diff options
Diffstat (limited to 'source3/nsswitch')
26 files changed, 348 insertions, 475 deletions
diff --git a/source3/nsswitch/.cvsignore b/source3/nsswitch/.cvsignore index 658d50a680..090b859b37 100644 --- a/source3/nsswitch/.cvsignore +++ b/source3/nsswitch/.cvsignore @@ -1,4 +1,3 @@ *.po *.po32 diffs -winbindd_proto.h diff --git a/source3/nsswitch/hp_nss_common.h b/source3/nsswitch/hp_nss_common.h index 5bd5374182..5f39e9abb0 100644 --- a/source3/nsswitch/hp_nss_common.h +++ b/source3/nsswitch/hp_nss_common.h @@ -23,12 +23,8 @@ Boston, MA 02111-1307, USA. */ -#ifdef HAVE_SYNCH_H #include <synch.h> -#endif -#ifdef HAVE_PTHREAD_H #include <pthread.h> -#endif typedef enum { NSS_SUCCESS, diff --git a/source3/nsswitch/nss.h b/source3/nsswitch/nss.h index d83a5e237e..e021b013b5 100644 --- a/source3/nsswitch/nss.h +++ b/source3/nsswitch/nss.h @@ -72,7 +72,7 @@ typedef enum #define NSD_MEM_VOLATILE 1 #define NSD_MEM_DYNAMIC 2 -#elif defined(HPUX) && defined(HAVE_NSSWITCH_H) +#elif defined(HPUX) /* HP-UX 11 */ #include "nsswitch/hp_nss_common.h" diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 4739cfbf7a..b192a347f4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -155,14 +155,6 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) /* incorrect password */ _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", user); return retval; - case PAM_ACCT_EXPIRED: - /* account expired */ - _pam_log(LOG_WARNING, "user `%s' account expired", user); - return retval; - case PAM_AUTHTOK_EXPIRED: - /* password expired */ - _pam_log(LOG_WARNING, "user `%s' password expired", user); - return retval; case PAM_USER_UNKNOWN: /* the user does not exist */ if (ctrl & WINBIND_DEBUG_ARG) @@ -585,7 +577,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, retval = winbind_auth_request(user, pass_old, ctrl); if (retval != PAM_ACCT_EXPIRED - && retval != PAM_AUTHTOK_EXPIRED && retval != PAM_NEW_AUTHTOK_REQD && retval != PAM_SUCCESS) { pass_old = NULL; diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index bcb339864a..53550ca353 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -25,11 +25,6 @@ #include "includes.h" #include "nsswitch/nss.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -extern DOM_SID global_sid_NULL; /* NULL sid */ - NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 89dd625241..6a2143f8f0 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -86,7 +86,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -static void close_sock(void) +void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -168,7 +168,7 @@ int winbind_open_pipe_sock(void) return winbindd_fd; } -/* Write data to winbindd socket */ +/* Write data to winbindd socket with timeout */ int write_sock(void *buffer, int count) { @@ -234,7 +234,7 @@ int write_sock(void *buffer, int count) return nwritten; } -/* Read data from winbindd socket */ +/* Read data from winbindd socket with timeout */ static int read_sock(void *buffer, int count) { diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index d0af10a0e6..3ddd1865c0 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -25,9 +25,6 @@ #include "winbindd.h" #include "debug.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Prototypes from common.h */ NSS_STATUS winbindd_request(int req_type, @@ -251,22 +248,25 @@ static BOOL wbinfo_show_sequence(void) static BOOL wbinfo_check_secret(void) { struct winbindd_response response; - NSS_STATUS result; + BOOL result; ZERO_STRUCT(response); result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) == NSS_STATUS_SUCCESS; - - d_printf("checking the trust secret via RPC calls %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (result != NSS_STATUS_SUCCESS) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - return result == NSS_STATUS_SUCCESS; + if (result) { + + if (response.data.num_entries == 0) + d_printf("Secret is good\n"); + else + d_printf("Secret is bad\n0x%08x\n", + response.data.num_entries); + + return True; + } + + return False; } /* Convert uid to sid */ @@ -593,7 +593,7 @@ static BOOL wbinfo_set_auth_user(char *username) /* Store in secrets.tdb */ - if (!secrets_store(SECRETS_AUTH_USER, user, + if (!secrets_store(SECRETS_AUTH_USER, username, strlen(user) + 1) || !secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1) || @@ -640,17 +640,16 @@ static void usage(void) d_printf("\t-m\t\t\tlist trusted domains\n"); d_printf("\t-r user\t\t\tget user groups\n"); d_printf("\t-a user%%password\tauthenticate user\n"); - d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); - d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n"); + d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); + d_printf("\t-p 'ping' winbindd to see if it is alive\n"); d_printf("\t--sequence\t\tshow sequence numbers of all domains\n"); - d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n"); } /* Main program */ enum { OPT_SET_AUTH_USER = 1000, - OPT_SEQUENCE + OPT_SEQUENCE, }; int main(int argc, char **argv) diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index 681bcd2bf7..a396e5551b 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -238,7 +238,6 @@ winbind_callback(nsd_file_t **rqp, int fd) free_response(&response); return(do_list(1,rq)); case WINBINDD_GETGRENT: - case WINBINDD_GETGRLST: nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - %d GETGRENT responses\n", response.data.num_entries); @@ -1061,7 +1060,6 @@ _nss_winbind_getgrent_r(struct group *result, NSS_STATUS ret; static struct winbindd_request request; static int called_again; - enum winbindd_cmd cmd; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrent\n", getpid()); @@ -1085,17 +1083,7 @@ _nss_winbind_getgrent_r(struct group *result, request.data.num_entries = MAX_GETGRENT_USERS; - /* this is a hack to work around the fact that posix doesn't - define a 'list groups' call and listing all group members can - be *very* expensive. We use an environment variable to give - us a saner call (tridge) */ - if (getenv("WINBIND_GETGRLST")) { - cmd = WINBINDD_GETGRLST; - } else { - cmd = WINBINDD_GETGRENT; - } - - ret = winbindd_request(cmd, &request, + ret = winbindd_request(WINBINDD_GETGRENT, &request, &getgrent_response); if (ret == NSS_STATUS_SUCCESS) { diff --git a/source3/nsswitch/winbind_nss_config.h b/source3/nsswitch/winbind_nss_config.h index b9c738211e..0de63878be 100644 --- a/source3/nsswitch/winbind_nss_config.h +++ b/source3/nsswitch/winbind_nss_config.h @@ -129,15 +129,11 @@ typedef int BOOL; #endif /* zero a structure */ -#ifndef ZERO_STRUCT #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) -#endif /* zero a structure given a pointer to the structure */ -#ifndef ZERO_STRUCTP #define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } -#endif - + /* Some systems (SCO) treat UNIX domain sockets as FIFOs */ #ifndef S_IFSOCK diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 358d9add3a..4f64790236 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -4,7 +4,6 @@ Winbind daemon for ntdom nss module Copyright (C) by Tim Potter 2000, 2001 - Copyright (C) Andrew Tridgell 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,8 +26,7 @@ struct winbindd_cli_state *client_list; static int num_clients; -BOOL opt_nocache = False; -BOOL opt_dual_daemon = False; +BOOL opt_nocache; /* Reload configuration */ @@ -223,7 +221,6 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" }, { WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" }, { WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" }, - { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" }, /* PAM auth functions */ @@ -368,10 +365,9 @@ static void remove_client(struct winbindd_cli_state *state) } } - /* Process a complete received packet from a client */ -void winbind_process_packet(struct winbindd_cli_state *state) +static void process_packet(struct winbindd_cli_state *state) { /* Process request */ @@ -383,16 +379,11 @@ void winbind_process_packet(struct winbindd_cli_state *state) state->read_buf_len = 0; state->write_buf_len = sizeof(struct winbindd_response); - - /* we might need to send it to the dual daemon */ - if (opt_dual_daemon) { - dual_send_request(state); - } } /* Read some data from a client connection */ -void winbind_client_read(struct winbindd_cli_state *state) +static void client_read(struct winbindd_cli_state *state) { int n; @@ -538,10 +529,6 @@ static void process_loop(int accept_sock) timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; timeout.tv_usec = 0; - if (opt_dual_daemon) { - maxfd = dual_select_setup(&w_fds, maxfd); - } - /* Set up client readers and writers */ state = client_list; @@ -596,10 +583,6 @@ static void process_loop(int accept_sock) if (selret > 0) { - if (opt_dual_daemon) { - dual_select(&w_fds); - } - if (FD_ISSET(accept_sock, &r_fds)) new_connection(accept_sock); @@ -613,7 +596,7 @@ static void process_loop(int accept_sock) /* Read data */ - winbind_client_read(state); + client_read(state); /* * If we have the start of a @@ -637,7 +620,7 @@ static void process_loop(int accept_sock) if (state->read_buf_len == sizeof(state->request)) { - winbind_process_packet(state); + process_packet(state); } } @@ -673,62 +656,6 @@ static void process_loop(int accept_sock) } } - -/* - these are split out from the main winbindd for use by the background daemon - */ -int winbind_setup_common(void) -{ - load_interfaces(); - - if (!secrets_init()) { - - DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); - return 1; - - } - - /* Get list of domains we look up requests for. This includes the - domain which we are a member of as well as any trusted - domains. */ - - init_domain_list(); - - ZERO_STRUCT(server_state); - - /* Winbind daemon initialisation */ - - if (!winbindd_param_init()) - return 1; - - if (!winbindd_idmap_init()) - return 1; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); - - return 0; -} - - /* Main function */ struct winbindd_state server_state; /* Server state information */ @@ -738,14 +665,13 @@ static void usage(void) { printf("Usage: winbindd [options]\n"); printf("\t-i interactive mode\n"); - printf("\t-B dual daemon mode\n"); printf("\t-n disable cacheing\n"); printf("\t-d level set debug level\n"); printf("\t-s configfile choose smb.conf location\n"); printf("\t-h show this help message\n"); } - int main(int argc, char **argv) +int main(int argc, char **argv) { extern BOOL AllowDebugChange; extern pstring global_myname; @@ -783,7 +709,7 @@ static void usage(void) /* Initialise samba/rpc client stuff */ - while ((opt = getopt(argc, argv, "id:s:nhB")) != EOF) { + while ((opt = getopt(argc, argv, "id:s:nh")) != EOF) { switch (opt) { /* Don't become a daemon */ @@ -791,11 +717,6 @@ static void usage(void) interactive = True; break; - /* dual daemon system */ - case 'B': - opt_dual_daemon = True; - break; - /* disable cacheing */ case 'n': opt_nocache = True; @@ -835,6 +756,8 @@ static void usage(void) exit(1); } + pidfile_create("winbindd"); + /* Setup names. */ if (!*global_myname) { @@ -848,10 +771,8 @@ static void usage(void) fstrcpy(global_myworkgroup, lp_workgroup()); - if (!interactive) { + if (!interactive) become_daemon(); - pidfile_create("winbindd"); - } #if HAVE_SETPGID /* @@ -862,14 +783,52 @@ static void usage(void) setpgid( (pid_t)0, (pid_t)0); #endif - if (opt_dual_daemon) { - do_dual_daemon(); - } + load_interfaces(); + + if (!secrets_init()) { - if (winbind_setup_common() != 0) { + DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); return 1; + } + /* Get list of domains we look up requests for. This includes the + domain which we are a member of as well as any trusted + domains. */ + + init_domain_list(); + + ZERO_STRUCT(server_state); + + /* Winbind daemon initialisation */ + + if (!winbindd_param_init()) + return 1; + + if (!winbindd_idmap_init()) + return 1; + + /* Unblock all signals we are interested in as they may have been + blocked by the parent process. */ + + BlockSignals(False, SIGINT); + BlockSignals(False, SIGQUIT); + BlockSignals(False, SIGTERM); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGUSR2); + BlockSignals(False, SIGHUP); + + /* Setup signal handlers */ + + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ + CatchSignal(SIGQUIT, termination_handler); + CatchSignal(SIGTERM, termination_handler); + + CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ + + CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ + CatchSignal(SIGHUP, sighup_handler); + /* Initialise messaging system */ if (!message_init()) { diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 11d399be49..4d35c27c21 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -29,9 +29,6 @@ #include "winbindd_nss.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Client state structure */ struct winbindd_cli_state { diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index b61348adfe..22bad667c3 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -24,9 +24,6 @@ #ifdef HAVE_ADS -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* the realm of our primary LDAP server */ static char *primary_realm; @@ -61,7 +58,7 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope if (*res) ads_msgfree(ads, *res); *res = NULL; - DEBUG(3,("Reopening ads connection to %s after error %s\n", + DEBUG(1,("Reopening ads connection to %s after error %s\n", ads->ldap_server, ads_errstr(status))); if (ads->ld) { ldap_unbind(ads->ld); @@ -122,8 +119,6 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) if (resolve_name(domain->name, &server_ip, 0x1b)) { sname = inet_ntoa(server_ip); - } else if (resolve_name(domain->name, &server_ip, 0x1c)) { - sname = inet_ntoa(server_ip); } else { if (strcasecmp(domain->name, lp_workgroup()) != 0) { DEBUG(1,("can't find domain controller for %s\n", domain->name)); @@ -132,7 +127,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) sname = NULL; } - ads = ads_init(primary_realm, domain->name, NULL, NULL, NULL); + ads = ads_init(primary_realm, sname, NULL, NULL); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", domain->name)); return NULL; @@ -143,7 +138,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ads->password = secrets_fetch_machine_password(); status = ads_connect(ads); - if (!ADS_ERR_OK(status) || !ads->realm) { + if (!ADS_ERR_OK(status)) { extern struct winbindd_methods msrpc_methods; DEBUG(1,("ads_connect for domain %s failed: %s\n", domain->name, ads_errstr(status))); @@ -191,24 +186,6 @@ static enum SID_NAME_USE ads_atype_map(uint32 atype) return SID_NAME_UNKNOWN; } -/* - in order to support usernames longer than 21 characters we need to - use both the sAMAccountName and the userPrincipalName attributes - It seems that not all users have the userPrincipalName attribute set -*/ -static char *pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg) -{ - char *ret, *p; - - ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName"); - if (ret && (p = strchr(ret, '@'))) { - *p = 0; - return ret; - } - return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); -} - - /* Query display info for a realm. This is the basic user list fn */ static NTSTATUS query_user_list(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -216,9 +193,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, WINBIND_USERINFO **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", - "sAMAccountName", - "name", "objectSid", "primaryGroupID", + const char *attrs[] = {"sAMAccountName", "name", "objectSid", "primaryGroupID", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -265,7 +240,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - name = pull_username(ads, mem_ctx, msg); + name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); @@ -276,7 +251,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { + if (!sid_peek_rid(&sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -306,8 +281,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, struct acct_info **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", "sAMAccountName", - "name", "objectSid", + const char *attrs[] = {"sAMAccountName", "name", "objectSid", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -324,13 +298,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, rc = ads_search_retry(ads, &res, "(objectCategory=group)", attrs); if (!ADS_ERR_OK(rc)) { - DEBUG(1,("enum_dom_groups ads_search: %s\n", ads_errstr(rc))); + DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); goto done; } count = ads_count_replies(ads, res); if (count == 0) { - DEBUG(1,("enum_dom_groups: No groups found\n")); + DEBUG(1,("query_user_list: No users found\n")); goto done; } @@ -352,14 +326,14 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, &account_type) || !(account_type & ATYPE_GROUP)) continue; - name = pull_username(ads, mem_ctx, msg); + name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); continue; } - if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { + if (!sid_peek_rid(&sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -403,9 +377,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, ads = ads_cached_connection(domain); if (!ads) goto done; - /* accept either the win2000 or the pre-win2000 username */ - asprintf(&exp, "(|(sAMAccountName=%s)(userPrincipalName=%s@%s))", - name, name, ads->realm); + asprintf(&exp, "(sAMAccountName=%s)", name); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); if (!ADS_ERR_OK(rc)) { @@ -449,9 +421,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, enum SID_NAME_USE *type) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", - "sAMAccountName", - "sAMAccountType", NULL}; + const char *attrs[] = {"sAMAccountName", "sAMAccountType", NULL}; ADS_STATUS rc; void *msg = NULL; char *exp; @@ -478,7 +448,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, goto done; } - *name = pull_username(ads, mem_ctx, msg); + *name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); *type = ads_atype_map(atype); status = NT_STATUS_OK; @@ -492,50 +462,6 @@ done: } -/* convert a DN to a name, rid and name type - this might become a major speed bottleneck if groups have - lots of users, in which case we could cache the results -*/ -static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const char *dn, - char **name, uint32 *name_type, uint32 *rid) -{ - char *exp; - void *res = NULL; - const char *attrs[] = {"userPrincipalName", "sAMAccountName", - "objectSid", "sAMAccountType", NULL}; - ADS_STATUS rc; - uint32 atype; - DOM_SID sid; - - asprintf(&exp, "(distinguishedName=%s)", dn); - rc = ads_search_retry(ads, &res, exp, attrs); - free(exp); - if (!ADS_ERR_OK(rc)) { - goto failed; - } - - (*name) = pull_username(ads, mem_ctx, res); - - if (!ads_pull_uint32(ads, res, "sAMAccountType", &atype)) { - goto failed; - } - (*name_type) = ads_atype_map(atype); - - if (!ads_pull_sid(ads, res, "objectSid", &sid) || - !sid_peek_rid(&sid, rid)) { - goto failed; - } - - if (res) ads_msgfree(ads, res); - return True; - -failed: - if (res) ads_msgfree(ads, res); - return False; -} - - /* convert a sid to a distnguished name */ static NTSTATUS sid_to_distinguished_name(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -585,9 +511,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, WINBIND_USERINFO *info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", - "sAMAccountName", - "name", "objectSid", + const char *attrs[] = {"sAMAccountName", "name", "objectSid", "primaryGroupID", NULL}; ADS_STATUS rc; int count; @@ -620,7 +544,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - info->acct_name = pull_username(ads, mem_ctx, msg); + info->acct_name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %d !?\n", user_rid)); @@ -631,7 +555,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) { + if (!sid_peek_rid(&sid, &info->user_rid)) { DEBUG(1,("No rid for %d !?\n", user_rid)); goto done; } @@ -709,7 +633,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, for (i=1;i<count;i++) { uint32 rid; - if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue; + if (!sid_peek_rid(&sids[i-1], &rid)) continue; (*user_gids)[*num_groups] = rid; (*num_groups)++; } @@ -722,9 +646,7 @@ done: return status; } -/* - find the members of a group, given a group rid and domain - */ + static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 *num_names, @@ -732,16 +654,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 **name_types) { DOM_SID group_sid; + const char *attrs[] = {"sAMAccountName", "objectSid", "sAMAccountType", NULL}; ADS_STATUS rc; int count; - void *res=NULL; + void *res=NULL, *msg=NULL; ADS_STRUCT *ads = NULL; - char *exp; + char *exp, *dn = NULL; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *sidstr; - const char *attrs[] = {"member", NULL}; - char **members; - int i, num_members; *num_names = 0; @@ -749,14 +668,17 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!ads) goto done; sid_from_rid(domain, group_rid, &group_sid); - sidstr = sid_binstring(&group_sid); + status = sid_to_distinguished_name(domain, mem_ctx, &group_sid, &dn); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3,("Failed to find distinguishedName for %s\n", sid_string_static(&group_sid))); + return status; + } - /* search for all members of the group */ - asprintf(&exp, "(objectSid=%s)",sidstr); + /* search for all users who have that group sid as primary group or as member */ + asprintf(&exp, "(&(objectCategory=user)(|(primaryGroupID=%d)(memberOf=%s)))", + group_rid, dn); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); - free(sidstr); - if (!ADS_ERR_OK(rc)) { DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); goto done; @@ -768,33 +690,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, goto done; } - members = ads_pull_strings(ads, mem_ctx, res, "member"); - if (!members) { - /* no members? ok ... */ - status = NT_STATUS_OK; - goto done; - } - - /* now we need to turn a list of members into rids, names and name types - the problem is that the members are in the form of distinguised names - */ - for (i=0;members[i];i++) /* noop */ ; - num_members = i; + (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * count); + (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * count); + (*names) = talloc_zero(mem_ctx, sizeof(char *) * count); - (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); - (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); - (*names) = talloc_zero(mem_ctx, sizeof(char *) * num_members); - - for (i=0;i<num_members;i++) { - uint32 name_type, rid; - char *name; + for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { + uint32 atype, rid; + DOM_SID sid; - if (dn_lookup(ads, mem_ctx, members[i], &name, &name_type, &rid)) { - (*names)[*num_names] = name; - (*name_types)[*num_names] = name_type; - (*rid_mem)[*num_names] = rid; - (*num_names)++; + (*names)[*num_names] = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) { + continue; + } + (*name_types)[*num_names] = ads_atype_map(atype); + if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { + DEBUG(1,("No sid for %s !?\n", (*names)[*num_names])); + continue; } + if (!sid_peek_rid(&sid, &rid)) { + DEBUG(1,("No rid for %s !?\n", (*names)[*num_names])); + continue; + } + (*rid_mem)[*num_names] = rid; + (*num_names)++; } status = NT_STATUS_OK; @@ -805,7 +723,6 @@ done: return status; } - /* find the sequence number for a domain */ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) { diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index a607727867..9bd95fdd86 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -22,9 +22,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - struct winbind_cache { struct winbindd_methods *backend; TDB_CONTEXT *tdb; @@ -54,7 +51,7 @@ void wcache_flush_cache(void) if (opt_nocache) return; wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, - TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600); + TDB_DEFAULT, O_RDWR | O_CREAT | O_TRUNC, 0600); if (!wcache->tdb) { DEBUG(0,("Failed to open winbindd_cache.tdb!\n")); @@ -208,17 +205,11 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) { NTSTATUS status; unsigned time_diff; - unsigned cache_time = lp_winbind_cache_time(); - - /* trying to reconnect is expensive, don't do it too often */ - if (domain->sequence_number == DOM_SEQUENCE_NONE) { - cache_time *= 8; - } time_diff = time(NULL) - domain->last_seq_check; /* see if we have to refetch the domain sequence number */ - if (!force && (time_diff < cache_time)) { + if (!force && (time_diff < lp_winbind_cache_time())) { return; } @@ -298,15 +289,8 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, centry->sequence_number = centry_uint32(centry); if (centry_expired(domain, centry)) { - extern BOOL opt_dual_daemon; - - if (opt_dual_daemon) { - extern BOOL backgroud_process; - backgroud_process = True; - } else { - centry_free(centry); - return NULL; - } + centry_free(centry); + return NULL; } return centry; @@ -426,7 +410,6 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta { struct cache_entry *centry; uint32 len; - fstring uname; centry = centry_start(domain, status); if (!centry) return; @@ -435,9 +418,7 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta centry_put_uint32(centry, type); sid_linearize(centry->data + centry->ofs, len, sid); centry->ofs += len; - fstrcpy(uname, name); - strupper(uname); - centry_end(centry, "NS/%s/%s", domain->name, uname); + centry_end(centry, "NS/%s/%s", domain->name, name); centry_free(centry); } @@ -467,7 +448,7 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI centry_put_string(centry, info->full_name); centry_put_uint32(centry, info->user_rid); centry_put_uint32(centry, info->group_rid); - centry_end(centry, "U/%s/%d", domain->name, info->user_rid); + centry_end(centry, "U/%s/%x", domain->name, info->user_rid); centry_free(centry); } @@ -616,13 +597,10 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, struct winbind_cache *cache = get_cache(domain); struct cache_entry *centry = NULL; NTSTATUS status; - fstring uname; if (!cache->tdb) goto do_query; - fstrcpy(uname, name); - strupper(uname); - centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname); + centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, name); if (!centry) goto do_query; *type = centry_uint32(centry); sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid); @@ -642,9 +620,6 @@ do_query: /* and save it */ wcache_save_name_to_sid(domain, status, name, sid, *type); - /* We can't save the sid to name mapping as we don't know the - correct case of the name without looking it up */ - return status; } @@ -661,8 +636,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, NTSTATUS status; uint32 rid = 0; - if (!sid_peek_check_rid(&domain->sid, sid, &rid)) - return NT_STATUS_INVALID_PARAMETER; + sid_peek_rid(sid, &rid); if (!cache->tdb) goto do_query; @@ -687,7 +661,6 @@ do_query: /* and save it */ refresh_sequence_number(domain, True); wcache_save_sid_to_name(domain, status, sid, *name, *type, rid); - wcache_save_name_to_sid(domain, status, *name, sid, *type); return status; } @@ -705,7 +678,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "U/%s/%d", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid); if (!centry) goto do_query; info->acct_name = centry_string(centry, mem_ctx); @@ -746,7 +719,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid); if (!centry) goto do_query; *num_groups = centry_uint32(centry); @@ -781,7 +754,7 @@ do_query: for (i=0; i<(*num_groups); i++) { centry_put_uint32(centry, (*user_gids)[i]); } - centry_end(centry, "UG/%s/%d", domain->name, user_rid); + centry_end(centry, "UG/%s/%x", domain->name, user_rid); centry_free(centry); skip_save: @@ -802,7 +775,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "GM/%s/%d", domain->name, group_rid); + centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid); if (!centry) goto do_query; *num_names = centry_uint32(centry); @@ -851,7 +824,7 @@ do_query: centry_put_string(centry, (*names)[i]); centry_put_uint32(centry, (*name_types)[i]); } - centry_end(centry, "GM/%s/%d", domain->name, group_rid); + centry_end(centry, "GM/%s/%x", domain->name, group_rid); centry_free(centry); skip_save: @@ -905,3 +878,5 @@ struct winbindd_methods cache_methods = { trusted_domains, domain_sid }; + + diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 3ab97ed408..ce484795f8 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -4,7 +4,6 @@ Winbind daemon connection manager Copyright (C) Tim Potter 2001 - Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -61,9 +60,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Global list of connections. Initially a DLIST but can become a hash table or whatever later. */ @@ -352,7 +348,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password, 0); + ipc_password, strlen(ipc_password)); SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 20563ba7bd..4ef57513bb 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -23,9 +23,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /*************************************************************** Empty static struct for negative caching. ****************************************************************/ @@ -75,7 +72,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, *num_gr_mem = 0; if (group_name_type != SID_NAME_DOM_GRP) { - DEBUG(1, ("rid %d in domain %s isn't a domain group\n", + DEBUG(1, ("rid %d in domain %s isn't a " "domain group\n", group_rid, domain->name)); goto done; } @@ -84,8 +81,8 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names, &rid_mem, &names, &name_types); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("could not lookup membership for group rid %d in domain %s (error: %s)\n", - group_rid, domain->name, nt_errstr(status))); + DEBUG(1, ("could not lookup membership for group rid %d in domain %s\n", + group_rid, domain->name)); goto done; } @@ -231,8 +228,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } /* Fill in group structure */ - if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid)) - return WINBINDD_ERROR; + sid_peek_rid(&group_sid, &group_rid); if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { DEBUG(1, ("error converting unix gid to sid\n")); @@ -363,10 +359,8 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state) /* Create a state record for this domain */ if ((domain_state = (struct getent_state *) - malloc(sizeof(struct getent_state))) == NULL) { - DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n")); + malloc(sizeof(struct getent_state))) == NULL) return WINBINDD_ERROR; - } ZERO_STRUCTP(domain_state); @@ -413,10 +407,8 @@ static BOOL get_sam_group_entries(struct getent_state *ent) return False; if (!(mem_ctx = talloc_init_named("get_sam_group_entries(%s)", - ent->domain_name))) { - DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n")); + ent->domain_name))) return False; - } /* Free any existing group info */ @@ -439,7 +431,6 @@ static BOOL get_sam_group_entries(struct getent_state *ent) &sam_grp_entries); if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s", nt_errstr(status))); result = False; goto done; } @@ -580,21 +571,14 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) goto done; } - group_list[group_list_ndx].num_gr_mem = 0; - gr_mem = NULL; - gr_mem_len = 0; + /* Get group membership */ - /* Get group membership */ - if (state->request.cmd == WINBINDD_GETGRLST) { - result = True; - } else { - result = fill_grent_mem( - domain, - name_list[ent->sam_entry_index].rid, - SID_NAME_DOM_GRP, - &group_list[group_list_ndx].num_gr_mem, - &gr_mem, &gr_mem_len); - } + result = fill_grent_mem( + domain, + name_list[ent->sam_entry_index].rid, + SID_NAME_DOM_GRP, + &group_list[group_list_ndx].num_gr_mem, + &gr_mem, &gr_mem_len); } if (result) { diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 6d184fec5f..bae61449ee 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -22,9 +22,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* High water mark keys */ #define HWM_GROUP "GROUP HWM" @@ -367,7 +364,6 @@ fail: static BOOL idmap_convert(const char *idmap_name) { int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - BOOL bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; if (vers == IDMAP_VERSION) return True; @@ -378,34 +374,28 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ - /* - * high and low records were created on a - * big endian machine and will need byte-reversing. - */ - + if (IREV(vers) == IDMAP_VERSION) { + /* Arrggghh ! Bytereversed - make order independent ! */ int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - if (wm != -1) { + if (wm != -1) wm = IREV(wm); - } else + else wm = server_state.uid_low; - if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { + if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n")); return False; } wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) { + if (wm != -1) wm = IREV(wm); - } else + else wm = server_state.gid_low; - - if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { + if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } @@ -414,7 +404,7 @@ static BOOL idmap_convert(const char *idmap_name) /* the old format stored as DOMAIN/rid - now we store the SID direct */ tdb_traverse(idmap_tdb, convert_fn, NULL); - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { + if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 45f2d42f98..5678bdaa5a 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -23,9 +23,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - extern pstring global_myname; /************************************************************************ @@ -91,15 +88,9 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat "good" : "bad")); done: - state->response.data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", - state->response.data.auth.nt_status_string)); + state->response.data.num_entries = NT_STATUS_V(result); - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; + return WINBINDD_OK; } enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 0f0e40a2ec..023d72306b 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -99,9 +99,6 @@ enum winbindd_cmd { WINBINDD_WINS_BYIP, WINBINDD_WINS_BYNAME, - /* this is like GETGRENT but gives an empty group list */ - WINBINDD_GETGRLST, - /* Placeholder for end of cmd list */ WINBINDD_NUM_CMDS diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index e608f826c9..f7959c2feb 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -24,9 +24,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Return a password structure from a username. */ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h new file mode 100644 index 0000000000..f3830cd63c --- /dev/null +++ b/source3/nsswitch/winbindd_proto.h @@ -0,0 +1,133 @@ +#ifndef _WINBINDD_PROTO_H_ +#define _WINBINDD_PROTO_H_ + +/* This file is automatically generated with "make proto". DO NOT EDIT */ + + +/* The following definitions come from nsswitch/winbindd.c */ + +int main(int argc, char **argv); + +/* The following definitions come from nsswitch/winbindd_ads.c */ + +ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, + const char *exp, + const char **attrs, void **res); +ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, + const char *exp, + const char **attrs); +ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, + const char *dn, + const char **attrs); + +/* The following definitions come from nsswitch/winbindd_cache.c */ + +void wcache_flush_cache(void); +void winbindd_check_cache_size(time_t t); +struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status); + +/* The following definitions come from nsswitch/winbindd_cm.c */ + +CLI_POLICY_HND *cm_get_lsa_handle(char *domain); +CLI_POLICY_HND *cm_get_sam_handle(char *domain); +CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid); +CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, + uint32 user_rid); +CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, + uint32 group_rid); +NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, + struct cli_state **cli); +void winbindd_cm_status(void); + +/* The following definitions come from nsswitch/winbindd_group.c */ + +enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_idmap.c */ + +BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid); +BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid); +BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid); +BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid); +BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup); +BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid); +BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid); +BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, + struct winbindd_domain **domain); +BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, + struct winbindd_domain **domain); +BOOL winbindd_idmap_init(void); +BOOL winbindd_idmap_close(void); +void winbindd_idmap_status(void); + +/* The following definitions come from nsswitch/winbindd_misc.c */ + +enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state + *state); +enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state); +enum winbindd_result winbindd_ping(struct winbindd_cli_state + *state); +enum winbindd_result winbindd_info(struct winbindd_cli_state *state); +enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state); +enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_pam.c */ + +enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_rpc.c */ + + +/* The following definitions come from nsswitch/winbindd_sid.c */ + +enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state); +enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_user.c */ + +enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_util.c */ + +struct winbindd_domain *domain_list(void); +void free_domain_list(void); +BOOL init_domain_list(void); +struct winbindd_domain *find_domain_from_name(const char *domain_name); +struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); +BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, + const char *name, DOM_SID *sid, + enum SID_NAME_USE *type); +BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, + fstring dom_name, + fstring name, + enum SID_NAME_USE *type); +void free_getent_state(struct getent_state *state); +BOOL winbindd_param_init(void); +BOOL check_domain_env(char *domain_env, char *domain); +BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); +void fill_domain_username(fstring name, const char *domain, const char *user); + +/* The following definitions come from nsswitch/winbindd_wins.c */ + +enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state); +enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state); + +#endif /* _WINBINDD_PROTO_H_ */ diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 2bb0e8c49f..d0d97cae49 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -23,9 +23,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Query display info for a domain. This returns enough information plus a bit extra to give an overview of domain users for the User Manager application. */ @@ -41,8 +38,6 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; int i; - DEBUG(3,("rpc: query_user_list\n")); - *num_entries = 0; *info = NULL; @@ -135,8 +130,6 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, *num_entries = 0; *info = NULL; - DEBUG(3,("rpc: enum_dom_groups\n")); - if (!(hnd = cm_get_sam_handle(domain->name))) { return NT_STATUS_UNSUCCESSFUL; } @@ -196,8 +189,6 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, uint32 *types = NULL; const char *full_name; - DEBUG(3,("rpc: name_to_sid name=%s\n", name)); - if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) { DEBUG(0, ("talloc_init failed!\n")); return NT_STATUS_NO_MEMORY; @@ -219,8 +210,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, &full_name, &sids, &types); - /* Return rid and type if lookup successful */ - + /* Return rid and type if lookup successful */ if (NT_STATUS_IS_OK(status)) { sid_copy(sid, &sids[0]); *type = types[0]; @@ -245,8 +235,6 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, uint32 *types; NTSTATUS status; - DEBUG(3,("rpc: sid_to_name\n")); - if (!(hnd = cm_get_lsa_handle(domain->name))) return NT_STATUS_UNSUCCESSFUL; @@ -279,8 +267,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain, BOOL got_dom_pol = False, got_user_pol = False; SAM_USERINFO_CTR *ctr; - DEBUG(3,("rpc: query_user rid=%u\n", user_rid)); - /* Get sam handle */ if (!(hnd = cm_get_sam_handle(domain->name))) goto done; @@ -309,9 +295,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain, result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 0x15, &ctr); - if (!NT_STATUS_IS_OK(result)) - goto done; - cli_samr_close(hnd->cli, mem_ctx, &user_pol); got_user_pol = False; @@ -346,8 +329,6 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, DOM_GID *user_groups; int i; - DEBUG(3,("rpc: lookup_usergroups rid=%u\n", user_rid)); - *num_groups = 0; /* First try cached universal groups from logon */ @@ -419,8 +400,6 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; BOOL got_dom_pol = False, got_group_pol = False; - DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid)); - *num_names = 0; /* Get sam handle */ @@ -523,8 +502,6 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) BOOL got_dom_pol = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - DEBUG(3,("rpc: sequence_number\n")); - *seq = DOM_SEQUENCE_NONE; if (!(mem_ctx = talloc_init_named("sequence_number[rpc]"))) @@ -580,9 +557,6 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, CLI_POLICY_HND *hnd; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 enum_ctx = 0; - uint32 pref_num_domains = 5; - - DEBUG(3,("rpc: trusted_domains\n")); *num_domains = 0; @@ -590,8 +564,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, goto done; result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, - &hnd->pol, &enum_ctx, &pref_num_domains, - num_domains, names, dom_sids); + &hnd->pol, &enum_ctx, num_domains, + names, dom_sids); done: return result; } @@ -604,8 +578,6 @@ static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) CLI_POLICY_HND *hnd; fstring level5_dom; - DEBUG(3,("rpc: domain_sid\n")); - if (!(mem_ctx = talloc_init_named("domain_sid[rpc]"))) return NT_STATUS_NO_MEMORY; diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 372898a08a..a41bf75916 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -21,9 +21,7 @@ */ #include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND +#include "sids.h" /* Convert a string */ diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index 55593d6ae5..d89717ad47 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -23,9 +23,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Fill a pwent structure with information we have obtained */ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index d5668a2bb6..06804b3b43 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -22,9 +22,7 @@ */ #include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND +#include "sids.h" /** * @file winbindd_util.c @@ -166,6 +164,9 @@ BOOL init_domain_list(void) DEBUG(1,("Added domain %s (%s)\n", domain->name, sid_string_static(&domain->sid))); + + /* this primes the connection */ + cache_methods.domain_sid(domain, &domain->sid); } } diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index 8f9a7414bd..af624170eb 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -23,9 +23,6 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - /* Use our own create socket code so we don't recurse.... */ static int wins_lookup_open_socket_in(void) @@ -87,18 +84,25 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) { int fd; struct in_addr *ret = NULL; - int j, flags = 0; + struct in_addr p; + int j; *count = 0; - /* always try with wins first */ - if (resolve_wins(name,0x20,&ret,count)) { - return ret; - } - fd = wins_lookup_open_socket_in(); - if (fd == -1) { + if (fd == -1) return NULL; + + p = wins_srv_ip(); + if( !is_zero_ip(p) ) { + ret = name_query(fd,name,0x20,False,True, p, count); + goto out; + } + + if (lp_wins_support()) { + /* we are our own WINS server */ + ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); + goto out; } /* uggh, we have to broadcast to each interface in turn */ @@ -106,10 +110,12 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) j >= 0; j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); + ret = name_query(fd,name,0x20,True,True,*bcast,count); if (ret) break; } + out: + close(fd); return ret; } diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 9bb2d6755c..2133f817d1 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -80,10 +80,14 @@ static void nss_wins_init(void) DEBUGLEVEL = 0; AllowDebugChange = False; + /* needed for lp_xx() functions */ + charset_initialise(); + TimeInit(); setup_logging("nss_wins",False); lp_load(dyn_CONFIGFILE,True,False,False); load_interfaces(); + codepage_initialise(lp_client_code_page()); } static struct node_status *lookup_byaddr_backend(char *addr, int *count) @@ -111,10 +115,10 @@ static struct node_status *lookup_byaddr_backend(char *addr, int *count) static struct in_addr *lookup_byname_backend(const char *name, int *count) { - int fd = -1; + int fd; struct in_addr *ret = NULL; struct in_addr p; - int j, flags = 0; + int j; if (!initialised) { nss_wins_init(); @@ -122,24 +126,33 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) *count = 0; - /* always try with wins first */ - if (resolve_wins(name,0x20,&ret,count)) { - return ret; - } - fd = wins_lookup_open_socket_in(); - if (fd == -1) { + if (fd == -1) return NULL; + + p = wins_srv_ip(); + if( !is_zero_ip(p) ) { + ret = name_query(fd,name,0x20,False,True, p, count); + goto out; + } + + if (lp_wins_support()) { + /* we are our own WINS server */ + ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); + goto out; } /* uggh, we have to broadcast to each interface in turn */ - for (j=iface_count() - 1;j >= 0;j--) { + for (j=iface_count() - 1; + j >= 0; + j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); + ret = name_query(fd,name,0x20,True,True,*bcast,count); if (ret) break; } -out: + out: + close(fd); return ret; } @@ -306,19 +319,5 @@ _nss_wins_gethostbyname_r(const char *name, struct hostent *he, return NSS_STATUS_SUCCESS; } - - -NSS_STATUS -_nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, - char *buffer, size_t buflen, int *errnop, - int *h_errnop) -{ - if(af!=AF_INET) { - *h_errnop = NO_DATA; - *errnop = EAFNOSUPPORT; - return NSS_STATUS_UNAVAIL; - } - - return _nss_wins_gethostbyname_r(name,he,buffer,buflen,errnop,h_errnop); -} #endif + |