source3/sam/gums.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Grops and Users Management System initializations.
   4    Copyright (C) Simo Sorce 2002
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, write to the Free Software
  18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  19 */
  20
  21 #include "includes.h"
  22
  23 #undef DBGC_CLASS
  24 #define DBGC_CLASS DBGC_SAM
  25
  26 #define GMV_MAJOR 0
  27 #define GMV_MINOR 1
  28
  29 #define PRIV_NONE                       0
  30 #define PRIV_CREATE_TOKEN               1
  31 #define PRIV_ASSIGNPRIMARYTOKEN         2
  32 #define PRIV_LOCK_MEMORY                3
  33 #define PRIV_INCREASE_QUOTA             4
  34 #define PRIV_MACHINE_ACCOUNT            5
  35 #define PRIV_TCB                        6
  36 #define PRIV_SECURITY                   7
  37 #define PRIV_TAKE_OWNERSHIP             8
  38 #define PRIV_LOAD_DRIVER                9
  39 #define PRIV_SYSTEM_PROFILE             10
  40 #define PRIV_SYSTEMTIME                 11
  41 #define PRIV_PROF_SINGLE_PROCESS        12
  42 #define PRIV_INC_BASE_PRIORITY          13
  43 #define PRIV_CREATE_PAGEFILE            14
  44 #define PRIV_CREATE_PERMANENT           15
  45 #define PRIV_BACKUP                     16
  46 #define PRIV_RESTORE                    17
  47 #define PRIV_SHUTDOWN                   18
  48 #define PRIV_DEBUG                      19
  49 #define PRIV_AUDIT                      20
  50 #define PRIV_SYSTEM_ENVIRONMENT         21
  51 #define PRIV_CHANGE_NOTIFY              22
  52 #define PRIV_REMOTE_SHUTDOWN            23
  53 #define PRIV_UNDOCK                     24
  54 #define PRIV_SYNC_AGENT                 25
  55 #define PRIV_ENABLE_DELEGATION          26
  56 #define PRIV_ALL                        255
  57
  58
  59 static GUMS_FUNCTIONS *gums_backend = NULL;
  60
  61 static PRIVS gums_privs[] = {
  62         {PRIV_NONE,                     "no_privs",                             "No privilege"}, /* this one MUST be first */
  63         {PRIV_CREATE_TOKEN,             "SeCreateToken",                        "Create Token"},
  64         {PRIV_ASSIGNPRIMARYTOKEN,       "SeAssignPrimaryToken",                 "Assign Primary Token"},
  65         {PRIV_LOCK_MEMORY,              "SeLockMemory",                         "Lock Memory"},
  66         {PRIV_INCREASE_QUOTA,           "SeIncreaseQuotaPrivilege",             "Increase Quota Privilege"},
  67         {PRIV_MACHINE_ACCOUNT,          "SeMachineAccount",                     "Machine Account"},
  68         {PRIV_TCB,                      "SeTCB",                                "TCB"},
  69         {PRIV_SECURITY,                 "SeSecurityPrivilege",                  "Security Privilege"},
  70         {PRIV_TAKE_OWNERSHIP,           "SeTakeOwnershipPrivilege",             "Take Ownership Privilege"},
  71         {PRIV_LOAD_DRIVER,              "SeLocalDriverPrivilege",               "Local Driver Privilege"},
  72         {PRIV_SYSTEM_PROFILE,           "SeSystemProfilePrivilege",             "System Profile Privilege"},
  73         {PRIV_SYSTEMTIME,               "SeSystemtimePrivilege",                "System Time"},
  74         {PRIV_PROF_SINGLE_PROCESS,      "SeProfileSingleProcessPrivilege",      "Profile Single Process Privilege"},
  75         {PRIV_INC_BASE_PRIORITY,        "SeIncreaseBasePriorityPrivilege",      "Increase Base Priority Privilege"},
  76         {PRIV_CREATE_PAGEFILE,          "SeCreatePagefilePrivilege",            "Create Pagefile Privilege"},
  77         {PRIV_CREATE_PERMANENT,         "SeCreatePermanent",                    "Create Permanent"},
  78         {PRIV_BACKUP,                   "SeBackupPrivilege",                    "Backup Privilege"},
  79         {PRIV_RESTORE,                  "SeRestorePrivilege",                   "Restore Privilege"},
  80         {PRIV_SHUTDOWN,                 "SeShutdownPrivilege",                  "Shutdown Privilege"},
  81         {PRIV_DEBUG,                    "SeDebugPrivilege",                     "Debug Privilege"},
  82         {PRIV_AUDIT,                    "SeAudit",                              "Audit"},
  83         {PRIV_SYSTEM_ENVIRONMENT,       "SeSystemEnvironmentPrivilege",         "System Environment Privilege"},
  84         {PRIV_CHANGE_NOTIFY,            "SeChangeNotify",                       "Change Notify"},
  85         {PRIV_REMOTE_SHUTDOWN,          "SeRemoteShutdownPrivilege",            "Remote Shutdown Privilege"},
  86         {PRIV_UNDOCK,                   "SeUndock",                             "Undock"},
  87         {PRIV_SYNC_AGENT,               "SeSynchronizationAgent",               "Synchronization Agent"},
  88         {PRIV_ENABLE_DELEGATION,        "SeEnableDelegation",                   "Enable Delegation"},
  89         {PRIV_ALL,                      "SaAllPrivs",                           "All Privileges"}
  90 };
  91
  92 static struct gums_init_function_entry *backends = NULL;
  93
  94 static void lazy_initialize_gums(void)
  95 {
  96         static BOOL initialized = False;
  97
  98         if (initialized)
  99                 return;
 100
 101         static_init_gums;
 102         initialized = True;
 103 }
 104
 105 static struct gums_init_function_entry *gums_find_backend_entry(const char *name);
 106
 107 NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn)
 108 {
 109         struct gums_init_function_entry *entry = backends;
 110
 111         if (version != GUMS_INTERFACE_VERSION) {
 112                 DEBUG(0,("Can't register gums backend!\n"
 113                          "You tried to register a gums module with"
 114                          "GUMS_INTERFACE_VERSION %d, while this version"
 115                          "of samba uses version %d\n", version,
 116                          GUMS_INTERFACE_VERSION));
 117
 118                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
 119         }
 120
 121         if (!name || !init_fn) {
 122                 return NT_STATUS_INVALID_PARAMETER;
 123         }
 124
 125         DEBUG(5,("Attempting to register gums backend %s\n", name));
 126
 127         /* Check for duplicates */
 128         if (gums_find_backend_entry(name)) {
 129                 DEBUG(0,("There already is a gums backend registered"
 130                          "with the name %s!\n", name));
 131                 return NT_STATUS_OBJECT_NAME_COLLISION;
 132         }
 133
 134         entry = smb_xmalloc(sizeof(struct gums_init_function_entry));
 135         entry->name = smb_xstrdup(name);
 136         entry->init_fn = init_fn;
 137
 138         DLIST_ADD(backends, entry);
 139         DEBUG(5,("Successfully added gums backend '%s'\n", name));
 140         return NT_STATUS_OK;
 141 }
 142
 143 static struct gums_init_function_entry *gums_find_backend_entry(const char *name)
 144 {
 145         struct gums_init_function_entry *entry = backends;
 146
 147         while (entry) {
 148                 if (strcmp(entry->name, name) == 0)
 149                         return entry;
 150                 entry = entry->next;
 151         }
 152
 153         return NULL;
 154 }
 155
 156 NTSTATUS gums_setup_backend(const char *backend)
 157 {
 158
 159         TALLOC_CTX *mem_ctx;
 160         char *module_name = smb_xstrdup(backend);
 161         char *p, *module_data = NULL;
 162         struct gums_init_function_entry *entry;
 163         NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 164
 165         lazy_initialize_gums();
 166
 167         p = strchr(module_name, ':');
 168         if (p) {
 169                 *p = 0;
 170                 module_data = p+1;
 171                 trim_string(module_data, " ", " ");
 172         }
 173
 174         trim_string(module_name, " ", " ");
 175
 176         DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name));
 177
 178         entry = gums_find_backend_entry(module_name);
 179
 180         /* Try to find a module that contains this module */
 181         if (!entry) {
 182                 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
 183                 if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) {
 184                         DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name));
 185                         SAFE_FREE(module_name);
 186                         return NT_STATUS_UNSUCCESSFUL;
 187                 }
 188         }
 189
 190         /* No such backend found */
 191         if(!entry) {
 192                 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
 193                 SAFE_FREE(module_name);
 194                 return NT_STATUS_INVALID_PARAMETER;
 195         }
 196
 197         DEBUG(5,("Found gums backend %s\n", module_name));
 198
 199         /* free current functions structure if any */
 200         if (gums_backend) {
 201                 gums_backend->free_private_data(gums_backend->private_data);
 202                 talloc_destroy(gums_backend->mem_ctx);
 203                 gums_backend = NULL;
 204         }
 205
 206         /* allocate a new GUMS_FUNCTIONS structure and memory context */
 207         mem_ctx = talloc_init("gums_backend (%s)", module_name);
 208         if (!mem_ctx)
 209                 return NT_STATUS_NO_MEMORY;
 210         gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS));
 211         if (!gums_backend)
 212                 return NT_STATUS_NO_MEMORY;
 213         gums_backend->mem_ctx = mem_ctx;
 214
 215         /* init the requested backend module */
 216         if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) {
 217                 DEBUG(5,("gums backend %s has a valid init\n", backend));
 218         } else {
 219                 DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret)));
 220         }
 221         SAFE_FREE(module_name);
 222         return ret;
 223 }
 224
 225 NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns)
 226 {
 227         if (gums_backend != NULL) {
 228                 *fns = gums_backend;
 229                 return NT_STATUS_OK;
 230         }
 231
 232         DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n"));
 233         return NT_STATUS_UNSUCCESSFUL;
 234 }