static void nss_test_errors(void)
{
struct passwd *pwd;
struct group *grp;
pwd = getpwnam("nosuchname");
if (pwd || last_error != NSS_STATUS_NOTFOUND) {
total_errors++;
printf("ERROR Non existant user gave error %d\n", last_error);
}
pwd = getpwuid(0xFFF0);
if (pwd || last_error != NSS_STATUS_NOTFOUND) {
total_errors++;
printf("ERROR Non existant uid gave error %d\n", last_error);
}
grp = sys_getgrnam("nosuchgroup");
if (grp || last_error != NSS_STATUS_NOTFOUND) {
total_errors++;
printf("ERROR Non existant group gave error %d\n", last_error);
}
grp = sys_getgrgid(0xFFF0);
if (grp || last_error != NSS_STATUS_NOTFOUND) {
total_errors++;
printf("ERROR Non existant gid gave error %d\n", last_error);
}
}
static NTSTATUS cmd_stat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
{
int ret;
const char *user;
const char *group;
struct passwd *pwd = NULL;
struct group *grp = NULL;
SMB_STRUCT_STAT st;
if (argc != 2) {
printf("Usage: stat <fname>\n");
return NT_STATUS_OK;
}
ret = SMB_VFS_STAT(vfs->conn, argv[1], &st);
if (ret == -1) {
printf("stat: error=%d (%s)\n", errno, strerror(errno));
return NT_STATUS_UNSUCCESSFUL;
}
pwd = sys_getpwuid(st.st_uid);
if (pwd != NULL) user = pwd->pw_name;
else user = null_string;
grp = sys_getgrgid(st.st_gid);
if (grp != NULL) group = grp->gr_name;
else group = null_string;
printf("stat: ok\n");
printf(" File: %s", argv[1]);
if (S_ISREG(st.st_mode)) printf(" Regular File\n");
else if (S_ISDIR(st.st_mode)) printf(" Directory\n");
else if (S_ISCHR(st.st_mode)) printf(" Character Device\n");
else if (S_ISBLK(st.st_mode)) printf(" Block Device\n");
else if (S_ISFIFO(st.st_mode)) printf(" Fifo\n");
else if (S_ISLNK(st.st_mode)) printf(" Symbolic Link\n");
else if (S_ISSOCK(st.st_mode)) printf(" Socket\n");
printf(" Size: %10u", (unsigned int)st.st_size);
#ifdef HAVE_STAT_ST_BLOCKS
printf(" Blocks: %9u", (unsigned int)st.st_blocks);
#endif
#ifdef HAVE_STAT_ST_BLKSIZE
printf(" IO Block: %u\n", (unsigned int)st.st_blksize);
#endif
printf(" Device: 0x%10x", (unsigned int)st.st_dev);
printf(" Inode: %10u", (unsigned int)st.st_ino);
printf(" Links: %10u\n", (unsigned int)st.st_nlink);
printf(" Access: %05o", (st.st_mode) & 007777);
printf(" Uid: %5lu/%.16s Gid: %5lu/%.16s\n", (unsigned long)st.st_uid, user,
(unsigned long)st.st_gid, group);
printf(" Access: %s", ctime(&(st.st_atime)));
printf(" Modify: %s", ctime(&(st.st_mtime)));
printf(" Change: %s", ctime(&(st.st_ctime)));
SAFE_FREE(pwd);
SAFE_FREE(grp);
return NT_STATUS_OK;
}
int main(int argc, char **argv)
{
struct group *gr;
gid_t gid;
/* Check args */
if (argc != 2) {
printf("ERROR: no arg specified\n");
exit(1);
}
if ((gid = atoi(argv[1])) == 0) {
printf("ERROR: invalid gid specified\n");
exit(1);
}
/* Do getgrgid() */
if ((gr = sys_getgrgid(gid)) == NULL) {
printf("FAIL: gid %d does not exist\n", gid);
exit(1);
}
/* Print group info */
printf("PASS: gid %d exists\n", gid);
printf("gr_name = %s\n", gr->gr_name);
printf("gr_passwd = %s\n", gr->gr_passwd);
printf("gr_gid = %d\n", gr->gr_gid);
/* Group membership */
if (gr->gr_mem != NULL) {
int i = 0;
printf("gr_mem = ");
while(gr->gr_mem[i] != NULL) {
printf("%s", gr->gr_mem[i]);
i++;
if (gr->gr_mem != NULL) {
printf(",");
}
}
printf("\n");
}
exit(0);
}
/*******************************************************************
gets a domain user's groups
********************************************************************/
BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
{
GROUP_MAP *map=NULL;
int i, num, num_entries, cur_gid=0;
struct group *grp;
DOM_GID *gids;
fstring user_name;
uint32 grid;
uint32 tmp_rid;
BOOL ret;
*numgroups= 0;
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* we must wrap this is become/unbecome root for ldap backends */
become_root();
/* first get the list of the domain groups */
ret = pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED);
unbecome_root();
/* end wrapper for group enumeration */
if ( !ret )
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
/*
* alloc memory. In the worse case, we alloc memory for nothing.
* but I prefer to alloc for nothing
* than reallocing everytime.
*/
gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries);
/* for each group, check if the user is a member of. Only include groups
from this domain */
for(i=0; i<num_entries; i++) {
if ( !sid_check_is_in_our_domain(&map[i].sid) ) {
DEBUG(10,("get_domain_user_groups: skipping check of %s since it is not in our domain\n",
map[i].nt_name));
continue;
}
if ((grp=sys_getgrgid(map[i].gid)) == NULL) {
/* very weird !!! */
DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
continue;
}
for(num=0; grp->gr_mem[num]!=NULL; num++) {
if(strcmp(grp->gr_mem[num], user_name)==0) {
/* we found the user, add the group to the list */
sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
gids[cur_gid].attr=7;
DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
cur_gid++;
break;
}
}
}
/* we have checked the groups */
/* we must now check the gid of the user or the primary group rid, that's the same */
for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
;
/* the user's gid is already there */
if (i!=cur_gid) {
/*
* the primary group of the user but be the first one in the list
* don't ask ! JFM.
*/
gids[i].g_rid=gids[0].g_rid;
gids[0].g_rid=grid;
goto done;
}
for(i=0; i<num_entries; i++) {
sid_peek_rid(&map[i].sid, &tmp_rid);
if (tmp_rid==grid) {
/*
* the primary group of the user but be the first one in the list
* don't ask ! JFM.
*/
gids[cur_gid].g_rid=gids[0].g_rid;
gids[0].g_rid=tmp_rid;
gids[cur_gid].attr=7;
DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
cur_gid++;
goto done; /* leave the loop early */
}
}
DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
done:
*pgids=gids;
*numgroups=cur_gid;
SAFE_FREE(map);
return True;
}
enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state)
{
DOM_SID sid;
DEBUG(3, ("[%5lu]: gid to sid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.gid));
if ( (state->request.data.gid < server_state.gid_low)
|| (state->request.data.gid > server_state.gid_high) )
{
struct group *grp = NULL;
enum SID_NAME_USE type;
unid_t id;
struct winbindd_domain *domain;
/* SPECIAL CASE FOR MEMBERS OF SAMBA DOMAINS */
/* if we don't trust /etc/group then when can't know
anything about this gid */
if ( !lp_winbind_trusted_domains_only() )
return WINBINDD_ERROR;
/* look for an idmap entry first */
if ( NT_STATUS_IS_OK(idmap_gid_to_sid(&sid, state->request.data.gid)) )
goto done;
/* if users exist in /etc/group, we should try to
use that gid. Get the username and the lookup the SID */
if ( !(grp = sys_getgrgid(state->request.data.gid)) )
return WINBINDD_ERROR;
if ( !(domain = find_our_domain()) ) {
DEBUG(0,("winbindd_uid_to_sid: can't find my own domain!\n"));
return WINBINDD_ERROR;
}
if ( !winbindd_lookup_sid_by_name(domain, grp->gr_name, &sid, &type) )
return WINBINDD_ERROR;
if ( type!=SID_NAME_DOM_GRP && type!=SID_NAME_ALIAS )
return WINBINDD_ERROR;
/* don't fail if we can't store it */
id.gid = grp->gr_gid;
idmap_set_mapping( &sid, id, ID_GROUPID );
goto done;
}
/* Lookup sid for this uid */
if (!NT_STATUS_IS_OK(idmap_gid_to_sid(&sid, state->request.data.gid))) {
DEBUG(1, ("Could not convert gid %lu to sid\n",
(unsigned long)state->request.data.gid));
return WINBINDD_ERROR;
}
done:
/* Construct sid and return it */
sid_to_string(state->response.data.sid.sid, &sid);
state->response.data.sid.type = SID_NAME_DOM_GRP;
return WINBINDD_OK;
}
