summaryrefslogtreecommitdiff
path: root/source3/passdb/smbpassgroupunix.c
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-11-23 21:51:05 +0000
committerLuke Leighton <lkcl@samba.org>1998-11-23 21:51:05 +0000
commit4cee58780cb15fe5889b9dd0dc34459512d75062 (patch)
tree07e0db236cfdb786458451b879333bc1d687cf3c /source3/passdb/smbpassgroupunix.c
parent735926877bb8333a9e862657ea89001bea376b9f (diff)
downloadsamba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.gz
samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.bz2
samba-4cee58780cb15fe5889b9dd0dc34459512d75062.zip
unix instance of group database API
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
Diffstat (limited to 'source3/passdb/smbpassgroupunix.c')
-rw-r--r--source3/passdb/smbpassgroupunix.c239
1 files changed, 239 insertions, 0 deletions
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
new file mode 100644
index 0000000000..438b9e2daf
--- /dev/null
+++ b/source3/passdb/smbpassgroupunix.c
@@ -0,0 +1,239 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBUNIX_DB
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_member_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startsmbfilegrpent(BOOL update)
+{
+ return startsmbfilepwent(False);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+static void endsmbfilegrpent(void *vp)
+{
+ endsmbfilepwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static SMB_BIG_UINT getsmbfilegrppos(void *vp)
+{
+ return getsmbfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok)
+{
+ return setsmbfilepwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next smbpassgroup entry
+ *************************************************************************/
+static struct smb_passwd *getsmbfilegrpent(void *vp,
+ uint32 **grp_rids, int *num_grps,
+ uint32 **als_rids, int *num_alss)
+{
+ /* Static buffers we will return. */
+ struct smb_passwd *pw_buf;
+ struct passwd *pw;
+ int i;
+ int unixgrps;
+ gid_t *grps;
+
+ if (vp == NULL)
+ {
+ DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n"));
+ return NULL;
+ }
+
+ pw_buf = getsmbfilepwent(vp);
+
+ if (grp_rids != NULL)
+ {
+ (*grp_rids) = NULL;
+ (*num_grps) = 0;
+ }
+
+ if (als_rids != NULL)
+ {
+ (*als_rids) = NULL;
+ (*num_alss) = 0;
+ }
+
+ if (als_rids == NULL && grp_rids == NULL)
+ {
+ return pw_buf;
+ }
+
+ /*
+ * find all unix groups
+ */
+
+ pw = Get_Pwnam(pw_buf->smb_name, False);
+
+ if (pw == NULL)
+ {
+ return NULL;
+ }
+
+ if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+ {
+ return NULL;
+ }
+
+ /*
+ * check each unix group for a mapping as an nt alias or an nt group
+ */
+
+ for (i = 0; i < unixgrps; i++)
+ {
+ DOM_SID sid;
+ uint8 type;
+ char *unix_grpname;
+ uint32 status;
+ uint32 rid;
+
+ /*
+ * find the unix name for each user's group.
+ * assume the unix group is an nt name (alias? group? user?)
+ * (user or not our own domain will be an error).
+ */
+
+ unix_grpname = gidtoname(grps[i]);
+ if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+ {
+ /*
+ * ok, the unix groupname is mapped to an alias.
+ * check that it is in our domain.
+ */
+
+ sid_split_rid(&sid, &rid);
+ if (!sid_equal(&sid, &global_member_sid))
+ {
+ pstring sid_str;
+ sid_to_string(sid_str, &sid);
+ DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+ pw_buf->smb_name, unix_grpname, rid, sid_str));
+ continue;
+ }
+
+ if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
+ {
+ /*
+ * ok, the unix groupname is mapped to a domain group.
+ * check that it is in our domain.
+ */
+
+ sid_split_rid(&sid, &rid);
+ if (!sid_equal(&sid, &global_member_sid))
+ {
+ pstring sid_str;
+ sid_to_string(sid_str, &sid);
+ DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+ pw_buf->smb_name, unix_grpname, rid, sid_str));
+ continue;
+ }
+
+ if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+ {
+ /*
+ * server is a member of a domain or stand-alone.
+ * name is not explicitly mapped
+ * so we are responsible for it.
+ * as a LOCAL group.
+ */
+
+ rid = pwdb_gid_to_alias_rid(grps[i]);
+ if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ else if (lp_server_role() != ROLE_DOMAIN_NONE)
+ {
+ /*
+ * server is a PDC or BDC.
+ * name is explicitly mapped
+ * so we are responsible for it.
+ * as a DOMAIN group.
+ */
+
+ rid = pwdb_gid_to_group_rid(grps[i]);
+ if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ {
+ return NULL;
+ }
+ }
+ }
+
+ return pw_buf;
+}
+
+static struct passgrp_ops file_ops =
+{
+ startsmbfilegrpent,
+ endsmbfilegrpent,
+ getsmbfilegrppos,
+ setsmbfilegrppos,
+ iterate_getsmbgrpnam, /* In passgrp.c */
+ iterate_getsmbgrpuid, /* In passgrp.c */
+ iterate_getsmbgrprid, /* In passgrp.c */
+ getsmbfilegrpent,
+};
+
+struct passgrp_ops *unix_initialise_password_grp(void)
+{
+ return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void smbpass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */