1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
samba-mirror/source/sam/interface.c
Simo Sorce a123e05877 try to put every security descriptors related definitions in the same file.
also try to uniform names to a clean scheme.

first part.
-

1339 lines
40 KiB
C

/*
Unix SMB/CIFS implementation.
Password and authentication handling
Copyright (C) Andrew Bartlett 2002
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Kai Krüger 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SAM
extern DOM_SID global_sid_Builtin;
/** List of various built-in sam modules */
const struct sam_init_function_entry builtin_sam_init_functions[] = {
{ "plugin", sam_init_plugin },
#ifdef HAVE_LDAP
{ "ads", sam_init_ads },
#endif
{ "skel", sam_init_skel },
{ NULL, NULL}
};
static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
{
SAM_METHODS *tmp_methods;
DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
/* invalid sam_context specified */
SAM_ASSERT(context && context->methods);
tmp_methods = context->methods;
while (tmp_methods) {
if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
{
(*sam_method) = tmp_methods;
return NT_STATUS_OK;
}
tmp_methods = tmp_methods->next;
}
DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
{
SAM_METHODS *tmp_methods;
DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
/* invalid sam_context specified */
SAM_ASSERT(context && context->methods);
tmp_methods = context->methods;
while (tmp_methods) {
if (strequal(domainname, tmp_methods->domain_name))
{
(*sam_method) = tmp_methods;
return NT_STATUS_OK;
}
tmp_methods = tmp_methods->next;
}
DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
return NT_STATUS_NO_SUCH_DOMAIN;
}
static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
{
*methods = talloc(mem_ctx, sizeof(SAM_METHODS));
if (!*methods) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*methods);
return NT_STATUS_OK;
}
/******************************************************************
Free and cleanup a sam context, any associated data and anything
that the attached modules might have associated.
*******************************************************************/
void free_sam_context(SAM_CONTEXT **context)
{
SAM_METHODS *sam_selected = (*context)->methods;
while (sam_selected) {
if (sam_selected->free_private_data) {
sam_selected->free_private_data(&(sam_selected->private_data));
}
sam_selected = sam_selected->next;
}
talloc_destroy((*context)->mem_ctx);
*context = NULL;
}
/******************************************************************
Make a backend_entry from scratch
*******************************************************************/
static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
{
char *tmp = NULL;
char *tmp_string = sam_backend_string;
DEBUG(5,("make_backend_entry: %d\n", __LINE__));
SAM_ASSERT(sam_backend_string && backend_entry);
backend_entry->module_name = sam_backend_string;
DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
if ((tmp = strrchr(tmp_string, '|')) != NULL) {
DEBUGADD(20,("a domain name has been specified\n"));
*tmp = 0;
backend_entry->domain_name = smb_xstrdup(tmp + 1);
tmp_string = tmp + 1;
}
if ((tmp = strchr(tmp_string, ':')) != NULL) {
DEBUG(20,("options for the backend have been specified\n"));
*tmp = 0;
backend_entry->module_params = smb_xstrdup(tmp + 1);
tmp_string = tmp + 1;
}
if (backend_entry->domain_name == NULL) {
DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
backend_entry->module_name, lp_workgroup()));
backend_entry->domain_name = smb_xstrdup(lp_workgroup());
}
if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
return NT_STATUS_NO_MEMORY;
}
DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
backend_entry->domain_name));
DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
ZERO_STRUCTP(backend_entry->domain_sid);
}
DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
return NT_STATUS_OK;
}
/******************************************************************
create sam_methods struct based on sam_backend_entry
*****************************************************************/
static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
SAM_METHODS *methods;
int i;
DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
return nt_status;
}
methods = *methods_ptr;
methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
sid_copy(&methods->domain_sid, backend_entry->domain_sid);
methods->parent = context;
DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
for (i = 0; builtin_sam_init_functions[i].module_name; i++)
{
if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
{
DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
} else {
DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
backend_entry->module_name, nt_errstr(nt_status)));
}
return nt_status;
}
}
DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
return NT_STATUS_INVALID_PARAMETER;
}
static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
{
SAM_BACKEND_ENTRY entry;
DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
SAM_METHODS *methods, *tmpmethods;
NTSTATUS ntstatus;
DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
/* Make sure domain lp_workgroup() is available */
ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
SAM_ASSERT(global_sam_sid);
entry.module_name = SAM_DEFAULT_BACKEND;
entry.module_params = NULL;
entry.domain_name = lp_workgroup();
entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
sid_copy(entry.domain_sid, global_sam_sid);
if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
DEBUG(4,("make_sam_methods_backend_entry failed\n"));
return ntstatus;
}
DLIST_ADD_END(context->methods, methods, tmpmethods);
} else if (!NT_STATUS_IS_OK(ntstatus)) {
DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
return ntstatus;
}
/* Make sure the BUILTIN domain is available */
ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
SAM_DEFAULT_BACKEND));
entry.module_name = SAM_DEFAULT_BACKEND;
entry.module_params = NULL;
entry.domain_name = "BUILTIN";
entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
sid_copy(entry.domain_sid, &global_sid_Builtin);
if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
DEBUG(4,("make_sam_methods_backend_entry failed\n"));
return ntstatus;
}
DLIST_ADD_END(context->methods, methods, tmpmethods);
} else if (!NT_STATUS_IS_OK(ntstatus)) {
DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
return ntstatus;
}
return NT_STATUS_OK;
}
static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
{
int i, j;
DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
for (i = 0; i < *nBackends; i++) {
for (j = i + 1; j < *nBackends; j++) {
if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
DEBUG(0,("two backend modules claim the same domain %s\n",
sid_string_static((*backend_entries)[j].domain_sid)));
return NT_STATUS_INVALID_PARAMETER;
}
}
}
return NT_STATUS_OK;
}
NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
{
int i = 0, j = 0;
SAM_METHODS *curmethods, *tmpmethods;
int nBackends = 0;
SAM_BACKEND_ENTRY *backends = NULL;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
if (!sam_backends_param) {
DEBUG(1, ("no SAM backeds specified!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
DEBUG(4,("make_sam_context failed\n"));
return nt_status;
}
while (sam_backends_param[nBackends])
nBackends++;
DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
return NT_STATUS_NO_MEMORY;
}
memset(backends, '\0', sizeof(*backends)*nBackends);
for (i = 0; i < nBackends; i++) {
DEBUG(8,("processing %s\n",sam_backends_param[i]));
if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
DEBUG(4,("make_backend_entry failed\n"));
for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
SAFE_FREE(backends);
free_sam_context(context);
return nt_status;
}
}
if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
DEBUG(4,("check_duplicate_backend_entries failed\n"));
for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
SAFE_FREE(backends);
free_sam_context(context);
return nt_status;
}
for (i = 0; i < nBackends; i++) {
if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
DEBUG(4,("make_sam_methods_backend_entry failed\n"));
for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
SAFE_FREE(backends);
free_sam_context(context);
return nt_status;
}
DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
}
for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
SAFE_FREE(backends);
return NT_STATUS_OK;
}
/******************************************************************
Make a sam_context from scratch.
*******************************************************************/
NTSTATUS make_sam_context(SAM_CONTEXT **context)
{
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init_named("sam_context internal allocation context");
if (!mem_ctx) {
DEBUG(0, ("make_sam_context: talloc init failed!\n"));
return NT_STATUS_NO_MEMORY;
}
*context = talloc(mem_ctx, sizeof(**context));
if (!*context) {
DEBUG(0, ("make_sam_context: talloc failed!\n"));
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*context);
(*context)->mem_ctx = mem_ctx;
(*context)->free_fn = free_sam_context;
return NT_STATUS_OK;
}
/******************************************************************
Return an already initialised sam_context, to facilitate backward
compatibility (see functions below).
*******************************************************************/
static struct sam_context *sam_get_static_context(BOOL reload)
{
static SAM_CONTEXT *sam_context = NULL;
if ((sam_context) && (reload)) {
sam_context->free_fn(&sam_context);
sam_context = NULL;
}
if (!sam_context) {
if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
DEBUG(4,("make_sam_context_list failed\n"));
return NULL;
}
/* Make sure the required domains (default domain, builtin) are available */
if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
DEBUG(4,("sam_context_check_default_backends failed\n"));
return NULL;
}
}
return sam_context;
}
/***************************************************************
Initialize the static context (at smbd startup etc).
If uninitialised, context will auto-init on first use.
***************************************************************/
BOOL initialize_sam(BOOL reload)
{
return (sam_get_static_context(reload) != NULL);
}
/**************************************************************
External API. This is what the rest of the world calls...
***************************************************************/
/******************************************************************
sam_* functions are used to link the external SAM interface
with the internal backends. These functions lookup the appropriate
backends for the domain and pass on to the function in sam_methods
in the selected backend
When the context parmater is NULL, the default is used.
*******************************************************************/
#define SAM_SETUP_CONTEXT if (!context) \
context = sam_get_static_context(False);\
if (!context) {\
return NT_STATUS_UNSUCCESSFUL; \
}\
NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_sec_desc) {
DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_set_sec_desc) {
DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
return nt_status;
}
if (!tmp_methods->sam_lookup_name) {
DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
tmp_methods->domain_name, name, tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
{
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DOM_SID domainsid;
DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
sid_copy(&domainsid, sid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_lookup_sid) {
DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
sid_string_static(sid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_update_domain: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid domain specified */
SAM_ASSERT(domain && domain->current_sam_methods);
tmp_methods = domain->current_sam_methods;
if (!tmp_methods->sam_update_domain) {
DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
DEBUG(4,("sam_update_domain in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
SEC_DESC *sd;
size_t sd_size;
uint32 acc_granted;
int i = 0;
DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid parmaters specified */
SAM_ASSERT(domain_count && domains && domain_names);
if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
DEBUG(4,("samr_make_sam_obj_sd failed\n"));
return nt_status;
}
if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
return nt_status;
}
tmp_methods= context->methods;
*domain_count = 0;
while (tmp_methods) {
(*domain_count)++;
tmp_methods= tmp_methods->next;
}
DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
tmp_methods = context->methods;
if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
return NT_STATUS_NO_MEMORY;
}
if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
SAFE_FREE((*domains));
return NT_STATUS_NO_MEMORY;
}
while (tmp_methods) {
DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
sid_copy(domains[i],&tmp_methods->domain_sid);
*domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
i++;
tmp_methods= tmp_methods->next;
}
return NT_STATUS_OK;
}
NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
SEC_DESC *sd;
size_t sd_size;
uint32 acc_granted;
DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid paramters */
SAM_ASSERT(access_token && domain && domainsid);
if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
DEBUG(4,("samr_make_sam_obj_sd failed\n"));
return nt_status;
}
if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
return nt_status;
}
tmp_methods= context->methods;
while (tmp_methods) {
if (strcmp(domain, tmp_methods->domain_name) == 0) {
(*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
sid_copy((*domainsid), &tmp_methods->domain_sid);
return NT_STATUS_OK;
}
tmp_methods= tmp_methods->next;
}
return NT_STATUS_NO_SUCH_DOMAIN;
}
NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domainsid && domain);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_domain_handle) {
DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
sid_string_static(domainsid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_create_account: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid parmaters */
SAM_ASSERT(access_token && domainsid && account_name && account);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_create_account) {
DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
DEBUG(4,("sam_create_account in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
DOM_SID domainsid;
const DOM_SID *accountsid;
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DEBUG(5,("sam_add_account: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid parmaters */
SAM_ASSERT(account);
if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
DEBUG(0,("Can't get account SID\n"));
return nt_status;
}
sid_copy(&domainsid, accountsid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_add_account) {
DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
DEBUG(4,("sam_add_account in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_update_account: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid account specified */
SAM_ASSERT(account && account->current_sam_methods);
tmp_methods = account->current_sam_methods;
if (!tmp_methods->sam_update_account) {
DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
DEBUG(4,("sam_update_account in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_delete_account: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid account specified */
SAM_ASSERT(account && account->current_sam_methods);
tmp_methods = account->current_sam_methods;
if (!tmp_methods->sam_delete_account) {
DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
DEBUG(4,("sam_delete_account in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domainsid && account_count && accounts);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_enum_accounts) {
DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
tmp_methods->domain_name, tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
uint32 rid;
DOM_SID domainsid;
NTSTATUS nt_status;
DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && accountsid && account);
sid_copy(&domainsid, accountsid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_account_by_sid) {
DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
sid_string_static(accountsid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domain && name && account);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_account_by_name) {
DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
domain, name, tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_create_group: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domainsid && group_name && group);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_create_group) {
DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
return NT_STATUS_UNSUCCESSFUL;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
DEBUG(4,("sam_create_group in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
DOM_SID domainsid;
const DOM_SID *groupsid;
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DEBUG(5,("sam_add_group: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(group);
if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
DEBUG(0,("Can't get group SID\n"));
return nt_status;
}
sid_copy(&domainsid, groupsid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_add_group) {
DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
DEBUG(4,("sam_add_group in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_update_group: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid group specified */
SAM_ASSERT(group && group->current_sam_methods);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_update_group) {
DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
DEBUG(4,("sam_update_group in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_delete_group: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid group specified */
SAM_ASSERT(group && group->current_sam_methods);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_delete_group) {
DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
DEBUG(4,("sam_delete_group in backend %s failed\n",
tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domainsid && groups_count && groups);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_enum_accounts) {
DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
tmp_methods->domain_name, tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
uint32 rid;
NTSTATUS nt_status;
DOM_SID domainsid;
DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && groupsid && group);
sid_copy(&domainsid, groupsid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
return NT_STATUS_INVALID_SID;
}
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
DEBUG(4,("sam_get_methods_by_sid failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_group_by_sid) {
DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
sid_string_static(groupsid), tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
SAM_ASSERT(access_token && domain && name && group);
if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
DEBUG(4,("sam_get_methods_by_name failed\n"));
return nt_status;
}
if (!tmp_methods->sam_get_group_by_name) {
DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
domain, name, tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
SAM_SETUP_CONTEXT;
/* invalid group or member specified */
SAM_ASSERT(group && group->current_sam_methods && member);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_add_member_to_group) {
DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
SAM_SETUP_CONTEXT;
/* invalid group or member specified */
SAM_ASSERT(group && group->current_sam_methods && member);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_delete_member_from_group) {
DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
{
const SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
SAM_SETUP_CONTEXT;
/* invalid group specified */
SAM_ASSERT(group && group->current_sam_methods && members_count && members);
tmp_methods = group->current_sam_methods;
if (!tmp_methods->sam_enum_groupmembers) {
DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
return nt_status;
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
{
SAM_METHODS *tmp_methods;
NTSTATUS nt_status;
uint32 tmp_group_count;
SAM_GROUP_ENUM *tmp_groups;
DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
SAM_SETUP_CONTEXT;
/* invalid sam_context specified */
SAM_ASSERT(access_token && sids && context && context->methods);
*group_count = 0;
*groups = NULL;
tmp_methods= context->methods;
while (tmp_methods) {
DEBUG(5,("getting groups from domain \n"));
if (!tmp_methods->sam_get_groups_of_sid) {
DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
SAFE_FREE(*groups);
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
SAFE_FREE(*groups);
return nt_status;
}
*groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
SAFE_FREE(tmp_groups);
*group_count += tmp_group_count;
tmp_methods = tmp_methods->next;
}
return NT_STATUS_OK;
}