diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/pam_winbind.c | 21 | ||||
| -rw-r--r-- | source3/nsswitch/pam_winbind.h | 3 | ||||
| -rw-r--r-- | source3/nsswitch/wb_common.c | 78 | ||||
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 104 | ||||
| -rw-r--r-- | source3/nsswitch/winbind_nss.c | 14 | ||||
| -rw-r--r-- | source3/nsswitch/winbind_nss_config.h | 12 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_ads.c | 8 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 44 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_nss.h | 3 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 6 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_proto.h | 142 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_rpc.c | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_util.c | 10 |
14 files changed, 272 insertions, 183 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index f95caefb4c..29ceca4e79 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -11,6 +11,11 @@ #include "pam_winbind.h" +/* prototypes from common.c */ +void init_request(struct winbindd_request *req,int rq_type); +int write_sock(void *buffer, int count); +int read_reply(struct winbindd_response *response); + /* data tokens */ #define MAX_PASSWD_TRIES 3 @@ -94,30 +99,24 @@ static int _make_remark(pam_handle_t * pamh, int type, const char *text) return retval; } -static int pam_winbind_request(enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response) +static int winbind_request(enum winbindd_cmd req_type, + struct winbindd_request *request, + struct winbindd_response *response) { - /* Fill in request and send down pipe */ init_request(request, req_type); if (write_sock(request, sizeof(*request)) == -1) { _pam_log(LOG_ERR, "write to socket failed!"); - close_sock(); return PAM_SERVICE_ERR; } /* Wait for reply */ if (read_reply(response) == -1) { _pam_log(LOG_ERR, "read from socket failed!"); - close_sock(); return PAM_SERVICE_ERR; } - /* We are done with the socket - close it and avoid mischeif */ - close_sock(); - /* Copy reply data from socket */ if (response->result != WINBINDD_OK) { if (response->data.auth.pam_error != PAM_SUCCESS) { @@ -149,7 +148,7 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) strncpy(request.data.auth.pass, pass, sizeof(request.data.auth.pass)-1); - retval = pam_winbind_request(WINBINDD_PAM_AUTH, &request, &response); + retval = winbind_request(WINBINDD_PAM_AUTH, &request, &response); switch (retval) { case PAM_AUTH_ERR: @@ -218,7 +217,7 @@ static int winbind_chauthtok_request(const char *user, const char *oldpass, request.data.chauthtok.newpass[0] = '\0'; } - return pam_winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response); + return winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response); } /* diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index fae635d806..9897249e16 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -90,4 +90,5 @@ do { \ #define on(x, y) (x & y) #define off(x, y) (!(x & y)) -#include "winbind_client.h" +#include "winbind_nss_config.h" +#include "winbindd_nss.h" diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 51792f63fe..9bc9faafb5 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -5,8 +5,6 @@ Copyright (C) Tim Potter 2000 Copyright (C) Andrew Tridgell 2000 - Copyright (C) Andrew Bartlett 2002 - This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -77,7 +75,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -void close_sock(void) +static void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -85,75 +83,14 @@ void close_sock(void) } } -/* Make sure socket handle isn't stdin, stdout or stderr */ -#define RECURSION_LIMIT 3 - -static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */) -{ - int new_fd; - if (fd >= 0 && fd <= 2) { -#ifdef F_DUPFD - if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { - return -1; - } - /* Parinoia */ - if (new_fd < 3) { - close(new_fd); - return -1; - } - close(fd); - return new_fd; -#else - if (limit <= 0) - return -1; - - new_fd = dup(fd); - if (new_fd == -1) - return -1; - - /* use the program stack to hold our list of FDs to close */ - new_fd = make_nonstd_fd_internals(new_fd, limit - 1); - close(fd); - return new_fd; -#endif - } - return fd; -} - -static int make_safe_fd(int fd) -{ - int result, flags; - int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); - if (new_fd == -1) { - close(fd); - return -1; - } - /* Socket should be closed on exec() */ - -#ifdef FD_CLOEXEC - result = flags = fcntl(new_fd, F_GETFD, 0); - if (flags >= 0) { - flags |= FD_CLOEXEC; - result = fcntl( new_fd, F_SETFD, flags ); - } - if (result < 0) { - close(new_fd); - return -1; - } -#endif - return new_fd; -} - /* Connect to winbindd socket */ int winbind_open_pipe_sock(void) { -#ifdef HAVE_UNIXSOCKET struct sockaddr_un sunaddr; static pid_t our_pid; struct stat st; pstring path; - int fd; if (our_pid != getpid()) { close_sock(); @@ -207,13 +144,9 @@ int winbind_open_pipe_sock(void) /* Connect to socket */ - if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { return -1; } - - if ((winbindd_fd = make_safe_fd( fd)) == -1) { - return winbindd_fd; - } if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { @@ -222,9 +155,6 @@ int winbind_open_pipe_sock(void) } return winbindd_fd; -#else - return -1; -#endif /* HAVE_UNIXSOCKET */ } /* Write data to winbindd socket */ @@ -436,8 +366,8 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response) /* Handle simple types of requests */ NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) + struct winbindd_request *request, + struct winbindd_response *response) { NSS_STATUS status; diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 875df231dc..4d36acc51b 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -28,7 +28,11 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -extern int winbindd_fd; +/* Prototypes from common.h */ + +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); static char winbind_separator(void) { @@ -446,10 +450,9 @@ static BOOL wbinfo_auth(char *username) d_printf("plaintext password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } @@ -501,10 +504,9 @@ static BOOL wbinfo_auth_crap(char *username) d_printf("challenge/response password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } @@ -606,17 +608,43 @@ static BOOL wbinfo_set_auth_user(char *username) static BOOL wbinfo_ping(void) { NSS_STATUS result; - + result = winbindd_request(WINBINDD_PING, NULL, NULL); /* Display response */ - d_printf("'ping' to winbindd %s on fd %d\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd); + d_printf("'ping' to winbindd %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); return result == NSS_STATUS_SUCCESS; } +/* Print program usage */ + +static void usage(void) +{ + d_printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm " + "| -[aA] user%%password\n"); + d_printf("\t-u\t\t\tlists all domain users\n"); + d_printf("\t-g\t\t\tlists all domain groups\n"); + d_printf("\t-n name\t\t\tconverts name to sid\n"); + d_printf("\t-s sid\t\t\tconverts sid to name\n"); + d_printf("\t-N name\t\t\tconverts NetBIOS name to IP (WINS)\n"); + d_printf("\t-I name\t\t\tconverts IP address to NetBIOS name (WINS)\n"); + d_printf("\t-U uid\t\t\tconverts uid to sid\n"); + d_printf("\t-G gid\t\t\tconverts gid to sid\n"); + d_printf("\t-S sid\t\t\tconverts sid to uid\n"); + d_printf("\t-Y sid\t\t\tconverts sid to gid\n"); + d_printf("\t-t\t\t\tcheck shared secret\n"); + d_printf("\t-m\t\t\tlist trusted domains\n"); + d_printf("\t-r user\t\t\tget user groups\n"); + d_printf("\t-a user%%password\tauthenticate user\n"); + d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); + d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n"); + d_printf("\t--sequence\t\tshow sequence numbers of all domains\n"); + d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n"); +} + /* Main program */ enum { @@ -636,28 +664,28 @@ int main(int argc, char **argv) int result = 1; struct poptOption long_options[] = { - POPT_AUTOHELP /* longName, shortName, argInfo, argPtr, value, descrip, argDesc */ - { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"}, - { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" }, - { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" }, - { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" }, - { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" }, - { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" }, - { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" }, - { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" }, - { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" }, - { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" }, - { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, - { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, - { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" }, - { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" }, - { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, - { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, - { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" }, + { "help", 'h', POPT_ARG_NONE, 0, 'h' }, + { "domain-users", 'u', POPT_ARG_NONE, 0, 'u' }, + { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' }, + { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N' }, + { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I' }, + { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' }, + { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' }, + { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' }, + { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' }, + { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' }, + { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' }, + { "check-secret", 't', POPT_ARG_NONE, 0, 't' }, + { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' }, + { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE }, + { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' }, + { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' }, + { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, + { "ping", 'p', POPT_ARG_NONE, 0, 'p' }, { 0, 0, 0, 0 } }; @@ -680,17 +708,17 @@ int main(int argc, char **argv) load_interfaces(); - /* Parse options */ - - pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); - /* Parse command line options */ if (argc == 1) { - poptPrintHelp(pc, stderr, 0); + usage(); return 1; } + /* Parse options */ + + pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { if (got_command) { d_fprintf(stderr, "No more than one command may be specified at once.\n"); @@ -706,6 +734,10 @@ int main(int argc, char **argv) while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { + case 'h': + usage(); + result = 0; + goto done; case 'u': if (!print_domain_users()) { d_printf("Error looking up domain users\n"); @@ -827,7 +859,7 @@ int main(int argc, char **argv) break; default: d_fprintf(stderr, "Invalid option\n"); - poptPrintHelp(pc, stderr, 0); + usage(); goto done; } } diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index 0b4c0ce1d0..594b5fbadb 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -21,7 +21,8 @@ Boston, MA 02111-1307, USA. */ -#include "winbind_client.h" +#include "winbind_nss_config.h" +#include "winbindd_nss.h" #ifdef HAVE_NS_API_H #undef VOLATILE @@ -36,6 +37,17 @@ extern int winbindd_fd; +void init_request(struct winbindd_request *req,int rq_type); +NSS_STATUS winbindd_send_request(int req_type, + struct winbindd_request *request); +NSS_STATUS winbindd_get_response(struct winbindd_response *response); +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); +int winbind_open_pipe_sock(void); +int write_sock(void *buffer, int count); +int read_reply(struct winbindd_response *response); +void free_response(struct winbindd_response *response); #ifdef HAVE_NS_API_H /* IRIX version */ diff --git a/source3/nsswitch/winbind_nss_config.h b/source3/nsswitch/winbind_nss_config.h index d9a9b8aaae..b9c738211e 100644 --- a/source3/nsswitch/winbind_nss_config.h +++ b/source3/nsswitch/winbind_nss_config.h @@ -38,10 +38,6 @@ #include <unistd.h> #endif -#ifdef HAVE_SYS_SELECT_H -#include <sys/select.h> -#endif - #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif @@ -62,14 +58,6 @@ #include <string.h> #endif -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#else -#ifdef HAVE_SYS_FCNTL_H -#include <sys/fcntl.h> -#endif -#endif - #include <sys/types.h> #include <sys/stat.h> #include <errno.h> diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index bb4a1b78ec..256c0203c0 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -628,8 +628,8 @@ static void process_loop(int accept_sock) if (state->read_buf_len >= sizeof(uint32) && *(uint32 *) &state->request != sizeof(state->request)) { - DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n", - state->request.pid, *(uint32 *) &state->request, sizeof(state->request))); + DEBUG(0,("process_loop: Invalid request size (%d) send, should be (%d)\n", + *(uint32 *) &state->request, sizeof(state->request))); remove_client(state); break; @@ -858,7 +858,6 @@ static void usage(void) pidfile_create("winbindd"); } - #if HAVE_SETPGID /* * If we're interactive we want to set our own process group for diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 4f91ed0f20..b0b70178a4 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -143,7 +143,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) /* if we get ECONNREFUSED then it might be a NT4 server, fall back to MSRPC */ if (status.error_type == ADS_ERROR_SYSTEM && - status.err.rc == ECONNREFUSED) { + status.rc == ECONNREFUSED) { DEBUG(1,("Trying MSRPC methods\n")); domain->methods = &msrpc_methods; } @@ -170,9 +170,9 @@ static void sid_from_rid(struct winbindd_domain *domain, uint32 rid, DOM_SID *si static enum SID_NAME_USE ads_atype_map(uint32 atype) { switch (atype & 0xF0000000) { - case ATYPE_GLOBAL_GROUP: + case ATYPE_GROUP: return SID_NAME_DOM_GRP; - case ATYPE_ACCOUNT: + case ATYPE_USER: return SID_NAME_USER; default: DEBUG(1,("hmm, need to map account type 0x%x\n", atype)); @@ -339,7 +339,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, if (!ads_pull_uint32(ads, msg, "sAMAccountType", &account_type) || - !(account_type & ATYPE_GLOBAL_GROUP)) continue; + !(account_type & ATYPE_GROUP)) continue; name = pull_username(ads, mem_ctx, msg); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 01f5569889..2dec9f0558 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -109,7 +109,7 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr } /* we don't need to bind, just connect */ - ads->auth.flags |= ADS_AUTH_NO_BIND; + ads->auth.no_bind = 1; DEBUG(4,("cm_ads_find_dc: domain=%s\n", domain)); @@ -145,16 +145,11 @@ static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr /* Lookup domain controller name. Try the real PDC first to avoid SAM sync delays */ - if (get_dc_list(True, domain, &ip_list, &count) && - name_status_find(domain, 0x1c, 0x20, ip_list[0], srv_name)) { - *dc_ip = ip_list[0]; - SAFE_FREE(ip_list); - return True; - } - - if (!get_dc_list(False, domain, &ip_list, &count)) { - DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); - return False; + if (!get_dc_list(True, domain, &ip_list, &count)) { + if (!get_dc_list(False, domain, &ip_list, &count)) { + DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); + return False; + } } /* Pick a nice close server */ @@ -382,6 +377,16 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, fstrcpy(new_conn->domain, domain); fstrcpy(new_conn->pipe_name, pipe_name); + /* Look for a domain controller for this domain. Negative results + are cached so don't bother applying the caching for this + function just yet. */ + + if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) { + result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + add_failed_connection_entry(new_conn, result); + return result; + } + /* Return false if we have tried to look up this domain and netbios name before and failed. */ @@ -413,16 +418,6 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, return result; } - /* Look for a domain controller for this domain. Negative results - are cached so don't bother applying the caching for this - function just yet. */ - - if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) { - result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - add_failed_connection_entry(new_conn, result); - return result; - } - /* Initialise SMB connection */ cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password); @@ -864,7 +859,6 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, { NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct winbindd_cm_conn *conn; - uint32 neg_flags = 0x000001ff; if (!cli) { return NT_STATUS_INVALID_PARAMETER; @@ -876,7 +870,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, return result; } - result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2); + result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("error connecting to domain password server: %s\n", @@ -889,7 +884,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, } /* Try again */ - result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2); + result = cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); } if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 368bf10cea..9eea94e7c0 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -127,9 +127,6 @@ struct winbindd_request { uid_t uid; /* getpwuid, uid_to_sid */ gid_t gid; /* getgrgid, gid_to_sid */ struct { - /* We deliberatedly don't split into domain/user to - avoid having the client know what the separator - character is. */ fstring user; fstring pass; } auth; /* pam_winbind auth module */ diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 3e7a8ad971..a8b508a49c 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -147,7 +147,7 @@ done: fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", + DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authenticaion for user %s returned %s (PAM: %d)\n", state->request.data.auth.user, state->response.data.auth.nt_status_string, state->response.data.auth.pam_error)); @@ -183,7 +183,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) /* Ensure null termination */ state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]='\0'; - if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth_crap.user))) { + if (!(mem_ctx = talloc_init_named("winbind pam auth crap for (utf8) %s", state->request.data.auth.user))) { DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -292,7 +292,7 @@ done: state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, - ("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n", + ("NTLM CRAP authenticaion for user [%s]\\[%s] returned %s (PAM: %d)\n", domain, user, state->response.data.auth.nt_status_string, diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h new file mode 100644 index 0000000000..ef44fb655e --- /dev/null +++ b/source3/nsswitch/winbindd_proto.h @@ -0,0 +1,142 @@ +#ifndef _WINBINDD_PROTO_H_ +#define _WINBINDD_PROTO_H_ + +/* This file is automatically generated with "make proto". DO NOT EDIT */ + + +/* The following definitions come from nsswitch/winbindd.c */ + +void winbind_process_packet(struct winbindd_cli_state *state); +void winbind_client_read(struct winbindd_cli_state *state); +int winbind_setup_common(void); + +/* The following definitions come from nsswitch/winbindd_ads.c */ + +ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, + const char *exp, + const char **attrs, void **res); +ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, + const char *exp, + const char **attrs); +ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, + const char *dn, + const char **attrs); + +/* The following definitions come from nsswitch/winbindd_cache.c */ + +void wcache_flush_cache(void); +void winbindd_check_cache_size(time_t t); +struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status); + +/* The following definitions come from nsswitch/winbindd_cm.c */ + +CLI_POLICY_HND *cm_get_lsa_handle(char *domain); +CLI_POLICY_HND *cm_get_sam_handle(char *domain); +CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid); +CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, + uint32 user_rid); +CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, + uint32 group_rid); +NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, + struct cli_state **cli); +void winbindd_cm_status(void); + +/* The following definitions come from nsswitch/winbindd_dual.c */ + +int dual_select_setup(fd_set *fds, int maxfd); +void dual_select(fd_set *fds); +void dual_send_request(struct winbindd_cli_state *state); +void do_dual_daemon(void); + +/* The following definitions come from nsswitch/winbindd_group.c */ + +enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_idmap.c */ + +BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid); +BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid); +BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid); +BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid); +BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup); +BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid); +BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid); +BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, + struct winbindd_domain **domain); +BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, + struct winbindd_domain **domain); +BOOL winbindd_idmap_init(void); +BOOL winbindd_idmap_close(void); +void winbindd_idmap_status(void); + +/* The following definitions come from nsswitch/winbindd_misc.c */ + +enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state + *state); +enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state); +enum winbindd_result winbindd_ping(struct winbindd_cli_state + *state); +enum winbindd_result winbindd_info(struct winbindd_cli_state *state); +enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state); +enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_pam.c */ + +enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_rpc.c */ + + +/* The following definitions come from nsswitch/winbindd_sid.c */ + +enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state); +enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_user.c */ + +enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) ; +enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state); +enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state); +enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state); + +/* The following definitions come from nsswitch/winbindd_util.c */ + +struct winbindd_domain *domain_list(void); +void free_domain_list(void); +BOOL init_domain_list(void); +struct winbindd_domain *find_domain_from_name(const char *domain_name); +struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); +BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, + const char *name, DOM_SID *sid, + enum SID_NAME_USE *type); +BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, + fstring dom_name, + fstring name, + enum SID_NAME_USE *type); +void free_getent_state(struct getent_state *state); +BOOL winbindd_param_init(void); +BOOL check_domain_env(char *domain_env, char *domain); +BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); +void fill_domain_username(fstring name, const char *domain, const char *user); + +/* The following definitions come from nsswitch/winbindd_wins.c */ + +enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state); +enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state); + +#endif /* _WINBINDD_PROTO_H_ */ diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 047280e21e..5ec34f663d 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -315,7 +315,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain, cli_samr_close(hnd->cli, mem_ctx, &user_pol); got_user_pol = False; - user_info->user_rid = user_rid; user_info->group_rid = ctr->info.id21->group_rid; user_info->acct_name = unistr2_tdup(mem_ctx, &ctr->info.id21->uni_user_name); @@ -420,7 +419,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; BOOL got_dom_pol = False, got_group_pol = False; - DEBUG(10,("rpc: lookup_groupmem %s rid=%u\n", domain->name, group_rid)); + DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid)); *num_names = 0; @@ -524,7 +523,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) BOOL got_dom_pol = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name)); + DEBUG(3,("rpc: sequence_number\n")); *seq = DOM_SEQUENCE_NONE; diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 2016c27881..daa3abb340 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -83,16 +83,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const /* We can't call domain_list() as this function is called from init_domain_list() and we'll get stuck in a loop. */ for (domain = _domain_list; domain; domain = domain->next) { - if (strcasecmp(domain_name, domain->name) == 0 || - strcasecmp(domain_name, domain->alt_name) == 0) { + if (strcmp(domain_name, domain->name) == 0 || + strcmp(domain_name, domain->alt_name) == 0) { return domain; } - if (alt_name && *alt_name) { - if (strcasecmp(alt_name, domain->name) == 0 || - strcasecmp(alt_name, domain->alt_name) == 0) { - return domain; - } - } } /* Create new domain entry */ |