2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-2000,
5 * Copyright (C) Jean François Micouleau 1998-2001.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 static TDB_CONTEXT *tdb; /* used for driver files */
26 #define DATABASE_VERSION_V1 1 /* native byte format. */
27 #define DATABASE_VERSION_V2 2 /* le format. */
29 #define GROUP_PREFIX "UNIXGROUP/"
30 #define ALIASMEM_PREFIX "ALIASMEMBERS/"
33 {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */
34 {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" },
35 {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" },
36 {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" },
37 {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" },
38 {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" },
39 {SE_PRIV_ALL, "SaAllPrivs", "all privileges" }
43 /****************************************************************************
44 dump the mapping group mapping to a text file
45 ****************************************************************************/
46 char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
48 static fstring group_type;
52 fstrcpy(group_type,"User");
54 case SID_NAME_DOM_GRP:
55 fstrcpy(group_type,"Domain group");
58 fstrcpy(group_type,"Domain");
61 fstrcpy(group_type,"Local group");
63 case SID_NAME_WKN_GRP:
64 fstrcpy(group_type,"Builtin group");
66 case SID_NAME_DELETED:
67 fstrcpy(group_type,"Deleted");
69 case SID_NAME_INVALID:
70 fstrcpy(group_type,"Invalid");
72 case SID_NAME_UNKNOWN:
74 fstrcpy(group_type,"Unknown type");
78 fstrcpy(group, group_type);
82 /****************************************************************************
83 initialise first time the mapping list - called from init_group_mapping()
84 ****************************************************************************/
85 static BOOL default_group_mapping(void)
94 /* Add the Wellknown groups */
96 add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "");
97 add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "");
98 add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "");
99 add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "");
100 add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "");
101 add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "");
102 add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "");
103 add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "");
104 add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "");
106 /* Add the defaults domain groups */
108 sid_copy(&sid_admins, get_global_sam_sid());
109 sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
110 sid_to_string(str_admins, &sid_admins);
111 add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "");
113 sid_copy(&sid_users, get_global_sam_sid());
114 sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
115 sid_to_string(str_users, &sid_users);
116 add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "");
118 sid_copy(&sid_guests, get_global_sam_sid());
119 sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
120 sid_to_string(str_guests, &sid_guests);
121 add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "");
126 /****************************************************************************
127 Open the group mapping tdb.
128 ****************************************************************************/
130 static BOOL init_group_mapping(void)
132 static pid_t local_pid;
133 const char *vstring = "INFO/version";
136 if (tdb && local_pid == sys_getpid())
138 tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
140 DEBUG(0,("Failed to open group mapping database\n"));
144 local_pid = sys_getpid();
146 /* handle a Samba upgrade */
147 tdb_lock_bystring(tdb, vstring, 0);
149 /* Cope with byte-reversed older versions of the db. */
150 vers_id = tdb_fetch_int32(tdb, vstring);
151 if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) {
152 /* Written on a bigendian machine with old fetch_int code. Save as le. */
153 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
154 vers_id = DATABASE_VERSION_V2;
157 if (vers_id != DATABASE_VERSION_V2) {
158 tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
159 tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
162 tdb_unlock_bystring(tdb, vstring);
164 /* write a list of default groups */
165 if(!default_group_mapping())
171 /****************************************************************************
172 ****************************************************************************/
173 static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
177 fstring string_sid="";
180 if(!init_group_mapping()) {
181 DEBUG(0,("failed to initialize group mapping"));
185 sid_to_string(string_sid, &map->sid);
187 len = tdb_pack(buf, sizeof(buf), "ddff",
188 map->gid, map->sid_name_use, map->nt_name, map->comment);
190 if (len > sizeof(buf))
193 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
195 kbuf.dsize = strlen(key)+1;
199 if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
204 /****************************************************************************
205 initialise first time the mapping list
206 ****************************************************************************/
207 BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment)
211 if(!init_group_mapping()) {
212 DEBUG(0,("failed to initialize group mapping"));
217 if (!string_to_sid(&map.sid, sid)) {
218 DEBUG(0, ("string_to_sid failed: %s", sid));
222 map.sid_name_use=sid_name_use;
223 fstrcpy(map.nt_name, nt_name);
224 fstrcpy(map.comment, comment);
226 return pdb_add_group_mapping_entry(&map);
229 /****************************************************************************
230 Return the sid and the type of the unix group.
231 ****************************************************************************/
233 static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
240 if(!init_group_mapping()) {
241 DEBUG(0,("failed to initialize group mapping"));
245 /* the key is the SID, retrieving is direct */
247 sid_to_string(string_sid, &sid);
248 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
251 kbuf.dsize = strlen(key)+1;
253 dbuf = tdb_fetch(tdb, kbuf);
257 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
258 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
260 SAFE_FREE(dbuf.dptr);
263 DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n"));
267 sid_copy(&map->sid, &sid);
272 /****************************************************************************
273 Return the sid and the type of the unix group.
274 ****************************************************************************/
276 static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
278 TDB_DATA kbuf, dbuf, newkey;
282 if(!init_group_mapping()) {
283 DEBUG(0,("failed to initialize group mapping"));
287 /* we need to enumerate the TDB to find the GID */
289 for (kbuf = tdb_firstkey(tdb);
291 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
293 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
295 dbuf = tdb_fetch(tdb, kbuf);
299 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
301 string_to_sid(&map->sid, string_sid);
303 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
304 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
306 SAFE_FREE(dbuf.dptr);
309 DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n"));
314 SAFE_FREE(kbuf.dptr);
322 /****************************************************************************
323 Return the sid and the type of the unix group.
324 ****************************************************************************/
326 static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
328 TDB_DATA kbuf, dbuf, newkey;
332 if(!init_group_mapping()) {
333 DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping"));
337 /* we need to enumerate the TDB to find the name */
339 for (kbuf = tdb_firstkey(tdb);
341 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
343 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
345 dbuf = tdb_fetch(tdb, kbuf);
349 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
351 string_to_sid(&map->sid, string_sid);
353 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
354 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
356 SAFE_FREE(dbuf.dptr);
359 DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n"));
363 if (StrCaseCmp(name, map->nt_name)==0) {
364 SAFE_FREE(kbuf.dptr);
372 /****************************************************************************
373 Remove a group mapping entry.
374 ****************************************************************************/
376 static BOOL group_map_remove(DOM_SID sid)
382 if(!init_group_mapping()) {
383 DEBUG(0,("failed to initialize group mapping"));
387 /* the key is the SID, retrieving is direct */
389 sid_to_string(string_sid, &sid);
390 slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
393 kbuf.dsize = strlen(key)+1;
395 dbuf = tdb_fetch(tdb, kbuf);
399 SAFE_FREE(dbuf.dptr);
401 if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
407 /****************************************************************************
408 Enumerate the group mapping.
409 ****************************************************************************/
411 static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
412 int *num_entries, BOOL unix_only)
414 TDB_DATA kbuf, dbuf, newkey;
422 if(!init_group_mapping()) {
423 DEBUG(0,("failed to initialize group mapping"));
430 for (kbuf = tdb_firstkey(tdb);
432 newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
434 if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
437 dbuf = tdb_fetch(tdb, kbuf);
441 fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
443 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
444 &map.gid, &map.sid_name_use, &map.nt_name, &map.comment);
446 SAFE_FREE(dbuf.dptr);
449 DEBUG(3,("enum_group_mapping: tdb_unpack failure\n"));
453 /* list only the type or everything if UNKNOWN */
454 if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) {
455 DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name));
459 if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
460 DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
464 string_to_sid(&map.sid, string_sid);
466 decode_sid_name_use(group_type, map.sid_name_use);
467 DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
469 mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
471 DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
478 mapt[entries].gid = map.gid;
479 sid_copy( &mapt[entries].sid, &map.sid);
480 mapt[entries].sid_name_use = map.sid_name_use;
481 fstrcpy(mapt[entries].nt_name, map.nt_name);
482 fstrcpy(mapt[entries].comment, map.comment);
488 *num_entries=entries;
493 static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
499 char *new_memberstring;
502 if(!init_group_mapping()) {
503 DEBUG(0,("failed to initialize group mapping"));
504 return NT_STATUS_ACCESS_DENIED;
507 if (!get_group_map_from_sid(*alias, &map))
508 return NT_STATUS_NO_SUCH_ALIAS;
510 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
511 (map.sid_name_use != SID_NAME_WKN_GRP) )
512 return NT_STATUS_NO_SUCH_ALIAS;
514 sid_to_string(string_sid, alias);
515 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
517 kbuf.dsize = strlen(key)+1;
520 dbuf = tdb_fetch(tdb, kbuf);
522 sid_to_string(string_sid, member);
524 if (dbuf.dptr != NULL) {
525 asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
528 new_memberstring = strdup(string_sid);
531 if (new_memberstring == NULL)
532 return NT_STATUS_NO_MEMORY;
534 SAFE_FREE(dbuf.dptr);
535 dbuf.dsize = strlen(new_memberstring)+1;
536 dbuf.dptr = new_memberstring;
538 result = tdb_store(tdb, kbuf, dbuf, 0);
540 SAFE_FREE(new_memberstring);
542 return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
545 static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
553 if(!init_group_mapping()) {
554 DEBUG(0,("failed to initialize group mapping"));
555 return NT_STATUS_ACCESS_DENIED;
558 if (!get_group_map_from_sid(*alias, &map))
559 return NT_STATUS_NO_SUCH_ALIAS;
561 if ( (map.sid_name_use != SID_NAME_ALIAS) &&
562 (map.sid_name_use != SID_NAME_WKN_GRP) )
563 return NT_STATUS_NO_SUCH_ALIAS;
568 sid_to_string(string_sid, alias);
569 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
571 kbuf.dsize = strlen(key)+1;
574 dbuf = tdb_fetch(tdb, kbuf);
576 if (dbuf.dptr == NULL) {
582 while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
586 if (!string_to_sid(&sid, string_sid))
589 add_sid_to_array(sid, sids, num);
592 return NT_STATUS_NO_MEMORY;
595 SAFE_FREE(dbuf.dptr);
600 /* This is racy as hell, but hey, it's only a prototype :-) */
602 static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
613 result = enum_aliasmem(alias, &sids, &num);
615 if (!NT_STATUS_IS_OK(result))
618 for (i=0; i<num; i++) {
619 if (sid_compare(&sids[i], member) == 0) {
627 return NT_STATUS_MEMBER_NOT_IN_ALIAS;
631 sids[i] = sids[num-1];
635 member_string = strdup("");
637 if (member_string == NULL) {
639 return NT_STATUS_NO_MEMORY;
642 for (i=0; i<num; i++) {
643 char *s = member_string;
645 sid_to_string(sid_string, &sids[i]);
646 asprintf(&member_string, "%s %s", s, sid_string);
649 if (member_string == NULL) {
651 return NT_STATUS_NO_MEMORY;
655 sid_to_string(sid_string, alias);
656 slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string);
658 kbuf.dsize = strlen(key)+1;
660 dbuf.dsize = strlen(member_string)+1;
661 dbuf.dptr = member_string;
663 result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
664 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
667 SAFE_FREE(member_string);
672 static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias)
678 if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num)))
681 for (i=0; i<num; i++) {
683 if (sid_compare(&members[i], sid) == 0) {
693 static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num)
701 if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False))
702 return NT_STATUS_NO_MEMORY;
704 for (i=0; i<num_maps; i++) {
706 if (is_foreign_alias_member(sid, &maps[i].sid)) {
708 add_sid_to_array(maps[i].sid, sids, num);
712 return NT_STATUS_NO_MEMORY;
718 if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False))
719 return NT_STATUS_NO_MEMORY;
721 for (i=0; i<num_maps; i++) {
722 if (is_foreign_alias_member(sid, &maps[i].sid)) {
724 add_sid_to_array(maps[i].sid, sids, num);
728 return NT_STATUS_NO_MEMORY;
739 * High level functions
740 * better to use them than the lower ones.
742 * we are checking if the group is in the mapping file
743 * and if the group is an existing unix group
747 /* get a domain group from it's SID */
749 BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
754 if(!init_group_mapping()) {
755 DEBUG(0,("failed to initialize group mapping"));
759 DEBUG(10, ("get_domain_group_from_sid\n"));
761 /* if the group is NOT in the database, it CAN NOT be a domain group */
764 ret = pdb_getgrsid(map, sid);
770 DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
772 /* if it's not a domain group, continue */
773 if (map->sid_name_use!=SID_NAME_DOM_GRP) {
777 DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
783 DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
785 grp = getgrgid(map->gid);
787 DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
791 DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
797 /* get a local (alias) group from it's SID */
799 BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
803 if(!init_group_mapping()) {
804 DEBUG(0,("failed to initialize group mapping"));
808 /* The group is in the mapping table */
810 ret = pdb_getgrsid(map, *sid);
816 if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
817 (map->sid_name_use != SID_NAME_WKN_GRP) )
819 || (getgrgid(map->gid) == NULL) )
825 /* local groups only exist in the group mapping DB so this
829 /* the group isn't in the mapping table.
830 * make one based on the unix information */
834 sid_peek_rid(sid, &alias_rid);
835 map->gid=pdb_group_rid_to_gid(alias_rid);
837 grp = getgrgid(map->gid);
839 DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid));
843 map->sid_name_use=SID_NAME_ALIAS;
845 fstrcpy(map->nt_name, grp->gr_name);
846 fstrcpy(map->comment, "Local Unix Group");
848 sid_copy(&map->sid, sid);
855 /* get a builtin group from it's SID */
857 BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
863 if(!init_group_mapping()) {
864 DEBUG(0,("failed to initialize group mapping"));
869 ret = pdb_getgrsid(map, *sid);
875 if (map->sid_name_use!=SID_NAME_WKN_GRP) {
883 if ( (grp=getgrgid(map->gid)) == NULL) {
892 /****************************************************************************
893 Returns a GROUP_MAP struct based on the gid.
894 ****************************************************************************/
895 BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
900 if(!init_group_mapping()) {
901 DEBUG(0,("failed to initialize group mapping"));
905 if ( (grp=getgrgid(gid)) == NULL)
909 * make a group map from scratch if doesn't exist.
913 ret = pdb_getgrgid(map, gid);
918 map->sid_name_use=SID_NAME_ALIAS;
920 /* interim solution until we have a last RID allocated */
922 sid_copy(&map->sid, get_global_sam_sid());
923 sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
925 fstrcpy(map->nt_name, grp->gr_name);
926 fstrcpy(map->comment, "Local Unix Group");
935 /****************************************************************************
936 Get the member users of a group and
937 all the users who have that group as primary.
939 give back an array of SIDS
940 return the grand number of users
943 TODO: sort the list and remove duplicate. JFM.
945 ****************************************************************************/
947 BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids)
957 struct sys_pwent *userlist;
958 struct sys_pwent *user;
960 if(!init_group_mapping()) {
961 DEBUG(0,("failed to initialize group mapping"));
968 if ( (grp=getgrgid(gid)) == NULL)
972 DEBUG(10, ("getting members\n"));
974 while (gr && (*gr != (char)'\0')) {
975 SAM_ACCOUNT *group_member_acct = NULL;
977 s = Realloc((*sids), sizeof(**sids)*(*num_sids+1));
979 DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n"));
984 if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) {
989 found_user = pdb_getsampwnam(group_member_acct, gr);
993 sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct));
997 pdb_free_sam(&group_member_acct);
999 gr = grp->gr_mem[++i];
1001 DEBUG(10, ("got [%d] members\n", *num_sids));
1005 user = userlist = getpwent_list();
1007 while (user != NULL) {
1009 SAM_ACCOUNT *group_member_acct = NULL;
1012 if (user->pw_gid != gid) {
1017 s = Realloc((*sids), sizeof(**sids)*(*num_sids+1));
1019 DEBUG(0,("get_sid_list_of_group: unable to enlarge "
1021 pwent_free(userlist);
1027 if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) {
1032 found_user = pdb_getsampwnam(group_member_acct, user->pw_name);
1036 sid_copy(&(*sids)[*num_sids],
1037 pdb_get_user_sid(group_member_acct));
1040 DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] "
1041 "has no samba account\n",
1042 user->pw_name, (unsigned long)user->pw_uid));
1043 if (algorithmic_uid_to_sid(&(*sids)[*num_sids],
1047 pdb_free_sam(&group_member_acct);
1051 pwent_free(userlist);
1052 DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids));
1056 if ( NT_STATUS_IS_OK(gid_to_sid(&sid, gid)) &&
1057 NT_STATUS_IS_OK(enum_aliasmem(&sid, &members, &num_members)) ) {
1059 for (i=0; i<num_members; i++) {
1060 add_sid_to_array(members[i], sids, num_sids);
1070 /****************************************************************************
1071 Create a UNIX group on demand.
1072 ****************************************************************************/
1074 int smb_create_group(char *unix_group, gid_t *new_gid)
1082 /* defer to scripts */
1084 if ( *lp_addgroup_script() ) {
1085 pstrcpy(add_script, lp_addgroup_script());
1086 pstring_sub(add_script, "%g", unix_group);
1087 ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL);
1088 DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
1096 if (read(fd, output, sizeof(output)) > 0) {
1097 *new_gid = (gid_t)strtoul(output, NULL, 10);
1103 } else if ( winbind_create_group( unix_group, NULL ) ) {
1105 DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
1110 if (*new_gid == 0) {
1111 struct group *grp = getgrnam(unix_group);
1114 *new_gid = grp->gr_gid;
1120 /****************************************************************************
1121 Delete a UNIX group on demand.
1122 ****************************************************************************/
1124 int smb_delete_group(char *unix_group)
1129 /* defer to scripts */
1131 if ( *lp_delgroup_script() ) {
1132 pstrcpy(del_script, lp_delgroup_script());
1133 pstring_sub(del_script, "%g", unix_group);
1134 ret = smbrun(del_script,NULL);
1135 DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
1139 if ( winbind_delete_group( unix_group ) ) {
1140 DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n",
1148 /****************************************************************************
1149 Set a user's primary UNIX group.
1150 ****************************************************************************/
1151 int smb_set_primary_group(const char *unix_group, const char* unix_user)
1156 /* defer to scripts */
1158 if ( *lp_setprimarygroup_script() ) {
1159 pstrcpy(add_script, lp_setprimarygroup_script());
1160 all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
1161 all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
1162 ret = smbrun(add_script,NULL);
1163 DEBUG(3,("smb_set_primary_group: "
1164 "Running the command `%s' gave %d\n",add_script,ret));
1170 if ( winbind_set_user_primary_group( unix_user, unix_group ) ) {
1171 DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n",
1172 unix_group, unix_user));
1179 /****************************************************************************
1180 Add a user to a UNIX group.
1181 ****************************************************************************/
1183 int smb_add_user_group(char *unix_group, char *unix_user)
1188 /* defer to scripts */
1190 if ( *lp_addusertogroup_script() ) {
1191 pstrcpy(add_script, lp_addusertogroup_script());
1192 pstring_sub(add_script, "%g", unix_group);
1193 pstring_sub(add_script, "%u", unix_user);
1194 ret = smbrun(add_script,NULL);
1195 DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
1201 if ( winbind_add_user_to_group( unix_user, unix_group ) ) {
1202 DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n",
1203 unix_user, unix_group));
1210 /****************************************************************************
1211 Delete a user from a UNIX group
1212 ****************************************************************************/
1214 int smb_delete_user_group(const char *unix_group, const char *unix_user)
1219 /* defer to scripts */
1221 if ( *lp_deluserfromgroup_script() ) {
1222 pstrcpy(del_script, lp_deluserfromgroup_script());
1223 pstring_sub(del_script, "%g", unix_group);
1224 pstring_sub(del_script, "%u", unix_user);
1225 ret = smbrun(del_script,NULL);
1226 DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
1232 if ( winbind_remove_user_from_group( unix_user, unix_group ) ) {
1233 DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n",
1234 unix_user, unix_group));
1242 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1245 return get_group_map_from_sid(sid, map) ?
1246 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1249 NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1252 return get_group_map_from_gid(gid, map) ?
1253 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1256 NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1259 return get_group_map_from_ntname(name, map) ?
1260 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1263 NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
1266 return add_mapping_entry(map, TDB_INSERT) ?
1267 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1270 NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
1273 return add_mapping_entry(map, TDB_REPLACE) ?
1274 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1277 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
1280 return group_map_remove(sid) ?
1281 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1284 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
1285 enum SID_NAME_USE sid_name_use,
1286 GROUP_MAP **rmap, int *num_entries,
1289 return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only) ?
1290 NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1293 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
1294 const DOM_SID *alias, const DOM_SID *member)
1296 return add_aliasmem(alias, member);
1299 NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
1300 const DOM_SID *alias, const DOM_SID *member)
1302 return del_aliasmem(alias, member);
1305 NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
1306 const DOM_SID *alias, DOM_SID **members,
1309 return enum_aliasmem(alias, members, num_members);
1312 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
1314 DOM_SID **aliases, int *num)
1316 return alias_memberships(sid, aliases, num);
1319 /**********************************************************************
1320 no ops for passdb backends that don't implement group mapping
1321 *********************************************************************/
1323 NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
1326 return NT_STATUS_UNSUCCESSFUL;
1329 NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
1332 return NT_STATUS_UNSUCCESSFUL;
1335 NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
1338 return NT_STATUS_UNSUCCESSFUL;
1341 NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
1344 return NT_STATUS_UNSUCCESSFUL;
1347 NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
1350 return NT_STATUS_UNSUCCESSFUL;
1353 NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
1356 return NT_STATUS_UNSUCCESSFUL;
1359 NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
1360 enum SID_NAME_USE sid_name_use,
1361 GROUP_MAP **rmap, int *num_entries,
1364 return NT_STATUS_UNSUCCESSFUL;