summaryrefslogtreecommitdiff
path: root/source4/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source4/nsswitch')
-rw-r--r--source4/nsswitch/config.m412
-rw-r--r--source4/nsswitch/config.mk34
-rw-r--r--source4/nsswitch/nsstest.c411
-rw-r--r--source4/nsswitch/nsstest.h115
-rw-r--r--source4/nsswitch/nsstest.m49
-rwxr-xr-xsource4/nsswitch/tests/test_wbinfo.sh187
-rw-r--r--source4/nsswitch/wb_common.c698
-rw-r--r--source4/nsswitch/wbinfo.c1290
-rw-r--r--source4/nsswitch/winbind_client.h25
-rw-r--r--source4/nsswitch/winbind_nss.h76
-rw-r--r--source4/nsswitch/winbind_nss_config.h53
-rw-r--r--source4/nsswitch/winbind_nss_hpux.h137
-rw-r--r--source4/nsswitch/winbind_nss_irix.h42
-rw-r--r--source4/nsswitch/winbind_nss_linux.c1281
-rw-r--r--source4/nsswitch/winbind_nss_linux.h29
-rw-r--r--source4/nsswitch/winbind_nss_netbsd.h40
-rw-r--r--source4/nsswitch/winbind_nss_solaris.h89
-rw-r--r--source4/nsswitch/winbind_struct_protocol.h507
18 files changed, 0 insertions, 5035 deletions
diff --git a/source4/nsswitch/config.m4 b/source4/nsswitch/config.m4
deleted file mode 100644
index 207b7fa53f..0000000000
--- a/source4/nsswitch/config.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-AC_CHECK_HEADERS(nss.h nss_common.h ns_api.h )
-
-case "$host_os" in
- *linux*)
- SMB_LIBRARY(nss_winbind,
- [nsswitch/winbind_nss_linux.o],
- [LIBWINBIND-CLIENT])
- ;;
- *)
- ;;
-esac
-
diff --git a/source4/nsswitch/config.mk b/source4/nsswitch/config.mk
deleted file mode 100644
index e8b9600882..0000000000
--- a/source4/nsswitch/config.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-[SUBSYSTEM::LIBWINBIND-CLIENT]
-PRIVATE_DEPENDENCIES = SOCKET_WRAPPER
-
-LIBWINBIND-CLIENT_OBJ_FILES = $(nsswitchsrcdir)/wb_common.o
-
-#################################
-# Start BINARY nsstest
-[BINARY::nsstest]
-INSTALLDIR = BINDIR
-PRIVATE_DEPENDENCIES = \
- LIBSAMBA-UTIL \
- LIBREPLACE_EXT \
- LIBSAMBA-HOSTCONFIG
-# End BINARY nsstest
-#################################
-
-nsstest_OBJ_FILES = $(nsswitchsrcdir)/nsstest.o
-
-#################################
-# Start BINARY wbinfo
-[BINARY::wbinfo]
-INSTALLDIR = BINDIR
-PRIVATE_DEPENDENCIES = \
- LIBSAMBA-UTIL \
- LIBREPLACE_EXT \
- LIBCLI_AUTH \
- LIBPOPT \
- POPT_SAMBA \
- LIBWINBIND-CLIENT
-# End BINARY nsstest
-#################################
-
-wbinfo_OBJ_FILES = \
- $(nsswitchsrcdir)/wbinfo.o
diff --git a/source4/nsswitch/nsstest.c b/source4/nsswitch/nsstest.c
deleted file mode 100644
index df7f33f8e0..0000000000
--- a/source4/nsswitch/nsstest.c
+++ /dev/null
@@ -1,411 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- nss tester for winbindd
- Copyright (C) Andrew Tridgell 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-#include "nsswitch/nsstest.h"
-
-static const char *so_path = "/lib/libnss_winbind.so";
-static const char *nss_name = "winbind";
-static int nss_errno;
-static NSS_STATUS last_error;
-static int total_errors;
-
-static void *find_fn(const char *name)
-{
- char s[1024];
- static void *h;
- void *res;
-
- snprintf(s,sizeof(s), "_nss_%s_%s", nss_name, name);
-
- if (!h) {
- h = dlopen(so_path, RTLD_LAZY);
- }
- if (!h) {
- printf("Can't open shared library %s\n", so_path);
- exit(1);
- }
- res = dlsym(h, s);
- if (!res) {
- printf("Can't find function %s\n", s);
- return NULL;
- }
- return res;
-}
-
-static void report_nss_error(const char *who, NSS_STATUS status)
-{
- last_error = status;
- total_errors++;
- printf("ERROR %s: NSS_STATUS=%d %d (nss_errno=%d)\n",
- who, status, NSS_STATUS_SUCCESS, nss_errno);
-}
-
-static struct passwd *nss_getpwent(void)
-{
- NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
- size_t , int *) = find_fn("getpwent_r");
- static struct passwd pwd;
- static char buf[1000];
- NSS_STATUS status;
-
- status = _nss_getpwent_r(&pwd, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getpwent", status);
- return NULL;
- }
- return &pwd;
-}
-
-static struct passwd *nss_getpwnam(const char *name)
-{
- NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *,
- size_t , int *) = find_fn("getpwnam_r");
- static struct passwd pwd;
- static char buf[1000];
- NSS_STATUS status;
-
- status = _nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getpwnam", status);
- return NULL;
- }
- return &pwd;
-}
-
-static struct passwd *nss_getpwuid(uid_t uid)
-{
- NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *,
- size_t , int *) = find_fn("getpwuid_r");
- static struct passwd pwd;
- static char buf[1000];
- NSS_STATUS status;
-
- status = _nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getpwuid", status);
- return NULL;
- }
- return &pwd;
-}
-
-static void nss_setpwent(void)
-{
- NSS_STATUS (*_nss_setpwent)(void) = find_fn("setpwent");
- NSS_STATUS status;
- status = _nss_setpwent();
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("setpwent", status);
- }
-}
-
-static void nss_endpwent(void)
-{
- NSS_STATUS (*_nss_endpwent)(void) = find_fn("endpwent");
- NSS_STATUS status;
- status = _nss_endpwent();
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("endpwent", status);
- }
-}
-
-
-static struct group *nss_getgrent(void)
-{
- NSS_STATUS (*_nss_getgrent_r)(struct group *, char *,
- size_t , int *) = find_fn("getgrent_r");
- static struct group grp;
- static char *buf;
- static int buflen = 1024;
- NSS_STATUS status;
-
- if (!buf) buf = malloc_array_p(char, buflen);
-
-again:
- status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
- if (status == NSS_STATUS_TRYAGAIN) {
- buflen *= 2;
- buf = realloc_p(buf, char, buflen);
- goto again;
- }
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getgrent", status);
- return NULL;
- }
- return &grp;
-}
-
-static struct group *nss_getgrnam(const char *name)
-{
- NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *,
- size_t , int *) = find_fn("getgrnam_r");
- static struct group grp;
- static char *buf;
- static int buflen = 1000;
- NSS_STATUS status;
-
- if (!buf) buf = malloc_array_p(char, buflen);
-again:
- status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
- if (status == NSS_STATUS_TRYAGAIN) {
- buflen *= 2;
- buf = realloc_p(buf, char, buflen);
- goto again;
- }
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getgrnam", status);
- return NULL;
- }
- return &grp;
-}
-
-static struct group *nss_getgrgid(gid_t gid)
-{
- NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *,
- size_t , int *) = find_fn("getgrgid_r");
- static struct group grp;
- static char *buf;
- static int buflen = 1000;
- NSS_STATUS status;
-
- if (!buf) buf = malloc_array_p(char, buflen);
-again:
- status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
- if (status == NSS_STATUS_TRYAGAIN) {
- buflen *= 2;
- buf = realloc_p(buf, char, buflen);
- goto again;
- }
- if (status == NSS_STATUS_NOTFOUND) {
- return NULL;
- }
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("getgrgid", status);
- return NULL;
- }
- return &grp;
-}
-
-static void nss_setgrent(void)
-{
- NSS_STATUS (*_nss_setgrent)(void) = find_fn("setgrent");
- NSS_STATUS status;
- status = _nss_setgrent();
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("setgrent", status);
- }
-}
-
-static void nss_endgrent(void)
-{
- NSS_STATUS (*_nss_endgrent)(void) = find_fn("endgrent");
- NSS_STATUS status;
- status = _nss_endgrent();
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("endgrent", status);
- }
-}
-
-static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *start, long int *size)
-{
- NSS_STATUS (*_nss_initgroups)(char *, gid_t , long int *,
- long int *, gid_t **, long int , int *) =
- find_fn("initgroups_dyn");
- NSS_STATUS status;
-
- if (!_nss_initgroups) return NSS_STATUS_UNAVAIL;
-
- status = _nss_initgroups(user, group, start, size, groups, 0, &nss_errno);
- if (status != NSS_STATUS_SUCCESS) {
- report_nss_error("initgroups", status);
- }
- return status;
-}
-
-static void print_passwd(struct passwd *pwd)
-{
- printf("%s:%s:%d:%d:%s:%s:%s\n",
- pwd->pw_name,
- pwd->pw_passwd,
- pwd->pw_uid,
- pwd->pw_gid,
- pwd->pw_gecos,
- pwd->pw_dir,
- pwd->pw_shell);
-}
-
-static void print_group(struct group *grp)
-{
- int i;
- printf("%s:%s:%d: ",
- grp->gr_name,
- grp->gr_passwd,
- grp->gr_gid);
-
- if (!grp->gr_mem[0]) {
- printf("\n");
- return;
- }
-
- for (i=0; grp->gr_mem[i+1]; i++) {
- printf("%s, ", grp->gr_mem[i]);
- }
- printf("%s\n", grp->gr_mem[i]);
-}
-
-static void nss_test_initgroups(char *name, gid_t gid)
-{
- long int size = 16;
- long int start = 1;
- gid_t *groups = NULL;
- int i;
- NSS_STATUS status;
-
- groups = (gid_t *)malloc_array_p(gid_t, size);
- groups[0] = gid;
-
- status = nss_initgroups(name, gid, &groups, &start, &size);
- if (status == NSS_STATUS_UNAVAIL) {
- printf("No initgroups fn\n");
- return;
- }
-
- for (i=0; i<start-1; i++) {
- printf("%d, ", groups[i]);
- }
- printf("%d\n", groups[i]);
-}
-
-
-static void nss_test_users(void)
-{
- struct passwd *pwd;
-
- nss_setpwent();
- /* loop over all users */
- while ((pwd = nss_getpwent())) {
- printf("Testing user %s\n", pwd->pw_name);
- printf("getpwent: "); print_passwd(pwd);
- pwd = nss_getpwuid(pwd->pw_uid);
- if (!pwd) {
- total_errors++;
- printf("ERROR: can't getpwuid\n");
- continue;
- }
- printf("getpwuid: "); print_passwd(pwd);
- pwd = nss_getpwnam(pwd->pw_name);
- if (!pwd) {
- total_errors++;
- printf("ERROR: can't getpwnam\n");
- continue;
- }
- printf("getpwnam: "); print_passwd(pwd);
- printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid);
- printf("\n");
- }
- nss_endpwent();
-}
-
-static void nss_test_groups(void)
-{
- struct group *grp;
-
- nss_setgrent();
- /* loop over all groups */
- while ((grp = nss_getgrent())) {
- printf("Testing group %s\n", grp->gr_name);
- printf("getgrent: "); print_group(grp);
- grp = nss_getgrnam(grp->gr_name);
- if (!grp) {
- total_errors++;
- printf("ERROR: can't getgrnam\n");
- continue;
- }
- printf("getgrnam: "); print_group(grp);
- grp = nss_getgrgid(grp->gr_gid);
- if (!grp) {
- total_errors++;
- printf("ERROR: can't getgrgid\n");
- continue;
- }
- printf("getgrgid: "); print_group(grp);
- printf("\n");
- }
- nss_endgrent();
-}
-
-static void nss_test_errors(void)
-{
- struct passwd *pwd;
- struct group *grp;
-
- pwd = getpwnam("nosuchname");
- if (pwd || last_error != NSS_STATUS_NOTFOUND) {
- total_errors++;
- printf("ERROR Non existant user gave error %d\n", last_error);
- }
-
- pwd = getpwuid(0xFFF0);
- if (pwd || last_error != NSS_STATUS_NOTFOUND) {
- total_errors++;
- printf("ERROR Non existant uid gave error %d\n", last_error);
- }
-
- grp = getgrnam("nosuchgroup");
- if (grp || last_error != NSS_STATUS_NOTFOUND) {
- total_errors++;
- printf("ERROR Non existant group gave error %d\n", last_error);
- }
-
- grp = getgrgid(0xFFF0);
- if (grp || last_error != NSS_STATUS_NOTFOUND) {
- total_errors++;
- printf("ERROR Non existant gid gave error %d\n", last_error);
- }
-}
-
- int main(int argc, char *argv[])
-{
- if (argc > 1) so_path = argv[1];
- if (argc > 2) nss_name = argv[2];
-
- nss_test_users();
- nss_test_groups();
- nss_test_errors();
-
- printf("total_errors=%d\n", total_errors);
-
- return total_errors;
-}
diff --git a/source4/nsswitch/nsstest.h b/source4/nsswitch/nsstest.h
deleted file mode 100644
index 599faf2ee2..0000000000
--- a/source4/nsswitch/nsstest.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- nss includes for the nss tester
- Copyright (C) Kai Blin 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _NSSTEST_H
-#define _NSSTEST_H
-
-#include <pwd.h>
-#include <grp.h>
-
-#ifdef HAVE_NSS_COMMON_H
-
-/*
- * Sun Solaris
- */
-
-#include <nss_common.h>
-#include <nss_dbdefs.h>
-#include <nsswitch.h>
-
-typedef nss_status_t NSS_STATUS;
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-#elif HAVE_NSS_H
-
-/*
- * Linux (glibc)
- */
-
-#include <nss.h>
-typedef enum nss_status NSS_STATUS;
-
-#elif HAVE_NS_API_H
-
-/*
- * SGI IRIX
- */
-
-#ifdef DATUM
-#define _DATUM_DEFINED
-#endif
-
-#include <ns_api.h>
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=NS_SUCCESS,
- NSS_STATUS_NOTFOUND=NS_NOTFOUND,
- NSS_STATUS_UNAVAIL=NS_UNAVAIL,
- NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
-} NSS_STATUS;
-
-#define NSD_MEM_STATIC 0
-#define NSD_MEM_VOLATILE 1
-#define NSD_MEM_DYNAMIC 2
-
-#elif defined(HPUX) && defined(HAVE_NSSWITCH_H)
-
-/* HP-UX 11 */
-
-#include <nsswitch.h>
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-#ifdef HAVE_SYNCH_H
-#include <synch.h>
-#endif
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-
-typedef enum {
- NSS_SUCCESS,
- NSS_NOTFOUND,
- NSS_UNAVAIL,
- NSS_TRYAGAIN
-} nss_status_t;
-
-typedef nss_status_t NSS_STATUS;
-
-#else /* Nothing's defined. Neither solaris nor gnu nor sun nor hp */
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=0,
- NSS_STATUS_NOTFOUND=1,
- NSS_STATUS_UNAVAIL=2,
- NSS_STATUS_TRYAGAIN=3
-} NSS_STATUS;
-
-#endif
-
-#endif /* _NSSTEST_H */
diff --git a/source4/nsswitch/nsstest.m4 b/source4/nsswitch/nsstest.m4
deleted file mode 100644
index 2856f9de15..0000000000
--- a/source4/nsswitch/nsstest.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-case "$host_os" in
- *linux*)
- SMB_ENABLE(nsstest,YES)
- ;;
- *)
- SMB_ENABLE(nsstest,NO)
- ;;
-esac
-
diff --git a/source4/nsswitch/tests/test_wbinfo.sh b/source4/nsswitch/tests/test_wbinfo.sh
deleted file mode 100755
index a67fac9394..0000000000
--- a/source4/nsswitch/tests/test_wbinfo.sh
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/bin/sh
-# Blackbox test for wbinfo
-if [ $# -lt 4 ]; then
-cat <<EOF
-Usage: test_wbinfo.sh DOMAIN USERNAME PASSWORD TARGET
-EOF
-exit 1;
-fi
-
-DOMAIN=$1
-USERNAME=$2
-PASSWORD=$3
-TARGET=$4
-shift 4
-
-failed=0
-samba4bindir=`dirname $0`/../../bin
-wbinfo=$samba4bindir/wbinfo
-
-. `dirname $0`/../../../testprogs/blackbox/subunit.sh
-
-testfail() {
- name="$1"
- shift
- cmdline="$*"
- echo "test: $name"
- $cmdline
- status=$?
- if [ x$status = x0 ]; then
- echo "failure: $name"
- else
- echo "success: $name"
- fi
- return $status
-}
-
-knownfail() {
- name="$1"
- shift
- cmdline="$*"
- echo "test: $name"
- $cmdline
- status=$?
- if [ x$status = x0 ]; then
- echo "failure: $name [unexpected success]"
- status=1
- else
- echo "knownfail: $name"
- status=0
- fi
- return $status
-}
-
-
-testit "wbinfo -u against $TARGET" $wbinfo -u || failed=`expr $failed + 1`
-# Does not work yet
-knownfail "wbinfo -g against $TARGET" $wbinfo -g || failed=`expr $failed + 1`
-knownfail "wbinfo -N against $TARGET" $wbinfo -N || failed=`expr $failed + 1`
-knownfail "wbinfo -I against $TARGET" $wbinfo -I || failed=`expr $failed + 1`
-testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/$USERNAME" || failed=`expr $failed + 1`
-admin_sid=`$wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1`
-echo "$DOMAIN/$USERNAME resolved to $admin_sid"
-
-testit "wbinfo -s $admin_sid against $TARGET" $wbinfo -s $admin_sid || failed=`expr $failed + 1`
-admin_name=`$wbinfo -s $admin_sid | cut -d " " -f1| tr a-z A-Z`
-echo "$admin_sid resolved to $admin_name"
-
-tested_name=`echo $DOMAIN/$USERNAME | tr a-z A-Z`
-
-echo "test: wbinfo -s check for sane mapping"
-if test x$admin_name != x$tested_name; then
- echo "$admin_name does not match $tested_name"
- echo "failure: wbinfo -s check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -s check for sane mapping"
-fi
-
-testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $admin_name || failed=`expr $failed + 1`
-test_sid=`$wbinfo -n $tested_name | cut -d " " -f1`
-
-echo "test: wbinfo -n check for sane mapping"
-if test x$admin_sid != x$test_sid; then
- echo "$admin_sid does not match $test_sid"
- echo "failure: wbinfo -n check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -n check for sane mapping"
-fi
-
-testit "wbinfo -U against $TARGET" $wbinfo -U 30000 || failed=`expr $failed + 1`
-
-echo "test: wbinfo -U check for sane mapping"
-sid_for_30000=`$wbinfo -U 30000`
-if test x$sid_for_30000 != "xS-1-22-1-30000"; then
- echo "uid 30000 mapped to $sid_for_30000, not S-1-22-1-30000"
- echo "failure: wbinfo -U check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -U check for sane mapping"
-fi
-
-admin_uid=`$wbinfo -U $admin_sid`
-
-testit "wbinfo -G against $TARGET" $wbinfo -G 30000 || failed=`expr $failed + 1`
-
-echo "test: wbinfo -G check for sane mapping"
-sid_for_30000=`$wbinfo -G 30000`
-if test x$sid_for_30000 != "xS-1-22-2-30000"; then
- echo "gid 30000 mapped to $sid_for_30000, not S-1-22-2-30000"
- echo "failure: wbinfo -G check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -G check for sane mapping"
-fi
-
-testit "wbinfo -S against $TARGET" $wbinfo -S "S-1-22-1-30000" || failed=`expr $failed + 1`
-
-echo "test: wbinfo -S check for sane mapping"
-uid_for_sid=`$wbinfo -S S-1-22-1-30000`
-if test 0$uid_for_sid -ne 30000; then
- echo "S-1-22-1-30000 mapped to $uid_for_sid, not 30000"
- echo "failure: wbinfo -S check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -S check for sane mapping"
-fi
-
-testfail "wbinfo -S against $TARGET using invalid SID" $wbinfo -S "S-1-22-2-30000" && failed=`expr $failed + 1`
-
-testit "wbinfo -Y against $TARGET" $wbinfo -Y "S-1-22-2-30000" || failed=`expr $failed + 1`
-
-echo "test: wbinfo -Y check for sane mapping"
-gid_for_sid=`$wbinfo -Y S-1-22-2-30000`
-if test 0$gid_for_sid -ne 30000; then
- echo "S-1-22-2-30000 mapped to $gid_for_sid, not 30000"
- echo "failure: wbinfo -Y check for sane mapping"
- failed=`expr $failed + 1`
-else
- echo "success: wbinfo -Y check for sane mapping"
-fi
-
-testfail "wbinfo -Y against $TARGET using invalid SID" $wbinfo -Y "S-1-22-1-30000" && failed=`expr $failed + 1`
-
-testit "wbinfo -t against $TARGET" $wbinfo -t || failed=`expr $failed + 1`
-
-testit "wbinfo --trusted-domains against $TARGET" $wbinfo --trusted-domains || failed=`expr $failed + 1`
-testit "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=`expr $failed + 1`
-testit "wbinfo --own-domain against $TARGET" $wbinfo --own-domain || failed=`expr $failed + 1`
-
-echo "test: wbinfo --own-domain against $TARGET check output"
-own_domain=`$wbinfo --own-domain`
-if test x$own_domain = x$DOMAIN; then
- echo "success: wbinfo --own-domain against $TARGET check output"
-else
- echo "Own domain reported as $own_domain instead of $DOMAIN"
- echo "failure: wbinfo --own-domain against $TARGET check output"
-fi
-
-# this does not work
-knownfail "wbinfo --sequence against $TARGET" $wbinfo --sequence
-knownfail "wbinfo -D against $TARGET" $wbinfo -D $DOMAIN || failed=`expr $failed + 1`
-
-testit "wbinfo -i against $TARGET" $wbinfo -i "$DOMAIN/$USERNAME" || failed=`expr $failed + 1`
-
-# this does not work
-knownfail "wbinfo --uid-info against $TARGET" $wbinfo --uid-info $admin_sid
-knownfail "wbinfo --group-info against $TARGET" $wbinfo --group-info "S-1-22-2-0"
-knownfail "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME"
-
-testit "wbinfo --user-domgroups against $TARGET" $wbinfo --user-domgroups $admin_sid || failed=`expr $failed + 1`
-
-testit "wbinfo --user-sids against $TARGET" $wbinfo --user-sids $admin_sid || failed=`expr $failed + 1`
-
-testit "wbinfo -a against $TARGET with domain creds" $wbinfo -a "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
-
-# this does not work
-knwonfail "wbinfo --getdcname against $TARGET" $wbinfo --getdcname=$DOMAIN
-
-testit "wbinfo -p against $TARGET" $wbinfo -p || failed=`expr $failed + 1`
-
-testit "wbinfo -K against $TARGET with domain creds" $wbinfo -K "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
-
-testit "wbinfo --separator against $TARGET" $wbinfo --separator || failed=`expr $failed + 1`
-
-exit $failed
-
diff --git a/source4/nsswitch/wb_common.c b/source4/nsswitch/wb_common.c
deleted file mode 100644
index 6cf4223043..0000000000
--- a/source4/nsswitch/wb_common.c
+++ /dev/null
@@ -1,698 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- winbind client common code
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Andrew Tridgell 2000
- Copyright (C) Andrew Bartlett 2002
-
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "winbind_client.h"
-
-/* Global variables. These are effectively the client state information */
-
-int winbindd_fd = -1; /* fd for winbindd socket */
-static int is_privileged = 0;
-
-/* Free a response structure */
-
-void winbindd_free_response(struct winbindd_response *response)
-{
- /* Free any allocated extra_data */
-
- if (response)
- SAFE_FREE(response->extra_data.data);
-}
-
-/* Initialise a request structure */
-
-void winbindd_init_request(struct winbindd_request *request, int request_type)
-{
- request->length = sizeof(struct winbindd_request);
-
- request->cmd = (enum winbindd_cmd)request_type;
- request->pid = getpid();
-
-}
-
-/* Initialise a response structure */
-
-static void init_response(struct winbindd_response *response)
-{
- /* Initialise return value */
-
- response->result = WINBINDD_ERROR;
-}
-
-/* Close established socket */
-
-void winbind_close_sock(void)
-{
- if (winbindd_fd != -1) {
- close(winbindd_fd);
- winbindd_fd = -1;
- }
-}
-
-#define CONNECT_TIMEOUT 30
-
-/* Make sure socket handle isn't stdin, stdout or stderr */
-#define RECURSION_LIMIT 3
-
-static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
-{
- int new_fd;
- if (fd >= 0 && fd <= 2) {
-#ifdef F_DUPFD
- if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
- return -1;
- }
- /* Paranoia */
- if (new_fd < 3) {
- close(new_fd);
- return -1;
- }
- close(fd);
- return new_fd;
-#else
- if (limit <= 0)
- return -1;
-
- new_fd = dup(fd);
- if (new_fd == -1)
- return -1;
-
- /* use the program stack to hold our list of FDs to close */
- new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
- close(fd);
- return new_fd;
-#endif
- }
- return fd;
-}
-
-/****************************************************************************
- Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
- else
- if SYSV use O_NDELAY
- if BSD use FNDELAY
- Set close on exec also.
-****************************************************************************/
-
-static int make_safe_fd(int fd)
-{
- int result, flags;
- int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
- if (new_fd == -1) {
- close(fd);
- return -1;
- }
-
- /* Socket should be nonblocking. */
-#ifdef O_NONBLOCK
-#define FLAG_TO_SET O_NONBLOCK
-#else
-#ifdef SYSV
-#define FLAG_TO_SET O_NDELAY
-#else /* BSD */
-#define FLAG_TO_SET FNDELAY
-#endif
-#endif
-
- if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
- close(new_fd);
- return -1;
- }
-
- flags |= FLAG_TO_SET;
- if (fcntl(new_fd, F_SETFL, flags) == -1) {
- close(new_fd);
- return -1;
- }
-
-#undef FLAG_TO_SET
-
- /* Socket should be closed on exec() */
-#ifdef FD_CLOEXEC
- result = flags = fcntl(new_fd, F_GETFD, 0);
- if (flags >= 0) {
- flags |= FD_CLOEXEC;
- result = fcntl( new_fd, F_SETFD, flags );
- }
- if (result < 0) {
- close(new_fd);
- return -1;
- }
-#endif
- return new_fd;
-}
-
-/* Connect to winbindd socket */
-
-static int winbind_named_pipe_sock(const char *dir)
-{
- struct sockaddr_un sunaddr;
- struct stat st;
- char *path;
- int fd;
- int wait_time;
- int slept;
-
- /* Check permissions on unix socket directory */
-
- if (lstat(dir, &st) == -1) {
- return -1;
- }
-
- if (!S_ISDIR(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
- return -1;
- }
-
- /* Connect to socket */
-
- asprintf(&path, "%s/%s", dir, WINBINDD_SOCKET_NAME);
-
- ZERO_STRUCT(sunaddr);
- sunaddr.sun_family = AF_UNIX;
- strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
- SAFE_FREE(path);
-
- /* If socket file doesn't exist, don't bother trying to connect
- with retry. This is an attempt to make the system usable when
- the winbindd daemon is not running. */
-
- if (lstat(sunaddr.sun_path, &st) == -1) {
- return -1;
- }
-
- /* Check permissions on unix socket file */
-
- if (!S_ISSOCK(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
- return -1;
- }
-
- /* Connect to socket */
-
- if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
- return -1;
- }
-
- /* Set socket non-blocking and close on exec. */
-
- if ((fd = make_safe_fd( fd)) == -1) {
- return fd;
- }
-
- for (wait_time = 0; connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1;
- wait_time += slept) {
- struct timeval tv;
- fd_set w_fds;
- int ret;
- int connect_errno = 0;
- socklen_t errnosize;
-
- if (wait_time >= CONNECT_TIMEOUT)
- goto error_out;
-
- switch (errno) {
- case EINPROGRESS:
- FD_ZERO(&w_fds);
- FD_SET(fd, &w_fds);
- tv.tv_sec = CONNECT_TIMEOUT - wait_time;
- tv.tv_usec = 0;
-
- ret = select(fd + 1, NULL, &w_fds, NULL, &tv);
-
- if (ret > 0) {
- errnosize = sizeof(connect_errno);
-
- ret = getsockopt(fd, SOL_SOCKET,
- SO_ERROR, &connect_errno, &errnosize);
-
- if (ret >= 0 && connect_errno == 0) {
- /* Connect succeed */
- goto out;
- }
- }
-
- slept = CONNECT_TIMEOUT;
- break;
- case EAGAIN:
- slept = rand() % 3 + 1;
- sleep(slept);
- break;
- default:
- goto error_out;
- }
-
- }
-
- out:
-
- return fd;
-
- error_out:
-
- close(fd);
- return -1;
-}
-
-static const char *winbindd_socket_dir(void)
-{
-#ifdef SOCKET_WRAPPER
- const char *env_dir;
-
- env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
- if (env_dir) {
- return env_dir;
- }
-#endif
-
- return WINBINDD_SOCKET_DIR;
-}
-
-/* Connect to winbindd socket */
-
-static int winbind_open_pipe_sock(int recursing, int need_priv)
-{
-#ifdef HAVE_UNIXSOCKET
- static pid_t our_pid;
- struct winbindd_request request;
- struct winbindd_response response;
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if (our_pid != getpid()) {
- winbind_close_sock();
- our_pid = getpid();
- }
-
- if ((need_priv != 0) && (is_privileged == 0)) {
- winbind_close_sock();
- }
-
- if (winbindd_fd != -1) {
- return winbindd_fd;
- }
-
- if (recursing) {
- return -1;
- }
-
- if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
- return -1;
- }
-
- is_privileged = 0;
-
- /* version-check the socket */
-
- request.wb_flags = WBFLAG_RECURSE;
- if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
- winbind_close_sock();
- return -1;
- }
-
- /* try and get priv pipe */
-
- request.wb_flags = WBFLAG_RECURSE;
- if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
- int fd;
- if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
- close(winbindd_fd);
- winbindd_fd = fd;
- is_privileged = 1;
- }
- }
-
- if ((need_priv != 0) && (is_privileged == 0)) {
- return -1;
- }
-
- SAFE_FREE(response.extra_data.data);
-
- return winbindd_fd;
-#else
- return -1;
-#endif /* HAVE_UNIXSOCKET */
-}
-
-/* Write data to winbindd socket */
-
-int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
-{
- int result, nwritten;
-
- /* Open connection to winbind daemon */
-
- restart:
-
- if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
- return -1;
- }
-
- /* Write data to socket */
-
- nwritten = 0;
-
- while(nwritten < count) {
- struct timeval tv;
- fd_set r_fds;
-
- /* Catch pipe close on other end by checking if a read()
- call would not block by calling select(). */
-
- FD_ZERO(&r_fds);
- FD_SET(winbindd_fd, &r_fds);
- ZERO_STRUCT(tv);
-
- if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
- winbind_close_sock();
- return -1; /* Select error */
- }
-
- /* Write should be OK if fd not available for reading */
-
- if (!FD_ISSET(winbindd_fd, &r_fds)) {
-
- /* Do the write */
-
- result = write(winbindd_fd,
- (char *)buffer + nwritten,
- count - nwritten);
-
- if ((result == -1) || (result == 0)) {
-
- /* Write failed */
-
- winbind_close_sock();
- return -1;
- }
-
- nwritten += result;
-
- } else {
-
- /* Pipe has closed on remote end */
-
- winbind_close_sock();
- goto restart;
- }
- }
-
- return nwritten;
-}
-
-/* Read data from winbindd socket */
-
-int winbind_read_sock(void *buffer, int count)
-{
- int nread = 0;
- int total_time = 0, selret;
-
- if (winbindd_fd == -1) {
- return -1;
- }
-
- /* Read data from socket */
- while(nread < count) {
- struct timeval tv;
- fd_set r_fds;
-
- /* Catch pipe close on other end by checking if a read()
- call would not block by calling select(). */
-
- FD_ZERO(&r_fds);
- FD_SET(winbindd_fd, &r_fds);
- ZERO_STRUCT(tv);
- /* Wait for 5 seconds for a reply. May need to parameterise this... */
- tv.tv_sec = 5;
-
- if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
- winbind_close_sock();
- return -1; /* Select error */
- }
-
- if (selret == 0) {
- /* Not ready for read yet... */
- if (total_time >= 30) {
- /* Timeout */
- winbind_close_sock();
- return -1;
- }
- total_time += 5;
- continue;
- }
-
- if (FD_ISSET(winbindd_fd, &r_fds)) {
-
- /* Do the Read */
-
- int result = read(winbindd_fd, (char *)buffer + nread,
- count - nread);
-
- if ((result == -1) || (result == 0)) {
-
- /* Read failed. I think the only useful thing we
- can do here is just return -1 and fail since the
- transaction has failed half way through. */
-
- winbind_close_sock();
- return -1;
- }
-
- nread += result;
-
- }
- }
-
- return nread;
-}
-
-/* Read reply */
-
-int winbindd_read_reply(struct winbindd_response *response)
-{
- int result1, result2 = 0;
-
- if (!response) {
- return -1;
- }
-
- /* Read fixed length response */
-
- result1 = winbind_read_sock(response,
- sizeof(struct winbindd_response));
- if (result1 == -1) {
- return -1;
- }
-
- /* We actually send the pointer value of the extra_data field from
- the server. This has no meaning in the client's address space
- so we clear it out. */
-
- response->extra_data.data = NULL;
-
- /* Read variable length response */
-
- if (response->length > sizeof(struct winbindd_response)) {
- int extra_data_len = response->length -
- sizeof(struct winbindd_response);
-
- /* Mallocate memory for extra data */
-
- if (!(response->extra_data.data = malloc(extra_data_len))) {
- return -1;
- }
-
- result2 = winbind_read_sock(response->extra_data.data,
- extra_data_len);
- if (result2 == -1) {
- winbindd_free_response(response);
- return -1;
- }
- }
-
- /* Return total amount of data read */
-
- return result1 + result2;
-}
-
-bool winbind_env_set(void)
-{
- char *env;
-
- if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
- if(strcmp(env, "1") == 0) {
- return true;
- }
- }
- return false;
-}
-
-/*
- * send simple types of requests
- */
-
-NSS_STATUS winbindd_send_request(int req_type, int need_priv,
- struct winbindd_request *request)
-{
- struct winbindd_request lrequest;
-
- /* Check for our tricky environment variable */
-
- if (winbind_env_set()) {
- return NSS_STATUS_NOTFOUND;
- }
-
- if (!request) {
- ZERO_STRUCT(lrequest);
- request = &lrequest;
- }
-
- /* Fill in request and send down pipe */
-
- winbindd_init_request(request, req_type);
-
- if (winbind_write_sock(request, sizeof(*request),
- request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1) {
- return NSS_STATUS_UNAVAIL;
- }
-
- if ((request->extra_len != 0) &&
- (winbind_write_sock(request->extra_data.data,
- request->extra_len,
- request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1)) {
- return NSS_STATUS_UNAVAIL;
- }
-
- return NSS_STATUS_SUCCESS;
-}
-
-/*
- * Get results from winbindd request
- */
-
-NSS_STATUS winbindd_get_response(struct winbindd_response *response)
-{
- struct winbindd_response lresponse;
-
- if (!response) {
- ZERO_STRUCT(lresponse);
- response = &lresponse;
- }
-
- init_response(response);
-
- /* Wait for reply */
- if (winbindd_read_reply(response) == -1) {
- return NSS_STATUS_UNAVAIL;
- }
-
- /* Throw away extra data if client didn't request it */
- if (response == &lresponse) {
- winbindd_free_response(response);
- }
-
- /* Copy reply data from socket */
- if (response->result != WINBINDD_OK) {
- return NSS_STATUS_NOTFOUND;
- }
-
- return NSS_STATUS_SUCCESS;
-}
-
-/* Handle simple types of requests */
-
-NSS_STATUS winbindd_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response)
-{
- NSS_STATUS status = NSS_STATUS_UNAVAIL;
- int count = 0;
-
- while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
- status = winbindd_send_request(req_type, 0, request);
- if (status != NSS_STATUS_SUCCESS)
- return(status);
- status = winbindd_get_response(response);
- count += 1;
- }
-
- return status;
-}
-
-NSS_STATUS winbindd_priv_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response)
-{
- NSS_STATUS status = NSS_STATUS_UNAVAIL;
- int count = 0;
-
- while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
- status = winbindd_send_request(req_type, 1, request);
- if (status != NSS_STATUS_SUCCESS)
- return(status);
- status = winbindd_get_response(response);
- count += 1;
- }
-
- return status;
-}
-
-/*************************************************************************
- A couple of simple functions to disable winbindd lookups and re-
- enable them
- ************************************************************************/
-
-bool winbind_off(void)
-{
- return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
-}
-
-bool winbind_on(void)
-{
- return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
-}
-
-/*************************************************************************
- ************************************************************************/
-
-const char *nss_err_str(NSS_STATUS ret)
-{
- switch (ret) {
- case NSS_STATUS_TRYAGAIN:
- return "NSS_STATUS_TRYAGAIN";
- case NSS_STATUS_SUCCESS:
- return "NSS_STATUS_SUCCESS";
- case NSS_STATUS_NOTFOUND:
- return "NSS_STATUS_NOTFOUND";
- case NSS_STATUS_UNAVAIL:
- return "NSS_STATUS_UNAVAIL";
-#ifdef NSS_STATUS_RETURN
- case NSS_STATUS_RETURN:
- return "NSS_STATUS_RETURN";
-#endif
- default:
- return "UNKNOWN RETURN CODE!!!!!!!";
- }
-}
diff --git a/source4/nsswitch/wbinfo.c b/source4/nsswitch/wbinfo.c
deleted file mode 100644
index 60c95a3bd0..0000000000
--- a/source4/nsswitch/wbinfo.c
+++ /dev/null
@@ -1,1290 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind status program.
-
- Copyright (C) Tim Potter 2000-2003
- Copyright (C) Andrew Bartlett 2002-2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "winbind_client.h"
-#include "librpc/gen_ndr/ndr_netlogon.h"
-#include "libcli/auth/libcli_auth.h"
-#include "libcli/security/security.h"
-#include "lib/cmdline/popt_common.h"
-#include "dynconfig/dynconfig.h"
-#include "param/param.h"
-
-extern int winbindd_fd;
-
-static char winbind_separator_int(bool strict)
-{
- struct winbindd_response response;
- static bool got_sep;
- static char sep;
-
- if (got_sep)
- return sep;
-
- ZERO_STRUCT(response);
-
- /* Send off request */
-
- if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
- NSS_STATUS_SUCCESS) {
- d_fprintf(stderr, "could not obtain winbind separator!\n");
- if (strict) {
- return 0;
- }
- /* HACK: (this module should not call lp_ funtions) */
- return *lp_winbind_separator(cmdline_lp_ctx);
- }
-
- sep = response.data.info.winbind_separator;
- got_sep = true;
-
- if (!sep) {
- d_fprintf(stderr, "winbind separator was NULL!\n");
- if (strict) {
- return 0;
- }
- /* HACK: (this module should not call lp_ funtions) */
- sep = *lp_winbind_separator(cmdline_lp_ctx);
- }
-
- return sep;
-}
-
-static char winbind_separator(void)
-{
- return winbind_separator_int(false);
-}
-
-static const char *get_winbind_domain(void)
-{
- struct winbindd_response response;
- static fstring winbind_domain;
-
- ZERO_STRUCT(response);
-
- /* Send off request */
-
- if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
- NSS_STATUS_SUCCESS) {
- d_fprintf(stderr, "could not obtain winbind domain name!\n");
-
- /* HACK: (this module should not call lp_ funtions) */
- return lp_workgroup(cmdline_lp_ctx);
- }
-
- fstrcpy(winbind_domain, response.data.domain_name);
-
- return winbind_domain;
-
-}
-
-/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
- form DOMAIN/user into a domain and a user */
-
-static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
- fstring user)
-{
-
- char *p = strchr(domuser,winbind_separator());
-
- if (!p) {
- fstrcpy(user, domuser);
- fstrcpy(domain, get_winbind_domain());
- return true;
- }
-
- fstrcpy(user, p+1);
- fstrcpy(domain, domuser);
- domain[PTR_DIFF(p, domuser)] = 0;
- strupper_m(domain);
-
- return true;
-}
-
-/* pull pwent info for a given user */
-
-static bool wbinfo_get_userinfo(char *user)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.username, user);
-
- result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return false;
-
- d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
- response.data.pw.pw_name,
- response.data.pw.pw_passwd,
- response.data.pw.pw_uid,
- response.data.pw.pw_gid,
- response.data.pw.pw_gecos,
- response.data.pw.pw_dir,
- response.data.pw.pw_shell );
-
- return true;
-}
-
-/* pull pwent info for a given uid */
-static bool wbinfo_get_uidinfo(int uid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.data.uid = uid;
-
- result = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return false;
-
- d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
- response.data.pw.pw_name,
- response.data.pw.pw_passwd,
- response.data.pw.pw_uid,
- response.data.pw.pw_gid,
- response.data.pw.pw_gecos,
- response.data.pw.pw_dir,
- response.data.pw.pw_shell );
-
- return true;
-}
-
-/* pull grent for a given group */
-static bool wbinfo_get_groupinfo(char *group)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.groupname, group);
-
- result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
- &response);
-
- if ( result != NSS_STATUS_SUCCESS)
- return false;
-
- d_printf( "%s:%s:%d\n",
- response.data.gr.gr_name,
- response.data.gr.gr_passwd,
- response.data.gr.gr_gid );
-
- return true;
-}
-
-/* List groups a user is a member of */
-
-static bool wbinfo_get_usergroups(char *user)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- int i;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.username, user);
-
- result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return false;
-
- for (i = 0; i < response.data.num_entries; i++)
- d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
-
- SAFE_FREE(response.extra_data.data);
-
- return true;
-}
-
-
-/* List group SIDs a user SID is a member of */
-static bool wbinfo_get_usersids(char *user_sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- int i;
- const char *s;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
- fstrcpy(request.data.sid, user_sid);
-
- result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return false;
-
- s = (const char *)response.extra_data.data;
- for (i = 0; i < response.data.num_entries; i++) {
- d_printf("%s\n", s);
- s += strlen(s) + 1;
- }
-
- SAFE_FREE(response.extra_data.data);
-
- return true;
-}
-
-static bool wbinfo_get_userdomgroups(const char *user_sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
- fstrcpy(request.data.sid, user_sid);
-
- result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
- &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return false;
-
- if (response.data.num_entries != 0)
- printf("%s", (char *)response.extra_data.data);
-
- SAFE_FREE(response.extra_data.data);
-
- return true;
-}
-
-/* Convert NetBIOS name to IP */
-
-static bool wbinfo_wins_byname(char *name)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.winsreq, name);
-
- if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- return false;
- }
-
- /* Display response */
-
- d_printf("%s\n", response.data.winsresp);
-
- return true;
-}
-
-/* Convert IP to NetBIOS name */
-
-static bool wbinfo_wins_byip(char *ip)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.winsreq, ip);
-
- if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- return false;
- }
-
- /* Display response */
-
- d_printf("%s\n", response.data.winsresp);
-
- return true;
-}
-
-/* List trusted domains */
-
-static bool wbinfo_list_domains(bool list_all_domains)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- request.data.list_all_domains = list_all_domains;
-
- if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- if (response.extra_data.data) {
- const char *extra_data = (char *)response.extra_data.data;
- fstring name;
- char *p;
-
- while(next_token(&extra_data, name, "\n", sizeof(fstring))) {
- p = strchr(name, '\\');
- if (p == 0) {
- d_fprintf(stderr, "Got invalid response: %s\n",
- extra_data);
- return false;
- }
- *p = 0;
- d_printf("%s\n", name);
- }
-
- SAFE_FREE(response.extra_data.data);
- }
-
- return true;
-}
-
-/* List own domain */
-
-static bool wbinfo_list_own_domain(void)
-{
- d_printf("%s\n", get_winbind_domain());
-
- return true;
-}
-
-/* show sequence numbers */
-static bool wbinfo_show_sequence(const char *domain)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- if ( domain )
- fstrcpy( request.domain_name, domain );
-
- /* Send request */
-
- if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- if (response.extra_data.data) {
- char *extra_data = (char *)response.extra_data.data;
- d_printf("%s", extra_data);
- SAFE_FREE(response.extra_data.data);
- }
-
- return true;
-}
-
-/* Show domain info */
-
-static bool wbinfo_domain_info(const char *domain_name)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if ((strequal(domain_name, ".")) || (domain_name[0] == '\0'))
- fstrcpy(request.domain_name, get_winbind_domain());
- else
- fstrcpy(request.domain_name, domain_name);
-
- /* Send request */
-
- if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("Name : %s\n", response.data.domain_info.name);
- d_printf("Alt_Name : %s\n", response.data.domain_info.alt_name);
-
- d_printf("SID : %s\n", response.data.domain_info.sid);
-
- d_printf("Active Directory : %s\n",
- response.data.domain_info.active_directory ? "Yes" : "No");
- d_printf("Native : %s\n",
- response.data.domain_info.native_mode ? "Yes" : "No");
-
- d_printf("Primary : %s\n",
- response.data.domain_info.primary ? "Yes" : "No");
-
- return true;
-}
-
-/* Get a foreign DC's name */
-static bool wbinfo_getdcname(const char *domain_name)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.domain_name, domain_name);
-
- /* Send request */
-
- if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
- return false;
- }
-
- /* Display response */
-
- d_printf("%s\n", response.data.dc_name);
-
- return true;
-}
-
-/* Check trust account password */
-
-static bool wbinfo_check_secret(void)
-{
- struct winbindd_response response;
- NSS_STATUS result;
-
- ZERO_STRUCT(response);
-
- result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
-
- d_printf("checking the trust secret via RPC calls %s\n",
- (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
-
- if (result != NSS_STATUS_SUCCESS)
- d_fprintf(stderr, "error code was %s (0x%x)\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/* Convert uid to sid */
-
-static bool wbinfo_uid_to_sid(uid_t uid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- request.data.uid = uid;
-
- if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%s\n", response.data.sid.sid);
-
- return true;
-}
-
-/* Convert gid to sid */
-
-static bool wbinfo_gid_to_sid(gid_t gid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- request.data.gid = gid;
-
- if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%s\n", response.data.sid.sid);
-
- return true;
-}
-
-/* Convert sid to uid */
-
-static bool wbinfo_sid_to_uid(char *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%d\n", (int)response.data.uid);
-
- return true;
-}
-
-static bool wbinfo_sid_to_gid(char *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send request */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%d\n", (int)response.data.gid);
-
- return true;
-}
-
-static const char *sid_type_lookup(enum lsa_SidType r)
-{
- switch (r) {
- case SID_NAME_USE_NONE: return "SID_NAME_USE_NONE"; break;
- case SID_NAME_USER: return "SID_NAME_USER"; break;
- case SID_NAME_DOM_GRP: return "SID_NAME_DOM_GRP"; break;
- case SID_NAME_DOMAIN: return "SID_NAME_DOMAIN"; break;
- case SID_NAME_ALIAS: return "SID_NAME_ALIAS"; break;
- case SID_NAME_WKN_GRP: return "SID_NAME_WKN_GRP"; break;
- case SID_NAME_DELETED: return "SID_NAME_DELETED"; break;
- case SID_NAME_INVALID: return "SID_NAME_INVALID"; break;
- case SID_NAME_UNKNOWN: return "SID_NAME_UNKNOWN"; break;
- case SID_NAME_COMPUTER: return "SID_NAME_COMPUTER"; break;
- }
- return "Invalid sid type\n";
-}
-
-/* Convert sid to string */
-
-static bool wbinfo_lookupsid(char *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Send off request */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%s%c%s %s\n", response.data.name.dom_name,
- winbind_separator(), response.data.name.name,
- sid_type_lookup(response.data.name.type));
-
- return true;
-}
-
-/* Convert string to sid */
-
-static bool wbinfo_lookupname(char *name)
-{
- struct winbindd_request request;
- struct winbindd_response response;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- parse_wbinfo_domain_user(name, request.data.name.dom_name,
- request.data.name.name);
-
- if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Display response */
-
- d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
-
- return true;
-}
-
-/* Authenticate a user with a plaintext password */
-
-static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- char *p;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- p = strchr(username, '%');
-
- if (p) {
- *p = 0;
- fstrcpy(request.data.auth.user, username);
- fstrcpy(request.data.auth.pass, p + 1);
- *p = '%';
- } else
- fstrcpy(request.data.auth.user, username);
-
- request.flags = flags;
-
- fstrcpy(request.data.auth.krb5_cc_type, cctype);
-
- request.data.auth.uid = geteuid();
-
- result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
-
- /* Display response */
-
- d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
- username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
-
- if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status,
- response.data.auth.error_string);
-
- if (result == NSS_STATUS_SUCCESS) {
-
- if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
- if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
- d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
- }
- }
-
- if (response.data.auth.krb5ccname[0] != '\0') {
- d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
- } else {
- d_printf("no credentials cached\n");
- }
- }
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/* Authenticate a user with a plaintext password */
-
-static bool wbinfo_auth(char *username)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- char *p;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- p = strchr(username, '%');
-
- if (p) {
- *p = 0;
- fstrcpy(request.data.auth.user, username);
- fstrcpy(request.data.auth.pass, p + 1);
- *p = '%';
- } else
- fstrcpy(request.data.auth.user, username);
-
- result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
-
- /* Display response */
-
- d_printf("plaintext password authentication %s\n",
- (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
-
- if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status,
- response.data.auth.error_string);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/* Authenticate a user with a challenge/response */
-
-static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- fstring name_user;
- fstring name_domain;
- fstring pass;
- char *p;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- p = strchr(username, '%');
-
- if (p) {
- *p = 0;
- fstrcpy(pass, p + 1);
- }
-
- parse_wbinfo_domain_user(username, name_domain, name_user);
-
- request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
-
- fstrcpy(request.data.auth_crap.user, name_user);
-
- fstrcpy(request.data.auth_crap.domain,
- name_domain);
-
- generate_random_buffer(request.data.auth_crap.chal, 8);
-
- if (lp_client_ntlmv2_auth(lp_ctx)) {
- DATA_BLOB server_chal;
- DATA_BLOB names_blob;
-
- DATA_BLOB lm_response;
- DATA_BLOB nt_response;
-
- TALLOC_CTX *mem_ctx;
- mem_ctx = talloc_new(NULL);
- if (mem_ctx == NULL) {
- d_printf("talloc_new failed\n");
- return false;
- }
-
- server_chal = data_blob(request.data.auth_crap.chal, 8);
-
- /* Pretend this is a login to 'us', for blob purposes */
- names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
-
- if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
- &names_blob,
- &lm_response, &nt_response, NULL, NULL)) {
- data_blob_free(&names_blob);
- data_blob_free(&server_chal);
- return false;
- }
- data_blob_free(&names_blob);
- data_blob_free(&server_chal);
-
- memcpy(request.data.auth_crap.nt_resp, nt_response.data,
- MIN(nt_response.length,
- sizeof(request.data.auth_crap.nt_resp)));
- request.data.auth_crap.nt_resp_len = nt_response.length;
-
- memcpy(request.data.auth_crap.lm_resp, lm_response.data,
- MIN(lm_response.length,
- sizeof(request.data.auth_crap.lm_resp)));
- request.data.auth_crap.lm_resp_len = lm_response.length;
-
- data_blob_free(&nt_response);
- data_blob_free(&lm_response);
-
- } else {
- if (lp_client_lanman_auth(lp_ctx)
- && SMBencrypt(pass, request.data.auth_crap.chal,
- (unsigned char *)request.data.auth_crap.lm_resp)) {
- request.data.auth_crap.lm_resp_len = 24;
- } else {
- request.data.auth_crap.lm_resp_len = 0;
- }
- SMBNTencrypt(pass, request.data.auth_crap.chal,
- (unsigned char *)request.data.auth_crap.nt_resp);
-
- request.data.auth_crap.nt_resp_len = 24;
- }
-
- result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
-
- /* Display response */
-
- d_printf("challenge/response password authentication %s\n",
- (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
-
- if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status,
- response.data.auth.error_string);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/* Print domain users */
-
-static bool print_domain_users(const char *domain)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- const char *extra_data;
- fstring name;
-
- /* Send request to winbind daemon */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if (domain) {
- /* '.' is the special sign for our own domain */
- if ( strequal(domain, ".") )
- fstrcpy( request.domain_name, get_winbind_domain() );
- else
- fstrcpy( request.domain_name, domain );
- }
-
- if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Look through extra data */
-
- if (!response.extra_data.data)
- return false;
-
- extra_data = (const char *)response.extra_data.data;
-
- while(next_token(&extra_data, name, ",", sizeof(fstring)))
- d_printf("%s\n", name);
-
- SAFE_FREE(response.extra_data.data);
-
- return true;
-}
-
-/* Print domain groups */
-
-static bool print_domain_groups(const char *domain)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- const char *extra_data;
- fstring name;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if (domain) {
- if ( strequal(domain, ".") )
- fstrcpy( request.domain_name, get_winbind_domain() );
- else
- fstrcpy( request.domain_name, domain );
- }
-
- if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
- NSS_STATUS_SUCCESS)
- return false;
-
- /* Look through extra data */
-
- if (!response.extra_data.data)
- return false;
-
- extra_data = (const char *)response.extra_data.data;
-
- while(next_token(&extra_data, name, ",", sizeof(fstring)))
- d_printf("%s\n", name);
-
- SAFE_FREE(response.extra_data.data);
-
- return true;
-}
-
-static bool wbinfo_ping(void)
-{
- NSS_STATUS result;
-
- result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
-
- /* Display response */
-
- d_printf("Ping to winbindd %s on fd %d\n",
- (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/* Main program */
-
-enum {
- OPT_SET_AUTH_USER = 1000,
- OPT_GET_AUTH_USER,
- OPT_DOMAIN_NAME,
- OPT_SEQUENCE,
- OPT_GETDCNAME,
- OPT_USERDOMGROUPS,
- OPT_USERSIDS,
- OPT_ALLOCATE_UID,
- OPT_ALLOCATE_GID,
- OPT_SEPARATOR,
- OPT_LIST_ALL_DOMAINS,
- OPT_LIST_OWN_DOMAIN,
- OPT_UID_INFO,
- OPT_GROUP_INFO,
-};
-
-int main(int argc, char **argv, char **envp)
-{
- int opt;
-
- poptContext pc;
- static char *string_arg;
- static char *opt_domain_name;
- static int int_arg;
- int result = 1;
-
- struct poptOption long_options[] = {
- POPT_AUTOHELP
-
- /* longName, shortName, argInfo, argPtr, value, descrip,
- argDesc */
-
- { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
- { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
- { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
- { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
- { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
- { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
- { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
- { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
- { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
- { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
- { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
- { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
- { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
- { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
- { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
- { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
- { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
- { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
- { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
- { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
- { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
- OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
- { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
- { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
- { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
- "Get a DC name for a foreign domain", "domainname" },
- { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
- { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
-#ifdef HAVE_KRB5
- { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
- /* destroys wbinfo --help output */
- /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
-#endif
- { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
- POPT_COMMON_VERSION
- POPT_COMMON_SAMBA
- POPT_TABLEEND
- };
-
- /* Parse options */
-
- pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
-
- /* Parse command line options */
-
- if (argc == 1) {
- poptPrintHelp(pc, stderr, 0);
- return 1;
- }
-
- while((opt = poptGetNextOpt(pc)) != -1) {
- /* get the generic configuration parameters like --domain */
- }
-
- poptFreeContext(pc);
-
- pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
- POPT_CONTEXT_KEEP_FIRST);
-
- while((opt = poptGetNextOpt(pc)) != -1) {
- switch (opt) {
- case 'u':
- if (!print_domain_users(opt_domain_name)) {
- d_fprintf(stderr, "Error looking up domain users\n");
- goto done;
- }
- break;
- case 'g':
- if (!print_domain_groups(opt_domain_name)) {
- d_fprintf(stderr, "Error looking up domain groups\n");
- goto done;
- }
- break;
- case 's':
- if (!wbinfo_lookupsid(string_arg)) {
- d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
- goto done;
- }
- break;
- case 'n':
- if (!wbinfo_lookupname(string_arg)) {
- d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
- goto done;
- }
- break;
- case 'N':
- if (!wbinfo_wins_byname(string_arg)) {
- d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
- goto done;
- }
- break;
- case 'I':
- if (!wbinfo_wins_byip(string_arg)) {
- d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
- goto done;
- }
- break;
- case 'U':
- if (!wbinfo_uid_to_sid(int_arg)) {
- d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
- goto done;
- }
- break;
- case 'G':
- if (!wbinfo_gid_to_sid(int_arg)) {
- d_fprintf(stderr, "Could not convert gid %d to sid\n",
- int_arg);
- goto done;
- }
- break;
- case 'S':
- if (!wbinfo_sid_to_uid(string_arg)) {
- d_fprintf(stderr, "Could not convert sid %s to uid\n",
- string_arg);
- goto done;
- }
- break;
- case 'Y':
- if (!wbinfo_sid_to_gid(string_arg)) {
- d_fprintf(stderr, "Could not convert sid %s to gid\n",
- string_arg);
- goto done;
- }
- break;
- case 't':
- if (!wbinfo_check_secret()) {
- d_fprintf(stderr, "Could not check secret\n");
- goto done;
- }
- break;
- case 'm':
- if (!wbinfo_list_domains(false)) {
- d_fprintf(stderr, "Could not list trusted domains\n");
- goto done;
- }
- break;
- case OPT_SEQUENCE:
- if (!wbinfo_show_sequence(opt_domain_name)) {
- d_fprintf(stderr, "Could not show sequence numbers\n");
- goto done;
- }
- break;
- case 'D':
- if (!wbinfo_domain_info(string_arg)) {
- d_fprintf(stderr, "Could not get domain info\n");
- goto done;
- }
- break;
- case 'i':
- if (!wbinfo_get_userinfo(string_arg)) {
- d_fprintf(stderr, "Could not get info for user %s\n",
- string_arg);
- goto done;
- }
- break;
- case OPT_UID_INFO:
- if ( !wbinfo_get_uidinfo(int_arg)) {
- d_fprintf(stderr, "Could not get info for uid "
- "%d\n", int_arg);
- goto done;
- }
- break;
- case OPT_GROUP_INFO:
- if ( !wbinfo_get_groupinfo(string_arg)) {
- d_fprintf(stderr, "Could not get info for "
- "group %s\n", string_arg);
- goto done;
- }
- break;
- case 'r':
- if (!wbinfo_get_usergroups(string_arg)) {
- d_fprintf(stderr, "Could not get groups for user %s\n",
- string_arg);
- goto done;
- }
- break;
- case OPT_USERSIDS:
- if (!wbinfo_get_usersids(string_arg)) {
- d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
- string_arg);
- goto done;
- }
- break;
- case OPT_USERDOMGROUPS:
- if (!wbinfo_get_userdomgroups(string_arg)) {
- d_fprintf(stderr, "Could not get user's domain groups "
- "for user SID %s\n", string_arg);
- goto done;
- }
- break;
- case 'a': {
- bool got_error = false;
-
- if (!wbinfo_auth(string_arg)) {
- d_fprintf(stderr, "Could not authenticate user %s with "
- "plaintext password\n", string_arg);
- got_error = true;
- }
-
- if (!wbinfo_auth_crap(cmdline_lp_ctx, string_arg)) {
- d_fprintf(stderr, "Could not authenticate user %s with "
- "challenge/response\n", string_arg);
- got_error = true;
- }
-
- if (got_error)
- goto done;
- break;
- }
- case 'K': {
- uint32_t flags = WBFLAG_PAM_KRB5 |
- WBFLAG_PAM_CACHED_LOGIN |
- WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
- WBFLAG_PAM_INFO3_TEXT;
-
- if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
- d_fprintf(stderr, "Could not authenticate user [%s] with "
- "Kerberos (ccache: %s)\n", string_arg, "FILE");
- goto done;
- }
- break;
- }
- case 'p':
- if (!wbinfo_ping()) {
- d_fprintf(stderr, "could not ping winbindd!\n");
- goto done;
- }
- break;
- case OPT_GETDCNAME:
- if (!wbinfo_getdcname(string_arg)) {
- goto done;
- }
- break;
- case OPT_SEPARATOR: {
- const char sep = winbind_separator_int(true);
- if ( !sep ) {
- goto done;
- }
- d_printf("%c\n", sep);
- break;
- }
- case OPT_LIST_ALL_DOMAINS:
- if (!wbinfo_list_domains(true)) {
- goto done;
- }
- break;
- case OPT_LIST_OWN_DOMAIN:
- if (!wbinfo_list_own_domain()) {
- goto done;
- }
- break;
- /* generic configuration options */
- case OPT_DOMAIN_NAME:
- break;
- default:
- d_fprintf(stderr, "Invalid option\n");
- poptPrintHelp(pc, stderr, 0);
- goto done;
- }
- }
-
- result = 0;
-
- /* Exit code */
-
- done:
- poptFreeContext(pc);
- return result;
-}
diff --git a/source4/nsswitch/winbind_client.h b/source4/nsswitch/winbind_client.h
deleted file mode 100644
index 2a3956e1fd..0000000000
--- a/source4/nsswitch/winbind_client.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "winbind_nss_config.h"
-#include "winbind_struct_protocol.h"
-
-void winbindd_init_request(struct winbindd_request *req,int rq_type);
-void winbindd_free_response(struct winbindd_response *response);
-NSS_STATUS winbindd_send_request(int req_type, int need_priv,
- struct winbindd_request *request);
-NSS_STATUS winbindd_get_response(struct winbindd_response *response);
-NSS_STATUS winbindd_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response);
-NSS_STATUS winbindd_priv_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response);
-int winbindd_read_reply(struct winbindd_response *response);
-
-bool winbind_env_set(void);
-bool winbind_off(void);
-bool winbind_on(void);
-
-int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
-int winbind_read_sock(void *buffer, int count);
-void winbind_close_sock(void);
-
-const char *nss_err_str(NSS_STATUS ret);
diff --git a/source4/nsswitch/winbind_nss.h b/source4/nsswitch/winbind_nss.h
deleted file mode 100644
index 0a3bc7cefa..0000000000
--- a/source4/nsswitch/winbind_nss.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- A common place to work out how to define NSS_STATUS on various
- platforms.
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _NSSWITCH_NSS_H
-#define _NSSWITCH_NSS_H
-
-#ifdef HAVE_NSS_COMMON_H
-
-/*
- * Sun Solaris
- */
-
-#include "nsswitch/winbind_nss_solaris.h"
-
-#elif HAVE_NSS_H
-
-/*
- * Linux (glibc)
- */
-
-#include "nsswitch/winbind_nss_linux.h"
-
-#elif HAVE_NS_API_H
-
-/*
- * SGI IRIX
- */
-
-#include "nsswitch/winbind_nss_irix.h"
-
-#elif defined(HPUX) && defined(HAVE_NSSWITCH_H)
-
-/* HP-UX 11 */
-
-#include "nsswitch/winbind_nss_hpux.h"
-
-#elif defined(__NetBSD__) && defined(HAVE_GETPWENT_R)
-
-/*
- * NetBSD 3 and newer
- */
-
-#include "nsswitch/winbind_nss_netbsd.h"
-
-#else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=0,
- NSS_STATUS_NOTFOUND=1,
- NSS_STATUS_UNAVAIL=2,
- NSS_STATUS_TRYAGAIN=3
-} NSS_STATUS;
-
-#endif
-
-#endif /* _NSSWITCH_NSS_H */
diff --git a/source4/nsswitch/winbind_nss_config.h b/source4/nsswitch/winbind_nss_config.h
deleted file mode 100644
index c5bc853770..0000000000
--- a/source4/nsswitch/winbind_nss_config.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_CONFIG_H
-#define _WINBIND_NSS_CONFIG_H
-
-/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */
-#ifdef SIZEOF_LONG
-#undef SIZEOF_LONG
-#endif
-
-
-/* Include header files from data in config.h file */
-
-#ifndef NO_CONFIG_H
-#include "../replace/replace.h"
-#endif
-
-#include "system/passwd.h"
-#include "system/filesys.h"
-#include "system/network.h"
-
-#include "nsswitch/winbind_nss.h"
-
-/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
-
-#ifndef S_IFSOCK
-#define S_IFSOCK S_IFIFO
-#endif
-
-#ifndef S_ISSOCK
-#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK)
-#endif
-
-#endif
diff --git a/source4/nsswitch/winbind_nss_hpux.h b/source4/nsswitch/winbind_nss_hpux.h
deleted file mode 100644
index 62cf3c26c5..0000000000
--- a/source4/nsswitch/winbind_nss_hpux.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Donated by HP to enable Winbindd to build on HPUX 11.x.
- Copyright (C) Jeremy Allison 2002.
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_HPUX_H
-#define _WINBIND_NSS_HPUX_H
-
-#include <nsswitch.h>
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-#ifdef HAVE_SYNCH_H
-#include <synch.h>
-#endif
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-
-typedef enum {
- NSS_SUCCESS,
- NSS_NOTFOUND,
- NSS_UNAVAIL,
- NSS_TRYAGAIN
-} nss_status_t;
-
-typedef nss_status_t NSS_STATUS;
-
-struct nss_backend;
-
-typedef nss_status_t (*nss_backend_op_t)(struct nss_backend *, void *args);
-
-struct nss_backend {
- nss_backend_op_t *ops;
- int n_ops;
-};
-typedef struct nss_backend nss_backend_t;
-typedef int nss_dbop_t;
-
-#include <errno.h>
-#include <netdb.h>
-#include <limits.h>
-
-#ifndef NSS_INCLUDE_UNSAFE
-#define NSS_INCLUDE_UNSAFE 1 /* Build old, MT-unsafe interfaces, */
-#endif /* NSS_INCLUDE_UNSAFE */
-
-enum nss_netgr_argn {
- NSS_NETGR_MACHINE,
- NSS_NETGR_USER,
- NSS_NETGR_DOMAIN,
- NSS_NETGR_N
-};
-
-enum nss_netgr_status {
- NSS_NETGR_FOUND,
- NSS_NETGR_NO,
- NSS_NETGR_NOMEM
-};
-
-typedef unsigned nss_innetgr_argc;
-typedef char **nss_innetgr_argv;
-
-struct nss_innetgr_1arg {
- nss_innetgr_argc argc;
- nss_innetgr_argv argv;
-};
-
-typedef struct {
- void *result; /* "result" parameter to getXbyY_r() */
- char *buffer; /* "buffer" " " */
- int buflen; /* "buflen" " " */
-} nss_XbyY_buf_t;
-
-extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
-extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
-
-union nss_XbyY_key {
- uid_t uid;
- gid_t gid;
- const char *name;
- int number;
- struct {
- long net;
- int type;
- } netaddr;
- struct {
- const char *addr;
- int len;
- int type;
- } hostaddr;
- struct {
- union {
- const char *name;
- int port;
- } serv;
- const char *proto;
- } serv;
- void *ether;
-};
-
-typedef struct nss_XbyY_args {
- nss_XbyY_buf_t buf;
- int stayopen;
- /*
- * Support for setXXXent(stayopen)
- * Used only in hosts, protocols,
- * networks, rpc, and services.
- */
- int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen);
- union nss_XbyY_key key;
-
- void *returnval;
- int erange;
- int h_errno;
- nss_status_t status;
-} nss_XbyY_args_t;
-
-#endif /* _WINBIND_NSS_HPUX_H */
diff --git a/source4/nsswitch/winbind_nss_irix.h b/source4/nsswitch/winbind_nss_irix.h
deleted file mode 100644
index b40b14b0b0..0000000000
--- a/source4/nsswitch/winbind_nss_irix.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_IRIX_H
-#define _WINBIND_NSS_IRIX_H
-
-/* following required to prevent warnings of double definition
- * of datum from ns_api.h
-*/
-#ifdef DATUM
-#define _DATUM_DEFINED
-#endif
-
-#include <ns_api.h>
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=NS_SUCCESS,
- NSS_STATUS_NOTFOUND=NS_NOTFOUND,
- NSS_STATUS_UNAVAIL=NS_UNAVAIL,
- NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
-} NSS_STATUS;
-
-#endif /* _WINBIND_NSS_IRIX_H */
diff --git a/source4/nsswitch/winbind_nss_linux.c b/source4/nsswitch/winbind_nss_linux.c
deleted file mode 100644
index ac53979ced..0000000000
--- a/source4/nsswitch/winbind_nss_linux.c
+++ /dev/null
@@ -1,1281 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Windows NT Domain nsswitch module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "winbind_client.h"
-
-/* Maximum number of users to pass back over the unix domain socket
- per call. This is not a static limit on the total number of users
- or groups returned in total. */
-
-#define MAX_GETPWENT_USERS 250
-#define MAX_GETGRENT_USERS 250
-
-NSS_STATUS _nss_winbind_setpwent(void);
-NSS_STATUS _nss_winbind_endpwent(void);
-NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_setgrent(void);
-NSS_STATUS _nss_winbind_endgrent(void);
-NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
- long int *size, gid_t **groups,
- long int limit, int *errnop);
-NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
- int *num_groups, char *buffer, size_t buf_size,
- int *errnop);
-NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
-NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
-NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
- size_t buflen, int *errnop);
-
-/* Prototypes from wb_common.c */
-
-extern int winbindd_fd;
-
-/* Allocate some space from the nss static buffer. The buffer and buflen
- are the pointers passed in by the C library to the _nss_ntdom_*
- functions. */
-
-static char *get_static(char **buffer, size_t *buflen, size_t len)
-{
- char *result;
-
- /* Error check. We return false if things aren't set up right, or
- there isn't enough buffer space left. */
-
- if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
- return NULL;
- }
-
- /* Return an index into the static buffer */
-
- result = *buffer;
- *buffer += len;
- *buflen -= len;
-
- return result;
-}
-
-/* I've copied the strtok() replacement function next_token() from
- lib/util_str.c as I really don't want to have to link in any other
- objects if I can possibly avoid it. */
-
-static bool next_token(char **ptr,char *buff,const char *sep, size_t bufsize)
-{
- char *s;
- bool quoted;
- size_t len=1;
-
- if (!ptr) return false;
-
- s = *ptr;
-
- /* default to simple separators */
- if (!sep) sep = " \t\n\r";
-
- /* find the first non sep char */
- while (*s && strchr(sep,*s)) s++;
-
- /* nothing left? */
- if (! *s) return false;
-
- /* copy over the token */
- for (quoted = false; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
- if (*s == '\"') {
- quoted = !quoted;
- } else {
- len++;
- *buff++ = *s;
- }
- }
-
- *ptr = (*s) ? s+1 : s;
- *buff = 0;
-
- return true;
-}
-
-
-/* Fill a pwent structure from a winbindd_response structure. We use
- the static data passed to us by libc to put strings and stuff in.
- Return NSS_STATUS_TRYAGAIN if we run out of memory. */
-
-static NSS_STATUS fill_pwent(struct passwd *result,
- struct winbindd_pw *pw,
- char **buffer, size_t *buflen)
-{
- /* User name */
-
- if ((result->pw_name =
- get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_name, pw->pw_name);
-
- /* Password */
-
- if ((result->pw_passwd =
- get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_passwd, pw->pw_passwd);
-
- /* [ug]id */
-
- result->pw_uid = pw->pw_uid;
- result->pw_gid = pw->pw_gid;
-
- /* GECOS */
-
- if ((result->pw_gecos =
- get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_gecos, pw->pw_gecos);
-
- /* Home directory */
-
- if ((result->pw_dir =
- get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_dir, pw->pw_dir);
-
- /* Logon shell */
-
- if ((result->pw_shell =
- get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_shell, pw->pw_shell);
-
- /* The struct passwd for Solaris has some extra fields which must
- be initialised or nscd crashes. */
-
-#if HAVE_PASSWD_PW_COMMENT
- result->pw_comment = "";
-#endif
-
-#if HAVE_PASSWD_PW_AGE
- result->pw_age = "";
-#endif
-
- return NSS_STATUS_SUCCESS;
-}
-
-/* Fill a grent structure from a winbindd_response structure. We use
- the static data passed to us by libc to put strings and stuff in.
- Return NSS_STATUS_TRYAGAIN if we run out of memory. */
-
-static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
- char *gr_mem, char **buffer, size_t *buflen)
-{
- fstring name;
- int i;
- char *tst;
-
- /* Group name */
-
- if ((result->gr_name =
- get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->gr_name, gr->gr_name);
-
- /* Password */
-
- if ((result->gr_passwd =
- get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->gr_passwd, gr->gr_passwd);
-
- /* gid */
-
- result->gr_gid = gr->gr_gid;
-
- /* Group membership */
-
- if ((gr->num_gr_mem < 0) || !gr_mem) {
- gr->num_gr_mem = 0;
- }
-
- /* this next value is a pointer to a pointer so let's align it */
-
- /* Calculate number of extra bytes needed to align on pointer size boundry */
- if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
- i = sizeof(char*) - i;
-
- if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
- sizeof(char *)+i))) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
- result->gr_mem = (char **)(tst + i);
-
- if (gr->num_gr_mem == 0) {
-
- /* Group is empty */
-
- *(result->gr_mem) = NULL;
- return NSS_STATUS_SUCCESS;
- }
-
- /* Start looking at extra data */
-
- i = 0;
-
- while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
-
- /* Allocate space for member */
-
- if (((result->gr_mem)[i] =
- get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy((result->gr_mem)[i], name);
- i++;
- }
-
- /* Terminate list */
-
- (result->gr_mem)[i] = NULL;
-
- return NSS_STATUS_SUCCESS;
-}
-
-/*
- * NSS user functions
- */
-
-static struct winbindd_response getpwent_response;
-
-static int ndx_pw_cache; /* Current index into pwd cache */
-static int num_pw_cache; /* Current size of pwd cache */
-
-/* Rewind "file pointer" to start of ntdom password database */
-
-NSS_STATUS
-_nss_winbind_setpwent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setpwent\n", getpid());
-#endif
-
- if (num_pw_cache > 0) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Close ntdom password database "file pointer" */
-
-NSS_STATUS
-_nss_winbind_endpwent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endpwent\n", getpid());
-#endif
-
- if (num_pw_cache > 0) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Fetch the next password entry from ntdom password database */
-
-NSS_STATUS
-_nss_winbind_getpwent_r(struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- static int called_again;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwent\n", getpid());
-#endif
-
- /* Return an entry from the cache if we have one, or if we are
- called again because we exceeded our static buffer. */
-
- if ((ndx_pw_cache < num_pw_cache) || called_again) {
- goto return_result;
- }
-
- /* Else call winbindd to get a bunch of entries */
-
- if (num_pw_cache > 0) {
- winbindd_free_response(&getpwent_response);
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(getpwent_response);
-
- request.data.num_entries = MAX_GETPWENT_USERS;
-
- ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
- &getpwent_response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- struct winbindd_pw *pw_cache;
-
- /* Fill cache */
-
- ndx_pw_cache = 0;
- num_pw_cache = getpwent_response.data.num_entries;
-
- /* Return a result */
-
- return_result:
-
- pw_cache = (struct winbindd_pw *)
- getpwent_response.extra_data.data;
-
- /* Check data is valid */
-
- if (pw_cache == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
- &buffer, &buflen);
-
- /* Out of memory - try again */
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- *errnop = errno = 0;
- called_again = false;
- ndx_pw_cache++;
-
- /* If we've finished with this lot of results free cache */
-
- if (ndx_pw_cache == num_pw_cache) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
- }
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return passwd struct from uid */
-
-NSS_STATUS
-_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response=0;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwuid %d\n", getpid(), (unsigned int)uid);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.uid = uid;
-
- ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_pwent(result, &response.data.pw,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = errno = 0;
- }
-
- winbindd_free_response(&response);
- done:
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
- (unsigned int)uid, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return passwd struct from username */
-NSS_STATUS
-_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- strncpy(request.data.username, name,
- sizeof(request.data.username) - 1);
- request.data.username
- [sizeof(request.data.username) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_pwent(result, &response.data.pw, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = errno = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
- name, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/*
- * NSS group functions
- */
-
-static struct winbindd_response getgrent_response;
-
-static int ndx_gr_cache; /* Current index into grp cache */
-static int num_gr_cache; /* Current size of grp cache */
-
-/* Rewind "file pointer" to start of ntdom group database */
-
-NSS_STATUS
-_nss_winbind_setgrent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setgrent\n", getpid());
-#endif
-
- if (num_gr_cache > 0) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Close "file pointer" for ntdom group database */
-
-NSS_STATUS
-_nss_winbind_endgrent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endgrent\n", getpid());
-#endif
-
- if (num_gr_cache > 0) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Get next entry from ntdom group database */
-
-static NSS_STATUS
-winbind_getgrent(enum winbindd_cmd cmd,
- struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_request request;
- static int called_again;
-
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrent\n", getpid());
-#endif
-
- /* Return an entry from the cache if we have one, or if we are
- called again because we exceeded our static buffer. */
-
- if ((ndx_gr_cache < num_gr_cache) || called_again) {
- goto return_result;
- }
-
- /* Else call winbindd to get a bunch of entries */
-
- if (num_gr_cache > 0) {
- winbindd_free_response(&getgrent_response);
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(getgrent_response);
-
- request.data.num_entries = MAX_GETGRENT_USERS;
-
- ret = winbindd_request_response(cmd, &request,
- &getgrent_response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- struct winbindd_gr *gr_cache;
- int mem_ofs;
-
- /* Fill cache */
-
- ndx_gr_cache = 0;
- num_gr_cache = getgrent_response.data.num_entries;
-
- /* Return a result */
-
- return_result:
-
- gr_cache = (struct winbindd_gr *)
- getgrent_response.extra_data.data;
-
- /* Check data is valid */
-
- if (gr_cache == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- /* Fill group membership. The offset into the extra data
- for the group membership is the reported offset plus the
- size of all the winbindd_gr records returned. */
-
- mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
- num_gr_cache * sizeof(struct winbindd_gr);
-
- ret = fill_grent(result, &gr_cache[ndx_gr_cache],
- ((char *)getgrent_response.extra_data.data)+mem_ofs,
- &buffer, &buflen);
-
- /* Out of memory - try again */
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- *errnop = 0;
- called_again = false;
- ndx_gr_cache++;
-
- /* If we've finished with this lot of results free cache */
-
- if (ndx_gr_cache == num_gr_cache) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
- }
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-
-NSS_STATUS
-_nss_winbind_getgrent_r(struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
-}
-
-NSS_STATUS
-_nss_winbind_getgrlst_r(struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
-}
-
-/* Return group struct from group name */
-
-NSS_STATUS
-_nss_winbind_getgrnam_r(const char *name,
- struct group *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.groupname, name,
- sizeof(request.data.groupname));
- request.data.groupname
- [sizeof(request.data.groupname) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
- name, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return group struct from gid */
-
-NSS_STATUS
-_nss_winbind_getgrgid_r(gid_t gid,
- struct group *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.data.gid = gid;
-
- ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
- (unsigned int)gid, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Initialise supplementary groups */
-
-NSS_STATUS
-_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
- long int *size, gid_t **groups, long int limit,
- int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- struct winbindd_response response;
- int i;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
- user, group);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.username, user,
- sizeof(request.data.username) - 1);
-
- ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- int num_gids = response.data.num_entries;
- gid_t *gid_list = (gid_t *)response.extra_data.data;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
- "and %d gids\n", getpid(),
- user, num_gids);
-#endif
- if (gid_list == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- /* Copy group list to client */
-
- for (i = 0; i < num_gids; i++) {
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s (%d): "
- "processing gid %d \n", getpid(),
- user, group, gid_list[i]);
-#endif
-
- /* Skip primary group */
-
- if (gid_list[i] == group) {
- continue;
- }
-
- /* Filled buffer ? If so, resize. */
-
- if (*start == *size) {
- long int newsize;
- gid_t *newgroups;
-
- newsize = 2 * (*size);
- if (limit > 0) {
- if (*size == limit) {
- goto done;
- }
- if (newsize > limit) {
- newsize = limit;
- }
- }
-
- newgroups = (gid_t *)
- realloc((*groups),
- newsize * sizeof(**groups));
- if (!newgroups) {
- *errnop = ENOMEM;
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
- *groups = newgroups;
- *size = newsize;
- }
-
- /* Add to buffer */
-
- (*groups)[*start] = gid_list[i];
- *start += 1;
- }
- }
-
- /* Back to your regularly scheduled programming */
-
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
- user, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-
-/* return a list of group SIDs for a user SID */
-NSS_STATUS
-_nss_winbind_getusersids(const char *user_sid, char **group_sids,
- int *num_groups,
- char *buffer, size_t buf_size, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- struct winbindd_response response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
-
- if (ret != NSS_STATUS_SUCCESS) {
- goto done;
- }
-
- if (buf_size < response.length - sizeof(response)) {
- ret = NSS_STATUS_TRYAGAIN;
- errno = *errnop = ERANGE;
- goto done;
- }
-
- *num_groups = response.data.num_entries;
- *group_sids = buffer;
- memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
- errno = *errnop = 0;
-
- done:
- winbindd_free_response(&response);
- return ret;
-}
-
-
-/* map a user or group name to a SID string */
-NSS_STATUS
-_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- strncpy(request.data.name.name, name,
- sizeof(request.data.name.name) - 1);
- request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a sid string to a user or group name */
-NSS_STATUS
-_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
- static char sep_char;
- unsigned needed;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- /* we need to fetch the separator first time through */
- if (!sep_char) {
- ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- sep_char = response.data.info.winbind_separator;
- winbindd_free_response(&response);
- }
-
-
- strncpy(request.data.sid, sid,
- sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- needed =
- strlen(response.data.name.dom_name) +
- strlen(response.data.name.name) + 2;
-
- if (buflen < needed) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- snprintf(buffer, needed, "%s%c%s",
- response.data.name.dom_name,
- sep_char,
- response.data.name.name);
-
- *name = buffer;
- *errnop = errno = 0;
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a sid to a uid */
-NSS_STATUS
-_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- *uid = response.data.uid;
-
-failed:
- return ret;
-}
-
-/* map a sid to a gid */
-NSS_STATUS
-_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- *gid = response.data.gid;
-
-failed:
- return ret;
-}
-
-/* map a uid to a SID string */
-NSS_STATUS
-_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.uid = uid;
-
- ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a gid to a SID string */
-NSS_STATUS
-_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.gid = gid;
-
- ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
diff --git a/source4/nsswitch/winbind_nss_linux.h b/source4/nsswitch/winbind_nss_linux.h
deleted file mode 100644
index 74aaec5ce6..0000000000
--- a/source4/nsswitch/winbind_nss_linux.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_LINUX_H
-#define _WINBIND_NSS_LINUX_H
-
-#include <nss.h>
-
-typedef enum nss_status NSS_STATUS;
-
-#endif /* _WINBIND_NSS_LINUX_H */
diff --git a/source4/nsswitch/winbind_nss_netbsd.h b/source4/nsswitch/winbind_nss_netbsd.h
deleted file mode 100644
index dceb57c784..0000000000
--- a/source4/nsswitch/winbind_nss_netbsd.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- NetBSD loadable authentication module, providing identification
- routines against Samba winbind/Windows NT Domain
-
- Copyright (C) Luke Mewburn 2004-2005
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_NETBSD_H
-#define _WINBIND_NSS_NETBSD_H
-
-#include <nsswitch.h>
-
- /* dynamic nsswitch with "new" getpw* nsdispatch API available */
-#if defined(NSS_MODULE_INTERFACE_VERSION) && defined(HAVE_GETPWENT_R)
-
-typedef int NSS_STATUS;
-
-#define NSS_STATUS_SUCCESS NS_SUCCESS
-#define NSS_STATUS_NOTFOUND NS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NS_TRYAGAIN
-
-#endif /* NSS_MODULE_INTERFACE_VERSION && HAVE_GETPWENT_R */
-
-#endif /* _WINBIND_NSS_NETBSD_H */
diff --git a/source4/nsswitch/winbind_nss_solaris.h b/source4/nsswitch/winbind_nss_solaris.h
deleted file mode 100644
index 941b3e66df..0000000000
--- a/source4/nsswitch/winbind_nss_solaris.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_SOLARIS_H
-#define _WINBIND_NSS_SOLARIS_H
-
-/* Solaris has a broken nss_common header file containing C++ reserved names. */
-#ifndef __cplusplus
-#undef class
-#undef private
-#undef public
-#undef protected
-#undef template
-#undef this
-#undef new
-#undef delete
-#undef friend
-#endif
-
-#include <nss_common.h>
-
-/*
-TODO: we need to cleanup samba4's headers..
-
-#ifndef __cplusplus
-#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#endif
-*/
-
-#include <nss_dbdefs.h>
-#include <nsswitch.h>
-
-typedef nss_status_t NSS_STATUS;
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-/* The solaris winbind is implemented as a wrapper around the linux
- version. */
-
-NSS_STATUS _nss_winbind_setpwent(void);
-NSS_STATUS _nss_winbind_endpwent(void);
-NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result,
- char* buffer, size_t buflen, int* errnop);
-
-NSS_STATUS _nss_winbind_setgrent(void);
-NSS_STATUS _nss_winbind_endgrent(void);
-NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
- struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
- struct group *result, char *buffer,
- size_t buflen, int *errnop);
-
-#endif /* _WINBIND_NSS_SOLARIS_H */
diff --git a/source4/nsswitch/winbind_struct_protocol.h b/source4/nsswitch/winbind_struct_protocol.h
deleted file mode 100644
index 8003ea9585..0000000000
--- a/source4/nsswitch/winbind_struct_protocol.h
+++ /dev/null
@@ -1,507 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Gerald Carter 2006
-
- You are free to use this interface definition in any way you see
- fit, including without restriction, using this header in your own
- products. You do not need to give any attribution.
-*/
-
-#ifndef SAFE_FREE
-#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
-#endif
-
-#ifndef _WINBINDD_NTDOM_H
-#define _WINBINDD_NTDOM_H
-
-#define _PSTRING
-#define FSTRING_LEN 256
-
-typedef char fstring[FSTRING_LEN];
-
-#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
-#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
-
-#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
-
-/* Let the build environment override the public winbindd socket location. This
- * is needed for launchd support -- jpeach.
- */
-#ifndef WINBINDD_SOCKET_DIR
-#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#endif
-
-/*
- * when compiled with socket_wrapper support
- * the location of the WINBINDD_SOCKET_DIR
- * can be overwritten via an environment variable
- */
-#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
-
-#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
-#define WINBINDD_DONT_ENV "_NO_WINBINDD"
-#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
-
-/* Update this when you change the interface. */
-
-#define WINBIND_INTERFACE_VERSION 19
-
-/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
- On a 64bit Linux box, we have to support a constant structure size
- between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
- The easiest way to do this is to always use 8byte values for time_t. */
-
-#define SMB_TIME_T int64_t
-
-/* Socket commands */
-
-enum winbindd_cmd {
-
- WINBINDD_INTERFACE_VERSION, /* Always a well known value */
-
- /* Get users and groups */
-
- WINBINDD_GETPWNAM,
- WINBINDD_GETPWUID,
- WINBINDD_GETGRNAM,
- WINBINDD_GETGRGID,
- WINBINDD_GETGROUPS,
-
- /* Enumerate users and groups */
-
- WINBINDD_SETPWENT,
- WINBINDD_ENDPWENT,
- WINBINDD_GETPWENT,
- WINBINDD_SETGRENT,
- WINBINDD_ENDGRENT,
- WINBINDD_GETGRENT,
-
- /* PAM authenticate and password change */
-
- WINBINDD_PAM_AUTH,
- WINBINDD_PAM_AUTH_CRAP,
- WINBINDD_PAM_CHAUTHTOK,
- WINBINDD_PAM_LOGOFF,
- WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
-
- /* List various things */
-
- WINBINDD_LIST_USERS, /* List w/o rid->id mapping */
- WINBINDD_LIST_GROUPS, /* Ditto */
- WINBINDD_LIST_TRUSTDOM,
-
- /* SID conversion */
-
- WINBINDD_LOOKUPSID,
- WINBINDD_LOOKUPNAME,
- WINBINDD_LOOKUPRIDS,
-
- /* Lookup functions */
-
- WINBINDD_SID_TO_UID,
- WINBINDD_SID_TO_GID,
- WINBINDD_SIDS_TO_XIDS,
- WINBINDD_UID_TO_SID,
- WINBINDD_GID_TO_SID,
-
- WINBINDD_ALLOCATE_UID,
- WINBINDD_ALLOCATE_GID,
- WINBINDD_SET_MAPPING,
- WINBINDD_SET_HWM,
-
- /* Miscellaneous other stuff */
-
- WINBINDD_DUMP_MAPS,
-
- WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
- WINBINDD_PING, /* Just tell me winbind is running */
- WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
- WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
-
- WINBINDD_DOMAIN_INFO, /* Most of what we know from
- struct winbindd_domain */
- WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
- WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
-
- WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
-
- /* WINS commands */
-
- WINBINDD_WINS_BYIP,
- WINBINDD_WINS_BYNAME,
-
- /* this is like GETGRENT but gives an empty group list */
- WINBINDD_GETGRLST,
-
- WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
-
- /* find the location of our privileged pipe */
- WINBINDD_PRIV_PIPE_DIR,
-
- /* return a list of group sids for a user sid */
- WINBINDD_GETUSERSIDS,
-
- /* Various group queries */
- WINBINDD_GETUSERDOMGROUPS,
-
- /* Initialize connection in a child */
- WINBINDD_INIT_CONNECTION,
-
- /* Blocking calls that are not allowed on the main winbind pipe, only
- * between parent and children */
- WINBINDD_DUAL_SID2UID,
- WINBINDD_DUAL_SID2GID,
- WINBINDD_DUAL_SIDS2XIDS,
- WINBINDD_DUAL_UID2SID,
- WINBINDD_DUAL_GID2SID,
- WINBINDD_DUAL_SET_MAPPING,
- WINBINDD_DUAL_SET_HWM,
- WINBINDD_DUAL_DUMP_MAPS,
-
- /* Wrapper around possibly blocking unix nss calls */
- WINBINDD_DUAL_UID2NAME,
- WINBINDD_DUAL_NAME2UID,
- WINBINDD_DUAL_GID2NAME,
- WINBINDD_DUAL_NAME2GID,
-
- WINBINDD_DUAL_USERINFO,
- WINBINDD_DUAL_GETSIDALIASES,
-
- /* Complete the challenge phase of the NTLM authentication
- protocol using cached password. */
- WINBINDD_CCACHE_NTLMAUTH,
-
- WINBINDD_NUM_CMDS
-};
-
-typedef struct winbindd_pw {
- fstring pw_name;
- fstring pw_passwd;
- uid_t pw_uid;
- gid_t pw_gid;
- fstring pw_gecos;
- fstring pw_dir;
- fstring pw_shell;
-} WINBINDD_PW;
-
-
-typedef struct winbindd_gr {
- fstring gr_name;
- fstring gr_passwd;
- gid_t gr_gid;
- uint32_t num_gr_mem;
- uint32_t gr_mem_ofs; /* offset to group membership */
-} WINBINDD_GR;
-
-/* PAM specific request flags */
-#define WBFLAG_PAM_INFO3_NDR 0x00000001
-#define WBFLAG_PAM_INFO3_TEXT 0x00000002
-#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
-#define WBFLAG_PAM_LMKEY 0x00000008
-#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
-#define WBFLAG_PAM_UNIX_NAME 0x00000080
-#define WBFLAG_PAM_AFS_TOKEN 0x00000100
-#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
-#define WBFLAG_PAM_KRB5 0x00001000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
-#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 /* not used */
-
-/* generic request flags */
-#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
-/* This is a flag that can only be sent from parent to child */
-#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
-/* Flag to say this is a winbindd internal send - don't recurse. */
-#define WBFLAG_RECURSE 0x00000800
-
-
-#define WINBINDD_MAX_EXTRA_DATA (128*1024)
-
-/* Winbind request structure */
-
-/*******************************************************************************
- * This structure MUST be the same size in the 32bit and 64bit builds
- * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
- *
- * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
- * A 64BIT WINBINDD --jerry
- ******************************************************************************/
-
-struct winbindd_request {
- uint32_t length;
- enum winbindd_cmd cmd; /* Winbindd command to execute */
- enum winbindd_cmd original_cmd; /* Original Winbindd command
- issued to parent process */
- pid_t pid; /* pid of calling process */
- uint32_t wb_flags; /* generic flags */
- uint32_t flags; /* flags relevant *only* to a given request */
- fstring domain_name; /* name of domain for which the request applies */
-
- union {
- fstring winsreq; /* WINS request */
- fstring username; /* getpwnam */
- fstring groupname; /* getgrnam */
- uid_t uid; /* getpwuid, uid_to_sid */
- gid_t gid; /* getgrgid, gid_to_sid */
- struct {
- /* We deliberatedly don't split into domain/user to
- avoid having the client know what the separator
- character is. */
- fstring user;
- fstring pass;
- char require_membership_of_sid[1024];
- fstring krb5_cc_type;
- uid_t uid;
- } auth; /* pam_winbind auth module */
- struct {
- uint8_t chal[8];
- uint32_t logon_parameters;
- fstring user;
- fstring domain;
- fstring lm_resp;
- uint32_t lm_resp_len;
- fstring nt_resp;
- uint32_t nt_resp_len;
- fstring workstation;
- fstring require_membership_of_sid;
- } auth_crap;
- struct {
- fstring user;
- fstring oldpass;
- fstring newpass;
- } chauthtok; /* pam_winbind passwd module */
- struct {
- fstring user;
- fstring domain;
- uint8_t new_nt_pswd[516];
- uint16_t new_nt_pswd_len;
- uint8_t old_nt_hash_enc[16];
- uint16_t old_nt_hash_enc_len;
- uint8_t new_lm_pswd[516];
- uint16_t new_lm_pswd_len;
- uint8_t old_lm_hash_enc[16];
- uint16_t old_lm_hash_enc_len;
- } chng_pswd_auth_crap;/* pam_winbind passwd module */
- struct {
- fstring user;
- fstring krb5ccname;
- uid_t uid;
- } logoff; /* pam_winbind session module */
- fstring sid; /* lookupsid, sid_to_[ug]id */
- struct {
- fstring dom_name; /* lookupname */
- fstring name;
- } name;
- uint32_t num_entries; /* getpwent, getgrent */
- struct {
- fstring username;
- fstring groupname;
- } acct_mgt;
- struct {
- bool is_primary;
- fstring dcname;
- } init_conn;
- struct {
- fstring sid;
- fstring name;
- } dual_sid2id;
- struct {
- fstring sid;
- uint32_t type;
- uint32_t id;
- } dual_idmapset;
- bool list_all_domains;
-
- struct {
- uid_t uid;
- fstring user;
- /* the effective uid of the client, must be the uid for 'user'.
- This is checked by the main daemon, trusted by children. */
- /* if the blobs are length zero, then this doesn't
- produce an actual challenge response. It merely
- succeeds if there are cached credentials available
- that could be used. */
- uint32_t initial_blob_len; /* blobs in extra_data */
- uint32_t challenge_blob_len;
- } ccache_ntlm_auth;
-
- /* padding -- needed to fix alignment between 32bit and 64bit libs.
- The size is the sizeof the union without the padding aligned on
- an 8 byte boundary. --jerry */
-
- char padding[1800];
- } data;
- union {
- SMB_TIME_T padding;
- char *data;
- } extra_data;
- uint32_t extra_len;
- char null_term;
-};
-
-/* Response values */
-
-enum winbindd_result {
- WINBINDD_ERROR,
- WINBINDD_PENDING,
- WINBINDD_OK
-};
-
-/* Winbind response structure */
-
-/*******************************************************************************
- * This structure MUST be the same size in the 32bit and 64bit builds
- * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
- *
- * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
- * A 64BIT WINBINDD --jerry
- ******************************************************************************/
-
-struct winbindd_response {
-
- /* Header information */
-
- uint32_t length; /* Length of response */
- enum winbindd_result result; /* Result code */
-
- /* Fixed length return data */
-
- union {
- int interface_version; /* Try to ensure this is always in the same spot... */
-
- fstring winsresp; /* WINS response */
-
- /* getpwnam, getpwuid */
-
- struct winbindd_pw pw;
-
- /* getgrnam, getgrgid */
-
- struct winbindd_gr gr;
-
- uint32_t num_entries; /* getpwent, getgrent */
- struct winbindd_sid {
- fstring sid; /* lookupname, [ug]id_to_sid */
- int type;
- } sid;
- struct winbindd_name {
- fstring dom_name; /* lookupsid */
- fstring name;
- int type;
- } name;
- uid_t uid; /* sid_to_uid */
- gid_t gid; /* sid_to_gid */
- struct winbindd_info {
- char winbind_separator;
- fstring samba_version;
- } info;
- fstring domain_name;
- fstring netbios_name;
- fstring dc_name;
-
- struct auth_reply {
- uint32_t nt_status;
- fstring nt_status_string;
- fstring error_string;
- int pam_error;
- char user_session_key[16];
- char first_8_lm_hash[8];
- fstring krb5ccname;
- uint32_t reject_reason;
- uint32_t padding;
- struct policy_settings {
- uint32_t min_length_password;
- uint32_t password_history;
- uint32_t password_properties;
- uint32_t padding;
- SMB_TIME_T expire;
- SMB_TIME_T min_passwordage;
- } policy;
- struct info3_text {
- SMB_TIME_T logon_time;
- SMB_TIME_T logoff_time;
- SMB_TIME_T kickoff_time;
- SMB_TIME_T pass_last_set_time;
- SMB_TIME_T pass_can_change_time;
- SMB_TIME_T pass_must_change_time;
- uint32_t logon_count;
- uint32_t bad_pw_count;
- uint32_t user_rid;
- uint32_t group_rid;
- uint32_t num_groups;
- uint32_t user_flgs;
- uint32_t acct_flags;
- uint32_t num_other_sids;
- fstring dom_sid;
- fstring user_name;
- fstring full_name;
- fstring logon_script;
- fstring profile_path;
- fstring home_dir;
- fstring dir_drive;
- fstring logon_srv;
- fstring logon_dom;
- } info3;
- } auth;
- struct {
- fstring name;
- fstring alt_name;
- fstring sid;
- bool native_mode;
- bool active_directory;
- bool primary;
- } domain_info;
- uint32_t sequence_number;
- struct {
- fstring acct_name;
- fstring full_name;
- fstring homedir;
- fstring shell;
- uint32_t primary_gid;
- uint32_t group_rid;
- } user_info;
- struct {
- uint32_t auth_blob_len; /* blob in extra_data */
- } ccache_ntlm_auth;
- } data;
-
- /* Variable length return data */
-
- union {
- SMB_TIME_T padding;
- void *data;
- } extra_data;
-};
-
-struct WINBINDD_MEMORY_CREDS {
- struct WINBINDD_MEMORY_CREDS *next, *prev;
- const char *username; /* lookup key. */
- uid_t uid;
- int ref_count;
- size_t len;
- uint8_t *nt_hash; /* Base pointer for the following 2 */
- uint8_t *lm_hash;
- char *pass;
-};
-
-struct WINBINDD_CCACHE_ENTRY {
- struct WINBINDD_CCACHE_ENTRY *next, *prev;
- const char *principal_name;
- const char *ccname;
- const char *service;
- const char *username;
- const char *realm;
- struct WINBINDD_MEMORY_CREDS *cred_ptr;
- int ref_count;
- uid_t uid;
- time_t create_time;
- time_t renew_until;
- time_t refresh_time;
- struct timed_event *event;
-};
-
-#endif