sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

Remove some obsolete files (like in samba3)

Browse Source
This commit is contained in:
Jelmer Vernooij -
parent 7bc56792dc
commit b85539336e
15 changed files with 0 additions and 7458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source/Makefile.in
View File

@ -300,12 +300,7 @@ XML_OBJ = modules/xml.o
MYSQL_OBJ = modules/mysql.o
DEVEL_HELP_OBJ = modules/developer.o
SAM_STATIC_MODULES = sam/sam_plugin.o sam/sam_skel.o sam/sam_ads.o
SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \
sam/get_set_domain.o sam/interface.o $(SAM_STATIC_MODULES)
SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(SAM_OBJ) $(LIB_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ)
GROUPDB_OBJ = groupdb/mapping.o
@ -852,10 +847,6 @@ bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@
bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@
bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)

123
source/sam/SAM-interface_handles.txt
View File

@ -1,123 +0,0 @@
SAM API
NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)
NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)
NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)
NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)
Domain API
NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)
NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)
NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)
NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
User API
NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)
NTSTATUS sam_add_user(SAM_USER_HANDLE *user)
NTSTATUS sam_update_user(SAM_USER_HANDLE *user)
NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)
NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)
NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
Group API
NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)
NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)
NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)
NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)
NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)
NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)
NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)
structures
typedef _SAM_GROUP_MEMBER {
DOM_SID sid;
BOOL group; /* specifies if it is a group or a user */
} SAM_GROUP_MEMBER
typedef struct sam_user_enum {
DOM_SID sid;
char *username;
char *full_name;
char *user_desc;
uint16 acc_ctrl;
} SAM_USER_ENUM;
typedef struct sam_group_enum {
DOM_SID sid;
char *groupname;
char *comment;
} SAM_GROUP_ENUM
NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)
NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)
NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)
NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)
NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)
NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)
NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)
NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)
NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)
NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)
NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)
NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)
NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)
NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)
NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)
NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)
NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)
NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)
NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)
NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)
NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)
NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)
NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)
NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)
NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)
NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)
NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)
NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)
NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)

305
source/sam/account.c
View File

@ -1,305 +0,0 @@
/*
Unix SMB/CIFS implementation.
Password and authentication handling
Copyright (C) Jeremy Allison 1996-2001
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
/************************************************************
Fill the SAM_ACCOUNT_HANDLE with default values.
***********************************************************/
static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
{
ZERO_STRUCT(account->private); /* Don't touch the talloc context */
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
/* FIXME: We should actually call get_nt_time_max() or sthng
* here */
unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
account->private.unknown_1 = 0x00ffffff; /* don't know */
account->private.logon_divs = 168; /* hours per week */
account->private.hours_len = 21; /* 21 times 8 bits = 168 */
memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
account->private.unknown_2 = 0x00000000; /* don't know */
account->private.unknown_3 = 0x000004ec; /* don't know */
}
static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
{
if (*account) {
data_blob_clear_free(&((*account)->private.lm_pw));
data_blob_clear_free(&((*account)->private.nt_pw));
if((*account)->private.plaintext_pw!=NULL)
memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
talloc_destroy((*account)->mem_ctx);
*account = NULL;
}
}
/**********************************************************************
Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
***********************************************************************/
NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
{
SMB_ASSERT(*account != NULL);
if (!mem_ctx) {
DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
*account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
if (*account==NULL) {
DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
return NT_STATUS_NO_MEMORY;
}
(*account)->mem_ctx = mem_ctx;
(*account)->free_fn = NULL;
sam_fill_default_account(*account);
return NT_STATUS_OK;
}
/*************************************************************
Alloc memory and initialises a struct sam_passwd.
************************************************************/
NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
{
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation");
if (!mem_ctx) {
DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
return NT_STATUS_NO_MEMORY;
}
if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
talloc_destroy(mem_ctx);
return nt_status;
}
(*account)->free_fn = destroy_sam_talloc;
return NT_STATUS_OK;
}
/**
* Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
*
* Also wipes the LM and NT hashes and plaintext password from
* memory.
*
* @param account SAM_ACCOUNT_HANDLE to free members of.
**/
static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
{
/* Kill off sensitive data. Free()ed by the
talloc mechinism */
data_blob_clear_free(&(account->private.lm_pw));
data_blob_clear_free(&(account->private.nt_pw));
if (account->private.plaintext_pw)
memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
}
/************************************************************
Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
***********************************************************/
NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
{
SMB_ASSERT(account != NULL);
sam_free_account_contents(account);
sam_fill_default_account(account);
return NT_STATUS_OK;
}
/************************************************************
Free the SAM_ACCOUNT_HANDLE and the member pointers.
***********************************************************/
NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
{
SMB_ASSERT(*account != NULL);
sam_free_account_contents(*account);
if ((*account)->free_fn) {
(*account)->free_fn(account);
}
return NT_STATUS_OK;
}
/**********************************************************
Encode the account control bits into a string.
length = length of string to encode into (including terminating
null). length *MUST BE MORE THAN 2* !
**********************************************************/
char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
{
static fstring acct_str;
size_t i = 0;
acct_str[i++] = '[';
if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
for ( ; i < length - 2 ; i++ )
acct_str[i] = ' ';
i = length - 2;
acct_str[i++] = ']';
acct_str[i++] = '\0';
return acct_str;
}
/**********************************************************
Decode the account control bits from a string.
**********************************************************/
uint16 sam_decode_acct_ctrl(const char *p)
{
uint16 acct_ctrl = 0;
BOOL finished = False;
/*
* Check if the account type bits have been encoded after the
* NT password (in the form [NDHTUWSLXI]).
*/
if (*p != '[')
return 0;
for (p++; *p && !finished; p++) {
switch (*p) {
case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
case ' ': { break; }
case ':':
case '\n':
case '\0':
case ']':
default: { finished = True; }
}
}
return acct_ctrl;
}
/*************************************************************
Routine to set 32 hex password characters from a 16 byte array.
**************************************************************/
void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
{
if (pwd != NULL) {
int i;
for (i = 0; i < 16; i++)
slprintf(&p[i*2], 3, "%02X", pwd[i]);
} else {
if (acct_ctrl & ACB_PWNOTREQ)
safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
else
safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
}
}
/*************************************************************
Routine to get the 32 hex characters and turn them
into a 16 byte array.
**************************************************************/
BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
{
int i;
unsigned char lonybble, hinybble;
char *hexchars = "0123456789ABCDEF";
char *p1, *p2;
if (!p)
return (False);
for (i = 0; i < 32; i += 2) {
hinybble = toupper(p[i]);
lonybble = toupper(p[i + 1]);
p1 = strchr(hexchars, hinybble);
p2 = strchr(hexchars, lonybble);
if (!p1 || !p2)
return (False);
hinybble = PTR_DIFF(p1, hexchars);
lonybble = PTR_DIFF(p2, hexchars);
pwd[i / 2] = (hinybble << 4) | lonybble;
}
return (True);
}

845
source/sam/get_set_account.c
View File

@ -1,845 +0,0 @@
/*
Unix SMB/CIFS implementation.
SAM_ACCOUNT_HANDLE access routines
Copyright (C) Andrew Bartlett 2002
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Jelmer Vernooij 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
{
NTSTATUS status;
SAM_DOMAIN_HANDLE *domain;
SAM_ASSERT(!sampass || !sid);
if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n"));
return status;
}
return sam_get_domain_sid(domain, sid);
}
NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name)
{
NTSTATUS status;
SAM_DOMAIN_HANDLE *domain;
SAM_ASSERT(sampass && domain_name);
if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n"));
return status;
}
return sam_get_domain_name(domain, domain_name);
}
NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl)
{
SAM_ASSERT(sampass && acct_ctrl);
*acct_ctrl = sampass->private.acct_ctrl;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time)
{
SAM_ASSERT(sampass && logon_time) ;
*logon_time = sampass->private.logon_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time)
{
SAM_ASSERT(sampass && logoff_time) ;
*logoff_time = sampass->private.logoff_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time)
{
SAM_ASSERT(sampass && kickoff_time);
*kickoff_time = sampass->private.kickoff_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time)
{
SAM_ASSERT(sampass && pass_last_set_time);
*pass_last_set_time = sampass->private.pass_last_set_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time)
{
SAM_ASSERT(sampass && pass_can_change_time);
*pass_can_change_time = sampass->private.pass_can_change_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time)
{
SAM_ASSERT(sampass && pass_must_change_time);
*pass_must_change_time = sampass->private.pass_must_change_time;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs)
{
SAM_ASSERT(sampass && logon_divs);
*logon_divs = sampass->private.logon_divs;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len)
{
SAM_ASSERT(sampass && hours_len);
*hours_len = sampass->private.hours_len;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours)
{
SAM_ASSERT(sampass && hours);
*hours = sampass->private.hours;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd)
{
SAM_ASSERT(sampass);
SMB_ASSERT((!sampass->private.nt_pw.data)
|| sampass->private.nt_pw.length == NT_HASH_LEN);
*nt_pwd = sampass->private.nt_pw;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd)
{
SAM_ASSERT(sampass);
SMB_ASSERT((!sampass->private.lm_pw.data)
|| sampass->private.lm_pw.length == LM_HASH_LEN);
*lm_pwd = sampass->private.lm_pw;
return NT_STATUS_OK;
}
/* Return the plaintext password if known. Most of the time
it isn't, so don't assume anything magic about this function.
Used to pass the plaintext to sam backends that might
want to store more than just the NTLM hashes.
*/
NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd)
{
SAM_ASSERT(sampass && plain_pwd);
*plain_pwd = sampass->private.plaintext_pw;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
{
SAM_ASSERT(sampass);
*sid = &(sampass->private.account_sid);
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
{
SAM_ASSERT(sampass);
*sid = &(sampass->private.group_sid);
return NT_STATUS_OK;
}
/**
* Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE
* @param sampass the SAM_ACCOUNT_HANDLE in question
* @return the flags indicating the members initialised in the struct.
**/
NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag)
{
SAM_ASSERT(sampass);
*initflag = sampass->private.init_flag;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name)
{
SAM_ASSERT(sampass);
*account_name = sampass->private.account_name;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
{
SAM_ASSERT(sampass);
*domain = sampass->private.domain;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname)
{
SAM_ASSERT(sampass);
*fullname = sampass->private.full_name;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir)
{
SAM_ASSERT(sampass);
*homedir = sampass->private.home_dir;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir)
{
SAM_ASSERT(sampass);
*uhomedir = sampass->private.unix_home_dir;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive)
{
SAM_ASSERT(sampass);
*dirdrive = sampass->private.dir_drive;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script)
{
SAM_ASSERT(sampass);
*logon_script = sampass->private.logon_script;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path)
{
SAM_ASSERT(sampass);
*profile_path = sampass->private.profile_path;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description)
{
SAM_ASSERT(sampass);
*description = sampass->private.acct_desc;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations)
{
SAM_ASSERT(sampass);
*workstations = sampass->private.workstations;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str)
{
SAM_ASSERT(sampass);
*unknown_str = sampass->private.unknown_str;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial)
{
SAM_ASSERT(sampass);
*munged_dial = sampass->private.munged_dial;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1)
{
SAM_ASSERT(sampass && unknown1);
*unknown1 = sampass->private.unknown_1;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2)
{
SAM_ASSERT(sampass && unknown2);
*unknown2 = sampass->private.unknown_2;
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3)
{
SAM_ASSERT(sampass && unknown3);
*unknown3 = sampass->private.unknown_3;
return NT_STATUS_OK;
}
/*********************************************************************
Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO.
********************************************************************/
NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl)
{
SAM_ASSERT(sampass);
sampass->private.acct_ctrl = acct_ctrl;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
{
SAM_ASSERT(sampass);
sampass->private.logon_time = mytime;
return NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
{
SAM_ASSERT(sampass);
sampass->private.logoff_time = mytime;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
{
SAM_ASSERT(sampass);
sampass->private.kickoff_time = mytime;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
{
SAM_ASSERT(sampass);
sampass->private.pass_can_change_time = mytime;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
{
SAM_ASSERT(sampass);
sampass->private.pass_must_change_time = mytime;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime)
{
SAM_ASSERT(sampass);
sampass->private.pass_last_set_time = mytime;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
{
SAM_ASSERT(sampass);
sampass->private.hours_len = len;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
{
SAM_ASSERT(sampass);
sampass->private.logon_divs = hours;
return NT_STATUS_OK;
}
/**
* Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE
* @param sampass the SAM_ACCOUNT_HANDLE in question
* @param flag The *new* flag to be set. Old flags preserved
* this flag is only added.
**/
NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag)
{
SAM_ASSERT(sampass);
sampass->private.init_flag |= flag;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid)
{
SAM_ASSERT(sampass && u_sid);
sid_copy(&sampass->private.account_sid, u_sid);
DEBUG(10, ("sam_set_account_sid: setting account sid %s\n",
sid_string_static(&sampass->private.account_sid)));
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid)
{
DOM_SID new_sid;
SAM_ASSERT(sampass && u_sid);
DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n",
u_sid));
if (!string_to_sid(&new_sid, u_sid)) {
DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid));
return NT_STATUS_UNSUCCESSFUL;
}
if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) {
DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid));
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid)
{
SAM_ASSERT(sampass && g_sid);
sid_copy(&sampass->private.group_sid, g_sid);
DEBUG(10, ("sam_set_group_sid: setting group sid %s\n",
sid_string_static(&sampass->private.group_sid)));
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid)
{
DOM_SID new_sid;
SAM_ASSERT(sampass && g_sid);
DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
g_sid));
if (!string_to_sid(&new_sid, g_sid)) {
DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
return NT_STATUS_UNSUCCESSFUL;
}
if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) {
DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid));
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
/*********************************************************************
Set the domain name.
********************************************************************/
NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
{
SAM_ASSERT(sampass);
sampass->private.domain = domain;
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's NT name.
********************************************************************/
NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name));
sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's full name.
********************************************************************/
NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's logon script.
********************************************************************/
NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's profile path.
********************************************************************/
NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's directory drive.
********************************************************************/
NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
sampass->private.dir_drive));
sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's home directory.
********************************************************************/
NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
sampass->private.home_dir));
sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's unix home directory.
********************************************************************/
NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
sampass->private.unix_home_dir));
sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's account description.
********************************************************************/
NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc)
{
SAM_ASSERT(sampass);
sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's workstation allowed list.
********************************************************************/
NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations)
{
SAM_ASSERT(sampass);
DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
sampass->private.workstations));
sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's 'unknown_str', whatever the heck this actually is...
********************************************************************/
NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str)
{
SAM_ASSERT(sampass);
sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's dial string.
********************************************************************/
NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial)
{
SAM_ASSERT(sampass);
sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's NT hash.
********************************************************************/
NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
{
SAM_ASSERT(sampass);
sampass->private.nt_pw = data;
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's LM hash.
********************************************************************/
NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
{
SAM_ASSERT(sampass);
sampass->private.lm_pw = data;
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's plaintext password only (base procedure, see helper
below)
********************************************************************/
NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd)
{
SAM_ASSERT(sampass);
sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd);
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
{
SAM_ASSERT(sampass);
sampass->private.unknown_1 = unkn;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
{
SAM_ASSERT(sampass);
sampass->private.unknown_2 = unkn;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
{
SAM_ASSERT(sampass);
sampass->private.unknown_3 = unkn;
return NT_STATUS_OK;
}
NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours)
{
SAM_ASSERT(sampass);
if (!hours) {
memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
return NT_STATUS_OK;
}
memcpy(sampass->private.hours, hours, MAX_HOURS_LEN);
return NT_STATUS_OK;
}
/* Helpful interfaces to the above */
/*********************************************************************
Sets the last changed times and must change times for a normal
password change.
********************************************************************/
NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass)
{
uint32 expire;
NTTIME temptime;
SAM_ASSERT(sampass);
unix_to_nt_time(&temptime, time(NULL));
if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime)))
return NT_STATUS_UNSUCCESSFUL;
if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
|| (expire==(uint32)-1)) {
get_nttime_max(&temptime);
if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False)))
return NT_STATUS_UNSUCCESSFUL;
} else {
/* FIXME: Add expire to temptime */
if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True)))
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
/*********************************************************************
Set the account's PLAINTEXT password. Used as an interface to the above.
Also sets the last change time to NOW.
********************************************************************/
NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext)
{
DATA_BLOB data;
uchar new_lanman_p16[16];
uchar new_nt_p16[16];
SAM_ASSERT(sampass && plaintext);
nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16);
data = data_blob(new_nt_p16, 16);
if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data)))
return NT_STATUS_UNSUCCESSFUL;
data = data_blob(new_lanman_p16, 16);
if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data)))
return NT_STATUS_UNSUCCESSFUL;
if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext)))
return NT_STATUS_UNSUCCESSFUL;
if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass)))
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}

263
source/sam/get_set_domain.c
View File

@ -1,263 +0,0 @@
/*
Unix SMB/CIFS implementation.
SAM_DOMAIN access routines
Copyright (C) Andrew Bartlett 2002
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Jelmer Vernooij 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid)
{
SAM_ASSERT(domain &&sid);
*sid = &(domain->private.sid);
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts)
{
SAM_ASSERT(domain &&num_accounts);
*num_accounts = domain->private.num_accounts;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
{
SAM_ASSERT(domain &&num_groups);
*num_groups = domain->private.num_groups;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
{
SAM_ASSERT(domain &&num_aliases);
*num_aliases = domain->private.num_aliases;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name)
{
SAM_ASSERT(domain &&domain_name);
*domain_name = domain->private.name;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name)
{
SAM_ASSERT(domain &&server_name);
*server_name = domain->private.servername;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
{
SAM_ASSERT(domain &&max_passwordage);
*max_passwordage = domain->private.max_passwordage;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
{
SAM_ASSERT(domain &&min_passwordage);
*min_passwordage = domain->private.min_passwordage;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
{
SAM_ASSERT(domain &&lockout_duration);
*lockout_duration = domain->private.lockout_duration;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
{
SAM_ASSERT(domain &&reset_lockout_count);
*reset_lockout_count = domain->private.reset_count;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
{
SAM_ASSERT(domain &&min_passwordlength);
*min_passwordlength = domain->private.min_passwordlength;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
{
SAM_ASSERT(domain &&password_history);
*password_history = domain->private.password_history;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
{
SAM_ASSERT(domain &&lockout_count);
*lockout_count = domain->private.lockout_count;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
{
SAM_ASSERT(domain &&force_logoff);
*force_logoff = domain->private.force_logoff;
return NT_STATUS_OK;
}
NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
{
SAM_ASSERT(domain && login_pwdchange);
*login_pwdchange = domain->private.login_pwdchange;
return NT_STATUS_OK;
}
/* Set */
NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name)
{
SAM_ASSERT(domain);
domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
{
SAM_ASSERT(domain);
domain->private.max_passwordage = max_passwordage;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
{
SAM_ASSERT(domain);
domain->private.min_passwordage = min_passwordage;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
{
SAM_ASSERT(domain);
domain->private.lockout_duration = lockout_duration;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
{
SAM_ASSERT(domain);
domain->private.reset_count = reset_lockout_count;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
{
SAM_ASSERT(domain);
domain->private.min_passwordlength = min_passwordlength;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
{
SAM_ASSERT(domain);
domain->private.password_history = password_history;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
{
SAM_ASSERT(domain);
domain->private.lockout_count = lockout_count;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
{
SAM_ASSERT(domain);
domain->private.force_logoff = force_logoff;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
{
SAM_ASSERT(domain);
domain->private.login_pwdchange = login_pwdchange;
return NT_STATUS_OK;
}
NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name)
{
SAM_ASSERT(domain);
domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
return NT_STATUS_OK;
}

106
source/sam/get_set_group.c
View File

@ -1,106 +0,0 @@
/*
Unix SMB/CIFS implementation.
SAM_USER_HANDLE access routines
Copyright (C) Andrew Bartlett 2002
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Jelmer Vernooij 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
/* sam group get functions */
NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid)
{
SAM_ASSERT(group && sid);
*sid = &(group->private.sid);
return NT_STATUS_OK;
}
NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl)
{
SAM_ASSERT(group && group_ctrl);
*group_ctrl = group->private.group_ctrl;
return NT_STATUS_OK;
}
NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name)
{
SAM_ASSERT(group);
*group_name = group->private.group_name;
return NT_STATUS_OK;
}
NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc)
{
SAM_ASSERT(group);
*group_desc = group->private.group_desc;
return NT_STATUS_OK;
}
/* sam group set functions */
NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid)
{
SAM_ASSERT(group);
if (!sid)
ZERO_STRUCT(group->private.sid);
else
sid_copy(&(group->private.sid), sid);
return NT_STATUS_OK;
}
NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl)
{
SAM_ASSERT(group);
group->private.group_ctrl = group_ctrl;
return NT_STATUS_OK;
}
NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name)
{
SAM_ASSERT(group);
group->private.group_name = talloc_strdup(group->mem_ctx, group_name);
return NT_STATUS_OK;
}
NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc)
{
SAM_ASSERT(group);
group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc);
return NT_STATUS_OK;
}

193
source/sam/group.c
View File

@ -1,193 +0,0 @@
/*
Unix SMB/CIFS implementation.
SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
/************************************************************
Fill the SAM_GROUP_HANDLE with default values.
***********************************************************/
static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
{
ZERO_STRUCT(group->private); /* Don't touch the talloc context */
}
static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
{
if (*group) {
talloc_destroy((*group)->mem_ctx);
*group = NULL;
}
}
/**********************************************************************
Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
***********************************************************************/
NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
{
SMB_ASSERT(*group != NULL);
if (!mem_ctx) {
DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
*group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
if (*group==NULL) {
DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
return NT_STATUS_NO_MEMORY;
}
(*group)->mem_ctx = mem_ctx;
(*group)->free_fn = NULL;
sam_fill_default_group(*group);
return NT_STATUS_OK;
}
/*************************************************************
Alloc memory and initialises a struct SAM_GROUP_HANDLE.
************************************************************/
NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
{
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation");
if (!mem_ctx) {
DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
return NT_STATUS_NO_MEMORY;
}
if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
talloc_destroy(mem_ctx);
return nt_status;
}
(*group)->free_fn = destroy_sam_group_handle_talloc;
return NT_STATUS_OK;
}
/************************************************************
Reset the SAM_GROUP_HANDLE.
***********************************************************/
NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
{
SMB_ASSERT(group != NULL);
sam_fill_default_group(group);
return NT_STATUS_OK;
}
/************************************************************
Free the SAM_GROUP_HANDLE and the member pointers.
***********************************************************/
NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
{
SMB_ASSERT(*group != NULL);
if ((*group)->free_fn) {
(*group)->free_fn(group);
}
return NT_STATUS_OK;
}
/**********************************************************
Encode the group control bits into a string.
length = length of string to encode into (including terminating
null). length *MUST BE MORE THAN 2* !
**********************************************************/
char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
{
static fstring group_str;
size_t i = 0;
group_str[i++] = '[';
if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
for ( ; i < length - 2 ; i++ )
group_str[i] = ' ';
i = length - 2;
group_str[i++] = ']';
group_str[i++] = '\0';
return group_str;
}
/**********************************************************
Decode the group control bits from a string.
**********************************************************/
uint16 sam_decode_group_ctrl(const char *p)
{
uint16 group_ctrl = 0;
BOOL finished = False;
/*
* Check if the account type bits have been encoded after the
* NT password (in the form [NDHTUWSLXI]).
*/
if (*p != '[')
return 0;
for (p++; *p && !finished; p++) {
switch (*p) {
case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
case ' ': { break; }
case ':':
case '\n':
case '\0':
case ']':
default: { finished = True; }
}
}
return group_ctrl;
}

562
source/sam/gumm_tdb.c
View File

@ -1,562 +0,0 @@
/*
* Unix SMB/CIFS implementation.
* SMB parameters and setup
* Copyright (C) Andrew Tridgell 1992-1998
* Copyright (C) Simo Sorce 2000-2002
* Copyright (C) Gerald Carter 2000
* Copyright (C) Jeremy Allison 2001
* Copyright (C) Andrew Bartlett 2002
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "gums.h"
#include "tdbsam2.h"
#include "tdbsam2_parse_info.h"
static int tdbgumm_debug_level = DBGC_ALL;
#undef DBGC_CLASS
#define DBGC_CLASS tdbgumm_debug_level
#define TDBSAM_VERSION "20021215"
#define TDB_FILE_NAME "tdbsam2.tdb"
#define DOMAINPREFIX "DOMAIN_"
#define OBJECTPREFIX "OBJECT_"
#define SIDPREFIX "SID_"
#define PRIVILEGEPREFIX "PRIV_"
#define TDB_FORMAT_STRING "ddB"
union tdbsam2_data {
struct tdbsam2_domain_data *domain;
struct tdbsam2_user_data *user;
struct tdbsam2_group_data *group;
};
struct tdbsam2_object {
uint32 type;
union tdbsam2_data data;
};
static TDB_CONTEXT *tdbsam2_db;
#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0)
static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) {
return NT_STATUS_OK;
}
static NTSTATUS tdbsam2_opentdb(void) {
return NT_STATUS_OK;
}
static NTSTATUS tdbsam2_get_object_by_name(struct tdbsam2_object *obj, TALLOC_CTX *mem_ctx, const char* name) {
NTSTATUS ret;
TDB_DATA data, key;
fstring keystr;
fstring objname;
if (!obj || !mem_ctx || !name)
return NT_STATUS_INVALID_PARAMETER;
if (tdbsam2_db == NULL) {
if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
goto done;
}
}
unix_strlower(name, -1, objname, sizeof(objname));
slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, objname);
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch(tdbsam2_db, key);
if (!data.dptr) {
DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
SAFE_FREE(data.dptr);
DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
SAFE_FREE(data.dptr);
ret = NT_STATUS_OK;
done:
return ret;
}
static NTSTATUS tdbsam2_store(struct tdbsam2_object *object) {
NTSTATUS ret;
return NT_STATUS_OK;
}
static NTSTATUS tdbsam2_get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID *sid) {
NTSTATUS ret;
return NT_STATUS_OK;
}
static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata, uint32 type) {
NTSTATUS ret;
if (!object || !userdata) {
DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* userdata->xcounter */
/* userdata->sec_desc */
SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error);
SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error);
SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error);
if (userdata->description)
SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error);
if (userdata->full_name)
SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error);
if (userdata->home_dir)
SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error);
if (userdata->dir_drive)
SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error);
if (userdata->logon_script)
SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error);
if (userdata->profile_path)
SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error);
if (userdata->workstations)
SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error);
if (userdata->unknown_str)
SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error);
if (userdata->munged_dial)
SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error);
SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error);
SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error);
if (userdata->hours)
SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error);
SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error);
SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
SET_OR_FAIL(gums_set_user_logon_time(*object, userdata->logon_time), error);
SET_OR_FAIL(gums_set_user_logoff_time(*object, userdata->logoff_time), error);
SET_OR_FAIL(gums_set_user_kickoff_time(*object, userdata->kickoff_time), error);
SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, userdata->pass_last_set_time), error);
SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, userdata->pass_can_change_time), error);
SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, userdata->pass_must_change_time), error);
ret = NT_STATUS_OK;
return ret;
error:
talloc_destroy((*object)->mem_ctx);
*object = NULL;
return ret;
}
static NTSTATUS tdbsam2_group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata, uint32 type) {
NTSTATUS ret;
if (!object || !groupdata) {
DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* groupdata->xcounter */
/* groupdata->sec_desc */
SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error);
SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error);
if (groupdata->description)
SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error);
if (groupdata->count)
SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error);
ret = NT_STATUS_OK;
return ret;
error:
talloc_destroy((*object)->mem_ctx);
*object = NULL;
return ret;
}
static NTSTATUS tdbsam2_domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata, uint32 type) {
NTSTATUS ret;
if (!object || !domdata) {
DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* domdata->xcounter */
/* domdata->sec_desc */
SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error);
SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error);
if (domdata->description)
SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error);
ret = NT_STATUS_OK;
return ret;
error:
talloc_destroy((*object)->mem_ctx);
*object = NULL;
return ret;
}
static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) {
NTSTATUS ret;
if (!object || !data) {
DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n"));
ret = NT_STATUS_INVALID_PARAMETER;
goto done;
}
ret = gums_create_object(object, data->type);
if (NT_STATUS_IS_ERR(ret)) {
DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n"));
goto done;
}
switch (data->type) {
case GUMS_OBJ_DOMAIN:
ret = tdbsam2_domain_data_to_gums_object(object, data->data.domain, data->type);
break;
case GUMS_OBJ_NORMAL_USER:
ret = tdbsam2_user_data_to_gums_object(object, data->data.user, data->type);
break;
case GUMS_OBJ_GROUP:
case GUMS_OBJ_ALIAS:
ret = tdbsam2_group_data_to_gums_object(object, data->data.group, data->type);
break;
default:
ret = NT_STATUS_UNSUCCESSFUL;
}
done:
return ret;
}
/* GUMM object functions */
static NTSTATUS get_domain_sid(DOM_SID *sid, const char* name) {
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
TDB_DATA data, key;
fstring keystr;
fstring domname;
if (!sid || !name)
return NT_STATUS_INVALID_PARAMETER;
mem_ctx = talloc_init("get_domain_sid");
if (!mem_ctx) {
DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (tdbsam2_db == NULL) {
if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
goto done;
}
}
unix_strlower(name, -1, domname, sizeof(domname));
slprintf(keystr, sizeof(keystr)-1, "%s%s", DOMAINPREFIX, domname);
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch(tdbsam2_db, key);
if (!data.dptr) {
DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
SAFE_FREE(data.dptr);
DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
SAFE_FREE(data.dptr);
if (obj.type != GUMS_OBJ_DOMAIN) {
DEBUG(5, ("get_domain_sid: Requested object is not a domain!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
sid_copy(sid, obj.data.domain->dom_sid);
ret = NT_STATUS_OK;
done:
if (mem_ctx) talloc_destroy(mem_ctx);
return ret;
}
NTSTATUS (*set_domain_sid) (const DOM_SID *sid, const char *name);
NTSTATUS (*get_sequence_number) (void);
static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int obj_type) {
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
if (!sid || !name) {
DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
mem_ctx = talloc_init("tdbsam2_new_object");
if (!mem_ctx) {
DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
switch (obj_type) {
case GUMS_OBJ_NORMAL_USER:
obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
TALLOC_CHECK(obj.data.user, ret, done);
/*obj.data.user->sec_desc*/
tdbsam2_get_next_sid(mem_ctx, obj.data.user->user_sid);
TALLOC_CHECK(obj.data.user->user_sid, ret, done);
obj.data.user->name = talloc_strdup(mem_ctx, name);
TALLOC_CHECK(obj.data.user, ret, done);
break;
case GUMS_OBJ_GROUP:
case GUMS_OBJ_ALIAS:
obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
TALLOC_CHECK(obj.data.group, ret, done);
/*obj.data.user->sec_desc*/
tdbsam2_get_next_sid(mem_ctx, obj.data.group->group_sid);
TALLOC_CHECK(obj.data.group->group_sid, ret, done);
obj.data.group->name = talloc_strdup(mem_ctx, name);
TALLOC_CHECK(obj.data.group, ret, done);
break;
case GUMS_OBJ_DOMAIN:
/* TODO: SHOULD WE ALLOW TO CREATE NEW DOMAINS ? */
default:
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
ret = tdbsam2_store(&obj);
done:
talloc_destroy(mem_ctx);
return ret;
}
static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) {
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
TDB_DATA data, key;
fstring keystr;
fstring sidstr;
char *obj_name = NULL;
int obj_type, obj_version, len;
if (!sid) {
DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
mem_ctx = talloc_init("tdbsam2_delete_object");
if (!mem_ctx) {
DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (tdbsam2_db == NULL) {
if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
goto done;
}
}
sid_to_string(sidstr, sid);
slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr);
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch(tdbsam2_db, key);
if (!data.dptr) {
DEBUG(5, ("get_domain_sid: Error fetching database, SID entry not found!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
&obj_version,
&obj_type,
&obj_name);
if (len == -1) {
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
switch (obj_type) {
case GUMS_OBJ_NORMAL_USER:
case GUMS_OBJ_GROUP:
case GUMS_OBJ_ALIAS:
slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, obj_name);
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
break;
case GUMS_OBJ_DOMAIN:
/* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
default:
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
done:
SAFE_FREE(obj_name);
talloc_destroy(mem_ctx);
return ret;
}
NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
/* This function is used to get the list of all objects changed since b_time, it is
used to support PDC<->BDC synchronization */
NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
NTSTATUS (*enumerate_objects_stop) (void *handle);
/* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
Never use this function to update an object in the database, use set_object_values() */
NTSTATUS (*set_object) (const GUMS_OBJECT *object);
/* set object values function */
NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
/* Group related functions */
NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
NTSTATUS (*lock_sid) (const DOM_SID *sid);
NTSTATUS (*unlock_sid) (const DOM_SID *sid);
/* privileges related functions */
NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
/* warning!: set_privilege will overwrite a prior existing privilege if such exist */
NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
int gumm_init(GUMS_FUNCTIONS **storage) {
return 0;
}

131
source/sam/gums.c
View File

@ -1,131 +0,0 @@
/*
Unix SMB/CIFS implementation.
Grops and Users Management System initializations.
Copyright (C) Simo Sorce 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/*#undef DBGC_CLASS
#define DBGC_CLASS DBGC_GUMS*/
#define GMV_MAJOR 0
#define GMV_MINOR 1
GUMS_FUNCTIONS *gums_storage;
static void *dl_handle;
PRIVS privs[] = {
{PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
{PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
{PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
{PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
{PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
{PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
{PRIV_TCB, "SeTCB", "TCB"},
{PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
{PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
{PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
{PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
{PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
{PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
{PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
{PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
{PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
{PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
{PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
{PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
{PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
{PRIV_AUDIT, "SeAudit", "Audit"},
{PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
{PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
{PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
{PRIV_UNDOCK, "SeUndock", "Undock"},
{PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
{PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
{PRIV_ALL, "SaAllPrivs", "All Privileges"}
};
NTSTATUS gums_init(const char *module_name)
{
int (*module_version)(int);
NTSTATUS (*module_init)();
/* gums_module_init module_init;*/
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
DEBUG(5, ("Opening gums module %s\n", module_name));
dl_handle = sys_dlopen(module_name, RTLD_NOW);
if (!dl_handle) {
DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
module_version = sys_dlsym(dl_handle, "gumm_version");
if (!module_version) {
DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
goto error;
}
if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
goto error;
}
if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
}
module_init = sys_dlsym(dl_handle, "gumm_init");
if (!module_init) {
DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
goto error;
}
DEBUG(5, ("Initializing module %s\n", module_name));
ret = module_init(&gums_storage);
goto done;
error:
ret = NT_STATUS_UNSUCCESSFUL;
sys_dlclose(dl_handle);
done:
return ret;
}
NTSTATUS gums_unload(void)
{
NSTATUS ret;
NTSTATUS (*module_finalize)();
if (!dl_handle)
return NT_STATUS_UNSUCCESSFUL;
module_close = sys_dlsym(dl_handle, "gumm_finalize");
if (!module_finalize) {
DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(5, ("Finalizing module %s\n", module_name));
ret = module_finalize();
sys_dlclose(dl_handle);
return ret;
}

1268
source/sam/gums_api.c
View File

File diff suppressed because it is too large Load Diff

607
source/sam/gums_helper.c
View File

@ -1,607 +0,0 @@
/*
Unix SMB/CIFS implementation.
GUMS backends helper functions
Copyright (C) Simo Sorce 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern GUMS_FUNCTIONS *gums_storage;
extern DOM_SID global_sid_World;
extern DOM_SID global_sid_Builtin_Administrators;
extern DOM_SID global_sid_Builtin_Power_Users;
extern DOM_SID global_sid_Builtin_Account_Operators;
extern DOM_SID global_sid_Builtin_Server_Operators;
extern DOM_SID global_sid_Builtin_Print_Operators;
extern DOM_SID global_sid_Builtin_Backup_Operators;
extern DOM_SID global_sid_Builtin_Replicator;
extern DOM_SID global_sid_Builtin_Users;
extern DOM_SID global_sid_Builtin_Guests;
/* defines */
#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
/****************************************************************************
Check if a user is a mapped group.
This function will check if the group SID is mapped onto a
system managed gid or onto a winbind manged sid.
In the first case it will be threated like a mapped group
and the backend should take the member list with a getgrgid
and ignore any user that have been possibly set into the group
object.
In the second case, the group is a fully SAM managed group
served back to the system through winbind. In this case the
members of a Local group are "unrolled" to cope with the fact
that unix cannot contain groups inside groups.
The backend MUST never call any getgr* / getpw* function or
loops with winbind may happen.
****************************************************************************/
/*
NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
{
NTSTATUS result;
gid_t id;
/* look if mapping exist, do not make idmap alloc an uid if SID is not found * /
result = idmap_get_gid_from_sid(&id, sid, False);
if (NT_STATUS_IS_OK(result)) {
*mapped = gid_is_in_winbind_range(id);
} else {
*mapped = False;
}
return result;
}
*/
/****************************************************************************
duplicate alloc luid_attr
****************************************************************************/
NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
{
*new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
if (*new_la == NULL) {
DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
return NT_STATUS_NO_MEMORY;
}
(*new_la)->luid.high = old_la.luid.high;
(*new_la)->luid.low = old_la.luid.low;
(*new_la)->attr = old_la.attr;
return NT_STATUS_OK;
}
/****************************************************************************
initialise a privilege list
****************************************************************************/
void init_privilege(PRIVILEGE_SET *priv_set)
{
priv_set->count=0;
priv_set->control=0;
priv_set->set=NULL;
}
/****************************************************************************
add a privilege to a privilege array
****************************************************************************/
NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
{
LUID_ATTR *new_set;
/* check if the privilege is not already in the list */
if (check_priv_in_privilege(priv_set, set))
return NT_STATUS_UNSUCCESSFUL;
/* we can allocate memory to add the new privilege */
new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
if (new_set==NULL) {
DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
return NT_STATUS_NO_MEMORY;
}
new_set[priv_set->count].luid.high=set.luid.high;
new_set[priv_set->count].luid.low=set.luid.low;
new_set[priv_set->count].attr=set.attr;
priv_set->count++;
priv_set->set=new_set;
return NT_STATUS_OK;
}
/****************************************************************************
add all the privileges to a privilege array
****************************************************************************/
NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
{
NTSTATUS result = NT_STATUS_OK;
LUID_ATTR set;
set.attr=0;
set.luid.high=0;
set.luid.low=SE_PRIV_ADD_USERS;
result = add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
set.luid.low=SE_PRIV_ADD_MACHINES;
result = add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
set.luid.low=SE_PRIV_PRINT_OPERATOR;
result = add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
done:
return result;
}
/****************************************************************************
check if the privilege list is empty
****************************************************************************/
BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
{
return (priv_set->count == 0);
}
/****************************************************************************
check if the privilege is in the privilege list
****************************************************************************/
BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
{
int i;
/* if the list is empty, obviously we can't have it */
if (check_empty_privilege(priv_set))
return False;
for (i=0; i<priv_set->count; i++) {
LUID_ATTR *cur_set;
cur_set=&priv_set->set[i];
/* check only the low and high part. Checking the attr field has no meaning */
if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
return True;
}
return False;
}
/****************************************************************************
remove a privilege from a privilege array
****************************************************************************/
NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
{
LUID_ATTR *new_set;
LUID_ATTR *old_set;
int i,j;
/* check if the privilege is in the list */
if (!check_priv_in_privilege(priv_set, set))
return NT_STATUS_UNSUCCESSFUL;
/* special case if it's the only privilege in the list */
if (priv_set->count==1) {
init_privilege(priv_set);
return NT_STATUS_OK;
}
/*
* the privilege is there, create a new list,
* and copy the other privileges
*/
old_set = priv_set->set;
new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
if (new_set==NULL) {
DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
return NT_STATUS_NO_MEMORY;
}
for (i=0, j=0; i<priv_set->count; i++) {
if ((old_set[i].luid.low == set.luid.low) &&
(old_set[i].luid.high == set.luid.high)) {
continue;
}
new_set[j].luid.low = old_set[i].luid.low;
new_set[j].luid.high = old_set[i].luid.high;
new_set[j].attr = old_set[i].attr;
j++;
}
if (j != priv_set->count - 1) {
DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
return NT_STATUS_INTERNAL_ERROR;
}
/* ok everything is fine */
priv_set->count--;
priv_set->set=new_set;
return NT_STATUS_OK;
}
/****************************************************************************
duplicates a privilege array
****************************************************************************/
NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
{
LUID_ATTR *new_set;
LUID_ATTR *old_set;
int i;
*new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
init_privilege(*new_priv_set);
/* special case if there are no privileges in the list */
if (priv_set->count == 0) {
return NT_STATUS_OK;
}
/*
* create a new list,
* and copy the other privileges
*/
old_set = priv_set->set;
new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
if (new_set==NULL) {
DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
return NT_STATUS_NO_MEMORY;
}
for (i=0; i < priv_set->count; i++) {
new_set[i].luid.low = old_set[i].luid.low;
new_set[i].luid.high = old_set[i].luid.high;
new_set[i].attr = old_set[i].attr;
}
(*new_priv_set)->count = priv_set->count;
(*new_priv_set)->control = priv_set->control;
(*new_priv_set)->set = new_set;
return NT_STATUS_OK;
}
#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
(READ_CONTROL_ACCESS | \
SA_RIGHT_ALIAS_LOOKUP_INFO | \
SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
{
DOM_SID *world = &global_sid_World;
DOM_SID *admins = &global_sid_Builtin_Administrators;
SEC_ACCESS sa;
SEC_ACE sacl_ace;
SEC_ACE dacl_aces[2];
SEC_ACL *sacl = NULL;
SEC_ACL *dacl = NULL;
size_t psize;
init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
if (!sacl) {
DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
return NT_STATUS_NO_MEMORY;
}
init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
if (!sacl) {
DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
return NT_STATUS_NO_MEMORY;
}
*sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
if (!(*sec_desc)) {
DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
{
NTSTATUS result;
SEC_ACE *new_aces;
unsigned num_aces;
int i;
num_aces = sec_desc->dacl->num_aces + 1;
result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
if (NT_STATUS_IS_OK(result)) {
sec_desc->dacl->ace = new_aces;
sec_desc->dacl->num_aces = num_aces;
sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
for (i = 0; i < num_aces; i++) {
sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
}
}
return result;
}
NTSTATUS gums_init_builtin_groups(void)
{
NTSTATUS result;
GUMS_OBJECT g_obj;
GUMS_GROUP *g_grp;
GUMS_PRIVILEGE g_priv;
/* Build the well known Builtin Local Groups */
g_obj.type = GUMS_OBJ_GROUP;
g_obj.version = 1;
g_obj.seq_num = 0;
g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
if (g_obj.mem_ctx == NULL) {
DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;
}
/* Administrators */
/* alloc group structure */
g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP));
ALLOC_CHECK("gums_init_backend", g_obj.data, result, done);
/* make admins sid */
g_grp = (GUMS_GROUP *)g_obj.data;
sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
/* make security descriptor */
result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
/* make privilege set */
/* From BDC join trace:
SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeRemoteShutdownPrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLocalDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* numebr of group members */
g_grp->count = 0;
g_grp->members = NULL;
/* store Administrators group */
result = gums_storage->set_object(&g_obj);
/* Power Users */
/* Domain Controllers Does NOT have power Users */
sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
/* make privilege set */
/* SE_PRIV_??? */
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Power Users group */
result = gums_storage->set_object(&g_obj);
/* Account Operators */
sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
/* make privilege set */
/* From BDC join trace:
SeShutdownPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Account Operators group */
result = gums_storage->set_object(&g_obj);
/* Server Operators */
sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
/* make privilege set */
/* From BDC join trace:
SeBackupPrivilege
SeRestorePrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeRemoteShutdownPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Server Operators group */
result = gums_storage->set_object(&g_obj);
/* Print Operators */
sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
/* make privilege set */
/* From BDC join trace:
SeShutdownPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Print Operators group */
result = gums_storage->set_object(&g_obj);
/* Backup Operators */
sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
/* make privilege set */
/* From BDC join trace:
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Backup Operators group */
result = gums_storage->set_object(&g_obj);
/* Replicator */
sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
/* make privilege set */
/* From BDC join trace:
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
*/
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Replicator group */
result = gums_storage->set_object(&g_obj);
/* Users */
sid_copy(g_obj.sid, &global_sid_Builtin_Users);
/* add ACE to sec dsec dacl */
sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Users group */
result = gums_storage->set_object(&g_obj);
/* Guests */
sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
/* set name */
g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
/* set description */
g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
/* store Guests group */
result = gums_storage->set_object(&g_obj);
/* set default privileges */
g_priv.type = GUMS_OBJ_GROUP;
g_priv.version = 1;
g_priv.seq_num = 0;
g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
if (g_priv.mem_ctx == NULL) {
DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;
}
done:
talloc_destroy(g_obj.mem_ctx);
talloc_destroy(g_priv.mem_ctx);
return result;
}

1338
source/sam/interface.c
View File

File diff suppressed because it is too large Load Diff

1378
source/sam/sam_ads.c
View File

File diff suppressed because it is too large Load Diff

79
source/sam/sam_plugin.c
View File

@ -1,79 +0,0 @@
/*
Unix SMB/CIFS implementation.
Loadable san module interface.
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Andrew Bartlett 2002
Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params)
{
void *dl_handle;
char *plugin_params, *plugin_name, *p;
sam_init_function plugin_init;
int (*plugin_version)(void);
if (module_params == NULL) {
DEBUG(0, ("The plugin module needs an argument!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_name = smb_xstrdup(module_params);
p = strchr(plugin_name, ':');
if (p) {
*p = 0;
plugin_params = p+1;
trim_string(plugin_params, " ", " ");
} else plugin_params = NULL;
trim_string(plugin_name, " ", " ");
DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
dl_handle = sys_dlopen(plugin_name, RTLD_NOW);
if (!dl_handle) {
DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_version = sys_dlsym(dl_handle, "sam_version");
if (!plugin_version) {
sys_dlclose(dl_handle);
DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
if (plugin_version()!=SAM_INTERFACE_VERSION) {
sys_dlclose(dl_handle);
DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
plugin_version(),SAM_INTERFACE_VERSION));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_init = sys_dlsym(dl_handle, "sam_init");
if (!plugin_init) {
sys_dlclose(dl_handle);
DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name));
return plugin_init(sam_methods, plugin_params);
}

251
source/sam/sam_skel.c
View File

@ -1,251 +0,0 @@
/*
Unix SMB/CIFS implementation.
this is a skeleton for SAM backend modules.
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Andrew Bartlett 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
static int sam_skel_debug_level = DBGC_SAM;
#undef DBGC_CLASS
#define DBGC_CLASS sam_skel_debug_level
/* define the version of the SAM interface */
SAM_MODULE_VERSIONING_MAGIC
/* General API */
static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
/* Domain API */
static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
/* Account API */
static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
/* Group API */
static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
{
DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params)
{
/* Functions your SAM module doesn't provide should be set
* to NULL */
sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
sam_methods->sam_lookup_name = sam_skel_lookup_name;
/* Domain API */
sam_methods->sam_update_domain = sam_skel_update_domain;
sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
/* Account API */
sam_methods->sam_create_account = sam_skel_create_account;
sam_methods->sam_add_account = sam_skel_add_account;
sam_methods->sam_update_account = sam_skel_update_account;
sam_methods->sam_delete_account = sam_skel_delete_account;
sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
/* Group API */
sam_methods->sam_create_group = sam_skel_create_group;
sam_methods->sam_add_group = sam_skel_add_group;
sam_methods->sam_update_group = sam_skel_update_group;
sam_methods->sam_delete_group = sam_skel_delete_group;
sam_methods->sam_enum_groups = sam_skel_enum_groups;
sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
sam_methods->free_private_data = NULL;
sam_skel_debug_level = debug_add_class("sam_skel");
if (sam_skel_debug_level == -1) {
sam_skel_debug_level = DBGC_SAM;
DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
} else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
if(module_params)
DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
else
DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
return NT_STATUS_OK;
}