From 2b2b0f7119fe043f61259579ce70e782f5f9ec5f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 Aug 2002 04:54:43 +0000 Subject: Put in intermediate version of new SAM system. It's not stable yet, code might be ugly, etc - please don't blame me for anything but instead try to fix the code :-). Compiling of the new sam system can be enabled with the configure option --with-sam Removing passdb/passgrp.c as it's unused fix typo in utils/testparm.c (This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c) --- source3/sam/account.c | 301 +++++++++++++ source3/sam/get_set_domain.c | 263 +++++++++++ source3/sam/get_set_group.c | 123 ++++++ source3/sam/get_set_user.c | 903 +++++++++++++++++++++++++++++++++++++ source3/sam/interface.c | 1001 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 2591 insertions(+) create mode 100644 source3/sam/account.c create mode 100644 source3/sam/get_set_domain.c create mode 100644 source3/sam/get_set_group.c create mode 100644 source3/sam/get_set_user.c create mode 100644 source3/sam/interface.c (limited to 'source3/sam') diff --git a/source3/sam/account.c b/source3/sam/account.c new file mode 100644 index 0000000000..1fec9966f6 --- /dev/null +++ b/source3/sam/account.c @@ -0,0 +1,301 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Jeremy Allison 1996-2001 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000-2001 + Copyright (C) Andrew Bartlett 2001-2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +/************************************************************ + Fill the SAM_USER_HANDLE with default values. + ***********************************************************/ + +static void sam_fill_default_user(SAM_USER_HANDLE *user) +{ + ZERO_STRUCT(user->private); /* Don't touch the talloc context */ + + /* Don't change these timestamp settings without a good reason. + They are important for NT member server compatibility. */ + + user->private.init_flag = FLAG_SAM_UNINIT; + + /* FIXME: We should actually call get_nt_time_max() or sthng + * here */ + unix_to_nt_time(&(user->private.logoff_time),get_time_t_max()); + unix_to_nt_time(&(user->private.kickoff_time),get_time_t_max()); + unix_to_nt_time(&(user->private.pass_must_change_time),get_time_t_max()); + user->private.unknown_1 = 0x00ffffff; /* don't know */ + user->private.logon_divs = 168; /* hours per week */ + user->private.hours_len = 21; /* 21 times 8 bits = 168 */ + memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */ + user->private.unknown_2 = 0x00000000; /* don't know */ + user->private.unknown_3 = 0x000004ec; /* don't know */ +} + +static void destroy_sam_talloc(SAM_USER_HANDLE **user) +{ + if (*user) { + talloc_destroy((*user)->mem_ctx); + *user = NULL; + } +} + + +/********************************************************************** + Alloc memory and initialises a SAM_USER_HANDLE on supplied mem_ctx. +***********************************************************************/ + +NTSTATUS sam_init_user_talloc(TALLOC_CTX *mem_ctx, SAM_USER_HANDLE **user) +{ + SMB_ASSERT(*user != NULL); + + if (!mem_ctx) { + DEBUG(0,("sam_init_user_talloc: mem_ctx was NULL!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + *user=(SAM_USER_HANDLE *)talloc(mem_ctx, sizeof(SAM_USER_HANDLE)); + + if (*user==NULL) { + DEBUG(0,("sam_init_user_talloc: error while allocating memory\n")); + return NT_STATUS_NO_MEMORY; + } + + (*user)->mem_ctx = mem_ctx; + + (*user)->free_fn = NULL; + + sam_fill_default_user(*user); + + return NT_STATUS_OK; +} + + +/************************************************************* + Alloc memory and initialises a struct sam_passwd. + ************************************************************/ + +NTSTATUS sam_init_user(SAM_USER_HANDLE **user) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS nt_status; + + mem_ctx = talloc_init_named("passdb internal SAM_USER_HANDLE allocation"); + + if (!mem_ctx) { + DEBUG(0,("sam_init_user: error while doing talloc_init()\n")); + return NT_STATUS_NO_MEMORY; + } + + if (!NT_STATUS_IS_OK(nt_status = sam_init_user_talloc(mem_ctx, user))) { + talloc_destroy(mem_ctx); + return nt_status; + } + + (*user)->free_fn = destroy_sam_talloc; + + return NT_STATUS_OK; +} + +/** + * Free the contets of the SAM_USER_HANDLE, but not the structure. + * + * Also wipes the LM and NT hashes and plaintext passwrod from + * memory. + * + * @param user SAM_USER_HANDLE to free members of. + **/ + +static void sam_free_user_contents(SAM_USER_HANDLE *user) +{ + + /* Kill off sensitive data. Free()ed by the + talloc mechinism */ + + data_blob_clear_free(&(user->private.lm_pw)); + data_blob_clear_free(&(user->private.nt_pw)); + data_blob_clear_free(&(user->private.plaintext_pw)); +} + + +/************************************************************ + Reset the SAM_USER_HANDLE and free the NT/LM hashes. + ***********************************************************/ + +NTSTATUS sam_reset_sam(SAM_USER_HANDLE *user) +{ + SMB_ASSERT(user != NULL); + + sam_free_user_contents(user); + + sam_fill_default_user(user); + + return NT_STATUS_OK; +} + + +/************************************************************ + Free the SAM_USER_HANDLE and the member pointers. + ***********************************************************/ + +NTSTATUS sam_free_user(SAM_USER_HANDLE **user) +{ + SMB_ASSERT(*user != NULL); + + sam_free_user_contents(*user); + + if ((*user)->free_fn) { + (*user)->free_fn(user); + } + + return NT_STATUS_OK; +} + + +/********************************************************** + Encode the account control bits into a string. + length = length of string to encode into (including terminating + null). length *MUST BE MORE THAN 2* ! + **********************************************************/ + +char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +{ + static fstring acct_str; + size_t i = 0; + + acct_str[i++] = '['; + + if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; + if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; + if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; + if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; + if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; + if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; + if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; + if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; + if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; + if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; + if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; + + for ( ; i < length - 2 ; i++ ) + acct_str[i] = ' '; + + i = length - 2; + acct_str[i++] = ']'; + acct_str[i++] = '\0'; + + return acct_str; +} + +/********************************************************** + Decode the account control bits from a string. + **********************************************************/ + +uint16 sam_decode_acct_ctrl(const char *p) +{ + uint16 acct_ctrl = 0; + BOOL finished = False; + + /* + * Check if the account type bits have been encoded after the + * NT password (in the form [NDHTUWSLXI]). + */ + + if (*p != '[') + return 0; + + for (p++; *p && !finished; p++) { + switch (*p) { + case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } + case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } + case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } + case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } + case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } + case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } + case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } + case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } + case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } + case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } + case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } + case ' ': { break; } + case ':': + case '\n': + case '\0': + case ']': + default: { finished = True; } + } + } + + return acct_ctrl; +} + +/************************************************************* + Routine to set 32 hex password characters from a 16 byte array. +**************************************************************/ + +void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) +{ + if (pwd != NULL) { + int i; + for (i = 0; i < 16; i++) + slprintf(&p[i*2], 3, "%02X", pwd[i]); + } else { + if (acct_ctrl & ACB_PWNOTREQ) + safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); + else + safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); + } +} + +/************************************************************* + Routine to get the 32 hex characters and turn them + into a 16 byte array. +**************************************************************/ + +BOOL sam_gethexpwd(const char *p, unsigned char *pwd) +{ + int i; + unsigned char lonybble, hinybble; + char *hexchars = "0123456789ABCDEF"; + char *p1, *p2; + + if (!p) + return (False); + + for (i = 0; i < 32; i += 2) { + hinybble = toupper(p[i]); + lonybble = toupper(p[i + 1]); + + p1 = strchr(hexchars, hinybble); + p2 = strchr(hexchars, lonybble); + + if (!p1 || !p2) + return (False); + + hinybble = PTR_DIFF(p1, hexchars); + lonybble = PTR_DIFF(p2, hexchars); + + pwd[i / 2] = (hinybble << 4) | lonybble; + } + return (True); +} diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c new file mode 100644 index 0000000000..49a63f9fae --- /dev/null +++ b/source3/sam/get_set_domain.c @@ -0,0 +1,263 @@ +/* + Unix SMB/CIFS implementation. + SAM_DOMAIN access routines + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jelmer Vernooij 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SAM + +NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid) +{ + if (!domain || !sid) return NT_STATUS_UNSUCCESSFUL; + + *sid = &domain->private.sid; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users) +{ + if (!domain || !num_users)return NT_STATUS_UNSUCCESSFUL; + + *num_users = domain->private.num_users; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups) +{ + if (!domain || !num_groups)return NT_STATUS_UNSUCCESSFUL; + + *num_groups = domain->private.num_groups; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases) +{ + if (!domain || !num_aliases)return NT_STATUS_UNSUCCESSFUL; + + *num_aliases = domain->private.num_aliases; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name) +{ + if (!domain || !domain_name)return NT_STATUS_UNSUCCESSFUL; + + *domain_name = domain->private.name; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, char *domain_name) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.name = talloc_strdup(domain->mem_ctx, domain_name); + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name) +{ + if (!domain || !server_name)return NT_STATUS_UNSUCCESSFUL; + + *server_name = domain->private.servername; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, char *server_name) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.servername = talloc_strdup(domain->mem_ctx, server_name); + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage) +{ + if (!domain || !max_passwordage)return NT_STATUS_UNSUCCESSFUL; + + *max_passwordage = domain->private.max_passwordage; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage) +{ + if (!domain || !min_passwordage)return NT_STATUS_UNSUCCESSFUL; + + *min_passwordage = domain->private.min_passwordage; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration) +{ + if (!domain || !lockout_duration)return NT_STATUS_UNSUCCESSFUL; + + *lockout_duration = domain->private.lockout_duration; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count) +{ + if (!domain || !reset_lockout_count)return NT_STATUS_UNSUCCESSFUL; + + *reset_lockout_count = domain->private.reset_count; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength) +{ + if (!domain || !min_passwordlength)return NT_STATUS_UNSUCCESSFUL; + + *min_passwordlength = domain->private.min_passwordlength; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history) +{ + if (!domain || !password_history)return NT_STATUS_UNSUCCESSFUL; + + *password_history = domain->private.password_history; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count) +{ + if (!domain || !lockout_count)return NT_STATUS_UNSUCCESSFUL; + + *lockout_count = domain->private.lockout_count; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff) +{ + if (!domain || !force_logoff)return NT_STATUS_UNSUCCESSFUL; + + *force_logoff = domain->private.force_logoff; + + return NT_STATUS_OK; +} + + +NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange) +{ + if (!domain || !login_pwdchange)return NT_STATUS_UNSUCCESSFUL; + + *login_pwdchange = domain->private.login_pwdchange; + + return NT_STATUS_OK; +} + +/* Set */ + +NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.max_passwordage = max_passwordage; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.min_passwordage = min_passwordage; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.lockout_duration = lockout_duration; + + return NT_STATUS_OK; +} +NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.reset_count = reset_lockout_count; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.min_passwordlength = min_passwordlength; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history) +{ + if (!domain) return NT_STATUS_UNSUCCESSFUL; + + domain->private.password_history = password_history; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.lockout_count = lockout_count; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff) +{ + if (!domain)return NT_STATUS_UNSUCCESSFUL; + + domain->private.force_logoff = force_logoff; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange) +{ + if (!domain) return NT_STATUS_UNSUCCESSFUL; + + domain->private.login_pwdchange = login_pwdchange; + + return NT_STATUS_OK; +} diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c new file mode 100644 index 0000000000..51f91ada82 --- /dev/null +++ b/source3/sam/get_set_group.c @@ -0,0 +1,123 @@ +/* + Unix SMB/CIFS implementation. + SAM_USER_HANDLE access routines + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jelmer Vernooij 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SAM + +/* sam group get functions */ + +NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, DOM_SID **sid) +{ + if (!group || !sid) return NT_STATUS_UNSUCCESSFUL; + + *sid = &group->private.sid; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_group_typ(const SAM_GROUP_HANDLE *group, uint32 *typ) +{ + if (!group || !typ) return NT_STATUS_UNSUCCESSFUL; + + *typ = group->private.flags; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, char **group_name) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + *group_name = group->private.name; + + return NT_STATUS_OK; + +} +NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, char **comment) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + *comment = group->private.comment; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_group_priv_set(const SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + *priv_set = group->private.privileges; + + return NT_STATUS_OK; +} + +/* sam group set functions */ + +NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, DOM_SID *sid) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + if (!sid) ZERO_STRUCT(group->private.sid); + else sid_copy(&(group->private.sid), sid); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_group_typ(SAM_GROUP_HANDLE *group, uint32 typ) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + group->private.flags = typ; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, char *group_name) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + group->private.name = talloc_strdup(group->mem_ctx, group_name); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_group_comment(SAM_GROUP_HANDLE *group, char *comment) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + group->private.comment = talloc_strdup(group->mem_ctx, comment); + + return NT_STATUS_OK; + +} + +NTSTATUS sam_set_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set) +{ + if (!group) return NT_STATUS_UNSUCCESSFUL; + + if (!priv_set) ZERO_STRUCT(group->private.privileges); + else memcpy(&(group->private.privileges), priv_set, sizeof(PRIVILEGE_SET)); + + return NT_STATUS_OK; +} diff --git a/source3/sam/get_set_user.c b/source3/sam/get_set_user.c new file mode 100644 index 0000000000..e58afe6880 --- /dev/null +++ b/source3/sam/get_set_user.c @@ -0,0 +1,903 @@ +/* + Unix SMB/CIFS implementation. + SAM_USER_HANDLE access routines + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jelmer Vernooij 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SAM + +NTSTATUS sam_get_user_domain_sid (const SAM_USER_HANDLE *sampass, DOM_SID **sid) +{ + NTSTATUS status; + SAM_DOMAIN_HANDLE *domain; + if (!sampass || !sid) return NT_STATUS_UNSUCCESSFUL; + + if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){ + DEBUG(0, ("sam_get_user_domain_sid: Can't get domain for user\n")); + return status; + } + + return sam_get_domain_sid(domain, sid); +} + +NTSTATUS sam_get_user_domain_name (const SAM_USER_HANDLE *sampass, char **domain_name) +{ + NTSTATUS status; + SAM_DOMAIN_HANDLE *domain; + if (!sampass || !domain_name) return NT_STATUS_UNSUCCESSFUL; + + if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){ + DEBUG(0, ("sam_get_user_domain_name: Can't get domain for user\n")); + return status; + } + + return sam_get_domain_name(domain, domain_name); +} + +NTSTATUS sam_get_user_acct_ctrl (const SAM_USER_HANDLE *sampass, uint16 *acct_ctrl) +{ + if(!sampass || !acct_ctrl)return NT_STATUS_UNSUCCESSFUL; + + *acct_ctrl = sampass->private.acct_ctrl; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_logon_time (const SAM_USER_HANDLE *sampass, NTTIME *logon_time) +{ + if(!sampass || !logon_time)return NT_STATUS_UNSUCCESSFUL; + + *logon_time = sampass->private.logon_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_logoff_time (const SAM_USER_HANDLE *sampass, NTTIME *logoff_time) +{ + if(!sampass || !logoff_time)return NT_STATUS_UNSUCCESSFUL; + + *logoff_time = sampass->private.logoff_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_kickoff_time (const SAM_USER_HANDLE *sampass, NTTIME *kickoff_time) +{ + if (!sampass || !kickoff_time)return NT_STATUS_UNSUCCESSFUL; + + *kickoff_time = sampass->private.kickoff_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_pass_last_set_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_last_set_time) +{ + if (!sampass || !pass_last_set_time)return NT_STATUS_UNSUCCESSFUL; + + *pass_last_set_time = sampass->private.pass_last_set_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_pass_can_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_can_change_time) +{ + if (!sampass || !pass_can_change_time)return NT_STATUS_UNSUCCESSFUL; + + *pass_can_change_time = sampass->private.pass_can_change_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_pass_must_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_must_change_time) +{ + if (!sampass || !pass_must_change_time)return NT_STATUS_UNSUCCESSFUL; + + *pass_must_change_time = sampass->private.pass_must_change_time; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_logon_divs (const SAM_USER_HANDLE *sampass, uint16 *logon_divs) +{ + if (!sampass || !logon_divs)return NT_STATUS_UNSUCCESSFUL; + + *logon_divs = sampass->private.logon_divs; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_hours_len (const SAM_USER_HANDLE *sampass, uint32 *hours_len) +{ + if (!sampass || !hours_len)return NT_STATUS_UNSUCCESSFUL; + + *hours_len = sampass->private.hours_len; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_hours (const SAM_USER_HANDLE *sampass, uint8 **hours) +{ + if (!sampass || !hours)return NT_STATUS_UNSUCCESSFUL; + + *hours = sampass->private.hours; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_nt_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *nt_pwd) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + SMB_ASSERT((!sampass->private.nt_pw.data) + || sampass->private.nt_pw.length == NT_HASH_LEN); + + *nt_pwd = sampass->private.nt_pw; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_lm_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *lm_pwd) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + SMB_ASSERT((!sampass->private.lm_pw.data) + || sampass->private.lm_pw.length == LM_HASH_LEN); + + *lm_pwd = sampass->private.lm_pw; + + return NT_STATUS_OK; +} + +/* Return the plaintext password if known. Most of the time + it isn't, so don't assume anything magic about this function. + + Used to pass the plaintext to sam backends that might + want to store more than just the NTLM hashes. +*/ + +NTSTATUS sam_get_user_plaintext_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB **plain_pwd) +{ + if (!sampass || !plain_pwd)return NT_STATUS_UNSUCCESSFUL; + + *plain_pwd = &(sampass->private.plaintext_pw); + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_sid(const SAM_USER_HANDLE *sampass, DOM_SID **sid) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *sid = &(sampass->private.user_sid); + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_pgroup(const SAM_USER_HANDLE *sampass, DOM_SID **sid) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *sid = &(sampass->private.group_sid); + + return NT_STATUS_OK; +} + +/** + * Get flags showing what is initalised in the SAM_USER_HANDLE + * @param sampass the SAM_USER_HANDLE in question + * @return the flags indicating the members initialised in the struct. + **/ + +NTSTATUS sam_get_user_init_flag (const SAM_USER_HANDLE *sampass, uint32 *initflag) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *initflag = sampass->private.init_flag; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_name (const SAM_USER_HANDLE *sampass, char **username) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *username = sampass->private.username; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_domain (const SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *domain = sampass->private.domain; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_fullname (const SAM_USER_HANDLE *sampass, char **fullname) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *fullname = sampass->private.full_name; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_homedir (const SAM_USER_HANDLE *sampass, char **homedir) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *homedir = sampass->private.home_dir; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_unix_home_dir (const SAM_USER_HANDLE *sampass, char **uhomedir) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *uhomedir = sampass->private.unix_home_dir; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_dir_drive (const SAM_USER_HANDLE *sampass, char **dirdrive) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *dirdrive = sampass->private.dir_drive; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_logon_script (const SAM_USER_HANDLE *sampass, char **logon_script) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *logon_script = sampass->private.logon_script; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_profile_path (const SAM_USER_HANDLE *sampass, char **profile_path) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *profile_path = sampass->private.profile_path; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_description (const SAM_USER_HANDLE *sampass, char **description) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *description = sampass->private.acct_desc; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_workstations (const SAM_USER_HANDLE *sampass, char **workstations) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *workstations = sampass->private.workstations; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_unknown_str (const SAM_USER_HANDLE *sampass, char **unknown_str) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *unknown_str = sampass->private.unknown_str; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_munged_dial (const SAM_USER_HANDLE *sampass, char **munged_dial) +{ + if (!sampass)return NT_STATUS_UNSUCCESSFUL; + + *munged_dial = sampass->private.munged_dial; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_unknown_1 (const SAM_USER_HANDLE *sampass, uint32 *unknown1) +{ + if (!sampass || !unknown1)return NT_STATUS_UNSUCCESSFUL; + + *unknown1 = sampass->private.unknown_1; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_unknown_2 (const SAM_USER_HANDLE *sampass, uint32 *unknown2) +{ + if (!sampass || !unknown2)return NT_STATUS_UNSUCCESSFUL; + + *unknown2 = sampass->private.unknown_2; + + return NT_STATUS_OK; +} + +NTSTATUS sam_get_user_unknown_3 (const SAM_USER_HANDLE *sampass, uint32 *unknown3) +{ + if (!sampass || !unknown3)return NT_STATUS_UNSUCCESSFUL; + + *unknown3 = sampass->private.unknown_3; + + return NT_STATUS_OK; +} + +/********************************************************************* + Collection of set...() functions for SAM_USER_HANDLE_INFO. + ********************************************************************/ + +NTSTATUS sam_set_user_acct_ctrl (SAM_USER_HANDLE *sampass, uint16 flags) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.acct_ctrl = flags; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_logon_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.logon_time = mytime; + + if (store) + sam_set_user_init_flag(sampass, FLAG_SAM_LOGONTIME); + + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS sam_set_user_logoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.logoff_time = mytime; + + if (store) + sam_set_user_init_flag(sampass, FLAG_SAM_LOGOFFTIME); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_kickoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.kickoff_time = mytime; + + if (store) + sam_set_user_init_flag(sampass, FLAG_SAM_KICKOFFTIME); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_pass_can_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.pass_can_change_time = mytime; + + if (store) + sam_set_user_init_flag(sampass, FLAG_SAM_CANCHANGETIME); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_pass_must_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.pass_must_change_time = mytime; + + if (store) + sam_set_user_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_pass_last_set_time (SAM_USER_HANDLE *sampass, NTTIME mytime) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.pass_last_set_time = mytime; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_hours_len (SAM_USER_HANDLE *sampass, uint32 len) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.hours_len = len; + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_logon_divs (SAM_USER_HANDLE *sampass, uint16 hours) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.logon_divs = hours; + return NT_STATUS_OK; +} + +/** + * Set flags showing what is initalised in the SAM_USER_HANDLE + * @param sampass the SAM_USER_HANDLE in question + * @param flag The *new* flag to be set. Old flags preserved + * this flag is only added. + **/ + +NTSTATUS sam_set_user_init_flag (SAM_USER_HANDLE *sampass, uint32 flag) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.init_flag |= flag; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_sid (SAM_USER_HANDLE *sampass, DOM_SID *u_sid) +{ + if (!sampass || !u_sid) + return NT_STATUS_UNSUCCESSFUL; + + sid_copy(&sampass->private.user_sid, u_sid); + + DEBUG(10, ("sam_set_user_sid: setting user sid %s\n", + sid_string_static(&sampass->private.user_sid))); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_sid_from_string (SAM_USER_HANDLE *sampass, fstring u_sid) +{ + DOM_SID new_sid; + if (!sampass || !u_sid) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_user_sid_from_string: setting user sid %s\n", + u_sid)); + + if (!string_to_sid(&new_sid, u_sid)) { + DEBUG(1, ("sam_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(sam_set_user_sid(sampass, &new_sid))) { + DEBUG(1, ("sam_set_user_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", u_sid)); + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_pgroup_sid (SAM_USER_HANDLE *sampass, DOM_SID *g_sid) +{ + if (!sampass || !g_sid) + return NT_STATUS_UNSUCCESSFUL; + + sid_copy(&sampass->private.group_sid, g_sid); + + DEBUG(10, ("sam_set_group_sid: setting group sid %s\n", + sid_string_static(&sampass->private.group_sid))); + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_pgroup_string (SAM_USER_HANDLE *sampass, fstring g_sid) +{ + DOM_SID new_sid; + if (!sampass || !g_sid) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n", + g_sid)); + + if (!string_to_sid(&new_sid, g_sid)) { + DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(sam_set_user_pgroup_sid(sampass, &new_sid))) { + DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", g_sid)); + return NT_STATUS_UNSUCCESSFUL; + } + return NT_STATUS_OK; +} + +/********************************************************************* + Set the domain name. + ********************************************************************/ + +NTSTATUS sam_set_user_domain(SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.domain = domain; + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's NT name. + ********************************************************************/ + +NTSTATUS sam_set_user_username(SAM_USER_HANDLE *sampass, const char *nt_username) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_user_username: setting nt username %s, was %s\n", nt_username, sampass->private.username)); + + sampass->private.username = talloc_strdup(sampass->mem_ctx, nt_username); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's full name. + ********************************************************************/ + +NTSTATUS sam_set_user_fullname(SAM_USER_HANDLE *sampass, const char *full_name) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_user_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name)); + + sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's logon script. + ********************************************************************/ + +NTSTATUS sam_set_user_logon_script(SAM_USER_HANDLE *sampass, const char *logon_script, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script)); + + sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script); + + sam_set_user_init_flag(sampass, FLAG_SAM_LOGONSCRIPT); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's profile path. + ********************************************************************/ + +NTSTATUS sam_set_user_profile_path (SAM_USER_HANDLE *sampass, const char *profile_path, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path)); + + sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path); + + if (store) { + DEBUG(10, ("sam_set_profile_path: setting profile path sam flag!\n")); + sam_set_user_init_flag(sampass, FLAG_SAM_PROFILE); + } + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's directory drive. + ********************************************************************/ + +NTSTATUS sam_set_user_dir_drive (SAM_USER_HANDLE *sampass, const char *dir_drive, BOOL store) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive, + sampass->private.dir_drive)); + + sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive); + + if (store) { + DEBUG(10, ("sam_set_dir_drive: setting dir drive sam flag!\n")); + sam_set_user_init_flag(sampass, FLAG_SAM_DRIVE); + } + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's home directory. + ********************************************************************/ + +NTSTATUS sam_set_user_homedir (SAM_USER_HANDLE *sampass, const char *home_dir, BOOL store) +{ + if (!sampass) return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir, + sampass->private.home_dir)); + + sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir); + + if (store) { + DEBUG(10, ("sam_set_homedir: setting home dir sam flag!\n")); + sam_set_user_init_flag(sampass, FLAG_SAM_SMBHOME); + } + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's unix home directory. + ********************************************************************/ + +NTSTATUS sam_set_user_unix_homedir (SAM_USER_HANDLE *sampass, const char *unix_home_dir) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir, + sampass->private.unix_home_dir)); + + sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's account description. + ********************************************************************/ + +NTSTATUS sam_set_user_acct_desc (SAM_USER_HANDLE *sampass, const char *acct_desc) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's workstation allowed list. + ********************************************************************/ + +NTSTATUS sam_set_user_workstations (SAM_USER_HANDLE *sampass, const char *workstations) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations, + sampass->private.workstations)); + + sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's 'unknown_str', whatever the heck this actually is... + ********************************************************************/ + +NTSTATUS sam_set_user_unknown_str (SAM_USER_HANDLE *sampass, const char *unknown_str) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str); + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's dial string. + ********************************************************************/ + +NTSTATUS sam_set_user_munged_dial (SAM_USER_HANDLE *sampass, const char *munged_dial) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial); + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's NT hash. + ********************************************************************/ + +NTSTATUS sam_set_user_nt_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.nt_pw = data; + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's LM hash. + ********************************************************************/ + +NTSTATUS sam_set_user_lm_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.lm_pw = data; + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's plaintext password only (base procedure, see helper + below) + ********************************************************************/ + +NTSTATUS sam_set_user_plaintext_pw_only (SAM_USER_HANDLE *sampass, DATA_BLOB data) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.plaintext_pw = data; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_unknown_1 (SAM_USER_HANDLE *sampass, uint32 unkn) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.unknown_1 = unkn; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_unknown_2 (SAM_USER_HANDLE *sampass, uint32 unkn) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.unknown_2 = unkn; + + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_unknown_3 (SAM_USER_HANDLE *sampass, uint32 unkn) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + sampass->private.unknown_3 = unkn; + return NT_STATUS_OK; +} + +NTSTATUS sam_set_user_hours (SAM_USER_HANDLE *sampass, const uint8 *hours) +{ + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + if (!hours) { + memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN); + return NT_STATUS_OK; + } + + memcpy (sampass->private.hours, hours, MAX_HOURS_LEN); + + return NT_STATUS_OK; +} + +/* Helpful interfaces to the above */ + +/********************************************************************* + Sets the last changed times and must change times for a normal + password change. + ********************************************************************/ + +NTSTATUS sam_set_user_pass_changed_now (SAM_USER_HANDLE *sampass) +{ + uint32 expire; + NTTIME temptime; + + if (!sampass) + return NT_STATUS_UNSUCCESSFUL; + + unix_to_nt_time(&temptime, time(NULL)); + if (!NT_STATUS_IS_OK(sam_set_user_pass_last_set_time (sampass, temptime))) + return NT_STATUS_UNSUCCESSFUL; + + if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) + || (expire==(uint32)-1)) { + + get_nttime_max(&temptime); + if (!NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime, False))) + return NT_STATUS_UNSUCCESSFUL; + + } else { + /* FIXME: Add expire to temptime */ + + if (!NT_STATUS_IS_OK(sam_get_user_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime,True))) + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} + +/********************************************************************* + Set the user's PLAINTEXT password. Used as an interface to the above. + Also sets the last change time to NOW. + ********************************************************************/ + +NTSTATUS sam_set_plaintext_passwd (SAM_USER_HANDLE *sampass, const char *plaintext) +{ + DATA_BLOB data; + uchar new_lanman_p16[16]; + uchar new_nt_p16[16]; + + if (!sampass || !plaintext) + return NT_STATUS_UNSUCCESSFUL; + + nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16); + + data = data_blob(new_nt_p16, 16); + if (!NT_STATUS_IS_OK(sam_set_user_nt_pwd (sampass, data))) + return NT_STATUS_UNSUCCESSFUL; + + data = data_blob(new_lanman_p16, 16); + + if (!NT_STATUS_IS_OK(sam_set_user_lm_pwd (sampass, data))) + return NT_STATUS_UNSUCCESSFUL; + + if (!NT_STATUS_IS_OK(sam_set_user_pass_changed_now (sampass))) + return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; +} + diff --git a/source3/sam/interface.c b/source3/sam/interface.c new file mode 100644 index 0000000000..6adf213d27 --- /dev/null +++ b/source3/sam/interface.c @@ -0,0 +1,1001 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Jelmer Vernooij 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SAM + +/** List of various built-in sam modules */ + +const struct sam_init_function_entry builtin_sam_init_functions[] = { + { NULL, NULL} +}; + +/* FIXME: wrapper functions : context_* */ + +/****************************************************************** + context_sam_* functions are used to link the external SAM interface + with the internal backends. These functions lookup the appropriate + backends for the domain and pass on to the function in sam_methods + in the selected backend + *******************************************************************/ + +NTSTATUS sam_get_methods_by_sid(const struct sam_context *context, struct sam_methods **sam_method, const DOM_SID *domainsid) +{ + struct sam_methods *tmp_methods; + + DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); + + if ((!context) || (!context->methods)) + { + DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + tmp_methods = context->methods; + + while (tmp_methods) + { + if (sid_equal(domainsid, &tmp_methods->domain->private.sid)) + { + (*sam_method) = tmp_methods; + return NT_STATUS_OK; + } + tmp_methods = tmp_methods->next; + } + + DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); + + return NT_STATUS_NO_SUCH_DOMAIN; +} + +NTSTATUS sam_get_methods_by_name(const struct sam_context *context, struct sam_methods **sam_method, const char *domainname) +{ + struct sam_methods *tmp_methods; + + DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); + + if ((!context) || (!context->methods)) + { + DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + tmp_methods = context->methods; + + while (tmp_methods) + { + if (strcmp(domainname, tmp_methods->domain->private.name)) + { + (*sam_method) = tmp_methods; + return NT_STATUS_OK; + } + tmp_methods = tmp_methods->next; + } + + DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); + + return NT_STATUS_NO_SUCH_DOMAIN; +} + +NTSTATUS context_sam_get_sec_desc(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) +{ + struct sam_methods *tmp_methods; +// DOM_SID *domainsid; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_get_sec_desc: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_sec_desc) { + DEBUG(3, ("context_sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { + DEBUG(4,("context_sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_set_sec_desc(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) +{ + struct sam_methods *tmp_methods; +// DOM_SID *domainsid; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_set_sec_desc: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_set_sec_desc) { + DEBUG(3, ("context_sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { + DEBUG(4,("context_sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + + +NTSTATUS context_sam_lookup_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID **sid, uint32 *type) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_lookup_name: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { + DEBUG(4,("sam_get_methods_by_name failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_lookup_name) { + DEBUG(3, ("context_sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { + DEBUG(4,("context_sam_lookup_name for %s\\%s in backend %s failed\n", + tmp_methods->domain->private.name, name, tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_lookup_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type) +{ + struct sam_methods *tmp_methods; + uint32 rid; + NTSTATUS nt_status; + DOM_SID domainsid; + + DEBUG(5,("context_sam_lookup_sid: %d\n", __LINE__)); + + sid_copy(&domainsid, sid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_lookup_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_lookup_sid) { + DEBUG(3, ("context_sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, sid, name, type))) { + DEBUG(4,("context_sam_lookup_name for %s in backend %s failed\n", + sid_string_static(sid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + + +NTSTATUS context_sam_update_domain(const struct sam_context *context, const SAM_DOMAIN_HANDLE *domain) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS context_sam_enum_domains(const struct sam_context *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + SEC_DESC *sd; + size_t sd_size; + uint32 acc_granted; + int i = 0; + + DEBUG(5,("context_sam_enum_domains: %d\n", __LINE__)); + + if ((!context)|| (!context->methods)) { + DEBUG(2,("context_sam_enum_domains: invalid sam_context specified!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { + DEBUG(4,("samr_make_sam_obj_sd failed\n")); + return nt_status; + } + + if (!se_access_check(sd, access_token, SAMR_ACCESS_ENUM_DOMAINS, &acc_granted, &nt_status)) { + DEBUG(3,("context_sam_enum_domains: ACCESS DENIED\n")); + return nt_status; + } + + tmp_methods= context->methods; + + while (tmp_methods) + { + (*domain_count)++; + tmp_methods= tmp_methods->next; + } + + DEBUG(6,("context_sam_enum_domains: enumerating %d domains\n", (*domain_count))); + + tmp_methods = context->methods; + + if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { + DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain list\n")); + return NT_STATUS_NO_MEMORY; + } + + if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { + DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain list\n")); + SAFE_FREE((*domains)); + return NT_STATUS_NO_MEMORY; + } + + while (tmp_methods) + { + + DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain->private.name, sid_string_static(&tmp_methods->domain->private.sid))); + sid_copy(domains[i],&tmp_methods->domain->private.sid); + if(asprintf(&(*domain_names[i]),"%s",tmp_methods->domain->private.name) < 0) { + DEBUG(0,("context_sam_enum_domains: asprintf failed")); + SAFE_FREE((*domains)); + SAFE_FREE((*domain_names)); + return NT_STATUS_NO_MEMORY; + } + + i++; + tmp_methods= tmp_methods->next; + + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_lookup_domain(const struct sam_context *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + SEC_DESC *sd; + size_t sd_size; + uint32 acc_granted; + + DEBUG(5,("context_sam_lookup_domain: %d\n", __LINE__)); + + if ((!context)|| (!context->methods)) { + DEBUG(2,("context_sam_lookup_domain: invalid sam_context specified!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { + DEBUG(4,("samr_make_sam_obj_sd failed\n")); + return nt_status; + } + + if (!se_access_check(sd, access_token, SAMR_ACCESS_OPEN_DOMAIN, &acc_granted, &nt_status)) { + DEBUG(3,("context_sam_lookup_domain: ACCESS DENIED\n")); + return nt_status; + } + + tmp_methods= context->methods; + + while (tmp_methods) + { + if (strcmp(domain, tmp_methods->domain->private.name) == 0) { + sid_copy((*domainsid), &tmp_methods->domain->private.sid); + return NT_STATUS_OK; + } + tmp_methods= tmp_methods->next; + } + + return NT_STATUS_NO_SUCH_DOMAIN; +} + + +NTSTATUS context_sam_get_domain_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_get_domain_by_sid: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_domain_handle) { + DEBUG(3, ("context_sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { + DEBUG(4,("context_sam_get_domain_by_sid for %s in backend %s failed\n", + sid_string_static(domainsid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_create_user(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, DOM_SID *domainsid, SAM_USER_HANDLE **user) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_create_user: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_create_user) { + DEBUG(3, ("context_sam_create_user: sam_methods of the domain did not specify sam_create_user\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_user(tmp_methods, access_token, access_desired, user))) { + DEBUG(4,("context_sam_create_user in backend %s failed\n", + tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_add_user(const struct sam_context *context, const SAM_USER_HANDLE *user) +{ + DOM_SID domainsid; + DOM_SID *usersid; + struct sam_methods *tmp_methods; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) { + DEBUG(0,("Can't get user SID\n")); + return status; + } + + sid_copy(&domainsid, usersid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_add_user) { + DEBUG(3, ("context_sam_add_user: sam_methods of the domain did not specify sam_add_user\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_add_user(tmp_methods, user))){ + DEBUG(4,("context_sam_add_user in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_update_user(const struct sam_context *context, const SAM_USER_HANDLE *user) +{ + DOM_SID domainsid; + struct sam_methods *tmp_methods; + DOM_SID *usersid; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) { + DEBUG(0,("Can't get user SID\n")); + return status; + } + + sid_copy(&domainsid, usersid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_update_user) { + DEBUG(3, ("context_sam_update_user: sam_methods of the domain did not specify sam_update_user\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_update_user(tmp_methods, user))){ + DEBUG(4,("context_sam_update_user in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_delete_user(const struct sam_context *context, SAM_USER_HANDLE *user) +{ + DOM_SID domainsid; + struct sam_methods *tmp_methods; + DOM_SID *usersid; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) { + DEBUG(0,("Can't get user SID\n")); + return status; + } + + sid_copy(&domainsid, usersid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_delete_user) { + DEBUG(3, ("context_sam_delete_user: sam_methods of the domain did not specify sam_delete_user\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_delete_user(tmp_methods, user))){ + DEBUG(4,("context_sam_delete_user in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_enum_users(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, int32 *user_count, SAM_USER_ENUM **users) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_enum_users: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_enum_users) { + DEBUG(3, ("context_sam_enum_users: sam_methods of the domain did not specify sam_enum_users\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_users(tmp_methods, access_token, user_count, users))) { + DEBUG(4,("context_sam_enum_users for domain %s in backend %s failed\n", + tmp_methods->domain->private.name, tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + + +NTSTATUS context_sam_get_user_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *usersid, SAM_USER_HANDLE **user) +{ + struct sam_methods *tmp_methods; + uint32 rid; + DOM_SID domainsid; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_get_user_by_sid: %d\n", __LINE__)); + + sid_copy(&domainsid, usersid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_user_by_sid) { + DEBUG(3, ("context_sam_get_user_by_sid: sam_methods of the domain did not specify sam_get_user_by_sid\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_user_by_sid(tmp_methods, access_token, access_desired, usersid, user))) { + DEBUG(4,("context_sam_get_user_by_sid for %s in backend %s failed\n", + sid_string_static(usersid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_get_user_by_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_USER_HANDLE **user) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_get_user_by_name: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { + DEBUG(4,("sam_get_methods_by_name failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_user_by_name) { + DEBUG(3, ("context_sam_get_user_by_name: sam_methods of the domain did not specify sam_get_user_by_name\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_user_by_name(tmp_methods, access_token, access_desired, name, user))) { + DEBUG(4,("context_sam_get_user_by_name for %s\\%s in backend %s failed\n", + domain, name, tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_create_group(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const uint32 type, DOM_SID *sid, SAM_GROUP_HANDLE **group) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_create_group: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_create_group) { + DEBUG(3, ("context_sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, type, group))) { + DEBUG(4,("context_sam_create_group in backend %s failed\n", + tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_add_group(const struct sam_context *context, const SAM_GROUP_HANDLE *group) +{ + DOM_SID domainsid; + DOM_SID *groupsid; + struct sam_methods *tmp_methods; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) { + DEBUG(0,("Can't get group SID\n")); + return status; + } + + sid_copy(&domainsid, groupsid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_add_group) { + DEBUG(3, ("context_sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_add_group(tmp_methods, group))){ + DEBUG(4,("context_sam_add_group in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_update_group(const struct sam_context *context, const DOM_SID *domainsid, const SAM_GROUP_HANDLE *group) +{ + DOM_SID domainsid; + DOM_SID *groupsid; + struct sam_methods *tmp_methods; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) { + DEBUG(0,("Can't get group SID\n")); + return status; + } + + sid_copy(&domainsid, groupsid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_update_group) { + DEBUG(3, ("context_sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_update_group(tmp_methods, group))){ + DEBUG(4,("context_sam_update_group in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_delete_group(const struct sam_context *context, SAM_GROUP_HANDLE **groupsid) +{ + DOM_SID domainsid; + struct sam_methods *tmp_methods; + DOM_SID *groupsid; + uint32 rid; + NTSTATUS status; + + if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) { + DEBUG(0,("Can't get group SID\n")); + return status; + } + + sid_copy(&domainsid, groupsid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return status; + } + + if (!tmp_methods->sam_delete_group) { + DEBUG(3, ("context_sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(status = tmp_methods->sam_delete_group(tmp_methods, group))){ + DEBUG(4,("context_sam_delete_group in backend %s failed\n", + tmp_methods->backendname)); + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_enum_groups(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_enum_groups: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_enum_users) { + DEBUG(3, ("context_sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, type, groups_count, groups))) { + DEBUG(4,("context_sam_enum_groups for domain %s in backend %s failed\n", + tmp_methods->domain->private.name, tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_get_group_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) +{ + struct sam_methods *tmp_methods; + uint32 rid; + NTSTATUS nt_status; + DOM_SID domainsid; + + DEBUG(5,("context_sam_get_group_by_sid: %d\n", __LINE__)); + + sid_copy(&domainsid, groupsid); + if (!sid_split_rid(&domainsid, &rid)) { + DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n")); + return NT_STATUS_INVALID_SID; + } + + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { + DEBUG(4,("sam_get_methods_by_sid failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_group_by_sid) { + DEBUG(3, ("context_sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { + DEBUG(4,("context_sam_get_group_by_sid for %s in backend %s failed\n", + sid_string_static(groupsid), tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_get_group_by_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) +{ + struct sam_methods *tmp_methods; + NTSTATUS nt_status; + + DEBUG(5,("context_sam_get_group_by_name: %d\n", __LINE__)); + + if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { + DEBUG(4,("sam_get_methods_by_name failed\n")); + return nt_status; + } + + if (!tmp_methods->sam_get_group_by_name) { + DEBUG(3, ("context_sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { + DEBUG(4,("context_sam_get_group_by_name for %s\\%s in backend %s failed\n", + domain, name, tmp_methods->backendname)); + return nt_status; + } + + return NT_STATUS_OK; +} + +NTSTATUS context_sam_add_member_to_group(const struct sam_context *context, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} +NTSTATUS context_sam_delete_member_from_group(const struct sam_context *context, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS context_sam_enum_groupmembers(const struct sam_context *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +NTSTATUS context_sam_get_groups_of_user(const struct sam_context *context, const SAM_USER_HANDLE *user, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + + +/****************************************************************** + Free and cleanup a sam context, any associated data and anything + that the attached modules might have associated. + *******************************************************************/ + +void free_sam_context(struct sam_context **context) +{ + struct sam_methods *sam_selected = (*context)->methods; + + while (sam_selected){ + if (sam_selected->free_private_data) { + sam_selected->free_private_data(&(sam_selected->private_data)); + } + sam_selected = sam_selected->next; + } + + talloc_destroy((*context)->mem_ctx); + *context = NULL; +} + +/****************************************************************** + Make a sam_methods from scratch + *******************************************************************/ + +NTSTATUS make_sam_context_list(struct sam_context **context, char **selected) +{ + int i = 0; + struct sam_methods *curmethods, *tmpmethods; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + + if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { + return nt_status; + } + while (selected[i]){ + /* Try to initialise sam */ + DEBUG(5,("Trying to load: %s\n", selected[i])); + if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_name(&curmethods, *context, selected[i]))) { + DEBUG(1, ("Loading %s failed!\n", selected[i])); + free_sam_context(context); + return nt_status; + } + curmethods->parent = *context; + DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); + i++; + } + return NT_STATUS_OK; +} + +NTSTATUS make_sam_methods_name(struct sam_methods **methods, struct sam_context *context, const char *selected) +{ + char *module_name = smb_xstrdup(selected); + char *module_location = NULL, *p; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + int i; + + p = strchr(module_name, ':'); + + if (p) { + *p = 0; + module_location = p+1; + trim_string(module_location, " ", " "); + } + + trim_string(module_name, " ", " "); + + DEBUG(5,("Attempting to find an sam backend to match %s (%s)\n", selected, module_name)); + for (i = 0; builtin_sam_init_functions[i].name; i++) + { + if (strequal(builtin_sam_init_functions[i].name, module_name)) + { + DEBUG(5,("Found sam backend %s (at pos %d)\n", module_name, i)); + nt_status = builtin_sam_init_functions[i].init(context, methods, module_location); + if (NT_STATUS_IS_OK(nt_status)) { + DEBUG(5,("sam backend %s has a valid init\n", selected)); + } else { + DEBUG(0,("sam backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status))); + } + SAFE_FREE(module_name); + return nt_status; + break; /* unreached */ + } + } + + /* No such backend found */ + SAFE_FREE(module_name); + return NT_STATUS_INVALID_PARAMETER; +} + +/****************************************************************** + Make a sam_context from scratch. + *******************************************************************/ + +NTSTATUS make_sam_context(struct sam_context **context) +{ + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_init_named("sam_context internal allocation context"); + + if (!mem_ctx) { + DEBUG(0, ("make_sam_context: talloc init failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + *context = talloc(mem_ctx, sizeof(**context)); + if (!*context) { + DEBUG(0, ("make_sam_context: talloc failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + ZERO_STRUCTP(*context); + + (*context)->mem_ctx = mem_ctx; + + /* FIXME */ + + (*context)->free_fn = free_sam_context; + + return NT_STATUS_OK; +} + + +/****************************************************************** + Return an already initialised sam_context, to facilitate backward + compatibility (see functions below). + *******************************************************************/ + +struct sam_context *sam_get_static_context(BOOL reload) +{ + static struct sam_context *sam_context = NULL; + + if ((sam_context) && (reload)) { + sam_context->free_fn(&sam_context); + if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { + return NULL; + } + } + + if (!sam_context) { + if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { + return NULL; + } + } + + return sam_context; +} + +/*************************************************************** + Initialize the static context (at smbd startup etc). + + If uninitialised, context will auto-init on first use. + ***************************************************************/ + +BOOL initialize_sam(BOOL reload) +{ + return (sam_get_static_context(reload) != NULL); +} + + +NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) +{ + *methods = talloc(mem_ctx, sizeof(struct sam_methods)); + + if (!*methods) { + return NT_STATUS_NO_MEMORY; + } + + ZERO_STRUCTP(*methods); + + return NT_STATUS_OK; +} -- cgit