#include "../librpc/gen_ndr/drsblobs.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "../librpc/gen_ndr/idmap.h"
-#include "memcache.h"
+#include "../lib/util/memcache.h"
#include "nsswitch/winbind_client.h"
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
#include "passdb/pdb_secrets.h"
+#include "lib/util_sid_passdb.h"
+#include "idmap_cache.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
{
struct passwd *pwd;
NTSTATUS result;
- const char *guestname = lp_guestaccount();
+ const char *guestname = lp_guest_account();
pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
if (pwd == NULL) {
fstring name2;
if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
- add_script = lp_adduser_script(tmp_ctx);
+ add_script = lp_add_user_script(tmp_ctx);
} else {
- add_script = lp_addmachine_script(tmp_ctx);
+ add_script = lp_add_machine_script(tmp_ctx);
}
if (!add_script || add_script[0] == '\0') {
return -1;
}
- del_script = lp_deluser_script(talloc_tos());
+ del_script = lp_delete_user_script(talloc_tos());
if (!del_script || !*del_script) {
return -1;
}
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid)
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
- return pdb->uid_to_sid(pdb, uid, sid);
-}
+ bool ret;
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- return pdb->gid_to_sid(pdb, gid, sid);
+ ret = pdb->id_to_sid(pdb, id, sid);
+
+ if (ret == true) {
+ idmap_cache_set_sid2unixid(sid, id);
+ }
+
+ return ret;
}
bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
{
struct pdb_methods *pdb = pdb_get_methods();
- return pdb->sid_to_id(pdb, sid, id);
+ bool ret;
+
+ /* only ask the backend if it is responsible */
+ if (!sid_check_object_is_for_passdb(sid)) {
+ return false;
+ }
+
+ ret = pdb->sid_to_id(pdb, sid, id);
+
+ if (ret == true) {
+ idmap_cache_set_sid2unixid(sid, id);
+ }
+
+ return ret;
}
uint32_t pdb_capabilities(void)
bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx)
{
- pdb_tevent_ctx = tevent_ctx;
+ if (tevent_ctx) {
+ pdb_tevent_ctx = tevent_ctx;
+ }
return (pdb_get_methods_reload(reload) != NULL);
}
-
/***************************************************************************
Default implementations of some functions.
****************************************************************************/
return true;
}
+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return pdb_default_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return pdb_default_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
+/**
+ * The "Unix User" and "Unix Group" domains have a special
+ * id mapping that is a rid-algorithm with range starting at 0.
+ */
+bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+ struct unixid *id)
+{
+ uint32_t rid;
+
+ id->id = -1;
+
+ if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
+ id->id = rid;
+ id->type = ID_TYPE_UID;
+ return true;
+ }
+
+ if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
+ id->id = rid;
+ id->type = ID_TYPE_GID;
+ return true;
+ }
+
+ return false;
+}
+
static bool pdb_default_sid_to_id(struct pdb_methods *methods,
const struct dom_sid *sid,
struct unixid *id)
uint32_t rid;
id->id = -1;
- if (!sid_check_is_in_our_sam(sid)) {
- /* Not our SID */
- return False;
- }
-
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
id->id = uid;
break;
default:
- DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
+ DEBUG(5, ("SID %s belongs to our domain, and "
+ "an object exists in the database, "
+ "but it is neither a user nor a "
+ "group (got type %d).\n",
sid_string_dbg(sid), type));
ret = false;
}
} else {
- DEBUG(5, ("SID %s is or domain, but is unmapped\n",
+ DEBUG(5, ("SID %s belongs to our domain, but there is "
+ "no corresponding object in the database.\n",
sid_string_dbg(sid)));
}
goto done;
}
- /* check for "Unix User" */
-
- if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
- id->id = rid;
- id->type = ID_TYPE_UID;
- ret = True;
- goto done;
- }
-
- /* check for "Unix Group" */
-
- if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
- id->id = rid;
- id->type = ID_TYPE_GID;
- ret = True;
- goto done;
+ /*
+ * "Unix User" and "Unix Group"
+ */
+ ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
+ if (ret == true) {
+ goto done;
}
/* BUILTIN */
pass_last_set_time);
}
+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds);
+}
+
bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
const struct dom_sid *sid)
{
}
+static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods,
+ const char *domain,
+ TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds)
+{
+ *creds = NULL;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
const char* domain,
const char* pwd,
return NULL;
}
+/*****************************************************************
+ UPN suffixes
+ *****************************************************************/
+static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb,
+ uint32_t num_suffixes,
+ const char **suffixes)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes);
+}
+
+NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
+ const char **suffixes)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes);
+}
+
+/*******************************************************************
+ idmap control methods
+ *******************************************************************/
+static bool pdb_default_is_responsible_for_our_sam(
+ struct pdb_methods *methods)
+{
+ return true;
+}
+
+static bool pdb_default_is_responsible_for_builtin(
+ struct pdb_methods *methods)
+{
+ return true;
+}
+
+static bool pdb_default_is_responsible_for_wellknown(
+ struct pdb_methods *methods)
+{
+ return false;
+}
+
+static bool pdb_default_is_responsible_for_unix_users(
+ struct pdb_methods *methods)
+{
+ return true;
+}
+
+static bool pdb_default_is_responsible_for_unix_groups(
+ struct pdb_methods *methods)
+{
+ return true;
+}
+
+static bool pdb_default_is_responsible_for_everything_else(
+ struct pdb_methods *methods)
+{
+ return false;
+}
+
+bool pdb_is_responsible_for_our_sam(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_our_sam(pdb);
+}
+
+bool pdb_is_responsible_for_builtin(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_builtin(pdb);
+}
+
+bool pdb_is_responsible_for_wellknown(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_wellknown(pdb);
+}
+
+bool pdb_is_responsible_for_unix_users(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_unix_users(pdb);
+}
+
+bool pdb_is_responsible_for_unix_groups(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_unix_groups(pdb);
+}
+
+bool pdb_is_responsible_for_everything_else(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_everything_else(pdb);
+}
+
/*******************************************************************
secret methods
*******************************************************************/
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
- (*methods)->uid_to_sid = pdb_default_uid_to_sid;
- (*methods)->gid_to_sid = pdb_default_gid_to_sid;
+ (*methods)->id_to_sid = pdb_default_id_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->search_aliases = pdb_default_search_aliases;
(*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
+ (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds;
(*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
(*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
(*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
(*methods)->set_secret = pdb_default_set_secret;
(*methods)->delete_secret = pdb_default_delete_secret;
+ (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
+ (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes;
+
+ (*methods)->is_responsible_for_our_sam =
+ pdb_default_is_responsible_for_our_sam;
+ (*methods)->is_responsible_for_builtin =
+ pdb_default_is_responsible_for_builtin;
+ (*methods)->is_responsible_for_wellknown =
+ pdb_default_is_responsible_for_wellknown;
+ (*methods)->is_responsible_for_unix_users =
+ pdb_default_is_responsible_for_unix_users;
+ (*methods)->is_responsible_for_unix_groups =
+ pdb_default_is_responsible_for_unix_groups;
+ (*methods)->is_responsible_for_everything_else =
+ pdb_default_is_responsible_for_everything_else;
+
return NT_STATUS_OK;
}