Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: vendor/3.5.4/source3/groupdb/mapping.c

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago
Samba 3.5.0: Initial import
File size: 19.4 KB

Line
1	/*
2	* Unix SMB/CIFS implementation.
3	* RPC Pipe client / server routines
4	* Copyright (C) Andrew Tridgell 1992-2000,
5	* Copyright (C) Jean François Micouleau 1998-2001.
6	* Copyright (C) Volker Lendecke 2006.
7	* Copyright (C) Gerald Carter 2006.
8	*
9	* This program is free software; you can redistribute it and/or modify
10	* it under the terms of the GNU General Public License as published by
11	* the Free Software Foundation; either version 3 of the License, or
12	* (at your option) any later version.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#include "includes.h"
24	#include "groupdb/mapping.h"
25
26	static const struct mapping_backend *backend;
27
28	/*
29	initialise a group mapping backend
30	*/
31	static bool init_group_mapping(void)
32	{
33	const char *backend_string;
34
35	if (backend != NULL) {
36	/* already initialised */
37	return True;
38	}
39
40	/*
41	* default to using the ldb backend. This parameter should
42	* disappear in future versions of Samba3.
43	*
44	* But it's needed for cluster setups, because it's
45	* not yet possible to distribute a ldb inside a cluster.
46	*/
47	backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb");
48
49	if (strcmp(backend_string, "ldb") == 0) {
50	backend = groupdb_ldb_init();
51	} else if (strcmp(backend_string, "tdb") == 0) {
52	backend = groupdb_tdb_init();
53	} else {
54	DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string));
55	smb_panic("Unknown groupdb backend");
56	}
57
58	return backend != NULL;
59	}
60
61	/****************************************************************************
62	initialise first time the mapping list
63	****************************************************************************/
64	NTSTATUS add_initial_entry(gid_t gid, const char sid, enum lsa_SidType sid_name_use, const char nt_name, const char *comment)
65	{
66	GROUP_MAP map;
67
68	if(!init_group_mapping()) {
69	DEBUG(0,("failed to initialize group mapping\n"));
70	return NT_STATUS_UNSUCCESSFUL;
71	}
72
73	map.gid=gid;
74	if (!string_to_sid(&map.sid, sid)) {
75	DEBUG(0, ("string_to_sid failed: %s", sid));
76	return NT_STATUS_UNSUCCESSFUL;
77	}
78
79	map.sid_name_use=sid_name_use;
80	fstrcpy(map.nt_name, nt_name);
81	fstrcpy(map.comment, comment);
82
83	return pdb_add_group_mapping_entry(&map);
84	}
85
86	static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members,
87	DOM_SID *sids, size_t num)
88	{
89	size_t i;
90
91	*num = 0;
92	*sids = NULL;
93
94	for (i=0; i<num_members; i++) {
95	NTSTATUS status = backend->one_alias_membership(&members[i], sids, num);
96	if (!NT_STATUS_IS_OK(status))
97	return status;
98	}
99	return NT_STATUS_OK;
100	}
101
102	struct aliasmem_closure {
103	const DOM_SID *alias;
104	DOM_SID **sids;
105	size_t *num;
106	};
107
108
109
110	/*
111	*
112	* High level functions
113	* better to use them than the lower ones.
114	*
115	* we are checking if the group is in the mapping file
116	* and if the group is an existing unix group
117	*
118	*/
119
120	/* get a domain group from it's SID */
121
122	bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
123	{
124	struct group *grp;
125	bool ret;
126
127	if(!init_group_mapping()) {
128	DEBUG(0,("failed to initialize group mapping\n"));
129	return(False);
130	}
131
132	DEBUG(10, ("get_domain_group_from_sid\n"));
133
134	/* if the group is NOT in the database, it CAN NOT be a domain group */
135
136	become_root();
137	ret = pdb_getgrsid(map, sid);
138	unbecome_root();
139
140	/* special case check for rid 513 */
141
142	if ( !ret ) {
143	uint32 rid;
144
145	sid_peek_rid( &sid, &rid );
146
147	if ( rid == DOMAIN_GROUP_RID_USERS ) {
148	fstrcpy( map->nt_name, "None" );
149	fstrcpy( map->comment, "Ordinary Users" );
150	sid_copy( &map->sid, &sid );
151	map->sid_name_use = SID_NAME_DOM_GRP;
152	map->gid = (gid_t)-1;
153
154	return True;
155	}
156
157	return False;
158	}
159
160	DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
161
162	/* if it's not a domain group, continue */
163	if (map->sid_name_use!=SID_NAME_DOM_GRP) {
164	return False;
165	}
166
167	DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
168
169	if (map->gid==-1) {
170	return False;
171	}
172
173	DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
174
175	grp = getgrgid(map->gid);
176	if ( !grp ) {
177	DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
178	return False;
179	}
180
181	DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
182
183	return True;
184	}
185
186	/****************************************************************************
187	Create a UNIX group on demand.
188	****************************************************************************/
189
190	int smb_create_group(const char unix_group, gid_t new_gid)
191	{
192	char *add_script = NULL;
193	int ret = -1;
194	int fd = 0;
195
196	*new_gid = 0;
197
198	/* defer to scripts */
199
200	if ( *lp_addgroup_script() ) {
201	TALLOC_CTX *ctx = talloc_tos();
202
203	add_script = talloc_strdup(ctx,
204	lp_addgroup_script());
205	if (!add_script) {
206	return -1;
207	}
208	add_script = talloc_string_sub(ctx,
209	add_script, "%g", unix_group);
210	if (!add_script) {
211	return -1;
212	}
213
214	ret = smbrun(add_script, &fd);
215	DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
216	if (ret == 0) {
217	smb_nscd_flush_group_cache();
218	}
219	if (ret != 0)
220	return ret;
221
222	if (fd != 0) {
223	fstring output;
224
225	*new_gid = 0;
226	if (read(fd, output, sizeof(output)) > 0) {
227	*new_gid = (gid_t)strtoul(output, NULL, 10);
228	}
229
230	close(fd);
231	}
232
233	}
234
235	if (*new_gid == 0) {
236	struct group *grp = getgrnam(unix_group);
237
238	if (grp != NULL)
239	*new_gid = grp->gr_gid;
240	}
241
242	return ret;
243	}
244
245	/****************************************************************************
246	Delete a UNIX group on demand.
247	****************************************************************************/
248
249	int smb_delete_group(const char *unix_group)
250	{
251	char *del_script = NULL;
252	int ret = -1;
253
254	/* defer to scripts */
255
256	if ( *lp_delgroup_script() ) {
257	TALLOC_CTX *ctx = talloc_tos();
258
259	del_script = talloc_strdup(ctx,
260	lp_delgroup_script());
261	if (!del_script) {
262	return -1;
263	}
264	del_script = talloc_string_sub(ctx,
265	del_script, "%g", unix_group);
266	if (!del_script) {
267	return -1;
268	}
269	ret = smbrun(del_script,NULL);
270	DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
271	if (ret == 0) {
272	smb_nscd_flush_group_cache();
273	}
274	return ret;
275	}
276
277	return -1;
278	}
279
280	/****************************************************************************
281	Set a user's primary UNIX group.
282	****************************************************************************/
283
284	int smb_set_primary_group(const char unix_group, const char unix_user)
285	{
286	char *add_script = NULL;
287	int ret = -1;
288
289	/* defer to scripts */
290
291	if ( *lp_setprimarygroup_script() ) {
292	TALLOC_CTX *ctx = talloc_tos();
293
294	add_script = talloc_strdup(ctx,
295	lp_setprimarygroup_script());
296	if (!add_script) {
297	return -1;
298	}
299	add_script = talloc_all_string_sub(ctx,
300	add_script, "%g", unix_group);
301	if (!add_script) {
302	return -1;
303	}
304	add_script = talloc_string_sub(ctx,
305	add_script, "%u", unix_user);
306	if (!add_script) {
307	return -1;
308	}
309	ret = smbrun(add_script,NULL);
310	flush_pwnam_cache();
311	DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
312	"Running the command `%s' gave %d\n",add_script,ret));
313	if (ret == 0) {
314	smb_nscd_flush_group_cache();
315	}
316	return ret;
317	}
318
319	return -1;
320	}
321
322	/****************************************************************************
323	Add a user to a UNIX group.
324	****************************************************************************/
325
326	int smb_add_user_group(const char unix_group, const char unix_user)
327	{
328	char *add_script = NULL;
329	int ret = -1;
330
331	/* defer to scripts */
332
333	if ( *lp_addusertogroup_script() ) {
334	TALLOC_CTX *ctx = talloc_tos();
335
336	add_script = talloc_strdup(ctx,
337	lp_addusertogroup_script());
338	if (!add_script) {
339	return -1;
340	}
341	add_script = talloc_string_sub(ctx,
342	add_script, "%g", unix_group);
343	if (!add_script) {
344	return -1;
345	}
346	add_script = talloc_string_sub(ctx,
347	add_script, "%u", unix_user);
348	if (!add_script) {
349	return -1;
350	}
351	ret = smbrun(add_script,NULL);
352	DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
353	if (ret == 0) {
354	smb_nscd_flush_group_cache();
355	}
356	return ret;
357	}
358
359	return -1;
360	}
361
362	/****************************************************************************
363	Delete a user from a UNIX group
364	****************************************************************************/
365
366	int smb_delete_user_group(const char unix_group, const char unix_user)
367	{
368	char *del_script = NULL;
369	int ret = -1;
370
371	/* defer to scripts */
372
373	if ( *lp_deluserfromgroup_script() ) {
374	TALLOC_CTX *ctx = talloc_tos();
375
376	del_script = talloc_strdup(ctx,
377	lp_deluserfromgroup_script());
378	if (!del_script) {
379	return -1;
380	}
381	del_script = talloc_string_sub(ctx,
382	del_script, "%g", unix_group);
383	if (!del_script) {
384	return -1;
385	}
386	del_script = talloc_string_sub(ctx,
387	del_script, "%u", unix_user);
388	if (!del_script) {
389	return -1;
390	}
391	ret = smbrun(del_script,NULL);
392	DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
393	if (ret == 0) {
394	smb_nscd_flush_group_cache();
395	}
396	return ret;
397	}
398
399	return -1;
400	}
401
402
403	NTSTATUS pdb_default_getgrsid(struct pdb_methods methods, GROUP_MAP map,
404	DOM_SID sid)
405	{
406	if (!init_group_mapping()) {
407	DEBUG(0,("failed to initialize group mapping\n"));
408	return NT_STATUS_UNSUCCESSFUL;
409	}
410	return backend->get_group_map_from_sid(sid, map) ?
411	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
412	}
413
414	NTSTATUS pdb_default_getgrgid(struct pdb_methods methods, GROUP_MAP map,
415	gid_t gid)
416	{
417	if (!init_group_mapping()) {
418	DEBUG(0,("failed to initialize group mapping\n"));
419	return NT_STATUS_UNSUCCESSFUL;
420	}
421	return backend->get_group_map_from_gid(gid, map) ?
422	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
423	}
424
425	NTSTATUS pdb_default_getgrnam(struct pdb_methods methods, GROUP_MAP map,
426	const char *name)
427	{
428	if (!init_group_mapping()) {
429	DEBUG(0,("failed to initialize group mapping\n"));
430	return NT_STATUS_UNSUCCESSFUL;
431	}
432	return backend->get_group_map_from_ntname(name, map) ?
433	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
434	}
435
436	NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
437	GROUP_MAP *map)
438	{
439	if (!init_group_mapping()) {
440	DEBUG(0,("failed to initialize group mapping\n"));
441	return NT_STATUS_UNSUCCESSFUL;
442	}
443	return backend->add_mapping_entry(map, TDB_INSERT) ?
444	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
445	}
446
447	NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
448	GROUP_MAP *map)
449	{
450	if (!init_group_mapping()) {
451	DEBUG(0,("failed to initialize group mapping\n"));
452	return NT_STATUS_UNSUCCESSFUL;
453	}
454	return backend->add_mapping_entry(map, TDB_REPLACE) ?
455	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
456	}
457
458	NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
459	DOM_SID sid)
460	{
461	if (!init_group_mapping()) {
462	DEBUG(0,("failed to initialize group mapping\n"));
463	return NT_STATUS_UNSUCCESSFUL;
464	}
465	return backend->group_map_remove(&sid) ?
466	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
467	}
468
469	NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
470	const DOM_SID *sid, enum lsa_SidType sid_name_use,
471	GROUP_MAP *pp_rmap, size_t p_num_entries,
472	bool unix_only)
473	{
474	if (!init_group_mapping()) {
475	DEBUG(0,("failed to initialize group mapping\n"));
476	return NT_STATUS_UNSUCCESSFUL;
477	}
478	return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
479	NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
480	}
481
482	NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
483	const char name, uint32 rid)
484	{
485	DOM_SID sid;
486	enum lsa_SidType type;
487	uint32 new_rid;
488	gid_t gid;
489	bool exists;
490	GROUP_MAP map;
491	TALLOC_CTX *mem_ctx;
492	NTSTATUS status;
493
494	DEBUG(10, ("Trying to create alias %s\n", name));
495
496	mem_ctx = talloc_new(NULL);
497	if (mem_ctx == NULL) {
498	return NT_STATUS_NO_MEMORY;
499	}
500
501	exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
502	NULL, NULL, &sid, &type);
503	TALLOC_FREE(mem_ctx);
504
505	if (exists) {
506	return NT_STATUS_ALIAS_EXISTS;
507	}
508
509	if (!winbind_allocate_gid(&gid)) {
510	DEBUG(3, ("Could not get a gid out of winbind\n"));
511	return NT_STATUS_ACCESS_DENIED;
512	}
513
514	if (!pdb_new_rid(&new_rid)) {
515	DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n"));
516	return NT_STATUS_ACCESS_DENIED;
517	}
518
519	DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
520	name, (unsigned int)gid, (unsigned int)new_rid));
521
522	sid_copy(&sid, get_global_sam_sid());
523	sid_append_rid(&sid, new_rid);
524
525	map.gid = gid;
526	sid_copy(&map.sid, &sid);
527	map.sid_name_use = SID_NAME_ALIAS;
528	fstrcpy(map.nt_name, name);
529	fstrcpy(map.comment, "");
530
531	status = pdb_add_group_mapping_entry(&map);
532
533	if (!NT_STATUS_IS_OK(status)) {
534	DEBUG(0, ("Could not add group mapping entry for alias %s "
535	"(%s)\n", name, nt_errstr(status)));
536	return status;
537	}
538
539	*rid = new_rid;
540
541	return NT_STATUS_OK;
542	}
543
544	NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
545	const DOM_SID *sid)
546	{
547	return pdb_delete_group_mapping_entry(*sid);
548	}
549
550	NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
551	const DOM_SID *sid,
552	struct acct_info *info)
553	{
554	GROUP_MAP map;
555
556	if (!pdb_getgrsid(&map, *sid))
557	return NT_STATUS_NO_SUCH_ALIAS;
558
559	if ((map.sid_name_use != SID_NAME_ALIAS) &&
560	(map.sid_name_use != SID_NAME_WKN_GRP)) {
561	DEBUG(2, ("%s is a %s, expected an alias\n",
562	sid_string_dbg(sid),
563	sid_type_lookup(map.sid_name_use)));
564	return NT_STATUS_NO_SUCH_ALIAS;
565	}
566
567	fstrcpy(info->acct_name, map.nt_name);
568	fstrcpy(info->acct_desc, map.comment);
569	sid_peek_rid(&map.sid, &info->rid);
570	return NT_STATUS_OK;
571	}
572
573	NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
574	const DOM_SID *sid,
575	struct acct_info *info)
576	{
577	GROUP_MAP map;
578
579	if (!pdb_getgrsid(&map, *sid))
580	return NT_STATUS_NO_SUCH_ALIAS;
581
582	fstrcpy(map.nt_name, info->acct_name);
583	fstrcpy(map.comment, info->acct_desc);
584
585	return pdb_update_group_mapping_entry(&map);
586	}
587
588	NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
589	const DOM_SID alias, const DOM_SID member)
590	{
591	if (!init_group_mapping()) {
592	DEBUG(0,("failed to initialize group mapping\n"));
593	return NT_STATUS_UNSUCCESSFUL;
594	}
595	return backend->add_aliasmem(alias, member);
596	}
597
598	NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
599	const DOM_SID alias, const DOM_SID member)
600	{
601	if (!init_group_mapping()) {
602	DEBUG(0,("failed to initialize group mapping\n"));
603	return NT_STATUS_UNSUCCESSFUL;
604	}
605	return backend->del_aliasmem(alias, member);
606	}
607
608	NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
609	const DOM_SID alias, TALLOC_CTX mem_ctx,
610	DOM_SID *pp_members, size_t p_num_members)
611	{
612	if (!init_group_mapping()) {
613	DEBUG(0,("failed to initialize group mapping\n"));
614	return NT_STATUS_UNSUCCESSFUL;
615	}
616	return backend->enum_aliasmem(alias, mem_ctx, pp_members,
617	p_num_members);
618	}
619
620	NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
621	TALLOC_CTX *mem_ctx,
622	const DOM_SID *domain_sid,
623	const DOM_SID *members,
624	size_t num_members,
625	uint32 **pp_alias_rids,
626	size_t *p_num_alias_rids)
627	{
628	DOM_SID *alias_sids;
629	size_t i, num_alias_sids;
630	NTSTATUS result;
631
632	if (!init_group_mapping()) {
633	DEBUG(0,("failed to initialize group mapping\n"));
634	return NT_STATUS_UNSUCCESSFUL;
635	}
636
637	alias_sids = NULL;
638	num_alias_sids = 0;
639
640	result = alias_memberships(members, num_members,
641	&alias_sids, &num_alias_sids);
642
643	if (!NT_STATUS_IS_OK(result))
644	return result;
645
646	*p_num_alias_rids = 0;
647
648	if (num_alias_sids == 0) {
649	TALLOC_FREE(alias_sids);
650	return NT_STATUS_OK;
651	}
652
653	*pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
654	if (*pp_alias_rids == NULL)
655	return NT_STATUS_NO_MEMORY;
656
657	for (i=0; i<num_alias_sids; i++) {
658	if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
659	&(pp_alias_rids)[p_num_alias_rids]))
660	continue;
661	*p_num_alias_rids += 1;
662	}
663
664	TALLOC_FREE(alias_sids);
665
666	return NT_STATUS_OK;
667	}
668
669	/**********************************************************************
670	no ops for passdb backends that don't implement group mapping
671	*********************************************************************/
672
673	NTSTATUS pdb_nop_getgrsid(struct pdb_methods methods, GROUP_MAP map,
674	DOM_SID sid)
675	{
676	return NT_STATUS_UNSUCCESSFUL;
677	}
678
679	NTSTATUS pdb_nop_getgrgid(struct pdb_methods methods, GROUP_MAP map,
680	gid_t gid)
681	{
682	return NT_STATUS_UNSUCCESSFUL;
683	}
684
685	NTSTATUS pdb_nop_getgrnam(struct pdb_methods methods, GROUP_MAP map,
686	const char *name)
687	{
688	return NT_STATUS_UNSUCCESSFUL;
689	}
690
691	NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods,
692	GROUP_MAP *map)
693	{
694	return NT_STATUS_UNSUCCESSFUL;
695	}
696
697	NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods,
698	GROUP_MAP *map)
699	{
700	return NT_STATUS_UNSUCCESSFUL;
701	}
702
703	NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
704	DOM_SID sid)
705	{
706	return NT_STATUS_UNSUCCESSFUL;
707	}
708
709	NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
710	enum lsa_SidType sid_name_use,
711	GROUP_MAP *rmap, size_t num_entries,
712	bool unix_only)
713	{
714	return NT_STATUS_UNSUCCESSFUL;
715	}
716
717	/****************************************************************************
718	These need to be redirected through pdb_interface.c
719	****************************************************************************/
720	bool pdb_get_dom_grp_info(const DOM_SID sid, struct acct_info info)
721	{
722	GROUP_MAP map;
723	bool res;
724
725	become_root();
726	res = get_domain_group_from_sid(*sid, &map);
727	unbecome_root();
728
729	if (!res)
730	return False;
731
732	fstrcpy(info->acct_name, map.nt_name);
733	fstrcpy(info->acct_desc, map.comment);
734	sid_peek_rid(sid, &info->rid);
735	return True;
736	}
737
738	bool pdb_set_dom_grp_info(const DOM_SID sid, const struct acct_info info)
739	{
740	GROUP_MAP map;
741
742	if (!get_domain_group_from_sid(*sid, &map))
743	return False;
744
745	fstrcpy(map.nt_name, info->acct_name);
746	fstrcpy(map.comment, info->acct_desc);
747
748	return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map));
749	}
750
751	/********************************************************************
752	Really just intended to be called by smbd
753	********************************************************************/
754
755	NTSTATUS pdb_create_builtin_alias(uint32 rid)
756	{
757	DOM_SID sid;
758	enum lsa_SidType type;
759	gid_t gid;
760	GROUP_MAP map;
761	TALLOC_CTX *mem_ctx;
762	NTSTATUS status;
763	const char *name = NULL;
764	fstring groupname;
765
766	DEBUG(10, ("Trying to create builtin alias %d\n", rid));
767
768	if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
769	return NT_STATUS_NO_SUCH_ALIAS;
770	}
771
772	if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
773	return NT_STATUS_NO_MEMORY;
774	}
775
776	if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
777	TALLOC_FREE( mem_ctx );
778	return NT_STATUS_NO_SUCH_ALIAS;
779	}
780
781	/* validate RID so copy the name and move on */
782
783	fstrcpy( groupname, name );
784	TALLOC_FREE( mem_ctx );
785
786	if (!winbind_allocate_gid(&gid)) {
787	DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
788	return NT_STATUS_ACCESS_DENIED;
789	}
790
791	DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
792
793	map.gid = gid;
794	sid_copy(&map.sid, &sid);
795	map.sid_name_use = SID_NAME_ALIAS;
796	fstrcpy(map.nt_name, groupname);
797	fstrcpy(map.comment, "");
798
799	status = pdb_add_group_mapping_entry(&map);
800
801	if (!NT_STATUS_IS_OK(status)) {
802	DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
803	"(%s)\n", rid, nt_errstr(status)));
804	}
805
806	return status;
807	}
808
809

Note: See TracBrowser for help on using the repository browser.

Download in other formats: