diff options
author | Simo Sorce <idra@samba.org> | 2003-05-12 18:12:31 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2003-05-12 18:12:31 +0000 |
commit | c823b191ab476fc2583d6d6aaa1e2edb09cbb88e (patch) | |
tree | de7a7bc704024faf8e9b5dc750eed0cec6684ebb /source3/nsswitch | |
parent | 9308eaf77d53b2d86c071ef07a8e32d9d83b6d12 (diff) | |
download | samba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.tar.gz samba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.tar.bz2 samba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.zip |
And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd.c | 8 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cache.c | 7 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 37 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_sid.c | 13 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_user.c | 19 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 9 |
6 files changed, 35 insertions, 58 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index fb6f67625c..c7e45e5429 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -128,7 +128,6 @@ static void winbindd_status(void) static void print_winbindd_status(void) { winbindd_status(); - winbindd_idmap_status(); winbindd_cm_status(); } @@ -146,7 +145,7 @@ static void terminate(void) { pstring path; - winbindd_idmap_close(); + idmap_close(); /* Remove socket file */ snprintf(path, sizeof(path), "%s/%s", @@ -834,9 +833,12 @@ int main(int argc, char **argv) /* Winbind daemon initialisation */ - if (!winbindd_idmap_init()) + if (!idmap_init()) return 1; + if (!idmap_init_wellknown_sids()) + exit(1); + /* Unblock all signals we are interested in as they may have been blocked by the parent process. */ diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 5eabcfca20..dc40142a77 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -100,7 +100,12 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain) ret = smb_xmalloc(sizeof(*ret)); ZERO_STRUCTP(ret); - switch (lp_security()) { + switch (lp_security()) { /* winbind pdc disabled until ready + if (!strcmp(domain->name, lp_workgroup()) && (lp_security() == SEC_USER)) { + extern struct winbindd_methods passdb_methods; + ret->backend = &passdb_methods; + + } else switch (lp_security()) { */ #ifdef HAVE_ADS case SEC_ADS: { extern struct winbindd_methods ads_methods; diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index b3ded2a2f4..14ebb78466 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -193,8 +193,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum SID_NAME_USE name_type; fstring name_domain, name_group; char *tmp, *gr_mem; - gid_t gid; int gr_mem_len; + gid_t gid; /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -210,11 +210,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) if (!parse_domain_user(tmp, name_domain, name_group)) return WINBINDD_ERROR; - /* fail if we are a PDC and this is our domain; should be done by passdb */ - - if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) - return WINBINDD_ERROR; - /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -238,7 +233,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { + if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &gid))) { DEBUG(1, ("error converting unix gid to sid\n")); return WINBINDD_ERROR; } @@ -283,8 +278,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; /* Get rid from gid */ - - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { + if (NT_STATUS_IS_ERR(uid_to_sid(&group_sid, state->request.data.gid))) { DEBUG(1, ("could not convert gid %d to rid\n", state->request.data.gid)); return WINBINDD_ERROR; @@ -410,9 +404,6 @@ static BOOL get_sam_group_entries(struct getent_state *ent) if (ent->got_sam_entries) return False; - - if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name)) - return False; if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", ent->domain_name))) { @@ -598,9 +589,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (!winbindd_idmap_get_gid_from_sid( - &group_sid, - &group_gid)) { + if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &group_gid))) { DEBUG(1, ("could not look up gid for group %s\n", name_list[ent->sam_entry_index].acct_name)); @@ -749,11 +738,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) for (domain = domain_list(); domain; domain = domain->next) { struct getent_state groups; - - /* fail if we are a PDC and this is our domain; should be done by passdb */ - - if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) - continue; ZERO_STRUCT(groups); @@ -846,11 +830,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) name_user)) goto done; - /* fail if we are a PDC and this is our domain; should be done by passdb */ - - if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) - return WINBINDD_ERROR; - /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -887,16 +866,16 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - if (!winbindd_idmap_get_gid_from_sid( - user_gids[i], - &gid_list[num_gids])) { + gid_t gid; + + if (NT_STATUS_IS_ERR(sid_to_gid(user_gids[i], &gid))) { fstring sid_string; DEBUG(1, ("unable to convert group sid %s to gid\n", sid_to_string(sid_string, user_gids[i]))); continue; } - + gid_list[num_gids] = gid; num_gids++; } diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 41bda7e5bc..f5dd904dc1 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -98,11 +98,6 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) name_domain = state->request.data.name.dom_name; name_user = state->request.data.name.name; - /* fail if we are a PDC and this is our domain; should be done by passdb */ - - if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) - return WINBINDD_ERROR; - if ((domain = find_domain_from_name(name_domain)) == NULL) { DEBUG(0, ("could not find domain entry for domain %s\n", name_domain)); @@ -142,7 +137,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) } /* Find uid for this sid and return it */ - if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) { + if (NT_STATUS_IS_ERR(sid_to_uid(&sid, &(state->response.data.uid)))) { DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; @@ -171,7 +166,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) } /* Find gid for this sid and return it */ - if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) { + if (NT_STATUS_IS_ERR(sid_to_gid(&sid, &(state->response.data.gid)))) { DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; @@ -197,7 +192,7 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) state->request.data.uid)); /* Lookup rid for this uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) { + if (NT_STATUS_IS_ERR(uid_to_sid(&sid, state->request.data.uid))) { DEBUG(1, ("Could not convert uid %d to rid\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -226,7 +221,7 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) state->request.data.gid)); /* Lookup sid for this uid */ - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) { + if (NT_STATUS_IS_ERR(gid_to_sid(&sid, state->request.data.gid))) { DEBUG(1, ("Could not convert gid %d to sid\n", state->request.data.gid)); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index d2bd231918..dc07bc42e7 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -41,17 +41,15 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, return False; /* Resolve the uid number */ - - if (!winbindd_idmap_get_uid_from_sid(user_sid, - &pw->pw_uid)) { + + if (NT_STATUS_IS_ERR(sid_to_uid(user_sid, &(pw->pw_uid)))) { DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid))); return False; } /* Resolve the gid number */ - - if (!winbindd_idmap_get_gid_from_sid(group_sid, - &pw->pw_gid)) { + + if (NT_STATUS_IS_ERR(sid_to_gid(group_sid, &(pw->pw_gid)))) { DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid))); return False; } @@ -178,9 +176,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) fstring user_name; enum SID_NAME_USE name_type; WINBIND_USERINFO user_info; - gid_t gid; TALLOC_CTX *mem_ctx; NTSTATUS status; + gid_t gid; /* Bug out if the uid isn't in the winbind range */ @@ -193,8 +191,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) /* Get rid from uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, - &user_sid)) { + if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, state->request.data.uid))) { DEBUG(1, ("could not convert uid %d to SID\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -236,9 +233,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - /* Resolve gid number */ + /* Check group has a gid number */ - if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) { + if (NT_STATUS_IS_ERR(sid_to_gid(user_info.group_sid, &gid))) { DEBUG(1, ("error getting group id for user %s\n", user_name)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index ef030e2c7b..ac0b317b42 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -126,7 +126,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const /* see if this is a native mode win2k domain, but only for our own domain */ - if ( lp_server_role() != ROLE_DOMAIN_PDC && strequal( lp_workgroup(), domain_name) ) { + if ( strequal( lp_workgroup(), domain_name) ) { domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, domain->native_mode ? "native" : "mixed" )); @@ -211,7 +211,6 @@ BOOL init_domain_list(void) /* Add ourselves as the first entry */ domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL); - if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) { DEBUG(1, ("Could not fetch sid for our domain %s\n", domain->name)); @@ -220,7 +219,7 @@ BOOL init_domain_list(void) /* get any alternate name for the primary domain */ cache_methods.alternate_name(domain); - + /* do an initial scan for trusted domains */ rescan_trusted_domains(True); @@ -381,12 +380,12 @@ BOOL winbindd_param_init(void) { /* Parse winbind uid and winbind_gid parameters */ - if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) { + if (!lp_idmap_uid(&server_state.uid_low, &server_state.uid_high)) { DEBUG(0, ("winbind uid range missing or invalid\n")); return False; } - if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) { + if (!lp_idmap_gid(&server_state.gid_low, &server_state.gid_high)) { DEBUG(0, ("winbind gid range missing or invalid\n")); return False; } |