diff options
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/wb_client.c | 70 | ||||
-rw-r--r-- | source3/nsswitch/wbinfo.c | 13 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 21 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_proto.h | 2 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_user.c | 10 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 56 |
7 files changed, 138 insertions, 46 deletions
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 7bfa65176c..04734c7f8e 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -32,21 +32,47 @@ NSS_STATUS winbindd_request(int req_type, /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the form DOMAIN/user into a domain and a user */ +extern fstring global_myworkgroup; static BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) { char *p = strchr(domuser,*lp_winbind_separator()); - if (!p) + if (!(p || lp_winbind_use_default_domain())) return False; - - fstrcpy(user, p+1); - fstrcpy(domain, domuser); - domain[PTR_DIFF(p, domuser)] = 0; + + if(!p && lp_winbind_use_default_domain()) { + fstrcpy(user, domuser); + fstrcpy(domain, global_myworkgroup); + } else { + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + } strupper(domain); return True; } +/* + Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and + 'winbind separator' options. + This means: + - omit DOMAIN when 'winbind use default domain = true' and DOMAIN is + global_myworkgroup + +*/ +static void fill_domain_username(fstring name, const char *domain, const char *user) +{ + if(lp_winbind_use_default_domain() && + !strcmp(global_myworkgroup, domain)) { + strlcpy(name, user, sizeof(fstring)); + } else { + slprintf(name, sizeof(fstring) - 1, "%s%s%s", + domain, lp_winbind_separator(), + user); + } +} + /* Call winbindd to convert a name to a sid */ BOOL winbind_lookup_name(const char *name, DOM_SID *sid, @@ -60,10 +86,11 @@ BOOL winbind_lookup_name(const char *name, DOM_SID *sid, return False; /* - * Don't do the lookup if the name has no separator. + * Don't do the lookup if the name has no separator _and_ we are not in + * 'winbind use default domain' mode. */ - if (!strchr(name, *lp_winbind_separator())) + if (!(strchr(name, *lp_winbind_separator()) || lp_winbind_use_default_domain())) return False; /* Send off request */ @@ -291,7 +318,7 @@ int winbind_initgroups(char *user, gid_t gid) /* Call normal initgroups if we are a local user */ - if (!strchr(user, *lp_winbind_separator())) { + if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain())) { return initgroups(user, gid); } @@ -337,11 +364,17 @@ int winbind_initgroups(char *user, gid_t gid) } } else { - - /* The call failed. Set errno to something so we don't get - a bogus value from the last failed system call. */ - - errno = EIO; + /* The call failed but if 'winbind use default domain' is 'true', we + should call normal initgroups. */ + + if (lp_winbind_use_default_domain()) { + return initgroups(user, gid); + } else { + /* The call failed. Set errno to something so we don't get + a bogus value from the last failed system call. */ + + errno = EIO; + } } /* Free response data if necessary */ @@ -363,10 +396,11 @@ int winbind_getgroups(const char *user, int size, gid_t *list) int result, i; /* - * Don't do the lookup if the name has no separator. + * Don't do the lookup if the name has no separator _and_ we are not in + * 'winbind use default domain' mode. */ - if (!strchr(user, *lp_winbind_separator())) + if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain())) return -1; /* Fetch list of groups */ @@ -410,8 +444,7 @@ BOOL winbind_uidtoname(fstring name, uid_t uid) if (name_type != SID_NAME_USER) return False; - slprintf(name, sizeof(fstring)-1, "%s%s%s", dom_name, - lp_winbind_separator(), user_name); + fill_domain_username(name, dom_name, user_name); return True; } @@ -433,8 +466,7 @@ BOOL winbind_gidtoname(fstring name, gid_t gid) if (name_type != SID_NAME_DOM_GRP) return False; - slprintf(name, sizeof(fstring)-1, "%s%s%s", dom_name, - lp_winbind_separator(), group_name); + fill_domain_username(name, dom_name, group_name); return True; } diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index ab5d98bf9e..c6a0b040cb 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -66,8 +66,11 @@ static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain, fstrin char *p = strchr(domuser,get_winbind_separator()); - if (!p) - return False; + if (!p) { + fstrcpy(user, domuser); + domain[0]=0; + return True; + } fstrcpy(user, p+1); fstrcpy(domain, domuser); @@ -361,17 +364,11 @@ static BOOL wbinfo_auth_crap(char *username) fstring name_domain; fstring pass; char *p; - char sep = get_winbind_separator(); /* * Don't do the lookup if the name has no separator. */ - if (!strchr(username, sep)) { - printf("no domain seperator (%c) in username - failing\n", sep); - return False; - } - /* Send off request */ ZERO_STRUCT(request); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index cd4254acfc..a70f94781e 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -128,8 +128,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, /* Append domain name */ - snprintf(name, sizeof(name), "%s%s%s", domain->name, - lp_winbind_separator(), the_name); + fill_domain_username(name, domain->name, the_name); len = strlen(name); @@ -299,6 +298,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) if (strcmp(lp_winbind_separator(),"\\")) string_sub(group_name, "\\", lp_winbind_separator(), sizeof(fstring)); + strip_domain_name_if_needed(&group_name); if (!((name_type == SID_NAME_ALIAS) || (name_type == SID_NAME_DOM_GRP))) { @@ -558,10 +558,9 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) /* Fill in group entry */ - slprintf(domain_group_name, sizeof(domain_group_name) - 1, - "%s%s%s", ent->domain_name, lp_winbind_separator(), + fill_domain_username(domain_group_name, ent->domain_name, name_list[ent->sam_entry_index].acct_name); - + result = fill_grent(&group_list[group_list_ndx], domain_group_name, group_gid); @@ -732,8 +731,7 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) groups.sam_entries)[i].acct_name; fstring name; - snprintf(name, sizeof(name), "%s%s%s", domain->name, - lp_winbind_separator(), group_name); + fill_domain_username(name, domain->name, group_name); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 95f0d527bb..87c5d0fb4b 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -56,7 +56,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) if (!parse_domain_user(state->request.data.auth.user, name_domain, name_user)) { - DEBUG(5,("no domain seperator (%s) in username (%s) - failing fauth\n", lp_winbind_separator(), state->request.data.auth.user)); + DEBUG(5,("no domain seperator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; } @@ -131,6 +131,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) NET_USER_INFO_3 info3; struct cli_state *cli = NULL; TALLOC_CTX *mem_ctx; + const char *domain = NULL; DATA_BLOB lm_resp, nt_resp; @@ -144,6 +145,22 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + if (*state->request.data.auth_crap.domain) { + domain = talloc_strdup(mem_ctx, state->request.data.auth_crap.domain); + } else if (lp_winbind_use_default_domain()) { + domain = talloc_strdup(mem_ctx, lp_workgroup()); + } else { + DEBUG(5,("no domain specified with username (%s) - failing auth\n", state->request.data.auth.user)); + talloc_destroy(mem_ctx); + return WINBINDD_ERROR; + } + + if (!domain) { + DEBUG(0,("winbindd_pam_auth_crap: talloc_strdup failed!\n")); + talloc_destroy(mem_ctx); + return WINBINDD_ERROR; + } + lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); @@ -169,7 +186,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) } result = cli_netlogon_sam_network_logon(cli, mem_ctx, - state->request.data.auth_crap.user, state->request.data.auth_crap.domain, + state->request.data.auth_crap.user, domain, global_myname, state->request.data.auth_crap.chal, lm_resp, nt_resp, &info3); diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index bfadcc9a6c..565c08f549 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -117,4 +117,6 @@ void free_getent_state(struct getent_state *state); BOOL winbindd_param_init(void); BOOL check_domain_env(char *domain_env, char *domain); BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); +void strip_domain_name_if_needed(fstring *name); +void fill_domain_username(fstring name, const char *domain, const char *user); #endif /* _PROTO_H_ */ diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index e5cacbb989..6a825c81f4 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -217,6 +217,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) if (strcmp("\\", lp_winbind_separator())) string_sub(user_name, "\\", lp_winbind_separator(), sizeof(fstring)); + strip_domain_name_if_needed(&user_name); /* Get some user info */ @@ -500,9 +501,8 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state) /* Lookup user info */ - slprintf(domain_user_name, sizeof(domain_user_name) - 1, - "%s%s%s", ent->domain_name, sep, - name_list[ent->sam_entry_index].name); + fill_domain_username(domain_user_name, ent->domain_name, + name_list[ent->sam_entry_index].name); result = winbindd_fill_pwent( ent->domain_name, @@ -596,9 +596,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) fstrcpy(acct_name, info[i].acct_name); } - slprintf(name, sizeof(name) - 1, "%s%s%s", - domain->name, lp_winbind_separator(), - acct_name); + fill_domain_username(name, domain->name, acct_name); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index f90e89c23f..640b581ce3 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -348,17 +348,65 @@ BOOL check_domain_env(char *domain_env, char *domain) } /* Parse a string of the form DOMAIN/user into a domain and a user */ +extern fstring global_myworkgroup; BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) { char *p = strchr(domuser,*lp_winbind_separator()); - if (!p) + if (!(p || lp_winbind_use_default_domain())) return False; - fstrcpy(user, p+1); - fstrcpy(domain, domuser); - domain[PTR_DIFF(p, domuser)] = 0; + if(!p && lp_winbind_use_default_domain()) { + fstrcpy(user, domuser); + fstrcpy(domain, global_myworkgroup); + } else { + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + } strupper(domain); return True; } + +/* + Strip domain name if it is same as default domain name and + winbind use default domain = true + + it assumes that name is actually fstring so that memory management + isn't needed. +*/ +void strip_domain_name_if_needed(fstring *name) +{ + if(lp_winbind_use_default_domain()) { + char *sep = lp_winbind_separator(); + char *new_name = strchr(*name, *sep); + if(new_name) { + *new_name = 0; + if (!strcmp(global_myworkgroup, *name)) { + new_name++; + safe_strcpy(*name, new_name, sizeof(fstring)); + } else *new_name = *sep; + } + } +} + +/* + Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and + 'winbind separator' options. + This means: + - omit DOMAIN when 'winbind use default domain = true' and DOMAIN is + global_myworkgroup + +*/ +void fill_domain_username(fstring name, const char *domain, const char *user) +{ + if(lp_winbind_use_default_domain() && + !strcmp(global_myworkgroup, domain)) { + strlcpy(name, user, sizeof(fstring)); + } else { + slprintf(name, sizeof(fstring) - 1, "%s%s%s", + domain, lp_winbind_separator(), + user); + } +} |