root/source3/groupdb/mapping.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. init_group_mapping
  2. add_initial_entry
  3. alias_memberships
  4. get_domain_group_from_sid
  5. smb_create_group
  6. smb_delete_group
  7. smb_set_primary_group
  8. smb_add_user_group
  9. smb_delete_user_group
  10. pdb_default_getgrsid
  11. pdb_default_getgrgid
  12. pdb_default_getgrnam
  13. pdb_default_add_group_mapping_entry
  14. pdb_default_update_group_mapping_entry
  15. pdb_default_delete_group_mapping_entry
  16. pdb_default_enum_group_mapping
  17. pdb_default_create_alias
  18. pdb_default_delete_alias
  19. pdb_default_get_aliasinfo
  20. pdb_default_set_aliasinfo
  21. pdb_default_add_aliasmem
  22. pdb_default_del_aliasmem
  23. pdb_default_enum_aliasmem
  24. pdb_default_alias_memberships
  25. pdb_nop_getgrsid
  26. pdb_nop_getgrgid
  27. pdb_nop_getgrnam
  28. pdb_nop_add_group_mapping_entry
  29. pdb_nop_update_group_mapping_entry
  30. pdb_nop_delete_group_mapping_entry
  31. pdb_nop_enum_group_mapping
  32. pdb_get_dom_grp_info
  33. pdb_set_dom_grp_info
  34. pdb_create_builtin_alias

   1 /* 
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Copyright (C) Andrew Tridgell              1992-2000,
   5  *  Copyright (C) Jean François Micouleau      1998-2001.
   6  *  Copyright (C) Volker Lendecke              2006.
   7  *  Copyright (C) Gerald Carter                2006.
   8  *  
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 3 of the License, or
  12  *  (at your option) any later version.
  13  *  
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *  
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  21  */
  22 
  23 #include "includes.h"
  24 #include "groupdb/mapping.h"
  25 
  26 static const struct mapping_backend *backend;
  27 
  28 /*
  29   initialise a group mapping backend
  30  */
  31 static bool init_group_mapping(void)
     /* [<][>][^][v][top][bottom][index][help] */
  32 {
  33         const char *backend_string;
  34 
  35         if (backend != NULL) {
  36                 /* already initialised */
  37                 return True;
  38         }
  39 
  40         /*
  41          * default to using the ldb backend. This parameter should
  42          * disappear in future versions of Samba3.
  43          *
  44          * But it's needed for cluster setups, because it's
  45          * not yet possible to distribute a ldb inside a cluster.
  46          */
  47         backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb");
  48 
  49         if (strcmp(backend_string, "ldb") == 0) {
  50                 backend = groupdb_ldb_init();
  51         } else if (strcmp(backend_string, "tdb") == 0) {
  52                 backend = groupdb_tdb_init();
  53         } else {
  54                 DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string));
  55                 smb_panic("Unknown groupdb backend");
  56         }
  57 
  58         return backend != NULL;
  59 }
  60 
  61 /****************************************************************************
  62 initialise first time the mapping list
  63 ****************************************************************************/
  64 NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
     /* [<][>][^][v][top][bottom][index][help] */
  65 {
  66         GROUP_MAP map;
  67 
  68         if(!init_group_mapping()) {
  69                 DEBUG(0,("failed to initialize group mapping\n"));
  70                 return NT_STATUS_UNSUCCESSFUL;
  71         }
  72         
  73         map.gid=gid;
  74         if (!string_to_sid(&map.sid, sid)) {
  75                 DEBUG(0, ("string_to_sid failed: %s", sid));
  76                 return NT_STATUS_UNSUCCESSFUL;
  77         }
  78         
  79         map.sid_name_use=sid_name_use;
  80         fstrcpy(map.nt_name, nt_name);
  81         fstrcpy(map.comment, comment);
  82 
  83         return pdb_add_group_mapping_entry(&map);
  84 }
  85 
  86 static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members,
     /* [<][>][^][v][top][bottom][index][help] */
  87                                   DOM_SID **sids, size_t *num)
  88 {
  89         size_t i;
  90 
  91         *num = 0;
  92         *sids = NULL;
  93 
  94         for (i=0; i<num_members; i++) {
  95                 NTSTATUS status = backend->one_alias_membership(&members[i], sids, num);
  96                 if (!NT_STATUS_IS_OK(status))
  97                         return status;
  98         }
  99         return NT_STATUS_OK;
 100 }
 101 
 102 struct aliasmem_closure {
 103         const DOM_SID *alias;
 104         DOM_SID **sids;
 105         size_t *num;
 106 };
 107 
 108 
 109 
 110 /*
 111  *
 112  * High level functions
 113  * better to use them than the lower ones.
 114  *
 115  * we are checking if the group is in the mapping file
 116  * and if the group is an existing unix group
 117  *
 118  */
 119 
 120 /* get a domain group from it's SID */
 121 
 122 bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
     /* [<][>][^][v][top][bottom][index][help] */
 123 {
 124         struct group *grp;
 125         bool ret;
 126         
 127         if(!init_group_mapping()) {
 128                 DEBUG(0,("failed to initialize group mapping\n"));
 129                 return(False);
 130         }
 131 
 132         DEBUG(10, ("get_domain_group_from_sid\n"));
 133 
 134         /* if the group is NOT in the database, it CAN NOT be a domain group */
 135         
 136         become_root();
 137         ret = pdb_getgrsid(map, sid);
 138         unbecome_root();
 139         
 140         /* special case check for rid 513 */
 141         
 142         if ( !ret ) {
 143                 uint32 rid;
 144                 
 145                 sid_peek_rid( &sid, &rid );
 146                 
 147                 if ( rid == DOMAIN_GROUP_RID_USERS ) {
 148                         fstrcpy( map->nt_name, "None" );
 149                         fstrcpy( map->comment, "Ordinary Users" );
 150                         sid_copy( &map->sid, &sid );
 151                         map->sid_name_use = SID_NAME_DOM_GRP;
 152                         map->gid = (gid_t)-1;
 153                         
 154                         return True;
 155                 }
 156                 
 157                 return False;
 158         }
 159 
 160         DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
 161 
 162         /* if it's not a domain group, continue */
 163         if (map->sid_name_use!=SID_NAME_DOM_GRP) {
 164                 return False;
 165         }
 166 
 167         DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
 168         
 169         if (map->gid==-1) {
 170                 return False;
 171         }
 172 
 173         DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
 174         
 175         grp = getgrgid(map->gid);
 176         if ( !grp ) {
 177                 DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
 178                 return False;
 179         }
 180 
 181         DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
 182 
 183         return True;
 184 }
 185 
 186 /****************************************************************************
 187  Create a UNIX group on demand.
 188 ****************************************************************************/
 189 
 190 int smb_create_group(const char *unix_group, gid_t *new_gid)
     /* [<][>][^][v][top][bottom][index][help] */
 191 {
 192         char *add_script = NULL;
 193         int     ret = -1;
 194         int     fd = 0;
 195 
 196         *new_gid = 0;
 197 
 198         /* defer to scripts */
 199 
 200         if ( *lp_addgroup_script() ) {
 201                 TALLOC_CTX *ctx = talloc_tos();
 202 
 203                 add_script = talloc_strdup(ctx,
 204                                         lp_addgroup_script());
 205                 if (!add_script) {
 206                         return -1;
 207                 }
 208                 add_script = talloc_string_sub(ctx,
 209                                 add_script, "%g", unix_group);
 210                 if (!add_script) {
 211                         return -1;
 212                 }
 213 
 214                 ret = smbrun(add_script, &fd);
 215                 DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
 216                 if (ret == 0) {
 217                         smb_nscd_flush_group_cache();
 218                 }
 219                 if (ret != 0)
 220                         return ret;
 221 
 222                 if (fd != 0) {
 223                         fstring output;
 224 
 225                         *new_gid = 0;
 226                         if (read(fd, output, sizeof(output)) > 0) {
 227                                 *new_gid = (gid_t)strtoul(output, NULL, 10);
 228                         }
 229 
 230                         close(fd);
 231                 }
 232 
 233         }
 234 
 235         if (*new_gid == 0) {
 236                 struct group *grp = getgrnam(unix_group);
 237 
 238                 if (grp != NULL)
 239                         *new_gid = grp->gr_gid;
 240         }
 241 
 242         return ret;
 243 }
 244 
 245 /****************************************************************************
 246  Delete a UNIX group on demand.
 247 ****************************************************************************/
 248 
 249 int smb_delete_group(const char *unix_group)
     /* [<][>][^][v][top][bottom][index][help] */
 250 {
 251         char *del_script = NULL;
 252         int ret = -1;
 253 
 254         /* defer to scripts */
 255 
 256         if ( *lp_delgroup_script() ) {
 257                 TALLOC_CTX *ctx = talloc_tos();
 258 
 259                 del_script = talloc_strdup(ctx,
 260                                 lp_delgroup_script());
 261                 if (!del_script) {
 262                         return -1;
 263                 }
 264                 del_script = talloc_string_sub(ctx,
 265                                 del_script, "%g", unix_group);
 266                 if (!del_script) {
 267                         return -1;
 268                 }
 269                 ret = smbrun(del_script,NULL);
 270                 DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
 271                 if (ret == 0) {
 272                         smb_nscd_flush_group_cache();
 273                 }
 274                 return ret;
 275         }
 276 
 277         return -1;
 278 }
 279 
 280 /****************************************************************************
 281  Set a user's primary UNIX group.
 282 ****************************************************************************/
 283 
 284 int smb_set_primary_group(const char *unix_group, const char* unix_user)
     /* [<][>][^][v][top][bottom][index][help] */
 285 {
 286         char *add_script = NULL;
 287         int ret = -1;
 288 
 289         /* defer to scripts */
 290 
 291         if ( *lp_setprimarygroup_script() ) {
 292                 TALLOC_CTX *ctx = talloc_tos();
 293 
 294                 add_script = talloc_strdup(ctx,
 295                                 lp_setprimarygroup_script());
 296                 if (!add_script) {
 297                         return -1;
 298                 }
 299                 add_script = talloc_all_string_sub(ctx,
 300                                 add_script, "%g", unix_group);
 301                 if (!add_script) {
 302                         return -1;
 303                 }
 304                 add_script = talloc_string_sub(ctx,
 305                                 add_script, "%u", unix_user);
 306                 if (!add_script) {
 307                         return -1;
 308                 }
 309                 ret = smbrun(add_script,NULL);
 310                 flush_pwnam_cache();
 311                 DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
 312                          "Running the command `%s' gave %d\n",add_script,ret));
 313                 if (ret == 0) {
 314                         smb_nscd_flush_group_cache();
 315                 }
 316                 return ret;
 317         }
 318 
 319         return -1;
 320 }
 321 
 322 /****************************************************************************
 323  Add a user to a UNIX group.
 324 ****************************************************************************/
 325 
 326 int smb_add_user_group(const char *unix_group, const char *unix_user)
     /* [<][>][^][v][top][bottom][index][help] */
 327 {
 328         char *add_script = NULL;
 329         int ret = -1;
 330 
 331         /* defer to scripts */
 332 
 333         if ( *lp_addusertogroup_script() ) {
 334                 TALLOC_CTX *ctx = talloc_tos();
 335 
 336                 add_script = talloc_strdup(ctx,
 337                                 lp_addusertogroup_script());
 338                 if (!add_script) {
 339                         return -1;
 340                 }
 341                 add_script = talloc_string_sub(ctx,
 342                                 add_script, "%g", unix_group);
 343                 if (!add_script) {
 344                         return -1;
 345                 }
 346                 add_script = talloc_string_sub(ctx,
 347                                 add_script, "%u", unix_user);
 348                 if (!add_script) {
 349                         return -1;
 350                 }
 351                 ret = smbrun(add_script,NULL);
 352                 DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
 353                 if (ret == 0) {
 354                         smb_nscd_flush_group_cache();
 355                 }
 356                 return ret;
 357         }
 358 
 359         return -1;
 360 }
 361 
 362 /****************************************************************************
 363  Delete a user from a UNIX group
 364 ****************************************************************************/
 365 
 366 int smb_delete_user_group(const char *unix_group, const char *unix_user)
     /* [<][>][^][v][top][bottom][index][help] */
 367 {
 368         char *del_script = NULL;
 369         int ret = -1;
 370 
 371         /* defer to scripts */
 372 
 373         if ( *lp_deluserfromgroup_script() ) {
 374                 TALLOC_CTX *ctx = talloc_tos();
 375 
 376                 del_script = talloc_strdup(ctx,
 377                                 lp_deluserfromgroup_script());
 378                 if (!del_script) {
 379                         return -1;
 380                 }
 381                 del_script = talloc_string_sub(ctx,
 382                                 del_script, "%g", unix_group);
 383                 if (!del_script) {
 384                         return -1;
 385                 }
 386                 del_script = talloc_string_sub(ctx,
 387                                 del_script, "%u", unix_user);
 388                 if (!del_script) {
 389                         return -1;
 390                 }
 391                 ret = smbrun(del_script,NULL);
 392                 DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
 393                 if (ret == 0) {
 394                         smb_nscd_flush_group_cache();
 395                 }
 396                 return ret;
 397         }
 398 
 399         return -1;
 400 }
 401 
 402 
 403 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 404                                  DOM_SID sid)
 405 {
 406         if (!init_group_mapping()) {
 407                 DEBUG(0,("failed to initialize group mapping\n"));
 408                 return NT_STATUS_UNSUCCESSFUL;
 409         }
 410         return backend->get_group_map_from_sid(sid, map) ?
 411                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 412 }
 413 
 414 NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 415                                  gid_t gid)
 416 {
 417         if (!init_group_mapping()) {
 418                 DEBUG(0,("failed to initialize group mapping\n"));
 419                 return NT_STATUS_UNSUCCESSFUL;
 420         }
 421         return backend->get_group_map_from_gid(gid, map) ?
 422                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 423 }
 424 
 425 NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 426                                  const char *name)
 427 {
 428         if (!init_group_mapping()) {
 429                 DEBUG(0,("failed to initialize group mapping\n"));
 430                 return NT_STATUS_UNSUCCESSFUL;
 431         }
 432         return backend->get_group_map_from_ntname(name, map) ?
 433                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 434 }
 435 
 436 NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 437                                                 GROUP_MAP *map)
 438 {
 439         if (!init_group_mapping()) {
 440                 DEBUG(0,("failed to initialize group mapping\n"));
 441                 return NT_STATUS_UNSUCCESSFUL;
 442         }
 443         return backend->add_mapping_entry(map, TDB_INSERT) ?
 444                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 445 }
 446 
 447 NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 448                                                    GROUP_MAP *map)
 449 {
 450         if (!init_group_mapping()) {
 451                 DEBUG(0,("failed to initialize group mapping\n"));
 452                 return NT_STATUS_UNSUCCESSFUL;
 453         }
 454         return backend->add_mapping_entry(map, TDB_REPLACE) ?
 455                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 456 }
 457 
 458 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 459                                                    DOM_SID sid)
 460 {
 461         if (!init_group_mapping()) {
 462                 DEBUG(0,("failed to initialize group mapping\n"));
 463                 return NT_STATUS_UNSUCCESSFUL;
 464         }
 465         return backend->group_map_remove(&sid) ?
 466                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 467 }
 468 
 469 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 470                                            const DOM_SID *sid, enum lsa_SidType sid_name_use,
 471                                            GROUP_MAP **pp_rmap, size_t *p_num_entries,
 472                                            bool unix_only)
 473 {
 474         if (!init_group_mapping()) {
 475                 DEBUG(0,("failed to initialize group mapping\n"));
 476                 return NT_STATUS_UNSUCCESSFUL;
 477         }
 478         return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
 479                 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 480 }
 481 
 482 NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 483                                   const char *name, uint32 *rid)
 484 {
 485         DOM_SID sid;
 486         enum lsa_SidType type;
 487         uint32 new_rid;
 488         gid_t gid;
 489         bool exists;
 490         GROUP_MAP map;
 491         TALLOC_CTX *mem_ctx;
 492         NTSTATUS status;
 493 
 494         DEBUG(10, ("Trying to create alias %s\n", name));
 495 
 496         mem_ctx = talloc_new(NULL);
 497         if (mem_ctx == NULL) {
 498                 return NT_STATUS_NO_MEMORY;
 499         }
 500 
 501         exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
 502                              NULL, NULL, &sid, &type);
 503         TALLOC_FREE(mem_ctx);
 504 
 505         if (exists) {
 506                 return NT_STATUS_ALIAS_EXISTS;
 507         }
 508 
 509         if (!winbind_allocate_gid(&gid)) {
 510                 DEBUG(3, ("Could not get a gid out of winbind\n"));
 511                 return NT_STATUS_ACCESS_DENIED;
 512         }
 513 
 514         if (!pdb_new_rid(&new_rid)) {
 515                 DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n"));
 516                 return NT_STATUS_ACCESS_DENIED;
 517         }
 518 
 519         DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
 520                    name, (unsigned int)gid, (unsigned int)new_rid));
 521 
 522         sid_copy(&sid, get_global_sam_sid());
 523         sid_append_rid(&sid, new_rid);
 524 
 525         map.gid = gid;
 526         sid_copy(&map.sid, &sid);
 527         map.sid_name_use = SID_NAME_ALIAS;
 528         fstrcpy(map.nt_name, name);
 529         fstrcpy(map.comment, "");
 530 
 531         status = pdb_add_group_mapping_entry(&map);
 532 
 533         if (!NT_STATUS_IS_OK(status)) {
 534                 DEBUG(0, ("Could not add group mapping entry for alias %s "
 535                           "(%s)\n", name, nt_errstr(status)));
 536                 return status;
 537         }
 538 
 539         *rid = new_rid;
 540 
 541         return NT_STATUS_OK;
 542 }
 543 
 544 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 545                                   const DOM_SID *sid)
 546 {
 547         return pdb_delete_group_mapping_entry(*sid);
 548 }
 549 
 550 NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 551                                    const DOM_SID *sid,
 552                                    struct acct_info *info)
 553 {
 554         GROUP_MAP map;
 555 
 556         if (!pdb_getgrsid(&map, *sid))
 557                 return NT_STATUS_NO_SUCH_ALIAS;
 558 
 559         if ((map.sid_name_use != SID_NAME_ALIAS) &&
 560             (map.sid_name_use != SID_NAME_WKN_GRP)) {
 561                 DEBUG(2, ("%s is a %s, expected an alias\n",
 562                           sid_string_dbg(sid),
 563                           sid_type_lookup(map.sid_name_use)));
 564                 return NT_STATUS_NO_SUCH_ALIAS;
 565         }
 566 
 567         fstrcpy(info->acct_name, map.nt_name);
 568         fstrcpy(info->acct_desc, map.comment);
 569         sid_peek_rid(&map.sid, &info->rid);
 570         return NT_STATUS_OK;
 571 }
 572 
 573 NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 574                                    const DOM_SID *sid,
 575                                    struct acct_info *info)
 576 {
 577         GROUP_MAP map;
 578 
 579         if (!pdb_getgrsid(&map, *sid))
 580                 return NT_STATUS_NO_SUCH_ALIAS;
 581 
 582         fstrcpy(map.nt_name, info->acct_name);
 583         fstrcpy(map.comment, info->acct_desc);
 584 
 585         return pdb_update_group_mapping_entry(&map);
 586 }
 587 
 588 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 589                                   const DOM_SID *alias, const DOM_SID *member)
 590 {
 591         if (!init_group_mapping()) {
 592                 DEBUG(0,("failed to initialize group mapping\n"));
 593                 return NT_STATUS_UNSUCCESSFUL;
 594         }
 595         return backend->add_aliasmem(alias, member);
 596 }
 597 
 598 NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 599                                   const DOM_SID *alias, const DOM_SID *member)
 600 {
 601         if (!init_group_mapping()) {
 602                 DEBUG(0,("failed to initialize group mapping\n"));
 603                 return NT_STATUS_UNSUCCESSFUL;
 604         }
 605         return backend->del_aliasmem(alias, member);
 606 }
 607 
 608 NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 609                                    const DOM_SID *alias, DOM_SID **pp_members,
 610                                    size_t *p_num_members)
 611 {
 612         if (!init_group_mapping()) {
 613                 DEBUG(0,("failed to initialize group mapping\n"));
 614                 return NT_STATUS_UNSUCCESSFUL;
 615         }
 616         return backend->enum_aliasmem(alias, pp_members, p_num_members);
 617 }
 618 
 619 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 620                                        TALLOC_CTX *mem_ctx,
 621                                        const DOM_SID *domain_sid,
 622                                        const DOM_SID *members,
 623                                        size_t num_members,
 624                                        uint32 **pp_alias_rids,
 625                                        size_t *p_num_alias_rids)
 626 {
 627         DOM_SID *alias_sids;
 628         size_t i, num_alias_sids;
 629         NTSTATUS result;
 630 
 631         if (!init_group_mapping()) {
 632                 DEBUG(0,("failed to initialize group mapping\n"));
 633                 return NT_STATUS_UNSUCCESSFUL;
 634         }
 635 
 636         alias_sids = NULL;
 637         num_alias_sids = 0;
 638 
 639         result = alias_memberships(members, num_members,
 640                                    &alias_sids, &num_alias_sids);
 641 
 642         if (!NT_STATUS_IS_OK(result))
 643                 return result;
 644 
 645         *p_num_alias_rids = 0;
 646 
 647         if (num_alias_sids == 0) {
 648                 TALLOC_FREE(alias_sids);
 649                 return NT_STATUS_OK;
 650         }
 651 
 652         *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
 653         if (*pp_alias_rids == NULL)
 654                 return NT_STATUS_NO_MEMORY;
 655 
 656         for (i=0; i<num_alias_sids; i++) {
 657                 if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
 658                                         &(*pp_alias_rids)[*p_num_alias_rids]))
 659                         continue;
 660                 *p_num_alias_rids += 1;
 661         }
 662 
 663         TALLOC_FREE(alias_sids);
 664 
 665         return NT_STATUS_OK;
 666 }
 667 
 668 /**********************************************************************
 669  no ops for passdb backends that don't implement group mapping
 670  *********************************************************************/
 671 
 672 NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 673                                  DOM_SID sid)
 674 {
 675         return NT_STATUS_UNSUCCESSFUL;
 676 }
 677 
 678 NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 679                                  gid_t gid)
 680 {
 681         return NT_STATUS_UNSUCCESSFUL;
 682 }
 683 
 684 NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
     /* [<][>][^][v][top][bottom][index][help] */
 685                                  const char *name)
 686 {
 687         return NT_STATUS_UNSUCCESSFUL;
 688 }
 689 
 690 NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 691                                                 GROUP_MAP *map)
 692 {
 693         return NT_STATUS_UNSUCCESSFUL;
 694 }
 695 
 696 NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 697                                                    GROUP_MAP *map)
 698 {
 699         return NT_STATUS_UNSUCCESSFUL;
 700 }
 701 
 702 NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 703                                                    DOM_SID sid)
 704 {
 705         return NT_STATUS_UNSUCCESSFUL;
 706 }
 707 
 708 NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
     /* [<][>][^][v][top][bottom][index][help] */
 709                                            enum lsa_SidType sid_name_use,
 710                                            GROUP_MAP **rmap, size_t *num_entries,
 711                                            bool unix_only)
 712 {
 713         return NT_STATUS_UNSUCCESSFUL;
 714 }
 715 
 716 /****************************************************************************
 717  These need to be redirected through pdb_interface.c
 718 ****************************************************************************/
 719 bool pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info)
     /* [<][>][^][v][top][bottom][index][help] */
 720 {
 721         GROUP_MAP map;
 722         bool res;
 723 
 724         become_root();
 725         res = get_domain_group_from_sid(*sid, &map);
 726         unbecome_root();
 727 
 728         if (!res)
 729                 return False;
 730 
 731         fstrcpy(info->acct_name, map.nt_name);
 732         fstrcpy(info->acct_desc, map.comment);
 733         sid_peek_rid(sid, &info->rid);
 734         return True;
 735 }
 736 
 737 bool pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info)
     /* [<][>][^][v][top][bottom][index][help] */
 738 {
 739         GROUP_MAP map;
 740 
 741         if (!get_domain_group_from_sid(*sid, &map))
 742                 return False;
 743 
 744         fstrcpy(map.nt_name, info->acct_name);
 745         fstrcpy(map.comment, info->acct_desc);
 746 
 747         return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map));
 748 }
 749 
 750 /********************************************************************
 751  Really just intended to be called by smbd
 752 ********************************************************************/
 753 
 754 NTSTATUS pdb_create_builtin_alias(uint32 rid)
     /* [<][>][^][v][top][bottom][index][help] */
 755 {
 756         DOM_SID sid;
 757         enum lsa_SidType type;
 758         gid_t gid;
 759         GROUP_MAP map;
 760         TALLOC_CTX *mem_ctx;
 761         NTSTATUS status;
 762         const char *name = NULL;
 763         fstring groupname;
 764 
 765         DEBUG(10, ("Trying to create builtin alias %d\n", rid));
 766         
 767         if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
 768                 return NT_STATUS_NO_SUCH_ALIAS;
 769         }
 770         
 771         if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
 772                 return NT_STATUS_NO_MEMORY;
 773         }
 774         
 775         if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
 776                 TALLOC_FREE( mem_ctx );
 777                 return NT_STATUS_NO_SUCH_ALIAS;
 778         }
 779         
 780         /* validate RID so copy the name and move on */
 781                 
 782         fstrcpy( groupname, name );
 783         TALLOC_FREE( mem_ctx );
 784 
 785         if (!winbind_allocate_gid(&gid)) {
 786                 DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
 787                 return NT_STATUS_ACCESS_DENIED;
 788         }
 789 
 790         DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
 791 
 792         map.gid = gid;
 793         sid_copy(&map.sid, &sid);
 794         map.sid_name_use = SID_NAME_ALIAS;
 795         fstrcpy(map.nt_name, groupname);
 796         fstrcpy(map.comment, "");
 797 
 798         status = pdb_add_group_mapping_entry(&map);
 799 
 800         if (!NT_STATUS_IS_OK(status)) {
 801                 DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
 802                           "(%s)\n", rid, nt_errstr(status)));
 803         }
 804 
 805         return status;
 806 }
 807 
 808 

/* [<][>][^][v][top][bottom][index][help] */