2 Unix SMB/CIFS implementation.
4 Winbind rpc backend functions
6 Copyright (C) Tim Potter 2000-2001,2003
7 Copyright (C) Simo Sorce 2003
8 Copyright (C) Volker Lendecke 2004
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 static void add_member(const char *domain, const char *user,
32 char **pp_members, size_t *p_num_members)
36 fill_domain_username(name, domain, user);
37 safe_strcat(name, ",", sizeof(name)-1);
38 string_append(pp_members, name);
42 /**********************************************************************
43 Add member users resulting from sid. Expand if it is a domain group.
44 **********************************************************************/
46 static void add_expanded_sid(const DOM_SID *sid, char **pp_members, size_t *p_num_members)
50 struct winbindd_domain *domain;
53 char *domain_name = NULL;
55 enum SID_NAME_USE type;
64 TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid");
66 if (mem_ctx == NULL) {
67 DEBUG(1, ("talloc_init failed\n"));
71 sid_copy(&dom_sid, sid);
72 sid_split_rid(&dom_sid, &rid);
74 domain = find_lookup_domain_from_sid(sid);
77 DEBUG(3, ("Could not find domain for sid %s\n",
78 sid_string_static(sid)));
82 result = domain->methods->sid_to_name(domain, mem_ctx, sid,
83 &domain_name, &name, &type);
85 if (!NT_STATUS_IS_OK(result)) {
86 DEBUG(3, ("sid_to_name failed for sid %s\n",
87 sid_string_static(sid)));
91 DEBUG(10, ("Found name %s, type %d\n", name, type));
93 if (type == SID_NAME_USER) {
94 add_member(domain_name, name, pp_members, p_num_members);
98 if (type != SID_NAME_DOM_GRP) {
99 DEBUG(10, ("Alias member %s neither user nor group, ignore\n",
104 /* Expand the domain group, this must be done via the target domain */
106 domain = find_domain_from_sid(sid);
108 if (domain == NULL) {
109 DEBUG(3, ("Could not find domain from SID %s\n",
110 sid_string_static(sid)));
114 result = domain->methods->lookup_groupmem(domain, mem_ctx,
119 if (!NT_STATUS_IS_OK(result)) {
120 DEBUG(10, ("Could not lookup group members for %s: %s\n",
121 name, nt_errstr(result)));
125 for (i=0; i<num_names; i++) {
126 DEBUG(10, ("Adding group member SID %s\n",
127 sid_string_static(&sid_mem[i])));
129 if (types[i] != SID_NAME_USER) {
130 DEBUG(1, ("Hmmm. Member %s of group %s is no user. "
131 "Ignoring.\n", names[i], name));
135 add_member(domain->name, names[i], pp_members, p_num_members);
139 talloc_destroy(mem_ctx);
143 BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain,
145 size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len)
148 size_t i, num_members;
154 if (!pdb_enum_aliasmem(group_sid, &members, &num_members))
157 for (i=0; i<num_members; i++) {
158 add_expanded_sid(&members[i], gr_mem, num_gr_mem);
163 if (*gr_mem != NULL) {
166 /* We have at least one member, strip off the last "," */
167 len = strlen(*gr_mem);
168 (*gr_mem)[len-1] = '\0';
175 /* Query display info for a domain. This returns enough information plus a
176 bit extra to give an overview of domain users for the User Manager
178 static NTSTATUS query_user_list(struct winbindd_domain *domain,
181 WINBIND_USERINFO **info)
183 /* We don't have users */
189 /* list all domain groups */
190 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
193 struct acct_info **info)
195 /* We don't have domain groups */
201 /* List all domain groups */
203 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
206 struct acct_info **info)
208 struct pdb_search *search;
209 struct samr_displayentry *aliases;
211 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
213 search = pdb_search_aliases(&domain->sid);
214 if (search == NULL) goto done;
216 *num_entries = pdb_search_entries(search, 0, 0xffffffff, &aliases);
217 if (*num_entries == 0) goto done;
219 *info = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
221 result = NT_STATUS_NO_MEMORY;
225 for (i=0; i<*num_entries; i++) {
226 fstrcpy((*info)[i].acct_name, aliases[i].account_name);
227 fstrcpy((*info)[i].acct_desc, aliases[i].description);
228 (*info)[i].rid = aliases[i].rid;
231 result = NT_STATUS_OK;
233 pdb_search_destroy(search);
237 /* convert a single name to a sid in a domain */
238 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
240 const char *domain_name,
243 enum SID_NAME_USE *type)
245 DEBUG(10, ("Finding name %s\n", name));
247 if (!pdb_find_alias(name, sid))
248 return NT_STATUS_NONE_MAPPED;
250 if (sid_check_is_in_builtin(sid))
251 *type = SID_NAME_WKN_GRP;
253 *type = SID_NAME_ALIAS;
259 convert a domain SID to a user or group name
261 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
266 enum SID_NAME_USE *type)
268 struct acct_info info;
270 DEBUG(10, ("Converting SID %s\n", sid_string_static(sid)));
272 if (!pdb_get_aliasinfo(sid, &info))
273 return NT_STATUS_NONE_MAPPED;
275 *domain_name = talloc_strdup(mem_ctx, domain->name);
276 *name = talloc_strdup(mem_ctx, info.acct_name);
277 if (sid_check_is_in_builtin(sid))
278 *type = SID_NAME_WKN_GRP;
280 *type = SID_NAME_ALIAS;
285 /* Lookup user information from a rid or username. */
286 static NTSTATUS query_user(struct winbindd_domain *domain,
288 const DOM_SID *user_sid,
289 WINBIND_USERINFO *user_info)
291 return NT_STATUS_NO_SUCH_USER;
294 /* Lookup groups a user is a member of. I wish Unix had a call like this! */
295 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
297 const DOM_SID *user_sid,
298 uint32 *num_groups, DOM_SID **user_gids)
300 return NT_STATUS_NO_SUCH_USER;
303 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
305 uint32 num_sids, const DOM_SID *sids,
306 uint32 *p_num_aliases, uint32 **rids)
309 size_t num_aliases = 0;
311 result = pdb_enum_alias_memberships(mem_ctx, &domain->sid,
312 sids, num_sids, rids, &num_aliases);
314 *p_num_aliases = num_aliases;
315 return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
318 /* Lookup group membership given a rid. */
319 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
321 const DOM_SID *group_sid, uint32 *num_names,
322 DOM_SID **sid_mem, char ***names,
328 /* find the sequence number for a domain */
329 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
335 /* get a list of trusted domains */
336 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
353 nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, 1,
356 *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names, char *,
357 num_sec_domains + *num_domains);
358 *alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names, char *,
359 num_sec_domains + *num_domains);
360 *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids, DOM_SID,
361 num_sec_domains + *num_domains);
363 for (i=0; i< num_sec_domains; i++) {
364 if (pull_ucs2_talloc(mem_ctx, &(*names)[*num_domains],
365 domains[i]->name) == -1) {
366 return NT_STATUS_NO_MEMORY;
368 (*alt_names)[*num_domains] = NULL;
369 (*dom_sids)[*num_domains] = domains[i]->sid;
373 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
375 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES)) {
381 /* the rpc backend methods are exposed via this structure */
382 struct winbindd_methods passdb_methods = {
projects / samba / blob