2004-04-07 12:43:44 +00:00
/*
Unix SMB / CIFS implementation .
Winbind rpc backend functions
Copyright ( C ) Tim Potter 2000 - 2001 , 2003
Copyright ( C ) Simo Sorce 2003
Copyright ( C ) Volker Lendecke 2004
2008-05-30 23:49:36 -07:00
Copyright ( C ) Jeremy Allison 2008
2004-04-07 12:43:44 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2004-04-07 12:43:44 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-04-07 12:43:44 +00:00
*/
# include "includes.h"
# include "winbindd.h"
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_WINBIND
2008-06-25 12:44:18 -07:00
static NTSTATUS enum_groups_internal ( struct winbindd_domain * domain ,
2004-04-07 12:43:44 +00:00
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
2008-06-25 12:44:18 -07:00
struct acct_info * * info ,
enum lsa_SidType sidtype )
2004-04-07 12:43:44 +00:00
{
2005-04-15 13:41:49 +00:00
struct pdb_search * search ;
2008-06-25 12:44:18 -07:00
struct samr_displayentry * entries ;
2005-04-15 13:41:49 +00:00
int i ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2004-04-07 12:43:44 +00:00
2008-06-25 12:44:18 -07:00
if ( sidtype = = SID_NAME_ALIAS ) {
search = pdb_search_aliases ( & domain - > sid ) ;
} else {
search = pdb_search_groups ( ) ;
}
2005-04-15 13:41:49 +00:00
if ( search = = NULL ) goto done ;
2004-04-07 12:43:44 +00:00
2008-06-25 12:44:18 -07:00
* num_entries = pdb_search_entries ( search , 0 , 0xffffffff , & entries ) ;
if ( * num_entries = = 0 ) {
/* Zero entries isn't an error */
result = NT_STATUS_OK ;
goto done ;
}
2004-04-07 12:43:44 +00:00
2005-04-15 13:41:49 +00:00
* info = TALLOC_ARRAY ( mem_ctx , struct acct_info , * num_entries ) ;
if ( * info = = NULL ) {
result = NT_STATUS_NO_MEMORY ;
goto done ;
}
2004-04-07 12:43:44 +00:00
2005-04-15 13:41:49 +00:00
for ( i = 0 ; i < * num_entries ; i + + ) {
2008-06-25 12:44:18 -07:00
fstrcpy ( ( * info ) [ i ] . acct_name , entries [ i ] . account_name ) ;
fstrcpy ( ( * info ) [ i ] . acct_desc , entries [ i ] . description ) ;
( * info ) [ i ] . rid = entries [ i ] . rid ;
2005-04-15 13:41:49 +00:00
}
2004-04-07 12:43:44 +00:00
2005-04-15 13:41:49 +00:00
result = NT_STATUS_OK ;
done :
pdb_search_destroy ( search ) ;
return result ;
2004-04-07 12:43:44 +00:00
}
2008-06-25 12:44:18 -07:00
/* List all local groups (aliases) */
static NTSTATUS enum_local_groups ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
struct acct_info * * info )
{
return enum_groups_internal ( domain ,
mem_ctx ,
num_entries ,
info ,
SID_NAME_ALIAS ) ;
}
2004-04-07 12:43:44 +00:00
/* convert a single name to a sid in a domain */
static NTSTATUS name_to_sid ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
2007-05-30 19:47:35 +00:00
enum winbindd_cmd original_cmd ,
2004-04-20 02:37:49 +00:00
const char * domain_name ,
2004-04-07 12:43:44 +00:00
const char * name ,
DOM_SID * sid ,
2006-09-08 14:28:06 +00:00
enum lsa_SidType * type )
2004-04-07 12:43:44 +00:00
{
2008-09-03 14:36:43 -04:00
const char * fullname ;
2007-05-30 19:47:35 +00:00
uint32 flags = LOOKUP_NAME_ALL ;
switch ( original_cmd ) {
case WINBINDD_LOOKUPNAME :
/* This call is ok */
break ;
default :
/* Avoid any NSS calls in the lookup_name by default */
flags | = LOOKUP_NAME_EXPLICIT ;
DEBUG ( 10 , ( " winbindd_passdb: limiting name_to_sid() to explicit mappings \n " ) ) ;
break ;
}
2008-09-03 14:36:43 -04:00
if ( domain_name & & domain_name [ 0 ] & & strchr_m ( name , ' \\ ' ) = = NULL ) {
fullname = talloc_asprintf ( mem_ctx , " %s \\ %s " ,
domain_name , name ) ;
if ( fullname = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2008-08-16 19:23:38 -07:00
} else {
2008-09-03 14:36:43 -04:00
fullname = name ;
2008-08-16 19:23:38 -07:00
}
2008-09-03 14:36:43 -04:00
DEBUG ( 10 , ( " Finding fullname %s \n " , fullname ) ) ;
if ( ! lookup_name ( mem_ctx , fullname , flags , NULL , NULL , sid , type ) ) {
2004-04-07 12:43:44 +00:00
return NT_STATUS_NONE_MAPPED ;
2006-03-15 03:46:20 +00:00
}
2004-05-26 18:52:45 +00:00
2008-09-03 14:36:43 -04:00
DEBUG ( 10 , ( " name_to_sid for %s returned %s (%s) \n " ,
fullname ,
2008-08-16 19:23:38 -07:00
sid_string_dbg ( sid ) ,
sid_type_lookup ( ( uint32 ) * type ) ) ) ;
2008-09-03 14:36:43 -04:00
2004-04-07 12:43:44 +00:00
return NT_STATUS_OK ;
}
/*
convert a domain SID to a user or group name
*/
static NTSTATUS sid_to_name ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * sid ,
2004-04-20 02:37:49 +00:00
char * * domain_name ,
2004-04-07 12:43:44 +00:00
char * * name ,
2006-09-08 14:28:06 +00:00
enum lsa_SidType * type )
2004-04-07 12:43:44 +00:00
{
2006-02-03 22:19:41 +00:00
const char * dom , * nam ;
2004-04-07 12:43:44 +00:00
2007-12-15 21:11:36 +01:00
DEBUG ( 10 , ( " Converting SID %s \n " , sid_string_dbg ( sid ) ) ) ;
2004-04-07 12:43:44 +00:00
2006-02-03 22:19:41 +00:00
/* Paranoia check */
if ( ! sid_check_is_in_builtin ( sid ) & &
2007-05-21 20:36:22 +00:00
! sid_check_is_in_our_domain ( sid ) & &
! sid_check_is_in_unix_users ( sid ) & &
! sid_check_is_unix_users ( sid ) & &
! sid_check_is_in_unix_groups ( sid ) & &
2007-10-24 13:19:35 +02:00
! sid_check_is_unix_groups ( sid ) & &
! sid_check_is_in_wellknown_domain ( sid ) )
2007-05-21 20:36:22 +00:00
{
2006-02-03 22:19:41 +00:00
DEBUG ( 0 , ( " Possible deadlock: Trying to lookup SID %s with "
2007-12-15 21:11:36 +01:00
" passdb backend \n " , sid_string_dbg ( sid ) ) ) ;
2004-04-07 12:43:44 +00:00
return NT_STATUS_NONE_MAPPED ;
2006-02-03 22:19:41 +00:00
}
2004-04-07 12:43:44 +00:00
2006-02-03 22:19:41 +00:00
if ( ! lookup_sid ( mem_ctx , sid , & dom , & nam , type ) ) {
return NT_STATUS_NONE_MAPPED ;
}
* domain_name = talloc_strdup ( mem_ctx , dom ) ;
* name = talloc_strdup ( mem_ctx , nam ) ;
2004-04-07 12:43:44 +00:00
return NT_STATUS_OK ;
}
2006-07-11 18:01:26 +00:00
static NTSTATUS rids_to_names ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * sid ,
uint32 * rids ,
size_t num_rids ,
char * * domain_name ,
char * * * names ,
2006-09-08 14:28:06 +00:00
enum lsa_SidType * * types )
2006-07-11 18:01:26 +00:00
{
2008-05-30 23:49:36 -07:00
size_t i ;
bool have_mapped ;
bool have_unmapped ;
2006-07-11 18:01:26 +00:00
2008-05-30 23:49:36 -07:00
* domain_name = NULL ;
* names = NULL ;
* types = NULL ;
if ( ! num_rids ) {
return NT_STATUS_OK ;
}
/* Paranoia check */
if ( ! sid_check_is_in_builtin ( sid ) & &
! sid_check_is_in_our_domain ( sid ) & &
! sid_check_is_in_unix_users ( sid ) & &
! sid_check_is_unix_users ( sid ) & &
! sid_check_is_in_unix_groups ( sid ) & &
! sid_check_is_unix_groups ( sid ) & &
! sid_check_is_in_wellknown_domain ( sid ) )
{
DEBUG ( 0 , ( " Possible deadlock: Trying to lookup SID %s with "
" passdb backend \n " , sid_string_dbg ( sid ) ) ) ;
return NT_STATUS_NONE_MAPPED ;
}
* names = TALLOC_ARRAY ( mem_ctx , char * , num_rids ) ;
* types = TALLOC_ARRAY ( mem_ctx , enum lsa_SidType , num_rids ) ;
if ( ( * names = = NULL ) | | ( * types = = NULL ) ) {
return NT_STATUS_NO_MEMORY ;
}
have_mapped = have_unmapped = false ;
for ( i = 0 ; i < num_rids ; i + + ) {
DOM_SID lsid ;
const char * dom = NULL , * nam = NULL ;
enum lsa_SidType type = SID_NAME_UNKNOWN ;
if ( ! sid_compose ( & lsid , sid , rids [ i ] ) ) {
return NT_STATUS_INTERNAL_ERROR ;
}
if ( ! lookup_sid ( mem_ctx , & lsid , & dom , & nam , & type ) ) {
have_unmapped = true ;
( * types ) [ i ] = SID_NAME_UNKNOWN ;
( * names ) [ i ] = talloc_strdup ( mem_ctx , " " ) ;
} else {
have_mapped = true ;
( * types ) [ i ] = type ;
( * names ) [ i ] = CONST_DISCARD ( char * , nam ) ;
}
2008-08-16 11:12:35 +02:00
if ( * domain_name = = NULL ) {
2008-05-30 23:49:36 -07:00
* domain_name = CONST_DISCARD ( char * , dom ) ;
} else {
char * dname = CONST_DISCARD ( char * , dom ) ;
TALLOC_FREE ( dname ) ;
}
}
if ( ! have_mapped ) {
return NT_STATUS_NONE_MAPPED ;
}
if ( ! have_unmapped ) {
return NT_STATUS_OK ;
}
return STATUS_SOME_UNMAPPED ;
2004-04-07 12:43:44 +00:00
}
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * user_sid ,
2005-06-08 22:10:34 +00:00
uint32 * num_groups , DOM_SID * * user_gids )
2004-04-07 12:43:44 +00:00
{
2006-04-02 06:25:11 +00:00
NTSTATUS result ;
DOM_SID * groups = NULL ;
gid_t * gids = NULL ;
size_t ngroups = 0 ;
struct samu * user ;
if ( ( user = samu_new ( mem_ctx ) ) = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
if ( ! pdb_getsampwsid ( user , user_sid ) ) {
2008-11-12 14:06:47 -08:00
TALLOC_FREE ( user ) ;
2006-04-02 06:25:11 +00:00
return NT_STATUS_NO_SUCH_USER ;
}
result = pdb_enum_group_memberships ( mem_ctx , user , & groups , & gids , & ngroups ) ;
TALLOC_FREE ( user ) ;
* num_groups = ( uint32 ) ngroups ;
* user_gids = groups ;
return result ;
2004-04-07 12:43:44 +00:00
}
2005-01-15 19:00:18 +00:00
static NTSTATUS lookup_useraliases ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
2005-06-08 22:10:34 +00:00
uint32 num_sids , const DOM_SID * sids ,
2005-10-18 03:24:00 +00:00
uint32 * p_num_aliases , uint32 * * rids )
2005-01-15 19:00:18 +00:00
{
2006-02-03 22:19:41 +00:00
NTSTATUS result ;
2005-11-08 18:22:32 +00:00
size_t num_aliases = 0 ;
2005-06-08 22:10:34 +00:00
result = pdb_enum_alias_memberships ( mem_ctx , & domain - > sid ,
2005-10-18 03:24:00 +00:00
sids , num_sids , rids , & num_aliases ) ;
2005-06-08 22:10:34 +00:00
2005-10-18 03:24:00 +00:00
* p_num_aliases = num_aliases ;
2006-02-03 22:19:41 +00:00
return result ;
2005-01-15 19:00:18 +00:00
}
2004-04-07 12:43:44 +00:00
2008-05-30 23:49:36 -07:00
/* find the sequence number for a domain */
static NTSTATUS sequence_number ( struct winbindd_domain * domain , uint32 * seq )
{
bool result ;
time_t seq_num ;
result = pdb_get_seq_num ( & seq_num ) ;
if ( ! result ) {
* seq = 1 ;
}
* seq = ( int ) seq_num ;
/* *seq = 1; */
return NT_STATUS_OK ;
}
static NTSTATUS lockout_policy ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
struct samr_DomInfo12 * policy )
{
/* actually we have that */
return NT_STATUS_NOT_IMPLEMENTED ;
}
static NTSTATUS password_policy ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
struct samr_DomInfo1 * policy )
{
2008-12-06 01:33:28 +01:00
struct samr_DomInfo1 * p ;
2008-05-30 23:49:36 -07:00
time_t u_expire , u_min_age ;
uint32 account_policy_temp ;
2008-12-06 01:33:28 +01:00
if ( ( p = TALLOC_ZERO_P ( mem_ctx , struct samr_DomInfo1 ) ) = = NULL ) {
2008-05-30 23:49:36 -07:00
return NT_STATUS_NO_MEMORY ;
}
2008-12-06 01:33:28 +01:00
if ( ! pdb_get_account_policy ( AP_MIN_PASSWORD_LEN ,
2009-01-19 11:47:29 +01:00
& account_policy_temp ) ) {
2008-05-30 23:49:36 -07:00
return NT_STATUS_ACCESS_DENIED ;
}
2009-01-19 11:47:29 +01:00
p - > min_password_length = account_policy_temp ;
2008-05-30 23:49:36 -07:00
2008-12-06 01:33:28 +01:00
if ( ! pdb_get_account_policy ( AP_PASSWORD_HISTORY ,
2009-01-19 11:47:29 +01:00
& account_policy_temp ) ) {
2008-05-30 23:49:36 -07:00
return NT_STATUS_ACCESS_DENIED ;
}
2009-01-19 11:47:29 +01:00
p - > password_history_length = account_policy_temp ;
2008-05-30 23:49:36 -07:00
2008-12-06 01:33:28 +01:00
if ( ! pdb_get_account_policy ( AP_USER_MUST_LOGON_TO_CHG_PASS ,
& p - > password_properties ) ) {
2008-05-30 23:49:36 -07:00
return NT_STATUS_ACCESS_DENIED ;
}
2008-12-06 01:33:28 +01:00
2008-05-30 23:49:36 -07:00
if ( ! pdb_get_account_policy ( AP_MAX_PASSWORD_AGE , & account_policy_temp ) ) {
return NT_STATUS_ACCESS_DENIED ;
}
u_expire = account_policy_temp ;
if ( ! pdb_get_account_policy ( AP_MIN_PASSWORD_AGE , & account_policy_temp ) ) {
return NT_STATUS_ACCESS_DENIED ;
}
u_min_age = account_policy_temp ;
2008-12-06 01:33:28 +01:00
unix_to_nt_time_abs ( ( NTTIME * ) & p - > max_password_age , u_expire ) ;
unix_to_nt_time_abs ( ( NTTIME * ) & p - > min_password_age , u_min_age ) ;
2008-05-30 23:49:36 -07:00
2008-12-06 01:33:28 +01:00
policy = p ;
2008-05-30 23:49:36 -07:00
return NT_STATUS_OK ;
}
/*********************************************************************
BUILTIN specific functions .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-06-25 15:23:32 -07:00
/* list all domain groups */
static NTSTATUS builtin_enum_dom_groups ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
struct acct_info * * info )
{
/* BUILTIN doesn't have domain groups */
* num_entries = 0 ;
* info = NULL ;
return NT_STATUS_OK ;
}
2008-05-30 23:49:36 -07:00
/* Query display info for a domain. This returns enough information plus a
bit extra to give an overview of domain users for the User Manager
application . */
static NTSTATUS builtin_query_user_list ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
WINBIND_USERINFO * * info )
{
/* We don't have users */
* num_entries = 0 ;
* info = NULL ;
return NT_STATUS_OK ;
}
/* Lookup user information from a rid or username. */
static NTSTATUS builtin_query_user ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * user_sid ,
WINBIND_USERINFO * user_info )
{
return NT_STATUS_NO_SUCH_USER ;
}
static NTSTATUS builtin_lookup_groupmem ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * group_sid , uint32 * num_names ,
DOM_SID * * sid_mem , char * * * names ,
uint32 * * name_types )
{
* num_names = 0 ;
* sid_mem = NULL ;
* names = NULL ;
* name_types = 0 ;
return NT_STATUS_NO_SUCH_GROUP ;
}
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_domains ,
char * * * names ,
char * * * alt_names ,
DOM_SID * * dom_sids )
{
* num_domains = 0 ;
* names = NULL ;
* alt_names = NULL ;
* dom_sids = NULL ;
return NT_STATUS_OK ;
}
/*********************************************************************
SAM specific functions .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-06-25 15:23:32 -07:00
/* list all domain groups */
static NTSTATUS sam_enum_dom_groups ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
struct acct_info * * info )
{
return enum_groups_internal ( domain ,
mem_ctx ,
num_entries ,
info ,
SID_NAME_DOM_GRP ) ;
}
2008-05-30 23:49:36 -07:00
static NTSTATUS sam_query_user_list ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
uint32 * num_entries ,
WINBIND_USERINFO * * info )
{
struct pdb_search * ps = pdb_search_users ( ACB_NORMAL ) ;
struct samr_displayentry * entries = NULL ;
uint32 i ;
* num_entries = 0 ;
* info = NULL ;
if ( ! ps ) {
return NT_STATUS_NO_MEMORY ;
}
* num_entries = pdb_search_entries ( ps ,
1 , 0xffffffff ,
& entries ) ;
* info = TALLOC_ZERO_ARRAY ( mem_ctx , WINBIND_USERINFO , * num_entries ) ;
if ( ! ( * info ) ) {
pdb_search_destroy ( ps ) ;
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < * num_entries ; i + + ) {
struct samr_displayentry * e = & entries [ i ] ;
( * info ) [ i ] . acct_name = talloc_strdup ( mem_ctx , e - > account_name ) ;
( * info ) [ i ] . full_name = talloc_strdup ( mem_ctx , e - > fullname ) ;
( * info ) [ i ] . homedir = NULL ;
( * info ) [ i ] . shell = NULL ;
sid_compose ( & ( * info ) [ i ] . user_sid , & domain - > sid , e - > rid ) ;
/* For the moment we set the primary group for
every user to be the Domain Users group .
There are serious problems with determining
the actual primary group for large domains .
This should really be made into a ' winbind
force group ' smb . conf parameter or
something like that . */
sid_compose ( & ( * info ) [ i ] . group_sid , & domain - > sid ,
DOMAIN_GROUP_RID_USERS ) ;
}
pdb_search_destroy ( ps ) ;
return NT_STATUS_OK ;
}
/* Lookup user information from a rid or username. */
static NTSTATUS sam_query_user ( struct winbindd_domain * domain ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * user_sid ,
WINBIND_USERINFO * user_info )
{
struct samu * sampass = NULL ;
ZERO_STRUCTP ( user_info ) ;
if ( ! sid_check_is_in_our_domain ( user_sid ) ) {
return NT_STATUS_NO_SUCH_USER ;
}
DEBUG ( 10 , ( " sam_query_user: getting samu info for sid %s \n " ,
sid_string_dbg ( user_sid ) ) ) ;
if ( ! ( sampass = samu_new ( mem_ctx ) ) ) {
return NT_STATUS_NO_MEMORY ;
}
if ( ! pdb_getsampwsid ( sampass , user_sid ) ) {
TALLOC_FREE ( sampass ) ;
return NT_STATUS_NO_SUCH_USER ;
}
if ( pdb_get_group_sid ( sampass ) = = NULL ) {
TALLOC_FREE ( sampass ) ;
return NT_STATUS_NO_SUCH_GROUP ;
}
DEBUG ( 10 , ( " sam_query_user: group sid %s \n " ,
sid_string_dbg ( sampass - > group_sid ) ) ) ;
sid_copy ( & user_info - > user_sid , user_sid ) ;
sid_copy ( & user_info - > group_sid , sampass - > group_sid ) ;
user_info - > acct_name = talloc_strdup ( mem_ctx , sampass - > username ?
sampass - > username : " " ) ;
user_info - > full_name = talloc_strdup ( mem_ctx , sampass - > full_name ?
sampass - > full_name : " " ) ;
user_info - > homedir = talloc_strdup ( mem_ctx , sampass - > home_dir ?
sampass - > home_dir : " " ) ;
if ( sampass - > unix_pw & & sampass - > unix_pw - > pw_shell ) {
user_info - > shell = talloc_strdup ( mem_ctx , sampass - > unix_pw - > pw_shell ) ;
} else {
user_info - > shell = talloc_strdup ( mem_ctx , " " ) ;
}
user_info - > primary_gid = sampass - > unix_pw ? sampass - > unix_pw - > pw_gid : ( gid_t ) - 1 ;
TALLOC_FREE ( sampass ) ;
return NT_STATUS_OK ;
}
2004-04-07 12:43:44 +00:00
/* Lookup group membership given a rid. */
2008-05-30 23:49:36 -07:00
static NTSTATUS sam_lookup_groupmem ( struct winbindd_domain * domain ,
2004-04-07 12:43:44 +00:00
TALLOC_CTX * mem_ctx ,
const DOM_SID * group_sid , uint32 * num_names ,
2005-06-08 22:10:34 +00:00
DOM_SID * * sid_mem , char * * * names ,
2004-04-07 12:43:44 +00:00
uint32 * * name_types )
{
2006-02-03 22:19:41 +00:00
size_t i , num_members , num_mapped ;
uint32 * rids ;
NTSTATUS result ;
const DOM_SID * * sids ;
struct lsa_dom_info * lsa_domains ;
struct lsa_name_info * lsa_names ;
2006-07-11 18:01:26 +00:00
TALLOC_CTX * tmp_ctx ;
2006-02-03 22:19:41 +00:00
if ( ! sid_check_is_in_our_domain ( group_sid ) ) {
/* There's no groups, only aliases in BUILTIN */
return NT_STATUS_NO_SUCH_GROUP ;
}
2006-07-11 18:01:26 +00:00
if ( ! ( tmp_ctx = talloc_init ( " lookup_groupmem " ) ) ) {
return NT_STATUS_NO_MEMORY ;
}
result = pdb_enum_group_members ( tmp_ctx , group_sid , & rids ,
2006-02-03 22:19:41 +00:00
& num_members ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return result ;
}
if ( num_members = = 0 ) {
* num_names = 0 ;
* sid_mem = NULL ;
* names = NULL ;
* name_types = NULL ;
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return NT_STATUS_OK ;
}
* sid_mem = TALLOC_ARRAY ( mem_ctx , DOM_SID , num_members ) ;
* names = TALLOC_ARRAY ( mem_ctx , char * , num_members ) ;
* name_types = TALLOC_ARRAY ( mem_ctx , uint32 , num_members ) ;
2006-07-11 18:01:26 +00:00
sids = TALLOC_ARRAY ( tmp_ctx , const DOM_SID * , num_members ) ;
2006-02-03 22:19:41 +00:00
if ( ( ( * sid_mem ) = = NULL ) | | ( ( * names ) = = NULL ) | |
( ( * name_types ) = = NULL ) | | ( sids = = NULL ) ) {
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return NT_STATUS_NO_MEMORY ;
}
2006-07-11 18:01:26 +00:00
/*
* Prepare an array of sid pointers for the lookup_sids calling
* convention .
*/
2006-02-03 22:19:41 +00:00
for ( i = 0 ; i < num_members ; i + + ) {
DOM_SID * sid = & ( ( * sid_mem ) [ i ] ) ;
2006-07-11 18:01:26 +00:00
if ( ! sid_compose ( sid , & domain - > sid , rids [ i ] ) ) {
TALLOC_FREE ( tmp_ctx ) ;
return NT_STATUS_INTERNAL_ERROR ;
}
2006-02-03 22:19:41 +00:00
sids [ i ] = sid ;
}
2006-07-11 18:01:26 +00:00
result = lookup_sids ( tmp_ctx , num_members , sids , 1 ,
2006-02-03 22:19:41 +00:00
& lsa_domains , & lsa_names ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return result ;
}
num_mapped = 0 ;
for ( i = 0 ; i < num_members ; i + + ) {
if ( lsa_names [ i ] . type ! = SID_NAME_USER ) {
DEBUG ( 2 , ( " Got %s as group member -- ignoring \n " ,
sid_type_lookup ( lsa_names [ i ] . type ) ) ) ;
continue ;
}
2008-11-17 15:38:56 -08:00
if ( ! ( ( * names ) [ num_mapped ] = talloc_strdup ( ( * names ) ,
2006-07-11 18:01:26 +00:00
lsa_names [ i ] . name ) ) ) {
TALLOC_FREE ( tmp_ctx ) ;
return NT_STATUS_NO_MEMORY ;
}
2008-11-17 15:38:56 -08:00
( * name_types ) [ num_mapped ] = lsa_names [ i ] . type ;
2006-02-03 22:19:41 +00:00
num_mapped + = 1 ;
}
* num_names = num_mapped ;
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2004-04-07 12:43:44 +00:00
return NT_STATUS_OK ;
}
/* get a list of trusted domains */
2008-05-30 23:49:36 -07:00
static NTSTATUS sam_trusted_domains ( struct winbindd_domain * domain ,
2004-04-07 12:43:44 +00:00
TALLOC_CTX * mem_ctx ,
uint32 * num_domains ,
char * * * names ,
char * * * alt_names ,
DOM_SID * * dom_sids )
{
2004-04-20 02:37:49 +00:00
NTSTATUS nt_status ;
2006-02-03 22:19:41 +00:00
struct trustdom_info * * domains ;
int i ;
2006-07-11 18:01:26 +00:00
TALLOC_CTX * tmp_ctx ;
2006-02-03 22:19:41 +00:00
2004-04-20 02:37:49 +00:00
* num_domains = 0 ;
* names = NULL ;
* alt_names = NULL ;
* dom_sids = NULL ;
2006-07-11 18:01:26 +00:00
if ( ! ( tmp_ctx = talloc_init ( " trusted_domains " ) ) ) {
return NT_STATUS_NO_MEMORY ;
}
2007-01-16 08:17:26 +00:00
nt_status = pdb_enum_trusteddoms ( tmp_ctx , num_domains , & domains ) ;
2006-02-03 22:19:41 +00:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return nt_status ;
}
2004-04-20 02:37:49 +00:00
2007-04-30 02:39:34 +00:00
if ( * num_domains ) {
* names = TALLOC_ARRAY ( mem_ctx , char * , * num_domains ) ;
* alt_names = TALLOC_ARRAY ( mem_ctx , char * , * num_domains ) ;
* dom_sids = TALLOC_ARRAY ( mem_ctx , DOM_SID , * num_domains ) ;
2006-02-03 22:19:41 +00:00
2007-04-30 02:39:34 +00:00
if ( ( * alt_names = = NULL ) | | ( * names = = NULL ) | | ( * dom_sids = = NULL ) ) {
TALLOC_FREE ( tmp_ctx ) ;
return NT_STATUS_NO_MEMORY ;
}
} else {
* names = NULL ;
* alt_names = NULL ;
* dom_sids = NULL ;
2004-04-20 02:37:49 +00:00
}
2006-02-03 22:19:41 +00:00
for ( i = 0 ; i < * num_domains ; i + + ) {
( * alt_names ) [ i ] = NULL ;
2006-07-11 18:01:26 +00:00
if ( ! ( ( * names ) [ i ] = talloc_strdup ( ( * names ) ,
domains [ i ] - > name ) ) ) {
TALLOC_FREE ( tmp_ctx ) ;
return NT_STATUS_NO_MEMORY ;
}
2006-02-03 22:19:41 +00:00
sid_copy ( & ( * dom_sids ) [ i ] , & domains [ i ] - > sid ) ;
}
2006-07-11 18:01:26 +00:00
TALLOC_FREE ( tmp_ctx ) ;
2006-02-03 22:19:41 +00:00
return NT_STATUS_OK ;
2004-04-07 12:43:44 +00:00
}
/* the rpc backend methods are exposed via this structure */
2008-05-30 23:49:36 -07:00
struct winbindd_methods builtin_passdb_methods = {
false ,
builtin_query_user_list ,
2008-06-25 15:23:32 -07:00
builtin_enum_dom_groups ,
2008-05-30 23:49:36 -07:00
enum_local_groups ,
name_to_sid ,
sid_to_name ,
rids_to_names ,
builtin_query_user ,
lookup_usergroups ,
lookup_useraliases ,
builtin_lookup_groupmem ,
sequence_number ,
lockout_policy ,
password_policy ,
builtin_trusted_domains ,
} ;
/* the rpc backend methods are exposed via this structure */
struct winbindd_methods sam_passdb_methods = {
false ,
sam_query_user_list ,
2008-06-25 15:23:32 -07:00
sam_enum_dom_groups ,
2004-04-07 12:43:44 +00:00
enum_local_groups ,
name_to_sid ,
sid_to_name ,
2006-07-11 18:01:26 +00:00
rids_to_names ,
2008-05-30 23:49:36 -07:00
sam_query_user ,
2004-04-07 12:43:44 +00:00
lookup_usergroups ,
2005-01-15 19:00:18 +00:00
lookup_useraliases ,
2008-05-30 23:49:36 -07:00
sam_lookup_groupmem ,
2004-04-07 12:43:44 +00:00
sequence_number ,
2006-02-03 22:19:41 +00:00
lockout_policy ,
password_policy ,
2008-05-30 23:49:36 -07:00
sam_trusted_domains ,
2004-04-07 12:43:44 +00:00
} ;