2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Tridgell 2000
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Library General Public
11 License as published by the Free Software Foundation; either
12 version 2 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Library General Public
20 License along with this library; if not, write to the
21 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
22 Boston, MA 02111-1307, USA.
26 #include "nsswitch/winbind_nss.h"
29 #define DBGC_CLASS DBGC_WINBIND
31 extern DOM_SID global_sid_NULL; /* NULL sid */
33 NSS_STATUS winbindd_request(int req_type,
34 struct winbindd_request *request,
35 struct winbindd_response *response);
37 /* Call winbindd to convert a name to a sid */
39 BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
40 enum SID_NAME_USE *name_type)
42 struct winbindd_request request;
43 struct winbindd_response response;
46 if (!sid || !name_type)
49 /* Send off request */
52 ZERO_STRUCT(response);
54 fstrcpy(request.data.name.dom_name, dom_name);
55 fstrcpy(request.data.name.name, name);
57 if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request,
58 &response)) == NSS_STATUS_SUCCESS) {
59 if (!string_to_sid(sid, response.data.sid.sid))
61 *name_type = (enum SID_NAME_USE)response.data.sid.type;
64 return result == NSS_STATUS_SUCCESS;
67 /* Call winbindd to convert sid to name */
69 BOOL winbind_lookup_sid(const DOM_SID *sid,
70 fstring dom_name, fstring name,
71 enum SID_NAME_USE *name_type)
73 struct winbindd_request request;
74 struct winbindd_response response;
78 /* Initialise request */
81 ZERO_STRUCT(response);
83 sid_to_string(sid_str, sid);
84 fstrcpy(request.data.sid, sid_str);
88 result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
92 if (result == NSS_STATUS_SUCCESS) {
93 fstrcpy(dom_name, response.data.name.dom_name);
94 fstrcpy(name, response.data.name.name);
95 *name_type = (enum SID_NAME_USE)response.data.name.type;
97 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
98 sid_str, dom_name, name));
101 return (result == NSS_STATUS_SUCCESS);
104 /* Call winbindd to convert SID to uid */
106 BOOL winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid)
108 struct winbindd_request request;
109 struct winbindd_response response;
116 /* Initialise request */
118 ZERO_STRUCT(request);
119 ZERO_STRUCT(response);
121 sid_to_string(sid_str, sid);
122 fstrcpy(request.data.sid, sid_str);
126 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
128 /* Copy out result */
130 if (result == NSS_STATUS_SUCCESS) {
131 *puid = response.data.uid;
134 return (result == NSS_STATUS_SUCCESS);
137 /* Call winbindd to convert uid to sid */
139 BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
141 struct winbindd_request request;
142 struct winbindd_response response;
148 /* Initialise request */
150 ZERO_STRUCT(request);
151 ZERO_STRUCT(response);
153 request.data.uid = uid;
157 result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
159 /* Copy out result */
161 if (result == NSS_STATUS_SUCCESS) {
162 if (!string_to_sid(sid, response.data.sid.sid))
165 sid_copy(sid, &global_sid_NULL);
168 return (result == NSS_STATUS_SUCCESS);
171 /* Call winbindd to convert SID to gid */
173 BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
175 struct winbindd_request request;
176 struct winbindd_response response;
183 /* Initialise request */
185 ZERO_STRUCT(request);
186 ZERO_STRUCT(response);
188 sid_to_string(sid_str, sid);
189 fstrcpy(request.data.sid, sid_str);
193 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
195 /* Copy out result */
197 if (result == NSS_STATUS_SUCCESS) {
198 *pgid = response.data.gid;
201 return (result == NSS_STATUS_SUCCESS);
204 /* Call winbindd to convert gid to sid */
206 BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
208 struct winbindd_request request;
209 struct winbindd_response response;
215 /* Initialise request */
217 ZERO_STRUCT(request);
218 ZERO_STRUCT(response);
220 request.data.gid = gid;
224 result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
226 /* Copy out result */
228 if (result == NSS_STATUS_SUCCESS) {
229 if (!string_to_sid(sid, response.data.sid.sid))
232 sid_copy(sid, &global_sid_NULL);
235 return (result == NSS_STATUS_SUCCESS);
238 /* Fetch the list of groups a user is a member of from winbindd. This is
239 used by winbind_getgroups. */
241 static int wb_getgroups(const char *user, gid_t **groups)
243 struct winbindd_request request;
244 struct winbindd_response response;
249 fstrcpy(request.data.username, user);
251 ZERO_STRUCT(response);
253 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
255 if (result == NSS_STATUS_SUCCESS) {
257 /* Return group list. Don't forget to free the group list
260 *groups = (gid_t *)response.extra_data;
261 return response.data.num_entries;
267 /* Return a list of groups the user is a member of. This function is
268 useful for large systems where inverting the group database would be too
269 time consuming. If size is zero, list is not modified and the total
270 number of groups for the user is returned. */
272 int winbind_getgroups(const char *user, gid_t **list)
275 * Don't do the lookup if the name has no separator _and_ we are not in
276 * 'winbind use default domain' mode.
279 if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain()))
282 /* Fetch list of groups */
284 return wb_getgroups(user, list);
287 /**********************************************************************
288 simple wrapper function to see if winbindd is alive
289 **********************************************************************/
291 BOOL winbind_ping( void )
295 result = winbindd_request(WINBINDD_PING, NULL, NULL);
297 return result == NSS_STATUS_SUCCESS;
300 /**********************************************************************
301 Ask winbindd to create a local user
302 **********************************************************************/
304 BOOL winbind_create_user( const char *name, uint32 *rid )
306 struct winbindd_request request;
307 struct winbindd_response response;
310 if ( !lp_winbind_enable_local_accounts() )
316 DEBUG(10,("winbind_create_user: %s\n", name));
318 /* see if the caller wants a new RID returned */
321 request.flags = WBFLAG_ALLOCATE_RID;
323 fstrcpy( request.data.acct_mgt.username, name );
324 fstrcpy( request.data.acct_mgt.groupname, "" );
326 ZERO_STRUCT(response);
328 result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
331 *rid = response.data.rid;
333 return result == NSS_STATUS_SUCCESS;
336 /**********************************************************************
337 Ask winbindd to create a local group
338 **********************************************************************/
340 BOOL winbind_create_group( const char *name, uint32 *rid )
342 struct winbindd_request request;
343 struct winbindd_response response;
346 if ( !lp_winbind_enable_local_accounts() )
352 DEBUG(10,("winbind_create_group: %s\n", name));
354 /* see if the caller wants a new RID returned */
357 request.flags = WBFLAG_ALLOCATE_RID;
359 fstrcpy( request.data.acct_mgt.groupname, name );
361 ZERO_STRUCT(response);
363 result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
366 *rid = response.data.rid;
368 return result == NSS_STATUS_SUCCESS;
371 /**********************************************************************
372 Ask winbindd to add a user to a local group
373 **********************************************************************/
375 BOOL winbind_add_user_to_group( const char *user, const char *group )
377 struct winbindd_request request;
378 struct winbindd_response response;
381 if ( !lp_winbind_enable_local_accounts() )
384 if ( !user || !group )
387 DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
390 fstrcpy( request.data.acct_mgt.username, user );
391 fstrcpy( request.data.acct_mgt.groupname, group );
393 ZERO_STRUCT(response);
395 result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
397 return result == NSS_STATUS_SUCCESS;
400 /**********************************************************************
401 Ask winbindd to remove a user to a local group
402 **********************************************************************/
404 BOOL winbind_remove_user_from_group( const char *user, const char *group )
406 struct winbindd_request request;
407 struct winbindd_response response;
410 if ( !lp_winbind_enable_local_accounts() )
413 if ( !user || !group )
416 DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
419 fstrcpy( request.data.acct_mgt.username, user );
420 fstrcpy( request.data.acct_mgt.groupname, group );
422 ZERO_STRUCT(response);
424 result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
426 return result == NSS_STATUS_SUCCESS;
429 /**********************************************************************
430 Ask winbindd to set the primary group for a user local user
431 **********************************************************************/
433 BOOL winbind_set_user_primary_group( const char *user, const char *group )
435 struct winbindd_request request;
436 struct winbindd_response response;
439 if ( !lp_winbind_enable_local_accounts() )
442 if ( !user || !group )
445 DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
448 fstrcpy( request.data.acct_mgt.username, user );
449 fstrcpy( request.data.acct_mgt.groupname, group );
451 ZERO_STRUCT(response);
453 result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
455 return result == NSS_STATUS_SUCCESS;
459 /**********************************************************************
460 Ask winbindd to remove a user from its lists of accounts
461 **********************************************************************/
463 BOOL winbind_delete_user( const char *user )
465 struct winbindd_request request;
466 struct winbindd_response response;
469 if ( !lp_winbind_enable_local_accounts() )
475 DEBUG(10,("winbind_delete_user: user (%s)\n", user));
477 fstrcpy( request.data.acct_mgt.username, user );
479 ZERO_STRUCT(response);
481 result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
483 return result == NSS_STATUS_SUCCESS;
486 /**********************************************************************
487 Ask winbindd to remove a group from its lists of accounts
488 **********************************************************************/
490 BOOL winbind_delete_group( const char *group )
492 struct winbindd_request request;
493 struct winbindd_response response;
496 if ( !lp_winbind_enable_local_accounts() )
502 DEBUG(10,("winbind_delete_group: group (%s)\n", group));
504 fstrcpy( request.data.acct_mgt.groupname, group );
506 ZERO_STRUCT(response);
508 result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
510 return result == NSS_STATUS_SUCCESS;
513 /***********************************************************************/
514 #if 0 /* not needed currently since winbindd_acct was added -- jerry */
516 /* Call winbindd to convert SID to uid. Do not allocate */
518 BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
520 struct winbindd_request request;
521 struct winbindd_response response;
528 /* Initialise request */
530 ZERO_STRUCT(request);
531 ZERO_STRUCT(response);
533 sid_to_string(sid_str, sid);
534 fstrcpy(request.data.sid, sid_str);
536 request.flags = WBFLAG_QUERY_ONLY;
540 result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
542 /* Copy out result */
544 if (result == NSS_STATUS_SUCCESS) {
545 *puid = response.data.uid;
548 return (result == NSS_STATUS_SUCCESS);
551 /* Call winbindd to convert SID to gid. Do not allocate */
553 BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
555 struct winbindd_request request;
556 struct winbindd_response response;
563 /* Initialise request */
565 ZERO_STRUCT(request);
566 ZERO_STRUCT(response);
568 sid_to_string(sid_str, sid);
569 fstrcpy(request.data.sid, sid_str);
571 request.flags = WBFLAG_QUERY_ONLY;
575 result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
577 /* Copy out result */
579 if (result == NSS_STATUS_SUCCESS) {
580 *pgid = response.data.gid;
583 return (result == NSS_STATUS_SUCCESS);
588 /***********************************************************************/