LCOV - code coverage report
Current view: top level - source3/passdb - pdb_tdb.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 339 644 52.6 %
Date: 2023-11-21 12:31:41 Functions: 24 26 92.3 %

          Line data    Source code
       1             : /*
       2             :  * Unix SMB/CIFS implementation.
       3             :  * SMB parameters and setup
       4             :  * Copyright (C) Andrew Tridgell   1992-1998
       5             :  * Copyright (C) Simo Sorce        2000-2003
       6             :  * Copyright (C) Gerald Carter     2000-2006
       7             :  * Copyright (C) Jeremy Allison    2001-2009
       8             :  * Copyright (C) Andrew Bartlett   2002
       9             :  * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
      10             :  *
      11             :  * This program is free software; you can redistribute it and/or modify it under
      12             :  * the terms of the GNU General Public License as published by the Free
      13             :  * Software Foundation; either version 3 of the License, or (at your option)
      14             :  * any later version.
      15             :  *
      16             :  * This program is distributed in the hope that it will be useful, but WITHOUT
      17             :  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
      18             :  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
      19             :  * more details.
      20             :  *
      21             :  * You should have received a copy of the GNU General Public License along with
      22             :  * this program; if not, see <http://www.gnu.org/licenses/>.
      23             :  */
      24             : 
      25             : #include "includes.h"
      26             : #include "system/filesys.h"
      27             : #include "passdb.h"
      28             : #include "dbwrap/dbwrap.h"
      29             : #include "dbwrap/dbwrap_open.h"
      30             : #include "../libcli/security/security.h"
      31             : #include "util_tdb.h"
      32             : #include "passdb/pdb_tdb.h"
      33             : #include "lib/util/smb_strtox.h"
      34             : #include "lib/util/string_wrappers.h"
      35             : 
      36             : #if 0 /* when made a module use this */
      37             : 
      38             : static int tdbsam_debug_level = DBGC_ALL;
      39             : #undef DBGC_CLASS
      40             : #define DBGC_CLASS tdbsam_debug_level
      41             : 
      42             : #else
      43             : 
      44             : #undef DBGC_CLASS
      45             : #define DBGC_CLASS DBGC_PASSDB
      46             : 
      47             : #endif
      48             : 
      49             : #define TDBSAM_VERSION  4       /* Most recent TDBSAM version */
      50             : #define TDBSAM_MINOR_VERSION    0       /* Most recent TDBSAM minor version */
      51             : #define TDBSAM_VERSION_STRING   "INFO/version"
      52             : #define TDBSAM_MINOR_VERSION_STRING     "INFO/minor_version"
      53             : #define PASSDB_FILE_NAME        "passdb.tdb"
      54             : #define USERPREFIX              "USER_"
      55             : #define USERPREFIX_LEN          5
      56             : #define RIDPREFIX               "RID_"
      57             : #define PRIVPREFIX              "PRIV_"
      58             : #define NEXT_RID_STRING         "NEXT_RID"
      59             : 
      60             : /* GLOBAL TDB SAM CONTEXT */
      61             : 
      62             : static struct db_context *db_sam;
      63             : static char *tdbsam_filename;
      64             : static bool map_builtin;
      65             : 
      66             : struct tdbsam_convert_state {
      67             :         int32_t from;
      68             :         bool success;
      69             : };
      70             : 
      71          67 : static int tdbsam_convert_one(struct db_record *rec, void *priv)
      72             : {
      73          67 :         struct tdbsam_convert_state *state =
      74             :                 (struct tdbsam_convert_state *)priv;
      75          16 :         struct samu *user;
      76          16 :         TDB_DATA data;
      77          16 :         NTSTATUS status;
      78          16 :         bool ret;
      79          16 :         TDB_DATA key;
      80          16 :         TDB_DATA value;
      81             : 
      82          67 :         key = dbwrap_record_get_key(rec);
      83             : 
      84          67 :         if (key.dsize < USERPREFIX_LEN) {
      85           0 :                 return 0;
      86             :         }
      87          67 :         if (strncmp((char *)key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) {
      88          51 :                 return 0;
      89             :         }
      90             : 
      91           6 :         user = samu_new(talloc_tos());
      92           6 :         if (user == NULL) {
      93           0 :                 DEBUG(0,("tdbsam_convert: samu_new() failed!\n"));
      94           0 :                 state->success = false;
      95           0 :                 return -1;
      96             :         }
      97             : 
      98           6 :         DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) "
      99             :                   "(version:%d)\n", (char *)key.dptr, state->from));
     100             : 
     101           6 :         value = dbwrap_record_get_value(rec);
     102             : 
     103           6 :         switch (state->from) {
     104           0 :         case 0:
     105           0 :                 ret = init_samu_from_buffer(user, SAMU_BUFFER_V0,
     106           0 :                                             (uint8_t *)value.dptr,
     107           0 :                                             value.dsize);
     108           0 :                 break;
     109           0 :         case 1:
     110           0 :                 ret = init_samu_from_buffer(user, SAMU_BUFFER_V1,
     111           0 :                                             (uint8_t *)value.dptr,
     112           0 :                                             value.dsize);
     113           0 :                 break;
     114           6 :         case 2:
     115           6 :                 ret = init_samu_from_buffer(user, SAMU_BUFFER_V2,
     116           0 :                                             (uint8_t *)value.dptr,
     117           0 :                                             value.dsize);
     118           6 :                 break;
     119           0 :         case 3:
     120           0 :                 ret = init_samu_from_buffer(user, SAMU_BUFFER_V3,
     121           0 :                                             (uint8_t *)value.dptr,
     122           0 :                                             value.dsize);
     123           0 :                 break;
     124           0 :         case 4:
     125           0 :                 ret = init_samu_from_buffer(user, SAMU_BUFFER_V4,
     126           0 :                                             (uint8_t *)value.dptr,
     127           0 :                                             value.dsize);
     128           0 :                 break;
     129           0 :         default:
     130             :                 /* unknown tdbsam version */
     131           0 :                 ret = False;
     132             :         }
     133           6 :         if (!ret) {
     134           0 :                 DEBUG(0,("tdbsam_convert: Bad struct samu entry returned "
     135             :                          "from TDB (key:%s) (version:%d)\n", (char *)key.dptr,
     136             :                          state->from));
     137           0 :                 TALLOC_FREE(user);
     138           0 :                 state->success = false;
     139           0 :                 return -1;
     140             :         }
     141             : 
     142           6 :         data.dsize = init_buffer_from_samu(&data.dptr, user, false);
     143           6 :         TALLOC_FREE(user);
     144             : 
     145           6 :         if (data.dsize == -1) {
     146           0 :                 DEBUG(0,("tdbsam_convert: cannot pack the struct samu into "
     147             :                          "the new format\n"));
     148           0 :                 state->success = false;
     149           0 :                 return -1;
     150             :         }
     151             : 
     152           6 :         status = dbwrap_record_store(rec, data, TDB_MODIFY);
     153           6 :         if (!NT_STATUS_IS_OK(status)) {
     154           0 :                 DEBUG(0, ("Could not store the new record: %s\n",
     155             :                           nt_errstr(status)));
     156           0 :                 state->success = false;
     157           0 :                 return -1;
     158             :         }
     159             : 
     160           0 :         return 0;
     161             : }
     162             : 
     163             : /**********************************************************************
     164             :  Struct and function to backup an old record.
     165             :  *********************************************************************/
     166             : 
     167             : struct tdbsam_backup_state {
     168             :         struct db_context *new_db;
     169             :         bool success;
     170             : };
     171             : 
     172          14 : static int backup_copy_fn(struct db_record *orig_rec, void *state)
     173             : {
     174          14 :         struct tdbsam_backup_state *bs = (struct tdbsam_backup_state *)state;
     175          14 :         struct db_record *new_rec;
     176          14 :         NTSTATUS status;
     177          14 :         TDB_DATA key;
     178          14 :         TDB_DATA value;
     179             : 
     180          14 :         key = dbwrap_record_get_key(orig_rec);
     181             : 
     182          14 :         new_rec = dbwrap_fetch_locked(bs->new_db, talloc_tos(), key);
     183          14 :         if (new_rec == NULL) {
     184           0 :                 bs->success = false;
     185           0 :                 return 1;
     186             :         }
     187             : 
     188          14 :         value = dbwrap_record_get_value(orig_rec);
     189             : 
     190          14 :         status = dbwrap_record_store(new_rec, value, TDB_INSERT);
     191             : 
     192          14 :         TALLOC_FREE(new_rec);
     193             : 
     194          14 :         if (!NT_STATUS_IS_OK(status)) {
     195           0 :                 bs->success = false;
     196           0 :                 return 1;
     197             :         }
     198           0 :         return 0;
     199             : }
     200             : 
     201             : /**********************************************************************
     202             :  Make a backup of an old passdb and replace the new one with it. We
     203             :  have to do this as between 3.0.x and 3.2.x the hash function changed
     204             :  by mistake (used unsigned char * instead of char *). This means the
     205             :  previous simple update code will fail due to not being able to find
     206             :  existing records to replace in the tdbsam_convert_one() function. JRA.
     207             :  *********************************************************************/
     208             : 
     209          53 : static bool tdbsam_convert_backup(const char *dbname, struct db_context **pp_db)
     210             : {
     211          53 :         TALLOC_CTX *frame = talloc_stackframe();
     212          53 :         const char *tmp_fname = NULL;
     213          53 :         struct db_context *tmp_db = NULL;
     214          53 :         struct db_context *orig_db = *pp_db;
     215           2 :         struct tdbsam_backup_state bs;
     216           2 :         NTSTATUS status;
     217             : 
     218          53 :         tmp_fname = talloc_asprintf(frame, "%s.tmp", dbname);
     219          53 :         if (!tmp_fname) {
     220           0 :                 TALLOC_FREE(frame);
     221           0 :                 return false;
     222             :         }
     223             : 
     224          53 :         unlink(tmp_fname);
     225             : 
     226             :         /* Remember to open this on the NULL context. We need
     227             :          * it to stay around after we return from here. */
     228             : 
     229          53 :         tmp_db = db_open(NULL, tmp_fname, 0,
     230             :                          TDB_DEFAULT, O_CREAT|O_RDWR, 0600,
     231             :                          DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
     232          53 :         if (tmp_db == NULL) {
     233           0 :                 DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB passwd "
     234             :                           "[%s]\n", tmp_fname));
     235           0 :                 TALLOC_FREE(frame);
     236           0 :                 return false;
     237             :         }
     238             : 
     239          53 :         if (dbwrap_transaction_start(orig_db) != 0) {
     240           0 :                 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (1)\n"));
     241           0 :                 unlink(tmp_fname);
     242           0 :                 TALLOC_FREE(tmp_db);
     243           0 :                 TALLOC_FREE(frame);
     244           0 :                 return false;
     245             :         }
     246          53 :         if (dbwrap_transaction_start(tmp_db) != 0) {
     247           0 :                 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (2)\n"));
     248           0 :                 dbwrap_transaction_cancel(orig_db);
     249           0 :                 unlink(tmp_fname);
     250           0 :                 TALLOC_FREE(tmp_db);
     251           0 :                 TALLOC_FREE(frame);
     252           0 :                 return false;
     253             :         }
     254             : 
     255          53 :         bs.new_db = tmp_db;
     256          53 :         bs.success = true;
     257             : 
     258          53 :         status = dbwrap_traverse(orig_db, backup_copy_fn, (void *)&bs, NULL);
     259          53 :         if (!NT_STATUS_IS_OK(status)) {
     260           0 :                 DEBUG(0, ("tdbsam_convert_backup: traverse failed\n"));
     261           0 :                 goto cancel;
     262             :         }
     263             : 
     264          53 :         if (!bs.success) {
     265           0 :                 DEBUG(0, ("tdbsam_convert_backup: Rewriting records failed\n"));
     266           0 :                 goto cancel;
     267             :         }
     268             : 
     269          53 :         if (dbwrap_transaction_commit(orig_db) != 0) {
     270           0 :                 smb_panic("tdbsam_convert_backup: orig commit failed\n");
     271             :         }
     272          53 :         if (dbwrap_transaction_commit(tmp_db) != 0) {
     273           0 :                 smb_panic("tdbsam_convert_backup: orig commit failed\n");
     274             :         }
     275             : 
     276             :         /* be sure to close the DBs _before_ renaming the file */
     277             : 
     278          53 :         TALLOC_FREE(orig_db);
     279          53 :         TALLOC_FREE(tmp_db);
     280             : 
     281             :         /* This is safe from other users as we know we're
     282             :          * under a mutex here. */
     283             : 
     284          53 :         if (rename(tmp_fname, dbname) == -1) {
     285           0 :                 DEBUG(0, ("tdbsam_convert_backup: rename of %s to %s failed %s\n",
     286             :                         tmp_fname,
     287             :                         dbname,
     288             :                         strerror(errno)));
     289           0 :                 smb_panic("tdbsam_convert_backup: replace passdb failed\n");
     290             :         }
     291             : 
     292          53 :         TALLOC_FREE(frame);
     293             : 
     294             :         /* re-open the converted TDB */
     295             : 
     296          53 :         orig_db = db_open(NULL, dbname, 0,
     297             :                           TDB_DEFAULT, O_CREAT|O_RDWR, 0600,
     298             :                           DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
     299          53 :         if (orig_db == NULL) {
     300           0 :                 DEBUG(0, ("tdbsam_convert_backup: Failed to re-open "
     301             :                           "converted passdb TDB [%s]\n", dbname));
     302           0 :                 return false;
     303             :         }
     304             : 
     305          53 :         DEBUG(1, ("tdbsam_convert_backup: updated %s file.\n",
     306             :                 dbname ));
     307             : 
     308             :         /* Replace the global db pointer. */
     309          53 :         *pp_db = orig_db;
     310          53 :         return true;
     311             : 
     312           0 :   cancel:
     313             : 
     314           0 :         if (dbwrap_transaction_cancel(orig_db) != 0) {
     315           0 :                 smb_panic("tdbsam_convert: transaction_cancel failed");
     316             :         }
     317             : 
     318           0 :         if (dbwrap_transaction_cancel(tmp_db) != 0) {
     319           0 :                 smb_panic("tdbsam_convert: transaction_cancel failed");
     320             :         }
     321             : 
     322           0 :         unlink(tmp_fname);
     323           0 :         TALLOC_FREE(tmp_db);
     324           0 :         TALLOC_FREE(frame);
     325           0 :         return false;
     326             : }
     327             : 
     328          53 : static bool tdbsam_upgrade_next_rid(struct db_context *db)
     329             : {
     330           2 :         TDB_CONTEXT *tdb;
     331           2 :         uint32_t rid;
     332          53 :         bool ok = false;
     333           2 :         NTSTATUS status;
     334           2 :         char *db_path;
     335             : 
     336          53 :         status = dbwrap_fetch_uint32_bystring(db, NEXT_RID_STRING, &rid);
     337          53 :         if (NT_STATUS_IS_OK(status)) {
     338           0 :                 return true;
     339             :         }
     340             : 
     341          53 :         db_path = state_path(talloc_tos(), "winbindd_idmap.tdb");
     342          53 :         if (db_path == NULL) {
     343           0 :                 return false;
     344             :         }
     345             : 
     346          53 :         tdb = tdb_open_log(db_path, 0,
     347             :                            TDB_DEFAULT, O_RDONLY, 0644);
     348          53 :         TALLOC_FREE(db_path);
     349          53 :         if (tdb) {
     350           4 :                 ok = tdb_fetch_uint32(tdb, "RID_COUNTER", &rid);
     351           4 :                 if (!ok) {
     352           4 :                         rid = BASE_RID;
     353             :                 }
     354           4 :                 tdb_close(tdb);
     355             :         } else {
     356          49 :                 rid = BASE_RID;
     357             :         }
     358             : 
     359          53 :         status = dbwrap_store_uint32_bystring(db, NEXT_RID_STRING, rid);
     360          53 :         if (!NT_STATUS_IS_OK(status)) {
     361           0 :                 return false;
     362             :         }
     363             : 
     364          51 :         return true;
     365             : }
     366             : 
     367          53 : static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32_t from)
     368             : {
     369           2 :         struct tdbsam_convert_state state;
     370          53 :         struct db_context *db = NULL;
     371           2 :         NTSTATUS status;
     372             : 
     373             :         /* We only need the update backup for local db's. */
     374          53 :         if (db_is_local(name) && !tdbsam_convert_backup(name, pp_db)) {
     375           0 :                 DEBUG(0, ("tdbsam_convert: Could not backup %s\n", name));
     376           0 :                 return false;
     377             :         }
     378             : 
     379          53 :         db = *pp_db;
     380          53 :         state.from = from;
     381          53 :         state.success = true;
     382             : 
     383          53 :         if (dbwrap_transaction_start(db) != 0) {
     384           0 :                 DEBUG(0, ("tdbsam_convert: Could not start transaction\n"));
     385           0 :                 return false;
     386             :         }
     387             : 
     388          53 :         if (!tdbsam_upgrade_next_rid(db)) {
     389           0 :                 DEBUG(0, ("tdbsam_convert: tdbsam_upgrade_next_rid failed\n"));
     390           0 :                 goto cancel;
     391             :         }
     392             : 
     393          53 :         status = dbwrap_traverse(db, tdbsam_convert_one, &state, NULL);
     394          53 :         if (!NT_STATUS_IS_OK(status)) {
     395           0 :                 DEBUG(0, ("tdbsam_convert: traverse failed\n"));
     396           0 :                 goto cancel;
     397             :         }
     398             : 
     399          53 :         if (!state.success) {
     400           0 :                 DEBUG(0, ("tdbsam_convert: Converting records failed\n"));
     401           0 :                 goto cancel;
     402             :         }
     403             : 
     404          53 :         status = dbwrap_store_int32_bystring(db, TDBSAM_VERSION_STRING,
     405             :                                              TDBSAM_VERSION);
     406          53 :         if (!NT_STATUS_IS_OK(status)) {
     407           0 :                 DEBUG(0, ("tdbsam_convert: Could not store tdbsam version: "
     408             :                           "%s\n", nt_errstr(status)));
     409           0 :                 goto cancel;
     410             :         }
     411             : 
     412          53 :         status = dbwrap_store_int32_bystring(db, TDBSAM_MINOR_VERSION_STRING,
     413             :                                              TDBSAM_MINOR_VERSION);
     414          53 :         if (!NT_STATUS_IS_OK(status)) {
     415           0 :                 DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor "
     416             :                           "version: %s\n", nt_errstr(status)));
     417           0 :                 goto cancel;
     418             :         }
     419             : 
     420          53 :         if (dbwrap_transaction_commit(db) != 0) {
     421           0 :                 DEBUG(0, ("tdbsam_convert: Could not commit transaction\n"));
     422           0 :                 return false;
     423             :         }
     424             : 
     425          51 :         return true;
     426             : 
     427           0 :  cancel:
     428           0 :         if (dbwrap_transaction_cancel(db) != 0) {
     429           0 :                 smb_panic("tdbsam_convert: transaction_cancel failed");
     430             :         }
     431             : 
     432           0 :         return false;
     433             : }
     434             : 
     435             : /*********************************************************************
     436             :  Open the tdbsam file based on the absolute path specified.
     437             :  Uses a reference count to allow multiple open calls.
     438             : *********************************************************************/
     439             : 
     440       67390 : static bool tdbsam_open( const char *name )
     441             : {
     442          74 :         int32_t version;
     443          74 :         int32_t minor_version;
     444          74 :         NTSTATUS status;
     445             : 
     446             :         /* check if we are already open */
     447             : 
     448       67390 :         if ( db_sam ) {
     449       66376 :                 return true;
     450             :         }
     451             : 
     452             :         /* Try to open tdb passwd.  Create a new one if necessary */
     453             : 
     454         944 :         db_sam = db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600,
     455             :                          DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
     456         944 :         if (db_sam == NULL) {
     457           0 :                 DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd "
     458             :                           "[%s]\n", name));
     459           0 :                 return false;
     460             :         }
     461             : 
     462             :         /* Check the version */
     463         944 :         status = dbwrap_fetch_int32_bystring(db_sam, TDBSAM_VERSION_STRING,
     464             :                                              &version);
     465         944 :         if (!NT_STATUS_IS_OK(status)) {
     466          51 :                 version = 0;    /* Version not found, assume version 0 */
     467             :         }
     468             : 
     469             :         /* Get the minor version */
     470         944 :         status = dbwrap_fetch_int32_bystring(
     471             :                 db_sam, TDBSAM_MINOR_VERSION_STRING, &minor_version);
     472         944 :         if (!NT_STATUS_IS_OK(status)) {
     473          53 :                 minor_version = 0; /* Minor version not found, assume 0 */
     474             :         }
     475             : 
     476             :         /* Compare the version */
     477         944 :         if (version > TDBSAM_VERSION) {
     478             :                 /* Version more recent than the latest known */
     479           0 :                 DEBUG(0, ("tdbsam_open: unknown version => %d\n", version));
     480           0 :                 TALLOC_FREE(db_sam);
     481           0 :                 return false;
     482             :         }
     483             : 
     484         944 :         if ( version < TDBSAM_VERSION ||
     485         891 :                         (version == TDBSAM_VERSION &&
     486         891 :                          minor_version < TDBSAM_MINOR_VERSION) ) {
     487             :                 /*
     488             :                  * Ok - we think we're going to have to convert.
     489             :                  * Due to the backup process we now must do to
     490             :                  * upgrade we have to get a mutex and re-check
     491             :                  * the version. Someone else may have upgraded
     492             :                  * whilst we were checking.
     493             :                  */
     494             : 
     495          53 :                 struct named_mutex *mtx = grab_named_mutex(NULL,
     496             :                                                 "tdbsam_upgrade_mutex",
     497             :                                                 600);
     498             : 
     499          53 :                 if (!mtx) {
     500           0 :                         DEBUG(0, ("tdbsam_open: failed to grab mutex.\n"));
     501           0 :                         TALLOC_FREE(db_sam);
     502           0 :                         return false;
     503             :                 }
     504             : 
     505             :                 /* Re-check the version */
     506          53 :                 status = dbwrap_fetch_int32_bystring(
     507             :                         db_sam, TDBSAM_VERSION_STRING, &version);
     508          53 :                 if (!NT_STATUS_IS_OK(status)) {
     509          51 :                         version = 0;    /* Version not found, assume version 0 */
     510             :                 }
     511             : 
     512             :                 /* Re-check the minor version */
     513          53 :                 status = dbwrap_fetch_int32_bystring(
     514             :                         db_sam, TDBSAM_MINOR_VERSION_STRING, &minor_version);
     515          53 :                 if (!NT_STATUS_IS_OK(status)) {
     516          53 :                         minor_version = 0; /* Minor version not found, assume 0 */
     517             :                 }
     518             : 
     519             :                 /* Compare the version */
     520          53 :                 if (version > TDBSAM_VERSION) {
     521             :                         /* Version more recent than the latest known */
     522           0 :                         DEBUG(0, ("tdbsam_open: unknown version => %d\n", version));
     523           0 :                         TALLOC_FREE(db_sam);
     524           0 :                         TALLOC_FREE(mtx);
     525           0 :                         return false;
     526             :                 }
     527             : 
     528          53 :                 if ( version < TDBSAM_VERSION ||
     529           0 :                                 (version == TDBSAM_VERSION &&
     530           0 :                                  minor_version < TDBSAM_MINOR_VERSION) ) {
     531             :                         /*
     532             :                          * Note that minor versions we read that are greater
     533             :                          * than the current minor version we have hard coded
     534             :                          * are assumed to be compatible if they have the same
     535             :                          * major version. That allows previous versions of the
     536             :                          * passdb code that don't know about minor versions to
     537             :                          * still use this database. JRA.
     538             :                          */
     539             : 
     540          53 :                         DEBUG(1, ("tdbsam_open: Converting version %d.%d database to "
     541             :                                   "version %d.%d.\n",
     542             :                                         version,
     543             :                                         minor_version,
     544             :                                         TDBSAM_VERSION,
     545             :                                         TDBSAM_MINOR_VERSION));
     546             : 
     547          53 :                         if ( !tdbsam_convert(&db_sam, name, version) ) {
     548           0 :                                 DEBUG(0, ("tdbsam_open: Error when trying to convert "
     549             :                                           "tdbsam [%s]\n",name));
     550           0 :                                 TALLOC_FREE(db_sam);
     551           0 :                                 TALLOC_FREE(mtx);
     552           0 :                                 return false;
     553             :                         }
     554             : 
     555          53 :                         DEBUG(3, ("TDBSAM converted successfully.\n"));
     556             :                 }
     557          53 :                 TALLOC_FREE(mtx);
     558             :         }
     559             : 
     560         944 :         DEBUG(4,("tdbsam_open: successfully opened %s\n", name ));
     561             : 
     562         940 :         return true;
     563             : }
     564             : 
     565             : /******************************************************************
     566             :  Lookup a name in the SAM TDB
     567             : ******************************************************************/
     568             : 
     569       55368 : static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods,
     570             :                                     struct samu *user, const char *sname)
     571             : {
     572          37 :         TDB_DATA        data;
     573          37 :         fstring         keystr;
     574          37 :         fstring         name;
     575          37 :         NTSTATUS status;
     576             : 
     577       55368 :         if ( !user ) {
     578           0 :                 DEBUG(0,("pdb_getsampwnam: struct samu is NULL.\n"));
     579           0 :                 return NT_STATUS_NO_MEMORY;
     580             :         }
     581             : 
     582             :         /* Data is stored in all lower-case */
     583       55368 :         fstrcpy(name, sname);
     584       55368 :         if (!strlower_m(name)) {
     585           0 :                 return NT_STATUS_INVALID_PARAMETER;
     586             :         }
     587             : 
     588             :         /* set search key */
     589       55368 :         fstr_sprintf(keystr, "%s%s", USERPREFIX, name);
     590             : 
     591             :         /* open the database */
     592             : 
     593       55368 :         if ( !tdbsam_open( tdbsam_filename ) ) {
     594           0 :                 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
     595           0 :                 return NT_STATUS_ACCESS_DENIED;
     596             :         }
     597             : 
     598             :         /* get the record */
     599             : 
     600       55368 :         status = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr, &data);
     601       55368 :         if (!NT_STATUS_IS_OK(status)) {
     602        5184 :                 DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
     603        5184 :                 DEBUGADD(5, (" Key: %s\n", keystr));
     604        5184 :                 return NT_STATUS_NO_SUCH_USER;
     605             :         }
     606             : 
     607       50184 :         if (data.dsize == 0) {
     608           0 :                 DEBUG(5, ("%s: Got 0-sized record for key %s\n", __func__,
     609             :                           keystr));
     610           0 :                 return NT_STATUS_NO_SUCH_USER;
     611             :         }
     612             : 
     613             :         /* unpack the buffer */
     614             : 
     615       50184 :         if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) {
     616           0 :                 DBG_ERR("Bad struct samu entry returned from TDB!\n");
     617           0 :                 TALLOC_FREE(data.dptr);
     618           0 :                 return NT_STATUS_NO_MEMORY;
     619             :         }
     620             : 
     621             :         /* success */
     622             : 
     623       50184 :         TALLOC_FREE(data.dptr);
     624             : 
     625       50184 :         return NT_STATUS_OK;
     626             : }
     627             : 
     628             : /***************************************************************************
     629             :  Search by rid
     630             :  **************************************************************************/
     631             : 
     632        9555 : static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods,
     633             :                                     struct samu *user, uint32_t rid)
     634             : {
     635        9555 :         NTSTATUS                nt_status = NT_STATUS_UNSUCCESSFUL;
     636          30 :         TDB_DATA                data;
     637          30 :         fstring                 keystr;
     638          30 :         fstring                 name;
     639             : 
     640        9555 :         if ( !user ) {
     641           0 :                 DEBUG(0,("pdb_getsampwrid: struct samu is NULL.\n"));
     642           0 :                 return nt_status;
     643             :         }
     644             : 
     645             :         /* set search key */
     646             : 
     647        9555 :         fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, rid);
     648             : 
     649             :         /* open the database */
     650             : 
     651        9555 :         if ( !tdbsam_open( tdbsam_filename ) ) {
     652           0 :                 DEBUG(0,("tdbsam_getsampwrid: failed to open %s!\n", tdbsam_filename));
     653           0 :                 return NT_STATUS_ACCESS_DENIED;
     654             :         }
     655             : 
     656             :         /* get the record */
     657             : 
     658        9555 :         nt_status = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr, &data);
     659        9555 :         if (!NT_STATUS_IS_OK(nt_status)) {
     660        2349 :                 DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr));
     661        2349 :                 return nt_status;
     662             :         }
     663             : 
     664        7206 :         fstrcpy(name, (const char *)data.dptr);
     665        7206 :         TALLOC_FREE(data.dptr);
     666             : 
     667        7206 :         return tdbsam_getsampwnam (my_methods, user, name);
     668             : }
     669             : 
     670        8842 : static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods,
     671             :                                    struct samu * user, const struct dom_sid *sid)
     672             : {
     673           9 :         uint32_t rid;
     674             : 
     675        8842 :         if ( !sid_peek_check_rid(get_global_sam_sid(), sid, &rid) )
     676           0 :                 return NT_STATUS_UNSUCCESSFUL;
     677             : 
     678        8842 :         return tdbsam_getsampwrid(my_methods, user, rid);
     679             : }
     680             : 
     681           0 : static bool tdb_delete_samacct_only( struct samu *sam_pass )
     682             : {
     683           0 :         fstring         keystr;
     684           0 :         fstring         name;
     685           0 :         NTSTATUS status;
     686             : 
     687           0 :         fstrcpy(name, pdb_get_username(sam_pass));
     688           0 :         if (!strlower_m(name)) {
     689           0 :                 return false;
     690             :         }
     691             : 
     692             :         /* set the search key */
     693             : 
     694           0 :         fstr_sprintf(keystr, "%s%s", USERPREFIX, name);
     695             : 
     696             :         /* it's outaa here!  8^) */
     697           0 :         if ( !tdbsam_open( tdbsam_filename ) ) {
     698           0 :                 DEBUG(0,("tdb_delete_samacct_only: failed to open %s!\n",
     699             :                          tdbsam_filename));
     700           0 :                 return false;
     701             :         }
     702             : 
     703           0 :         status = dbwrap_delete_bystring(db_sam, keystr);
     704           0 :         if (!NT_STATUS_IS_OK(status)) {
     705           0 :                 DEBUG(5, ("Error deleting entry from tdb passwd "
     706             :                           "database: %s!\n", nt_errstr(status)));
     707           0 :                 return false;
     708             :         }
     709             : 
     710           0 :         return true;
     711             : }
     712             : 
     713             : /***************************************************************************
     714             :  Delete a struct samu records for the username and RID key
     715             : ****************************************************************************/
     716             : 
     717          60 : static NTSTATUS tdbsam_delete_sam_account(struct pdb_methods *my_methods,
     718             :                                           struct samu *sam_pass)
     719             : {
     720           0 :         NTSTATUS        nt_status;
     721           0 :         fstring         keystr;
     722           0 :         uint32_t        rid;
     723           0 :         fstring         name;
     724             : 
     725             :         /* open the database */
     726             : 
     727          60 :         if ( !tdbsam_open( tdbsam_filename ) ) {
     728           0 :                 DEBUG(0,("tdbsam_delete_sam_account: failed to open %s!\n",
     729             :                          tdbsam_filename));
     730           0 :                 return NT_STATUS_ACCESS_DENIED;
     731             :         }
     732             : 
     733          60 :         fstrcpy(name, pdb_get_username(sam_pass));
     734          60 :         if (!strlower_m(name)) {
     735           0 :                 return NT_STATUS_INVALID_PARAMETER;
     736             :         }
     737             : 
     738             :         /* set the search key */
     739             : 
     740          60 :         fstr_sprintf(keystr, "%s%s", USERPREFIX, name);
     741             : 
     742          60 :         rid = pdb_get_user_rid(sam_pass);
     743             : 
     744             :         /* it's outaa here!  8^) */
     745             : 
     746          60 :         if (dbwrap_transaction_start(db_sam) != 0) {
     747           0 :                 DEBUG(0, ("Could not start transaction\n"));
     748           0 :                 return NT_STATUS_UNSUCCESSFUL;
     749             :         }
     750             : 
     751          60 :         nt_status = dbwrap_delete_bystring(db_sam, keystr);
     752          60 :         if (!NT_STATUS_IS_OK(nt_status)) {
     753           0 :                 DEBUG(5, ("Error deleting entry from tdb passwd "
     754             :                           "database: %s!\n", nt_errstr(nt_status)));
     755           0 :                 goto cancel;
     756             :         }
     757             : 
     758             :         /* set the search key */
     759             : 
     760          60 :         fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, rid);
     761             : 
     762             :         /* it's outaa here!  8^) */
     763             : 
     764          60 :         nt_status = dbwrap_delete_bystring(db_sam, keystr);
     765          60 :         if (!NT_STATUS_IS_OK(nt_status)) {
     766           0 :                 DEBUG(5, ("Error deleting entry from tdb rid "
     767             :                           "database: %s!\n", nt_errstr(nt_status)));
     768           0 :                 goto cancel;
     769             :         }
     770             : 
     771          60 :         if (dbwrap_transaction_commit(db_sam) != 0) {
     772           0 :                 DEBUG(0, ("Could not commit transaction\n"));
     773           0 :                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
     774             :         }
     775             : 
     776          60 :         return NT_STATUS_OK;
     777             : 
     778           0 :  cancel:
     779           0 :         if (dbwrap_transaction_cancel(db_sam) != 0) {
     780           0 :                 smb_panic("transaction_cancel failed");
     781             :         }
     782             : 
     783           0 :         return nt_status;
     784             : }
     785             : 
     786             : 
     787             : /***************************************************************************
     788             :  Update the TDB SAM account record only
     789             :  Assumes that the tdbsam is already open
     790             : ****************************************************************************/
     791        1276 : static bool tdb_update_samacct_only( struct samu* newpwd, int flag )
     792             : {
     793           0 :         TDB_DATA        data;
     794        1276 :         uint8_t         *buf = NULL;
     795           0 :         fstring         keystr;
     796           0 :         fstring         name;
     797        1276 :         bool            ret = false;
     798           0 :         NTSTATUS status;
     799             : 
     800             :         /* copy the struct samu struct into a BYTE buffer for storage */
     801             : 
     802        1276 :         if ( (data.dsize=init_buffer_from_samu(&buf, newpwd, False)) == -1 ) {
     803           0 :                 DEBUG(0,("tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer!\n"));
     804           0 :                 goto done;
     805             :         }
     806        1276 :         data.dptr = buf;
     807             : 
     808        1276 :         fstrcpy(name, pdb_get_username(newpwd));
     809        1276 :         if (!strlower_m(name)) {
     810           0 :                 goto done;
     811             :         }
     812             : 
     813        1276 :         DEBUG(5, ("Storing %saccount %s with RID %d\n",
     814             :                   flag == TDB_INSERT ? "(new) " : "", name,
     815             :                   pdb_get_user_rid(newpwd)));
     816             : 
     817             :         /* setup the USER index key */
     818        1276 :         fstr_sprintf(keystr, "%s%s", USERPREFIX, name);
     819             : 
     820             :         /* add the account */
     821             : 
     822        1276 :         status = dbwrap_store_bystring(db_sam, keystr, data, flag);
     823        1276 :         if (!NT_STATUS_IS_OK(status)) {
     824           0 :                 DEBUG(0, ("Unable to modify passwd TDB: %s!\n",
     825             :                           nt_errstr(status)));
     826           0 :                 goto done;
     827             :         }
     828             : 
     829        1276 :         ret = true;
     830             : 
     831        1276 : done:
     832             :         /* cleanup */
     833        1276 :         SAFE_FREE(buf);
     834        1276 :         return ret;
     835             : }
     836             : 
     837             : /***************************************************************************
     838             :  Update the TDB SAM RID record only
     839             :  Assumes that the tdbsam is already open
     840             : ****************************************************************************/
     841        1276 : static bool tdb_update_ridrec_only( struct samu* newpwd, int flag )
     842             : {
     843           0 :         TDB_DATA        data;
     844           0 :         fstring         keystr;
     845           0 :         fstring         name;
     846           0 :         NTSTATUS status;
     847             : 
     848        1276 :         fstrcpy(name, pdb_get_username(newpwd));
     849        1276 :         if (!strlower_m(name)) {
     850           0 :                 return false;
     851             :         }
     852             : 
     853             :         /* setup RID data */
     854        1276 :         data = string_term_tdb_data(name);
     855             : 
     856             :         /* setup the RID index key */
     857        1276 :         fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, pdb_get_user_rid(newpwd));
     858             : 
     859             :         /* add the reference */
     860        1276 :         status = dbwrap_store_bystring(db_sam, keystr, data, flag);
     861        1276 :         if (!NT_STATUS_IS_OK(status)) {
     862           0 :                 DEBUG(0, ("Unable to modify TDB passwd: %s!\n",
     863             :                           nt_errstr(status)));
     864           0 :                 return false;
     865             :         }
     866             : 
     867        1276 :         return true;
     868             : 
     869             : }
     870             : 
     871             : /***************************************************************************
     872             :  Update the TDB SAM
     873             : ****************************************************************************/
     874             : 
     875        1276 : static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd,
     876             :                            int flag)
     877             : {
     878           0 :         uint32_t oldrid;
     879           0 :         uint32_t newrid;
     880             : 
     881        1276 :         if (!(newrid = pdb_get_user_rid(newpwd))) {
     882           0 :                 DEBUG(0,("tdb_update_sam: struct samu (%s) with no RID!\n",
     883             :                          pdb_get_username(newpwd)));
     884           0 :                 return False;
     885             :         }
     886             : 
     887        1276 :         oldrid = newrid;
     888             : 
     889             :         /* open the database */
     890             : 
     891        1276 :         if ( !tdbsam_open( tdbsam_filename ) ) {
     892           0 :                 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
     893           0 :                 return False;
     894             :         }
     895             : 
     896        1276 :         if (dbwrap_transaction_start(db_sam) != 0) {
     897           0 :                 DEBUG(0, ("Could not start transaction\n"));
     898           0 :                 return false;
     899             :         }
     900             : 
     901             :         /* If we are updating, we may be changing this users RID. Retrieve the old RID
     902             :            so we can check. */
     903             : 
     904        1276 :         if (flag == TDB_MODIFY) {
     905         762 :                 struct samu *account = samu_new(talloc_tos());
     906         762 :                 if (account == NULL) {
     907           0 :                         DEBUG(0,("tdb_update_sam: samu_new() failed\n"));
     908           0 :                         goto cancel;
     909             :                 }
     910         762 :                 if (!NT_STATUS_IS_OK(tdbsam_getsampwnam(my_methods, account, pdb_get_username(newpwd)))) {
     911           0 :                         DEBUG(0,("tdb_update_sam: tdbsam_getsampwnam() for %s failed\n",
     912             :                                 pdb_get_username(newpwd)));
     913           0 :                         TALLOC_FREE(account);
     914           0 :                         goto cancel;
     915             :                 }
     916         762 :                 if (!(oldrid = pdb_get_user_rid(account))) {
     917           0 :                         DEBUG(0,("tdb_update_sam: pdb_get_user_rid() failed\n"));
     918           0 :                         TALLOC_FREE(account);
     919           0 :                         goto cancel;
     920             :                 }
     921         762 :                 TALLOC_FREE(account);
     922             :         }
     923             : 
     924             :         /* Update the new samu entry. */
     925        1276 :         if (!tdb_update_samacct_only(newpwd, flag)) {
     926           0 :                 goto cancel;
     927             :         }
     928             : 
     929             :         /* Now take care of the case where the RID changed. We need
     930             :          * to delete the old RID key and add the new. */
     931             : 
     932        1276 :         if (flag == TDB_MODIFY && newrid != oldrid) {
     933           0 :                 fstring keystr;
     934             : 
     935             :                 /* Delete old RID key */
     936           0 :                 DEBUG(10, ("tdb_update_sam: Deleting key for RID %u\n", oldrid));
     937           0 :                 fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, oldrid);
     938           0 :                 if (!NT_STATUS_IS_OK(dbwrap_delete_bystring(db_sam, keystr))) {
     939           0 :                         DEBUG(0, ("tdb_update_sam: Can't delete %s\n", keystr));
     940           0 :                         goto cancel;
     941             :                 }
     942             :                 /* Insert new RID key */
     943           0 :                 DEBUG(10, ("tdb_update_sam: Inserting key for RID %u\n", newrid));
     944           0 :                 if (!tdb_update_ridrec_only(newpwd, TDB_INSERT)) {
     945           0 :                         goto cancel;
     946             :                 }
     947             :         } else {
     948        1276 :                 DEBUG(10, ("tdb_update_sam: %s key for RID %u\n",
     949             :                         flag == TDB_MODIFY ? "Updating" : "Inserting", newrid));
     950        1276 :                 if (!tdb_update_ridrec_only(newpwd, flag)) {
     951           0 :                         goto cancel;
     952             :                 }
     953             :         }
     954             : 
     955        1276 :         if (dbwrap_transaction_commit(db_sam) != 0) {
     956           0 :                 DEBUG(0, ("Could not commit transaction\n"));
     957           0 :                 return false;
     958             :         }
     959             : 
     960        1276 :         return true;
     961             : 
     962           0 :  cancel:
     963           0 :         if (dbwrap_transaction_cancel(db_sam) != 0) {
     964           0 :                 smb_panic("transaction_cancel failed");
     965             :         }
     966           0 :         return false;
     967             : }
     968             : 
     969             : /***************************************************************************
     970             :  Modifies an existing struct samu
     971             : ****************************************************************************/
     972             : 
     973         762 : static NTSTATUS tdbsam_update_sam_account (struct pdb_methods *my_methods, struct samu *newpwd)
     974             : {
     975         762 :         if ( !tdb_update_sam(my_methods, newpwd, TDB_MODIFY) )
     976           0 :                 return NT_STATUS_UNSUCCESSFUL;
     977             : 
     978         762 :         return NT_STATUS_OK;
     979             : }
     980             : 
     981             : /***************************************************************************
     982             :  Adds an existing struct samu
     983             : ****************************************************************************/
     984             : 
     985         514 : static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, struct samu *newpwd)
     986             : {
     987         514 :         if ( !tdb_update_sam(my_methods, newpwd, TDB_INSERT) )
     988           0 :                 return NT_STATUS_UNSUCCESSFUL;
     989             : 
     990         514 :         return NT_STATUS_OK;
     991             : }
     992             : 
     993             : /***************************************************************************
     994             :  Renames a struct samu
     995             :  - check for the posix user/rename user script
     996             :  - Add and lock the new user record
     997             :  - rename the posix user
     998             :  - rewrite the rid->username record
     999             :  - delete the old user
    1000             :  - unlock the new user record
    1001             : ***************************************************************************/
    1002           0 : static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods,
    1003             :                                           struct samu *old_acct,
    1004             :                                           const char *newname)
    1005             : {
    1006           0 :         const struct loadparm_substitution *lp_sub =
    1007           0 :                 loadparm_s3_global_substitution();
    1008           0 :         struct samu      *new_acct = NULL;
    1009           0 :         char *rename_script = NULL;
    1010           0 :         int              rename_ret;
    1011           0 :         fstring          oldname_lower;
    1012           0 :         fstring          newname_lower;
    1013             : 
    1014             :         /* can't do anything without an external script */
    1015             : 
    1016           0 :         if ( !(new_acct = samu_new( talloc_tos() )) ) {
    1017           0 :                 return NT_STATUS_NO_MEMORY;
    1018             :         }
    1019             : 
    1020           0 :         rename_script = lp_rename_user_script(new_acct, lp_sub);
    1021           0 :         if (!rename_script) {
    1022           0 :                 TALLOC_FREE(new_acct);
    1023           0 :                 return NT_STATUS_NO_MEMORY;
    1024             :         }
    1025           0 :         if (!*rename_script) {
    1026           0 :                 TALLOC_FREE(new_acct);
    1027           0 :                 return NT_STATUS_ACCESS_DENIED;
    1028             :         }
    1029             : 
    1030           0 :         if ( !pdb_copy_sam_account(new_acct, old_acct)
    1031           0 :                 || !pdb_set_username(new_acct, newname, PDB_CHANGED))
    1032             :         {
    1033           0 :                 TALLOC_FREE(new_acct);
    1034           0 :                 return NT_STATUS_NO_MEMORY;
    1035             :         }
    1036             : 
    1037             :         /* open the database */
    1038           0 :         if ( !tdbsam_open( tdbsam_filename ) ) {
    1039           0 :                 DEBUG(0, ("tdbsam_getsampwnam: failed to open %s!\n",
    1040             :                           tdbsam_filename));
    1041           0 :                 TALLOC_FREE(new_acct);
    1042           0 :                 return NT_STATUS_ACCESS_DENIED;
    1043             :         }
    1044             : 
    1045           0 :         if (dbwrap_transaction_start(db_sam) != 0) {
    1046           0 :                 DEBUG(0, ("Could not start transaction\n"));
    1047           0 :                 TALLOC_FREE(new_acct);
    1048           0 :                 return NT_STATUS_ACCESS_DENIED;
    1049             : 
    1050             :         }
    1051             : 
    1052             :         /* add the new account and lock it */
    1053           0 :         if ( !tdb_update_samacct_only(new_acct, TDB_INSERT) ) {
    1054           0 :                 goto cancel;
    1055             :         }
    1056             : 
    1057             :         /* Rename the posix user.  Follow the semantics of _samr_create_user()
    1058             :            so that we lower case the posix name but preserve the case in passdb */
    1059             : 
    1060           0 :         fstrcpy( oldname_lower, pdb_get_username(old_acct) );
    1061           0 :         if (!strlower_m( oldname_lower )) {
    1062           0 :                 goto cancel;
    1063             :         }
    1064             : 
    1065           0 :         fstrcpy( newname_lower, newname );
    1066           0 :         if (!strlower_m( newname_lower )) {
    1067           0 :                 goto cancel;
    1068             :         }
    1069             : 
    1070           0 :         rename_script = talloc_string_sub2(new_acct,
    1071             :                                 rename_script,
    1072             :                                 "%unew",
    1073             :                                 newname_lower,
    1074             :                                 true,
    1075             :                                 false,
    1076             :                                 true);
    1077           0 :         if (!rename_script) {
    1078           0 :                 goto cancel;
    1079             :         }
    1080           0 :         rename_script = talloc_string_sub2(new_acct,
    1081             :                                 rename_script,
    1082             :                                 "%uold",
    1083             :                                 oldname_lower,
    1084             :                                 true,
    1085             :                                 false,
    1086             :                                 true);
    1087           0 :         if (!rename_script) {
    1088           0 :                 goto cancel;
    1089             :         }
    1090           0 :         rename_ret = smbrun(rename_script, NULL, NULL);
    1091             : 
    1092           0 :         DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n",
    1093             :                                 rename_script, rename_ret));
    1094             : 
    1095           0 :         if (rename_ret != 0) {
    1096           0 :                 goto cancel;
    1097             :         }
    1098             : 
    1099           0 :         smb_nscd_flush_user_cache();
    1100             : 
    1101             :         /* rewrite the rid->username record */
    1102             : 
    1103           0 :         if ( !tdb_update_ridrec_only( new_acct, TDB_MODIFY) ) {
    1104           0 :                 goto cancel;
    1105             :         }
    1106             : 
    1107           0 :         tdb_delete_samacct_only( old_acct );
    1108             : 
    1109           0 :         if (dbwrap_transaction_commit(db_sam) != 0) {
    1110             :                 /*
    1111             :                  * Ok, we're screwed. We've changed the posix account, but
    1112             :                  * could not adapt passdb.tdb. Shall we change the posix
    1113             :                  * account back?
    1114             :                  */
    1115           0 :                 DEBUG(0, ("transaction_commit failed\n"));
    1116           0 :                 TALLOC_FREE(new_acct);
    1117           0 :                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
    1118             :         }
    1119             : 
    1120           0 :         TALLOC_FREE(new_acct );
    1121           0 :         return NT_STATUS_OK;
    1122             : 
    1123           0 :  cancel:
    1124           0 :         if (dbwrap_transaction_cancel(db_sam) != 0) {
    1125           0 :                 smb_panic("transaction_cancel failed");
    1126             :         }
    1127             : 
    1128           0 :         TALLOC_FREE(new_acct);
    1129             : 
    1130           0 :         return NT_STATUS_ACCESS_DENIED;
    1131             : }
    1132             : 
    1133        1549 : static uint32_t tdbsam_capabilities(struct pdb_methods *methods)
    1134             : {
    1135        1549 :         return PDB_CAP_STORE_RIDS;
    1136             : }
    1137             : 
    1138        1116 : static bool tdbsam_new_rid(struct pdb_methods *methods, uint32_t *prid)
    1139             : {
    1140           0 :         uint32_t rid;
    1141           0 :         NTSTATUS status;
    1142             : 
    1143        1116 :         rid = BASE_RID;         /* Default if not set */
    1144             : 
    1145        1116 :         if (!tdbsam_open(tdbsam_filename)) {
    1146           0 :                 DEBUG(0,("tdbsam_new_rid: failed to open %s!\n",
    1147             :                         tdbsam_filename));
    1148           0 :                 return false;
    1149             :         }
    1150             : 
    1151        1116 :         status = dbwrap_trans_change_uint32_atomic_bystring(
    1152             :                 db_sam, NEXT_RID_STRING, &rid, 1);
    1153        1116 :         if (!NT_STATUS_IS_OK(status)) {
    1154           0 :                 DEBUG(3, ("tdbsam_new_rid: Failed to increase %s: %s\n",
    1155             :                         NEXT_RID_STRING, nt_errstr(status)));
    1156           0 :                 return false;
    1157             :         }
    1158             : 
    1159        1116 :         *prid = rid;
    1160             : 
    1161        1116 :         return true;
    1162             : }
    1163             : 
    1164             : struct tdbsam_search_state {
    1165             :         struct pdb_methods *methods;
    1166             :         uint32_t acct_flags;
    1167             : 
    1168             :         uint32_t *rids;
    1169             :         uint32_t num_rids;
    1170             :         ssize_t array_size;
    1171             :         uint32_t current;
    1172             : };
    1173             : 
    1174        1471 : static int tdbsam_collect_rids(struct db_record *rec, void *private_data)
    1175             : {
    1176        1471 :         struct tdbsam_search_state *state = talloc_get_type_abort(
    1177             :                 private_data, struct tdbsam_search_state);
    1178        1471 :         size_t prefixlen = strlen(RIDPREFIX);
    1179          63 :         uint32_t rid;
    1180        1471 :         int error = 0;
    1181          63 :         TDB_DATA key;
    1182             : 
    1183        1471 :         key = dbwrap_record_get_key(rec);
    1184             : 
    1185        1471 :         if ((key.dsize < prefixlen)
    1186        1471 :             || (strncmp((char *)key.dptr, RIDPREFIX, prefixlen))) {
    1187         716 :                 return 0;
    1188             :         }
    1189             : 
    1190         713 :         rid = smb_strtoul((char *)key.dptr+prefixlen,
    1191             :                           NULL,
    1192             :                           16,
    1193             :                           &error,
    1194             :                           SMB_STR_STANDARD);
    1195         713 :         if (error != 0) {
    1196           0 :                 return 0;
    1197             :         }
    1198             : 
    1199         713 :         ADD_TO_LARGE_ARRAY(state, uint32_t, rid, &state->rids, &state->num_rids,
    1200          21 :                            &state->array_size);
    1201             : 
    1202         713 :         return 0;
    1203             : }
    1204             : 
    1205          15 : static void tdbsam_search_end(struct pdb_search *search)
    1206             : {
    1207          15 :         struct tdbsam_search_state *state = talloc_get_type_abort(
    1208             :                 search->private_data, struct tdbsam_search_state);
    1209          15 :         TALLOC_FREE(state);
    1210          15 : }
    1211             : 
    1212         718 : static bool tdbsam_search_next_entry(struct pdb_search *search,
    1213             :                                      struct samr_displayentry *entry)
    1214             : {
    1215         718 :         struct tdbsam_search_state *state = talloc_get_type_abort(
    1216             :                 search->private_data, struct tdbsam_search_state);
    1217         718 :         struct samu *user = NULL;
    1218          28 :         NTSTATUS status;
    1219          28 :         uint32_t rid;
    1220             : 
    1221         700 :  again:
    1222         728 :         TALLOC_FREE(user);
    1223         728 :         user = samu_new(talloc_tos());
    1224         728 :         if (user == NULL) {
    1225           0 :                 DEBUG(0, ("samu_new failed\n"));
    1226           0 :                 return false;
    1227             :         }
    1228             : 
    1229         728 :         if (state->current == state->num_rids) {
    1230          15 :                 TALLOC_FREE(user);
    1231          15 :                 return false;
    1232             :         }
    1233             : 
    1234         713 :         rid = state->rids[state->current++];
    1235             : 
    1236         713 :         status = tdbsam_getsampwrid(state->methods, user, rid);
    1237             : 
    1238         713 :         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
    1239             :                 /*
    1240             :                  * Someone has deleted that user since we listed the RIDs
    1241             :                  */
    1242           0 :                 goto again;
    1243             :         }
    1244             : 
    1245         713 :         if (!NT_STATUS_IS_OK(status)) {
    1246           0 :                 DEBUG(10, ("tdbsam_getsampwrid failed: %s\n",
    1247             :                            nt_errstr(status)));
    1248           0 :                 TALLOC_FREE(user);
    1249           0 :                 return false;
    1250             :         }
    1251             : 
    1252         713 :         if ((state->acct_flags != 0) &&
    1253         692 :             ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) {
    1254          10 :                 goto again;
    1255             :         }
    1256             : 
    1257         703 :         entry->acct_flags = pdb_get_acct_ctrl(user);
    1258         703 :         entry->rid = rid;
    1259         703 :         entry->account_name = talloc_strdup(search, pdb_get_username(user));
    1260         703 :         entry->fullname = talloc_strdup(search, pdb_get_fullname(user));
    1261         703 :         entry->description = talloc_strdup(search, pdb_get_acct_desc(user));
    1262             : 
    1263         703 :         TALLOC_FREE(user);
    1264             : 
    1265         703 :         if ((entry->account_name == NULL) || (entry->fullname == NULL)
    1266         703 :             || (entry->description == NULL)) {
    1267           0 :                 DEBUG(0, ("talloc_strdup failed\n"));
    1268           0 :                 return false;
    1269             :         }
    1270             : 
    1271         682 :         return true;
    1272             : }
    1273             : 
    1274          15 : static bool tdbsam_search_users(struct pdb_methods *methods,
    1275             :                                 struct pdb_search *search,
    1276             :                                 uint32_t acct_flags)
    1277             : {
    1278           7 :         struct tdbsam_search_state *state;
    1279             : 
    1280          15 :         if (!tdbsam_open(tdbsam_filename)) {
    1281           0 :                 DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n",
    1282             :                          tdbsam_filename));
    1283           0 :                 return false;
    1284             :         }
    1285             : 
    1286          15 :         state = talloc_zero(search, struct tdbsam_search_state);
    1287          15 :         if (state == NULL) {
    1288           0 :                 DEBUG(0, ("talloc failed\n"));
    1289           0 :                 return false;
    1290             :         }
    1291          15 :         state->acct_flags = acct_flags;
    1292          15 :         state->methods = methods;
    1293             : 
    1294          15 :         dbwrap_traverse_read(db_sam, tdbsam_collect_rids, state, NULL);
    1295             : 
    1296          15 :         search->private_data = state;
    1297          15 :         search->next_entry = tdbsam_search_next_entry;
    1298          15 :         search->search_end = tdbsam_search_end;
    1299             : 
    1300          15 :         return true;
    1301             : }
    1302             : 
    1303       67894 : static bool tdbsam_is_responsible_for_builtin(struct pdb_methods *m)
    1304             : {
    1305       67894 :         return map_builtin;
    1306             : }
    1307             : 
    1308             : /*********************************************************************
    1309             :  Initialize the tdb sam backend.  Setup the dispatch table of methods,
    1310             :  open the tdb, etc...
    1311             : *********************************************************************/
    1312             : 
    1313       22997 : static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *location)
    1314             : {
    1315          15 :         NTSTATUS nt_status;
    1316       22997 :         char *tdbfile = NULL;
    1317       22997 :         const char *pfile = location;
    1318             : 
    1319       22997 :         if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) {
    1320           0 :                 return nt_status;
    1321             :         }
    1322             : 
    1323       22997 :         (*pdb_method)->name = "tdbsam";
    1324             : 
    1325       22997 :         (*pdb_method)->getsampwnam = tdbsam_getsampwnam;
    1326       22997 :         (*pdb_method)->getsampwsid = tdbsam_getsampwsid;
    1327       22997 :         (*pdb_method)->add_sam_account = tdbsam_add_sam_account;
    1328       22997 :         (*pdb_method)->update_sam_account = tdbsam_update_sam_account;
    1329       22997 :         (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
    1330       22997 :         (*pdb_method)->rename_sam_account = tdbsam_rename_sam_account;
    1331       22997 :         (*pdb_method)->search_users = tdbsam_search_users;
    1332             : 
    1333       22997 :         (*pdb_method)->capabilities = tdbsam_capabilities;
    1334       22997 :         (*pdb_method)->new_rid = tdbsam_new_rid;
    1335             : 
    1336       22997 :         (*pdb_method)->is_responsible_for_builtin =
    1337             :                                         tdbsam_is_responsible_for_builtin;
    1338       22997 :         map_builtin = lp_parm_bool(-1, "tdbsam", "map builtin", true);
    1339             : 
    1340             :         /* save the path for later */
    1341             : 
    1342       22997 :         if (!location) {
    1343       22991 :                 if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
    1344             :                              PASSDB_FILE_NAME) < 0) {
    1345           0 :                         return NT_STATUS_NO_MEMORY;
    1346             :                 }
    1347       22991 :                 pfile = tdbfile;
    1348             :         }
    1349       22997 :         tdbsam_filename = SMB_STRDUP(pfile);
    1350       22997 :         if (!tdbsam_filename) {
    1351           0 :                 return NT_STATUS_NO_MEMORY;
    1352             :         }
    1353       22997 :         SAFE_FREE(tdbfile);
    1354             : 
    1355             :         /* no private data */
    1356             : 
    1357       22997 :         (*pdb_method)->private_data      = NULL;
    1358       22997 :         (*pdb_method)->free_private_data = NULL;
    1359             : 
    1360       22997 :         return NT_STATUS_OK;
    1361             : }
    1362             : 
    1363        1814 : NTSTATUS pdb_tdbsam_init(TALLOC_CTX *ctx)
    1364             : {
    1365        1814 :         return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
    1366             : }

Generated by: LCOV version 1.14