search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Commit just a little more infrastructure for HAVE_GETDIRENTRIES
[Samba/gebeck_regimport.git] / source3 / rpc_server / srv_util.c
blob4eba9c7d1f51623f515afa79840ca13f5e59808b
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 /* this module apparently provides an implementation of DCE/RPC over a
24 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
25 * documentation are available (in on-line form) from the X-Open group.
26 *
27 * this module should provide a level of abstraction between SMB
28 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
29 * data copies, and network traffic.
30 *
31 * in this version, which takes a "let's learn what's going on and
32 * get something running" approach, there is additional network
33 * traffic generated, but the code should be easier to understand...
34 *
35 * ... if you read the docs. or stare at packets for weeks on end.
36 *
37 */
38
39 #include "includes.h"
40
41 #undef DBGC_CLASS
42 #define DBGC_CLASS DBGC_RPC_SRV
43
44 /*
45 * A list of the rids of well known BUILTIN and Domain users
46 * and groups.
47 */
48
49 rid_name builtin_alias_rids[] =
50 {
51 { BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
52 { BUILTIN_ALIAS_RID_USERS , "Users" },
53 { BUILTIN_ALIAS_RID_GUESTS , "Guests" },
54 { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
55
56 { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
57 { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
58 { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
59 { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
60 { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
61 { 0 , NULL }
62 };
63
64 /* array lookup of well-known Domain RID users. */
65 rid_name domain_user_rids[] =
66 {
67 { DOMAIN_USER_RID_ADMIN , "Administrator" },
68 { DOMAIN_USER_RID_GUEST , "Guest" },
69 { 0 , NULL }
70 };
71
72 /* array lookup of well-known Domain RID groups. */
73 rid_name domain_group_rids[] =
74 {
75 { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
76 { DOMAIN_GROUP_RID_USERS , "Domain Users" },
77 { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
78 { 0 , NULL }
79 };
80
81 /*******************************************************************
82 gets a domain user's groups
83 ********************************************************************/
84 NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
85 {
86 SAM_ACCOUNT *sam_pass=NULL;
87 int i, cur_rid=0;
88 gid_t gid;
89 gid_t *groups = NULL;
90 int num_groups;
91 GROUP_MAP map;
92 DOM_SID tmp_sid;
93 fstring user_name;
94 fstring str_domsid, str_qsid;
95 uint32 rid,grid;
96 uint32 *rids=NULL, *new_rids=NULL;
97 gid_t winbind_gid_low, winbind_gid_high;
98 BOOL ret;
99 BOOL winbind_groups_exist;
100
101 /*
102 * this code is far from perfect.
103 * first it enumerates the full /etc/group and that can be slow.
104 * second, it works only with users' SIDs
105 * whereas the day we support nested groups, it will have to
106 * support both users's SIDs and domain groups' SIDs
107 *
108 * having our own ldap backend would be so much faster !
109 * we're far from that, but hope one day ;-) JFM.
110 */
111
112 *prids=NULL;
113 *numgroups=0;
114
115 winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
116
117
118 DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
119 sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
120
121 pdb_init_sam(&sam_pass);
122 become_root();
123 ret = pdb_getsampwsid(sam_pass, q_sid);
124 unbecome_root();
125 if (ret == False) {
126 pdb_free_sam(&sam_pass);
127 return NT_STATUS_NO_SUCH_USER;
128 }
129
130 fstrcpy(user_name, pdb_get_username(sam_pass));
131 grid=pdb_get_group_rid(sam_pass);
132 gid=pdb_get_gid(sam_pass);
133
134 become_root();
135 /* on some systems this must run as root */
136 num_groups = getgroups_user(user_name, &groups);
137 unbecome_root();
138 if (num_groups == -1) {
139 /* this should never happen */
140 DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
141 pdb_free_sam(&sam_pass);
142 return NT_STATUS_UNSUCCESSFUL;
143 }
144
145 for (i=0;i<num_groups;i++) {
146 if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
147 DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
148 continue;
149 }
150
151 /* if it's not an alias, continue */
152 if (map.sid_name_use!=SID_NAME_ALIAS) {
153 DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
154 continue;
155 }
156
157 sid_copy(&tmp_sid, &map.sid);
158 sid_split_rid(&tmp_sid, &rid);
159
160 /* if the sid is not in the correct domain, continue */
161 if (!sid_equal(&tmp_sid, sid)) {
162 DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
163 continue;
164 }
165
166 /* Don't return winbind groups as they are not local! */
167 if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
168 DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
169 continue;
170 }
171
172 /* Don't return user private groups... */
173 if (Get_Pwnam(map.nt_name) != 0) {
174 DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
175 continue;
176 }
177
178 new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
179 if (new_rids==NULL) {
180 DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
181 pdb_free_sam(&sam_pass);
182 free(groups);
183 return NT_STATUS_NO_MEMORY;
184 }
185 rids=new_rids;
186
187 sid_peek_rid(&map.sid, &(rids[cur_rid]));
188 cur_rid++;
189 break;
190 }
191
192 free(groups);
193
194 /* now check for the user's gid (the primary group rid) */
195 for (i=0; i<cur_rid && grid!=rids[i]; i++)
196 ;
197
198 /* the user's gid is already there */
199 if (i!=cur_rid) {
200 DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
201 goto done;
202 }
203
204 DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
205
206 if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
207 DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
208 goto done;
209 }
210
211 /* the primary group isn't an alias */
212 if (map.sid_name_use!=SID_NAME_ALIAS) {
213 DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
214 goto done;
215 }
216
217 sid_copy(&tmp_sid, &map.sid);
218 sid_split_rid(&tmp_sid, &rid);
219
220 /* if the sid is not in the correct domain, continue */
221 if (!sid_equal(&tmp_sid, sid)) {
222 DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
223 goto done;
224 }
225
226 /* Don't return winbind groups as they are not local! */
227 if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
228 DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
229 goto done;
230 }
231
232 /* Don't return user private groups... */
233 if (Get_Pwnam(map.nt_name) != 0) {
234 DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
235 goto done;
236 }
237
238 new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
239 if (new_rids==NULL) {
240 DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
241 pdb_free_sam(&sam_pass);
242 return NT_STATUS_NO_MEMORY;
243 }
244 rids=new_rids;
245
246 sid_peek_rid(&map.sid, &(rids[cur_rid]));
247 cur_rid++;
248
249 done:
250 *prids=rids;
251 *numgroups=cur_rid;
252 pdb_free_sam(&sam_pass);
253
254 return NT_STATUS_OK;
255 }
256
257
258 /*******************************************************************
259 gets a domain user's groups
260 ********************************************************************/
261 BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
262 {
263 GROUP_MAP *map=NULL;
264 int i, num, num_entries, cur_gid=0;
265 struct group *grp;
266 DOM_GID *gids;
267 fstring user_name;
268 uint32 grid;
269 uint32 tmp_rid;
270
271 *numgroups= 0;
272
273 fstrcpy(user_name, pdb_get_username(sam_pass));
274 grid=pdb_get_group_rid(sam_pass);
275
276 DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
277
278 /* first get the list of the domain groups */
279 if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
280 return False;
281 DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
282
283 /*
284 * alloc memory. In the worse case, we alloc memory for nothing.
285 * but I prefer to alloc for nothing
286 * than reallocing everytime.
287 */
288 gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries);
289
290 /* for each group, check if the user is a member of*/
291 for(i=0; i<num_entries; i++) {
292 if ((grp=getgrgid(map[i].gid)) == NULL) {
293 /* very weird !!! */
294 DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
295 continue;
296 }
297
298 for(num=0; grp->gr_mem[num]!=NULL; num++) {
299 if(strcmp(grp->gr_mem[num], user_name)==0) {
300 /* we found the user, add the group to the list */
301 sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
302 gids[cur_gid].attr=7;
303 DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
304 cur_gid++;
305 break;
306 }
307 }
308 }
309
310 /* we have checked the groups */
311 /* we must now check the gid of the user or the primary group rid, that's the same */
312 for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
313 ;
314
315 /* the user's gid is already there */
316 if (i!=cur_gid) {
317 /*
318 * the primary group of the user but be the first one in the list
319 * don't ask ! JFM.
320 */
321 gids[i].g_rid=gids[0].g_rid;
322 gids[0].g_rid=grid;
323 goto done;
324 }
325
326 for(i=0; i<num_entries; i++) {
327 sid_peek_rid(&map[i].sid, &tmp_rid);
328 if (tmp_rid==grid) {
329 /*
330 * the primary group of the user but be the first one in the list
331 * don't ask ! JFM.
332 */
333 gids[cur_gid].g_rid=gids[0].g_rid;
334 gids[0].g_rid=tmp_rid;
335 gids[cur_gid].attr=7;
336 DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
337 cur_gid++;
338 goto done; /* leave the loop early */
339 }
340 }
341
342 DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
343 DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
344
345
346 done:
347 *pgids=gids;
348 *numgroups=cur_gid;
349 safe_free(map);
350
351 return True;
352 }
353
354 /*******************************************************************
355 gets a domain user's groups from their already-calculated NT_USER_TOKEN
356 ********************************************************************/
357 NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
358 const NT_USER_TOKEN *nt_token,
359 int *numgroups, DOM_GID **pgids)
360 {
361 DOM_GID *gids;
362 int i;
363
364 gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
365
366 if (!gids) {
367 return NT_STATUS_NO_MEMORY;
368 }
369
370 *numgroups=0;
371
372 for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
373 if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
374 sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
375 gids[*numgroups].attr=7;
376 (*numgroups)++;
377 }
378 }
379 *pgids = gids;
380 return NT_STATUS_OK;
381 }
382
383 /*******************************************************************
384 Look up a local (domain) rid and return a name and type.
385 ********************************************************************/
386 NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
387 {
388 int i = 0;
389 (*type) = SID_NAME_DOM_GRP;
390
391 DEBUG(5,("lookup_group_name: rid: %d", rid));
392
393 while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
394 {
395 i++;
396 }
397
398 if (domain_group_rids[i].rid != 0)
399 {
400 fstrcpy(group_name, domain_group_rids[i].name);
401 DEBUG(5,(" = %s\n", group_name));
402 return NT_STATUS_OK;
403 }
404
405 DEBUG(5,(" none mapped\n"));
406 return NT_STATUS_NONE_MAPPED;
407 }
408
409 /*******************************************************************
410 Look up a local alias rid and return a name and type.
411 ********************************************************************/
412 NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
413 {
414 int i = 0;
415 (*type) = SID_NAME_WKN_GRP;
416
417 DEBUG(5,("lookup_alias_name: rid: %d", rid));
418
419 while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
420 {
421 i++;
422 }
423
424 if (builtin_alias_rids[i].rid != 0)
425 {
426 fstrcpy(alias_name, builtin_alias_rids[i].name);
427 DEBUG(5,(" = %s\n", alias_name));
428 return NT_STATUS_OK;
429 }
430
431 DEBUG(5,(" none mapped\n"));
432 return NT_STATUS_NONE_MAPPED;
433 }
434
435
436 #if 0 /*Nobody uses this function just now*/
437 /*******************************************************************
438 Look up a local user rid and return a name and type.
439 ********************************************************************/
440 NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
441 {
442 SAM_ACCOUNT *sampwd=NULL;
443 int i = 0;
444 BOOL ret;
445
446 (*type) = SID_NAME_USER;
447
448 DEBUG(5,("lookup_user_name: rid: %d", rid));
449
450 /* look up the well-known domain user rids first */
451 while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
452 {
453 i++;
454 }
455
456 if (domain_user_rids[i].rid != 0) {
457 fstrcpy(user_name, domain_user_rids[i].name);
458 DEBUG(5,(" = %s\n", user_name));
459 return NT_STATUS_OK;
460 }
461
462 pdb_init_sam(&sampwd);
463
464 /* ok, it's a user. find the user account */
465 become_root();
466 ret = pdb_getsampwrid(sampwd, rid);
467 unbecome_root();
468
469 if (ret == True) {
470 fstrcpy(user_name, pdb_get_username(sampwd) );
471 DEBUG(5,(" = %s\n", user_name));
472 pdb_free_sam(&sampwd);
473 return NT_STATUS_OK;
474 }
475
476 DEBUG(5,(" none mapped\n"));
477 pdb_free_sam(&sampwd);
478 return NT_STATUS_NONE_MAPPED;
479 }
480
481 #endif
482
483 /*******************************************************************
484 Look up a local (domain) group name and return a rid
485 ********************************************************************/
486 NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
487 {
488 const char *grp_name;
489 int i = -1; /* start do loop at -1 */
490
491 do /* find, if it exists, a group rid for the group name*/
492 {
493 i++;
494 (*rid) = domain_group_rids[i].rid;
495 grp_name = domain_group_rids[i].name;
496
497 } while (grp_name != NULL && !strequal(grp_name, group_name));
498
499 return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
500 }
501
502 /*******************************************************************
503 Look up a local (BUILTIN) alias name and return a rid
504 ********************************************************************/
505 NTSTATUS local_lookup_alias_rid(const char *alias_name, uint32 *rid)
506 {
507 const char *als_name;
508 int i = -1; /* start do loop at -1 */
509
510 do /* find, if it exists, a alias rid for the alias name*/
511 {
512 i++;
513 (*rid) = builtin_alias_rids[i].rid;
514 als_name = builtin_alias_rids[i].name;
515
516 } while (als_name != NULL && !strequal(als_name, alias_name));
517
518 return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
519 }
520
521 /*******************************************************************
522 Look up a local user name and return a rid
523 ********************************************************************/
524 NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
525 {
526 SAM_ACCOUNT *sampass=NULL;
527 BOOL ret;
528
529 (*rid) = 0;
530
531 pdb_init_sam(&sampass);
532
533 /* find the user account */
534 become_root();
535 ret = pdb_getsampwnam(sampass, user_name);
536 unbecome_root();
537
538 if (ret == True) {
539 (*rid) = pdb_get_user_rid(sampass);
540 pdb_free_sam(&sampass);
541 return NT_STATUS_OK;
542 }
543
544 pdb_free_sam(&sampass);
545 return NT_STATUS_NONE_MAPPED;
546 }
reg import