Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * RPC Pipe client / server routines
4 : * Copyright (C) Andrew Tridgell 1992-2000,
5 : * Copyright (C) Jean François Micouleau 1998-2001.
6 : * Copyright (C) Volker Lendecke 2006.
7 : * Copyright (C) Gerald Carter 2006.
8 : *
9 : * This program is free software; you can redistribute it and/or modify
10 : * it under the terms of the GNU General Public License as published by
11 : * the Free Software Foundation; either version 3 of the License, or
12 : * (at your option) any later version.
13 : *
14 : * This program is distributed in the hope that it will be useful,
15 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : * GNU General Public License for more details.
18 : *
19 : * You should have received a copy of the GNU General Public License
20 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "system/passwd.h"
25 : #include "passdb.h"
26 : #include "groupdb/mapping.h"
27 : #include "../libcli/security/security.h"
28 : #include "lib/winbind_util.h"
29 : #include <tdb.h>
30 : #include "groupdb/mapping_tdb.h"
31 : #include "lib/util/smb_strtox.h"
32 :
33 : static const struct mapping_backend *backend;
34 :
35 : /*
36 : initialise a group mapping backend
37 : */
38 11434 : static bool init_group_mapping(void)
39 : {
40 11434 : if (backend != NULL) {
41 : /* already initialised */
42 10749 : return True;
43 : }
44 :
45 685 : backend = groupdb_tdb_init();
46 :
47 685 : return backend != NULL;
48 : }
49 :
50 : /****************************************************************************
51 : initialise first time the mapping list
52 : ****************************************************************************/
53 99 : NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
54 : {
55 : NTSTATUS status;
56 : GROUP_MAP *map;
57 :
58 99 : if(!init_group_mapping()) {
59 0 : DEBUG(0,("failed to initialize group mapping\n"));
60 0 : return NT_STATUS_UNSUCCESSFUL;
61 : }
62 :
63 99 : map = talloc_zero(NULL, GROUP_MAP);
64 99 : if (!map) {
65 0 : return NT_STATUS_NO_MEMORY;
66 : }
67 :
68 99 : map->gid=gid;
69 99 : if (!string_to_sid(&map->sid, sid)) {
70 0 : DEBUG(0, ("string_to_sid failed: %s", sid));
71 0 : status = NT_STATUS_UNSUCCESSFUL;
72 0 : goto done;
73 : }
74 :
75 99 : map->sid_name_use=sid_name_use;
76 99 : map->nt_name = talloc_strdup(map, nt_name);
77 99 : if (!map->nt_name) {
78 0 : status = NT_STATUS_NO_MEMORY;
79 0 : goto done;
80 : }
81 :
82 99 : if (comment) {
83 99 : map->comment = talloc_strdup(map, comment);
84 : } else {
85 0 : map->comment = talloc_strdup(map, "");
86 : }
87 99 : if (!map->comment) {
88 0 : status = NT_STATUS_NO_MEMORY;
89 0 : goto done;
90 : }
91 :
92 99 : status = pdb_add_group_mapping_entry(map);
93 :
94 99 : done:
95 99 : TALLOC_FREE(map);
96 99 : return status;
97 : }
98 :
99 2978 : static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
100 : struct dom_sid **sids, size_t *num)
101 : {
102 : size_t i;
103 :
104 2978 : *num = 0;
105 2978 : *sids = NULL;
106 :
107 28268 : for (i=0; i<num_members; i++) {
108 25290 : NTSTATUS status = backend->one_alias_membership(&members[i], sids, num);
109 25290 : if (!NT_STATUS_IS_OK(status))
110 0 : return status;
111 : }
112 2978 : return NT_STATUS_OK;
113 : }
114 :
115 : struct aliasmem_closure {
116 : const struct dom_sid *alias;
117 : struct dom_sid **sids;
118 : size_t *num;
119 : };
120 :
121 :
122 :
123 : /*
124 : *
125 : * High level functions
126 : * better to use them than the lower ones.
127 : *
128 : * we are checking if the group is in the mapping file
129 : * and if the group is an existing unix group
130 : *
131 : */
132 :
133 : /* get a domain group from it's SID */
134 :
135 0 : bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
136 : {
137 : struct group *grp;
138 : bool ret;
139 :
140 0 : if(!init_group_mapping()) {
141 0 : DEBUG(0,("failed to initialize group mapping\n"));
142 0 : return(False);
143 : }
144 :
145 0 : DEBUG(10, ("get_domain_group_from_sid\n"));
146 :
147 : /* if the group is NOT in the database, it CAN NOT be a domain group */
148 :
149 0 : become_root();
150 0 : ret = pdb_getgrsid(map, sid);
151 0 : unbecome_root();
152 :
153 : /* special case check for rid 513 */
154 :
155 0 : if ( !ret ) {
156 : uint32_t rid;
157 :
158 0 : sid_peek_rid( &sid, &rid );
159 :
160 0 : if ( rid == DOMAIN_RID_USERS ) {
161 0 : map->nt_name = talloc_strdup(map, "None");
162 0 : if (!map->nt_name) {
163 0 : return false;
164 : }
165 0 : map->comment = talloc_strdup(map, "Ordinary Users");
166 0 : if (!map->comment) {
167 0 : return false;
168 : }
169 0 : sid_copy( &map->sid, &sid );
170 0 : map->sid_name_use = SID_NAME_DOM_GRP;
171 0 : map->gid = (gid_t)-1;
172 0 : return True;
173 : }
174 0 : return False;
175 : }
176 :
177 0 : DEBUG(10, ("get_domain_group_from_sid: SID found in passdb\n"));
178 :
179 : /* if it's not a domain group, continue */
180 0 : if (map->sid_name_use!=SID_NAME_DOM_GRP) {
181 0 : return False;
182 : }
183 :
184 0 : DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
185 :
186 0 : if (map->gid==-1) {
187 0 : return False;
188 : }
189 :
190 0 : DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
191 :
192 0 : grp = getgrgid(map->gid);
193 0 : if ( !grp ) {
194 0 : DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
195 0 : return False;
196 : }
197 :
198 0 : DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
199 :
200 0 : return True;
201 : }
202 :
203 : /****************************************************************************
204 : Create a UNIX group on demand.
205 : ****************************************************************************/
206 :
207 0 : int smb_create_group(const char *unix_group, gid_t *new_gid)
208 : {
209 0 : const struct loadparm_substitution *lp_sub =
210 0 : loadparm_s3_global_substitution();
211 0 : char *add_script = NULL;
212 0 : int ret = -1;
213 0 : int fd = 0;
214 0 : int error = 0;
215 :
216 0 : *new_gid = 0;
217 :
218 : /* defer to scripts */
219 :
220 0 : if ( *lp_add_group_script(talloc_tos(), lp_sub) ) {
221 0 : TALLOC_CTX *ctx = talloc_tos();
222 :
223 0 : add_script = talloc_strdup(ctx,
224 0 : lp_add_group_script(ctx, lp_sub));
225 0 : if (!add_script) {
226 0 : return -1;
227 : }
228 0 : add_script = talloc_string_sub(ctx,
229 : add_script, "%g", unix_group);
230 0 : if (!add_script) {
231 0 : return -1;
232 : }
233 :
234 0 : ret = smbrun(add_script, &fd, NULL);
235 0 : DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
236 0 : if (ret == 0) {
237 0 : smb_nscd_flush_group_cache();
238 : }
239 0 : if (ret != 0)
240 0 : return ret;
241 :
242 0 : if (fd != 0) {
243 : fstring output;
244 : ssize_t nread;
245 :
246 0 : *new_gid = 0;
247 :
248 0 : nread = read(fd, output, sizeof(output)-1);
249 0 : if (nread > 0) {
250 0 : output[nread] = '\0';
251 0 : *new_gid = (gid_t)smb_strtoul(output,
252 : NULL,
253 : 10,
254 : &error,
255 : SMB_STR_STANDARD);
256 0 : if (error != 0) {
257 0 : *new_gid = 0;
258 0 : close(fd);
259 0 : return -1;
260 : }
261 : }
262 :
263 0 : close(fd);
264 : }
265 :
266 : }
267 :
268 0 : if (*new_gid == 0) {
269 0 : struct group *grp = getgrnam(unix_group);
270 :
271 0 : if (grp != NULL)
272 0 : *new_gid = grp->gr_gid;
273 : }
274 :
275 0 : return ret;
276 : }
277 :
278 : /****************************************************************************
279 : Delete a UNIX group on demand.
280 : ****************************************************************************/
281 :
282 0 : int smb_delete_group(const char *unix_group)
283 : {
284 0 : const struct loadparm_substitution *lp_sub =
285 0 : loadparm_s3_global_substitution();
286 0 : char *del_script = NULL;
287 0 : int ret = -1;
288 :
289 : /* defer to scripts */
290 :
291 0 : if ( *lp_delete_group_script(talloc_tos(), lp_sub) ) {
292 0 : TALLOC_CTX *ctx = talloc_tos();
293 :
294 0 : del_script = talloc_strdup(ctx,
295 0 : lp_delete_group_script(ctx, lp_sub));
296 0 : if (!del_script) {
297 0 : return -1;
298 : }
299 0 : del_script = talloc_string_sub(ctx,
300 : del_script, "%g", unix_group);
301 0 : if (!del_script) {
302 0 : return -1;
303 : }
304 0 : ret = smbrun(del_script, NULL, NULL);
305 0 : DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
306 0 : if (ret == 0) {
307 0 : smb_nscd_flush_group_cache();
308 : }
309 0 : return ret;
310 : }
311 :
312 0 : return -1;
313 : }
314 :
315 : /****************************************************************************
316 : Set a user's primary UNIX group.
317 : ****************************************************************************/
318 :
319 0 : int smb_set_primary_group(const char *unix_group, const char* unix_user)
320 : {
321 0 : const struct loadparm_substitution *lp_sub =
322 0 : loadparm_s3_global_substitution();
323 0 : char *add_script = NULL;
324 0 : int ret = -1;
325 :
326 : /* defer to scripts */
327 :
328 0 : if ( *lp_set_primary_group_script(talloc_tos(), lp_sub) ) {
329 0 : TALLOC_CTX *ctx = talloc_tos();
330 :
331 0 : add_script = talloc_strdup(ctx,
332 0 : lp_set_primary_group_script(ctx, lp_sub));
333 0 : if (!add_script) {
334 0 : return -1;
335 : }
336 0 : add_script = talloc_all_string_sub(ctx,
337 : add_script, "%g", unix_group);
338 0 : if (!add_script) {
339 0 : return -1;
340 : }
341 0 : add_script = talloc_string_sub(ctx,
342 : add_script, "%u", unix_user);
343 0 : if (!add_script) {
344 0 : return -1;
345 : }
346 0 : ret = smbrun(add_script, NULL, NULL);
347 0 : flush_pwnam_cache();
348 0 : DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
349 : "Running the command `%s' gave %d\n",add_script,ret));
350 0 : if (ret == 0) {
351 0 : smb_nscd_flush_group_cache();
352 : }
353 0 : return ret;
354 : }
355 :
356 0 : return -1;
357 : }
358 :
359 : /****************************************************************************
360 : Add a user to a UNIX group.
361 : ****************************************************************************/
362 :
363 0 : int smb_add_user_group(const char *unix_group, const char *unix_user)
364 : {
365 0 : const struct loadparm_substitution *lp_sub =
366 0 : loadparm_s3_global_substitution();
367 0 : char *add_script = NULL;
368 0 : int ret = -1;
369 :
370 : /* defer to scripts */
371 :
372 0 : if ( *lp_add_user_to_group_script(talloc_tos(), lp_sub) ) {
373 0 : TALLOC_CTX *ctx = talloc_tos();
374 :
375 0 : add_script = talloc_strdup(ctx,
376 0 : lp_add_user_to_group_script(ctx, lp_sub));
377 0 : if (!add_script) {
378 0 : return -1;
379 : }
380 0 : add_script = talloc_string_sub(ctx,
381 : add_script, "%g", unix_group);
382 0 : if (!add_script) {
383 0 : return -1;
384 : }
385 0 : add_script = talloc_string_sub2(ctx,
386 : add_script, "%u", unix_user, true, false, true);
387 0 : if (!add_script) {
388 0 : return -1;
389 : }
390 0 : ret = smbrun(add_script, NULL, NULL);
391 0 : DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
392 0 : if (ret == 0) {
393 0 : smb_nscd_flush_group_cache();
394 : }
395 0 : return ret;
396 : }
397 :
398 0 : return -1;
399 : }
400 :
401 : /****************************************************************************
402 : Delete a user from a UNIX group
403 : ****************************************************************************/
404 :
405 0 : int smb_delete_user_group(const char *unix_group, const char *unix_user)
406 : {
407 0 : const struct loadparm_substitution *lp_sub =
408 0 : loadparm_s3_global_substitution();
409 0 : char *del_script = NULL;
410 0 : int ret = -1;
411 :
412 : /* defer to scripts */
413 :
414 0 : if ( *lp_delete_user_from_group_script(talloc_tos(), lp_sub) ) {
415 0 : TALLOC_CTX *ctx = talloc_tos();
416 :
417 0 : del_script = talloc_strdup(ctx,
418 0 : lp_delete_user_from_group_script(ctx, lp_sub));
419 0 : if (!del_script) {
420 0 : return -1;
421 : }
422 0 : del_script = talloc_string_sub(ctx,
423 : del_script, "%g", unix_group);
424 0 : if (!del_script) {
425 0 : return -1;
426 : }
427 0 : del_script = talloc_string_sub2(ctx,
428 : del_script, "%u", unix_user, true, false, true);
429 0 : if (!del_script) {
430 0 : return -1;
431 : }
432 0 : ret = smbrun(del_script, NULL, NULL);
433 0 : DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
434 0 : if (ret == 0) {
435 0 : smb_nscd_flush_group_cache();
436 : }
437 0 : return ret;
438 : }
439 :
440 0 : return -1;
441 : }
442 :
443 :
444 5079 : NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
445 : struct dom_sid sid)
446 : {
447 5079 : if (!init_group_mapping()) {
448 0 : DEBUG(0,("failed to initialize group mapping\n"));
449 0 : return NT_STATUS_UNSUCCESSFUL;
450 : }
451 5079 : return backend->get_group_map_from_sid(sid, map) ?
452 5079 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
453 : }
454 :
455 2725 : NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
456 : gid_t gid)
457 : {
458 2725 : if (!init_group_mapping()) {
459 0 : DEBUG(0,("failed to initialize group mapping\n"));
460 0 : return NT_STATUS_UNSUCCESSFUL;
461 : }
462 2725 : return backend->get_group_map_from_gid(gid, map) ?
463 2725 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
464 : }
465 :
466 308 : NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
467 : const char *name)
468 : {
469 308 : if (!init_group_mapping()) {
470 0 : DEBUG(0,("failed to initialize group mapping\n"));
471 0 : return NT_STATUS_UNSUCCESSFUL;
472 : }
473 308 : return backend->get_group_map_from_ntname(name, map) ?
474 308 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
475 : }
476 :
477 145 : NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
478 : GROUP_MAP *map)
479 : {
480 145 : if (!init_group_mapping()) {
481 0 : DEBUG(0,("failed to initialize group mapping\n"));
482 0 : return NT_STATUS_UNSUCCESSFUL;
483 : }
484 145 : return backend->add_mapping_entry(map, TDB_INSERT) ?
485 145 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
486 : }
487 :
488 0 : NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
489 : GROUP_MAP *map)
490 : {
491 0 : if (!init_group_mapping()) {
492 0 : DEBUG(0,("failed to initialize group mapping\n"));
493 0 : return NT_STATUS_UNSUCCESSFUL;
494 : }
495 0 : return backend->add_mapping_entry(map, TDB_REPLACE) ?
496 0 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
497 : }
498 :
499 12 : NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
500 : struct dom_sid sid)
501 : {
502 12 : if (!init_group_mapping()) {
503 0 : DEBUG(0,("failed to initialize group mapping\n"));
504 0 : return NT_STATUS_UNSUCCESSFUL;
505 : }
506 12 : return backend->group_map_remove(&sid) ?
507 12 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
508 : }
509 :
510 0 : NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
511 : const struct dom_sid *sid,
512 : enum lsa_SidType sid_name_use,
513 : GROUP_MAP ***pp_rmap,
514 : size_t *p_num_entries,
515 : bool unix_only)
516 : {
517 0 : if (!init_group_mapping()) {
518 0 : DEBUG(0,("failed to initialize group mapping\n"));
519 0 : return NT_STATUS_UNSUCCESSFUL;
520 : }
521 0 : return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
522 0 : NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
523 : }
524 :
525 0 : NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
526 : const char *name, uint32_t *rid)
527 : {
528 : struct dom_sid sid;
529 : enum lsa_SidType type;
530 : uint32_t new_rid;
531 : gid_t gid;
532 : bool exists;
533 : GROUP_MAP *map;
534 : TALLOC_CTX *mem_ctx;
535 : NTSTATUS status;
536 :
537 0 : DEBUG(10, ("Trying to create alias %s\n", name));
538 :
539 0 : mem_ctx = talloc_new(NULL);
540 0 : if (mem_ctx == NULL) {
541 0 : return NT_STATUS_NO_MEMORY;
542 : }
543 :
544 0 : exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
545 : NULL, NULL, &sid, &type);
546 :
547 0 : if (exists) {
548 0 : status = NT_STATUS_ALIAS_EXISTS;
549 0 : goto done;
550 : }
551 :
552 0 : if (!pdb_new_rid(&new_rid)) {
553 0 : DEBUG(0, ("Could not allocate a RID.\n"));
554 0 : status = NT_STATUS_ACCESS_DENIED;
555 0 : goto done;
556 : }
557 :
558 0 : sid_compose(&sid, get_global_sam_sid(), new_rid);
559 :
560 0 : if (!winbind_allocate_gid(&gid)) {
561 0 : DEBUG(3, ("Could not get a gid out of winbind - "
562 : "wasted a rid :-(\n"));
563 0 : status = NT_STATUS_ACCESS_DENIED;
564 0 : goto done;
565 : }
566 :
567 0 : DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
568 : name, (unsigned int)gid, (unsigned int)new_rid));
569 :
570 0 : map = talloc_zero(mem_ctx, GROUP_MAP);
571 0 : if (!map) {
572 0 : status = NT_STATUS_NO_MEMORY;
573 0 : goto done;
574 : }
575 :
576 0 : map->gid = gid;
577 0 : sid_copy(&map->sid, &sid);
578 0 : map->sid_name_use = SID_NAME_ALIAS;
579 0 : map->nt_name = talloc_strdup(map, name);
580 0 : if (!map->nt_name) {
581 0 : status = NT_STATUS_NO_MEMORY;
582 0 : goto done;
583 : }
584 0 : map->comment = talloc_strdup(map, "");
585 0 : if (!map->comment) {
586 0 : status = NT_STATUS_NO_MEMORY;
587 0 : goto done;
588 : }
589 :
590 0 : status = pdb_add_group_mapping_entry(map);
591 :
592 0 : if (!NT_STATUS_IS_OK(status)) {
593 0 : DEBUG(0, ("Could not add group mapping entry for alias %s "
594 : "(%s)\n", name, nt_errstr(status)));
595 0 : goto done;
596 : }
597 :
598 0 : *rid = new_rid;
599 :
600 0 : done:
601 0 : TALLOC_FREE(mem_ctx);
602 0 : return status;
603 : }
604 :
605 0 : NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
606 : const struct dom_sid *sid)
607 : {
608 0 : return pdb_delete_group_mapping_entry(*sid);
609 : }
610 :
611 6348 : NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
612 : const struct dom_sid *sid,
613 : struct acct_info *info)
614 : {
615 6348 : NTSTATUS status = NT_STATUS_OK;
616 : GROUP_MAP *map;
617 :
618 6348 : map = talloc_zero(NULL, GROUP_MAP);
619 6348 : if (!map) {
620 0 : return NT_STATUS_NO_MEMORY;
621 : }
622 :
623 6348 : if (!pdb_getgrsid(map, *sid)) {
624 293 : status = NT_STATUS_NO_SUCH_ALIAS;
625 293 : goto done;
626 : }
627 :
628 6055 : if ((map->sid_name_use != SID_NAME_ALIAS) &&
629 0 : (map->sid_name_use != SID_NAME_WKN_GRP)) {
630 : struct dom_sid_buf buf;
631 0 : DEBUG(2, ("%s is a %s, expected an alias\n",
632 : dom_sid_str_buf(sid, &buf),
633 : sid_type_lookup(map->sid_name_use)));
634 0 : status = NT_STATUS_NO_SUCH_ALIAS;
635 0 : goto done;
636 : }
637 :
638 6055 : info->acct_name = talloc_move(info, &map->nt_name);
639 6055 : if (!info->acct_name) {
640 0 : status = NT_STATUS_NO_MEMORY;
641 0 : goto done;
642 : }
643 6055 : info->acct_desc = talloc_move(info, &map->comment);
644 6055 : if (!info->acct_desc) {
645 0 : status = NT_STATUS_NO_MEMORY;
646 0 : goto done;
647 : }
648 6055 : sid_peek_rid(&map->sid, &info->rid);
649 :
650 6348 : done:
651 6348 : TALLOC_FREE(map);
652 6348 : return status;
653 : }
654 :
655 0 : NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
656 : const struct dom_sid *sid,
657 : struct acct_info *info)
658 : {
659 : NTSTATUS status;
660 : GROUP_MAP *map;
661 :
662 0 : map = talloc_zero(NULL, GROUP_MAP);
663 0 : if (!map) {
664 0 : return NT_STATUS_NO_MEMORY;
665 : }
666 :
667 0 : if (!pdb_getgrsid(map, *sid)) {
668 0 : status = NT_STATUS_NO_SUCH_ALIAS;
669 0 : goto done;
670 : }
671 :
672 0 : map->nt_name = talloc_strdup(map, info->acct_name);
673 0 : if (!map->nt_name) {
674 0 : status = NT_STATUS_NO_MEMORY;
675 0 : goto done;
676 : }
677 0 : map->comment = talloc_strdup(map, info->acct_desc);
678 0 : if (!map->comment) {
679 0 : status = NT_STATUS_NO_MEMORY;
680 0 : goto done;
681 : }
682 :
683 0 : status = pdb_update_group_mapping_entry(map);
684 :
685 0 : done:
686 0 : TALLOC_FREE(map);
687 0 : return status;
688 : }
689 :
690 78 : NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
691 : const struct dom_sid *alias, const struct dom_sid *member)
692 : {
693 78 : if (!init_group_mapping()) {
694 0 : DEBUG(0,("failed to initialize group mapping\n"));
695 0 : return NT_STATUS_UNSUCCESSFUL;
696 : }
697 78 : return backend->add_aliasmem(alias, member);
698 : }
699 :
700 6 : NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
701 : const struct dom_sid *alias, const struct dom_sid *member)
702 : {
703 6 : if (!init_group_mapping()) {
704 0 : DEBUG(0,("failed to initialize group mapping\n"));
705 0 : return NT_STATUS_UNSUCCESSFUL;
706 : }
707 6 : return backend->del_aliasmem(alias, member);
708 : }
709 :
710 4 : NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
711 : const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
712 : struct dom_sid **pp_members, size_t *p_num_members)
713 : {
714 4 : if (!init_group_mapping()) {
715 0 : DEBUG(0,("failed to initialize group mapping\n"));
716 0 : return NT_STATUS_UNSUCCESSFUL;
717 : }
718 4 : return backend->enum_aliasmem(alias, mem_ctx, pp_members,
719 : p_num_members);
720 : }
721 :
722 2978 : NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
723 : TALLOC_CTX *mem_ctx,
724 : const struct dom_sid *domain_sid,
725 : const struct dom_sid *members,
726 : size_t num_members,
727 : uint32_t **pp_alias_rids,
728 : size_t *p_num_alias_rids)
729 : {
730 : struct dom_sid *alias_sids;
731 : size_t i, num_alias_sids;
732 : NTSTATUS result;
733 :
734 2978 : if (!init_group_mapping()) {
735 0 : DEBUG(0,("failed to initialize group mapping\n"));
736 0 : return NT_STATUS_UNSUCCESSFUL;
737 : }
738 :
739 2978 : alias_sids = NULL;
740 2978 : num_alias_sids = 0;
741 :
742 2978 : result = alias_memberships(members, num_members,
743 : &alias_sids, &num_alias_sids);
744 :
745 2978 : if (!NT_STATUS_IS_OK(result))
746 0 : return result;
747 :
748 2978 : *p_num_alias_rids = 0;
749 :
750 2978 : if (num_alias_sids == 0) {
751 1300 : TALLOC_FREE(alias_sids);
752 1300 : return NT_STATUS_OK;
753 : }
754 :
755 1678 : *pp_alias_rids = talloc_array(mem_ctx, uint32_t, num_alias_sids);
756 1678 : if (*pp_alias_rids == NULL)
757 0 : return NT_STATUS_NO_MEMORY;
758 :
759 4418 : for (i=0; i<num_alias_sids; i++) {
760 2740 : if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
761 2740 : &(*pp_alias_rids)[*p_num_alias_rids]))
762 1370 : continue;
763 1370 : *p_num_alias_rids += 1;
764 : }
765 :
766 1678 : TALLOC_FREE(alias_sids);
767 :
768 1678 : return NT_STATUS_OK;
769 : }
770 :
771 : /**********************************************************************
772 : no ops for passdb backends that don't implement group mapping
773 : *********************************************************************/
774 :
775 0 : NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
776 : struct dom_sid sid)
777 : {
778 0 : return NT_STATUS_UNSUCCESSFUL;
779 : }
780 :
781 0 : NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
782 : gid_t gid)
783 : {
784 0 : return NT_STATUS_UNSUCCESSFUL;
785 : }
786 :
787 0 : NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
788 : const char *name)
789 : {
790 0 : return NT_STATUS_UNSUCCESSFUL;
791 : }
792 :
793 0 : NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
794 : GROUP_MAP *map)
795 : {
796 0 : return NT_STATUS_UNSUCCESSFUL;
797 : }
798 :
799 0 : NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
800 : GROUP_MAP *map)
801 : {
802 0 : return NT_STATUS_UNSUCCESSFUL;
803 : }
804 :
805 0 : NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
806 : struct dom_sid sid)
807 : {
808 0 : return NT_STATUS_UNSUCCESSFUL;
809 : }
810 :
811 0 : NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
812 : enum lsa_SidType sid_name_use,
813 : GROUP_MAP **rmap, size_t *num_entries,
814 : bool unix_only)
815 : {
816 0 : return NT_STATUS_UNSUCCESSFUL;
817 : }
818 :
819 : /**
820 : * @brief Add a new group mapping
821 : *
822 : * @param[in] gid gid to use to store the mapping. If gid is 0,
823 : * new gid will be allocated from winbind
824 : *
825 : * @return Normal NTSTATUS return
826 : */
827 58 : NTSTATUS pdb_create_builtin_alias(uint32_t rid, gid_t gid)
828 : {
829 : struct dom_sid sid;
830 : enum lsa_SidType type;
831 : gid_t gidformap;
832 : GROUP_MAP *map;
833 : NTSTATUS status;
834 58 : const char *name = NULL;
835 :
836 58 : DEBUG(10, ("Trying to create builtin alias %d\n", rid));
837 :
838 58 : if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
839 0 : return NT_STATUS_NO_SUCH_ALIAS;
840 : }
841 :
842 : /* use map as overall temp mem context */
843 58 : map = talloc_zero(NULL, GROUP_MAP);
844 58 : if (!map) {
845 0 : return NT_STATUS_NO_MEMORY;
846 : }
847 :
848 58 : if (!lookup_sid(map, &sid, NULL, &name, &type)) {
849 0 : status = NT_STATUS_NO_SUCH_ALIAS;
850 0 : goto done;
851 : }
852 :
853 58 : if (gid == 0) {
854 58 : if (!winbind_allocate_gid(&gidformap)) {
855 12 : DEBUG(3, ("pdb_create_builtin_alias: Could not get a "
856 : "gid out of winbind\n"));
857 12 : status = NT_STATUS_ACCESS_DENIED;
858 12 : goto done;
859 : }
860 : } else {
861 0 : gidformap = gid;
862 : }
863 :
864 46 : DEBUG(10, ("Creating alias %s with gid %u\n", name,
865 : (unsigned) gidformap));
866 :
867 46 : map->gid = gidformap;
868 46 : sid_copy(&map->sid, &sid);
869 46 : map->sid_name_use = SID_NAME_ALIAS;
870 46 : map->nt_name = talloc_strdup(map, name);
871 46 : if (!map->nt_name) {
872 0 : status = NT_STATUS_NO_MEMORY;
873 0 : goto done;
874 : }
875 46 : map->comment = talloc_strdup(map, "");
876 46 : if (!map->comment) {
877 0 : status = NT_STATUS_NO_MEMORY;
878 0 : goto done;
879 : }
880 :
881 46 : status = pdb_add_group_mapping_entry(map);
882 :
883 46 : if (!NT_STATUS_IS_OK(status)) {
884 0 : DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
885 : "(%s)\n", rid, nt_errstr(status)));
886 : }
887 :
888 97 : done:
889 58 : TALLOC_FREE(map);
890 58 : return status;
891 : }
892 :
893 :
|
