2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Tridgell 2000
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Library General Public
11 License as published by the Free Software Foundation; either
12 version 2 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Library General Public
20 License along with this library; if not, write to the
21 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
22 Boston, MA 02111-1307, USA.
26 #include "nsswitch/winbind_nss.h"
29 #define DBGC_CLASS DBGC_WINBIND
31 extern DOM_SID global_sid_NULL; /* NULL sid */
33 NSS_STATUS winbindd_request(int req_type,
34 struct winbindd_request *request,
35 struct winbindd_response *response);
37 /* Call winbindd to convert a name to a sid */
39 BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
40 enum SID_NAME_USE *name_type)
42 struct winbindd_request request;
43 struct winbindd_response response;
46 if (!sid || !name_type)
49 /* Send off request */
52 ZERO_STRUCT(response);
54 fstrcpy(request.data.name.dom_name, dom_name);
55 fstrcpy(request.data.name.name, name);
57 if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request,
58 &response)) == NSS_STATUS_SUCCESS) {
59 if (!string_to_sid(sid, response.data.sid.sid))
61 *name_type = (enum SID_NAME_USE)response.data.sid.type;
64 return result == NSS_STATUS_SUCCESS;
67 /* Call winbindd to convert sid to name */
69 BOOL winbind_lookup_sid(const DOM_SID *sid,
70 fstring dom_name, fstring name,
71 enum SID_NAME_USE *name_type)
73 struct winbindd_request request;
74 struct winbindd_response response;
78 /* Initialise request */
81 ZERO_STRUCT(response);
83 sid_to_string(sid_str, sid);
84 fstrcpy(request.data.sid, sid_str);
88 result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
92 if (result == NSS_STATUS_SUCCESS) {
93 fstrcpy(dom_name, response.data.name.dom_name);
94 fstrcpy(name, response.data.name.name);
95 *name_type = (enum SID_NAME_USE)response.data.name.type;
97 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
98 sid_str, dom_name, name));
101 return (result == NSS_STATUS_SUCCESS);
104 /* Call winbindd to convert SID to uid */
106 BOOL winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid)
108 struct winbindd_request request;
109 struct winbindd_response response;
116 /* Initialise request */
118 ZERO_STRUCT(request);
119 ZERO_STRUCT(response);
121 sid_to_string(sid_str, sid);
122 fstrcpy(request.data.sid, sid_str);
126 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
128 /* Copy out result */
130 if (result == NSS_STATUS_SUCCESS) {
131 *puid = response.data.uid;
134 return (result == NSS_STATUS_SUCCESS);
137 /* Call winbindd to convert uid to sid */
139 BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
141 struct winbindd_request request;
142 struct winbindd_response response;
148 /* Initialise request */
150 ZERO_STRUCT(request);
151 ZERO_STRUCT(response);
153 request.data.uid = uid;
157 result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
159 /* Copy out result */
161 if (result == NSS_STATUS_SUCCESS) {
162 if (!string_to_sid(sid, response.data.sid.sid))
165 sid_copy(sid, &global_sid_NULL);
168 return (result == NSS_STATUS_SUCCESS);
171 /* Call winbindd to convert SID to gid */
173 BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
175 struct winbindd_request request;
176 struct winbindd_response response;
183 /* Initialise request */
185 ZERO_STRUCT(request);
186 ZERO_STRUCT(response);
188 sid_to_string(sid_str, sid);
189 fstrcpy(request.data.sid, sid_str);
193 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
195 /* Copy out result */
197 if (result == NSS_STATUS_SUCCESS) {
198 *pgid = response.data.gid;
201 return (result == NSS_STATUS_SUCCESS);
204 /* Call winbindd to convert gid to sid */
206 BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
208 struct winbindd_request request;
209 struct winbindd_response response;
215 /* Initialise request */
217 ZERO_STRUCT(request);
218 ZERO_STRUCT(response);
220 request.data.gid = gid;
224 result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
226 /* Copy out result */
228 if (result == NSS_STATUS_SUCCESS) {
229 if (!string_to_sid(sid, response.data.sid.sid))
232 sid_copy(sid, &global_sid_NULL);
235 return (result == NSS_STATUS_SUCCESS);
238 /* Fetch the list of groups a user is a member of from winbindd. This is
239 used by winbind_getgroups. */
241 static int wb_getgroups(const char *user, gid_t **groups)
243 struct winbindd_request request;
244 struct winbindd_response response;
249 fstrcpy(request.data.username, user);
251 ZERO_STRUCT(response);
253 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
255 if (result == NSS_STATUS_SUCCESS) {
257 /* Return group list. Don't forget to free the group list
260 *groups = (gid_t *)response.extra_data;
261 return response.data.num_entries;
267 /* Call winbindd to initialise group membership. This is necessary for
268 some systems (i.e RH5.2) that do not have an initgroups function as part
269 of the nss extension. In RH5.2 this is implemented using getgrent()
270 which can be amazingly inefficient as well as having problems with
273 int winbind_initgroups(char *user, gid_t gid)
275 gid_t *tgr, *groups = NULL;
278 /* Call normal initgroups if we are a local user */
280 if (!strchr(user, *lp_winbind_separator())) {
281 return initgroups(user, gid);
284 result = wb_getgroups(user, &groups);
286 DEBUG(10,("winbind_getgroups: %s: result = %s\n", user,
287 result == -1 ? "FAIL" : "SUCCESS"));
290 int ngroups = result, i;
291 BOOL is_member = False;
293 /* Check to see if the passed gid is already in the list */
295 for (i = 0; i < ngroups; i++) {
296 if (groups[i] == gid) {
301 /* Add group to list if necessary */
304 tgr = (gid_t *)Realloc(groups, sizeof(gid_t) * ngroups + 1);
313 groups[ngroups] = gid;
319 if (sys_setgroups(ngroups, groups) == -1) {
327 /* The call failed. Set errno to something so we don't get
328 a bogus value from the last failed system call. */
333 /* Free response data if necessary */
341 /* Return a list of groups the user is a member of. This function is
342 useful for large systems where inverting the group database would be too
343 time consuming. If size is zero, list is not modified and the total
344 number of groups for the user is returned. */
346 int winbind_getgroups(const char *user, gid_t **list)
349 * Don't do the lookup if the name has no separator _and_ we are not in
350 * 'winbind use default domain' mode.
353 if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain()))
356 /* Fetch list of groups */
358 return wb_getgroups(user, list);
361 /**********************************************************************
362 simple wrapper function to see if winbindd is alive
363 **********************************************************************/
365 BOOL winbind_ping( void )
369 result = winbindd_request(WINBINDD_PING, NULL, NULL);
371 return result == NSS_STATUS_SUCCESS;
374 /**********************************************************************
375 Ask winbindd to create a local user
376 **********************************************************************/
378 BOOL winbind_create_user( const char *name, uint32 *rid )
380 struct winbindd_request request;
381 struct winbindd_response response;
384 if ( !lp_winbind_enable_local_accounts() )
390 DEBUG(10,("winbind_create_user: %s\n", name));
392 ZERO_STRUCT(request);
393 ZERO_STRUCT(response);
395 /* see if the caller wants a new RID returned */
398 request.flags = WBFLAG_ALLOCATE_RID;
400 fstrcpy( request.data.acct_mgt.username, name );
401 fstrcpy( request.data.acct_mgt.groupname, "" );
403 result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
406 *rid = response.data.rid;
408 return result == NSS_STATUS_SUCCESS;
411 /**********************************************************************
412 Ask winbindd to create a local group
413 **********************************************************************/
415 BOOL winbind_create_group( const char *name, uint32 *rid )
417 struct winbindd_request request;
418 struct winbindd_response response;
421 if ( !lp_winbind_enable_local_accounts() )
427 DEBUG(10,("winbind_create_group: %s\n", name));
429 ZERO_STRUCT(request);
430 ZERO_STRUCT(response);
432 /* see if the caller wants a new RID returned */
435 request.flags = WBFLAG_ALLOCATE_RID;
437 fstrcpy( request.data.acct_mgt.groupname, name );
440 result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
443 *rid = response.data.rid;
445 return result == NSS_STATUS_SUCCESS;
448 /**********************************************************************
449 Ask winbindd to add a user to a local group
450 **********************************************************************/
452 BOOL winbind_add_user_to_group( const char *user, const char *group )
454 struct winbindd_request request;
455 struct winbindd_response response;
458 if ( !lp_winbind_enable_local_accounts() )
461 if ( !user || !group )
464 ZERO_STRUCT(request);
465 ZERO_STRUCT(response);
467 DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
470 fstrcpy( request.data.acct_mgt.username, user );
471 fstrcpy( request.data.acct_mgt.groupname, group );
473 result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
475 return result == NSS_STATUS_SUCCESS;
478 /**********************************************************************
479 Ask winbindd to remove a user to a local group
480 **********************************************************************/
482 BOOL winbind_remove_user_from_group( const char *user, const char *group )
484 struct winbindd_request request;
485 struct winbindd_response response;
488 if ( !lp_winbind_enable_local_accounts() )
491 if ( !user || !group )
494 ZERO_STRUCT(request);
495 ZERO_STRUCT(response);
497 DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
500 ZERO_STRUCT(response);
502 result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
504 return result == NSS_STATUS_SUCCESS;
507 /**********************************************************************
508 Ask winbindd to set the primary group for a user local user
509 **********************************************************************/
511 BOOL winbind_set_user_primary_group( const char *user, const char *group )
513 struct winbindd_request request;
514 struct winbindd_response response;
517 if ( !lp_winbind_enable_local_accounts() )
520 if ( !user || !group )
523 ZERO_STRUCT(request);
524 ZERO_STRUCT(response);
526 DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
529 fstrcpy( request.data.acct_mgt.username, user );
530 fstrcpy( request.data.acct_mgt.groupname, group );
532 result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
534 return result == NSS_STATUS_SUCCESS;
538 /**********************************************************************
539 Ask winbindd to remove a user from its lists of accounts
540 **********************************************************************/
542 BOOL winbind_delete_user( const char *user )
544 struct winbindd_request request;
545 struct winbindd_response response;
548 if ( !lp_winbind_enable_local_accounts() )
554 ZERO_STRUCT(request);
555 ZERO_STRUCT(response);
557 DEBUG(10,("winbind_delete_user: user (%s)\n", user));
559 fstrcpy( request.data.acct_mgt.username, user );
561 result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
563 return result == NSS_STATUS_SUCCESS;
566 /**********************************************************************
567 Ask winbindd to remove a group from its lists of accounts
568 **********************************************************************/
570 BOOL winbind_delete_group( const char *group )
572 struct winbindd_request request;
573 struct winbindd_response response;
576 if ( !lp_winbind_enable_local_accounts() )
582 ZERO_STRUCT(request);
583 ZERO_STRUCT(response);
585 DEBUG(10,("winbind_delete_group: group (%s)\n", group));
587 fstrcpy( request.data.acct_mgt.groupname, group );
589 result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
591 return result == NSS_STATUS_SUCCESS;
594 /***********************************************************************/
595 #if 0 /* not needed currently since winbindd_acct was added -- jerry */
597 /* Call winbindd to convert SID to uid. Do not allocate */
599 BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
601 struct winbindd_request request;
602 struct winbindd_response response;
609 /* Initialise request */
611 ZERO_STRUCT(request);
612 ZERO_STRUCT(response);
614 sid_to_string(sid_str, sid);
615 fstrcpy(request.data.sid, sid_str);
617 request.flags = WBFLAG_QUERY_ONLY;
621 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
623 /* Copy out result */
625 if (result == NSS_STATUS_SUCCESS) {
626 *puid = response.data.uid;
629 return (result == NSS_STATUS_SUCCESS);
632 /* Call winbindd to convert SID to gid. Do not allocate */
634 BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
636 struct winbindd_request request;
637 struct winbindd_response response;
644 /* Initialise request */
646 ZERO_STRUCT(request);
647 ZERO_STRUCT(response);
649 sid_to_string(sid_str, sid);
650 fstrcpy(request.data.sid, sid_str);
652 request.flags = WBFLAG_QUERY_ONLY;
656 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
658 /* Copy out result */
660 if (result == NSS_STATUS_SUCCESS) {
661 *pgid = response.data.gid;
664 return (result == NSS_STATUS_SUCCESS);
669 /***********************************************************************/
git.samba.org / samba.git / blob