2001-03-23 03:50:31 +03:00
/*
2002-01-30 09:08:46 +03:00
* Unix SMB / CIFS implementation .
2001-03-23 03:50:31 +03:00
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 2000 ,
2018-05-07 15:04:17 +03:00
* Copyright ( C ) Jean François Micouleau 1998 - 2001.
2006-03-15 03:10:38 +03:00
* Copyright ( C ) Volker Lendecke 2006.
* Copyright ( C ) Gerald Carter 2006.
2001-03-23 03:50:31 +03:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2001-03-23 03:50:31 +03:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2001-03-23 03:50:31 +03:00
*/
# include "includes.h"
2011-02-25 19:14:22 +03:00
# include "system/passwd.h"
2011-03-18 20:58:37 +03:00
# include "passdb.h"
2006-09-24 06:52:25 +04:00
# include "groupdb/mapping.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-02-25 00:30:16 +03:00
# include "lib/winbind_util.h"
2015-03-12 17:40:16 +03:00
# include <tdb.h>
2011-10-12 13:17:57 +04:00
# include "groupdb/mapping_tdb.h"
2020-07-03 09:11:20 +03:00
# include "lib/util/smb_strtox.h"
2006-08-15 18:07:15 +04:00
2007-06-04 05:51:18 +04:00
static const struct mapping_backend * backend ;
/*
initialise a group mapping backend
*/
2007-10-19 04:40:25 +04:00
static bool init_group_mapping ( void )
2007-06-04 05:51:18 +04:00
{
if ( backend ! = NULL ) {
/* already initialised */
return True ;
}
2008-03-28 10:24:28 +03:00
2010-02-26 23:16:23 +03:00
backend = groupdb_tdb_init ( ) ;
2007-06-04 05:51:18 +04:00
return backend ! = NULL ;
}
2006-08-15 18:07:15 +04:00
/****************************************************************************
initialise first time the mapping list
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-09-08 18:28:06 +04:00
NTSTATUS add_initial_entry ( gid_t gid , const char * sid , enum lsa_SidType sid_name_use , const char * nt_name , const char * comment )
2006-08-15 18:07:15 +04:00
{
2011-09-27 01:55:47 +04:00
NTSTATUS status ;
GROUP_MAP * map ;
2006-08-15 18:07:15 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
2006-08-09 19:25:26 +04:00
}
2010-03-14 16:06:45 +03:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return NT_STATUS_NO_MEMORY ;
}
map - > gid = gid ;
if ( ! string_to_sid ( & map - > sid , sid ) ) {
2006-08-15 18:07:15 +04:00
DEBUG ( 0 , ( " string_to_sid failed: %s " , sid ) ) ;
2011-09-27 01:55:47 +04:00
status = NT_STATUS_UNSUCCESSFUL ;
goto done ;
}
map - > sid_name_use = sid_name_use ;
map - > nt_name = talloc_strdup ( map , nt_name ) ;
if ( ! map - > nt_name ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
if ( comment ) {
map - > comment = talloc_strdup ( map , comment ) ;
} else {
map - > comment = talloc_strdup ( map , " " ) ;
}
if ( ! map - > comment ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
2006-08-15 18:07:15 +04:00
}
2010-03-14 16:06:45 +03:00
2011-09-27 01:55:47 +04:00
status = pdb_add_group_mapping_entry ( map ) ;
2001-03-23 03:50:31 +03:00
2011-09-27 01:55:47 +04:00
done :
TALLOC_FREE ( map ) ;
return status ;
2001-03-23 03:50:31 +03:00
}
2010-05-21 05:25:01 +04:00
static NTSTATUS alias_memberships ( const struct dom_sid * members , size_t num_members ,
struct dom_sid * * sids , size_t * num )
2004-11-06 02:34:00 +03:00
{
2005-10-18 07:24:00 +04:00
size_t i ;
2004-11-06 02:34:00 +03:00
* num = 0 ;
* sids = NULL ;
for ( i = 0 ; i < num_members ; i + + ) {
2007-06-04 05:51:18 +04:00
NTSTATUS status = backend - > one_alias_membership ( & members [ i ] , sids , num ) ;
2004-11-06 02:34:00 +03:00
if ( ! NT_STATUS_IS_OK ( status ) )
return status ;
}
return NT_STATUS_OK ;
}
2004-04-07 16:43:44 +04:00
struct aliasmem_closure {
2010-05-21 05:25:01 +04:00
const struct dom_sid * alias ;
struct dom_sid * * sids ;
2005-10-18 07:24:00 +04:00
size_t * num ;
2004-04-07 16:43:44 +04:00
} ;
2001-03-23 03:50:31 +03:00
/*
*
* High level functions
* better to use them than the lower ones .
*
* we are checking if the group is in the mapping file
* and if the group is an existing unix group
*
*/
/* get a domain group from it's SID */
2010-05-21 05:25:01 +04:00
bool get_domain_group_from_sid ( struct dom_sid sid , GROUP_MAP * map )
2001-03-23 03:50:31 +03:00
{
struct group * grp ;
2007-10-19 04:40:25 +04:00
bool ret ;
2010-03-14 16:06:45 +03:00
2006-08-15 18:07:15 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return ( False ) ;
2002-01-29 04:01:14 +03:00
}
2001-05-04 19:44:27 +04:00
DEBUG ( 10 , ( " get_domain_group_from_sid \n " ) ) ;
2001-03-23 03:50:31 +03:00
/* if the group is NOT in the database, it CAN NOT be a domain group */
2010-03-14 16:06:45 +03:00
2003-12-10 19:40:17 +03:00
become_root ( ) ;
2006-08-15 18:07:15 +04:00
ret = pdb_getgrsid ( map , sid ) ;
2003-12-10 19:40:17 +03:00
unbecome_root ( ) ;
2010-03-14 16:06:45 +03:00
2006-03-15 20:40:28 +03:00
/* special case check for rid 513 */
2010-03-14 16:06:45 +03:00
2006-08-15 18:07:15 +04:00
if ( ! ret ) {
2015-05-14 03:03:05 +03:00
uint32_t rid ;
2010-03-14 16:06:45 +03:00
2006-08-15 18:07:15 +04:00
sid_peek_rid ( & sid , & rid ) ;
2010-03-14 16:06:45 +03:00
2010-05-18 00:04:24 +04:00
if ( rid = = DOMAIN_RID_USERS ) {
2011-09-27 01:55:47 +04:00
map - > nt_name = talloc_strdup ( map , " None " ) ;
if ( ! map - > nt_name ) {
return false ;
}
map - > comment = talloc_strdup ( map , " Ordinary Users " ) ;
if ( ! map - > comment ) {
return false ;
}
2006-08-15 18:07:15 +04:00
sid_copy ( & map - > sid , & sid ) ;
2006-03-15 20:40:28 +03:00
map - > sid_name_use = SID_NAME_DOM_GRP ;
2007-09-08 13:15:08 +04:00
map - > gid = ( gid_t ) - 1 ;
2006-08-15 18:07:15 +04:00
return True ;
2006-03-15 20:40:28 +03:00
}
2006-08-15 18:07:15 +04:00
return False ;
2006-03-15 20:40:28 +03:00
}
2001-03-23 03:50:31 +03:00
2011-02-20 17:20:26 +03:00
DEBUG ( 10 , ( " get_domain_group_from_sid: SID found in passdb \n " ) ) ;
2001-05-04 19:44:27 +04:00
2001-03-23 03:50:31 +03:00
/* if it's not a domain group, continue */
2001-12-05 00:53:47 +03:00
if ( map - > sid_name_use ! = SID_NAME_DOM_GRP ) {
2006-08-15 18:07:15 +04:00
return False ;
2001-12-05 00:53:47 +03:00
}
2001-05-04 19:44:27 +04:00
DEBUG ( 10 , ( " get_domain_group_from_sid: SID is a domain group \n " ) ) ;
2010-03-14 16:06:45 +03:00
2001-12-05 00:53:47 +03:00
if ( map - > gid = = - 1 ) {
2006-08-15 18:07:15 +04:00
return False ;
2001-12-05 00:53:47 +03:00
}
2001-03-23 03:50:31 +03:00
2006-08-15 18:07:15 +04:00
DEBUG ( 10 , ( " get_domain_group_from_sid: SID is mapped to gid:%lu \n " , ( unsigned long ) map - > gid ) ) ;
2010-03-14 16:06:45 +03:00
2003-08-15 21:38:11 +04:00
grp = getgrgid ( map - > gid ) ;
2003-08-15 21:01:49 +04:00
if ( ! grp ) {
2006-08-15 18:07:15 +04:00
DEBUG ( 10 , ( " get_domain_group_from_sid: gid DOESN'T exist in UNIX security \n " ) ) ;
return False ;
2001-12-02 02:56:05 +03:00
}
2001-05-04 19:44:27 +04:00
2006-08-15 18:07:15 +04:00
DEBUG ( 10 , ( " get_domain_group_from_sid: gid exists in UNIX security \n " ) ) ;
2001-03-23 03:50:31 +03:00
2006-08-15 18:07:15 +04:00
return True ;
2001-03-23 03:50:31 +03:00
}
/****************************************************************************
Create a UNIX group on demand .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-13 20:08:25 +03:00
int smb_create_group ( const char * unix_group , gid_t * new_gid )
2001-03-23 03:50:31 +03:00
{
2019-11-04 14:43:06 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2007-11-14 02:00:48 +03:00
char * add_script = NULL ;
2003-07-16 06:20:53 +04:00
int ret = - 1 ;
int fd = 0 ;
2019-01-28 15:12:09 +03:00
int error = 0 ;
2007-11-14 02:00:48 +03:00
2003-07-16 06:20:53 +04:00
* new_gid = 0 ;
2001-03-23 03:50:31 +03:00
2003-07-09 20:44:47 +04:00
/* defer to scripts */
2007-11-14 02:00:48 +03:00
2019-11-04 14:43:06 +03:00
if ( * lp_add_group_script ( talloc_tos ( ) , lp_sub ) ) {
2007-11-14 02:00:48 +03:00
TALLOC_CTX * ctx = talloc_tos ( ) ;
add_script = talloc_strdup ( ctx ,
2019-11-04 14:43:06 +03:00
lp_add_group_script ( ctx , lp_sub ) ) ;
2007-11-14 02:00:48 +03:00
if ( ! add_script ) {
return - 1 ;
}
add_script = talloc_string_sub ( ctx ,
add_script , " %g " , unix_group ) ;
if ( ! add_script ) {
return - 1 ;
}
2016-10-12 18:55:15 +03:00
ret = smbrun ( add_script , & fd , NULL ) ;
2005-02-07 21:20:06 +03:00
DEBUG ( ret ? 0 : 3 , ( " smb_create_group: Running the command `%s' gave %d \n " , add_script , ret ) ) ;
2006-09-20 04:15:50 +04:00
if ( ret = = 0 ) {
smb_nscd_flush_group_cache ( ) ;
}
2003-07-09 20:44:47 +04:00
if ( ret ! = 0 )
return ret ;
2006-09-20 04:15:50 +04:00
2003-07-09 20:44:47 +04:00
if ( fd ! = 0 ) {
fstring output ;
2018-03-30 20:19:24 +03:00
ssize_t nread ;
2003-07-09 20:44:47 +04:00
* new_gid = 0 ;
2018-03-30 20:19:24 +03:00
nread = read ( fd , output , sizeof ( output ) - 1 ) ;
if ( nread > 0 ) {
output [ nread ] = ' \0 ' ;
2019-06-04 10:04:15 +03:00
* new_gid = ( gid_t ) smb_strtoul ( output ,
2019-01-28 15:12:09 +03:00
NULL ,
10 ,
2019-06-04 10:04:15 +03:00
& error ,
SMB_STR_STANDARD ) ;
2019-01-28 15:12:09 +03:00
if ( error ! = 0 ) {
* new_gid = 0 ;
close ( fd ) ;
return - 1 ;
}
2003-07-09 20:44:47 +04:00
}
2007-11-14 02:00:48 +03:00
2003-07-09 20:44:47 +04:00
close ( fd ) ;
2002-09-25 19:19:00 +04:00
}
2005-09-30 21:13:37 +04:00
}
2003-07-16 06:20:53 +04:00
if ( * new_gid = = 0 ) {
struct group * grp = getgrnam ( unix_group ) ;
if ( grp ! = NULL )
* new_gid = grp - > gr_gid ;
2003-07-09 20:44:47 +04:00
}
2007-11-14 02:00:48 +03:00
return ret ;
2001-03-23 03:50:31 +03:00
}
/****************************************************************************
Delete a UNIX group on demand .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-13 20:08:25 +03:00
int smb_delete_group ( const char * unix_group )
2001-03-23 03:50:31 +03:00
{
2019-11-04 19:25:09 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2007-11-14 02:00:48 +03:00
char * del_script = NULL ;
int ret = - 1 ;
2001-03-23 03:50:31 +03:00
2003-07-09 20:44:47 +04:00
/* defer to scripts */
2007-11-14 02:00:48 +03:00
2019-11-04 19:25:09 +03:00
if ( * lp_delete_group_script ( talloc_tos ( ) , lp_sub ) ) {
2007-11-14 02:00:48 +03:00
TALLOC_CTX * ctx = talloc_tos ( ) ;
del_script = talloc_strdup ( ctx ,
2019-11-04 19:25:09 +03:00
lp_delete_group_script ( ctx , lp_sub ) ) ;
2007-11-14 02:00:48 +03:00
if ( ! del_script ) {
return - 1 ;
}
del_script = talloc_string_sub ( ctx ,
del_script , " %g " , unix_group ) ;
if ( ! del_script ) {
return - 1 ;
}
2016-10-12 18:55:15 +03:00
ret = smbrun ( del_script , NULL , NULL ) ;
2005-02-07 21:20:06 +03:00
DEBUG ( ret ? 0 : 3 , ( " smb_delete_group: Running the command `%s' gave %d \n " , del_script , ret ) ) ;
2006-09-20 04:15:50 +04:00
if ( ret = = 0 ) {
smb_nscd_flush_group_cache ( ) ;
}
2003-07-09 20:44:47 +04:00
return ret ;
}
2007-11-14 02:00:48 +03:00
2003-07-09 20:44:47 +04:00
return - 1 ;
2001-03-23 03:50:31 +03:00
}
/****************************************************************************
2002-09-25 19:19:00 +04:00
Set a user ' s primary UNIX group .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-11-14 02:00:48 +03:00
2002-09-25 19:19:00 +04:00
int smb_set_primary_group ( const char * unix_group , const char * unix_user )
{
2019-11-05 14:00:49 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2007-11-14 02:00:48 +03:00
char * add_script = NULL ;
int ret = - 1 ;
2002-09-25 19:19:00 +04:00
2003-07-09 20:44:47 +04:00
/* defer to scripts */
2007-11-14 02:00:48 +03:00
2019-11-05 14:00:49 +03:00
if ( * lp_set_primary_group_script ( talloc_tos ( ) , lp_sub ) ) {
2007-11-14 02:00:48 +03:00
TALLOC_CTX * ctx = talloc_tos ( ) ;
add_script = talloc_strdup ( ctx ,
2019-11-05 14:00:49 +03:00
lp_set_primary_group_script ( ctx , lp_sub ) ) ;
2007-11-14 02:00:48 +03:00
if ( ! add_script ) {
return - 1 ;
}
add_script = talloc_all_string_sub ( ctx ,
2008-07-14 23:40:33 +04:00
add_script , " %g " , unix_group ) ;
if ( ! add_script ) {
return - 1 ;
}
add_script = talloc_string_sub ( ctx ,
add_script , " %u " , unix_user ) ;
2007-11-14 02:00:48 +03:00
if ( ! add_script ) {
return - 1 ;
}
2016-10-12 18:55:15 +03:00
ret = smbrun ( add_script , NULL , NULL ) ;
2005-03-03 19:52:44 +03:00
flush_pwnam_cache ( ) ;
2005-02-07 21:20:06 +03:00
DEBUG ( ret ? 0 : 3 , ( " smb_set_primary_group: "
2003-07-09 20:44:47 +04:00
" Running the command `%s' gave %d \n " , add_script , ret ) ) ;
2006-09-20 04:15:50 +04:00
if ( ret = = 0 ) {
smb_nscd_flush_group_cache ( ) ;
}
2003-07-09 20:44:47 +04:00
return ret ;
}
return - 1 ;
2002-09-25 19:19:00 +04:00
}
/****************************************************************************
Add a user to a UNIX group .
2001-03-23 03:50:31 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-13 20:08:25 +03:00
int smb_add_user_group ( const char * unix_group , const char * unix_user )
2001-03-23 03:50:31 +03:00
{
2019-11-04 16:17:43 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2007-11-14 02:00:48 +03:00
char * add_script = NULL ;
int ret = - 1 ;
2001-03-23 03:50:31 +03:00
2003-07-09 20:44:47 +04:00
/* defer to scripts */
2007-11-14 02:00:48 +03:00
2019-11-04 16:17:43 +03:00
if ( * lp_add_user_to_group_script ( talloc_tos ( ) , lp_sub ) ) {
2007-11-14 02:00:48 +03:00
TALLOC_CTX * ctx = talloc_tos ( ) ;
add_script = talloc_strdup ( ctx ,
2019-11-04 16:17:43 +03:00
lp_add_user_to_group_script ( ctx , lp_sub ) ) ;
2007-11-14 02:00:48 +03:00
if ( ! add_script ) {
return - 1 ;
}
add_script = talloc_string_sub ( ctx ,
add_script , " %g " , unix_group ) ;
if ( ! add_script ) {
return - 1 ;
}
2011-01-21 13:55:10 +03:00
add_script = talloc_string_sub2 ( ctx ,
add_script , " %u " , unix_user , true , false , true ) ;
2007-11-14 02:00:48 +03:00
if ( ! add_script ) {
return - 1 ;
}
2016-10-12 18:55:15 +03:00
ret = smbrun ( add_script , NULL , NULL ) ;
2005-02-07 21:20:06 +03:00
DEBUG ( ret ? 0 : 3 , ( " smb_add_user_group: Running the command `%s' gave %d \n " , add_script , ret ) ) ;
2006-09-20 04:15:50 +04:00
if ( ret = = 0 ) {
smb_nscd_flush_group_cache ( ) ;
}
2003-07-09 20:44:47 +04:00
return ret ;
}
2007-11-14 02:00:48 +03:00
2003-07-09 20:44:47 +04:00
return - 1 ;
2001-03-23 03:50:31 +03:00
}
/****************************************************************************
2002-09-25 19:19:00 +04:00
Delete a user from a UNIX group
2001-03-23 03:50:31 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-01-02 10:41:54 +03:00
int smb_delete_user_group ( const char * unix_group , const char * unix_user )
2001-03-23 03:50:31 +03:00
{
2019-11-04 19:31:57 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2007-11-14 02:00:48 +03:00
char * del_script = NULL ;
int ret = - 1 ;
2001-03-23 03:50:31 +03:00
2003-07-09 20:44:47 +04:00
/* defer to scripts */
2007-11-14 02:00:48 +03:00
2019-11-04 19:31:57 +03:00
if ( * lp_delete_user_from_group_script ( talloc_tos ( ) , lp_sub ) ) {
2007-11-14 02:00:48 +03:00
TALLOC_CTX * ctx = talloc_tos ( ) ;
del_script = talloc_strdup ( ctx ,
2019-11-04 19:31:57 +03:00
lp_delete_user_from_group_script ( ctx , lp_sub ) ) ;
2007-11-14 02:00:48 +03:00
if ( ! del_script ) {
return - 1 ;
}
del_script = talloc_string_sub ( ctx ,
del_script , " %g " , unix_group ) ;
if ( ! del_script ) {
return - 1 ;
}
2011-01-21 13:55:10 +03:00
del_script = talloc_string_sub2 ( ctx ,
del_script , " %u " , unix_user , true , false , true ) ;
2007-11-14 02:00:48 +03:00
if ( ! del_script ) {
return - 1 ;
}
2016-10-12 18:55:15 +03:00
ret = smbrun ( del_script , NULL , NULL ) ;
2005-02-07 21:20:06 +03:00
DEBUG ( ret ? 0 : 3 , ( " smb_delete_user_group: Running the command `%s' gave %d \n " , del_script , ret ) ) ;
2006-09-20 04:15:50 +04:00
if ( ret = = 0 ) {
smb_nscd_flush_group_cache ( ) ;
}
2003-07-09 20:44:47 +04:00
return ret ;
}
2007-11-14 02:00:48 +03:00
2003-07-09 20:44:47 +04:00
return - 1 ;
2001-03-23 03:50:31 +03:00
}
2003-03-22 12:03:46 +03:00
NTSTATUS pdb_default_getgrsid ( struct pdb_methods * methods , GROUP_MAP * map ,
2010-05-21 05:25:01 +04:00
struct dom_sid sid )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > get_group_map_from_sid ( sid , map ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
2003-03-22 12:03:46 +03:00
}
NTSTATUS pdb_default_getgrgid ( struct pdb_methods * methods , GROUP_MAP * map ,
2003-06-18 19:24:10 +04:00
gid_t gid )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > get_group_map_from_gid ( gid , map ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
2003-03-22 12:03:46 +03:00
}
NTSTATUS pdb_default_getgrnam ( struct pdb_methods * methods , GROUP_MAP * map ,
2003-06-18 19:24:10 +04:00
const char * name )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > get_group_map_from_ntname ( name , map ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
2003-03-22 12:03:46 +03:00
}
NTSTATUS pdb_default_add_group_mapping_entry ( struct pdb_methods * methods ,
2006-08-15 18:07:15 +04:00
GROUP_MAP * map )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > add_mapping_entry ( map , TDB_INSERT ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
2003-03-22 12:03:46 +03:00
}
NTSTATUS pdb_default_update_group_mapping_entry ( struct pdb_methods * methods ,
2006-08-15 18:07:15 +04:00
GROUP_MAP * map )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > add_mapping_entry ( map , TDB_REPLACE ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
2003-03-22 12:03:46 +03:00
}
NTSTATUS pdb_default_delete_group_mapping_entry ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
struct dom_sid sid )
2003-03-22 12:03:46 +03:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > group_map_remove ( & sid ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
}
2006-08-10 00:25:13 +04:00
2006-08-15 18:07:15 +04:00
NTSTATUS pdb_default_enum_group_mapping ( struct pdb_methods * methods ,
2011-09-27 01:55:47 +04:00
const struct dom_sid * sid ,
enum lsa_SidType sid_name_use ,
GROUP_MAP * * * pp_rmap ,
size_t * p_num_entries ,
bool unix_only )
2006-08-15 18:07:15 +04:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > enum_group_mapping ( sid , sid_name_use , pp_rmap , p_num_entries , unix_only ) ?
2006-08-15 18:07:15 +04:00
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
}
2006-08-10 00:25:13 +04:00
2004-04-07 16:43:44 +04:00
NTSTATUS pdb_default_create_alias ( struct pdb_methods * methods ,
2015-05-14 03:03:05 +03:00
const char * name , uint32_t * rid )
2004-04-07 16:43:44 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2015-05-14 03:03:05 +03:00
uint32_t new_rid ;
2004-04-07 16:43:44 +04:00
gid_t gid ;
2007-10-19 04:40:25 +04:00
bool exists ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2006-02-04 01:19:41 +03:00
TALLOC_CTX * mem_ctx ;
NTSTATUS status ;
2004-04-07 16:43:44 +04:00
2006-02-04 01:19:41 +03:00
DEBUG ( 10 , ( " Trying to create alias %s \n " , name ) ) ;
2005-12-03 21:34:13 +03:00
2006-02-04 01:19:41 +03:00
mem_ctx = talloc_new ( NULL ) ;
2005-12-03 21:34:13 +03:00
if ( mem_ctx = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2007-12-17 12:55:37 +03:00
exists = lookup_name ( mem_ctx , name , LOOKUP_NAME_LOCAL ,
2005-12-03 21:34:13 +03:00
NULL , NULL , & sid , & type ) ;
if ( exists ) {
2011-09-27 01:55:47 +04:00
status = NT_STATUS_ALIAS_EXISTS ;
goto done ;
2005-12-03 21:34:13 +03:00
}
2004-04-07 16:43:44 +04:00
2009-01-22 13:10:01 +03:00
if ( ! pdb_new_rid ( & new_rid ) ) {
DEBUG ( 0 , ( " Could not allocate a RID. \n " ) ) ;
2011-09-27 01:55:47 +04:00
status = NT_STATUS_ACCESS_DENIED ;
goto done ;
2006-02-04 01:19:41 +03:00
}
2009-01-22 13:10:01 +03:00
sid_compose ( & sid , get_global_sam_sid ( ) , new_rid ) ;
if ( ! winbind_allocate_gid ( & gid ) ) {
DEBUG ( 3 , ( " Could not get a gid out of winbind - "
" wasted a rid :-( \n " ) ) ;
2011-09-27 01:55:47 +04:00
status = NT_STATUS_ACCESS_DENIED ;
goto done ;
2006-02-04 01:19:41 +03:00
}
2009-05-12 08:56:57 +04:00
DEBUG ( 10 , ( " Creating alias %s with gid %u and rid %u \n " ,
name , ( unsigned int ) gid , ( unsigned int ) new_rid ) ) ;
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( mem_ctx , GROUP_MAP ) ;
if ( ! map ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
map - > gid = gid ;
sid_copy ( & map - > sid , & sid ) ;
map - > sid_name_use = SID_NAME_ALIAS ;
map - > nt_name = talloc_strdup ( map , name ) ;
if ( ! map - > nt_name ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
map - > comment = talloc_strdup ( map , " " ) ;
if ( ! map - > comment ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
status = pdb_add_group_mapping_entry ( map ) ;
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Could not add group mapping entry for alias %s "
" (%s) \n " , name , nt_errstr ( status ) ) ) ;
2011-09-27 01:55:47 +04:00
goto done ;
2004-04-07 16:43:44 +04:00
}
* rid = new_rid ;
2011-09-27 01:55:47 +04:00
done :
TALLOC_FREE ( mem_ctx ) ;
return status ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_delete_alias ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * sid )
2004-04-07 16:43:44 +04:00
{
2006-02-13 20:08:25 +03:00
return pdb_delete_group_mapping_entry ( * sid ) ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_get_aliasinfo ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * sid ,
2004-04-07 16:43:44 +04:00
struct acct_info * info )
{
2011-09-27 01:55:47 +04:00
NTSTATUS status = NT_STATUS_OK ;
GROUP_MAP * map ;
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return NT_STATUS_NO_MEMORY ;
}
if ( ! pdb_getgrsid ( map , * sid ) ) {
status = NT_STATUS_NO_SUCH_ALIAS ;
goto done ;
}
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
if ( ( map - > sid_name_use ! = SID_NAME_ALIAS ) & &
( map - > sid_name_use ! = SID_NAME_WKN_GRP ) ) {
2018-12-11 15:56:03 +03:00
struct dom_sid_buf buf ;
2006-02-04 01:19:41 +03:00
DEBUG ( 2 , ( " %s is a %s, expected an alias \n " ,
2018-12-11 15:56:03 +03:00
dom_sid_str_buf ( sid , & buf ) ,
2011-09-27 01:55:47 +04:00
sid_type_lookup ( map - > sid_name_use ) ) ) ;
status = NT_STATUS_NO_SUCH_ALIAS ;
goto done ;
2006-02-04 01:19:41 +03:00
}
2011-09-27 01:55:47 +04:00
info - > acct_name = talloc_move ( info , & map - > nt_name ) ;
2011-09-26 19:30:05 +04:00
if ( ! info - > acct_name ) {
2011-09-27 01:55:47 +04:00
status = NT_STATUS_NO_MEMORY ;
goto done ;
2011-09-26 19:30:05 +04:00
}
2011-09-27 01:55:47 +04:00
info - > acct_desc = talloc_move ( info , & map - > comment ) ;
2011-09-26 19:30:05 +04:00
if ( ! info - > acct_desc ) {
2011-09-27 01:55:47 +04:00
status = NT_STATUS_NO_MEMORY ;
goto done ;
2011-09-26 19:30:05 +04:00
}
2011-09-27 01:55:47 +04:00
sid_peek_rid ( & map - > sid , & info - > rid ) ;
done :
TALLOC_FREE ( map ) ;
return status ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_set_aliasinfo ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * sid ,
2004-04-07 16:43:44 +04:00
struct acct_info * info )
{
2019-08-15 16:16:52 +03:00
NTSTATUS status ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
return NT_STATUS_NO_MEMORY ;
}
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
if ( ! pdb_getgrsid ( map , * sid ) ) {
status = NT_STATUS_NO_SUCH_ALIAS ;
goto done ;
}
map - > nt_name = talloc_strdup ( map , info - > acct_name ) ;
if ( ! map - > nt_name ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
map - > comment = talloc_strdup ( map , info - > acct_desc ) ;
if ( ! map - > comment ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
status = pdb_update_group_mapping_entry ( map ) ;
2004-04-07 16:43:44 +04:00
2011-09-27 01:55:47 +04:00
done :
TALLOC_FREE ( map ) ;
return status ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_add_aliasmem ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * alias , const struct dom_sid * member )
2004-04-07 16:43:44 +04:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > add_aliasmem ( alias , member ) ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_del_aliasmem ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * alias , const struct dom_sid * member )
2004-04-07 16:43:44 +04:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
return backend - > del_aliasmem ( alias , member ) ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_enum_aliasmem ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * alias , TALLOC_CTX * mem_ctx ,
struct dom_sid * * pp_members , size_t * p_num_members )
2004-04-07 16:43:44 +04:00
{
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2009-06-08 21:43:01 +04:00
return backend - > enum_aliasmem ( alias , mem_ctx , pp_members ,
p_num_members ) ;
2004-04-07 16:43:44 +04:00
}
NTSTATUS pdb_default_alias_memberships ( struct pdb_methods * methods ,
2005-03-27 20:33:04 +04:00
TALLOC_CTX * mem_ctx ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * domain_sid ,
const struct dom_sid * members ,
2005-10-18 07:24:00 +04:00
size_t num_members ,
2015-05-14 03:03:05 +03:00
uint32_t * * pp_alias_rids ,
2005-10-18 07:24:00 +04:00
size_t * p_num_alias_rids )
2004-04-07 16:43:44 +04:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid * alias_sids ;
2005-10-18 07:24:00 +04:00
size_t i , num_alias_sids ;
2005-03-27 20:33:04 +04:00
NTSTATUS result ;
2007-06-04 05:51:18 +04:00
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " failed to initialize group mapping \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2005-03-27 20:33:04 +04:00
alias_sids = NULL ;
num_alias_sids = 0 ;
result = alias_memberships ( members , num_members ,
& alias_sids , & num_alias_sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2007-04-28 17:52:49 +04:00
* p_num_alias_rids = 0 ;
if ( num_alias_sids = = 0 ) {
TALLOC_FREE ( alias_sids ) ;
return NT_STATUS_OK ;
}
2015-05-14 03:03:05 +03:00
* pp_alias_rids = talloc_array ( mem_ctx , uint32_t , num_alias_sids ) ;
2005-10-18 07:24:00 +04:00
if ( * pp_alias_rids = = NULL )
2005-03-27 20:33:04 +04:00
return NT_STATUS_NO_MEMORY ;
for ( i = 0 ; i < num_alias_sids ; i + + ) {
if ( ! sid_peek_check_rid ( domain_sid , & alias_sids [ i ] ,
2005-10-18 07:24:00 +04:00
& ( * pp_alias_rids ) [ * p_num_alias_rids ] ) )
2005-03-27 20:33:04 +04:00
continue ;
2005-10-18 07:24:00 +04:00
* p_num_alias_rids + = 1 ;
2005-03-27 20:33:04 +04:00
}
2006-12-09 05:58:18 +03:00
TALLOC_FREE ( alias_sids ) ;
2005-03-27 20:33:04 +04:00
return NT_STATUS_OK ;
2004-04-07 16:43:44 +04:00
}
2006-08-15 18:07:15 +04:00
/**********************************************************************
no ops for passdb backends that don ' t implement group mapping
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS pdb_nop_getgrsid ( struct pdb_methods * methods , GROUP_MAP * map ,
2010-05-21 05:25:01 +04:00
struct dom_sid sid )
2006-08-15 18:07:15 +04:00
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_getgrgid ( struct pdb_methods * methods , GROUP_MAP * map ,
gid_t gid )
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_getgrnam ( struct pdb_methods * methods , GROUP_MAP * map ,
const char * name )
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_add_group_mapping_entry ( struct pdb_methods * methods ,
GROUP_MAP * map )
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_update_group_mapping_entry ( struct pdb_methods * methods ,
GROUP_MAP * map )
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_delete_group_mapping_entry ( struct pdb_methods * methods ,
2010-05-21 05:25:01 +04:00
struct dom_sid sid )
2006-08-15 18:07:15 +04:00
{
return NT_STATUS_UNSUCCESSFUL ;
}
NTSTATUS pdb_nop_enum_group_mapping ( struct pdb_methods * methods ,
2006-09-08 18:28:06 +04:00
enum lsa_SidType sid_name_use ,
2006-08-15 18:07:15 +04:00
GROUP_MAP * * rmap , size_t * num_entries ,
2007-10-19 04:40:25 +04:00
bool unix_only )
2006-08-15 18:07:15 +04:00
{
return NT_STATUS_UNSUCCESSFUL ;
}
2013-06-18 18:30:31 +04:00
/**
* @ brief Add a new group mapping
*
* @ param [ in ] gid gid to use to store the mapping . If gid is 0 ,
* new gid will be allocated from winbind
*
* @ return Normal NTSTATUS return
*/
2015-05-14 03:03:05 +03:00
NTSTATUS pdb_create_builtin_alias ( uint32_t rid , gid_t gid )
2006-03-15 03:10:38 +03:00
{
2010-05-21 05:25:01 +04:00
struct dom_sid sid ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType type ;
2013-06-18 18:30:31 +04:00
gid_t gidformap ;
2011-09-27 01:55:47 +04:00
GROUP_MAP * map ;
2006-03-15 03:10:38 +03:00
NTSTATUS status ;
const char * name = NULL ;
DEBUG ( 10 , ( " Trying to create builtin alias %d \n " , rid ) ) ;
2010-03-14 16:06:45 +03:00
2006-03-15 03:10:38 +03:00
if ( ! sid_compose ( & sid , & global_sid_Builtin , rid ) ) {
return NT_STATUS_NO_SUCH_ALIAS ;
}
2010-03-14 16:06:45 +03:00
2011-09-27 01:55:47 +04:00
/* use map as overall temp mem context */
map = talloc_zero ( NULL , GROUP_MAP ) ;
if ( ! map ) {
2006-03-15 03:10:38 +03:00
return NT_STATUS_NO_MEMORY ;
}
2010-03-14 16:06:45 +03:00
2011-09-27 01:55:47 +04:00
if ( ! lookup_sid ( map , & sid , NULL , & name , & type ) ) {
status = NT_STATUS_NO_SUCH_ALIAS ;
goto done ;
2006-03-15 03:10:38 +03:00
}
2010-03-14 16:06:45 +03:00
2013-06-18 18:30:31 +04:00
if ( gid = = 0 ) {
if ( ! winbind_allocate_gid ( & gidformap ) ) {
DEBUG ( 3 , ( " pdb_create_builtin_alias: Could not get a "
" gid out of winbind \n " ) ) ;
status = NT_STATUS_ACCESS_DENIED ;
goto done ;
}
} else {
gidformap = gid ;
2006-03-15 03:10:38 +03:00
}
2013-06-18 18:30:31 +04:00
DEBUG ( 10 , ( " Creating alias %s with gid %u \n " , name ,
( unsigned ) gidformap ) ) ;
2006-03-15 03:10:38 +03:00
2013-06-18 18:30:31 +04:00
map - > gid = gidformap ;
2011-09-27 01:55:47 +04:00
sid_copy ( & map - > sid , & sid ) ;
map - > sid_name_use = SID_NAME_ALIAS ;
map - > nt_name = talloc_strdup ( map , name ) ;
if ( ! map - > nt_name ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
map - > comment = talloc_strdup ( map , " " ) ;
if ( ! map - > comment ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2006-03-15 03:10:38 +03:00
2011-09-27 01:55:47 +04:00
status = pdb_add_group_mapping_entry ( map ) ;
2006-03-15 03:10:38 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
" (%s) \n " , rid , nt_errstr ( status ) ) ) ;
}
2011-09-27 01:55:47 +04:00
done :
TALLOC_FREE ( map ) ;
2006-03-15 03:10:38 +03:00
return status ;
}
2005-09-30 21:13:37 +04:00