2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Tridgell 2000
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Library General Public
11 License as published by the Free Software Foundation; either
12 version 2 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Library General Public
20 License along with this library; if not, write to the
21 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
22 Boston, MA 02111-1307, USA.
26 #include "nsswitch/winbind_nss.h"
29 #define DBGC_CLASS DBGC_WINBIND
31 NSS_STATUS winbindd_request_response(int req_type,
32 struct winbindd_request *request,
33 struct winbindd_response *response);
35 /* Call winbindd to convert a name to a sid */
37 BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
38 enum SID_NAME_USE *name_type)
40 struct winbindd_request request;
41 struct winbindd_response response;
44 if (!sid || !name_type)
47 /* Send off request */
50 ZERO_STRUCT(response);
52 fstrcpy(request.data.name.dom_name, dom_name);
53 fstrcpy(request.data.name.name, name);
55 if ((result = winbindd_request_response(WINBINDD_LOOKUPNAME, &request,
56 &response)) == NSS_STATUS_SUCCESS) {
57 if (!string_to_sid(sid, response.data.sid.sid))
59 *name_type = (enum SID_NAME_USE)response.data.sid.type;
62 return result == NSS_STATUS_SUCCESS;
65 /* Call winbindd to convert sid to name */
67 BOOL winbind_lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
68 const char **domain, const char **name,
69 enum SID_NAME_USE *name_type)
71 struct winbindd_request request;
72 struct winbindd_response response;
75 /* Initialise request */
78 ZERO_STRUCT(response);
80 fstrcpy(request.data.sid, sid_string_static(sid));
84 result = winbindd_request_response(WINBINDD_LOOKUPSID, &request,
87 if (result != NSS_STATUS_SUCCESS) {
94 *domain = talloc_strdup(mem_ctx, response.data.name.dom_name);
95 if (*domain == NULL) {
96 DEBUG(0, ("talloc failed\n"));
101 *name = talloc_strdup(mem_ctx, response.data.name.name);
103 DEBUG(0, ("talloc failed\n"));
108 *name_type = (enum SID_NAME_USE)response.data.name.type;
110 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
111 sid_string_static(sid), response.data.name.dom_name,
112 response.data.name.name));
116 /* Call winbindd to convert SID to uid */
118 BOOL winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid)
120 struct winbindd_request request;
121 struct winbindd_response response;
128 /* Initialise request */
130 ZERO_STRUCT(request);
131 ZERO_STRUCT(response);
133 sid_to_string(sid_str, sid);
134 fstrcpy(request.data.sid, sid_str);
138 result = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
140 /* Copy out result */
142 if (result == NSS_STATUS_SUCCESS) {
143 *puid = response.data.uid;
146 return (result == NSS_STATUS_SUCCESS);
149 /* Call winbindd to convert uid to sid */
151 BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
153 struct winbindd_request request;
154 struct winbindd_response response;
160 /* Initialise request */
162 ZERO_STRUCT(request);
163 ZERO_STRUCT(response);
165 request.data.uid = uid;
169 result = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
171 /* Copy out result */
173 if (result == NSS_STATUS_SUCCESS) {
174 if (!string_to_sid(sid, response.data.sid.sid))
177 sid_copy(sid, &global_sid_NULL);
180 return (result == NSS_STATUS_SUCCESS);
183 /* Call winbindd to convert SID to gid */
185 BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
187 struct winbindd_request request;
188 struct winbindd_response response;
195 /* Initialise request */
197 ZERO_STRUCT(request);
198 ZERO_STRUCT(response);
200 sid_to_string(sid_str, sid);
201 fstrcpy(request.data.sid, sid_str);
205 result = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
207 /* Copy out result */
209 if (result == NSS_STATUS_SUCCESS) {
210 *pgid = response.data.gid;
213 return (result == NSS_STATUS_SUCCESS);
216 /* Call winbindd to convert gid to sid */
218 BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
220 struct winbindd_request request;
221 struct winbindd_response response;
227 /* Initialise request */
229 ZERO_STRUCT(request);
230 ZERO_STRUCT(response);
232 request.data.gid = gid;
236 result = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
238 /* Copy out result */
240 if (result == NSS_STATUS_SUCCESS) {
241 if (!string_to_sid(sid, response.data.sid.sid))
244 sid_copy(sid, &global_sid_NULL);
247 return (result == NSS_STATUS_SUCCESS);
250 BOOL winbind_allocate_uid(uid_t *uid)
252 struct winbindd_request request;
253 struct winbindd_response response;
256 /* Initialise request */
258 ZERO_STRUCT(request);
259 ZERO_STRUCT(response);
263 result = winbindd_request_response(WINBINDD_ALLOCATE_UID,
264 &request, &response);
266 if (result != NSS_STATUS_SUCCESS)
269 /* Copy out result */
270 *uid = response.data.uid;
275 BOOL winbind_allocate_gid(gid_t *gid)
277 struct winbindd_request request;
278 struct winbindd_response response;
281 /* Initialise request */
283 ZERO_STRUCT(request);
284 ZERO_STRUCT(response);
288 result = winbindd_request_response(WINBINDD_ALLOCATE_GID,
289 &request, &response);
291 if (result != NSS_STATUS_SUCCESS)
294 /* Copy out result */
295 *gid = response.data.gid;
300 /* Fetch the list of groups a user is a member of from winbindd. This is
301 used by winbind_getgroups. */
303 static int wb_getgroups(const char *user, gid_t **groups)
305 struct winbindd_request request;
306 struct winbindd_response response;
311 ZERO_STRUCT(request);
312 fstrcpy(request.data.username, user);
314 ZERO_STRUCT(response);
316 result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
318 if (result == NSS_STATUS_SUCCESS) {
320 /* Return group list. Don't forget to free the group list
323 *groups = (gid_t *)response.extra_data;
324 return response.data.num_entries;
330 /* Call winbindd to initialise group membership. This is necessary for
331 some systems (i.e RH5.2) that do not have an initgroups function as part
332 of the nss extension. In RH5.2 this is implemented using getgrent()
333 which can be amazingly inefficient as well as having problems with
336 int winbind_initgroups(char *user, gid_t gid)
338 gid_t *tgr, *groups = NULL;
341 /* Call normal initgroups if we are a local user */
343 if (!strchr(user, *lp_winbind_separator())) {
344 return initgroups(user, gid);
347 result = wb_getgroups(user, &groups);
349 DEBUG(10,("winbind_getgroups: %s: result = %s\n", user,
350 result == -1 ? "FAIL" : "SUCCESS"));
353 int ngroups = result, i;
354 BOOL is_member = False;
356 /* Check to see if the passed gid is already in the list */
358 for (i = 0; i < ngroups; i++) {
359 if (groups[i] == gid) {
364 /* Add group to list if necessary */
367 tgr = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1);
376 groups[ngroups] = gid;
382 if (sys_setgroups(ngroups, groups) == -1) {
390 /* The call failed. Set errno to something so we don't get
391 a bogus value from the last failed system call. */
396 /* Free response data if necessary */
404 /* Return a list of groups the user is a member of. This function is
405 useful for large systems where inverting the group database would be too
406 time consuming. If size is zero, list is not modified and the total
407 number of groups for the user is returned. */
409 int winbind_getgroups(const char *user, gid_t **list)
412 * Don't do the lookup if the name has no separator _and_ we are not in
413 * 'winbind use default domain' mode.
416 if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain()))
419 /* Fetch list of groups */
421 return wb_getgroups(user, list);
424 /**********************************************************************
425 simple wrapper function to see if winbindd is alive
426 **********************************************************************/
428 BOOL winbind_ping( void )
432 result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
434 return result == NSS_STATUS_SUCCESS;
437 /**********************************************************************
440 result == NSS_STATUS_UNAVAIL: winbind not around
441 result == NSS_STATUS_NOTFOUND: winbind around, but domain missing
443 Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off and
444 when winbind return WINBINDD_ERROR. So the semantics of this routine depends
445 on winbind_on. Grepping for winbind_off I just found 3 places where winbind
446 is turned off, and this does not conflict (as far as I have seen) with the
447 callers of is_trusted_domains.
449 I *hate* global variables....
453 **********************************************************************/
455 NSS_STATUS wb_is_trusted_domain(const char *domain)
457 struct winbindd_request request;
458 struct winbindd_response response;
462 ZERO_STRUCT(request);
463 ZERO_STRUCT(response);
465 fstrcpy(request.domain_name, domain);
467 return winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response);