diff options
Diffstat (limited to 'source3/nsswitch/wb_client.c')
-rw-r--r-- | source3/nsswitch/wb_client.c | 323 |
1 files changed, 306 insertions, 17 deletions
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 996d15180d..7c5a8dd054 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -269,11 +269,8 @@ static int wb_getgroups(const char *user, gid_t **groups) time consuming. If size is zero, list is not modified and the total number of groups for the user is returned. */ -int winbind_getgroups(const char *user, int size, gid_t *list) +int winbind_getgroups(const char *user, gid_t **list) { - gid_t *groups = NULL; - int result, i; - /* * Don't do the lookup if the name has no separator _and_ we are not in * 'winbind use default domain' mode. @@ -284,24 +281,316 @@ int winbind_getgroups(const char *user, int size, gid_t *list) /* Fetch list of groups */ - result = wb_getgroups(user, &groups); + return wb_getgroups(user, list); +} + +/********************************************************************** + simple wrapper function to see if winbindd is alive +**********************************************************************/ + +BOOL winbind_ping( void ) +{ + NSS_STATUS result; + + result = winbindd_request(WINBINDD_PING, NULL, NULL); + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to create a local user +**********************************************************************/ + +BOOL winbind_create_user( const char *name, uint32 *rid ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !name ) + return False; + + DEBUG(10,("winbind_create_user: %s\n", name)); + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* see if the caller wants a new RID returned */ + + if ( rid ) + request.flags = WBFLAG_ALLOCATE_RID; + + fstrcpy( request.data.acct_mgt.username, name ); + fstrcpy( request.data.acct_mgt.groupname, "" ); + + result = winbindd_request( WINBINDD_CREATE_USER, &request, &response); + + if ( rid ) + *rid = response.data.rid; + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to create a local group +**********************************************************************/ + +BOOL winbind_create_group( const char *name, uint32 *rid ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !name ) + return False; + + DEBUG(10,("winbind_create_group: %s\n", name)); + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* see if the caller wants a new RID returned */ + + if ( rid ) + request.flags = WBFLAG_ALLOCATE_RID; + + fstrcpy( request.data.acct_mgt.groupname, name ); + + + result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response); + + if ( rid ) + *rid = response.data.rid; + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to add a user to a local group +**********************************************************************/ + +BOOL winbind_add_user_to_group( const char *user, const char *group ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !user || !group ) + return False; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n", + user, group)); + + fstrcpy( request.data.acct_mgt.username, user ); + fstrcpy( request.data.acct_mgt.groupname, group ); + + result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response); + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to remove a user to a local group +**********************************************************************/ + +BOOL winbind_remove_user_from_group( const char *user, const char *group ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !user || !group ) + return False; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n", + user, group)); + + ZERO_STRUCT(response); + + result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response); + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to set the primary group for a user local user +**********************************************************************/ + +BOOL winbind_set_user_primary_group( const char *user, const char *group ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !user || !group ) + return False; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n", + user, group)); + + fstrcpy( request.data.acct_mgt.username, user ); + fstrcpy( request.data.acct_mgt.groupname, group ); + + result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response); + + return result == NSS_STATUS_SUCCESS; +} + + +/********************************************************************** + Ask winbindd to remove a user from its lists of accounts +**********************************************************************/ + +BOOL winbind_delete_user( const char *user ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !user ) + return False; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + DEBUG(10,("winbind_delete_user: user (%s)\n", user)); + + fstrcpy( request.data.acct_mgt.username, user ); + + result = winbindd_request( WINBINDD_DELETE_USER, &request, &response); + + return result == NSS_STATUS_SUCCESS; +} + +/********************************************************************** + Ask winbindd to remove a group from its lists of accounts +**********************************************************************/ + +BOOL winbind_delete_group( const char *group ) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if ( !lp_winbind_enable_local_accounts() ) + return False; + + if ( !group ) + return False; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + DEBUG(10,("winbind_delete_group: group (%s)\n", group)); + + fstrcpy( request.data.acct_mgt.groupname, group ); + + result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response); + + return result == NSS_STATUS_SUCCESS; +} + +/***********************************************************************/ +#if 0 /* not needed currently since winbindd_acct was added -- jerry */ + +/* Call winbindd to convert SID to uid. Do not allocate */ + +BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + int result; + fstring sid_str; + + if (!puid) + return False; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); - if (size == 0) - goto done; + sid_to_string(sid_str, sid); + fstrcpy(request.data.sid, sid_str); + + request.flags = WBFLAG_QUERY_ONLY; + + /* Make request */ - if (result > size) { - result = -1; - errno = EINVAL; /* This is what getgroups() does */ - goto done; + result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response); + + /* Copy out result */ + + if (result == NSS_STATUS_SUCCESS) { + *puid = response.data.uid; } - /* Copy list of groups across */ + return (result == NSS_STATUS_SUCCESS); +} + +/* Call winbindd to convert SID to gid. Do not allocate */ - for (i = 0; i < result; i++) { - list[i] = groups[i]; +BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + int result; + fstring sid_str; + + if (!pgid) + return False; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + sid_to_string(sid_str, sid); + fstrcpy(request.data.sid, sid_str); + + request.flags = WBFLAG_QUERY_ONLY; + + /* Make request */ + + result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response); + + /* Copy out result */ + + if (result == NSS_STATUS_SUCCESS) { + *pgid = response.data.gid; } - done: - SAFE_FREE(groups); - return result; + return (result == NSS_STATUS_SUCCESS); } + +#endif /* JERRY */ + +/***********************************************************************/ + |