search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync'ing up for 3.0alpha20 release
[Samba/gbeck.git] / source3 / nsswitch / winbindd_util.c
blob2016c27881ddf369a229c0fd5ff8915ad23548e0
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind daemon for ntdom nss module
5
6 Copyright (C) Tim Potter 2000-2001
7 Copyright (C) 2001 by Martin Pool <mbp@samba.org>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "winbindd.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_WINBIND
28
29 /**
30 * @file winbindd_util.c
31 *
32 * Winbind daemon for NT domain authentication nss module.
33 **/
34
35
36 /**
37 * Used to clobber name fields that have an undefined value.
38 *
39 * Correct code should never look at a field that has this value.
40 **/
41
42 static const fstring name_deadbeef = "<deadbeef>";
43
44 /* The list of trusted domains. Note that the list can be deleted and
45 recreated using the init_domain_list() function so pointers to
46 individual winbindd_domain structures cannot be made. Keep a copy of
47 the domain name instead. */
48
49 static struct winbindd_domain *_domain_list;
50
51 struct winbindd_domain *domain_list(void)
52 {
53 /* Initialise list */
54
55 if (!_domain_list)
56 init_domain_list();
57
58 return _domain_list;
59 }
60
61 /* Free all entries in the trusted domain list */
62
63 void free_domain_list(void)
64 {
65 struct winbindd_domain *domain = _domain_list;
66
67 while(domain) {
68 struct winbindd_domain *next = domain->next;
69
70 DLIST_REMOVE(_domain_list, domain);
71 SAFE_FREE(domain);
72 domain = next;
73 }
74 }
75
76 /* Add a trusted domain to our list of domains */
77 static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
78 struct winbindd_methods *methods,
79 DOM_SID *sid)
80 {
81 struct winbindd_domain *domain;
82
83 /* We can't call domain_list() as this function is called from
84 init_domain_list() and we'll get stuck in a loop. */
85 for (domain = _domain_list; domain; domain = domain->next) {
86 if (strcasecmp(domain_name, domain->name) == 0 ||
87 strcasecmp(domain_name, domain->alt_name) == 0) {
88 return domain;
89 }
90 if (alt_name && *alt_name) {
91 if (strcasecmp(alt_name, domain->name) == 0 ||
92 strcasecmp(alt_name, domain->alt_name) == 0) {
93 return domain;
94 }
95 }
96 }
97
98 /* Create new domain entry */
99
100 if ((domain = (struct winbindd_domain *)
101 malloc(sizeof(*domain))) == NULL)
102 return NULL;
103
104 /* Fill in fields */
105
106 ZERO_STRUCTP(domain);
107
108 /* prioritise the short name */
109 if (strchr_m(domain_name, '.') && alt_name && *alt_name) {
110 fstrcpy(domain->name, alt_name);
111 fstrcpy(domain->alt_name, domain_name);
112 } else {
113 fstrcpy(domain->name, domain_name);
114 if (alt_name) {
115 fstrcpy(domain->alt_name, alt_name);
116 }
117 }
118
119 domain->methods = methods;
120 domain->sequence_number = DOM_SEQUENCE_NONE;
121 domain->last_seq_check = 0;
122 if (sid) {
123 sid_copy(&domain->sid, sid);
124 }
125
126 /* Link to domain list */
127 DLIST_ADD(_domain_list, domain);
128
129 DEBUG(1,("Added domain %s %s %s\n",
130 domain->name, domain->alt_name,
131 sid?sid_string_static(&domain->sid):""));
132
133 return domain;
134 }
135
136
137 /*
138 rescan our domains looking for new trusted domains
139 */
140 void rescan_trusted_domains(void)
141 {
142 struct winbindd_domain *domain;
143 TALLOC_CTX *mem_ctx;
144 static time_t last_scan;
145 time_t t = time(NULL);
146
147 /* ony rescan every few minutes */
148 if ((unsigned)(t - last_scan) < WINBINDD_RESCAN_FREQ) {
149 return;
150 }
151 last_scan = time(NULL);
152
153 DEBUG(1, ("scanning trusted domain list\n"));
154
155 if (!(mem_ctx = talloc_init_named("init_domain_list")))
156 return;
157
158 for (domain = _domain_list; domain; domain = domain->next) {
159 NTSTATUS result;
160 char **names;
161 char **alt_names;
162 int num_domains = 0;
163 DOM_SID *dom_sids;
164 int i;
165
166 result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains,
167 &names, &alt_names, &dom_sids);
168 if (!NT_STATUS_IS_OK(result)) {
169 continue;
170 }
171
172 /* Add each domain to the trusted domain list. Each domain inherits
173 the access methods of its parent */
174 for(i = 0; i < num_domains; i++) {
175 DEBUG(10,("Found domain %s\n", names[i]));
176 add_trusted_domain(names[i],
177 alt_names?alt_names[i]:NULL,
178 domain->methods, &dom_sids[i]);
179 }
180 }
181
182 talloc_destroy(mem_ctx);
183 }
184
185 /* Look up global info for the winbind daemon */
186 BOOL init_domain_list(void)
187 {
188 NTSTATUS result;
189 extern struct winbindd_methods cache_methods;
190 struct winbindd_domain *domain;
191
192 /* Free existing list */
193 free_domain_list();
194
195 /* Add ourselves as the first entry */
196 domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL);
197
198 /* Now we *must* get the domain sid for our primary domain. Go into
199 a holding pattern until that is available */
200
201 result = cache_methods.domain_sid(domain, &domain->sid);
202 while (!NT_STATUS_IS_OK(result)) {
203 sleep(10);
204 DEBUG(1,("Retrying startup domain sid fetch for %s\n",
205 domain->name));
206 result = cache_methods.domain_sid(domain, &domain->sid);
207 }
208
209 /* get any alternate name for the primary domain */
210 cache_methods.alternate_name(domain);
211
212 /* do an initial scan for trusted domains */
213 rescan_trusted_domains();
214
215 return True;
216 }
217
218 /* Given a domain name, return the struct winbindd domain info for it
219 if it is actually working. */
220
221 struct winbindd_domain *find_domain_from_name(const char *domain_name)
222 {
223 struct winbindd_domain *domain;
224
225 /* Search through list */
226
227 for (domain = domain_list(); domain != NULL; domain = domain->next) {
228 if (strequal(domain_name, domain->name) ||
229 (domain->alt_name[0] && strequal(domain_name, domain->alt_name)))
230 return domain;
231 }
232
233 /* Not found */
234
235 return NULL;
236 }
237
238 /* Given a domain sid, return the struct winbindd domain info for it */
239
240 struct winbindd_domain *find_domain_from_sid(DOM_SID *sid)
241 {
242 struct winbindd_domain *domain;
243
244 /* Search through list */
245
246 for (domain = domain_list(); domain != NULL; domain = domain->next) {
247 if (sid_compare_domain(sid, &domain->sid) == 0)
248 return domain;
249 }
250
251 /* Not found */
252
253 return NULL;
254 }
255
256 /* Lookup a sid in a domain from a name */
257
258 BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
259 const char *name, DOM_SID *sid,
260 enum SID_NAME_USE *type)
261 {
262 NTSTATUS result;
263
264 /* Don't bother with machine accounts */
265
266 if (name[strlen(name) - 1] == '$')
267 return False;
268
269 /* Lookup name */
270 result = domain->methods->name_to_sid(domain, name, sid, type);
271
272 /* Return rid and type if lookup successful */
273 if (!NT_STATUS_IS_OK(result)) {
274 *type = SID_NAME_UNKNOWN;
275 }
276
277 return NT_STATUS_IS_OK(result);
278 }
279
280 /**
281 * @brief Lookup a name in a domain from a sid.
282 *
283 * @param sid Security ID you want to look up.
284 *
285 * @param name On success, set to the name corresponding to @p sid.
286 *
287 * @param dom_name On success, set to the 'domain name' corresponding to @p sid.
288 *
289 * @param type On success, contains the type of name: alias, group or
290 * user.
291 *
292 * @retval True if the name exists, in which case @p name and @p type
293 * are set, otherwise False.
294 **/
295 BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
296 fstring dom_name,
297 fstring name,
298 enum SID_NAME_USE *type)
299 {
300 char *names;
301 NTSTATUS result;
302 TALLOC_CTX *mem_ctx;
303 BOOL rv = False;
304 struct winbindd_domain *domain;
305
306 domain = find_domain_from_sid(sid);
307
308 if (!domain) {
309 DEBUG(1,("Can't find domain from sid\n"));
310 return False;
311 }
312
313 /* Lookup name */
314
315 if (!(mem_ctx = talloc_init_named("winbindd_lookup_name_by_sid")))
316 return False;
317
318 result = domain->methods->sid_to_name(domain, mem_ctx, sid, &names, type);
319
320 /* Return name and type if successful */
321
322 if ((rv = NT_STATUS_IS_OK(result))) {
323 fstrcpy(dom_name, domain->name);
324 fstrcpy(name, names);
325 } else {
326 *type = SID_NAME_UNKNOWN;
327 fstrcpy(name, name_deadbeef);
328 }
329
330 talloc_destroy(mem_ctx);
331
332 return rv;
333 }
334
335
336 /* Free state information held for {set,get,end}{pw,gr}ent() functions */
337
338 void free_getent_state(struct getent_state *state)
339 {
340 struct getent_state *temp;
341
342 /* Iterate over state list */
343
344 temp = state;
345
346 while(temp != NULL) {
347 struct getent_state *next;
348
349 /* Free sam entries then list entry */
350
351 SAFE_FREE(state->sam_entries);
352 DLIST_REMOVE(state, state);
353 next = temp->next;
354
355 SAFE_FREE(temp);
356 temp = next;
357 }
358 }
359
360 /* Initialise trusted domain info */
361
362 BOOL winbindd_param_init(void)
363 {
364 /* Parse winbind uid and winbind_gid parameters */
365
366 if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) {
367 DEBUG(0, ("winbind uid range missing or invalid\n"));
368 return False;
369 }
370
371 if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) {
372 DEBUG(0, ("winbind gid range missing or invalid\n"));
373 return False;
374 }
375
376 return True;
377 }
378
379 /* Check if a domain is present in a comma-separated list of domains */
380
381 BOOL check_domain_env(char *domain_env, char *domain)
382 {
383 fstring name;
384 char *tmp = domain_env;
385
386 while(next_token(&tmp, name, ",", sizeof(fstring))) {
387 if (strequal(name, domain))
388 return True;
389 }
390
391 return False;
392 }
393
394 /* Parse a string of the form DOMAIN/user into a domain and a user */
395 extern fstring global_myworkgroup;
396
397 BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
398 {
399 char *p = strchr(domuser,*lp_winbind_separator());
400
401 if (!(p || lp_winbind_use_default_domain()))
402 return False;
403
404 if(!p && lp_winbind_use_default_domain()) {
405 fstrcpy(user, domuser);
406 fstrcpy(domain, global_myworkgroup);
407 } else {
408 fstrcpy(user, p+1);
409 fstrcpy(domain, domuser);
410 domain[PTR_DIFF(p, domuser)] = 0;
411 }
412 strupper(domain);
413 return True;
414 }
415
416 /*
417 Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and
418 'winbind separator' options.
419 This means:
420 - omit DOMAIN when 'winbind use default domain = true' and DOMAIN is
421 global_myworkgroup
422
423 */
424 void fill_domain_username(fstring name, const char *domain, const char *user)
425 {
426 if(lp_winbind_use_default_domain() &&
427 !strcmp(global_myworkgroup, domain)) {
428 strlcpy(name, user, sizeof(fstring));
429 } else {
430 slprintf(name, sizeof(fstring) - 1, "%s%s%s",
431 domain, lp_winbind_separator(),
432 user);
433 }
434 }
WIP