diff options
Diffstat (limited to 'source3/winbindd')
| -rw-r--r-- | source3/winbindd/idmap_adex/provider_unified.c | 1 | ||||
| -rw-r--r-- | source3/winbindd/idmap_ldap.c | 1 | ||||
| -rw-r--r-- | source3/winbindd/nss_info.c | 36 | ||||
| -rw-r--r-- | source3/winbindd/wb_fill_pwent.c | 47 | ||||
| -rw-r--r-- | source3/winbindd/wb_getpwsid.c | 89 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cache.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_change_machine_acct.c | 93 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_check_machine_acct.c | 11 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_dual.c | 8 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_dual_srv.c | 70 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 19 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 15 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_rpc.c | 21 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_user.c | 39 |
16 files changed, 290 insertions, 166 deletions
diff --git a/source3/winbindd/idmap_adex/provider_unified.c b/source3/winbindd/idmap_adex/provider_unified.c index b6652f4e49..af33405747 100644 --- a/source3/winbindd/idmap_adex/provider_unified.c +++ b/source3/winbindd/idmap_adex/provider_unified.c @@ -440,7 +440,6 @@ done: } talloc_destroy(frame); - TALLOC_FREE(entry_dn); return nt_status; } diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 3d1dd488d6..375c04a0bf 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -131,6 +131,7 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, DEBUG(2, ("get_credentials: Failed to lookup ldap " "bind creds. Using anonymous connection.\n")); anon = True; + *dn = NULL; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 382aa86df0..663fc9a2a5 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -164,23 +164,25 @@ static NTSTATUS nss_domain_list_add_domain(const char *domain, to initialize the state on a per domain basis. *******************************************************************/ - NTSTATUS nss_init( const char **nss_list ) +static NTSTATUS nss_init(const char **nss_list) { NTSTATUS status; - static NTSTATUS nss_initialized = NT_STATUS_UNSUCCESSFUL; + static bool nss_initialized = false; int i; char *backend, *domain; struct nss_function_entry *nss_backend; /* check for previous successful initializations */ - if ( NT_STATUS_IS_OK(nss_initialized) ) + if (nss_initialized) { return NT_STATUS_OK; + } - /* The "template" backend should alqays be registered as it + /* The "template" backend should always be registered as it is a static module */ - if ( (nss_backend = nss_get_backend( "template" )) == NULL ) { + nss_backend = nss_get_backend("template"); + if (nss_backend == NULL) { static_init_nss_info; } @@ -200,19 +202,21 @@ static NTSTATUS nss_domain_list_add_domain(const char *domain, /* validate the backend */ - if ( (nss_backend = nss_get_backend( backend )) == NULL ) { + nss_backend = nss_get_backend(backend); + if (nss_backend == NULL) { /* attempt to register the backend */ status = smb_probe_module( "nss_info", backend ); if ( !NT_STATUS_IS_OK(status) ) { continue; } + } - /* try again */ - if ( (nss_backend = nss_get_backend( backend )) == NULL ) { - DEBUG(0,("nss_init: unregistered backend %s!. Skipping\n", - backend)); - continue; - } + /* try again */ + nss_backend = nss_get_backend(backend); + if (nss_backend == NULL) { + DEBUG(0, ("nss_init: unregistered backend %s!. " + "Skipping\n", backend)); + continue; } /* @@ -241,10 +245,10 @@ static NTSTATUS nss_domain_list_add_domain(const char *domain, "Defaulting to \"template\".\n")); - /* we shouild default to use template here */ + /* we should default to use template here */ } - nss_initialized = NT_STATUS_OK; + nss_initialized = true; return NT_STATUS_OK; } @@ -259,8 +263,8 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) status = nss_init( lp_winbind_nss_info() ); if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(4,("nss_get_info: Failed to init nss_info API (%s)!\n", - nt_errstr(status))); + DEBUG(4,("find_nss_domain: Failed to init nss_info API " + "(%s)!\n", nt_errstr(status))); return NULL; } diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c index 4f4819ca23..8998bf991d 100644 --- a/source3/winbindd/wb_fill_pwent.c +++ b/source3/winbindd/wb_fill_pwent.c @@ -27,6 +27,14 @@ struct wb_fill_pwent_state { struct winbindd_pw *pw; }; +static bool fillup_pw_field(const char *lp_template, + const char *username, + const char *domname, + uid_t uid, + gid_t gid, + const char *in, + fstring out); + static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq); static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq); @@ -153,3 +161,42 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req) { return tevent_req_simple_recv_ntstatus(req); } + +static bool fillup_pw_field(const char *lp_template, + const char *username, + const char *domname, + uid_t uid, + gid_t gid, + const char *in, + fstring out) +{ + char *templ; + + if (out == NULL) + return False; + + /* The substitution of %U and %D in the 'template + homedir' is done by talloc_sub_specified() below. + If we have an in string (which means the value has already + been set in the nss_info backend), then use that. + Otherwise use the template value passed in. */ + + if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) { + templ = talloc_sub_specified(talloc_tos(), in, + username, domname, + uid, gid); + } else { + templ = talloc_sub_specified(talloc_tos(), lp_template, + username, domname, + uid, gid); + } + + if (!templ) + return False; + + safe_strcpy(out, templ, sizeof(fstring) - 1); + TALLOC_FREE(templ); + + return True; + +} diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c index 1295d5bcbc..4ccc51ae18 100644 --- a/source3/winbindd/wb_getpwsid.c +++ b/source3/winbindd/wb_getpwsid.c @@ -31,8 +31,7 @@ struct wb_getpwsid_state { static void wb_getpwsid_queryuser_done(struct tevent_req *subreq); static void wb_getpwsid_lookupsid_done(struct tevent_req *subreq); -static void wb_getpwsid_sid2uid_done(struct tevent_req *subreq); -static void wb_getpwsid_sid2gid_done(struct tevent_req *subreq); +static void wb_getpwsid_done(struct tevent_req *subreq); struct tevent_req *wb_getpwsid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -83,14 +82,14 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq) && (state->userinfo->acct_name[0] != '\0')) { /* * QueryUser got us a name, let's got directly to the - * sid2uid step + * fill_pwent step */ - subreq = wb_sid2uid_send(state, state->ev, - &state->userinfo->user_sid); + subreq = wb_fill_pwent_send(state, state->ev, state->userinfo, + state->pw); if (tevent_req_nomem(subreq, req)) { return; } - tevent_req_set_callback(subreq, wb_getpwsid_sid2uid_done, req); + tevent_req_set_callback(subreq, wb_getpwsid_done, req); return; } @@ -122,93 +121,25 @@ static void wb_getpwsid_lookupsid_done(struct tevent_req *subreq) tevent_req_nterror(req, status); return; } - subreq = wb_sid2uid_send(state, state->ev, &state->userinfo->user_sid); + subreq = wb_fill_pwent_send(state, state->ev, state->userinfo, + state->pw); if (tevent_req_nomem(subreq, req)) { return; } - tevent_req_set_callback(subreq, wb_getpwsid_sid2uid_done, req); + tevent_req_set_callback(subreq, wb_getpwsid_done, req); } -static void wb_getpwsid_sid2uid_done(struct tevent_req *subreq) +static void wb_getpwsid_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data( subreq, struct tevent_req); - struct wb_getpwsid_state *state = tevent_req_data( - req, struct wb_getpwsid_state); - NTSTATUS status; - - status = wb_sid2uid_recv(subreq, &state->pw->pw_uid); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - tevent_req_nterror(req, status); - return; - } - subreq = wb_sid2gid_send(state, state->ev, - &state->userinfo->group_sid); - if (tevent_req_nomem(subreq, req)) { - return; - } - tevent_req_set_callback(subreq, wb_getpwsid_sid2gid_done, req); -} - -static void wb_getpwsid_sid2gid_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); - struct wb_getpwsid_state *state = tevent_req_data( - req, struct wb_getpwsid_state); NTSTATUS status; - char *username; - char *mapped_name; - status = wb_sid2gid_recv(subreq, &state->pw->pw_gid); - TALLOC_FREE(subreq); + status = wb_fill_pwent_recv(subreq); if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); return; } - - username = talloc_strdup_lower(state, state->userinfo->acct_name); - if (tevent_req_nomem(username, req)) { - return; - } - - status = normalize_name_map(state, state->user_domain, username, - &mapped_name); - - if (NT_STATUS_IS_OK(status) - || NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) { - /* - * normalize_name_map did something - */ - fstrcpy(state->pw->pw_name, mapped_name); - TALLOC_FREE(mapped_name); - } else { - fill_domain_username(state->pw->pw_name, - state->user_domain->name, - username, True); - } - fstrcpy(state->pw->pw_passwd, "*"); - fstrcpy(state->pw->pw_gecos, state->userinfo->full_name); - - if (!fillup_pw_field(lp_template_homedir(), username, - state->user_domain->name, state->pw->pw_uid, - state->pw->pw_gid, state->userinfo->homedir, - state->pw->pw_dir)) { - DEBUG(5, ("Could not compose homedir\n")); - tevent_req_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - if (!fillup_pw_field(lp_template_shell(), state->pw->pw_name, - state->user_domain->name, state->pw->pw_uid, - state->pw->pw_gid, state->userinfo->shell, - state->pw->pw_shell)) { - DEBUG(5, ("Could not compose shell\n")); - tevent_req_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - tevent_req_done(req); } diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index f0160fcb78..e09374c5cb 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -547,6 +547,8 @@ static struct winbindd_async_dispatch_table async_priv_table[] = { winbindd_remove_mapping_send, winbindd_remove_mapping_recv }, { WINBINDD_SET_HWM, "SET_HWM", winbindd_set_hwm_send, winbindd_set_hwm_recv }, + { WINBINDD_CHANGE_MACHACC, "CHANGE_MACHACC", + winbindd_change_machine_acct_send, winbindd_change_machine_acct_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 6d48fe5f85..c4bc936a5d 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4359,6 +4359,8 @@ static bool wcache_opnum_cacheable(uint32_t opnum) case NDR_WBINT_QUERYSEQUENCENUMBER: case NDR_WBINT_ALLOCATEUID: case NDR_WBINT_ALLOCATEGID: + case NDR_WBINT_CHECKMACHINEACCOUNT: + case NDR_WBINT_CHANGEMACHINEACCOUNT: return false; } return true; diff --git a/source3/winbindd/winbindd_change_machine_acct.c b/source3/winbindd/winbindd_change_machine_acct.c new file mode 100644 index 0000000000..a49315d1be --- /dev/null +++ b/source3/winbindd/winbindd_change_machine_acct.c @@ -0,0 +1,93 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_CHANGE_MACHINE_ACCT + Copyright (C) Volker Lendecke 2009 + Copyright (C) Guenther Deschner 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" +#include "librpc/gen_ndr/cli_wbint.h" + +struct winbindd_change_machine_acct_state { + uint8_t dummy; +}; + +static void winbindd_change_machine_acct_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_change_machine_acct_state *state; + struct winbindd_domain *domain; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_change_machine_acct_state); + if (req == NULL) { + return NULL; + } + + domain = find_domain_from_name(request->domain_name); + if (domain == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); + return tevent_req_post(req, ev); + } + if (domain->internal) { + /* + * Internal domains are passdb based, we can always + * contact them. + */ + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + subreq = rpccli_wbint_ChangeMachineAccount_send(state, ev, + domain->child.rpccli); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_change_machine_acct_done, req); + return req; +} + +static void winbindd_change_machine_acct_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_change_machine_acct_state *state = tevent_req_data( + req, struct winbindd_change_machine_acct_state); + NTSTATUS status, result; + + status = rpccli_wbint_ChangeMachineAccount_recv(subreq, state, &result); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + if (!NT_STATUS_IS_OK(result)) { + tevent_req_nterror(req, result); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_change_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp) +{ + return tevent_req_simple_recv_ntstatus(req); +} diff --git a/source3/winbindd/winbindd_check_machine_acct.c b/source3/winbindd/winbindd_check_machine_acct.c index e3505cb352..610e9edfaa 100644 --- a/source3/winbindd/winbindd_check_machine_acct.c +++ b/source3/winbindd/winbindd_check_machine_acct.c @@ -42,7 +42,16 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, return NULL; } - domain = find_our_domain(); + if (request->domain_name[0] == '0') { + /* preserve old behavior, when no domain name is given */ + domain = find_our_domain(); + } else { + domain = find_domain_from_name(request->domain_name); + } + if (domain == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); + return tevent_req_post(req, ev); + } if (domain->internal) { /* * Internal domains are passdb based, we can always diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9a788397a9..95e1daf0b7 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2370,7 +2370,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint8 mach_pwd[16]; - uint32 sec_chan_type; + enum netr_SchannelType sec_chan_type; const char *account_name; struct rpc_pipe_client *netlogon_pipe = NULL; diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index edf784cc21..a832451e08 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct event_context *ctx, DEBUG(10,("machine_password_change_handler: " "failed to change machine password: %s\n", nt_errstr(result))); + if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { + DEBUG(3,("machine_password_change_handler: password set returned " + "ACCESS_DENIED. Maybe the trust account " + "password was changed and we didn't know it. " + "Killing connections to domain %s\n", + child->domain->name)); + invalidate_cm_connection(&child->domain->conn); + } } else { DEBUG(10,("machine_password_change_handler: " "successfully changed machine password\n")); diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 179a771066..f0bbee9f31 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -4,6 +4,7 @@ In-Child server implementation of the routines defined in wbint.idl Copyright (C) Volker Lendecke 2009 + Copyright (C) Guenther Deschner 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -437,17 +438,78 @@ again: /* Pass back result code - zero for success, other values for specific failures. */ - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? - "good" : "bad")); + DEBUG(3,("domain %s secret is %s\n", domain->name, + NT_STATUS_IS_OK(status) ? "good" : "bad")); done: DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, - ("Checking the trust account password returned %s\n", - nt_errstr(status))); + ("Checking the trust account password for domain %s returned %s\n", + domain->name, nt_errstr(status))); return status; } +NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, + struct wbint_ChangeMachineAccount *r) +{ + struct winbindd_domain *domain; + int num_retries = 0; + NTSTATUS status; + struct rpc_pipe_client *netlogon_pipe; + TALLOC_CTX *tmp_ctx; + +again: + domain = wb_child_domain(); + if (domain == NULL) { + return NT_STATUS_REQUEST_NOT_ACCEPTED; + } + + invalidate_cm_connection(&domain->conn); + + { + status = cm_connect_netlogon(domain, &netlogon_pipe); + } + + /* There is a race condition between fetching the trust account + password and the periodic machine password change. So it's + possible that the trust account password has been changed on us. + We are returned NT_STATUS_ACCESS_DENIED if this happens. */ + +#define MAX_RETRIES 3 + + if ((num_retries < MAX_RETRIES) + && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + num_retries++; + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } + + tmp_ctx = talloc_new(p->mem_ctx); + + status = trust_pw_find_change_and_store_it(netlogon_pipe, + tmp_ctx, + domain->name); + talloc_destroy(tmp_ctx); + + /* Pass back result code - zero for success, other values for + specific failures. */ + + DEBUG(3,("domain %s secret %s\n", domain->name, + NT_STATUS_IS_OK(status) ? "changed" : "unchanged")); + + done: + DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, + ("Changing the trust account password for domain %s returned %s\n", + domain->name, nt_errstr(status))); + + return status; +} + + NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r) { struct id_map map; diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 178b3ea74b..fe6485522e 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -797,8 +797,8 @@ NTSTATUS append_auth_data(struct winbindd_cli_state *state, void winbindd_pam_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - fstring name_domain, name_user; - char *mapped_user = NULL; + fstring name_domain, name_user, mapped_user; + char *mapped = NULL; NTSTATUS result; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; @@ -822,15 +822,16 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) name_map_status = normalize_name_unmap(state->mem_ctx, state->request->data.auth.user, - &mapped_user); + &mapped); /* If the name normalization didnt' actually do anything, just use the original name */ - if (!NT_STATUS_IS_OK(name_map_status) && - !NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) - { - mapped_user = state->request->data.auth.user; + if (NT_STATUS_IS_OK(name_map_status) + ||NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) { + fstrcpy(mapped_user, mapped); + } else { + fstrcpy(mapped_user, state->request->data.auth.user); } if (!canonicalize_username(mapped_user, name_domain, name_user)) { @@ -2060,7 +2061,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact struct rpc_pipe_client *cli; bool got_info = false; struct samr_DomInfo1 *info = NULL; - struct samr_ChangeReject *reject = NULL; + struct userPwdChangeFailureInformation *reject = NULL; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; fstring domain, user; @@ -2102,7 +2103,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact fill_in_password_policy(state->response, info); state->response->data.auth.reject_reason = - reject->reason; + reject->extendedFailureReason; got_info = true; } diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 307225877f..6e232c9db8 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -545,14 +545,6 @@ enum winbindd_result winbindd_dual_allocate_gid(struct winbindd_domain *domain, /* The following definitions come from winbindd/winbindd_user.c */ -bool fillup_pw_field(const char *lp_template, - const char *username, - const char *domname, - uid_t uid, - gid_t gid, - const char *in, - fstring out); - enum winbindd_result winbindd_dual_userinfo(struct winbindd_domain *domain, struct winbindd_cli_state *state); void winbindd_getpwnam(struct winbindd_cli_state *state); @@ -995,6 +987,13 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, NTSTATUS winbindd_check_machine_acct_recv(struct tevent_req *req, struct winbindd_response *presp); +struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_change_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp); + struct tevent_req *winbindd_set_mapping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct winbindd_cli_state *cli, diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index ac5c3d2d93..ce437f744c 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -99,14 +99,19 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, for (j = 0; j < num_dom_users; i++, j++) { uint32_t rid = disp_info.info1.entries[j].rid; + struct samr_DispEntryGeneral *src; + struct wbint_userinfo *dst; - (*info)[i].acct_name = talloc_strdup(mem_ctx, - disp_info.info1.entries[j].account_name.string); - (*info)[i].full_name = talloc_strdup(mem_ctx, - disp_info.info1.entries[j].full_name.string); - (*info)[i].homedir = NULL; - (*info)[i].shell = NULL; - sid_compose(&(*info)[i].user_sid, &domain->sid, rid); + src = &(disp_info.info1.entries[j]); + dst = &((*info)[i]); + + dst->acct_name = talloc_strdup( + mem_ctx, src->account_name.string); + dst->full_name = talloc_strdup( + mem_ctx, src->full_name.string); + dst->homedir = NULL; + dst->shell = NULL; + sid_compose(&dst->user_sid, &domain->sid, rid); /* For the moment we set the primary group for every user to be the Domain Users group. @@ -116,7 +121,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, force group' smb.conf parameter or something like that. */ - sid_compose(&(*info)[i].group_sid, &domain->sid, + sid_compose(&dst->group_sid, &domain->sid, DOMAIN_GROUP_RID_USERS); } diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index b23b7df608..6afa941b7f 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -27,45 +27,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -bool fillup_pw_field(const char *lp_template, - const char *username, - const char *domname, - uid_t uid, - gid_t gid, - const char *in, - fstring out) -{ - char *templ; - - if (out == NULL) - return False; - - /* The substitution of %U and %D in the 'template - homedir' is done by talloc_sub_specified() below. - If we have an in string (which means the value has already - been set in the nss_info backend), then use that. - Otherwise use the template value passed in. */ - - if ( in && !strequal(in,"") && lp_security() == SEC_ADS ) { - templ = talloc_sub_specified(NULL, in, - username, domname, - uid, gid); - } else { - templ = talloc_sub_specified(NULL, lp_template, - username, domname, - uid, gid); - } - - if (!templ) - return False; - - safe_strcpy(out, templ, sizeof(fstring) - 1); - TALLOC_FREE(templ); - - return True; - -} - /* Wrapper for domain->methods->query_user, only on the parent->child pipe */ enum winbindd_result winbindd_dual_userinfo(struct winbindd_domain *domain, |