2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Volker Lendecke 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/passwd.h"
28 #include "../librpc/gen_ndr/samr.h"
29 #include "../librpc/gen_ndr/drsblobs.h"
30 #include "../librpc/gen_ndr/ndr_drsblobs.h"
31 #include "../librpc/gen_ndr/idmap.h"
33 #include "nsswitch/winbind_client.h"
34 #include "../libcli/security/security.h"
35 #include "../lib/util/util_pw.h"
36 #include "passdb/pdb_secrets.h"
39 #define DBGC_CLASS DBGC_PASSDB
43 static struct pdb_init_function_entry
*backends
= NULL
;
45 static void lazy_initialize_passdb(void)
47 static bool initialized
= False
;
55 static bool lookup_global_sam_rid(TALLOC_CTX
*mem_ctx
, uint32 rid
,
57 enum lsa_SidType
*psid_name_use
,
58 uid_t
*uid
, gid_t
*gid
);
60 NTSTATUS
smb_register_passdb(int version
, const char *name
, pdb_init_function init
)
62 struct pdb_init_function_entry
*entry
= backends
;
64 if(version
!= PASSDB_INTERFACE_VERSION
) {
65 DEBUG(0,("Can't register passdb backend!\n"
66 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
67 "while this version of samba uses version %d\n",
68 version
,PASSDB_INTERFACE_VERSION
));
69 return NT_STATUS_OBJECT_TYPE_MISMATCH
;
73 return NT_STATUS_INVALID_PARAMETER
;
76 DEBUG(5,("Attempting to register passdb backend %s\n", name
));
78 /* Check for duplicates */
79 if (pdb_find_backend_entry(name
)) {
80 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name
));
81 return NT_STATUS_OBJECT_NAME_COLLISION
;
84 entry
= SMB_XMALLOC_P(struct pdb_init_function_entry
);
85 entry
->name
= smb_xstrdup(name
);
88 DLIST_ADD(backends
, entry
);
89 DEBUG(5,("Successfully added passdb backend '%s'\n", name
));
93 struct pdb_init_function_entry
*pdb_find_backend_entry(const char *name
)
95 struct pdb_init_function_entry
*entry
= backends
;
98 if (strcmp(entry
->name
, name
)==0) return entry
;
105 const struct pdb_init_function_entry
*pdb_get_backends(void)
112 * The event context for the passdb backend. I know this is a bad hack and yet
113 * another static variable, but our pdb API is a global thing per
114 * definition. The first use for this is the LDAP idle function, more might be
117 * I don't feel too bad about this static variable, it replaces the
118 * smb_idle_event_list that used to exist in lib/module.c. -- VL
121 static struct tevent_context
*pdb_tevent_ctx
;
123 struct tevent_context
*pdb_get_tevent_context(void)
125 return pdb_tevent_ctx
;
128 /******************************************************************
129 Make a pdb_methods from scratch
130 *******************************************************************/
132 NTSTATUS
make_pdb_method_name(struct pdb_methods
**methods
, const char *selected
)
134 char *module_name
= smb_xstrdup(selected
);
135 char *module_location
= NULL
, *p
;
136 struct pdb_init_function_entry
*entry
;
137 NTSTATUS nt_status
= NT_STATUS_UNSUCCESSFUL
;
139 lazy_initialize_passdb();
141 p
= strchr(module_name
, ':');
145 module_location
= p
+1;
146 trim_char(module_location
, ' ', ' ');
149 trim_char(module_name
, ' ', ' ');
152 DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected
, module_name
));
154 entry
= pdb_find_backend_entry(module_name
);
156 /* Try to find a module that contains this module */
158 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
159 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name
)) && !(entry
= pdb_find_backend_entry(module_name
))) {
160 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name
));
161 SAFE_FREE(module_name
);
162 return NT_STATUS_UNSUCCESSFUL
;
166 /* No such backend found */
168 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name
));
169 SAFE_FREE(module_name
);
170 return NT_STATUS_INVALID_PARAMETER
;
173 DEBUG(5,("Found pdb backend %s\n", module_name
));
175 if ( !NT_STATUS_IS_OK( nt_status
= entry
->init(methods
, module_location
) ) ) {
176 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
177 selected
, nt_errstr(nt_status
)));
178 SAFE_FREE(module_name
);
182 SAFE_FREE(module_name
);
184 DEBUG(5,("pdb backend %s has a valid init\n", selected
));
189 /******************************************************************
190 Return an already initialized pdb_methods structure
191 *******************************************************************/
193 static struct pdb_methods
*pdb_get_methods_reload( bool reload
)
195 static struct pdb_methods
*pdb
= NULL
;
197 if ( pdb
&& reload
) {
198 if (pdb
->free_private_data
!= NULL
) {
199 pdb
->free_private_data( &(pdb
->private_data
) );
201 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb
, lp_passdb_backend() ) ) ) {
207 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb
, lp_passdb_backend() ) ) ) {
215 static struct pdb_methods
*pdb_get_methods(void)
217 struct pdb_methods
*pdb
;
219 pdb
= pdb_get_methods_reload(false);
222 if (asprintf(&msg
, "pdb_get_methods: "
223 "failed to get pdb methods for backend %s\n",
224 lp_passdb_backend()) > 0) {
227 smb_panic("pdb_get_methods");
234 struct pdb_domain_info
*pdb_get_domain_info(TALLOC_CTX
*mem_ctx
)
236 struct pdb_methods
*pdb
= pdb_get_methods();
237 return pdb
->get_domain_info(pdb
, mem_ctx
);
241 * @brief Check if the user account has been locked out and try to unlock it.
243 * If the user has been automatically locked out and a lockout duration is set,
244 * then check if we can unlock the account and reset the bad password values.
246 * @param[in] sampass The sam user to check.
248 * @return True if the function was successfull, false on an error.
250 static bool pdb_try_account_unlock(struct samu
*sampass
)
252 uint32_t acb_info
= pdb_get_acct_ctrl(sampass
);
254 if ((acb_info
& ACB_NORMAL
) && (acb_info
& ACB_AUTOLOCK
)) {
255 uint32_t lockout_duration
;
256 time_t bad_password_time
;
257 time_t now
= time(NULL
);
260 ok
= pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION
,
263 DEBUG(0, ("pdb_try_account_unlock: "
264 "pdb_get_account_policy failed.\n"));
268 if (lockout_duration
== (uint32_t) -1 ||
269 lockout_duration
== 0) {
270 DEBUG(9, ("pdb_try_account_unlock: No reset duration, "
271 "can't reset autolock\n"));
274 lockout_duration
*= 60;
276 bad_password_time
= pdb_get_bad_password_time(sampass
);
277 if (bad_password_time
== (time_t) 0) {
278 DEBUG(2, ("pdb_try_account_unlock: Account %s "
279 "administratively locked out "
280 "with no bad password "
281 "time. Leaving locked out.\n",
282 pdb_get_username(sampass
)));
286 if ((bad_password_time
+
287 convert_uint32_t_to_time_t(lockout_duration
)) < now
) {
290 pdb_set_acct_ctrl(sampass
, acb_info
& ~ACB_AUTOLOCK
,
292 pdb_set_bad_password_count(sampass
, 0, PDB_CHANGED
);
293 pdb_set_bad_password_time(sampass
, 0, PDB_CHANGED
);
296 status
= pdb_update_sam_account(sampass
);
298 if (!NT_STATUS_IS_OK(status
)) {
299 DEBUG(0, ("_samr_OpenUser: Couldn't "
300 "update account %s - %s\n",
301 pdb_get_username(sampass
),
312 * @brief Get a sam user structure by the given username.
314 * This functions also checks if the account has been automatically locked out
315 * and unlocks it if a lockout duration time has been defined and the time has
318 * @param[in] sam_acct The sam user structure to fill.
320 * @param[in] username The username to look for.
322 * @return True on success, false on error.
324 bool pdb_getsampwnam(struct samu
*sam_acct
, const char *username
)
326 struct pdb_methods
*pdb
= pdb_get_methods();
327 struct samu
*for_cache
;
328 const struct dom_sid
*user_sid
;
332 status
= pdb
->getsampwnam(pdb
, sam_acct
, username
);
333 if (!NT_STATUS_IS_OK(status
)) {
337 ok
= pdb_try_account_unlock(sam_acct
);
339 DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n",
343 for_cache
= samu_new(NULL
);
344 if (for_cache
== NULL
) {
348 if (!pdb_copy_sam_account(for_cache
, sam_acct
)) {
349 TALLOC_FREE(for_cache
);
353 user_sid
= pdb_get_user_sid(for_cache
);
355 memcache_add_talloc(NULL
, PDB_GETPWSID_CACHE
,
356 data_blob_const(user_sid
, sizeof(*user_sid
)),
362 /**********************************************************************
363 **********************************************************************/
365 static bool guest_user_info( struct samu
*user
)
369 const char *guestname
= lp_guestaccount();
371 pwd
= Get_Pwnam_alloc(talloc_tos(), guestname
);
373 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
378 result
= samu_set_unix(user
, pwd
);
382 return NT_STATUS_IS_OK( result
);
386 * @brief Get a sam user structure by the given username.
388 * This functions also checks if the account has been automatically locked out
389 * and unlocks it if a lockout duration time has been defined and the time has
393 * @param[in] sam_acct The sam user structure to fill.
395 * @param[in] sid The user SDI to look up.
397 * @return True on success, false on error.
399 bool pdb_getsampwsid(struct samu
*sam_acct
, const struct dom_sid
*sid
)
401 struct pdb_methods
*pdb
= pdb_get_methods();
406 /* hard code the Guest RID of 501 */
408 if ( !sid_peek_check_rid( get_global_sam_sid(), sid
, &rid
) )
411 if ( rid
== DOMAIN_RID_GUEST
) {
412 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
413 return guest_user_info( sam_acct
);
416 /* check the cache first */
418 cache_data
= memcache_lookup_talloc(
419 NULL
, PDB_GETPWSID_CACHE
, data_blob_const(sid
, sizeof(*sid
)));
421 if (cache_data
!= NULL
) {
422 struct samu
*cache_copy
= talloc_get_type_abort(
423 cache_data
, struct samu
);
425 ok
= pdb_copy_sam_account(sam_acct
, cache_copy
);
427 ok
= NT_STATUS_IS_OK(pdb
->getsampwsid(pdb
, sam_acct
, sid
));
434 ok
= pdb_try_account_unlock(sam_acct
);
436 DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n",
437 sam_acct
->username
));
443 static NTSTATUS
pdb_default_create_user(struct pdb_methods
*methods
,
444 TALLOC_CTX
*tmp_ctx
, const char *name
,
445 uint32_t acb_info
, uint32_t *rid
)
447 struct samu
*sam_pass
;
451 if ((sam_pass
= samu_new(tmp_ctx
)) == NULL
) {
452 return NT_STATUS_NO_MEMORY
;
455 if ( !(pwd
= Get_Pwnam_alloc(tmp_ctx
, name
)) ) {
456 char *add_script
= NULL
;
460 if ((acb_info
& ACB_NORMAL
) && name
[strlen(name
)-1] != '$') {
461 add_script
= lp_adduser_script(tmp_ctx
);
463 add_script
= lp_addmachine_script(tmp_ctx
);
466 if (!add_script
|| add_script
[0] == '\0') {
467 DEBUG(3, ("Could not find user %s and no add script "
469 return NT_STATUS_NO_SUCH_USER
;
472 /* lowercase the username before creating the Unix account for
473 compatibility with previous Samba releases */
474 fstrcpy( name2
, name
);
476 add_script
= talloc_all_string_sub(tmp_ctx
,
481 return NT_STATUS_NO_MEMORY
;
483 add_ret
= smbrun(add_script
,NULL
);
484 DEBUG(add_ret
? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
485 add_script
, add_ret
));
487 smb_nscd_flush_user_cache();
492 pwd
= Get_Pwnam_alloc(tmp_ctx
, name
);
495 DEBUG(3, ("Could not find user %s, add script did not work\n", name
));
496 return NT_STATUS_NO_SUCH_USER
;
500 /* we have a valid SID coming out of this call */
502 status
= samu_alloc_rid_unix(methods
, sam_pass
, pwd
);
506 if (!NT_STATUS_IS_OK(status
)) {
507 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status
)));
511 if (!sid_peek_check_rid(get_global_sam_sid(),
512 pdb_get_user_sid(sam_pass
), rid
)) {
513 DEBUG(0, ("Could not get RID of fresh user\n"));
514 return NT_STATUS_INTERNAL_ERROR
;
517 /* Use the username case specified in the original request */
519 pdb_set_username( sam_pass
, name
, PDB_SET
);
521 /* Disable the account on creation, it does not have a reasonable password yet. */
523 acb_info
|= ACB_DISABLED
;
525 pdb_set_acct_ctrl(sam_pass
, acb_info
, PDB_CHANGED
);
527 status
= methods
->add_sam_account(methods
, sam_pass
);
529 TALLOC_FREE(sam_pass
);
534 NTSTATUS
pdb_create_user(TALLOC_CTX
*mem_ctx
, const char *name
, uint32_t flags
,
537 struct pdb_methods
*pdb
= pdb_get_methods();
538 return pdb
->create_user(pdb
, mem_ctx
, name
, flags
, rid
);
541 /****************************************************************************
542 Delete a UNIX user on demand.
543 ****************************************************************************/
545 static int smb_delete_user(const char *unix_user
)
547 char *del_script
= NULL
;
552 if ( strequal( unix_user
, "root" ) ) {
553 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
557 del_script
= lp_deluser_script(talloc_tos());
558 if (!del_script
|| !*del_script
) {
561 del_script
= talloc_all_string_sub(talloc_tos(),
568 ret
= smbrun(del_script
,NULL
);
571 smb_nscd_flush_user_cache();
573 DEBUG(ret
? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script
,ret
));
578 static NTSTATUS
pdb_default_delete_user(struct pdb_methods
*methods
,
580 struct samu
*sam_acct
)
585 status
= methods
->delete_sam_account(methods
, sam_acct
);
586 if (!NT_STATUS_IS_OK(status
)) {
591 * Now delete the unix side ....
592 * note: we don't check if the delete really happened as the script is
593 * not necessary present and maybe the sysadmin doesn't want to delete
597 /* always lower case the username before handing it off to
600 fstrcpy( username
, pdb_get_username(sam_acct
) );
601 strlower_m( username
);
603 smb_delete_user( username
);
608 NTSTATUS
pdb_delete_user(TALLOC_CTX
*mem_ctx
, struct samu
*sam_acct
)
610 struct pdb_methods
*pdb
= pdb_get_methods();
613 const struct dom_sid
*user_sid
;
616 user_sid
= pdb_get_user_sid(sam_acct
);
618 /* sanity check to make sure we don't delete root */
620 if ( !sid_to_uid(user_sid
, &uid
) ) {
621 return NT_STATUS_NO_SUCH_USER
;
625 return NT_STATUS_ACCESS_DENIED
;
628 memcache_delete(NULL
,
630 data_blob_const(user_sid
, sizeof(*user_sid
)));
632 status
= pdb
->delete_user(pdb
, mem_ctx
, sam_acct
);
633 if (!NT_STATUS_IS_OK(status
)) {
637 msg_data
= talloc_asprintf(mem_ctx
, "USER %s",
638 pdb_get_username(sam_acct
));
640 /* not fatal, and too late to rollback,
644 message_send_all(server_messaging_context(),
647 strlen(msg_data
) + 1,
650 TALLOC_FREE(msg_data
);
654 NTSTATUS
pdb_add_sam_account(struct samu
*sam_acct
)
656 struct pdb_methods
*pdb
= pdb_get_methods();
657 return pdb
->add_sam_account(pdb
, sam_acct
);
660 NTSTATUS
pdb_update_sam_account(struct samu
*sam_acct
)
662 struct pdb_methods
*pdb
= pdb_get_methods();
664 memcache_flush(NULL
, PDB_GETPWSID_CACHE
);
666 return pdb
->update_sam_account(pdb
, sam_acct
);
669 NTSTATUS
pdb_delete_sam_account(struct samu
*sam_acct
)
671 struct pdb_methods
*pdb
= pdb_get_methods();
672 const struct dom_sid
*user_sid
= pdb_get_user_sid(sam_acct
);
674 memcache_delete(NULL
,
676 data_blob_const(user_sid
, sizeof(*user_sid
)));
678 return pdb
->delete_sam_account(pdb
, sam_acct
);
681 NTSTATUS
pdb_rename_sam_account(struct samu
*oldname
, const char *newname
)
683 struct pdb_methods
*pdb
= pdb_get_methods();
687 memcache_flush(NULL
, PDB_GETPWSID_CACHE
);
689 /* sanity check to make sure we don't rename root */
691 if ( !sid_to_uid( pdb_get_user_sid(oldname
), &uid
) ) {
692 return NT_STATUS_NO_SUCH_USER
;
696 return NT_STATUS_ACCESS_DENIED
;
699 status
= pdb
->rename_sam_account(pdb
, oldname
, newname
);
701 /* always flush the cache here just to be safe */
707 NTSTATUS
pdb_update_login_attempts(struct samu
*sam_acct
, bool success
)
709 struct pdb_methods
*pdb
= pdb_get_methods();
710 return pdb
->update_login_attempts(pdb
, sam_acct
, success
);
713 bool pdb_getgrsid(GROUP_MAP
*map
, struct dom_sid sid
)
715 struct pdb_methods
*pdb
= pdb_get_methods();
716 return NT_STATUS_IS_OK(pdb
->getgrsid(pdb
, map
, sid
));
719 bool pdb_getgrgid(GROUP_MAP
*map
, gid_t gid
)
721 struct pdb_methods
*pdb
= pdb_get_methods();
722 return NT_STATUS_IS_OK(pdb
->getgrgid(pdb
, map
, gid
));
725 bool pdb_getgrnam(GROUP_MAP
*map
, const char *name
)
727 struct pdb_methods
*pdb
= pdb_get_methods();
728 return NT_STATUS_IS_OK(pdb
->getgrnam(pdb
, map
, name
));
731 static NTSTATUS
pdb_default_create_dom_group(struct pdb_methods
*methods
,
736 struct dom_sid group_sid
;
740 grp
= getgrnam(name
);
745 if (smb_create_group(name
, &gid
) != 0) {
746 return NT_STATUS_ACCESS_DENIED
;
753 return NT_STATUS_ACCESS_DENIED
;
756 if (pdb_capabilities() & PDB_CAP_STORE_RIDS
) {
757 if (!pdb_new_rid(rid
)) {
758 return NT_STATUS_ACCESS_DENIED
;
761 *rid
= algorithmic_pdb_gid_to_group_rid( grp
->gr_gid
);
764 sid_compose(&group_sid
, get_global_sam_sid(), *rid
);
766 return add_initial_entry(grp
->gr_gid
, sid_to_fstring(tmp
, &group_sid
),
767 SID_NAME_DOM_GRP
, name
, NULL
);
770 NTSTATUS
pdb_create_dom_group(TALLOC_CTX
*mem_ctx
, const char *name
,
773 struct pdb_methods
*pdb
= pdb_get_methods();
774 return pdb
->create_dom_group(pdb
, mem_ctx
, name
, rid
);
777 static NTSTATUS
pdb_default_delete_dom_group(struct pdb_methods
*methods
,
781 struct dom_sid group_sid
;
785 const char *grp_name
;
787 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
789 return NT_STATUS_NO_MEMORY
;
793 map
->gid
= (gid_t
) -1;
795 sid_compose(&group_sid
, get_global_sam_sid(), rid
);
797 if (!get_domain_group_from_sid(group_sid
, map
)) {
798 DEBUG(10, ("Could not find group for rid %d\n", rid
));
799 return NT_STATUS_NO_SUCH_GROUP
;
802 /* We need the group name for the smb_delete_group later on */
804 if (map
->gid
== (gid_t
)-1) {
805 return NT_STATUS_NO_SUCH_GROUP
;
808 grp
= getgrgid(map
->gid
);
810 return NT_STATUS_NO_SUCH_GROUP
;
815 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
817 grp_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
818 if (grp_name
== NULL
) {
819 return NT_STATUS_NO_MEMORY
;
822 status
= pdb_delete_group_mapping_entry(group_sid
);
824 if (!NT_STATUS_IS_OK(status
)) {
828 /* Don't check the result of smb_delete_group */
830 smb_delete_group(grp_name
);
835 NTSTATUS
pdb_delete_dom_group(TALLOC_CTX
*mem_ctx
, uint32_t rid
)
837 struct pdb_methods
*pdb
= pdb_get_methods();
838 return pdb
->delete_dom_group(pdb
, mem_ctx
, rid
);
841 NTSTATUS
pdb_add_group_mapping_entry(GROUP_MAP
*map
)
843 struct pdb_methods
*pdb
= pdb_get_methods();
844 return pdb
->add_group_mapping_entry(pdb
, map
);
847 NTSTATUS
pdb_update_group_mapping_entry(GROUP_MAP
*map
)
849 struct pdb_methods
*pdb
= pdb_get_methods();
850 return pdb
->update_group_mapping_entry(pdb
, map
);
853 NTSTATUS
pdb_delete_group_mapping_entry(struct dom_sid sid
)
855 struct pdb_methods
*pdb
= pdb_get_methods();
856 return pdb
->delete_group_mapping_entry(pdb
, sid
);
859 bool pdb_enum_group_mapping(const struct dom_sid
*sid
,
860 enum lsa_SidType sid_name_use
,
861 GROUP_MAP
***pp_rmap
,
862 size_t *p_num_entries
,
865 struct pdb_methods
*pdb
= pdb_get_methods();
866 return NT_STATUS_IS_OK(pdb
-> enum_group_mapping(pdb
, sid
, sid_name_use
,
867 pp_rmap
, p_num_entries
, unix_only
));
870 NTSTATUS
pdb_enum_group_members(TALLOC_CTX
*mem_ctx
,
871 const struct dom_sid
*sid
,
872 uint32_t **pp_member_rids
,
873 size_t *p_num_members
)
875 struct pdb_methods
*pdb
= pdb_get_methods();
878 result
= pdb
->enum_group_members(pdb
, mem_ctx
,
879 sid
, pp_member_rids
, p_num_members
);
881 /* special check for rid 513 */
883 if ( !NT_STATUS_IS_OK( result
) ) {
886 sid_peek_rid( sid
, &rid
);
888 if ( rid
== DOMAIN_RID_USERS
) {
890 *pp_member_rids
= NULL
;
899 NTSTATUS
pdb_enum_group_memberships(TALLOC_CTX
*mem_ctx
, struct samu
*user
,
900 struct dom_sid
**pp_sids
, gid_t
**pp_gids
,
901 uint32_t *p_num_groups
)
903 struct pdb_methods
*pdb
= pdb_get_methods();
904 return pdb
->enum_group_memberships(
906 pp_sids
, pp_gids
, p_num_groups
);
909 static NTSTATUS
pdb_default_set_unix_primary_group(struct pdb_methods
*methods
,
911 struct samu
*sampass
)
916 if (!sid_to_gid(pdb_get_group_sid(sampass
), &gid
) ||
917 (grp
= getgrgid(gid
)) == NULL
) {
918 return NT_STATUS_INVALID_PRIMARY_GROUP
;
921 if (smb_set_primary_group(grp
->gr_name
,
922 pdb_get_username(sampass
)) != 0) {
923 return NT_STATUS_ACCESS_DENIED
;
929 NTSTATUS
pdb_set_unix_primary_group(TALLOC_CTX
*mem_ctx
, struct samu
*user
)
931 struct pdb_methods
*pdb
= pdb_get_methods();
932 return pdb
->set_unix_primary_group(pdb
, mem_ctx
, user
);
936 * Helper function to see whether a user is in a group. We can't use
937 * user_in_group_sid here because this creates dependencies only smbd can
941 static bool pdb_user_in_group(TALLOC_CTX
*mem_ctx
, struct samu
*account
,
942 const struct dom_sid
*group_sid
)
944 struct dom_sid
*sids
;
946 uint32_t i
, num_groups
;
948 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx
, account
,
954 for (i
=0; i
<num_groups
; i
++) {
955 if (dom_sid_equal(group_sid
, &sids
[i
])) {
962 static NTSTATUS
pdb_default_add_groupmem(struct pdb_methods
*methods
,
967 struct dom_sid group_sid
, member_sid
;
968 struct samu
*account
= NULL
;
972 const char *group_name
;
975 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
977 return NT_STATUS_NO_MEMORY
;
981 map
->gid
= (gid_t
) -1;
983 sid_compose(&group_sid
, get_global_sam_sid(), group_rid
);
984 sid_compose(&member_sid
, get_global_sam_sid(), member_rid
);
986 if (!get_domain_group_from_sid(group_sid
, map
) ||
987 (map
->gid
== (gid_t
)-1) ||
988 ((grp
= getgrgid(map
->gid
)) == NULL
)) {
989 return NT_STATUS_NO_SUCH_GROUP
;
994 group_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
995 if (group_name
== NULL
) {
996 return NT_STATUS_NO_MEMORY
;
999 if ( !(account
= samu_new( NULL
)) ) {
1000 return NT_STATUS_NO_MEMORY
;
1003 if (!pdb_getsampwsid(account
, &member_sid
) ||
1004 !sid_to_uid(&member_sid
, &uid
) ||
1005 ((pwd
= getpwuid_alloc(mem_ctx
, uid
)) == NULL
)) {
1006 return NT_STATUS_NO_SUCH_USER
;
1009 if (pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1010 return NT_STATUS_MEMBER_IN_GROUP
;
1014 * ok, the group exist, the user exist, the user is not in the group,
1015 * we can (finally) add it to the group !
1018 smb_add_user_group(group_name
, pwd
->pw_name
);
1020 if (!pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1021 return NT_STATUS_ACCESS_DENIED
;
1024 return NT_STATUS_OK
;
1027 NTSTATUS
pdb_add_groupmem(TALLOC_CTX
*mem_ctx
, uint32_t group_rid
,
1028 uint32_t member_rid
)
1030 struct pdb_methods
*pdb
= pdb_get_methods();
1031 return pdb
->add_groupmem(pdb
, mem_ctx
, group_rid
, member_rid
);
1034 static NTSTATUS
pdb_default_del_groupmem(struct pdb_methods
*methods
,
1035 TALLOC_CTX
*mem_ctx
,
1037 uint32_t member_rid
)
1039 struct dom_sid group_sid
, member_sid
;
1040 struct samu
*account
= NULL
;
1044 const char *group_name
;
1047 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1049 return NT_STATUS_NO_MEMORY
;
1052 sid_compose(&group_sid
, get_global_sam_sid(), group_rid
);
1053 sid_compose(&member_sid
, get_global_sam_sid(), member_rid
);
1055 if (!get_domain_group_from_sid(group_sid
, map
) ||
1056 (map
->gid
== (gid_t
)-1) ||
1057 ((grp
= getgrgid(map
->gid
)) == NULL
)) {
1058 return NT_STATUS_NO_SUCH_GROUP
;
1063 group_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
1064 if (group_name
== NULL
) {
1065 return NT_STATUS_NO_MEMORY
;
1068 if ( !(account
= samu_new( NULL
)) ) {
1069 return NT_STATUS_NO_MEMORY
;
1072 if (!pdb_getsampwsid(account
, &member_sid
) ||
1073 !sid_to_uid(&member_sid
, &uid
) ||
1074 ((pwd
= getpwuid_alloc(mem_ctx
, uid
)) == NULL
)) {
1075 return NT_STATUS_NO_SUCH_USER
;
1078 if (!pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1079 return NT_STATUS_MEMBER_NOT_IN_GROUP
;
1083 * ok, the group exist, the user exist, the user is in the group,
1084 * we can (finally) delete it from the group!
1087 smb_delete_user_group(group_name
, pwd
->pw_name
);
1089 if (pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1090 return NT_STATUS_ACCESS_DENIED
;
1093 return NT_STATUS_OK
;
1096 NTSTATUS
pdb_del_groupmem(TALLOC_CTX
*mem_ctx
, uint32_t group_rid
,
1097 uint32_t member_rid
)
1099 struct pdb_methods
*pdb
= pdb_get_methods();
1100 return pdb
->del_groupmem(pdb
, mem_ctx
, group_rid
, member_rid
);
1103 NTSTATUS
pdb_create_alias(const char *name
, uint32_t *rid
)
1105 struct pdb_methods
*pdb
= pdb_get_methods();
1106 return pdb
->create_alias(pdb
, name
, rid
);
1109 NTSTATUS
pdb_delete_alias(const struct dom_sid
*sid
)
1111 struct pdb_methods
*pdb
= pdb_get_methods();
1112 return pdb
->delete_alias(pdb
, sid
);
1115 NTSTATUS
pdb_get_aliasinfo(const struct dom_sid
*sid
, struct acct_info
*info
)
1117 struct pdb_methods
*pdb
= pdb_get_methods();
1118 return pdb
->get_aliasinfo(pdb
, sid
, info
);
1121 NTSTATUS
pdb_set_aliasinfo(const struct dom_sid
*sid
, struct acct_info
*info
)
1123 struct pdb_methods
*pdb
= pdb_get_methods();
1124 return pdb
->set_aliasinfo(pdb
, sid
, info
);
1127 NTSTATUS
pdb_add_aliasmem(const struct dom_sid
*alias
, const struct dom_sid
*member
)
1129 struct pdb_methods
*pdb
= pdb_get_methods();
1130 return pdb
->add_aliasmem(pdb
, alias
, member
);
1133 NTSTATUS
pdb_del_aliasmem(const struct dom_sid
*alias
, const struct dom_sid
*member
)
1135 struct pdb_methods
*pdb
= pdb_get_methods();
1136 return pdb
->del_aliasmem(pdb
, alias
, member
);
1139 NTSTATUS
pdb_enum_aliasmem(const struct dom_sid
*alias
, TALLOC_CTX
*mem_ctx
,
1140 struct dom_sid
**pp_members
, size_t *p_num_members
)
1142 struct pdb_methods
*pdb
= pdb_get_methods();
1143 return pdb
->enum_aliasmem(pdb
, alias
, mem_ctx
, pp_members
,
1147 NTSTATUS
pdb_enum_alias_memberships(TALLOC_CTX
*mem_ctx
,
1148 const struct dom_sid
*domain_sid
,
1149 const struct dom_sid
*members
, size_t num_members
,
1150 uint32_t **pp_alias_rids
,
1151 size_t *p_num_alias_rids
)
1153 struct pdb_methods
*pdb
= pdb_get_methods();
1154 return pdb
->enum_alias_memberships(pdb
, mem_ctx
,
1156 members
, num_members
,
1161 NTSTATUS
pdb_lookup_rids(const struct dom_sid
*domain_sid
,
1165 enum lsa_SidType
*attrs
)
1167 struct pdb_methods
*pdb
= pdb_get_methods();
1168 return pdb
->lookup_rids(pdb
, domain_sid
, num_rids
, rids
, names
, attrs
);
1171 bool pdb_get_account_policy(enum pdb_policy_type type
, uint32_t *value
)
1173 struct pdb_methods
*pdb
= pdb_get_methods();
1177 status
= pdb
->get_account_policy(pdb
, type
, value
);
1180 return NT_STATUS_IS_OK(status
);
1183 bool pdb_set_account_policy(enum pdb_policy_type type
, uint32_t value
)
1185 struct pdb_methods
*pdb
= pdb_get_methods();
1189 status
= pdb
->set_account_policy(pdb
, type
, value
);
1192 return NT_STATUS_IS_OK(status
);
1195 bool pdb_get_seq_num(time_t *seq_num
)
1197 struct pdb_methods
*pdb
= pdb_get_methods();
1198 return NT_STATUS_IS_OK(pdb
->get_seq_num(pdb
, seq_num
));
1201 bool pdb_uid_to_sid(uid_t uid
, struct dom_sid
*sid
)
1203 struct pdb_methods
*pdb
= pdb_get_methods();
1204 return pdb
->uid_to_sid(pdb
, uid
, sid
);
1207 bool pdb_gid_to_sid(gid_t gid
, struct dom_sid
*sid
)
1209 struct pdb_methods
*pdb
= pdb_get_methods();
1210 return pdb
->gid_to_sid(pdb
, gid
, sid
);
1213 bool pdb_sid_to_id(const struct dom_sid
*sid
, struct unixid
*id
)
1215 struct pdb_methods
*pdb
= pdb_get_methods();
1216 return pdb
->sid_to_id(pdb
, sid
, id
);
1219 uint32_t pdb_capabilities(void)
1221 struct pdb_methods
*pdb
= pdb_get_methods();
1222 return pdb
->capabilities(pdb
);
1225 /********************************************************************
1226 Allocate a new RID from the passdb backend. Verify that it is free
1227 by calling lookup_global_sam_rid() to verify that the RID is not
1228 in use. This handles servers that have existing users or groups
1229 with add RIDs (assigned from previous algorithmic mappings)
1230 ********************************************************************/
1232 bool pdb_new_rid(uint32_t *rid
)
1234 struct pdb_methods
*pdb
= pdb_get_methods();
1235 const char *name
= NULL
;
1236 enum lsa_SidType type
;
1237 uint32_t allocated_rid
= 0;
1241 if ((pdb_capabilities() & PDB_CAP_STORE_RIDS
) == 0) {
1242 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1247 if (algorithmic_rid_base() != BASE_RID
) {
1248 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1249 "without algorithmic RIDs is chosen.\n"));
1250 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1251 "add', set the maximum used RID\n"));
1252 DEBUGADD(0, ("and remove the parameter\n"));
1256 if ( (ctx
= talloc_init("pdb_new_rid")) == NULL
) {
1257 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1261 /* Attempt to get an unused RID (max tires is 250...yes that it is
1262 and arbitrary number I pulkled out of my head). -- jerry */
1264 for ( i
=0; allocated_rid
==0 && i
<250; i
++ ) {
1267 if ( !pdb
->new_rid(pdb
, &allocated_rid
) ) {
1271 /* validate that the RID is not in use */
1273 if (lookup_global_sam_rid(ctx
, allocated_rid
, &name
, &type
, NULL
, NULL
)) {
1280 if ( allocated_rid
== 0 ) {
1281 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1285 *rid
= allocated_rid
;
1290 /***************************************************************
1291 Initialize the static context (at smbd startup etc).
1293 If uninitialised, context will auto-init on first use.
1294 ***************************************************************/
1296 bool initialize_password_db(bool reload
, struct tevent_context
*tevent_ctx
)
1298 pdb_tevent_ctx
= tevent_ctx
;
1299 return (pdb_get_methods_reload(reload
) != NULL
);
1303 /***************************************************************************
1304 Default implementations of some functions.
1305 ****************************************************************************/
1307 static NTSTATUS
pdb_default_getsampwnam (struct pdb_methods
*methods
, struct samu
*user
, const char *sname
)
1309 return NT_STATUS_NO_SUCH_USER
;
1312 static NTSTATUS
pdb_default_getsampwsid(struct pdb_methods
*my_methods
, struct samu
* user
, const struct dom_sid
*sid
)
1314 return NT_STATUS_NO_SUCH_USER
;
1317 static NTSTATUS
pdb_default_add_sam_account (struct pdb_methods
*methods
, struct samu
*newpwd
)
1319 return NT_STATUS_NOT_IMPLEMENTED
;
1322 static NTSTATUS
pdb_default_update_sam_account (struct pdb_methods
*methods
, struct samu
*newpwd
)
1324 return NT_STATUS_NOT_IMPLEMENTED
;
1327 static NTSTATUS
pdb_default_delete_sam_account (struct pdb_methods
*methods
, struct samu
*pwd
)
1329 return NT_STATUS_NOT_IMPLEMENTED
;
1332 static NTSTATUS
pdb_default_rename_sam_account (struct pdb_methods
*methods
, struct samu
*pwd
, const char *newname
)
1334 return NT_STATUS_NOT_IMPLEMENTED
;
1337 static NTSTATUS
pdb_default_update_login_attempts (struct pdb_methods
*methods
, struct samu
*newpwd
, bool success
)
1339 /* Only the pdb_nds backend implements this, by
1340 * default just return ok. */
1341 return NT_STATUS_OK
;
1344 static NTSTATUS
pdb_default_get_account_policy(struct pdb_methods
*methods
, enum pdb_policy_type type
, uint32_t *value
)
1346 return account_policy_get(type
, value
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
1349 static NTSTATUS
pdb_default_set_account_policy(struct pdb_methods
*methods
, enum pdb_policy_type type
, uint32_t value
)
1351 return account_policy_set(type
, value
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
1354 static NTSTATUS
pdb_default_get_seq_num(struct pdb_methods
*methods
, time_t *seq_num
)
1356 *seq_num
= time(NULL
);
1357 return NT_STATUS_OK
;
1360 static bool pdb_default_uid_to_sid(struct pdb_methods
*methods
, uid_t uid
,
1361 struct dom_sid
*sid
)
1363 struct samu
*sampw
= NULL
;
1364 struct passwd
*unix_pw
;
1367 unix_pw
= getpwuid( uid
);
1370 DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
1371 "%lu\n", (unsigned long)uid
));
1375 if ( !(sampw
= samu_new( NULL
)) ) {
1376 DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
1381 ret
= NT_STATUS_IS_OK(
1382 methods
->getsampwnam(methods
, sampw
, unix_pw
->pw_name
));
1386 DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
1387 "%s (%u)\n", unix_pw
->pw_name
, (unsigned int)uid
));
1392 sid_copy(sid
, pdb_get_user_sid(sampw
));
1399 static bool pdb_default_gid_to_sid(struct pdb_methods
*methods
, gid_t gid
,
1400 struct dom_sid
*sid
)
1404 map
= talloc_zero(NULL
, GROUP_MAP
);
1409 if (!NT_STATUS_IS_OK(methods
->getgrgid(methods
, map
, gid
))) {
1414 sid_copy(sid
, &map
->sid
);
1419 static bool pdb_default_sid_to_id(struct pdb_methods
*methods
,
1420 const struct dom_sid
*sid
,
1423 TALLOC_CTX
*mem_ctx
;
1428 mem_ctx
= talloc_new(NULL
);
1430 if (mem_ctx
== NULL
) {
1431 DEBUG(0, ("talloc_new failed\n"));
1435 if (sid_peek_check_rid(get_global_sam_sid(), sid
, &rid
)) {
1437 enum lsa_SidType type
;
1440 /* Here we might have users as well as groups and aliases */
1441 ret
= lookup_global_sam_rid(mem_ctx
, rid
, &name
, &type
, &uid
, &gid
);
1444 case SID_NAME_DOM_GRP
:
1445 case SID_NAME_ALIAS
:
1446 id
->type
= ID_TYPE_GID
;
1450 id
->type
= ID_TYPE_UID
;
1454 DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
1455 sid_string_dbg(sid
), type
));
1459 DEBUG(5, ("SID %s is or domain, but is unmapped\n",
1460 sid_string_dbg(sid
)));
1465 /* check for "Unix User" */
1467 if ( sid_peek_check_rid(&global_sid_Unix_Users
, sid
, &rid
) ) {
1469 id
->type
= ID_TYPE_UID
;
1474 /* check for "Unix Group" */
1476 if ( sid_peek_check_rid(&global_sid_Unix_Groups
, sid
, &rid
) ) {
1478 id
->type
= ID_TYPE_GID
;
1485 if (sid_check_is_in_builtin(sid
) ||
1486 sid_check_is_in_wellknown_domain(sid
)) {
1487 /* Here we only have aliases */
1490 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1496 if (!NT_STATUS_IS_OK(methods
->getgrsid(methods
, map
, *sid
))) {
1497 DEBUG(10, ("Could not find map for sid %s\n",
1498 sid_string_dbg(sid
)));
1501 if ((map
->sid_name_use
!= SID_NAME_ALIAS
) &&
1502 (map
->sid_name_use
!= SID_NAME_WKN_GRP
)) {
1503 DEBUG(10, ("Map for sid %s is a %s, expected an "
1504 "alias\n", sid_string_dbg(sid
),
1505 sid_type_lookup(map
->sid_name_use
)));
1510 id
->type
= ID_TYPE_GID
;
1515 DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1516 sid_string_dbg(sid
)));
1520 TALLOC_FREE(mem_ctx
);
1524 static bool get_memberuids(TALLOC_CTX
*mem_ctx
, gid_t gid
, uid_t
**pp_uids
, uint32_t *p_num
)
1535 /* We only look at our own sam, so don't care about imported stuff */
1536 winbind_env
= winbind_env_set();
1537 (void)winbind_off();
1539 if ((grp
= getgrgid(gid
)) == NULL
) {
1540 /* allow winbindd lookups, but only if they weren't already disabled */
1544 /* Primary group members */
1546 while ((pwd
= getpwent()) != NULL
) {
1547 if (pwd
->pw_gid
== gid
) {
1548 if (!add_uid_to_array_unique(mem_ctx
, pwd
->pw_uid
,
1556 /* Secondary group members */
1557 for (gr
= grp
->gr_mem
; (*gr
!= NULL
) && ((*gr
)[0] != '\0'); gr
+= 1) {
1558 struct passwd
*pw
= getpwnam(*gr
);
1562 if (!add_uid_to_array_unique(mem_ctx
, pw
->pw_uid
, pp_uids
, p_num
)) {
1571 /* allow winbindd lookups, but only if they weren't already disabled */
1579 static NTSTATUS
pdb_default_enum_group_members(struct pdb_methods
*methods
,
1580 TALLOC_CTX
*mem_ctx
,
1581 const struct dom_sid
*group
,
1582 uint32_t **pp_member_rids
,
1583 size_t *p_num_members
)
1587 uint32_t i
, num_uids
;
1589 *pp_member_rids
= NULL
;
1592 if (!sid_to_gid(group
, &gid
))
1593 return NT_STATUS_NO_SUCH_GROUP
;
1595 if(!get_memberuids(mem_ctx
, gid
, &uids
, &num_uids
))
1596 return NT_STATUS_NO_SUCH_GROUP
;
1599 return NT_STATUS_OK
;
1601 *pp_member_rids
= talloc_zero_array(mem_ctx
, uint32_t, num_uids
);
1603 for (i
=0; i
<num_uids
; i
++) {
1606 uid_to_sid(&sid
, uids
[i
]);
1608 if (!sid_check_is_in_our_sam(&sid
)) {
1609 DEBUG(5, ("Inconsistent SAM -- group member uid not "
1610 "in our domain\n"));
1614 sid_peek_rid(&sid
, &(*pp_member_rids
)[*p_num_members
]);
1615 *p_num_members
+= 1;
1618 return NT_STATUS_OK
;
1621 static NTSTATUS
pdb_default_enum_group_memberships(struct pdb_methods
*methods
,
1622 TALLOC_CTX
*mem_ctx
,
1624 struct dom_sid
**pp_sids
,
1626 uint32_t *p_num_groups
)
1631 const char *username
= pdb_get_username(user
);
1634 /* Ignore the primary group SID. Honor the real Unix primary group.
1635 The primary group SID is only of real use to Windows clients */
1637 if ( !(pw
= Get_Pwnam_alloc(mem_ctx
, username
)) ) {
1638 return NT_STATUS_NO_SUCH_USER
;
1645 if (!getgroups_unix_user(mem_ctx
, username
, gid
, pp_gids
, p_num_groups
)) {
1646 return NT_STATUS_NO_SUCH_USER
;
1649 if (*p_num_groups
== 0) {
1650 smb_panic("primary group missing");
1653 *pp_sids
= talloc_array(mem_ctx
, struct dom_sid
, *p_num_groups
);
1655 if (*pp_sids
== NULL
) {
1656 TALLOC_FREE(*pp_gids
);
1657 return NT_STATUS_NO_MEMORY
;
1660 for (i
=0; i
<*p_num_groups
; i
++) {
1661 gid_to_sid(&(*pp_sids
)[i
], (*pp_gids
)[i
]);
1664 return NT_STATUS_OK
;
1667 /*******************************************************************
1668 Look up a rid in the SAM we're responsible for (i.e. passdb)
1669 ********************************************************************/
1671 static bool lookup_global_sam_rid(TALLOC_CTX
*mem_ctx
, uint32_t rid
,
1673 enum lsa_SidType
*psid_name_use
,
1674 uid_t
*uid
, gid_t
*gid
)
1676 struct samu
*sam_account
= NULL
;
1677 GROUP_MAP
*map
= NULL
;
1681 *psid_name_use
= SID_NAME_UNKNOWN
;
1683 DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1684 (unsigned int)rid
));
1686 sid_compose(&sid
, get_global_sam_sid(), rid
);
1688 /* see if the passdb can help us with the name of the user */
1690 if ( !(sam_account
= samu_new( NULL
)) ) {
1694 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1699 /* BEING ROOT BLOCK */
1701 ret
= pdb_getsampwsid(sam_account
, &sid
);
1703 TALLOC_FREE(sam_account
);
1704 ret
= pdb_getgrsid(map
, sid
);
1707 /* END BECOME_ROOT BLOCK */
1709 if (sam_account
|| !ret
) {
1716 *name
= talloc_strdup(mem_ctx
, pdb_get_username(sam_account
));
1718 TALLOC_FREE(sam_account
);
1722 *psid_name_use
= SID_NAME_USER
;
1724 TALLOC_FREE(sam_account
);
1730 pw
= Get_Pwnam_alloc(talloc_tos(), *name
);
1738 } else if (map
&& (map
->gid
!= (gid_t
)-1)) {
1740 /* do not resolve SIDs to a name unless there is a valid
1741 gid associated with it */
1743 *name
= talloc_steal(mem_ctx
, map
->nt_name
);
1744 *psid_name_use
= map
->sid_name_use
;
1756 /* Windows will always map RID 513 to something. On a non-domain
1757 controller, this gets mapped to SERVER\None. */
1760 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1764 if ( rid
== DOMAIN_RID_USERS
) {
1765 *name
= talloc_strdup(mem_ctx
, "None" );
1766 *psid_name_use
= SID_NAME_DOM_GRP
;
1774 static NTSTATUS
pdb_default_lookup_rids(struct pdb_methods
*methods
,
1775 const struct dom_sid
*domain_sid
,
1779 enum lsa_SidType
*attrs
)
1783 bool have_mapped
= False
;
1784 bool have_unmapped
= False
;
1786 if (sid_check_is_builtin(domain_sid
)) {
1788 for (i
=0; i
<num_rids
; i
++) {
1791 if (lookup_builtin_rid(names
, rids
[i
], &name
)) {
1792 attrs
[i
] = SID_NAME_ALIAS
;
1794 DEBUG(5,("lookup_rids: %s:%d\n",
1795 names
[i
], attrs
[i
]));
1798 have_unmapped
= True
;
1799 attrs
[i
] = SID_NAME_UNKNOWN
;
1805 /* Should not happen, but better check once too many */
1806 if (!sid_check_is_our_sam(domain_sid
)) {
1807 return NT_STATUS_INVALID_HANDLE
;
1810 for (i
= 0; i
< num_rids
; i
++) {
1813 if (lookup_global_sam_rid(names
, rids
[i
], &name
, &attrs
[i
],
1816 return NT_STATUS_NO_MEMORY
;
1819 DEBUG(5,("lookup_rids: %s:%d\n", names
[i
], attrs
[i
]));
1822 have_unmapped
= True
;
1823 attrs
[i
] = SID_NAME_UNKNOWN
;
1829 result
= NT_STATUS_NONE_MAPPED
;
1832 result
= have_unmapped
? STATUS_SOME_UNMAPPED
: NT_STATUS_OK
;
1837 static int pdb_search_destructor(struct pdb_search
*search
)
1839 if ((!search
->search_ended
) && (search
->search_end
!= NULL
)) {
1840 search
->search_end(search
);
1845 struct pdb_search
*pdb_search_init(TALLOC_CTX
*mem_ctx
,
1846 enum pdb_search_type type
)
1848 struct pdb_search
*result
;
1850 result
= talloc(mem_ctx
, struct pdb_search
);
1851 if (result
== NULL
) {
1852 DEBUG(0, ("talloc failed\n"));
1856 result
->type
= type
;
1857 result
->cache
= NULL
;
1858 result
->num_entries
= 0;
1859 result
->cache_size
= 0;
1860 result
->search_ended
= False
;
1861 result
->search_end
= NULL
;
1863 /* Segfault appropriately if not initialized */
1864 result
->next_entry
= NULL
;
1865 result
->search_end
= NULL
;
1867 talloc_set_destructor(result
, pdb_search_destructor
);
1872 static void fill_displayentry(TALLOC_CTX
*mem_ctx
, uint32_t rid
,
1873 uint16_t acct_flags
,
1874 const char *account_name
,
1875 const char *fullname
,
1876 const char *description
,
1877 struct samr_displayentry
*entry
)
1880 entry
->acct_flags
= acct_flags
;
1882 if (account_name
!= NULL
)
1883 entry
->account_name
= talloc_strdup(mem_ctx
, account_name
);
1885 entry
->account_name
= "";
1887 if (fullname
!= NULL
)
1888 entry
->fullname
= talloc_strdup(mem_ctx
, fullname
);
1890 entry
->fullname
= "";
1892 if (description
!= NULL
)
1893 entry
->description
= talloc_strdup(mem_ctx
, description
);
1895 entry
->description
= "";
1898 struct group_search
{
1900 size_t num_groups
, current_group
;
1903 static bool next_entry_groups(struct pdb_search
*s
,
1904 struct samr_displayentry
*entry
)
1906 struct group_search
*state
= (struct group_search
*)s
->private_data
;
1910 if (state
->current_group
== state
->num_groups
)
1913 map
= state
->groups
[state
->current_group
];
1915 sid_peek_rid(&map
->sid
, &rid
);
1917 fill_displayentry(s
, rid
, 0, map
->nt_name
, NULL
, map
->comment
, entry
);
1919 state
->current_group
+= 1;
1923 static void search_end_groups(struct pdb_search
*search
)
1925 struct group_search
*state
=
1926 (struct group_search
*)search
->private_data
;
1927 TALLOC_FREE(state
->groups
);
1930 static bool pdb_search_grouptype(struct pdb_methods
*methods
,
1931 struct pdb_search
*search
,
1932 const struct dom_sid
*sid
, enum lsa_SidType type
)
1934 struct group_search
*state
;
1936 state
= talloc_zero(search
, struct group_search
);
1937 if (state
== NULL
) {
1938 DEBUG(0, ("talloc failed\n"));
1942 if (!NT_STATUS_IS_OK(methods
->enum_group_mapping(methods
, sid
, type
,
1943 &state
->groups
, &state
->num_groups
,
1945 DEBUG(0, ("Could not enum groups\n"));
1949 state
->current_group
= 0;
1950 search
->private_data
= state
;
1951 search
->next_entry
= next_entry_groups
;
1952 search
->search_end
= search_end_groups
;
1956 static bool pdb_default_search_groups(struct pdb_methods
*methods
,
1957 struct pdb_search
*search
)
1959 return pdb_search_grouptype(methods
, search
, get_global_sam_sid(), SID_NAME_DOM_GRP
);
1962 static bool pdb_default_search_aliases(struct pdb_methods
*methods
,
1963 struct pdb_search
*search
,
1964 const struct dom_sid
*sid
)
1967 return pdb_search_grouptype(methods
, search
, sid
, SID_NAME_ALIAS
);
1970 static struct samr_displayentry
*pdb_search_getentry(struct pdb_search
*search
,
1973 if (idx
< search
->num_entries
)
1974 return &search
->cache
[idx
];
1976 if (search
->search_ended
)
1979 while (idx
>= search
->num_entries
) {
1980 struct samr_displayentry entry
;
1982 if (!search
->next_entry(search
, &entry
)) {
1983 search
->search_end(search
);
1984 search
->search_ended
= True
;
1988 ADD_TO_LARGE_ARRAY(search
, struct samr_displayentry
,
1989 entry
, &search
->cache
, &search
->num_entries
,
1990 &search
->cache_size
);
1993 return (search
->num_entries
> idx
) ? &search
->cache
[idx
] : NULL
;
1996 struct pdb_search
*pdb_search_users(TALLOC_CTX
*mem_ctx
, uint32_t acct_flags
)
1998 struct pdb_methods
*pdb
= pdb_get_methods();
1999 struct pdb_search
*result
;
2001 result
= pdb_search_init(mem_ctx
, PDB_USER_SEARCH
);
2002 if (result
== NULL
) {
2006 if (!pdb
->search_users(pdb
, result
, acct_flags
)) {
2007 TALLOC_FREE(result
);
2013 struct pdb_search
*pdb_search_groups(TALLOC_CTX
*mem_ctx
)
2015 struct pdb_methods
*pdb
= pdb_get_methods();
2016 struct pdb_search
*result
;
2018 result
= pdb_search_init(mem_ctx
, PDB_GROUP_SEARCH
);
2019 if (result
== NULL
) {
2023 if (!pdb
->search_groups(pdb
, result
)) {
2024 TALLOC_FREE(result
);
2030 struct pdb_search
*pdb_search_aliases(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
)
2032 struct pdb_methods
*pdb
= pdb_get_methods();
2033 struct pdb_search
*result
;
2035 if (pdb
== NULL
) return NULL
;
2037 result
= pdb_search_init(mem_ctx
, PDB_ALIAS_SEARCH
);
2038 if (result
== NULL
) {
2042 if (!pdb
->search_aliases(pdb
, result
, sid
)) {
2043 TALLOC_FREE(result
);
2049 uint32_t pdb_search_entries(struct pdb_search
*search
,
2050 uint32_t start_idx
, uint32_t max_entries
,
2051 struct samr_displayentry
**result
)
2053 struct samr_displayentry
*end_entry
;
2054 uint32_t end_idx
= start_idx
+max_entries
-1;
2056 /* The first entry needs to be searched after the last. Otherwise the
2057 * first entry might have moved due to a realloc during the search for
2058 * the last entry. */
2060 end_entry
= pdb_search_getentry(search
, end_idx
);
2061 *result
= pdb_search_getentry(search
, start_idx
);
2063 if (end_entry
!= NULL
)
2066 if (start_idx
>= search
->num_entries
)
2069 return search
->num_entries
- start_idx
;
2072 /*******************************************************************
2074 *******************************************************************/
2076 bool pdb_get_trusteddom_pw(const char *domain
, char** pwd
, struct dom_sid
*sid
,
2077 time_t *pass_last_set_time
)
2079 struct pdb_methods
*pdb
= pdb_get_methods();
2080 return pdb
->get_trusteddom_pw(pdb
, domain
, pwd
, sid
,
2081 pass_last_set_time
);
2084 bool pdb_set_trusteddom_pw(const char* domain
, const char* pwd
,
2085 const struct dom_sid
*sid
)
2087 struct pdb_methods
*pdb
= pdb_get_methods();
2088 return pdb
->set_trusteddom_pw(pdb
, domain
, pwd
, sid
);
2091 bool pdb_del_trusteddom_pw(const char *domain
)
2093 struct pdb_methods
*pdb
= pdb_get_methods();
2094 return pdb
->del_trusteddom_pw(pdb
, domain
);
2097 NTSTATUS
pdb_enum_trusteddoms(TALLOC_CTX
*mem_ctx
, uint32_t *num_domains
,
2098 struct trustdom_info
***domains
)
2100 struct pdb_methods
*pdb
= pdb_get_methods();
2101 return pdb
->enum_trusteddoms(pdb
, mem_ctx
, num_domains
, domains
);
2104 /*******************************************************************
2105 the defaults for trustdom methods:
2106 these simply call the original passdb/secrets.c actions,
2107 to be replaced by pdb_ldap.
2108 *******************************************************************/
2110 static bool pdb_default_get_trusteddom_pw(struct pdb_methods
*methods
,
2113 struct dom_sid
*sid
,
2114 time_t *pass_last_set_time
)
2116 return secrets_fetch_trusted_domain_password(domain
, pwd
,
2117 sid
, pass_last_set_time
);
2121 static bool pdb_default_set_trusteddom_pw(struct pdb_methods
*methods
,
2124 const struct dom_sid
*sid
)
2126 return secrets_store_trusted_domain_password(domain
, pwd
, sid
);
2129 static bool pdb_default_del_trusteddom_pw(struct pdb_methods
*methods
,
2132 return trusted_domain_password_delete(domain
);
2135 static NTSTATUS
pdb_default_enum_trusteddoms(struct pdb_methods
*methods
,
2136 TALLOC_CTX
*mem_ctx
,
2137 uint32_t *num_domains
,
2138 struct trustdom_info
***domains
)
2140 return secrets_trusted_domains(mem_ctx
, num_domains
, domains
);
2143 /*******************************************************************
2144 trusted_domain methods
2145 *******************************************************************/
2147 NTSTATUS
pdb_get_trusted_domain(TALLOC_CTX
*mem_ctx
, const char *domain
,
2148 struct pdb_trusted_domain
**td
)
2150 struct pdb_methods
*pdb
= pdb_get_methods();
2151 return pdb
->get_trusted_domain(pdb
, mem_ctx
, domain
, td
);
2154 NTSTATUS
pdb_get_trusted_domain_by_sid(TALLOC_CTX
*mem_ctx
, struct dom_sid
*sid
,
2155 struct pdb_trusted_domain
**td
)
2157 struct pdb_methods
*pdb
= pdb_get_methods();
2158 return pdb
->get_trusted_domain_by_sid(pdb
, mem_ctx
, sid
, td
);
2161 NTSTATUS
pdb_set_trusted_domain(const char* domain
,
2162 const struct pdb_trusted_domain
*td
)
2164 struct pdb_methods
*pdb
= pdb_get_methods();
2165 return pdb
->set_trusted_domain(pdb
, domain
, td
);
2168 NTSTATUS
pdb_del_trusted_domain(const char *domain
)
2170 struct pdb_methods
*pdb
= pdb_get_methods();
2171 return pdb
->del_trusted_domain(pdb
, domain
);
2174 NTSTATUS
pdb_enum_trusted_domains(TALLOC_CTX
*mem_ctx
, uint32_t *num_domains
,
2175 struct pdb_trusted_domain
***domains
)
2177 struct pdb_methods
*pdb
= pdb_get_methods();
2178 return pdb
->enum_trusted_domains(pdb
, mem_ctx
, num_domains
, domains
);
2181 static NTSTATUS
pdb_default_get_trusted_domain(struct pdb_methods
*methods
,
2182 TALLOC_CTX
*mem_ctx
,
2184 struct pdb_trusted_domain
**td
)
2186 struct trustAuthInOutBlob taiob
;
2187 struct AuthenticationInformation aia
;
2188 struct pdb_trusted_domain
*tdom
;
2189 enum ndr_err_code ndr_err
;
2190 time_t last_set_time
;
2194 tdom
= talloc(mem_ctx
, struct pdb_trusted_domain
);
2196 return NT_STATUS_NO_MEMORY
;
2199 tdom
->domain_name
= talloc_strdup(tdom
, domain
);
2200 tdom
->netbios_name
= talloc_strdup(tdom
, domain
);
2201 if (!tdom
->domain_name
|| !tdom
->netbios_name
) {
2203 return NT_STATUS_NO_MEMORY
;
2206 tdom
->trust_auth_incoming
= data_blob_null
;
2208 ok
= pdb_get_trusteddom_pw(domain
, &pwd
, &tdom
->security_identifier
,
2212 return NT_STATUS_UNSUCCESSFUL
;
2218 taiob
.current
.count
= 1;
2219 taiob
.current
.array
= &aia
;
2220 unix_to_nt_time(&aia
.LastUpdateTime
, last_set_time
);
2221 aia
.AuthType
= TRUST_AUTH_TYPE_CLEAR
;
2222 aia
.AuthInfo
.clear
.password
= (uint8_t *) pwd
;
2223 aia
.AuthInfo
.clear
.size
= strlen(pwd
);
2224 taiob
.previous
.count
= 0;
2225 taiob
.previous
.array
= NULL
;
2227 ndr_err
= ndr_push_struct_blob(&tdom
->trust_auth_outgoing
,
2229 (ndr_push_flags_fn_t
)ndr_push_trustAuthInOutBlob
);
2230 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
2232 return NT_STATUS_UNSUCCESSFUL
;
2235 tdom
->trust_direction
= LSA_TRUST_DIRECTION_OUTBOUND
;
2236 tdom
->trust_type
= LSA_TRUST_TYPE_DOWNLEVEL
;
2237 tdom
->trust_attributes
= 0;
2238 tdom
->trust_forest_trust_info
= data_blob_null
;
2241 return NT_STATUS_OK
;
2244 static NTSTATUS
pdb_default_get_trusted_domain_by_sid(struct pdb_methods
*methods
,
2245 TALLOC_CTX
*mem_ctx
,
2246 struct dom_sid
*sid
,
2247 struct pdb_trusted_domain
**td
)
2249 return NT_STATUS_NOT_IMPLEMENTED
;
2252 #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
2254 static NTSTATUS
pdb_default_set_trusted_domain(struct pdb_methods
*methods
,
2256 const struct pdb_trusted_domain
*td
)
2258 struct trustAuthInOutBlob taiob
;
2259 struct AuthenticationInformation
*aia
;
2260 enum ndr_err_code ndr_err
;
2264 if (td
->trust_attributes
!= 0 ||
2265 td
->trust_type
!= LSA_TRUST_TYPE_DOWNLEVEL
||
2266 td
->trust_direction
!= LSA_TRUST_DIRECTION_OUTBOUND
||
2267 !IS_NULL_DATA_BLOB(td
->trust_auth_incoming
) ||
2268 !IS_NULL_DATA_BLOB(td
->trust_forest_trust_info
)) {
2269 return NT_STATUS_NOT_IMPLEMENTED
;
2273 ndr_err
= ndr_pull_struct_blob(&td
->trust_auth_outgoing
, talloc_tos(),
2275 (ndr_pull_flags_fn_t
)ndr_pull_trustAuthInOutBlob
);
2276 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
2277 return NT_STATUS_UNSUCCESSFUL
;
2280 aia
= (struct AuthenticationInformation
*) taiob
.current
.array
;
2282 if (taiob
.count
!= 1 || taiob
.current
.count
!= 1 ||
2283 taiob
.previous
.count
!= 0 ||
2284 aia
->AuthType
!= TRUST_AUTH_TYPE_CLEAR
) {
2285 return NT_STATUS_NOT_IMPLEMENTED
;
2288 pwd
= talloc_strndup(talloc_tos(), (char *) aia
->AuthInfo
.clear
.password
,
2289 aia
->AuthInfo
.clear
.size
);
2291 return NT_STATUS_NO_MEMORY
;
2294 ok
= pdb_set_trusteddom_pw(domain
, pwd
, &td
->security_identifier
);
2296 return NT_STATUS_UNSUCCESSFUL
;
2299 return NT_STATUS_OK
;
2302 static NTSTATUS
pdb_default_del_trusted_domain(struct pdb_methods
*methods
,
2305 return NT_STATUS_NOT_IMPLEMENTED
;
2308 static NTSTATUS
pdb_default_enum_trusted_domains(struct pdb_methods
*methods
,
2309 TALLOC_CTX
*mem_ctx
,
2310 uint32_t *num_domains
,
2311 struct pdb_trusted_domain
***domains
)
2313 return NT_STATUS_NOT_IMPLEMENTED
;
2316 static struct pdb_domain_info
*pdb_default_get_domain_info(
2317 struct pdb_methods
*m
, TALLOC_CTX
*mem_ctx
)
2322 /*******************************************************************
2324 *******************************************************************/
2326 NTSTATUS
pdb_get_secret(TALLOC_CTX
*mem_ctx
,
2327 const char *secret_name
,
2328 DATA_BLOB
*secret_current
,
2329 NTTIME
*secret_current_lastchange
,
2330 DATA_BLOB
*secret_old
,
2331 NTTIME
*secret_old_lastchange
,
2332 struct security_descriptor
**sd
)
2334 struct pdb_methods
*pdb
= pdb_get_methods();
2335 return pdb
->get_secret(pdb
, mem_ctx
, secret_name
,
2336 secret_current
, secret_current_lastchange
,
2337 secret_old
, secret_old_lastchange
,
2341 NTSTATUS
pdb_set_secret(const char *secret_name
,
2342 DATA_BLOB
*secret_current
,
2343 DATA_BLOB
*secret_old
,
2344 struct security_descriptor
*sd
)
2346 struct pdb_methods
*pdb
= pdb_get_methods();
2347 return pdb
->set_secret(pdb
, secret_name
,
2353 NTSTATUS
pdb_delete_secret(const char *secret_name
)
2355 struct pdb_methods
*pdb
= pdb_get_methods();
2356 return pdb
->delete_secret(pdb
, secret_name
);
2359 static NTSTATUS
pdb_default_get_secret(struct pdb_methods
*methods
,
2360 TALLOC_CTX
*mem_ctx
,
2361 const char *secret_name
,
2362 DATA_BLOB
*secret_current
,
2363 NTTIME
*secret_current_lastchange
,
2364 DATA_BLOB
*secret_old
,
2365 NTTIME
*secret_old_lastchange
,
2366 struct security_descriptor
**sd
)
2368 return lsa_secret_get(mem_ctx
, secret_name
,
2370 secret_current_lastchange
,
2372 secret_old_lastchange
,
2376 static NTSTATUS
pdb_default_set_secret(struct pdb_methods
*methods
,
2377 const char *secret_name
,
2378 DATA_BLOB
*secret_current
,
2379 DATA_BLOB
*secret_old
,
2380 struct security_descriptor
*sd
)
2382 return lsa_secret_set(secret_name
,
2388 static NTSTATUS
pdb_default_delete_secret(struct pdb_methods
*methods
,
2389 const char *secret_name
)
2391 return lsa_secret_delete(secret_name
);
2394 /*******************************************************************
2395 Create a pdb_methods structure and initialize it with the default
2396 operations. In this way a passdb module can simply implement
2397 the functionality it cares about. However, normally this is done
2398 in groups of related functions.
2399 *******************************************************************/
2401 NTSTATUS
make_pdb_method( struct pdb_methods
**methods
)
2403 /* allocate memory for the structure as its own talloc CTX */
2405 *methods
= talloc_zero(NULL
, struct pdb_methods
);
2406 if (*methods
== NULL
) {
2407 return NT_STATUS_NO_MEMORY
;
2410 (*methods
)->get_domain_info
= pdb_default_get_domain_info
;
2411 (*methods
)->getsampwnam
= pdb_default_getsampwnam
;
2412 (*methods
)->getsampwsid
= pdb_default_getsampwsid
;
2413 (*methods
)->create_user
= pdb_default_create_user
;
2414 (*methods
)->delete_user
= pdb_default_delete_user
;
2415 (*methods
)->add_sam_account
= pdb_default_add_sam_account
;
2416 (*methods
)->update_sam_account
= pdb_default_update_sam_account
;
2417 (*methods
)->delete_sam_account
= pdb_default_delete_sam_account
;
2418 (*methods
)->rename_sam_account
= pdb_default_rename_sam_account
;
2419 (*methods
)->update_login_attempts
= pdb_default_update_login_attempts
;
2421 (*methods
)->getgrsid
= pdb_default_getgrsid
;
2422 (*methods
)->getgrgid
= pdb_default_getgrgid
;
2423 (*methods
)->getgrnam
= pdb_default_getgrnam
;
2424 (*methods
)->create_dom_group
= pdb_default_create_dom_group
;
2425 (*methods
)->delete_dom_group
= pdb_default_delete_dom_group
;
2426 (*methods
)->add_group_mapping_entry
= pdb_default_add_group_mapping_entry
;
2427 (*methods
)->update_group_mapping_entry
= pdb_default_update_group_mapping_entry
;
2428 (*methods
)->delete_group_mapping_entry
= pdb_default_delete_group_mapping_entry
;
2429 (*methods
)->enum_group_mapping
= pdb_default_enum_group_mapping
;
2430 (*methods
)->enum_group_members
= pdb_default_enum_group_members
;
2431 (*methods
)->enum_group_memberships
= pdb_default_enum_group_memberships
;
2432 (*methods
)->set_unix_primary_group
= pdb_default_set_unix_primary_group
;
2433 (*methods
)->add_groupmem
= pdb_default_add_groupmem
;
2434 (*methods
)->del_groupmem
= pdb_default_del_groupmem
;
2435 (*methods
)->create_alias
= pdb_default_create_alias
;
2436 (*methods
)->delete_alias
= pdb_default_delete_alias
;
2437 (*methods
)->get_aliasinfo
= pdb_default_get_aliasinfo
;
2438 (*methods
)->set_aliasinfo
= pdb_default_set_aliasinfo
;
2439 (*methods
)->add_aliasmem
= pdb_default_add_aliasmem
;
2440 (*methods
)->del_aliasmem
= pdb_default_del_aliasmem
;
2441 (*methods
)->enum_aliasmem
= pdb_default_enum_aliasmem
;
2442 (*methods
)->enum_alias_memberships
= pdb_default_alias_memberships
;
2443 (*methods
)->lookup_rids
= pdb_default_lookup_rids
;
2444 (*methods
)->get_account_policy
= pdb_default_get_account_policy
;
2445 (*methods
)->set_account_policy
= pdb_default_set_account_policy
;
2446 (*methods
)->get_seq_num
= pdb_default_get_seq_num
;
2447 (*methods
)->uid_to_sid
= pdb_default_uid_to_sid
;
2448 (*methods
)->gid_to_sid
= pdb_default_gid_to_sid
;
2449 (*methods
)->sid_to_id
= pdb_default_sid_to_id
;
2451 (*methods
)->search_groups
= pdb_default_search_groups
;
2452 (*methods
)->search_aliases
= pdb_default_search_aliases
;
2454 (*methods
)->get_trusteddom_pw
= pdb_default_get_trusteddom_pw
;
2455 (*methods
)->set_trusteddom_pw
= pdb_default_set_trusteddom_pw
;
2456 (*methods
)->del_trusteddom_pw
= pdb_default_del_trusteddom_pw
;
2457 (*methods
)->enum_trusteddoms
= pdb_default_enum_trusteddoms
;
2459 (*methods
)->get_trusted_domain
= pdb_default_get_trusted_domain
;
2460 (*methods
)->get_trusted_domain_by_sid
= pdb_default_get_trusted_domain_by_sid
;
2461 (*methods
)->set_trusted_domain
= pdb_default_set_trusted_domain
;
2462 (*methods
)->del_trusted_domain
= pdb_default_del_trusted_domain
;
2463 (*methods
)->enum_trusted_domains
= pdb_default_enum_trusted_domains
;
2465 (*methods
)->get_secret
= pdb_default_get_secret
;
2466 (*methods
)->set_secret
= pdb_default_set_secret
;
2467 (*methods
)->delete_secret
= pdb_default_delete_secret
;
2469 return NT_STATUS_OK
;