s4-lsarpc: Restrict LookupSids3 to crypto connections only.
[Samba/gebeck_regimport.git] / source3 / lib / winbind_util.c
blobb458ebe8472465181cdfb15c423c71aebd6537eb
1 /*
2 Unix SMB/CIFS implementation.
3 Winbind Utility functions
5 Copyright (C) Gerald (Jerry) Carter 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "../libcli/security/security.h"
23 #include "../lib/util/util_pw.h"
24 #include "nsswitch/libwbclient/wbclient.h"
26 #if defined(WITH_WINBIND)
28 #include "lib/winbind_util.h"
30 struct passwd * winbind_getpwnam(const char * name)
32 wbcErr result;
33 struct passwd * tmp_pwd = NULL;
34 struct passwd * pwd = NULL;
36 result = wbcGetpwnam(name, &tmp_pwd);
37 if (result != WBC_ERR_SUCCESS)
38 return pwd;
40 pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
42 wbcFreeMemory(tmp_pwd);
44 return pwd;
47 struct passwd * winbind_getpwsid(const struct dom_sid *sid)
49 wbcErr result;
50 struct passwd * tmp_pwd = NULL;
51 struct passwd * pwd = NULL;
52 struct wbcDomainSid dom_sid;
54 memcpy(&dom_sid, sid, sizeof(dom_sid));
56 result = wbcGetpwsid(&dom_sid, &tmp_pwd);
57 if (result != WBC_ERR_SUCCESS)
58 return pwd;
60 pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
62 wbcFreeMemory(tmp_pwd);
64 return pwd;
67 /* Call winbindd to convert a name to a sid */
69 bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
70 enum lsa_SidType *name_type)
72 struct wbcDomainSid dom_sid;
73 wbcErr result;
74 enum wbcSidType type;
76 result = wbcLookupName(dom_name, name, &dom_sid, &type);
77 if (result != WBC_ERR_SUCCESS)
78 return false;
80 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
81 *name_type = (enum lsa_SidType)type;
83 return true;
86 /* Call winbindd to convert sid to name */
88 bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
89 const char **domain, const char **name,
90 enum lsa_SidType *name_type)
92 struct wbcDomainSid dom_sid;
93 wbcErr result;
94 enum wbcSidType type;
95 char *domain_name = NULL;
96 char *account_name = NULL;
98 memcpy(&dom_sid, sid, sizeof(dom_sid));
100 result = wbcLookupSid(&dom_sid, &domain_name, &account_name, &type);
101 if (result != WBC_ERR_SUCCESS)
102 return false;
104 /* Copy out result */
106 if (domain) {
107 *domain = talloc_strdup(mem_ctx, domain_name);
109 if (name) {
110 *name = talloc_strdup(mem_ctx, account_name);
112 *name_type = (enum lsa_SidType)type;
114 DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
115 sid_string_dbg(sid), domain_name, account_name));
117 wbcFreeMemory(domain_name);
118 wbcFreeMemory(account_name);
120 if ((domain && !*domain) || (name && !*name)) {
121 DEBUG(0,("winbind_lookup_sid: talloc() failed!\n"));
122 return false;
126 return true;
129 /* Ping winbindd to see it is alive */
131 bool winbind_ping(void)
133 wbcErr result = wbcPing();
135 return (result == WBC_ERR_SUCCESS);
138 /* Call winbindd to convert SID to uid */
140 bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
142 struct wbcDomainSid dom_sid;
143 wbcErr result;
145 memcpy(&dom_sid, sid, sizeof(dom_sid));
147 result = wbcSidToUid(&dom_sid, puid);
149 return (result == WBC_ERR_SUCCESS);
152 /* Call winbindd to convert uid to sid */
154 bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid)
156 struct wbcDomainSid dom_sid;
157 wbcErr result;
159 result = wbcUidToSid(uid, &dom_sid);
160 if (result == WBC_ERR_SUCCESS) {
161 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
162 } else {
163 sid_copy(sid, &global_sid_NULL);
166 return (result == WBC_ERR_SUCCESS);
169 /* Call winbindd to convert SID to gid */
171 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
173 struct wbcDomainSid dom_sid;
174 wbcErr result;
176 memcpy(&dom_sid, sid, sizeof(dom_sid));
178 result = wbcSidToGid(&dom_sid, pgid);
180 return (result == WBC_ERR_SUCCESS);
183 /* Call winbindd to convert gid to sid */
185 bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
187 struct wbcDomainSid dom_sid;
188 wbcErr result;
190 result = wbcGidToSid(gid, &dom_sid);
191 if (result == WBC_ERR_SUCCESS) {
192 memcpy(sid, &dom_sid, sizeof(struct dom_sid));
193 } else {
194 sid_copy(sid, &global_sid_NULL);
197 return (result == WBC_ERR_SUCCESS);
200 /* Check for a trusted domain */
202 wbcErr wb_is_trusted_domain(const char *domain)
204 wbcErr result;
205 struct wbcDomainInfo *info = NULL;
207 result = wbcDomainInfo(domain, &info);
209 if (WBC_ERROR_IS_OK(result)) {
210 wbcFreeMemory(info);
213 return result;
216 /* Lookup a set of rids in a given domain */
218 bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
219 const struct dom_sid *domain_sid,
220 int num_rids, uint32 *rids,
221 const char **domain_name,
222 const char ***names, enum lsa_SidType **types)
224 const char *dom_name = NULL;
225 const char **namelist = NULL;
226 enum wbcSidType *name_types = NULL;
227 struct wbcDomainSid dom_sid;
228 wbcErr ret;
229 int i;
231 memcpy(&dom_sid, domain_sid, sizeof(struct wbcDomainSid));
233 ret = wbcLookupRids(&dom_sid, num_rids, rids,
234 &dom_name, &namelist, &name_types);
235 if (ret != WBC_ERR_SUCCESS) {
236 return false;
239 *domain_name = talloc_strdup(mem_ctx, dom_name);
240 *names = talloc_array(mem_ctx, const char*, num_rids);
241 *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
243 for(i=0; i<num_rids; i++) {
244 (*names)[i] = talloc_strdup(*names, namelist[i]);
245 (*types)[i] = (enum lsa_SidType)name_types[i];
248 wbcFreeMemory(discard_const_p(char, dom_name));
249 wbcFreeMemory(namelist);
250 wbcFreeMemory(name_types);
252 return true;
255 /* Ask Winbind to allocate a new uid for us */
257 bool winbind_allocate_uid(uid_t *uid)
259 wbcErr ret;
261 ret = wbcAllocateUid(uid);
263 return (ret == WBC_ERR_SUCCESS);
266 /* Ask Winbind to allocate a new gid for us */
268 bool winbind_allocate_gid(gid_t *gid)
270 wbcErr ret;
272 ret = wbcAllocateGid(gid);
274 return (ret == WBC_ERR_SUCCESS);
277 bool winbind_get_groups(TALLOC_CTX * mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups)
279 wbcErr ret;
280 uint32_t ngroups;
281 gid_t *group_list = NULL;
283 ret = wbcGetGroups(account, &ngroups, &group_list);
284 if (ret != WBC_ERR_SUCCESS)
285 return false;
287 *_groups = talloc_array(mem_ctx, gid_t, ngroups);
288 if (*_groups == NULL) {
289 wbcFreeMemory(group_list);
290 return false;
293 memcpy(*_groups, group_list, ngroups* sizeof(gid_t));
294 *num_groups = ngroups;
296 wbcFreeMemory(group_list);
297 return true;
300 bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
301 const struct dom_sid *dom_sid,
302 const struct dom_sid *members,
303 size_t num_members,
304 uint32_t **pp_alias_rids,
305 size_t *p_num_alias_rids)
307 wbcErr ret;
308 struct wbcDomainSid domain_sid;
309 struct wbcDomainSid *sid_list = NULL;
310 size_t i;
311 uint32_t * rids;
312 uint32_t num_rids;
314 memcpy(&domain_sid, dom_sid, sizeof(*dom_sid));
316 sid_list = talloc_array(mem_ctx, struct wbcDomainSid, num_members);
318 for (i=0; i < num_members; i++) {
319 memcpy(&sid_list[i], &members[i], sizeof(sid_list[i]));
322 ret = wbcGetSidAliases(&domain_sid,
323 sid_list,
324 num_members,
325 &rids,
326 &num_rids);
327 if (ret != WBC_ERR_SUCCESS) {
328 return false;
331 *pp_alias_rids = talloc_array(mem_ctx, uint32_t, num_rids);
332 if (*pp_alias_rids == NULL) {
333 wbcFreeMemory(rids);
334 return false;
337 memcpy(*pp_alias_rids, rids, sizeof(uint32_t) * num_rids);
339 *p_num_alias_rids = num_rids;
340 wbcFreeMemory(rids);
342 return true;
345 #else /* WITH_WINBIND */
347 struct passwd * winbind_getpwnam(const char * name)
349 return NULL;
352 struct passwd * winbind_getpwsid(const struct dom_sid *sid)
354 return NULL;
357 bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
358 enum lsa_SidType *name_type)
360 return false;
363 /* Call winbindd to convert sid to name */
365 bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
366 const char **domain, const char **name,
367 enum lsa_SidType *name_type)
369 return false;
372 /* Ping winbindd to see it is alive */
374 bool winbind_ping(void)
376 return false;
379 /* Call winbindd to convert SID to uid */
381 bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
383 return false;
386 /* Call winbindd to convert uid to sid */
388 bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid)
390 return false;
393 /* Call winbindd to convert SID to gid */
395 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
397 return false;
400 /* Call winbindd to convert gid to sid */
402 bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
404 return false;
407 /* Check for a trusted domain */
409 wbcErr wb_is_trusted_domain(const char *domain)
411 return WBC_ERR_UNKNOWN_FAILURE;
414 /* Lookup a set of rids in a given domain */
416 bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
417 const struct dom_sid *domain_sid,
418 int num_rids, uint32 *rids,
419 const char **domain_name,
420 const char ***names, enum lsa_SidType **types)
422 return false;
425 /* Ask Winbind to allocate a new uid for us */
427 bool winbind_allocate_uid(uid_t *uid)
429 return false;
432 /* Ask Winbind to allocate a new gid for us */
434 bool winbind_allocate_gid(gid_t *gid)
436 return false;
439 bool winbind_get_groups(TALLOC_CTX *mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups)
441 return false;
444 bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
445 const struct dom_sid *dom_sid,
446 const struct dom_sid *members,
447 size_t num_members,
448 uint32_t **pp_alias_rids,
449 size_t *p_num_alias_rids)
451 return false;
454 #endif /* WITH_WINBIND */