2023-11-27 10:05:29 +03:00
/*
2006-12-12 17:52:13 +03:00
Unix SMB / CIFS implementation .
2011-02-26 15:41:43 +03:00
idmap NSS backend
2006-12-12 17:52:13 +03:00
Copyright ( C ) Simo Sorce 2006
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-12-12 17:52:13 +03:00
( at your option ) any later version .
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-12-12 17:52:13 +03:00
*/
# include "includes.h"
2011-02-25 19:14:22 +03:00
# include "system/passwd.h"
2006-12-12 17:52:13 +03:00
# include "winbindd.h"
2010-08-18 14:42:49 +04:00
# include "nsswitch/winbind_client.h"
2010-08-18 20:13:42 +04:00
# include "idmap.h"
2011-02-25 00:30:16 +03:00
# include "lib/winbind_util.h"
2021-03-06 02:07:54 +03:00
# include "libcli/security/dom_sid.h"
2023-12-12 18:02:33 +03:00
# include "lib/global_contexts.h"
# include "messages.h"
2006-12-12 17:52:13 +03:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_IDMAP
2023-11-27 10:05:29 +03:00
struct idmap_nss_context {
struct idmap_domain * dom ;
bool use_upn ;
} ;
static int idmap_nss_context_destructor ( struct idmap_nss_context * ctx )
{
if ( ( ctx - > dom ! = NULL ) & & ( ctx - > dom - > private_data = = ctx ) ) {
ctx - > dom - > private_data = NULL ;
}
return 0 ;
}
static NTSTATUS idmap_nss_context_create ( TALLOC_CTX * mem_ctx ,
struct idmap_domain * dom ,
struct idmap_nss_context * * pctx )
{
struct idmap_nss_context * ctx = NULL ;
ctx = talloc_zero ( mem_ctx , struct idmap_nss_context ) ;
if ( ctx = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
ctx - > dom = dom ;
talloc_set_destructor ( ctx , idmap_nss_context_destructor ) ;
ctx - > use_upn = idmap_config_bool ( dom - > name , " use_upn " , false ) ;
* pctx = ctx ;
return NT_STATUS_OK ;
}
static NTSTATUS idmap_nss_get_context ( struct idmap_domain * dom ,
struct idmap_nss_context * * pctx )
{
struct idmap_nss_context * ctx = NULL ;
NTSTATUS status ;
if ( dom - > private_data ! = NULL ) {
* pctx = talloc_get_type_abort ( dom - > private_data ,
struct idmap_nss_context ) ;
return NT_STATUS_OK ;
}
status = idmap_nss_context_create ( dom , dom , & ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DBG_WARNING ( " idmap_nss_context_create failed: %s \n " ,
nt_errstr ( status ) ) ;
return status ;
}
dom - > private_data = ctx ;
* pctx = ctx ;
return NT_STATUS_OK ;
}
2023-12-12 18:02:33 +03:00
static bool idmap_nss_msg_filter ( struct messaging_rec * rec , void * private_data )
{
struct idmap_domain * dom = talloc_get_type_abort ( private_data ,
struct idmap_domain ) ;
struct idmap_nss_context * ctx = NULL ;
NTSTATUS status ;
bool ret ;
if ( rec - > msg_type = = MSG_SMB_CONF_UPDATED ) {
ret = lp_load_global ( get_dyn_CONFIGFILE ( ) ) ;
if ( ! ret ) {
DBG_WARNING ( " Failed to reload configuration \n " ) ;
return false ;
}
status = idmap_nss_get_context ( dom , & ctx ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
DBG_WARNING ( " Failed to get idmap nss context: %s \n " ,
nt_errstr ( status ) ) ;
return false ;
}
ctx - > use_upn = idmap_config_bool ( dom - > name , " use_upn " , false ) ;
}
return false ;
}
2006-12-12 17:52:13 +03:00
/*****************************
2015-12-27 21:55:40 +03:00
Initialise idmap database .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-03-03 01:00:58 +03:00
static NTSTATUS idmap_nss_int_init ( struct idmap_domain * dom )
2015-12-27 21:55:40 +03:00
{
2023-11-27 10:05:29 +03:00
struct idmap_nss_context * ctx = NULL ;
NTSTATUS status ;
2023-12-12 18:02:33 +03:00
struct messaging_context * msg_ctx = global_messaging_context ( ) ;
struct tevent_req * req = NULL ;
2023-11-27 10:05:29 +03:00
status = idmap_nss_context_create ( dom , dom , & ctx ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
return status ;
}
dom - > private_data = ctx ;
2023-12-12 18:02:33 +03:00
req = messaging_filtered_read_send (
dom ,
messaging_tevent_context ( msg_ctx ) ,
msg_ctx ,
idmap_nss_msg_filter ,
dom ) ;
if ( req = = NULL ) {
DBG_WARNING ( " messaging_filtered_read_send failed \n " ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
2023-11-27 10:05:29 +03:00
return status ;
}
static NTSTATUS idmap_nss_lookup_name ( const char * namespace ,
const char * username ,
struct dom_sid * sid ,
enum lsa_SidType * type )
{
bool ret ;
/*
* By default calls to winbindd are disabled
* the following call will not recurse so this is safe
*/
( void ) winbind_on ( ) ;
ret = winbind_lookup_name ( namespace , username , sid , type ) ;
( void ) winbind_off ( ) ;
if ( ! ret ) {
DBG_NOTICE ( " Failed to lookup name [%s] in namespace [%s] \n " ,
username , namespace ) ;
return NT_STATUS_NOT_FOUND ;
}
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
2015-12-27 21:55:40 +03:00
lookup a set of unix ids .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_nss_unixids_to_sids ( struct idmap_domain * dom , struct id_map * * ids )
{
2023-11-27 10:05:29 +03:00
struct idmap_nss_context * ctx = NULL ;
NTSTATUS status ;
2006-12-12 17:52:13 +03:00
int i ;
2023-11-27 10:05:29 +03:00
status = idmap_nss_get_context ( dom , & ctx ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
DBG_WARNING ( " Failed to get idmap nss context: %s \n " ,
nt_errstr ( status ) ) ;
return status ;
}
2023-07-18 12:45:25 +03:00
/* initialize the status to avoid surprise */
2009-03-02 09:19:50 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
struct passwd * pw ;
struct group * gr ;
const char * name ;
2021-03-06 02:07:54 +03:00
struct dom_sid sid ;
2006-12-12 17:52:13 +03:00
enum lsa_SidType type ;
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
switch ( ids [ i ] - > xid . type ) {
case ID_TYPE_UID :
2023-11-29 14:55:13 +03:00
errno = 0 ;
2006-12-12 17:52:13 +03:00
pw = getpwuid ( ( uid_t ) ids [ i ] - > xid . id ) ;
if ( ! pw ) {
2023-11-29 14:55:13 +03:00
DBG_DEBUG ( " getpwuid(%lu) failed: %s \n " ,
( unsigned long ) ids [ i ] - > xid . id ,
errno ! = 0
? strerror ( errno )
: " not found " ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
name = pw - > pw_name ;
break ;
case ID_TYPE_GID :
2023-11-29 14:55:13 +03:00
errno = 0 ;
2006-12-12 17:52:13 +03:00
gr = getgrgid ( ( gid_t ) ids [ i ] - > xid . id ) ;
if ( ! gr ) {
2023-11-29 14:55:13 +03:00
DBG_DEBUG ( " getgrgid(%lu) failed: %s \n " ,
( unsigned long ) ids [ i ] - > xid . id ,
errno ! = 0
? strerror ( errno )
: " not found " ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
name = gr - > gr_name ;
break ;
default : /* ?? */
2023-11-29 14:55:13 +03:00
DBG_WARNING ( " Unexpected xid type %d \n " ,
ids [ i ] - > xid . type ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
continue ;
}
/* Lookup name from PDC using lsa_lookup_names() */
2023-11-27 10:05:29 +03:00
if ( ctx - > use_upn ) {
char * p = NULL ;
const char * namespace = NULL ;
const char * domname = NULL ;
const char * domuser = NULL ;
p = strstr ( name , lp_winbind_separator ( ) ) ;
if ( p ! = NULL ) {
* p = ' \0 ' ;
domname = name ;
namespace = domname ;
domuser = p + 1 ;
} else {
p = strchr ( name , ' @ ' ) ;
if ( p ! = NULL ) {
* p = ' \0 ' ;
namespace = p + 1 ;
domname = " " ;
domuser = name ;
} else {
namespace = dom - > name ;
domuser = name ;
}
}
2006-12-20 20:56:26 +03:00
2023-11-27 10:05:29 +03:00
DBG_DEBUG ( " Using namespace [%s] from UPN instead "
" of [%s] to lookup the name [%s] \n " ,
namespace , dom - > name , domuser ) ;
status = idmap_nss_lookup_name ( namespace ,
domuser ,
& sid ,
& type ) ;
} else {
status = idmap_nss_lookup_name ( dom - > name ,
name ,
& sid ,
& type ) ;
}
if ( NT_STATUS_IS_ERR ( status ) ) {
/*
* TODO : how do we know if the name is really
* not mapped , or something just failed ?
*/
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
switch ( type ) {
case SID_NAME_USER :
if ( ids [ i ] - > xid . type = = ID_TYPE_UID ) {
2021-03-06 02:07:54 +03:00
sid_copy ( ids [ i ] - > sid , & sid ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP :
if ( ids [ i ] - > xid . type = = ID_TYPE_GID ) {
2021-03-06 02:07:54 +03:00
sid_copy ( ids [ i ] - > sid , & sid ) ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
default :
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
break ;
}
}
return NT_STATUS_OK ;
}
/**********************************
2015-12-27 21:55:40 +03:00
lookup a set of sids .
2006-12-12 17:52:13 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_nss_sids_to_unixids ( struct idmap_domain * dom , struct id_map * * ids )
{
2023-11-27 10:05:29 +03:00
struct idmap_nss_context * ctx = NULL ;
NTSTATUS status ;
2006-12-12 17:52:13 +03:00
int i ;
2023-11-27 10:05:29 +03:00
status = idmap_nss_get_context ( dom , & ctx ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
DBG_WARNING ( " Failed to get idmap nss context: %s \n " ,
nt_errstr ( status ) ) ;
return status ;
}
2023-07-18 12:45:25 +03:00
/* initialize the status to avoid surprise */
2009-03-02 09:19:50 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2011-02-26 14:36:19 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
struct group * gr ;
enum lsa_SidType type ;
2021-11-12 17:27:58 +03:00
const char * _domain = NULL ;
const char * _name = NULL ;
char * domain = NULL ;
2011-03-08 22:59:59 +03:00
char * name = NULL ;
2023-11-27 10:05:29 +03:00
char * fqdn = NULL ;
char * sname = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2006-12-12 17:52:13 +03:00
2006-12-20 20:56:26 +03:00
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
2008-02-11 20:35:58 +03:00
( void ) winbind_on ( ) ;
2021-11-12 17:27:58 +03:00
ret = winbind_lookup_sid ( talloc_tos ( ) ,
ids [ i ] - > sid ,
& _domain ,
& _name ,
& type ) ;
2008-02-11 20:35:58 +03:00
( void ) winbind_off ( ) ;
2006-12-20 20:56:26 +03:00
if ( ! ret ) {
2007-01-14 20:58:24 +03:00
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids [ i ] - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
continue ;
}
2021-11-12 17:27:58 +03:00
domain = discard_const_p ( char , _domain ) ;
name = discard_const_p ( char , _name ) ;
if ( ! strequal ( domain , dom - > name ) ) {
struct dom_sid_buf buf ;
DBG_ERR ( " DOMAIN[%s] ignoring SID[%s] belongs to %s [%s \\ %s] \n " ,
dom - > name , dom_sid_str_buf ( ids [ i ] - > sid , & buf ) ,
sid_type_lookup ( type ) , domain , name ) ;
ids [ i ] - > status = ID_UNMAPPED ;
continue ;
}
2023-11-27 10:05:29 +03:00
if ( ctx - > use_upn ) {
fqdn = talloc_asprintf ( talloc_tos ( ) ,
" %s%s%s " ,
domain ,
lp_winbind_separator ( ) ,
name ) ;
if ( fqdn = = NULL ) {
DBG_ERR ( " No memory \n " ) ;
ids [ i ] - > status = ID_UNMAPPED ;
continue ;
}
DBG_DEBUG ( " Using UPN [%s] instead of plain name [%s] \n " ,
fqdn , name ) ;
sname = fqdn ;
} else {
sname = name ;
}
2006-12-12 17:52:13 +03:00
switch ( type ) {
2007-12-19 17:02:59 +03:00
case SID_NAME_USER : {
struct passwd * pw ;
2006-12-12 17:52:13 +03:00
/* this will find also all lower case name and use username level */
2023-11-27 10:05:29 +03:00
pw = Get_Pwnam_alloc ( talloc_tos ( ) , sname ) ;
2006-12-12 17:52:13 +03:00
if ( pw ) {
ids [ i ] - > xid . id = pw - > pw_uid ;
ids [ i ] - > xid . type = ID_TYPE_UID ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
2007-12-19 17:02:59 +03:00
TALLOC_FREE ( pw ) ;
2006-12-12 17:52:13 +03:00
break ;
2007-12-19 17:02:59 +03:00
}
2006-12-12 17:52:13 +03:00
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP :
2023-11-27 10:05:29 +03:00
gr = getgrnam ( sname ) ;
2006-12-12 17:52:13 +03:00
if ( gr ) {
ids [ i ] - > xid . id = gr - > gr_gid ;
ids [ i ] - > xid . type = ID_TYPE_GID ;
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
}
break ;
default :
2007-01-14 20:58:24 +03:00
ids [ i ] - > status = ID_UNKNOWN ;
2006-12-12 17:52:13 +03:00
break ;
}
2021-11-12 17:27:58 +03:00
TALLOC_FREE ( domain ) ;
2011-03-08 22:59:59 +03:00
TALLOC_FREE ( name ) ;
2023-11-27 10:05:29 +03:00
TALLOC_FREE ( fqdn ) ;
2006-12-12 17:52:13 +03:00
}
return NT_STATUS_OK ;
}
/**********************************
Close the idmap tdb instance
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2019-03-21 14:30:37 +03:00
static const struct idmap_methods nss_methods = {
2006-12-12 17:52:13 +03:00
. init = idmap_nss_int_init ,
. unixids_to_sids = idmap_nss_unixids_to_sids ,
. sids_to_unixids = idmap_nss_sids_to_unixids ,
} ;
2017-04-20 22:24:43 +03:00
NTSTATUS idmap_nss_init ( TALLOC_CTX * mem_ctx )
2006-12-12 17:52:13 +03:00
{
return smb_register_idmap ( SMB_IDMAP_INTERFACE_VERSION , " nss " , & nss_methods ) ;
}
