2 * Unix SMB/CIFS implementation.
4 * Winbind rpc backend functions
6 * Copyright (c) 2000-2003 Tim Potter
7 * Copyright (c) 2001 Andrew Tridgell
8 * Copyright (c) 2005 Volker Lendecke
9 * Copyright (c) 2008 Guenther Deschner (pidl conversion)
10 * Copyright (c) 2010 Andreas Schneider <asn@samba.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "../librpc/gen_ndr/cli_samr.h"
29 #include "rpc_client/cli_samr.h"
30 #include "../librpc/gen_ndr/srv_samr.h"
31 #include "../librpc/gen_ndr/cli_lsa.h"
32 #include "rpc_client/cli_lsarpc.h"
33 #include "../librpc/gen_ndr/srv_lsa.h"
36 #define DBGC_CLASS DBGC_WINBIND
38 static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
39 struct rpc_pipe_client **samr_pipe)
41 static struct rpc_pipe_client *cli = NULL;
42 struct auth_serversupplied_info *server_info = NULL;
49 if (server_info == NULL) {
50 status = make_server_info_system(mem_ctx, &server_info);
51 if (!NT_STATUS_IS_OK(status)) {
52 DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
58 /* create a samr connection */
59 status = rpc_pipe_open_internal(talloc_autofree_context(),
60 &ndr_table_samr.syntax_id,
64 if (!NT_STATUS_IS_OK(status)) {
65 DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
78 static NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
79 struct winbindd_domain *domain,
80 struct rpc_pipe_client **samr_pipe,
81 struct policy_handle *samr_domain_hnd)
84 struct policy_handle samr_connect_hnd;
86 status = open_internal_samr_pipe(mem_ctx, samr_pipe);
87 if (!NT_STATUS_IS_OK(status)) {
91 status = rpccli_samr_Connect2((*samr_pipe),
93 (*samr_pipe)->desthost,
94 SEC_FLAG_MAXIMUM_ALLOWED,
96 if (!NT_STATUS_IS_OK(status)) {
100 status = rpccli_samr_OpenDomain((*samr_pipe),
103 SEC_FLAG_MAXIMUM_ALLOWED,
110 static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
111 struct rpc_pipe_client **lsa_pipe)
113 static struct rpc_pipe_client *cli = NULL;
114 struct auth_serversupplied_info *server_info = NULL;
121 if (server_info == NULL) {
122 status = make_server_info_system(mem_ctx, &server_info);
123 if (!NT_STATUS_IS_OK(status)) {
124 DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
130 /* create a samr connection */
131 status = rpc_pipe_open_internal(talloc_autofree_context(),
132 &ndr_table_lsarpc.syntax_id,
136 if (!NT_STATUS_IS_OK(status)) {
137 DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
150 static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx,
151 struct rpc_pipe_client **lsa_pipe,
152 struct policy_handle *lsa_hnd)
156 status = open_internal_lsa_pipe(mem_ctx, lsa_pipe);
157 if (!NT_STATUS_IS_OK(status)) {
161 status = rpccli_lsa_open_policy((*lsa_pipe),
164 SEC_FLAG_MAXIMUM_ALLOWED,
170 /*********************************************************************
171 SAM specific functions.
172 *********************************************************************/
174 /* List all domain groups */
175 static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
178 struct acct_info **pinfo)
180 struct rpc_pipe_client *samr_pipe;
181 struct policy_handle dom_pol;
182 struct acct_info *info = NULL;
185 uint32_t num_info = 0;
188 DEBUG(3,("samr: query_user_list\n"));
194 tmp_ctx = talloc_stackframe();
195 if (tmp_ctx == NULL) {
196 return NT_STATUS_NO_MEMORY;
199 status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
200 if (!NT_STATUS_IS_OK(status)) {
205 struct samr_SamArray *sam_array = NULL;
209 /* start is updated by this call. */
210 status = rpccli_samr_EnumDomainGroups(samr_pipe,
215 0xFFFF, /* buffer size? */
217 if (!NT_STATUS_IS_OK(status)) {
218 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
219 DEBUG(2,("query_user_list: failed to enum domain groups: %s\n",
225 info = TALLOC_REALLOC_ARRAY(tmp_ctx,
230 status = NT_STATUS_NO_MEMORY;
234 for (g = 0; g < count; g++) {
235 fstrcpy(info[num_info + g].acct_name,
236 sam_array->entries[g].name.string);
238 info[num_info + g].rid = sam_array->entries[g].idx;
242 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
245 *pnum_info = num_info;
249 *pinfo = talloc_move(mem_ctx, &info);
253 TALLOC_FREE(tmp_ctx);
257 /* Query display info for a domain */
258 static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
261 struct wbint_userinfo **pinfo)
263 struct rpc_pipe_client *samr_pipe = NULL;
264 struct wbint_userinfo *info = NULL;
265 struct policy_handle dom_pol;
266 uint32_t num_info = 0;
267 uint32_t loop_count = 0;
268 uint32_t start_idx = 0;
273 DEBUG(3,("samr: query_user_list\n"));
279 tmp_ctx = talloc_stackframe();
280 if (tmp_ctx == NULL) {
281 return NT_STATUS_NO_MEMORY;
284 status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
285 if (!NT_STATUS_IS_OK(status)) {
291 uint32_t num_dom_users;
292 uint32_t max_entries, max_size;
293 uint32_t total_size, returned_size;
294 union samr_DispInfo disp_info;
296 get_query_dispinfo_params(loop_count,
300 status = rpccli_samr_QueryDisplayInfo(samr_pipe,
310 if (!NT_STATUS_IS_OK(status)) {
311 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
316 /* increment required start query values */
317 start_idx += disp_info.info1.count;
319 num_dom_users = disp_info.info1.count;
321 num_info += num_dom_users;
323 info = TALLOC_REALLOC_ARRAY(tmp_ctx,
325 struct wbint_userinfo,
328 status = NT_STATUS_NO_MEMORY;
332 for (j = 0; j < num_dom_users; i++, j++) {
333 uint32_t rid = disp_info.info1.entries[j].rid;
334 struct samr_DispEntryGeneral *src;
335 struct wbint_userinfo *dst;
337 src = &(disp_info.info1.entries[j]);
340 dst->acct_name = talloc_strdup(info,
341 src->account_name.string);
342 if (dst->acct_name == NULL) {
343 status = NT_STATUS_NO_MEMORY;
347 dst->full_name = talloc_strdup(info, src->full_name.string);
348 if (dst->full_name == NULL) {
349 status = NT_STATUS_NO_MEMORY;
356 sid_compose(&dst->user_sid, &domain->sid, rid);
358 /* For the moment we set the primary group for
359 every user to be the Domain Users group.
360 There are serious problems with determining
361 the actual primary group for large domains.
362 This should really be made into a 'winbind
363 force group' smb.conf parameter or
364 something like that. */
365 sid_compose(&dst->group_sid, &domain->sid,
368 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
371 *pnum_info = num_info;
375 *pinfo = talloc_move(mem_ctx, &info);
379 TALLOC_FREE(tmp_ctx);
383 /* Lookup user information from a rid or username. */
384 static NTSTATUS sam_query_user(struct winbindd_domain *domain,
386 const struct dom_sid *user_sid,
387 struct wbint_userinfo *user_info)
390 return NT_STATUS_NOT_IMPLEMENTED;
393 /* get a list of trusted domains - builtin domain */
394 static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
396 struct netr_DomainTrustList *trusts)
399 return NT_STATUS_NOT_IMPLEMENTED;
402 /* Lookup group membership given a rid. */
403 static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
405 const struct dom_sid *group_sid,
406 enum lsa_SidType type,
408 struct dom_sid **sid_mem,
410 uint32_t **name_types)
413 return NT_STATUS_NOT_IMPLEMENTED;
416 /*********************************************************************
417 BUILTIN specific functions.
418 *********************************************************************/
420 /* List all domain groups */
421 static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain,
424 struct acct_info **info)
426 /* BUILTIN doesn't have domain groups */
432 /* Query display info for a domain */
433 static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain,
436 struct wbint_userinfo **info)
438 /* We don't have users */
444 /* Lookup user information from a rid or username. */
445 static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
447 const struct dom_sid *user_sid,
448 struct wbint_userinfo *user_info)
450 return NT_STATUS_NO_SUCH_USER;
453 /* get a list of trusted domains - builtin domain */
454 static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
456 struct netr_DomainTrustList *trusts)
458 ZERO_STRUCTP(trusts);
462 /*********************************************************************
464 *********************************************************************/
466 /* List all local groups (aliases) */
467 static NTSTATUS common_enum_local_groups(struct winbindd_domain *domain,
469 uint32_t *num_entries,
470 struct acct_info **info)
473 return NT_STATUS_NOT_IMPLEMENTED;
476 /* convert a single name to a sid in a domain */
477 static NTSTATUS common_name_to_sid(struct winbindd_domain *domain,
479 const char *domain_name,
483 enum lsa_SidType *type)
486 return NT_STATUS_NOT_IMPLEMENTED;
489 /* convert a domain SID to a user or group name */
490 static NTSTATUS common_sid_to_name(struct winbindd_domain *domain,
492 const struct dom_sid *sid,
495 enum lsa_SidType *type)
498 return NT_STATUS_NOT_IMPLEMENTED;
501 static NTSTATUS common_rids_to_names(struct winbindd_domain *domain,
503 const struct dom_sid *sid,
508 enum lsa_SidType **types)
511 return NT_STATUS_NOT_IMPLEMENTED;
514 static NTSTATUS common_lockout_policy(struct winbindd_domain *domain,
516 struct samr_DomInfo12 *policy)
519 return NT_STATUS_NOT_IMPLEMENTED;
522 static NTSTATUS common_password_policy(struct winbindd_domain *domain,
524 struct samr_DomInfo1 *policy)
527 return NT_STATUS_NOT_IMPLEMENTED;
530 /* Lookup groups a user is a member of. I wish Unix had a call like this! */
531 static NTSTATUS common_lookup_usergroups(struct winbindd_domain *domain,
533 const struct dom_sid *user_sid,
534 uint32_t *num_groups,
535 struct dom_sid **user_gids)
538 return NT_STATUS_NOT_IMPLEMENTED;
541 static NTSTATUS common_lookup_useraliases(struct winbindd_domain *domain,
544 const struct dom_sid *sids,
545 uint32_t *p_num_aliases,
549 return NT_STATUS_NOT_IMPLEMENTED;
552 /* find the sequence number for a domain */
553 static NTSTATUS common_sequence_number(struct winbindd_domain *domain,
557 return NT_STATUS_NOT_IMPLEMENTED;
561 /* the rpc backend methods are exposed via this structure */
562 struct winbindd_methods builtin_passdb_methods = {
565 .query_user_list = builtin_query_user_list,
566 .enum_dom_groups = builtin_enum_dom_groups,
567 .enum_local_groups = common_enum_local_groups,
568 .name_to_sid = common_name_to_sid,
569 .sid_to_name = common_sid_to_name,
570 .rids_to_names = common_rids_to_names,
571 .query_user = builtin_query_user,
572 .lookup_usergroups = common_lookup_usergroups,
573 .lookup_useraliases = common_lookup_useraliases,
574 .lookup_groupmem = sam_lookup_groupmem,
575 .sequence_number = common_sequence_number,
576 .lockout_policy = common_lockout_policy,
577 .password_policy = common_password_policy,
578 .trusted_domains = builtin_trusted_domains
581 /* the rpc backend methods are exposed via this structure */
582 struct winbindd_methods sam_passdb_methods = {
585 .query_user_list = sam_query_user_list,
586 .enum_dom_groups = sam_enum_dom_groups,
587 .enum_local_groups = common_enum_local_groups,
588 .name_to_sid = common_name_to_sid,
589 .sid_to_name = common_sid_to_name,
590 .rids_to_names = common_rids_to_names,
591 .query_user = sam_query_user,
592 .lookup_usergroups = common_lookup_usergroups,
593 .lookup_useraliases = common_lookup_useraliases,
594 .lookup_groupmem = sam_lookup_groupmem,
595 .sequence_number = common_sequence_number,
596 .lockout_policy = common_lockout_policy,
597 .password_policy = common_password_policy,
598 .trusted_domains = sam_trusted_domains
git.samba.org / kai / samba-autobuild / .git / blob