static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
int retval;
bool winbind_env;
DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
/* This is only ever called for Unix users, remote memberships are
* always determined by the info3 coming back from auth3 or the
* PAC. */
winbind_env = winbind_env_set();
(void)winbind_off();
#ifdef HAVE_GETGROUPLIST
retval = getgrouplist(user, gid, groups, grpcnt);
#else
#ifdef HAVE_GETGRSET
retval = getgrouplist_getgrset(user, gid, groups, grpcnt);
#else
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
#endif /* HAVE_GETGRSET */
#endif /* HAVE_GETGROUPLIST */
/* allow winbindd lookups, but only if they were not already disabled */
if (!winbind_env) {
(void)winbind_on();
}
return retval;
}
int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
char *p;
int retval;
DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
/* see if we should disable winbindd lookups for local users */
if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) {
if ( !winbind_off() )
DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n",
WINBINDD_DONT_ENV));
else
DEBUG(10,("sys_getgrouplist(): disabled winbindd for group lookup [user == %s]\n",
user));
}
#ifdef HAVE_GETGROUPLIST
retval = getgrouplist(user, gid, groups, grpcnt);
#else
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
#endif
/* allow winbindd lookups */
winbind_on();
return retval;
}
/*
startup a copy of smbd as a child daemon
*/
static void s3fs_task_init(struct task_server *task)
{
struct tevent_req *subreq;
const char *smbd_path;
const char *smbd_cmd[2] = { NULL, NULL };
task_server_set_title(task, "task[s3fs_parent]");
smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR);
smbd_cmd[0] = smbd_path;
/* the child should be able to call through nss_winbind */
(void)winbind_on();
/* start it as a child process */
subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
smbd_cmd,
"--option=server role check:inhibit=yes",
"--foreground",
debug_get_output_is_stdout()?"--log-stdout":NULL,
NULL);
/* the parent should not be able to call through nss_winbind */
if (!winbind_off()) {
DEBUG(0,("Failed to re-disable recursive winbindd calls after forking smbd\n"));
task_server_terminate(task, "Failed to re-disable recursive winbindd calls", true);
return;
}
if (subreq == NULL) {
DEBUG(0, ("Failed to start smbd as child daemon\n"));
task_server_terminate(task, "Failed to startup s3fs smb task", true);
return;
}
tevent_req_set_callback(subreq, file_server_smbd_done, task);
DEBUG(5,("Started file server child smbd\n"));
}
static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
{
int i;
/* initialize the status to avoid suprise */
for (i = 0; ids[i]; i++) {
ids[i]->status = ID_UNKNOWN;
}
for (i = 0; ids[i]; i++) {
struct passwd *pw;
struct group *gr;
const char *name;
enum lsa_SidType type;
bool ret;
switch (ids[i]->xid.type) {
case ID_TYPE_UID:
pw = getpwuid((uid_t)ids[i]->xid.id);
if (!pw) {
ids[i]->status = ID_UNMAPPED;
continue;
}
name = pw->pw_name;
break;
case ID_TYPE_GID:
gr = getgrgid((gid_t)ids[i]->xid.id);
if (!gr) {
ids[i]->status = ID_UNMAPPED;
continue;
}
name = gr->gr_name;
break;
default: /* ?? */
ids[i]->status = ID_UNKNOWN;
continue;
}
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
(void)winbind_on();
/* Lookup name from PDC using lsa_lookup_names() */
ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
(void)winbind_off();
if (!ret) {
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids[i]->status = ID_UNMAPPED;
continue;
}
switch (type) {
case SID_NAME_USER:
if (ids[i]->xid.type == ID_TYPE_UID) {
ids[i]->status = ID_MAPPED;
}
break;
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
if (ids[i]->xid.type == ID_TYPE_GID) {
ids[i]->status = ID_MAPPED;
}
break;
default:
ids[i]->status = ID_UNKNOWN;
break;
}
}
return NT_STATUS_OK;
}
static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
{
int i;
/* initialize the status to avoid suprise */
for (i = 0; ids[i]; i++) {
ids[i]->status = ID_UNKNOWN;
}
for (i = 0; ids[i]; i++) {
struct group *gr;
enum lsa_SidType type;
char *name = NULL;
bool ret;
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
(void)winbind_on();
ret = winbind_lookup_sid(talloc_tos(), ids[i]->sid, NULL,
(const char **)&name, &type);
(void)winbind_off();
if (!ret) {
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids[i]->status = ID_UNMAPPED;
continue;
}
switch (type) {
case SID_NAME_USER: {
struct passwd *pw;
/* this will find also all lower case name and use username level */
pw = Get_Pwnam_alloc(talloc_tos(), name);
if (pw) {
ids[i]->xid.id = pw->pw_uid;
ids[i]->xid.type = ID_TYPE_UID;
ids[i]->status = ID_MAPPED;
}
TALLOC_FREE(pw);
break;
}
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
gr = getgrnam(name);
if (gr) {
ids[i]->xid.id = gr->gr_gid;
ids[i]->xid.type = ID_TYPE_GID;
ids[i]->status = ID_MAPPED;
}
break;
default:
ids[i]->status = ID_UNKNOWN;
break;
}
TALLOC_FREE(name);
}
return NT_STATUS_OK;
}
static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
{
TALLOC_CTX *ctx;
int i;
if (! dom->initialized) {
return NT_STATUS_UNSUCCESSFUL;
}
ctx = talloc_new(dom);
if ( ! ctx) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
for (i = 0; ids[i]; i++) {
struct passwd *pw;
struct group *gr;
const char *name;
enum lsa_SidType type;
BOOL ret;
switch (ids[i]->xid.type) {
case ID_TYPE_UID:
pw = getpwuid((uid_t)ids[i]->xid.id);
if (!pw) {
ids[i]->status = ID_UNMAPPED;
continue;
}
name = pw->pw_name;
break;
case ID_TYPE_GID:
gr = getgrgid((gid_t)ids[i]->xid.id);
if (!gr) {
ids[i]->status = ID_UNMAPPED;
continue;
}
name = gr->gr_name;
break;
default: /* ?? */
ids[i]->status = ID_UNKNOWN;
continue;
}
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
winbind_on();
/* Lookup name from PDC using lsa_lookup_names() */
ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
winbind_off();
if (!ret) {
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids[i]->status = ID_UNMAPPED;
continue;
}
switch (type) {
case SID_NAME_USER:
if (ids[i]->xid.type == ID_TYPE_UID) {
ids[i]->status = ID_MAPPED;
}
break;
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
if (ids[i]->xid.type == ID_TYPE_GID) {
ids[i]->status = ID_MAPPED;
}
break;
default:
ids[i]->status = ID_UNKNOWN;
break;
}
}
talloc_free(ctx);
return NT_STATUS_OK;
}
static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
{
TALLOC_CTX *ctx;
int i;
if (! dom->initialized) {
return NT_STATUS_UNSUCCESSFUL;
}
ctx = talloc_new(dom);
if ( ! ctx) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
for (i = 0; ids[i]; i++) {
struct passwd *pw;
struct group *gr;
enum lsa_SidType type;
const char *dom_name = NULL;
const char *name = NULL;
BOOL ret;
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
winbind_on();
ret = winbind_lookup_sid(ctx, ids[i]->sid, &dom_name, &name, &type);
winbind_off();
if (!ret) {
/* TODO: how do we know if the name is really not mapped,
* or something just failed ? */
ids[i]->status = ID_UNMAPPED;
continue;
}
switch (type) {
case SID_NAME_USER:
/* this will find also all lower case name and use username level */
pw = Get_Pwnam(name);
if (pw) {
ids[i]->xid.id = pw->pw_uid;
ids[i]->xid.type = ID_TYPE_UID;
ids[i]->status = ID_MAPPED;
}
break;
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
gr = getgrnam(name);
if (gr) {
ids[i]->xid.id = gr->gr_gid;
ids[i]->xid.type = ID_TYPE_GID;
ids[i]->status = ID_MAPPED;
}
break;
default:
ids[i]->status = ID_UNKNOWN;
break;
}
}
talloc_free(ctx);
return NT_STATUS_OK;
}