2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Volker Lendecke 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/passwd.h"
28 #include "../librpc/gen_ndr/samr.h"
29 #include "../librpc/gen_ndr/drsblobs.h"
30 #include "../librpc/gen_ndr/ndr_drsblobs.h"
31 #include "../librpc/gen_ndr/idmap.h"
33 #include "nsswitch/winbind_client.h"
34 #include "../libcli/security/security.h"
35 #include "../lib/util/util_pw.h"
36 #include "passdb/pdb_secrets.h"
39 #define DBGC_CLASS DBGC_PASSDB
43 static struct pdb_init_function_entry
*backends
= NULL
;
45 static void lazy_initialize_passdb(void)
47 static bool initialized
= False
;
55 static bool lookup_global_sam_rid(TALLOC_CTX
*mem_ctx
, uint32 rid
,
57 enum lsa_SidType
*psid_name_use
,
58 uid_t
*uid
, gid_t
*gid
);
60 NTSTATUS
smb_register_passdb(int version
, const char *name
, pdb_init_function init
)
62 struct pdb_init_function_entry
*entry
= backends
;
64 if(version
!= PASSDB_INTERFACE_VERSION
) {
65 DEBUG(0,("Can't register passdb backend!\n"
66 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
67 "while this version of samba uses version %d\n",
68 version
,PASSDB_INTERFACE_VERSION
));
69 return NT_STATUS_OBJECT_TYPE_MISMATCH
;
73 return NT_STATUS_INVALID_PARAMETER
;
76 DEBUG(5,("Attempting to register passdb backend %s\n", name
));
78 /* Check for duplicates */
79 if (pdb_find_backend_entry(name
)) {
80 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name
));
81 return NT_STATUS_OBJECT_NAME_COLLISION
;
84 entry
= SMB_XMALLOC_P(struct pdb_init_function_entry
);
85 entry
->name
= smb_xstrdup(name
);
88 DLIST_ADD(backends
, entry
);
89 DEBUG(5,("Successfully added passdb backend '%s'\n", name
));
93 struct pdb_init_function_entry
*pdb_find_backend_entry(const char *name
)
95 struct pdb_init_function_entry
*entry
= backends
;
98 if (strcmp(entry
->name
, name
)==0) return entry
;
105 const struct pdb_init_function_entry
*pdb_get_backends(void)
112 * The event context for the passdb backend. I know this is a bad hack and yet
113 * another static variable, but our pdb API is a global thing per
114 * definition. The first use for this is the LDAP idle function, more might be
117 * I don't feel too bad about this static variable, it replaces the
118 * smb_idle_event_list that used to exist in lib/module.c. -- VL
121 static struct tevent_context
*pdb_tevent_ctx
;
123 struct tevent_context
*pdb_get_tevent_context(void)
125 return pdb_tevent_ctx
;
128 /******************************************************************
129 Make a pdb_methods from scratch
130 *******************************************************************/
132 NTSTATUS
make_pdb_method_name(struct pdb_methods
**methods
, const char *selected
)
134 char *module_name
= smb_xstrdup(selected
);
135 char *module_location
= NULL
, *p
;
136 struct pdb_init_function_entry
*entry
;
137 NTSTATUS nt_status
= NT_STATUS_UNSUCCESSFUL
;
139 lazy_initialize_passdb();
141 p
= strchr(module_name
, ':');
145 module_location
= p
+1;
146 trim_char(module_location
, ' ', ' ');
149 trim_char(module_name
, ' ', ' ');
152 DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected
, module_name
));
154 entry
= pdb_find_backend_entry(module_name
);
156 /* Try to find a module that contains this module */
158 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
159 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name
)) && !(entry
= pdb_find_backend_entry(module_name
))) {
160 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name
));
161 SAFE_FREE(module_name
);
162 return NT_STATUS_UNSUCCESSFUL
;
166 /* No such backend found */
168 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name
));
169 SAFE_FREE(module_name
);
170 return NT_STATUS_INVALID_PARAMETER
;
173 DEBUG(5,("Found pdb backend %s\n", module_name
));
175 if ( !NT_STATUS_IS_OK( nt_status
= entry
->init(methods
, module_location
) ) ) {
176 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
177 selected
, nt_errstr(nt_status
)));
178 SAFE_FREE(module_name
);
182 SAFE_FREE(module_name
);
184 DEBUG(5,("pdb backend %s has a valid init\n", selected
));
189 /******************************************************************
190 Return an already initialized pdb_methods structure
191 *******************************************************************/
193 static struct pdb_methods
*pdb_get_methods_reload( bool reload
)
195 static struct pdb_methods
*pdb
= NULL
;
197 if ( pdb
&& reload
) {
198 pdb
->free_private_data( &(pdb
->private_data
) );
199 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb
, lp_passdb_backend() ) ) ) {
205 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb
, lp_passdb_backend() ) ) ) {
213 static struct pdb_methods
*pdb_get_methods(void)
215 struct pdb_methods
*pdb
;
217 pdb
= pdb_get_methods_reload(false);
220 if (asprintf(&msg
, "pdb_get_methods: "
221 "failed to get pdb methods for backend %s\n",
222 lp_passdb_backend()) > 0) {
225 smb_panic("pdb_get_methods");
232 struct pdb_domain_info
*pdb_get_domain_info(TALLOC_CTX
*mem_ctx
)
234 struct pdb_methods
*pdb
= pdb_get_methods();
235 return pdb
->get_domain_info(pdb
, mem_ctx
);
239 * @brief Check if the user account has been locked out and try to unlock it.
241 * If the user has been automatically locked out and a lockout duration is set,
242 * then check if we can unlock the account and reset the bad password values.
244 * @param[in] sampass The sam user to check.
246 * @return True if the function was successfull, false on an error.
248 static bool pdb_try_account_unlock(struct samu
*sampass
)
250 uint32_t acb_info
= pdb_get_acct_ctrl(sampass
);
252 if ((acb_info
& ACB_NORMAL
) && (acb_info
& ACB_AUTOLOCK
)) {
253 uint32_t lockout_duration
;
254 time_t bad_password_time
;
255 time_t now
= time(NULL
);
258 ok
= pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION
,
261 DEBUG(0, ("pdb_try_account_unlock: "
262 "pdb_get_account_policy failed.\n"));
266 if (lockout_duration
== (uint32_t) -1 ||
267 lockout_duration
== 0) {
268 DEBUG(9, ("pdb_try_account_unlock: No reset duration, "
269 "can't reset autolock\n"));
272 lockout_duration
*= 60;
274 bad_password_time
= pdb_get_bad_password_time(sampass
);
275 if (bad_password_time
== (time_t) 0) {
276 DEBUG(2, ("pdb_try_account_unlock: Account %s "
277 "administratively locked out "
278 "with no bad password "
279 "time. Leaving locked out.\n",
280 pdb_get_username(sampass
)));
284 if ((bad_password_time
+
285 convert_uint32_t_to_time_t(lockout_duration
)) < now
) {
288 pdb_set_acct_ctrl(sampass
, acb_info
& ~ACB_AUTOLOCK
,
290 pdb_set_bad_password_count(sampass
, 0, PDB_CHANGED
);
291 pdb_set_bad_password_time(sampass
, 0, PDB_CHANGED
);
294 status
= pdb_update_sam_account(sampass
);
296 if (!NT_STATUS_IS_OK(status
)) {
297 DEBUG(0, ("_samr_OpenUser: Couldn't "
298 "update account %s - %s\n",
299 pdb_get_username(sampass
),
310 * @brief Get a sam user structure by the given username.
312 * This functions also checks if the account has been automatically locked out
313 * and unlocks it if a lockout duration time has been defined and the time has
316 * @param[in] sam_acct The sam user structure to fill.
318 * @param[in] username The username to look for.
320 * @return True on success, false on error.
322 bool pdb_getsampwnam(struct samu
*sam_acct
, const char *username
)
324 struct pdb_methods
*pdb
= pdb_get_methods();
325 struct samu
*for_cache
;
326 const struct dom_sid
*user_sid
;
330 status
= pdb
->getsampwnam(pdb
, sam_acct
, username
);
331 if (!NT_STATUS_IS_OK(status
)) {
335 ok
= pdb_try_account_unlock(sam_acct
);
337 DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n",
341 for_cache
= samu_new(NULL
);
342 if (for_cache
== NULL
) {
346 if (!pdb_copy_sam_account(for_cache
, sam_acct
)) {
347 TALLOC_FREE(for_cache
);
351 user_sid
= pdb_get_user_sid(for_cache
);
353 memcache_add_talloc(NULL
, PDB_GETPWSID_CACHE
,
354 data_blob_const(user_sid
, sizeof(*user_sid
)),
360 /**********************************************************************
361 **********************************************************************/
363 static bool guest_user_info( struct samu
*user
)
367 const char *guestname
= lp_guestaccount();
369 pwd
= Get_Pwnam_alloc(talloc_tos(), guestname
);
371 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
376 result
= samu_set_unix(user
, pwd
);
380 return NT_STATUS_IS_OK( result
);
384 * @brief Get a sam user structure by the given username.
386 * This functions also checks if the account has been automatically locked out
387 * and unlocks it if a lockout duration time has been defined and the time has
391 * @param[in] sam_acct The sam user structure to fill.
393 * @param[in] sid The user SDI to look up.
395 * @return True on success, false on error.
397 bool pdb_getsampwsid(struct samu
*sam_acct
, const struct dom_sid
*sid
)
399 struct pdb_methods
*pdb
= pdb_get_methods();
404 /* hard code the Guest RID of 501 */
406 if ( !sid_peek_check_rid( get_global_sam_sid(), sid
, &rid
) )
409 if ( rid
== DOMAIN_RID_GUEST
) {
410 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
411 return guest_user_info( sam_acct
);
414 /* check the cache first */
416 cache_data
= memcache_lookup_talloc(
417 NULL
, PDB_GETPWSID_CACHE
, data_blob_const(sid
, sizeof(*sid
)));
419 if (cache_data
!= NULL
) {
420 struct samu
*cache_copy
= talloc_get_type_abort(
421 cache_data
, struct samu
);
423 ok
= pdb_copy_sam_account(sam_acct
, cache_copy
);
425 ok
= NT_STATUS_IS_OK(pdb
->getsampwsid(pdb
, sam_acct
, sid
));
432 ok
= pdb_try_account_unlock(sam_acct
);
434 DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n",
435 sam_acct
->username
));
441 static NTSTATUS
pdb_default_create_user(struct pdb_methods
*methods
,
442 TALLOC_CTX
*tmp_ctx
, const char *name
,
443 uint32_t acb_info
, uint32_t *rid
)
445 struct samu
*sam_pass
;
449 if ((sam_pass
= samu_new(tmp_ctx
)) == NULL
) {
450 return NT_STATUS_NO_MEMORY
;
453 if ( !(pwd
= Get_Pwnam_alloc(tmp_ctx
, name
)) ) {
454 char *add_script
= NULL
;
458 if ((acb_info
& ACB_NORMAL
) && name
[strlen(name
)-1] != '$') {
459 add_script
= talloc_strdup(tmp_ctx
,
460 lp_adduser_script());
462 add_script
= talloc_strdup(tmp_ctx
,
463 lp_addmachine_script());
466 if (!add_script
|| add_script
[0] == '\0') {
467 DEBUG(3, ("Could not find user %s and no add script "
469 return NT_STATUS_NO_SUCH_USER
;
472 /* lowercase the username before creating the Unix account for
473 compatibility with previous Samba releases */
474 fstrcpy( name2
, name
);
476 add_script
= talloc_all_string_sub(tmp_ctx
,
481 return NT_STATUS_NO_MEMORY
;
483 add_ret
= smbrun(add_script
,NULL
);
484 DEBUG(add_ret
? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
485 add_script
, add_ret
));
487 smb_nscd_flush_user_cache();
492 pwd
= Get_Pwnam_alloc(tmp_ctx
, name
);
495 DEBUG(3, ("Could not find user %s, add script did not work\n", name
));
496 return NT_STATUS_NO_SUCH_USER
;
500 /* we have a valid SID coming out of this call */
502 status
= samu_alloc_rid_unix(methods
, sam_pass
, pwd
);
506 if (!NT_STATUS_IS_OK(status
)) {
507 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status
)));
511 if (!sid_peek_check_rid(get_global_sam_sid(),
512 pdb_get_user_sid(sam_pass
), rid
)) {
513 DEBUG(0, ("Could not get RID of fresh user\n"));
514 return NT_STATUS_INTERNAL_ERROR
;
517 /* Use the username case specified in the original request */
519 pdb_set_username( sam_pass
, name
, PDB_SET
);
521 /* Disable the account on creation, it does not have a reasonable password yet. */
523 acb_info
|= ACB_DISABLED
;
525 pdb_set_acct_ctrl(sam_pass
, acb_info
, PDB_CHANGED
);
527 status
= methods
->add_sam_account(methods
, sam_pass
);
529 TALLOC_FREE(sam_pass
);
534 NTSTATUS
pdb_create_user(TALLOC_CTX
*mem_ctx
, const char *name
, uint32_t flags
,
537 struct pdb_methods
*pdb
= pdb_get_methods();
538 return pdb
->create_user(pdb
, mem_ctx
, name
, flags
, rid
);
541 /****************************************************************************
542 Delete a UNIX user on demand.
543 ****************************************************************************/
545 static int smb_delete_user(const char *unix_user
)
547 char *del_script
= NULL
;
552 if ( strequal( unix_user
, "root" ) ) {
553 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
557 del_script
= talloc_strdup(talloc_tos(), lp_deluser_script());
558 if (!del_script
|| !*del_script
) {
561 del_script
= talloc_all_string_sub(talloc_tos(),
568 ret
= smbrun(del_script
,NULL
);
571 smb_nscd_flush_user_cache();
573 DEBUG(ret
? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script
,ret
));
578 static NTSTATUS
pdb_default_delete_user(struct pdb_methods
*methods
,
580 struct samu
*sam_acct
)
585 status
= methods
->delete_sam_account(methods
, sam_acct
);
586 if (!NT_STATUS_IS_OK(status
)) {
591 * Now delete the unix side ....
592 * note: we don't check if the delete really happened as the script is
593 * not necessary present and maybe the sysadmin doesn't want to delete
597 /* always lower case the username before handing it off to
600 fstrcpy( username
, pdb_get_username(sam_acct
) );
601 strlower_m( username
);
603 smb_delete_user( username
);
608 NTSTATUS
pdb_delete_user(TALLOC_CTX
*mem_ctx
, struct samu
*sam_acct
)
610 struct pdb_methods
*pdb
= pdb_get_methods();
613 const struct dom_sid
*user_sid
;
616 user_sid
= pdb_get_user_sid(sam_acct
);
618 /* sanity check to make sure we don't delete root */
620 if ( !sid_to_uid(user_sid
, &uid
) ) {
621 return NT_STATUS_NO_SUCH_USER
;
625 return NT_STATUS_ACCESS_DENIED
;
628 memcache_delete(NULL
,
630 data_blob_const(user_sid
, sizeof(*user_sid
)));
632 status
= pdb
->delete_user(pdb
, mem_ctx
, sam_acct
);
633 if (!NT_STATUS_IS_OK(status
)) {
637 msg_data
= talloc_asprintf(mem_ctx
, "USER %s",
638 pdb_get_username(sam_acct
));
640 /* not fatal, and too late to rollback,
644 message_send_all(server_messaging_context(),
647 strlen(msg_data
) + 1,
650 TALLOC_FREE(msg_data
);
654 NTSTATUS
pdb_add_sam_account(struct samu
*sam_acct
)
656 struct pdb_methods
*pdb
= pdb_get_methods();
657 return pdb
->add_sam_account(pdb
, sam_acct
);
660 NTSTATUS
pdb_update_sam_account(struct samu
*sam_acct
)
662 struct pdb_methods
*pdb
= pdb_get_methods();
664 memcache_flush(NULL
, PDB_GETPWSID_CACHE
);
666 return pdb
->update_sam_account(pdb
, sam_acct
);
669 NTSTATUS
pdb_delete_sam_account(struct samu
*sam_acct
)
671 struct pdb_methods
*pdb
= pdb_get_methods();
672 const struct dom_sid
*user_sid
= pdb_get_user_sid(sam_acct
);
674 memcache_delete(NULL
,
676 data_blob_const(user_sid
, sizeof(*user_sid
)));
678 return pdb
->delete_sam_account(pdb
, sam_acct
);
681 NTSTATUS
pdb_rename_sam_account(struct samu
*oldname
, const char *newname
)
683 struct pdb_methods
*pdb
= pdb_get_methods();
687 memcache_flush(NULL
, PDB_GETPWSID_CACHE
);
689 /* sanity check to make sure we don't rename root */
691 if ( !sid_to_uid( pdb_get_user_sid(oldname
), &uid
) ) {
692 return NT_STATUS_NO_SUCH_USER
;
696 return NT_STATUS_ACCESS_DENIED
;
699 status
= pdb
->rename_sam_account(pdb
, oldname
, newname
);
701 /* always flush the cache here just to be safe */
707 NTSTATUS
pdb_update_login_attempts(struct samu
*sam_acct
, bool success
)
709 struct pdb_methods
*pdb
= pdb_get_methods();
710 return pdb
->update_login_attempts(pdb
, sam_acct
, success
);
713 bool pdb_getgrsid(GROUP_MAP
*map
, struct dom_sid sid
)
715 struct pdb_methods
*pdb
= pdb_get_methods();
716 return NT_STATUS_IS_OK(pdb
->getgrsid(pdb
, map
, sid
));
719 bool pdb_getgrgid(GROUP_MAP
*map
, gid_t gid
)
721 struct pdb_methods
*pdb
= pdb_get_methods();
722 return NT_STATUS_IS_OK(pdb
->getgrgid(pdb
, map
, gid
));
725 bool pdb_getgrnam(GROUP_MAP
*map
, const char *name
)
727 struct pdb_methods
*pdb
= pdb_get_methods();
728 return NT_STATUS_IS_OK(pdb
->getgrnam(pdb
, map
, name
));
731 static NTSTATUS
pdb_default_create_dom_group(struct pdb_methods
*methods
,
736 struct dom_sid group_sid
;
740 grp
= getgrnam(name
);
745 if (smb_create_group(name
, &gid
) != 0) {
746 return NT_STATUS_ACCESS_DENIED
;
753 return NT_STATUS_ACCESS_DENIED
;
756 if (pdb_capabilities() & PDB_CAP_STORE_RIDS
) {
757 if (!pdb_new_rid(rid
)) {
758 return NT_STATUS_ACCESS_DENIED
;
761 *rid
= algorithmic_pdb_gid_to_group_rid( grp
->gr_gid
);
764 sid_compose(&group_sid
, get_global_sam_sid(), *rid
);
766 return add_initial_entry(grp
->gr_gid
, sid_to_fstring(tmp
, &group_sid
),
767 SID_NAME_DOM_GRP
, name
, NULL
);
770 NTSTATUS
pdb_create_dom_group(TALLOC_CTX
*mem_ctx
, const char *name
,
773 struct pdb_methods
*pdb
= pdb_get_methods();
774 return pdb
->create_dom_group(pdb
, mem_ctx
, name
, rid
);
777 static NTSTATUS
pdb_default_delete_dom_group(struct pdb_methods
*methods
,
781 struct dom_sid group_sid
;
785 const char *grp_name
;
787 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
789 return NT_STATUS_NO_MEMORY
;
793 map
->gid
= (gid_t
) -1;
795 sid_compose(&group_sid
, get_global_sam_sid(), rid
);
797 if (!get_domain_group_from_sid(group_sid
, map
)) {
798 DEBUG(10, ("Could not find group for rid %d\n", rid
));
799 return NT_STATUS_NO_SUCH_GROUP
;
802 /* We need the group name for the smb_delete_group later on */
804 if (map
->gid
== (gid_t
)-1) {
805 return NT_STATUS_NO_SUCH_GROUP
;
808 grp
= getgrgid(map
->gid
);
810 return NT_STATUS_NO_SUCH_GROUP
;
815 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
817 grp_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
818 if (grp_name
== NULL
) {
819 return NT_STATUS_NO_MEMORY
;
822 status
= pdb_delete_group_mapping_entry(group_sid
);
824 if (!NT_STATUS_IS_OK(status
)) {
828 /* Don't check the result of smb_delete_group */
830 smb_delete_group(grp_name
);
835 NTSTATUS
pdb_delete_dom_group(TALLOC_CTX
*mem_ctx
, uint32_t rid
)
837 struct pdb_methods
*pdb
= pdb_get_methods();
838 return pdb
->delete_dom_group(pdb
, mem_ctx
, rid
);
841 NTSTATUS
pdb_add_group_mapping_entry(GROUP_MAP
*map
)
843 struct pdb_methods
*pdb
= pdb_get_methods();
844 return pdb
->add_group_mapping_entry(pdb
, map
);
847 NTSTATUS
pdb_update_group_mapping_entry(GROUP_MAP
*map
)
849 struct pdb_methods
*pdb
= pdb_get_methods();
850 return pdb
->update_group_mapping_entry(pdb
, map
);
853 NTSTATUS
pdb_delete_group_mapping_entry(struct dom_sid sid
)
855 struct pdb_methods
*pdb
= pdb_get_methods();
856 return pdb
->delete_group_mapping_entry(pdb
, sid
);
859 bool pdb_enum_group_mapping(const struct dom_sid
*sid
,
860 enum lsa_SidType sid_name_use
,
861 GROUP_MAP
***pp_rmap
,
862 size_t *p_num_entries
,
865 struct pdb_methods
*pdb
= pdb_get_methods();
866 return NT_STATUS_IS_OK(pdb
-> enum_group_mapping(pdb
, sid
, sid_name_use
,
867 pp_rmap
, p_num_entries
, unix_only
));
870 NTSTATUS
pdb_enum_group_members(TALLOC_CTX
*mem_ctx
,
871 const struct dom_sid
*sid
,
872 uint32_t **pp_member_rids
,
873 size_t *p_num_members
)
875 struct pdb_methods
*pdb
= pdb_get_methods();
878 result
= pdb
->enum_group_members(pdb
, mem_ctx
,
879 sid
, pp_member_rids
, p_num_members
);
881 /* special check for rid 513 */
883 if ( !NT_STATUS_IS_OK( result
) ) {
886 sid_peek_rid( sid
, &rid
);
888 if ( rid
== DOMAIN_RID_USERS
) {
890 *pp_member_rids
= NULL
;
899 NTSTATUS
pdb_enum_group_memberships(TALLOC_CTX
*mem_ctx
, struct samu
*user
,
900 struct dom_sid
**pp_sids
, gid_t
**pp_gids
,
901 uint32_t *p_num_groups
)
903 struct pdb_methods
*pdb
= pdb_get_methods();
904 return pdb
->enum_group_memberships(
906 pp_sids
, pp_gids
, p_num_groups
);
909 static NTSTATUS
pdb_default_set_unix_primary_group(struct pdb_methods
*methods
,
911 struct samu
*sampass
)
916 if (!sid_to_gid(pdb_get_group_sid(sampass
), &gid
) ||
917 (grp
= getgrgid(gid
)) == NULL
) {
918 return NT_STATUS_INVALID_PRIMARY_GROUP
;
921 if (smb_set_primary_group(grp
->gr_name
,
922 pdb_get_username(sampass
)) != 0) {
923 return NT_STATUS_ACCESS_DENIED
;
929 NTSTATUS
pdb_set_unix_primary_group(TALLOC_CTX
*mem_ctx
, struct samu
*user
)
931 struct pdb_methods
*pdb
= pdb_get_methods();
932 return pdb
->set_unix_primary_group(pdb
, mem_ctx
, user
);
936 * Helper function to see whether a user is in a group. We can't use
937 * user_in_group_sid here because this creates dependencies only smbd can
941 static bool pdb_user_in_group(TALLOC_CTX
*mem_ctx
, struct samu
*account
,
942 const struct dom_sid
*group_sid
)
944 struct dom_sid
*sids
;
946 uint32_t i
, num_groups
;
948 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx
, account
,
954 for (i
=0; i
<num_groups
; i
++) {
955 if (dom_sid_equal(group_sid
, &sids
[i
])) {
962 static NTSTATUS
pdb_default_add_groupmem(struct pdb_methods
*methods
,
967 struct dom_sid group_sid
, member_sid
;
968 struct samu
*account
= NULL
;
972 const char *group_name
;
975 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
977 return NT_STATUS_NO_MEMORY
;
981 map
->gid
= (gid_t
) -1;
983 sid_compose(&group_sid
, get_global_sam_sid(), group_rid
);
984 sid_compose(&member_sid
, get_global_sam_sid(), member_rid
);
986 if (!get_domain_group_from_sid(group_sid
, map
) ||
987 (map
->gid
== (gid_t
)-1) ||
988 ((grp
= getgrgid(map
->gid
)) == NULL
)) {
989 return NT_STATUS_NO_SUCH_GROUP
;
994 group_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
995 if (group_name
== NULL
) {
996 return NT_STATUS_NO_MEMORY
;
999 if ( !(account
= samu_new( NULL
)) ) {
1000 return NT_STATUS_NO_MEMORY
;
1003 if (!pdb_getsampwsid(account
, &member_sid
) ||
1004 !sid_to_uid(&member_sid
, &uid
) ||
1005 ((pwd
= getpwuid_alloc(mem_ctx
, uid
)) == NULL
)) {
1006 return NT_STATUS_NO_SUCH_USER
;
1009 if (pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1010 return NT_STATUS_MEMBER_IN_GROUP
;
1014 * ok, the group exist, the user exist, the user is not in the group,
1015 * we can (finally) add it to the group !
1018 smb_add_user_group(group_name
, pwd
->pw_name
);
1020 if (!pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1021 return NT_STATUS_ACCESS_DENIED
;
1024 return NT_STATUS_OK
;
1027 NTSTATUS
pdb_add_groupmem(TALLOC_CTX
*mem_ctx
, uint32_t group_rid
,
1028 uint32_t member_rid
)
1030 struct pdb_methods
*pdb
= pdb_get_methods();
1031 return pdb
->add_groupmem(pdb
, mem_ctx
, group_rid
, member_rid
);
1034 static NTSTATUS
pdb_default_del_groupmem(struct pdb_methods
*methods
,
1035 TALLOC_CTX
*mem_ctx
,
1037 uint32_t member_rid
)
1039 struct dom_sid group_sid
, member_sid
;
1040 struct samu
*account
= NULL
;
1044 const char *group_name
;
1047 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1049 return NT_STATUS_NO_MEMORY
;
1052 sid_compose(&group_sid
, get_global_sam_sid(), group_rid
);
1053 sid_compose(&member_sid
, get_global_sam_sid(), member_rid
);
1055 if (!get_domain_group_from_sid(group_sid
, map
) ||
1056 (map
->gid
== (gid_t
)-1) ||
1057 ((grp
= getgrgid(map
->gid
)) == NULL
)) {
1058 return NT_STATUS_NO_SUCH_GROUP
;
1063 group_name
= talloc_strdup(mem_ctx
, grp
->gr_name
);
1064 if (group_name
== NULL
) {
1065 return NT_STATUS_NO_MEMORY
;
1068 if ( !(account
= samu_new( NULL
)) ) {
1069 return NT_STATUS_NO_MEMORY
;
1072 if (!pdb_getsampwsid(account
, &member_sid
) ||
1073 !sid_to_uid(&member_sid
, &uid
) ||
1074 ((pwd
= getpwuid_alloc(mem_ctx
, uid
)) == NULL
)) {
1075 return NT_STATUS_NO_SUCH_USER
;
1078 if (!pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1079 return NT_STATUS_MEMBER_NOT_IN_GROUP
;
1083 * ok, the group exist, the user exist, the user is in the group,
1084 * we can (finally) delete it from the group!
1087 smb_delete_user_group(group_name
, pwd
->pw_name
);
1089 if (pdb_user_in_group(mem_ctx
, account
, &group_sid
)) {
1090 return NT_STATUS_ACCESS_DENIED
;
1093 return NT_STATUS_OK
;
1096 NTSTATUS
pdb_del_groupmem(TALLOC_CTX
*mem_ctx
, uint32_t group_rid
,
1097 uint32_t member_rid
)
1099 struct pdb_methods
*pdb
= pdb_get_methods();
1100 return pdb
->del_groupmem(pdb
, mem_ctx
, group_rid
, member_rid
);
1103 NTSTATUS
pdb_create_alias(const char *name
, uint32_t *rid
)
1105 struct pdb_methods
*pdb
= pdb_get_methods();
1106 return pdb
->create_alias(pdb
, name
, rid
);
1109 NTSTATUS
pdb_delete_alias(const struct dom_sid
*sid
)
1111 struct pdb_methods
*pdb
= pdb_get_methods();
1112 return pdb
->delete_alias(pdb
, sid
);
1115 NTSTATUS
pdb_get_aliasinfo(const struct dom_sid
*sid
, struct acct_info
*info
)
1117 struct pdb_methods
*pdb
= pdb_get_methods();
1118 return pdb
->get_aliasinfo(pdb
, sid
, info
);
1121 NTSTATUS
pdb_set_aliasinfo(const struct dom_sid
*sid
, struct acct_info
*info
)
1123 struct pdb_methods
*pdb
= pdb_get_methods();
1124 return pdb
->set_aliasinfo(pdb
, sid
, info
);
1127 NTSTATUS
pdb_add_aliasmem(const struct dom_sid
*alias
, const struct dom_sid
*member
)
1129 struct pdb_methods
*pdb
= pdb_get_methods();
1130 return pdb
->add_aliasmem(pdb
, alias
, member
);
1133 NTSTATUS
pdb_del_aliasmem(const struct dom_sid
*alias
, const struct dom_sid
*member
)
1135 struct pdb_methods
*pdb
= pdb_get_methods();
1136 return pdb
->del_aliasmem(pdb
, alias
, member
);
1139 NTSTATUS
pdb_enum_aliasmem(const struct dom_sid
*alias
, TALLOC_CTX
*mem_ctx
,
1140 struct dom_sid
**pp_members
, size_t *p_num_members
)
1142 struct pdb_methods
*pdb
= pdb_get_methods();
1143 return pdb
->enum_aliasmem(pdb
, alias
, mem_ctx
, pp_members
,
1147 NTSTATUS
pdb_enum_alias_memberships(TALLOC_CTX
*mem_ctx
,
1148 const struct dom_sid
*domain_sid
,
1149 const struct dom_sid
*members
, size_t num_members
,
1150 uint32_t **pp_alias_rids
,
1151 size_t *p_num_alias_rids
)
1153 struct pdb_methods
*pdb
= pdb_get_methods();
1154 return pdb
->enum_alias_memberships(pdb
, mem_ctx
,
1156 members
, num_members
,
1161 NTSTATUS
pdb_lookup_rids(const struct dom_sid
*domain_sid
,
1165 enum lsa_SidType
*attrs
)
1167 struct pdb_methods
*pdb
= pdb_get_methods();
1168 return pdb
->lookup_rids(pdb
, domain_sid
, num_rids
, rids
, names
, attrs
);
1172 * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
1173 * in the samba code.
1174 * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
1175 * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
1176 * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
1177 * down to are pdb_getsampwnam and pdb_getgrnam instead of
1179 * But in principle, it the call belongs to the API and might get
1180 * used in this context some day.
1183 NTSTATUS
pdb_lookup_names(const struct dom_sid
*domain_sid
,
1187 enum lsa_SidType
*attrs
)
1189 struct pdb_methods
*pdb
= pdb_get_methods();
1190 return pdb
->lookup_names(pdb
, domain_sid
, num_names
, names
, rids
, attrs
);
1194 bool pdb_get_account_policy(enum pdb_policy_type type
, uint32_t *value
)
1196 struct pdb_methods
*pdb
= pdb_get_methods();
1200 status
= pdb
->get_account_policy(pdb
, type
, value
);
1203 return NT_STATUS_IS_OK(status
);
1206 bool pdb_set_account_policy(enum pdb_policy_type type
, uint32_t value
)
1208 struct pdb_methods
*pdb
= pdb_get_methods();
1212 status
= pdb
->set_account_policy(pdb
, type
, value
);
1215 return NT_STATUS_IS_OK(status
);
1218 bool pdb_get_seq_num(time_t *seq_num
)
1220 struct pdb_methods
*pdb
= pdb_get_methods();
1221 return NT_STATUS_IS_OK(pdb
->get_seq_num(pdb
, seq_num
));
1224 bool pdb_uid_to_sid(uid_t uid
, struct dom_sid
*sid
)
1226 struct pdb_methods
*pdb
= pdb_get_methods();
1227 return pdb
->uid_to_sid(pdb
, uid
, sid
);
1230 bool pdb_gid_to_sid(gid_t gid
, struct dom_sid
*sid
)
1232 struct pdb_methods
*pdb
= pdb_get_methods();
1233 return pdb
->gid_to_sid(pdb
, gid
, sid
);
1236 bool pdb_sid_to_id(const struct dom_sid
*sid
, struct unixid
*id
)
1238 struct pdb_methods
*pdb
= pdb_get_methods();
1239 return pdb
->sid_to_id(pdb
, sid
, id
);
1242 uint32_t pdb_capabilities(void)
1244 struct pdb_methods
*pdb
= pdb_get_methods();
1245 return pdb
->capabilities(pdb
);
1248 /********************************************************************
1249 Allocate a new RID from the passdb backend. Verify that it is free
1250 by calling lookup_global_sam_rid() to verify that the RID is not
1251 in use. This handles servers that have existing users or groups
1252 with add RIDs (assigned from previous algorithmic mappings)
1253 ********************************************************************/
1255 bool pdb_new_rid(uint32_t *rid
)
1257 struct pdb_methods
*pdb
= pdb_get_methods();
1258 const char *name
= NULL
;
1259 enum lsa_SidType type
;
1260 uint32_t allocated_rid
= 0;
1264 if ((pdb_capabilities() & PDB_CAP_STORE_RIDS
) == 0) {
1265 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1270 if (algorithmic_rid_base() != BASE_RID
) {
1271 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1272 "without algorithmic RIDs is chosen.\n"));
1273 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1274 "add', set the maximum used RID\n"));
1275 DEBUGADD(0, ("and remove the parameter\n"));
1279 if ( (ctx
= talloc_init("pdb_new_rid")) == NULL
) {
1280 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1284 /* Attempt to get an unused RID (max tires is 250...yes that it is
1285 and arbitrary number I pulkled out of my head). -- jerry */
1287 for ( i
=0; allocated_rid
==0 && i
<250; i
++ ) {
1290 if ( !pdb
->new_rid(pdb
, &allocated_rid
) ) {
1294 /* validate that the RID is not in use */
1296 if (lookup_global_sam_rid(ctx
, allocated_rid
, &name
, &type
, NULL
, NULL
)) {
1303 if ( allocated_rid
== 0 ) {
1304 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1308 *rid
= allocated_rid
;
1313 /***************************************************************
1314 Initialize the static context (at smbd startup etc).
1316 If uninitialised, context will auto-init on first use.
1317 ***************************************************************/
1319 bool initialize_password_db(bool reload
, struct tevent_context
*tevent_ctx
)
1321 pdb_tevent_ctx
= tevent_ctx
;
1322 return (pdb_get_methods_reload(reload
) != NULL
);
1326 /***************************************************************************
1327 Default implementations of some functions.
1328 ****************************************************************************/
1330 static NTSTATUS
pdb_default_getsampwnam (struct pdb_methods
*methods
, struct samu
*user
, const char *sname
)
1332 return NT_STATUS_NO_SUCH_USER
;
1335 static NTSTATUS
pdb_default_getsampwsid(struct pdb_methods
*my_methods
, struct samu
* user
, const struct dom_sid
*sid
)
1337 return NT_STATUS_NO_SUCH_USER
;
1340 static NTSTATUS
pdb_default_add_sam_account (struct pdb_methods
*methods
, struct samu
*newpwd
)
1342 return NT_STATUS_NOT_IMPLEMENTED
;
1345 static NTSTATUS
pdb_default_update_sam_account (struct pdb_methods
*methods
, struct samu
*newpwd
)
1347 return NT_STATUS_NOT_IMPLEMENTED
;
1350 static NTSTATUS
pdb_default_delete_sam_account (struct pdb_methods
*methods
, struct samu
*pwd
)
1352 return NT_STATUS_NOT_IMPLEMENTED
;
1355 static NTSTATUS
pdb_default_rename_sam_account (struct pdb_methods
*methods
, struct samu
*pwd
, const char *newname
)
1357 return NT_STATUS_NOT_IMPLEMENTED
;
1360 static NTSTATUS
pdb_default_update_login_attempts (struct pdb_methods
*methods
, struct samu
*newpwd
, bool success
)
1362 /* Only the pdb_nds backend implements this, by
1363 * default just return ok. */
1364 return NT_STATUS_OK
;
1367 static NTSTATUS
pdb_default_get_account_policy(struct pdb_methods
*methods
, enum pdb_policy_type type
, uint32_t *value
)
1369 return account_policy_get(type
, value
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
1372 static NTSTATUS
pdb_default_set_account_policy(struct pdb_methods
*methods
, enum pdb_policy_type type
, uint32_t value
)
1374 return account_policy_set(type
, value
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
1377 static NTSTATUS
pdb_default_get_seq_num(struct pdb_methods
*methods
, time_t *seq_num
)
1379 *seq_num
= time(NULL
);
1380 return NT_STATUS_OK
;
1383 static bool pdb_default_uid_to_sid(struct pdb_methods
*methods
, uid_t uid
,
1384 struct dom_sid
*sid
)
1386 struct samu
*sampw
= NULL
;
1387 struct passwd
*unix_pw
;
1390 unix_pw
= getpwuid( uid
);
1393 DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
1394 "%lu\n", (unsigned long)uid
));
1398 if ( !(sampw
= samu_new( NULL
)) ) {
1399 DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
1404 ret
= NT_STATUS_IS_OK(
1405 methods
->getsampwnam(methods
, sampw
, unix_pw
->pw_name
));
1409 DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
1410 "%s (%u)\n", unix_pw
->pw_name
, (unsigned int)uid
));
1415 sid_copy(sid
, pdb_get_user_sid(sampw
));
1422 static bool pdb_default_gid_to_sid(struct pdb_methods
*methods
, gid_t gid
,
1423 struct dom_sid
*sid
)
1427 map
= talloc_zero(NULL
, GROUP_MAP
);
1432 if (!NT_STATUS_IS_OK(methods
->getgrgid(methods
, map
, gid
))) {
1437 sid_copy(sid
, &map
->sid
);
1442 static bool pdb_default_sid_to_id(struct pdb_methods
*methods
,
1443 const struct dom_sid
*sid
,
1446 TALLOC_CTX
*mem_ctx
;
1451 mem_ctx
= talloc_new(NULL
);
1453 if (mem_ctx
== NULL
) {
1454 DEBUG(0, ("talloc_new failed\n"));
1458 if (sid_peek_check_rid(get_global_sam_sid(), sid
, &rid
)) {
1460 enum lsa_SidType type
;
1463 /* Here we might have users as well as groups and aliases */
1464 ret
= lookup_global_sam_rid(mem_ctx
, rid
, &name
, &type
, &uid
, &gid
);
1467 case SID_NAME_DOM_GRP
:
1468 case SID_NAME_ALIAS
:
1469 id
->type
= ID_TYPE_GID
;
1473 id
->type
= ID_TYPE_UID
;
1477 DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
1478 sid_string_dbg(sid
), type
));
1482 DEBUG(5, ("SID %s is or domain, but is unmapped\n",
1483 sid_string_dbg(sid
)));
1488 /* check for "Unix User" */
1490 if ( sid_peek_check_rid(&global_sid_Unix_Users
, sid
, &rid
) ) {
1492 id
->type
= ID_TYPE_UID
;
1497 /* check for "Unix Group" */
1499 if ( sid_peek_check_rid(&global_sid_Unix_Groups
, sid
, &rid
) ) {
1501 id
->type
= ID_TYPE_GID
;
1508 if (sid_check_is_in_builtin(sid
) ||
1509 sid_check_is_in_wellknown_domain(sid
)) {
1510 /* Here we only have aliases */
1513 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1519 if (!NT_STATUS_IS_OK(methods
->getgrsid(methods
, map
, *sid
))) {
1520 DEBUG(10, ("Could not find map for sid %s\n",
1521 sid_string_dbg(sid
)));
1524 if ((map
->sid_name_use
!= SID_NAME_ALIAS
) &&
1525 (map
->sid_name_use
!= SID_NAME_WKN_GRP
)) {
1526 DEBUG(10, ("Map for sid %s is a %s, expected an "
1527 "alias\n", sid_string_dbg(sid
),
1528 sid_type_lookup(map
->sid_name_use
)));
1533 id
->type
= ID_TYPE_GID
;
1538 DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1539 sid_string_dbg(sid
)));
1543 TALLOC_FREE(mem_ctx
);
1547 static bool get_memberuids(TALLOC_CTX
*mem_ctx
, gid_t gid
, uid_t
**pp_uids
, uint32_t *p_num
)
1558 /* We only look at our own sam, so don't care about imported stuff */
1559 winbind_env
= winbind_env_set();
1560 (void)winbind_off();
1562 if ((grp
= getgrgid(gid
)) == NULL
) {
1563 /* allow winbindd lookups, but only if they weren't already disabled */
1567 /* Primary group members */
1569 while ((pwd
= getpwent()) != NULL
) {
1570 if (pwd
->pw_gid
== gid
) {
1571 if (!add_uid_to_array_unique(mem_ctx
, pwd
->pw_uid
,
1579 /* Secondary group members */
1580 for (gr
= grp
->gr_mem
; (*gr
!= NULL
) && ((*gr
)[0] != '\0'); gr
+= 1) {
1581 struct passwd
*pw
= getpwnam(*gr
);
1585 if (!add_uid_to_array_unique(mem_ctx
, pw
->pw_uid
, pp_uids
, p_num
)) {
1594 /* allow winbindd lookups, but only if they weren't already disabled */
1602 static NTSTATUS
pdb_default_enum_group_members(struct pdb_methods
*methods
,
1603 TALLOC_CTX
*mem_ctx
,
1604 const struct dom_sid
*group
,
1605 uint32_t **pp_member_rids
,
1606 size_t *p_num_members
)
1610 uint32_t i
, num_uids
;
1612 *pp_member_rids
= NULL
;
1615 if (!sid_to_gid(group
, &gid
))
1616 return NT_STATUS_NO_SUCH_GROUP
;
1618 if(!get_memberuids(mem_ctx
, gid
, &uids
, &num_uids
))
1619 return NT_STATUS_NO_SUCH_GROUP
;
1622 return NT_STATUS_OK
;
1624 *pp_member_rids
= talloc_zero_array(mem_ctx
, uint32_t, num_uids
);
1626 for (i
=0; i
<num_uids
; i
++) {
1629 uid_to_sid(&sid
, uids
[i
]);
1631 if (!sid_check_is_in_our_domain(&sid
)) {
1632 DEBUG(5, ("Inconsistent SAM -- group member uid not "
1633 "in our domain\n"));
1637 sid_peek_rid(&sid
, &(*pp_member_rids
)[*p_num_members
]);
1638 *p_num_members
+= 1;
1641 return NT_STATUS_OK
;
1644 static NTSTATUS
pdb_default_enum_group_memberships(struct pdb_methods
*methods
,
1645 TALLOC_CTX
*mem_ctx
,
1647 struct dom_sid
**pp_sids
,
1649 uint32_t *p_num_groups
)
1654 const char *username
= pdb_get_username(user
);
1657 /* Ignore the primary group SID. Honor the real Unix primary group.
1658 The primary group SID is only of real use to Windows clients */
1660 if ( !(pw
= Get_Pwnam_alloc(mem_ctx
, username
)) ) {
1661 return NT_STATUS_NO_SUCH_USER
;
1668 if (!getgroups_unix_user(mem_ctx
, username
, gid
, pp_gids
, p_num_groups
)) {
1669 return NT_STATUS_NO_SUCH_USER
;
1672 if (*p_num_groups
== 0) {
1673 smb_panic("primary group missing");
1676 *pp_sids
= talloc_array(mem_ctx
, struct dom_sid
, *p_num_groups
);
1678 if (*pp_sids
== NULL
) {
1679 TALLOC_FREE(*pp_gids
);
1680 return NT_STATUS_NO_MEMORY
;
1683 for (i
=0; i
<*p_num_groups
; i
++) {
1684 gid_to_sid(&(*pp_sids
)[i
], (*pp_gids
)[i
]);
1687 return NT_STATUS_OK
;
1690 /*******************************************************************
1691 Look up a rid in the SAM we're responsible for (i.e. passdb)
1692 ********************************************************************/
1694 static bool lookup_global_sam_rid(TALLOC_CTX
*mem_ctx
, uint32_t rid
,
1696 enum lsa_SidType
*psid_name_use
,
1697 uid_t
*uid
, gid_t
*gid
)
1699 struct samu
*sam_account
= NULL
;
1700 GROUP_MAP
*map
= NULL
;
1704 *psid_name_use
= SID_NAME_UNKNOWN
;
1706 DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1707 (unsigned int)rid
));
1709 sid_compose(&sid
, get_global_sam_sid(), rid
);
1711 /* see if the passdb can help us with the name of the user */
1713 if ( !(sam_account
= samu_new( NULL
)) ) {
1717 map
= talloc_zero(mem_ctx
, GROUP_MAP
);
1722 /* BEING ROOT BLOCK */
1724 ret
= pdb_getsampwsid(sam_account
, &sid
);
1726 TALLOC_FREE(sam_account
);
1727 ret
= pdb_getgrsid(map
, sid
);
1730 /* END BECOME_ROOT BLOCK */
1732 if (sam_account
|| !ret
) {
1739 *name
= talloc_strdup(mem_ctx
, pdb_get_username(sam_account
));
1741 TALLOC_FREE(sam_account
);
1745 *psid_name_use
= SID_NAME_USER
;
1747 TALLOC_FREE(sam_account
);
1753 pw
= Get_Pwnam_alloc(talloc_tos(), *name
);
1761 } else if (map
&& (map
->gid
!= (gid_t
)-1)) {
1763 /* do not resolve SIDs to a name unless there is a valid
1764 gid associated with it */
1766 *name
= talloc_steal(mem_ctx
, map
->nt_name
);
1767 *psid_name_use
= map
->sid_name_use
;
1779 /* Windows will always map RID 513 to something. On a non-domain
1780 controller, this gets mapped to SERVER\None. */
1783 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1787 if ( rid
== DOMAIN_RID_USERS
) {
1788 *name
= talloc_strdup(mem_ctx
, "None" );
1789 *psid_name_use
= SID_NAME_DOM_GRP
;
1797 static NTSTATUS
pdb_default_lookup_rids(struct pdb_methods
*methods
,
1798 const struct dom_sid
*domain_sid
,
1802 enum lsa_SidType
*attrs
)
1806 bool have_mapped
= False
;
1807 bool have_unmapped
= False
;
1809 if (sid_check_is_builtin(domain_sid
)) {
1811 for (i
=0; i
<num_rids
; i
++) {
1814 if (lookup_builtin_rid(names
, rids
[i
], &name
)) {
1815 attrs
[i
] = SID_NAME_ALIAS
;
1817 DEBUG(5,("lookup_rids: %s:%d\n",
1818 names
[i
], attrs
[i
]));
1821 have_unmapped
= True
;
1822 attrs
[i
] = SID_NAME_UNKNOWN
;
1828 /* Should not happen, but better check once too many */
1829 if (!sid_check_is_domain(domain_sid
)) {
1830 return NT_STATUS_INVALID_HANDLE
;
1833 for (i
= 0; i
< num_rids
; i
++) {
1836 if (lookup_global_sam_rid(names
, rids
[i
], &name
, &attrs
[i
],
1839 return NT_STATUS_NO_MEMORY
;
1842 DEBUG(5,("lookup_rids: %s:%d\n", names
[i
], attrs
[i
]));
1845 have_unmapped
= True
;
1846 attrs
[i
] = SID_NAME_UNKNOWN
;
1852 result
= NT_STATUS_NONE_MAPPED
;
1855 result
= have_unmapped
? STATUS_SOME_UNMAPPED
: NT_STATUS_OK
;
1861 static NTSTATUS
pdb_default_lookup_names(struct pdb_methods
*methods
,
1862 const struct dom_sid
*domain_sid
,
1866 enum lsa_SidType
*attrs
)
1870 bool have_mapped
= False
;
1871 bool have_unmapped
= False
;
1873 if (sid_check_is_builtin(domain_sid
)) {
1875 for (i
=0; i
<num_names
; i
++) {
1878 if (lookup_builtin_name(names
[i
], &rid
)) {
1879 attrs
[i
] = SID_NAME_ALIAS
;
1881 DEBUG(5,("lookup_rids: %s:%d\n",
1882 names
[i
], attrs
[i
]));
1885 have_unmapped
= True
;
1886 attrs
[i
] = SID_NAME_UNKNOWN
;
1892 /* Should not happen, but better check once too many */
1893 if (!sid_check_is_domain(domain_sid
)) {
1894 return NT_STATUS_INVALID_HANDLE
;
1897 for (i
= 0; i
< num_names
; i
++) {
1898 if (lookup_global_sam_name(names
[i
], 0, &rids
[i
], &attrs
[i
])) {
1899 DEBUG(5,("lookup_names: %s-> %d:%d\n", names
[i
],
1900 rids
[i
], attrs
[i
]));
1903 have_unmapped
= True
;
1904 attrs
[i
] = SID_NAME_UNKNOWN
;
1910 result
= NT_STATUS_NONE_MAPPED
;
1913 result
= have_unmapped
? STATUS_SOME_UNMAPPED
: NT_STATUS_OK
;
1919 static int pdb_search_destructor(struct pdb_search
*search
)
1921 if ((!search
->search_ended
) && (search
->search_end
!= NULL
)) {
1922 search
->search_end(search
);
1927 struct pdb_search
*pdb_search_init(TALLOC_CTX
*mem_ctx
,
1928 enum pdb_search_type type
)
1930 struct pdb_search
*result
;
1932 result
= talloc(mem_ctx
, struct pdb_search
);
1933 if (result
== NULL
) {
1934 DEBUG(0, ("talloc failed\n"));
1938 result
->type
= type
;
1939 result
->cache
= NULL
;
1940 result
->num_entries
= 0;
1941 result
->cache_size
= 0;
1942 result
->search_ended
= False
;
1943 result
->search_end
= NULL
;
1945 /* Segfault appropriately if not initialized */
1946 result
->next_entry
= NULL
;
1947 result
->search_end
= NULL
;
1949 talloc_set_destructor(result
, pdb_search_destructor
);
1954 static void fill_displayentry(TALLOC_CTX
*mem_ctx
, uint32_t rid
,
1955 uint16_t acct_flags
,
1956 const char *account_name
,
1957 const char *fullname
,
1958 const char *description
,
1959 struct samr_displayentry
*entry
)
1962 entry
->acct_flags
= acct_flags
;
1964 if (account_name
!= NULL
)
1965 entry
->account_name
= talloc_strdup(mem_ctx
, account_name
);
1967 entry
->account_name
= "";
1969 if (fullname
!= NULL
)
1970 entry
->fullname
= talloc_strdup(mem_ctx
, fullname
);
1972 entry
->fullname
= "";
1974 if (description
!= NULL
)
1975 entry
->description
= talloc_strdup(mem_ctx
, description
);
1977 entry
->description
= "";
1980 struct group_search
{
1982 size_t num_groups
, current_group
;
1985 static bool next_entry_groups(struct pdb_search
*s
,
1986 struct samr_displayentry
*entry
)
1988 struct group_search
*state
= (struct group_search
*)s
->private_data
;
1992 if (state
->current_group
== state
->num_groups
)
1995 map
= state
->groups
[state
->current_group
];
1997 sid_peek_rid(&map
->sid
, &rid
);
1999 fill_displayentry(s
, rid
, 0, map
->nt_name
, NULL
, map
->comment
, entry
);
2001 state
->current_group
+= 1;
2005 static void search_end_groups(struct pdb_search
*search
)
2007 struct group_search
*state
=
2008 (struct group_search
*)search
->private_data
;
2009 TALLOC_FREE(state
->groups
);
2012 static bool pdb_search_grouptype(struct pdb_methods
*methods
,
2013 struct pdb_search
*search
,
2014 const struct dom_sid
*sid
, enum lsa_SidType type
)
2016 struct group_search
*state
;
2018 state
= talloc_zero(search
, struct group_search
);
2019 if (state
== NULL
) {
2020 DEBUG(0, ("talloc failed\n"));
2024 if (!NT_STATUS_IS_OK(methods
->enum_group_mapping(methods
, sid
, type
,
2025 &state
->groups
, &state
->num_groups
,
2027 DEBUG(0, ("Could not enum groups\n"));
2031 state
->current_group
= 0;
2032 search
->private_data
= state
;
2033 search
->next_entry
= next_entry_groups
;
2034 search
->search_end
= search_end_groups
;
2038 static bool pdb_default_search_groups(struct pdb_methods
*methods
,
2039 struct pdb_search
*search
)
2041 return pdb_search_grouptype(methods
, search
, get_global_sam_sid(), SID_NAME_DOM_GRP
);
2044 static bool pdb_default_search_aliases(struct pdb_methods
*methods
,
2045 struct pdb_search
*search
,
2046 const struct dom_sid
*sid
)
2049 return pdb_search_grouptype(methods
, search
, sid
, SID_NAME_ALIAS
);
2052 static struct samr_displayentry
*pdb_search_getentry(struct pdb_search
*search
,
2055 if (idx
< search
->num_entries
)
2056 return &search
->cache
[idx
];
2058 if (search
->search_ended
)
2061 while (idx
>= search
->num_entries
) {
2062 struct samr_displayentry entry
;
2064 if (!search
->next_entry(search
, &entry
)) {
2065 search
->search_end(search
);
2066 search
->search_ended
= True
;
2070 ADD_TO_LARGE_ARRAY(search
, struct samr_displayentry
,
2071 entry
, &search
->cache
, &search
->num_entries
,
2072 &search
->cache_size
);
2075 return (search
->num_entries
> idx
) ? &search
->cache
[idx
] : NULL
;
2078 struct pdb_search
*pdb_search_users(TALLOC_CTX
*mem_ctx
, uint32_t acct_flags
)
2080 struct pdb_methods
*pdb
= pdb_get_methods();
2081 struct pdb_search
*result
;
2083 result
= pdb_search_init(mem_ctx
, PDB_USER_SEARCH
);
2084 if (result
== NULL
) {
2088 if (!pdb
->search_users(pdb
, result
, acct_flags
)) {
2089 TALLOC_FREE(result
);
2095 struct pdb_search
*pdb_search_groups(TALLOC_CTX
*mem_ctx
)
2097 struct pdb_methods
*pdb
= pdb_get_methods();
2098 struct pdb_search
*result
;
2100 result
= pdb_search_init(mem_ctx
, PDB_GROUP_SEARCH
);
2101 if (result
== NULL
) {
2105 if (!pdb
->search_groups(pdb
, result
)) {
2106 TALLOC_FREE(result
);
2112 struct pdb_search
*pdb_search_aliases(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
)
2114 struct pdb_methods
*pdb
= pdb_get_methods();
2115 struct pdb_search
*result
;
2117 if (pdb
== NULL
) return NULL
;
2119 result
= pdb_search_init(mem_ctx
, PDB_ALIAS_SEARCH
);
2120 if (result
== NULL
) {
2124 if (!pdb
->search_aliases(pdb
, result
, sid
)) {
2125 TALLOC_FREE(result
);
2131 uint32_t pdb_search_entries(struct pdb_search
*search
,
2132 uint32_t start_idx
, uint32_t max_entries
,
2133 struct samr_displayentry
**result
)
2135 struct samr_displayentry
*end_entry
;
2136 uint32_t end_idx
= start_idx
+max_entries
-1;
2138 /* The first entry needs to be searched after the last. Otherwise the
2139 * first entry might have moved due to a realloc during the search for
2140 * the last entry. */
2142 end_entry
= pdb_search_getentry(search
, end_idx
);
2143 *result
= pdb_search_getentry(search
, start_idx
);
2145 if (end_entry
!= NULL
)
2148 if (start_idx
>= search
->num_entries
)
2151 return search
->num_entries
- start_idx
;
2154 /*******************************************************************
2156 *******************************************************************/
2158 bool pdb_get_trusteddom_pw(const char *domain
, char** pwd
, struct dom_sid
*sid
,
2159 time_t *pass_last_set_time
)
2161 struct pdb_methods
*pdb
= pdb_get_methods();
2162 return pdb
->get_trusteddom_pw(pdb
, domain
, pwd
, sid
,
2163 pass_last_set_time
);
2166 bool pdb_set_trusteddom_pw(const char* domain
, const char* pwd
,
2167 const struct dom_sid
*sid
)
2169 struct pdb_methods
*pdb
= pdb_get_methods();
2170 return pdb
->set_trusteddom_pw(pdb
, domain
, pwd
, sid
);
2173 bool pdb_del_trusteddom_pw(const char *domain
)
2175 struct pdb_methods
*pdb
= pdb_get_methods();
2176 return pdb
->del_trusteddom_pw(pdb
, domain
);
2179 NTSTATUS
pdb_enum_trusteddoms(TALLOC_CTX
*mem_ctx
, uint32_t *num_domains
,
2180 struct trustdom_info
***domains
)
2182 struct pdb_methods
*pdb
= pdb_get_methods();
2183 return pdb
->enum_trusteddoms(pdb
, mem_ctx
, num_domains
, domains
);
2186 /*******************************************************************
2187 the defaults for trustdom methods:
2188 these simply call the original passdb/secrets.c actions,
2189 to be replaced by pdb_ldap.
2190 *******************************************************************/
2192 static bool pdb_default_get_trusteddom_pw(struct pdb_methods
*methods
,
2195 struct dom_sid
*sid
,
2196 time_t *pass_last_set_time
)
2198 return secrets_fetch_trusted_domain_password(domain
, pwd
,
2199 sid
, pass_last_set_time
);
2203 static bool pdb_default_set_trusteddom_pw(struct pdb_methods
*methods
,
2206 const struct dom_sid
*sid
)
2208 return secrets_store_trusted_domain_password(domain
, pwd
, sid
);
2211 static bool pdb_default_del_trusteddom_pw(struct pdb_methods
*methods
,
2214 return trusted_domain_password_delete(domain
);
2217 static NTSTATUS
pdb_default_enum_trusteddoms(struct pdb_methods
*methods
,
2218 TALLOC_CTX
*mem_ctx
,
2219 uint32_t *num_domains
,
2220 struct trustdom_info
***domains
)
2222 return secrets_trusted_domains(mem_ctx
, num_domains
, domains
);
2225 /*******************************************************************
2226 trusted_domain methods
2227 *******************************************************************/
2229 NTSTATUS
pdb_get_trusted_domain(TALLOC_CTX
*mem_ctx
, const char *domain
,
2230 struct pdb_trusted_domain
**td
)
2232 struct pdb_methods
*pdb
= pdb_get_methods();
2233 return pdb
->get_trusted_domain(pdb
, mem_ctx
, domain
, td
);
2236 NTSTATUS
pdb_get_trusted_domain_by_sid(TALLOC_CTX
*mem_ctx
, struct dom_sid
*sid
,
2237 struct pdb_trusted_domain
**td
)
2239 struct pdb_methods
*pdb
= pdb_get_methods();
2240 return pdb
->get_trusted_domain_by_sid(pdb
, mem_ctx
, sid
, td
);
2243 NTSTATUS
pdb_set_trusted_domain(const char* domain
,
2244 const struct pdb_trusted_domain
*td
)
2246 struct pdb_methods
*pdb
= pdb_get_methods();
2247 return pdb
->set_trusted_domain(pdb
, domain
, td
);
2250 NTSTATUS
pdb_del_trusted_domain(const char *domain
)
2252 struct pdb_methods
*pdb
= pdb_get_methods();
2253 return pdb
->del_trusted_domain(pdb
, domain
);
2256 NTSTATUS
pdb_enum_trusted_domains(TALLOC_CTX
*mem_ctx
, uint32_t *num_domains
,
2257 struct pdb_trusted_domain
***domains
)
2259 struct pdb_methods
*pdb
= pdb_get_methods();
2260 return pdb
->enum_trusted_domains(pdb
, mem_ctx
, num_domains
, domains
);
2263 static NTSTATUS
pdb_default_get_trusted_domain(struct pdb_methods
*methods
,
2264 TALLOC_CTX
*mem_ctx
,
2266 struct pdb_trusted_domain
**td
)
2268 struct trustAuthInOutBlob taiob
;
2269 struct AuthenticationInformation aia
;
2270 struct pdb_trusted_domain
*tdom
;
2271 enum ndr_err_code ndr_err
;
2272 time_t last_set_time
;
2276 tdom
= talloc(mem_ctx
, struct pdb_trusted_domain
);
2278 return NT_STATUS_NO_MEMORY
;
2281 tdom
->domain_name
= talloc_strdup(tdom
, domain
);
2282 tdom
->netbios_name
= talloc_strdup(tdom
, domain
);
2283 if (!tdom
->domain_name
|| !tdom
->netbios_name
) {
2285 return NT_STATUS_NO_MEMORY
;
2288 tdom
->trust_auth_incoming
= data_blob_null
;
2290 ok
= pdb_get_trusteddom_pw(domain
, &pwd
, &tdom
->security_identifier
,
2294 return NT_STATUS_UNSUCCESSFUL
;
2300 taiob
.current
.count
= 1;
2301 taiob
.current
.array
= &aia
;
2302 unix_to_nt_time(&aia
.LastUpdateTime
, last_set_time
);
2303 aia
.AuthType
= TRUST_AUTH_TYPE_CLEAR
;
2304 aia
.AuthInfo
.clear
.password
= (uint8_t *) pwd
;
2305 aia
.AuthInfo
.clear
.size
= strlen(pwd
);
2306 taiob
.previous
.count
= 0;
2307 taiob
.previous
.array
= NULL
;
2309 ndr_err
= ndr_push_struct_blob(&tdom
->trust_auth_outgoing
,
2311 (ndr_push_flags_fn_t
)ndr_push_trustAuthInOutBlob
);
2312 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
2314 return NT_STATUS_UNSUCCESSFUL
;
2317 tdom
->trust_direction
= LSA_TRUST_DIRECTION_OUTBOUND
;
2318 tdom
->trust_type
= LSA_TRUST_TYPE_DOWNLEVEL
;
2319 tdom
->trust_attributes
= 0;
2320 tdom
->trust_forest_trust_info
= data_blob_null
;
2323 return NT_STATUS_OK
;
2326 static NTSTATUS
pdb_default_get_trusted_domain_by_sid(struct pdb_methods
*methods
,
2327 TALLOC_CTX
*mem_ctx
,
2328 struct dom_sid
*sid
,
2329 struct pdb_trusted_domain
**td
)
2331 return NT_STATUS_NOT_IMPLEMENTED
;
2334 #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
2336 static NTSTATUS
pdb_default_set_trusted_domain(struct pdb_methods
*methods
,
2338 const struct pdb_trusted_domain
*td
)
2340 struct trustAuthInOutBlob taiob
;
2341 struct AuthenticationInformation
*aia
;
2342 enum ndr_err_code ndr_err
;
2346 if (td
->trust_attributes
!= 0 ||
2347 td
->trust_type
!= LSA_TRUST_TYPE_DOWNLEVEL
||
2348 td
->trust_direction
!= LSA_TRUST_DIRECTION_OUTBOUND
||
2349 !IS_NULL_DATA_BLOB(td
->trust_auth_incoming
) ||
2350 !IS_NULL_DATA_BLOB(td
->trust_forest_trust_info
)) {
2351 return NT_STATUS_NOT_IMPLEMENTED
;
2355 ndr_err
= ndr_pull_struct_blob(&td
->trust_auth_outgoing
, talloc_tos(),
2357 (ndr_pull_flags_fn_t
)ndr_pull_trustAuthInOutBlob
);
2358 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
2359 return NT_STATUS_UNSUCCESSFUL
;
2362 aia
= (struct AuthenticationInformation
*) taiob
.current
.array
;
2364 if (taiob
.count
!= 1 || taiob
.current
.count
!= 1 ||
2365 taiob
.previous
.count
!= 0 ||
2366 aia
->AuthType
!= TRUST_AUTH_TYPE_CLEAR
) {
2367 return NT_STATUS_NOT_IMPLEMENTED
;
2370 pwd
= talloc_strndup(talloc_tos(), (char *) aia
->AuthInfo
.clear
.password
,
2371 aia
->AuthInfo
.clear
.size
);
2373 return NT_STATUS_NO_MEMORY
;
2376 ok
= pdb_set_trusteddom_pw(domain
, pwd
, &td
->security_identifier
);
2378 return NT_STATUS_UNSUCCESSFUL
;
2381 return NT_STATUS_OK
;
2384 static NTSTATUS
pdb_default_del_trusted_domain(struct pdb_methods
*methods
,
2387 return NT_STATUS_NOT_IMPLEMENTED
;
2390 static NTSTATUS
pdb_default_enum_trusted_domains(struct pdb_methods
*methods
,
2391 TALLOC_CTX
*mem_ctx
,
2392 uint32_t *num_domains
,
2393 struct pdb_trusted_domain
***domains
)
2395 return NT_STATUS_NOT_IMPLEMENTED
;
2398 static struct pdb_domain_info
*pdb_default_get_domain_info(
2399 struct pdb_methods
*m
, TALLOC_CTX
*mem_ctx
)
2404 /*******************************************************************
2406 *******************************************************************/
2408 NTSTATUS
pdb_get_secret(TALLOC_CTX
*mem_ctx
,
2409 const char *secret_name
,
2410 DATA_BLOB
*secret_current
,
2411 NTTIME
*secret_current_lastchange
,
2412 DATA_BLOB
*secret_old
,
2413 NTTIME
*secret_old_lastchange
,
2414 struct security_descriptor
**sd
)
2416 struct pdb_methods
*pdb
= pdb_get_methods();
2417 return pdb
->get_secret(pdb
, mem_ctx
, secret_name
,
2418 secret_current
, secret_current_lastchange
,
2419 secret_old
, secret_old_lastchange
,
2423 NTSTATUS
pdb_set_secret(const char *secret_name
,
2424 DATA_BLOB
*secret_current
,
2425 DATA_BLOB
*secret_old
,
2426 struct security_descriptor
*sd
)
2428 struct pdb_methods
*pdb
= pdb_get_methods();
2429 return pdb
->set_secret(pdb
, secret_name
,
2435 NTSTATUS
pdb_delete_secret(const char *secret_name
)
2437 struct pdb_methods
*pdb
= pdb_get_methods();
2438 return pdb
->delete_secret(pdb
, secret_name
);
2441 static NTSTATUS
pdb_default_get_secret(struct pdb_methods
*methods
,
2442 TALLOC_CTX
*mem_ctx
,
2443 const char *secret_name
,
2444 DATA_BLOB
*secret_current
,
2445 NTTIME
*secret_current_lastchange
,
2446 DATA_BLOB
*secret_old
,
2447 NTTIME
*secret_old_lastchange
,
2448 struct security_descriptor
**sd
)
2450 return lsa_secret_get(mem_ctx
, secret_name
,
2452 secret_current_lastchange
,
2454 secret_old_lastchange
,
2458 static NTSTATUS
pdb_default_set_secret(struct pdb_methods
*methods
,
2459 const char *secret_name
,
2460 DATA_BLOB
*secret_current
,
2461 DATA_BLOB
*secret_old
,
2462 struct security_descriptor
*sd
)
2464 return lsa_secret_set(secret_name
,
2470 static NTSTATUS
pdb_default_delete_secret(struct pdb_methods
*methods
,
2471 const char *secret_name
)
2473 return lsa_secret_delete(secret_name
);
2476 /*******************************************************************
2477 Create a pdb_methods structure and initialize it with the default
2478 operations. In this way a passdb module can simply implement
2479 the functionality it cares about. However, normally this is done
2480 in groups of related functions.
2481 *******************************************************************/
2483 NTSTATUS
make_pdb_method( struct pdb_methods
**methods
)
2485 /* allocate memory for the structure as its own talloc CTX */
2487 *methods
= talloc_zero(NULL
, struct pdb_methods
);
2488 if (*methods
== NULL
) {
2489 return NT_STATUS_NO_MEMORY
;
2492 (*methods
)->get_domain_info
= pdb_default_get_domain_info
;
2493 (*methods
)->getsampwnam
= pdb_default_getsampwnam
;
2494 (*methods
)->getsampwsid
= pdb_default_getsampwsid
;
2495 (*methods
)->create_user
= pdb_default_create_user
;
2496 (*methods
)->delete_user
= pdb_default_delete_user
;
2497 (*methods
)->add_sam_account
= pdb_default_add_sam_account
;
2498 (*methods
)->update_sam_account
= pdb_default_update_sam_account
;
2499 (*methods
)->delete_sam_account
= pdb_default_delete_sam_account
;
2500 (*methods
)->rename_sam_account
= pdb_default_rename_sam_account
;
2501 (*methods
)->update_login_attempts
= pdb_default_update_login_attempts
;
2503 (*methods
)->getgrsid
= pdb_default_getgrsid
;
2504 (*methods
)->getgrgid
= pdb_default_getgrgid
;
2505 (*methods
)->getgrnam
= pdb_default_getgrnam
;
2506 (*methods
)->create_dom_group
= pdb_default_create_dom_group
;
2507 (*methods
)->delete_dom_group
= pdb_default_delete_dom_group
;
2508 (*methods
)->add_group_mapping_entry
= pdb_default_add_group_mapping_entry
;
2509 (*methods
)->update_group_mapping_entry
= pdb_default_update_group_mapping_entry
;
2510 (*methods
)->delete_group_mapping_entry
= pdb_default_delete_group_mapping_entry
;
2511 (*methods
)->enum_group_mapping
= pdb_default_enum_group_mapping
;
2512 (*methods
)->enum_group_members
= pdb_default_enum_group_members
;
2513 (*methods
)->enum_group_memberships
= pdb_default_enum_group_memberships
;
2514 (*methods
)->set_unix_primary_group
= pdb_default_set_unix_primary_group
;
2515 (*methods
)->add_groupmem
= pdb_default_add_groupmem
;
2516 (*methods
)->del_groupmem
= pdb_default_del_groupmem
;
2517 (*methods
)->create_alias
= pdb_default_create_alias
;
2518 (*methods
)->delete_alias
= pdb_default_delete_alias
;
2519 (*methods
)->get_aliasinfo
= pdb_default_get_aliasinfo
;
2520 (*methods
)->set_aliasinfo
= pdb_default_set_aliasinfo
;
2521 (*methods
)->add_aliasmem
= pdb_default_add_aliasmem
;
2522 (*methods
)->del_aliasmem
= pdb_default_del_aliasmem
;
2523 (*methods
)->enum_aliasmem
= pdb_default_enum_aliasmem
;
2524 (*methods
)->enum_alias_memberships
= pdb_default_alias_memberships
;
2525 (*methods
)->lookup_rids
= pdb_default_lookup_rids
;
2526 (*methods
)->get_account_policy
= pdb_default_get_account_policy
;
2527 (*methods
)->set_account_policy
= pdb_default_set_account_policy
;
2528 (*methods
)->get_seq_num
= pdb_default_get_seq_num
;
2529 (*methods
)->uid_to_sid
= pdb_default_uid_to_sid
;
2530 (*methods
)->gid_to_sid
= pdb_default_gid_to_sid
;
2531 (*methods
)->sid_to_id
= pdb_default_sid_to_id
;
2533 (*methods
)->search_groups
= pdb_default_search_groups
;
2534 (*methods
)->search_aliases
= pdb_default_search_aliases
;
2536 (*methods
)->get_trusteddom_pw
= pdb_default_get_trusteddom_pw
;
2537 (*methods
)->set_trusteddom_pw
= pdb_default_set_trusteddom_pw
;
2538 (*methods
)->del_trusteddom_pw
= pdb_default_del_trusteddom_pw
;
2539 (*methods
)->enum_trusteddoms
= pdb_default_enum_trusteddoms
;
2541 (*methods
)->get_trusted_domain
= pdb_default_get_trusted_domain
;
2542 (*methods
)->get_trusted_domain_by_sid
= pdb_default_get_trusted_domain_by_sid
;
2543 (*methods
)->set_trusted_domain
= pdb_default_set_trusted_domain
;
2544 (*methods
)->del_trusted_domain
= pdb_default_del_trusted_domain
;
2545 (*methods
)->enum_trusted_domains
= pdb_default_enum_trusted_domains
;
2547 (*methods
)->get_secret
= pdb_default_get_secret
;
2548 (*methods
)->set_secret
= pdb_default_set_secret
;
2549 (*methods
)->delete_secret
= pdb_default_delete_secret
;
2551 return NT_STATUS_OK
;