diff options
author | Luke Leighton <lkcl@samba.org> | 1998-11-23 21:51:05 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-11-23 21:51:05 +0000 |
commit | 4cee58780cb15fe5889b9dd0dc34459512d75062 (patch) | |
tree | 07e0db236cfdb786458451b879333bc1d687cf3c /source3/passdb/smbpassgroupunix.c | |
parent | 735926877bb8333a9e862657ea89001bea376b9f (diff) | |
download | samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.gz samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.bz2 samba-4cee58780cb15fe5889b9dd0dc34459512d75062.zip |
unix instance of group database API
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
Diffstat (limited to 'source3/passdb/smbpassgroupunix.c')
-rw-r--r-- | source3/passdb/smbpassgroupunix.c | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c new file mode 100644 index 0000000000..438b9e2daf --- /dev/null +++ b/source3/passdb/smbpassgroupunix.c @@ -0,0 +1,239 @@ +/* + * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBUNIX_DB + +extern int DEBUGLEVEL; +extern DOM_SID global_member_sid; + +/*************************************************************** + Start to enumerate the smbpasswd list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startsmbfilegrpent(BOOL update) +{ + return startsmbfilepwent(False); +} + +/*************************************************************** + End enumeration of the smbpasswd list. +****************************************************************/ + +static void endsmbfilegrpent(void *vp) +{ + endsmbfilepwent(vp); +} + +/************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static SMB_BIG_UINT getsmbfilegrppos(void *vp) +{ + return getsmbfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok) +{ + return setsmbfilepwpos(vp, tok); +} + +/************************************************************************* + Routine to return the next smbpassgroup entry + *************************************************************************/ +static struct smb_passwd *getsmbfilegrpent(void *vp, + uint32 **grp_rids, int *num_grps, + uint32 **als_rids, int *num_alss) +{ + /* Static buffers we will return. */ + struct smb_passwd *pw_buf; + struct passwd *pw; + int i; + int unixgrps; + gid_t *grps; + + if (vp == NULL) + { + DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n")); + return NULL; + } + + pw_buf = getsmbfilepwent(vp); + + if (grp_rids != NULL) + { + (*grp_rids) = NULL; + (*num_grps) = 0; + } + + if (als_rids != NULL) + { + (*als_rids) = NULL; + (*num_alss) = 0; + } + + if (als_rids == NULL && grp_rids == NULL) + { + return pw_buf; + } + + /* + * find all unix groups + */ + + pw = Get_Pwnam(pw_buf->smb_name, False); + + if (pw == NULL) + { + return NULL; + } + + if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps)) + { + return NULL; + } + + /* + * check each unix group for a mapping as an nt alias or an nt group + */ + + for (i = 0; i < unixgrps; i++) + { + DOM_SID sid; + uint8 type; + char *unix_grpname; + uint32 status; + uint32 rid; + + /* + * find the unix name for each user's group. + * assume the unix group is an nt name (alias? group? user?) + * (user or not our own domain will be an error). + */ + + unix_grpname = gidtoname(grps[i]); + if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL)) + { + /* + * ok, the unix groupname is mapped to an alias. + * check that it is in our domain. + */ + + sid_split_rid(&sid, &rid); + if (!sid_equal(&sid, &global_member_sid)) + { + pstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n", + pw_buf->smb_name, unix_grpname, rid, sid_str)); + continue; + } + + if (add_num_to_list(als_rids, num_alss, rid) == NULL) + { + return NULL; + } + } + else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL)) + { + /* + * ok, the unix groupname is mapped to a domain group. + * check that it is in our domain. + */ + + sid_split_rid(&sid, &rid); + if (!sid_equal(&sid, &global_member_sid)) + { + pstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n", + pw_buf->smb_name, unix_grpname, rid, sid_str)); + continue; + } + + if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + return NULL; + } + } + else if (lp_server_role() == ROLE_DOMAIN_MEMBER) + { + /* + * server is a member of a domain or stand-alone. + * name is not explicitly mapped + * so we are responsible for it. + * as a LOCAL group. + */ + + rid = pwdb_gid_to_alias_rid(grps[i]); + if (add_num_to_list(als_rids, num_alss, rid) == NULL) + { + return NULL; + } + } + else if (lp_server_role() != ROLE_DOMAIN_NONE) + { + /* + * server is a PDC or BDC. + * name is explicitly mapped + * so we are responsible for it. + * as a DOMAIN group. + */ + + rid = pwdb_gid_to_group_rid(grps[i]); + if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + return NULL; + } + } + } + + return pw_buf; +} + +static struct passgrp_ops file_ops = +{ + startsmbfilegrpent, + endsmbfilegrpent, + getsmbfilegrppos, + setsmbfilegrppos, + iterate_getsmbgrpnam, /* In passgrp.c */ + iterate_getsmbgrpuid, /* In passgrp.c */ + iterate_getsmbgrprid, /* In passgrp.c */ + getsmbfilegrpent, +}; + +struct passgrp_ops *unix_initialise_password_grp(void) +{ + return &file_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void smbpass_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ |