search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-server: Remove duplicate logic
[samba4-gss.git] / source3 / lib / winbind_util.c
blobece0cbf2114aa500ff63fc7c47da3324ab64562a
1 /*
2 Unix SMB/CIFS implementation.
3 Winbind Utility functions
4
5 Copyright (C) Gerald (Jerry) Carter 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "../libcli/security/security.h"
23 #include "../lib/util/util_pw.h"
24 #include "nsswitch/libwbclient/wbclient.h"
25
26 #include "lib/winbind_util.h"
27
28 #if defined(WITH_WINBIND)
29
30 struct passwd * winbind_getpwnam(const char * name)
31 {
32 wbcErr result;
33 struct passwd * tmp_pwd = NULL;
34 struct passwd * pwd = NULL;
35
36 result = wbcGetpwnam(name, &tmp_pwd);
37 if (result != WBC_ERR_SUCCESS)
38 return pwd;
39
40 pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
41
42 wbcFreeMemory(tmp_pwd);
43
44 return pwd;
45 }
46
47 struct passwd * winbind_getpwsid(const struct dom_sid *sid)
48 {
49 wbcErr result;
50 struct passwd * tmp_pwd = NULL;
51 struct passwd * pwd = NULL;
52 struct wbcDomainSid dom_sid;
53
54 memcpy(&dom_sid, sid, sizeof(dom_sid));
55
56 result = wbcGetpwsid(&dom_sid, &tmp_pwd);
57 if (result != WBC_ERR_SUCCESS)
58 return pwd;
59
60 pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
61
62 wbcFreeMemory(tmp_pwd);
63
64 return pwd;
65 }
66
67 /* Call winbindd to convert a name to a sid */
68
69 bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
70 enum lsa_SidType *name_type)
71 {
72 struct wbcDomainSid dom_sid;
73 wbcErr result;
74 enum wbcSidType type;
75
76 result = wbcLookupName(dom_name, name, &dom_sid, &type);
77 if (result != WBC_ERR_SUCCESS)
78 return false;
79
80 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
81 *name_type = (enum lsa_SidType)type;
82
83 return true;
84 }
85
86 /* Same as winbind_lookup_name(), but returning NTSTATUS instead of bool */
87
88 _PRIVATE_
89 NTSTATUS winbind_lookup_name_ex(const char *dom_name,
90 const char *name,
91 struct dom_sid *sid,
92 enum lsa_SidType *name_type)
93 {
94 struct wbcDomainSid dom_sid;
95 wbcErr result;
96 enum wbcSidType type;
97 NTSTATUS status;
98
99 result = wbcLookupName(dom_name, name, &dom_sid, &type);
100
101 status = map_nt_error_from_wbcErr(result);
102 if (!NT_STATUS_IS_OK(status)) {
103 if ((lp_security() < SEC_DOMAIN) &&
104 NT_STATUS_EQUAL(status, NT_STATUS_SERVER_DISABLED))
105 {
106 /*
107 * If we're not a domain member and winbind is not
108 * running, treat this as not mapped.
109 */
110 status = NT_STATUS_NONE_MAPPED;
111 }
112 if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
113 return status;
114 }
115 *name_type = SID_NAME_UNKNOWN;
116 ZERO_STRUCTP(sid);
117 return NT_STATUS_OK;
118 }
119
120 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
121 *name_type = (enum lsa_SidType)type;
122
123 return NT_STATUS_OK;
124 }
125
126 /* Call winbindd to convert sid to name */
127
128 bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
129 const char **domain, const char **name,
130 enum lsa_SidType *name_type)
131 {
132 struct wbcDomainSid dom_sid;
133 wbcErr result;
134 enum wbcSidType type;
135 char *domain_name = NULL;
136 char *account_name = NULL;
137 struct dom_sid_buf buf;
138
139 memcpy(&dom_sid, sid, sizeof(dom_sid));
140
141 result = wbcLookupSid(&dom_sid, &domain_name, &account_name, &type);
142 if (result != WBC_ERR_SUCCESS)
143 return false;
144
145 /* Copy out result */
146
147 if (domain) {
148 *domain = talloc_strdup(mem_ctx, domain_name);
149 }
150 if (name) {
151 *name = talloc_strdup(mem_ctx, account_name);
152 }
153 *name_type = (enum lsa_SidType)type;
154
155 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
156 dom_sid_str_buf(sid, &buf), domain_name, account_name));
157
158 wbcFreeMemory(domain_name);
159 wbcFreeMemory(account_name);
160
161 if ((domain && !*domain) || (name && !*name)) {
162 DEBUG(0,("winbind_lookup_sid: talloc() failed!\n"));
163 return false;
164 }
165
166
167 return true;
168 }
169
170 /* Ping winbindd to see it is alive */
171
172 bool winbind_ping(void)
173 {
174 wbcErr result = wbcPing();
175
176 return (result == WBC_ERR_SUCCESS);
177 }
178
179 /* Call winbindd to convert SID to uid */
180
181 bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
182 {
183 struct wbcDomainSid dom_sid;
184 wbcErr result;
185
186 memcpy(&dom_sid, sid, sizeof(dom_sid));
187
188 result = wbcSidToUid(&dom_sid, puid);
189
190 return (result == WBC_ERR_SUCCESS);
191 }
192
193 /* Call winbindd to convert SID to gid */
194
195 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
196 {
197 struct wbcDomainSid dom_sid;
198 wbcErr result;
199
200 memcpy(&dom_sid, sid, sizeof(dom_sid));
201
202 result = wbcSidToGid(&dom_sid, pgid);
203
204 return (result == WBC_ERR_SUCCESS);
205 }
206
207 bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
208 {
209 struct wbcUnixId wbc_xid;
210 struct wbcDomainSid dom_sid;
211 wbcErr result;
212
213 switch (xid->type) {
214 case ID_TYPE_UID:
215 wbc_xid = (struct wbcUnixId) {
216 .type = WBC_ID_TYPE_UID, .id.uid = xid->id
217 };
218 break;
219 case ID_TYPE_GID:
220 wbc_xid = (struct wbcUnixId) {
221 .type = WBC_ID_TYPE_GID, .id.gid = xid->id
222 };
223 break;
224 default:
225 return false;
226 }
227
228 result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
229 if (result != WBC_ERR_SUCCESS) {
230 return false;
231 }
232
233 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
234 return true;
235 }
236
237 /* Check for a trusted domain */
238
239 wbcErr wb_is_trusted_domain(const char *domain)
240 {
241 wbcErr result;
242 struct wbcDomainInfo *info = NULL;
243
244 result = wbcDomainInfo(domain, &info);
245
246 if (WBC_ERROR_IS_OK(result)) {
247 wbcFreeMemory(info);
248 }
249
250 return result;
251 }
252
253 /* Lookup a set of rids in a given domain */
254
255 bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
256 const struct dom_sid *domain_sid,
257 int num_rids, uint32_t *rids,
258 const char **domain_name,
259 const char ***names, enum lsa_SidType **types)
260 {
261 const char *dom_name = NULL;
262 const char **namelist = NULL;
263 enum wbcSidType *name_types = NULL;
264 struct wbcDomainSid dom_sid;
265 wbcErr ret;
266 int i;
267
268 memcpy(&dom_sid, domain_sid, sizeof(struct wbcDomainSid));
269
270 ret = wbcLookupRids(&dom_sid, num_rids, rids,
271 &dom_name, &namelist, &name_types);
272 if (ret != WBC_ERR_SUCCESS) {
273 return false;
274 }
275
276 *domain_name = talloc_strdup(mem_ctx, dom_name);
277 *names = talloc_array(mem_ctx, const char*, num_rids);
278 *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
279
280 for(i=0; i<num_rids; i++) {
281 (*names)[i] = talloc_strdup(*names, namelist[i]);
282 (*types)[i] = (enum lsa_SidType)name_types[i];
283 }
284
285 wbcFreeMemory(discard_const_p(char, dom_name));
286 wbcFreeMemory(namelist);
287 wbcFreeMemory(name_types);
288
289 return true;
290 }
291
292 /* Ask Winbind to allocate a new uid for us */
293
294 bool winbind_allocate_uid(uid_t *uid)
295 {
296 wbcErr ret;
297
298 ret = wbcAllocateUid(uid);
299
300 return (ret == WBC_ERR_SUCCESS);
301 }
302
303 /* Ask Winbind to allocate a new gid for us */
304
305 bool winbind_allocate_gid(gid_t *gid)
306 {
307 wbcErr ret;
308
309 ret = wbcAllocateGid(gid);
310
311 return (ret == WBC_ERR_SUCCESS);
312 }
313
314 bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
315 const struct dom_sid *user_sid,
316 uint32_t *p_num_sids,
317 struct dom_sid **p_sids)
318 {
319 wbcErr ret;
320 struct wbcDomainSid dom_sid;
321 struct wbcDomainSid *sid_list = NULL;
322 uint32_t num_sids;
323
324 memcpy(&dom_sid, user_sid, sizeof(dom_sid));
325
326 ret = wbcLookupUserSids(&dom_sid,
327 false,
328 &num_sids,
329 &sid_list);
330 if (ret != WBC_ERR_SUCCESS) {
331 return false;
332 }
333
334 *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
335 if (*p_sids == NULL) {
336 wbcFreeMemory(sid_list);
337 return false;
338 }
339
340 memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
341
342 *p_num_sids = num_sids;
343 wbcFreeMemory(sid_list);
344
345 return true;
346 }
347
348 #else /* WITH_WINBIND */
349
350 struct passwd * winbind_getpwnam(const char * name)
351 {
352 return NULL;
353 }
354
355 struct passwd * winbind_getpwsid(const struct dom_sid *sid)
356 {
357 return NULL;
358 }
359
360 bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
361 enum lsa_SidType *name_type)
362 {
363 return false;
364 }
365
366 _PRIVATE_
367 NTSTATUS winbind_lookup_name_ex(const char *dom_name,
368 const char *name,
369 struct dom_sid *sid,
370 enum lsa_SidType *name_type)
371 {
372 *name_type = SID_NAME_UNKNOWN;
373 ZERO_STRUCTP(sid);
374 return NT_STATUS_OK;
375 }
376
377 /* Call winbindd to convert sid to name */
378
379 bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
380 const char **domain, const char **name,
381 enum lsa_SidType *name_type)
382 {
383 return false;
384 }
385
386 /* Ping winbindd to see it is alive */
387
388 bool winbind_ping(void)
389 {
390 return false;
391 }
392
393 /* Call winbindd to convert SID to uid */
394
395 bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
396 {
397 return false;
398 }
399
400 /* Call winbindd to convert SID to gid */
401
402 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
403 {
404 return false;
405 }
406
407 /* Call winbindd to convert uid or gid to SID */
408
409 bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
410 {
411 return false;
412 }
413
414 /* Check for a trusted domain */
415
416 wbcErr wb_is_trusted_domain(const char *domain)
417 {
418 return WBC_ERR_UNKNOWN_FAILURE;
419 }
420
421 /* Lookup a set of rids in a given domain */
422
423 bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
424 const struct dom_sid *domain_sid,
425 int num_rids, uint32_t *rids,
426 const char **domain_name,
427 const char ***names, enum lsa_SidType **types)
428 {
429 return false;
430 }
431
432 /* Ask Winbind to allocate a new uid for us */
433
434 bool winbind_allocate_uid(uid_t *uid)
435 {
436 return false;
437 }
438
439 /* Ask Winbind to allocate a new gid for us */
440
441 bool winbind_allocate_gid(gid_t *gid)
442 {
443 return false;
444 }
445
446 bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
447 const struct dom_sid *user_sid,
448 uint32_t *p_num_sids,
449 struct dom_sid **p_sids)
450 {
451 return false;
452 }
453
454 #endif /* WITH_WINBIND */
GSS-enabled samba4