search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
port latest changes from SAMBA_3_0 tree
[Samba/bb.git] / source / nsswitch / winbindd_acct.c
blob8abfd17110804a3ac024747227df214f4037669d
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind account management functions
5
6 Copyright (C) by Gerald (Jerry) Carter 2003
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "winbindd.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_WINBIND
27
28 #define WBKEY_PASSWD "WBA_PASSWD"
29 #define WBKEY_GROUP "WBA_GROUP"
30
31 #define NUM_PW_FIELDS 7
32 #define NUM_GRP_FIELDS 4
33
34 /* Globals */
35
36 static TDB_CONTEXT *account_tdb;
37
38 extern userdom_struct current_user_info;
39
40 struct _check_primary_grp {
41 gid_t gid;
42 BOOL found;
43 };
44
45 /**********************************************************************
46 **********************************************************************/
47
48 static void free_winbindd_gr( WINBINDD_GR *grp )
49 {
50 int i;
51
52 if ( !grp )
53 return;
54
55 for ( i=0; i<grp->num_gr_mem; i++ )
56 SAFE_FREE( grp->gr_mem[i] );
57
58 SAFE_FREE( grp->gr_mem );
59
60 return;
61 }
62
63 /*****************************************************************************
64 Initialise auto-account database.
65 *****************************************************************************/
66
67 static BOOL winbindd_accountdb_init(void)
68 {
69 /* see if we've already opened the tdb */
70
71 if ( account_tdb )
72 return True;
73
74 /* Nope. Try to open it */
75
76 if (!(account_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0,
77 TDB_DEFAULT, O_RDWR | O_CREAT, 0600)))
78 {
79 /* last chance -- maybe idmap has already opened it */
80 if ( !(account_tdb = idmap_tdb_handle()) ) {
81
82 DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
83 return False;
84 }
85 }
86
87 /* yeah! */
88
89 return True;
90 }
91
92 /**********************************************************************
93 Convert a string in /etc/passwd format to a struct passwd* entry
94 **********************************************************************/
95
96 static WINBINDD_PW* string2passwd( char *string )
97 {
98 static WINBINDD_PW pw;
99 char *p, *str;
100 char *fields[NUM_PW_FIELDS];
101 int i;
102
103 if ( !string )
104 return NULL;
105
106 ZERO_STRUCTP( &pw );
107
108 DEBUG(10,("string2passwd: converting \"%s\"\n", string));
109
110 ZERO_STRUCT( fields );
111
112 for ( i=0, str=string; i<NUM_PW_FIELDS-1; i++ ) {
113 if ( !(p = strchr( str, ':' )) ) {
114 DEBUG(0,("string2passwd: parsing failure\n"));
115 return NULL;
116 }
117 *p = '\0';
118 if ( str )
119 fields[i] = str;
120 str = p + 1;
121 }
122 if ( str )
123 fields[i] = str;
124
125 /* copy fields */
126
127 fstrcpy( pw.pw_name, fields[0] );
128 fstrcpy( pw.pw_passwd, fields[1] );
129 pw.pw_uid = atoi( fields[2] );
130 pw.pw_gid = atoi( fields[3] );
131 fstrcpy( pw.pw_gecos, fields[4] );
132 fstrcpy( pw.pw_dir, fields[5] );
133 fstrcpy( pw.pw_shell, fields[6] );
134
135
136 /* last minute sanity checks */
137
138 if ( pw.pw_uid==0 || pw.pw_gid==0 ) {
139 DEBUG(0,("string2passwd: Failure! uid==%lu, gid==%lu\n",
140 (unsigned long)pw.pw_uid, (unsigned long)pw.pw_gid));
141 return NULL;
142 }
143
144 DEBUG(10,("string2passwd: Success\n"));
145
146 return &pw;
147 }
148
149 /**********************************************************************
150 Convert a struct passwd* to a string formatted for /etc/passwd
151 **********************************************************************/
152
153 static char* passwd2string( const WINBINDD_PW *pw )
154 {
155 static pstring string;
156 int ret;
157
158 if ( !pw || !pw->pw_name )
159 return NULL;
160
161 DEBUG(10,("passwd2string: converting passwd struct for %s\n",
162 pw->pw_name));
163
164 ret = pstr_sprintf( string, "%s:%s:%lu:%lu:%s:%s:%s",
165 pw->pw_name,
166 pw->pw_passwd ? pw->pw_passwd : "x",
167 (unsigned long)pw->pw_uid,
168 (unsigned long)pw->pw_gid,
169 pw->pw_gecos,
170 pw->pw_dir,
171 pw->pw_shell );
172
173 if ( ret < 0 ) {
174 DEBUG(0,("passwd2string: pstr_sprintf() failed!\n"));
175 return NULL;
176 }
177
178 return string;
179 }
180
181 /**********************************************************************
182 Convert a string in /etc/group format to a struct group* entry
183 **********************************************************************/
184
185 static WINBINDD_GR* string2group( char *string )
186 {
187 static WINBINDD_GR grp;
188 char *p, *str;
189 char *fields[NUM_GRP_FIELDS];
190 int i;
191 char **gr_members = NULL;
192 int num_gr_members = 0;
193
194 if ( !string )
195 return NULL;
196
197 ZERO_STRUCTP( &grp );
198
199 DEBUG(10,("string2group: converting \"%s\"\n", string));
200
201 ZERO_STRUCT( fields );
202
203 for ( i=0, str=string; i<NUM_GRP_FIELDS-1; i++ ) {
204 if ( !(p = strchr( str, ':' )) ) {
205 DEBUG(0,("string2group: parsing failure\n"));
206 return NULL;
207 }
208 *p = '\0';
209 if ( str )
210 fields[i] = str;
211 str = p + 1;
212 }
213
214 /* group members */
215
216 if ( *str ) {
217 /* we already know we have a non-empty string */
218
219 num_gr_members = count_chars(str, ',') + 1;
220
221 /* if there was at least one comma, then there
222 are n+1 members */
223 if ( num_gr_members ) {
224 fstring buffer;
225
226 gr_members = (char**)smb_xmalloc(sizeof(char*)*num_gr_members+1);
227
228 i = 0;
229 while ( next_token(&str, buffer, ",", sizeof(buffer)) && i<num_gr_members ) {
230 gr_members[i++] = smb_xstrdup(buffer);
231 }
232
233 gr_members[i] = NULL;
234 }
235 }
236
237
238 /* copy fields */
239
240 fstrcpy( grp.gr_name, fields[0] );
241 fstrcpy( grp.gr_passwd, fields[1] );
242 grp.gr_gid = atoi( fields[2] );
243
244 grp.num_gr_mem = num_gr_members;
245 grp.gr_mem = gr_members;
246
247 /* last minute sanity checks */
248
249 if ( grp.gr_gid == 0 ) {
250 DEBUG(0,("string2group: Failure! gid==%lu\n", (unsigned long)grp.gr_gid));
251 SAFE_FREE( gr_members );
252 return NULL;
253 }
254
255 DEBUG(10,("string2group: Success\n"));
256
257 return &grp;
258 }
259
260 /**********************************************************************
261 Convert a struct group* to a string formatted for /etc/group
262 **********************************************************************/
263
264 static char* group2string( const WINBINDD_GR *grp )
265 {
266 static pstring string;
267 int ret;
268 char *member, *gr_mem_str;
269 int num_members;
270 int i, size;
271
272 if ( !grp || !grp->gr_name )
273 return NULL;
274
275 DEBUG(10,("group2string: converting passwd struct for %s\n",
276 grp->gr_name));
277
278 if ( grp->num_gr_mem ) {
279 int idx = 0;
280
281 member = grp->gr_mem[0];
282 size = 0;
283 num_members = 0;
284
285 while ( member ) {
286 size += strlen(member) + 1;
287 num_members++;
288 member = grp->gr_mem[num_members];
289 }
290
291 gr_mem_str = smb_xmalloc(size);
292
293 for ( i=0; i<num_members; i++ ) {
294 snprintf( &gr_mem_str[idx], size-idx, "%s,", grp->gr_mem[i] );
295 idx += strlen(grp->gr_mem[i]) + 1;
296 }
297 /* add trailing NULL (also removes trailing ',' */
298 gr_mem_str[size-1] = '\0';
299 }
300 else {
301 /* no members */
302 gr_mem_str = smb_xmalloc(sizeof(fstring));
303 fstrcpy( gr_mem_str, "" );
304 }
305
306 ret = pstr_sprintf( string, "%s:%s:%lu:%s",
307 grp->gr_name,
308 grp->gr_passwd ? grp->gr_passwd : "*",
309 (unsigned long)grp->gr_gid,
310 gr_mem_str );
311
312 SAFE_FREE( gr_mem_str );
313
314 if ( ret < 0 ) {
315 DEBUG(0,("group2string: pstr_sprintf() failed!\n"));
316 return NULL;
317 }
318
319 return string;
320 }
321
322 /**********************************************************************
323 **********************************************************************/
324
325 static char* acct_userkey_byname( const char *name )
326 {
327 static fstring key;
328
329 fstr_sprintf( key, "%s/NAME/%s", WBKEY_PASSWD, name );
330
331 return key;
332 }
333
334 /**********************************************************************
335 **********************************************************************/
336
337 static char* acct_userkey_byuid( uid_t uid )
338 {
339 static fstring key;
340
341 fstr_sprintf( key, "%s/UID/%lu", WBKEY_PASSWD, (unsigned long)uid );
342
343 return key;
344 }
345
346 /**********************************************************************
347 **********************************************************************/
348
349 static char* acct_groupkey_byname( const char *name )
350 {
351 static fstring key;
352
353 fstr_sprintf( key, "%s/NAME/%s", WBKEY_GROUP, name );
354
355 return key;
356 }
357
358 /**********************************************************************
359 **********************************************************************/
360
361 static char* acct_groupkey_bygid( gid_t gid )
362 {
363 static fstring key;
364
365 fstr_sprintf( key, "%s/GID/%lu", WBKEY_GROUP, (unsigned long)gid );
366
367 return key;
368 }
369
370 /**********************************************************************
371 **********************************************************************/
372
373 WINBINDD_PW* wb_getpwnam( const char * name )
374 {
375 char *keystr;
376 TDB_DATA data;
377 static WINBINDD_PW *pw;
378
379 if ( !account_tdb && !winbindd_accountdb_init() ) {
380 DEBUG(0,("wb_getpwnam: Failed to open winbindd account db\n"));
381 return NULL;
382 }
383
384
385 keystr = acct_userkey_byname( name );
386
387 data = tdb_fetch_bystring( account_tdb, keystr );
388
389 pw = NULL;
390
391 if ( data.dptr ) {
392 pw = string2passwd( data.dptr );
393 SAFE_FREE( data.dptr );
394 }
395
396 DEBUG(5,("wb_getpwnam: %s user (%s)\n",
397 (pw ? "Found" : "Did not find"), name ));
398
399 return pw;
400 }
401
402 /**********************************************************************
403 **********************************************************************/
404
405 WINBINDD_PW* wb_getpwuid( const uid_t uid )
406 {
407 char *keystr;
408 TDB_DATA data;
409 static WINBINDD_PW *pw;
410
411 if ( !account_tdb && !winbindd_accountdb_init() ) {
412 DEBUG(0,("wb_getpwuid: Failed to open winbindd account db\n"));
413 return NULL;
414 }
415
416 data = tdb_fetch_bystring( account_tdb, acct_userkey_byuid(uid) );
417 if ( !data.dptr ) {
418 DEBUG(4,("wb_getpwuid: failed to locate uid == %lu\n", (unsigned long)uid));
419 return NULL;
420 }
421 keystr = acct_userkey_byname( data.dptr );
422
423 SAFE_FREE( data.dptr );
424
425 data = tdb_fetch_bystring( account_tdb, keystr );
426
427 pw = NULL;
428
429 if ( data.dptr ) {
430 pw = string2passwd( data.dptr );
431 SAFE_FREE( data.dptr );
432 }
433
434 DEBUG(5,("wb_getpwuid: %s user (uid == %lu)\n",
435 (pw ? "Found" : "Did not find"), (unsigned long)uid ));
436
437 return pw;
438 }
439
440 /**********************************************************************
441 **********************************************************************/
442
443 BOOL wb_storepwnam( const WINBINDD_PW *pw )
444 {
445 char *namekey, *uidkey;
446 TDB_DATA data;
447 char *str;
448 int ret = 0;
449 fstring username;
450
451 if ( !account_tdb && !winbindd_accountdb_init() ) {
452 DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n"));
453 return False;
454 }
455
456 namekey = acct_userkey_byname( pw->pw_name );
457
458 /* lock the main entry first */
459
460 if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
461 DEBUG(0,("wb_storepwnam: Failed to lock %s\n", namekey));
462 return False;
463 }
464
465 str = passwd2string( pw );
466
467 data.dptr = str;
468 data.dsize = strlen(str) + 1;
469
470 if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) {
471 DEBUG(0,("wb_storepwnam: Failed to store \"%s\"\n", str));
472 ret = -1;
473 goto done;
474 }
475
476 /* store the uid index */
477
478 uidkey = acct_userkey_byuid(pw->pw_uid);
479
480 fstrcpy( username, pw->pw_name );
481 data.dptr = username;
482 data.dsize = strlen(username) + 1;
483
484 if ( (tdb_store_bystring(account_tdb, uidkey, data, TDB_REPLACE)) == -1 ) {
485 DEBUG(0,("wb_storepwnam: Failed to store uid key \"%s\"\n", str));
486 tdb_delete_bystring(account_tdb, namekey);
487 ret = -1;
488 goto done;
489 }
490
491 DEBUG(10,("wb_storepwnam: Success -> \"%s\"\n", str));
492
493 done:
494 tdb_unlock_bystring( account_tdb, namekey );
495
496 return ( ret == 0 );
497 }
498
499 /**********************************************************************
500 **********************************************************************/
501
502 WINBINDD_GR* wb_getgrnam( const char * name )
503 {
504 char *keystr;
505 TDB_DATA data;
506 static WINBINDD_GR *grp;
507
508 if ( !account_tdb && !winbindd_accountdb_init() ) {
509 DEBUG(0,("wb_getgrnam: Failed to open winbindd account db\n"));
510 return NULL;
511 }
512
513
514 keystr = acct_groupkey_byname( name );
515
516 data = tdb_fetch_bystring( account_tdb, keystr );
517
518 grp = NULL;
519
520 if ( data.dptr ) {
521 grp = string2group( data.dptr );
522 SAFE_FREE( data.dptr );
523 }
524
525 DEBUG(5,("wb_getgrnam: %s group (%s)\n",
526 (grp ? "Found" : "Did not find"), name ));
527
528 return grp;
529 }
530
531 /**********************************************************************
532 **********************************************************************/
533
534 WINBINDD_GR* wb_getgrgid( gid_t gid )
535 {
536 char *keystr;
537 TDB_DATA data;
538 static WINBINDD_GR *grp;
539
540 if ( !account_tdb && !winbindd_accountdb_init() ) {
541 DEBUG(0,("wb_getgrgid: Failed to open winbindd account db\n"));
542 return NULL;
543 }
544
545 data = tdb_fetch_bystring( account_tdb, acct_groupkey_bygid(gid) );
546 if ( !data.dptr ) {
547 DEBUG(4,("wb_getgrgid: failed to locate gid == %lu\n",
548 (unsigned long)gid));
549 return NULL;
550 }
551 keystr = acct_groupkey_byname( data.dptr );
552
553 SAFE_FREE( data.dptr );
554
555 data = tdb_fetch_bystring( account_tdb, keystr );
556
557 grp = NULL;
558
559 if ( data.dptr ) {
560 grp = string2group( data.dptr );
561 SAFE_FREE( data.dptr );
562 }
563
564 DEBUG(5,("wb_getgrgid: %s group (gid == %lu)\n",
565 (grp ? "Found" : "Did not find"), (unsigned long)gid ));
566
567 return grp;
568 }
569
570 /**********************************************************************
571 **********************************************************************/
572
573 BOOL wb_storegrnam( const WINBINDD_GR *grp )
574 {
575 char *namekey, *gidkey;
576 TDB_DATA data;
577 char *str;
578 int ret = 0;
579 fstring groupname;
580
581 if ( !account_tdb && !winbindd_accountdb_init() ) {
582 DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n"));
583 return False;
584 }
585
586 namekey = acct_groupkey_byname( grp->gr_name );
587
588 /* lock the main entry first */
589
590 if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
591 DEBUG(0,("wb_storegrnam: Failed to lock %s\n", namekey));
592 return False;
593 }
594
595 str = group2string( grp );
596
597 data.dptr = str;
598 data.dsize = strlen(str) + 1;
599
600 if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) {
601 DEBUG(0,("wb_storegrnam: Failed to store \"%s\"\n", str));
602 ret = -1;
603 goto done;
604 }
605
606 /* store the gid index */
607
608 gidkey = acct_groupkey_bygid(grp->gr_gid);
609
610 fstrcpy( groupname, grp->gr_name );
611 data.dptr = groupname;
612 data.dsize = strlen(groupname) + 1;
613
614 if ( (tdb_store_bystring(account_tdb, gidkey, data, TDB_REPLACE)) == -1 ) {
615 DEBUG(0,("wb_storegrnam: Failed to store gid key \"%s\"\n", str));
616 tdb_delete_bystring(account_tdb, namekey);
617 ret = -1;
618 goto done;
619 }
620
621 DEBUG(10,("wb_storegrnam: Success -> \"%s\"\n", str));
622
623 done:
624 tdb_unlock_bystring( account_tdb, namekey );
625
626 return ( ret == 0 );
627 }
628
629 /**********************************************************************
630 **********************************************************************/
631
632 static BOOL wb_addgrpmember( WINBINDD_GR *grp, const char *user )
633 {
634 int i;
635 char **members;
636
637 if ( !grp || !user )
638 return False;
639
640 for ( i=0; i<grp->num_gr_mem; i++ ) {
641 if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 )
642 return True;
643 }
644
645 /* add one new slot and keep an extra for the terminating NULL */
646 members = Realloc( grp->gr_mem, (grp->num_gr_mem+2)*sizeof(char*) );
647 if ( !members )
648 return False;
649
650 grp->gr_mem = members;
651 grp->gr_mem[grp->num_gr_mem++] = smb_xstrdup(user);
652 grp->gr_mem[grp->num_gr_mem] = NULL;
653
654 return True;
655 }
656
657 /**********************************************************************
658 **********************************************************************/
659
660 static BOOL wb_delgrpmember( WINBINDD_GR *grp, const char *user )
661 {
662 int i;
663 BOOL found = False;
664
665 if ( !grp || !user )
666 return False;
667
668 for ( i=0; i<grp->num_gr_mem && !found; i++ ) {
669 if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 )
670 found = True;
671 }
672
673 if ( !found )
674 return False;
675
676 /* still some remaining members */
677
678 if ( grp->num_gr_mem > 1 ) {
679 memmove( grp->gr_mem[i], grp->gr_mem[i+1], sizeof(char*)*(grp->num_gr_mem-(i+1)) );
680 grp->num_gr_mem--;
681 }
682 else { /* last one */
683 free_winbindd_gr( grp );
684 grp->gr_mem = NULL;
685 grp->num_gr_mem = 0;
686 }
687
688 return True;
689 }
690
691 /**********************************************************************
692 **********************************************************************/
693
694 static int cleangroups_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
695 void *state)
696 {
697 int len;
698 fstring key;
699 char *name = (char*)state;
700
701 fstr_sprintf( key, "%s/NAME", WBKEY_GROUP );
702 len = strlen(key);
703
704 /* if this is a group entry then, check the members */
705
706 if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) {
707 WINBINDD_GR *grp;
708
709 if ( !(grp = string2group( dbuf.dptr )) ) {
710 DEBUG(0,("cleangroups_traverse_fn: Failure to parse [%s]\n",
711 dbuf.dptr));
712 return 0;
713 }
714
715 /* just try to delete the user and rely on wb_delgrpmember()
716 to tell you whether or not the group changed. This is more
717 effecient than testing group membership first since the
718 checks for deleting a user from a group is essentially the
719 same as checking if he/she is a member */
720
721 if ( wb_delgrpmember( grp, name ) ) {
722 DEBUG(10,("cleanupgroups_traverse_fn: Removed user (%s) from group (%s)\n",
723 name, grp->gr_name));
724 wb_storegrnam( grp );
725 }
726
727 free_winbindd_gr( grp );
728 }
729
730 return 0;
731 }
732
733 /**********************************************************************
734 **********************************************************************/
735
736 static BOOL wb_delete_user( WINBINDD_PW *pw)
737 {
738 char *namekey;
739 char *uidkey;
740
741 if ( !account_tdb && !winbindd_accountdb_init() ) {
742 DEBUG(0,("wb_delete_user: Failed to open winbindd account db\n"));
743 return False;
744 }
745
746 namekey = acct_userkey_byname( pw->pw_name );
747
748 /* lock the main entry first */
749
750 if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
751 DEBUG(0,("wb_delete_user: Failed to lock %s\n", namekey));
752 return False;
753 }
754
755 /* remove user from all groups */
756
757 tdb_traverse(account_tdb, cleangroups_traverse_fn, (void *)pw->pw_name);
758
759 /* remove the user */
760 uidkey = acct_userkey_byuid( pw->pw_uid );
761
762 tdb_delete_bystring( account_tdb, namekey );
763 tdb_delete_bystring( account_tdb, uidkey );
764
765 tdb_unlock_bystring( account_tdb, namekey );
766
767 return True;
768 }
769
770 /**********************************************************************
771 **********************************************************************/
772
773 static int isprimarygroup_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
774 TDB_DATA dbuf, void *params)
775 {
776 int len;
777 fstring key;
778 struct _check_primary_grp *check = (struct _check_primary_grp*)params;
779
780 fstr_sprintf( key, "%s/NAME", WBKEY_PASSWD );
781 len = strlen(key);
782
783 /* if this is a group entry then, check the members */
784
785 if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) {
786 WINBINDD_PW *pw;;
787
788 if ( !(pw = string2passwd( dbuf.dptr )) ) {
789 DEBUG(0,("isprimarygroup_traverse_fn: Failure to parse [%s]\n",
790 dbuf.dptr));
791 return 0;
792 }
793
794 if ( check->gid == pw->pw_gid ) {
795 check->found = True;
796 return 1;
797 }
798 }
799
800 return 0;
801 }
802
803
804 /**********************************************************************
805 **********************************************************************/
806
807 static BOOL wb_delete_group( WINBINDD_GR *grp )
808 {
809 struct _check_primary_grp check;
810 char *namekey;
811 char *gidkey;
812
813 if ( !account_tdb && !winbindd_accountdb_init() ) {
814 DEBUG(0,("wb_delete_group: Failed to open winbindd account db\n"));
815 return False;
816 }
817
818 /* lock the main entry first */
819
820 namekey = acct_groupkey_byname( grp->gr_name );
821 if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
822 DEBUG(0,("wb_delete_group: Failed to lock %s\n", namekey));
823 return False;
824 }
825
826 /* is this group the primary group for any user? If
827 so deny delete */
828
829 check.found = False;
830 tdb_traverse(account_tdb, isprimarygroup_traverse_fn, (void *)&check);
831
832 if ( check.found ) {
833 DEBUG(4,("wb_delete_group: Cannot delete group (%s) since it "
834 "is the primary group for some users\n", grp->gr_name));
835 return False;
836 }
837
838 /* We're clear. Delete the group */
839
840 DEBUG(5,("wb_delete_group: Removing group (%s)\n", grp->gr_name));
841
842 gidkey = acct_groupkey_bygid( grp->gr_gid );
843
844 tdb_delete_bystring( account_tdb, namekey );
845 tdb_delete_bystring( account_tdb, gidkey );
846
847 tdb_unlock_bystring( account_tdb, namekey );
848
849 return True;
850 }
851
852 /**********************************************************************
853 Create a new "UNIX" user for the system given a username
854 **********************************************************************/
855
856 enum winbindd_result winbindd_create_user(struct winbindd_cli_state *state)
857 {
858 char *user, *group;
859 unid_t id;
860 WINBINDD_PW pw;
861 WINBINDD_GR *wb_grp;
862 struct group *unix_grp;
863 gid_t primary_gid;
864 uint32 flags = state->request.flags;
865 uint32 rid;
866
867 if ( !state->privileged ) {
868 DEBUG(2, ("winbindd_create_user: non-privileged access denied!\n"));
869 return WINBINDD_ERROR;
870 }
871
872 /* Ensure null termination */
873 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
874 state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
875
876 user = state->request.data.acct_mgt.username;
877 group = state->request.data.acct_mgt.groupname;
878
879 DEBUG(3, ("[%5lu]: create_user: user=>(%s), group=>(%s)\n",
880 (unsigned long)state->pid, user, group));
881
882 if ( !*group )
883 group = lp_template_primary_group();
884
885 /* validate the primary group
886 1) lookup in local tdb first
887 2) call getgrnam() as a last resort */
888
889 if ( (wb_grp=wb_getgrnam(group)) != NULL ) {
890 primary_gid = wb_grp->gr_gid;
891 free_winbindd_gr( wb_grp );
892 }
893 else if ( (unix_grp=sys_getgrnam(group)) != NULL ) {
894 primary_gid = unix_grp->gr_gid;
895 }
896 else {
897 DEBUG(2,("winbindd_create_user: Cannot validate gid for group (%s)\n", group));
898 return WINBINDD_ERROR;
899 }
900
901 /* get a new uid */
902
903 if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_USERID)) ) {
904 DEBUG(0,("winbindd_create_user: idmap_allocate_id() failed!\n"));
905 return WINBINDD_ERROR;
906 }
907
908 /* The substitution of %U and %D in the 'template homedir' is done
909 by lp_string() calling standard_sub_basic(). */
910
911 fstrcpy( current_user_info.smb_name, user );
912 sub_set_smb_name( user );
913 fstrcpy( current_user_info.domain, get_global_sam_name() );
914
915 /* fill in the passwd struct */
916
917 fstrcpy( pw.pw_name, user );
918 fstrcpy( pw.pw_passwd, "x" );
919 fstrcpy( pw.pw_gecos, user);
920 fstrcpy( pw.pw_dir, lp_template_homedir() );
921 fstrcpy( pw.pw_shell, lp_template_shell() );
922
923 pw.pw_uid = id.uid;
924 pw.pw_gid = primary_gid;
925
926 /* store the new entry */
927
928 if ( !wb_storepwnam(&pw) )
929 return WINBINDD_ERROR;
930
931 /* do we need a new RID? */
932
933 if ( flags & WBFLAG_ALLOCATE_RID ) {
934 if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, USER_RID_TYPE)) ) {
935 DEBUG(0,("winbindd_create_user: RID allocation failure! Cannot create user (%s)\n",
936 user));
937 wb_delete_user( &pw );
938
939 return WINBINDD_ERROR;
940 }
941
942 state->response.data.rid = rid;
943 }
944
945 return WINBINDD_OK;
946 }
947
948 /**********************************************************************
949 Create a new "UNIX" group for the system given a username
950 **********************************************************************/
951
952 enum winbindd_result winbindd_create_group(struct winbindd_cli_state *state)
953 {
954 char *group;
955 unid_t id;
956 WINBINDD_GR grp;
957 uint32 flags = state->request.flags;
958 uint32 rid;
959
960 if ( !state->privileged ) {
961 DEBUG(2, ("winbindd_create_group: non-privileged access denied!\n"));
962 return WINBINDD_ERROR;
963 }
964
965 /* Ensure null termination */
966 state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
967 group = state->request.data.acct_mgt.groupname;
968
969 DEBUG(3, ("[%5lu]: create_group: (%s)\n", (unsigned long)state->pid, group));
970
971 /* get a new uid */
972
973 if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_GROUPID)) ) {
974 DEBUG(0,("winbindd_create_group: idmap_allocate_id() failed!\n"));
975 return WINBINDD_ERROR;
976 }
977
978 /* fill in the group struct */
979
980 fstrcpy( grp.gr_name, group );
981 fstrcpy( grp.gr_passwd, "*" );
982
983 grp.gr_gid = id.gid;
984 grp.gr_mem = NULL; /* start with no members */
985 grp.num_gr_mem = 0;
986
987 if ( !wb_storegrnam(&grp) )
988 return WINBINDD_ERROR;
989
990 /* do we need a new RID? */
991
992 if ( flags & WBFLAG_ALLOCATE_RID ) {
993 if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, GROUP_RID_TYPE)) ) {
994 DEBUG(0,("winbindd_create_group: RID allocation failure! Cannot create group (%s)\n",
995 group));
996 wb_delete_group( &grp );
997
998 return WINBINDD_ERROR;
999 }
1000
1001 state->response.data.rid = rid;
1002 }
1003
1004 return WINBINDD_OK;
1005 }
1006
1007 /**********************************************************************
1008 Add a user to the membership for a group.
1009 **********************************************************************/
1010
1011 enum winbindd_result winbindd_add_user_to_group(struct winbindd_cli_state *state)
1012 {
1013 WINBINDD_PW *pw;
1014 WINBINDD_GR *grp;
1015 char *user, *group;
1016 BOOL ret;
1017
1018 if ( !state->privileged ) {
1019 DEBUG(2, ("winbindd_add_user_to_group: non-privileged access denied!\n"));
1020 return WINBINDD_ERROR;
1021 }
1022
1023 /* Ensure null termination */
1024 state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
1025 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
1026 group = state->request.data.acct_mgt.groupname;
1027 user = state->request.data.acct_mgt.username;
1028
1029 DEBUG(3, ("[%5lu]: add_user_to_group: add %s to %s\n", (unsigned long)state->pid,
1030 user, group));
1031
1032 /* make sure it is a valid user */
1033
1034 if ( !(pw = wb_getpwnam( user )) ) {
1035 DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n"));
1036 return WINBINDD_ERROR;
1037 }
1038
1039 /* make sure it is a valid group */
1040
1041 if ( !(grp = wb_getgrnam( group )) ) {
1042 DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n"));
1043 return WINBINDD_ERROR;
1044 }
1045
1046 if ( !wb_addgrpmember( grp, user ) )
1047 return WINBINDD_ERROR;
1048
1049 ret = wb_storegrnam(grp);
1050
1051 free_winbindd_gr( grp );
1052
1053 return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
1054 }
1055
1056 /**********************************************************************
1057 Remove a user from the membership of a group
1058 **********************************************************************/
1059
1060 enum winbindd_result winbindd_remove_user_from_group(struct winbindd_cli_state *state)
1061 {
1062 WINBINDD_GR *grp;
1063 char *user, *group;
1064 BOOL ret;
1065
1066 if ( !state->privileged ) {
1067 DEBUG(2, ("winbindd_remove_user_from_group: non-privileged access denied!\n"));
1068 return WINBINDD_ERROR;
1069 }
1070
1071 /* Ensure null termination */
1072 state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
1073 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
1074 group = state->request.data.acct_mgt.groupname;
1075 user = state->request.data.acct_mgt.username;
1076
1077 DEBUG(3, ("[%5lu]: remove_user_to_group: delete %s from %s\n", (unsigned long)state->pid,
1078 user, group));
1079
1080 /* don't worry about checking the username since we're removing it anyways */
1081
1082 /* make sure it is a valid group */
1083
1084 if ( !(grp = wb_getgrnam( group )) ) {
1085 DEBUG(4,("winbindd_remove_user_to_group: Cannot remove a user to a non-extistent group\n"));
1086 return WINBINDD_ERROR;
1087 }
1088
1089 if ( !wb_delgrpmember( grp, user ) )
1090 return WINBINDD_ERROR;
1091
1092 ret = wb_storegrnam(grp);
1093
1094 free_winbindd_gr( grp );
1095
1096 return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
1097 }
1098
1099 /**********************************************************************
1100 Set the primary group membership of a user
1101 **********************************************************************/
1102
1103 enum winbindd_result winbindd_set_user_primary_group(struct winbindd_cli_state *state)
1104 {
1105 WINBINDD_PW *pw;
1106 WINBINDD_GR *grp;
1107 char *user, *group;
1108
1109 if ( !state->privileged ) {
1110 DEBUG(2, ("winbindd_set_user_primary_group: non-privileged access denied!\n"));
1111 return WINBINDD_ERROR;
1112 }
1113
1114 /* Ensure null termination */
1115 state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
1116 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
1117 group = state->request.data.acct_mgt.groupname;
1118 user = state->request.data.acct_mgt.username;
1119
1120 DEBUG(3, ("[%5lu]: set_user_primary_group: group %s for user %s\n",
1121 (unsigned long)state->pid, group, user));
1122
1123 /* make sure it is a valid user */
1124
1125 if ( !(pw = wb_getpwnam( user )) ) {
1126 DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n"));
1127 return WINBINDD_ERROR;
1128 }
1129
1130 /* make sure it is a valid group */
1131
1132 if ( !(grp = wb_getgrnam( group )) ) {
1133 DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n"));
1134 return WINBINDD_ERROR;
1135 }
1136
1137 pw->pw_gid = grp->gr_gid;
1138
1139 free_winbindd_gr( grp );
1140
1141 return ( wb_storepwnam(pw) ? WINBINDD_OK : WINBINDD_ERROR );
1142 }
1143
1144 /**********************************************************************
1145 Delete a user from the winbindd account tdb.
1146 **********************************************************************/
1147
1148 enum winbindd_result winbindd_delete_user(struct winbindd_cli_state *state)
1149 {
1150 WINBINDD_PW *pw;
1151 char *user;
1152
1153 if ( !state->privileged ) {
1154 DEBUG(2, ("winbindd_delete_user: non-privileged access denied!\n"));
1155 return WINBINDD_ERROR;
1156 }
1157
1158 /* Ensure null termination */
1159 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
1160 user = state->request.data.acct_mgt.username;
1161
1162 DEBUG(3, ("[%5lu]: delete_user: %s\n", (unsigned long)state->pid, user));
1163
1164 /* make sure it is a valid user */
1165
1166 if ( !(pw = wb_getpwnam( user )) ) {
1167 DEBUG(4,("winbindd_delete_user: Cannot delete a non-existent user\n"));
1168 return WINBINDD_ERROR;
1169 }
1170
1171 return ( wb_delete_user(pw) ? WINBINDD_OK : WINBINDD_ERROR );
1172 }
1173
1174 /**********************************************************************
1175 Delete a group from winbindd's account tdb.
1176 **********************************************************************/
1177
1178 enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state)
1179 {
1180 WINBINDD_GR *grp;
1181 char *group;
1182 BOOL ret;
1183
1184 if ( !state->privileged ) {
1185 DEBUG(2, ("winbindd_delete_group: non-privileged access denied!\n"));
1186 return WINBINDD_ERROR;
1187 }
1188
1189 /* Ensure null termination */
1190 state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
1191 group = state->request.data.acct_mgt.groupname;
1192
1193 DEBUG(3, ("[%5lu]: delete_group: %s\n", (unsigned long)state->pid, group));
1194
1195 /* make sure it is a valid group */
1196
1197 if ( !(grp = wb_getgrnam( group )) ) {
1198 DEBUG(4,("winbindd_delete_group: Cannot delete a non-existent group\n"));
1199 return WINBINDD_ERROR;
1200 }
1201
1202 ret = wb_delete_group(grp);
1203
1204 free_winbindd_gr( grp );
1205
1206 return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
1207 }
1208
1209
1210