diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-03-13 16:43:25 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2004-03-13 16:43:25 +0000 |
| commit | ebd5fe9d02433c5bfe480ae09385ddd3f7e2364c (patch) | |
| tree | 7c3644fc33b3d61b58eb945b80b62dc32af162cc /source3/nsswitch | |
| parent | 146d674c2ce78ddb2e3e5a63ad4f2e53b52d093e (diff) | |
| download | samba-ebd5fe9d02433c5bfe480ae09385ddd3f7e2364c.tar.gz samba-ebd5fe9d02433c5bfe480ae09385ddd3f7e2364c.tar.bz2 samba-ebd5fe9d02433c5bfe480ae09385ddd3f7e2364c.zip | |
Remove the prototype for alias support in winbind again. This will be
replaced by a winbindd_passdb.c checkin soon.
Volker
(This used to be commit 4e96b46a8481bdf4f3408574ccc8c921ade7018b)
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd.h | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_acct.c | 204 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 144 |
3 files changed, 29 insertions, 324 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index cece2b40de..0087d58195 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -48,11 +48,6 @@ struct winbindd_cli_state { struct winbindd_response response; /* Respose to client */ struct getent_state *getpwent_state; /* State for getpwent() */ struct getent_state *getgrent_state; /* State for getgrent() */ - - /* Local groups for getgrent() */ - char **local_group_names; - int num_local_group_names; - int local_group_ndx; }; /* State between get{pw,gr}ent() calls */ diff --git a/source3/nsswitch/winbindd_acct.c b/source3/nsswitch/winbindd_acct.c index be3f1405e4..e6496695cb 100644 --- a/source3/nsswitch/winbindd_acct.c +++ b/source3/nsswitch/winbindd_acct.c @@ -174,158 +174,6 @@ static char* passwd2string( const WINBINDD_PW *pw ) return string; } -static void -add_member(const char *domain, const char *user, - char ***members, int *num_members) -{ - fstring name; - - fill_domain_username(name, domain, user); - - *members = Realloc(*members, (*num_members+1) * sizeof(char **)); - - if (members == NULL) { - DEBUG(10, ("Realloc failed\n")); - return; - } - - (*members)[*num_members] = strdup(name); - *num_members += 1; -} - -/********************************************************************** - Add member users resulting from sid. Expand if it is a domain group. -**********************************************************************/ - -static void -add_expanded_sid(DOM_SID *sid, char ***members, int *num_members) -{ - DOM_SID dom_sid; - uint32 rid; - struct winbindd_domain *domain; - int i; - - char *name = NULL; - enum SID_NAME_USE type; - - uint32 num_names; - DOM_SID **sid_mem; - char **names; - uint32 *types; - - NTSTATUS result; - - TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid"); - - if (mem_ctx == NULL) { - DEBUG(1, ("talloc_init failed\n")); - return; - } - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, &rid); - - domain = find_domain_from_sid(&dom_sid); - - if (domain == NULL) { - DEBUG(3, ("Could not find domain for sid %s\n", - sid_string_static(sid))); - goto done; - } - - result = domain->methods->sid_to_name(domain, mem_ctx, sid, - &name, &type); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("sid_to_name failed for sid %s\n", - sid_string_static(sid))); - goto done; - } - - DEBUG(10, ("Found name %s, type %d\n", name, type)); - - if (type == SID_NAME_USER) { - add_member(domain->name, name, members, num_members); - goto done; - } - - if (type != SID_NAME_DOM_GRP) { - DEBUG(10, ("Alias member %s neither user nor group, ignore\n", - name)); - goto done; - } - - /* Expand the domain group */ - - result = domain->methods->lookup_groupmem(domain, mem_ctx, - sid, &num_names, - &sid_mem, &names, - &types); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10, ("Could not lookup group members for %s: %s\n", - name, nt_errstr(result))); - goto done; - } - - for (i=0; i<num_names; i++) { - DEBUG(10, ("Adding group member SID %s\n", - sid_string_static(sid_mem[i]))); - - if (types[i] != SID_NAME_USER) { - DEBUG(1, ("Hmmm. Member %s of group %s is no user. " - "Ignoring.\n", names[i], name)); - continue; - } - - add_member(domain->name, names[i], members, num_members); - } - - done: - talloc_destroy(mem_ctx); - return; -} - -/********************************************************************** - Add alias members. Expand them if they are domain groups. -**********************************************************************/ - -static void -add_expanded_alias_members(gid_t gid, char ***members, int *num_members) -{ - GROUP_MAP map; - DOM_SID *sids = NULL; - int i, num_sids; - - if (!pdb_getgrgid(&map, gid)) { - DEBUG(10, ("No mapping for group %d\n", gid)); - return; - } - - if ( (map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS) ) { - DEBUG(10, ("Group %d is no alias\n", gid)); - return; - } - - if (!pdb_enum_aliasmem(&map.sid, &sids, &num_sids)) { - DEBUG(10, ("Could not enum aliases for group sid %s\n", - sid_string_static(&map.sid))); - return; - } - - for (i=0; i<num_sids; i++) { - DEBUG(10, ("additional SID: %s\n", - sid_string_static(&sids[i]))); - - add_expanded_sid(&sids[i], members, num_members); - } - - SAFE_FREE(sids); - return; -} - - /********************************************************************** Convert a string in /etc/group format to a struct group* entry **********************************************************************/ @@ -388,8 +236,6 @@ static WINBINDD_GR* string2group( char *string ) fstrcpy( grp.gr_name, fields[0] ); fstrcpy( grp.gr_passwd, fields[1] ); grp.gr_gid = atoi( fields[2] ); - - add_expanded_alias_members(grp.gr_gid, &gr_members, &num_gr_members); grp.num_gr_mem = num_gr_members; grp.gr_mem = gr_members; @@ -1373,55 +1219,5 @@ enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state) return ( ret ? WINBINDD_OK : WINBINDD_ERROR ); } -static void add_string_to_array(char *name, char ***names, int *num_names) -{ - *names = Realloc(*names, (*num_names + 1) * sizeof(char **)); - - if (*names == NULL) - return; - - (*names)[*num_names] = name; - *num_names += 1; -} - -/********************************************************************** - List all group names locally defined -**********************************************************************/ - -void wb_list_group_names(char ***names, int *num_names) -{ - TDB_LIST_NODE *nodes, *node; - - if (!winbindd_accountdb_init()) - return; - - nodes = tdb_search_keys(account_tdb, acct_groupkey_byname("*")); - - node = nodes; - - while (node != NULL) { - char *name = (char *)node->node_key.dptr; - - DEBUG(10, ("Found key %s\n", name)); - node = node->next; - /* Skip WBA_GROUP */ - name = strchr(name, '/'); - if (name == NULL) - continue; - name += 1; - - /* Skip NAME */ - name = strchr(name, '/'); - if (name == NULL) - continue; - name += 1; - - DEBUG(10, ("adding %s\n", name)); - - add_string_to_array(strdup(name), names, num_names); - } - - tdb_search_list_free(nodes); -} diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index d09b4ec6f9..4805e628dd 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -423,15 +423,6 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state) free_getent_state(state->getgrent_state); state->getgrent_state = NULL; } - - /* Add our locally defined groups */ - - state->local_group_names = NULL; - state->num_local_group_names = 0; - state->local_group_ndx = 0; - - wb_list_group_names(&state->local_group_names, - &state->num_local_group_names); /* Create sam pipes for each domain we know about */ @@ -480,80 +471,6 @@ enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state) return WINBINDD_OK; } -/* Fetch group entries from local faked database */ - -static BOOL return_local_winbind_groups(struct winbindd_cli_state *state) -{ - WINBINDD_GR *grp; - char *buffer = NULL; - char *name; - int gr_mem_list_len = 0; - struct winbindd_gr *group_list; - struct winbindd_gr *gr; - - if (state->local_group_names == NULL) - return False; - - name = state->local_group_names[state->local_group_ndx]; - grp = wb_getgrnam(name); - - if (grp == NULL) { - DEBUG(3, ("Group %s vanished\n", name)); - - /* Stop that stuff.. */ - state->local_group_ndx = state->num_local_group_names; - - return False; - } - - gr_mem_list_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); - - state->response.extra_data = malloc(sizeof(struct winbindd_gr) + - gr_mem_list_len); - state->response.length += sizeof(struct winbindd_gr) + gr_mem_list_len; - - group_list = (struct winbindd_gr *)state->response.extra_data; - - if (group_list == NULL) { - DEBUG(0, ("Could not malloc group_list\n")); - return False; - } - - gr = &group_list[0]; - - ZERO_STRUCTP(gr); - - gr->gr_gid = grp->gr_gid; - safe_strcpy(gr->gr_name, name, sizeof(gr->gr_name) - 1); - safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1); - gr->num_gr_mem = grp->num_gr_mem; - gr->gr_mem_ofs = 0; - - memcpy(&((char *)state->response.extra_data) - [sizeof(struct winbindd_gr)], - buffer, gr_mem_list_len); - - SAFE_FREE(buffer); - SAFE_FREE(grp->gr_mem); - - state->response.data.num_entries = 1; - - state->local_group_ndx += 1; - - if (state->local_group_ndx >= state->num_local_group_names) { - int i; - - for (i=0; i<state->num_local_group_names; i++) { - free(state->local_group_names[i]); - } - free(state->local_group_names); - state->local_group_names = NULL; - } - - return True; -} - - /* Get the list of domain groups and domain aliases for a domain. We fill in the sam_entries and num_sam_entries fields with domain group information. The dispinfo_ndx field is incremented to the index of the next group to @@ -689,9 +606,6 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) if (!lp_winbind_enum_groups()) return WINBINDD_ERROR; - if (return_local_winbind_groups(state)) - return WINBINDD_OK; - num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries); if ((state->response.extra_data = @@ -982,20 +896,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) return WINBINDD_OK; } -static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) -{ - gid_t gid; - - DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid))); - - if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0))) - add_gid_to_array_unique(gid, gids, num); - - /* Add nested group memberships */ - - add_foreign_gids_from_sid(sid, gids, num); -} - /* Get user supplementary groups. This is much quicker than trying to invert the groups database. We merge the groups from the gids and other_sids info3 fields as trusted domain, universal group @@ -1013,7 +913,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) DOM_SID **user_grpsids; struct winbindd_domain *domain; enum winbindd_result result = WINBINDD_ERROR; - gid_t *gid_list = NULL; + gid_t *gid_list; unsigned int i; TALLOC_CTX *mem_ctx; NET_USER_INFO_3 *info3 = NULL; @@ -1061,8 +961,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; } - add_gids_from_sid(&user_sid, &gid_list, &num_gids); - /* Treat the info3 cache as authoritative as the lookup_usergroups() function may return cached data. */ @@ -1072,6 +970,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) info3->num_groups2, info3->num_other_sids)); num_groups = info3->num_other_sids + info3->num_groups2; + gid_list = calloc(sizeof(gid_t), num_groups); /* Go through each other sid and convert it to a gid */ @@ -1105,11 +1004,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) continue; } - add_gids_from_sid(&info3->other_sids[i].sid, - &gid_list, &num_gids); + /* Map to a gid */ - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) ) + { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&info3->other_sids[i].sid))); + continue; + } + + /* We've jumped through a lot of hoops to get here */ + + DEBUG(10, ("winbindd_getgroups: mapped other sid %s to " + "gid %lu\n", sid_string_static( + &info3->other_sids[i].sid), + (unsigned long)gid_list[num_gids])); + + num_gids++; } for (i = 0; i < info3->num_groups2; i++) { @@ -1119,10 +1030,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) sid_copy( &group_sid, &domain->sid ); sid_append_rid( &group_sid, info3->gids[i].g_rid ); - add_gids_from_sid(&group_sid, &gid_list, &num_gids); + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&group_sid))); + } - if (gid_list == NULL) - goto done; + num_gids++; } SAFE_FREE(info3); @@ -1140,11 +1053,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - add_gids_from_sid(user_grpsids[i], - &gid_list, &num_gids); - - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) { + DEBUG(1, ("unable to convert group sid %s to gid\n", + sid_string_static(user_grpsids[i]))); + continue; + } + num_gids++; } } |