From 4cee58780cb15fe5889b9dd0dc34459512d75062 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 23 Nov 1998 21:51:05 +0000 Subject: unix instance of group database API (This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078) --- source3/passdb/passdb.c | 2 +- source3/passdb/passgrp.c | 6 +- source3/passdb/smbpass.c | 24 ++-- source3/passdb/smbpassgroup.c | 12 +- source3/passdb/smbpassgroupunix.c | 239 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 263 insertions(+), 20 deletions(-) create mode 100644 source3/passdb/smbpassgroupunix.c (limited to 'source3/passdb') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index da45f15f5f..a7635308b7 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -69,7 +69,7 @@ BOOL initialise_password_db(void) pwdb_ops = nisplus_initialise_password_db(); #elif defined(WITH_LDAP) pwdb_ops = ldap_initialise_password_db(); -#else +#elif defined(USE_SMBPASS_DB) pwdb_ops = file_initialise_password_db(); #endif diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c index ded9ef33d2..f626dd978a 100644 --- a/source3/passdb/passgrp.c +++ b/source3/passdb/passgrp.c @@ -34,7 +34,7 @@ extern int DEBUGLEVEL; * */ -static struct passgrp_ops *pwgrp_ops; +static struct passgrp_ops *pwgrp_ops = NULL; /*************************************************************** Initialise the passgrp operations. @@ -51,7 +51,9 @@ BOOL initialise_passgrp_db(void) pwgrp_ops = nisplus_initialise_password_grp(); #elif defined(WITH_LDAP) pwgrp_ops = ldap_initialise_password_grp(); -#else +#elif defined(USE_SMBUNIX_DB) + pwgrp_ops = unix_initialise_password_grp(); +#elif defined(USE_SMBPASS_DB) pwgrp_ops = file_initialise_password_grp(); #endif diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 67f8ea6cfb..62fdabe7fe 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -33,7 +33,7 @@ static char s_readbuf[1024]; to ensure no modification outside this module. ****************************************************************/ -static void *startsmbfilepwent(BOOL update) +void *startsmbfilepwent(BOOL update) { return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), &pw_file_lock_depth, update); @@ -43,7 +43,7 @@ static void *startsmbfilepwent(BOOL update) End enumeration of the smbpasswd list. ****************************************************************/ -static void endsmbfilepwent(void *vp) +void endsmbfilepwent(void *vp) { endfilepwent(vp, &pw_file_lock_depth); } @@ -53,7 +53,7 @@ static void endsmbfilepwent(void *vp) This must be treated as an opaque token. *************************************************************************/ -static SMB_BIG_UINT getsmbfilepwpos(void *vp) +SMB_BIG_UINT getsmbfilepwpos(void *vp) { return getfilepwpos(vp); } @@ -63,7 +63,7 @@ static SMB_BIG_UINT getsmbfilepwpos(void *vp) This must be treated as an opaque token. *************************************************************************/ -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) { return setfilepwpos(vp, tok); } @@ -71,7 +71,7 @@ static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) /************************************************************************* Routine to return the next entry in the smbpasswd list. *************************************************************************/ -static struct smb_passwd *getsmbfilepwent(void *vp) +struct smb_passwd *getsmbfilepwent(void *vp) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; @@ -80,7 +80,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) static unsigned char smbntpwd[16]; struct passwd *pwfile; char linebuf[256]; - unsigned char *p; + char *p; int uidval; size_t linebuf_len; @@ -118,14 +118,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - p = (unsigned char *)strncpyn(user_name, linebuf, sizeof(user_name), ':'); + p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); /* Go past ':' */ p++; /* Get smb uid. */ - p = (unsigned char *)Atoic((char *) p, &uidval, ":"); + p = Atoic( p, &uidval, ":"); pw_buf.smb_name = user_name; pw_buf.smb_userid = uidval; @@ -161,14 +161,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp) continue; } - if (!strncasecmp((char *) p, "NO PASSWORD", 11)) + if (!strncasecmp( p, "NO PASSWORD", 11)) { pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_PWNOTREQ; } else { - if (!pwdb_gethexpwd((char *)p, (char *)smbpwd)) + if (!pwdb_gethexpwd(p, (char *)smbpwd)) { DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); continue; @@ -188,7 +188,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) { if (*p != '*' && *p != 'X') { - if(pwdb_gethexpwd((char *)p,(char *)smbntpwd)) + if(pwdb_gethexpwd(p,(char *)smbntpwd)) { pw_buf.smb_nt_passwd = smbntpwd; } @@ -218,7 +218,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) if (*p == ':') { p++; - pw_buf.pass_last_set_time = pwdb_get_last_set_time((char *)p); + pw_buf.pass_last_set_time = pwdb_get_last_set_time(p); } } else diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c index f3a0d4244b..8e92f0e831 100644 --- a/source3/passdb/smbpassgroup.c +++ b/source3/passdb/smbpassgroup.c @@ -19,7 +19,7 @@ #include "includes.h" -#ifdef USE_SMBPASS_DB +#ifdef USE_SMBGROUP_DB static int grp_file_lock_depth = 0; extern int DEBUGLEVEL; @@ -96,7 +96,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp, /* * The line we have should be of the form :- * - * username:uid:domainrid1,domainrid2..:aliassid1,aliassid2..: + * username:uid:aliassid1,aliassid2..:domainrid1,domainrid2..: */ /* @@ -116,9 +116,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp, pw_buf.smb_userid = uidval; /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. + * Now get a list of alias RIDs */ /* Skip the ':' */ @@ -139,6 +137,10 @@ static struct smb_passwd *getsmbfilegrpent(void *vp, } } + /* + * Now get a list of group RIDs + */ + /* Skip the ':' */ p++; diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c new file mode 100644 index 0000000000..438b9e2daf --- /dev/null +++ b/source3/passdb/smbpassgroupunix.c @@ -0,0 +1,239 @@ +/* + * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBUNIX_DB + +extern int DEBUGLEVEL; +extern DOM_SID global_member_sid; + +/*************************************************************** + Start to enumerate the smbpasswd list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startsmbfilegrpent(BOOL update) +{ + return startsmbfilepwent(False); +} + +/*************************************************************** + End enumeration of the smbpasswd list. +****************************************************************/ + +static void endsmbfilegrpent(void *vp) +{ + endsmbfilepwent(vp); +} + +/************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static SMB_BIG_UINT getsmbfilegrppos(void *vp) +{ + return getsmbfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok) +{ + return setsmbfilepwpos(vp, tok); +} + +/************************************************************************* + Routine to return the next smbpassgroup entry + *************************************************************************/ +static struct smb_passwd *getsmbfilegrpent(void *vp, + uint32 **grp_rids, int *num_grps, + uint32 **als_rids, int *num_alss) +{ + /* Static buffers we will return. */ + struct smb_passwd *pw_buf; + struct passwd *pw; + int i; + int unixgrps; + gid_t *grps; + + if (vp == NULL) + { + DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n")); + return NULL; + } + + pw_buf = getsmbfilepwent(vp); + + if (grp_rids != NULL) + { + (*grp_rids) = NULL; + (*num_grps) = 0; + } + + if (als_rids != NULL) + { + (*als_rids) = NULL; + (*num_alss) = 0; + } + + if (als_rids == NULL && grp_rids == NULL) + { + return pw_buf; + } + + /* + * find all unix groups + */ + + pw = Get_Pwnam(pw_buf->smb_name, False); + + if (pw == NULL) + { + return NULL; + } + + if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps)) + { + return NULL; + } + + /* + * check each unix group for a mapping as an nt alias or an nt group + */ + + for (i = 0; i < unixgrps; i++) + { + DOM_SID sid; + uint8 type; + char *unix_grpname; + uint32 status; + uint32 rid; + + /* + * find the unix name for each user's group. + * assume the unix group is an nt name (alias? group? user?) + * (user or not our own domain will be an error). + */ + + unix_grpname = gidtoname(grps[i]); + if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL)) + { + /* + * ok, the unix groupname is mapped to an alias. + * check that it is in our domain. + */ + + sid_split_rid(&sid, &rid); + if (!sid_equal(&sid, &global_member_sid)) + { + pstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n", + pw_buf->smb_name, unix_grpname, rid, sid_str)); + continue; + } + + if (add_num_to_list(als_rids, num_alss, rid) == NULL) + { + return NULL; + } + } + else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL)) + { + /* + * ok, the unix groupname is mapped to a domain group. + * check that it is in our domain. + */ + + sid_split_rid(&sid, &rid); + if (!sid_equal(&sid, &global_member_sid)) + { + pstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n", + pw_buf->smb_name, unix_grpname, rid, sid_str)); + continue; + } + + if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + return NULL; + } + } + else if (lp_server_role() == ROLE_DOMAIN_MEMBER) + { + /* + * server is a member of a domain or stand-alone. + * name is not explicitly mapped + * so we are responsible for it. + * as a LOCAL group. + */ + + rid = pwdb_gid_to_alias_rid(grps[i]); + if (add_num_to_list(als_rids, num_alss, rid) == NULL) + { + return NULL; + } + } + else if (lp_server_role() != ROLE_DOMAIN_NONE) + { + /* + * server is a PDC or BDC. + * name is explicitly mapped + * so we are responsible for it. + * as a DOMAIN group. + */ + + rid = pwdb_gid_to_group_rid(grps[i]); + if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + return NULL; + } + } + } + + return pw_buf; +} + +static struct passgrp_ops file_ops = +{ + startsmbfilegrpent, + endsmbfilegrpent, + getsmbfilegrppos, + setsmbfilegrppos, + iterate_getsmbgrpnam, /* In passgrp.c */ + iterate_getsmbgrpuid, /* In passgrp.c */ + iterate_getsmbgrprid, /* In passgrp.c */ + getsmbfilegrpent, +}; + +struct passgrp_ops *unix_initialise_password_grp(void) +{ + return &file_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void smbpass_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ -- cgit