2 Unix SMB/Netbios implementation.
5 Copyright (C) Jeremy Allison 1998.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 * UNIX gid and Local or Domain SID resolution. This module resolves
24 * only those entries in the map files, it is *NOT* responsible for
25 * resolving UNIX groups not listed: that is an entirely different
26 * matter, altogether...
33 format of the file is:
35 unixname NT Group name
36 unixname Domain Admins (well-known Domain Group)
37 unixname DOMAIN_NAME\NT Group name
38 unixname OTHER_DOMAIN_NAME\NT Group name
39 unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
42 if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
50 extern int DEBUGLEVEL;
52 extern fstring global_myworkgroup;
53 extern DOM_SID global_member_sid;
54 extern fstring global_sam_name;
55 extern DOM_SID global_sam_sid;
56 extern DOM_SID global_sid_S_1_5_20;
58 /*******************************************************************
59 converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
60 ********************************************************************/
61 static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
63 return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
66 /*******************************************************************
67 converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
68 ********************************************************************/
69 static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
71 return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
74 /*******************************************************************
75 converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
76 ********************************************************************/
77 static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
79 return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
82 /*******************************************************************
83 converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
84 ********************************************************************/
85 static uint32 pwdb_gid_to_group_rid(uint32 gid)
87 uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
91 /******************************************************************
92 converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
93 ********************************************************************/
94 static uint32 pwdb_gid_to_alias_rid(uint32 gid)
96 uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
100 /*******************************************************************
101 converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
102 ********************************************************************/
103 static uint32 pwdb_uid_to_user_rid(uint32 uid)
105 uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
109 /******************************************************************
110 converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
111 and can only be, our own SID.
112 ********************************************************************/
113 static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
118 sid_copy(&tmp_sid, sid);
119 sid_split_rid(&tmp_sid, &rid);
120 if (!sid_equal(&global_sam_sid, &tmp_sid))
129 *id = pwdb_user_rid_to_uid(rid);
134 *id = pwdb_alias_rid_to_gid(rid);
137 case SID_NAME_DOM_GRP:
138 case SID_NAME_WKN_GRP:
140 *id = pwdb_group_rid_to_gid(rid);
147 /******************************************************************
148 converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
149 and can only be, our own SID.
150 ********************************************************************/
151 static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
153 sid_copy(sid, &global_sam_sid);
158 sid_append_rid(sid, pwdb_uid_to_user_rid(id));
163 sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
166 case SID_NAME_DOM_GRP:
167 case SID_NAME_WKN_GRP:
169 sid_append_rid(sid, pwdb_gid_to_group_rid(id));
176 /*******************************************************************
177 Decides if a RID is a well known RID.
178 ********************************************************************/
179 static BOOL pwdb_rid_is_well_known(uint32 rid)
184 /*******************************************************************
185 determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
186 ********************************************************************/
187 static uint32 pwdb_rid_type(uint32 rid)
189 /* lkcl i understand that NT attaches an enumeration to a RID
190 * such that it can be identified as either a user, group etc
191 * type: SID_ENUM_TYPE.
193 if (pwdb_rid_is_well_known(rid))
196 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
197 * and DOMAIN_USER_RID_GUEST.
199 if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
201 return RID_TYPE_USER;
203 if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
205 return RID_TYPE_GROUP;
207 if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
209 return RID_TYPE_ALIAS;
212 return (rid & RID_TYPE_MASK);
215 /*******************************************************************
216 checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
217 ********************************************************************/
218 BOOL pwdb_rid_is_user(uint32 rid)
220 return pwdb_rid_type(rid) == RID_TYPE_USER;
223 /**************************************************************************
224 Groupname map functionality. The code loads a groupname map file and
225 (currently) loads it into a linked list. This is slow and memory
226 hungry, but can be changed into a more efficient storage format
227 if the demands on it become excessive.
228 ***************************************************************************/
230 typedef struct name_map
237 static ubi_slList groupname_map_list;
238 static ubi_slList aliasname_map_list;
239 static ubi_slList ntusrname_map_list;
241 static void delete_name_entry(name_map_entry *gmep)
243 if (gmep->grp.nt_name)
245 free(gmep->grp.nt_name);
247 if (gmep->grp.nt_domain)
249 free(gmep->grp.nt_domain);
251 if (gmep->grp.unix_name)
253 free(gmep->grp.unix_name);
258 /**************************************************************************
259 Delete all the entries in the name map list.
260 ***************************************************************************/
262 static void delete_map_list(ubi_slList *map_list)
264 name_map_entry *gmep;
266 while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
268 delete_name_entry(gmep);
273 /**************************************************************************
274 makes a group sid out of a domain sid and a _unix_ gid.
275 ***************************************************************************/
276 static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
281 if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
283 DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
288 if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
291 * only builtin aliases are recognised in S-1-5-20
293 DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
296 if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
298 DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
299 grp->unix_name, grp->nt_name));
304 else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
306 if (type != DOM_MAP_USER)
308 DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
309 grp->nt_domain, grp->nt_name));
314 else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
316 if (type != DOM_MAP_DOMAIN)
318 DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
319 grp->nt_domain, grp->nt_name));
330 grp->type = SID_NAME_USER;
335 grp->type = SID_NAME_DOM_GRP;
340 grp->type = SID_NAME_ALIAS;
345 ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
348 sid_to_string(sid_str, &grp->sid);
349 DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
350 grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
354 /**************************************************************************
355 makes a group sid out of an nt domain, nt group name or a unix group name.
356 ***************************************************************************/
357 static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
360 * Attempt to get the unix gid_t for this name.
363 DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
365 if (type == DOM_MAP_USER)
367 struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
370 DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
371 failed. Error was %s.\n", map->unix_name, strerror(errno) ));
375 map->unix_id = (uint32)pwptr->pw_uid;
379 struct group *gptr = getgrnam(map->unix_name);
382 DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
383 failed. Error was %s.\n", map->unix_name, strerror(errno) ));
387 map->unix_id = (uint32)gptr->gr_gid;
390 DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
393 * Now map the name to an NT SID+RID.
396 if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
398 /* Must add client-call lookup code here, to
399 * resolve remote domain's sid and the group's rid,
402 * NOTE: it is _incorrect_ to put code here that assumes
403 * we are responsible for lookups for foriegn domains' RIDs.
405 * for foriegn domains for which we are *NOT* the PDC, all
406 * we can be responsible for is the unix gid_t to which
407 * the foriegn SID+rid maps to, on this _local_ machine.
408 * we *CANNOT* make any short-cuts or assumptions about
409 * RIDs in a foriegn domain.
412 if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
414 DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
420 return make_mydomain_sid(map, type);
423 static BOOL make_name_entry(name_map_entry **new_ep,
424 char *nt_domain, char *nt_group, char *unix_group,
428 * Create the list entry and add it onto the list.
431 DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
433 (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
434 if ((*new_ep) == NULL)
436 DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
440 ZERO_STRUCTP(*new_ep);
442 (*new_ep)->grp.nt_name = strdup(nt_group );
443 (*new_ep)->grp.nt_domain = strdup(nt_domain );
444 (*new_ep)->grp.unix_name = strdup(unix_group);
446 if ((*new_ep)->grp.nt_name == NULL ||
447 (*new_ep)->grp.unix_name == NULL)
449 DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
450 delete_name_entry((*new_ep));
455 * look up the group names, make the Group-SID and unix gid
458 if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
460 delete_name_entry((*new_ep));
467 /**************************************************************************
468 Load a name map file. Sets last accessed timestamp.
469 ***************************************************************************/
470 static ubi_slList *load_name_map(DOM_MAP_TYPE type)
472 static time_t groupmap_file_last_modified = (time_t)0;
473 static time_t aliasmap_file_last_modified = (time_t)0;
474 static time_t ntusrmap_file_last_modified = (time_t)0;
475 static BOOL initialised_group = False;
476 static BOOL initialised_alias = False;
477 static BOOL initialised_ntusr = False;
478 char *groupname_map_file = lp_groupname_map();
479 char *aliasname_map_file = lp_aliasname_map();
480 char *ntusrname_map_file = lp_ntusrname_map();
486 name_map_entry *new_ep;
488 time_t *file_last_modified = NULL;
489 int *initialised = NULL;
490 char *map_file = NULL;
491 ubi_slList *map_list = NULL;
497 file_last_modified = &groupmap_file_last_modified;
498 initialised = &initialised_group;
499 map_file = groupname_map_file;
500 map_list = &groupname_map_list;
506 file_last_modified = &aliasmap_file_last_modified;
507 initialised = &initialised_alias;
508 map_file = aliasname_map_file;
509 map_list = &aliasname_map_list;
515 file_last_modified = &ntusrmap_file_last_modified;
516 initialised = &initialised_ntusr;
517 map_file = ntusrname_map_file;
518 map_list = &ntusrname_map_list;
526 DEBUG(10,("initialising map %s\n", map_file));
527 ubi_slInitList(map_list);
528 (*initialised) = True;
536 if (sys_stat(map_file, &st) != 0)
538 DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n",
539 map_file, strerror(errno) ));
544 * Check if file has changed.
546 if (st.st_mtime <= (*file_last_modified))
551 (*file_last_modified) = st.st_mtime;
557 fp = fopen(map_file,"r");
560 DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n",
561 map_file, strerror(errno)));
566 * Throw away any previous list.
568 delete_map_list(map_list);
570 DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
572 while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
580 DEBUG(10,("Read line |%s|\n", s));
582 memset(nt_name, 0, sizeof(nt_name));
584 if (!*s || strchr("#;",*s))
587 if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
590 if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
593 trim_string(unixname, " ", " ");
594 trim_string(nt_name, " ", " ");
602 p = strchr(nt_name, '\\');
606 memset(nt_domain, 0, sizeof(nt_domain));
607 fstrcpy(ntname, nt_name);
613 fstrcpy(nt_domain, nt_name);
617 if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
619 ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
620 DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
621 new_ep->grp.unix_name,
622 new_ep->grp.nt_domain,
628 DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
629 ubi_slCount(map_list)));
636 static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
638 sid_copy(&grp->sid, &from->sid);
639 grp->unix_id = from->unix_id;
640 grp->nt_name = from->nt_name;
641 grp->nt_domain = from->nt_domain;
642 grp->unix_name = from->unix_name;
643 grp->type = from->type;
647 /***********************************************************
649 ************************************************************/
650 static BOOL map_unixname(DOM_MAP_TYPE type,
651 char *unixname, DOM_NAME_MAP *grp_info)
653 name_map_entry *gmep;
654 ubi_slList *map_list;
657 * Initialise and load if not already loaded.
659 map_list = load_name_map(type);
661 for (gmep = (name_map_entry *)ubi_slFirst(map_list);
663 gmep = (name_map_entry *)ubi_slNext(gmep ))
665 if (strequal(gmep->grp.unix_name, unixname))
667 copy_grp_map_entry(grp_info, &gmep->grp);
668 DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
669 gmep->grp.unix_name, gmep->grp.nt_name ));
679 /***********************************************************
681 ************************************************************/
682 static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
683 DOM_NAME_MAP *grp_info)
685 name_map_entry *gmep;
686 ubi_slList *map_list;
689 * Initialise and load if not already loaded.
691 map_list = load_name_map(type);
693 for (gmep = (name_map_entry *)ubi_slFirst(map_list);
695 gmep = (name_map_entry *)ubi_slNext(gmep ))
697 if (strequal(gmep->grp.nt_name , ntname) &&
698 strequal(gmep->grp.nt_domain, ntdomain))
700 copy_grp_map_entry(grp_info, &gmep->grp);
701 DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
702 gmep->grp.unix_name, gmep->grp.nt_name ));
711 /***********************************************************
713 ************************************************************/
714 static BOOL map_sid(DOM_MAP_TYPE type,
715 DOM_SID *psid, DOM_NAME_MAP *grp_info)
717 name_map_entry *gmep;
718 ubi_slList *map_list;
721 * Initialise and load if not already loaded.
723 map_list = load_name_map(type);
725 for (gmep = (name_map_entry *)ubi_slFirst(map_list);
727 gmep = (name_map_entry *)ubi_slNext(gmep ))
729 if (sid_equal(&gmep->grp.sid, psid))
731 copy_grp_map_entry(grp_info, &gmep->grp);
732 DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
733 gmep->grp.unix_name, gmep->grp.nt_name ));
741 /***********************************************************
743 ************************************************************/
744 static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
746 name_map_entry *gmep;
747 ubi_slList *map_list;
750 * Initialise and load if not already loaded.
752 map_list = load_name_map(type);
754 for (gmep = (name_map_entry *)ubi_slFirst(map_list);
756 gmep = (name_map_entry *)ubi_slNext(gmep ))
759 sid_to_string(sid_str, &gmep->grp.sid);
760 DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
761 gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
762 if (gmep->grp.unix_id == unix_id)
764 copy_grp_map_entry(grp_info, &gmep->grp);
765 DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
766 gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
774 /***********************************************************
776 * Call four functions to resolve unix group ids and either
777 * local group SIDs or domain group SIDs listed in the local group
778 * or domain group map files.
780 * Note that it is *NOT* the responsibility of these functions to
781 * resolve entries that are not in the map files.
783 * Any SID can be in the map files (i.e from any Domain).
785 ***********************************************************/
789 /***********************************************************
790 Lookup a UNIX Group entry by name.
791 ************************************************************/
792 BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
794 return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
797 /***********************************************************
798 Lookup a UNIX Alias entry by name.
799 ************************************************************/
800 BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
802 return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
805 /***********************************************************
806 Lookup an Alias name entry
807 ************************************************************/
808 BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
810 return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
813 /***********************************************************
815 ************************************************************/
816 BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
818 return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
823 /***********************************************************
824 Lookup a Username entry by name.
825 ************************************************************/
826 static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
828 return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
831 /***********************************************************
832 Lookup a Username entry by SID.
833 ************************************************************/
834 static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
836 return map_sid(DOM_MAP_USER, sid, grp_info);
839 /***********************************************************
840 Lookup a Username SID entry by uid.
841 ************************************************************/
842 static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
844 return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
847 /***********************************************************
848 Lookup an Alias SID entry by name.
849 ************************************************************/
850 BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
852 return map_sid(DOM_MAP_LOCAL, psid, grp_info);
855 /***********************************************************
856 Lookup a Group entry by sid.
857 ************************************************************/
858 BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
860 return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
863 /***********************************************************
864 Lookup an Alias SID entry by gid_t.
865 ************************************************************/
866 static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
868 return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
871 /***********************************************************
872 Lookup a Group SID entry by gid_t.
873 ************************************************************/
874 static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
876 return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
880 /************************************************************************
881 Routine to look up User details by UNIX name
882 *************************************************************************/
883 BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
886 DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
887 if (nametouid(unix_usr_name, &uid))
889 return lookupsmbpwuid(uid, grp);
897 /************************************************************************
898 Routine to look up a remote nt name
899 *************************************************************************/
900 static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
902 struct cli_state cli;
912 const char *names[1];
914 if (!cli_connect_serverlist(&cli, lp_passwordserver()))
921 fstrcpy(srv_name, "\\\\");
922 fstrcat(srv_name, cli.desthost);
925 /* open LSARPC session. */
926 res3 = res3 ? cli_nt_session_open(&cli, PIPE_LSARPC, &fnum_lsa) : False;
928 /* lookup domain controller; receive a policy handle */
929 res3 = res3 ? lsa_open_policy(&cli, fnum_lsa,
931 &lsa_pol, True) : False;
933 /* send lsa lookup sids call */
934 res4 = res3 ? lsa_lookup_names(&cli, fnum_lsa,
937 &sids, &types, &num_sids) : False;
939 res3 = res3 ? lsa_close(&cli, fnum_lsa, &lsa_pol) : False;
941 cli_nt_session_close(&cli, fnum_lsa);
943 if (res4 && res3 && sids != NULL && types != NULL)
945 sid_copy(sid, &sids[0]);
965 /************************************************************************
966 Routine to look up a remote nt name
967 *************************************************************************/
968 static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
972 * check with the PDC to see if it owns the name. if so,
973 * the SID is resolved with the PDC database.
976 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
978 if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
980 if (sid_front_equal(&gmep->sid, &global_member_sid) &&
981 strequal(gmep->nt_domain, global_myworkgroup) &&
982 gmep->type == expected_type)
991 * ... otherwise, it's one of ours. map the sid ourselves,
992 * which can only happen in our own SAM database.
995 if (!strequal(gmep->nt_domain, global_sam_name))
999 if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
1008 * used by lookup functions below
1011 static fstring nt_name;
1012 static fstring unix_name;
1013 static fstring nt_domain;
1015 /*************************************************************************
1016 looks up a uid, returns User Information.
1017 *************************************************************************/
1018 BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
1020 DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
1021 if (map_username_uid(uid, gmep))
1025 if (lp_server_role() != ROLE_DOMAIN_NONE)
1027 gmep->nt_name = nt_name;
1028 gmep->unix_name = unix_name;
1029 gmep->nt_domain = nt_domain;
1031 gmep->unix_id = (uint32)uid;
1034 * ok, assume it's one of ours. then double-check it
1035 * if we are a member of a domain
1038 gmep->type = SID_NAME_USER;
1039 fstrcpy(gmep->nt_name, uidtoname(uid));
1040 fstrcpy(gmep->unix_name, gmep->nt_name);
1043 * here we should do a LsaLookupNames() call
1044 * to check the status of the name with the PDC.
1045 * if the PDC know nothing of the name, it's ours.
1048 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1051 lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
1056 * ok, it's one of ours.
1059 gmep->nt_domain = global_sam_name;
1060 pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
1070 /*************************************************************************
1071 looks up by NT name, returns User Information.
1072 *************************************************************************/
1073 BOOL lookupsmbpwntnam(char *fullntname, DOM_NAME_MAP *gmep)
1075 DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
1077 if (!split_domain_name(fullntname, nt_domain, nt_name))
1082 if (map_nt_username(nt_name, nt_domain, gmep))
1086 if (lp_server_role() != ROLE_DOMAIN_NONE)
1089 gmep->nt_name = nt_name;
1090 gmep->unix_name = unix_name;
1091 gmep->nt_domain = nt_domain;
1094 * ok, it's one of ours. we therefore "create" an nt user named
1095 * after the unix user. this is the point where "appliance mode"
1096 * should get its teeth in, as unix users won't really exist,
1097 * they will only be numbers...
1100 gmep->type = SID_NAME_USER;
1101 fstrcpy(gmep->unix_name, gmep->nt_name);
1102 if (!nametouid(gmep->unix_name, &uid))
1106 gmep->unix_id = (uint32)uid;
1108 return get_sid_and_type(fullntname, gmep->type, gmep);
1116 /*************************************************************************
1117 looks up by RID, returns User Information.
1118 *************************************************************************/
1119 BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
1122 sid_to_string(sid_str, sid);
1123 DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
1125 if (map_username_sid(sid, gmep))
1129 if (lp_server_role() != ROLE_DOMAIN_NONE)
1131 gmep->nt_name = nt_name;
1132 gmep->unix_name = unix_name;
1133 gmep->nt_domain = nt_domain;
1136 * here we should do a LsaLookupNames() call
1137 * to check the status of the name with the PDC.
1138 * if the PDC know nothing of the name, it's ours.
1141 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1144 if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
1149 * ok, it's one of ours. we therefore "create" an nt user named
1150 * after the unix user. this is the point where "appliance mode"
1151 * should get its teeth in, as unix users won't really exist,
1152 * they will only be numbers...
1155 gmep->type = SID_NAME_USER;
1156 sid_copy(&gmep->sid, sid);
1157 if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
1161 fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
1162 fstrcpy(gmep->unix_name, gmep->nt_name);
1163 gmep->nt_domain = global_sam_name;
1173 /************************************************************************
1174 Routine to look up group / alias / well-known group RID by UNIX name
1175 *************************************************************************/
1176 BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
1179 DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
1180 if (nametogid(unix_grp_name, &gid))
1182 return lookupsmbgrpgid(gid, grp);
1190 /*************************************************************************
1191 looks up a SID, returns name map entry
1192 *************************************************************************/
1193 BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
1196 sid_to_string(sid_str, sid);
1197 DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
1199 if (map_alias_sid(sid, gmep))
1203 if (map_group_sid(sid, gmep))
1207 if (lp_server_role() != ROLE_DOMAIN_NONE)
1209 gmep->nt_name = nt_name;
1210 gmep->unix_name = unix_name;
1211 gmep->nt_domain = nt_domain;
1214 * here we should do a LsaLookupNames() call
1215 * to check the status of the name with the PDC.
1216 * if the PDC know nothing of the name, it's ours.
1219 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1222 lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
1227 * ok, it's one of ours. we therefore "create" an nt group or
1228 * alias name named after the unix group. this is the point
1229 * where "appliance mode" should get its teeth in, as unix
1230 * groups won't really exist, they will only be numbers...
1233 /* name is not explicitly mapped
1234 * with map files or the PDC
1235 * so we are responsible for it...
1238 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1240 /* ... as a LOCAL group. */
1241 gmep->type = SID_NAME_ALIAS;
1245 /* ... as a DOMAIN group. */
1246 gmep->type = SID_NAME_DOM_GRP;
1249 sid_copy(&gmep->sid, sid);
1250 if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
1254 fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
1255 fstrcpy(gmep->unix_name, gmep->nt_name);
1256 gmep->nt_domain = global_sam_name;
1265 /*************************************************************************
1266 looks up a gid, returns RID and type local, domain or well-known domain group
1267 *************************************************************************/
1268 BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
1270 DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
1271 if (map_alias_gid(gid, gmep))
1275 if (map_group_gid(gid, gmep))
1279 if (lp_server_role() != ROLE_DOMAIN_NONE)
1281 gmep->nt_name = nt_name;
1282 gmep->unix_name = unix_name;
1283 gmep->nt_domain = nt_domain;
1285 gmep->unix_id = (uint32)gid;
1288 * here we should do a LsaLookupNames() call
1289 * to check the status of the name with the PDC.
1290 * if the PDC know nothing of the name, it's ours.
1293 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1296 if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
1304 * ok, it's one of ours. we therefore "create" an nt group or
1305 * alias name named after the unix group. this is the point
1306 * where "appliance mode" should get its teeth in, as unix
1307 * groups won't really exist, they will only be numbers...
1310 /* name is not explicitly mapped
1311 * with map files or the PDC
1312 * so we are responsible for it...
1315 if (lp_server_role() == ROLE_DOMAIN_MEMBER)
1317 /* ... as a LOCAL group. */
1318 gmep->type = SID_NAME_ALIAS;
1322 /* ... as a DOMAIN group. */
1323 gmep->type = SID_NAME_DOM_GRP;
1325 fstrcpy(gmep->nt_name, gidtoname(gid));
1326 fstrcpy(gmep->unix_name, gmep->nt_name);
1328 return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
git.samba.org / samba.git / blob