj.data.user->lm_pw_ptr = defpw;
- obj.data.user->nt_pw_ptr = defpw;
-
- obj.data.user->logon_divs = 168;
- obj.data.user->hours_len = 21;
- obj.data.user->hours = &defhours;
-
- obj.data.user->unknown_3 = 0x00ffffff;
- obj.data.user->unknown_5 = 0x00020000;
- obj.data.user->unknown_6 = 0x000004ec;
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(obj.data.group, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.group->group_sid));
- TALLOC_CHECK(obj.data.group->group_sid, ret, done);
- sid_copy(sid, obj.data.group->group_sid);
-
- obj.data.group->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.group, ret, done);
-
- obj.data.group->xcounter = 1;
- /*obj.data.group->sec_desc*/
- obj.data.group->description = "";
-
- break;
-
- case GUMS_OBJ_DOMAIN:
-
- /* FIXME: should we check against global_sam_sid to make it impossible
- to store more than one domain ? */
-
- obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid());
- TALLOC_CHECK(obj.data.domain->dom_sid, ret, done);
- sid_copy(sid, obj.data.domain->dom_sid);
-
- obj.data.domain->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->xcounter = 1;
- /*obj.data.domain->sec_desc*/
- obj.data.domain->next_rid = 0x3e9;
- obj.data.domain->description = "";
-
- ret = NT_STATUS_OK;
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = store_object(mem_ctx, &obj, True);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!sid) {
- DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_delete_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- switch (obj.type) {
- case GUMS_OBJ_DOMAIN:
- /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name);
- break;
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
-/* TODO: update the general database counter */
-
-done:
- SAFE_FREE(data.dptr);
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !sid) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_sid(mem_ctx, &obj, sid);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !name) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_name(mem_ctx, &obj, name);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
- /* This function is used to get the list of all objects changed since base_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
-static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type)
-{
- struct tdbsam2_enum_objs *teo, *t;
- pstring tdbfile;
-
- teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs));
- if (!teo) {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- teo->type = obj_type;
- if (sid) {
- sid_to_string(teo->dom_sid, sid);
- }
-
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600);
- if (!teo->db)
- {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile));
- SAFE_FREE(teo);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!teo_handlers) {
- *teo_handlers = teo;
- } else {
- t = *teo_handlers;
- while (t->next) {
- t = t->next;
- }
- t->next = teo;
- }
-
- handle = teo;
-
- teo->key = tdb_firstkey(teo->db);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
-{
- NTSTATUS ret;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data;
- struct tdbsam2_enum_objs *teo;
- struct tdbsam2_object obj;
- const char *prefix = SIDPREFIX;
- const int preflen = strlen(prefix);
-
- if (!object || !handle) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- while ((teo->key.dsize != 0)) {
- int len, version, type, size;
- char *ptr;
-
- if (strncmp(teo->key.dptr, prefix, preflen)) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- if (teo->dom_sid) {
- if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
- }
-
- data = tdb_fetch(teo->db, teo->key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
- DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
- &version,
- &type,
- &size, &ptr);
-
- if (len == -1) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(ptr);
-
- if (teo->type && type != teo->type) {
- SAFE_FREE(data.dptr);
- data.dsize = 0;
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- break;
- }
-
- if (data.dsize != 0) {
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(data.dptr);
- }
-
- ret = data_to_gums_object(object, &obj);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
-{
- struct tdbsam2_enum_objs *teo, *t, *p;
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- if (*teo_handlers == teo) {
- *teo_handlers = teo->next;
- } else {
- t = *teo_handlers;
- while (t != teo) {
- p = t;
- t = t->next;
- if (t == NULL) {
- DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- p = t->next;
- }
-
- tdb_close(teo->db);
- SAFE_FREE(teo);
-
- return NT_STATUS_OK;
-}
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-
-int gumm_init(GUMS_FUNCTIONS **storage)
-{
- tdbsam2_db = NULL;
- teo_handlers = 0;
-
- return 0;
-}
-
-#if 0
-int main(int argc, char *argv[])
-{
- NTSTATUS ret;
- DOM_SID dsid;
-
- if (argc < 2) {
- printf ("not enough arguments!\n");
- exit(0);
- }
-
- if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
- exit(1);
- }
-
- ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid));
- } else {
- printf ("_domain_ creation error n. 0x%08x\n", ret.v);
- }
- ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid));
- } else {
- printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v);
- }
-
- exit(0);
-}
-#endif
diff --git a/source3/sam/gums.c b/source3/sam/gums.c
deleted file mode 100644
index a118740637..0000000000
--- a/source3/sam/gums.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Grops and Users Management System initializations.
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_GUMS*/
-
-#define GMV_MAJOR 0
-#define GMV_MINOR 1
-
-#define PRIV_NONE 0
-#define PRIV_CREATE_TOKEN 1
-#define PRIV_ASSIGNPRIMARYTOKEN 2
-#define PRIV_LOCK_MEMORY 3
-#define PRIV_INCREASE_QUOTA 4
-#define PRIV_MACHINE_ACCOUNT 5
-#define PRIV_TCB 6
-#define PRIV_SECURITY 7
-#define PRIV_TAKE_OWNERSHIP 8
-#define PRIV_LOAD_DRIVER 9
-#define PRIV_SYSTEM_PROFILE 10
-#define PRIV_SYSTEMTIME 11
-#define PRIV_PROF_SINGLE_PROCESS 12
-#define PRIV_INC_BASE_PRIORITY 13
-#define PRIV_CREATE_PAGEFILE 14
-#define PRIV_CREATE_PERMANENT 15
-#define PRIV_BACKUP 16
-#define PRIV_RESTORE 17
-#define PRIV_SHUTDOWN 18
-#define PRIV_DEBUG 19
-#define PRIV_AUDIT 20
-#define PRIV_SYSTEM_ENVIRONMENT 21
-#define PRIV_CHANGE_NOTIFY 22
-#define PRIV_REMOTE_SHUTDOWN 23
-#define PRIV_UNDOCK 24
-#define PRIV_SYNC_AGENT 25
-#define PRIV_ENABLE_DELEGATION 26
-#define PRIV_ALL 255
-
-
-GUMS_FUNCTIONS *gums_storage;
-static void *dl_handle;
-
-static PRIVS gums_privs[] = {
- {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
- {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
- {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
- {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
- {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
- {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
- {PRIV_TCB, "SeTCB", "TCB"},
- {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
- {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
- {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {PRIV_AUDIT, "SeAudit", "Audit"},
- {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
- {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
- {PRIV_UNDOCK, "SeUndock", "Undock"},
- {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
- {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
- {PRIV_ALL, "SaAllPrivs", "All Privileges"}
-};
-
-NTSTATUS gums_init(const char *module_name)
-{
- int (*module_version)(int);
- NTSTATUS (*module_init)();
-/* gums_module_init module_init;*/
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5, ("Opening gums module %s\n", module_name));
- dl_handle = sys_dlopen(module_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- module_version = sys_dlsym(dl_handle, "gumm_version");
- if (!module_version) {
- DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
- DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
- DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
- }
-
- module_init = sys_dlsym(dl_handle, "gumm_init");
- if (!module_init) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- goto error;
- }
-
- DEBUG(5, ("Initializing module %s\n", module_name));
-
- ret = module_init(&gums_storage);
- goto done;
-
-error:
- ret = NT_STATUS_UNSUCCESSFUL;
- sys_dlclose(dl_handle);
-
-done:
- return ret;
-}
-
-NTSTATUS gums_unload(void)
-{
- NTSTATUS ret;
- NTSTATUS (*module_finalize)();
-
- if (!dl_handle)
- return NT_STATUS_UNSUCCESSFUL;
-
- module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
- if (!module_finalize) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Finalizing module"));
-
- ret = module_finalize();
- sys_dlclose(dl_handle);
-
- return ret;
-}
diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c
deleted file mode 100644
index 2e5dcd143a..0000000000
--- a/source3/sam/gums_api.c
+++ /dev/null
@@ -1,1470 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-/*******************************************************************
- Create a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
-{
- SEC_ACL *dst;
- int i;
-
- if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->num_aces = num_aces;
- dst->size = SEC_ACL_HEADER_SIZE;
-
- /* Now we need to return a non-NULL address for the ace list even
- if the number of aces required is zero. This is because there
- is a distinct difference between a NULL ace and an ace with zero
- entries in it. This is achieved by checking that num_aces is a
- positive number. */
-
- if ((num_aces) &&
- ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
- == NULL)) {
- return NULL;
- }
-
- for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
- dst->size += ace_list[i].size;
- }
-
- return dst;
-}
-
-
-
-/*******************************************************************
- Duplicate a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
-{
- if(src == NULL)
- return NULL;
-
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
-}
-
-
-
-/*******************************************************************
- Creates a SEC_DESC structure
-********************************************************************/
-
-static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
- DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
-{
- SEC_DESC *dst;
- uint32 offset = 0;
- uint32 offset_sid = SEC_DESC_HEADER_SIZE;
- uint32 offset_acl = 0;
-
- *sd_size = 0;
-
- if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
-
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
-
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
-
- if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
- goto error_exit;
-
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
- goto error_exit;
-
- if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
- goto error_exit;
-
- if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
- goto error_exit;
-
- offset = 0;
-
- /*
- * Work out the linearization sizes.
- */
- if (dst->owner_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->owner_sid);
- }
-
- if (dst->grp_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->grp_sid);
- }
-
- if (dst->sacl != NULL) {
-
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_sacl = offset_acl;
- offset_acl += dst->sacl->size;
- offset += dst->sacl->size;
- offset_sid += dst->sacl->size;
- }
-
- if (dst->dacl != NULL) {
-
- if (offset_acl == 0)
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_dacl = offset_acl;
- offset_acl += dst->dacl->size;
- offset += dst->dacl->size;
- offset_sid += dst->dacl->size;
- }
-
- *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
-
- if (dst->owner_sid != NULL)
- dst->off_owner_sid = offset_sid;
-
- /* sid_size() returns 0 if the sid is NULL so this is ok */
-
- if (dst->grp_sid != NULL)
- dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
-
- return dst;
-
-error_exit:
-
- *sd_size = 0;
- return NULL;
-}
-
-/*******************************************************************
- Duplicate a SEC_DESC structure.
-********************************************************************/
-
-static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision,
- src->owner_sid, src->grp_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-
-
-
-
-
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-/* Functions to get/set info from a GUMS object */
-
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
-{
- TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
- GUMS_OBJECT *go;
- NTSTATUS ret;
-
- go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
- go->mem_ctx = mem_ctx;
- go->type = type;
- go->version = GUMS_OBJECT_VERSION;
-
- switch(type) {
- case GUMS_OBJ_DOMAIN:
- break;
-
-/*
- case GUMS_OBJ_WORKSTATION_TRUST:
- case GUMS_OBJ_SERVER_TRUST:
- case GUMS_OBJ_DOMAIN_TRUST:
-*/
- case GUMS_OBJ_NORMAL_USER:
- go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
- break;
-
- default:
- /* TODO: throw error */
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto error;
- }
-
- if (!(go->data.user)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
-
- *obj = go;
- return NT_STATUS_OK;
-
-error:
- talloc_destroy(go->mem_ctx);
- *obj = NULL;
- return ret;
-}
-
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
-{
- if (!version || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *version = obj->version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->version = version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
-{
- if (!sec_desc || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
-{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sid = obj->sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
-{
- if (!name || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *name = obj->name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
-{
- if (!obj || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
-{
- if (!description || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *description = obj->description;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description)
-{
- if (!obj || !description)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->description = (char *)talloc_strdup(obj->mem_ctx, description);
- if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-/* User specific functions */
-
-/*
-NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
-{
- if (!priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- *priv_set = obj->priv_set;
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *rid = obj->data.domain->next_rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.domain->next_rid = rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *sid = obj->data.user->group_sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (!nt_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *nt_pwd = &(obj->data.user->nt_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
-{
- if (!obj || nt_pwd.length != NT_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (!lm_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *lm_pwd = &(obj->data.user->lm_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
-{
- if (!obj || lm_pwd.length != LM_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
-{
- if (!fullname || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *fullname = obj->data.user->full_name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
-{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
-{
- if (!homedir || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *homedir = obj->data.user->home_dir;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
-{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
-{
- if (!dirdrive || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *dirdrive = obj->data.user->dir_drive;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
-{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
-{
- if (!logon_script || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_script = obj->data.user->logon_script;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
-{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
-{
- if (!profile_path || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *profile_path = obj->data.user->profile_path;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
-{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
-{
- if (!workstations || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *workstations = obj->data.user->workstations;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
-{
- if (!obj || !workstations)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
-{
- if (!unknown_str || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_str = obj->data.user->unknown_str;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
-{
- if (!obj || !unknown_str)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
-{
- if (!munged_dial || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *munged_dial = obj->data.user->munged_dial;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
-{
- if (!obj || !munged_dial)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj)
-{
- if (!logon_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_time = obj->data.user->logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_time = logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj)
-{
- if (!logoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logoff_time = obj->data.user->logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logoff_time = logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj)
-{
- if (!kickoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *kickoff_time = obj->data.user->kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->kickoff_time = kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj)
-{
- if (!pass_last_set_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_last_set_time = obj->data.user->pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_last_set_time = pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_can_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_can_change_time = obj->data.user->pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_can_change_time = pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_must_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_must_change_time = obj->data.user->pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_must_change_time = pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
-{
- if (!logon_divs || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_divs = obj->data.user->logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
-{
- if (!obj || !logon_divs)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_divs = logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
-{
- if (!hours_len || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours_len = obj->data.user->hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->hours_len = hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
-{
- if (!hours || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours = obj->data.user->hours;
- return NT_STATUS_OK;
-}
-
-/* WARNING: always set hours_len before hours */
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours)
-{
- if (!obj || !hours)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- if (obj->data.user->hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len);
- if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj)
-{
- if (!unknown_3 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_3 = obj->data.user->unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj)
-{
- if (!unknown_5 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_5 = obj->data.user->unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_5 = unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj)
-{
- if (!unknown_6 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_6 = obj->data.user->unknown_6;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
-}
-
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
-{
- if (!count || !members || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *count = obj->data.group->count;
- *members = *(obj->data.group->members);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members)
-{
- uint32 n;
-
- if (!obj || !members || !members)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.group->count = count;
- n = 0;
- do {
- obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
- if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
- n++;
- } while (n < count);
- return NT_STATUS_OK;
-}
-
-/* data_store set functions */
-
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
-
- mem_ctx = talloc_init("commit_set");
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
-{
- GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
- if (new_sec_desc == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_sec_desc;
-
- return NT_STATUS_OK;
-}
-
-/*
-NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
-{
- GUMS_DATA_SET *data_set;
- PRIVILEGE_SET *new_priv_set;
-
- if (!mem_ctx || !com_set || !priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv_set;
-
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
-{
- GUMS_DATA_SET *data_set;
- char *new_str;
-
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
- if (new_str == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (char *)(data_set->data) = new_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
-}
-
-NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
-}
-
-NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
-}
-
-NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
-}
-
-NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
-}
-
-NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
-}
-
-NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
-}
-
-NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
-}
-
-NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
-}
-
-NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
-}
-
-NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
-{
- GUMS_DATA_SET *data_set;
- NTTIME *new_time;
-
- if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
- if (new_time == NULL)
- return NT_STATUS_NO_MEMORY;
-
- new_time->low = nttime->low;
- new_time->high = nttime->high;
- (char *)(data_set->data) = new_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
-}
-
-NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
-}
-
-NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
-}
-
-NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
-}
-
-NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
-}
-
-NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
-}
-
-NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
-{
- return gums_storage->set_object_values(&(set->sid), set->count, set->data);
-}
-
-NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
-{
- talloc_destroy((*com_set)->mem_ctx);
- *com_set = NULL;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c
deleted file mode 100644
index c22e6cf7ff..0000000000
--- a/source3/sam/gums_helper.c
+++ /dev/null
@@ -1,610 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS backends helper functions
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Power_Users;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-extern DOM_SID global_sid_Builtin_Replicator;
-extern DOM_SID global_sid_Builtin_Users;
-extern DOM_SID global_sid_Builtin_Guests;
-
-
-/* defines */
-
-#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
-
-/****************************************************************************
- Check if a user is a mapped group.
-
- This function will check if the group SID is mapped onto a
- system managed gid or onto a winbind manged sid.
- In the first case it will be threated like a mapped group
- and the backend should take the member list with a getgrgid
- and ignore any user that have been possibly set into the group
- object.
-
- In the second case, the group is a fully SAM managed group
- served back to the system through winbind. In this case the
- members of a Local group are "unrolled" to cope with the fact
- that unix cannot contain groups inside groups.
- The backend MUST never call any getgr* / getpw* function or
- loops with winbind may happen.
- ****************************************************************************/
-
-#if 0
-NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
-{
- NTSTATUS result;
- gid_t id;
-
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
- result = idmap_get_gid_from_sid(&id, sid, False);
- if (NT_STATUS_IS_OK(result)) {
- *mapped = gid_is_in_winbind_range(id);
- } else {
- *mapped = False;
- }
-
- return result;
-}
-#endif
-
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void gums_init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (gums_check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- gums_init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- gums_init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
-#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
-#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
- (READ_CONTROL_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO | \
- SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
-
-#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-
-
-#if 0
-NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
-{
- DOM_SID *world = &global_sid_World;
- DOM_SID *admins = &global_sid_Builtin_Administrators;
- SEC_ACCESS sa;
- SEC_ACE sacl_ace;
- SEC_ACE dacl_aces[2];
- SEC_ACL *sacl = NULL;
- SEC_ACL *dacl = NULL;
- size_t psize;
-
- init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
- init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
-
- sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
- init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
- init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
-
- dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
- if (!(*sec_desc)) {
- DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
-{
- NTSTATUS result;
- SEC_ACE *new_aces;
- unsigned num_aces;
- int i;
-
- num_aces = sec_desc->dacl->num_aces + 1;
- result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
- if (NT_STATUS_IS_OK(result)) {
- sec_desc->dacl->ace = new_aces;
- sec_desc->dacl->num_aces = num_aces;
- sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
- for (i = 0; i < num_aces; i++) {
- sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
- }
- }
- return result;
-}
-
-NTSTATUS gums_init_builtin_groups(void)
-{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Administrators * /
-
- /* alloc group structure */
- g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
-
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data.group;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
-
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
-
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
-
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
-
- /* make privilege set */
- /* SE_PRIV_??? */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Account Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Server Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Print Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Backup Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
- /* Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
-}
-#endif
-
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
deleted file mode 100644
index b18423a13b..0000000000
--- a/source3/sam/idmap.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Winbind ID Mapping
- Copyright (C) Tim Potter 2000
- Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003
- Copyright (C) Simo Sorce 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_IDMAP
-
-static struct {
-
- const char *name;
- /* Function to create a member of the idmap_methods list */
- NTSTATUS (*reg_meth)(struct idmap_methods **methods);
- struct idmap_methods *methods;
-
-} remote_idmap_functions[] = {
-
- { "tdb", idmap_reg_tdb, NULL },
- /* { "ldap", idmap_reg_ldap, NULL },*/
- { NULL, NULL, NULL }
-
-};
-
-static struct idmap_methods *local_cache;
-static struct idmap_methods *remote_repo;
-
-static struct idmap_methods *get_methods(const char *name)
-{
- int i = 0;
- struct idmap_methods *ret = NULL;
-
- while (remote_idmap_functions[i].name && strcmp(remote_idmap_functions[i].name, name)) {
- i++;
- }
-
- if (remote_idmap_functions[i].name) {
-
- if (!remote_idmap_functions[i].methods) {
- remote_idmap_functions[i].reg_meth(&remote_idmap_functions[i].methods);
- }
-
- ret = remote_idmap_functions[i].methods;
- }
-
- return ret;
-}
-
-/* Load idmap backend functions */
-BOOL load_methods(void)
-{
- if (!local_cache) {
- idmap_reg_tdb(&local_cache);
- }
-
- if (!remote_repo && lp_idmap_backend()) {
- DEBUG(3, ("load_methods: using '%s' as remote backend\n", lp_idmap_backend()));
-
- remote_repo = get_methods(lp_idmap_backend());
- if (!remote_repo) {
- DEBUG(0, ("load_methods: could not load remote backend '%s'\n", lp_idmap_backend()));
- return False;
- }
- }
-
- idmap_init();
-
- return True;
-}
-
-/* Initialize backend */
-NTSTATUS idmap_init(void)
-{
- NTSTATUS ret;
-
- ret = remote_repo->init("idmap.tdb");
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(3, ("idmap_init: init failed!\n"));
- }
-
- return ret;
-}
-
-static NTSTATUS idmap_set_mapping(DOM_SID *sid, unid_t id, int id_type)
-{
- NTSTATUS ret;
-
- if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
-
- ret = local_cache->set_mapping(sid, id, id_type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n"));
- return ret;
- }
-
- /* Being able to update the remote cache is seldomly right.
- Generally this is a forbidden operation. */
- if (!(id_type & ID_CACHE) && (remote_repo != NULL)) {
- remote_repo->set_mapping(sid, id, id_type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n"));
- }
- }
-
- return ret;
-}
-
-/* Get ID from SID */
-NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid)
-{
- NTSTATUS ret;
- int loc_type;
-
- if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
-
- loc_type = *id_type;
- if (remote_repo) { /* We have a central remote idmap */
- loc_type |= ID_NOMAP;
- }
- ret = local_cache->get_id_from_sid(id, &loc_type, sid);
- if (NT_STATUS_IS_ERR(ret)) {
- if (remote_repo) {
- ret = remote_repo->get_id_from_sid(id, id_type, sid);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
- } else {
- loc_type |= ID_CACHE;
- idmap_set_mapping(sid, *id, loc_type);
- }
- }
- } else {
- *id_type = loc_type & ID_TYPEMASK;
- }
-
- return ret;
-}
-
-/* Get SID from ID */
-NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
-{
- NTSTATUS ret;
- int loc_type;
-
- if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
-
- loc_type = id_type;
- if (remote_repo) {
- loc_type = id_type | ID_NOMAP;
- }
- ret = local_cache->get_sid_from_id(sid, id, loc_type);
- if (NT_STATUS_IS_ERR(ret)) {
- if (remote_repo) {
- ret = remote_repo->get_sid_from_id(sid, id, id_type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n"));
- } else {
- loc_type |= ID_CACHE;
- idmap_set_mapping(sid, id, loc_type);
- }
- }
- }
-
- return ret;
-}
-
-/* Close backend */
-NTSTATUS idmap_close(void)
-{
- NTSTATUS ret;
-
- if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
-
- ret = local_cache->close();
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(3, ("idmap_close: failed to close local cache!\n"));
- }
-
- if (remote_repo) {
- ret = remote_repo->close();
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
- }
- }
-
- return ret;
-}
-
-/* Dump backend status */
-void idmap_status(void)
-{
- if (load_methods()) {
- local_cache->status();
- remote_repo->status();
- }
-}
-
diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c
deleted file mode 100644
index 4af46ac8d3..0000000000
--- a/source3/sam/idmap_tdb.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- idmap TDB backend
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Anthony Liguori 2003
- Copyright (C) Simo Sorce 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_IDMAP
-
-/* High water mark keys */
-#define HWM_GROUP "GROUP HWM"
-#define HWM_USER "USER HWM"
-
-/* idmap version determines auto-conversion */
-#define IDMAP_VERSION 2
-
-/* Globals */
-static TDB_CONTEXT *idmap_tdb;
-
-struct idmap_state {
-
- /* User and group id pool */
-
- uid_t uid_low, uid_high; /* Range of uids to allocate */
- gid_t gid_low, gid_high; /* Range of gids to allocate */
-} idmap_state;
-
-
-/* FIXME: let handle conversions when all things work ok.
- I think it is better to handle the conversion at
- upgrade time and leave the old db intact.
- That would also make easier to go back to 2.2 if needed
- ---SSS */
-#if 0
-
-/* convert one record to the new format */
-static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data,
- void *ignored)
-{
- struct winbindd_domain *domain;
- char *p;
- DOM_SID sid;
- uint32 rid;
- fstring keystr;
- fstring dom_name;
- TDB_DATA key2;
-
- p = strchr(key.dptr, '/');
- if (!p)
- return 0;
-
- *p = 0;
- fstrcpy(dom_name, key.dptr);
- *p++ = '/';
-
- domain = find_domain_from_name(dom_name);
- if (!domain) {
- /* We must delete the old record. */
- DEBUG(0,
- ("winbindd: tdb_convert_fn : Unable to find domain %s\n",
- dom_name));
- DEBUG(0,
- ("winbindd: tdb_convert_fn : deleting record %s\n",
- key.dptr));
- tdb_delete(idmap_tdb, key);
- return 0;
- }
-
- rid = atoi(p);
-
- sid_copy(&sid, &domain->sid);
- sid_append_rid(&sid, rid);
-
- sid_to_string(keystr, &sid);
- key2.dptr = keystr;
- key2.dsize = strlen(keystr) + 1;
-
- if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
- /* not good! */
- DEBUG(0,
- ("winbindd: tdb_convert_fn : Unable to update record %s\n",
- key2.dptr));
- DEBUG(0,
- ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
- return -1;
- }
-
- if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
- /* not good! */
- DEBUG(0,
- ("winbindd: tdb_convert_fn : Unable to update record %s\n",
- data.dptr));
- DEBUG(0,
- ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
- return -1;
- }
-
- tdb_delete(idmap_tdb, key);
-
- return 0;
-}
-
-/*****************************************************************************
- Convert the idmap database from an older version.
-*****************************************************************************/
-static BOOL tdb_idmap_convert(const char *idmap_name)
-{
- int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
- BOOL bigendianheader =
- (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
-
- if (vers == IDMAP_VERSION)
- return True;
-
- if (((vers == -1) && bigendianheader)
- || (IREV(vers) == IDMAP_VERSION)) {
- /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
- /*
- * high and low records were created on a
- * big endian machine and will need byte-reversing.
- */
-
- int32 wm;
-
- wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
-
- if (wm != -1) {
- wm = IREV(wm);
- } else
- wm = server_state.uid_low;
-
- if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
- DEBUG(0,
- ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n"));
- return False;
- }
-
- wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
- if (wm != -1) {
- wm = IREV(wm);
- } else
- wm = server_state.gid_low;
-
- if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
- DEBUG(0,
- ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
- return False;
- }
- }
-
- /* the old format stored as DOMAIN/rid - now we store the SID direct */
- tdb_traverse(idmap_tdb, tdb_convert_fn, NULL);
-
- if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) ==
- -1) {
- DEBUG(0,
- ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
- return False;
- }
-
- return True;
-}
-#endif
-
-/* Allocate either a user or group id from the pool */
-static NTSTATUS tdb_allocate_id(unid_t *id, int id_type)
-{
- int hwm;
-
- if (!id) return NT_STATUS_INVALID_PARAMETER;
-
- /* Get current high water mark */
- switch (id_type & ID_TYPEMASK) {
- case ID_USERID:
- if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- if (hwm > idmap_state.uid_high) {
- DEBUG(0, ("idmap Fatal Error: UID range full!!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- (*id).uid = hwm++;
-
- /* Store new high water mark */
- tdb_store_int32(idmap_tdb, HWM_USER, hwm);
- break;
- case ID_GROUPID:
- if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- if (hwm > idmap_state.gid_high) {
- DEBUG(0, ("idmap Fatal Error: GID range full!!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- (*id).gid = hwm++;
-
- /* Store new high water mark */
- tdb_store_int32(idmap_tdb, HWM_GROUP, hwm);
- break;
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- return NT_STATUS_OK;
-}
-
-/* Get a sid from an id */
-static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
-{
- TDB_DATA key, data;
- fstring keystr;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if (!sid) return NT_STATUS_INVALID_PARAMETER;
-
- switch (id_type & ID_TYPEMASK) {
- case ID_USERID:
- slprintf(keystr, sizeof(keystr), "UID %d", id.uid);
- break;
- case ID_GROUPID:
- slprintf(keystr, sizeof(keystr), "GID %d", id.gid);
- break;
- default:
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(idmap_tdb, key);
-
- if (data.dptr) {
- if (string_to_sid(sid, data.dptr)) {
- ret = NT_STATUS_OK;
- }
- SAFE_FREE(data.dptr);
- }
-
- return ret;
-}
-
-/* Get an id from a sid */
-static NTSTATUS tdb_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid)
-{
- TDB_DATA data, key;
- fstring keystr;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if (!sid || !id || !id_type) return NT_STATUS_INVALID_PARAMETER;
-
- /* Check if sid is present in database */
- sid_to_string(keystr, sid);
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(idmap_tdb, key);
-
- if (data.dptr) {
- int type = *id_type & ID_TYPEMASK;
- fstring scanstr;
-
- if (type == ID_EMPTY || type == ID_USERID) {
- /* Parse and return existing uid */
- fstrcpy(scanstr, "UID %d");
-
- if (sscanf(data.dptr, scanstr, (*id).uid) == 1) {
- /* uid ok? */
- if (type == ID_EMPTY) {
- *id_type = ID_USERID;
- }
- ret = NT_STATUS_OK;
- goto idok;
- }
- }
-
- if (type == ID_EMPTY || type == ID_GROUPID) {
- /* Parse and return existing gid */
- fstrcpy(scanstr, "GID %d");
-
- if (sscanf(data.dptr, scanstr, (*id).gid) == 1) {
- /* gid ok? */
- if (type == ID_EMPTY) {
- *id_type = ID_GROUPID;
- }
- ret = NT_STATUS_OK;
- }
- }
-idok:
- SAFE_FREE(data.dptr);
-
- } else if (!(*id_type & ID_NOMAP) &&
- (((*id_type & ID_TYPEMASK) == ID_USERID)
- || (*id_type & ID_TYPEMASK) == ID_GROUPID)) {
-
- /* Allocate a new id for this sid */
- ret = tdb_allocate_id(id, *id_type);
- if (NT_STATUS_IS_OK(ret)) {
- fstring keystr2;
-
- /* Store new id */
- if (*id_type & ID_USERID) {
- slprintf(keystr2, sizeof(keystr2), "UID %d", (*id).uid);
- } else {
- slprintf(keystr2, sizeof(keystr2), "GID %d", (*id).gid);
- }
-
- data.dptr = keystr2;
- data.dsize = strlen(keystr2) + 1;
-
- if (tdb_store(idmap_tdb, key, data, TDB_INSERT) == -1) {
- /* TODO: print tdb error !! */
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (tdb_store(idmap_tdb, data, key, TDB_INSERT) == -1) {
- /* TODO: print tdb error !! */
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- ret = NT_STATUS_OK;
- }
- }
-
- return ret;
-}
-
-static NTSTATUS tdb_set_mapping(DOM_SID *sid, unid_t id, int id_type)
-{
- TDB_DATA ksid, kid;
- fstring ksidstr;
- fstring kidstr;
-
- if (!sid) return NT_STATUS_INVALID_PARAMETER;
-
- sid_to_string(ksidstr, sid);
-
- ksid.dptr = ksidstr;
- ksid.dsize = strlen(ksidstr) + 1;
-
- id_type &= ID_TYPEMASK;
- if (id_type & ID_USERID) {
- slprintf(kidstr, sizeof(kidstr), "UID %d", id.uid);
- } else if (id_type & ID_GROUPID) {
- slprintf(kidstr, sizeof(kidstr), "GID %d", id.gid);
- } else {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- kid.dptr = kidstr;
- kid.dsize = strlen(kidstr) + 1;
-
- if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) {
- /* TODO: print tdb error !! */
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) {
- /* TODO: print tdb error !! */
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-/*****************************************************************************
- Initialise idmap database.
-*****************************************************************************/
-static NTSTATUS tdb_idmap_init(const char *db_name)
-{
- /* Open tdb cache */
- if (!(idmap_tdb = tdb_open_log(lock_path(db_name), 0,
- TDB_DEFAULT, O_RDWR | O_CREAT,
- 0600))) {
- DEBUG(0, ("idmap_init: Unable to open idmap database\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
-#if 0
- /* possibly convert from an earlier version */
- if (!tdb_idmap_convert(lock_path("winbind_idmap.tdb"))) {
- DEBUG(0,
- ("idmap_init: Unable to open old idmap database\n"));
- return False;
- }
-#endif
-
- /* Create high water marks for group and user id */
- if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
- if (tdb_store_int32(idmap_tdb, HWM_USER, idmap_state.uid_low) == -1) {
- DEBUG(0, ("idmap_init: Unable to initialise user hwm in idmap database\n"));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
- }
-
- if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
- if (tdb_store_int32(idmap_tdb, HWM_GROUP, idmap_state.gid_low) == -1) {
- DEBUG(0, ("idmap_init: Unable to initialise group hwm in idmap database\n"));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/* Close the tdb */
-static NTSTATUS tdb_idmap_close(void)
-{
- if (idmap_tdb) {
- if (tdb_close(idmap_tdb) == 0) {
- return NT_STATUS_OK;
- } else {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- return NT_STATUS_OK;
-}
-
-
-/* Dump status information to log file. Display different stuff based on
- the debug level:
-
- Debug Level Information Displayed
- =================================================================
- 0 Percentage of [ug]id range allocated
- 0 High water marks (next allocated ids)
-*/
-
-#define DUMP_INFO 0
-
-static void tdb_idmap_status(void)
-{
- int user_hwm, group_hwm;
-
- DEBUG(0, ("winbindd idmap status:\n"));
-
- /* Get current high water marks */
-
- if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
- DEBUG(DUMP_INFO,
- ("\tCould not get userid high water mark!\n"));
- }
-
- if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
- DEBUG(DUMP_INFO,
- ("\tCould not get groupid high water mark!\n"));
- }
-
- /* Display next ids to allocate */
-
- if (user_hwm != -1) {
- DEBUG(DUMP_INFO,
- ("\tNext userid to allocate is %d\n", user_hwm));
- }
-
- if (group_hwm != -1) {
- DEBUG(DUMP_INFO,
- ("\tNext groupid to allocate is %d\n", group_hwm));
- }
-
- /* Display percentage of id range already allocated. */
-
- if (user_hwm != -1) {
- int num_users = user_hwm - idmap_state.uid_low;
- int total_users =
- idmap_state.uid_high - idmap_state.uid_low;
-
- DEBUG(DUMP_INFO,
- ("\tUser id range is %d%% full (%d of %d)\n",
- num_users * 100 / total_users, num_users,
- total_users));
- }
-
- if (group_hwm != -1) {
- int num_groups = group_hwm - idmap_state.gid_low;
- int total_groups =
- idmap_state.gid_high - idmap_state.gid_low;
-
- DEBUG(DUMP_INFO,
- ("\tGroup id range is %d%% full (%d of %d)\n",
- num_groups * 100 / total_groups, num_groups,
- total_groups));
- }
-
- /* Display complete mapping of users and groups to rids */
-}
-
-struct idmap_methods tdb_idmap_methods = {
-
- tdb_idmap_init,
- tdb_get_sid_from_id,
- tdb_get_id_from_sid,
- tdb_set_mapping,
- tdb_idmap_close,
- tdb_idmap_status
-
-};
-
-NTSTATUS idmap_reg_tdb(struct idmap_methods **meth)
-{
- *meth = &tdb_idmap_methods;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/sam/interface.c b/source3/sam/interface.c
deleted file mode 100644
index 51ae561999..0000000000
--- a/source3/sam/interface.c
+++ /dev/null
@@ -1,1338 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Kai Krüger 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-extern DOM_SID global_sid_Builtin;
-
-/** List of various built-in sam modules */
-
-const struct sam_init_function_entry builtin_sam_init_functions[] = {
- { "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
- { NULL, NULL}
-};
-
-
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
- DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
- tmp_methods->domain_name, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- sid_copy(&domainsid, sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
- DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
- sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid domain specified */
- SAM_ASSERT(domain && domain->current_sam_methods);
-
- tmp_methods = domain->current_sam_methods;
-
- if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
- DEBUG(4,("sam_update_domain in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
- int i = 0;
-
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
- *domain_count = 0;
-
- while (tmp_methods) {
- (*domain_count)++;
- tmp_methods= tmp_methods->next;
- }
-
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
-
- tmp_methods = context->methods;
-
- if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
- SAFE_FREE((*domains));
- return NT_STATUS_NO_MEMORY;
- }
-
- while (tmp_methods) {
- DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
- sid_copy(domains[i],&tmp_methods->domain_sid);
- *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
- i++;
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
-
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- if (strcmp(domain, tmp_methods->domain_name) == 0) {
- (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy((*domainsid), &tmp_methods->domain_sid);
- return NT_STATUS_OK;
- }
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
- DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
- sid_string_static(domainsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
- DEBUG(4,("sam_create_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- DOM_SID domainsid;
- const DOM_SID *accountsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
- DEBUG(0,("Can't get account SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
- DEBUG(4,("sam_add_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
- DEBUG(4,("sam_update_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
- DEBUG(4,("sam_delete_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
- DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- DOM_SID domainsid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
- DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
- sid_string_static(accountsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
- DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
- DEBUG(4,("sam_create_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- DOM_SID domainsid;
- const DOM_SID *groupsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
- DEBUG(0,("Can't get group SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
- DEBUG(4,("sam_add_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
- DEBUG(4,("sam_update_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
- DEBUG(4,("sam_delete_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
- DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
- DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
- sid_string_static(groupsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
- DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-
-}
-
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
- DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- uint32 tmp_group_count;
- SAM_GROUP_ENUM *tmp_groups;
-
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
-
- *group_count = 0;
-
- *groups = NULL;
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- DEBUG(5,("getting groups from domain \n"));
- if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
- SAFE_FREE(*groups);
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
- DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
- SAFE_FREE(*groups);
- return nt_status;
- }
-
- *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
-
- memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
-
- SAFE_FREE(tmp_groups);
-
- *group_count += tmp_group_count;
-
- tmp_methods = tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-
diff --git a/source3/sam/sam_ads.c b/source3/sam/sam_ads.c
deleted file mode 100755
index 13e0369004..0000000000
--- a/source3/sam/sam_ads.c
+++ /dev/null
@@ -1,1378 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Active Directory SAM backend, for simulate a W2K DC in mixed mode.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-#ifdef HAVE_LDAP
-
-static int sam_ads_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_ads_debug_level
-
-#ifndef FIXME
-#define FIXME( body ) { DEBUG(0,("FIXME: "));\
- DEBUGADD(0,(body));}
-#endif
-
-#define ADS_STATUS_OK ADS_ERROR(0)
-#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL)
-#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED)
-
-
-#define ADS_SUBTREE_BUILTIN "CN=Builtin,"
-#define ADS_SUBTREE_COMPUTERS "CN=Computers,"
-#define ADS_SUBTREE_DC "CN=Domain Controllers,"
-#define ADS_SUBTREE_USERS "CN=Users,"
-#define ADS_ROOT_TREE ""
-/* Here are private module structs and functions */
-
-typedef struct sam_ads_privates {
- ADS_STRUCT *ads_struct;
- TALLOC_CTX *mem_ctx;
- BOOL bind_plaintext;
- char *ads_bind_dn;
- char *ads_bind_pw;
- char *ldap_uri;
- /* did we need something more? */
-}SAM_ADS_PRIVATES;
-
-
-/* get only these LDAP attributes, witch we really need for an account */
-const char *account_attrs[] = { "objectSid",
- "objectGUID",
- "sAMAccountType",
- "sAMAcountName",
- "userPrincipalName",
- "accountExpires",
- "badPasswordTime",
- "badPwdCount",
- "lastLogoff",
- "lastLogon",
- "userWorkstations",
- "dBCSPwd",
- "unicodePwd",
- "pwdLastSet",
- "userAccountControl",
- "profilePath",
- "homeDrive",
- "scriptPath",
- "homeDirectory",
- "cn",
- "primaryGroupID",/* 513 */
- "nsNPAllowDialIn",/* TRUE */
- "userParameters",/* Dial Back number ...*/
- "codePage",/* 0 */
- "countryCode",/* 0 */
- "adminCount",/* 1 or 0 */
- "logonCount",/* 0 */
- "managedObjects",
- "memberOf",/* dn */
- "instanceType",/* 4 */
- "name", /* sync with cn */
- "description",
- /* "nTSecurityDescriptor", */
- NULL};
-
-/* get only these LDAP attributes, witch we really need for a group */
-const char *group_attrs[] = {"objectSid",
- /* "objectGUID", */
- "sAMAccountType",
- "sAMAcountName",
- "groupType",
- /* "member", */
- "description",
- "name", /* sync with cn */
- /* "nTSecurityDescriptor", */
- NULL};
-
-
-/***************************************************
- return our ads connection. We keep the connection
- open to make things faster
-****************************************************/
-static ADS_STATUS sam_ads_cached_connection(SAM_ADS_PRIVATES *privates)
-{
- ADS_STRUCT *ads_struct;
- ADS_STATUS ads_status;
-
- if (!privates->ads_struct) {
- privates->ads_struct = ads_init_simple();
- ads_struct = privates->ads_struct;
- ads_struct->server.ldap_uri = smb_xstrdup(privates->ldap_uri);
- if ((!privates->ads_bind_dn) || (!*privates->ads_bind_dn)) {
- ads_struct->auth.flags |= ADS_AUTH_ANON_BIND;
- } else {
- ads_struct->auth.user_name
- = smb_xstrdup(privates->ads_bind_dn);
- if (privates->ads_bind_pw) {
- ads_struct->auth.password
- = smb_xstrdup(privates->ads_bind_pw);
- }
- }
- if (privates->bind_plaintext) {
- ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND;
- }
- } else {
- ads_struct = privates->ads_struct;
- }
-
- if (ads_struct->ld != NULL) {
- /* connection has been opened. ping server. */
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ads_struct->ld, NULL, NULL);
- ads_struct->ld = NULL;
- }
- }
-
- if (ads_struct->ld != NULL) {
- DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n"));
- return ADS_SUCCESS;
- }
-
- ads_status = ads_connect(ads_struct);
-
- ads_status = ads_server_info(ads_struct);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status)));
- /* return ads_status; */ FIXME("for now we only warn!\n");
- }
-
- DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n"));
- return ADS_SUCCESS;
-}
-
-static ADS_STATUS sam_ads_do_search(SAM_ADS_PRIVATES *privates, const char *bind_path, int scope, const char *exp, const char **attrs, void **res)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- ads_status = sam_ads_cached_connection(privates);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- return ads_do_search_retry(privates->ads_struct, bind_path, scope, exp, attrs, res);
-}
-
-
-/*********************************************
-here we have to check the update serial number
- - this is the core of the ldap cache
-*********************************************/
-static ADS_STATUS sam_ads_usn_is_valid(SAM_ADS_PRIVATES *privates, uint32 usn_in, uint32 *usn_out)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- SAM_ASSERT(privates && privates->ads_struct && usn_out);
-
- ads_status = ads_USN(privates->ads_struct, usn_out);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (*usn_out == usn_in)
- return ADS_SUCCESS;
-
- return ads_status;
-}
-
-/***********************************************
-Initialize SAM_ACCOUNT_HANDLE from an ADS query
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_account_handle(SAM_ADS_PRIVATES *privates, SAM_ACCOUNT_HANDLE *account ,void *msg)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = account->mem_ctx;
- char *tmp_str = NULL;
-
- SAM_ASSERT(privates && ads_struct && account && mem_ctx && msg);
-
- FIXME("should we really use ads_pull_username()(or ads_pull_string())?\n");
- if ((account->private.account_name = ads_pull_username(ads_struct, mem_ctx, msg))==NULL) {
- DEBUG(0,("ads_pull_username failed\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- }
-
- if ((account->private.full_name = ads_pull_string(ads_struct, mem_ctx, msg,"name"))==NULL) {
- DEBUG(3,("ads_pull_string for 'name' failed - skip\n"));
- }
-
- if ((account->private.acct_desc = ads_pull_string(ads_struct, mem_ctx, msg,"description"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'acct_desc' failed - skip\n"));
- }
-
- if ((account->private.home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"homeDirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDirectory' failed - skip\n"));
- }
-
- if ((account->private.dir_drive = ads_pull_string(ads_struct, mem_ctx, msg,"homeDrive"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDrive' failed - skip\n"));
- }
-
- if ((account->private.profile_path = ads_pull_string(ads_struct, mem_ctx, msg,"profilePath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'profilePath' failed - skip\n"));
- }
-
- if ((account->private.logon_script = ads_pull_string(ads_struct, mem_ctx, msg,"scriptPath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'scriptPath' failed - skip\n"));
- }
-
- FIXME("check 'nsNPAllowDialIn' for munged_dial!\n");
- if ((account->private.munged_dial = ads_pull_string(ads_struct, mem_ctx, msg,"userParameters"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'userParameters' failed - skip\n"));
- }
-
- if ((account->private.unix_home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"msSFUHomeDrirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'msSFUHomeDrirectory' failed - skip\n"));
- }
-
-#if 0
- FIXME("use function intern mem_ctx for pwdLastSet\n");
- if ((tmp_str = ads_pull_string(ads_struct, mem_ctx, msg,"pwdLastSet"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'pwdLastSet' failed - skip\n"));
- } else {
- account->private.pass_last_set_time = ads_parse_nttime(tmp_str);
- tmp_str = NULL;
-
- }
-#endif
-
-#if 0
-typedef struct sam_account_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_account_handle **);
- struct sam_account_data {
- uint32 init_flag;
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
- char * account_name; /* account_name string */
- SAM_DOMAIN_HANDLE * domain; /* domain of account */
- char *full_name; /* account's full name string */
- char *unix_home_dir; /* UNIX home directory string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc; /* account description string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
- DOM_SID account_sid; /* Primary Account SID */
- DOM_SID group_sid; /* Primary Group SID */
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char *plaintext_pw; /* if Null not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_1; /* 0x00ff ffff */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
- uint32 unknown_2; /* 0x0002 0000 */
- uint32 unknown_3; /* 0x0000 04ec */
- } private;
-} SAM_ACCOUNT_HANDLE;
-#endif
-
- return ads_status;
-}
-
-
-/***********************************************
-Initialize SAM_GROUP_ENUM from an ads entry
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_group_enum(SAM_ADS_PRIVATES *privates, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry)
-{
- ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SAM_GROUP_ENUM __group_enum;
- SAM_GROUP_ENUM *_group_enum = &__group_enum;
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && group_enum && entry);
-
- *group_enum = _group_enum;
-
- DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n"));
-
- if (!ads_pull_sid(ads_struct, &entry, "objectSid", &(_group_enum->sid))) {
- DEBUG(0,("No sid for!?\n"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_name = ads_pull_string(ads_struct, mem_ctx, &entry, "sAMAccountName"))) {
- DEBUG(0,("No groupname found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_desc = ads_pull_string(ads_struct, mem_ctx, &entry, "desciption"))) {
- DEBUG(0,("No description found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n",
- _group_enum->group_name,
- _group_enum->group_desc,
- sid_string_static(&(_group_enum->sid))
- ));
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_access_check(SAM_ADS_PRIVATES *privates, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired, uint32 *acc_granted)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
- NTSTATUS nt_status;
- uint32 my_acc_granted;
-
- SAM_ASSERT(privates && sd && access_token);
- /* acc_granted can be set to NULL */
-
- /* the steps you need are:
- 1. get_sec_desc for sid
- 2. se_map_generic(accessdesired, generic_mapping)
- 3. se_access_check() */
-
- if (!se_access_check(sd, access_token, access_desired, (acc_granted)?acc_granted:&my_acc_granted, &nt_status)) {
- DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n"));
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
- }
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_get_tree_sec_desc(SAM_ADS_PRIVATES *privates, const char *subtree, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- char *search_path;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && sd);
- *sd = NULL;
-
- if (subtree) {
- asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path);
- } else {
- asprintf(&search_path, "%s","");
- }
- ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res);
- SAFE_FREE(search_path);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- *sd = NULL;
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_account_policy_get(SAM_ADS_PRIVATES *privates, int field, uint32 *value)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- void *ap_res;
- void *ap_msg;
- const char *ap_attrs[] = {"minPwdLength",/* AP_MIN_PASSWORD_LEN */
- "pwdHistoryLength",/* AP_PASSWORD_HISTORY */
- "AP_USER_MUST_LOGON_TO_CHG_PASS",/* AP_USER_MUST_LOGON_TO_CHG_PASS */
- "maxPwdAge",/* AP_MAX_PASSWORD_AGE */
- "minPwdAge",/* AP_MIN_PASSWORD_AGE */
- "lockoutDuration",/* AP_LOCK_ACCOUNT_DURATION */
- "AP_RESET_COUNT_TIME",/* AP_RESET_COUNT_TIME */
- "AP_BAD_ATTEMPT_LOCKOUT",/* AP_BAD_ATTEMPT_LOCKOUT */
- "AP_TIME_TO_LOGOUT",/* AP_TIME_TO_LOGOUT */
- NULL};
- /*lockOutObservationWindow
- lockoutThreshold $ pwdProperties*/
- static uint32 ap[9];
- static uint32 ap_usn = 0;
- uint32 tmp_usn = 0;
-
- SAM_ASSERT(privates && ads_struct && value);
-
- FIXME("We need to decode all account_policy attributes!\n");
-
- ads_status = sam_ads_usn_is_valid(privates,ap_usn,&tmp_usn);
- if (!ADS_ERR_OK(ads_status)) {
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (ads_count_replies(ads_struct, ap_res) != 1) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) {
- /* AP_MIN_PASSWORD_LEN */
- ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) {
- /* AP_PASSWORD_HISTORY */
- ap[1] = 0;/* don't keep any old password */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) {
- /* AP_USER_MUST_LOGON_TO_CHG_PASS */
- ap[2] = 0;/* don't force user to logon */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) {
- /* AP_MAX_PASSWORD_AGE */
- ap[3] = MAX_PASSWORD_AGE;/* 21 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) {
- /* AP_MIN_PASSWORD_AGE */
- ap[4] = 0;/* 0 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) {
- /* AP_LOCK_ACCOUNT_DURATION */
- ap[5] = 0;/* lockout for 0 minutes */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) {
- /* AP_RESET_COUNT_TIME */
- ap[6] = 0;/* reset immediatly */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) {
- /* AP_BAD_ATTEMPT_LOCKOUT */
- ap[7] = 0;/* don't lockout */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) {
- /* AP_TIME_TO_LOGOUT */
- ap[8] = -1;/* don't force logout */
- }
-
- ads_msgfree(ads_struct, ap_res);
- ap_usn = tmp_usn;
- }
-
- switch(field) {
- case AP_MIN_PASSWORD_LEN:
- *value = ap[0];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_PASSWORD_HISTORY:
- *value = ap[1];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_USER_MUST_LOGON_TO_CHG_PASS:
- *value = ap[2];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MAX_PASSWORD_AGE:
- *value = ap[3];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MIN_PASSWORD_AGE:
- *value = ap[4];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_LOCK_ACCOUNT_DURATION:
- *value = ap[5];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_RESET_COUNT_TIME:
- *value = ap[6];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_BAD_ATTEMPT_LOCKOUT:
- *value = ap[7];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_TIME_TO_LOGOUT:
- *value = ap[8];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- default: *value = 0; break;
- }
-
- return ads_status;
-}
-
-
-/**********************************
-Now the functions off the SAM API
-***********************************/
-
-/* General API */
-static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx;
- char *sidstr,*filter;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
- fstring sid_str;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && sid && sd);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
-
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- sidstr = sid_binstring(sid);
- if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) {
- SAFE_FREE(sidstr);
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(sidstr);
-
- ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs,
- &sec_desc_res);
- SAFE_FREE(filter);
-
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- if (!(mem_ctx = talloc_init("sec_desc parse in sam_ads"))) {
- DEBUG(1, ("talloc_init() failed for sec_desc parse context in sam_ads"));
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (ads_count_replies(ads_struct, sec_desc_res) != 1) {
- DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n",
- sid_to_string(sid_str, sid)));
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) {
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return ads_ntstatus(ads_status);
- }
-
- /* now, were we allowed to see the SD we just got? */
-
- ads_msgfree(ads_struct, sec_desc_res);
- talloc_destroy(mem_ctx);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, const SEC_DESC *sd)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-
-static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
- enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type);
-}
-
-static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const char *name, DOM_SID *sid, enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && name && sid && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_name_to_sid(ads_struct, name, sid, type);
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */
- SAM_DOMAIN_HANDLE *dom_handle = NULL;
- SEC_DESC *sd;
- uint32 acc_granted;
- uint32 tmp_value;
-
- DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__));
-
- SAM_ASSERT(sam_method && access_token && domain);
-
- (*domain) = NULL;
-
- if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) {
- DEBUG(0,("failed to talloc dom_handle\n"));
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- return ads_ntstatus(ads_status);
- }
-
- ZERO_STRUCTP(dom_handle);
-
- dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */
- dom_handle->free_fn = NULL;
- dom_handle->current_sam_methods = sam_method;
-
- /* check if access can be granted as requested */
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- dom_handle->access_granted = acc_granted;
-
- /* fill all the values of dom_handle */
- sid_copy(&dom_handle->private.sid, &sam_method->domain_sid);
- dom_handle->private.name = smb_xstrdup(sam_method->domain_name);
- dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */
-
- /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */
- ads_status = sam_ads_account_policy_get(privates, AP_MAX_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n"));
- tmp_value = MAX_PASSWORD_AGE;
- }
- unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_LOCK_ACCOUNT_DURATION, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_RESET_COUNT_TIME, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_LEN, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.min_passwordlength = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_PASSWORD_HISTORY, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.password_history = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.lockout_count = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_TIME_TO_LOGOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n"));
- tmp_value = -1;
- }
-
- ads_status = sam_ads_account_policy_get(privates, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n"));
- tmp_value = 0;
- }
-
- /* should the real values of num_accounts, num_groups and num_aliases be retreved?
- * I think it is to expensive to bother
- */
- dom_handle->private.num_accounts = 3;
- dom_handle->private.num_groups = 4;
- dom_handle->private.num_aliases = 5;
-
- *domain = dom_handle;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- return ads_ntstatus(ads_status);
-}
-
-/* Account API */
-static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method,
- const NT_USER_TOKEN *access_token, uint32 access_desired,
- const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_SUBTREE_USERS, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- ADS_MODLIST mods;
- uint16 acct_ctrl;
- char *new_dn;
- SEC_DESC *sd;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && account);
-
- ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) {
- /* Computer account */
- char *name,*controlstr;
- char *hostname,*host_upn,*host_spn;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", "computer", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba");
- if (!ADS_ERR_OK(ads_status))
- goto done;
- *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- */
- /* End Computer account */
- } else {
- /* User account*/
- char *upn, *controlstr;
- char *name, *fullname;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- }/* End User account */
-
- /* Finally at the account */
- ads_status = ads_gen_add(ads_struct, new_dn, mods);
-
-done:
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
-
-
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_sid && account);
-
- ads_status = ADS_ERROR_NT(sam_ads_get_sec_desc(sam_method, access_token, account_sid, &my_sd));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-/* Group API */
-static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- void *res = NULL;
- void *msg = NULL;
- char *filter = NULL;
- int i = 0;
-
- /* get only these LDAP attributes, witch we really need for a group */
- const char *group_enum_attrs[] = {"objectSid",
- "description",
- "sAMAcountName",
- NULL};
-
- SAM_ASSERT(sam_method && access_token && groups_count && groups);
-
- *groups_count = 0;
-
- DEBUG(3,("ads: enum_dom_groups\n"));
-
- FIXME("get only group from the wanted Type!\n");
- asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*");
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status)));
- }
-
- *groups_count = ads_count_replies(ads_struct, res);
- if (*groups_count == 0) {
- DEBUG(1,("enum_groups: No groups found\n"));
- }
-
- (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups));
- if (!*groups) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) {
- uint32 grouptype;
-
- if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) {
- ;
- } else {
- (*groups)->group_ctrl = ads_gtype2gcb(grouptype);
- }
-
- if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) {
- ;
- }
-
- if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) {
- ;
- }
-
- if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) {
- DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name));
- continue;
- }
-
- i++;
- }
-
- (*groups_count) = i;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
-
- DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count)));
-
- if (res) ads_msgfree(ads_struct, res);
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-/**********************************
-Free our private data
-***********************************/
-static void sam_ads_free_private_data(void **vp)
-{
- SAM_ADS_PRIVATES **sam_ads_state = (SAM_ADS_PRIVATES **)vp;
-
- if ((*sam_ads_state)->ads_struct->ld) {
- ldap_unbind((*sam_ads_state)->ads_struct->ld);
- }
-
- ads_destroy(&((*sam_ads_state)->ads_struct));
-
- talloc_destroy((*sam_ads_state)->mem_ctx);
- FIXME("maybe we must free some other stuff here\n");
-
- *sam_ads_state = NULL;
-}
-
-
-
-/*****************************************************
-Init the ADS SAM backend
-******************************************************/
-NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params)
-{
- ADS_STATUS ads_status;
- SAM_ADS_PRIVATES *sam_ads_state;
- TALLOC_CTX *mem_ctx;
-
- SAM_ASSERT(sam_method && sam_method->parent);
-
- mem_ctx = sam_method->parent->mem_ctx;
-
- /* Here the SAM API functions of the sam_ads module */
-
- /* General API */
-
- sam_method->sam_get_sec_desc = sam_ads_get_sec_desc;
- sam_method->sam_set_sec_desc = sam_ads_set_sec_desc;
-
- sam_method->sam_lookup_sid = sam_ads_lookup_sid;
- sam_method->sam_lookup_name = sam_ads_lookup_name;
-
- /* Domain API */
-
- sam_method->sam_update_domain = sam_ads_update_domain;
- sam_method->sam_get_domain_handle = sam_ads_get_domain_handle;
-
- /* Account API */
-
- sam_method->sam_create_account = sam_ads_create_account;
- sam_method->sam_add_account = sam_ads_add_account;
- sam_method->sam_update_account = sam_ads_update_account;
- sam_method->sam_delete_account = sam_ads_delete_account;
- sam_method->sam_enum_accounts = sam_ads_enum_accounts;
-
- sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid;
- sam_method->sam_get_account_by_name = sam_ads_get_account_by_name;
-
- /* Group API */
-
- sam_method->sam_create_group = sam_ads_create_group;
- sam_method->sam_add_group = sam_ads_add_group;
- sam_method->sam_update_group = sam_ads_update_group;
- sam_method->sam_delete_group = sam_ads_delete_group;
- sam_method->sam_enum_groups = sam_ads_enum_groups;
- sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid;
- sam_method->sam_get_group_by_name = sam_ads_get_group_by_name;
-
- sam_method->sam_add_member_to_group = sam_ads_add_member_to_group;
- sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group;
- sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers;
-
- sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid;
-
- sam_ads_state = talloc_zero(mem_ctx, sizeof(SAM_ADS_PRIVATES));
- if (!sam_ads_state) {
- DEBUG(0, ("talloc() failed for sam_ads private_data!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!(sam_ads_state->mem_ctx = talloc_init("sam_ads_method"))) {
- DEBUG(0, ("talloc_init() failed for sam_ads_state->mem_ctx\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind as"));
- sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind pw"));
-
- sam_ads_state->bind_plaintext = strequal(lp_parm_string(NULL, "sam_ads", "plaintext bind"), "yes");
-
- if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Maybe we should not check the result here? Server down on startup? */
-
- if (module_params && *module_params) {
- sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params);
- if (!sam_ads_state->ldap_uri) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- sam_ads_state->ldap_uri = "ldapi://";
- }
-
- ads_status = sam_ads_cached_connection(sam_ads_state);
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- sam_method->private_data = sam_ads_state;
- sam_method->free_private_data = sam_ads_free_private_data;
-
- sam_ads_debug_level = debug_add_class("sam_ads");
- if (sam_ads_debug_level == -1) {
- sam_ads_debug_level = DBGC_ALL;
- DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level));
-
- DEBUG(5, ("Initializing sam_ads\n"));
- if (module_params)
- DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params));
- return NT_STATUS_OK;
-}
-
-#else /* HAVE_LDAP */
-void sam_ads_dummy(void)
-{
- DEBUG(0,("sam_ads: not supported!\n"));
-}
-#endif /* HAVE_LDAP */
diff --git a/source3/sam/sam_plugin.c b/source3/sam/sam_plugin.c
deleted file mode 100644
index fd26c4b8d3..0000000000
--- a/source3/sam/sam_plugin.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Loadable san module interface.
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params)
-{
- void *dl_handle;
- char *plugin_params, *plugin_name, *p;
- sam_init_function plugin_init;
- int (*plugin_version)(void);
-
- if (module_params == NULL) {
- DEBUG(0, ("The plugin module needs an argument!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_name = smb_xstrdup(module_params);
- p = strchr(plugin_name, ':');
- if (p) {
- *p = 0;
- plugin_params = p+1;
- trim_string(plugin_params, " ", " ");
- } else plugin_params = NULL;
- trim_string(plugin_name, " ", " ");
-
- DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
- dl_handle = sys_dlopen(plugin_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_version = sys_dlsym(dl_handle, "sam_version");
- if (!plugin_version) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (plugin_version()!=SAM_INTERFACE_VERSION) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
- plugin_version(),SAM_INTERFACE_VERSION));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_init = sys_dlsym(dl_handle, "sam_init");
- if (!plugin_init) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name));
- return plugin_init(sam_methods, plugin_params);
-}
diff --git a/source3/sam/sam_skel.c b/source3/sam/sam_skel.c
deleted file mode 100644
index b4d64bb6da..0000000000
--- a/source3/sam/sam_skel.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- this is a skeleton for SAM backend modules.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static int sam_skel_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_skel_debug_level
-
-/* define the version of the SAM interface */
-SAM_MODULE_VERSIONING_MAGIC
-
-/* General API */
-
-static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Account API */
-
-static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Group API */
-
-static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params)
-{
- /* Functions your SAM module doesn't provide should be set
- * to NULL */
-
- sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
- sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
-
- sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
- sam_methods->sam_lookup_name = sam_skel_lookup_name;
-
- /* Domain API */
-
- sam_methods->sam_update_domain = sam_skel_update_domain;
- sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
-
- /* Account API */
-
- sam_methods->sam_create_account = sam_skel_create_account;
- sam_methods->sam_add_account = sam_skel_add_account;
- sam_methods->sam_update_account = sam_skel_update_account;
- sam_methods->sam_delete_account = sam_skel_delete_account;
- sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
-
- sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
- sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
-
- /* Group API */
-
- sam_methods->sam_create_group = sam_skel_create_group;
- sam_methods->sam_add_group = sam_skel_add_group;
- sam_methods->sam_update_group = sam_skel_update_group;
- sam_methods->sam_delete_group = sam_skel_delete_group;
- sam_methods->sam_enum_groups = sam_skel_enum_groups;
- sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
- sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
-
- sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
- sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
- sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
-
- sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
-
- sam_methods->free_private_data = NULL;
-
-
- sam_skel_debug_level = debug_add_class("sam_skel");
- if (sam_skel_debug_level == -1) {
- sam_skel_debug_level = DBGC_SAM;
- DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
-
- if(module_params)
- DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
- else
- DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
-
- return NT_STATUS_OK;
-}