2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Tridgell 2000
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Library General Public
11 License as published by the Free Software Foundation; either
12 version 2 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Library General Public
20 License along with this library; if not, write to the
21 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
22 Boston, MA 02111-1307, USA.
26 #include "nsswitch/winbind_nss.h"
29 #define DBGC_CLASS DBGC_WINBIND
31 extern DOM_SID global_sid_NULL; /* NULL sid */
33 NSS_STATUS winbindd_request(int req_type,
34 struct winbindd_request *request,
35 struct winbindd_response *response);
37 /* Call winbindd to convert a name to a sid */
39 BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
40 enum SID_NAME_USE *name_type)
42 struct winbindd_request request;
43 struct winbindd_response response;
46 if (!sid || !name_type)
49 /* Send off request */
52 ZERO_STRUCT(response);
54 fstrcpy(request.data.name.dom_name, dom_name);
55 fstrcpy(request.data.name.name, name);
57 if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request,
58 &response)) == NSS_STATUS_SUCCESS) {
59 if (!string_to_sid(sid, response.data.sid.sid))
61 *name_type = (enum SID_NAME_USE)response.data.sid.type;
64 return result == NSS_STATUS_SUCCESS;
67 /* Call winbindd to convert sid to name */
69 BOOL winbind_lookup_sid(const DOM_SID *sid,
70 fstring dom_name, fstring name,
71 enum SID_NAME_USE *name_type)
73 struct winbindd_request request;
74 struct winbindd_response response;
78 /* Initialise request */
81 ZERO_STRUCT(response);
83 sid_to_string(sid_str, sid);
84 fstrcpy(request.data.sid, sid_str);
88 result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
92 if (result == NSS_STATUS_SUCCESS) {
93 fstrcpy(dom_name, response.data.name.dom_name);
94 fstrcpy(name, response.data.name.name);
95 *name_type = (enum SID_NAME_USE)response.data.name.type;
97 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
98 sid_str, dom_name, name));
101 return (result == NSS_STATUS_SUCCESS);
104 /* Call winbindd to convert SID to uid */
106 BOOL winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid)
108 struct winbindd_request request;
109 struct winbindd_response response;
116 /* Initialise request */
118 ZERO_STRUCT(request);
119 ZERO_STRUCT(response);
121 sid_to_string(sid_str, sid);
122 fstrcpy(request.data.sid, sid_str);
126 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
128 /* Copy out result */
130 if (result == NSS_STATUS_SUCCESS) {
131 *puid = response.data.uid;
134 return (result == NSS_STATUS_SUCCESS);
137 /* Call winbindd to convert uid to sid */
139 BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
141 struct winbindd_request request;
142 struct winbindd_response response;
148 /* Initialise request */
150 ZERO_STRUCT(request);
151 ZERO_STRUCT(response);
153 request.data.uid = uid;
157 result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
159 /* Copy out result */
161 if (result == NSS_STATUS_SUCCESS) {
162 if (!string_to_sid(sid, response.data.sid.sid))
165 sid_copy(sid, &global_sid_NULL);
168 return (result == NSS_STATUS_SUCCESS);
171 /* Call winbindd to convert SID to gid */
173 BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
175 struct winbindd_request request;
176 struct winbindd_response response;
183 /* Initialise request */
185 ZERO_STRUCT(request);
186 ZERO_STRUCT(response);
188 sid_to_string(sid_str, sid);
189 fstrcpy(request.data.sid, sid_str);
193 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
195 /* Copy out result */
197 if (result == NSS_STATUS_SUCCESS) {
198 *pgid = response.data.gid;
201 return (result == NSS_STATUS_SUCCESS);
204 /* Call winbindd to convert gid to sid */
206 BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
208 struct winbindd_request request;
209 struct winbindd_response response;
215 /* Initialise request */
217 ZERO_STRUCT(request);
218 ZERO_STRUCT(response);
220 request.data.gid = gid;
224 result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
226 /* Copy out result */
228 if (result == NSS_STATUS_SUCCESS) {
229 if (!string_to_sid(sid, response.data.sid.sid))
232 sid_copy(sid, &global_sid_NULL);
235 return (result == NSS_STATUS_SUCCESS);
238 /* Fetch the list of groups a user is a member of from winbindd. This is
239 used by winbind_getgroups. */
241 static int wb_getgroups(const char *user, gid_t **groups)
243 struct winbindd_request request;
244 struct winbindd_response response;
249 fstrcpy(request.data.username, user);
251 ZERO_STRUCT(response);
253 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
255 if (result == NSS_STATUS_SUCCESS) {
257 /* Return group list. Don't forget to free the group list
260 *groups = (gid_t *)response.extra_data;
261 return response.data.num_entries;
267 /* Return a list of groups the user is a member of. This function is
268 useful for large systems where inverting the group database would be too
269 time consuming. If size is zero, list is not modified and the total
270 number of groups for the user is returned. */
272 int winbind_getgroups(const char *user, gid_t **list)
275 * Don't do the lookup if the name has no separator _and_ we are not in
276 * 'winbind use default domain' mode.
279 if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain()))
282 /* Fetch list of groups */
284 return wb_getgroups(user, list);
287 /**********************************************************************
288 simple wrapper function to see if winbindd is alive
289 **********************************************************************/
291 BOOL winbind_ping( void )
295 result = winbindd_request(WINBINDD_PING, NULL, NULL);
297 return result == NSS_STATUS_SUCCESS;
300 /**********************************************************************
301 Ask winbindd to create a local user
302 **********************************************************************/
304 BOOL winbind_create_user( const char *name, uint32 *rid )
306 struct winbindd_request request;
307 struct winbindd_response response;
310 if ( !lp_winbind_enable_local_accounts() )
316 DEBUG(10,("winbind_create_user: %s\n", name));
318 ZERO_STRUCT(request);
319 ZERO_STRUCT(response);
321 /* see if the caller wants a new RID returned */
324 request.flags = WBFLAG_ALLOCATE_RID;
326 fstrcpy( request.data.acct_mgt.username, name );
327 fstrcpy( request.data.acct_mgt.groupname, "" );
329 result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
332 *rid = response.data.rid;
334 return result == NSS_STATUS_SUCCESS;
337 /**********************************************************************
338 Ask winbindd to create a local group
339 **********************************************************************/
341 BOOL winbind_create_group( const char *name, uint32 *rid )
343 struct winbindd_request request;
344 struct winbindd_response response;
347 if ( !lp_winbind_enable_local_accounts() )
353 DEBUG(10,("winbind_create_group: %s\n", name));
355 ZERO_STRUCT(request);
356 ZERO_STRUCT(response);
358 /* see if the caller wants a new RID returned */
361 request.flags = WBFLAG_ALLOCATE_RID;
363 fstrcpy( request.data.acct_mgt.groupname, name );
366 result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
369 *rid = response.data.rid;
371 return result == NSS_STATUS_SUCCESS;
374 /**********************************************************************
375 Ask winbindd to add a user to a local group
376 **********************************************************************/
378 BOOL winbind_add_user_to_group( const char *user, const char *group )
380 struct winbindd_request request;
381 struct winbindd_response response;
384 if ( !lp_winbind_enable_local_accounts() )
387 if ( !user || !group )
390 ZERO_STRUCT(request);
391 ZERO_STRUCT(response);
393 DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
396 fstrcpy( request.data.acct_mgt.username, user );
397 fstrcpy( request.data.acct_mgt.groupname, group );
399 result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
401 return result == NSS_STATUS_SUCCESS;
404 /**********************************************************************
405 Ask winbindd to remove a user to a local group
406 **********************************************************************/
408 BOOL winbind_remove_user_from_group( const char *user, const char *group )
410 struct winbindd_request request;
411 struct winbindd_response response;
414 if ( !lp_winbind_enable_local_accounts() )
417 if ( !user || !group )
420 ZERO_STRUCT(request);
421 ZERO_STRUCT(response);
423 DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
426 ZERO_STRUCT(response);
428 result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
430 return result == NSS_STATUS_SUCCESS;
433 /**********************************************************************
434 Ask winbindd to set the primary group for a user local user
435 **********************************************************************/
437 BOOL winbind_set_user_primary_group( const char *user, const char *group )
439 struct winbindd_request request;
440 struct winbindd_response response;
443 if ( !lp_winbind_enable_local_accounts() )
446 if ( !user || !group )
449 ZERO_STRUCT(request);
450 ZERO_STRUCT(response);
452 DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
455 fstrcpy( request.data.acct_mgt.username, user );
456 fstrcpy( request.data.acct_mgt.groupname, group );
458 result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
460 return result == NSS_STATUS_SUCCESS;
464 /**********************************************************************
465 Ask winbindd to remove a user from its lists of accounts
466 **********************************************************************/
468 BOOL winbind_delete_user( const char *user )
470 struct winbindd_request request;
471 struct winbindd_response response;
474 if ( !lp_winbind_enable_local_accounts() )
480 ZERO_STRUCT(request);
481 ZERO_STRUCT(response);
483 DEBUG(10,("winbind_delete_user: user (%s)\n", user));
485 fstrcpy( request.data.acct_mgt.username, user );
487 result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
489 return result == NSS_STATUS_SUCCESS;
492 /**********************************************************************
493 Ask winbindd to remove a group from its lists of accounts
494 **********************************************************************/
496 BOOL winbind_delete_group( const char *group )
498 struct winbindd_request request;
499 struct winbindd_response response;
502 if ( !lp_winbind_enable_local_accounts() )
508 ZERO_STRUCT(request);
509 ZERO_STRUCT(response);
511 DEBUG(10,("winbind_delete_group: group (%s)\n", group));
513 fstrcpy( request.data.acct_mgt.groupname, group );
515 result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
517 return result == NSS_STATUS_SUCCESS;
520 /***********************************************************************/
521 #if 0 /* not needed currently since winbindd_acct was added -- jerry */
523 /* Call winbindd to convert SID to uid. Do not allocate */
525 BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
527 struct winbindd_request request;
528 struct winbindd_response response;
535 /* Initialise request */
537 ZERO_STRUCT(request);
538 ZERO_STRUCT(response);
540 sid_to_string(sid_str, sid);
541 fstrcpy(request.data.sid, sid_str);
543 request.flags = WBFLAG_QUERY_ONLY;
547 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
549 /* Copy out result */
551 if (result == NSS_STATUS_SUCCESS) {
552 *puid = response.data.uid;
555 return (result == NSS_STATUS_SUCCESS);
558 /* Call winbindd to convert SID to gid. Do not allocate */
560 BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
562 struct winbindd_request request;
563 struct winbindd_response response;
570 /* Initialise request */
572 ZERO_STRUCT(request);
573 ZERO_STRUCT(response);
575 sid_to_string(sid_str, sid);
576 fstrcpy(request.data.sid, sid_str);
578 request.flags = WBFLAG_QUERY_ONLY;
582 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
584 /* Copy out result */
586 if (result == NSS_STATUS_SUCCESS) {
587 *pgid = response.data.gid;
590 return (result == NSS_STATUS_SUCCESS);
595 /***********************************************************************/