diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 9 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 61 | ||||
| -rw-r--r-- | source3/configure.in | 315 | ||||
| -rw-r--r-- | source3/include/includes.h | 5 | ||||
| -rw-r--r-- | source3/include/proto.h | 30 | ||||
| -rw-r--r-- | source3/include/rpc_spoolss.h | 15 | ||||
| -rw-r--r-- | source3/lib/time.c | 66 | ||||
| -rw-r--r-- | source3/lib/winbind_util.c | 131 | ||||
| -rw-r--r-- | source3/modules/onefs_acl.c | 6 | ||||
| -rw-r--r-- | source3/modules/onefs_open.c | 5 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 19 | ||||
| -rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 22 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.c | 3 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_async.c | 90 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_domain.c | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_group.c | 115 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_user.c | 28 |
18 files changed, 409 insertions, 519 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 2d2d9a0c6d..948403248d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2813,7 +2813,8 @@ TOPFILES=dynconfig.o localedir.o cleanlibs:: -rm -f ../lib/*/*.o ../lib/*/*/*.o \ - ../libcli/*.o ../libcli/*/*.o + ../libcli/*.o ../libcli/*/*.o \ + ../librpc/*/*.o clean:: cleanlibs -rm -f include/build_env.h @@ -2822,15 +2823,13 @@ clean:: cleanlibs -rm -f core */*~ *~ \ */*.o */*/*.o */*/*/*.o \ ../testsuite/*/*.o \ + ../nsswitch/*.o ../nsswitch/*/*.o ../nsswitch/*.@SHLIBEXT@ \ */*.@SHLIBEXT@ */*/*.@SHLIBEXT@ */*/*/*.@SHLIBEXT@ \ $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) \ $(MODULES) $(TORTURE_PROGS) \ $(EVERYTHING_PROGS) \ bin/timelimit \ - .headers.stamp */src/*.o \ - ../lib/*/*.o \ - ../libcli/*.o ../libcli/*/*.o \ - ../librpc/*/*.o + .headers.stamp */src/*.o -rm -rf t_dir include/build_env.h: script/build_env.sh diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index e3677c41a4..f942b2e50a 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -186,13 +186,15 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure after appropriate mapping. ****************************************************************************/ -NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, - const char *smb_name, - const char *client_domain, - const char *wksta_name, - DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd, - DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd, - DATA_BLOB *plaintext, +NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const char *wksta_name, + DATA_BLOB *lm_pwd, + DATA_BLOB *nt_pwd, + DATA_BLOB *lm_interactive_pwd, + DATA_BLOB *nt_interactive_pwd, + DATA_BLOB *plaintext, bool encrypted) { const char *domain; @@ -200,12 +202,12 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, bool was_mapped; fstring internal_username; fstrcpy(internal_username, smb_name); - was_mapped = map_username(internal_username); - - DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n", - client_domain, smb_name, wksta_name)); - - /* don't allow "" as a domain, fixes a Win9X bug + was_mapped = map_username(internal_username); + + DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", + client_domain, smb_name, wksta_name)); + + /* don't allow "" as a domain, fixes a Win9X bug where it doens't supply a domain for logon script 'net use' commands. */ @@ -214,16 +216,27 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, else domain = lp_workgroup(); - /* do what win2k does. Always map unknown domains to our own - and let the "passdb backend" handle unknown users. */ + /* If you connect to a Windows domain member using a bogus domain name, + * the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if + * the Windows box is a DC the name will become DOMAIN\user and be + * authenticated against AD, if the Windows box is a member server but + * not a DC the name will become WORKSTATION\user. A standalone + * non-domain member box will also map to WORKSTATION\user. */ - if ( !is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) ) - domain = my_sam_name(); - - /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ - - result = make_user_info(user_info, smb_name, internal_username, - client_domain, domain, wksta_name, + if (!is_trusted_domain(domain) && + !strequal(domain, get_global_sam_name()) ) + { + domain = get_global_sam_name(); + DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] on " + "workstation [%s]\n", + client_domain, domain, smb_name, wksta_name)); + } + + /* we know that it is a trusted domain (and we are allowing them) or it + * is our domain */ + + result = make_user_info(user_info, smb_name, internal_username, + client_domain, domain, wksta_name, lm_pwd, nt_pwd, lm_interactive_pwd, nt_interactive_pwd, plaintext, encrypted); @@ -573,8 +586,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, } result->sam_account = sampass; - /* Ensure that the sampass will be freed with the result */ - talloc_steal(result, sampass); result->unix_name = pwd->pw_name; /* Ensure that we keep pwd->pw_name, because we will free pwd below */ talloc_steal(result, pwd->pw_name); @@ -665,6 +676,8 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, pdb_get_username(sampass), result->unix_name)); *server_info = result; + /* Ensure that the sampass will be freed with the result */ + talloc_steal(result, sampass); return NT_STATUS_OK; } diff --git a/source3/configure.in b/source3/configure.in index 10ce6f6e5e..d11ece1b53 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -703,18 +703,6 @@ CPPFLAGS="$old_CPPFLAGS" # subdirectory of headers. AC_CHECK_HEADERS(valgrind.h valgrind/valgrind.h valgrind/memcheck.h) -# check for linux on amd64 since valgrind is not quite there yet -case "$host_os" in - *linux*) - case "$UNAME_P" in - *x86_64*) - AC_DEFINE(HAVE_64BIT_LINUX,1,[Whether we are running on 64bit linux]) - ;; - esac - ;; -esac - - # # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. # This causes configure to fail to detect it. Check for shadow separately on HPUX. @@ -1041,8 +1029,7 @@ AC_CHECK_FUNCS(getdents64) AC_CHECK_FUNCS(setenv strcasecmp fcvt fcvtl) AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) -AC_CHECK_FUNCS(nanosleep) -AC_CHECK_LIB_EXT(rt, LIBS, nanosleep) +AC_CHECK_FUNCS(nanosleep,,[AC_CHECK_LIB_EXT(rt, LIBS, nanosleep)]) AC_CHECK_FUNCS(mlock munlock mlockall munlockall) AC_CHECK_FUNCS(memalign posix_memalign hstrerror) AC_CHECK_HEADERS(sys/mman.h) @@ -1311,301 +1298,29 @@ fi ################################################# # Check whether struct stat has timestamps with sub-second resolution. -# At least IRIX and Solaris have these. FREEBSD does as well, -# but with different members -# -# We check that -# all of st_mtim, st_atim and st_ctim exist -# all of the members are in fact of type struct timespec # -# There is some conflicting standards weirdness about whether we should use -# "struct timespec" or "timespec_t". Linux doesn't have timespec_t, so we -# prefer struct timespec. -AC_CACHE_CHECK([whether struct stat has timespec timestamps], - samba_cv_stat_timespec_hires, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t = s.st_mtimespec; - t = s.st_ctimespec; - t = s.st_atimespec; - ], - samba_cv_stat_timespec_hires=yes, samba_cv_stat_timespec_hires=no) - ]) - -if test x"$samba_cv_stat_timespec_hires" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_MTIMESPEC, 1, [whether struct stat contains st_mtimepec]) - AC_DEFINE(HAVE_STAT_ST_ATIMESPEC, 1, [whether struct stat contains st_atimespec]) - AC_DEFINE(HAVE_STAT_ST_CTIMESPEC, 1, [whether struct stat contains st_ctimespec]) - AC_DEFINE(HAVE_STAT_HIRES_TIMESTAMPS, 1, [whether struct stat has sub-second timestamps]) -fi - - -AC_CACHE_CHECK([whether struct stat has sub-second timestamps], samba_cv_stat_hires, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t.tv_sec = s.st_mtim.tv_sec; - t.tv_nsec = s.st_mtim.tv_nsec; - t.tv_sec = s.st_ctim.tv_sec; - t.tv_nsec = s.st_ctim.tv_nsec; - t.tv_sec = s.st_atim.tv_sec; - t.tv_nsec = s.st_atim.tv_nsec; - ], - samba_cv_stat_hires=yes, samba_cv_stat_hires=no) - ]) +samba_cv_stat_hires=no +AC_CHECK_MEMBERS([struct stat.st_mtim.tv_nsec], # Linux, Solaris + [samba_cv_stat_hires=yes]) +AC_CHECK_MEMBERS([struct stat.st_mtimensec], # BSD, if defined _POSIX_SOURCE + [samba_cv_stat_hires=yes]) +AC_CHECK_MEMBERS([struct stat.st_mtimespec.tv_nsec], # BSD, if not defined _POSIX_SOURCE + [samba_cv_stat_hires=yes]) +AC_CHECK_MEMBERS([struct stat.st_mtime_n], # AIX + [samba_cv_stat_hires=yes]) +AC_CHECK_MEMBERS([struct stat.st_umtime], # Tru64 + [samba_cv_stat_hires=yes]) if test x"$samba_cv_stat_hires" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_MTIM, 1, [whether struct stat contains st_mtim]) - AC_DEFINE(HAVE_STAT_ST_ATIM, 1, [whether struct stat contains st_atim]) - AC_DEFINE(HAVE_STAT_ST_CTIM, 1, [whether struct stat contains st_ctim]) AC_DEFINE(HAVE_STAT_HIRES_TIMESTAMPS, 1, [whether struct stat has sub-second timestamps]) fi -AC_CACHE_CHECK([whether struct stat has sub-second timestamps without struct timespec suffixed nsec], samba_cv_stat_hires_notimespec, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t.tv_sec = s.st_mtime; - t.tv_nsec = s.st_mtimensec; - t.tv_sec = s.st_ctime; - t.tv_nsec = s.st_ctimensec; - t.tv_sec = s.st_atime; - t.tv_nsec = s.st_atimensec; - ], - samba_cv_stat_hires_notimespec=yes, samba_cv_stat_hires_notimespec=no) - ]) - -if test x"$samba_cv_stat_hires_notimespec" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_MTIMENSEC, 1, [whether struct stat contains st_mtimensec]) - AC_DEFINE(HAVE_STAT_ST_ATIMENSEC, 1, [whether struct stat contains st_atimensec]) - AC_DEFINE(HAVE_STAT_ST_CTIMENSEC, 1, [whether struct stat contains st_ctimensec]) - AC_DEFINE(HAVE_STAT_HIRES_TIMESTAMPS, 1, - [whether struct stat has sub-second timestamps without struct timespec suffixed nsec]) -fi - -dnl AIX stype sub-second timestamps: -AC_CACHE_CHECK([whether struct stat has sub-second timestamps without struct timespec suffixed _n], samba_cv_stat_hires_notimespec_n, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t.tv_sec = s.st_mtime; - t.tv_nsec = s.st_mtime_n; - t.tv_sec = s.st_ctime; - t.tv_nsec = s.st_ctime_n; - t.tv_sec = s.st_atime; - t.tv_nsec = s.st_atime_n; - ], - samba_cv_stat_hires_notimespec_n=yes, samba_cv_stat_hires_notimespec_n=no) - ]) - -if test x"$samba_cv_stat_hires_notimespec_n" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_MTIME_N, 1, [whether struct stat contains st_mtime_n]) - AC_DEFINE(HAVE_STAT_ST_ATIME_N, 1, [whether struct stat contains st_atime_n]) - AC_DEFINE(HAVE_STAT_ST_CTIME_N, 1, [whether struct stat contains st_ctime_n]) - AC_DEFINE(HAVE_STAT_HIRES_TIMESTAMPS, 1, - [whether struct stat has sub-second timestamps without struct timespec suffixed _n]) -fi - -dnl Tru64 has _micro_second_ resolution: -AC_CACHE_CHECK([whether struct stat has sub-second timestamps in st_uXtime], samba_cv_stat_hires_uxtime, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t.tv_sec = s.st_mtime; - t.tv_nsec = s.st_umtime * 1000; - t.tv_sec = s.st_ctime; - t.tv_nsec = s.st_uctime * 1000; - t.tv_sec = s.st_atime; - t.tv_nsec = s.st_uatime * 1000; - ], - samba_cv_stat_hires_uxtime=yes, samba_cv_stat_hires_uxtime=no) - ]) - -if test x"$samba_cv_stat_hires_uxtime" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_UMTIME, 1, [whether struct stat contains st_umtime]) - AC_DEFINE(HAVE_STAT_ST_UATIME, 1, [whether struct stat contains st_uatime]) - AC_DEFINE(HAVE_STAT_ST_UCTIME, 1, [whether struct stat contains st_uctime]) - AC_DEFINE(HAVE_STAT_HIRES_TIMESTAMPS, 1, - [whether struct stat has sub-second timestamps in st_uXtime]) -fi - -AC_CACHE_CHECK([whether struct stat has st_birthtimespec], samba_cv_stat_st_birthtimespec, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t = s.st_birthtimespec; - ], - samba_cv_stat_st_birthtimespec=yes, samba_cv_stat_st_birthtimespec=no) - ]) - -if test x"$samba_cv_stat_st_birthtimespec" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_BIRTHTIMESPEC, 1, [whether struct stat contains st_birthtimespec]) -fi - -AC_CACHE_CHECK([whether struct stat has st_birthtimensec], samba_cv_stat_st_birthtimensec, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct timespec t; - struct stat s = {0}; - t.tv_nsec = s.st_birthtimensec; - ], - samba_cv_stat_st_birthtimensec=yes, samba_cv_stat_st_birthtimensec=no) - ]) +# recent FreeBSD, NetBSD have creation timestamps called birthtime: +AC_CHECK_MEMBERS([struct stat.st_birthtimespec.tv_nsec]) +AC_CHECK_MEMBERS([struct stat.st_birthtime], AC_CHECK_MEMBERS([struct stat.st_birthtimensec])) -if test x"$samba_cv_stat_st_birthtimensec" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_BIRTHTIMENSEC, 1, [whether struct stat contains st_birthtimensec]) -fi - -AC_CACHE_CHECK([whether struct stat has st_birthtime], samba_cv_stat_st_birthtime, - [ - AC_TRY_COMPILE( - [ -#if TIME_WITH_SYS_TIME -# include <sys/time.h> -# include <time.h> -#else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - ], - [ - struct time_t t; - struct stat s = {0}; - t = s.st_birthtime; - ], - samba_cv_stat_st_birthtime=yes, samba_cv_stat_st_birthtime=no) - ]) - -if test x"$samba_cv_stat_st_birthtime" = x"yes" ; then - AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime]) -fi AC_CACHE_CHECK([whether there is DOS flags support in the stat struct], samba_cv_stat_dos_flags, [ diff --git a/source3/include/includes.h b/source3/include/includes.h index 095fcaa3da..fc77534402 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -241,8 +241,6 @@ typedef int ber_int_t; #include <aio.h> #endif -/* skip valgrind headers on 64bit AMD boxes */ -#ifndef HAVE_64BIT_LINUX /* Special macros that are no-ops except when run under Valgrind on * x86. They've moved a little bit from valgrind 1.0.4 to 1.9.4 */ #if HAVE_VALGRIND_MEMCHECK_H @@ -251,12 +249,11 @@ typedef int ber_int_t; #elif HAVE_VALGRIND_H #include <valgrind.h> #endif -#endif /* If we have --enable-developer and the valgrind header is present, * then we're OK to use it. Set a macro so this logic can be done only * once. */ -#if defined(DEVELOPER) && !defined(HAVE_64BIT_LINUX) +#if defined(DEVELOPER) #if (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H) #define VALGRIND #endif diff --git a/source3/include/proto.h b/source3/include/proto.h index 8f05c9473d..3478ea4f85 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1660,6 +1660,8 @@ bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid); bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid); bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid); +struct passwd * winbind_getpwnam(const char * sname); +struct passwd * winbind_getpwsid(const DOM_SID *sid); wbcErr wb_is_trusted_domain(const char *domain); bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, @@ -1668,22 +1670,17 @@ bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const char ***names, enum lsa_SidType **types); bool winbind_allocate_uid(uid_t *uid); bool winbind_allocate_gid(gid_t *gid); -bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, - enum lsa_SidType *name_type); -bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, - const char **domain, const char **name, - enum lsa_SidType *name_type); -bool winbind_ping(void); -bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid); -bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid); -bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid); -bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid); -wbcErr wb_is_trusted_domain(const char *domain); -bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - int num_rids, uint32 *rids, - const char **domain_name, - const char ***names, enum lsa_SidType **types); +bool winbind_get_groups(TALLOC_CTX *mem_ctx, + const char *account, + uint32_t *num_groups, + gid_t ** _groups); +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids); + /* The following definitions come from lib/wins_srv.c */ @@ -4423,7 +4420,6 @@ bool sid_check_is_in_our_domain(const DOM_SID *sid); /* The following definitions come from passdb/passdb.c */ -const char *my_sam_name(void); struct samu *samu_new( TALLOC_CTX *ctx ); NTSTATUS samu_set_unix(struct samu *user, const struct passwd *pwd); NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd); diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h index ac306e69e3..472ce45758 100644 --- a/source3/include/rpc_spoolss.h +++ b/source3/include/rpc_spoolss.h @@ -122,12 +122,6 @@ #define SPL_XCV_MONITOR_TCPMON ",XcvMonitor Standard TCP/IP Port" -#define PRINTER_CONTROL_UNPAUSE 0x00000000 -#define PRINTER_CONTROL_PAUSE 0x00000001 -#define PRINTER_CONTROL_RESUME 0x00000002 -#define PRINTER_CONTROL_PURGE 0x00000003 -#define PRINTER_CONTROL_SET_STATUS 0x00000004 - #define PRINTER_STATUS_OK 0x00000000 #define JOB_ACCESS_READ 0x00000020 @@ -217,8 +211,6 @@ #define PRINTER_NOTIFY_OPTIONS_REFRESH 0x01 -#define PRINTER_NOTIFY_INFO_DISCARDED 0x1 - /* * Set of macros for flagging what changed in the PRINTER_INFO_2 struct * when sending messages to other smbd's @@ -270,13 +262,6 @@ PRINTER_MESSAGE_INFO; #define DRIVER_ANY_VERSION 0xffffffff #define DRIVER_MAX_VERSION 4 -/* FLAGS for SPOOLSS_ADDPRINTERDRIVEREX */ - -#define APD_STRICT_UPGRADE 0x00000001 -#define APD_STRICT_DOWNGRADE 0x00000002 -#define APD_COPY_ALL_FILES 0x00000004 -#define APD_COPY_NEW_FILES 0x00000008 - /* this struct is undocumented */ /* thanks to the ddk ... */ diff --git a/source3/lib/time.c b/source3/lib/time.c index e2cfe687b2..865456b23b 100644 --- a/source3/lib/time.c +++ b/source3/lib/time.c @@ -360,12 +360,12 @@ struct timespec get_create_timespec(const SMB_STRUCT_STAT *pst,bool fake_dirs) return ret; } -#if defined(HAVE_STAT_ST_BIRTHTIMESPEC) +#if defined(HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC) ret = pst->st_birthtimespec; -#elif defined(HAVE_STAT_ST_BIRTHTIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC) ret.tv_sec = pst->st_birthtime; ret.tv_nsec = pst->st_birthtimenspec; -#elif defined(HAVE_STAT_ST_BIRTHTIME) +#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIME) ret.tv_sec = pst->st_birthtime; ret.tv_nsec = 0; #else @@ -397,24 +397,24 @@ struct timespec get_atimespec(const SMB_STRUCT_STAT *pst) ret.tv_nsec = 0; return ret; #else -#if defined(HAVE_STAT_ST_ATIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) return pst->st_atim; -#elif defined(HAVE_STAT_ST_ATIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_atime; ret.tv_nsec = pst->st_atimensec; return ret; -#elif defined(HAVE_STAT_ST_ATIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) struct timespec ret; ret.tv_sec = pst->st_atime; ret.tv_nsec = pst->st_atime_n; return ret; -#elif defined(HAVE_STAT_ST_UATIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) struct timespec ret; ret.tv_sec = pst->st_atime; ret.tv_nsec = pst->st_uatime * 1000; return ret; -#elif defined(HAVE_STAT_ST_ATIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) return pst->st_atimespec; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT @@ -428,18 +428,18 @@ void set_atimespec(SMB_STRUCT_STAT *pst, struct timespec ts) /* Old system - no ns timestamp. */ pst->st_atime = ts.tv_sec; #else -#if defined(HAVE_STAT_ST_ATIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) pst->st_atim = ts; -#elif defined(HAVE_STAT_ST_ATIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) pst->st_atime = ts.tv_sec; pst->st_atimensec = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_ATIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) pst->st_atime = ts.tv_sec; pst->st_atime_n = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_UATIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) pst->st_atime = ts.tv_sec; pst->st_uatime = ts.tv_nsec / 1000; -#elif defined(HAVE_STAT_ST_ATIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) pst->st_atimespec = ts; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT @@ -457,24 +457,24 @@ struct timespec get_mtimespec(const SMB_STRUCT_STAT *pst) ret.tv_nsec = 0; return ret; #else -#if defined(HAVE_STAT_ST_MTIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) return pst->st_mtim; -#elif defined(HAVE_STAT_ST_MTIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_mtime; ret.tv_nsec = pst->st_mtimensec; return ret; -#elif defined(HAVE_STAT_ST_MTIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) struct timespec ret; ret.tv_sec = pst->st_mtime; ret.tv_nsec = pst->st_mtime_n; return ret; -#elif defined(HAVE_STAT_ST_UMTIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) struct timespec ret; ret.tv_sec = pst->st_mtime; ret.tv_nsec = pst->st_umtime * 1000; return ret; -#elif defined(HAVE_STAT_ST_MTIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) return pst->st_mtimespec; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT @@ -488,18 +488,18 @@ void set_mtimespec(SMB_STRUCT_STAT *pst, struct timespec ts) /* Old system - no ns timestamp. */ pst->st_mtime = ts.tv_sec; #else -#if defined(HAVE_STAT_ST_MTIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) pst->st_mtim = ts; -#elif defined(HAVE_STAT_ST_MTIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) pst->st_mtime = ts.tv_sec; pst->st_mtimensec = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_MTIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) pst->st_mtime = ts.tv_sec; pst->st_mtime_n = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_UMTIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) pst->st_mtime = ts.tv_sec; pst->st_umtime = ts.tv_nsec / 1000; -#elif defined(HAVE_STAT_ST_MTIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) pst->st_mtimespec = ts; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT @@ -517,24 +517,24 @@ struct timespec get_ctimespec(const SMB_STRUCT_STAT *pst) ret.tv_nsec = 0; return ret; #else -#if defined(HAVE_STAT_ST_CTIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) return pst->st_ctim; -#elif defined(HAVE_STAT_ST_CTIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) struct timespec ret; ret.tv_sec = pst->st_ctime; ret.tv_nsec = pst->st_ctimensec; return ret; -#elif defined(HAVE_STAT_ST_CTIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) struct timespec ret; ret.tv_sec = pst->st_ctime; ret.tv_nsec = pst->st_ctime_n; return ret; -#elif defined(HAVE_STAT_ST_UCTIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) struct timespec ret; ret.tv_sec = pst->st_ctime; ret.tv_nsec = pst->st_uctime * 1000; return ret; -#elif defined(HAVE_STAT_ST_CTIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) return pst->st_ctimespec; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT @@ -548,18 +548,18 @@ void set_ctimespec(SMB_STRUCT_STAT *pst, struct timespec ts) /* Old system - no ns timestamp. */ pst->st_ctime = ts.tv_sec; #else -#if defined(HAVE_STAT_ST_CTIM) +#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC) pst->st_ctim = ts; -#elif defined(HAVE_STAT_ST_CTIMENSEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC) pst->st_ctime = ts.tv_sec; pst->st_ctimensec = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_CTIME_N) +#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N) pst->st_ctime = ts.tv_sec; pst->st_ctime_n = ts.tv_nsec; -#elif defined(HAVE_STAT_ST_UCTIME) +#elif defined(HAVE_STRUCT_STAT_ST_UMTIME) pst->st_ctime = ts.tv_sec; pst->st_uctime = ts.tv_nsec / 1000; -#elif defined(HAVE_STAT_ST_CTIMESPEC) +#elif defined(HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC) pst->st_ctimespec = ts; #else #error CONFIGURE_ERROR_IN_DETECTING_TIMESPEC_IN_STAT diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 14356b09cf..f64a4d3b45 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -24,6 +24,43 @@ #include "nsswitch/libwbclient/wbclient.h" +struct passwd * winbind_getpwnam(const char * name) +{ + wbcErr result; + struct passwd * tmp_pwd = NULL; + struct passwd * pwd = NULL; + + result = wbcGetpwnam(name, &tmp_pwd); + if (result != WBC_ERR_SUCCESS) + return pwd; + + pwd = tcopy_passwd(talloc_tos(), tmp_pwd); + + wbcFreeMemory(tmp_pwd); + + return pwd; +} + +struct passwd * winbind_getpwsid(const DOM_SID *sid) +{ + wbcErr result; + struct passwd * tmp_pwd = NULL; + struct passwd * pwd = NULL; + struct wbcDomainSid dom_sid; + + memcpy(&dom_sid, sid, sizeof(dom_sid)); + + result = wbcGetpwsid(&dom_sid, &tmp_pwd); + if (result != WBC_ERR_SUCCESS) + return pwd; + + pwd = tcopy_passwd(talloc_tos(), tmp_pwd); + + wbcFreeMemory(tmp_pwd); + + return pwd; +} + /* Call winbindd to convert a name to a sid */ bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, @@ -234,8 +271,87 @@ bool winbind_allocate_gid(gid_t *gid) return (ret == WBC_ERR_SUCCESS); } +bool winbind_get_groups(TALLOC_CTX * mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups) +{ + wbcErr ret; + uint32_t ngroups; + gid_t *group_list = NULL; + + ret = wbcGetGroups(account, &ngroups, &group_list); + if (ret != WBC_ERR_SUCCESS) + return false; + + *_groups = TALLOC_ARRAY(mem_ctx, gid_t, ngroups); + if (*_groups == NULL) { + wbcFreeMemory(group_list); + return false; + } + + memcpy(*_groups, group_list, ngroups* sizeof(gid_t)); + *num_groups = ngroups; + + wbcFreeMemory(group_list); + return true; +} + +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids) +{ + wbcErr ret; + struct wbcDomainSid domain_sid; + struct wbcDomainSid *sid_list = NULL; + size_t i; + uint32_t * rids; + size_t num_rids; + + memcpy(&domain_sid, dom_sid, sizeof(*dom_sid)); + + sid_list = TALLOC_ARRAY(mem_ctx, struct wbcDomainSid, num_members); + + for (i=0; i < num_members; i++) { + memcpy(&sid_list[i], &members[i], sizeof(sid_list[i])); + } + + ret = wbcGetSidAliases(&domain_sid, + sid_list, + num_members, + &rids, + &num_rids); + if (ret != WBC_ERR_SUCCESS) { + wbcFreeMemory(rids); + return false; + } + + *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32_t, num_rids); + if (*pp_alias_rids == NULL) { + wbcFreeMemory(rids); + return false; + } + + memcpy(*pp_alias_rids, rids, sizeof(uint32_t) * num_rids); + + *p_num_alias_rids = num_rids; + wbcFreeMemory(rids); + + return true; +} + #else /* WITH_WINBIND */ +struct passwd * winbind_getpwnam(const char * name) +{ + return NULL; +} + +struct passwd * winbind_getpwsid(const DOM_SID *sid) +{ + return NULL; +} + bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, enum lsa_SidType *name_type) { @@ -318,4 +434,19 @@ bool winbind_allocate_gid(gid_t *gid) return false; } +bool winbind_get_groups(TALLOC_CTX *mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups) +{ + return false; +} + +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids) +{ + return false; +} + #endif /* WITH_WINBIND */ diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 0ef7e0be51..02394794c2 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -619,6 +619,12 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, DEBUG(5, ("Getting sd for file %s. security_info=%u\n", fsp->fsp_name, security_info)); + if (lp_parm_bool(SNUM(fsp->conn), PARM_ONEFS_TYPE, + PARM_IGNORE_SACL, PARM_IGNORE_SACL_DEFAULT)) { + DEBUG(5, ("Ignoring SACL on %s.\n", fsp->fsp_name)); + security_info &= ~SACL_SECURITY_INFORMATION; + } + if (fsp->fh->fd == -1) { if ((fsp->fh->fd = onefs_sys_create_file(handle->conn, -1, diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c index b2b11ebaac..e335dc7e28 100644 --- a/source3/modules/onefs_open.c +++ b/source3/modules/onefs_open.c @@ -744,6 +744,11 @@ NTSTATUS onefs_open_file_ntcreate(connection_struct *conn, open_access_mask |= FILE_WRITE_DATA; } + if (lp_parm_bool(SNUM(fsp->conn), PARM_ONEFS_TYPE, + PARM_IGNORE_SACL, PARM_IGNORE_SACL_DEFAULT)) { + access_mask &= ~SYSTEM_SECURITY_ACCESS; + } + DEBUG(10, ("onefs_open_file_ntcreate: fname=%s, after mapping " "open_access_mask=%#x, access_mask=0x%x\n", fname, open_access_mask, access_mask)); diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index d26a667f44..c526a175f2 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -27,25 +27,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -/****************************************************************** - get the default domain/netbios name to be used when - testing authentication. For example, if you connect - to a Windows member server using a bogus domain name, the - Windows box will map the BOGUS\user to DOMAIN\user. A - standalone box will map to WKS\user. -******************************************************************/ - -const char *my_sam_name(void) -{ - /* standalone servers can only use the local netbios name */ - if ( lp_server_role() == ROLE_STANDALONE ) - return global_myname(); - - /* Windows domain members default to the DOMAIN - name when not specified */ - return lp_workgroup(); -} - /********************************************************************** ***********************************************************************/ diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 36984fc209..5c4ff61b17 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -5925,18 +5925,18 @@ static WERROR control_printer(POLICY_HND *handle, uint32 command, return WERR_BADFID; switch (command) { - case PRINTER_CONTROL_PAUSE: + case SPOOLSS_PRINTER_CONTROL_PAUSE: if (print_queue_pause(p->server_info, snum, &errcode)) { errcode = WERR_OK; } break; - case PRINTER_CONTROL_RESUME: - case PRINTER_CONTROL_UNPAUSE: + case SPOOLSS_PRINTER_CONTROL_RESUME: + case SPOOLSS_PRINTER_CONTROL_UNPAUSE: if (print_queue_resume(p->server_info, snum, &errcode)) { errcode = WERR_OK; } break; - case PRINTER_CONTROL_PURGE: + case SPOOLSS_PRINTER_CONTROL_PURGE: if (print_queue_purge(p->server_info, snum, &errcode)) { errcode = WERR_OK; } @@ -7381,6 +7381,8 @@ WERROR _spoolss_GetForm(pipes_struct *p, return WERR_BADFID; } + ZERO_STRUCT(form_1); + switch (level) { case 1: if (foundBuiltin) { @@ -10473,22 +10475,22 @@ WERROR _spoolss_RemoteFindFirstPrinterChangeNotifyEx(pipes_struct *p, } /**************************************************************** - _spoolss_RouterRefreshPrinterChangeNotification + _spoolss_RouterReplyPrinterEx ****************************************************************/ -WERROR _spoolss_RouterRefreshPrinterChangeNotification(pipes_struct *p, - struct spoolss_RouterRefreshPrinterChangeNotification *r) +WERROR _spoolss_RouterReplyPrinterEx(pipes_struct *p, + struct spoolss_RouterReplyPrinterEx *r) { p->rng_fault_state = true; return WERR_NOT_SUPPORTED; } /**************************************************************** - _spoolss_RemoteFindNextPrinterChangeNotifyEx + _dcesrv_spoolss_RouterRefreshPrinterChangeNotify ****************************************************************/ -WERROR _spoolss_RemoteFindNextPrinterChangeNotifyEx(pipes_struct *p, - struct spoolss_RemoteFindNextPrinterChangeNotifyEx *r) +WERROR _spoolss_RouterRefreshPrinterChangeNotify(pipes_struct *p, + struct spoolss_RouterRefreshPrinterChangeNotify *r) { p->rng_fault_state = true; return WERR_NOT_SUPPORTED; diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 5720bfc517..be91611bfb 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -420,6 +420,7 @@ static struct winbindd_dispatch_table { { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" }, { WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" }, + { WINBINDD_GETPWSID, winbindd_getpwsid, "GETPWSID" }, { WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" }, { WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" }, @@ -429,6 +430,8 @@ static struct winbindd_dispatch_table { { WINBINDD_GETUSERSIDS, winbindd_getusersids, "GETUSERSIDS" }, { WINBINDD_GETUSERDOMGROUPS, winbindd_getuserdomgroups, "GETUSERDOMGROUPS" }, + { WINBINDD_GETSIDALIASES, winbindd_getsidaliases, + "LOOKUPUSERALIASES" }, /* Group functions */ diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 7b93f963b4..0271abbd2b 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -632,8 +632,8 @@ bool print_sidlist(TALLOC_CTX *mem_ctx, const DOM_SID *sids, return True; } -static bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, - DOM_SID **sids, size_t *num_sids) +bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, + DOM_SID **sids, size_t *num_sids) { char *p, *q; @@ -822,92 +822,6 @@ void winbindd_getsidaliases_async(struct winbindd_domain *domain, (void *)cont, private_data); } -enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, - struct winbindd_cli_state *state) -{ - DOM_SID *sids = NULL; - size_t num_sids = 0; - char *sidstr = NULL; - ssize_t len; - size_t i; - uint32 num_aliases; - uint32 *alias_rids; - NTSTATUS result; - - DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); - - sidstr = state->request.extra_data.data; - if (sidstr == NULL) { - sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ - if (!sidstr) { - DEBUG(0, ("Out of memory\n")); - return WINBINDD_ERROR; - } - } - - DEBUG(10, ("Sidlist: %s\n", sidstr)); - - if (!parse_sidlist(state->mem_ctx, sidstr, &sids, &num_sids)) { - DEBUG(0, ("Could not parse SID list: %s\n", sidstr)); - return WINBINDD_ERROR; - } - - num_aliases = 0; - alias_rids = NULL; - - result = domain->methods->lookup_useraliases(domain, - state->mem_ctx, - num_sids, sids, - &num_aliases, - &alias_rids); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("Could not lookup_useraliases: %s\n", - nt_errstr(result))); - return WINBINDD_ERROR; - } - - num_sids = 0; - sids = NULL; - sidstr = NULL; - - DEBUG(10, ("Got %d aliases\n", num_aliases)); - - for (i=0; i<num_aliases; i++) { - DOM_SID sid; - DEBUGADD(10, (" rid %d\n", alias_rids[i])); - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, alias_rids[i]); - result = add_sid_to_array(state->mem_ctx, &sid, &sids, - &num_sids); - if (!NT_STATUS_IS_OK(result)) { - return WINBINDD_ERROR; - } - } - - - if (!print_sidlist(state->mem_ctx, sids, num_sids, &sidstr, &len)) { - DEBUG(0, ("Could not print_sidlist\n")); - state->response.extra_data.data = NULL; - return WINBINDD_ERROR; - } - - state->response.extra_data.data = NULL; - - if (sidstr) { - state->response.extra_data.data = SMB_STRDUP(sidstr); - if (!state->response.extra_data.data) { - DEBUG(0, ("Out of memory\n")); - return WINBINDD_ERROR; - } - DEBUG(10, ("aliases_list: %s\n", - (char *)state->response.extra_data.data)); - state->response.length += len+1; - } - - return WINBINDD_OK; -} - struct gettoken_state { TALLOC_CTX *mem_ctx; DOM_SID user_sid; diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c index 2e8c6175ca..1fc3ce7304 100644 --- a/source3/winbindd/winbindd_domain.c +++ b/source3/winbindd/winbindd_domain.c @@ -110,6 +110,10 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = { .struct_cmd = WINBINDD_DUAL_GETSIDALIASES, .struct_fn = winbindd_dual_getsidaliases, },{ + .name = "GETSIDALIASES", + .struct_cmd = WINBINDD_GETSIDALIASES, + .struct_fn = winbindd_dual_getsidaliases, + },{ .name = "CCACHE_NTLM_AUTH", .struct_cmd = WINBINDD_CCACHE_NTLMAUTH, .struct_fn = winbindd_dual_ccache_ntlm_auth, diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 9d9b264124..043f26e578 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -1867,3 +1867,118 @@ enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *doma return WINBINDD_OK; } + +void winbindd_getsidaliases(struct winbindd_cli_state *state) +{ + DOM_SID domain_sid; + struct winbindd_domain *domain; + + /* Ensure null termination */ + state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; + + if (!string_to_sid(&domain_sid, state->request.data.sid)) { + DEBUG(1, ("Could not get convert sid %s from string\n", + state->request.data.sid)); + request_error(state); + return; + } + + /* Get info for the domain */ + if ((domain = find_domain_from_sid_noinit(&domain_sid)) == NULL) { + DEBUG(0,("could not find domain entry for sid %s\n", + sid_string_dbg(&domain_sid))); + request_error(state); + return; + } + + sendto_domain(state, domain); +} + +enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + DOM_SID *sids = NULL; + size_t num_sids = 0; + char *sidstr = NULL; + ssize_t len; + size_t i; + uint32 num_aliases; + uint32 *alias_rids; + NTSTATUS result; + + DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); + + sidstr = state->request.extra_data.data; + if (sidstr == NULL) { + sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ + if (!sidstr) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + } + + DEBUG(10, ("Sidlist: %s\n", sidstr)); + + if (!parse_sidlist(state->mem_ctx, sidstr, &sids, &num_sids)) { + DEBUG(0, ("Could not parse SID list: %s\n", sidstr)); + return WINBINDD_ERROR; + } + + num_aliases = 0; + alias_rids = NULL; + + result = domain->methods->lookup_useraliases(domain, + state->mem_ctx, + num_sids, sids, + &num_aliases, + &alias_rids); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3, ("Could not lookup_useraliases: %s\n", + nt_errstr(result))); + return WINBINDD_ERROR; + } + + num_sids = 0; + sids = NULL; + sidstr = NULL; + + DEBUG(10, ("Got %d aliases\n", num_aliases)); + + for (i=0; i<num_aliases; i++) { + DOM_SID sid; + DEBUGADD(10, (" rid %d\n", alias_rids[i])); + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, alias_rids[i]); + result = add_sid_to_array(state->mem_ctx, &sid, &sids, + &num_sids); + if (!NT_STATUS_IS_OK(result)) { + return WINBINDD_ERROR; + } + } + + + if (!print_sidlist(state->mem_ctx, sids, num_sids, &sidstr, &len)) { + DEBUG(0, ("Could not print_sidlist\n")); + state->response.extra_data.data = NULL; + return WINBINDD_ERROR; + } + + state->response.extra_data.data = NULL; + + if (sidstr) { + state->response.extra_data.data = SMB_STRDUP(sidstr); + if (!state->response.extra_data.data) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + DEBUG(10, ("aliases_list: %s\n", + (char *)state->response.extra_data.data)); + state->response.length += len+1; + state->response.data.num_entries = num_sids; + } + + return WINBINDD_OK; +} + + diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c302dd1d62..5120402e3d 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -112,6 +112,8 @@ enum winbindd_result winbindd_dual_list_groups(struct winbindd_domain *domain, struct winbindd_cli_state *state); bool print_sidlist(TALLOC_CTX *mem_ctx, const DOM_SID *sids, size_t num_sids, char **result, ssize_t *len); +bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, + DOM_SID **sids, size_t *num_sids); enum winbindd_result winbindd_dual_lookuprids(struct winbindd_domain *domain, struct winbindd_cli_state *state); void winbindd_getsidaliases_async(struct winbindd_domain *domain, @@ -342,6 +344,7 @@ void winbindd_list_groups(struct winbindd_cli_state *state); void winbindd_getgroups(struct winbindd_cli_state *state); void winbindd_getusersids(struct winbindd_cli_state *state); void winbindd_getuserdomgroups(struct winbindd_cli_state *state); +void winbindd_getsidaliases(struct winbindd_cli_state *state); enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *domain, struct winbindd_cli_state *state); bool get_sam_group_entries(struct getent_state *ent); @@ -495,6 +498,7 @@ enum winbindd_result winbindd_dual_userinfo(struct winbindd_domain *domain, struct winbindd_cli_state *state); void winbindd_getpwnam(struct winbindd_cli_state *state); void winbindd_getpwuid(struct winbindd_cli_state *state); +void winbindd_getpwsid(struct winbindd_cli_state *state); void winbindd_setpwent(struct winbindd_cli_state *state); void winbindd_endpwent(struct winbindd_cli_state *state); void winbindd_getpwent(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index a6740b1fb8..50aea4e0cb 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -217,8 +217,8 @@ static void getpwsid_queryuser_recv(void *private_data, bool success, static void getpwsid_sid2uid_recv(void *private_data, bool success, uid_t uid); static void getpwsid_sid2gid_recv(void *private_data, bool success, gid_t gid); -static void winbindd_getpwsid(struct winbindd_cli_state *state, - const DOM_SID *sid) +static void getpwsid_queryuser(struct winbindd_cli_state *state, + const DOM_SID *sid) { struct getpwsid_state *s; @@ -509,7 +509,7 @@ static void getpwnam_name2sid_recv(void *private_data, bool success, check_domain_trusted(domname, sid); } - winbindd_getpwsid(state, sid); + getpwsid_queryuser(state, sid); } static void getpwuid_recv(void *private_data, bool success, const char *sid) @@ -535,7 +535,7 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid) return; } - winbindd_getpwsid(state, &user_sid); + getpwsid_queryuser(state, &user_sid); } /* Return a password structure given a uid number */ @@ -553,6 +553,26 @@ void winbindd_getpwuid(struct winbindd_cli_state *state) winbindd_uid2sid_async(state->mem_ctx, uid, getpwuid_recv, state); } +/* Return a password structure given a sid */ +void winbindd_getpwsid(struct winbindd_cli_state *state) +{ + DOM_SID sid; + + /* Ensure null termination */ + state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; + + DEBUG(3, ("[%5lu]: getpwsid %s\n", (unsigned long)state->pid, + state->request.data.sid)); + + if (!string_to_sid(&sid, state->request.data.sid)) { + DEBUG(5, ("%s not a SID\n", state->request.data.sid)); + request_error(state); + return; + } + + getpwsid_queryuser(state, &sid); +} + /* * set/get/endpwent functions */ |