/* Unix SMB/CIFS implementation. Winbind Utility functions Copyright (C) Gerald (Jerry) Carter 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "../libcli/security/security.h" #include "../lib/util/util_pw.h" #include "nsswitch/libwbclient/wbclient.h" #include "lib/winbind_util.h" #if defined(WITH_WINBIND) struct passwd * winbind_getpwnam(const char * name) { wbcErr result; struct passwd * tmp_pwd = NULL; struct passwd * pwd = NULL; result = wbcGetpwnam(name, &tmp_pwd); if (result != WBC_ERR_SUCCESS) return pwd; pwd = tcopy_passwd(talloc_tos(), tmp_pwd); wbcFreeMemory(tmp_pwd); return pwd; } struct passwd * winbind_getpwsid(const struct dom_sid *sid) { wbcErr result; struct passwd * tmp_pwd = NULL; struct passwd * pwd = NULL; struct wbcDomainSid dom_sid; memcpy(&dom_sid, sid, sizeof(dom_sid)); result = wbcGetpwsid(&dom_sid, &tmp_pwd); if (result != WBC_ERR_SUCCESS) return pwd; pwd = tcopy_passwd(talloc_tos(), tmp_pwd); wbcFreeMemory(tmp_pwd); return pwd; } /* Call winbindd to convert a name to a sid */ bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid, enum lsa_SidType *name_type) { struct wbcDomainSid dom_sid; wbcErr result; enum wbcSidType type; result = wbcLookupName(dom_name, name, &dom_sid, &type); if (result != WBC_ERR_SUCCESS) return false; memcpy(sid, &dom_sid, sizeof(struct dom_sid)); *name_type = (enum lsa_SidType)type; return true; } /* Same as winbind_lookup_name(), but returning NTSTATUS instead of bool */ _PRIVATE_ NTSTATUS winbind_lookup_name_ex(const char *dom_name, const char *name, struct dom_sid *sid, enum lsa_SidType *name_type) { struct wbcDomainSid dom_sid; wbcErr result; enum wbcSidType type; NTSTATUS status; result = wbcLookupName(dom_name, name, &dom_sid, &type); status = map_nt_error_from_wbcErr(result); if (!NT_STATUS_IS_OK(status)) { if ((lp_security() < SEC_DOMAIN) && NT_STATUS_EQUAL(status, NT_STATUS_SERVER_DISABLED)) { /* * If we're not a domain member and winbind is not * running, treat this as not mapped. */ status = NT_STATUS_NONE_MAPPED; } if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { return status; } *name_type = SID_NAME_UNKNOWN; ZERO_STRUCTP(sid); return NT_STATUS_OK; } memcpy(sid, &dom_sid, sizeof(struct dom_sid)); *name_type = (enum lsa_SidType)type; return NT_STATUS_OK; } /* Call winbindd to convert sid to name */ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, const char **domain, const char **name, enum lsa_SidType *name_type) { struct wbcDomainSid dom_sid; wbcErr result; enum wbcSidType type; char *domain_name = NULL; char *account_name = NULL; struct dom_sid_buf buf; memcpy(&dom_sid, sid, sizeof(dom_sid)); result = wbcLookupSid(&dom_sid, &domain_name, &account_name, &type); if (result != WBC_ERR_SUCCESS) return false; /* Copy out result */ if (domain) { *domain = talloc_strdup(mem_ctx, domain_name); } if (name) { *name = talloc_strdup(mem_ctx, account_name); } *name_type = (enum lsa_SidType)type; DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n", dom_sid_str_buf(sid, &buf), domain_name, account_name)); wbcFreeMemory(domain_name); wbcFreeMemory(account_name); if ((domain && !*domain) || (name && !*name)) { DEBUG(0,("winbind_lookup_sid: talloc() failed!\n")); return false; } return true; } /* Ping winbindd to see it is alive */ bool winbind_ping(void) { wbcErr result = wbcPing(); return (result == WBC_ERR_SUCCESS); } /* Call winbindd to convert SID to uid */ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid) { struct wbcDomainSid dom_sid; wbcErr result; memcpy(&dom_sid, sid, sizeof(dom_sid)); result = wbcSidToUid(&dom_sid, puid); return (result == WBC_ERR_SUCCESS); } /* Call winbindd to convert SID to gid */ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid) { struct wbcDomainSid dom_sid; wbcErr result; memcpy(&dom_sid, sid, sizeof(dom_sid)); result = wbcSidToGid(&dom_sid, pgid); return (result == WBC_ERR_SUCCESS); } bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) { struct wbcUnixId wbc_xid; struct wbcDomainSid dom_sid; wbcErr result; switch (xid->type) { case ID_TYPE_UID: wbc_xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_UID, .id.uid = xid->id }; break; case ID_TYPE_GID: wbc_xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_GID, .id.gid = xid->id }; break; default: return false; } result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid); if (result != WBC_ERR_SUCCESS) { return false; } memcpy(sid, &dom_sid, sizeof(struct dom_sid)); return true; } /* Check for a trusted domain */ wbcErr wb_is_trusted_domain(const char *domain) { wbcErr result; struct wbcDomainInfo *info = NULL; result = wbcDomainInfo(domain, &info); if (WBC_ERROR_IS_OK(result)) { wbcFreeMemory(info); } return result; } /* Lookup a set of rids in a given domain */ bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, int num_rids, uint32_t *rids, const char **domain_name, const char ***names, enum lsa_SidType **types) { const char *dom_name = NULL; const char **namelist = NULL; enum wbcSidType *name_types = NULL; struct wbcDomainSid dom_sid; wbcErr ret; int i; memcpy(&dom_sid, domain_sid, sizeof(struct wbcDomainSid)); ret = wbcLookupRids(&dom_sid, num_rids, rids, &dom_name, &namelist, &name_types); if (ret != WBC_ERR_SUCCESS) { return false; } *domain_name = talloc_strdup(mem_ctx, dom_name); *names = talloc_array(mem_ctx, const char*, num_rids); *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids); for(i=0; i