2 Unix SMB/CIFS implementation.
3 IPA helper functions for SAMBA
4 Copyright (C) Sumit Bose <sbose@redhat.com> 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libcli/security/dom_sid.h"
26 #define LDAP_TRUST_CONTAINER "ou=system"
27 #define LDAP_ATTRIBUTE_CN "cn"
28 #define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType"
29 #define LDAP_ATTRIBUTE_TRUST_ATTRIBUTES "sambaTrustAttributes"
30 #define LDAP_ATTRIBUTE_TRUST_DIRECTION "sambaTrustDirection"
31 #define LDAP_ATTRIBUTE_TRUST_PARTNER "sambaTrustPartner"
32 #define LDAP_ATTRIBUTE_FLAT_NAME "sambaFlatName"
33 #define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "sambaTrustAuthOutgoing"
34 #define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming"
35 #define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier"
37 #define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal"
38 #define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux"
39 #define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName"
41 struct ipasam_privates {
42 NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *,
43 struct samu *sampass);
44 NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *,
45 struct samu *sampass);
48 static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods,
52 time_t *pass_last_set_time)
57 static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods,
60 const struct dom_sid *sid)
65 static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods,
71 static char *get_account_dn(const char *name)
76 escape_name = escape_rdn_val_string_alloc(name);
81 if (name[strlen(name)-1] == '$') {
82 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
83 lp_ldap_machine_suffix());
85 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
86 lp_ldap_user_suffix());
89 SAFE_FREE(escape_name);
94 static char *trusted_domain_dn(struct ldapsam_privates *ldap_state,
97 return talloc_asprintf(talloc_tos(), "%s=%s,%s,%s",
98 LDAP_ATTRIBUTE_CN, domain,
99 LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
102 static char *trusted_domain_base_dn(struct ldapsam_privates *ldap_state)
104 return talloc_asprintf(talloc_tos(), "%s,%s",
105 LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
108 static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state,
110 const char *filter, LDAPMessage **entry)
113 char *base_dn = NULL;
114 LDAPMessage *result = NULL;
117 base_dn = trusted_domain_base_dn(ldap_state);
118 if (base_dn == NULL) {
122 rc = smbldap_search(ldap_state->smbldap_state, base_dn,
123 LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result);
124 TALLOC_FREE(base_dn);
126 if (result != NULL) {
127 talloc_autofree_ldapmsg(mem_ctx, result);
130 if (rc == LDAP_NO_SUCH_OBJECT) {
135 if (rc != LDAP_SUCCESS) {
139 num_result = ldap_count_entries(priv2ld(ldap_state), result);
141 if (num_result > 1) {
142 DEBUG(1, ("get_trusted_domain_int: more than one "
143 "%s object with filter '%s'?!\n",
144 LDAP_OBJ_TRUSTED_DOMAIN, filter));
148 if (num_result == 0) {
149 DEBUG(1, ("get_trusted_domain_int: no "
150 "%s object with filter '%s'.\n",
151 LDAP_OBJ_TRUSTED_DOMAIN, filter));
154 *entry = ldap_first_entry(priv2ld(ldap_state), result);
160 static bool get_trusted_domain_by_name_int(struct ldapsam_privates *ldap_state,
167 filter = talloc_asprintf(talloc_tos(),
168 "(&(objectClass=%s)(|(%s=%s)(%s=%s)(cn=%s)))",
169 LDAP_OBJ_TRUSTED_DOMAIN,
170 LDAP_ATTRIBUTE_FLAT_NAME, domain,
171 LDAP_ATTRIBUTE_TRUST_PARTNER, domain, domain);
172 if (filter == NULL) {
176 return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
179 static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state,
181 const char *sid, LDAPMessage **entry)
185 filter = talloc_asprintf(talloc_tos(), "(&(objectClass=%s)(%s=%s))",
186 LDAP_OBJ_TRUSTED_DOMAIN,
187 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid);
188 if (filter == NULL) {
192 return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
195 static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
204 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
207 DEBUG(9, ("Attribute %s not present.\n", attr));
212 l = strtoul(dummy, &endptr, 10);
215 if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
224 static void get_data_blob_from_ldap_msg(TALLOC_CTX *mem_ctx,
225 struct ldapsam_privates *ldap_state,
226 LDAPMessage *entry, const char *attr,
232 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, attr,
235 DEBUG(9, ("Attribute %s not present.\n", attr));
238 blob = base64_decode_data_blob(dummy);
239 if (blob.length == 0) {
242 _blob->length = blob.length;
243 _blob->data = talloc_steal(mem_ctx, blob.data);
249 static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
250 struct ldapsam_privates *ldap_state,
252 struct pdb_trusted_domain **_td)
256 struct pdb_trusted_domain *td;
262 td = talloc_zero(mem_ctx, struct pdb_trusted_domain);
267 /* All attributes are MAY */
269 dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
270 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
273 DEBUG(9, ("Attribute %s not present.\n",
274 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER));
275 ZERO_STRUCT(td->security_identifier);
277 res = string_to_sid(&td->security_identifier, dummy);
284 get_data_blob_from_ldap_msg(td, ldap_state, entry,
285 LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
286 &td->trust_auth_incoming);
288 get_data_blob_from_ldap_msg(td, ldap_state, entry,
289 LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
290 &td->trust_auth_outgoing);
292 td->netbios_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
294 LDAP_ATTRIBUTE_FLAT_NAME,
296 if (td->netbios_name == NULL) {
297 DEBUG(9, ("Attribute %s not present.\n",
298 LDAP_ATTRIBUTE_FLAT_NAME));
301 td->domain_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
303 LDAP_ATTRIBUTE_TRUST_PARTNER,
305 if (td->domain_name == NULL) {
306 DEBUG(9, ("Attribute %s not present.\n",
307 LDAP_ATTRIBUTE_TRUST_PARTNER));
310 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
311 LDAP_ATTRIBUTE_TRUST_DIRECTION,
312 &td->trust_direction);
317 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
318 LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
319 &td->trust_attributes);
324 res = get_uint32_t_from_ldap_msg(ldap_state, entry,
325 LDAP_ATTRIBUTE_TRUST_TYPE,
336 static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods,
339 struct pdb_trusted_domain **td)
341 struct ldapsam_privates *ldap_state =
342 (struct ldapsam_privates *)methods->private_data;
343 LDAPMessage *entry = NULL;
345 DEBUG(10, ("ipasam_get_trusted_domain called for domain %s\n", domain));
347 if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
349 return NT_STATUS_UNSUCCESSFUL;
352 DEBUG(5, ("ipasam_get_trusted_domain: no such trusted domain: "
354 return NT_STATUS_NO_SUCH_DOMAIN;
357 if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
358 return NT_STATUS_UNSUCCESSFUL;
364 static NTSTATUS ipasam_get_trusted_domain_by_sid(struct pdb_methods *methods,
367 struct pdb_trusted_domain **td)
369 struct ldapsam_privates *ldap_state =
370 (struct ldapsam_privates *)methods->private_data;
371 LDAPMessage *entry = NULL;
374 sid_str = sid_string_tos(sid);
376 DEBUG(10, ("ipasam_get_trusted_domain_by_sid called for sid %s\n",
379 if (!get_trusted_domain_by_sid_int(ldap_state, talloc_tos(), sid_str,
381 return NT_STATUS_UNSUCCESSFUL;
384 DEBUG(5, ("ipasam_get_trusted_domain_by_sid: no trusted domain "
385 "with sid: %s\n", sid_str));
386 return NT_STATUS_NO_SUCH_DOMAIN;
389 if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
390 return NT_STATUS_UNSUCCESSFUL;
396 static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry,
397 LDAPMod ***mods, const char *attribute,
402 dummy = talloc_asprintf(talloc_tos(), "%lu", (unsigned long) val);
406 smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
412 static bool smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *entry,
413 LDAPMod ***mods, const char *attribute,
418 dummy = base64_encode_data_blob(talloc_tos(), blob);
423 smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
429 static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods,
431 const struct pdb_trusted_domain *td)
433 struct ldapsam_privates *ldap_state =
434 (struct ldapsam_privates *)methods->private_data;
435 LDAPMessage *entry = NULL;
438 char *trusted_dn = NULL;
441 DEBUG(10, ("ipasam_set_trusted_domain called for domain %s\n", domain));
443 res = get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
446 return NT_STATUS_UNSUCCESSFUL;
450 smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
451 LDAP_OBJ_TRUSTED_DOMAIN);
453 if (td->netbios_name != NULL) {
454 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
455 LDAP_ATTRIBUTE_FLAT_NAME,
459 if (td->domain_name != NULL) {
460 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
461 LDAP_ATTRIBUTE_TRUST_PARTNER,
465 if (!is_null_sid(&td->security_identifier)) {
466 smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
467 LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
468 sid_string_tos(&td->security_identifier));
471 if (td->trust_type != 0) {
472 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
473 &mods, LDAP_ATTRIBUTE_TRUST_TYPE,
476 return NT_STATUS_UNSUCCESSFUL;
480 if (td->trust_attributes != 0) {
481 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
483 LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
484 td->trust_attributes);
486 return NT_STATUS_UNSUCCESSFUL;
490 if (td->trust_direction != 0) {
491 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
493 LDAP_ATTRIBUTE_TRUST_DIRECTION,
494 td->trust_direction);
496 return NT_STATUS_UNSUCCESSFUL;
500 if (td->trust_auth_outgoing.data != NULL) {
501 res = smbldap_make_mod_blob(priv2ld(ldap_state), entry,
503 LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
504 td->trust_auth_outgoing);
506 return NT_STATUS_UNSUCCESSFUL;
510 if (td->trust_auth_incoming.data != NULL) {
511 res = smbldap_make_mod_blob(priv2ld(ldap_state), entry,
513 LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
514 td->trust_auth_incoming);
516 return NT_STATUS_UNSUCCESSFUL;
520 talloc_autofree_ldapmod(talloc_tos(), mods);
522 trusted_dn = trusted_domain_dn(ldap_state, domain);
523 if (trusted_dn == NULL) {
524 return NT_STATUS_NO_MEMORY;
527 ret = smbldap_add(ldap_state->smbldap_state, trusted_dn, mods);
529 ret = smbldap_modify(ldap_state->smbldap_state, trusted_dn, mods);
532 if (ret != LDAP_SUCCESS) {
533 DEBUG(1, ("error writing trusted domain data!\n"));
534 return NT_STATUS_UNSUCCESSFUL;
539 static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods,
543 struct ldapsam_privates *ldap_state =
544 (struct ldapsam_privates *)methods->private_data;
545 LDAPMessage *entry = NULL;
548 if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
550 return NT_STATUS_UNSUCCESSFUL;
554 DEBUG(5, ("ipasam_del_trusted_domain: no such trusted domain: "
556 return NT_STATUS_NO_SUCH_DOMAIN;
559 dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state), entry);
561 DEBUG(0,("ipasam_del_trusted_domain: Out of memory!\n"));
562 return NT_STATUS_NO_MEMORY;
565 ret = smbldap_delete(ldap_state->smbldap_state, dn);
566 if (ret != LDAP_SUCCESS) {
567 return NT_STATUS_UNSUCCESSFUL;
573 static NTSTATUS ipasam_enum_trusted_domains(struct pdb_methods *methods,
575 uint32_t *num_domains,
576 struct pdb_trusted_domain ***domains)
579 struct ldapsam_privates *ldap_state =
580 (struct ldapsam_privates *)methods->private_data;
581 char *base_dn = NULL;
583 int scope = LDAP_SCOPE_SUBTREE;
584 LDAPMessage *result = NULL;
585 LDAPMessage *entry = NULL;
587 filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
588 LDAP_OBJ_TRUSTED_DOMAIN);
589 if (filter == NULL) {
590 return NT_STATUS_NO_MEMORY;
593 base_dn = trusted_domain_base_dn(ldap_state);
594 if (base_dn == NULL) {
596 return NT_STATUS_NO_MEMORY;
599 rc = smbldap_search(ldap_state->smbldap_state, base_dn, scope, filter,
602 TALLOC_FREE(base_dn);
604 if (result != NULL) {
605 talloc_autofree_ldapmsg(mem_ctx, result);
608 if (rc == LDAP_NO_SUCH_OBJECT) {
614 if (rc != LDAP_SUCCESS) {
615 return NT_STATUS_UNSUCCESSFUL;
619 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct pdb_trusted_domain *, 1))) {
620 DEBUG(1, ("talloc failed\n"));
621 return NT_STATUS_NO_MEMORY;
624 for (entry = ldap_first_entry(priv2ld(ldap_state), result);
626 entry = ldap_next_entry(priv2ld(ldap_state), entry))
628 struct pdb_trusted_domain *dom_info;
630 if (!fill_pdb_trusted_domain(*domains, ldap_state, entry,
632 return NT_STATUS_UNSUCCESSFUL;
635 ADD_TO_ARRAY(*domains, struct pdb_trusted_domain *, dom_info,
636 domains, num_domains);
638 if (*domains == NULL) {
639 DEBUG(1, ("talloc failed\n"));
640 return NT_STATUS_NO_MEMORY;
644 DEBUG(5, ("ipasam_enum_trusted_domains: got %d domains\n", *num_domains));
648 static NTSTATUS ipasam_enum_trusteddoms(struct pdb_methods *methods,
650 uint32_t *num_domains,
651 struct trustdom_info ***domains)
654 struct pdb_trusted_domain **td;
657 status = ipasam_enum_trusted_domains(methods, talloc_tos(),
659 if (!NT_STATUS_IS_OK(status)) {
663 if (*num_domains == 0) {
667 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *,
669 DEBUG(1, ("talloc failed\n"));
670 return NT_STATUS_NO_MEMORY;
673 for (i = 0; i < *num_domains; i++) {
674 struct trustdom_info *dom_info;
676 dom_info = TALLOC_P(*domains, struct trustdom_info);
677 if (dom_info == NULL) {
678 DEBUG(1, ("talloc failed\n"));
679 return NT_STATUS_NO_MEMORY;
682 dom_info->name = talloc_steal(mem_ctx, td[i]->netbios_name);
683 sid_copy(&dom_info->sid, &td[i]->security_identifier);
685 (*domains)[i] = dom_info;
691 static uint32_t pdb_ipasam_capabilities(struct pdb_methods *methods)
693 return PDB_CAP_STORE_RIDS | PDB_CAP_ADS;
696 static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pdb_methods,
699 struct pdb_domain_info *info;
701 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)pdb_methods->private_data;
703 info = talloc(mem_ctx, struct pdb_domain_info);
708 info->name = talloc_strdup(info, ldap_state->domain_name);
709 if (info->name == NULL) {
713 /* TODO: read dns_domain, dns_forest and guid from LDAP */
714 info->dns_domain = talloc_strdup(info, lp_realm());
715 if (info->dns_domain == NULL) {
718 strlower_m(info->dns_domain);
719 info->dns_forest = talloc_strdup(info, info->dns_domain);
721 sid_copy(&info->sid, &ldap_state->domain_sid);
723 status = GUID_from_string("testguid", &info->guid);
732 static NTSTATUS modify_ipa_password_exop(struct ldapsam_privates *ldap_state,
733 struct samu *sampass)
736 BerElement *ber = NULL;
737 struct berval *bv = NULL;
739 struct berval *retdata = NULL;
740 const char *password;
743 password = pdb_get_plaintext_passwd(sampass);
744 if (password == NULL || *password == '\0') {
745 return NT_STATUS_INVALID_PARAMETER;
748 dn = get_account_dn(pdb_get_username(sampass));
750 return NT_STATUS_INVALID_PARAMETER;
753 ber = ber_alloc_t( LBER_USE_DER );
755 DEBUG(7, ("ber_alloc_t failed.\n"));
756 return NT_STATUS_NO_MEMORY;
759 ret = ber_printf(ber, "{tsts}", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, dn,
760 LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, password);
762 DEBUG(7, ("ber_printf failed.\n"));
764 return NT_STATUS_UNSUCCESSFUL;
767 ret = ber_flatten(ber, &bv);
770 DEBUG(1, ("ber_flatten failed.\n"));
771 return NT_STATUS_UNSUCCESSFUL;
774 ret = smbldap_extended_operation(ldap_state->smbldap_state,
775 LDAP_EXOP_MODIFY_PASSWD, bv, NULL,
776 NULL, &retoid, &retdata);
782 ldap_memfree(retoid);
784 if (ret != LDAP_SUCCESS) {
785 DEBUG(1, ("smbldap_extended_operation LDAP_EXOP_MODIFY_PASSWD failed.\n"));
786 return NT_STATUS_UNSUCCESSFUL;
792 static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
793 struct samu *sampass)
796 LDAPMod **mods = NULL;
801 dn = get_account_dn(pdb_get_username(sampass));
803 return NT_STATUS_INVALID_PARAMETER;
806 princ = talloc_asprintf(talloc_tos(), "%s@%s", pdb_get_username(sampass), lp_realm());
808 return NT_STATUS_NO_MEMORY;
811 smbldap_set_mod(&mods, LDAP_MOD_ADD,
812 "objectclass", LDAP_OBJ_KRB_PRINCIPAL);
813 smbldap_set_mod(&mods, LDAP_MOD_ADD,
814 LDAP_ATTRIBUTE_KRB_PRINCIPAL, princ);
815 smbldap_set_mod(&mods, LDAP_MOD_ADD,
816 "objectclass", LDAP_OBJ_KRB_PRINCIPAL_AUX);
817 smbldap_set_mod(&mods, LDAP_MOD_ADD,
818 "objectclass", "ipaHost");
819 smbldap_set_mod(&mods, LDAP_MOD_ADD,
820 "fqdn", "dummy.dummy.dummy");
821 smbldap_set_mod(&mods, LDAP_MOD_ADD,
822 "objectclass", "posixAccount");
823 smbldap_set_mod(&mods, LDAP_MOD_ADD,
824 "cn", pdb_get_username(sampass));
825 smbldap_set_mod(&mods, LDAP_MOD_ADD,
826 "gidNumber", "12345");
827 smbldap_set_mod(&mods, LDAP_MOD_ADD,
828 "homeDirectory", "/dev/null");
830 ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
831 ldap_mods_free(mods, true);
832 if (ret != LDAP_SUCCESS) {
833 DEBUG(1, ("failed to modify/add user with uid = %s (dn = %s)\n",
834 pdb_get_username(sampass),dn));
841 static NTSTATUS pdb_ipasam_add_sam_account(struct pdb_methods *pdb_methods,
842 struct samu *sampass)
845 struct ldapsam_privates *ldap_state;
847 ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
849 status =ldap_state->ipasam_privates->ldapsam_add_sam_account(pdb_methods,
851 if (!NT_STATUS_IS_OK(status)) {
855 status = ipasam_add_objectclasses(ldap_state, sampass);
856 if (!NT_STATUS_IS_OK(status)) {
860 if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
861 status = modify_ipa_password_exop(ldap_state, sampass);
862 if (!NT_STATUS_IS_OK(status)) {
870 static NTSTATUS pdb_ipasam_update_sam_account(struct pdb_methods *pdb_methods,
871 struct samu *sampass)
874 struct ldapsam_privates *ldap_state;
875 ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
877 status = ldap_state->ipasam_privates->ldapsam_update_sam_account(pdb_methods,
879 if (!NT_STATUS_IS_OK(status)) {
883 if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
884 status = modify_ipa_password_exop(ldap_state, sampass);
885 if (!NT_STATUS_IS_OK(status)) {
893 static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location)
895 struct ldapsam_privates *ldap_state;
898 status = pdb_init_ldapsam(pdb_method, location);
899 if (!NT_STATUS_IS_OK(status)) {
903 (*pdb_method)->name = "IPA_ldapsam";
905 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
906 ldap_state->ipasam_privates = talloc_zero(ldap_state,
907 struct ipasam_privates);
908 if (ldap_state->ipasam_privates == NULL) {
909 return NT_STATUS_NO_MEMORY;
911 ldap_state->is_ipa_ldap = true;
912 ldap_state->ipasam_privates->ldapsam_add_sam_account = (*pdb_method)->add_sam_account;
913 ldap_state->ipasam_privates->ldapsam_update_sam_account = (*pdb_method)->update_sam_account;
915 (*pdb_method)->add_sam_account = pdb_ipasam_add_sam_account;
916 (*pdb_method)->update_sam_account = pdb_ipasam_update_sam_account;
918 (*pdb_method)->capabilities = pdb_ipasam_capabilities;
919 (*pdb_method)->get_domain_info = pdb_ipasam_get_domain_info;
921 (*pdb_method)->get_trusteddom_pw = ipasam_get_trusteddom_pw;
922 (*pdb_method)->set_trusteddom_pw = ipasam_set_trusteddom_pw;
923 (*pdb_method)->del_trusteddom_pw = ipasam_del_trusteddom_pw;
924 (*pdb_method)->enum_trusteddoms = ipasam_enum_trusteddoms;
926 (*pdb_method)->get_trusted_domain = ipasam_get_trusted_domain;
927 (*pdb_method)->get_trusted_domain_by_sid = ipasam_get_trusted_domain_by_sid;
928 (*pdb_method)->set_trusted_domain = ipasam_set_trusted_domain;
929 (*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain;
930 (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains;
935 NTSTATUS pdb_ipa_init(void)
939 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "IPA_ldapsam", pdb_init_IPA_ldapsam)))
git.samba.org / ddiss / samba.git / blob