2009-02-13 12:28:57 -08:00
/*
Unix SMB / CIFS implementation .
2009-02-23 23:21:13 -08:00
Password and authentication handling by wbclient
2009-02-13 12:28:57 -08:00
Copyright ( C ) Andrew Bartlett 2002
Copyright ( C ) Jelmer Vernooij 2002
Copyright ( C ) Simo Sorce 2003
Copyright ( C ) Volker Lendecke 2006
Copyright ( C ) Dan Sledz 2009
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2009-02-23 23:21:13 -08:00
/* This passdb module retrieves full passdb information for local users and
* groups from a wbclient compatible daemon .
*
* The purpose of this module is to defer all SAM authorization information
* storage and retrieval to a wbc compatible daemon .
*
* This passdb backend is most useful when used in conjunction with auth_wbc .
*
* A few current limitations of this module are :
* - read only interface
* - no privileges
*/
2009-02-13 12:28:57 -08:00
# include "includes.h"
2011-03-18 18:58:37 +01:00
# include "passdb.h"
2011-02-24 22:30:16 +01:00
# include "lib/winbind_util.h"
2011-10-04 17:32:41 +02:00
# include "passdb/pdb_wbc_sam.h"
2014-11-25 14:45:26 +13:00
# include "idmap.h"
2009-02-13 12:28:57 -08:00
/***************************************************************************
Default implementations of some functions .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-02-23 23:21:13 -08:00
static NTSTATUS _pdb_wbc_sam_getsampw ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
struct samu * user ,
const struct passwd * pwd )
{
NTSTATUS result = NT_STATUS_OK ;
if ( pwd = = NULL )
return NT_STATUS_NO_SUCH_USER ;
2011-03-27 20:06:19 +02:00
ZERO_STRUCTP ( user ) ;
2009-02-13 12:28:57 -08:00
/* Can we really get away with this little of information */
user - > methods = methods ;
result = samu_set_unix ( user , pwd ) ;
return result ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_getsampwnam ( struct pdb_methods * methods , struct samu * user , const char * sname )
2009-02-13 12:28:57 -08:00
{
2009-02-23 23:21:13 -08:00
return _pdb_wbc_sam_getsampw ( methods , user , winbind_getpwnam ( sname ) ) ;
2009-02-13 12:28:57 -08:00
}
2010-05-21 11:25:01 +10:00
static NTSTATUS pdb_wbc_sam_getsampwsid ( struct pdb_methods * methods , struct samu * user , const struct dom_sid * sid )
2009-02-13 12:28:57 -08:00
{
2009-02-23 23:21:13 -08:00
return _pdb_wbc_sam_getsampw ( methods , user , winbind_getpwsid ( sid ) ) ;
2009-02-13 12:28:57 -08:00
}
2014-11-25 14:45:26 +13:00
static bool pdb_wbc_sam_id_to_sid ( struct pdb_methods * methods , struct unixid * id ,
struct dom_sid * sid )
2009-02-13 12:28:57 -08:00
{
2014-11-25 14:45:26 +13:00
switch ( id - > type ) {
case ID_TYPE_UID :
return winbind_uid_to_sid ( sid , id - > id ) ;
2009-02-13 12:28:57 -08:00
2014-11-25 14:45:26 +13:00
case ID_TYPE_GID :
return winbind_gid_to_sid ( sid , id - > id ) ;
default :
return false ;
}
2009-02-13 12:28:57 -08:00
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_enum_group_members ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
TALLOC_CTX * mem_ctx ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * group ,
2015-05-09 13:34:31 -07:00
uint32_t * * pp_member_rids ,
2009-02-13 12:28:57 -08:00
size_t * p_num_members )
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_enum_group_memberships ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
TALLOC_CTX * mem_ctx ,
struct samu * user ,
2010-05-21 11:25:01 +10:00
struct dom_sid * * pp_sids ,
2009-02-13 12:28:57 -08:00
gid_t * * pp_gids ,
2011-02-28 12:38:18 -08:00
uint32_t * p_num_groups )
2009-02-13 12:28:57 -08:00
{
size_t i ;
const char * username = pdb_get_username ( user ) ;
2009-02-25 12:55:47 +01:00
uint32_t num_groups ;
2009-02-13 12:28:57 -08:00
2009-02-25 12:55:47 +01:00
if ( ! winbind_get_groups ( mem_ctx , username , & num_groups , pp_gids ) ) {
2009-02-13 12:28:57 -08:00
return NT_STATUS_NO_SUCH_USER ;
}
2009-02-25 12:55:47 +01:00
* p_num_groups = num_groups ;
2009-02-13 12:28:57 -08:00
if ( * p_num_groups = = 0 ) {
smb_panic ( " primary group missing " ) ;
}
2011-06-07 11:30:12 +10:00
* pp_sids = talloc_array ( mem_ctx , struct dom_sid , * p_num_groups ) ;
2009-02-13 12:28:57 -08:00
if ( * pp_sids = = NULL ) {
TALLOC_FREE ( * pp_gids ) ;
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < * p_num_groups ; i + + ) {
gid_to_sid ( & ( * pp_sids ) [ i ] , ( * pp_gids ) [ i ] ) ;
}
return NT_STATUS_OK ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_lookup_rids ( struct pdb_methods * methods ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * domain_sid ,
2009-02-13 12:28:57 -08:00
int num_rids ,
2015-05-09 13:34:31 -07:00
uint32_t * rids ,
2009-02-13 12:28:57 -08:00
const char * * names ,
enum lsa_SidType * attrs )
{
NTSTATUS result = NT_STATUS_OK ;
2014-02-26 20:16:26 +01:00
const char * p = NULL ;
const char * * pp = NULL ;
2009-02-13 12:28:57 -08:00
char * domain = NULL ;
char * * account_names = NULL ;
enum lsa_SidType * attr_list = NULL ;
int i ;
if ( ! winbind_lookup_rids ( talloc_tos ( ) , domain_sid , num_rids , rids ,
2014-02-26 20:16:26 +01:00
& p , & pp , & attr_list ) )
2009-02-13 12:28:57 -08:00
{
result = NT_STATUS_NONE_MAPPED ;
goto done ;
}
2014-02-26 20:16:26 +01:00
domain = discard_const_p ( char , p ) ;
account_names = discard_const_p ( char * , pp ) ;
2009-02-13 12:28:57 -08:00
memcpy ( attrs , attr_list , num_rids * sizeof ( enum lsa_SidType ) ) ;
for ( i = 0 ; i < num_rids ; i + + ) {
if ( attrs [ i ] = = SID_NAME_UNKNOWN ) {
names [ i ] = NULL ;
} else {
2009-03-11 23:27:01 +00:00
names [ i ] = talloc_strdup ( names , account_names [ i ] ) ;
if ( names [ i ] = = NULL ) {
result = NT_STATUS_NO_MEMORY ;
goto done ;
}
2009-02-13 12:28:57 -08:00
}
}
done :
TALLOC_FREE ( account_names ) ;
TALLOC_FREE ( domain ) ;
2009-03-11 23:27:01 +00:00
TALLOC_FREE ( attr_list ) ;
2009-02-13 12:28:57 -08:00
return result ;
}
2009-07-14 23:36:41 +02:00
static NTSTATUS pdb_wbc_sam_get_account_policy ( struct pdb_methods * methods , enum pdb_policy_type type , uint32_t * value )
2009-02-13 12:28:57 -08:00
{
return NT_STATUS_UNSUCCESSFUL ;
}
2009-07-14 23:36:41 +02:00
static NTSTATUS pdb_wbc_sam_set_account_policy ( struct pdb_methods * methods , enum pdb_policy_type type , uint32_t value )
2009-02-13 12:28:57 -08:00
{
return NT_STATUS_UNSUCCESSFUL ;
}
2009-02-23 23:21:13 -08:00
static bool pdb_wbc_sam_search_groups ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
struct pdb_search * search )
{
return false ;
}
2009-02-23 23:21:13 -08:00
static bool pdb_wbc_sam_search_aliases ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
struct pdb_search * search ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * sid )
2009-02-13 12:28:57 -08:00
{
return false ;
}
2009-02-23 23:21:13 -08:00
static bool pdb_wbc_sam_get_trusteddom_pw ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
const char * domain ,
char * * pwd ,
2010-05-21 11:25:01 +10:00
struct dom_sid * sid ,
2009-02-13 12:28:57 -08:00
time_t * pass_last_set_time )
{
return false ;
}
2009-02-23 23:21:13 -08:00
static bool pdb_wbc_sam_set_trusteddom_pw ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
const char * domain ,
const char * pwd ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * sid )
2009-02-13 12:28:57 -08:00
{
return false ;
}
2009-02-23 23:21:13 -08:00
static bool pdb_wbc_sam_del_trusteddom_pw ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
const char * domain )
{
return false ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_enum_trusteddoms ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
TALLOC_CTX * mem_ctx ,
2015-05-09 13:34:31 -07:00
uint32_t * num_domains ,
2009-02-13 12:28:57 -08:00
struct trustdom_info * * * domains )
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2010-05-21 11:25:01 +10:00
static bool _make_group_map ( struct pdb_methods * methods , const char * domain , const char * name , enum lsa_SidType name_type , gid_t gid , struct dom_sid * sid , GROUP_MAP * map )
2009-02-13 12:28:57 -08:00
{
2011-09-26 17:55:47 -04:00
map - > nt_name = talloc_asprintf ( map , " %s%c%s " ,
2009-02-13 12:28:57 -08:00
domain , * lp_winbind_separator ( ) , name ) ;
2011-09-26 17:55:47 -04:00
if ( ! map - > nt_name ) {
return false ;
}
2009-02-13 12:28:57 -08:00
map - > sid_name_use = name_type ;
map - > sid = * sid ;
map - > gid = gid ;
return true ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_getgrsid ( struct pdb_methods * methods , GROUP_MAP * map ,
2010-05-21 11:25:01 +10:00
struct dom_sid sid )
2009-02-13 12:28:57 -08:00
{
NTSTATUS result = NT_STATUS_OK ;
2014-02-26 20:16:26 +01:00
const char * p1 = NULL , * p2 = NULL ;
2009-02-13 12:28:57 -08:00
char * name = NULL ;
char * domain = NULL ;
enum lsa_SidType name_type ;
gid_t gid ;
2014-02-26 20:16:26 +01:00
if ( ! winbind_lookup_sid ( talloc_tos ( ) , & sid , & p1 , & p2 , & name_type ) ) {
2009-02-13 12:28:57 -08:00
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
2014-02-26 20:16:26 +01:00
domain = discard_const_p ( char , p1 ) ;
name = discard_const_p ( char , p2 ) ;
2009-02-13 12:28:57 -08:00
if ( ( name_type ! = SID_NAME_DOM_GRP ) & &
( name_type ! = SID_NAME_DOMAIN ) & &
( name_type ! = SID_NAME_ALIAS ) & &
( name_type ! = SID_NAME_WKN_GRP ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
if ( ! winbind_sid_to_gid ( & gid , & sid ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
if ( ! _make_group_map ( methods , domain , name , name_type , gid , & sid , map ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
done :
TALLOC_FREE ( name ) ;
TALLOC_FREE ( domain ) ;
return result ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_getgrgid ( struct pdb_methods * methods , GROUP_MAP * map ,
2009-02-13 12:28:57 -08:00
gid_t gid )
{
NTSTATUS result = NT_STATUS_OK ;
2014-02-26 20:16:26 +01:00
const char * p1 = NULL , * p2 = NULL ;
2009-02-13 12:28:57 -08:00
char * name = NULL ;
char * domain = NULL ;
2010-05-21 11:25:01 +10:00
struct dom_sid sid ;
2009-02-13 12:28:57 -08:00
enum lsa_SidType name_type ;
if ( ! winbind_gid_to_sid ( & sid , gid ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
2014-02-26 20:16:26 +01:00
if ( ! winbind_lookup_sid ( talloc_tos ( ) , & sid , & p1 , & p2 , & name_type ) ) {
2009-02-13 12:28:57 -08:00
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
2014-02-26 20:16:26 +01:00
domain = discard_const_p ( char , p1 ) ;
name = discard_const_p ( char , p2 ) ;
2009-02-13 12:28:57 -08:00
if ( ( name_type ! = SID_NAME_DOM_GRP ) & &
( name_type ! = SID_NAME_DOMAIN ) & &
( name_type ! = SID_NAME_ALIAS ) & &
( name_type ! = SID_NAME_WKN_GRP ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
if ( ! _make_group_map ( methods , domain , name , name_type , gid , & sid , map ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
done :
TALLOC_FREE ( name ) ;
TALLOC_FREE ( domain ) ;
return result ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_getgrnam ( struct pdb_methods * methods , GROUP_MAP * map ,
2009-02-13 12:28:57 -08:00
const char * name )
{
NTSTATUS result = NT_STATUS_OK ;
2009-07-17 21:50:33 -07:00
const char * domain = " " ;
2010-05-21 11:25:01 +10:00
struct dom_sid sid ;
2009-02-13 12:28:57 -08:00
gid_t gid ;
enum lsa_SidType name_type ;
2009-07-17 21:50:33 -07:00
if ( ! winbind_lookup_name ( domain , name , & sid , & name_type ) ) {
2009-02-13 12:28:57 -08:00
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
if ( ( name_type ! = SID_NAME_DOM_GRP ) & &
( name_type ! = SID_NAME_DOMAIN ) & &
( name_type ! = SID_NAME_ALIAS ) & &
( name_type ! = SID_NAME_WKN_GRP ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
if ( ! winbind_sid_to_gid ( & gid , & sid ) ) {
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
2009-07-17 21:50:33 -07:00
if ( ! _make_group_map ( methods , domain , name , name_type , gid , & sid , map ) ) {
2009-02-13 12:28:57 -08:00
result = NT_STATUS_NO_SUCH_GROUP ;
goto done ;
}
done :
return result ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_enum_group_mapping ( struct pdb_methods * methods ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * sid , enum lsa_SidType sid_name_use ,
2011-09-26 17:55:47 -04:00
GROUP_MAP * * * pp_rmap , size_t * p_num_entries ,
2009-02-13 12:28:57 -08:00
bool unix_only )
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_get_aliasinfo ( struct pdb_methods * methods ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * sid ,
2009-02-13 12:28:57 -08:00
struct acct_info * info )
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_enum_aliasmem ( struct pdb_methods * methods ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * alias ,
2009-06-08 19:43:01 +02:00
TALLOC_CTX * mem_ctx ,
2010-05-21 11:25:01 +10:00
struct dom_sid * * pp_members ,
2009-06-08 19:43:01 +02:00
size_t * p_num_members )
2009-02-13 12:28:57 -08:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_wbc_sam_alias_memberships ( struct pdb_methods * methods ,
2009-02-13 12:28:57 -08:00
TALLOC_CTX * mem_ctx ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * domain_sid ,
const struct dom_sid * members ,
2009-02-13 12:28:57 -08:00
size_t num_members ,
2015-05-09 13:34:31 -07:00
uint32_t * * pp_alias_rids ,
2009-02-13 12:28:57 -08:00
size_t * p_num_alias_rids )
{
if ( ! winbind_get_sid_aliases ( mem_ctx , domain_sid ,
members , num_members , pp_alias_rids , p_num_alias_rids ) )
return NT_STATUS_UNSUCCESSFUL ;
return NT_STATUS_OK ;
}
2009-02-23 23:21:13 -08:00
static NTSTATUS pdb_init_wbc_sam ( struct pdb_methods * * pdb_method , const char * location )
2009-02-13 12:28:57 -08:00
{
NTSTATUS result ;
if ( ! NT_STATUS_IS_OK ( result = make_pdb_method ( pdb_method ) ) ) {
return result ;
}
2009-02-23 23:21:13 -08:00
( * pdb_method ) - > name = " wbc_sam " ;
( * pdb_method ) - > getsampwnam = pdb_wbc_sam_getsampwnam ;
( * pdb_method ) - > getsampwsid = pdb_wbc_sam_getsampwsid ;
( * pdb_method ) - > getgrsid = pdb_wbc_sam_getgrsid ;
( * pdb_method ) - > getgrgid = pdb_wbc_sam_getgrgid ;
( * pdb_method ) - > getgrnam = pdb_wbc_sam_getgrnam ;
( * pdb_method ) - > enum_group_mapping = pdb_wbc_sam_enum_group_mapping ;
( * pdb_method ) - > enum_group_members = pdb_wbc_sam_enum_group_members ;
( * pdb_method ) - > enum_group_memberships = pdb_wbc_sam_enum_group_memberships ;
( * pdb_method ) - > get_aliasinfo = pdb_wbc_sam_get_aliasinfo ;
( * pdb_method ) - > enum_aliasmem = pdb_wbc_sam_enum_aliasmem ;
( * pdb_method ) - > enum_alias_memberships = pdb_wbc_sam_alias_memberships ;
( * pdb_method ) - > lookup_rids = pdb_wbc_sam_lookup_rids ;
( * pdb_method ) - > get_account_policy = pdb_wbc_sam_get_account_policy ;
( * pdb_method ) - > set_account_policy = pdb_wbc_sam_set_account_policy ;
2014-11-25 14:45:26 +13:00
( * pdb_method ) - > id_to_sid = pdb_wbc_sam_id_to_sid ;
2009-02-23 23:21:13 -08:00
( * pdb_method ) - > search_groups = pdb_wbc_sam_search_groups ;
( * pdb_method ) - > search_aliases = pdb_wbc_sam_search_aliases ;
( * pdb_method ) - > get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw ;
( * pdb_method ) - > set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw ;
( * pdb_method ) - > del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw ;
( * pdb_method ) - > enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms ;
2009-02-13 12:28:57 -08:00
( * pdb_method ) - > private_data = NULL ;
( * pdb_method ) - > free_private_data = NULL ;
return NT_STATUS_OK ;
}
2009-02-23 23:21:13 -08:00
NTSTATUS pdb_wbc_sam_init ( void )
2009-02-13 12:28:57 -08:00
{
2009-02-23 23:21:13 -08:00
return smb_register_passdb ( PASSDB_INTERFACE_VERSION , " wbc_sam " , pdb_init_wbc_sam ) ;
2009-02-13 12:28:57 -08:00
}