diff options
author | Luke Leighton <lkcl@samba.org> | 1998-11-23 22:07:05 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-11-23 22:07:05 +0000 |
commit | 10e4cbd2647eb629b60b0060fa184212a89e54f2 (patch) | |
tree | fc0e36365d6808ed44476b4700f19150d52521c5 /source/groupdb | |
parent | 8af860394fa3251a26285c8c96c9e4093346f20b (diff) | |
download | samba-10e4cbd2647eb629b60b0060fa184212a89e54f2.tar.gz samba-10e4cbd2647eb629b60b0060fa184212a89e54f2.tar.xz samba-10e4cbd2647eb629b60b0060fa184212a89e54f2.zip |
cvs is acting wierd.
Diffstat (limited to 'source/groupdb')
-rw-r--r-- | source/groupdb/aliasunix.c | 283 | ||||
-rw-r--r-- | source/groupdb/groupunix.c | 290 |
2 files changed, 573 insertions, 0 deletions
diff --git a/source/groupdb/aliasunix.c b/source/groupdb/aliasunix.c new file mode 100644 index 00000000000..cda53570f5c --- /dev/null +++ b/source/groupdb/aliasunix.c @@ -0,0 +1,283 @@ +/* + * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBUNIX_DB + +extern int DEBUGLEVEL; + + +extern DOM_SID global_sam_sid; +extern fstring global_sam_name; + +/*************************************************************** + Start to enumerate the alspasswd list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startalsunixpwent(BOOL update) +{ + setgrent(); + return (void*)(-1); +} + +/*************************************************************** + End enumeration of the alspasswd list. +****************************************************************/ + +static void endalsunixpwent(void *vp) +{ + endgrent(); +} + +/************************************************************************* + Return the current position in the alspasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static SMB_BIG_UINT getalsunixpwpos(void *vp) +{ + return (SMB_BIG_UINT)0; +} + +/************************************************************************* + Set the current position in the alspasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok) +{ + return False; +} + +/************************************************************************* + maps a unix alias to a rid, domain sid and an nt alias name. +*************************************************************************/ +static void map_unix_als_to_nt_als(struct group *unix_als, char *nt_name, DOM_SID *sid, uint32 *rid) +{ + if (map_alias_gid(unix_als->gr_gid, sid, nt_name, NULL)) + { + /* + * find the NT name represented by this UNIX gid. + * then, only accept NT aliass that are in our domain + */ + + sid_split_rid(sid, rid); + } + else + { + /* + * assume that the UNIX alias is an NT alias with + * the same name. convert gid to a alias rid. + */ + + fstrcpy(nt_name, unix_als->gr_name); + sid_copy(sid, &global_sam_sid); + (*rid) = pwdb_gid_to_alias_rid(unix_als->gr_gid); + } +} + +/************************************************************************* + Routine to return the next entry in the smbdomainalias list. + *************************************************************************/ +BOOL get_unixalias_members(struct group *als, + int *num_mem, LOCAL_GRP_MEMBER **members) +{ + int i; + char *unix_name; + fstring nt_name; + + if (num_mem == NULL || members == NULL) + { + return False; + } + + (*num_mem) = 0; + (*members) = NULL; + + for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++) + { + DOM_SID sid; + BOOL found = False; + struct group unix_als; + + if (isdigit(unix_name[0])) + { + unix_als.gr_gid = get_number(unix_name); + unix_als.gr_name = unix_name; + } + else + { + unix_als.gr_name = unix_name; + found = map_unix_alias_name(unix_name, &sid, nt_name, NULL); + } + + found = found ? sid_equal(&sid, &global_sam_sid) : False; + + if (!found) + { + DEBUG(0,("alias database: could not resolve name %s in domain %s\n", + unix_name, global_sam_name)); + continue; + } + + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + if ((*members) == NULL) + { + return False; + } + + fstrcpy((*members)[(*num_mem)].name, nt_name); + (*num_mem)++; + } + return True; +} + +/************************************************************************* + Routine to return the next entry in the domain alias list. + *************************************************************************/ +static LOCAL_GRP *getalsunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + /* Static buffers we will return. */ + static LOCAL_GRP gp_buf; + struct group *unix_grp; + + if (lp_server_role() == ROLE_DOMAIN_NONE || + lp_server_role() == ROLE_DOMAIN_MEMBER) + { + /* + * only PDC and BDC have domain aliass in the SAM. + * (however as member of domain you can have LOCAL aliass, + * but that's dealt with in the aliasdb...) + */ + + return NULL; + } + + aldb_init_als(&gp_buf); + + fstrcpy(gp_buf.comment, ""); + + /* cycle through unix aliass */ + while ((unix_grp = getgrent()) != NULL) + { + DOM_SID sid; + if (map_alias_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL)) + { + /* + * find the NT name represented by this UNIX gid. + * then, only accept NT aliass that are in our domain + */ + + sid_split_rid(&sid, &gp_buf.rid); + if (sid_equal(&sid, &global_sam_sid)) + { + break; /* hooray. */ + } + } + else + { + /* + * assume that the UNIX alias is an NT alias with + * the same name. convert gid to a alias rid. + */ + + fstrcpy(gp_buf.name, unix_grp->gr_name); + gp_buf.rid = pwdb_gid_to_alias_rid(unix_grp->gr_gid); + } + } + + if (unix_grp == NULL) + { + return NULL; + } + + /* get the user's domain aliass. there are a maximum of 32 */ + + if (mem != NULL && num_mem != NULL) + { + (*mem) = NULL; + (*num_mem) = 0; + + get_unixalias_members(unix_grp, num_mem, mem); + } + +#if 0 + { + pstring linebuf; + make_alias_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); + DEBUG(10,("line: '%s'\n", linebuf)); + } +#endif + + return &gp_buf; +} + +/************************************************************************ + Routine to add an entry to the alspasswd file. +*************************************************************************/ + +static BOOL add_alsunixals_entry(LOCAL_GRP *newals) +{ + DEBUG(0, ("add_alsunixals_entry: NOT IMPLEMENTED\n")); + return False; +} + +/************************************************************************ + Routine to search the alspasswd file for an entry matching the aliasname. + and then modify its alias entry. We can't use the startalspwent()/ + getalspwent()/endalspwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out alias or NO PASS +************************************************************************/ + +static BOOL mod_alsunixals_entry(LOCAL_GRP* als) +{ + DEBUG(0, ("mod_alsunixals_entry: NOT IMPLEMENTED\n")); + return False; +} + + +static struct aliasdb_ops unix_ops = +{ + startalsunixpwent, + endalsunixpwent, + getalsunixpwpos, + setalsunixpwpos, + + iterate_getaliasnam, /* In aliasdb.c */ + iterate_getaliasgid, /* In aliasdb.c */ + iterate_getaliasrid, /* In aliasdb.c */ + getalsunixpwent, + + add_alsunixals_entry, + mod_alsunixals_entry, + + iterate_getuseraliasnam /* in aliasdb.c */ +}; + +struct aliasdb_ops *unix_initialise_alias_db(void) +{ + return &unix_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void unix_alspass_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ diff --git a/source/groupdb/groupunix.c b/source/groupdb/groupunix.c new file mode 100644 index 00000000000..0f850f347c3 --- /dev/null +++ b/source/groupdb/groupunix.c @@ -0,0 +1,290 @@ +/* + * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBUNIX_DB + +extern int DEBUGLEVEL; + + +extern DOM_SID global_sam_sid; +extern fstring global_sam_name; + +/*************************************************************** + Start to enumerate the grppasswd list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startgrpunixpwent(BOOL update) +{ + setgrent(); + return (void*)(-1); +} + +/*************************************************************** + End enumeration of the grppasswd list. +****************************************************************/ + +static void endgrpunixpwent(void *vp) +{ + endgrent(); +} + +/************************************************************************* + Return the current position in the grppasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static SMB_BIG_UINT getgrpunixpwpos(void *vp) +{ + return (SMB_BIG_UINT)0; +} + +/************************************************************************* + Set the current position in the grppasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static BOOL setgrpunixpwpos(void *vp, SMB_BIG_UINT tok) +{ + return False; +} + +/************************************************************************* + maps a unix group to a domain sid and an nt group name. +*************************************************************************/ +static void map_unix_grp_to_nt_grp(char *unix_name, + struct group *unix_grp, char *nt_name, DOM_SID *sid) +{ + BOOL found = False; + uint32 rid; + + if (isdigit(unix_name[0])) + { + unix_grp->gr_gid = get_number(unix_name); + unix_grp->gr_name = unix_name; + found = map_group_gid(unix_grp->gr_gid, sid, nt_name, NULL); + } + else + { + unix_grp->gr_name = unix_name; + found = map_unix_group_name(unix_grp->gr_name, sid, nt_name, NULL); + } + + if (found) + { + /* + * find the NT name represented by this UNIX gid. + * then, only accept NT groups that are in our domain + */ + + sid_split_rid(sid, &rid); + } + else + { + /* + * assume that the UNIX group is an NT group with + * the same name. convert gid to a group rid. + */ + + fstrcpy(nt_name, unix_grp->gr_name); + sid_copy(sid, &global_sam_sid); + } +} + +/************************************************************************* + Routine to return the next entry in the smbdomaingroup list. + *************************************************************************/ +BOOL get_unixgroup_members(struct group *grp, + int *num_mem, DOMAIN_GRP_MEMBER **members) +{ + int i; + char *unix_name; + fstring nt_name; + + if (num_mem == NULL || members == NULL) + { + return False; + } + + (*num_mem) = 0; + (*members) = NULL; + + for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++) + { + DOM_SID sid; + struct group unix_grp; + + map_unix_grp_to_nt_grp(unix_name, &unix_grp, nt_name, &sid); + + if (!sid_equal(&sid, &global_sam_sid)) + { + DEBUG(0,("group database: could not resolve name %s in domain %s\n", + unix_name, global_sam_name)); + continue; + } + + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); + if ((*members) == NULL) + { + return False; + } + + fstrcpy((*members)[(*num_mem)].name, nt_name); + (*members)[(*num_mem)].attr = 0x07; + (*num_mem)++; + } + return True; +} + +/************************************************************************* + Routine to return the next entry in the domain group list. + *************************************************************************/ +static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + /* Static buffers we will return. */ + static DOMAIN_GRP gp_buf; + struct group *unix_grp; + + if (lp_server_role() == ROLE_DOMAIN_NONE || + lp_server_role() == ROLE_DOMAIN_MEMBER) + { + /* + * only PDC and BDC have domain groups in the SAM. + * (however as member of domain you can have LOCAL groups, + * but that's dealt with in the aliasdb...) + */ + + return NULL; + } + + gpdb_init_grp(&gp_buf); + + fstrcpy(gp_buf.comment, ""); + gp_buf.attr = 0x07; + + /* cycle through unix groups */ + while ((unix_grp = getgrent()) != NULL) + { + DOM_SID sid; + DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n", + unix_grp->gr_name)); + if (map_group_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL)) + { + /* + * find the NT name represented by this UNIX gid. + * then, only accept NT groups that are in our domain + */ + + sid_split_rid(&sid, &gp_buf.rid); + if (sid_equal(&sid, &global_sam_sid)) + { + break; /* hooray. */ + } + } + else + { + /* + * assume that the UNIX group is an NT group with + * the same name. convert gid to a group rid. + */ + + fstrcpy(gp_buf.name, unix_grp->gr_name); + gp_buf.rid = pwdb_gid_to_group_rid(unix_grp->gr_gid); + + break; + } + } + + if (unix_grp == NULL) + { + return NULL; + } + + /* get the user's domain groups. there are a maximum of 32 */ + + if (mem != NULL && num_mem != NULL) + { + (*mem) = NULL; + (*num_mem) = 0; + + get_unixgroup_members(unix_grp, num_mem, mem); + } + + { + pstring linebuf; + make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); + DEBUG(10,("line: '%s'\n", linebuf)); + } + + return &gp_buf; +} + +/************************************************************************ + Routine to add an entry to the grppasswd file. +*************************************************************************/ + +static BOOL add_grpunixgrp_entry(DOMAIN_GRP *newgrp) +{ + DEBUG(0, ("add_grpunixgrp_entry: NOT IMPLEMENTED\n")); + return False; +} + +/************************************************************************ + Routine to search the grppasswd file for an entry matching the groupname. + and then modify its group entry. We can't use the startgrppwent()/ + getgrppwent()/endgrppwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out group or NO PASS +************************************************************************/ + +static BOOL mod_grpunixgrp_entry(DOMAIN_GRP* grp) +{ + DEBUG(0, ("mod_grpunixgrp_entry: NOT IMPLEMENTED\n")); + return False; +} + + +static struct groupdb_ops unix_ops = +{ + startgrpunixpwent, + endgrpunixpwent, + getgrpunixpwpos, + setgrpunixpwpos, + + iterate_getgroupnam, /* In groupdb.c */ + iterate_getgroupgid, /* In groupdb.c */ + iterate_getgrouprid, /* In groupdb.c */ + getgrpunixpwent, + + add_grpunixgrp_entry, + mod_grpunixgrp_entry, + + iterate_getusergroupsnam /* in groupdb.c */ +}; + +struct groupdb_ops *unix_initialise_group_db(void) +{ + return &unix_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void unix_grppass_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ |