diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 11 | ||||
-rw-r--r-- | source3/lib/winbind_util.c | 84 | ||||
-rw-r--r-- | source3/winbindd/winbindd.c | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_async.c | 90 | ||||
-rw-r--r-- | source3/winbindd/winbindd_domain.c | 4 | ||||
-rw-r--r-- | source3/winbindd/winbindd_group.c | 115 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 3 |
7 files changed, 221 insertions, 88 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 6ba1fa6360..6246be6b1c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1670,6 +1670,17 @@ bool winbind_lookup_rids(TALLOC_CTX *mem_ctx, const char ***names, enum lsa_SidType **types); bool winbind_allocate_uid(uid_t *uid); bool winbind_allocate_gid(gid_t *gid); +bool winbind_get_groups(TALLOC_CTX *mem_ctx, + const char *account, + uint32_t *num_groups, + gid_t ** _groups); +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids); + /* The following definitions come from lib/wins_srv.c */ diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 686e70f4ad..f64a4d3b45 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -271,6 +271,75 @@ bool winbind_allocate_gid(gid_t *gid) return (ret == WBC_ERR_SUCCESS); } +bool winbind_get_groups(TALLOC_CTX * mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups) +{ + wbcErr ret; + uint32_t ngroups; + gid_t *group_list = NULL; + + ret = wbcGetGroups(account, &ngroups, &group_list); + if (ret != WBC_ERR_SUCCESS) + return false; + + *_groups = TALLOC_ARRAY(mem_ctx, gid_t, ngroups); + if (*_groups == NULL) { + wbcFreeMemory(group_list); + return false; + } + + memcpy(*_groups, group_list, ngroups* sizeof(gid_t)); + *num_groups = ngroups; + + wbcFreeMemory(group_list); + return true; +} + +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids) +{ + wbcErr ret; + struct wbcDomainSid domain_sid; + struct wbcDomainSid *sid_list = NULL; + size_t i; + uint32_t * rids; + size_t num_rids; + + memcpy(&domain_sid, dom_sid, sizeof(*dom_sid)); + + sid_list = TALLOC_ARRAY(mem_ctx, struct wbcDomainSid, num_members); + + for (i=0; i < num_members; i++) { + memcpy(&sid_list[i], &members[i], sizeof(sid_list[i])); + } + + ret = wbcGetSidAliases(&domain_sid, + sid_list, + num_members, + &rids, + &num_rids); + if (ret != WBC_ERR_SUCCESS) { + wbcFreeMemory(rids); + return false; + } + + *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32_t, num_rids); + if (*pp_alias_rids == NULL) { + wbcFreeMemory(rids); + return false; + } + + memcpy(*pp_alias_rids, rids, sizeof(uint32_t) * num_rids); + + *p_num_alias_rids = num_rids; + wbcFreeMemory(rids); + + return true; +} + #else /* WITH_WINBIND */ struct passwd * winbind_getpwnam(const char * name) @@ -365,4 +434,19 @@ bool winbind_allocate_gid(gid_t *gid) return false; } +bool winbind_get_groups(TALLOC_CTX *mem_ctx, const char *account, uint32_t *num_groups, gid_t **_groups) +{ + return false; +} + +bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, + const DOM_SID *dom_sid, + const DOM_SID *members, + size_t num_members, + uint32_t **pp_alias_rids, + size_t *p_num_alias_rids) +{ + return false; +} + #endif /* WITH_WINBIND */ diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 218076c726..be91611bfb 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -430,6 +430,8 @@ static struct winbindd_dispatch_table { { WINBINDD_GETUSERSIDS, winbindd_getusersids, "GETUSERSIDS" }, { WINBINDD_GETUSERDOMGROUPS, winbindd_getuserdomgroups, "GETUSERDOMGROUPS" }, + { WINBINDD_GETSIDALIASES, winbindd_getsidaliases, + "LOOKUPUSERALIASES" }, /* Group functions */ diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 7b93f963b4..0271abbd2b 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -632,8 +632,8 @@ bool print_sidlist(TALLOC_CTX *mem_ctx, const DOM_SID *sids, return True; } -static bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, - DOM_SID **sids, size_t *num_sids) +bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, + DOM_SID **sids, size_t *num_sids) { char *p, *q; @@ -822,92 +822,6 @@ void winbindd_getsidaliases_async(struct winbindd_domain *domain, (void *)cont, private_data); } -enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, - struct winbindd_cli_state *state) -{ - DOM_SID *sids = NULL; - size_t num_sids = 0; - char *sidstr = NULL; - ssize_t len; - size_t i; - uint32 num_aliases; - uint32 *alias_rids; - NTSTATUS result; - - DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); - - sidstr = state->request.extra_data.data; - if (sidstr == NULL) { - sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ - if (!sidstr) { - DEBUG(0, ("Out of memory\n")); - return WINBINDD_ERROR; - } - } - - DEBUG(10, ("Sidlist: %s\n", sidstr)); - - if (!parse_sidlist(state->mem_ctx, sidstr, &sids, &num_sids)) { - DEBUG(0, ("Could not parse SID list: %s\n", sidstr)); - return WINBINDD_ERROR; - } - - num_aliases = 0; - alias_rids = NULL; - - result = domain->methods->lookup_useraliases(domain, - state->mem_ctx, - num_sids, sids, - &num_aliases, - &alias_rids); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("Could not lookup_useraliases: %s\n", - nt_errstr(result))); - return WINBINDD_ERROR; - } - - num_sids = 0; - sids = NULL; - sidstr = NULL; - - DEBUG(10, ("Got %d aliases\n", num_aliases)); - - for (i=0; i<num_aliases; i++) { - DOM_SID sid; - DEBUGADD(10, (" rid %d\n", alias_rids[i])); - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, alias_rids[i]); - result = add_sid_to_array(state->mem_ctx, &sid, &sids, - &num_sids); - if (!NT_STATUS_IS_OK(result)) { - return WINBINDD_ERROR; - } - } - - - if (!print_sidlist(state->mem_ctx, sids, num_sids, &sidstr, &len)) { - DEBUG(0, ("Could not print_sidlist\n")); - state->response.extra_data.data = NULL; - return WINBINDD_ERROR; - } - - state->response.extra_data.data = NULL; - - if (sidstr) { - state->response.extra_data.data = SMB_STRDUP(sidstr); - if (!state->response.extra_data.data) { - DEBUG(0, ("Out of memory\n")); - return WINBINDD_ERROR; - } - DEBUG(10, ("aliases_list: %s\n", - (char *)state->response.extra_data.data)); - state->response.length += len+1; - } - - return WINBINDD_OK; -} - struct gettoken_state { TALLOC_CTX *mem_ctx; DOM_SID user_sid; diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c index 2e8c6175ca..1fc3ce7304 100644 --- a/source3/winbindd/winbindd_domain.c +++ b/source3/winbindd/winbindd_domain.c @@ -110,6 +110,10 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = { .struct_cmd = WINBINDD_DUAL_GETSIDALIASES, .struct_fn = winbindd_dual_getsidaliases, },{ + .name = "GETSIDALIASES", + .struct_cmd = WINBINDD_GETSIDALIASES, + .struct_fn = winbindd_dual_getsidaliases, + },{ .name = "CCACHE_NTLM_AUTH", .struct_cmd = WINBINDD_CCACHE_NTLMAUTH, .struct_fn = winbindd_dual_ccache_ntlm_auth, diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 9d9b264124..043f26e578 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -1867,3 +1867,118 @@ enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *doma return WINBINDD_OK; } + +void winbindd_getsidaliases(struct winbindd_cli_state *state) +{ + DOM_SID domain_sid; + struct winbindd_domain *domain; + + /* Ensure null termination */ + state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; + + if (!string_to_sid(&domain_sid, state->request.data.sid)) { + DEBUG(1, ("Could not get convert sid %s from string\n", + state->request.data.sid)); + request_error(state); + return; + } + + /* Get info for the domain */ + if ((domain = find_domain_from_sid_noinit(&domain_sid)) == NULL) { + DEBUG(0,("could not find domain entry for sid %s\n", + sid_string_dbg(&domain_sid))); + request_error(state); + return; + } + + sendto_domain(state, domain); +} + +enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + DOM_SID *sids = NULL; + size_t num_sids = 0; + char *sidstr = NULL; + ssize_t len; + size_t i; + uint32 num_aliases; + uint32 *alias_rids; + NTSTATUS result; + + DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); + + sidstr = state->request.extra_data.data; + if (sidstr == NULL) { + sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ + if (!sidstr) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + } + + DEBUG(10, ("Sidlist: %s\n", sidstr)); + + if (!parse_sidlist(state->mem_ctx, sidstr, &sids, &num_sids)) { + DEBUG(0, ("Could not parse SID list: %s\n", sidstr)); + return WINBINDD_ERROR; + } + + num_aliases = 0; + alias_rids = NULL; + + result = domain->methods->lookup_useraliases(domain, + state->mem_ctx, + num_sids, sids, + &num_aliases, + &alias_rids); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3, ("Could not lookup_useraliases: %s\n", + nt_errstr(result))); + return WINBINDD_ERROR; + } + + num_sids = 0; + sids = NULL; + sidstr = NULL; + + DEBUG(10, ("Got %d aliases\n", num_aliases)); + + for (i=0; i<num_aliases; i++) { + DOM_SID sid; + DEBUGADD(10, (" rid %d\n", alias_rids[i])); + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, alias_rids[i]); + result = add_sid_to_array(state->mem_ctx, &sid, &sids, + &num_sids); + if (!NT_STATUS_IS_OK(result)) { + return WINBINDD_ERROR; + } + } + + + if (!print_sidlist(state->mem_ctx, sids, num_sids, &sidstr, &len)) { + DEBUG(0, ("Could not print_sidlist\n")); + state->response.extra_data.data = NULL; + return WINBINDD_ERROR; + } + + state->response.extra_data.data = NULL; + + if (sidstr) { + state->response.extra_data.data = SMB_STRDUP(sidstr); + if (!state->response.extra_data.data) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + DEBUG(10, ("aliases_list: %s\n", + (char *)state->response.extra_data.data)); + state->response.length += len+1; + state->response.data.num_entries = num_sids; + } + + return WINBINDD_OK; +} + + diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 58df8d875f..5120402e3d 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -112,6 +112,8 @@ enum winbindd_result winbindd_dual_list_groups(struct winbindd_domain *domain, struct winbindd_cli_state *state); bool print_sidlist(TALLOC_CTX *mem_ctx, const DOM_SID *sids, size_t num_sids, char **result, ssize_t *len); +bool parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, + DOM_SID **sids, size_t *num_sids); enum winbindd_result winbindd_dual_lookuprids(struct winbindd_domain *domain, struct winbindd_cli_state *state); void winbindd_getsidaliases_async(struct winbindd_domain *domain, @@ -342,6 +344,7 @@ void winbindd_list_groups(struct winbindd_cli_state *state); void winbindd_getgroups(struct winbindd_cli_state *state); void winbindd_getusersids(struct winbindd_cli_state *state); void winbindd_getuserdomgroups(struct winbindd_cli_state *state); +void winbindd_getsidaliases(struct winbindd_cli_state *state); enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *domain, struct winbindd_cli_state *state); bool get_sam_group_entries(struct getent_state *ent); |