diff options
| -rw-r--r-- | source3/Makefile.in | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_samr.c | 411 | ||||
| -rw-r--r-- | source3/wscript_build | 3 |
3 files changed, 417 insertions, 1 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index fa99ac6d10..715dd2be5f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1180,6 +1180,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_reconnect.o \ winbindd/winbindd_ads.o \ winbindd/winbindd_passdb.o \ + winbindd/winbindd_samr.o \ winbindd/winbindd_dual.o \ winbindd/winbindd_dual_ndr.o \ winbindd/winbindd_dual_srv.o \ @@ -1257,12 +1258,12 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_pam_logoff.o \ auth/auth_util.o \ auth/token_util.o \ + auth/user_util.o \ auth/check_samsec.o \ auth/server_info.o \ auth/server_info_sam.o \ auth/user_info.o \ auth/pampass.o \ - rpc_server/srv_samr_chgpasswd.o \ ../nsswitch/libwbclient/wb_reqtrans.o WINBINDD_OBJ = \ @@ -1272,6 +1273,7 @@ WINBINDD_OBJ = \ $(PROFILE_OBJ) $(SLCACHE_OBJ) $(SMBLDAP_OBJ) \ $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ $(DCUTIL_OBJ) $(IDMAP_OBJ) $(NSS_INFO_OBJ) \ + $(RPC_NCACN_NP_INTERNAL) $(RPC_SAMR_OBJ) $(RPC_LSA_OBJ) \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) \ $(LIBADS_SERVER_OBJ) \ $(TDB_VALIDATE_OBJ) diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c new file mode 100644 index 0000000000..6065f3cfb4 --- /dev/null +++ b/source3/winbindd/winbindd_samr.c @@ -0,0 +1,411 @@ +/* + * Unix SMB/CIFS implementation. + * + * Winbind rpc backend functions + * + * Copyright (c) 2000-2003 Tim Potter + * Copyright (c) 2001 Andrew Tridgell + * Copyright (c) 2005 Volker Lendecke + * Copyright (c) 2008 Guenther Deschner (pidl conversion) + * Copyright (c) 2010 Andreas Schneider <asn@samba.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "winbindd.h" +#include "../librpc/gen_ndr/cli_samr.h" +#include "rpc_client/cli_samr.h" +#include "../librpc/gen_ndr/srv_samr.h" +#include "../librpc/gen_ndr/cli_lsa.h" +#include "rpc_client/cli_lsarpc.h" +#include "../librpc/gen_ndr/srv_lsa.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **samr_pipe) +{ + static struct rpc_pipe_client *cli = NULL; + struct auth_serversupplied_info *server_info = NULL; + NTSTATUS status; + + if (cli != NULL) { + goto done; + } + + if (server_info == NULL) { + status = make_server_info_system(mem_ctx, &server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n", + nt_errstr(status))); + return status; + } + } + + /* create a samr connection */ + status = rpc_pipe_open_internal(talloc_autofree_context(), + &ndr_table_samr.syntax_id, + rpc_samr_dispatch, + server_info, + &cli); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n", + nt_errstr(status))); + return status; + } + +done: + if (samr_pipe) { + *samr_pipe = cli; + } + + return NT_STATUS_OK; +} + +static NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + struct rpc_pipe_client **samr_pipe, + struct policy_handle *samr_domain_hnd) +{ + NTSTATUS status; + struct policy_handle samr_connect_hnd; + + status = open_internal_samr_pipe(mem_ctx, samr_pipe); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_Connect2((*samr_pipe), + mem_ctx, + (*samr_pipe)->desthost, + SEC_FLAG_MAXIMUM_ALLOWED, + &samr_connect_hnd); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_OpenDomain((*samr_pipe), + mem_ctx, + &samr_connect_hnd, + SEC_FLAG_MAXIMUM_ALLOWED, + &domain->sid, + samr_domain_hnd); + + return status; +} + +static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **lsa_pipe) +{ + static struct rpc_pipe_client *cli = NULL; + struct auth_serversupplied_info *server_info = NULL; + NTSTATUS status; + + if (cli != NULL) { + goto done; + } + + if (server_info == NULL) { + status = make_server_info_system(mem_ctx, &server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n", + nt_errstr(status))); + return status; + } + } + + /* create a samr connection */ + status = rpc_pipe_open_internal(talloc_autofree_context(), + &ndr_table_lsarpc.syntax_id, + rpc_lsarpc_dispatch, + server_info, + &cli); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n", + nt_errstr(status))); + return status; + } + +done: + if (lsa_pipe) { + *lsa_pipe = cli; + } + + return NT_STATUS_OK; +} + +static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **lsa_pipe, + struct policy_handle *lsa_hnd) +{ + NTSTATUS status; + + status = open_internal_lsa_pipe(mem_ctx, lsa_pipe); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_lsa_open_policy((*lsa_pipe), + mem_ctx, + true, + SEC_FLAG_MAXIMUM_ALLOWED, + lsa_hnd); + + return status; +} + +/********************************************************************* + SAM specific functions. +*********************************************************************/ + +/* List all domain groups */ +static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32_t *num_entries, + struct acct_info **info) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* Query display info for a domain */ +static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32_t *num_entries, + struct wbint_userinfo **info) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* Lookup user information from a rid or username. */ +static NTSTATUS sam_query_user(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *user_sid, + struct wbint_userinfo *user_info) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* get a list of trusted domains - builtin domain */ +static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct netr_DomainTrustList *trusts) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* Lookup group membership given a rid. */ +static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *group_sid, + enum lsa_SidType type, + uint32_t *num_names, + struct dom_sid **sid_mem, + char ***names, + uint32_t **name_types) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/********************************************************************* + BUILTIN specific functions. +*********************************************************************/ + +/* List all domain groups */ +static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_entries, + struct acct_info **info) +{ + /* BUILTIN doesn't have domain groups */ + *num_entries = 0; + *info = NULL; + return NT_STATUS_OK; +} + +/* Query display info for a domain */ +static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_entries, + struct wbint_userinfo **info) +{ + /* We don't have users */ + *num_entries = 0; + *info = NULL; + return NT_STATUS_OK; +} + +/* Lookup user information from a rid or username. */ +static NTSTATUS builtin_query_user(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *user_sid, + struct wbint_userinfo *user_info) +{ + return NT_STATUS_NO_SUCH_USER; +} + +/* get a list of trusted domains - builtin domain */ +static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct netr_DomainTrustList *trusts) +{ + ZERO_STRUCTP(trusts); + return NT_STATUS_OK; +} + +/********************************************************************* + COMMON functions. +*********************************************************************/ + +/* List all local groups (aliases) */ +static NTSTATUS common_enum_local_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32_t *num_entries, + struct acct_info **info) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* convert a single name to a sid in a domain */ +static NTSTATUS common_name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const char *domain_name, + const char *name, + uint32_t flags, + struct dom_sid *sid, + enum lsa_SidType *type) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* convert a domain SID to a user or group name */ +static NTSTATUS common_sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS common_rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS common_lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo12 *policy) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS common_password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *policy) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* Lookup groups a user is a member of. I wish Unix had a call like this! */ +static NTSTATUS common_lookup_usergroups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const struct dom_sid *user_sid, + uint32_t *num_groups, + struct dom_sid **user_gids) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS common_lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32_t num_sids, + const struct dom_sid *sids, + uint32_t *p_num_aliases, + uint32_t **rids) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +/* find the sequence number for a domain */ +static NTSTATUS common_sequence_number(struct winbindd_domain *domain, + uint32_t *seq) +{ + /* TODO FIXME */ + return NT_STATUS_NOT_IMPLEMENTED; +} + +#if 0 +/* the rpc backend methods are exposed via this structure */ +struct winbindd_methods builtin_passdb_methods = { + .consistent = false, + + .query_user_list = builtin_query_user_list, + .enum_dom_groups = builtin_enum_dom_groups, + .enum_local_groups = common_enum_local_groups, + .name_to_sid = common_name_to_sid, + .sid_to_name = common_sid_to_name, + .rids_to_names = common_rids_to_names, + .query_user = builtin_query_user, + .lookup_usergroups = common_lookup_usergroups, + .lookup_useraliases = common_lookup_useraliases, + .lookup_groupmem = sam_lookup_groupmem, + .sequence_number = common_sequence_number, + .lockout_policy = common_lockout_policy, + .password_policy = common_password_policy, + .trusted_domains = builtin_trusted_domains +}; + +/* the rpc backend methods are exposed via this structure */ +struct winbindd_methods sam_passdb_methods = { + .consistent = false, + + .query_user_list = sam_query_user_list, + .enum_dom_groups = sam_enum_dom_groups, + .enum_local_groups = common_enum_local_groups, + .name_to_sid = common_name_to_sid, + .sid_to_name = common_sid_to_name, + .rids_to_names = common_rids_to_names, + .query_user = sam_query_user, + .lookup_usergroups = common_lookup_usergroups, + .lookup_useraliases = common_lookup_useraliases, + .lookup_groupmem = sam_lookup_groupmem, + .sequence_number = common_sequence_number, + .lockout_policy = common_lockout_policy, + .password_policy = common_password_policy, + .trusted_domains = sam_trusted_domains +}; +#endif diff --git a/source3/wscript_build b/source3/wscript_build index 12022b9e00..54112771a7 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -565,6 +565,7 @@ WINBINDD_SRC1 = '''winbindd/winbindd.c winbindd/winbindd_reconnect.c winbindd/winbindd_ads.c winbindd/winbindd_passdb.c + winbindd/winbindd_samr.c winbindd/winbindd_dual.c winbindd/winbindd_dual_ndr.c winbindd/winbindd_dual_srv.c @@ -642,6 +643,7 @@ WINBINDD_SRC1 = '''winbindd/winbindd.c winbindd/winbindd_pam_chng_pswd_auth_crap.c auth/auth_util.c auth/token_util.c + auth/user_util.c auth/check_samsec.c auth/server_info.c auth/server_info_sam.c @@ -657,6 +659,7 @@ WINBINDD_SRC = '''${WINBINDD_SRC1} ${DCUTIL_SRC} ${IDMAP_SRC} ${NSS_INFO_SRC} ${AFS_SRC} ${AFS_SETTOKEN_SRC} ${LIBADS_SERVER_SRC} + ${RPC_NCACN_NP_INTERNAL} ${RPC_SAMR_SRC} ${RPC_LSA_OBJ} ${TDB_VALIDATE_SRC}''' LIBNET_SRC = 'libnet/libnet_join.c libnet/libnet_keytab.c librpc/gen_ndr/ndr_libnet_join.c' |