2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-2000,
5 * Copyright (C) Jean François Micouleau 1998-2001.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 static TDB_CONTEXT *tdb; /* used for driver files */
26 #define DATABASE_VERSION_V1 1 /* native byte format. */
27 #define DATABASE_VERSION_V2 2 /* le format. */
29 #define GROUP_PREFIX "UNIXGROUP/"
30 #define ALIASMEM_PREFIX "ALIASMEMBERS/"
32 /****************************************************************************
33 dump the mapping group mapping to a text file
34 ****************************************************************************/
35 char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
37 static fstring group_type;
41 fstrcpy(group_type,"User");
43 case SID_NAME_DOM_GRP:
44 fstrcpy(group_type,"Domain group");
47 fstrcpy(group_type,"Domain");
50 fstrcpy(group_type,"Local group");
52 case SID_NAME_WKN_GRP:
53 fstrcpy(group_type,"Builtin group");
55 case SID_NAME_DELETED:
56 fstrcpy(group_type,"Deleted");
58 case SID_NAME_INVALID:
59 fstrcpy(group_type,"Invalid");
61 case SID_NAME_UNKNOWN:
63 fstrcpy(group_type,"Unknown type");
67 fstrcpy(group, group_type);
71 /****************************************************************************
72 initialise first time the mapping list - called from init_group_mapping()
73 ****************************************************************************/
74 static BOOL default_group_mapping(void)
83 /* Add the Wellknown groups */
85 add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "");
86 add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "");
87 add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "");
88 add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "");
89 add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "");
90 add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "");
91 add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "");
92 add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "");
93 add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "");
95 /* Add the defaults domain groups */
97 sid_copy(&sid_admins, get_global_sam_sid());
98 sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
99 sid_to_string(str_admins, &sid_admins);
100 add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "");
102 sid_copy(&sid_users, get_global_sam_sid());
103 sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
104 sid_to_string(str_users, &sid_users);
105 add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "");
107 sid_copy(&sid_guests, get_global_sam_sid());
108 sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
109 sid_to_string(str_guests, &sid_guests);
110 add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "");
115 /****************************************************************************
116 Open the group mapping tdb.
117 ****************************************************************************/
119 static BOOL init_group_mapping(void)
121 static pid_t local_pid;
122 const char *vstring = "INFO/version";
125 if (tdb && local_pid == sys_getpid())
127 tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
129 DEBUG(0,("Failed to open group mapping database\n"));
133 local_pid = sys_getpid();
135 /* handle a Samba upgrade */
136 tdb_lock_bystring(tdb, vstring, 0);
138 /* Cope with byte-reversed older versions of the db. */
139 vers_id = tdb_fetch_int32(tdb, vstring);
140 if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) {
141 /* Written on a bigendian machine with old fetch_int code. Save as le. */
142 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
143 vers_id = DATABASE_VERSION_V2;
146 if (vers_id != DATABASE_VERSION_V2) {
147 tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
148 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
151 tdb_unlock_bystring(tdb, vstring);
153 /* write a list of default groups */
154 if(!default_group_mapping())
160 /****************************************************************************
161 ****************************************************************************/
162 static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
166 fstring string_sid="";
169 if(!init_group_mapping()) {
170 DEBUG(0,("failed to initialize group mapping\n"));
174 sid_to_string(string_sid, &map->sid);
176 len = tdb_pack(buf, sizeof(buf), "ddff",
177 map->gid, map->sid_name_use, map->nt_name, map->comment);
179 if (len > sizeof(buf))
182 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
184 kbuf.dsize = strlen(key)+1;
188 if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
193 /****************************************************************************
194 initialise first time the mapping list
195 ****************************************************************************/
196 BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment)
200 if(!init_group_mapping()) {
201 DEBUG(0,("failed to initialize group mapping\n"));
206 if (!string_to_sid(&map.sid, sid)) {
207 DEBUG(0, ("string_to_sid failed: %s", sid));
211 map.sid_name_use=sid_name_use;
212 fstrcpy(map.nt_name, nt_name);
213 fstrcpy(map.comment, comment);
215 return pdb_add_group_mapping_entry(&map);
218 /****************************************************************************
219 Return the sid and the type of the unix group.
220 ****************************************************************************/
222 static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
229 if(!init_group_mapping()) {
230 DEBUG(0,("failed to initialize group mapping\n"));
234 /* the key is the SID, retrieving is direct */
236 sid_to_string(string_sid, &sid);
237 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
240 kbuf.dsize = strlen(key)+1;
242 dbuf = tdb_fetch(tdb, kbuf);
246 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
247 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
249 SAFE_FREE(dbuf.dptr);
252 DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n"));
256 sid_copy(&map->sid, &sid);
261 /****************************************************************************
262 Return the sid and the type of the unix group.
263 ****************************************************************************/
265 static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
267 TDB_DATA kbuf, dbuf, newkey;
271 if(!init_group_mapping()) {
272 DEBUG(0,("failed to initialize group mapping\n"));
276 /* we need to enumerate the TDB to find the GID */
278 for (kbuf = tdb_firstkey(tdb);
280 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
282 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
284 dbuf = tdb_fetch(tdb, kbuf);
288 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
290 string_to_sid(&map->sid, string_sid);
292 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
293 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
295 SAFE_FREE(dbuf.dptr);
298 DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n"));
303 SAFE_FREE(kbuf.dptr);
311 /****************************************************************************
312 Return the sid and the type of the unix group.
313 ****************************************************************************/
315 static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
317 TDB_DATA kbuf, dbuf, newkey;
321 if(!init_group_mapping()) {
322 DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n"));
326 /* we need to enumerate the TDB to find the name */
328 for (kbuf = tdb_firstkey(tdb);
330 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
332 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
334 dbuf = tdb_fetch(tdb, kbuf);
338 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
340 string_to_sid(&map->sid, string_sid);
342 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
343 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
345 SAFE_FREE(dbuf.dptr);
348 DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n"));
352 if (StrCaseCmp(name, map->nt_name)==0) {
353 SAFE_FREE(kbuf.dptr);
361 /****************************************************************************
362 Remove a group mapping entry.
363 ****************************************************************************/
365 static BOOL group_map_remove(const DOM_SID *sid)
371 if(!init_group_mapping()) {
372 DEBUG(0,("failed to initialize group mapping\n"));
376 /* the key is the SID, retrieving is direct */
378 sid_to_string(string_sid, sid);
379 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
382 kbuf.dsize = strlen(key)+1;
384 dbuf = tdb_fetch(tdb, kbuf);
388 SAFE_FREE(dbuf.dptr);
390 if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
396 /****************************************************************************
397 Enumerate the group mapping.
398 ****************************************************************************/
400 static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
401 int *num_entries, BOOL unix_only)
403 TDB_DATA kbuf, dbuf, newkey;
411 if(!init_group_mapping()) {
412 DEBUG(0,("failed to initialize group mapping\n"));
419 for (kbuf = tdb_firstkey(tdb);
421 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
423 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
426 dbuf = tdb_fetch(tdb, kbuf);
430 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
432 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
433 &map.gid, &map.sid_name_use, &map.nt_name, &map.comment);
435 SAFE_FREE(dbuf.dptr);
438 DEBUG(3,("enum_group_mapping: tdb_unpack failure\n"));
442 /* list only the type or everything if UNKNOWN */
443 if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) {
444 DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name));
448 if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
449 DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
453 string_to_sid(&map.sid, string_sid);
455 decode_sid_name_use(group_type, map.sid_name_use);
456 DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
458 mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
460 DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
467 mapt[entries].gid = map.gid;
468 sid_copy( &mapt[entries].sid, &map.sid);
469 mapt[entries].sid_name_use = map.sid_name_use;
470 fstrcpy(mapt[entries].nt_name, map.nt_name);
471 fstrcpy(mapt[entries].comment, map.comment);
477 *num_entries=entries;
482 static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
488 char *new_memberstring;
491 if(!init_group_mapping()) {
492 DEBUG(0,("failed to initialize group mapping\n"));
493 return NT_STATUS_ACCESS_DENIED;
496 if (!get_group_map_from_sid(*alias, &map))
497 return NT_STATUS_NO_SUCH_ALIAS;
499 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
500 (map.sid_name_use != SID_NAME_WKN_GRP) )
501 return NT_STATUS_NO_SUCH_ALIAS;
503 sid_to_string(string_sid, alias);
504 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
506 kbuf.dsize = strlen(key)+1;
509 dbuf = tdb_fetch(tdb, kbuf);
511 sid_to_string(string_sid, member);
513 if (dbuf.dptr != NULL) {
514 asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
517 new_memberstring = strdup(string_sid);
520 if (new_memberstring == NULL)
521 return NT_STATUS_NO_MEMORY;
523 SAFE_FREE(dbuf.dptr);
524 dbuf.dsize = strlen(new_memberstring)+1;
525 dbuf.dptr = new_memberstring;
527 result = tdb_store(tdb, kbuf, dbuf, 0);
529 SAFE_FREE(new_memberstring);
531 return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
534 static void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
536 *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
541 sid_copy(&((*sids)[*num]), sid);
547 static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
555 if(!init_group_mapping()) {
556 DEBUG(0,("failed to initialize group mapping\n"));
557 return NT_STATUS_ACCESS_DENIED;
560 if (!get_group_map_from_sid(*alias, &map))
561 return NT_STATUS_NO_SUCH_ALIAS;
563 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
564 (map.sid_name_use != SID_NAME_WKN_GRP) )
565 return NT_STATUS_NO_SUCH_ALIAS;
570 sid_to_string(string_sid, alias);
571 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
573 kbuf.dsize = strlen(key)+1;
576 dbuf = tdb_fetch(tdb, kbuf);
578 if (dbuf.dptr == NULL) {
584 while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
588 if (!string_to_sid(&sid, string_sid))
591 add_sid_to_array(&sid, sids, num);
594 return NT_STATUS_NO_MEMORY;
597 SAFE_FREE(dbuf.dptr);
602 /* This is racy as hell, but hey, it's only a prototype :-) */
604 static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
615 result = enum_aliasmem(alias, &sids, &num);
617 if (!NT_STATUS_IS_OK(result))
620 for (i=0; i<num; i++) {
621 if (sid_compare(&sids[i], member) == 0) {
629 return NT_STATUS_MEMBER_NOT_IN_ALIAS;
633 sids[i] = sids[num-1];
637 member_string = strdup("");
639 if (member_string == NULL) {
641 return NT_STATUS_NO_MEMORY;
644 for (i=0; i<num; i++) {
645 char *s = member_string;
647 sid_to_string(sid_string, &sids[i]);
648 asprintf(&member_string, "%s %s", s, sid_string);
651 if (member_string == NULL) {
653 return NT_STATUS_NO_MEMORY;
657 sid_to_string(sid_string, alias);
658 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string);
660 kbuf.dsize = strlen(key)+1;
662 dbuf.dsize = strlen(member_string)+1;
663 dbuf.dptr = member_string;
665 result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
666 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
669 SAFE_FREE(member_string);
674 static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias)
680 if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num)))
683 for (i=0; i<num; i++) {
685 if (sid_compare(&members[i], sid) == 0) {
695 static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num)
703 if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False))
704 return NT_STATUS_NO_MEMORY;
706 for (i=0; i<num_maps; i++) {
708 if (is_foreign_alias_member(sid, &maps[i].sid)) {
710 add_sid_to_array(&maps[i].sid, sids, num);
714 return NT_STATUS_NO_MEMORY;
720 if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False))
721 return NT_STATUS_NO_MEMORY;
723 for (i=0; i<num_maps; i++) {
724 if (is_foreign_alias_member(sid, &maps[i].sid)) {
726 add_sid_to_array(&maps[i].sid, sids, num);
730 return NT_STATUS_NO_MEMORY;
741 * High level functions
742 * better to use them than the lower ones.
744 * we are checking if the group is in the mapping file
745 * and if the group is an existing unix group
749 /* get a domain group from it's SID */
751 BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
756 if(!init_group_mapping()) {
757 DEBUG(0,("failed to initialize group mapping\n"));
761 DEBUG(10, ("get_domain_group_from_sid\n"));
763 /* if the group is NOT in the database, it CAN NOT be a domain group */
766 ret = pdb_getgrsid(map, sid);
772 DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
774 /* if it's not a domain group, continue */
775 if (map->sid_name_use!=SID_NAME_DOM_GRP) {
779 DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
785 DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
787 grp = getgrgid(map->gid);
789 DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
793 DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
799 /* get a local (alias) group from it's SID */
801 BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
805 if(!init_group_mapping()) {
806 DEBUG(0,("failed to initialize group mapping\n"));
810 /* The group is in the mapping table */
812 ret = pdb_getgrsid(map, *sid);
818 if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
819 (map->sid_name_use != SID_NAME_WKN_GRP) )
821 || (getgrgid(map->gid) == NULL) )
827 /* local groups only exist in the group mapping DB so this
831 /* the group isn't in the mapping table.
832 * make one based on the unix information */
836 sid_peek_rid(sid, &alias_rid);
837 map->gid=pdb_group_rid_to_gid(alias_rid);
839 grp = getgrgid(map->gid);
841 DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid));
845 map->sid_name_use=SID_NAME_ALIAS;
847 fstrcpy(map->nt_name, grp->gr_name);
848 fstrcpy(map->comment, "Local Unix Group");
850 sid_copy(&map->sid, sid);
857 /* get a builtin group from it's SID */
859 BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
865 if(!init_group_mapping()) {
866 DEBUG(0,("failed to initialize group mapping\n"));
871 ret = pdb_getgrsid(map, *sid);
877 if (map->sid_name_use!=SID_NAME_WKN_GRP) {
885 if ( (grp=getgrgid(map->gid)) == NULL) {
894 /****************************************************************************
895 Returns a GROUP_MAP struct based on the gid.
896 ****************************************************************************/
897 BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
902 if(!init_group_mapping()) {
903 DEBUG(0,("failed to initialize group mapping\n"));
907 if ( (grp=getgrgid(gid)) == NULL)
911 * make a group map from scratch if doesn't exist.
915 ret = pdb_getgrgid(map, gid);
920 map->sid_name_use=SID_NAME_ALIAS;
922 /* interim solution until we have a last RID allocated */
924 sid_copy(&map->sid, get_global_sam_sid());
925 sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
927 fstrcpy(map->nt_name, grp->gr_name);
928 fstrcpy(map->comment, "Local Unix Group");
937 /****************************************************************************
938 Get the member users of a group and
939 all the users who have that group as primary.
941 give back an array of SIDS
942 return the grand number of users
945 TODO: sort the list and remove duplicate. JFM.
947 ****************************************************************************/
949 BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids)
959 struct sys_pwent *userlist;
960 struct sys_pwent *user;
962 if(!init_group_mapping()) {
963 DEBUG(0,("failed to initialize group mapping\n"));
970 if ( (grp=getgrgid(gid)) == NULL)
974 DEBUG(10, ("getting members\n"));
976 while (gr && (*gr != (char)'\0')) {
977 SAM_ACCOUNT *group_member_acct = NULL;
979 s = Realloc((*sids), sizeof(**sids)*(*num_sids+1));
981 DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n"));
986 if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) {
991 found_user = pdb_getsampwnam(group_member_acct, gr);
995 sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct));
999 pdb_free_sam(&group_member_acct);
1001 gr = grp->gr_mem[++i];
1003 DEBUG(10, ("got [%d] members\n", *num_sids));
1007 user = userlist = getpwent_list();
1009 while (user != NULL) {
1011 SAM_ACCOUNT *group_member_acct = NULL;
1014 if (user->pw_gid != gid) {
1019 s = Realloc((*sids), sizeof(**sids)*(*num_sids+1));
1021 DEBUG(0,("get_sid_list_of_group: unable to enlarge "
1023 pwent_free(userlist);
1029 if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) {
1034 found_user = pdb_getsampwnam(group_member_acct, user->pw_name);
1038 sid_copy(&(*sids)[*num_sids],
1039 pdb_get_user_sid(group_member_acct));
1042 DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] "
1043 "has no samba account\n",
1044 user->pw_name, (unsigned long)user->pw_uid));
1045 if (algorithmic_uid_to_sid(&(*sids)[*num_sids],
1049 pdb_free_sam(&group_member_acct);
1053 pwent_free(userlist);
1054 DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids));
1058 if ( NT_STATUS_IS_OK(gid_to_sid(&sid, gid)) &&
1059 NT_STATUS_IS_OK(enum_aliasmem(&sid, &members, &num_members)) ) {
1061 for (i=0; i<num_members; i++) {
1062 add_sid_to_array(&members[i], sids, num_sids);
1072 /****************************************************************************
1073 Create a UNIX group on demand.
1074 ****************************************************************************/
1076 int smb_create_group(char *unix_group, gid_t *new_gid)
1084 /* defer to scripts */
1086 if ( *lp_addgroup_script() ) {
1087 pstrcpy(add_script, lp_addgroup_script());
1088 pstring_sub(add_script, "%g", unix_group);
1089 ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
1090 DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
1098 if (read(fd, output, sizeof(output)) > 0) {
1099 *new_gid = (gid_t)strtoul(output, NULL, 10);
1105 } else if ( winbind_create_group( unix_group, NULL ) ) {
1107 DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
1112 if (*new_gid == 0) {
1113 struct group *grp = getgrnam(unix_group);
1116 *new_gid = grp->gr_gid;
1122 /****************************************************************************
1123 Delete a UNIX group on demand.
1124 ****************************************************************************/
1126 int smb_delete_group(char *unix_group)
1131 /* defer to scripts */
1133 if ( *lp_delgroup_script() ) {
1134 pstrcpy(del_script, lp_delgroup_script());
1135 pstring_sub(del_script, "%g", unix_group);
1136 ret = smbrun(del_script,NULL);
1137 DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
1141 if ( winbind_delete_group( unix_group ) ) {
1142 DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n",
1150 /****************************************************************************
1151 Set a user's primary UNIX group.
1152 ****************************************************************************/
1153 int smb_set_primary_group(const char *unix_group, const char* unix_user)
1158 /* defer to scripts */
1160 if ( *lp_setprimarygroup_script() ) {
1161 pstrcpy(add_script, lp_setprimarygroup_script());
1162 all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
1163 all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
1164 ret = smbrun(add_script,NULL);
1165 DEBUG(3,("smb_set_primary_group: "
1166 "Running the command `%s' gave %d\n",add_script,ret));
1172 if ( winbind_set_user_primary_group( unix_user, unix_group ) ) {
1173 DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n",
1174 unix_group, unix_user));
1181 /****************************************************************************
1182 Add a user to a UNIX group.
1183 ****************************************************************************/
1185 int smb_add_user_group(char *unix_group, char *unix_user)
1190 /* defer to scripts */
1192 if ( *lp_addusertogroup_script() ) {
1193 pstrcpy(add_script, lp_addusertogroup_script());
1194 pstring_sub(add_script, "%g", unix_group);
1195 pstring_sub(add_script, "%u", unix_user);
1196 ret = smbrun(add_script,NULL);
1197 DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
1203 if ( winbind_add_user_to_group( unix_user, unix_group ) ) {
1204 DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n",
1205 unix_user, unix_group));
1212 /****************************************************************************
1213 Delete a user from a UNIX group
1214 ****************************************************************************/
1216 int smb_delete_user_group(const char *unix_group, const char *unix_user)
1221 /* defer to scripts */
1223 if ( *lp_deluserfromgroup_script() ) {
1224 pstrcpy(del_script, lp_deluserfromgroup_script());
1225 pstring_sub(del_script, "%g", unix_group);
1226 pstring_sub(del_script, "%u", unix_user);
1227 ret = smbrun(del_script,NULL);
1228 DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
1234 if ( winbind_remove_user_from_group( unix_user, unix_group ) ) {
1235 DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n",
1236 unix_user, unix_group));
1244 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1247 return get_group_map_from_sid(sid, map) ?
1248 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1251 NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1254 return get_group_map_from_gid(gid, map) ?
1255 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1258 NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1261 return get_group_map_from_ntname(name, map) ?
1262 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1265 NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
1268 return add_mapping_entry(map, TDB_INSERT) ?
1269 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1272 NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
1275 return add_mapping_entry(map, TDB_REPLACE) ?
1276 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1279 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
1282 return group_map_remove(&sid) ?
1283 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1286 NTSTATUS pdb_default_find_alias(struct pdb_methods *methods,
1287 const char *name, DOM_SID *sid)
1291 if (!get_group_map_from_ntname(name, &map))
1292 return NT_STATUS_NO_SUCH_ALIAS;
1294 if ((map.sid_name_use != SID_NAME_WKN_GRP) &&
1295 (map.sid_name_use != SID_NAME_ALIAS))
1296 return NT_STATUS_OBJECT_TYPE_MISMATCH;
1298 sid_copy(sid, &map.sid);
1299 return NT_STATUS_OK;
1302 NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
1303 const char *name, uint32 *rid)
1306 enum SID_NAME_USE type;
1310 if (lookup_name(get_global_sam_name(), name, &sid, &type))
1311 return NT_STATUS_ALIAS_EXISTS;
1313 if (!winbind_allocate_rid(&new_rid))
1314 return NT_STATUS_ACCESS_DENIED;
1316 sid_copy(&sid, get_global_sam_sid());
1317 sid_append_rid(&sid, new_rid);
1319 /* Here we allocate the gid */
1320 if (!winbind_sid_to_gid(&gid, &sid)) {
1321 DEBUG(0, ("Could not get gid for new RID\n"));
1322 return NT_STATUS_ACCESS_DENIED;
1325 if (!add_initial_entry(gid, sid_string_static(&sid), SID_NAME_ALIAS,
1327 DEBUG(0, ("Could not add group mapping entry for alias %s\n",
1329 return NT_STATUS_ACCESS_DENIED;
1334 return NT_STATUS_OK;
1337 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
1340 if (!group_map_remove(sid))
1341 return NT_STATUS_ACCESS_DENIED;
1343 return NT_STATUS_OK;
1346 NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods,
1348 uint32 start_idx, uint32 max_entries,
1349 uint32 *num_aliases,
1350 struct acct_info **info)
1352 extern DOM_SID global_sid_Builtin;
1356 enum SID_NAME_USE type = SID_NAME_UNKNOWN;
1358 if (sid_compare(sid, get_global_sam_sid()) == 0)
1359 type = SID_NAME_ALIAS;
1361 if (sid_compare(sid, &global_sid_Builtin) == 0)
1362 type = SID_NAME_WKN_GRP;
1364 if (!enum_group_mapping(type, &map, &num_maps, False) ||
1371 if (start_idx > num_maps) {
1377 *num_aliases = num_maps - start_idx;
1379 if (*num_aliases > max_entries)
1380 *num_aliases = max_entries;
1382 *info = malloc(sizeof(struct acct_info) * (*num_aliases));
1384 for (i=0; i<*num_aliases; i++) {
1385 fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name);
1386 fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment);
1387 sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid);
1392 return NT_STATUS_OK;
1395 NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
1397 struct acct_info *info)
1401 if (!get_group_map_from_sid(*sid, &map))
1402 return NT_STATUS_NO_SUCH_ALIAS;
1404 fstrcpy(info->acct_name, map.nt_name);
1405 fstrcpy(info->acct_desc, map.comment);
1406 sid_peek_rid(&map.sid, &info->rid);
1407 return NT_STATUS_OK;
1410 NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
1412 struct acct_info *info)
1416 if (!get_group_map_from_sid(*sid, &map))
1417 return NT_STATUS_NO_SUCH_ALIAS;
1419 fstrcpy(map.comment, info->acct_desc);
1421 if (!add_mapping_entry(&map, TDB_REPLACE))
1422 return NT_STATUS_ACCESS_DENIED;
1424 return NT_STATUS_OK;
1427 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
1428 enum SID_NAME_USE sid_name_use,
1429 GROUP_MAP **rmap, int *num_entries,
1432 return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only) ?
1433 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1436 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
1437 const DOM_SID *alias, const DOM_SID *member)
1439 return add_aliasmem(alias, member);
1442 NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
1443 const DOM_SID *alias, const DOM_SID *member)
1445 return del_aliasmem(alias, member);
1448 NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
1449 const DOM_SID *alias, DOM_SID **members,
1452 return enum_aliasmem(alias, members, num_members);
1455 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
1457 DOM_SID **aliases, int *num)
1459 return alias_memberships(sid, aliases, num);
1462 /**********************************************************************
1463 no ops for passdb backends that don't implement group mapping
1464 *********************************************************************/
1466 NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1469 return NT_STATUS_UNSUCCESSFUL;
1472 NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1475 return NT_STATUS_UNSUCCESSFUL;
1478 NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1481 return NT_STATUS_UNSUCCESSFUL;
1484 NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
1487 return NT_STATUS_UNSUCCESSFUL;
1490 NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
1493 return NT_STATUS_UNSUCCESSFUL;
1496 NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
1499 return NT_STATUS_UNSUCCESSFUL;
1502 NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
1503 enum SID_NAME_USE sid_name_use,
1504 GROUP_MAP **rmap, int *num_entries,
1507 return NT_STATUS_UNSUCCESSFUL;