2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Jeremy Allison 1996-1998
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
27 extern DOM_SID global_sam_sid;
30 * NOTE. All these functions are abstracted into a structure
31 * that points to the correct function for the selected database. JRA.
34 static struct groupdb_ops *gpdb_ops = NULL;
36 /***************************************************************
37 Initialise the group db operations.
38 ***************************************************************/
40 BOOL initialise_group_db(void)
48 gpdb_ops = nisplus_initialise_group_db();
49 #elif defined(WITH_LDAP)
50 gpdb_ops = ldap_initialise_group_db();
51 #elif defined(USE_SMBUNIX_DB)
52 gpdb_ops = unix_initialise_group_db();
55 return (gpdb_ops != NULL);
59 * Functions that return/manipulate a DOMAIN_GRP.
62 /************************************************************************
63 Utility function to search group database by gid: the DOMAIN_GRP
64 structure does not have a gid member, so we have to convert here
65 from gid to group rid.
66 *************************************************************************/
67 DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
71 if (!lookupsmbgrpgid(gid, &gmep))
73 DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
77 if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP)
79 DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid));
83 sid_split_rid(&gmep.sid, &rid);
84 if (!sid_equal(&gmep.sid, &global_sam_sid))
86 DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid));
90 return iterate_getgrouprid(rid, mem, num_mem);
93 /************************************************************************
94 Utility function to search group database by rid. use this if your database
95 does not have search facilities.
96 *************************************************************************/
97 DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
99 DOMAIN_GRP *grp = NULL;
102 DEBUG(10, ("search by rid: 0x%x\n", rid));
104 /* Open the group database file - not for update. */
105 fp = startgroupent(False);
109 DEBUG(0, ("unable to open group database.\n"));
113 while ((grp = getgroupent(fp, mem, num_mem)) != NULL && grp->rid != rid)
119 DEBUG(10, ("found group %s by rid: 0x%x\n", grp->name, rid));
126 /************************************************************************
127 Utility function to search group database by name. use this if your database
128 does not have search facilities.
129 *************************************************************************/
130 DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
132 DOMAIN_GRP *grp = NULL;
135 DEBUG(10, ("search by name: %s\n", name));
137 /* Open the group database file - not for update. */
138 fp = startgroupent(False);
142 DEBUG(0, ("unable to open group database.\n"));
146 while ((grp = getgroupent(fp, mem, num_mem)) != NULL && !strequal(grp->name, name))
152 DEBUG(10, ("found by name: %s\n", name));
159 /*************************************************************************
160 Routine to return the next entry in the smbdomaingroup list.
161 *************************************************************************/
162 BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp)
164 if (grps == NULL || num_grps == NULL || grp == NULL)
169 (*grps) = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP));
175 DEBUG(10,("adding group %s(%s)\n", grp->name, grp->comment));
177 fstrcpy((*grps)[(*num_grps)].name , grp->name);
178 fstrcpy((*grps)[(*num_grps)].comment, grp->comment);
179 (*grps)[(*num_grps)].attr = grp->attr;
180 (*grps)[(*num_grps)].rid = grp->rid ;
187 /*************************************************************************
188 checks to see if a user is a member of a domain group
189 *************************************************************************/
190 static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
193 for (i = 0; i < num_mem; i++)
195 DEBUG(10,("searching against user %s...\n", mem[i].name));
196 if (strequal(mem[i].name, user_name))
198 DEBUG(10,("searching for user %s: found\n", user_name));
202 DEBUG(10,("searching for user %s: not found\n", user_name));
206 /*************************************************************************
207 gets an array of groups that a user is in. use this if your database
208 does not have search facilities
209 *************************************************************************/
210 BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps)
212 DOMAIN_GRP *grp = NULL;
213 DOMAIN_GRP_MEMBER *mem = NULL;
217 DEBUG(10, ("search for usergroups by name: %s\n", user_name));
219 if (user_name == NULL || grps == NULL || num_grps == NULL)
227 /* Open the group database file - not for update. */
228 fp = startgroupent(False);
232 DEBUG(0, ("unable to open group database.\n"));
236 /* iterate through all groups. search members for required user */
237 while ((grp = getgroupent(fp, &mem, &num_mem)) != NULL)
239 DEBUG(5,("group name %s members: %d\n", grp->name, num_mem));
240 if (num_mem != 0 && mem != NULL)
243 if (user_is_member(user_name, mem, num_mem))
245 ret = add_domain_group(grps, num_grps, grp);
260 if ((*num_grps) != 0)
262 DEBUG(10, ("found %d user groups:\n", (*num_grps)));
269 /*************************************************************************
270 gets an array of groups that a user is in. use this if your database
271 does not have search facilities
272 *************************************************************************/
273 BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps)
275 DOMAIN_GRP *grp = NULL;
278 DEBUG(10, ("enum user groups\n"));
280 if (grps == NULL || num_grps == NULL)
288 /* Open the group database file - not for update. */
289 fp = startgroupent(False);
293 DEBUG(0, ("unable to open group database.\n"));
297 /* iterate through all groups. */
298 while ((grp = getgroupent(fp, NULL, NULL)) != NULL)
300 if (!add_domain_group(grps, num_grps, grp))
302 DEBUG(0,("unable to add group while enumerating\n"));
307 if ((*num_grps) != 0)
309 DEBUG(10, ("found %d user groups:\n", (*num_grps)));
316 /***************************************************************
317 Start to enumerate the group database list. Returns a void pointer
318 to ensure no modification outside this module.
319 ****************************************************************/
321 void *startgroupent(BOOL update)
323 return gpdb_ops->startgroupent(update);
326 /***************************************************************
327 End enumeration of the group database list.
328 ****************************************************************/
330 void endgroupent(void *vp)
332 gpdb_ops->endgroupent(vp);
335 /*************************************************************************
336 Routine to return the next entry in the group database list.
337 *************************************************************************/
339 DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem)
341 return gpdb_ops->getgroupent(vp, mem, num_mem);
344 /************************************************************************
345 Routine to add an entry to the group database file.
346 *************************************************************************/
348 BOOL add_group_entry(DOMAIN_GRP *newgrp)
350 return gpdb_ops->add_group_entry(newgrp);
353 /************************************************************************
354 Routine to search the group database file for an entry matching the groupname.
355 and then replace the entry.
356 ************************************************************************/
358 BOOL mod_group_entry(DOMAIN_GRP* grp)
360 return gpdb_ops->mod_group_entry(grp);
363 /************************************************************************
364 Routine to search group database by name.
365 *************************************************************************/
367 DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
369 return gpdb_ops->getgroupntnam(name, mem, num_mem);
372 /************************************************************************
373 Routine to search group database by group rid.
374 *************************************************************************/
376 DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
378 return gpdb_ops->getgrouprid(group_rid, mem, num_mem);
381 /************************************************************************
382 Routine to search group database by gid.
383 *************************************************************************/
385 DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
387 return gpdb_ops->getgroupgid(gid, mem, num_mem);
390 /*************************************************************************
391 gets an array of groups that a user is in.
392 *************************************************************************/
393 BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps)
395 return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps);
398 /*************************************************************
399 initialises a DOMAIN_GRP.
400 **************************************************************/
402 void gpdb_init_grp(DOMAIN_GRP *grp)
404 if (grp == NULL) return;
408 /*************************************************************************
409 turns a list of groups into a string.
410 *************************************************************************/
411 BOOL make_group_line(char *p, int max_len,
413 DOMAIN_GRP_MEMBER **mem, int *num_mem)
417 len = slprintf(p, max_len-1, "%s:%s:%d:", grp->name, grp->comment, grp->rid);
421 DEBUG(0,("make_group_line: cannot create entry\n"));
428 if (mem == NULL || num_mem == NULL)
433 for (i = 0; i < (*num_mem); i++)
435 len = strlen((*mem)[i].name);
436 p = safe_strcpy(p, (*mem)[i].name, max_len);
440 DEBUG(0, ("make_group_line: out of space for groups!\n"));
446 if (i != (*num_mem)-1)