Changeset 988 for vendor/current/source3/passdb/pdb_interface.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source3/passdb/pdb_interface.c (modified) (57 diffs)

vendor/current/source3/passdb/pdb_interface.c

@@ -25 +25 @@
 #include "passdb.h"
 #include "secrets.h"
+
 #include "../librpc/gen_ndr/samr.h"
-#include "memcache.h"
+#include "../librpc/gen_ndr/drsblobs.h"
+#include "../librpc/gen_ndr/ndr_drsblobs.h"
+#include "../librpc/gen_ndr/idmap.h"
+#include "../lib/util/memcache.h"
 #include "nsswitch/winbind_client.h"
 #include "../libcli/security/security.h"
 #include "../lib/util/util_pw.h"
+
+
+
 
 #undef DBGC_CLASS
@@ -48 +55 @@
 }
 
-static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
+static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
                                   const char **name,
                                   enum lsa_SidType *psid_name_use,
-                                  union unid_t *unix_id);
+                                  uid);
 
 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) 
@@ -97 +104 @@
         return NULL;
 }
+
+
+
+
+
+
 
 /*
@@ -108 +121 @@
  */
 
-static struct event_context *pdb_event_ctx;
-
-struct event_context *pdb_get_event_context(void)
-{
-        return pdb_event_ctx;
+static struct event_ctx;
+
+struct event_context(void)
+{
+        return pdb_event_ctx;
 }
 
@@ -189 +202 @@
                 }
                 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
-                        char *msg = NULL;
-                        if (asprintf(&msg, "pdb_get_methods_reload: "
-                                        "failed to get pdb methods for backend %s\n",
-                                        lp_passdb_backend()) > 0) {
-                                smb_panic(msg);
-                        } else {
-                                smb_panic("pdb_get_methods_reload");
-                        }
+                        return NULL;
                 }
         }
@@ -202 +208 @@
         if ( !pdb ) {
                 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {
-                        char *msg = NULL;
-                        if (asprintf(&msg, "pdb_get_methods_reload: "
-                                        "failed to get pdb methods for backend %s\n",
-                                        lp_passdb_backend()) > 0) {
-                                smb_panic(msg);
-                        } else {
-                                smb_panic("pdb_get_methods_reload");
-                        }
+                        return NULL;
                 }
         }
@@ -218 +217 @@
 static struct pdb_methods *pdb_get_methods(void)
 {
-        return pdb_get_methods_reload(False);
+        struct pdb_methods *pdb;
+
+        pdb = pdb_get_methods_reload(false);
+        if (!pdb) {
+                char *msg = NULL;
+                if (asprintf(&msg, "pdb_get_methods: "
+                             "failed to get pdb methods for backend %s\n",
+                             lp_passdb_backend()) > 0) {
+                        smb_panic(msg);
+                } else {
+                        smb_panic("pdb_get_methods");
+                }
+        }
+
+        return pdb;
 }
 
@@ -356 +369 @@
         struct passwd *pwd;
         NTSTATUS result;
-        const char *guestname = lp_guestaccount();
+        const char *guestname = lp_guestaccount();
 
         pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
@@ -448 +461 @@
 
                 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
-                        add_script = talloc_strdup(tmp_ctx,
-                                        lp_adduser_script());
+                        add_script = lp_add_user_script(tmp_ctx);
                 } else {
-                        add_script = talloc_strdup(tmp_ctx,
-                                        lp_addmachine_script());
+                        add_script = lp_add_machine_script(tmp_ctx);
                 }
 
@@ -464 +475 @@
                    compatibility with previous Samba releases */
                 fstrcpy( name2, name );
-                strlower_m( name2 );
+                if (!strlower_m( name2 )) {
+                        return NT_STATUS_INVALID_PARAMETER;
+                }
                 add_script = talloc_all_string_sub(tmp_ctx,
                                         add_script,
@@ -491 +504 @@
         /* we have a valid SID coming out of this call */
 
-        status = samu_alloc_rid_unix( sam_pass, pwd );
+        status = samu_alloc_rid_unix();
 
         TALLOC_FREE( pwd );
@@ -516 +529 @@
         pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
 
-        status = pdb_add_sam_account(sam_pass);
+        status = sam_pass);
 
         TALLOC_FREE(sam_pass);
@@ -546 +559 @@
         }
 
-        del_script = talloc_strdup(talloc_tos(), lp_deluser_script());
+        del_script = ());
         if (!del_script || !*del_script) {
                 return -1;
@@ -574 +587 @@
         fstring username;
 
-        status = pdb_delete_sam_account(sam_acct);
+        status = sam_acct);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
@@ -590 +603 @@
 
         fstrcpy( username, pdb_get_username(sam_acct) );
-        strlower_m( username );
+        if (!strlower_m( username )) {
+                return status;
+        }
 
         smb_delete_user( username );
@@ -601 +616 @@
         struct pdb_methods *pdb = pdb_get_methods();
         uid_t uid = -1;
+
+
+
+
+
 
         /* sanity check to make sure we don't delete root */
 
-        if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {
+        if ( !sid_to_uid(, &uid ) ) {
                 return NT_STATUS_NO_SUCH_USER;
         }
@@ -612 +632 @@
         }
 
-        return pdb->delete_user(pdb, mem_ctx, sam_acct);
+        memcache_delete(NULL,
+                        PDB_GETPWSID_CACHE,
+                        data_blob_const(user_sid, sizeof(*user_sid)));
+
+        status = pdb->delete_user(pdb, mem_ctx, sam_acct);
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
+
+        msg_data = talloc_asprintf(mem_ctx, "USER %s",
+                                   pdb_get_username(sam_acct));
+        if (!msg_data) {
+                /* not fatal, and too late to rollback,
+                 * just return */
+                return status;
+        }
+        message_send_all(server_messaging_context(),
+                         ID_CACHE_DELETE,
+                         msg_data,
+                         strlen(msg_data) + 1,
+                         NULL);
+
+        TALLOC_FREE(msg_data);
+        return status;
 }
 
@@ -633 +676 @@
 {
         struct pdb_methods *pdb = pdb_get_methods();
-
-        memcache_flush(NULL, PDB_GETPWSID_CACHE);
+        const struct dom_sid *user_sid = pdb_get_user_sid(sam_acct);
+
+        memcache_delete(NULL,
+                        PDB_GETPWSID_CACHE,
+                        data_blob_const(user_sid, sizeof(*user_sid)));
 
         return pdb->delete_sam_account(pdb, sam_acct);
@@ -740 +786 @@
 {
         struct dom_sid group_sid;
-        GROUP_MAP map;
+        GROUP_MAP map;
         NTSTATUS status;
         struct group *grp;
         const char *grp_name;
 
+
+
+
+
+
         /* coverity */
-        map.gid = (gid_t) -1;
+        mapgid = (gid_t) -1;
 
         sid_compose(&group_sid, get_global_sam_sid(), rid);
 
-        if (!get_domain_group_from_sid(group_sid, &map)) {
+        if (!get_domain_group_from_sid(group_sid, map)) {
                 DEBUG(10, ("Could not find group for rid %d\n", rid));
                 return NT_STATUS_NO_SUCH_GROUP;
@@ -757 +808 @@
         /* We need the group name for the smb_delete_group later on */
 
-        if (map.gid == (gid_t)-1) {
+        if (mapgid == (gid_t)-1) {
                 return NT_STATUS_NO_SUCH_GROUP;
         }
 
-        grp = getgrgid(map.gid);
+        grp = getgrgid(mapgid);
         if (grp == NULL) {
                 return NT_STATUS_NO_SUCH_GROUP;
         }
+
+
 
         /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
@@ -810 +863 @@
 }
 
-bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
-                            size_t *p_num_entries, bool unix_only)
+bool pdb_enum_group_mapping(const struct dom_sid *sid,
+                            enum lsa_SidType sid_name_use,
+                            GROUP_MAP ***pp_rmap,
+                            size_t *p_num_entries,
+                            bool unix_only)
 {
         struct pdb_methods *pdb = pdb_get_methods();
@@ -917 +973 @@
         struct dom_sid group_sid, member_sid;
         struct samu *account = NULL;
-        GROUP_MAP map;
+        GROUP_MAP map;
         struct group *grp;
         struct passwd *pwd;
@@ -923 +979 @@
         uid_t uid;
 
+
+
+
+
+
         /* coverity */
-        map.gid = (gid_t) -1;
+        mapgid = (gid_t) -1;
 
         sid_compose(&group_sid, get_global_sam_sid(), group_rid);
         sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
-        if (!get_domain_group_from_sid(group_sid, &map) ||
-            (map.gid == (gid_t)-1) ||
-            ((grp = getgrgid(map.gid)) == NULL)) {
+        if (!get_domain_group_from_sid(group_sid, map) ||
+            (mapgid == (gid_t)-1) ||
+            ((grp = getgrgid(mapgid)) == NULL)) {
                 return NT_STATUS_NO_SUCH_GROUP;
         }
+
+
 
         group_name = talloc_strdup(mem_ctx, grp->gr_name);
@@ -982 +1045 @@
         struct dom_sid group_sid, member_sid;
         struct samu *account = NULL;
-        GROUP_MAP map;
+        GROUP_MAP map;
         struct group *grp;
         struct passwd *pwd;
@@ -988 +1051 @@
         uid_t uid;
 
+
+
+
+
+
         sid_compose(&group_sid, get_global_sam_sid(), group_rid);
         sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
-        if (!get_domain_group_from_sid(group_sid, &map) ||
-            (map.gid == (gid_t)-1) ||
-            ((grp = getgrgid(map.gid)) == NULL)) {
+        if (!get_domain_group_from_sid(group_sid, map) ||
+            (mapgid == (gid_t)-1) ||
+            ((grp = getgrgid(mapgid)) == NULL)) {
                 return NT_STATUS_NO_SUCH_GROUP;
         }
+
+
 
         group_name = talloc_strdup(mem_ctx, grp->gr_name);
@@ -1105 +1175 @@
 }
 
-/* 
- * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere 
- *       in the samba code.
- *       Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually 
- *       also ask pdb_lookup_rids, thus looking up a bunch of rids at a time, 
- *       the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
- *       down to are pdb_getsampwnam and pdb_getgrnam instead of
- *       pdb_lookup_names.
- *       But in principle, it the call belongs to the API and might get
- *       used in this context some day. 
- */
-#if 0
-NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid,
-                          int num_names,
-                          const char **names,
-                          uint32_t *rids,
-                          enum lsa_SidType *attrs)
-{
-        struct pdb_methods *pdb = pdb_get_methods();
-        return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
-}
-#endif
-
 bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
 {
@@ -1158 +1205 @@
 }
 
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid)
-{
-        struct pdb_methods *pdb = pdb_get_methods();
-        return pdb->uid_to_sid(pdb, uid, sid);
-}
-
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
-{
-        struct pdb_methods *pdb = pdb_get_methods();
-        return pdb->gid_to_sid(pdb, gid, sid);
-}
-
-bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id,
-                   enum lsa_SidType *type)
-{
-        struct pdb_methods *pdb = pdb_get_methods();
-        return pdb->sid_to_id(pdb, sid, id, type);
+/* 
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid. 
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID. 
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
+{
+        struct pdb_methods *pdb = pdb_get_methods();
+        bool ret;
+
+        ret = pdb->id_to_sid(pdb, id, sid);
+
+        if (ret == true) {
+                idmap_cache_set_sid2unixid(sid, id);
+        }
+
+        return ret;
+}
+
+bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
+{
+        struct pdb_methods *pdb = pdb_get_methods();
+        bool ret;
+
+        /* only ask the backend if it is responsible */
+        if (!sid_check_object_is_for_passdb(sid)) {
+                return false;
+        }
+
+        ret = pdb->sid_to_id(pdb, sid, id);
+
+        if (ret == true) {
+                idmap_cache_set_sid2unixid(sid, id);
+        }
+
+        return ret;
 }
 
@@ -1231 +1300 @@
                 /* validate that the RID is not in use */
 
-                if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL ) ) {
+                if () {
                         allocated_rid = 0;
                 }
@@ -1254 +1323 @@
  ***************************************************************/
 
-bool initialize_password_db(bool reload, struct event_context *event_ctx)
-{
-        pdb_event_ctx = event_ctx;
+bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx)
+{
+        if (tevent_ctx) {
+                pdb_tevent_ctx = tevent_ctx;
+        }
         return (pdb_get_methods_reload(reload) != NULL);
 }
-
 
 /***************************************************************************
@@ -1325 +1395 @@
         bool ret;
 
-        unix_pw = sys_getpwuid( uid );
+        unix_pw = getpwuid( uid );
 
         if ( !unix_pw ) {
@@ -1360 +1430 @@
                                    struct dom_sid *sid)
 {
-        GROUP_MAP map;
-
-        if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
-                return False;
-        }
-
-        sid_copy(sid, &map.sid);
-        return True;
+        GROUP_MAP *map;
+
+        map = talloc_zero(NULL, GROUP_MAP);
+        if (!map) {
+                return false;
+        }
+
+        if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
+                TALLOC_FREE(map);
+                return false;
+        }
+
+        sid_copy(sid, &map->sid);
+        TALLOC_FREE(map);
+        return true;
+}
+
+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+                                   struct dom_sid *sid)
+{
+        switch (id->type) {
+        case ID_TYPE_UID:
+                return pdb_default_uid_to_sid(methods, id->id, sid);
+
+        case ID_TYPE_GID:
+                return pdb_default_gid_to_sid(methods, id->id, sid);
+
+        default:
+                return false;
+        }
+}
+/**
+ * The "Unix User" and "Unix Group" domains have a special
+ * id mapping that is a rid-algorithm with range starting at 0.
+ */
+bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+                                         struct unixid *id)
+{
+        uint32_t rid;
+
+        id->id = -1;
+
+        if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
+                id->id = rid;
+                id->type = ID_TYPE_UID;
+                return true;
+        }
+
+        if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
+                id->id = rid;
+                id->type = ID_TYPE_GID;
+                return true;
+        }
+
+        return false;
 }
 
 static bool pdb_default_sid_to_id(struct pdb_methods *methods,
                                   const struct dom_sid *sid,
-                                  union unid_t *id, enum lsa_SidType *type)
+                                  )
 {
         TALLOC_CTX *mem_ctx;
         bool ret = False;
-        const char *name;
         uint32_t rid;
+
 
         mem_ctx = talloc_new(NULL);
@@ -1387 +1504 @@
 
         if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
+
+
+
+
                 /* Here we might have users as well as groups and aliases */
-                ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id);
+                ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid);
+                if (ret) {
+                        switch (type) {
+                        case SID_NAME_DOM_GRP:
+                        case SID_NAME_ALIAS:
+                                id->type = ID_TYPE_GID;
+                                id->id = gid;
+                                break;
+                        case SID_NAME_USER:
+                                id->type = ID_TYPE_UID;
+                                id->id = uid;
+                                break;
+                        default:
+                                DEBUG(5, ("SID %s belongs to our domain, and "
+                                          "an object exists in the database, "
+                                           "but it is neither a user nor a "
+                                           "group (got type %d).\n",
+                                          sid_string_dbg(sid), type));
+                                ret = false;
+                        }
+                } else {
+                        DEBUG(5, ("SID %s belongs to our domain, but there is "
+                                  "no corresponding object in the database.\n",
+                                  sid_string_dbg(sid)));
+                }
                 goto done;
         }
 
-        /* check for "Unix User" */
-
-        if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
-                id->uid = rid;
-                *type = SID_NAME_USER;
-                ret = True;             
-                goto done;              
-        }
-
-        /* check for "Unix Group" */
-
-        if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
-                id->gid = rid;
-                *type = SID_NAME_ALIAS;
-                ret = True;             
-                goto done;              
+        /*
+         * "Unix User" and "Unix Group"
+         */
+        ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
+        if (ret == true) {
+                goto done;
         }
 
@@ -1415 +1550 @@
             sid_check_is_in_wellknown_domain(sid)) {
                 /* Here we only have aliases */
-                GROUP_MAP map;
-                if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
+                GROUP_MAP *map;
+
+                map = talloc_zero(mem_ctx, GROUP_MAP);
+                if (!map) {
+                        ret = false;
+                        goto done;
+                }
+
+                if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
                         DEBUG(10, ("Could not find map for sid %s\n",
                                    sid_string_dbg(sid)));
                         goto done;
                 }
-                if ((map.sid_name_use != SID_NAME_ALIAS) &&
-                    (map.sid_name_use != SID_NAME_WKN_GRP)) {
+                if ((mapsid_name_use != SID_NAME_ALIAS) &&
+                    (mapsid_name_use != SID_NAME_WKN_GRP)) {
                         DEBUG(10, ("Map for sid %s is a %s, expected an "
                                    "alias\n", sid_string_dbg(sid),
-                                   sid_type_lookup(map.sid_name_use)));
+                                   sid_type_lookup(mapsid_name_use)));
                         goto done;
                 }
 
-                id->gid = map.gid;
-                *type = SID_NAME_ALIAS;
+                id->gid;
+                ;
                 ret = True;
                 goto done;
@@ -1521 +1663 @@
                 return NT_STATUS_OK;
 
-        *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t, num_uids);
+        *pp_member_rids = (mem_ctx, uint32_t, num_uids);
 
         for (i=0; i<num_uids; i++) {
@@ -1528 +1670 @@
                 uid_to_sid(&sid, uids[i]);
 
-                if (!sid_check_is_in_our_domain(&sid)) {
+                if (!sid_check_is_in_our_(&sid)) {
                         DEBUG(5, ("Inconsistent SAM -- group member uid not "
                                   "in our domain\n"));
@@ -1573 +1715 @@
         }
 
-        *pp_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, *p_num_groups);
+        *pp_sids = (mem_ctx, struct dom_sid, *p_num_groups);
 
         if (*pp_sids == NULL) {
@@ -1594 +1736 @@
                                   const char **name,
                                   enum lsa_SidType *psid_name_use,
-                                  union unid_t *unix_id)
+                                  uid)
 {
         struct samu *sam_account = NULL;
-        GROUP_MAP map;
+        GROUP_MAP ;
         bool ret;
         struct dom_sid sid;
@@ -1614 +1756 @@
         }
 
+
+
+
+
+
         /* BEING ROOT BLOCK */
         become_root();
-        if (pdb_getsampwsid(sam_account, &sid)) {
+        ret = pdb_getsampwsid(sam_account, &sid);
+        if (!ret) {
+                TALLOC_FREE(sam_account);
+                ret = pdb_getgrsid(map, sid);
+        }
+        unbecome_root();
+        /* END BECOME_ROOT BLOCK */
+
+        if (sam_account || !ret) {
+                TALLOC_FREE(map);
+        }
+
+        if (sam_account) {
                 struct passwd *pw;
 
-                unbecome_root();                /* -----> EXIT BECOME_ROOT() */
                 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
                 if (!*name) {
@@ -1630 +1788 @@
                 TALLOC_FREE(sam_account);
 
-                if (unix_id == NULL) {
+                if (uid == NULL) {
                         return True;
                 }
@@ -1638 +1796 @@
                         return False;
                 }
-                unix_id->uid = pw->pw_uid;
+                uid = pw->pw_uid;
                 TALLOC_FREE(pw);
                 return True;
-        }
-        TALLOC_FREE(sam_account);
-
-        ret = pdb_getgrsid(&map, sid);
-        unbecome_root();
-        /* END BECOME_ROOT BLOCK */
-
-        /* do not resolve SIDs to a name unless there is a valid 
-           gid associated with it */
-
-        if ( ret && (map.gid != (gid_t)-1) ) {
-                *name = talloc_strdup(mem_ctx, map.nt_name);
-                *psid_name_use = map.sid_name_use;
-
-                if ( unix_id ) {
-                        unix_id->gid = map.gid;
-                }
-
+
+        } else if (map && (map->gid != (gid_t)-1)) {
+
+                /* do not resolve SIDs to a name unless there is a valid
+                   gid associated with it */
+
+                *name = talloc_steal(mem_ctx, map->nt_name);
+                *psid_name_use = map->sid_name_use;
+
+                if (gid) {
+                        *gid = map->gid;
+                }
+
+                TALLOC_FREE(map);
                 return True;
         }
+
+
 
         /* Windows will always map RID 513 to something.  On a non-domain 
            controller, this gets mapped to SERVER\None. */
 
-        if ( unix_id ) {
+        if () {
                 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
                 return False;
@@ -1712 +1868 @@
 
         /* Should not happen, but better check once too many */
-        if (!sid_check_is_domain(domain_sid)) {
+        if (!sid_check_is_(domain_sid)) {
                 return NT_STATUS_INVALID_HANDLE;
         }
@@ -1720 +1876 @@
 
                 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
-                                          NULL)) {
+                                          NULL)) {
                         if (name == NULL) {
                                 return NT_STATUS_NO_MEMORY;
@@ -1743 +1899 @@
 }
 
-#if 0
-static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
-                                         const struct dom_sid *domain_sid,
-                                         int num_names,
-                                         const char **names,
-                                         uint32_t *rids,
-                                         enum lsa_SidType *attrs)
-{
-        int i;
-        NTSTATUS result;
-        bool have_mapped = False;
-        bool have_unmapped = False;
-
-        if (sid_check_is_builtin(domain_sid)) {
-
-                for (i=0; i<num_names; i++) {
-                        uint32_t rid;
-
-                        if (lookup_builtin_name(names[i], &rid)) {
-                                attrs[i] = SID_NAME_ALIAS;
-                                rids[i] = rid;
-                                DEBUG(5,("lookup_rids: %s:%d\n",
-                                         names[i], attrs[i]));
-                                have_mapped = True;
-                        } else {
-                                have_unmapped = True;
-                                attrs[i] = SID_NAME_UNKNOWN;
-                        }
-                }
-                goto done;
-        }
-
-        /* Should not happen, but better check once too many */
-        if (!sid_check_is_domain(domain_sid)) {
-                return NT_STATUS_INVALID_HANDLE;
-        }
-
-        for (i = 0; i < num_names; i++) {
-                if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
-                        DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
-                                 rids[i], attrs[i]));
-                        have_mapped = True;
-                } else {
-                        have_unmapped = True;
-                        attrs[i] = SID_NAME_UNKNOWN;
-                }
-        }
-
- done:
-
-        result = NT_STATUS_NONE_MAPPED;
-
-        if (have_mapped)
-                result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
-
-        return result;
-}
-#endif
-
 static int pdb_search_destructor(struct pdb_search *search)
 {
@@ -1864 +1961 @@
 
 struct group_search {
-        GROUP_MAP *groups;
+        GROUP_MAP *groups;
         size_t num_groups, current_group;
 };
@@ -1873 +1970 @@
         struct group_search *state = (struct group_search *)s->private_data;
         uint32_t rid;
-        GROUP_MAP *map = &state->groups[state->current_group];
+        GROUP_MAP *map;
 
         if (state->current_group == state->num_groups)
                 return False;
 
+
+
         sid_peek_rid(&map->sid, &rid);
 
@@ -1890 +1989 @@
         struct group_search *state =
                 (struct group_search *)search->private_data;
-        SAFE_FREE(state->groups);
-}
-
-static bool pdb_search_grouptype(struct pdb_search *search,
+        TALLOC_FREE(state->groups);
+}
+
+static bool pdb_search_grouptype(struct pdb_methods *methods,
+                                 struct pdb_search *search,
                                  const struct dom_sid *sid, enum lsa_SidType type)
 {
         struct group_search *state;
 
-        state = talloc(search, struct group_search);
+        state = talloc(search, struct group_search);
         if (state == NULL) {
                 DEBUG(0, ("talloc failed\n"));
@@ -1904 +2004 @@
         }
 
-        if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
-                                    True)) {
+        if (!NT_STATUS_IS_OK(methods->enum_group_mapping(methods, sid, type, 
+                                                         &state->groups, &state->num_groups,
+                                                         True))) {
                 DEBUG(0, ("Could not enum groups\n"));
                 return False;
@@ -1920 +2021 @@
                                       struct pdb_search *search)
 {
-        return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
+        return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
 }
 
@@ -1928 +2029 @@
 {
 
-        return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
+        return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
 }
 
@@ -2043 +2144 @@
         return pdb->get_trusteddom_pw(pdb, domain, pwd, sid, 
                         pass_last_set_time);
+
+
+
+
+
+
+
 }
 
@@ -2082 +2190 @@
 }
 
+
+
+
+
+
+
+
+
+
 static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods, 
                                           const char* domain, 
@@ -2147 +2264 @@
                                                struct pdb_trusted_domain **td)
 {
-        return NT_STATUS_NOT_IMPLEMENTED;
+        struct trustAuthInOutBlob taiob;
+        struct AuthenticationInformation aia;
+        struct pdb_trusted_domain *tdom;
+        enum ndr_err_code ndr_err;
+        time_t last_set_time;
+        char *pwd;
+        bool ok;
+
+        tdom = talloc(mem_ctx, struct pdb_trusted_domain);
+        if (!tdom) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        tdom->domain_name = talloc_strdup(tdom, domain);
+        tdom->netbios_name = talloc_strdup(tdom, domain);
+        if (!tdom->domain_name || !tdom->netbios_name) {
+                talloc_free(tdom);
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        tdom->trust_auth_incoming = data_blob_null;
+
+        ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
+                                   &last_set_time);
+        if (!ok) {
+                talloc_free(tdom);
+                return NT_STATUS_UNSUCCESSFUL;
+        }
+
+        ZERO_STRUCT(taiob);
+        ZERO_STRUCT(aia);
+        taiob.count = 1;
+        taiob.current.count = 1;
+        taiob.current.array = &aia;
+        unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
+
+        aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
+        aia.AuthInfo.clear.size = strlen(pwd);
+        aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd,
+                                                               aia.AuthInfo.clear.size);
+        SAFE_FREE(pwd);
+        if (aia.AuthInfo.clear.password == NULL) {
+                talloc_free(tdom);
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        taiob.previous.count = 0;
+        taiob.previous.array = NULL;
+
+        ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
+                                        tdom, &taiob,
+                        (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                talloc_free(tdom);
+                return NT_STATUS_UNSUCCESSFUL;
+        }
+
+        tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
+        tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
+        tdom->trust_attributes = 0;
+        tdom->trust_forest_trust_info = data_blob_null;
+
+        *td = tdom;
+        return NT_STATUS_OK;
 }
 
@@ -2158 +2338 @@
 }
 
+
+
 static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
                                                const char* domain,
                                                const struct pdb_trusted_domain *td)
 {
-        return NT_STATUS_NOT_IMPLEMENTED;
+        struct trustAuthInOutBlob taiob;
+        struct AuthenticationInformation *aia;
+        enum ndr_err_code ndr_err;
+        char *pwd;
+        bool ok;
+
+        if (td->trust_attributes != 0 ||
+            td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
+            td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
+            !IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
+            !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
+            return NT_STATUS_NOT_IMPLEMENTED;
+        }
+
+        ZERO_STRUCT(taiob);
+        ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
+                              &taiob,
+                              (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                return NT_STATUS_UNSUCCESSFUL;
+        }
+
+        aia = (struct AuthenticationInformation *) taiob.current.array;
+
+        if (taiob.count != 1 || taiob.current.count != 1 ||
+            taiob.previous.count != 0 ||
+            aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
+            return NT_STATUS_NOT_IMPLEMENTED;
+        }
+
+        pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
+                             aia->AuthInfo.clear.size);
+        if (!pwd) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
+        if (!ok) {
+                return NT_STATUS_UNSUCCESSFUL;
+        }
+
+        return NT_STATUS_OK;
 }
 
@@ -2183 +2406 @@
 {
         return NULL;
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }
 
@@ -2238 +2641 @@
         (*methods)->set_account_policy = pdb_default_set_account_policy;
         (*methods)->get_seq_num = pdb_default_get_seq_num;
-        (*methods)->uid_to_sid = pdb_default_uid_to_sid;
-        (*methods)->gid_to_sid = pdb_default_gid_to_sid;
+        (*methods)->id_to_sid = pdb_default_id_to_sid;
         (*methods)->sid_to_id = pdb_default_sid_to_id;
 
@@ -2246 +2648 @@
 
         (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
+
         (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
         (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
@@ -2256 +2659 @@
         (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains;
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
         return NT_STATUS_OK;
 }