2 Unix SMB/CIFS implementation.
4 Winbind rpc backend functions
6 Copyright (C) Tim Potter 2000-2001,2003
7 Copyright (C) Simo Sorce 2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_WINBIND
30 /* Query display info for a domain. This returns enough information plus a
31 bit extra to give an overview of domain users for the User Manager
33 static NTSTATUS
query_user_list(struct winbindd_domain
*domain
,
36 WINBIND_USERINFO
**info
)
38 SAM_ACCOUNT
*sam_account
= NULL
;
42 DEBUG(3,("pdb: query_user_list\n"));
44 if (!NT_STATUS_IS_OK(result
= pdb_init_sam(&sam_account
))) {
51 if (pdb_setsampwent(False
)) {
53 while (pdb_getsampwent(sam_account
)) {
55 /* we return only nua accounts, or we will have duplicates */
56 if (!idmap_check_sid_is_in_free_range(pdb_get_user_sid(sam_account
))) {
60 *info
= talloc_realloc(mem_ctx
, *info
, (i
+ 1) * sizeof(WINBIND_USERINFO
));
62 DEBUG(0,("query_user_list: out of memory!\n"));
63 result
= NT_STATUS_NO_MEMORY
;
67 (*info
)[i
].user_sid
= talloc(mem_ctx
, sizeof(DOM_SID
));
68 (*info
)[i
].group_sid
= talloc(mem_ctx
, sizeof(DOM_SID
));
69 if (!((*info
)[i
].user_sid
) || !((*info
)[i
].group_sid
)) {
70 DEBUG(0,("query_user_list: out of memory!\n"));
71 result
= NT_STATUS_NO_MEMORY
;
74 sid_copy((*info
)[i
].user_sid
, pdb_get_user_sid(sam_account
));
75 sid_copy((*info
)[i
].group_sid
, pdb_get_group_sid(sam_account
));
77 (*info
)[i
].acct_name
= talloc_strdup(mem_ctx
, pdb_get_username(sam_account
));
78 (*info
)[i
].full_name
= talloc_strdup(mem_ctx
, pdb_get_fullname(sam_account
));
79 if (!((*info
)[i
].acct_name
) || !((*info
)[i
].full_name
)) {
80 DEBUG(0,("query_user_list: out of memory!\n"));
81 result
= NT_STATUS_NO_MEMORY
;
87 if (!NT_STATUS_IS_OK(pdb_reset_sam(sam_account
))) {
88 result
= NT_STATUS_UNSUCCESSFUL
;
94 result
= NT_STATUS_OK
;
97 result
= NT_STATUS_UNSUCCESSFUL
;
100 pdb_free_sam(&sam_account
);
104 /* list all domain groups */
105 static NTSTATUS
enum_dom_groups(struct winbindd_domain
*domain
,
108 struct acct_info
**info
)
110 NTSTATUS result
= NT_STATUS_OK
;
112 DEBUG(3,("pdb: enum_dom_groups (group support not implemented)\n"));
120 /* List all domain groups */
122 static NTSTATUS
enum_local_groups(struct winbindd_domain
*domain
,
125 struct acct_info
**info
)
127 NTSTATUS result
= NT_STATUS_OK
;
129 DEBUG(3,("pdb: enum_local_groups (group support not implemented)\n"));
137 /* convert a single name to a sid in a domain */
138 static NTSTATUS
name_to_sid(struct winbindd_domain
*domain
,
142 enum SID_NAME_USE
*type
)
144 SAM_ACCOUNT
*sam_account
= NULL
;
145 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
147 DEBUG(3,("pdb: name_to_sid name=%s (group support not implemented)\n", name
));
149 if (NT_STATUS_IS_OK(pdb_init_sam(&sam_account
))) {
150 if (!pdb_getsampwnam(sam_account
, name
)) {
151 result
= NT_STATUS_UNSUCCESSFUL
;
152 } else { /* it is a sam user */
153 sid_copy(sid
, pdb_get_user_sid(sam_account
));
154 *type
= SID_NAME_USER
;
155 result
= NT_STATUS_OK
;
159 pdb_free_sam(&sam_account
);
164 convert a domain SID to a user or group name
166 static NTSTATUS
sid_to_name(struct winbindd_domain
*domain
,
170 enum SID_NAME_USE
*type
)
172 SAM_ACCOUNT
*sam_account
= NULL
;
173 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
176 DEBUG(3,("pdb: sid_to_name sid=%s\n", sid_string_static(sid
)));
178 if (NT_STATUS_IS_OK(sid_to_uid(sid
, &id
))) { /* this is a user */
180 if (!NT_STATUS_IS_OK(result
= pdb_init_sam(&sam_account
))) {
184 if (!pdb_getsampwsid(sam_account
, sid
)) {
185 pdb_free_sam(&sam_account
);
186 return NT_STATUS_UNSUCCESSFUL
;
189 *name
= talloc_strdup(mem_ctx
, pdb_get_username(sam_account
));
191 DEBUG(0,("query_user: out of memory!\n"));
192 pdb_free_sam(&sam_account
);
193 return NT_STATUS_NO_MEMORY
;
196 pdb_free_sam(&sam_account
);
197 *type
= SID_NAME_USER
;
198 result
= NT_STATUS_OK
;
200 } else if (NT_STATUS_IS_OK(sid_to_gid(sid
, &id
))) { /* this is a group */
202 DEBUG(3,("pdb: sid_to_name: group support not implemented\n"));
203 result
= NT_STATUS_UNSUCCESSFUL
;
209 /* Lookup user information from a rid or username. */
210 static NTSTATUS
query_user(struct winbindd_domain
*domain
,
213 WINBIND_USERINFO
*user_info
)
215 SAM_ACCOUNT
*sam_account
= NULL
;
218 DEBUG(3,("pdb: query_user sid=%s\n", sid_string_static(user_sid
)));
220 if (!NT_STATUS_IS_OK(result
= pdb_init_sam(&sam_account
))) {
224 if (!pdb_getsampwsid(sam_account
, user_sid
)) {
225 pdb_free_sam(&sam_account
);
226 return NT_STATUS_UNSUCCESSFUL
;
229 /* we return only nua accounts, or we will have duplicates */
230 if (!idmap_check_sid_is_in_free_range(user_sid
)) {
231 pdb_free_sam(&sam_account
);
232 return NT_STATUS_UNSUCCESSFUL
;
235 user_info
->user_sid
= talloc(mem_ctx
, sizeof(DOM_SID
));
236 user_info
->group_sid
= talloc(mem_ctx
, sizeof(DOM_SID
));
237 if (!(user_info
->user_sid
) || !(user_info
->group_sid
)) {
238 DEBUG(0,("query_user: out of memory!\n"));
239 pdb_free_sam(&sam_account
);
240 return NT_STATUS_NO_MEMORY
;
242 sid_copy(user_info
->user_sid
, pdb_get_user_sid(sam_account
));
243 sid_copy(user_info
->group_sid
, pdb_get_group_sid(sam_account
));
245 user_info
->acct_name
= talloc_strdup(mem_ctx
, pdb_get_username(sam_account
));
246 user_info
->full_name
= talloc_strdup(mem_ctx
, pdb_get_fullname(sam_account
));
247 if (!(user_info
->acct_name
) || !(user_info
->full_name
)) {
248 DEBUG(0,("query_user: out of memory!\n"));
249 pdb_free_sam(&sam_account
);
250 return NT_STATUS_NO_MEMORY
;
253 pdb_free_sam(&sam_account
);
257 /* Lookup groups a user is a member of. I wish Unix had a call like this! */
258 static NTSTATUS
lookup_usergroups(struct winbindd_domain
*domain
,
261 uint32
*num_groups
, DOM_SID
***user_gids
)
263 NTSTATUS result
= NT_STATUS_OK
;
265 DEBUG(3,("pdb: lookup_usergroups (group support not implemented)\n"));
274 /* Lookup group membership given a rid. */
275 static NTSTATUS
lookup_groupmem(struct winbindd_domain
*domain
,
277 DOM_SID
*group_sid
, uint32
*num_names
,
278 DOM_SID
***sid_mem
, char ***names
,
281 NTSTATUS result
= NT_STATUS_NOT_IMPLEMENTED
;
283 DEBUG(3,("pdb: lookup_groupmem (group support not implemented)\n"));
293 /* find the sequence number for a domain */
294 static NTSTATUS
sequence_number(struct winbindd_domain
*domain
, uint32
*seq
)
296 /* FIXME: we fake up the seq_num untill our passdb support it */
297 static uint32 seq_num
;
299 DEBUG(3,("pdb: sequence_number\n"));
306 /* get a list of trusted domains */
307 static NTSTATUS
trusted_domains(struct winbindd_domain
*domain
,
314 NTSTATUS result
= NT_STATUS_NOT_IMPLEMENTED
;
316 DEBUG(3,("pdb: trusted_domains (todo!)\n"));
321 /* find the domain sid for a domain */
322 static NTSTATUS
domain_sid(struct winbindd_domain
*domain
, DOM_SID
*sid
)
324 DEBUG(3,("pdb: domain_sid\n"));
326 if (strcmp(domain
->name
, lp_workgroup())) {
327 return NT_STATUS_INVALID_PARAMETER
;
329 sid_copy(sid
, get_global_sam_sid());
334 /* find alternate names list for the domain
335 * should we look for netbios aliases??
337 static NTSTATUS
alternate_name(struct winbindd_domain
*domain
)
339 DEBUG(3,("pdb: alternate_name\n"));
345 /* the rpc backend methods are exposed via this structure */
346 struct winbindd_methods passdb_methods
= {