1 files changed, 239 insertions, 0 deletions
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
new file mode 100644
index 0000000000..438b9e2daf
--- /dev/null
+++ b/source3/passdb/smbpassgroupunix.c
@@ -0,0 +1,239 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBUNIX_DB
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_member_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startsmbfilegrpent(BOOL update)
+{
+	return startsmbfilepwent(False);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+static void endsmbfilegrpent(void *vp)
+{
+	endsmbfilepwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static SMB_BIG_UINT getsmbfilegrppos(void *vp)
+{
+	return getsmbfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok)
+{
+	return setsmbfilepwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next smbpassgroup entry
+ *************************************************************************/
+static struct smb_passwd *getsmbfilegrpent(void *vp,
+		uint32 **grp_rids, int *num_grps,
+		uint32 **als_rids, int *num_alss)
+{
+	/* Static buffers we will return. */
+	struct smb_passwd *pw_buf;
+	struct passwd *pw;
+	int i;
+	int unixgrps;
+	gid_t *grps;
+
+	if (vp == NULL)
+	{
+		DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n"));
+		return NULL;
+	}
+
+	pw_buf = getsmbfilepwent(vp);
+	
+	if (grp_rids != NULL)
+	{
+		(*grp_rids) = NULL;
+		(*num_grps) = 0;
+	}
+
+	if (als_rids != NULL)
+	{
+		(*als_rids) = NULL;
+		(*num_alss) = 0;
+	}
+	
+	if (als_rids == NULL && grp_rids == NULL)
+	{
+		return pw_buf;
+	}
+
+	/*
+	 * find all unix groups
+	 */
+
+	pw = Get_Pwnam(pw_buf->smb_name, False);
+
+	if (pw == NULL)
+	{
+		return NULL;
+	}
+
+	if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+	{
+		return NULL;
+	}
+
+	/*
+	 * check each unix group for a mapping as an nt alias or an nt group
+	 */
+
+	for (i = 0; i < unixgrps; i++)
+	{
+		DOM_SID sid;
+		uint8 type;
+		char *unix_grpname;
+		uint32 status;
+		uint32 rid;
+
+		/*
+		 * find the unix name for each user's group.
+		 * assume the unix group is an nt name (alias? group? user?)
+		 * (user or not our own domain will be an error).
+		 */
+
+		unix_grpname = gidtoname(grps[i]);
+		if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+		{
+			/*
+			 * ok, the unix groupname is mapped to an alias.
+			 * check that it is in our domain.
+			 */
+
+			sid_split_rid(&sid, &rid);
+			if (!sid_equal(&sid, &global_member_sid))
+			{
+				pstring sid_str;
+				sid_to_string(sid_str, &sid);
+				DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+				          pw_buf->smb_name, unix_grpname, rid, sid_str));
+				continue;
+			}
+
+			if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
+		{
+			/*
+			 * ok, the unix groupname is mapped to a domain group.
+			 * check that it is in our domain.
+			 */
+
+			sid_split_rid(&sid, &rid);
+			if (!sid_equal(&sid, &global_member_sid))
+			{
+				pstring sid_str;
+				sid_to_string(sid_str, &sid);
+				DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+				          pw_buf->smb_name, unix_grpname, rid, sid_str));
+				continue;
+			}
+
+			if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+		{
+			/*
+			 * server is a member of a domain or stand-alone.
+			 * name is not explicitly mapped
+			 * so we are responsible for it.
+			 * as a LOCAL group.
+			 */
+
+			rid = pwdb_gid_to_alias_rid(grps[i]);
+			if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (lp_server_role() != ROLE_DOMAIN_NONE)
+		{
+			/*
+			 * server is a PDC or BDC.
+			 * name is explicitly mapped
+			 * so we are responsible for it.
+			 * as a DOMAIN group.
+			 */
+
+			rid = pwdb_gid_to_group_rid(grps[i]);
+			if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+	}
+
+	return pw_buf;
+}
+
+static struct passgrp_ops file_ops =
+{
+	startsmbfilegrpent,
+	endsmbfilegrpent,
+	getsmbfilegrppos,
+	setsmbfilegrppos,
+	iterate_getsmbgrpnam,          /* In passgrp.c */
+	iterate_getsmbgrpuid,          /* In passgrp.c */
+	iterate_getsmbgrprid,          /* In passgrp.c */
+	getsmbfilegrpent,
+};
+
+struct passgrp_ops *unix_initialise_password_grp(void)
+{    
+  return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void smbpass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */