search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
The code is a bit of a mess right now.
[Samba/gbeck.git] / source3 / sam / interface.c
blob51ae561999c40de946c4d239c3276827c4285a5b
1 /*
2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Stefan (metze) Metzmacher 2002
7 Copyright (C) Kai Krüger 2002
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_SAM
28
29 extern DOM_SID global_sid_Builtin;
30
31 /** List of various built-in sam modules */
32
33 const struct sam_init_function_entry builtin_sam_init_functions[] = {
34 { "plugin", sam_init_plugin },
35 #ifdef HAVE_LDAP
36 { "ads", sam_init_ads },
37 #endif
38 { "skel", sam_init_skel },
39 { NULL, NULL}
40 };
41
42
43 static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
44 {
45 SAM_METHODS *tmp_methods;
46
47 DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
48
49 /* invalid sam_context specified */
50 SAM_ASSERT(context && context->methods);
51
52 tmp_methods = context->methods;
53
54 while (tmp_methods) {
55 if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
56 {
57 (*sam_method) = tmp_methods;
58 return NT_STATUS_OK;
59 }
60 tmp_methods = tmp_methods->next;
61 }
62
63 DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
64
65 return NT_STATUS_NO_SUCH_DOMAIN;
66 }
67
68 static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
69 {
70 SAM_METHODS *tmp_methods;
71
72 DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
73
74 /* invalid sam_context specified */
75 SAM_ASSERT(context && context->methods);
76
77 tmp_methods = context->methods;
78
79 while (tmp_methods) {
80 if (strequal(domainname, tmp_methods->domain_name))
81 {
82 (*sam_method) = tmp_methods;
83 return NT_STATUS_OK;
84 }
85 tmp_methods = tmp_methods->next;
86 }
87
88 DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
89
90 return NT_STATUS_NO_SUCH_DOMAIN;
91 }
92
93 static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
94 {
95 *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
96
97 if (!*methods) {
98 return NT_STATUS_NO_MEMORY;
99 }
100
101 ZERO_STRUCTP(*methods);
102
103 return NT_STATUS_OK;
104 }
105
106 /******************************************************************
107 Free and cleanup a sam context, any associated data and anything
108 that the attached modules might have associated.
109 *******************************************************************/
110
111 void free_sam_context(SAM_CONTEXT **context)
112 {
113 SAM_METHODS *sam_selected = (*context)->methods;
114
115 while (sam_selected) {
116 if (sam_selected->free_private_data) {
117 sam_selected->free_private_data(&(sam_selected->private_data));
118 }
119 sam_selected = sam_selected->next;
120 }
121
122 talloc_destroy((*context)->mem_ctx);
123 *context = NULL;
124 }
125
126 /******************************************************************
127 Make a backend_entry from scratch
128 *******************************************************************/
129
130 static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
131 {
132 char *tmp = NULL;
133 char *tmp_string = sam_backend_string;
134
135 DEBUG(5,("make_backend_entry: %d\n", __LINE__));
136
137 SAM_ASSERT(sam_backend_string && backend_entry);
138
139 backend_entry->module_name = sam_backend_string;
140
141 DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
142
143 if ((tmp = strrchr(tmp_string, '|')) != NULL) {
144 DEBUGADD(20,("a domain name has been specified\n"));
145 *tmp = 0;
146 backend_entry->domain_name = smb_xstrdup(tmp + 1);
147 tmp_string = tmp + 1;
148 }
149
150 if ((tmp = strchr(tmp_string, ':')) != NULL) {
151 DEBUG(20,("options for the backend have been specified\n"));
152 *tmp = 0;
153 backend_entry->module_params = smb_xstrdup(tmp + 1);
154 tmp_string = tmp + 1;
155 }
156
157 if (backend_entry->domain_name == NULL) {
158 DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
159 backend_entry->module_name, lp_workgroup()));
160 backend_entry->domain_name = smb_xstrdup(lp_workgroup());
161 }
162
163 if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
164 DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
165 return NT_STATUS_NO_MEMORY;
166 }
167
168 DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
169
170 if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
171 DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
172 backend_entry->domain_name));
173 DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
174 ZERO_STRUCTP(backend_entry->domain_sid);
175 }
176
177 DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
178 backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
179
180 return NT_STATUS_OK;
181 }
182
183 /******************************************************************
184 create sam_methods struct based on sam_backend_entry
185 *****************************************************************/
186
187 static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
188 {
189 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
190 SAM_METHODS *methods;
191 int i;
192
193 DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
194
195 if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
196 return nt_status;
197 }
198
199 methods = *methods_ptr;
200 methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
201 methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
202 sid_copy(&methods->domain_sid, backend_entry->domain_sid);
203 methods->parent = context;
204
205 DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
206 for (i = 0; builtin_sam_init_functions[i].module_name; i++)
207 {
208 if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
209 {
210 DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
211 DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
212 nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
213 if (NT_STATUS_IS_OK(nt_status)) {
214 DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
215 } else {
216 DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
217 backend_entry->module_name, nt_errstr(nt_status)));
218 }
219 return nt_status;
220 }
221 }
222
223 DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
224
225 return NT_STATUS_INVALID_PARAMETER;
226 }
227
228 static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
229 {
230 SAM_BACKEND_ENTRY entry;
231 DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
232 SAM_METHODS *methods, *tmpmethods;
233 NTSTATUS ntstatus;
234
235 DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
236
237 /* Make sure domain lp_workgroup() is available */
238
239 ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
240
241 if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
242 DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
243 lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
244
245 SAM_ASSERT(global_sam_sid);
246
247 entry.module_name = SAM_DEFAULT_BACKEND;
248 entry.module_params = NULL;
249 entry.domain_name = lp_workgroup();
250 entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
251 sid_copy(entry.domain_sid, global_sam_sid);
252
253 if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
254 DEBUG(4,("make_sam_methods_backend_entry failed\n"));
255 return ntstatus;
256 }
257
258 DLIST_ADD_END(context->methods, methods, tmpmethods);
259
260 } else if (!NT_STATUS_IS_OK(ntstatus)) {
261 DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
262 return ntstatus;
263 }
264
265 /* Make sure the BUILTIN domain is available */
266
267 ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
268
269 if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
270 DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
271 SAM_DEFAULT_BACKEND));
272 entry.module_name = SAM_DEFAULT_BACKEND;
273 entry.module_params = NULL;
274 entry.domain_name = "BUILTIN";
275 entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
276 sid_copy(entry.domain_sid, &global_sid_Builtin);
277
278 if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
279 DEBUG(4,("make_sam_methods_backend_entry failed\n"));
280 return ntstatus;
281 }
282
283 DLIST_ADD_END(context->methods, methods, tmpmethods);
284 } else if (!NT_STATUS_IS_OK(ntstatus)) {
285 DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
286 return ntstatus;
287 }
288
289 return NT_STATUS_OK;
290 }
291
292 static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
293 {
294 int i, j;
295
296 DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
297
298 for (i = 0; i < *nBackends; i++) {
299 for (j = i + 1; j < *nBackends; j++) {
300 if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
301 DEBUG(0,("two backend modules claim the same domain %s\n",
302 sid_string_static((*backend_entries)[j].domain_sid)));
303 return NT_STATUS_INVALID_PARAMETER;
304 }
305 }
306 }
307
308 return NT_STATUS_OK;
309 }
310
311 NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
312 {
313 int i = 0, j = 0;
314 SAM_METHODS *curmethods, *tmpmethods;
315 int nBackends = 0;
316 SAM_BACKEND_ENTRY *backends = NULL;
317 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
318
319 DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
320
321 if (!sam_backends_param) {
322 DEBUG(1, ("no SAM backeds specified!\n"));
323 return NT_STATUS_INVALID_PARAMETER;
324 }
325
326 if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
327 DEBUG(4,("make_sam_context failed\n"));
328 return nt_status;
329 }
330
331 while (sam_backends_param[nBackends])
332 nBackends++;
333
334 DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
335
336 if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
337 DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
338 return NT_STATUS_NO_MEMORY;
339 }
340
341 memset(backends, '\0', sizeof(*backends)*nBackends);
342
343 for (i = 0; i < nBackends; i++) {
344 DEBUG(8,("processing %s\n",sam_backends_param[i]));
345 if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
346 DEBUG(4,("make_backend_entry failed\n"));
347 for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
348 SAFE_FREE(backends);
349 free_sam_context(context);
350 return nt_status;
351 }
352 }
353
354 if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
355 DEBUG(4,("check_duplicate_backend_entries failed\n"));
356 for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
357 SAFE_FREE(backends);
358 free_sam_context(context);
359 return nt_status;
360 }
361
362 for (i = 0; i < nBackends; i++) {
363 if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
364 DEBUG(4,("make_sam_methods_backend_entry failed\n"));
365 for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
366 SAFE_FREE(backends);
367 free_sam_context(context);
368 return nt_status;
369 }
370 DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
371 }
372
373 for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
374
375 SAFE_FREE(backends);
376 return NT_STATUS_OK;
377 }
378
379 /******************************************************************
380 Make a sam_context from scratch.
381 *******************************************************************/
382
383 NTSTATUS make_sam_context(SAM_CONTEXT **context)
384 {
385 TALLOC_CTX *mem_ctx;
386
387 mem_ctx = talloc_init("sam_context internal allocation context");
388
389 if (!mem_ctx) {
390 DEBUG(0, ("make_sam_context: talloc init failed!\n"));
391 return NT_STATUS_NO_MEMORY;
392 }
393
394 *context = talloc(mem_ctx, sizeof(**context));
395 if (!*context) {
396 DEBUG(0, ("make_sam_context: talloc failed!\n"));
397 return NT_STATUS_NO_MEMORY;
398 }
399
400 ZERO_STRUCTP(*context);
401
402 (*context)->mem_ctx = mem_ctx;
403
404 (*context)->free_fn = free_sam_context;
405
406 return NT_STATUS_OK;
407 }
408
409 /******************************************************************
410 Return an already initialised sam_context, to facilitate backward
411 compatibility (see functions below).
412 *******************************************************************/
413
414 static struct sam_context *sam_get_static_context(BOOL reload)
415 {
416 static SAM_CONTEXT *sam_context = NULL;
417
418 if ((sam_context) && (reload)) {
419 sam_context->free_fn(&sam_context);
420 sam_context = NULL;
421 }
422
423 if (!sam_context) {
424 if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
425 DEBUG(4,("make_sam_context_list failed\n"));
426 return NULL;
427 }
428
429 /* Make sure the required domains (default domain, builtin) are available */
430 if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
431 DEBUG(4,("sam_context_check_default_backends failed\n"));
432 return NULL;
433 }
434 }
435
436 return sam_context;
437 }
438
439 /***************************************************************
440 Initialize the static context (at smbd startup etc).
441
442 If uninitialised, context will auto-init on first use.
443 ***************************************************************/
444
445 BOOL initialize_sam(BOOL reload)
446 {
447 return (sam_get_static_context(reload) != NULL);
448 }
449
450
451 /**************************************************************
452 External API. This is what the rest of the world calls...
453 ***************************************************************/
454
455 /******************************************************************
456 sam_* functions are used to link the external SAM interface
457 with the internal backends. These functions lookup the appropriate
458 backends for the domain and pass on to the function in sam_methods
459 in the selected backend
460
461 When the context parmater is NULL, the default is used.
462 *******************************************************************/
463
464 #define SAM_SETUP_CONTEXT if (!context) \
465 context = sam_get_static_context(False);\
466 if (!context) {\
467 return NT_STATUS_UNSUCCESSFUL; \
468 }\
469
470
471
472 NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
473 {
474 SAM_METHODS *tmp_methods;
475 NTSTATUS nt_status;
476
477 DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
478
479 SAM_SETUP_CONTEXT;
480
481 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
482 DEBUG(4,("sam_get_methods_by_sid failed\n"));
483 return nt_status;
484 }
485
486 if (!tmp_methods->sam_get_sec_desc) {
487 DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
488 return NT_STATUS_NOT_IMPLEMENTED;
489 }
490
491 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
492 DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
493 return nt_status;
494 }
495
496 return NT_STATUS_OK;
497 }
498
499 NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
500 {
501 SAM_METHODS *tmp_methods;
502 NTSTATUS nt_status;
503
504 DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
505
506 SAM_SETUP_CONTEXT;
507
508 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
509 DEBUG(4,("sam_get_methods_by_sid failed\n"));
510 return nt_status;
511 }
512
513 if (!tmp_methods->sam_set_sec_desc) {
514 DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
515 return NT_STATUS_NOT_IMPLEMENTED;
516 }
517
518 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
519 DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
520 return nt_status;
521 }
522
523 return NT_STATUS_OK;
524 }
525
526
527 NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
528 {
529 SAM_METHODS *tmp_methods;
530 NTSTATUS nt_status;
531
532 DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
533
534 SAM_SETUP_CONTEXT;
535
536 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
537 DEBUG(4,("sam_get_methods_by_name failed\n"));
538 return nt_status;
539 }
540
541 if (!tmp_methods->sam_lookup_name) {
542 DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
543 return NT_STATUS_NOT_IMPLEMENTED;
544 }
545
546 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
547 DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
548 tmp_methods->domain_name, name, tmp_methods->backendname));
549 return nt_status;
550 }
551
552 return NT_STATUS_OK;
553 }
554
555 NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
556 {
557 SAM_METHODS *tmp_methods;
558 uint32 rid;
559 NTSTATUS nt_status;
560 DOM_SID domainsid;
561
562 DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
563
564 SAM_SETUP_CONTEXT;
565
566 sid_copy(&domainsid, sid);
567 if (!sid_split_rid(&domainsid, &rid)) {
568 DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
569 return NT_STATUS_INVALID_SID;
570 }
571
572 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
573 DEBUG(4,("sam_get_methods_by_sid failed\n"));
574 return nt_status;
575 }
576
577 if (!tmp_methods->sam_lookup_sid) {
578 DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
579 return NT_STATUS_NOT_IMPLEMENTED;
580 }
581
582 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
583 DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
584 sid_string_static(sid), tmp_methods->backendname));
585 return nt_status;
586 }
587
588 return NT_STATUS_OK;
589 }
590
591
592 NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
593 {
594 const SAM_METHODS *tmp_methods;
595 NTSTATUS nt_status;
596
597 DEBUG(5,("sam_update_domain: %d\n", __LINE__));
598
599 SAM_SETUP_CONTEXT;
600
601 /* invalid domain specified */
602 SAM_ASSERT(domain && domain->current_sam_methods);
603
604 tmp_methods = domain->current_sam_methods;
605
606 if (!tmp_methods->sam_update_domain) {
607 DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
608 return NT_STATUS_NOT_IMPLEMENTED;
609 }
610
611 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
612 DEBUG(4,("sam_update_domain in backend %s failed\n",
613 tmp_methods->backendname));
614 return nt_status;
615 }
616
617 return NT_STATUS_OK;
618 }
619
620 NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
621 {
622 SAM_METHODS *tmp_methods;
623 NTSTATUS nt_status;
624
625 SEC_DESC *sd;
626 size_t sd_size;
627 uint32 acc_granted;
628 int i = 0;
629
630 DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
631
632 SAM_SETUP_CONTEXT;
633
634 /* invalid parmaters specified */
635 SAM_ASSERT(domain_count && domains && domain_names);
636
637 if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
638 DEBUG(4,("samr_make_sam_obj_sd failed\n"));
639 return nt_status;
640 }
641
642 if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
643 DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
644 return nt_status;
645 }
646
647 tmp_methods= context->methods;
648 *domain_count = 0;
649
650 while (tmp_methods) {
651 (*domain_count)++;
652 tmp_methods= tmp_methods->next;
653 }
654
655 DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
656
657 tmp_methods = context->methods;
658
659 if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
660 DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
661 return NT_STATUS_NO_MEMORY;
662 }
663
664 if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
665 DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
666 SAFE_FREE((*domains));
667 return NT_STATUS_NO_MEMORY;
668 }
669
670 while (tmp_methods) {
671 DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
672 sid_copy(domains[i],&tmp_methods->domain_sid);
673 *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
674 i++;
675 tmp_methods= tmp_methods->next;
676 }
677
678 return NT_STATUS_OK;
679 }
680
681 NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
682 {
683 SAM_METHODS *tmp_methods;
684 NTSTATUS nt_status;
685
686 SEC_DESC *sd;
687 size_t sd_size;
688 uint32 acc_granted;
689
690 DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
691
692 SAM_SETUP_CONTEXT;
693
694 /* invalid paramters */
695 SAM_ASSERT(access_token && domain && domainsid);
696
697 if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
698 DEBUG(4,("samr_make_sam_obj_sd failed\n"));
699 return nt_status;
700 }
701
702 if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
703 DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
704 return nt_status;
705 }
706
707 tmp_methods= context->methods;
708
709 while (tmp_methods) {
710 if (strcmp(domain, tmp_methods->domain_name) == 0) {
711 (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
712 sid_copy((*domainsid), &tmp_methods->domain_sid);
713 return NT_STATUS_OK;
714 }
715 tmp_methods= tmp_methods->next;
716 }
717
718 return NT_STATUS_NO_SUCH_DOMAIN;
719 }
720
721
722 NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
723 {
724 SAM_METHODS *tmp_methods;
725 NTSTATUS nt_status;
726
727 DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
728
729 SAM_SETUP_CONTEXT;
730
731 SAM_ASSERT(access_token && domainsid && domain);
732
733 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
734 DEBUG(4,("sam_get_methods_by_sid failed\n"));
735 return nt_status;
736 }
737
738 if (!tmp_methods->sam_get_domain_handle) {
739 DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
740 return NT_STATUS_NOT_IMPLEMENTED;
741 }
742
743 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
744 DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
745 sid_string_static(domainsid), tmp_methods->backendname));
746 return nt_status;
747 }
748
749 return NT_STATUS_OK;
750 }
751
752 NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
753 {
754 SAM_METHODS *tmp_methods;
755 NTSTATUS nt_status;
756
757 DEBUG(5,("sam_create_account: %d\n", __LINE__));
758
759 SAM_SETUP_CONTEXT;
760
761 /* invalid parmaters */
762 SAM_ASSERT(access_token && domainsid && account_name && account);
763
764 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
765 DEBUG(4,("sam_get_methods_by_sid failed\n"));
766 return nt_status;
767 }
768
769 if (!tmp_methods->sam_create_account) {
770 DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
771 return NT_STATUS_NOT_IMPLEMENTED;
772 }
773
774 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
775 DEBUG(4,("sam_create_account in backend %s failed\n",
776 tmp_methods->backendname));
777 return nt_status;
778 }
779
780 return NT_STATUS_OK;
781 }
782
783 NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
784 {
785 DOM_SID domainsid;
786 const DOM_SID *accountsid;
787 SAM_METHODS *tmp_methods;
788 uint32 rid;
789 NTSTATUS nt_status;
790
791 DEBUG(5,("sam_add_account: %d\n", __LINE__));
792
793 SAM_SETUP_CONTEXT;
794
795 /* invalid parmaters */
796 SAM_ASSERT(account);
797
798 if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
799 DEBUG(0,("Can't get account SID\n"));
800 return nt_status;
801 }
802
803 sid_copy(&domainsid, accountsid);
804 if (!sid_split_rid(&domainsid, &rid)) {
805 DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
806 return NT_STATUS_INVALID_SID;
807 }
808
809 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
810 DEBUG(4,("sam_get_methods_by_sid failed\n"));
811 return nt_status;
812 }
813
814 if (!tmp_methods->sam_add_account) {
815 DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
816 return NT_STATUS_NOT_IMPLEMENTED;
817 }
818
819 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
820 DEBUG(4,("sam_add_account in backend %s failed\n",
821 tmp_methods->backendname));
822 return nt_status;
823 }
824
825 return NT_STATUS_OK;
826 }
827
828 NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
829 {
830 const SAM_METHODS *tmp_methods;
831 NTSTATUS nt_status;
832
833 DEBUG(5,("sam_update_account: %d\n", __LINE__));
834
835 SAM_SETUP_CONTEXT;
836
837 /* invalid account specified */
838 SAM_ASSERT(account && account->current_sam_methods);
839
840 tmp_methods = account->current_sam_methods;
841
842 if (!tmp_methods->sam_update_account) {
843 DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
844 return NT_STATUS_NOT_IMPLEMENTED;
845 }
846
847 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
848 DEBUG(4,("sam_update_account in backend %s failed\n",
849 tmp_methods->backendname));
850 return nt_status;
851 }
852
853 return NT_STATUS_OK;
854 }
855
856 NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
857 {
858 const SAM_METHODS *tmp_methods;
859 NTSTATUS nt_status;
860
861 DEBUG(5,("sam_delete_account: %d\n", __LINE__));
862
863 SAM_SETUP_CONTEXT;
864
865 /* invalid account specified */
866 SAM_ASSERT(account && account->current_sam_methods);
867
868 tmp_methods = account->current_sam_methods;
869
870 if (!tmp_methods->sam_delete_account) {
871 DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
872 return NT_STATUS_NOT_IMPLEMENTED;
873 }
874
875 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
876 DEBUG(4,("sam_delete_account in backend %s failed\n",
877 tmp_methods->backendname));
878 return nt_status;
879 }
880
881 return NT_STATUS_OK;
882 }
883
884 NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
885 {
886 SAM_METHODS *tmp_methods;
887 NTSTATUS nt_status;
888
889 DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
890
891 SAM_SETUP_CONTEXT;
892
893 SAM_ASSERT(access_token && domainsid && account_count && accounts);
894
895 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
896 DEBUG(4,("sam_get_methods_by_sid failed\n"));
897 return nt_status;
898 }
899
900 if (!tmp_methods->sam_enum_accounts) {
901 DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
902 return NT_STATUS_NOT_IMPLEMENTED;
903 }
904
905 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
906 DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
907 tmp_methods->domain_name, tmp_methods->backendname));
908 return nt_status;
909 }
910
911 return NT_STATUS_OK;
912 }
913
914
915 NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
916 {
917 SAM_METHODS *tmp_methods;
918 uint32 rid;
919 DOM_SID domainsid;
920 NTSTATUS nt_status;
921
922 DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
923
924 SAM_SETUP_CONTEXT;
925
926 SAM_ASSERT(access_token && accountsid && account);
927
928 sid_copy(&domainsid, accountsid);
929 if (!sid_split_rid(&domainsid, &rid)) {
930 DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
931 return NT_STATUS_INVALID_SID;
932 }
933
934
935 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
936 DEBUG(4,("sam_get_methods_by_sid failed\n"));
937 return nt_status;
938 }
939
940 if (!tmp_methods->sam_get_account_by_sid) {
941 DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
942 return NT_STATUS_NOT_IMPLEMENTED;
943 }
944
945 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
946 DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
947 sid_string_static(accountsid), tmp_methods->backendname));
948 return nt_status;
949 }
950
951 return NT_STATUS_OK;
952 }
953
954 NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
955 {
956 SAM_METHODS *tmp_methods;
957 NTSTATUS nt_status;
958
959 DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
960
961 SAM_SETUP_CONTEXT;
962
963 SAM_ASSERT(access_token && domain && name && account);
964
965 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
966 DEBUG(4,("sam_get_methods_by_name failed\n"));
967 return nt_status;
968 }
969
970 if (!tmp_methods->sam_get_account_by_name) {
971 DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
972 return NT_STATUS_NOT_IMPLEMENTED;
973 }
974
975 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
976 DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
977 domain, name, tmp_methods->backendname));
978 return nt_status;
979 }
980
981 return NT_STATUS_OK;
982 }
983
984 NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
985 {
986 SAM_METHODS *tmp_methods;
987 NTSTATUS nt_status;
988
989 DEBUG(5,("sam_create_group: %d\n", __LINE__));
990
991 SAM_SETUP_CONTEXT;
992
993 SAM_ASSERT(access_token && domainsid && group_name && group);
994
995 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
996 DEBUG(4,("sam_get_methods_by_sid failed\n"));
997 return nt_status;
998 }
999
1000 if (!tmp_methods->sam_create_group) {
1001 DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
1002 return NT_STATUS_UNSUCCESSFUL;
1003 }
1004
1005 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
1006 DEBUG(4,("sam_create_group in backend %s failed\n",
1007 tmp_methods->backendname));
1008 return nt_status;
1009 }
1010
1011 return NT_STATUS_OK;
1012 }
1013
1014 NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
1015 {
1016 DOM_SID domainsid;
1017 const DOM_SID *groupsid;
1018 SAM_METHODS *tmp_methods;
1019 uint32 rid;
1020 NTSTATUS nt_status;
1021
1022 DEBUG(5,("sam_add_group: %d\n", __LINE__));
1023
1024 SAM_SETUP_CONTEXT;
1025
1026 SAM_ASSERT(group);
1027
1028 if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
1029 DEBUG(0,("Can't get group SID\n"));
1030 return nt_status;
1031 }
1032
1033 sid_copy(&domainsid, groupsid);
1034 if (!sid_split_rid(&domainsid, &rid)) {
1035 DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
1036 return NT_STATUS_INVALID_SID;
1037 }
1038
1039 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
1040 DEBUG(4,("sam_get_methods_by_sid failed\n"));
1041 return nt_status;
1042 }
1043
1044 if (!tmp_methods->sam_add_group) {
1045 DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
1046 return NT_STATUS_NOT_IMPLEMENTED;
1047 }
1048
1049 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
1050 DEBUG(4,("sam_add_group in backend %s failed\n",
1051 tmp_methods->backendname));
1052 return nt_status;
1053 }
1054
1055 return NT_STATUS_OK;
1056 }
1057
1058 NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
1059 {
1060 const SAM_METHODS *tmp_methods;
1061 NTSTATUS nt_status;
1062
1063 DEBUG(5,("sam_update_group: %d\n", __LINE__));
1064
1065 SAM_SETUP_CONTEXT;
1066
1067 /* invalid group specified */
1068 SAM_ASSERT(group && group->current_sam_methods);
1069
1070 tmp_methods = group->current_sam_methods;
1071
1072 if (!tmp_methods->sam_update_group) {
1073 DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
1074 return NT_STATUS_NOT_IMPLEMENTED;
1075 }
1076
1077 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
1078 DEBUG(4,("sam_update_group in backend %s failed\n",
1079 tmp_methods->backendname));
1080 return nt_status;
1081 }
1082
1083 return NT_STATUS_OK;
1084 }
1085
1086 NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
1087 {
1088 const SAM_METHODS *tmp_methods;
1089 NTSTATUS nt_status;
1090
1091 DEBUG(5,("sam_delete_group: %d\n", __LINE__));
1092
1093 SAM_SETUP_CONTEXT;
1094
1095 /* invalid group specified */
1096 SAM_ASSERT(group && group->current_sam_methods);
1097
1098 tmp_methods = group->current_sam_methods;
1099
1100 if (!tmp_methods->sam_delete_group) {
1101 DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
1102 return NT_STATUS_NOT_IMPLEMENTED;
1103 }
1104
1105 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
1106 DEBUG(4,("sam_delete_group in backend %s failed\n",
1107 tmp_methods->backendname));
1108 return nt_status;
1109 }
1110
1111 return NT_STATUS_OK;
1112 }
1113
1114 NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
1115 {
1116 SAM_METHODS *tmp_methods;
1117 NTSTATUS nt_status;
1118
1119 DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
1120
1121 SAM_SETUP_CONTEXT;
1122
1123 SAM_ASSERT(access_token && domainsid && groups_count && groups);
1124
1125 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
1126 DEBUG(4,("sam_get_methods_by_sid failed\n"));
1127 return nt_status;
1128 }
1129
1130 if (!tmp_methods->sam_enum_accounts) {
1131 DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
1132 return NT_STATUS_NOT_IMPLEMENTED;
1133 }
1134
1135 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
1136 DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
1137 tmp_methods->domain_name, tmp_methods->backendname));
1138 return nt_status;
1139 }
1140
1141 return NT_STATUS_OK;
1142 }
1143
1144 NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
1145 {
1146 SAM_METHODS *tmp_methods;
1147 uint32 rid;
1148 NTSTATUS nt_status;
1149 DOM_SID domainsid;
1150
1151 DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
1152
1153 SAM_SETUP_CONTEXT;
1154
1155 SAM_ASSERT(access_token && groupsid && group);
1156
1157 sid_copy(&domainsid, groupsid);
1158 if (!sid_split_rid(&domainsid, &rid)) {
1159 DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
1160 return NT_STATUS_INVALID_SID;
1161 }
1162
1163
1164 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
1165 DEBUG(4,("sam_get_methods_by_sid failed\n"));
1166 return nt_status;
1167 }
1168
1169 if (!tmp_methods->sam_get_group_by_sid) {
1170 DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
1171 return NT_STATUS_NOT_IMPLEMENTED;
1172 }
1173
1174 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
1175 DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
1176 sid_string_static(groupsid), tmp_methods->backendname));
1177 return nt_status;
1178 }
1179
1180 return NT_STATUS_OK;
1181 }
1182
1183 NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
1184 {
1185 SAM_METHODS *tmp_methods;
1186 NTSTATUS nt_status;
1187
1188 DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
1189
1190 SAM_SETUP_CONTEXT;
1191
1192 SAM_ASSERT(access_token && domain && name && group);
1193
1194 if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
1195 DEBUG(4,("sam_get_methods_by_name failed\n"));
1196 return nt_status;
1197 }
1198
1199 if (!tmp_methods->sam_get_group_by_name) {
1200 DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
1201 return NT_STATUS_NOT_IMPLEMENTED;
1202 }
1203
1204 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
1205 DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
1206 domain, name, tmp_methods->backendname));
1207 return nt_status;
1208 }
1209
1210 return NT_STATUS_OK;
1211 }
1212
1213 NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
1214 {
1215 const SAM_METHODS *tmp_methods;
1216 NTSTATUS nt_status;
1217
1218 SAM_SETUP_CONTEXT;
1219
1220 /* invalid group or member specified */
1221 SAM_ASSERT(group && group->current_sam_methods && member);
1222
1223 tmp_methods = group->current_sam_methods;
1224
1225 if (!tmp_methods->sam_add_member_to_group) {
1226 DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
1227 return NT_STATUS_NOT_IMPLEMENTED;
1228 }
1229
1230 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
1231 DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
1232 return nt_status;
1233 }
1234
1235 return NT_STATUS_OK;
1236
1237 }
1238
1239 NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
1240 {
1241 const SAM_METHODS *tmp_methods;
1242 NTSTATUS nt_status;
1243
1244 SAM_SETUP_CONTEXT;
1245
1246 /* invalid group or member specified */
1247 SAM_ASSERT(group && group->current_sam_methods && member);
1248
1249 tmp_methods = group->current_sam_methods;
1250
1251 if (!tmp_methods->sam_delete_member_from_group) {
1252 DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
1253 return NT_STATUS_NOT_IMPLEMENTED;
1254 }
1255
1256 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
1257 DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
1258 return nt_status;
1259 }
1260
1261 return NT_STATUS_OK;
1262 }
1263
1264 NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
1265 {
1266 const SAM_METHODS *tmp_methods;
1267 NTSTATUS nt_status;
1268
1269 SAM_SETUP_CONTEXT;
1270
1271 /* invalid group specified */
1272 SAM_ASSERT(group && group->current_sam_methods && members_count && members);
1273
1274 tmp_methods = group->current_sam_methods;
1275
1276 if (!tmp_methods->sam_enum_groupmembers) {
1277 DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
1278 return NT_STATUS_NOT_IMPLEMENTED;
1279 }
1280
1281 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
1282 DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
1283 return nt_status;
1284 }
1285
1286 return NT_STATUS_OK;
1287 }
1288
1289 NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
1290 {
1291 SAM_METHODS *tmp_methods;
1292 NTSTATUS nt_status;
1293
1294 uint32 tmp_group_count;
1295 SAM_GROUP_ENUM *tmp_groups;
1296
1297 DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
1298
1299 SAM_SETUP_CONTEXT;
1300
1301 /* invalid sam_context specified */
1302 SAM_ASSERT(access_token && sids && context && context->methods);
1303
1304 *group_count = 0;
1305
1306 *groups = NULL;
1307
1308 tmp_methods= context->methods;
1309
1310 while (tmp_methods) {
1311 DEBUG(5,("getting groups from domain \n"));
1312 if (!tmp_methods->sam_get_groups_of_sid) {
1313 DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
1314 SAFE_FREE(*groups);
1315 return NT_STATUS_NOT_IMPLEMENTED;
1316 }
1317
1318 if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
1319 DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
1320 SAFE_FREE(*groups);
1321 return nt_status;
1322 }
1323
1324 *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
1325
1326 memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
1327
1328 SAFE_FREE(tmp_groups);
1329
1330 *group_count += tmp_group_count;
1331
1332 tmp_methods = tmp_methods->next;
1333 }
1334
1335 return NT_STATUS_OK;
1336 }
1337
1338
WIP