search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:selftest: run samba4.rpc.lsa.secrets with more principal combinations
[Samba.git] / source3 / passdb / pdb_wbc_sam.c
blobb73fcc4a46eb92fc62607be88a7815377185ec33
1 /*
2 Unix SMB/CIFS implementation.
3
4 Password and authentication handling by wbclient
5
6 Copyright (C) Andrew Bartlett 2002
7 Copyright (C) Jelmer Vernooij 2002
8 Copyright (C) Simo Sorce 2003
9 Copyright (C) Volker Lendecke 2006
10 Copyright (C) Dan Sledz 2009
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 /* This passdb module retrieves full passdb information for local users and
27 * groups from a wbclient compatible daemon.
28 *
29 * The purpose of this module is to defer all SAM authorization information
30 * storage and retrieval to a wbc compatible daemon.
31 *
32 * This passdb backend is most useful when used in conjunction with auth_wbc.
33 *
34 * A few current limitations of this module are:
35 * - read only interface
36 * - no privileges
37 */
38
39 #include "includes.h"
40 #include "passdb.h"
41 #include "lib/winbind_util.h"
42 #include "passdb/pdb_wbc_sam.h"
43 #include "idmap.h"
44
45 /***************************************************************************
46 Default implementations of some functions.
47 ****************************************************************************/
48 static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
49 struct samu *user,
50 const struct passwd *pwd)
51 {
52 NTSTATUS result = NT_STATUS_OK;
53
54 if (pwd == NULL)
55 return NT_STATUS_NO_SUCH_USER;
56
57 ZERO_STRUCTP(user);
58
59 /* Can we really get away with this little of information */
60 user->methods = methods;
61 result = samu_set_unix(user, pwd);
62
63 return result;
64 }
65
66 static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
67 {
68 return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname));
69 }
70
71 static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const struct dom_sid *sid)
72 {
73 return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
74 }
75
76 static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
77 struct dom_sid *sid)
78 {
79 switch (id->type) {
80 case ID_TYPE_UID:
81 return winbind_uid_to_sid(sid, id->id);
82
83 case ID_TYPE_GID:
84 return winbind_gid_to_sid(sid, id->id);
85
86 default:
87 return false;
88 }
89 }
90
91 static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
92 TALLOC_CTX *mem_ctx,
93 const struct dom_sid *group,
94 uint32_t **pp_member_rids,
95 size_t *p_num_members)
96 {
97 return NT_STATUS_NOT_IMPLEMENTED;
98 }
99
100 static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods,
101 TALLOC_CTX *mem_ctx,
102 struct samu *user,
103 struct dom_sid **pp_sids,
104 gid_t **pp_gids,
105 uint32_t *p_num_groups)
106 {
107 size_t i;
108 const char *username = pdb_get_username(user);
109 uint32_t num_groups;
110
111 if (!winbind_get_groups(mem_ctx, username, &num_groups, pp_gids)) {
112 return NT_STATUS_NO_SUCH_USER;
113 }
114 *p_num_groups = num_groups;
115
116 if (*p_num_groups == 0) {
117 smb_panic("primary group missing");
118 }
119
120 *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
121
122 if (*pp_sids == NULL) {
123 TALLOC_FREE(*pp_gids);
124 return NT_STATUS_NO_MEMORY;
125 }
126
127 for (i=0; i < *p_num_groups; i++) {
128 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
129 }
130
131 return NT_STATUS_OK;
132 }
133
134 static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods,
135 const struct dom_sid *domain_sid,
136 int num_rids,
137 uint32_t *rids,
138 const char **names,
139 enum lsa_SidType *attrs)
140 {
141 NTSTATUS result = NT_STATUS_OK;
142 const char *p = NULL;
143 const char **pp = NULL;
144 char *domain = NULL;
145 char **account_names = NULL;
146 enum lsa_SidType *attr_list = NULL;
147 int i;
148
149 if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids,
150 &p, &pp, &attr_list))
151 {
152 result = NT_STATUS_NONE_MAPPED;
153 goto done;
154 }
155 domain = discard_const_p(char, p);
156 account_names = discard_const_p(char *, pp);
157
158 memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType));
159
160 for (i=0; i<num_rids; i++) {
161 if (attrs[i] == SID_NAME_UNKNOWN) {
162 names[i] = NULL;
163 } else {
164 names[i] = talloc_strdup(names, account_names[i]);
165 if (names[i] == NULL) {
166 result = NT_STATUS_NO_MEMORY;
167 goto done;
168 }
169
170 }
171 }
172
173 done:
174 TALLOC_FREE(account_names);
175 TALLOC_FREE(domain);
176 TALLOC_FREE(attr_list);
177 return result;
178 }
179
180 static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
181 {
182 return NT_STATUS_UNSUCCESSFUL;
183 }
184
185 static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
186 {
187 return NT_STATUS_UNSUCCESSFUL;
188 }
189
190 static bool pdb_wbc_sam_search_groups(struct pdb_methods *methods,
191 struct pdb_search *search)
192 {
193 return false;
194 }
195
196 static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods,
197 struct pdb_search *search,
198 const struct dom_sid *sid)
199 {
200
201 return false;
202 }
203
204 static bool pdb_wbc_sam_get_trusteddom_pw(struct pdb_methods *methods,
205 const char *domain,
206 char **pwd,
207 struct dom_sid *sid,
208 time_t *pass_last_set_time)
209 {
210 return false;
211
212 }
213
214 static bool pdb_wbc_sam_set_trusteddom_pw(struct pdb_methods *methods,
215 const char *domain,
216 const char *pwd,
217 const struct dom_sid *sid)
218 {
219 return false;
220 }
221
222 static bool pdb_wbc_sam_del_trusteddom_pw(struct pdb_methods *methods,
223 const char *domain)
224 {
225 return false;
226 }
227
228 static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
229 TALLOC_CTX *mem_ctx,
230 uint32_t *num_domains,
231 struct trustdom_info ***domains)
232 {
233 return NT_STATUS_NOT_IMPLEMENTED;
234 }
235
236 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
237 {
238 map->nt_name = talloc_asprintf(map, "%s%c%s",
239 domain, *lp_winbind_separator(), name);
240 if (!map->nt_name) {
241 return false;
242 }
243 map->sid_name_use = name_type;
244 map->sid = *sid;
245 map->gid = gid;
246 return true;
247 }
248
249 static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
250 struct dom_sid sid)
251 {
252 NTSTATUS result = NT_STATUS_OK;
253 const char *p1 = NULL, *p2 = NULL;
254 char *name = NULL;
255 char *domain = NULL;
256 enum lsa_SidType name_type;
257 gid_t gid;
258
259 if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) {
260 result = NT_STATUS_NO_SUCH_GROUP;
261 goto done;
262 }
263 domain = discard_const_p(char, p1);
264 name = discard_const_p(char, p2);
265
266 if ((name_type != SID_NAME_DOM_GRP) &&
267 (name_type != SID_NAME_DOMAIN) &&
268 (name_type != SID_NAME_ALIAS) &&
269 (name_type != SID_NAME_WKN_GRP)) {
270 result = NT_STATUS_NO_SUCH_GROUP;
271 goto done;
272 }
273
274 if (!winbind_sid_to_gid(&gid, &sid)) {
275 result = NT_STATUS_NO_SUCH_GROUP;
276 goto done;
277 }
278
279 if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
280 result = NT_STATUS_NO_SUCH_GROUP;
281 goto done;
282 }
283
284 done:
285 TALLOC_FREE(name);
286 TALLOC_FREE(domain);
287 return result;
288 }
289
290 static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
291 gid_t gid)
292 {
293 NTSTATUS result = NT_STATUS_OK;
294 const char *p1 = NULL, *p2 = NULL;
295 char *name = NULL;
296 char *domain = NULL;
297 struct dom_sid sid;
298 enum lsa_SidType name_type;
299
300 if (!winbind_gid_to_sid(&sid, gid)) {
301 result = NT_STATUS_NO_SUCH_GROUP;
302 goto done;
303 }
304
305 if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) {
306 result = NT_STATUS_NO_SUCH_GROUP;
307 goto done;
308 }
309 domain = discard_const_p(char, p1);
310 name = discard_const_p(char, p2);
311
312 if ((name_type != SID_NAME_DOM_GRP) &&
313 (name_type != SID_NAME_DOMAIN) &&
314 (name_type != SID_NAME_ALIAS) &&
315 (name_type != SID_NAME_WKN_GRP)) {
316 result = NT_STATUS_NO_SUCH_GROUP;
317 goto done;
318 }
319
320 if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
321 result = NT_STATUS_NO_SUCH_GROUP;
322 goto done;
323 }
324
325 done:
326 TALLOC_FREE(name);
327 TALLOC_FREE(domain);
328
329 return result;
330 }
331
332 static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
333 const char *name)
334 {
335 NTSTATUS result = NT_STATUS_OK;
336 const char *domain = "";
337 struct dom_sid sid;
338 gid_t gid;
339 enum lsa_SidType name_type;
340
341 if (!winbind_lookup_name(domain, name, &sid, &name_type)) {
342 result = NT_STATUS_NO_SUCH_GROUP;
343 goto done;
344 }
345
346 if ((name_type != SID_NAME_DOM_GRP) &&
347 (name_type != SID_NAME_DOMAIN) &&
348 (name_type != SID_NAME_ALIAS) &&
349 (name_type != SID_NAME_WKN_GRP)) {
350 result = NT_STATUS_NO_SUCH_GROUP;
351 goto done;
352 }
353
354 if (!winbind_sid_to_gid(&gid, &sid)) {
355 result = NT_STATUS_NO_SUCH_GROUP;
356 goto done;
357 }
358
359 if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
360 result = NT_STATUS_NO_SUCH_GROUP;
361 goto done;
362 }
363
364 done:
365
366 return result;
367 }
368
369 static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
370 const struct dom_sid *sid, enum lsa_SidType sid_name_use,
371 GROUP_MAP ***pp_rmap, size_t *p_num_entries,
372 bool unix_only)
373 {
374 return NT_STATUS_NOT_IMPLEMENTED;
375 }
376
377 static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods,
378 const struct dom_sid *sid,
379 struct acct_info *info)
380 {
381 return NT_STATUS_NOT_IMPLEMENTED;
382 }
383
384 static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods,
385 const struct dom_sid *alias,
386 TALLOC_CTX *mem_ctx,
387 struct dom_sid **pp_members,
388 size_t *p_num_members)
389 {
390 return NT_STATUS_NOT_IMPLEMENTED;
391 }
392
393 static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods,
394 TALLOC_CTX *mem_ctx,
395 const struct dom_sid *domain_sid,
396 const struct dom_sid *members,
397 size_t num_members,
398 uint32_t **pp_alias_rids,
399 size_t *p_num_alias_rids)
400 {
401 if (!winbind_get_sid_aliases(mem_ctx, domain_sid,
402 members, num_members, pp_alias_rids, p_num_alias_rids))
403 return NT_STATUS_UNSUCCESSFUL;
404
405 return NT_STATUS_OK;
406 }
407
408 static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *location)
409 {
410 NTSTATUS result;
411
412 if (!NT_STATUS_IS_OK(result = make_pdb_method( pdb_method))) {
413 return result;
414 }
415
416 (*pdb_method)->name = "wbc_sam";
417
418 (*pdb_method)->getsampwnam = pdb_wbc_sam_getsampwnam;
419 (*pdb_method)->getsampwsid = pdb_wbc_sam_getsampwsid;
420
421 (*pdb_method)->getgrsid = pdb_wbc_sam_getgrsid;
422 (*pdb_method)->getgrgid = pdb_wbc_sam_getgrgid;
423 (*pdb_method)->getgrnam = pdb_wbc_sam_getgrnam;
424 (*pdb_method)->enum_group_mapping = pdb_wbc_sam_enum_group_mapping;
425 (*pdb_method)->enum_group_members = pdb_wbc_sam_enum_group_members;
426 (*pdb_method)->enum_group_memberships = pdb_wbc_sam_enum_group_memberships;
427 (*pdb_method)->get_aliasinfo = pdb_wbc_sam_get_aliasinfo;
428 (*pdb_method)->enum_aliasmem = pdb_wbc_sam_enum_aliasmem;
429 (*pdb_method)->enum_alias_memberships = pdb_wbc_sam_alias_memberships;
430 (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
431 (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
432 (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
433 (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid;
434
435 (*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
436 (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
437
438 (*pdb_method)->get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw;
439 (*pdb_method)->set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw;
440 (*pdb_method)->del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw;
441 (*pdb_method)->enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms;
442
443 (*pdb_method)->private_data = NULL;
444 (*pdb_method)->free_private_data = NULL;
445
446 return NT_STATUS_OK;
447 }
448
449 NTSTATUS pdb_wbc_sam_init(void)
450 {
451 return smb_register_passdb(PASSDB_INTERFACE_VERSION, "wbc_sam", pdb_init_wbc_sam);
452 }
Samba GIT mirror