2 * Unix SMB/CIFS implementation.
4 * Winbind rpc backend functions
6 * Copyright (c) 2000-2003 Tim Potter
7 * Copyright (c) 2001 Andrew Tridgell
8 * Copyright (c) 2005 Volker Lendecke
9 * Copyright (c) 2008 Guenther Deschner (pidl conversion)
10 * Copyright (c) 2010 Andreas Schneider <asn@samba.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "winbindd_rpc.h"
30 #include "librpc/gen_ndr/cli_samr.h"
31 #include "librpc/gen_ndr/srv_samr.h"
32 #include "librpc/gen_ndr/cli_lsa.h"
33 #include "librpc/gen_ndr/srv_lsa.h"
34 #include "rpc_client/cli_samr.h"
35 #include "rpc_client/cli_lsarpc.h"
37 /* Query display info for a domain */
38 NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
39 struct rpc_pipe_client *samr_pipe,
40 struct policy_handle *samr_policy,
41 const struct dom_sid *domain_sid,
43 struct wbint_userinfo **pinfo)
45 struct wbint_userinfo *info = NULL;
46 uint32_t num_info = 0;
47 uint32_t loop_count = 0;
48 uint32_t start_idx = 0;
56 uint32_t num_dom_users;
57 uint32_t max_entries, max_size;
58 uint32_t total_size, returned_size;
59 union samr_DispInfo disp_info;
61 get_query_dispinfo_params(loop_count,
65 status = rpccli_samr_QueryDisplayInfo(samr_pipe,
75 if (!NT_STATUS_IS_OK(status)) {
76 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
81 /* increment required start query values */
82 start_idx += disp_info.info1.count;
84 num_dom_users = disp_info.info1.count;
86 num_info += num_dom_users;
88 info = TALLOC_REALLOC_ARRAY(mem_ctx,
90 struct wbint_userinfo,
93 return NT_STATUS_NO_MEMORY;
96 for (j = 0; j < num_dom_users; i++, j++) {
97 uint32_t rid = disp_info.info1.entries[j].rid;
98 struct samr_DispEntryGeneral *src;
99 struct wbint_userinfo *dst;
101 src = &(disp_info.info1.entries[j]);
104 dst->acct_name = talloc_strdup(info,
105 src->account_name.string);
106 if (dst->acct_name == NULL) {
107 return NT_STATUS_NO_MEMORY;
110 dst->full_name = talloc_strdup(info, src->full_name.string);
111 if (dst->full_name == NULL) {
112 return NT_STATUS_NO_MEMORY;
118 sid_compose(&dst->user_sid, domain_sid, rid);
120 /* For the moment we set the primary group for
121 every user to be the Domain Users group.
122 There are serious problems with determining
123 the actual primary group for large domains.
124 This should really be made into a 'winbind
125 force group' smb.conf parameter or
126 something like that. */
127 sid_compose(&dst->group_sid, domain_sid,
130 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
132 *pnum_info = num_info;
138 /* List all domain groups */
139 NTSTATUS rpc_enum_dom_groups(TALLOC_CTX *mem_ctx,
140 struct rpc_pipe_client *samr_pipe,
141 struct policy_handle *samr_policy,
143 struct acct_info **pinfo)
145 struct acct_info *info = NULL;
147 uint32_t num_info = 0;
153 struct samr_SamArray *sam_array = NULL;
157 /* start is updated by this call. */
158 status = rpccli_samr_EnumDomainGroups(samr_pipe,
163 0xFFFF, /* buffer size? */
165 if (!NT_STATUS_IS_OK(status)) {
166 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
167 DEBUG(2,("query_user_list: failed to enum domain groups: %s\n",
173 info = TALLOC_REALLOC_ARRAY(mem_ctx,
178 return NT_STATUS_NO_MEMORY;
181 for (g = 0; g < count; g++) {
182 fstrcpy(info[num_info + g].acct_name,
183 sam_array->entries[g].name.string);
185 info[num_info + g].rid = sam_array->entries[g].idx;
189 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
191 *pnum_info = num_info;
197 NTSTATUS rpc_enum_local_groups(TALLOC_CTX *mem_ctx,
198 struct rpc_pipe_client *samr_pipe,
199 struct policy_handle *samr_policy,
201 struct acct_info **pinfo)
203 struct acct_info *info = NULL;
204 uint32_t num_info = 0;
210 struct samr_SamArray *sam_array = NULL;
212 uint32_t start = num_info;
215 status = rpccli_samr_EnumDomainAliases(samr_pipe,
220 0xFFFF, /* buffer size? */
222 if (!NT_STATUS_IS_OK(status)) {
223 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
228 info = TALLOC_REALLOC_ARRAY(mem_ctx,
233 return NT_STATUS_NO_MEMORY;
236 for (g = 0; g < count; g++) {
237 fstrcpy(info[num_info + g].acct_name,
238 sam_array->entries[g].name.string);
239 info[num_info + g].rid = sam_array->entries[g].idx;
243 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
245 *pnum_info = num_info;
251 /* convert a single name to a sid in a domain */
252 NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
253 struct rpc_pipe_client *lsa_pipe,
254 struct policy_handle *lsa_policy,
255 const char *domain_name,
259 enum lsa_SidType *type)
261 enum lsa_SidType *types = NULL;
262 struct dom_sid *sids = NULL;
263 char *full_name = NULL;
264 char *mapped_name = NULL;
267 if (name == NULL || name[0] == '\0') {
268 full_name = talloc_asprintf(mem_ctx, "%s", domain_name);
269 } else if (domain_name == NULL || domain_name[0] == '\0') {
270 full_name = talloc_asprintf(mem_ctx, "%s", name);
272 full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name);
275 if (full_name == NULL) {
276 return NT_STATUS_NO_MEMORY;
279 status = normalize_name_unmap(mem_ctx, full_name, &mapped_name);
280 /* Reset the full_name pointer if we mapped anything */
281 if (NT_STATUS_IS_OK(status) ||
282 NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
283 full_name = mapped_name;
286 DEBUG(3,("name_to_sid: %s for domain %s\n",
287 full_name ? full_name : "", domain_name ));
290 * We don't run into deadlocks here, cause winbind_off() is
291 * called in the main function.
293 status = rpccli_lsa_lookup_names(lsa_pipe,
297 (const char **) &full_name,
302 if (!NT_STATUS_IS_OK(status)) {
303 DEBUG(2,("name_to_sid: failed to lookup name: %s\n",
308 sid_copy(sid, &sids[0]);
314 /* Convert a domain SID to a user or group name */
315 NTSTATUS rpc_sid_to_name(TALLOC_CTX *mem_ctx,
316 struct rpc_pipe_client *lsa_pipe,
317 struct policy_handle *lsa_policy,
318 struct winbindd_domain *domain,
319 const struct dom_sid *sid,
322 enum lsa_SidType *ptype)
324 char *mapped_name = NULL;
325 char **domains = NULL;
327 enum lsa_SidType *types = NULL;
331 status = rpccli_lsa_lookup_sids(lsa_pipe,
339 if (!NT_STATUS_IS_OK(status)) {
340 DEBUG(2,("sid_to_name: failed to lookup sids: %s\n",
345 *ptype = (enum lsa_SidType) types[0];
347 map_status = normalize_name_map(mem_ctx,
351 if (NT_STATUS_IS_OK(map_status) ||
352 NT_STATUS_EQUAL(map_status, NT_STATUS_FILE_RENAMED)) {
353 *pname = talloc_strdup(mem_ctx, mapped_name);
354 DEBUG(5,("returning mapped name -- %s\n", *pname));
356 *pname = talloc_strdup(mem_ctx, names[0]);
358 if (*pname == NULL) {
359 return NT_STATUS_NO_MEMORY;
362 *pdomain_name = talloc_strdup(mem_ctx, domains[0]);
363 if (*pdomain_name == NULL) {
364 return NT_STATUS_NO_MEMORY;
370 /* Convert a bunch of rids to user or group names */
371 NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
372 struct rpc_pipe_client *lsa_pipe,
373 struct policy_handle *lsa_policy,
374 struct winbindd_domain *domain,
375 const struct dom_sid *sid,
380 enum lsa_SidType **ptypes)
382 enum lsa_SidType *types = NULL;
383 char *domain_name = NULL;
384 char **domains = NULL;
386 struct dom_sid *sids;
391 sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_rids);
393 return NT_STATUS_NO_MEMORY;
399 for (i = 0; i < num_rids; i++) {
400 if (!sid_compose(&sids[i], sid, rids[i])) {
401 return NT_STATUS_INTERNAL_ERROR;
405 status = rpccli_lsa_lookup_sids(lsa_pipe,
413 if (!NT_STATUS_IS_OK(status) &&
414 !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
415 DEBUG(2,("rids_to_names: failed to lookup sids: %s\n",
420 for (i = 0; i < num_rids; i++) {
421 char *mapped_name = NULL;
424 if (types[i] != SID_NAME_UNKNOWN) {
425 map_status = normalize_name_map(mem_ctx,
429 if (NT_STATUS_IS_OK(map_status) ||
430 NT_STATUS_EQUAL(map_status, NT_STATUS_FILE_RENAMED)) {
431 TALLOC_FREE(names[i]);
432 names[i] = talloc_strdup(names, mapped_name);
433 if (names[i] == NULL) {
434 return NT_STATUS_NO_MEMORY;
438 domain_name = domains[i];
442 *pdomain_name = domain_name;
449 /* Lookup user information from a rid or username. */
450 NTSTATUS rpc_query_user(TALLOC_CTX *mem_ctx,
451 struct rpc_pipe_client *samr_pipe,
452 struct policy_handle *samr_policy,
453 const struct dom_sid *domain_sid,
454 const struct dom_sid *user_sid,
455 struct wbint_userinfo *user_info)
457 struct policy_handle user_policy;
458 union samr_UserInfo *info = NULL;
462 if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
463 return NT_STATUS_UNSUCCESSFUL;
466 /* Get user handle */
467 status = rpccli_samr_OpenUser(samr_pipe,
470 SEC_FLAG_MAXIMUM_ALLOWED,
473 if (!NT_STATUS_IS_OK(status)) {
478 status = rpccli_samr_QueryUserInfo(samr_pipe,
484 rpccli_samr_Close(samr_pipe, mem_ctx, &user_policy);
486 if (!NT_STATUS_IS_OK(status)) {
490 sid_compose(&user_info->user_sid, domain_sid, user_rid);
491 sid_compose(&user_info->group_sid, domain_sid,
492 info->info21.primary_gid);
494 user_info->acct_name = talloc_strdup(user_info,
495 info->info21.account_name.string);
496 if (user_info->acct_name == NULL) {
497 return NT_STATUS_NO_MEMORY;
500 user_info->full_name = talloc_strdup(user_info,
501 info->info21.full_name.string);
502 if (user_info->acct_name == NULL) {
503 return NT_STATUS_NO_MEMORY;
506 user_info->homedir = NULL;
507 user_info->shell = NULL;
508 user_info->primary_gid = (gid_t)-1;
513 /* Lookup groups a user is a member of. */
514 NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
515 struct rpc_pipe_client *samr_pipe,
516 struct policy_handle *samr_policy,
517 const struct dom_sid *domain_sid,
518 const struct dom_sid *user_sid,
519 uint32_t *pnum_groups,
520 struct dom_sid **puser_grpsids)
522 struct policy_handle user_policy;
523 struct samr_RidWithAttributeArray *rid_array = NULL;
524 struct dom_sid *user_grpsids = NULL;
525 uint32_t num_groups = 0, i;
529 if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
530 return NT_STATUS_UNSUCCESSFUL;
533 /* Get user handle */
534 status = rpccli_samr_OpenUser(samr_pipe,
537 SEC_FLAG_MAXIMUM_ALLOWED,
540 if (!NT_STATUS_IS_OK(status)) {
544 /* Query user rids */
545 status = rpccli_samr_GetGroupsForUser(samr_pipe,
549 num_groups = rid_array->count;
551 rpccli_samr_Close(samr_pipe, mem_ctx, &user_policy);
553 if (!NT_STATUS_IS_OK(status) || num_groups == 0) {
557 user_grpsids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_groups);
558 if (user_grpsids == NULL) {
559 status = NT_STATUS_NO_MEMORY;
563 for (i = 0; i < num_groups; i++) {
564 sid_compose(&(user_grpsids[i]), domain_sid,
565 rid_array->rids[i].rid);
568 *pnum_groups = num_groups;
570 *puser_grpsids = user_grpsids;
575 NTSTATUS rpc_lookup_useraliases(TALLOC_CTX *mem_ctx,
576 struct rpc_pipe_client *samr_pipe,
577 struct policy_handle *samr_policy,
579 const struct dom_sid *sids,
580 uint32_t *pnum_aliases,
581 uint32_t **palias_rids)
583 #define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
584 uint32_t num_query_sids = 0;
585 uint32_t num_queries = 1;
586 uint32_t num_aliases = 0;
587 uint32_t total_sids = 0;
588 uint32_t *alias_rids = NULL;
589 uint32_t rangesize = MAX_SAM_ENTRIES_W2K;
591 struct samr_Ids alias_rids_query;
596 struct lsa_SidArray sid_array;
598 ZERO_STRUCT(sid_array);
600 num_query_sids = MIN(num_sids - total_sids, rangesize);
602 DEBUG(10,("rpc: lookup_useraliases: entering query %d for %d sids\n",
603 num_queries, num_query_sids));
605 if (num_query_sids) {
606 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_query_sids);
607 if (sid_array.sids == NULL) {
608 return NT_STATUS_NO_MEMORY;
611 sid_array.sids = NULL;
614 for (i = 0; i < num_query_sids; i++) {
615 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[total_sids++]);
616 if (sid_array.sids[i].sid == NULL) {
617 return NT_STATUS_NO_MEMORY;
620 sid_array.num_sids = num_query_sids;
623 status = rpccli_samr_GetAliasMembership(samr_pipe,
628 if (!NT_STATUS_IS_OK(status)) {
633 for (i = 0; i < alias_rids_query.count; i++) {
634 size_t na = num_aliases;
636 if (!add_rid_to_array_unique(mem_ctx,
637 alias_rids_query.ids[i],
640 return NT_STATUS_NO_MEMORY;
647 } while (total_sids < num_sids);
649 DEBUG(10,("rpc: rpc_lookup_useraliases: got %d aliases in %d queries "
650 "(rangesize: %d)\n", num_aliases, num_queries, rangesize));
652 *pnum_aliases = num_aliases;
653 *palias_rids = alias_rids;
656 #undef MAX_SAM_ENTRIES_W2K
659 /* Lookup group membership given a rid. */
660 NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx,
661 struct rpc_pipe_client *samr_pipe,
662 struct policy_handle *samr_policy,
663 const char *domain_name,
664 const struct dom_sid *domain_sid,
665 const struct dom_sid *group_sid,
666 enum lsa_SidType type,
667 uint32_t *pnum_names,
668 struct dom_sid **psid_mem,
670 uint32_t **pname_types)
672 struct policy_handle group_policy;
673 struct samr_RidTypeArray *rids = NULL;
675 uint32_t *rid_mem = NULL;
677 uint32_t num_names = 0;
678 uint32_t total_names = 0;
679 struct dom_sid *sid_mem = NULL;
681 uint32_t *name_types = NULL;
683 struct lsa_Strings tmp_names;
684 struct samr_Ids tmp_types;
689 if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
690 return NT_STATUS_UNSUCCESSFUL;
693 status = rpccli_samr_OpenGroup(samr_pipe,
696 SEC_FLAG_MAXIMUM_ALLOWED,
699 if (!NT_STATUS_IS_OK(status)) {
704 * Step #1: Get a list of user rids that are the members of the group.
706 status = rpccli_samr_QueryGroupMember(samr_pipe,
711 rpccli_samr_Close(samr_pipe, mem_ctx, &group_policy);
713 if (!NT_STATUS_IS_OK(status)) {
717 if (rids == NULL || rids->count == 0) {
726 num_names = rids->count;
727 rid_mem = rids->rids;
730 * Step #2: Convert list of rids into list of usernames.
733 names = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_names);
734 name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t, num_names);
735 sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, num_names);
736 if (names == NULL || name_types == NULL || sid_mem == NULL) {
737 return NT_STATUS_NO_MEMORY;
741 for (j = 0; j < num_names; j++) {
742 sid_compose(&sid_mem[j], domain_sid, rid_mem[j]);
745 status = rpccli_samr_LookupRids(samr_pipe,
752 if (!NT_STATUS_IS_OK(status)) {
753 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
758 /* Copy result into array. The talloc system will take
759 care of freeing the temporary arrays later on. */
760 if (tmp_names.count != tmp_types.count) {
761 return NT_STATUS_UNSUCCESSFUL;
764 for (r = 0; r < tmp_names.count; r++) {
765 if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
768 names[total_names] = fill_domain_username_talloc(names,
770 tmp_names.names[r].string,
772 if (names[total_names] == NULL) {
773 return NT_STATUS_NO_MEMORY;
775 name_types[total_names] = tmp_types.ids[r];
779 *pnum_names = total_names;
781 *pname_types = name_types;
git.samba.org / samba.git / blob