/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- _pdb_wbc_sam_getsampw
- pdb_wbc_sam_getsampwnam
- pdb_wbc_sam_getsampwsid
- pdb_wbc_sam_uid_to_sid
- pdb_wbc_sam_gid_to_sid
- pdb_wbc_sam_enum_group_members
- pdb_wbc_sam_enum_group_memberships
- pdb_wbc_sam_lookup_rids
- pdb_wbc_sam_get_account_policy
- pdb_wbc_sam_set_account_policy
- pdb_wbc_sam_search_groups
- pdb_wbc_sam_search_aliases
- pdb_wbc_sam_get_trusteddom_pw
- pdb_wbc_sam_set_trusteddom_pw
- pdb_wbc_sam_del_trusteddom_pw
- pdb_wbc_sam_enum_trusteddoms
- _make_group_map
- pdb_wbc_sam_getgrsid
- pdb_wbc_sam_getgrgid
- pdb_wbc_sam_getgrnam
- pdb_wbc_sam_enum_group_mapping
- pdb_wbc_sam_get_aliasinfo
- pdb_wbc_sam_enum_aliasmem
- pdb_wbc_sam_alias_memberships
- pdb_init_wbc_sam
- pdb_wbc_sam_init
1 /*
2 Unix SMB/CIFS implementation.
3
4 Password and authentication handling by wbclient
5
6 Copyright (C) Andrew Bartlett 2002
7 Copyright (C) Jelmer Vernooij 2002
8 Copyright (C) Simo Sorce 2003
9 Copyright (C) Volker Lendecke 2006
10 Copyright (C) Dan Sledz 2009
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 /* This passdb module retrieves full passdb information for local users and
27 * groups from a wbclient compatible daemon.
28 *
29 * The purpose of this module is to defer all SAM authorization information
30 * storage and retrieval to a wbc compatible daemon.
31 *
32 * This passdb backend is most useful when used in conjunction with auth_wbc.
33 *
34 * A few current limitations of this module are:
35 * - read only interface
36 * - no privileges
37 */
38
39 #include "includes.h"
40
41 /***************************************************************************
42 Default implementations of some functions.
43 ****************************************************************************/
44 static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
45 struct samu *user,
46 const struct passwd *pwd)
47 {
48 NTSTATUS result = NT_STATUS_OK;
49
50 if (pwd == NULL)
51 return NT_STATUS_NO_SUCH_USER;
52
53 memset(user, 0, sizeof(user));
54
55 /* Can we really get away with this little of information */
56 user->methods = methods;
57 result = samu_set_unix(user, pwd);
58
59 return result;
60 }
61
62 static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
/* [<][>][^][v][top][bottom][index][help] */
63 {
64 return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname));
65 }
66
67 static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID *sid)
/* [<][>][^][v][top][bottom][index][help] */
68 {
69 return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
70 }
71
72 static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
/* [<][>][^][v][top][bottom][index][help] */
73 DOM_SID *sid)
74 {
75 return winbind_uid_to_sid(sid, uid);
76 }
77
78 static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
/* [<][>][^][v][top][bottom][index][help] */
79 DOM_SID *sid)
80 {
81 return winbind_gid_to_sid(sid, gid);
82 }
83
84 static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
85 TALLOC_CTX *mem_ctx,
86 const DOM_SID *group,
87 uint32 **pp_member_rids,
88 size_t *p_num_members)
89 {
90 return NT_STATUS_NOT_IMPLEMENTED;
91 }
92
93 static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
94 TALLOC_CTX *mem_ctx,
95 struct samu *user,
96 DOM_SID **pp_sids,
97 gid_t **pp_gids,
98 size_t *p_num_groups)
99 {
100 size_t i;
101 const char *username = pdb_get_username(user);
102 uint32_t num_groups;
103
104 if (!winbind_get_groups(mem_ctx, username, &num_groups, pp_gids)) {
105 return NT_STATUS_NO_SUCH_USER;
106 }
107 *p_num_groups = num_groups;
108
109 if (*p_num_groups == 0) {
110 smb_panic("primary group missing");
111 }
112
113 *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);
114
115 if (*pp_sids == NULL) {
116 TALLOC_FREE(*pp_gids);
117 return NT_STATUS_NO_MEMORY;
118 }
119
120 for (i=0; i < *p_num_groups; i++) {
121 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
122 }
123
124 return NT_STATUS_OK;
125 }
126
127 static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
128 const DOM_SID *domain_sid,
129 int num_rids,
130 uint32 *rids,
131 const char **names,
132 enum lsa_SidType *attrs)
133 {
134 NTSTATUS result = NT_STATUS_OK;
135 char *domain = NULL;
136 char **account_names = NULL;
137 enum lsa_SidType *attr_list = NULL;
138 int i;
139
140 if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids,
141 (const char **)&domain,
142 (const char ***)&account_names, &attr_list))
143 {
144 result = NT_STATUS_NONE_MAPPED;
145 goto done;
146 }
147
148 memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType));
149
150 for (i=0; i<num_rids; i++) {
151 if (attrs[i] == SID_NAME_UNKNOWN) {
152 names[i] = NULL;
153 } else {
154 names[i] = talloc_strdup(names, account_names[i]);
155 if (names[i] == NULL) {
156 result = NT_STATUS_NO_MEMORY;
157 goto done;
158 }
159
160 }
161 }
162
163 done:
164 TALLOC_FREE(account_names);
165 TALLOC_FREE(domain);
166 TALLOC_FREE(attr_list);
167 return result;
168 }
169
170 static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
/* [<][>][^][v][top][bottom][index][help] */
171 {
172 return NT_STATUS_UNSUCCESSFUL;
173 }
174
175 static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
/* [<][>][^][v][top][bottom][index][help] */
176 {
177 return NT_STATUS_UNSUCCESSFUL;
178 }
179
180 static bool pdb_wbc_sam_search_groups(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
181 struct pdb_search *search)
182 {
183 return false;
184 }
185
186 static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
187 struct pdb_search *search,
188 const DOM_SID *sid)
189 {
190
191 return false;
192 }
193
194 static bool pdb_wbc_sam_get_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
195 const char *domain,
196 char **pwd,
197 DOM_SID *sid,
198 time_t *pass_last_set_time)
199 {
200 return false;
201
202 }
203
204 static bool pdb_wbc_sam_set_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
205 const char *domain,
206 const char *pwd,
207 const DOM_SID *sid)
208 {
209 return false;
210 }
211
212 static bool pdb_wbc_sam_del_trusteddom_pw(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
213 const char *domain)
214 {
215 return false;
216 }
217
218 static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
219 TALLOC_CTX *mem_ctx,
220 uint32 *num_domains,
221 struct trustdom_info ***domains)
222 {
223 return NT_STATUS_NOT_IMPLEMENTED;
224 }
225
226 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, DOM_SID *sid, GROUP_MAP *map)
/* [<][>][^][v][top][bottom][index][help] */
227 {
228 snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s",
229 domain, *lp_winbind_separator(), name);
230 map->sid_name_use = name_type;
231 map->sid = *sid;
232 map->gid = gid;
233 return true;
234 }
235
236 static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
/* [<][>][^][v][top][bottom][index][help] */
237 DOM_SID sid)
238 {
239 NTSTATUS result = NT_STATUS_OK;
240 char *name = NULL;
241 char *domain = NULL;
242 enum lsa_SidType name_type;
243 gid_t gid;
244
245 if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain,
246 (const char **) &name, &name_type)) {
247 result = NT_STATUS_NO_SUCH_GROUP;
248 goto done;
249 }
250
251 if ((name_type != SID_NAME_DOM_GRP) &&
252 (name_type != SID_NAME_DOMAIN) &&
253 (name_type != SID_NAME_ALIAS) &&
254 (name_type != SID_NAME_WKN_GRP)) {
255 result = NT_STATUS_NO_SUCH_GROUP;
256 goto done;
257 }
258
259 if (!winbind_sid_to_gid(&gid, &sid)) {
260 result = NT_STATUS_NO_SUCH_GROUP;
261 goto done;
262 }
263
264 if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
265 result = NT_STATUS_NO_SUCH_GROUP;
266 goto done;
267 }
268
269 done:
270 TALLOC_FREE(name);
271 TALLOC_FREE(domain);
272 return result;
273 }
274
275 static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
/* [<][>][^][v][top][bottom][index][help] */
276 gid_t gid)
277 {
278 NTSTATUS result = NT_STATUS_OK;
279 char *name = NULL;
280 char *domain = NULL;
281 DOM_SID sid;
282 enum lsa_SidType name_type;
283
284 if (!winbind_gid_to_sid(&sid, gid)) {
285 result = NT_STATUS_NO_SUCH_GROUP;
286 goto done;
287 }
288
289 if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain,
290 (const char **)&name, &name_type)) {
291 result = NT_STATUS_NO_SUCH_GROUP;
292 goto done;
293 }
294
295 if ((name_type != SID_NAME_DOM_GRP) &&
296 (name_type != SID_NAME_DOMAIN) &&
297 (name_type != SID_NAME_ALIAS) &&
298 (name_type != SID_NAME_WKN_GRP)) {
299 result = NT_STATUS_NO_SUCH_GROUP;
300 goto done;
301 }
302
303 if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
304 result = NT_STATUS_NO_SUCH_GROUP;
305 goto done;
306 }
307
308 done:
309 TALLOC_FREE(name);
310 TALLOC_FREE(domain);
311
312 return result;
313 }
314
315 static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
/* [<][>][^][v][top][bottom][index][help] */
316 const char *name)
317 {
318 NTSTATUS result = NT_STATUS_OK;
319 char *user_name = NULL;
320 char *domain = NULL;
321 DOM_SID sid;
322 gid_t gid;
323 enum lsa_SidType name_type;
324
325 if (!winbind_lookup_name(domain, user_name, &sid, &name_type)) {
326 result = NT_STATUS_NO_SUCH_GROUP;
327 goto done;
328 }
329
330 if ((name_type != SID_NAME_DOM_GRP) &&
331 (name_type != SID_NAME_DOMAIN) &&
332 (name_type != SID_NAME_ALIAS) &&
333 (name_type != SID_NAME_WKN_GRP)) {
334 result = NT_STATUS_NO_SUCH_GROUP;
335 goto done;
336 }
337
338 if (!winbind_sid_to_gid(&gid, &sid)) {
339 result = NT_STATUS_NO_SUCH_GROUP;
340 goto done;
341 }
342
343 if (!_make_group_map(methods, domain, user_name, name_type, gid, &sid, map)) {
344 result = NT_STATUS_NO_SUCH_GROUP;
345 goto done;
346 }
347
348 done:
349
350 return result;
351 }
352
353 static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
354 const DOM_SID *sid, enum lsa_SidType sid_name_use,
355 GROUP_MAP **pp_rmap, size_t *p_num_entries,
356 bool unix_only)
357 {
358 return NT_STATUS_NOT_IMPLEMENTED;
359 }
360
361 static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
362 const DOM_SID *sid,
363 struct acct_info *info)
364 {
365 return NT_STATUS_NOT_IMPLEMENTED;
366 }
367
368 static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
369 const DOM_SID *alias, DOM_SID **pp_members,
370 size_t *p_num_members)
371 {
372 return NT_STATUS_NOT_IMPLEMENTED;
373 }
374
375 static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods,
/* [<][>][^][v][top][bottom][index][help] */
376 TALLOC_CTX *mem_ctx,
377 const DOM_SID *domain_sid,
378 const DOM_SID *members,
379 size_t num_members,
380 uint32 **pp_alias_rids,
381 size_t *p_num_alias_rids)
382 {
383 if (!winbind_get_sid_aliases(mem_ctx, domain_sid,
384 members, num_members, pp_alias_rids, p_num_alias_rids))
385 return NT_STATUS_UNSUCCESSFUL;
386
387 return NT_STATUS_OK;
388 }
389
390 static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *location)
/* [<][>][^][v][top][bottom][index][help] */
391 {
392 NTSTATUS result;
393
394 if (!NT_STATUS_IS_OK(result = make_pdb_method( pdb_method))) {
395 return result;
396 }
397
398 (*pdb_method)->name = "wbc_sam";
399
400 (*pdb_method)->getsampwnam = pdb_wbc_sam_getsampwnam;
401 (*pdb_method)->getsampwsid = pdb_wbc_sam_getsampwsid;
402
403 (*pdb_method)->getgrsid = pdb_wbc_sam_getgrsid;
404 (*pdb_method)->getgrgid = pdb_wbc_sam_getgrgid;
405 (*pdb_method)->getgrnam = pdb_wbc_sam_getgrnam;
406 (*pdb_method)->enum_group_mapping = pdb_wbc_sam_enum_group_mapping;
407 (*pdb_method)->enum_group_members = pdb_wbc_sam_enum_group_members;
408 (*pdb_method)->enum_group_memberships = pdb_wbc_sam_enum_group_memberships;
409 (*pdb_method)->get_aliasinfo = pdb_wbc_sam_get_aliasinfo;
410 (*pdb_method)->enum_aliasmem = pdb_wbc_sam_enum_aliasmem;
411 (*pdb_method)->enum_alias_memberships = pdb_wbc_sam_alias_memberships;
412 (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
413 (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
414 (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
415 (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid;
416 (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid;
417
418 (*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
419 (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
420
421 (*pdb_method)->get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw;
422 (*pdb_method)->set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw;
423 (*pdb_method)->del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw;
424 (*pdb_method)->enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms;
425
426 (*pdb_method)->private_data = NULL;
427 (*pdb_method)->free_private_data = NULL;
428
429 return NT_STATUS_OK;
430 }
431
432 NTSTATUS pdb_wbc_sam_init(void)
/* [<][>][^][v][top][bottom][index][help] */
433 {
434 return smb_register_passdb(PASSDB_INTERFACE_VERSION, "wbc_sam", pdb_init_wbc_sam);
435 }