2006-12-12 17:52:13 +03:00
/*
Unix SMB / CIFS implementation .
2011-02-26 15:41:43 +03:00
idmap NSS backend
2006-12-12 17:52:13 +03:00
Copyright ( C ) Simo Sorce 2006
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-12-12 17:52:13 +03:00
( at your option ) any later version .
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-12-12 17:52:13 +03:00
*/
# include "includes.h"
2011-02-25 19:14:22 +03:00
# include "system/passwd.h"
2006-12-12 17:52:13 +03:00
# include "winbindd.h"
2010-08-18 14:42:49 +04:00
# include "nsswitch/winbind_client.h"
2010-08-18 20:13:42 +04:00
# include "idmap.h"
2011-02-25 00:30:16 +03:00
# include "lib/winbind_util.h"
2021-03-06 02:07:54 +03:00
# include "libcli/security/dom_sid.h"
2006-12-12 17:52:13 +03:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_IDMAP
/*****************************
2015-12-27 21:55:40 +03:00
Initialise idmap database .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-03-03 01:00:58 +03:00
static NTSTATUS idmap_nss_int_init ( struct idmap_domain * dom )
2015-12-27 21:55:40 +03:00
{
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
2015-12-27 21:55:40 +03:00
lookup a set of unix ids .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_nss_unixids_to_sids ( struct idmap_domain * dom , struct id_map * * ids )
{
int i ;
2009-03-02 09:19:50 +03:00
/* initialize the status to avoid suprise */
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
struct passwd * pw ;
struct group * gr ;
const char * name ;
2021-03-06 02:07:54 +03:00
struct dom_sid sid ;
2006-12-12 17:52:13 +03:00
enum lsa_SidType type ;
2007-10-19 04:40:25 +04:00
bool ret ;
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
switch ( ids [ i ] - > xid . type ) {
case ID_TYPE_UID :
pw = getpwuid ( ( uid_t ) ids [ i ] - > xid . id ) ;
2006-12-20 20:56:26 +03:00
2006-12-12 17:52:13 +03:00
if ( ! pw ) {
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
name = pw - > pw_name ;
break ;
case ID_TYPE_GID :
gr = getgrgid ( ( gid_t ) ids [ i ] - > xid . id ) ;
2006-12-20 20:56:26 +03:00
2006-12-12 17:52:13 +03:00
if ( ! gr ) {
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
name = gr - > gr_name ;
break ;
default : /* ?? */
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
continue ;
}
2006-12-20 20:56:26 +03:00
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
2008-02-11 20:35:58 +03:00
( void ) winbind_on ( ) ;
2006-12-12 17:52:13 +03:00
/* Lookup name from PDC using lsa_lookup_names() */
2021-03-06 02:07:54 +03:00
ret = winbind_lookup_name ( dom - > name , name , & sid , & type ) ;
2008-02-11 20:35:58 +03:00
( void ) winbind_off ( ) ;
2006-12-20 20:56:26 +03:00
if ( ! ret ) {
2007-01-14 20:58:24 +03:00
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
switch ( type ) {
case SID_NAME_USER :
if ( ids [ i ] - > xid . type = = ID_TYPE_UID ) {
2021-03-06 02:07:54 +03:00
sid_copy ( ids [ i ] - > sid , & sid ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP :
if ( ids [ i ] - > xid . type = = ID_TYPE_GID ) {
2021-03-06 02:07:54 +03:00
sid_copy ( ids [ i ] - > sid , & sid ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
default :
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
break ;
}
}
return NT_STATUS_OK ;
}
/**********************************
2015-12-27 21:55:40 +03:00
lookup a set of sids .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_nss_sids_to_unixids ( struct idmap_domain * dom , struct id_map * * ids )
{
int i ;
2009-03-02 09:19:50 +03:00
/* initialize the status to avoid suprise */
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
struct group * gr ;
enum lsa_SidType type ;
2021-11-12 17:27:58 +03:00
const char * _domain = NULL ;
const char * _name = NULL ;
char * domain = NULL ;
2011-03-08 22:59:59 +03:00
char * name = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2006-12-12 17:52:13 +03:00
2006-12-20 20:56:26 +03:00
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
2008-02-11 20:35:58 +03:00
( void ) winbind_on ( ) ;
2021-11-12 17:27:58 +03:00
ret = winbind_lookup_sid ( talloc_tos ( ) ,
ids [ i ] - > sid ,
& _domain ,
& _name ,
& type ) ;
2008-02-11 20:35:58 +03:00
( void ) winbind_off ( ) ;
2006-12-20 20:56:26 +03:00
if ( ! ret ) {
2007-01-14 20:58:24 +03:00
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
2021-11-12 17:27:58 +03:00
domain = discard_const_p ( char , _domain ) ;
name = discard_const_p ( char , _name ) ;
if ( ! strequal ( domain , dom - > name ) ) {
struct dom_sid_buf buf ;
DBG_ERR ( " DOMAIN[%s] ignoring SID[%s] belongs to %s [%s \\ %s] \n " ,
dom - > name , dom_sid_str_buf ( ids [ i ] - > sid , & buf ) ,
sid_type_lookup ( type ) , domain , name ) ;
ids [ i ] - > status = ID_UNMAPPED ;
continue ;
}
2006-12-12 17:52:13 +03:00
switch ( type ) {
2007-12-19 17:02:59 +03:00
case SID_NAME_USER : {
struct passwd * pw ;
2006-12-12 17:52:13 +03:00
/* this will find also all lower case name and use username level */
2007-12-19 17:02:59 +03:00
pw = Get_Pwnam_alloc ( talloc_tos ( ) , name ) ;
2006-12-12 17:52:13 +03:00
if ( pw ) {
ids [ i ] - > xid . id = pw - > pw_uid ;
ids [ i ] - > xid . type = ID_TYPE_UID ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
2007-12-19 17:02:59 +03:00
TALLOC_FREE ( pw ) ;
2006-12-12 17:52:13 +03:00
break ;
2007-12-19 17:02:59 +03:00
}
2006-12-12 17:52:13 +03:00
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP :
gr = getgrnam ( name ) ;
if ( gr ) {
ids [ i ] - > xid . id = gr - > gr_gid ;
ids [ i ] - > xid . type = ID_TYPE_GID ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
default :
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
break ;
}
2021-11-12 17:27:58 +03:00
TALLOC_FREE ( domain ) ;
2011-03-08 22:59:59 +03:00
TALLOC_FREE ( name ) ;
2006-12-12 17:52:13 +03:00
}
return NT_STATUS_OK ;
}
/**********************************
Close the idmap tdb instance
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2019-03-21 14:30:37 +03:00
static const struct idmap_methods nss_methods = {
2006-12-12 17:52:13 +03:00
. init = idmap_nss_int_init ,
. unixids_to_sids = idmap_nss_unixids_to_sids ,
. sids_to_unixids = idmap_nss_sids_to_unixids ,
} ;
2017-04-20 22:24:43 +03:00
NTSTATUS idmap_nss_init ( TALLOC_CTX * mem_ctx )
2006-12-12 17:52:13 +03:00
{
return smb_register_idmap ( SMB_IDMAP_INTERFACE_VERSION , " nss " , & nss_methods ) ;
}