diff options
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd.h | 5 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 24 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_proto.h | 4 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_rpc.c | 130 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 73 |
5 files changed, 142 insertions, 94 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index c4a7c82bc6..9de23b986d 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -94,7 +94,10 @@ struct winbindd_methods { uint32 *start_ndx, uint32 *num_entries, WINBIND_DISPINFO **info); - + NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *start_ndx, uint32 *num_entries, + struct acct_info **info); }; /* Structures to hold per domain information */ diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index e65d2bc29e..a183f25926 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -511,28 +511,16 @@ static BOOL get_sam_group_entries(struct getent_state *ent) do { struct acct_info *sam_grp_entries = NULL; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - CLI_POLICY_HND *hnd; - POLICY_HND dom_pol; num_entries = 0; - if (!(hnd = cm_get_sam_handle(ent->domain->name))) - break; - - status = cli_samr_open_domain(hnd->cli, mem_ctx, - &hnd->pol, des_access, &ent->domain->sid, &dom_pol); - - if (!NT_STATUS_IS_OK(status)) - break; - - status = cli_samr_enum_dom_groups( - hnd->cli, mem_ctx, &dom_pol, - &ent->grp_query_start_ndx, - 0x8000, /* buffer size? */ - (struct acct_info **) &sam_grp_entries, &num_entries); + status = ent->domain->methods->enum_dom_groups(ent->domain, + mem_ctx, + &ent->grp_query_start_ndx, + &num_entries, + &sam_grp_entries); - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); + if (!NT_STATUS_IS_OK(status)) break; /* Copy entries into return buffer */ diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index fc8377697a..8c71e70dc2 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -150,10 +150,6 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain, uint32 **name_types); void free_getent_state(struct getent_state *state); BOOL winbindd_param_init(void); -NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *start_ndx, uint32 *num_entries, - WINBIND_DISPINFO **info); BOOL check_domain_env(char *domain_env, char *domain); void parse_domain_user(char *domuser, fstring domain, fstring user); #endif /* _PROTO_H_ */ diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c new file mode 100644 index 0000000000..6b86ebd2da --- /dev/null +++ b/source3/nsswitch/winbindd_rpc.c @@ -0,0 +1,130 @@ +/* + Unix SMB/Netbios implementation. + + Winbind rpc backend functions + + Copyright (C) Tim Potter 2000-2001 + Copyright (C) Andrew Tridgell 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "winbindd.h" + +/* Query display info for a domain. This returns enough information plus a + bit extra to give an overview of domain users for the User Manager + application. */ +static NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *start_ndx, uint32 *num_entries, + WINBIND_DISPINFO **info) +{ + CLI_POLICY_HND *hnd; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + POLICY_HND dom_pol; + BOOL got_dom_pol = False; + uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; + SAM_DISPINFO_CTR ctr; + SAM_DISPINFO_1 info1; + int i; + + /* Get sam handle */ + + if (!(hnd = cm_get_sam_handle(domain->name))) + goto done; + + /* Get domain handle */ + + result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, + des_access, &domain->sid, &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + got_dom_pol = True; + + ctr.sam.info1 = &info1; + + /* Query display info level 1 */ + result = cli_samr_query_dispinfo(hnd->cli, mem_ctx, + &dom_pol, start_ndx, 1, + num_entries, 0xffff, &ctr); + + /* now map the result into the WINBIND_DISPINFO structure */ + (*info) = (WINBIND_DISPINFO *)talloc(mem_ctx, (*num_entries)*sizeof(WINBIND_DISPINFO)); + if (!(*info)) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0;i<*num_entries;i++) { + (*info)[i].acct_name = unistr2_tdup(mem_ctx, &info1.str[i].uni_acct_name); + (*info)[i].full_name = unistr2_tdup(mem_ctx, &info1.str[i].uni_full_name); + (*info)[i].user_rid = info1.sam[i].rid_user; + /* For the moment we set the primary group for every user to be the + Domain Users group. There are serious problems with determining + the actual primary group for large domains. This should really + be made into a 'winbind force group' smb.conf parameter or + something like that. */ + (*info)[i].group_rid = DOMAIN_GROUP_RID_USERS; + } + + done: + + if (got_dom_pol) + cli_samr_close(hnd->cli, mem_ctx, &dom_pol); + + return result; +} + +/* list all domain groups */ +static NTSTATUS winbindd_enum_dom_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *start_ndx, uint32 *num_entries, + struct acct_info **info) +{ + uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; + CLI_POLICY_HND *hnd; + POLICY_HND dom_pol; + NTSTATUS status; + + *num_entries = 0; + + if (!(hnd = cm_get_sam_handle(domain->name))) { + return NT_STATUS_UNSUCCESSFUL; + } + + status = cli_samr_open_domain(hnd->cli, mem_ctx, + &hnd->pol, des_access, &domain->sid, &dom_pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = cli_samr_enum_dom_groups(hnd->cli, mem_ctx, &dom_pol, + start_ndx, + 0x8000, /* buffer size? */ + info, num_entries); + + cli_samr_close(hnd->cli, mem_ctx, &dom_pol); + + return status; +} + + +/* the rpc backend methods are exposed via this structure */ +struct winbindd_methods msrpc_methods = { + winbindd_query_dispinfo, + winbindd_enum_dom_groups +}; + diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 41eb8b9d28..258a940225 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -42,10 +42,6 @@ static const fstring name_deadbeef = "<deadbeef>"; /* Globals for domain list stuff */ struct winbindd_domain *domain_list = NULL; -static struct winbindd_methods msrpc_methods = { - winbindd_query_dispinfo -}; - /* Given a domain name, return the struct winbindd domain info for it if it is actually working. */ @@ -138,6 +134,7 @@ BOOL get_domain_info(void) fstring level5_dom; BOOL rv = False; TALLOC_CTX *mem_ctx; + extern struct winbindd_methods msrpc_methods; DEBUG(1, ("getting trusted domain list\n")); @@ -163,7 +160,7 @@ BOOL get_domain_info(void) goto done; result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, - &hnd->pol, &enum_ctx, &num_doms, &domains, &sids); + &hnd->pol, &enum_ctx, &num_doms, &domains, &sids); if (!NT_STATUS_IS_OK(result)) goto done; @@ -789,72 +786,6 @@ BOOL winbindd_param_init(void) return True; } -/* Query display info for a domain. This returns enough information plus a - bit extra to give an overview of domain users for the User Manager - application. */ - -NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *start_ndx, uint32 *num_entries, - WINBIND_DISPINFO **info) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol; - BOOL got_dom_pol = False; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - SAM_DISPINFO_CTR ctr; - SAM_DISPINFO_1 info1; - int i; - - /* Get sam handle */ - - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - ctr.sam.info1 = &info1; - - /* Query display info level 1 */ - result = cli_samr_query_dispinfo(hnd->cli, mem_ctx, - &dom_pol, start_ndx, 1, - num_entries, 0xffff, &ctr); - - /* now map the result into the WINBIND_DISPINFO structure */ - (*info) = (WINBIND_DISPINFO *)talloc(mem_ctx, (*num_entries)*sizeof(WINBIND_DISPINFO)); - if (!(*info)) { - return NT_STATUS_NO_MEMORY; - } - - for (i=0;i<*num_entries;i++) { - (*info)[i].acct_name = unistr2_tdup(mem_ctx, &info1.str[i].uni_acct_name); - (*info)[i].full_name = unistr2_tdup(mem_ctx, &info1.str[i].uni_full_name); - (*info)[i].user_rid = info1.sam[i].rid_user; - /* For the moment we set the primary group for every user to be the - Domain Users group. There are serious problems with determining - the actual primary group for large domains. This should really - be made into a 'winbind force group' smb.conf parameter or - something like that. */ - (*info)[i].group_rid = DOMAIN_GROUP_RID_USERS; - } - - done: - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - /* Check if a domain is present in a comma-separated list of domains */ BOOL check_domain_env(char *domain_env, char *domain) |