search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
[Samba.git] / source / passdb / pdb_tdb.c
blob9b2de1cddd2a78df9a7a26cf1abeba5292bf6b49
1 /*
2 * Unix SMB/CIFS implementation.
3 * SMB parameters and setup
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Simo Sorce 2000-2003
6 * Copyright (C) Gerald Carter 2000-2006
7 * Copyright (C) Jeremy Allison 2001-2009
8 * Copyright (C) Andrew Bartlett 2002
9 * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
10 *
11 * This program is free software; you can redistribute it and/or modify it under
12 * the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 3 of the License, or (at your option)
14 * any later version.
15 *
16 * This program is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
19 * more details.
20 *
21 * You should have received a copy of the GNU General Public License along with
22 * this program; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26
27 #if 0 /* when made a module use this */
28
29 static int tdbsam_debug_level = DBGC_ALL;
30 #undef DBGC_CLASS
31 #define DBGC_CLASS tdbsam_debug_level
32
33 #else
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_PASSDB
37
38 #endif
39
40 #define TDBSAM_VERSION 3 /* Most recent TDBSAM version */
41 #define TDBSAM_MINOR_VERSION 1 /* Most recent TDBSAM minor version */
42 #define TDBSAM_VERSION_STRING "INFO/version"
43 #define TDBSAM_MINOR_VERSION_STRING "INFO/minor_version"
44 #define PASSDB_FILE_NAME "passdb.tdb"
45 #define USERPREFIX "USER_"
46 #define USERPREFIX_LEN 5
47 #define RIDPREFIX "RID_"
48 #define PRIVPREFIX "PRIV_"
49
50 /* GLOBAL TDB SAM CONTEXT */
51
52 static struct db_context *db_sam;
53 static char *tdbsam_filename;
54
55 /**********************************************************************
56 Marshall/unmarshall struct samu structs.
57 *********************************************************************/
58
59 #define TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd"
60 #define TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd"
61 #define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd"
62
63 /*********************************************************************
64 *********************************************************************/
65
66 static bool init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buflen)
67 {
68
69 /* times are stored as 32bit integer
70 take care on system with 64bit wide time_t
71 --SSS */
72 uint32 logon_time,
73 logoff_time,
74 kickoff_time,
75 pass_last_set_time,
76 pass_can_change_time,
77 pass_must_change_time;
78 char *username = NULL;
79 char *domain = NULL;
80 char *nt_username = NULL;
81 char *dir_drive = NULL;
82 char *unknown_str = NULL;
83 char *munged_dial = NULL;
84 char *fullname = NULL;
85 char *homedir = NULL;
86 char *logon_script = NULL;
87 char *profile_path = NULL;
88 char *acct_desc = NULL;
89 char *workstations = NULL;
90 uint32 username_len, domain_len, nt_username_len,
91 dir_drive_len, unknown_str_len, munged_dial_len,
92 fullname_len, homedir_len, logon_script_len,
93 profile_path_len, acct_desc_len, workstations_len;
94
95 uint32 user_rid, group_rid, remove_me, hours_len, unknown_6;
96 uint16 acct_ctrl, logon_divs;
97 uint16 bad_password_count, logon_count;
98 uint8 *hours = NULL;
99 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
100 uint32 len = 0;
101 uint32 lm_pw_len, nt_pw_len, hourslen;
102 bool ret = True;
103
104 if(sampass == NULL || buf == NULL) {
105 DEBUG(0, ("init_sam_from_buffer_v0: NULL parameters found!\n"));
106 return False;
107 }
108
109 /* TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd" */
110
111 /* unpack the buffer into variables */
112 len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING_V0,
113 &logon_time, /* d */
114 &logoff_time, /* d */
115 &kickoff_time, /* d */
116 &pass_last_set_time, /* d */
117 &pass_can_change_time, /* d */
118 &pass_must_change_time, /* d */
119 &username_len, &username, /* B */
120 &domain_len, &domain, /* B */
121 &nt_username_len, &nt_username, /* B */
122 &fullname_len, &fullname, /* B */
123 &homedir_len, &homedir, /* B */
124 &dir_drive_len, &dir_drive, /* B */
125 &logon_script_len, &logon_script, /* B */
126 &profile_path_len, &profile_path, /* B */
127 &acct_desc_len, &acct_desc, /* B */
128 &workstations_len, &workstations, /* B */
129 &unknown_str_len, &unknown_str, /* B */
130 &munged_dial_len, &munged_dial, /* B */
131 &user_rid, /* d */
132 &group_rid, /* d */
133 &lm_pw_len, &lm_pw_ptr, /* B */
134 &nt_pw_len, &nt_pw_ptr, /* B */
135 &acct_ctrl, /* w */
136 &remove_me, /* remove on the next TDB_FORMAT upgarde */ /* d */
137 &logon_divs, /* w */
138 &hours_len, /* d */
139 &hourslen, &hours, /* B */
140 &bad_password_count, /* w */
141 &logon_count, /* w */
142 &unknown_6); /* d */
143
144 if (len == (uint32) -1) {
145 ret = False;
146 goto done;
147 }
148
149 pdb_set_logon_time(sampass, logon_time, PDB_SET);
150 pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
151 pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
152 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
153 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
154 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
155
156 pdb_set_username(sampass, username, PDB_SET);
157 pdb_set_domain(sampass, domain, PDB_SET);
158 pdb_set_nt_username(sampass, nt_username, PDB_SET);
159 pdb_set_fullname(sampass, fullname, PDB_SET);
160
161 if (homedir) {
162 pdb_set_homedir(sampass, homedir, PDB_SET);
163 }
164 else {
165 pdb_set_homedir(sampass,
166 talloc_sub_basic(sampass, username, domain,
167 lp_logon_home()),
168 PDB_DEFAULT);
169 }
170
171 if (dir_drive)
172 pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
173 else {
174 pdb_set_dir_drive(sampass,
175 talloc_sub_basic(sampass, username, domain,
176 lp_logon_drive()),
177 PDB_DEFAULT);
178 }
179
180 if (logon_script)
181 pdb_set_logon_script(sampass, logon_script, PDB_SET);
182 else {
183 pdb_set_logon_script(sampass,
184 talloc_sub_basic(sampass, username, domain,
185 lp_logon_script()),
186 PDB_DEFAULT);
187 }
188
189 if (profile_path) {
190 pdb_set_profile_path(sampass, profile_path, PDB_SET);
191 } else {
192 pdb_set_profile_path(sampass,
193 talloc_sub_basic(sampass, username, domain,
194 lp_logon_path()),
195 PDB_DEFAULT);
196 }
197
198 pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
199 pdb_set_workstations(sampass, workstations, PDB_SET);
200 pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
201
202 if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
203 if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
204 ret = False;
205 goto done;
206 }
207 }
208
209 if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
210 if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
211 ret = False;
212 goto done;
213 }
214 }
215
216 pdb_set_pw_history(sampass, NULL, 0, PDB_SET);
217 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
218 pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
219 pdb_set_hours_len(sampass, hours_len, PDB_SET);
220 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
221 pdb_set_logon_count(sampass, logon_count, PDB_SET);
222 pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
223 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
224 pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
225 pdb_set_hours(sampass, hours, PDB_SET);
226
227 done:
228
229 SAFE_FREE(username);
230 SAFE_FREE(domain);
231 SAFE_FREE(nt_username);
232 SAFE_FREE(fullname);
233 SAFE_FREE(homedir);
234 SAFE_FREE(dir_drive);
235 SAFE_FREE(logon_script);
236 SAFE_FREE(profile_path);
237 SAFE_FREE(acct_desc);
238 SAFE_FREE(workstations);
239 SAFE_FREE(munged_dial);
240 SAFE_FREE(unknown_str);
241 SAFE_FREE(lm_pw_ptr);
242 SAFE_FREE(nt_pw_ptr);
243 SAFE_FREE(hours);
244
245 return ret;
246 }
247
248 /*********************************************************************
249 *********************************************************************/
250
251 static bool init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buflen)
252 {
253
254 /* times are stored as 32bit integer
255 take care on system with 64bit wide time_t
256 --SSS */
257 uint32 logon_time,
258 logoff_time,
259 kickoff_time,
260 bad_password_time,
261 pass_last_set_time,
262 pass_can_change_time,
263 pass_must_change_time;
264 char *username = NULL;
265 char *domain = NULL;
266 char *nt_username = NULL;
267 char *dir_drive = NULL;
268 char *unknown_str = NULL;
269 char *munged_dial = NULL;
270 char *fullname = NULL;
271 char *homedir = NULL;
272 char *logon_script = NULL;
273 char *profile_path = NULL;
274 char *acct_desc = NULL;
275 char *workstations = NULL;
276 uint32 username_len, domain_len, nt_username_len,
277 dir_drive_len, unknown_str_len, munged_dial_len,
278 fullname_len, homedir_len, logon_script_len,
279 profile_path_len, acct_desc_len, workstations_len;
280
281 uint32 user_rid, group_rid, remove_me, hours_len, unknown_6;
282 uint16 acct_ctrl, logon_divs;
283 uint16 bad_password_count, logon_count;
284 uint8 *hours = NULL;
285 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;
286 uint32 len = 0;
287 uint32 lm_pw_len, nt_pw_len, hourslen;
288 bool ret = True;
289
290 if(sampass == NULL || buf == NULL) {
291 DEBUG(0, ("init_sam_from_buffer_v1: NULL parameters found!\n"));
292 return False;
293 }
294
295 /* TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd" */
296
297 /* unpack the buffer into variables */
298 len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING_V1,
299 &logon_time, /* d */
300 &logoff_time, /* d */
301 &kickoff_time, /* d */
302 /* Change from V0 is addition of bad_password_time field. */
303 &bad_password_time, /* d */
304 &pass_last_set_time, /* d */
305 &pass_can_change_time, /* d */
306 &pass_must_change_time, /* d */
307 &username_len, &username, /* B */
308 &domain_len, &domain, /* B */
309 &nt_username_len, &nt_username, /* B */
310 &fullname_len, &fullname, /* B */
311 &homedir_len, &homedir, /* B */
312 &dir_drive_len, &dir_drive, /* B */
313 &logon_script_len, &logon_script, /* B */
314 &profile_path_len, &profile_path, /* B */
315 &acct_desc_len, &acct_desc, /* B */
316 &workstations_len, &workstations, /* B */
317 &unknown_str_len, &unknown_str, /* B */
318 &munged_dial_len, &munged_dial, /* B */
319 &user_rid, /* d */
320 &group_rid, /* d */
321 &lm_pw_len, &lm_pw_ptr, /* B */
322 &nt_pw_len, &nt_pw_ptr, /* B */
323 &acct_ctrl, /* w */
324 &remove_me, /* d */
325 &logon_divs, /* w */
326 &hours_len, /* d */
327 &hourslen, &hours, /* B */
328 &bad_password_count, /* w */
329 &logon_count, /* w */
330 &unknown_6); /* d */
331
332 if (len == (uint32) -1) {
333 ret = False;
334 goto done;
335 }
336
337 pdb_set_logon_time(sampass, logon_time, PDB_SET);
338 pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
339 pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
340
341 /* Change from V0 is addition of bad_password_time field. */
342 pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET);
343 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
344 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
345 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
346
347 pdb_set_username(sampass, username, PDB_SET);
348 pdb_set_domain(sampass, domain, PDB_SET);
349 pdb_set_nt_username(sampass, nt_username, PDB_SET);
350 pdb_set_fullname(sampass, fullname, PDB_SET);
351
352 if (homedir) {
353 pdb_set_homedir(sampass, homedir, PDB_SET);
354 }
355 else {
356 pdb_set_homedir(sampass,
357 talloc_sub_basic(sampass, username, domain,
358 lp_logon_home()),
359 PDB_DEFAULT);
360 }
361
362 if (dir_drive)
363 pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
364 else {
365 pdb_set_dir_drive(sampass,
366 talloc_sub_basic(sampass, username, domain,
367 lp_logon_drive()),
368 PDB_DEFAULT);
369 }
370
371 if (logon_script)
372 pdb_set_logon_script(sampass, logon_script, PDB_SET);
373 else {
374 pdb_set_logon_script(sampass,
375 talloc_sub_basic(sampass, username, domain,
376 lp_logon_script()),
377 PDB_DEFAULT);
378 }
379
380 if (profile_path) {
381 pdb_set_profile_path(sampass, profile_path, PDB_SET);
382 } else {
383 pdb_set_profile_path(sampass,
384 talloc_sub_basic(sampass, username, domain,
385 lp_logon_path()),
386 PDB_DEFAULT);
387 }
388
389 pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
390 pdb_set_workstations(sampass, workstations, PDB_SET);
391 pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
392
393 if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
394 if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
395 ret = False;
396 goto done;
397 }
398 }
399
400 if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
401 if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
402 ret = False;
403 goto done;
404 }
405 }
406
407 pdb_set_pw_history(sampass, NULL, 0, PDB_SET);
408
409 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
410 pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
411 pdb_set_hours_len(sampass, hours_len, PDB_SET);
412 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
413 pdb_set_logon_count(sampass, logon_count, PDB_SET);
414 pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
415 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
416 pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
417 pdb_set_hours(sampass, hours, PDB_SET);
418
419 done:
420
421 SAFE_FREE(username);
422 SAFE_FREE(domain);
423 SAFE_FREE(nt_username);
424 SAFE_FREE(fullname);
425 SAFE_FREE(homedir);
426 SAFE_FREE(dir_drive);
427 SAFE_FREE(logon_script);
428 SAFE_FREE(profile_path);
429 SAFE_FREE(acct_desc);
430 SAFE_FREE(workstations);
431 SAFE_FREE(munged_dial);
432 SAFE_FREE(unknown_str);
433 SAFE_FREE(lm_pw_ptr);
434 SAFE_FREE(nt_pw_ptr);
435 SAFE_FREE(hours);
436
437 return ret;
438 }
439
440 bool init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
441 {
442
443 /* times are stored as 32bit integer
444 take care on system with 64bit wide time_t
445 --SSS */
446 uint32 logon_time,
447 logoff_time,
448 kickoff_time,
449 bad_password_time,
450 pass_last_set_time,
451 pass_can_change_time,
452 pass_must_change_time;
453 char *username = NULL;
454 char *domain = NULL;
455 char *nt_username = NULL;
456 char *dir_drive = NULL;
457 char *unknown_str = NULL;
458 char *munged_dial = NULL;
459 char *fullname = NULL;
460 char *homedir = NULL;
461 char *logon_script = NULL;
462 char *profile_path = NULL;
463 char *acct_desc = NULL;
464 char *workstations = NULL;
465 uint32 username_len, domain_len, nt_username_len,
466 dir_drive_len, unknown_str_len, munged_dial_len,
467 fullname_len, homedir_len, logon_script_len,
468 profile_path_len, acct_desc_len, workstations_len;
469
470 uint32 user_rid, group_rid, hours_len, unknown_6;
471 uint16 acct_ctrl, logon_divs;
472 uint16 bad_password_count, logon_count;
473 uint8 *hours = NULL;
474 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;
475 uint32 len = 0;
476 uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;
477 uint32 pwHistLen = 0;
478 bool ret = True;
479 fstring tmp_string;
480 bool expand_explicit = lp_passdb_expand_explicit();
481
482 if(sampass == NULL || buf == NULL) {
483 DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n"));
484 return False;
485 }
486
487 /* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */
488
489 /* unpack the buffer into variables */
490 len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING_V2,
491 &logon_time, /* d */
492 &logoff_time, /* d */
493 &kickoff_time, /* d */
494 &bad_password_time, /* d */
495 &pass_last_set_time, /* d */
496 &pass_can_change_time, /* d */
497 &pass_must_change_time, /* d */
498 &username_len, &username, /* B */
499 &domain_len, &domain, /* B */
500 &nt_username_len, &nt_username, /* B */
501 &fullname_len, &fullname, /* B */
502 &homedir_len, &homedir, /* B */
503 &dir_drive_len, &dir_drive, /* B */
504 &logon_script_len, &logon_script, /* B */
505 &profile_path_len, &profile_path, /* B */
506 &acct_desc_len, &acct_desc, /* B */
507 &workstations_len, &workstations, /* B */
508 &unknown_str_len, &unknown_str, /* B */
509 &munged_dial_len, &munged_dial, /* B */
510 &user_rid, /* d */
511 &group_rid, /* d */
512 &lm_pw_len, &lm_pw_ptr, /* B */
513 &nt_pw_len, &nt_pw_ptr, /* B */
514 /* Change from V1 is addition of password history field. */
515 &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */
516 &acct_ctrl, /* w */
517 /* Also "remove_me" field was removed. */
518 &logon_divs, /* w */
519 &hours_len, /* d */
520 &hourslen, &hours, /* B */
521 &bad_password_count, /* w */
522 &logon_count, /* w */
523 &unknown_6); /* d */
524
525 if (len == (uint32) -1) {
526 ret = False;
527 goto done;
528 }
529
530 pdb_set_logon_time(sampass, logon_time, PDB_SET);
531 pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
532 pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
533 pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET);
534 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
535 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
536 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
537
538 pdb_set_username(sampass, username, PDB_SET);
539 pdb_set_domain(sampass, domain, PDB_SET);
540 pdb_set_nt_username(sampass, nt_username, PDB_SET);
541 pdb_set_fullname(sampass, fullname, PDB_SET);
542
543 if (homedir) {
544 fstrcpy( tmp_string, homedir );
545 if (expand_explicit) {
546 standard_sub_basic( username, domain, tmp_string,
547 sizeof(tmp_string) );
548 }
549 pdb_set_homedir(sampass, tmp_string, PDB_SET);
550 }
551 else {
552 pdb_set_homedir(sampass,
553 talloc_sub_basic(sampass, username, domain,
554 lp_logon_home()),
555 PDB_DEFAULT);
556 }
557
558 if (dir_drive)
559 pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
560 else
561 pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT );
562
563 if (logon_script) {
564 fstrcpy( tmp_string, logon_script );
565 if (expand_explicit) {
566 standard_sub_basic( username, domain, tmp_string,
567 sizeof(tmp_string) );
568 }
569 pdb_set_logon_script(sampass, tmp_string, PDB_SET);
570 }
571 else {
572 pdb_set_logon_script(sampass,
573 talloc_sub_basic(sampass, username, domain,
574 lp_logon_script()),
575 PDB_DEFAULT);
576 }
577
578 if (profile_path) {
579 fstrcpy( tmp_string, profile_path );
580 if (expand_explicit) {
581 standard_sub_basic( username, domain, tmp_string,
582 sizeof(tmp_string) );
583 }
584 pdb_set_profile_path(sampass, tmp_string, PDB_SET);
585 }
586 else {
587 pdb_set_profile_path(sampass,
588 talloc_sub_basic(sampass, username, domain,
589 lp_logon_path()),
590 PDB_DEFAULT);
591 }
592
593 pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
594 pdb_set_workstations(sampass, workstations, PDB_SET);
595 pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
596
597 if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
598 if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
599 ret = False;
600 goto done;
601 }
602 }
603
604 if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
605 if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
606 ret = False;
607 goto done;
608 }
609 }
610
611 /* Change from V1 is addition of password history field. */
612 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
613 if (pwHistLen) {
614 uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
615 if (!pw_hist) {
616 ret = False;
617 goto done;
618 }
619 memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
620 if (nt_pw_hist_ptr && nt_pw_hist_len) {
621 int i;
622 SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0);
623 nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN;
624 for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) {
625 memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN],
626 &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN],
627 PW_HISTORY_ENTRY_LEN);
628 }
629 }
630 if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) {
631 SAFE_FREE(pw_hist);
632 ret = False;
633 goto done;
634 }
635 SAFE_FREE(pw_hist);
636 } else {
637 pdb_set_pw_history(sampass, NULL, 0, PDB_SET);
638 }
639
640 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
641 pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
642 pdb_set_hours_len(sampass, hours_len, PDB_SET);
643 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
644 pdb_set_logon_count(sampass, logon_count, PDB_SET);
645 pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
646 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
647 pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
648 pdb_set_hours(sampass, hours, PDB_SET);
649
650 done:
651
652 SAFE_FREE(username);
653 SAFE_FREE(domain);
654 SAFE_FREE(nt_username);
655 SAFE_FREE(fullname);
656 SAFE_FREE(homedir);
657 SAFE_FREE(dir_drive);
658 SAFE_FREE(logon_script);
659 SAFE_FREE(profile_path);
660 SAFE_FREE(acct_desc);
661 SAFE_FREE(workstations);
662 SAFE_FREE(munged_dial);
663 SAFE_FREE(unknown_str);
664 SAFE_FREE(lm_pw_ptr);
665 SAFE_FREE(nt_pw_ptr);
666 SAFE_FREE(nt_pw_hist_ptr);
667 SAFE_FREE(hours);
668
669 return ret;
670 }
671
672
673 /**********************************************************************
674 Intialize a struct samu struct from a BYTE buffer of size len
675 *********************************************************************/
676
677 static bool init_sam_from_buffer(struct samu *sampass, uint8 *buf, uint32 buflen)
678 {
679 return init_sam_from_buffer_v3(sampass, buf, buflen);
680 }
681
682 /**********************************************************************
683 Intialize a BYTE buffer from a struct samu struct
684 *********************************************************************/
685
686 static uint32 init_buffer_from_sam (uint8 **buf, struct samu *sampass, bool size_only)
687 {
688 return init_buffer_from_sam_v3(buf, sampass, size_only);
689 }
690
691 /**********************************************************************
692 Struct and function to update an old record.
693 *********************************************************************/
694
695 struct tdbsam_convert_state {
696 int32_t from;
697 bool success;
698 };
699
700 static int tdbsam_convert_one(struct db_record *rec, void *priv)
701 {
702 struct tdbsam_convert_state *state =
703 (struct tdbsam_convert_state *)priv;
704 struct samu *user;
705 TDB_DATA data;
706 NTSTATUS status;
707 bool ret;
708
709 if (rec->key.dsize < USERPREFIX_LEN) {
710 return 0;
711 }
712 if (strncmp((char *)rec->key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) {
713 return 0;
714 }
715
716 user = samu_new(talloc_tos());
717 if (user == NULL) {
718 DEBUG(0,("tdbsam_convert: samu_new() failed!\n"));
719 state->success = false;
720 return -1;
721 }
722
723 DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) "
724 "(version:%d)\n", rec->key.dptr, state->from));
725
726 switch (state->from) {
727 case 0:
728 ret = init_sam_from_buffer_v0(user, (uint8 *)rec->value.dptr,
729 rec->value.dsize);
730 break;
731 case 1:
732 ret = init_sam_from_buffer_v1(user, (uint8 *)rec->value.dptr,
733 rec->value.dsize);
734 break;
735 case 2:
736 ret = init_sam_from_buffer_v2(user, (uint8 *)rec->value.dptr,
737 rec->value.dsize);
738 break;
739 case 3:
740 ret = init_sam_from_buffer_v3(user, (uint8 *)rec->value.dptr,
741 rec->value.dsize);
742 break;
743 default:
744 /* unknown tdbsam version */
745 ret = False;
746 }
747 if (!ret) {
748 DEBUG(0,("tdbsam_convert: Bad struct samu entry returned "
749 "from TDB (key:%s) (version:%d)\n", rec->key.dptr,
750 state->from));
751 TALLOC_FREE(user);
752 state->success = false;
753 return -1;
754 }
755
756 data.dsize = init_buffer_from_sam(&data.dptr, user, false);
757 TALLOC_FREE(user);
758
759 if (data.dsize == -1) {
760 DEBUG(0,("tdbsam_convert: cannot pack the struct samu into "
761 "the new format\n"));
762 state->success = false;
763 return -1;
764 }
765
766 status = rec->store(rec, data, TDB_MODIFY);
767 if (!NT_STATUS_IS_OK(status)) {
768 DEBUG(0, ("Could not store the new record: %s\n",
769 nt_errstr(status)));
770 state->success = false;
771 return -1;
772 }
773
774 return 0;
775 }
776
777 /**********************************************************************
778 Struct and function to backup an old record.
779 *********************************************************************/
780
781 struct tdbsam_backup_state {
782 struct db_context *new_db;
783 bool success;
784 };
785
786 static int backup_copy_fn(struct db_record *orig_rec, void *state)
787 {
788 struct tdbsam_backup_state *bs = (struct tdbsam_backup_state *)state;
789 struct db_record *new_rec;
790 NTSTATUS status;
791
792 new_rec = bs->new_db->fetch_locked(bs->new_db, talloc_tos(), orig_rec->key);
793 if (new_rec == NULL) {
794 bs->success = false;
795 return 1;
796 }
797
798 status = new_rec->store(new_rec, orig_rec->value, TDB_INSERT);
799
800 TALLOC_FREE(new_rec);
801
802 if (!NT_STATUS_IS_OK(status)) {
803 bs->success = false;
804 return 1;
805 }
806 return 0;
807 }
808
809 /**********************************************************************
810 Make a backup of an old passdb and replace the new one with it. We
811 have to do this as between 3.0.x and 3.2.x the hash function changed
812 by mistake (used unsigned char * instead of char *). This means the
813 previous simple update code will fail due to not being able to find
814 existing records to replace in the tdbsam_convert_one() function. JRA.
815 *********************************************************************/
816
817 static bool tdbsam_convert_backup(const char *dbname, struct db_context **pp_db)
818 {
819 TALLOC_CTX *frame = talloc_stackframe();
820 const char *tmp_fname = NULL;
821 struct db_context *tmp_db = NULL;
822 struct db_context *orig_db = *pp_db;
823 struct tdbsam_backup_state bs;
824 int ret;
825
826 tmp_fname = talloc_asprintf(frame, "%s.tmp", dbname);
827 if (!tmp_fname) {
828 TALLOC_FREE(frame);
829 return false;
830 }
831
832 unlink(tmp_fname);
833
834 /* Remember to open this on the NULL context. We need
835 * it to stay around after we return from here. */
836
837 tmp_db = db_open_trans(NULL, tmp_fname, 0,
838 TDB_DEFAULT, O_CREAT|O_RDWR, 0600);
839 if (tmp_db == NULL) {
840 DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB passwd "
841 "[%s]\n", tmp_fname));
842 TALLOC_FREE(frame);
843 return false;
844 }
845
846 if (orig_db->transaction_start(orig_db) != 0) {
847 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (1)\n"));
848 unlink(tmp_fname);
849 TALLOC_FREE(tmp_db);
850 TALLOC_FREE(frame);
851 return false;
852 }
853 if (tmp_db->transaction_start(tmp_db) != 0) {
854 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (2)\n"));
855 orig_db->transaction_cancel(orig_db);
856 unlink(tmp_fname);
857 TALLOC_FREE(tmp_db);
858 TALLOC_FREE(frame);
859 return false;
860 }
861
862 bs.new_db = tmp_db;
863 bs.success = true;
864
865 ret = orig_db->traverse(orig_db, backup_copy_fn, (void *)&bs);
866 if (ret < 0) {
867 DEBUG(0, ("tdbsam_convert_backup: traverse failed\n"));
868 goto cancel;
869 }
870
871 if (!bs.success) {
872 DEBUG(0, ("tdbsam_convert_backup: Rewriting records failed\n"));
873 goto cancel;
874 }
875
876 if (orig_db->transaction_commit(orig_db) != 0) {
877 smb_panic("tdbsam_convert_backup: orig commit failed\n");
878 }
879 if (tmp_db->transaction_commit(tmp_db) != 0) {
880 smb_panic("tdbsam_convert_backup: orig commit failed\n");
881 }
882
883 /* be sure to close the DBs _before_ renaming the file */
884
885 TALLOC_FREE(orig_db);
886 TALLOC_FREE(tmp_db);
887
888 /* This is safe from other users as we know we're
889 * under a mutex here. */
890
891 if (rename(tmp_fname, dbname) == -1) {
892 DEBUG(0, ("tdbsam_convert_backup: rename of %s to %s failed %s\n",
893 tmp_fname,
894 dbname,
895 strerror(errno)));
896 smb_panic("tdbsam_convert_backup: replace passdb failed\n");
897 }
898
899 TALLOC_FREE(frame);
900
901 /* re-open the converted TDB */
902
903 orig_db = db_open_trans(NULL, dbname, 0,
904 TDB_DEFAULT, O_CREAT|O_RDWR, 0600);
905 if (orig_db == NULL) {
906 DEBUG(0, ("tdbsam_convert_backup: Failed to re-open "
907 "converted passdb TDB [%s]\n", dbname));
908 return false;
909 }
910
911 DEBUG(1, ("tdbsam_convert_backup: updated %s file.\n",
912 dbname ));
913
914 /* Replace the global db pointer. */
915 *pp_db = orig_db;
916 return true;
917
918 cancel:
919
920 if (orig_db->transaction_cancel(orig_db) != 0) {
921 smb_panic("tdbsam_convert: transaction_cancel failed");
922 }
923
924 if (tmp_db->transaction_cancel(tmp_db) != 0) {
925 smb_panic("tdbsam_convert: transaction_cancel failed");
926 }
927
928 unlink(tmp_fname);
929 TALLOC_FREE(tmp_db);
930 TALLOC_FREE(frame);
931 return false;
932 }
933
934 static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32 from)
935 {
936 struct tdbsam_convert_state state;
937 struct db_context *db = NULL;
938 int ret;
939
940 /* We only need the update backup for local db's. */
941 if (db_is_local(name) && !tdbsam_convert_backup(name, pp_db)) {
942 DEBUG(0, ("tdbsam_convert: Could not backup %s\n", name));
943 return false;
944 }
945
946 db = *pp_db;
947 state.from = from;
948 state.success = true;
949
950 if (db->transaction_start(db) != 0) {
951 DEBUG(0, ("tdbsam_convert: Could not start transaction\n"));
952 return false;
953 }
954
955 ret = db->traverse(db, tdbsam_convert_one, &state);
956 if (ret < 0) {
957 DEBUG(0, ("tdbsam_convert: traverse failed\n"));
958 goto cancel;
959 }
960
961 if (!state.success) {
962 DEBUG(0, ("tdbsam_convert: Converting records failed\n"));
963 goto cancel;
964 }
965
966 if (dbwrap_store_int32(db, TDBSAM_VERSION_STRING,
967 TDBSAM_VERSION) != 0) {
968 DEBUG(0, ("tdbsam_convert: Could not store tdbsam version\n"));
969 goto cancel;
970 }
971
972 if (dbwrap_store_int32(db, TDBSAM_MINOR_VERSION_STRING,
973 TDBSAM_MINOR_VERSION) != 0) {
974 DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor version\n"));
975 goto cancel;
976 }
977
978 if (db->transaction_commit(db) != 0) {
979 DEBUG(0, ("tdbsam_convert: Could not commit transaction\n"));
980 goto cancel;
981 }
982
983 return true;
984
985 cancel:
986 if (db->transaction_cancel(db) != 0) {
987 smb_panic("tdbsam_convert: transaction_cancel failed");
988 }
989
990 return false;
991 }
992
993 /*********************************************************************
994 Open the tdbsam file based on the absolute path specified.
995 Uses a reference count to allow multiple open calls.
996 *********************************************************************/
997
998 static bool tdbsam_open( const char *name )
999 {
1000 int32 version;
1001 int32 minor_version;
1002
1003 /* check if we are already open */
1004
1005 if ( db_sam ) {
1006 return true;
1007 }
1008
1009 /* Try to open tdb passwd. Create a new one if necessary */
1010
1011 db_sam = db_open_trans(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600);
1012 if (db_sam == NULL) {
1013 DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd "
1014 "[%s]\n", name));
1015 return false;
1016 }
1017
1018 /* Check the version */
1019 version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING);
1020 if (version == -1) {
1021 version = 0; /* Version not found, assume version 0 */
1022 }
1023
1024 /* Get the minor version */
1025 minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING);
1026 if (minor_version == -1) {
1027 minor_version = 0; /* Minor version not found, assume 0 */
1028 }
1029
1030 /* Compare the version */
1031 if (version > TDBSAM_VERSION) {
1032 /* Version more recent than the latest known */
1033 DEBUG(0, ("tdbsam_open: unknown version => %d\n", version));
1034 TALLOC_FREE(db_sam);
1035 return false;
1036 }
1037
1038 if ( version < TDBSAM_VERSION ||
1039 (version == TDBSAM_VERSION &&
1040 minor_version < TDBSAM_MINOR_VERSION) ) {
1041 /*
1042 * Ok - we think we're going to have to convert.
1043 * Due to the backup process we now must do to
1044 * upgrade we have to get a mutex and re-check
1045 * the version. Someone else may have upgraded
1046 * whilst we were checking.
1047 */
1048
1049 struct named_mutex *mtx = grab_named_mutex(NULL,
1050 "tdbsam_upgrade_mutex",
1051 600);
1052
1053 if (!mtx) {
1054 DEBUG(0, ("tdbsam_open: failed to grab mutex.\n"));
1055 TALLOC_FREE(db_sam);
1056 return false;
1057 }
1058
1059 /* Re-check the version */
1060 version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING);
1061 if (version == -1) {
1062 version = 0; /* Version not found, assume version 0 */
1063 }
1064
1065 /* Re-check the minor version */
1066 minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING);
1067 if (minor_version == -1) {
1068 minor_version = 0; /* Minor version not found, assume 0 */
1069 }
1070
1071 /* Compare the version */
1072 if (version > TDBSAM_VERSION) {
1073 /* Version more recent than the latest known */
1074 DEBUG(0, ("tdbsam_open: unknown version => %d\n", version));
1075 TALLOC_FREE(db_sam);
1076 TALLOC_FREE(mtx);
1077 return false;
1078 }
1079
1080 if ( version < TDBSAM_VERSION ||
1081 (version == TDBSAM_VERSION &&
1082 minor_version < TDBSAM_MINOR_VERSION) ) {
1083 /*
1084 * Note that minor versions we read that are greater
1085 * than the current minor version we have hard coded
1086 * are assumed to be compatible if they have the same
1087 * major version. That allows previous versions of the
1088 * passdb code that don't know about minor versions to
1089 * still use this database. JRA.
1090 */
1091
1092 DEBUG(1, ("tdbsam_open: Converting version %d.%d database to "
1093 "version %d.%d.\n",
1094 version,
1095 minor_version,
1096 TDBSAM_VERSION,
1097 TDBSAM_MINOR_VERSION));
1098
1099 if ( !tdbsam_convert(&db_sam, name, version) ) {
1100 DEBUG(0, ("tdbsam_open: Error when trying to convert "
1101 "tdbsam [%s]\n",name));
1102 TALLOC_FREE(db_sam);
1103 TALLOC_FREE(mtx);
1104 return false;
1105 }
1106
1107 DEBUG(3, ("TDBSAM converted successfully.\n"));
1108 }
1109 TALLOC_FREE(mtx);
1110 }
1111
1112 DEBUG(4,("tdbsam_open: successfully opened %s\n", name ));
1113
1114 return true;
1115 }
1116
1117 /******************************************************************
1118 Lookup a name in the SAM TDB
1119 ******************************************************************/
1120
1121 static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods,
1122 struct samu *user, const char *sname)
1123 {
1124 TDB_DATA data;
1125 fstring keystr;
1126 fstring name;
1127
1128 if ( !user ) {
1129 DEBUG(0,("pdb_getsampwnam: struct samu is NULL.\n"));
1130 return NT_STATUS_NO_MEMORY;
1131 }
1132
1133 /* Data is stored in all lower-case */
1134 fstrcpy(name, sname);
1135 strlower_m(name);
1136
1137 /* set search key */
1138 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
1139
1140 /* open the database */
1141
1142 if ( !tdbsam_open( tdbsam_filename ) ) {
1143 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
1144 return NT_STATUS_ACCESS_DENIED;
1145 }
1146
1147 /* get the record */
1148
1149 data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr);
1150 if (!data.dptr) {
1151 DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
1152 DEBUGADD(5, (" Key: %s\n", keystr));
1153 return NT_STATUS_NO_SUCH_USER;
1154 }
1155
1156 /* unpack the buffer */
1157
1158 if (!init_sam_from_buffer(user, data.dptr, data.dsize)) {
1159 DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n"));
1160 SAFE_FREE(data.dptr);
1161 return NT_STATUS_NO_MEMORY;
1162 }
1163
1164 /* success */
1165
1166 TALLOC_FREE(data.dptr);
1167
1168 return NT_STATUS_OK;
1169 }
1170
1171 /***************************************************************************
1172 Search by rid
1173 **************************************************************************/
1174
1175 static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods,
1176 struct samu *user, uint32 rid)
1177 {
1178 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1179 TDB_DATA data;
1180 fstring keystr;
1181 fstring name;
1182
1183 if ( !user ) {
1184 DEBUG(0,("pdb_getsampwrid: struct samu is NULL.\n"));
1185 return nt_status;
1186 }
1187
1188 /* set search key */
1189
1190 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
1191
1192 /* open the database */
1193
1194 if ( !tdbsam_open( tdbsam_filename ) ) {
1195 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
1196 return NT_STATUS_ACCESS_DENIED;
1197 }
1198
1199 /* get the record */
1200
1201 data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr);
1202 if (!data.dptr) {
1203 DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr));
1204 return NT_STATUS_UNSUCCESSFUL;
1205 }
1206
1207 fstrcpy(name, (const char *)data.dptr);
1208 TALLOC_FREE(data.dptr);
1209
1210 return tdbsam_getsampwnam (my_methods, user, name);
1211 }
1212
1213 static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods,
1214 struct samu * user, const DOM_SID *sid)
1215 {
1216 uint32 rid;
1217
1218 if ( !sid_peek_check_rid(get_global_sam_sid(), sid, &rid) )
1219 return NT_STATUS_UNSUCCESSFUL;
1220
1221 return tdbsam_getsampwrid(my_methods, user, rid);
1222 }
1223
1224 static bool tdb_delete_samacct_only( struct samu *sam_pass )
1225 {
1226 fstring keystr;
1227 fstring name;
1228 NTSTATUS status;
1229
1230 fstrcpy(name, pdb_get_username(sam_pass));
1231 strlower_m(name);
1232
1233 /* set the search key */
1234
1235 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
1236
1237 /* it's outaa here! 8^) */
1238
1239 status = dbwrap_delete_bystring(db_sam, keystr);
1240 if (!NT_STATUS_IS_OK(status)) {
1241 DEBUG(5, ("Error deleting entry from tdb passwd "
1242 "database: %s!\n", nt_errstr(status)));
1243 return false;
1244 }
1245
1246 return true;
1247 }
1248
1249 /***************************************************************************
1250 Delete a struct samu records for the username and RID key
1251 ****************************************************************************/
1252
1253 static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods,
1254 struct samu *sam_pass)
1255 {
1256 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
1257 fstring keystr;
1258 uint32 rid;
1259 fstring name;
1260
1261 /* open the database */
1262
1263 if ( !tdbsam_open( tdbsam_filename ) ) {
1264 DEBUG(0,("tdbsam_delete_sam_account: failed to open %s!\n",
1265 tdbsam_filename));
1266 return NT_STATUS_ACCESS_DENIED;
1267 }
1268
1269 fstrcpy(name, pdb_get_username(sam_pass));
1270 strlower_m(name);
1271
1272 /* set the search key */
1273
1274 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
1275
1276 rid = pdb_get_user_rid(sam_pass);
1277
1278 /* it's outaa here! 8^) */
1279
1280 if (db_sam->transaction_start(db_sam) != 0) {
1281 DEBUG(0, ("Could not start transaction\n"));
1282 return NT_STATUS_UNSUCCESSFUL;
1283 }
1284
1285 nt_status = dbwrap_delete_bystring(db_sam, keystr);
1286 if (!NT_STATUS_IS_OK(nt_status)) {
1287 DEBUG(5, ("Error deleting entry from tdb passwd "
1288 "database: %s!\n", nt_errstr(nt_status)));
1289 goto cancel;
1290 }
1291
1292 /* set the search key */
1293
1294 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
1295
1296 /* it's outaa here! 8^) */
1297
1298 nt_status = dbwrap_delete_bystring(db_sam, keystr);
1299 if (!NT_STATUS_IS_OK(nt_status)) {
1300 DEBUG(5, ("Error deleting entry from tdb rid "
1301 "database: %s!\n", nt_errstr(nt_status)));
1302 goto cancel;
1303 }
1304
1305 if (db_sam->transaction_commit(db_sam) != 0) {
1306 DEBUG(0, ("Could not commit transaction\n"));
1307 goto cancel;
1308 }
1309
1310 return NT_STATUS_OK;
1311
1312 cancel:
1313 if (db_sam->transaction_cancel(db_sam) != 0) {
1314 smb_panic("transaction_cancel failed");
1315 }
1316
1317 return nt_status;
1318 }
1319
1320
1321 /***************************************************************************
1322 Update the TDB SAM account record only
1323 Assumes that the tdbsam is already open
1324 ****************************************************************************/
1325 static bool tdb_update_samacct_only( struct samu* newpwd, int flag )
1326 {
1327 TDB_DATA data;
1328 uint8 *buf = NULL;
1329 fstring keystr;
1330 fstring name;
1331 bool ret = false;
1332 NTSTATUS status;
1333
1334 /* copy the struct samu struct into a BYTE buffer for storage */
1335
1336 if ( (data.dsize=init_buffer_from_sam (&buf, newpwd, False)) == -1 ) {
1337 DEBUG(0,("tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer!\n"));
1338 goto done;
1339 }
1340 data.dptr = buf;
1341
1342 fstrcpy(name, pdb_get_username(newpwd));
1343 strlower_m(name);
1344
1345 DEBUG(5, ("Storing %saccount %s with RID %d\n",
1346 flag == TDB_INSERT ? "(new) " : "", name,
1347 pdb_get_user_rid(newpwd)));
1348
1349 /* setup the USER index key */
1350 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
1351
1352 /* add the account */
1353
1354 status = dbwrap_store_bystring(db_sam, keystr, data, flag);
1355 if (!NT_STATUS_IS_OK(status)) {
1356 DEBUG(0, ("Unable to modify passwd TDB: %s!",
1357 nt_errstr(status)));
1358 goto done;
1359 }
1360
1361 ret = true;
1362
1363 done:
1364 /* cleanup */
1365 SAFE_FREE(buf);
1366 return ret;
1367 }
1368
1369 /***************************************************************************
1370 Update the TDB SAM RID record only
1371 Assumes that the tdbsam is already open
1372 ****************************************************************************/
1373 static bool tdb_update_ridrec_only( struct samu* newpwd, int flag )
1374 {
1375 TDB_DATA data;
1376 fstring keystr;
1377 fstring name;
1378 NTSTATUS status;
1379
1380 fstrcpy(name, pdb_get_username(newpwd));
1381 strlower_m(name);
1382
1383 /* setup RID data */
1384 data = string_term_tdb_data(name);
1385
1386 /* setup the RID index key */
1387 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX,
1388 pdb_get_user_rid(newpwd));
1389
1390 /* add the reference */
1391 status = dbwrap_store_bystring(db_sam, keystr, data, flag);
1392 if (!NT_STATUS_IS_OK(status)) {
1393 DEBUG(0, ("Unable to modify TDB passwd: %s!\n",
1394 nt_errstr(status)));
1395 return false;
1396 }
1397
1398 return true;
1399
1400 }
1401
1402 /***************************************************************************
1403 Update the TDB SAM
1404 ****************************************************************************/
1405
1406 static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd,
1407 int flag)
1408 {
1409 uint32_t oldrid;
1410 uint32_t newrid;
1411
1412 if (!(newrid = pdb_get_user_rid(newpwd))) {
1413 DEBUG(0,("tdb_update_sam: struct samu (%s) with no RID!\n",
1414 pdb_get_username(newpwd)));
1415 return False;
1416 }
1417
1418 oldrid = newrid;
1419
1420 /* open the database */
1421
1422 if ( !tdbsam_open( tdbsam_filename ) ) {
1423 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
1424 return False;
1425 }
1426
1427 if (db_sam->transaction_start(db_sam) != 0) {
1428 DEBUG(0, ("Could not start transaction\n"));
1429 return false;
1430 }
1431
1432 /* If we are updating, we may be changing this users RID. Retrieve the old RID
1433 so we can check. */
1434
1435 if (flag == TDB_MODIFY) {
1436 struct samu *account = samu_new(talloc_tos());
1437 if (account == NULL) {
1438 DEBUG(0,("tdb_update_sam: samu_new() failed\n"));
1439 goto cancel;
1440 }
1441 if (!NT_STATUS_IS_OK(tdbsam_getsampwnam(my_methods, account, pdb_get_username(newpwd)))) {
1442 DEBUG(0,("tdb_update_sam: tdbsam_getsampwnam() for %s failed\n",
1443 pdb_get_username(newpwd)));
1444 TALLOC_FREE(account);
1445 goto cancel;
1446 }
1447 if (!(oldrid = pdb_get_user_rid(account))) {
1448 DEBUG(0,("tdb_update_sam: pdb_get_user_rid() failed\n"));
1449 TALLOC_FREE(account);
1450 goto cancel;
1451 }
1452 TALLOC_FREE(account);
1453 }
1454
1455 /* Update the new samu entry. */
1456 if (!tdb_update_samacct_only(newpwd, flag)) {
1457 goto cancel;
1458 }
1459
1460 /* Now take care of the case where the RID changed. We need
1461 * to delete the old RID key and add the new. */
1462
1463 if (flag == TDB_MODIFY && newrid != oldrid) {
1464 fstring keystr;
1465
1466 /* Delete old RID key */
1467 DEBUG(10, ("tdb_update_sam: Deleting key for RID %u\n", oldrid));
1468 slprintf(keystr, sizeof(keystr) - 1, "%s%.8x", RIDPREFIX, oldrid);
1469 if (!NT_STATUS_IS_OK(dbwrap_delete_bystring(db_sam, keystr))) {
1470 DEBUG(0, ("tdb_update_sam: Can't delete %s\n", keystr));
1471 goto cancel;
1472 }
1473 /* Insert new RID key */
1474 DEBUG(10, ("tdb_update_sam: Inserting key for RID %u\n", newrid));
1475 if (!tdb_update_ridrec_only(newpwd, TDB_INSERT)) {
1476 goto cancel;
1477 }
1478 } else {
1479 DEBUG(10, ("tdb_update_sam: %s key for RID %u\n",
1480 flag == TDB_MODIFY ? "Updating" : "Inserting", newrid));
1481 if (!tdb_update_ridrec_only(newpwd, flag)) {
1482 goto cancel;
1483 }
1484 }
1485
1486 if (db_sam->transaction_commit(db_sam) != 0) {
1487 DEBUG(0, ("Could not commit transaction\n"));
1488 goto cancel;
1489 }
1490
1491 return true;
1492
1493 cancel:
1494 if (db_sam->transaction_cancel(db_sam) != 0) {
1495 smb_panic("transaction_cancel failed");
1496 }
1497 return false;
1498 }
1499
1500 /***************************************************************************
1501 Modifies an existing struct samu
1502 ****************************************************************************/
1503
1504 static NTSTATUS tdbsam_update_sam_account (struct pdb_methods *my_methods, struct samu *newpwd)
1505 {
1506 if ( !tdb_update_sam(my_methods, newpwd, TDB_MODIFY) )
1507 return NT_STATUS_UNSUCCESSFUL;
1508
1509 return NT_STATUS_OK;
1510 }
1511
1512 /***************************************************************************
1513 Adds an existing struct samu
1514 ****************************************************************************/
1515
1516 static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, struct samu *newpwd)
1517 {
1518 if ( !tdb_update_sam(my_methods, newpwd, TDB_INSERT) )
1519 return NT_STATUS_UNSUCCESSFUL;
1520
1521 return NT_STATUS_OK;
1522 }
1523
1524 /***************************************************************************
1525 Renames a struct samu
1526 - check for the posix user/rename user script
1527 - Add and lock the new user record
1528 - rename the posix user
1529 - rewrite the rid->username record
1530 - delete the old user
1531 - unlock the new user record
1532 ***************************************************************************/
1533 static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods,
1534 struct samu *old_acct,
1535 const char *newname)
1536 {
1537 struct samu *new_acct = NULL;
1538 char *rename_script = NULL;
1539 int rename_ret;
1540 fstring oldname_lower;
1541 fstring newname_lower;
1542
1543 /* can't do anything without an external script */
1544
1545 if ( !(new_acct = samu_new( talloc_tos() )) ) {
1546 return NT_STATUS_NO_MEMORY;
1547 }
1548
1549 rename_script = talloc_strdup(new_acct, lp_renameuser_script());
1550 if (!rename_script) {
1551 TALLOC_FREE(new_acct);
1552 return NT_STATUS_NO_MEMORY;
1553 }
1554 if (!*rename_script) {
1555 TALLOC_FREE(new_acct);
1556 return NT_STATUS_ACCESS_DENIED;
1557 }
1558
1559 if ( !pdb_copy_sam_account(new_acct, old_acct)
1560 || !pdb_set_username(new_acct, newname, PDB_CHANGED))
1561 {
1562 TALLOC_FREE(new_acct);
1563 return NT_STATUS_NO_MEMORY;
1564 }
1565
1566 /* open the database */
1567 if ( !tdbsam_open( tdbsam_filename ) ) {
1568 DEBUG(0, ("tdbsam_getsampwnam: failed to open %s!\n",
1569 tdbsam_filename));
1570 TALLOC_FREE(new_acct);
1571 return NT_STATUS_ACCESS_DENIED;
1572 }
1573
1574 if (db_sam->transaction_start(db_sam) != 0) {
1575 DEBUG(0, ("Could not start transaction\n"));
1576 TALLOC_FREE(new_acct);
1577 return NT_STATUS_ACCESS_DENIED;
1578
1579 }
1580
1581 /* add the new account and lock it */
1582 if ( !tdb_update_samacct_only(new_acct, TDB_INSERT) ) {
1583 goto cancel;
1584 }
1585
1586 /* Rename the posix user. Follow the semantics of _samr_create_user()
1587 so that we lower case the posix name but preserve the case in passdb */
1588
1589 fstrcpy( oldname_lower, pdb_get_username(old_acct) );
1590 strlower_m( oldname_lower );
1591
1592 fstrcpy( newname_lower, newname );
1593 strlower_m( newname_lower );
1594
1595 rename_script = talloc_string_sub2(new_acct,
1596 rename_script,
1597 "%unew",
1598 newname_lower,
1599 true,
1600 false,
1601 true);
1602 if (!rename_script) {
1603 goto cancel;
1604 }
1605 rename_script = talloc_string_sub2(new_acct,
1606 rename_script,
1607 "%uold",
1608 oldname_lower,
1609 true,
1610 false,
1611 true);
1612 if (!rename_script) {
1613 goto cancel;
1614 }
1615 rename_ret = smbrun(rename_script, NULL);
1616
1617 DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n",
1618 rename_script, rename_ret));
1619
1620 if (rename_ret != 0) {
1621 goto cancel;
1622 }
1623
1624 smb_nscd_flush_user_cache();
1625
1626 /* rewrite the rid->username record */
1627
1628 if ( !tdb_update_ridrec_only( new_acct, TDB_MODIFY) ) {
1629 goto cancel;
1630 }
1631
1632 tdb_delete_samacct_only( old_acct );
1633
1634 if (db_sam->transaction_commit(db_sam) != 0) {
1635 /*
1636 * Ok, we're screwed. We've changed the posix account, but
1637 * could not adapt passdb.tdb. Shall we change the posix
1638 * account back?
1639 */
1640 DEBUG(0, ("transaction_commit failed\n"));
1641 goto cancel;
1642 }
1643
1644 TALLOC_FREE(new_acct );
1645 return NT_STATUS_OK;
1646
1647 cancel:
1648 if (db_sam->transaction_cancel(db_sam) != 0) {
1649 smb_panic("transaction_cancel failed");
1650 }
1651
1652 TALLOC_FREE(new_acct);
1653
1654 return NT_STATUS_ACCESS_DENIED;
1655 }
1656
1657 static bool tdbsam_rid_algorithm(struct pdb_methods *methods)
1658 {
1659 return False;
1660 }
1661
1662 /*
1663 * Historically, winbind was responsible for allocating RIDs, so the next RID
1664 * value was stored in winbindd_idmap.tdb. It has been moved to passdb now,
1665 * but for compatibility reasons we still keep the the next RID counter in
1666 * winbindd_idmap.tdb.
1667 */
1668
1669 /*****************************************************************************
1670 Initialise idmap database. For now (Dec 2005) this is a copy of the code in
1671 sam/idmap_tdb.c. Maybe at a later stage we can remove that capability from
1672 winbind completely and store the RID counter in passdb.tdb.
1673
1674 Dont' fully initialize with the HWM values, if it's new, we're only
1675 interested in the RID counter.
1676 *****************************************************************************/
1677
1678 static bool init_idmap_tdb(TDB_CONTEXT *tdb)
1679 {
1680 int32 version;
1681
1682 if (tdb_lock_bystring(tdb, "IDMAP_VERSION") != 0) {
1683 DEBUG(0, ("Could not lock IDMAP_VERSION\n"));
1684 return False;
1685 }
1686
1687 version = tdb_fetch_int32(tdb, "IDMAP_VERSION");
1688
1689 if (version == -1) {
1690 /* No key found, must be a new db */
1691 if (tdb_store_int32(tdb, "IDMAP_VERSION",
1692 IDMAP_VERSION) != 0) {
1693 DEBUG(0, ("Could not store IDMAP_VERSION\n"));
1694 tdb_unlock_bystring(tdb, "IDMAP_VERSION");
1695 return False;
1696 }
1697 version = IDMAP_VERSION;
1698 }
1699
1700 if (version != IDMAP_VERSION) {
1701 DEBUG(0, ("Expected IDMAP_VERSION=%d, found %d. Please "
1702 "start winbind once\n", IDMAP_VERSION, version));
1703 tdb_unlock_bystring(tdb, "IDMAP_VERSION");
1704 return False;
1705 }
1706
1707 tdb_unlock_bystring(tdb, "IDMAP_VERSION");
1708 return True;
1709 }
1710
1711 static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid)
1712 {
1713 TDB_CONTEXT *tdb;
1714 uint32 rid;
1715 bool ret = False;
1716
1717 tdb = tdb_open_log(state_path("winbindd_idmap.tdb"), 0,
1718 TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
1719
1720 if (tdb == NULL) {
1721 DEBUG(1, ("Could not open idmap: %s\n", strerror(errno)));
1722 goto done;
1723 }
1724
1725 if (!init_idmap_tdb(tdb)) {
1726 DEBUG(1, ("Could not init idmap\n"));
1727 goto done;
1728 }
1729
1730 rid = BASE_RID; /* Default if not set */
1731
1732 if (!tdb_change_uint32_atomic(tdb, "RID_COUNTER", &rid, 1)) {
1733 DEBUG(3, ("tdbsam_new_rid: Failed to increase RID_COUNTER\n"));
1734 goto done;
1735 }
1736
1737 *prid = rid;
1738 ret = True;
1739
1740 done:
1741 if ((tdb != NULL) && (tdb_close(tdb) != 0)) {
1742 smb_panic("tdb_close(idmap_tdb) failed");
1743 }
1744
1745 return ret;
1746 }
1747
1748 struct tdbsam_search_state {
1749 struct pdb_methods *methods;
1750 uint32_t acct_flags;
1751
1752 uint32_t *rids;
1753 uint32_t num_rids;
1754 ssize_t array_size;
1755 uint32_t current;
1756 };
1757
1758 static int tdbsam_collect_rids(struct db_record *rec, void *private_data)
1759 {
1760 struct tdbsam_search_state *state = talloc_get_type_abort(
1761 private_data, struct tdbsam_search_state);
1762 size_t prefixlen = strlen(RIDPREFIX);
1763 uint32 rid;
1764
1765 if ((rec->key.dsize < prefixlen)
1766 || (strncmp((char *)rec->key.dptr, RIDPREFIX, prefixlen))) {
1767 return 0;
1768 }
1769
1770 rid = strtoul((char *)rec->key.dptr+prefixlen, NULL, 16);
1771
1772 ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids,
1773 &state->array_size);
1774
1775 return 0;
1776 }
1777
1778 static void tdbsam_search_end(struct pdb_search *search)
1779 {
1780 struct tdbsam_search_state *state = talloc_get_type_abort(
1781 search->private_data, struct tdbsam_search_state);
1782 TALLOC_FREE(state);
1783 }
1784
1785 static bool tdbsam_search_next_entry(struct pdb_search *search,
1786 struct samr_displayentry *entry)
1787 {
1788 struct tdbsam_search_state *state = talloc_get_type_abort(
1789 search->private_data, struct tdbsam_search_state);
1790 struct samu *user = NULL;
1791 NTSTATUS status;
1792 uint32_t rid;
1793
1794 again:
1795 TALLOC_FREE(user);
1796 user = samu_new(talloc_tos());
1797 if (user == NULL) {
1798 DEBUG(0, ("samu_new failed\n"));
1799 return false;
1800 }
1801
1802 if (state->current == state->num_rids) {
1803 return false;
1804 }
1805
1806 rid = state->rids[state->current++];
1807
1808 status = tdbsam_getsampwrid(state->methods, user, rid);
1809
1810 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
1811 /*
1812 * Someone has deleted that user since we listed the RIDs
1813 */
1814 goto again;
1815 }
1816
1817 if (!NT_STATUS_IS_OK(status)) {
1818 DEBUG(10, ("tdbsam_getsampwrid failed: %s\n",
1819 nt_errstr(status)));
1820 TALLOC_FREE(user);
1821 return false;
1822 }
1823
1824 if ((state->acct_flags != 0) &&
1825 ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) {
1826 goto again;
1827 }
1828
1829 entry->acct_flags = pdb_get_acct_ctrl(user);
1830 entry->rid = rid;
1831 entry->account_name = talloc_strdup(
1832 search->mem_ctx, pdb_get_username(user));
1833 entry->fullname = talloc_strdup(
1834 search->mem_ctx, pdb_get_fullname(user));
1835 entry->description = talloc_strdup(
1836 search->mem_ctx, pdb_get_acct_desc(user));
1837
1838 TALLOC_FREE(user);
1839
1840 if ((entry->account_name == NULL) || (entry->fullname == NULL)
1841 || (entry->description == NULL)) {
1842 DEBUG(0, ("talloc_strdup failed\n"));
1843 return false;
1844 }
1845
1846 return true;
1847 }
1848
1849 static bool tdbsam_search_users(struct pdb_methods *methods,
1850 struct pdb_search *search,
1851 uint32 acct_flags)
1852 {
1853 struct tdbsam_search_state *state;
1854
1855 if (!tdbsam_open(tdbsam_filename)) {
1856 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n",
1857 tdbsam_filename));
1858 return false;
1859 }
1860
1861 state = TALLOC_ZERO_P(search->mem_ctx, struct tdbsam_search_state);
1862 if (state == NULL) {
1863 DEBUG(0, ("talloc failed\n"));
1864 return false;
1865 }
1866 state->acct_flags = acct_flags;
1867 state->methods = methods;
1868
1869 db_sam->traverse_read(db_sam, tdbsam_collect_rids, state);
1870
1871 search->private_data = state;
1872 search->next_entry = tdbsam_search_next_entry;
1873 search->search_end = tdbsam_search_end;
1874
1875 return true;
1876 }
1877
1878 /*********************************************************************
1879 Initialize the tdb sam backend. Setup the dispath table of methods,
1880 open the tdb, etc...
1881 *********************************************************************/
1882
1883 static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *location)
1884 {
1885 NTSTATUS nt_status;
1886 char *tdbfile = NULL;
1887 const char *pfile = location;
1888
1889 if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) {
1890 return nt_status;
1891 }
1892
1893 (*pdb_method)->name = "tdbsam";
1894
1895 (*pdb_method)->getsampwnam = tdbsam_getsampwnam;
1896 (*pdb_method)->getsampwsid = tdbsam_getsampwsid;
1897 (*pdb_method)->add_sam_account = tdbsam_add_sam_account;
1898 (*pdb_method)->update_sam_account = tdbsam_update_sam_account;
1899 (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
1900 (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account;
1901 (*pdb_method)->search_users = tdbsam_search_users;
1902
1903 (*pdb_method)->rid_algorithm = tdbsam_rid_algorithm;
1904 (*pdb_method)->new_rid = tdbsam_new_rid;
1905
1906 /* save the path for later */
1907
1908 if (!location) {
1909 if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
1910 PASSDB_FILE_NAME) < 0) {
1911 return NT_STATUS_NO_MEMORY;
1912 }
1913 pfile = tdbfile;
1914 }
1915 tdbsam_filename = SMB_STRDUP(pfile);
1916 if (!tdbsam_filename) {
1917 return NT_STATUS_NO_MEMORY;
1918 }
1919 SAFE_FREE(tdbfile);
1920
1921 /* no private data */
1922
1923 (*pdb_method)->private_data = NULL;
1924 (*pdb_method)->free_private_data = NULL;
1925
1926 return NT_STATUS_OK;
1927 }
1928
1929 NTSTATUS pdb_tdbsam_init(void)
1930 {
1931 return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
1932 }
Samba GIT mirror