/*
Unix SMB/CIFS implementation.
Winbind Utility functions
Copyright (C) Gerald (Jerry) Carter 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
#include "includes.h"
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "lib/winbind_util.h"
#if defined(WITH_WINBIND)
struct passwd * winbind_getpwnam(const char * name)
{
wbcErr result;
struct passwd * tmp_pwd = NULL;
struct passwd * pwd = NULL;
result = wbcGetpwnam(name, &tmp_pwd);
if (result != WBC_ERR_SUCCESS)
return pwd;
pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
wbcFreeMemory(tmp_pwd);
return pwd;
}
struct passwd * winbind_getpwsid(const struct dom_sid *sid)
{
wbcErr result;
struct passwd * tmp_pwd = NULL;
struct passwd * pwd = NULL;
struct wbcDomainSid dom_sid;
memcpy(&dom_sid, sid, sizeof(dom_sid));
result = wbcGetpwsid(&dom_sid, &tmp_pwd);
if (result != WBC_ERR_SUCCESS)
return pwd;
pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
wbcFreeMemory(tmp_pwd);
return pwd;
}
/* Call winbindd to convert a name to a sid */
bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
enum lsa_SidType *name_type)
{
struct wbcDomainSid dom_sid;
wbcErr result;
enum wbcSidType type;
result = wbcLookupName(dom_name, name, &dom_sid, &type);
if (result != WBC_ERR_SUCCESS)
return false;
memcpy(sid, &dom_sid, sizeof(struct dom_sid));
*name_type = (enum lsa_SidType)type;
return true;
}
/* Same as winbind_lookup_name(), but returning NTSTATUS instead of bool */
_PRIVATE_
NTSTATUS winbind_lookup_name_ex(const char *dom_name,
const char *name,
struct dom_sid *sid,
enum lsa_SidType *name_type)
{
struct wbcDomainSid dom_sid;
wbcErr result;
enum wbcSidType type;
NTSTATUS status;
result = wbcLookupName(dom_name, name, &dom_sid, &type);
status = map_nt_error_from_wbcErr(result);
if (!NT_STATUS_IS_OK(status)) {
if ((lp_security() < SEC_DOMAIN) &&
NT_STATUS_EQUAL(status, NT_STATUS_SERVER_DISABLED))
{
/*
* If we're not a domain member and winbind is not
* running, treat this as not mapped.
*/
status = NT_STATUS_NONE_MAPPED;
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
return status;
}
*name_type = SID_NAME_UNKNOWN;
ZERO_STRUCTP(sid);
return NT_STATUS_OK;
}
memcpy(sid, &dom_sid, sizeof(struct dom_sid));
*name_type = (enum lsa_SidType)type;
return NT_STATUS_OK;
}
/* Call winbindd to convert sid to name */
bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
const char **domain, const char **name,
enum lsa_SidType *name_type)
{
struct wbcDomainSid dom_sid;
wbcErr result;
enum wbcSidType type;
char *domain_name = NULL;
char *account_name = NULL;
struct dom_sid_buf buf;
memcpy(&dom_sid, sid, sizeof(dom_sid));
result = wbcLookupSid(&dom_sid, &domain_name, &account_name, &type);
if (result != WBC_ERR_SUCCESS)
return false;
/* Copy out result */
if (domain) {
*domain = talloc_strdup(mem_ctx, domain_name);
}
if (name) {
*name = talloc_strdup(mem_ctx, account_name);
}
*name_type = (enum lsa_SidType)type;
DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
dom_sid_str_buf(sid, &buf), domain_name, account_name));
wbcFreeMemory(domain_name);
wbcFreeMemory(account_name);
if ((domain && !*domain) || (name && !*name)) {
DEBUG(0,("winbind_lookup_sid: talloc() failed!\n"));
return false;
}
return true;
}
/* Ping winbindd to see it is alive */
bool winbind_ping(void)
{
wbcErr result = wbcPing();
return (result == WBC_ERR_SUCCESS);
}
/* Call winbindd to convert SID to uid */
bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
{
struct wbcDomainSid dom_sid;
wbcErr result;
memcpy(&dom_sid, sid, sizeof(dom_sid));
result = wbcSidToUid(&dom_sid, puid);
return (result == WBC_ERR_SUCCESS);
}
/* Call winbindd to convert SID to gid */
bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
{
struct wbcDomainSid dom_sid;
wbcErr result;
memcpy(&dom_sid, sid, sizeof(dom_sid));
result = wbcSidToGid(&dom_sid, pgid);
return (result == WBC_ERR_SUCCESS);
}
bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
{
struct wbcUnixId wbc_xid;
struct wbcDomainSid dom_sid;
wbcErr result;
switch (xid->type) {
case ID_TYPE_UID:
wbc_xid = (struct wbcUnixId) {
.type = WBC_ID_TYPE_UID, .id.uid = xid->id
};
break;
case ID_TYPE_GID:
wbc_xid = (struct wbcUnixId) {
.type = WBC_ID_TYPE_GID, .id.gid = xid->id
};
break;
default:
return false;
}
result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
if (result != WBC_ERR_SUCCESS) {
return false;
}
memcpy(sid, &dom_sid, sizeof(struct dom_sid));
return true;
}
/* Check for a trusted domain */
wbcErr wb_is_trusted_domain(const char *domain)
{
wbcErr result;
struct wbcDomainInfo *info = NULL;
result = wbcDomainInfo(domain, &info);
if (WBC_ERROR_IS_OK(result)) {
wbcFreeMemory(info);
}
return result;
}
/* Lookup a set of rids in a given domain */
bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
int num_rids, uint32_t *rids,
const char **domain_name,
const char ***names, enum lsa_SidType **types)
{
const char *dom_name = NULL;
const char **namelist = NULL;
enum wbcSidType *name_types = NULL;
struct wbcDomainSid dom_sid;
wbcErr ret;
int i;
memcpy(&dom_sid, domain_sid, sizeof(struct wbcDomainSid));
ret = wbcLookupRids(&dom_sid, num_rids, rids,
&dom_name, &namelist, &name_types);
if (ret != WBC_ERR_SUCCESS) {
return false;
}
*domain_name = talloc_strdup(mem_ctx, dom_name);
*names = talloc_array(mem_ctx, const char*, num_rids);
*types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
for(i=0; i