summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2003-05-03 01:29:18 +0000
committerSimo Sorce <idra@samba.org>2003-05-03 01:29:18 +0000
commit8b232cbb3e44179bb48fe000c9236678f65b8c25 (patch)
treeaf1ac36d3cfd9ef5eeb3548ae1afdc6a09762d44 /source3/nsswitch
parent8caaebf56e02c0c4754e79145819c89b66b552cc (diff)
downloadsamba-8b232cbb3e44179bb48fe000c9236678f65b8c25.tar.gz
samba-8b232cbb3e44179bb48fe000c9236678f65b8c25.tar.bz2
samba-8b232cbb3e44179bb48fe000c9236678f65b8c25.zip
fixes to *_util.c files
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cache.c7
-rw-r--r--source3/nsswitch/winbindd_passdb.c360
2 files changed, 366 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 5eabcfca20..27e168b6f9 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -100,7 +100,12 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
ret = smb_xmalloc(sizeof(*ret));
ZERO_STRUCTP(ret);
- switch (lp_security()) {
+
+ if (!strcmp(domain->name, lp_workgroup()) && (lp_security() == SEC_USER)) {
+ extern struct winbindd_methods passdb_methods;
+ ret->backend = &passdb_methods;
+
+ } else switch (lp_security()) {
#ifdef HAVE_ADS
case SEC_ADS: {
extern struct winbindd_methods ads_methods;
diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c
new file mode 100644
index 0000000000..503b97899c
--- /dev/null
+++ b/source3/nsswitch/winbindd_passdb.c
@@ -0,0 +1,360 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind rpc backend functions
+
+ Copyright (C) Tim Potter 2000-2001,2003
+ Copyright (C) Simo Sorce 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_WINBIND
+
+
+/* Query display info for a domain. This returns enough information plus a
+ bit extra to give an overview of domain users for the User Manager
+ application. */
+static NTSTATUS query_user_list(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_entries,
+ WINBIND_USERINFO **info)
+{
+ SAM_ACCOUNT *sam_account = NULL;
+ NTSTATUS result;
+ uint32 i;
+
+ DEBUG(3,("pdb: query_user_list\n"));
+
+ if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
+ return result;
+ }
+
+ i = 0;
+ *info = NULL;
+
+ if (pdb_setsampwent(False)) {
+
+ while (pdb_getsampwent(sam_account)) {
+
+ /* we return only nua accounts, or we will have duplicates */
+ if (!idmap_check_sid_is_in_free_range(pdb_get_user_sid(sam_account))) {
+ continue;
+ }
+
+ *info = talloc_realloc(mem_ctx, *info, (i + 1) * sizeof(WINBIND_USERINFO));
+ if (!(*info)) {
+ DEBUG(0,("query_user_list: out of memory!\n"));
+ result = NT_STATUS_NO_MEMORY;
+ break;
+ }
+
+ (*info)[i].user_sid = talloc(mem_ctx, sizeof(DOM_SID));
+ (*info)[i].group_sid = talloc(mem_ctx, sizeof(DOM_SID));
+ if (!((*info)[i].user_sid) || !((*info)[i].group_sid)) {
+ DEBUG(0,("query_user_list: out of memory!\n"));
+ result = NT_STATUS_NO_MEMORY;
+ break;
+ }
+ sid_copy((*info)[i].user_sid, pdb_get_user_sid(sam_account));
+ sid_copy((*info)[i].group_sid, pdb_get_group_sid(sam_account));
+
+ (*info)[i].acct_name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
+ (*info)[i].full_name = talloc_strdup(mem_ctx, pdb_get_fullname(sam_account));
+ if (!((*info)[i].acct_name) || !((*info)[i].full_name)) {
+ DEBUG(0,("query_user_list: out of memory!\n"));
+ result = NT_STATUS_NO_MEMORY;
+ break;
+ }
+
+ i++;
+
+ if (NT_STATUS_IS_ERR(pdb_reset_sam(sam_account))) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ break;
+ }
+ }
+
+ *num_entries = i;
+ result = NT_STATUS_OK;
+
+ } else {
+ result = NT_STATUS_UNSUCCESSFUL;
+ }
+
+ pdb_free_sam(&sam_account);
+ return result;
+}
+
+/* list all domain groups */
+static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_entries,
+ struct acct_info **info)
+{
+ NTSTATUS result = NT_STATUS_OK;
+
+ DEBUG(3,("pdb: enum_dom_groups (group support not implemented)\n"));
+
+ *num_entries = 0;
+ *info = 0;
+
+ return result;
+}
+
+/* List all domain groups */
+
+static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_entries,
+ struct acct_info **info)
+{
+ NTSTATUS result = NT_STATUS_OK;
+
+ DEBUG(3,("pdb: enum_local_groups (group support not implemented)\n"));
+
+ *num_entries = 0;
+ *info = 0;
+
+ return result;
+}
+
+/* convert a single name to a sid in a domain */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const char *name,
+ DOM_SID *sid,
+ enum SID_NAME_USE *type)
+{
+ SAM_ACCOUNT *sam_account = NULL;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ DEBUG(3,("pdb: name_to_sid name=%s (group support not implemented)\n", name));
+
+ if (NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
+ if (!pdb_getsampwnam(sam_account, name)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ } else { /* it is a sam user */
+ sid_copy(sid, pdb_get_user_sid(sam_account));
+ *type = SID_NAME_USER;
+ result = NT_STATUS_OK;
+ }
+ }
+
+ pdb_free_sam(&sam_account);
+ return result;
+}
+
+/*
+ convert a domain SID to a user or group name
+*/
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ DOM_SID *sid,
+ char **name,
+ enum SID_NAME_USE *type)
+{
+ SAM_ACCOUNT *sam_account = NULL;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 id;
+
+ DEBUG(3,("pdb: sid_to_name sid=%s\n", sid_string_static(sid)));
+
+ if (NT_STATUS_IS_OK(sid_to_uid(sid, &id))) { /* this is a user */
+
+ if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
+ return result;
+ }
+
+ if (!pdb_getsampwsid(sam_account, sid)) {
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
+ if (!(*name)) {
+ DEBUG(0,("query_user: out of memory!\n"));
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pdb_free_sam(&sam_account);
+ *type = SID_NAME_USER;
+ result = NT_STATUS_OK;
+
+ } else if (NT_STATUS_IS_OK(sid_to_gid(sid, &id))) { /* this is a group */
+
+ DEBUG(3,("pdb: sid_to_name: group support not implemented\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return result;
+}
+
+/* Lookup user information from a rid or username. */
+static NTSTATUS query_user(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ DOM_SID *user_sid,
+ WINBIND_USERINFO *user_info)
+{
+ SAM_ACCOUNT *sam_account = NULL;
+ NTSTATUS result;
+
+ DEBUG(3,("pdb: query_user sid=%s\n", sid_string_static(user_sid)));
+
+ if (NT_STATUS_IS_ERR(result = pdb_init_sam(&sam_account))) {
+ return result;
+ }
+
+ if (!pdb_getsampwsid(sam_account, user_sid)) {
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* we return only nua accounts, or we will have duplicates */
+ if (!idmap_check_sid_is_in_free_range(user_sid)) {
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ user_info->user_sid = talloc(mem_ctx, sizeof(DOM_SID));
+ user_info->group_sid = talloc(mem_ctx, sizeof(DOM_SID));
+ if (!(user_info->user_sid) || !(user_info->group_sid)) {
+ DEBUG(0,("query_user: out of memory!\n"));
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_NO_MEMORY;
+ }
+ sid_copy(user_info->user_sid, pdb_get_user_sid(sam_account));
+ sid_copy(user_info->group_sid, pdb_get_group_sid(sam_account));
+
+ user_info->acct_name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
+ user_info->full_name = talloc_strdup(mem_ctx, pdb_get_fullname(sam_account));
+ if (!(user_info->acct_name) || !(user_info->full_name)) {
+ DEBUG(0,("query_user: out of memory!\n"));
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_OK;
+}
+
+/* Lookup groups a user is a member of. I wish Unix had a call like this! */
+static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ DOM_SID *user_sid,
+ uint32 *num_groups, DOM_SID ***user_gids)
+{
+ NTSTATUS result = NT_STATUS_OK;
+
+ DEBUG(3,("pdb: lookup_usergroups (group support not implemented)\n"));
+
+ num_groups = 0;
+ user_gids = 0;
+
+ return result;
+}
+
+
+/* Lookup group membership given a rid. */
+static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ DOM_SID *group_sid, uint32 *num_names,
+ DOM_SID ***sid_mem, char ***names,
+ uint32 **name_types)
+{
+ NTSTATUS result = NT_STATUS_NOT_IMPLEMENTED;
+
+ DEBUG(3,("pdb: lookup_groupmem (group support not implemented)\n"));
+
+ num_names = 0;
+ sid_mem = 0;
+ names = 0;
+ name_types = 0;
+
+ return result;
+}
+
+/* find the sequence number for a domain */
+static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
+{
+ /* FIXME: we fake up the seq_num untill our passdb support it */
+ static uint32 seq_num;
+
+ DEBUG(3,("pdb: sequence_number\n"));
+
+ *seq = seq_num++;
+
+ return NT_STATUS_OK;
+}
+
+/* get a list of trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_domains,
+ char ***names,
+ char ***alt_names,
+ DOM_SID **dom_sids)
+{
+ NTSTATUS result = NT_STATUS_NOT_IMPLEMENTED;
+
+ DEBUG(3,("pdb: trusted_domains (todo!)\n"));
+
+ return result;
+}
+
+/* find the domain sid for a domain */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+ DEBUG(3,("pdb: domain_sid\n"));
+
+ if (strcmp(domain->name, lp_workgroup())) {
+ return NT_STATUS_INVALID_PARAMETER;
+ } else {
+ sid_copy(sid, get_global_sam_sid());
+ return NT_STATUS_OK;
+ }
+}
+
+/* find alternate names list for the domain
+ * should we look for netbios aliases??
+ SSS */
+static NTSTATUS alternate_name(struct winbindd_domain *domain)
+{
+ DEBUG(3,("pdb: alternate_name\n"));
+
+ return NT_STATUS_OK;
+}
+
+
+/* the rpc backend methods are exposed via this structure */
+struct winbindd_methods passdb_methods = {
+ False,
+ query_user_list,
+ enum_dom_groups,
+ enum_local_groups,
+ name_to_sid,
+ sid_to_name,
+ query_user,
+ lookup_usergroups,
+ lookup_groupmem,
+ sequence_number,
+ trusted_domains,
+ domain_sid,
+ alternate_name
+};