diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/wb_client.c | 28 | ||||
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 19 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 1 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_nss.h | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_sid.c | 20 |
5 files changed, 67 insertions, 6 deletions
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 90e4584dab..32dfc8deca 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -235,6 +235,30 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid) return (result == NSS_STATUS_SUCCESS); } +BOOL winbind_allocate_rid(uint32 *rid) +{ + struct winbindd_request request; + struct winbindd_response response; + int result; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response); + + if (result != NSS_STATUS_SUCCESS) + return False; + + /* Copy out result */ + *rid = response.data.rid; + + return True; +} + /* Fetch the list of groups a user is a member of from winbindd. This is used by winbind_getgroups. */ @@ -595,8 +619,6 @@ BOOL winbind_delete_group( const char *group ) } /***********************************************************************/ -#if 0 /* not needed currently since winbindd_acct was added -- jerry */ - /* Call winbindd to convert SID to uid. Do not allocate */ BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) @@ -667,7 +689,5 @@ BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) return (result == NSS_STATUS_SUCCESS); } -#endif /* JERRY */ - /***********************************************************************/ diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 772332ee59..af2a0ce7c6 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -436,6 +436,18 @@ static BOOL wbinfo_sid_to_gid(char *sid) return True; } +static BOOL wbinfo_allocate_rid(void) +{ + uint32 rid; + + if (!winbind_allocate_rid(&rid)) + return False; + + d_printf("New rid: %d\n", rid); + + return True; +} + /* Convert sid to string */ static BOOL wbinfo_lookupsid(char *sid) @@ -983,6 +995,7 @@ int main(int argc, char **argv) { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" }, { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, + { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" }, { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" }, { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" }, @@ -1102,6 +1115,12 @@ int main(int argc, char **argv) goto done; } break; + case 'A': + if (!wbinfo_allocate_rid()) { + d_printf("Could not allocate a RID\n"); + goto done; + } + break; case 't': if (!wbinfo_check_secret()) { d_printf("Could not check secret\n"); diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 8a0d0f7573..c4319d493a 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -255,6 +255,7 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" }, { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" }, { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" }, + { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" }, /* Miscellaneous */ diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 0d110b8afa..745a29facc 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -36,7 +36,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 9 +#define WINBIND_INTERFACE_VERSION 10 /* Socket commands */ @@ -84,6 +84,7 @@ enum winbindd_cmd { WINBINDD_SID_TO_GID, WINBINDD_UID_TO_SID, WINBINDD_GID_TO_SID, + WINBINDD_ALLOCATE_RID, /* Miscellaneous other stuff */ @@ -266,7 +267,7 @@ struct winbindd_response { char nt_session_key[16]; char first_8_lm_hash[8]; } auth; - uint32 rid; /* create user or group */ + uint32 rid; /* create user or group or allocate rid */ struct { fstring name; fstring alt_name; diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 8ff6cfd271..d4206558c5 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -434,3 +434,23 @@ done: return WINBINDD_OK; } + +enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state) +{ + if ( !state->privileged ) { + DEBUG(2, ("winbindd_allocate_rid: non-privileged access " + "denied!\n")); + return WINBINDD_ERROR; + } + + /* We tell idmap to always allocate a user RID. There might be a good + * reason to keep RID allocation for users to even and groups to + * odd. This needs discussion I think. For now only allocate user + * rids. */ + + if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid, + USER_RID_TYPE))) + return WINBINDD_ERROR; + + return WINBINDD_OK; +} |