summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/domain_namemap.c1317
1 files changed, 0 insertions, 1317 deletions
diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c
deleted file mode 100644
index 988f5e5d65..0000000000
--- a/source3/lib/domain_namemap.c
+++ /dev/null
@@ -1,1317 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-************************************************************/
-static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Username entry by SID.
-************************************************************/
-static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_USER, sid, grp_info);
-}
-
-/***********************************************************
- Lookup a Username SID entry by uid.
-************************************************************/
-static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_LOCAL, psid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
-}
-
-
-/************************************************************************
- Routine to look up User details by UNIX name
-*************************************************************************/
-BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
-{
- uid_t uid;
- DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
- if (nametouid(unix_usr_name, &uid))
- {
- return lookupsmbpwuid(uid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
-{
- struct cli_state cli;
- POLICY_HND lsa_pol;
- fstring srv_name;
- extern struct ntuser_creds *usr_creds;
- struct ntuser_creds usr;
-
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 num_sids;
- DOM_SID *sids;
- uint8 *types;
- char *names[1];
-
- usr_creds = &usr;
-
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
-
- DEBUG(5,("lookup_remote_ntname: %s\n", ntname));
-
- if (!cli_connect_serverlist(&cli, lp_passwordserver()))
- {
- return False;
- }
-
- names[0] = ntname;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, cli.desthost);
- strupper(srv_name);
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- 1, names,
- &sids, &types, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- if (res4 && res3 && sids != NULL && types != NULL)
- {
- sid_copy(sid, &sids[0]);
- *type = types[0];
- }
- else
- {
- res3 = False;
- }
- if (types != NULL)
- {
- free(types);
- }
-
- if (sids != NULL)
- {
- free(sids);
- }
-
- return res3 && res4;
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
- DOM_NAME_MAP *gmep)
-{
- /*
- * check with the PDC to see if it owns the name. if so,
- * the SID is resolved with the PDC database.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
- {
- if (sid_front_equal(&gmep->sid, &global_member_sid) &&
- strequal(gmep->nt_domain, global_myworkgroup) &&
- gmep->type == expected_type)
- {
- return True;
- }
- return False;
- }
- }
-
- /*
- * ... otherwise, it's one of ours. map the sid ourselves,
- * which can only happen in our own SAM database.
- */
-
- if (!strequal(gmep->nt_domain, global_sam_name))
- {
- return False;
- }
- if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
- {
- return False;
- }
-
- return True;
-}
-
-/*
- * used by lookup functions below
- */
-
-static fstring nt_name;
-static fstring unix_name;
-static fstring nt_domain;
-
-/*************************************************************************
- looks up a uid, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
- if (map_username_uid(uid, gmep))
- {
- return True;
- }
-#if 0
- if (lp_server_role() != ROLE_DOMAIN_NONE)
-#endif
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)uid;
-
- /*
- * ok, assume it's one of ours. then double-check it
- * if we are a member of a domain
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->nt_name, uidtoname(uid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
-#endif
- }
-
- /*
- * ok, it's one of ours.
- */
-
- gmep->nt_domain = global_sam_name;
- pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by NT name, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
-
- if (!split_domain_name(fullntname, nt_domain, nt_name))
- {
- return False;
- }
-
- if (map_nt_username(nt_name, nt_domain, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- uid_t uid;
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->unix_name, gmep->nt_name);
- if (!nametouid(gmep->unix_name, &uid))
- {
- return False;
- }
- gmep->unix_id = (uint32)uid;
-
- return get_sid_and_type(fullntname, gmep->type, gmep);
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by RID, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
-
- if (map_username_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/************************************************************************
- Routine to look up group / alias / well-known group RID by UNIX name
-*************************************************************************/
-BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
-{
- gid_t gid;
- DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
- if (nametogid(unix_grp_name, &gid))
- {
- return lookupsmbgrpgid(gid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/*************************************************************************
- looks up a SID, returns name map entry
-*************************************************************************/
-BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
-
- if (map_alias_sid(sid, gmep))
- {
- return True;
- }
- if (map_group_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
-
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops */
- return False;
-}
-
-/*************************************************************************
- looks up a gid, returns RID and type local, domain or well-known domain group
-*************************************************************************/
-BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
- if (map_alias_gid(gid, gmep))
- {
- return True;
- }
- if (map_group_gid(gid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)gid;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
- {
- return True;
- }
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
- fstrcpy(gmep->nt_name, gidtoname(gid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
- }
-
- /* oops */
- return False;
-}
-