search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix build. Don't use BSD setenv. Use POSIX putenv.
[Samba/gebeck_regimport.git] / source / rpc_server / srv_util.c
blob519daff1f660bcd5b3158ddaf556d8db6f486f58
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 /* this module apparently provides an implementation of DCE/RPC over a
24 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
25 * documentation are available (in on-line form) from the X-Open group.
26 *
27 * this module should provide a level of abstraction between SMB
28 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
29 * data copies, and network traffic.
30 *
31 * in this version, which takes a "let's learn what's going on and
32 * get something running" approach, there is additional network
33 * traffic generated, but the code should be easier to understand...
34 *
35 * ... if you read the docs. or stare at packets for weeks on end.
36 *
37 */
38
39 #include "includes.h"
40
41 #undef DBGC_CLASS
42 #define DBGC_CLASS DBGC_RPC_SRV
43
44 /*
45 * A list of the rids of well known BUILTIN and Domain users
46 * and groups.
47 */
48
49 rid_name builtin_alias_rids[] =
50 {
51 { BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
52 { BUILTIN_ALIAS_RID_USERS , "Users" },
53 { BUILTIN_ALIAS_RID_GUESTS , "Guests" },
54 { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
55
56 { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
57 { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
58 { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
59 { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
60 { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
61 { 0 , NULL }
62 };
63
64 /* array lookup of well-known Domain RID users. */
65 rid_name domain_user_rids[] =
66 {
67 { DOMAIN_USER_RID_ADMIN , "Administrator" },
68 { DOMAIN_USER_RID_GUEST , "Guest" },
69 { 0 , NULL }
70 };
71
72 /* array lookup of well-known Domain RID groups. */
73 rid_name domain_group_rids[] =
74 {
75 { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
76 { DOMAIN_GROUP_RID_USERS , "Domain Users" },
77 { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
78 { 0 , NULL }
79 };
80
81 /*******************************************************************
82 gets a domain user's groups
83 ********************************************************************/
84 NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
85 {
86 SAM_ACCOUNT *sam_pass=NULL;
87 int i, cur_rid=0;
88 gid_t gid;
89 gid_t *groups = NULL;
90 int num_groups;
91 GROUP_MAP map;
92 DOM_SID tmp_sid;
93 fstring user_name;
94 fstring str_domsid, str_qsid;
95 uint32 rid,grid;
96 uint32 *rids=NULL, *new_rids=NULL;
97 gid_t winbind_gid_low, winbind_gid_high;
98 BOOL ret;
99 BOOL winbind_groups_exist;
100
101 /*
102 * this code is far from perfect.
103 * first it enumerates the full /etc/group and that can be slow.
104 * second, it works only with users' SIDs
105 * whereas the day we support nested groups, it will have to
106 * support both users's SIDs and domain groups' SIDs
107 *
108 * having our own ldap backend would be so much faster !
109 * we're far from that, but hope one day ;-) JFM.
110 */
111
112 *prids=NULL;
113 *numgroups=0;
114
115 winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
116
117
118 DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
119 sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
120
121 pdb_init_sam(&sam_pass);
122 become_root();
123 ret = pdb_getsampwsid(sam_pass, q_sid);
124 unbecome_root();
125 if (ret == False) {
126 pdb_free_sam(&sam_pass);
127 return NT_STATUS_NO_SUCH_USER;
128 }
129
130 fstrcpy(user_name, pdb_get_username(sam_pass));
131 grid=pdb_get_group_rid(sam_pass);
132 gid=pdb_get_gid(sam_pass);
133
134 become_root();
135 /* on some systems this must run as root */
136 num_groups = getgroups_user(user_name, &groups);
137 unbecome_root();
138 if (num_groups == -1) {
139 /* this should never happen */
140 DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
141 pdb_free_sam(&sam_pass);
142 return NT_STATUS_UNSUCCESSFUL;
143 }
144
145 for (i=0;i<num_groups;i++) {
146 if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
147 DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
148 continue;
149 }
150
151 /* if it's not an alias, continue */
152 if (map.sid_name_use!=SID_NAME_ALIAS) {
153 DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
154 continue;
155 }
156
157 sid_copy(&tmp_sid, &map.sid);
158 sid_split_rid(&tmp_sid, &rid);
159
160 /* if the sid is not in the correct domain, continue */
161 if (!sid_equal(&tmp_sid, sid)) {
162 DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
163 continue;
164 }
165
166 /* Don't return winbind groups as they are not local! */
167 if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
168 DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
169 continue;
170 }
171
172 /* Don't return user private groups... */
173 if (Get_Pwnam(map.nt_name) != 0) {
174 DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
175 continue;
176 }
177
178 new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
179 if (new_rids==NULL) {
180 DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
181 pdb_free_sam(&sam_pass);
182 free(groups);
183 return NT_STATUS_NO_MEMORY;
184 }
185 rids=new_rids;
186
187 sid_peek_rid(&map.sid, &(rids[cur_rid]));
188 cur_rid++;
189 break;
190 }
191
192 free(groups);
193
194 /* now check for the user's gid (the primary group rid) */
195 for (i=0; i<cur_rid && grid!=rids[i]; i++)
196 ;
197
198 /* the user's gid is already there */
199 if (i!=cur_rid) {
200 DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
201 goto done;
202 }
203
204 DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
205
206 if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
207 DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
208 goto done;
209 }
210
211 /* the primary group isn't an alias */
212 if (map.sid_name_use!=SID_NAME_ALIAS) {
213 DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
214 goto done;
215 }
216
217 sid_copy(&tmp_sid, &map.sid);
218 sid_split_rid(&tmp_sid, &rid);
219
220 /* if the sid is not in the correct domain, continue */
221 if (!sid_equal(&tmp_sid, sid)) {
222 DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
223 goto done;
224 }
225
226 /* Don't return winbind groups as they are not local! */
227 if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
228 DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
229 goto done;
230 }
231
232 /* Don't return user private groups... */
233 if (Get_Pwnam(map.nt_name) != 0) {
234 DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
235 goto done;
236 }
237
238 new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
239 if (new_rids==NULL) {
240 DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
241 pdb_free_sam(&sam_pass);
242 return NT_STATUS_NO_MEMORY;
243 }
244 rids=new_rids;
245
246 sid_peek_rid(&map.sid, &(rids[cur_rid]));
247 cur_rid++;
248
249 done:
250 *prids=rids;
251 *numgroups=cur_rid;
252 pdb_free_sam(&sam_pass);
253
254 return NT_STATUS_OK;
255 }
256
257
258 /*******************************************************************
259 gets a domain user's groups
260 ********************************************************************/
261 BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
262 {
263 GROUP_MAP *map=NULL;
264 int i, num, num_entries, cur_gid=0;
265 struct group *grp;
266 DOM_GID *gids;
267 fstring user_name;
268 uint32 grid;
269 uint32 tmp_rid;
270
271 *numgroups= 0;
272
273 fstrcpy(user_name, pdb_get_username(sam_pass));
274 grid=pdb_get_group_rid(sam_pass);
275
276 DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
277
278 /* first get the list of the domain groups */
279 if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
280 return False;
281 DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
282
283 /*
284 * alloc memory. In the worse case, we alloc memory for nothing.
285 * but I prefer to alloc for nothing
286 * than reallocing everytime.
287 */
288 gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries);
289
290 /* for each group, check if the user is a member of*/
291 for(i=0; i<num_entries; i++) {
292 if ((grp=getgrgid(map[i].gid)) == NULL) {
293 /* very weird !!! */
294 DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
295 continue;
296 }
297
298 for(num=0; grp->gr_mem[num]!=NULL; num++) {
299 if(strcmp(grp->gr_mem[num], user_name)==0) {
300 /* we found the user, add the group to the list */
301 sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
302 gids[cur_gid].attr=7;
303 DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
304 cur_gid++;
305 break;
306 }
307 }
308 }
309
310 /* we have checked the groups */
311 /* we must now check the gid of the user or the primary group rid, that's the same */
312 for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
313 ;
314
315 /* the user's gid is already there */
316 if (i!=cur_gid) {
317 /*
318 * the primary group of the user but be the first one in the list
319 * don't ask ! JFM.
320 */
321 gids[i].g_rid=gids[0].g_rid;
322 gids[0].g_rid=grid;
323 goto done;
324 }
325
326 for(i=0; i<num_entries; i++) {
327 sid_peek_rid(&map[i].sid, &tmp_rid);
328 if (tmp_rid==grid) {
329 /*
330 * the primary group of the user but be the first one in the list
331 * don't ask ! JFM.
332 */
333 gids[cur_gid].g_rid=gids[0].g_rid;
334 gids[0].g_rid=tmp_rid;
335 gids[cur_gid].attr=7;
336 DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
337 cur_gid++;
338 goto done; /* leave the loop early */
339 }
340 }
341
342 DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
343 DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
344
345 done:
346 *pgids=gids;
347 *numgroups=cur_gid;
348 safe_free(map);
349
350 return True;
351 }
352
353 /*******************************************************************
354 Look up a local (domain) rid and return a name and type.
355 ********************************************************************/
356 NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
357 {
358 int i = 0;
359 (*type) = SID_NAME_DOM_GRP;
360
361 DEBUG(5,("lookup_group_name: rid: %d", rid));
362
363 while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
364 {
365 i++;
366 }
367
368 if (domain_group_rids[i].rid != 0)
369 {
370 fstrcpy(group_name, domain_group_rids[i].name);
371 DEBUG(5,(" = %s\n", group_name));
372 return NT_STATUS_OK;
373 }
374
375 DEBUG(5,(" none mapped\n"));
376 return NT_STATUS_NONE_MAPPED;
377 }
378
379 /*******************************************************************
380 Look up a local alias rid and return a name and type.
381 ********************************************************************/
382 NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
383 {
384 int i = 0;
385 (*type) = SID_NAME_WKN_GRP;
386
387 DEBUG(5,("lookup_alias_name: rid: %d", rid));
388
389 while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
390 {
391 i++;
392 }
393
394 if (builtin_alias_rids[i].rid != 0)
395 {
396 fstrcpy(alias_name, builtin_alias_rids[i].name);
397 DEBUG(5,(" = %s\n", alias_name));
398 return NT_STATUS_OK;
399 }
400
401 DEBUG(5,(" none mapped\n"));
402 return NT_STATUS_NONE_MAPPED;
403 }
404
405
406 #if 0 /*Nobody uses this function just now*/
407 /*******************************************************************
408 Look up a local user rid and return a name and type.
409 ********************************************************************/
410 NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
411 {
412 SAM_ACCOUNT *sampwd=NULL;
413 int i = 0;
414 BOOL ret;
415
416 (*type) = SID_NAME_USER;
417
418 DEBUG(5,("lookup_user_name: rid: %d", rid));
419
420 /* look up the well-known domain user rids first */
421 while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
422 {
423 i++;
424 }
425
426 if (domain_user_rids[i].rid != 0) {
427 fstrcpy(user_name, domain_user_rids[i].name);
428 DEBUG(5,(" = %s\n", user_name));
429 return NT_STATUS_OK;
430 }
431
432 pdb_init_sam(&sampwd);
433
434 /* ok, it's a user. find the user account */
435 become_root();
436 ret = pdb_getsampwrid(sampwd, rid);
437 unbecome_root();
438
439 if (ret == True) {
440 fstrcpy(user_name, pdb_get_username(sampwd) );
441 DEBUG(5,(" = %s\n", user_name));
442 pdb_free_sam(&sampwd);
443 return NT_STATUS_OK;
444 }
445
446 DEBUG(5,(" none mapped\n"));
447 pdb_free_sam(&sampwd);
448 return NT_STATUS_NONE_MAPPED;
449 }
450
451 #endif
452
453 /*******************************************************************
454 Look up a local (domain) group name and return a rid
455 ********************************************************************/
456 NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
457 {
458 char *grp_name;
459 int i = -1; /* start do loop at -1 */
460
461 do /* find, if it exists, a group rid for the group name*/
462 {
463 i++;
464 (*rid) = domain_group_rids[i].rid;
465 grp_name = domain_group_rids[i].name;
466
467 } while (grp_name != NULL && !strequal(grp_name, group_name));
468
469 return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
470 }
471
472 /*******************************************************************
473 Look up a local (BUILTIN) alias name and return a rid
474 ********************************************************************/
475 NTSTATUS local_lookup_alias_rid(char *alias_name, uint32 *rid)
476 {
477 char *als_name;
478 int i = -1; /* start do loop at -1 */
479
480 do /* find, if it exists, a alias rid for the alias name*/
481 {
482 i++;
483 (*rid) = builtin_alias_rids[i].rid;
484 als_name = builtin_alias_rids[i].name;
485
486 } while (als_name != NULL && !strequal(als_name, alias_name));
487
488 return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
489 }
490
491 /*******************************************************************
492 Look up a local user name and return a rid
493 ********************************************************************/
494 NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
495 {
496 SAM_ACCOUNT *sampass=NULL;
497 BOOL ret;
498
499 (*rid) = 0;
500
501 pdb_init_sam(&sampass);
502
503 /* find the user account */
504 become_root();
505 ret = pdb_getsampwnam(sampass, user_name);
506 unbecome_root();
507
508 if (ret == True) {
509 (*rid) = pdb_get_user_rid(sampass);
510 pdb_free_sam(&sampass);
511 return NT_STATUS_OK;
512 }
513
514 pdb_free_sam(&sampass);
515 return NT_STATUS_NONE_MAPPED;
516 }
reg import