diff options
| -rw-r--r-- | source3/Makefile.in | 3 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 32 | ||||
| -rw-r--r-- | source3/groupdb/mapping.c | 38 | ||||
| -rw-r--r-- | source3/nsswitch/wb_client.c | 299 | ||||
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 211 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 9 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_acct.c | 1223 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 66 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_user.c | 21 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 4 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 20 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 8 |
12 files changed, 6 insertions, 1928 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index a0e297a1a1..f039690b05 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -661,8 +661,7 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_rpc.o \ nsswitch/winbindd_ads.o \ nsswitch/winbindd_passdb.o \ - nsswitch/winbindd_dual.o \ - nsswitch/winbindd_acct.o + nsswitch/winbindd_dual.o WINBINDD_OBJ = \ $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 30933c6c93..79205f1206 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -51,34 +51,6 @@ static int smb_create_user(const char *domain, const char *unix_username, const } /**************************************************************************** - Add and Delete UNIX users on demand, based on NTSTATUS codes. - We don't care about RID's here so ignore. -****************************************************************************/ - -void auth_add_user_script(const char *domain, const char *username) -{ - /* - * User validated ok against Domain controller. - * If the admin wants us to try and create a UNIX - * user on the fly, do so. - */ - - if ( *lp_adduser_script() ) - smb_create_user(domain, username, NULL); - else { - DEBUG(10,("auth_add_user_script: no 'add user script'. Asking winbindd\n")); - - /* should never get here is we a re a domain member running winbindd - However, a host set for 'security = server' might run winbindd for - account allocation */ - - if ( !winbind_create_user(username, NULL) ) { - DEBUG(5,("auth_add_user_script: winbindd_create_user() failed\n")); - } - } -} - -/**************************************************************************** Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from unix info. ****************************************************************************/ @@ -1092,7 +1064,7 @@ struct passwd *smb_getpwnam( char *domuser, fstring save_username, BOOL create ) if (username[strlen(username)-1] == '$') return NULL; - auth_add_user_script(NULL, username); + smb_create_user(NULL, username, NULL); pw = Get_Pwnam(username); } @@ -1181,7 +1153,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { DEBUG(3,("User %s does not exist, trying to add it\n", internal_username)); - auth_add_user_script( nt_domain, sent_nt_username ); + smb_create_user( nt_domain, sent_nt_username, NULL); nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username, &found_username, &uid, &gid, &sam_account ); } diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7c032ef93d..a30e8eed78 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -988,12 +988,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid) close(fd); } - } else if ( winbind_create_group( unix_group, NULL ) ) { - - DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", - unix_group)); - ret = 0; - } + } if (*new_gid == 0) { struct group *grp = getgrnam(unix_group); @@ -1024,12 +1019,6 @@ int smb_delete_group(char *unix_group) return ret; } - if ( winbind_delete_group( unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n", - unix_group)); - return 0; - } - return -1; } @@ -1054,15 +1043,6 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_set_user_primary_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n", - unix_group, unix_user)); - flush_pwnam_cache(); - return 0; - } - return -1; } @@ -1086,14 +1066,6 @@ int smb_add_user_group(char *unix_group, char *unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_add_user_to_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n", - unix_user, unix_group)); - return -1; - } - return -1; } @@ -1117,14 +1089,6 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_remove_user_from_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n", - unix_user, unix_group)); - return 0; - } - return -1; } diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 5e08c0853e..6b184b568b 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -394,303 +394,4 @@ BOOL winbind_ping( void ) return result == NSS_STATUS_SUCCESS; } -/********************************************************************** - Ask winbindd to create a local user -**********************************************************************/ - -BOOL winbind_create_user( const char *name, uint32 *rid ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !name ) - return False; - - DEBUG(10,("winbind_create_user: %s\n", name)); - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* see if the caller wants a new RID returned */ - - if ( rid ) - request.flags = WBFLAG_ALLOCATE_RID; - - fstrcpy( request.data.acct_mgt.username, name ); - fstrcpy( request.data.acct_mgt.groupname, "" ); - - result = winbindd_request( WINBINDD_CREATE_USER, &request, &response); - - if ( rid ) - *rid = response.data.rid; - - return result == NSS_STATUS_SUCCESS; -} - -/********************************************************************** - Ask winbindd to create a local group -**********************************************************************/ - -BOOL winbind_create_group( const char *name, uint32 *rid ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !name ) - return False; - - DEBUG(10,("winbind_create_group: %s\n", name)); - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* see if the caller wants a new RID returned */ - - if ( rid ) - request.flags = WBFLAG_ALLOCATE_RID; - - fstrcpy( request.data.acct_mgt.groupname, name ); - - - result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response); - - if ( rid ) - *rid = response.data.rid; - - return result == NSS_STATUS_SUCCESS; -} - -/********************************************************************** - Ask winbindd to add a user to a local group -**********************************************************************/ - -BOOL winbind_add_user_to_group( const char *user, const char *group ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !user || !group ) - return False; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n", - user, group)); - - fstrcpy( request.data.acct_mgt.username, user ); - fstrcpy( request.data.acct_mgt.groupname, group ); - - result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/********************************************************************** - Ask winbindd to remove a user to a local group -**********************************************************************/ - -BOOL winbind_remove_user_from_group( const char *user, const char *group ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !user || !group ) - return False; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n", - user, group)); - - ZERO_STRUCT(response); - - fstrcpy( request.data.acct_mgt.username, user ); - fstrcpy( request.data.acct_mgt.groupname, group ); - - result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/********************************************************************** - Ask winbindd to set the primary group for a user local user -**********************************************************************/ - -BOOL winbind_set_user_primary_group( const char *user, const char *group ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !user || !group ) - return False; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n", - user, group)); - - fstrcpy( request.data.acct_mgt.username, user ); - fstrcpy( request.data.acct_mgt.groupname, group ); - - result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - - -/********************************************************************** - Ask winbindd to remove a user from its lists of accounts -**********************************************************************/ - -BOOL winbind_delete_user( const char *user ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !user ) - return False; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - DEBUG(10,("winbind_delete_user: user (%s)\n", user)); - - fstrcpy( request.data.acct_mgt.username, user ); - - result = winbindd_request( WINBINDD_DELETE_USER, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/********************************************************************** - Ask winbindd to remove a group from its lists of accounts -**********************************************************************/ - -BOOL winbind_delete_group( const char *group ) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - if ( !lp_winbind_enable_local_accounts() ) - return False; - - if ( !group ) - return False; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - DEBUG(10,("winbind_delete_group: group (%s)\n", group)); - - fstrcpy( request.data.acct_mgt.groupname, group ); - - result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/***********************************************************************/ -#if 0 /* not needed currently since winbindd_acct was added -- jerry */ - -/* Call winbindd to convert SID to uid. Do not allocate */ - -BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - fstring sid_str; - - if (!puid) - return False; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - sid_to_string(sid_str, sid); - fstrcpy(request.data.sid, sid_str); - - request.flags = WBFLAG_QUERY_ONLY; - - /* Make request */ - - result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response); - - /* Copy out result */ - - if (result == NSS_STATUS_SUCCESS) { - *puid = response.data.uid; - } - - return (result == NSS_STATUS_SUCCESS); -} - -/* Call winbindd to convert SID to gid. Do not allocate */ - -BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - fstring sid_str; - - if (!pgid) - return False; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - sid_to_string(sid_str, sid); - fstrcpy(request.data.sid, sid_str); - - request.flags = WBFLAG_QUERY_ONLY; - - /* Make request */ - - result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response); - - /* Copy out result */ - - if (result == NSS_STATUS_SUCCESS) { - *pgid = response.data.gid; - } - - return (result == NSS_STATUS_SUCCESS); -} - -#endif /* JERRY */ - -/***********************************************************************/ diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 69f464f446..baa35d7cfb 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -697,175 +697,6 @@ static BOOL wbinfo_klog(char *username) return True; } -/****************************************************************** - create a winbindd user -******************************************************************/ - -static BOOL wbinfo_create_user(char *username) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - request.flags = WBFLAG_ALLOCATE_RID; - fstrcpy(request.data.acct_mgt.username, username); - - result = winbindd_request(WINBINDD_CREATE_USER, &request, &response); - - if ( result == NSS_STATUS_SUCCESS ) - d_printf("New RID is %d\n", response.data.rid); - - return result == NSS_STATUS_SUCCESS; -} - -/****************************************************************** - remove a winbindd user -******************************************************************/ - -static BOOL wbinfo_delete_user(char *username) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - fstrcpy(request.data.acct_mgt.username, username); - - result = winbindd_request(WINBINDD_DELETE_USER, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/****************************************************************** - create a winbindd group -******************************************************************/ - -static BOOL wbinfo_create_group(char *groupname) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - fstrcpy(request.data.acct_mgt.groupname, groupname); - - result = winbindd_request(WINBINDD_CREATE_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/****************************************************************** - remove a winbindd group -******************************************************************/ - -static BOOL wbinfo_delete_group(char *groupname) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - fstrcpy(request.data.acct_mgt.groupname, groupname); - - result = winbindd_request(WINBINDD_DELETE_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/****************************************************************** - parse a string in the form user:group -******************************************************************/ - -static BOOL parse_user_group( const char *string, fstring user, fstring group ) -{ - char *p; - - if ( !string ) - return False; - - if ( !(p = strchr( string, ':' )) ) - return False; - - *p = '\0'; - p++; - - fstrcpy( user, string ); - fstrcpy( group, p ); - - return True; -} - -/****************************************************************** - add a user to a winbindd group -******************************************************************/ - -static BOOL wbinfo_add_user_to_group(char *string) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - if ( !parse_user_group( string, request.data.acct_mgt.username, - request.data.acct_mgt.groupname)) - { - d_printf("Can't parse user:group from %s\n", string); - return False; - } - - result = winbindd_request(WINBINDD_ADD_USER_TO_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - -/****************************************************************** - remove a user from a winbindd group -******************************************************************/ - -static BOOL wbinfo_remove_user_from_group(char *string) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - if ( !parse_user_group( string, request.data.acct_mgt.username, - request.data.acct_mgt.groupname)) - { - d_printf("Can't parse user:group from %s\n", string); - return False; - } - - result = winbindd_request(WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response); - - return result == NSS_STATUS_SUCCESS; -} - /* Print domain users */ static BOOL print_domain_users(const char *domain) @@ -1088,12 +919,6 @@ int main(int argc, char **argv) { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, - { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" }, - { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" }, - { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" }, - { "delete-group", 'X', POPT_ARG_STRING, &string_arg, 'X', "Delete a local group", "name" }, - { "add-to-group", 'o', POPT_ARG_STRING, &string_arg, 'o', "Add user to group", "user:group" }, - { "del-from-group", 'O', POPT_ARG_STRING, &string_arg, 'O', "Remove user from group", "user:group" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" }, @@ -1279,42 +1104,6 @@ int main(int argc, char **argv) goto done; } break; - case 'c': - if ( !wbinfo_create_user(string_arg) ) { - d_printf("Could not create user account\n"); - goto done; - } - break; - case 'C': - if ( !wbinfo_create_group(string_arg) ) { - d_printf("Could not create group\n"); - goto done; - } - break; - case 'o': - if ( !wbinfo_add_user_to_group(string_arg) ) { - d_printf("Could not add user to group\n"); - goto done; - } - break; - case 'O': - if ( !wbinfo_remove_user_from_group(string_arg) ) { - d_printf("Could not remove user from group\n"); - goto done; - } - break; - case 'x': - if ( !wbinfo_delete_user(string_arg) ) { - d_printf("Could not delete user account\n"); - goto done; - } - break; - case 'X': - if ( !wbinfo_delete_group(string_arg) ) { - d_printf("Could not delete group\n"); - goto done; - } - break; case 'p': if (!wbinfo_ping()) { d_printf("could not ping winbindd!\n"); diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 6840dd9187..81dbf327fc 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -286,15 +286,6 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" }, { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" }, - /* UNIX account management functions */ - { WINBINDD_CREATE_USER, winbindd_create_user, "CREATE_USER" }, - { WINBINDD_CREATE_GROUP, winbindd_create_group, "CREATE_GROUP" }, - { WINBINDD_ADD_USER_TO_GROUP, winbindd_add_user_to_group, "ADD_USER_TO_GROUP" }, - { WINBINDD_REMOVE_USER_FROM_GROUP, winbindd_remove_user_from_group,"REMOVE_USER_FROM_GROUP"}, - { WINBINDD_SET_USER_PRIMARY_GROUP, winbindd_set_user_primary_group,"SET_USER_PRIMARY_GROUP"}, - { WINBINDD_DELETE_USER, winbindd_delete_user, "DELETE_USER" }, - { WINBINDD_DELETE_GROUP, winbindd_delete_group, "DELETE_GROUP" }, - /* End of list */ { WINBINDD_NUM_CMDS, NULL, "NONE" } diff --git a/source3/nsswitch/winbindd_acct.c b/source3/nsswitch/winbindd_acct.c deleted file mode 100644 index cd0b5b7e06..0000000000 --- a/source3/nsswitch/winbindd_acct.c +++ /dev/null @@ -1,1223 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind account management functions - - Copyright (C) by Gerald (Jerry) Carter 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -#define WBKEY_PASSWD "WBA_PASSWD" -#define WBKEY_GROUP "WBA_GROUP" - -#define NUM_PW_FIELDS 7 -#define NUM_GRP_FIELDS 4 - -/* Globals */ - -static TDB_CONTEXT *account_tdb; - -extern userdom_struct current_user_info; - -struct _check_primary_grp { - gid_t gid; - BOOL found; -}; - -/********************************************************************** -**********************************************************************/ - -static void free_winbindd_gr( WINBINDD_GR *grp ) -{ - int i; - - if ( !grp ) - return; - - for ( i=0; i<grp->num_gr_mem; i++ ) - SAFE_FREE( grp->gr_mem[i] ); - - SAFE_FREE( grp->gr_mem ); - - return; -} - -/***************************************************************************** - Initialise auto-account database. -*****************************************************************************/ - -static BOOL winbindd_accountdb_init(void) -{ - /* see if we've already opened the tdb */ - - if ( account_tdb ) - return True; - - /* winbindd_idmap.tdb should always be opened by the idmap_init() - code first */ - - if ( !(account_tdb = idmap_tdb_handle()) ) { - DEBUG(0, ("winbindd_accountdb_init: Unable to retreive handle for database\n")); - return False; - } - - /* yeah! */ - - return True; -} - -/********************************************************************** - Convert a string in /etc/passwd format to a struct passwd* entry -**********************************************************************/ - -static WINBINDD_PW* string2passwd( char *string ) -{ - static WINBINDD_PW pw; - char *p, *str; - char *fields[NUM_PW_FIELDS]; - int i; - - if ( !string ) - return NULL; - - ZERO_STRUCTP( &pw ); - - DEBUG(10,("string2passwd: converting \"%s\"\n", string)); - - ZERO_STRUCT( fields ); - - for ( i=0, str=string; i<NUM_PW_FIELDS-1; i++ ) { - if ( !(p = strchr( str, ':' )) ) { - DEBUG(0,("string2passwd: parsing failure\n")); - return NULL; - } - *p = '\0'; - if ( str ) - fields[i] = str; - str = p + 1; - } - if ( str ) - fields[i] = str; - - /* copy fields */ - - fstrcpy( pw.pw_name, fields[0] ); - fstrcpy( pw.pw_passwd, fields[1] ); - pw.pw_uid = atoi( fields[2] ); - pw.pw_gid = atoi( fields[3] ); - fstrcpy( pw.pw_gecos, fields[4] ); - fstrcpy( pw.pw_dir, fields[5] ); - fstrcpy( pw.pw_shell, fields[6] ); - - - /* last minute sanity checks */ - - if ( pw.pw_uid==0 || pw.pw_gid==0 ) { - DEBUG(0,("string2passwd: Failure! uid==%lu, gid==%lu\n", - (unsigned long)pw.pw_uid, (unsigned long)pw.pw_gid)); - return NULL; - } - - DEBUG(10,("string2passwd: Success\n")); - - return &pw; -} - -/********************************************************************** - Convert a struct passwd* to a string formatted for /etc/passwd -**********************************************************************/ - -static char* passwd2string( const WINBINDD_PW *pw ) -{ - static pstring string; - int ret; - - if ( !pw || !pw->pw_name ) - return NULL; - - DEBUG(10,("passwd2string: converting passwd struct for %s\n", - pw->pw_name)); - - ret = pstr_sprintf( string, "%s:%s:%lu:%lu:%s:%s:%s", - pw->pw_name, - pw->pw_passwd ? pw->pw_passwd : "x", - (unsigned long)pw->pw_uid, - (unsigned long)pw->pw_gid, - pw->pw_gecos, - pw->pw_dir, - pw->pw_shell ); - - if ( ret < 0 ) { - DEBUG(0,("passwd2string: pstr_sprintf() failed!\n")); - return NULL; - } - - return string; -} - -/********************************************************************** - Convert a string in /etc/group format to a struct group* entry -**********************************************************************/ - -static WINBINDD_GR* string2group( char *string ) -{ - static WINBINDD_GR grp; - char *p, *str; - char *fields[NUM_GRP_FIELDS]; - int i; - char **gr_members = NULL; - int num_gr_members = 0; - - if ( !string ) - return NULL; - - ZERO_STRUCTP( &grp ); - - DEBUG(10,("string2group: converting \"%s\"\n", string)); - - ZERO_STRUCT( fields ); - - for ( i=0, str=string; i<NUM_GRP_FIELDS-1; i++ ) { - if ( !(p = strchr( str, ':' )) ) { - DEBUG(0,("string2group: parsing failure\n")); - return NULL; - } - *p = '\0'; - if ( str ) - fields[i] = str; - str = p + 1; - } - - /* group members */ - - if ( *str ) { - /* we already know we have a non-empty string */ - - num_gr_members = count_chars(str, ',') + 1; - - /* if there was at least one comma, then there - are n+1 members */ - if ( num_gr_members ) { - fstring buffer; - - gr_members = SMB_XMALLOC_ARRAY(char*, num_gr_members+1); - - i = 0; - while ( next_token((const char **) &str, buffer, ",", sizeof(buffer)) && i<num_gr_members ) { - gr_members[i++] = smb_xstrdup(buffer); - } - - gr_members[i] = NULL; - } - } - - - /* copy fields */ - - fstrcpy( grp.gr_name, fields[0] ); - fstrcpy( grp.gr_passwd, fields[1] ); - grp.gr_gid = atoi( fields[2] ); - - grp.num_gr_mem = num_gr_members; - grp.gr_mem = gr_members; - - /* last minute sanity checks */ - - if ( grp.gr_gid == 0 ) { - DEBUG(0,("string2group: Failure! gid==%lu\n", (unsigned long)grp.gr_gid)); - SAFE_FREE( gr_members ); - return NULL; - } - - DEBUG(10,("string2group: Success\n")); - - return &grp; -} - -/********************************************************************** - Convert a struct group* to a string formatted for /etc/group -**********************************************************************/ - -static char* group2string( const WINBINDD_GR *grp ) -{ - static pstring string; - int ret; - char *member, *gr_mem_str; - int num_members; - int i, size; - - if ( !grp || !grp->gr_name ) - return NULL; - - DEBUG(10,("group2string: converting passwd struct for %s\n", - grp->gr_name)); - - if ( grp->num_gr_mem ) { - int idx = 0; - - member = grp->gr_mem[0]; - size = 0; - num_members = 0; - - while ( member ) { - size += strlen(member) + 1; - num_members++; - member = grp->gr_mem[num_members]; - } - - gr_mem_str = SMB_XMALLOC_ARRAY(char, size); - - for ( i=0; i<num_members; i++ ) { - snprintf( &gr_mem_str[idx], size-idx, "%s,", grp->gr_mem[i] ); - idx += strlen(grp->gr_mem[i]) + 1; - } - /* add trailing NULL (also removes trailing ',' */ - gr_mem_str[size-1] = '\0'; - } - else { - /* no members */ - gr_mem_str = SMB_XMALLOC_ARRAY(char, sizeof(fstring)); - fstrcpy( gr_mem_str, "" ); - } - - ret = pstr_sprintf( string, "%s:%s:%lu:%s", - grp->gr_name, - grp->gr_passwd ? grp->gr_passwd : "*", - (unsigned long)grp->gr_gid, - gr_mem_str ); - - SAFE_FREE( gr_mem_str ); - - if ( ret < 0 ) { - DEBUG(0,("group2string: pstr_sprintf() failed!\n")); - return NULL; - } - - return string; -} - -/********************************************************************** -**********************************************************************/ - -static char* acct_userkey_byname( const char *name ) -{ - static fstring key; - - fstr_sprintf( key, "%s/NAME/%s", WBKEY_PASSWD, name ); - - return key; -} - -/********************************************************************** -**********************************************************************/ - -static char* acct_userkey_byuid( uid_t uid ) -{ - static fstring key; - - fstr_sprintf( key, "%s/UID/%lu", WBKEY_PASSWD, (unsigned long)uid ); - - return key; -} - -/********************************************************************** -**********************************************************************/ - -static char* acct_groupkey_byname( const char *name ) -{ - static fstring key; - - fstr_sprintf( key, "%s/NAME/%s", WBKEY_GROUP, name ); - - return key; -} - -/********************************************************************** -**********************************************************************/ - -static char* acct_groupkey_bygid( gid_t gid ) -{ - static fstring key; - - fstr_sprintf( key, "%s/GID/%lu", WBKEY_GROUP, (unsigned long)gid ); - - return key; -} - -/********************************************************************** -**********************************************************************/ - -WINBINDD_PW* wb_getpwnam( const char * name ) -{ - char *keystr; - TDB_DATA data; - static WINBINDD_PW *pw; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_getpwnam: Failed to open winbindd account db\n")); - return NULL; - } - - - keystr = acct_userkey_byname( name ); - - data = tdb_fetch_bystring( account_tdb, keystr ); - - pw = NULL; - - if ( data.dptr ) { - pw = string2passwd( data.dptr ); - SAFE_FREE( data.dptr ); - } - - DEBUG(5,("wb_getpwnam: %s user (%s)\n", - (pw ? "Found" : "Did not find"), name )); - - return pw; -} - -/********************************************************************** -**********************************************************************/ - -WINBINDD_PW* wb_getpwuid( const uid_t uid ) -{ - char *keystr; - TDB_DATA data; - static WINBINDD_PW *pw; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_getpwuid: Failed to open winbindd account db\n")); - return NULL; - } - - data = tdb_fetch_bystring( account_tdb, acct_userkey_byuid(uid) ); - if ( !data.dptr ) { - DEBUG(4,("wb_getpwuid: failed to locate uid == %lu\n", (unsigned long)uid)); - return NULL; - } - keystr = acct_userkey_byname( data.dptr ); - - SAFE_FREE( data.dptr ); - - data = tdb_fetch_bystring( account_tdb, keystr ); - - pw = NULL; - - if ( data.dptr ) { - pw = string2passwd( data.dptr ); - SAFE_FREE( data.dptr ); - } - - DEBUG(5,("wb_getpwuid: %s user (uid == %lu)\n", - (pw ? "Found" : "Did not find"), (unsigned long)uid )); - - return pw; -} - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_storepwnam( const WINBINDD_PW *pw ) -{ - char *namekey, *uidkey; - TDB_DATA data; - char *str; - int ret = 0; - fstring username; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n")); - return False; - } - - namekey = acct_userkey_byname( pw->pw_name ); - - /* lock the main entry first */ - - if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) { - DEBUG(0,("wb_storepwnam: Failed to lock %s\n", namekey)); - return False; - } - - str = passwd2string( pw ); - - data.dptr = str; - data.dsize = strlen(str) + 1; - - if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) { - DEBUG(0,("wb_storepwnam: Failed to store \"%s\"\n", str)); - ret = -1; - goto done; - } - - /* store the uid index */ - - uidkey = acct_userkey_byuid(pw->pw_uid); - - fstrcpy( username, pw->pw_name ); - data.dptr = username; - data.dsize = strlen(username) + 1; - - if ( (tdb_store_bystring(account_tdb, uidkey, data, TDB_REPLACE)) == -1 ) { - DEBUG(0,("wb_storepwnam: Failed to store uid key \"%s\"\n", str)); - tdb_delete_bystring(account_tdb, namekey); - ret = -1; - goto done; - } - - DEBUG(10,("wb_storepwnam: Success -> \"%s\"\n", str)); - -done: - tdb_unlock_bystring( account_tdb, namekey ); - - return ( ret == 0 ); -} - -/********************************************************************** -**********************************************************************/ - -WINBINDD_GR* wb_getgrnam( const char * name ) -{ - char *keystr; - TDB_DATA data; - static WINBINDD_GR *grp; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_getgrnam: Failed to open winbindd account db\n")); - return NULL; - } - - - keystr = acct_groupkey_byname( name ); - - data = tdb_fetch_bystring( account_tdb, keystr ); - - grp = NULL; - - if ( data.dptr ) { - grp = string2group( data.dptr ); - SAFE_FREE( data.dptr ); - } - - DEBUG(5,("wb_getgrnam: %s group (%s)\n", - (grp ? "Found" : "Did not find"), name )); - - return grp; -} - -/********************************************************************** -**********************************************************************/ - -WINBINDD_GR* wb_getgrgid( gid_t gid ) -{ - char *keystr; - TDB_DATA data; - static WINBINDD_GR *grp; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_getgrgid: Failed to open winbindd account db\n")); - return NULL; - } - - data = tdb_fetch_bystring( account_tdb, acct_groupkey_bygid(gid) ); - if ( !data.dptr ) { - DEBUG(4,("wb_getgrgid: failed to locate gid == %lu\n", - (unsigned long)gid)); - return NULL; - } - keystr = acct_groupkey_byname( data.dptr ); - - SAFE_FREE( data.dptr ); - - data = tdb_fetch_bystring( account_tdb, keystr ); - - grp = NULL; - - if ( data.dptr ) { - grp = string2group( data.dptr ); - SAFE_FREE( data.dptr ); - } - - DEBUG(5,("wb_getgrgid: %s group (gid == %lu)\n", - (grp ? "Found" : "Did not find"), (unsigned long)gid )); - - return grp; -} - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_storegrnam( const WINBINDD_GR *grp ) -{ - char *namekey, *gidkey; - TDB_DATA data; - char *str; - int ret = 0; - fstring groupname; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n")); - return False; - } - - namekey = acct_groupkey_byname( grp->gr_name ); - - /* lock the main entry first */ - - if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) { - DEBUG(0,("wb_storegrnam: Failed to lock %s\n", namekey)); - return False; - } - - str = group2string( grp ); - - data.dptr = str; - data.dsize = strlen(str) + 1; - - if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) { - DEBUG(0,("wb_storegrnam: Failed to store \"%s\"\n", str)); - ret = -1; - goto done; - } - - /* store the gid index */ - - gidkey = acct_groupkey_bygid(grp->gr_gid); - - fstrcpy( groupname, grp->gr_name ); - data.dptr = groupname; - data.dsize = strlen(groupname) + 1; - - if ( (tdb_store_bystring(account_tdb, gidkey, data, TDB_REPLACE)) == -1 ) { - DEBUG(0,("wb_storegrnam: Failed to store gid key \"%s\"\n", str)); - tdb_delete_bystring(account_tdb, namekey); - ret = -1; - goto done; - } - - DEBUG(10,("wb_storegrnam: Success -> \"%s\"\n", str)); - -done: - tdb_unlock_bystring( account_tdb, namekey ); - - return ( ret == 0 ); -} - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_addgrpmember( WINBINDD_GR *grp, const char *user ) -{ - int i; - char **members; - - if ( !grp || !user ) - return False; - - for ( i=0; i<grp->num_gr_mem; i++ ) { - if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 ) - return True; - } - - /* add one new slot and keep an extra for the terminating NULL */ - members = SMB_REALLOC_ARRAY( grp->gr_mem, char *, grp->num_gr_mem+2); - if ( !members ) - return False; - - grp->gr_mem = members; - grp->gr_mem[grp->num_gr_mem++] = smb_xstrdup(user); - grp->gr_mem[grp->num_gr_mem] = NULL; - - return True; -} - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_delgrpmember( WINBINDD_GR *grp, const char *user ) -{ - int i; - BOOL found = False; - - if ( !grp || !user ) - return False; - - for ( i=0; i<grp->num_gr_mem; i++ ) { - if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 ) { - found = True; - break; - } - } - - if ( !found ) - return False; - - /* still some remaining members */ - - if ( grp->num_gr_mem > 1 ) { - SAFE_FREE(grp->gr_mem[i]); - grp->num_gr_mem--; - grp->gr_mem[i] = grp->gr_mem[grp->num_gr_mem]; - grp->gr_mem[grp->num_gr_mem] = NULL; - } - else { /* last one */ - free_winbindd_gr( grp ); - grp->gr_mem = NULL; - grp->num_gr_mem = 0; - } - - return True; -} - -/********************************************************************** -**********************************************************************/ - -static int cleangroups_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, - void *state) -{ - int len; - fstring key; - char *name = (char*)state; - - fstr_sprintf( key, "%s/NAME", WBKEY_GROUP ); - len = strlen(key); - - /* if this is a group entry then, check the members */ - - if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) { - WINBINDD_GR *grp; - - if ( !(grp = string2group( dbuf.dptr )) ) { - DEBUG(0,("cleangroups_traverse_fn: Failure to parse [%s]\n", - dbuf.dptr)); - return 0; - } - - /* just try to delete the user and rely on wb_delgrpmember() - to tell you whether or not the group changed. This is more - effecient than testing group membership first since the - checks for deleting a user from a group is essentially the - same as checking if he/she is a member */ - - if ( wb_delgrpmember( grp, name ) ) { - DEBUG(10,("cleanupgroups_traverse_fn: Removed user (%s) from group (%s)\n", - name, grp->gr_name)); - wb_storegrnam( grp ); - } - - free_winbindd_gr( grp ); - } - - return 0; -} - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_delete_user( WINBINDD_PW *pw) -{ - char *namekey; - char *uidkey; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_delete_user: Failed to open winbindd account db\n")); - return False; - } - - namekey = acct_userkey_byname( pw->pw_name ); - - /* lock the main entry first */ - - if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) { - DEBUG(0,("wb_delete_user: Failed to lock %s\n", namekey)); - return False; - } - - /* remove user from all groups */ - - tdb_traverse(account_tdb, cleangroups_traverse_fn, (void *)pw->pw_name); - - /* remove the user */ - uidkey = acct_userkey_byuid( pw->pw_uid ); - - tdb_delete_bystring( account_tdb, namekey ); - tdb_delete_bystring( account_tdb, uidkey ); - - tdb_unlock_bystring( account_tdb, namekey ); - - return True; -} - -/********************************************************************** -**********************************************************************/ - -static int isprimarygroup_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, - TDB_DATA dbuf, void *params) -{ - int len; - fstring key; - struct _check_primary_grp *check = (struct _check_primary_grp*)params; - - fstr_sprintf( key, "%s/NAME", WBKEY_PASSWD ); - len = strlen(key); - - /* if this is a group entry then, check the members */ - - if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) { - WINBINDD_PW *pw;; - - if ( !(pw = string2passwd( dbuf.dptr )) ) { - DEBUG(0,("isprimarygroup_traverse_fn: Failure to parse [%s]\n", - dbuf.dptr)); - return 0; - } - - if ( check->gid == pw->pw_gid ) { - check->found = True; - return 1; - } - } - - return 0; -} - - -/********************************************************************** -**********************************************************************/ - -static BOOL wb_delete_group( WINBINDD_GR *grp ) -{ - struct _check_primary_grp check; - char *namekey; - char *gidkey; - - if ( !account_tdb && !winbindd_accountdb_init() ) { - DEBUG(0,("wb_delete_group: Failed to open winbindd account db\n")); - return False; - } - - /* lock the main entry first */ - - namekey = acct_groupkey_byname( grp->gr_name ); - if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) { - DEBUG(0,("wb_delete_group: Failed to lock %s\n", namekey)); - return False; - } - - /* is this group the primary group for any user? If - so deny delete */ - - check.found = False; - tdb_traverse(account_tdb, isprimarygroup_traverse_fn, (void *)&check); - - if ( check.found ) { - DEBUG(4,("wb_delete_group: Cannot delete group (%s) since it " - "is the primary group for some users\n", grp->gr_name)); - return False; - } - - /* We're clear. Delete the group */ - - DEBUG(5,("wb_delete_group: Removing group (%s)\n", grp->gr_name)); - - gidkey = acct_groupkey_bygid( grp->gr_gid ); - - tdb_delete_bystring( account_tdb, namekey ); - tdb_delete_bystring( account_tdb, gidkey ); - - tdb_unlock_bystring( account_tdb, namekey ); - - return True; -} - -/********************************************************************** - Create a new "UNIX" user for the system given a username -**********************************************************************/ - -enum winbindd_result winbindd_create_user(struct winbindd_cli_state *state) -{ - char *user, *group; - unid_t id; - WINBINDD_PW pw, *pw_check; - WINBINDD_GR *wb_grp; - struct group *unix_grp; - gid_t primary_gid; - uint32 flags = state->request.flags; - uint32 rid; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_create_user: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0'; - state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - - user = state->request.data.acct_mgt.username; - group = state->request.data.acct_mgt.groupname; - - DEBUG(3, ("[%5lu]: create_user: user=>(%s), group=>(%s)\n", - (unsigned long)state->pid, user, group)); - - if ( (pw_check=wb_getpwnam(user)) != NULL ) { - DEBUG(0,("winbindd_create_user: Refusing to create user that already exists (%s)\n", - user)); - return WINBINDD_ERROR; - } - - - if ( !*group ) - group = lp_template_primary_group(); - - /* validate the primary group - 1) lookup in local tdb first - 2) call getgrnam() as a last resort */ - - if ( (wb_grp=wb_getgrnam(group)) != NULL ) { - primary_gid = wb_grp->gr_gid; - free_winbindd_gr( wb_grp ); - } - else if ( (unix_grp=sys_getgrnam(group)) != NULL ) { - primary_gid = unix_grp->gr_gid; - } - else { - DEBUG(2,("winbindd_create_user: Cannot validate gid for group (%s)\n", group)); - return WINBINDD_ERROR; - } - - /* get a new uid */ - - if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_USERID)) ) { - DEBUG(0,("winbindd_create_user: idmap_allocate_id() failed!\n")); - return WINBINDD_ERROR; - } - - /* The substitution of %U and %D in the 'template homedir' is done - by lp_string() calling standard_sub_basic(). */ - - fstrcpy( current_user_info.smb_name, user ); - sub_set_smb_name( user ); - fstrcpy( current_user_info.domain, get_global_sam_name() ); - - /* fill in the passwd struct */ - - fstrcpy( pw.pw_name, user ); - fstrcpy( pw.pw_passwd, "x" ); - fstrcpy( pw.pw_gecos, user); - fstrcpy( pw.pw_dir, lp_template_homedir() ); - fstrcpy( pw.pw_shell, lp_template_shell() ); - - pw.pw_uid = id.uid; - pw.pw_gid = primary_gid; - - /* store the new entry */ - - if ( !wb_storepwnam(&pw) ) - return WINBINDD_ERROR; - - /* do we need a new RID? */ - - if ( flags & WBFLAG_ALLOCATE_RID ) { - if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, USER_RID_TYPE)) ) { - DEBUG(0,("winbindd_create_user: RID allocation failure! Cannot create user (%s)\n", - user)); - wb_delete_user( &pw ); - - return WINBINDD_ERROR; - } - - state->response.data.rid = rid; - } - - return WINBINDD_OK; -} - -/********************************************************************** - Create a new "UNIX" group for the system given a username -**********************************************************************/ - -enum winbindd_result winbindd_create_group(struct winbindd_cli_state *state) -{ - char *group; - unid_t id; - WINBINDD_GR grp, *grp_check; - uint32 flags = state->request.flags; - uint32 rid; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_create_group: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - group = state->request.data.acct_mgt.groupname; - - DEBUG(3, ("[%5lu]: create_group: (%s)\n", (unsigned long)state->pid, group)); - - if ( (grp_check=wb_getgrnam(group)) != NULL ) { - DEBUG(0,("winbindd_create_group: Refusing to create group that already exists (%s)\n", - group)); - return WINBINDD_ERROR; - } - - /* get a new gid */ - - if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_GROUPID)) ) { - DEBUG(0,("winbindd_create_group: idmap_allocate_id() failed!\n")); - return WINBINDD_ERROR; - } - - /* fill in the group struct */ - - fstrcpy( grp.gr_name, group ); - fstrcpy( grp.gr_passwd, "*" ); - - grp.gr_gid = id.gid; - grp.gr_mem = NULL; /* start with no members */ - grp.num_gr_mem = 0; - - if ( !wb_storegrnam(&grp) ) - return WINBINDD_ERROR; - - /* do we need a new RID? */ - - if ( flags & WBFLAG_ALLOCATE_RID ) { - if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, GROUP_RID_TYPE)) ) { - DEBUG(0,("winbindd_create_group: RID allocation failure! Cannot create group (%s)\n", - group)); - wb_delete_group( &grp ); - - return WINBINDD_ERROR; - } - - state->response.data.rid = rid; - } - - return WINBINDD_OK; -} - -/********************************************************************** - Add a user to the membership for a group. -**********************************************************************/ - -enum winbindd_result winbindd_add_user_to_group(struct winbindd_cli_state *state) -{ - WINBINDD_PW *pw; - WINBINDD_GR *grp; - char *user, *group; - BOOL ret; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_add_user_to_group: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0'; - group = state->request.data.acct_mgt.groupname; - user = state->request.data.acct_mgt.username; - - DEBUG(3, ("[%5lu]: add_user_to_group: add %s to %s\n", (unsigned long)state->pid, - user, group)); - - /* make sure it is a valid user */ - - if ( !(pw = wb_getpwnam( user )) ) { - DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n")); - return WINBINDD_ERROR; - } - - /* make sure it is a valid group */ - - if ( !(grp = wb_getgrnam( group )) ) { - DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n")); - return WINBINDD_ERROR; - } - - if ( !wb_addgrpmember( grp, user ) ) - return WINBINDD_ERROR; - - ret = wb_storegrnam(grp); - - free_winbindd_gr( grp ); - - return ( ret ? WINBINDD_OK : WINBINDD_ERROR ); -} - -/********************************************************************** - Remove a user from the membership of a group -**********************************************************************/ - -enum winbindd_result winbindd_remove_user_from_group(struct winbindd_cli_state *state) -{ - WINBINDD_GR *grp; - char *user, *group; - BOOL ret; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_remove_user_from_group: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0'; - group = state->request.data.acct_mgt.groupname; - user = state->request.data.acct_mgt.username; - - DEBUG(3, ("[%5lu]: remove_user_from_group: delete %s from %s\n", (unsigned long)state->pid, - user, group)); - - /* don't worry about checking the username since we're removing it anyways */ - - /* make sure it is a valid group */ - - if ( !(grp = wb_getgrnam( group )) ) { - DEBUG(4,("winbindd_remove_user_from_group: Cannot remove a user from a non-extistent group\n")); - return WINBINDD_ERROR; - } - - if ( !wb_delgrpmember( grp, user ) ) - return WINBINDD_ERROR; - - ret = wb_storegrnam(grp); - - free_winbindd_gr( grp ); - - return ( ret ? WINBINDD_OK : WINBINDD_ERROR ); -} - -/********************************************************************** - Set the primary group membership of a user -**********************************************************************/ - -enum winbindd_result winbindd_set_user_primary_group(struct winbindd_cli_state *state) -{ - WINBINDD_PW *pw; - WINBINDD_GR *grp; - char *user, *group; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_set_user_primary_group: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0'; - group = state->request.data.acct_mgt.groupname; - user = state->request.data.acct_mgt.username; - - DEBUG(3, ("[%5lu]: set_user_primary_group: group %s for user %s\n", - (unsigned long)state->pid, group, user)); - - /* make sure it is a valid user */ - - if ( !(pw = wb_getpwnam( user )) ) { - DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n")); - return WINBINDD_ERROR; - } - - /* make sure it is a valid group */ - - if ( !(grp = wb_getgrnam( group )) ) { - DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n")); - return WINBINDD_ERROR; - } - - pw->pw_gid = grp->gr_gid; - - free_winbindd_gr( grp ); - - return ( wb_storepwnam(pw) ? WINBINDD_OK : WINBINDD_ERROR ); -} - -/********************************************************************** - Delete a user from the winbindd account tdb. -**********************************************************************/ - -enum winbindd_result winbindd_delete_user(struct winbindd_cli_state *state) -{ - WINBINDD_PW *pw; - char *user; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_delete_user: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0'; - user = state->request.data.acct_mgt.username; - - DEBUG(3, ("[%5lu]: delete_user: %s\n", (unsigned long)state->pid, user)); - - /* make sure it is a valid user */ - - if ( !(pw = wb_getpwnam( user )) ) { - DEBUG(4,("winbindd_delete_user: Cannot delete a non-existent user\n")); - return WINBINDD_ERROR; - } - - return ( wb_delete_user(pw) ? WINBINDD_OK : WINBINDD_ERROR ); -} - -/********************************************************************** - Delete a group from winbindd's account tdb. -**********************************************************************/ - -enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state) -{ - WINBINDD_GR *grp; - char *group; - BOOL ret; - - if ( !state->privileged ) { - DEBUG(2, ("winbindd_delete_group: non-privileged access denied!\n")); - return WINBINDD_ERROR; - } - - /* Ensure null termination */ - state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.groupname)-1]='\0'; - group = state->request.data.acct_mgt.groupname; - - DEBUG(3, ("[%5lu]: delete_group: %s\n", (unsigned long)state->pid, group)); - - /* make sure it is a valid group */ - - if ( !(grp = wb_getgrnam( group )) ) { - DEBUG(4,("winbindd_delete_group: Cannot delete a non-existent group\n")); - return WINBINDD_ERROR; - } - - ret = wb_delete_group(grp); - - free_winbindd_gr( grp ); - - return ( ret ? WINBINDD_OK : WINBINDD_ERROR ); -} - - - diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 506ed12cbd..c431e32cc1 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -31,34 +31,6 @@ extern BOOL opt_nocache; #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/********************************************************************* -*********************************************************************/ - -static int gr_mem_buffer( char **buffer, char **members, int num_members ) -{ - int i; - int len = 0; - int idx = 0; - - if ( num_members == 0 ) { - *buffer = NULL; - return 0; - } - - for ( i=0; i<num_members; i++ ) - len += strlen(members[i])+1; - - *buffer = SMB_XMALLOC_ARRAY(char, len); - for ( i=0; i<num_members; i++ ) { - snprintf( &(*buffer)[idx], len-idx, "%s,", members[i]); - idx += strlen(members[i])+1; - } - /* terminate with NULL */ - (*buffer)[len-1] = '\0'; - - return len; -} - /*************************************************************** Empty static struct for negative caching. ****************************************************************/ @@ -229,7 +201,6 @@ done: enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) { DOM_SID group_sid; - WINBINDD_GR *grp; struct winbindd_domain *domain; enum SID_NAME_USE name_type; fstring name_domain, name_group; @@ -251,26 +222,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) parse_domain_user(tmp, name_domain, name_group); - /* if no domain or our local domain, then do a local tdb search */ - - if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) && - ((grp = wb_getgrnam(name_group)) != NULL) ) { - - char *buffer = NULL; - - memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) ); - - gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); - - state->response.data.gr.gr_mem_ofs = 0; - state->response.length += gr_mem_len; - state->response.extra_data = buffer; /* give the memory away */ - - return WINBINDD_OK; - } - - /* if no domain or our local domain and no local tdb group, default to - * our local domain for aliases */ + /* if no domain or our local domain, default to our local domain for aliases */ if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { fstrcpy(name_domain, get_global_sam_name()); @@ -337,7 +289,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - WINBINDD_GR *grp; DOM_SID group_sid; enum SID_NAME_USE name_type; fstring dom_name; @@ -354,21 +305,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) (state->request.data.gid > server_state.gid_high)) return WINBINDD_ERROR; - /* alway try local tdb lookup first */ - if ( ( grp=wb_getgrgid(state->request.data.gid)) != NULL ) { - char *buffer = NULL; - - memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) ); - - gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); - - state->response.data.gr.gr_mem_ofs = 0; - state->response.length += gr_mem_len; - state->response.extra_data = buffer; /* give away the memory */ - - return WINBINDD_OK; - } - /* Get rid from gid */ if (!NT_STATUS_IS_OK(idmap_gid_to_sid(&group_sid, state->request.data.gid))) { DEBUG(1, ("could not convert gid %lu to rid\n", diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index e879275c63..7a9b5cf96a 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -111,7 +111,6 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) { WINBIND_USERINFO user_info; - WINBINDD_PW *pw; DOM_SID user_sid; NTSTATUS status; fstring name_domain, name_user; @@ -130,18 +129,6 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) parse_domain_user(state->request.data.username, name_domain, name_user); - /* if this is our local domain (or no domain), the do a local tdb search */ - - if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { - if ( !(pw = wb_getpwnam(name_user)) ) { - DEBUG(5,("winbindd_getpwnam: lookup for %s\\%s failed\n", - name_domain, name_user)); - return WINBINDD_ERROR; - } - memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) ); - return WINBINDD_OK; - } - /* should we deal with users for our domain? */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -206,7 +193,6 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) { DOM_SID user_sid; struct winbindd_domain *domain; - WINBINDD_PW *pw; fstring dom_name; fstring user_name; enum SID_NAME_USE name_type; @@ -224,13 +210,6 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) DEBUG(3, ("[%5lu]: getpwuid %lu\n", (unsigned long)state->pid, (unsigned long)state->request.data.uid)); - /* always try local tdb first */ - - if ( (pw = wb_getpwuid(state->request.data.uid)) != NULL ) { - memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) ); - return WINBINDD_OK; - } - /* Get rid from uid */ if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&user_sid, state->request.data.uid))) { diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index ac6dbb4d4a..aeca0fab43 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -173,7 +173,6 @@ typedef struct char *szTemplateHomedir; char *szTemplateShell; char *szWinbindSeparator; - BOOL bWinbindEnableLocalAccounts; BOOL bWinbindEnumUsers; BOOL bWinbindEnumGroups; BOOL bWinbindUseDefaultDomain; @@ -1222,7 +1221,6 @@ static struct parm_struct parm_table[] = { {"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED}, {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED}, {"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, FLAG_ADVANCED}, - {"winbind enable local accounts", P_BOOL, P_GLOBAL, &Globals.bWinbindEnableLocalAccounts, NULL, NULL, FLAG_ADVANCED|FLAG_DEPRECATED}, {"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED}, {"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED}, {"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED}, @@ -1569,7 +1567,6 @@ static void init_globals(void) string_set(&Globals.szEventLogOldestRecordCommand, ""); Globals.winbind_cache_time = 300; /* 5 minutes */ - Globals.bWinbindEnableLocalAccounts = False; Globals.bWinbindEnumUsers = True; Globals.bWinbindEnumGroups = True; Globals.bWinbindUseDefaultDomain = False; @@ -1757,7 +1754,6 @@ FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir) FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell) FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat) -FN_GLOBAL_BOOL(lp_winbind_enable_local_accounts, &Globals.bWinbindEnableLocalAccounts) FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index e4588b2e61..73ea575ec5 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2017,14 +2017,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 3,("_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } - else /* no add user script -- ask winbindd to do it */ - { - if ( !winbind_create_user( account, &new_rid ) ) { - DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n", - account)); - } - } - } /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ @@ -3466,18 +3458,6 @@ static int smb_delete_user(const char *unix_user) pstring del_script; int ret; - /* try winbindd first since it is impossible to determine where - a user came from via NSS. Try the delete user script if this fails - meaning the user did not exist in winbindd's list of accounts */ - - if ( winbind_delete_user( unix_user ) ) { - DEBUG(3,("winbind_delete_user: removed user (%s)\n", unix_user)); - return 0; - } - - - /* fall back to 'delete user script' */ - pstrcpy(del_script, lp_deluser_script()); if (! *del_script) return -1; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fa38004fe6..84872897fc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -523,13 +523,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } else { - DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); - - /* don't need a RID allocated since the user already has a SID */ - if ( !winbind_create_user( account, NULL ) ) - DEBUG(4,("fetch_account_info: winbind_create_user() failed\n")); - } + } /* try and find the possible unix account again */ if ( !(passwd = Get_Pwnam(account)) ) { |