summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd.h5
-rw-r--r--source3/nsswitch/winbindd_acct.c204
-rw-r--r--source3/nsswitch/winbindd_group.c144
3 files changed, 29 insertions, 324 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index cece2b40de..0087d58195 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -48,11 +48,6 @@ struct winbindd_cli_state {
struct winbindd_response response; /* Respose to client */
struct getent_state *getpwent_state; /* State for getpwent() */
struct getent_state *getgrent_state; /* State for getgrent() */
-
- /* Local groups for getgrent() */
- char **local_group_names;
- int num_local_group_names;
- int local_group_ndx;
};
/* State between get{pw,gr}ent() calls */
diff --git a/source3/nsswitch/winbindd_acct.c b/source3/nsswitch/winbindd_acct.c
index be3f1405e4..e6496695cb 100644
--- a/source3/nsswitch/winbindd_acct.c
+++ b/source3/nsswitch/winbindd_acct.c
@@ -174,158 +174,6 @@ static char* passwd2string( const WINBINDD_PW *pw )
return string;
}
-static void
-add_member(const char *domain, const char *user,
- char ***members, int *num_members)
-{
- fstring name;
-
- fill_domain_username(name, domain, user);
-
- *members = Realloc(*members, (*num_members+1) * sizeof(char **));
-
- if (members == NULL) {
- DEBUG(10, ("Realloc failed\n"));
- return;
- }
-
- (*members)[*num_members] = strdup(name);
- *num_members += 1;
-}
-
-/**********************************************************************
- Add member users resulting from sid. Expand if it is a domain group.
-**********************************************************************/
-
-static void
-add_expanded_sid(DOM_SID *sid, char ***members, int *num_members)
-{
- DOM_SID dom_sid;
- uint32 rid;
- struct winbindd_domain *domain;
- int i;
-
- char *name = NULL;
- enum SID_NAME_USE type;
-
- uint32 num_names;
- DOM_SID **sid_mem;
- char **names;
- uint32 *types;
-
- NTSTATUS result;
-
- TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid");
-
- if (mem_ctx == NULL) {
- DEBUG(1, ("talloc_init failed\n"));
- return;
- }
-
- sid_copy(&dom_sid, sid);
- sid_split_rid(&dom_sid, &rid);
-
- domain = find_domain_from_sid(&dom_sid);
-
- if (domain == NULL) {
- DEBUG(3, ("Could not find domain for sid %s\n",
- sid_string_static(sid)));
- goto done;
- }
-
- result = domain->methods->sid_to_name(domain, mem_ctx, sid,
- &name, &type);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3, ("sid_to_name failed for sid %s\n",
- sid_string_static(sid)));
- goto done;
- }
-
- DEBUG(10, ("Found name %s, type %d\n", name, type));
-
- if (type == SID_NAME_USER) {
- add_member(domain->name, name, members, num_members);
- goto done;
- }
-
- if (type != SID_NAME_DOM_GRP) {
- DEBUG(10, ("Alias member %s neither user nor group, ignore\n",
- name));
- goto done;
- }
-
- /* Expand the domain group */
-
- result = domain->methods->lookup_groupmem(domain, mem_ctx,
- sid, &num_names,
- &sid_mem, &names,
- &types);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10, ("Could not lookup group members for %s: %s\n",
- name, nt_errstr(result)));
- goto done;
- }
-
- for (i=0; i<num_names; i++) {
- DEBUG(10, ("Adding group member SID %s\n",
- sid_string_static(sid_mem[i])));
-
- if (types[i] != SID_NAME_USER) {
- DEBUG(1, ("Hmmm. Member %s of group %s is no user. "
- "Ignoring.\n", names[i], name));
- continue;
- }
-
- add_member(domain->name, names[i], members, num_members);
- }
-
- done:
- talloc_destroy(mem_ctx);
- return;
-}
-
-/**********************************************************************
- Add alias members. Expand them if they are domain groups.
-**********************************************************************/
-
-static void
-add_expanded_alias_members(gid_t gid, char ***members, int *num_members)
-{
- GROUP_MAP map;
- DOM_SID *sids = NULL;
- int i, num_sids;
-
- if (!pdb_getgrgid(&map, gid)) {
- DEBUG(10, ("No mapping for group %d\n", gid));
- return;
- }
-
- if ( (map.sid_name_use != SID_NAME_WKN_GRP) &&
- (map.sid_name_use != SID_NAME_ALIAS) ) {
- DEBUG(10, ("Group %d is no alias\n", gid));
- return;
- }
-
- if (!pdb_enum_aliasmem(&map.sid, &sids, &num_sids)) {
- DEBUG(10, ("Could not enum aliases for group sid %s\n",
- sid_string_static(&map.sid)));
- return;
- }
-
- for (i=0; i<num_sids; i++) {
- DEBUG(10, ("additional SID: %s\n",
- sid_string_static(&sids[i])));
-
- add_expanded_sid(&sids[i], members, num_members);
- }
-
- SAFE_FREE(sids);
- return;
-}
-
-
/**********************************************************************
Convert a string in /etc/group format to a struct group* entry
**********************************************************************/
@@ -388,8 +236,6 @@ static WINBINDD_GR* string2group( char *string )
fstrcpy( grp.gr_name, fields[0] );
fstrcpy( grp.gr_passwd, fields[1] );
grp.gr_gid = atoi( fields[2] );
-
- add_expanded_alias_members(grp.gr_gid, &gr_members, &num_gr_members);
grp.num_gr_mem = num_gr_members;
grp.gr_mem = gr_members;
@@ -1373,55 +1219,5 @@ enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state)
return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
}
-static void add_string_to_array(char *name, char ***names, int *num_names)
-{
- *names = Realloc(*names, (*num_names + 1) * sizeof(char **));
-
- if (*names == NULL)
- return;
-
- (*names)[*num_names] = name;
- *num_names += 1;
-}
-
-/**********************************************************************
- List all group names locally defined
-**********************************************************************/
-
-void wb_list_group_names(char ***names, int *num_names)
-{
- TDB_LIST_NODE *nodes, *node;
-
- if (!winbindd_accountdb_init())
- return;
-
- nodes = tdb_search_keys(account_tdb, acct_groupkey_byname("*"));
-
- node = nodes;
-
- while (node != NULL) {
- char *name = (char *)node->node_key.dptr;
-
- DEBUG(10, ("Found key %s\n", name));
- node = node->next;
- /* Skip WBA_GROUP */
- name = strchr(name, '/');
- if (name == NULL)
- continue;
- name += 1;
-
- /* Skip NAME */
- name = strchr(name, '/');
- if (name == NULL)
- continue;
- name += 1;
-
- DEBUG(10, ("adding %s\n", name));
-
- add_string_to_array(strdup(name), names, num_names);
- }
-
- tdb_search_list_free(nodes);
-}
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index d09b4ec6f9..4805e628dd 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -423,15 +423,6 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state)
free_getent_state(state->getgrent_state);
state->getgrent_state = NULL;
}
-
- /* Add our locally defined groups */
-
- state->local_group_names = NULL;
- state->num_local_group_names = 0;
- state->local_group_ndx = 0;
-
- wb_list_group_names(&state->local_group_names,
- &state->num_local_group_names);
/* Create sam pipes for each domain we know about */
@@ -480,80 +471,6 @@ enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
-/* Fetch group entries from local faked database */
-
-static BOOL return_local_winbind_groups(struct winbindd_cli_state *state)
-{
- WINBINDD_GR *grp;
- char *buffer = NULL;
- char *name;
- int gr_mem_list_len = 0;
- struct winbindd_gr *group_list;
- struct winbindd_gr *gr;
-
- if (state->local_group_names == NULL)
- return False;
-
- name = state->local_group_names[state->local_group_ndx];
- grp = wb_getgrnam(name);
-
- if (grp == NULL) {
- DEBUG(3, ("Group %s vanished\n", name));
-
- /* Stop that stuff.. */
- state->local_group_ndx = state->num_local_group_names;
-
- return False;
- }
-
- gr_mem_list_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem );
-
- state->response.extra_data = malloc(sizeof(struct winbindd_gr) +
- gr_mem_list_len);
- state->response.length += sizeof(struct winbindd_gr) + gr_mem_list_len;
-
- group_list = (struct winbindd_gr *)state->response.extra_data;
-
- if (group_list == NULL) {
- DEBUG(0, ("Could not malloc group_list\n"));
- return False;
- }
-
- gr = &group_list[0];
-
- ZERO_STRUCTP(gr);
-
- gr->gr_gid = grp->gr_gid;
- safe_strcpy(gr->gr_name, name, sizeof(gr->gr_name) - 1);
- safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
- gr->num_gr_mem = grp->num_gr_mem;
- gr->gr_mem_ofs = 0;
-
- memcpy(&((char *)state->response.extra_data)
- [sizeof(struct winbindd_gr)],
- buffer, gr_mem_list_len);
-
- SAFE_FREE(buffer);
- SAFE_FREE(grp->gr_mem);
-
- state->response.data.num_entries = 1;
-
- state->local_group_ndx += 1;
-
- if (state->local_group_ndx >= state->num_local_group_names) {
- int i;
-
- for (i=0; i<state->num_local_group_names; i++) {
- free(state->local_group_names[i]);
- }
- free(state->local_group_names);
- state->local_group_names = NULL;
- }
-
- return True;
-}
-
-
/* Get the list of domain groups and domain aliases for a domain. We fill in
the sam_entries and num_sam_entries fields with domain group information.
The dispinfo_ndx field is incremented to the index of the next group to
@@ -689,9 +606,6 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
if (!lp_winbind_enum_groups())
return WINBINDD_ERROR;
- if (return_local_winbind_groups(state))
- return WINBINDD_OK;
-
num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
if ((state->response.extra_data =
@@ -982,20 +896,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
-static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
-{
- gid_t gid;
-
- DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid)));
-
- if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
-
- /* Add nested group memberships */
-
- add_foreign_gids_from_sid(sid, gids, num);
-}
-
/* Get user supplementary groups. This is much quicker than trying to
invert the groups database. We merge the groups from the gids and
other_sids info3 fields as trusted domain, universal group
@@ -1013,7 +913,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
DOM_SID **user_grpsids;
struct winbindd_domain *domain;
enum winbindd_result result = WINBINDD_ERROR;
- gid_t *gid_list = NULL;
+ gid_t *gid_list;
unsigned int i;
TALLOC_CTX *mem_ctx;
NET_USER_INFO_3 *info3 = NULL;
@@ -1061,8 +961,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
}
- add_gids_from_sid(&user_sid, &gid_list, &num_gids);
-
/* Treat the info3 cache as authoritative as the
lookup_usergroups() function may return cached data. */
@@ -1072,6 +970,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
info3->num_groups2, info3->num_other_sids));
num_groups = info3->num_other_sids + info3->num_groups2;
+ gid_list = calloc(sizeof(gid_t), num_groups);
/* Go through each other sid and convert it to a gid */
@@ -1105,11 +1004,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
continue;
}
- add_gids_from_sid(&info3->other_sids[i].sid,
- &gid_list, &num_gids);
+ /* Map to a gid */
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) )
+ {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ continue;
+ }
+
+ /* We've jumped through a lot of hoops to get here */
+
+ DEBUG(10, ("winbindd_getgroups: mapped other sid %s to "
+ "gid %lu\n", sid_string_static(
+ &info3->other_sids[i].sid),
+ (unsigned long)gid_list[num_gids]));
+
+ num_gids++;
}
for (i = 0; i < info3->num_groups2; i++) {
@@ -1119,10 +1030,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
sid_copy( &group_sid, &domain->sid );
sid_append_rid( &group_sid, info3->gids[i].g_rid );
- add_gids_from_sid(&group_sid, &gid_list, &num_gids);
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&group_sid)));
+ }
- if (gid_list == NULL)
- goto done;
+ num_gids++;
}
SAFE_FREE(info3);
@@ -1140,11 +1053,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
for (i = 0; i < num_groups; i++) {
- add_gids_from_sid(user_grpsids[i],
- &gid_list, &num_gids);
-
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) {
+ DEBUG(1, ("unable to convert group sid %s to gid\n",
+ sid_string_static(user_grpsids[i])));
+ continue;
+ }
+ num_gids++;
}
}