2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-2000,
5 * Copyright (C) Jean François Micouleau 1998-2001.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 static TDB_CONTEXT *tdb; /* used for driver files */
26 #define DATABASE_VERSION_V1 1 /* native byte format. */
27 #define DATABASE_VERSION_V2 2 /* le format. */
29 #define GROUP_PREFIX "UNIXGROUP/"
31 /* Alias memberships are stored reverse, as memberships. The performance
32 * critical operation is to determine the aliases a SID is member of, not
33 * listing alias members. So we store a list of alias SIDs a SID is member of
34 * hanging of the member as key.
36 #define MEMBEROF_PREFIX "MEMBEROF/"
38 /****************************************************************************
39 dump the mapping group mapping to a text file
40 ****************************************************************************/
41 char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
43 static fstring group_type;
47 fstrcpy(group_type,"User");
49 case SID_NAME_DOM_GRP:
50 fstrcpy(group_type,"Domain group");
53 fstrcpy(group_type,"Domain");
56 fstrcpy(group_type,"Local group");
58 case SID_NAME_WKN_GRP:
59 fstrcpy(group_type,"Builtin group");
61 case SID_NAME_DELETED:
62 fstrcpy(group_type,"Deleted");
64 case SID_NAME_INVALID:
65 fstrcpy(group_type,"Invalid");
67 case SID_NAME_UNKNOWN:
69 fstrcpy(group_type,"Unknown type");
73 fstrcpy(group, group_type);
77 /****************************************************************************
78 initialise first time the mapping list - called from init_group_mapping()
79 ****************************************************************************/
80 static BOOL default_group_mapping(void)
89 /* Add the Wellknown groups */
91 add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "");
92 add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "");
93 add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "");
94 add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "");
95 add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "");
96 add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "");
97 add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "");
98 add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "");
99 add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "");
101 /* Add the defaults domain groups */
103 sid_copy(&sid_admins, get_global_sam_sid());
104 sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
105 sid_to_string(str_admins, &sid_admins);
106 add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "");
108 sid_copy(&sid_users, get_global_sam_sid());
109 sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
110 sid_to_string(str_users, &sid_users);
111 add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "");
113 sid_copy(&sid_guests, get_global_sam_sid());
114 sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
115 sid_to_string(str_guests, &sid_guests);
116 add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "");
121 /****************************************************************************
122 Open the group mapping tdb.
123 ****************************************************************************/
125 static BOOL init_group_mapping(void)
127 const char *vstring = "INFO/version";
132 tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
134 DEBUG(0,("Failed to open group mapping database\n"));
138 /* handle a Samba upgrade */
139 tdb_lock_bystring(tdb, vstring, 0);
141 /* Cope with byte-reversed older versions of the db. */
142 vers_id = tdb_fetch_int32(tdb, vstring);
143 if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) {
144 /* Written on a bigendian machine with old fetch_int code. Save as le. */
145 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
146 vers_id = DATABASE_VERSION_V2;
149 if (vers_id != DATABASE_VERSION_V2) {
150 tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
151 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
154 tdb_unlock_bystring(tdb, vstring);
156 /* write a list of default groups */
157 if(!default_group_mapping())
163 /****************************************************************************
164 ****************************************************************************/
165 static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
169 fstring string_sid="";
172 if(!init_group_mapping()) {
173 DEBUG(0,("failed to initialize group mapping\n"));
177 sid_to_string(string_sid, &map->sid);
179 len = tdb_pack(buf, sizeof(buf), "ddff",
180 map->gid, map->sid_name_use, map->nt_name, map->comment);
182 if (len > sizeof(buf))
185 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
187 kbuf.dsize = strlen(key)+1;
191 if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
196 /****************************************************************************
197 initialise first time the mapping list
198 ****************************************************************************/
199 BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment)
203 if(!init_group_mapping()) {
204 DEBUG(0,("failed to initialize group mapping\n"));
209 if (!string_to_sid(&map.sid, sid)) {
210 DEBUG(0, ("string_to_sid failed: %s", sid));
214 map.sid_name_use=sid_name_use;
215 fstrcpy(map.nt_name, nt_name);
216 fstrcpy(map.comment, comment);
218 return pdb_add_group_mapping_entry(&map);
221 /****************************************************************************
222 Return the sid and the type of the unix group.
223 ****************************************************************************/
225 static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
232 if(!init_group_mapping()) {
233 DEBUG(0,("failed to initialize group mapping\n"));
237 /* the key is the SID, retrieving is direct */
239 sid_to_string(string_sid, &sid);
240 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
243 kbuf.dsize = strlen(key)+1;
245 dbuf = tdb_fetch(tdb, kbuf);
249 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
250 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
252 SAFE_FREE(dbuf.dptr);
255 DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n"));
259 sid_copy(&map->sid, &sid);
264 /****************************************************************************
265 Return the sid and the type of the unix group.
266 ****************************************************************************/
268 static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
270 TDB_DATA kbuf, dbuf, newkey;
274 if(!init_group_mapping()) {
275 DEBUG(0,("failed to initialize group mapping\n"));
279 /* we need to enumerate the TDB to find the GID */
281 for (kbuf = tdb_firstkey(tdb);
283 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
285 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
287 dbuf = tdb_fetch(tdb, kbuf);
291 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
293 string_to_sid(&map->sid, string_sid);
295 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
296 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
298 SAFE_FREE(dbuf.dptr);
301 DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n"));
306 SAFE_FREE(kbuf.dptr);
314 /****************************************************************************
315 Return the sid and the type of the unix group.
316 ****************************************************************************/
318 static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
320 TDB_DATA kbuf, dbuf, newkey;
324 if(!init_group_mapping()) {
325 DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n"));
329 /* we need to enumerate the TDB to find the name */
331 for (kbuf = tdb_firstkey(tdb);
333 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
335 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
337 dbuf = tdb_fetch(tdb, kbuf);
341 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
343 string_to_sid(&map->sid, string_sid);
345 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
346 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
348 SAFE_FREE(dbuf.dptr);
351 DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n"));
355 if (StrCaseCmp(name, map->nt_name)==0) {
356 SAFE_FREE(kbuf.dptr);
364 /****************************************************************************
365 Remove a group mapping entry.
366 ****************************************************************************/
368 static BOOL group_map_remove(DOM_SID sid)
374 if(!init_group_mapping()) {
375 DEBUG(0,("failed to initialize group mapping\n"));
379 /* the key is the SID, retrieving is direct */
381 sid_to_string(string_sid, &sid);
382 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
385 kbuf.dsize = strlen(key)+1;
387 dbuf = tdb_fetch(tdb, kbuf);
391 SAFE_FREE(dbuf.dptr);
393 if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
399 /****************************************************************************
400 Enumerate the group mapping.
401 ****************************************************************************/
403 static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
404 int *num_entries, BOOL unix_only)
406 TDB_DATA kbuf, dbuf, newkey;
414 if(!init_group_mapping()) {
415 DEBUG(0,("failed to initialize group mapping\n"));
422 for (kbuf = tdb_firstkey(tdb);
424 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
426 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
429 dbuf = tdb_fetch(tdb, kbuf);
433 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
435 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
436 &map.gid, &map.sid_name_use, &map.nt_name, &map.comment);
438 SAFE_FREE(dbuf.dptr);
441 DEBUG(3,("enum_group_mapping: tdb_unpack failure\n"));
445 /* list only the type or everything if UNKNOWN */
446 if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) {
447 DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name));
451 if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
452 DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
456 string_to_sid(&map.sid, string_sid);
458 decode_sid_name_use(group_type, map.sid_name_use);
459 DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
461 mapt= SMB_REALLOC_ARRAY((*rmap), GROUP_MAP, entries+1);
463 DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
470 mapt[entries].gid = map.gid;
471 sid_copy( &mapt[entries].sid, &map.sid);
472 mapt[entries].sid_name_use = map.sid_name_use;
473 fstrcpy(mapt[entries].nt_name, map.nt_name);
474 fstrcpy(mapt[entries].comment, map.comment);
480 *num_entries=entries;
485 /* This operation happens on session setup, so it should better be fast. We
486 * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */
488 static NTSTATUS one_alias_membership(const DOM_SID *member,
489 DOM_SID **sids, int *num)
491 fstring key, string_sid;
495 if (!init_group_mapping()) {
496 DEBUG(0,("failed to initialize group mapping\n"));
497 return NT_STATUS_ACCESS_DENIED;
500 sid_to_string(string_sid, member);
501 slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid);
503 kbuf.dsize = strlen(key)+1;
506 dbuf = tdb_fetch(tdb, kbuf);
508 if (dbuf.dptr == NULL) {
514 while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
518 if (!string_to_sid(&alias, string_sid))
521 add_sid_to_array_unique(NULL, &alias, sids, num);
524 return NT_STATUS_NO_MEMORY;
527 SAFE_FREE(dbuf.dptr);
531 static NTSTATUS alias_memberships(const DOM_SID *members, int num_members,
532 DOM_SID **sids, int *num)
539 for (i=0; i<num_members; i++) {
540 NTSTATUS status = one_alias_membership(&members[i], sids, num);
541 if (!NT_STATUS_IS_OK(status))
547 static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member)
552 /* This feels the wrong way round, but the on-disk data structure
553 * dictates it this way. */
554 if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num)))
557 for (i=0; i<num; i++) {
558 if (sid_compare(alias, &sids[i]) == 0) {
567 static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
573 char *new_memberstring;
576 if(!init_group_mapping()) {
577 DEBUG(0,("failed to initialize group mapping\n"));
578 return NT_STATUS_ACCESS_DENIED;
581 if (!get_group_map_from_sid(*alias, &map))
582 return NT_STATUS_NO_SUCH_ALIAS;
584 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
585 (map.sid_name_use != SID_NAME_WKN_GRP) )
586 return NT_STATUS_NO_SUCH_ALIAS;
588 if (is_aliasmem(alias, member))
589 return NT_STATUS_MEMBER_IN_ALIAS;
591 sid_to_string(string_sid, member);
592 slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid);
594 kbuf.dsize = strlen(key)+1;
597 dbuf = tdb_fetch(tdb, kbuf);
599 sid_to_string(string_sid, alias);
601 if (dbuf.dptr != NULL) {
602 asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
605 new_memberstring = SMB_STRDUP(string_sid);
608 if (new_memberstring == NULL)
609 return NT_STATUS_NO_MEMORY;
611 SAFE_FREE(dbuf.dptr);
612 dbuf.dsize = strlen(new_memberstring)+1;
613 dbuf.dptr = new_memberstring;
615 result = tdb_store(tdb, kbuf, dbuf, 0);
617 SAFE_FREE(new_memberstring);
619 return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
622 struct aliasmem_closure {
623 const DOM_SID *alias;
628 static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
631 struct aliasmem_closure *closure = (struct aliasmem_closure *)state;
633 fstring alias_string;
635 if (strncmp(key.dptr, MEMBEROF_PREFIX,
636 strlen(MEMBEROF_PREFIX)) != 0)
641 while (next_token(&p, alias_string, " ", sizeof(alias_string))) {
643 DOM_SID alias, member;
644 const char *member_string;
647 if (!string_to_sid(&alias, alias_string))
650 if (sid_compare(closure->alias, &alias) != 0)
653 /* Ok, we found the alias we're looking for in the membership
654 * list currently scanned. The key represents the alias
655 * member. Add that. */
657 member_string = strchr(key.dptr, '/');
659 /* Above we tested for MEMBEROF_PREFIX which includes the
662 SMB_ASSERT(member_string != NULL);
665 if (!string_to_sid(&member, member_string))
668 add_sid_to_array(NULL, &member, closure->sids, closure->num);
674 static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
677 struct aliasmem_closure closure;
679 if(!init_group_mapping()) {
680 DEBUG(0,("failed to initialize group mapping\n"));
681 return NT_STATUS_ACCESS_DENIED;
684 if (!get_group_map_from_sid(*alias, &map))
685 return NT_STATUS_NO_SUCH_ALIAS;
687 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
688 (map.sid_name_use != SID_NAME_WKN_GRP) )
689 return NT_STATUS_NO_SUCH_ALIAS;
694 closure.alias = alias;
698 tdb_traverse(tdb, collect_aliasmem, &closure);
702 static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
713 result = alias_memberships(member, 1, &sids, &num);
715 if (!NT_STATUS_IS_OK(result))
718 for (i=0; i<num; i++) {
719 if (sid_compare(&sids[i], alias) == 0) {
727 return NT_STATUS_MEMBER_NOT_IN_ALIAS;
731 sids[i] = sids[num-1];
735 sid_to_string(sid_string, member);
736 slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, sid_string);
738 kbuf.dsize = strlen(key)+1;
742 return tdb_delete(tdb, kbuf) == 0 ?
743 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
745 member_string = SMB_STRDUP("");
747 if (member_string == NULL) {
749 return NT_STATUS_NO_MEMORY;
752 for (i=0; i<num; i++) {
753 char *s = member_string;
755 sid_to_string(sid_string, &sids[i]);
756 asprintf(&member_string, "%s %s", s, sid_string);
759 if (member_string == NULL) {
761 return NT_STATUS_NO_MEMORY;
765 dbuf.dsize = strlen(member_string)+1;
766 dbuf.dptr = member_string;
768 result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
769 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
772 SAFE_FREE(member_string);
779 * High level functions
780 * better to use them than the lower ones.
782 * we are checking if the group is in the mapping file
783 * and if the group is an existing unix group
787 /* get a domain group from it's SID */
789 BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
794 if(!init_group_mapping()) {
795 DEBUG(0,("failed to initialize group mapping\n"));
799 DEBUG(10, ("get_domain_group_from_sid\n"));
801 /* if the group is NOT in the database, it CAN NOT be a domain group */
804 ret = pdb_getgrsid(map, sid);
810 DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
812 /* if it's not a domain group, continue */
813 if (map->sid_name_use!=SID_NAME_DOM_GRP) {
817 DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
823 DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
825 grp = getgrgid(map->gid);
827 DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
831 DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
837 /* get a local (alias) group from it's SID */
839 BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
843 if(!init_group_mapping()) {
844 DEBUG(0,("failed to initialize group mapping\n"));
848 /* The group is in the mapping table */
850 ret = pdb_getgrsid(map, *sid);
856 if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
857 (map->sid_name_use != SID_NAME_WKN_GRP) )
859 || (getgrgid(map->gid) == NULL) )
865 /* local groups only exist in the group mapping DB so this
869 /* the group isn't in the mapping table.
870 * make one based on the unix information */
874 sid_peek_rid(sid, &alias_rid);
875 map->gid=pdb_group_rid_to_gid(alias_rid);
877 grp = getgrgid(map->gid);
879 DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid));
883 map->sid_name_use=SID_NAME_ALIAS;
885 fstrcpy(map->nt_name, grp->gr_name);
886 fstrcpy(map->comment, "Local Unix Group");
888 sid_copy(&map->sid, sid);
895 /* get a builtin group from it's SID */
897 BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
902 if(!init_group_mapping()) {
903 DEBUG(0,("failed to initialize group mapping\n"));
908 ret = pdb_getgrsid(map, *sid);
914 if (map->sid_name_use!=SID_NAME_WKN_GRP) {
922 if ( getgrgid(map->gid) == NULL) {
931 /****************************************************************************
932 Returns a GROUP_MAP struct based on the gid.
933 ****************************************************************************/
934 BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
938 if(!init_group_mapping()) {
939 DEBUG(0,("failed to initialize group mapping\n"));
943 if ( getgrgid(gid) == NULL)
947 ret = pdb_getgrgid(map, gid);
958 /****************************************************************************
959 Create a UNIX group on demand.
960 ****************************************************************************/
962 int smb_create_group(char *unix_group, gid_t *new_gid)
970 /* defer to scripts */
972 if ( *lp_addgroup_script() ) {
973 pstrcpy(add_script, lp_addgroup_script());
974 pstring_sub(add_script, "%g", unix_group);
975 ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
976 DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
984 if (read(fd, output, sizeof(output)) > 0) {
985 *new_gid = (gid_t)strtoul(output, NULL, 10);
991 } else if ( winbind_create_group( unix_group, NULL ) ) {
993 DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
999 struct group *grp = getgrnam(unix_group);
1002 *new_gid = grp->gr_gid;
1008 /****************************************************************************
1009 Delete a UNIX group on demand.
1010 ****************************************************************************/
1012 int smb_delete_group(char *unix_group)
1017 /* defer to scripts */
1019 if ( *lp_delgroup_script() ) {
1020 pstrcpy(del_script, lp_delgroup_script());
1021 pstring_sub(del_script, "%g", unix_group);
1022 ret = smbrun(del_script,NULL);
1023 DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
1027 if ( winbind_delete_group( unix_group ) ) {
1028 DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n",
1036 /****************************************************************************
1037 Set a user's primary UNIX group.
1038 ****************************************************************************/
1039 int smb_set_primary_group(const char *unix_group, const char* unix_user)
1044 /* defer to scripts */
1046 if ( *lp_setprimarygroup_script() ) {
1047 pstrcpy(add_script, lp_setprimarygroup_script());
1048 all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
1049 all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
1050 ret = smbrun(add_script,NULL);
1051 flush_pwnam_cache();
1052 DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
1053 "Running the command `%s' gave %d\n",add_script,ret));
1059 if ( winbind_set_user_primary_group( unix_user, unix_group ) ) {
1060 DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n",
1061 unix_group, unix_user));
1062 flush_pwnam_cache();
1069 /****************************************************************************
1070 Add a user to a UNIX group.
1071 ****************************************************************************/
1073 int smb_add_user_group(char *unix_group, char *unix_user)
1078 /* defer to scripts */
1080 if ( *lp_addusertogroup_script() ) {
1081 pstrcpy(add_script, lp_addusertogroup_script());
1082 pstring_sub(add_script, "%g", unix_group);
1083 pstring_sub(add_script, "%u", unix_user);
1084 ret = smbrun(add_script,NULL);
1085 DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
1091 if ( winbind_add_user_to_group( unix_user, unix_group ) ) {
1092 DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n",
1093 unix_user, unix_group));
1100 /****************************************************************************
1101 Delete a user from a UNIX group
1102 ****************************************************************************/
1104 int smb_delete_user_group(const char *unix_group, const char *unix_user)
1109 /* defer to scripts */
1111 if ( *lp_deluserfromgroup_script() ) {
1112 pstrcpy(del_script, lp_deluserfromgroup_script());
1113 pstring_sub(del_script, "%g", unix_group);
1114 pstring_sub(del_script, "%u", unix_user);
1115 ret = smbrun(del_script,NULL);
1116 DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
1122 if ( winbind_remove_user_from_group( unix_user, unix_group ) ) {
1123 DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n",
1124 unix_user, unix_group));
1132 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1135 return get_group_map_from_sid(sid, map) ?
1136 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1139 NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1142 return get_group_map_from_gid(gid, map) ?
1143 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1146 NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1149 return get_group_map_from_ntname(name, map) ?
1150 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1153 NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
1156 return add_mapping_entry(map, TDB_INSERT) ?
1157 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1160 NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
1163 return add_mapping_entry(map, TDB_REPLACE) ?
1164 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1167 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
1170 return group_map_remove(sid) ?
1171 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1174 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
1175 enum SID_NAME_USE sid_name_use,
1176 GROUP_MAP **rmap, int *num_entries,
1179 return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only) ?
1180 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1183 NTSTATUS pdb_default_find_alias(struct pdb_methods *methods,
1184 const char *name, DOM_SID *sid)
1188 if (!pdb_getgrnam(&map, name))
1189 return NT_STATUS_NO_SUCH_ALIAS;
1191 if ((map.sid_name_use != SID_NAME_WKN_GRP) &&
1192 (map.sid_name_use != SID_NAME_ALIAS))
1193 return NT_STATUS_OBJECT_TYPE_MISMATCH;
1195 sid_copy(sid, &map.sid);
1196 return NT_STATUS_OK;
1199 NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
1200 const char *name, uint32 *rid)
1203 enum SID_NAME_USE type;
1209 if (lookup_name(get_global_sam_name(), name, &sid, &type))
1210 return NT_STATUS_ALIAS_EXISTS;
1212 if (!winbind_allocate_rid(&new_rid))
1213 return NT_STATUS_ACCESS_DENIED;
1215 sid_copy(&sid, get_global_sam_sid());
1216 sid_append_rid(&sid, new_rid);
1218 /* Here we allocate the gid */
1219 if (!winbind_sid_to_gid(&gid, &sid)) {
1220 DEBUG(0, ("Could not get gid for new RID\n"));
1221 return NT_STATUS_ACCESS_DENIED;
1225 sid_copy(&map.sid, &sid);
1226 map.sid_name_use = SID_NAME_ALIAS;
1227 fstrcpy(map.nt_name, name);
1228 fstrcpy(map.comment, "");
1230 if (!pdb_add_group_mapping_entry(&map)) {
1231 DEBUG(0, ("Could not add group mapping entry for alias %s\n",
1233 return NT_STATUS_ACCESS_DENIED;
1238 return NT_STATUS_OK;
1241 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
1244 return pdb_delete_group_mapping_entry(*sid) ?
1245 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
1248 NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
1250 struct acct_info *info)
1254 if (!pdb_getgrsid(&map, *sid))
1255 return NT_STATUS_NO_SUCH_ALIAS;
1257 fstrcpy(info->acct_name, map.nt_name);
1258 fstrcpy(info->acct_desc, map.comment);
1259 sid_peek_rid(&map.sid, &info->rid);
1260 return NT_STATUS_OK;
1263 NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
1265 struct acct_info *info)
1269 if (!pdb_getgrsid(&map, *sid))
1270 return NT_STATUS_NO_SUCH_ALIAS;
1272 fstrcpy(map.comment, info->acct_desc);
1274 if (!pdb_update_group_mapping_entry(&map))
1275 return NT_STATUS_ACCESS_DENIED;
1277 return NT_STATUS_OK;
1280 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
1281 const DOM_SID *alias, const DOM_SID *member)
1283 return add_aliasmem(alias, member);
1286 NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
1287 const DOM_SID *alias, const DOM_SID *member)
1289 return del_aliasmem(alias, member);
1292 NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
1293 const DOM_SID *alias, DOM_SID **members,
1296 return enum_aliasmem(alias, members, num_members);
1299 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
1300 TALLOC_CTX *mem_ctx,
1301 const DOM_SID *domain_sid,
1302 const DOM_SID *members,
1304 uint32 **alias_rids,
1305 int *num_alias_rids)
1307 DOM_SID *alias_sids;
1308 int i, num_alias_sids;
1314 result = alias_memberships(members, num_members,
1315 &alias_sids, &num_alias_sids);
1317 if (!NT_STATUS_IS_OK(result))
1320 *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
1321 if ((alias_sids != 0) && (*alias_rids == NULL))
1322 return NT_STATUS_NO_MEMORY;
1324 *num_alias_rids = 0;
1326 for (i=0; i<num_alias_sids; i++) {
1327 if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
1328 &(*alias_rids)[*num_alias_rids]))
1330 *num_alias_rids += 1;
1333 SAFE_FREE(alias_sids);
1335 return NT_STATUS_OK;
1338 /**********************************************************************
1339 no ops for passdb backends that don't implement group mapping
1340 *********************************************************************/
1342 NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1345 return NT_STATUS_UNSUCCESSFUL;
1348 NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1351 return NT_STATUS_UNSUCCESSFUL;
1354 NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1357 return NT_STATUS_UNSUCCESSFUL;
1360 NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
1363 return NT_STATUS_UNSUCCESSFUL;
1366 NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
1369 return NT_STATUS_UNSUCCESSFUL;
1372 NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
1375 return NT_STATUS_UNSUCCESSFUL;
1378 NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
1379 enum SID_NAME_USE sid_name_use,
1380 GROUP_MAP **rmap, int *num_entries,
1383 return NT_STATUS_UNSUCCESSFUL;
git.samba.org / kai / samba.git / blob