From a2481eda8c29255e8580b6070ea87f46ea7b4300 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Fri, 21 Dec 2007 11:57:34 -0600 Subject: Add files for new LGPL libwbclient DSO implementing the Winbind client API (based on the winbind_struct_protocol.h). The API in incomplete, but sufficient to merge. See wbclienbt.h for the i interface functions. (This used to be commit 83d274b46078a9ace77edb822a0e336c79dcf40e) --- source3/nsswitch/libwbclient/Doxyfile | 1297 ++++++++++++++++++++++ source3/nsswitch/libwbclient/libwbclient.h | 46 + source3/nsswitch/libwbclient/wbc_err.h | 51 + source3/nsswitch/libwbclient/wbc_err_internal.h | 44 + source3/nsswitch/libwbclient/wbc_idmap.c | 272 +++++ source3/nsswitch/libwbclient/wbc_pam.c | 65 ++ source3/nsswitch/libwbclient/wbc_pwd.c | 374 +++++++ source3/nsswitch/libwbclient/wbc_sid.c | 420 +++++++ source3/nsswitch/libwbclient/wbc_util.c | 110 ++ source3/nsswitch/libwbclient/wbclient.c | 105 ++ source3/nsswitch/libwbclient/wbclient.h | 184 +++ source3/nsswitch/libwbclient/wbclient_internal.h | 32 + 12 files changed, 3000 insertions(+) create mode 100644 source3/nsswitch/libwbclient/Doxyfile create mode 100644 source3/nsswitch/libwbclient/libwbclient.h create mode 100644 source3/nsswitch/libwbclient/wbc_err.h create mode 100644 source3/nsswitch/libwbclient/wbc_err_internal.h create mode 100644 source3/nsswitch/libwbclient/wbc_idmap.c create mode 100644 source3/nsswitch/libwbclient/wbc_pam.c create mode 100644 source3/nsswitch/libwbclient/wbc_pwd.c create mode 100644 source3/nsswitch/libwbclient/wbc_sid.c create mode 100644 source3/nsswitch/libwbclient/wbc_util.c create mode 100644 source3/nsswitch/libwbclient/wbclient.c create mode 100644 source3/nsswitch/libwbclient/wbclient.h create mode 100644 source3/nsswitch/libwbclient/wbclient_internal.h (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/Doxyfile b/source3/nsswitch/libwbclient/Doxyfile new file mode 100644 index 0000000000..e12c2b06f0 --- /dev/null +++ b/source3/nsswitch/libwbclient/Doxyfile @@ -0,0 +1,1297 @@ +# Doxyfile 1.5.3 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file that +# follow. The default is UTF-8 which is also the encoding used for all text before +# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into +# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of +# possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = Samba + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = HEAD + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = dox + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, +# Italian, Japanese, Japanese-en (Japanese with English messages), Korean, +# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, +# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = $(PWD)/ + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = YES + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for Java. +# For instance, namespaces will be presented as packages, qualified scopes +# will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to +# include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = YES + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = YES + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be extracted +# and appear in the documentation as a namespace called 'anonymous_namespace{file}', +# where file will be replaced with the base name of the file that contains the anonymous +# namespace. By default anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = YES + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = YES + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = NO + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from the +# version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = YES + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = NO + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = NO + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text " + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = . + +# This tag can be used to specify the character encoding of the source files that +# doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default +# input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding. +# See http://www.gnu.org/software/libiconv for the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py + +FILE_PATTERNS = *.c \ + *.h \ + *.idl + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = include/includes.h \ + include/proto.h + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the output. +# The symbol name can be a fully qualified name, a word, or if the wildcard * is used, +# a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. If you have enabled CALL_GRAPH or CALLER_GRAPH +# then you must also enable this option. If you don't then doxygen will produce +# a warning and turn it on anyway + +SOURCE_BROWSER = YES + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = YES + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = NO + +# If the REFERENCED_BY_RELATION tag is set to YES (the default) +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = YES + +# If the REFERENCES_RELATION tag is set to YES (the default) +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = YES + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = YES + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 1 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = . + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 3 + +# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be +# generated containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. + +GENERATE_TREEVIEW = NO + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = YES + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = NO + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to +# produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to +# specify the directory where the mscgen tool resides. If left empty the tool is assumed to +# be found in the default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will +# generate a call dependency graph for every global function or class method. +# Note that enabling this option will significantly increase the time of a run. +# So in most cases it will be better to enable call graphs for selected +# functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will +# generate a caller dependency graph for every global function or class method. +# Note that enabling this option will significantly increase the time of a run. +# So in most cases it will be better to enable caller graphs for selected +# functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the number +# of direct children of the root node in a graph is already larger than +# MAX_DOT_GRAPH_NOTES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is disabled by default, which results in a white background. +# Warning: Depending on the platform used, enabling this option may lead to +# badly anti-aliased labels on the edges of a graph (i.e. they become hard to +# read). + +DOT_TRANSPARENT = NO + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/source3/nsswitch/libwbclient/libwbclient.h b/source3/nsswitch/libwbclient/libwbclient.h new file mode 100644 index 0000000000..74cba7e796 --- /dev/null +++ b/source3/nsswitch/libwbclient/libwbclient.h @@ -0,0 +1,46 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _LIBWBCLIENT_H +#define _LIBWBCLIENT_H + +/* Super header including necessary public and private header files + for building the wbclient library. __DO NOT__ define anything + in this file. Only include other headers. */ + +/* Winbind headers */ + +#include "nsswitch/winbind_nss_config.h" +#include "nsswitch/winbind_struct_protocol.h" + +#include + +/* Public headers */ + +#include "wbclient.h" + +/* Private headers */ + +#include "wbc_err_internal.h" +#include "wbclient_internal.h" + + +#endif /* _LIBWBCLIENT_H */ diff --git a/source3/nsswitch/libwbclient/wbc_err.h b/source3/nsswitch/libwbclient/wbc_err.h new file mode 100644 index 0000000000..069f68f189 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_err.h @@ -0,0 +1,51 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _WBC_ERR_H +#define _WBC_ERR_H + + +/* Define error types */ + +/** + * @brief Status codes returned from wbc functions + **/ + +enum _wbcErrType { + WBC_ERR_SUCCESS = 0, /**< Successful completion **/ + WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/ + WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/ + WBC_ERR_NO_MEMORY, /**< Memory allocation error **/ + WBC_ERR_INVALID_SID, /**< Invalid SID format **/ + WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ + WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ + WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ + WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ + WBC_ERR_NSS_ERROR /**< NSS_STATUS error **/ +}; + +typedef enum _wbcErrType wbcErr; + +#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) + +char *wbcErrorString(wbcErr error); + +#endif /* _WBC_ERR_H */ diff --git a/source3/nsswitch/libwbclient/wbc_err_internal.h b/source3/nsswitch/libwbclient/wbc_err_internal.h new file mode 100644 index 0000000000..ea501cba31 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_err_internal.h @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _WBC_ERR_INTERNAL_H +#define _WBC_ERR_INTERNAL_H + +/* Private macros */ + +#define BAIL_ON_WBC_ERROR(x) \ + do { \ + if ((x) != WBC_ERR_SUCCESS) \ + goto done; \ + } while(0); + +#define BAIL_ON_PTR_ERROR(x, status) \ + do { \ + if ((x) == NULL) { \ + status = WBC_ERR_NO_MEMORY; \ + goto done; \ + } else { \ + status = WBC_ERR_SUCCESS; \ + } \ + } while (0); + + +#endif /* _WBC_ERR_INTERNAL_H */ diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c new file mode 100644 index 0000000000..651c270a57 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -0,0 +1,272 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + +/** @brief Convert a Windows SID to a Unix uid + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) +{ + struct winbindd_request request; + struct winbindd_response response; + char *sid_string = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid || !puid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + + /* Make request */ + + wbc_status = wbcRequestResponse(WINBINDD_SID_TO_UID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *puid = response.data.uid; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +/** @brief Convert a Unix uid to a Windows SID + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.uid = uid; + + /* Make request */ + + wbc_status = wbcRequestResponse(WINBINDD_UID_TO_SID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + wbc_status = wbcStringToSid(response.data.sid.sid, sid); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} + +/** @brief Convert a Windows SID to a Unix gid + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid || !pgid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + + /* Make request */ + + wbc_status = wbcRequestResponse(WINBINDD_SID_TO_GID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pgid = response.data.gid; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +/** @brief Convert a Unix uid to a Windows SID + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.gid = gid; + + /* Make request */ + + wbc_status = wbcRequestResponse(WINBINDD_GID_TO_SID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + wbc_status = wbcStringToSid(response.data.sid.sid, sid); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} + +/** @brief Obtain a new uid from Winbind + * + * @param *puid *pointer to the allocated uid + * + * @return #wbcErr + **/ + +wbcErr wbcAllocateUid(uid_t *puid) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if (!puid) + return WBC_ERR_INVALID_PARAM; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + result = wbcRequestResponse(WINBINDD_ALLOCATE_UID, + &request, &response); + + if (result != NSS_STATUS_SUCCESS) + return WBC_ERR_UNKNOWN_FAILURE; + + /* Copy out result */ + *puid = response.data.uid; + + return WBC_ERR_SUCCESS; +} + +/** @brief Obtain a new gid from Winbind + * + * @param *pgid Pointer to the allocated gid + * + * @return #wbcErr + **/ + +wbcErr wbcAllocateGid(uid_t *pgid) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + + if (!pgid) + return WBC_ERR_INVALID_PARAM; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + result = wbcRequestResponse(WINBINDD_ALLOCATE_GID, + &request, &response); + + if (result != NSS_STATUS_SUCCESS) + return WBC_ERR_UNKNOWN_FAILURE; + + /* Copy out result */ + *pgid = response.data.gid; + + return WBC_ERR_SUCCESS; +} + diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c new file mode 100644 index 0000000000..1548c3344a --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -0,0 +1,65 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + +/** @brief Authenticate a username/password pair + * + * @param username Name of user to authenticate + * @param password Clear text password os user + * + * @return #wbcErr + **/ + +wbcErr wbcAuthenticateUser(const char *username, + const char *password) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.auth.user, username, + sizeof(request.data.auth.user)-1); + strncpy(request.data.auth.pass, password, + sizeof(request.data.auth.user)-1); + + wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c new file mode 100644 index 0000000000..4e3b0d3967 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -0,0 +1,374 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + +/** + * + **/ + +static struct passwd *copy_passwd_entry(struct winbindd_pw *p) +{ + struct passwd *pwd = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + pwd = talloc(NULL, struct passwd); + BAIL_ON_PTR_ERROR(pwd, wbc_status); + + pwd->pw_name = talloc_strdup(pwd,p->pw_name); + BAIL_ON_PTR_ERROR(pwd->pw_name, wbc_status); + + pwd->pw_passwd = talloc_strdup(pwd, p->pw_passwd); + BAIL_ON_PTR_ERROR(pwd->pw_passwd, wbc_status); + + pwd->pw_gecos = talloc_strdup(pwd, p->pw_gecos); + BAIL_ON_PTR_ERROR(pwd->pw_gecos, wbc_status); + + pwd->pw_shell = talloc_strdup(pwd, p->pw_shell); + BAIL_ON_PTR_ERROR(pwd->pw_shell, wbc_status); + + pwd->pw_dir = talloc_strdup(pwd, p->pw_dir); + BAIL_ON_PTR_ERROR(pwd->pw_dir, wbc_status); + + pwd->pw_uid = p->pw_uid; + pwd->pw_gid = p->pw_gid; + +done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(pwd); + pwd = NULL; + } + + return pwd; +} + +/** + * + **/ + +static struct group *copy_group_entry(struct winbindd_gr *g, + char *mem_buf) +{ + struct group *grp = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int i; + char *mem_p, *mem_q; + + grp = talloc(NULL, struct group); + BAIL_ON_PTR_ERROR(grp, wbc_status); + + grp->gr_name = talloc_strdup(grp, g->gr_name); + BAIL_ON_PTR_ERROR(grp->gr_name, wbc_status); + + grp->gr_passwd = talloc_strdup(grp, g->gr_passwd); + BAIL_ON_PTR_ERROR(grp->gr_passwd, wbc_status); + + grp->gr_gid = g->gr_gid; + + grp->gr_mem = talloc_array(grp, char*, g->num_gr_mem+1); + + mem_p = mem_q = mem_buf; + for (i=0; inum_gr_mem && mem_p; i++) { + if ((mem_q = strchr(mem_p, ',')) != NULL) { + *mem_q = '\0'; + } + + grp->gr_mem[i] = talloc_strdup(grp, mem_p); + BAIL_ON_PTR_ERROR(grp->gr_mem[i], wbc_status); + + *mem_q = ','; + mem_p++; + mem_p = mem_q; + } + grp->gr_mem[g->num_gr_mem] = NULL; + + wbc_status = WBC_ERR_SUCCESS; + +done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(grp); + grp = NULL; + } + + return grp; +} + +/** @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!name || !pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.username, name, sizeof(request.data.username)-1); + + wbc_status = wbcRequestResponse(WINBINDD_GETPWNAM, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + return wbc_status; +} + +/** @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param uid Uid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.uid = uid; + + wbc_status = wbcRequestResponse(WINBINDD_GETPWUID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + return wbc_status; +} + +/** @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetgrnam(const char *name, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!name || !grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1); + + wbc_status = wbcRequestResponse(WINBINDD_GETGRNAM, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *grp = copy_group_entry(&response.data.gr, response.extra_data.data); + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + done: + if (response.extra_data.data) + free(response.extra_data.data); + + return wbc_status; +} + +/** @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param gid Uid to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetgrgid(gid_t gid, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.gid = gid; + + wbc_status = wbcRequestResponse(WINBINDD_GETGRGID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *grp = copy_group_entry(&response.data.gr, response.extra_data.data); + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + done: + if (response.extra_data.data) + free(response.extra_data.data); + + return wbc_status; +} + +/** @brief Reset the passwd iterator + * + * @return #wbcErr + **/ + +wbcErr wbcSetpwent(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + wbc_status = wbcRequestResponse(WINBINDD_SETPWENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Close the passwd iterator + * + * @return #wbcErr + **/ + +wbcErr wbcEndpwent(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + wbc_status = wbcRequestResponse(WINBINDD_ENDPWENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Return the next struct passwd* entry from the pwent iterator + * + * @param **pwd Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetpwent(struct passwd **pwd) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Reset the group iterator + * + * @return #wbcErr + **/ + +wbcErr wbcSetgrent(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + wbc_status = wbcRequestResponse(WINBINDD_SETGRENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Close the group iterator + * + * @return #wbcErr + **/ + +wbcErr wbcEndgrent(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + wbc_status = wbcRequestResponse(WINBINDD_ENDGRENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Return the next struct passwd* entry from the pwent iterator + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetgrent(struct group **grp) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c new file mode 100644 index 0000000000..5e7cb9a61b --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -0,0 +1,420 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + + +/** @brief Convert a binary SID to a character string + * + * @param sid Binary Security Identifier + * @param **sid_string Resulting character string + * + * @return #wbcErr + **/ + +wbcErr wbcSidToString(const struct wbcDomainSid *sid, + char **sid_string) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + uint32_t id_auth; + int i; + char *tmp = NULL; + TALLOC_CTX *ctx = NULL; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ctx = talloc_init("wbcSidToString"); + BAIL_ON_PTR_ERROR(ctx, wbc_status); + + id_auth = sid->id_auth[5] + + (sid->id_auth[4] << 8) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); + + tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth); + BAIL_ON_PTR_ERROR(tmp, wbc_status); + + for (i=0; inum_auths; i++) { + char *tmp2 = + tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]); + BAIL_ON_PTR_ERROR(tmp2, wbc_status); + + tmp = tmp2; + } + + *sid_string=talloc_strdup(NULL, tmp); + BAIL_ON_PTR_ERROR((*sid_string), wbc_status); + + wbc_status = WBC_ERR_SUCCESS; + +done: + talloc_free(ctx); + + return wbc_status; +} + +/** @brief Convert a character string to a binary SID + * + * @param *str Character string in the form of S-... + * @param sid Resulting binary SID + * + * @return #wbcErr + **/ + +wbcErr wbcStringToSid(const char *str, + struct wbcDomainSid *sid) +{ + const char *p; + char *q; + uint32_t x; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Sanity check for either "S-" or "s-" */ + + if (!str + || (str[0]!='S' && str[0]!='s') + || (str[1]!='-') + || (strlen(str)<2)) + { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Get the SID revision number */ + + p = str+2; + x = (uint32_t)strtol(p, &q, 10); + if (x==0 || !q || *q!='-') { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + sid->sid_rev_num = (uint8_t)x; + + /* Next the Identifier Authority. This is stored in big-endian + in a 6 byte array. */ + + p = q+1; + x = (uint32_t)strtol(p, &q, 10); + if (x==0 || !q || *q!='-') { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + sid->id_auth[5] = (x & 0x000000ff); + sid->id_auth[4] = (x & 0x0000ff00) >> 8; + sid->id_auth[3] = (x & 0x00ff0000) >> 16; + sid->id_auth[2] = (x & 0xff000000) >> 24; + sid->id_auth[1] = 0; + sid->id_auth[0] = 0; + + /* now read the the subauthorities */ + + p = q +1; + sid->num_auths = 0; + while (sid->num_auths < MAXSUBAUTHS) { + if ((x=(uint32_t)strtoul(p, &q, 10)) == 0) + break; + sid->sub_auths[sid->num_auths++] = x; + + if (q && ((*q!='-') || (*q=='\0'))) + break; + p = q + 1; + } + + /* IF we ended early, then the SID could not be converted */ + + if (q && *q!='\0') { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_SUCCESS; + +done: + return wbc_status; + +} + +/** @brief Convert a domain and name to SID + * + * @param domain Domain name (possibly "") + * @param name User or group name + * @param *sid Pointer to the resolved domain SID + * @param *name_type Pointet to the SID type + * + * @return #wbcErr + * + **/ + +wbcErr wbcLookupName(const char *domain, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid || !name_type) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.name.dom_name, domain, + sizeof(request.data.name.dom_name)-1); + strncpy(request.data.name.name, name, + sizeof(request.data.name.name)-1); + + wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + wbc_status = wbcStringToSid(response.data.sid.sid, sid); + BAIL_ON_WBC_ERROR(wbc_status); + + *name_type = (enum wbcSidType)response.data.sid.type; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +/** @brief Convert a SID to a domain and name + * + * @param *sid Pointer to the domain SID to be resolved + * @param domain Resolved Domain name (possibly "") + * @param name Resolved User or group name + * @param *name_type Pointet to the resolved SID type + * + * @return #wbcErr + * + **/ + +wbcErr wbcLookupSid(const struct wbcDomainSid *sid, + char **domain, + char **name, + enum wbcSidType *name_type) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + + /* Make request */ + + wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Copy out result */ + + if (domain != NULL) { + *domain = strdup(response.data.name.dom_name); + BAIL_ON_PTR_ERROR((*domain), wbc_status); + } + + if (name != NULL) { + *name = strdup(response.data.name.name); + BAIL_ON_PTR_ERROR((*name), wbc_status); + } + + if (name_type) { + *name_type = (enum wbcSidType)response.data.name.type; + } + + wbc_status = WBC_ERR_SUCCESS; + + done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + if (*domain) + free(*domain); + if (*name) + free(*name); + } + + return wbc_status; +} + +/** @brief Translate a collection of RIDs within a domain to names + * + **/ + +wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **domain_name, + const char ***names, + enum wbcSidType **types) +{ + size_t i, len, ridbuf_size; + char *ridlist; + char *p; + struct winbindd_request request; + struct winbindd_response response; + char *sid_string = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!dom_sid || (num_rids == 0)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + wbc_status = wbcSidToString(dom_sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + + /* Even if all the Rids were of maximum 32bit values, + we would only have 11 bytes per rid in the final array + ("4294967296" + \n). Add one more byte for the + terminating '\0' */ + + ridbuf_size = (sizeof(char)*11) * num_rids + 1; + + ridlist = malloc(ridbuf_size); + BAIL_ON_PTR_ERROR(ridlist, wbc_status); + + memset(ridlist, 0x0, ridbuf_size); + + len = 0; + for (i=0; i0; i++) { + char ridstr[12]; + + len = strlen(ridlist); + p = ridlist + len; + + snprintf( ridstr, sizeof(ridstr)-1, "%u\n", rids[i]); + strncat(p, ridstr, ridbuf_size-len-1); + } + + request.extra_data.data = ridlist; + request.extra_len = strlen(ridlist)+1; + + wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS, + &request, + &response); + free(ridlist); + + *domain_name = strdup(response.data.domain_name); + BAIL_ON_PTR_ERROR((*domain_name), wbc_status); + + *names = (const char**)malloc(sizeof(char*) * num_rids); + BAIL_ON_PTR_ERROR((*names), wbc_status); + + *types = (enum wbcSidType*)malloc(sizeof(enum wbcSidType) * num_rids); + BAIL_ON_PTR_ERROR((*types), wbc_status); + + p = (char *)response.extra_data.data; + + for (i=0; i. +*/ + +/* Required Headers */ + +#include "libwbclient.h" + + + +/** @brief Ping winbindd to see if the daemon is running + * + * @return #wbcErr + **/ + +wbcErr wbcPing(void) +{ + return wbcRequestResponse(WINBINDD_PING, NULL, NULL); +} + +/** @brief Lookup the current status of a trusted domain + * + * @param domain Domain to query + * @param *info Pointer to returned domain_info struct + * + * @return #wbcErr + * + * The char* members of the struct wbcDomainInfo* are malloc()'d + * and it the the responsibility of the caller to free the members + * before discarding the struct. + * + **/ + + +wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainInfo *info = NULL; + + if (!domain || !dinfo) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + + wbc_status = wbcRequestResponse(WINBINDD_DOMAIN_INFO, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info = talloc(NULL, struct wbcDomainInfo); + BAIL_ON_PTR_ERROR(info, wbc_status); + + info->short_name = talloc_strdup(info, + response.data.domain_info.name); + BAIL_ON_PTR_ERROR(info->short_name, wbc_status); + + info->dns_name = talloc_strdup(info, + response.data.domain_info.alt_name); + BAIL_ON_PTR_ERROR(info->dns_name, wbc_status); + + wbc_status = wbcStringToSid(response.data.domain_info.sid, + &info->sid); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.domain_info.native_mode) + info->flags |= WBC_DOMINFO_NATIVE; + if (response.data.domain_info.active_directory) + info->flags |= WBC_DOMINFO_AD; + if (response.data.domain_info.primary) + info->flags |= WBC_DOMINFO_PRIMARY; + + *dinfo = info; + + wbc_status = WBC_ERR_SUCCESS; + + done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(info); + } + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c new file mode 100644 index 0000000000..321a7db669 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -0,0 +1,105 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + +/* From wb_common.c */ + +NSS_STATUS winbindd_request_response(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); + +/** @brief Wrapper around Winbind's send/receive API call + * + * @param cmd Winbind command operation to perform + * @param request Send structure + * @param response Receive structure + * + * @return #wbcErr + **/ + +/********************************************************************** + result == NSS_STATUS_UNAVAIL: winbind not around + result == NSS_STATUS_NOTFOUND: winbind around, but domain missing + + Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off + and when winbind return WINBINDD_ERROR. So the semantics of this + routine depends on winbind_on. Grepping for winbind_off I just + found 3 places where winbind is turned off, and this does not conflict + (as far as I have seen) with the callers of is_trusted_domains. + + --Volker +**********************************************************************/ + +wbcErr wbcRequestResponse(int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + NSS_STATUS nss_status; + + if (!request || !response) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + + nss_status = winbindd_request_response(cmd, request, response); + + switch (nss_status) { + case NSS_STATUS_SUCCESS: + wbc_status = WBC_ERR_SUCCESS; + break; + case NSS_STATUS_UNAVAIL: + return WBC_ERR_WINBIND_NOT_AVAILABLE; + break; + case NSS_STATUS_NOTFOUND: + return WBC_ERR_DOMAIN_NOT_FOUND; + break; + default: + wbc_status = WBC_ERR_NSS_ERROR; + break; + } + +done: + return wbc_status; +} + +/** @brief Free library allocated memory + * + * @param *p Pointer to free + * + * @return void + **/ + +void wbcFreeMemory(void *p) +{ + if (p) + talloc_free(p); + + return; +} + + + diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h new file mode 100644 index 0000000000..2867aad69e --- /dev/null +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -0,0 +1,184 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _WBCLIENT_H +#define _WBCLIENT_H + +#include +#include + +/* + * Data types used by the Winbind Client API + */ + +#ifndef MAXSUBAUTHS +#define MAXSUBAUTHS 15 /* max sub authorities in a SID */ +#endif + +/** + * @brief Windows Security Identifier + * + **/ + +struct wbcDomainSid { + uint8_t sid_rev_num; + uint8_t num_auths; + uint8_t id_auth[6]; + uint32_t sub_auths[MAXSUBAUTHS]; +}; + +/** + * @brief Security Identifier type + **/ + +enum wbcSidType { + WBC_SID_NAME_USE_NONE=0, + WBC_SID_NAME_USER=1, + WBC_SID_NAME_DOM_GRP=2, + WBC_SID_NAME_DOMAIN=3, + WBC_SID_NAME_ALIAS=4, + WBC_SID_NAME_WKN_GRP=5, + WBC_SID_NAME_DELETED=6, + WBC_SID_NAME_INVALID=7, + WBC_SID_NAME_UNKNOWN=8, + WBC_SID_NAME_COMPUTER=9 +}; + +/** + * @brief Domain Information + **/ + +struct wbcDomainInfo { + char *short_name; + char *dns_name; + struct wbcDomainSid sid; + uint32_t flags; +}; + +/* wbcDomainInfo->flags */ + +#define WBC_DOMINFO_NATIVE 0x00000001 +#define WBC_DOMINFO_AD 0x00000002 +#define WBC_DOMINFO_PRIMARY 0x00000004 + +/* + * Memory Management + */ + +void wbcFreeMemory(void*); + + +/* + * Utility functions for dealing with SIDs + */ + +wbcErr wbcSidToString(const struct wbcDomainSid *sid, + char **sid_string); + +wbcErr wbcStringToSid(const char *sid_string, + struct wbcDomainSid *sid); + +wbcErr wbcPing(void); + +/* + * Name/SID conversion + */ + +wbcErr wbcLookupName(const char *dom_name, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type); + +wbcErr wbcLookupSid(const struct wbcDomainSid *sid, + char **domain, + char **name, + enum wbcSidType *name_type); + +wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **domain_name, + const char ***names, + enum wbcSidType **types); + +/* + * SID/uid/gid Mappings + */ + +wbcErr wbcSidToUid(const struct wbcDomainSid *sid, + uid_t *puid); + +wbcErr wbcUidToSid(uid_t uid, + struct wbcDomainSid *sid); + +wbcErr wbcSidToGid(const struct wbcDomainSid *sid, + gid_t *pgid); + +wbcErr wbcGidToSid(gid_t gid, + struct wbcDomainSid *sid); + +wbcErr wbcAllocateUid(uid_t *puid); + +wbcErr wbcAllocateGid(uid_t *pgid); + +/* + * NSS Lookup User/Group details + */ + +wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); + +wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); + +wbcErr wbcGetgrnam(const char *name, struct group **grp); + +wbcErr wbcGetgrgid(gid_t gid, struct group **grp); + +wbcErr wbcSetpwent(void); + +wbcErr wbcEndpwent(void); + +wbcErr wbcGetpwent(struct passwd **pwd); + +wbcErr wbcSetgrent(void); + +wbcErr wbcEndgrent(void); + +wbcErr wbcGetgrent(struct group **grp); + + +/* + * Lookup Domain information + */ + +wbcErr wbcDomainInfo(const char *domain, + struct wbcDomainInfo **info); + +wbcErr wbcDomainSequenceNumbers(void); + +/* + * Athenticate functions + */ + +wbcErr wbcAuthenticateUser(const char *username, + const char *password); + + +#endif /* _WBCLIENT_H */ diff --git a/source3/nsswitch/libwbclient/wbclient_internal.h b/source3/nsswitch/libwbclient/wbclient_internal.h new file mode 100644 index 0000000000..fc03c5409b --- /dev/null +++ b/source3/nsswitch/libwbclient/wbclient_internal.h @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _WBCLIENT_INTERNAL_H +#define _WBCLIENT_INTERNAL_H + +/* Private functions */ + +wbcErr wbcRequestResponse(int cmd, + struct winbindd_request *request, + struct winbindd_response *response); + + +#endif /* _WBCLIENT_INTERNAL_H */ -- cgit From 387288e9501cd211500b1c5cf1bc0a339017a4a4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Fri, 21 Dec 2007 13:47:45 -0600 Subject: Compile fix: Correct use of wbcDomainInfo() after function signature change. Also fixes a doxygen warngin about an undocumented parameter in the same function. (This used to be commit 290ab64e9e5fb2a28e14a5f344f22119d5304563) --- source3/nsswitch/libwbclient/wbc_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 2d7cc7bcbd..b0adaad318 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -39,7 +39,7 @@ wbcErr wbcPing(void) /** @brief Lookup the current status of a trusted domain * * @param domain Domain to query - * @param *info Pointer to returned domain_info struct + * @param *dinfo Pointer to returned domain_info struct * * @return #wbcErr * -- cgit From e0a054ded334ce5ddeafdfbbdf1ee99e526386f5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Dec 2007 12:18:17 -0800 Subject: Fix const warning. Jeremy. (This used to be commit 5159f897ddaad1878fff629cc074dd71b2b3f4ab) --- source3/nsswitch/libwbclient/wbc_sid.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 5e7cb9a61b..c877e1d9d4 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -298,7 +298,7 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, uint32_t *rids, - const char **domain_name, + const char **pp_domain_name, const char ***names, enum wbcSidType **types) { @@ -308,6 +308,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, struct winbindd_request request; struct winbindd_response response; char *sid_string = NULL; + char *domain_name = NULL; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; if (!dom_sid || (num_rids == 0)) { @@ -357,8 +358,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, &response); free(ridlist); - *domain_name = strdup(response.data.domain_name); - BAIL_ON_PTR_ERROR((*domain_name), wbc_status); + domain_name = strdup(response.data.domain_name); + BAIL_ON_PTR_ERROR(domain_name, wbc_status); *names = (const char**)malloc(sizeof(char*) * num_rids); BAIL_ON_PTR_ERROR((*names), wbc_status); @@ -408,12 +409,14 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, done: if (!WBC_ERROR_IS_OK(wbc_status)) { - if (*domain_name) - free(*domain_name); + if (domain_name) + free(domain_name); if (*names) free(*names); if (*types) free(*types); + } else { + *pp_domain_name = domain_name; } return wbc_status; -- cgit From 85065a4f364baa4a43cd3b4d1fb0c8e2a0152855 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Dec 2007 00:33:44 +0100 Subject: Fix wbcPing() Without request and response, wbcRequestResponse() will always return WBC_ERR_INVALID_PARAM, so the ping will never reach winbind. (This used to be commit 9a24753d35a4b1a283a65c60088d82e4b80f14c8) --- source3/nsswitch/libwbclient/wbc_util.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index b0adaad318..c6acb27e55 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -33,7 +33,15 @@ wbcErr wbcPing(void) { - return wbcRequestResponse(WINBINDD_PING, NULL, NULL); + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + return wbcRequestResponse(WINBINDD_PING, &request, &response); } /** @brief Lookup the current status of a trusted domain -- cgit From 24e694796d9c7658292af1ea6261889d2c120b35 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Dec 2007 00:35:06 +0100 Subject: Fix wbcAllocate[GU]id wbcRequestResponse() returns a wbcErr, not NSS_STATUS (This used to be commit 1bbdbdef991408af07afaba7bc0b4da55f06aed8) --- source3/nsswitch/libwbclient/wbc_idmap.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 651c270a57..53f9678ee7 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -211,7 +211,7 @@ wbcErr wbcAllocateUid(uid_t *puid) { struct winbindd_request request; struct winbindd_response response; - NSS_STATUS result; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; if (!puid) return WBC_ERR_INVALID_PARAM; @@ -223,16 +223,17 @@ wbcErr wbcAllocateUid(uid_t *puid) /* Make request */ - result = wbcRequestResponse(WINBINDD_ALLOCATE_UID, + wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return WBC_ERR_UNKNOWN_FAILURE; + BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ *puid = response.data.uid; - return WBC_ERR_SUCCESS; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; } /** @brief Obtain a new gid from Winbind @@ -246,7 +247,7 @@ wbcErr wbcAllocateGid(uid_t *pgid) { struct winbindd_request request; struct winbindd_response response; - NSS_STATUS result; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; if (!pgid) return WBC_ERR_INVALID_PARAM; @@ -258,15 +259,16 @@ wbcErr wbcAllocateGid(uid_t *pgid) /* Make request */ - result = wbcRequestResponse(WINBINDD_ALLOCATE_GID, + wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return WBC_ERR_UNKNOWN_FAILURE; + BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ *pgid = response.data.gid; - return WBC_ERR_SUCCESS; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; } -- cgit From 701a56a698b580b21bfb0df73401ffe2d05f6f19 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 2 Jan 2008 14:50:59 -0600 Subject: Make sure that wbcLookupSid() and wbcLookupRids() use talloc()'d memory. Follows existing convention that all returned memory should be freed with wbcFreeMemory() and not directly with free(). Noticed by Volker. Txs. (This used to be commit 39c2059f66ee9eb471a503b9c776807b91c2a8f8) --- source3/nsswitch/libwbclient/wbc_sid.c | 37 +++++++++++++++++---------------- source3/nsswitch/libwbclient/wbc_util.c | 4 ---- 2 files changed, 19 insertions(+), 22 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index c877e1d9d4..8311a21a86 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -265,12 +265,12 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, /* Copy out result */ if (domain != NULL) { - *domain = strdup(response.data.name.dom_name); + *domain = talloc_strdup(NULL, response.data.name.dom_name); BAIL_ON_PTR_ERROR((*domain), wbc_status); } if (name != NULL) { - *name = strdup(response.data.name.name); + *name = talloc_strdup(NULL, response.data.name.name); BAIL_ON_PTR_ERROR((*name), wbc_status); } @@ -283,9 +283,9 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, done: if (!WBC_ERROR_IS_OK(wbc_status)) { if (*domain) - free(*domain); + talloc_free(*domain); if (*name) - free(*name); + talloc_free(*name); } return wbc_status; @@ -334,11 +334,9 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, ridbuf_size = (sizeof(char)*11) * num_rids + 1; - ridlist = malloc(ridbuf_size); + ridlist = talloc_zero_array(NULL, char, ridbuf_size); BAIL_ON_PTR_ERROR(ridlist, wbc_status); - memset(ridlist, 0x0, ridbuf_size); - len = 0; for (i=0; i0; i++) { char ridstr[12]; @@ -356,15 +354,15 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS, &request, &response); - free(ridlist); + talloc_free(ridlist); - domain_name = strdup(response.data.domain_name); + domain_name = talloc_strdup(NULL, response.data.domain_name); BAIL_ON_PTR_ERROR(domain_name, wbc_status); - *names = (const char**)malloc(sizeof(char*) * num_rids); + *names = talloc_array(NULL, const char*, num_rids); BAIL_ON_PTR_ERROR((*names), wbc_status); - *types = (enum wbcSidType*)malloc(sizeof(enum wbcSidType) * num_rids); + *types = talloc_array(NULL, enum wbcSidType, num_rids); BAIL_ON_PTR_ERROR((*types), wbc_status); p = (char *)response.extra_data.data; @@ -393,7 +391,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, *q = '\0'; - (*names)[i] = strdup(p); + (*names)[i] = talloc_strdup((*names), p); + BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status); p = q+1; } @@ -403,21 +402,23 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, BAIL_ON_WBC_ERROR(wbc_status); } - free(response.extra_data.data); - wbc_status = WBC_ERR_SUCCESS; done: + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { if (domain_name) - free(domain_name); + talloc_free(domain_name); if (*names) - free(*names); + talloc_free(*names); if (*types) - free(*types); + talloc_free(*types); } else { *pp_domain_name = domain_name; } return wbc_status; -} +} diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index c6acb27e55..7eb19731a7 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -51,10 +51,6 @@ wbcErr wbcPing(void) * * @return #wbcErr * - * The char* members of the struct wbcDomainInfo* are malloc()'d - * and it the the responsibility of the caller to free the members - * before discarding the struct. - * **/ -- cgit From 0df7bcaec38432863cde12cf8c15497d2ae30335 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 2 Jan 2008 17:34:41 -0600 Subject: Fix some C++ warnings (patch was Volker's) - implicit case from void* to char* (This used to be commit 518168410c49ac25085714c73e76dcf358fc4b68) --- source3/nsswitch/libwbclient/wbc_pwd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 4e3b0d3967..5f7437b188 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -228,7 +228,8 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) &response); BAIL_ON_WBC_ERROR(wbc_status); - *grp = copy_group_entry(&response.data.gr, response.extra_data.data); + *grp = copy_group_entry(&response.data.gr, + (char*)response.extra_data.data); BAIL_ON_PTR_ERROR(*grp, wbc_status); done: @@ -270,7 +271,8 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) &response); BAIL_ON_WBC_ERROR(wbc_status); - *grp = copy_group_entry(&response.data.gr, response.extra_data.data); + *grp = copy_group_entry(&response.data.gr, + (char*)response.extra_data.data); BAIL_ON_PTR_ERROR(*grp, wbc_status); done: -- cgit From 2c072ac87910208780a8e03cb3cea687d874b613 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 12:10:27 +0100 Subject: Some coding convention pedantism. Guenther (This used to be commit 338baf96cb957fa52e312d42fbf0fa227d7dafda) --- source3/nsswitch/libwbclient/wbc_pam.c | 4 ++-- source3/nsswitch/libwbclient/wbc_pwd.c | 6 +++--- source3/nsswitch/libwbclient/wbc_sid.c | 10 +++++----- source3/nsswitch/libwbclient/wbc_util.c | 12 ++++++------ source3/nsswitch/libwbclient/wbclient.h | 2 +- 5 files changed, 17 insertions(+), 17 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 1548c3344a..7f7c7b8140 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -31,7 +31,7 @@ * @return #wbcErr **/ -wbcErr wbcAuthenticateUser(const char *username, +wbcErr wbcAuthenticateUser(const char *username, const char *password) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -61,5 +61,5 @@ wbcErr wbcAuthenticateUser(const char *username, BAIL_ON_WBC_ERROR(wbc_status); done: - return wbc_status; + return wbc_status; } diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 5f7437b188..b24e198bc5 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -228,14 +228,14 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) &response); BAIL_ON_WBC_ERROR(wbc_status); - *grp = copy_group_entry(&response.data.gr, + *grp = copy_group_entry(&response.data.gr, (char*)response.extra_data.data); BAIL_ON_PTR_ERROR(*grp, wbc_status); done: if (response.extra_data.data) free(response.extra_data.data); - + return wbc_status; } @@ -271,7 +271,7 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) &response); BAIL_ON_WBC_ERROR(wbc_status); - *grp = copy_group_entry(&response.data.gr, + *grp = copy_group_entry(&response.data.gr, (char*)response.extra_data.data); BAIL_ON_PTR_ERROR(*grp, wbc_status); diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 8311a21a86..abe1457cc1 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -392,7 +392,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, *q = '\0'; (*names)[i] = talloc_strdup((*names), p); - BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status); + BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status); p = q+1; } @@ -405,10 +405,10 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, wbc_status = WBC_ERR_SUCCESS; done: - if (response.extra_data.data) { + if (response.extra_data.data) { free(response.extra_data.data); - } - + } + if (!WBC_ERROR_IS_OK(wbc_status)) { if (domain_name) talloc_free(domain_name); @@ -421,4 +421,4 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, } return wbc_status; -} +} diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 7eb19731a7..ff3cec8689 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -60,7 +60,7 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcDomainInfo *info = NULL; - + if (!domain || !dinfo) { wbc_status = WBC_ERR_INVALID_PARAM; BAIL_ON_WBC_ERROR(wbc_status); @@ -71,7 +71,7 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) ZERO_STRUCT(request); ZERO_STRUCT(response); - strncpy(request.domain_name, domain, + strncpy(request.domain_name, domain, sizeof(request.domain_name)-1); wbc_status = wbcRequestResponse(WINBINDD_DOMAIN_INFO, @@ -82,15 +82,15 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) info = talloc(NULL, struct wbcDomainInfo); BAIL_ON_PTR_ERROR(info, wbc_status); - info->short_name = talloc_strdup(info, + info->short_name = talloc_strdup(info, response.data.domain_info.name); BAIL_ON_PTR_ERROR(info->short_name, wbc_status); - info->dns_name = talloc_strdup(info, + info->dns_name = talloc_strdup(info, response.data.domain_info.alt_name); BAIL_ON_PTR_ERROR(info->dns_name, wbc_status); - wbc_status = wbcStringToSid(response.data.domain_info.sid, + wbc_status = wbcStringToSid(response.data.domain_info.sid, &info->sid); BAIL_ON_WBC_ERROR(wbc_status); @@ -102,7 +102,7 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) info->flags |= WBC_DOMINFO_PRIMARY; *dinfo = info; - + wbc_status = WBC_ERR_SUCCESS; done: diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 2867aad69e..6b85d7e8b3 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -177,7 +177,7 @@ wbcErr wbcDomainSequenceNumbers(void); * Athenticate functions */ -wbcErr wbcAuthenticateUser(const char *username, +wbcErr wbcAuthenticateUser(const char *username, const char *password); -- cgit From bfc4e62e61291670b1bcddfa260c59742ed67026 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 15 Jan 2008 10:24:09 +0100 Subject: libwbclient: move wbc_err.h into wbclient.h as we only install one header This makes the installed wbclient.h header usable. metze (This used to be commit 7dd65599a15bf1d164fcfa554c8057d43c51eb6d) --- source3/nsswitch/libwbclient/wbc_err.h | 51 --------------------------------- source3/nsswitch/libwbclient/wbclient.h | 27 ++++++++++++++++- 2 files changed, 26 insertions(+), 52 deletions(-) delete mode 100644 source3/nsswitch/libwbclient/wbc_err.h (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_err.h b/source3/nsswitch/libwbclient/wbc_err.h deleted file mode 100644 index 069f68f189..0000000000 --- a/source3/nsswitch/libwbclient/wbc_err.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind client API - - Copyright (C) Gerald (Jerry) Carter 2007 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with this program. If not, see . -*/ - -#ifndef _WBC_ERR_H -#define _WBC_ERR_H - - -/* Define error types */ - -/** - * @brief Status codes returned from wbc functions - **/ - -enum _wbcErrType { - WBC_ERR_SUCCESS = 0, /**< Successful completion **/ - WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/ - WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/ - WBC_ERR_NO_MEMORY, /**< Memory allocation error **/ - WBC_ERR_INVALID_SID, /**< Invalid SID format **/ - WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ - WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ - WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ - WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ - WBC_ERR_NSS_ERROR /**< NSS_STATUS error **/ -}; - -typedef enum _wbcErrType wbcErr; - -#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) - -char *wbcErrorString(wbcErr error); - -#endif /* _WBC_ERR_H */ diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 6b85d7e8b3..0b256d343f 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -23,7 +23,32 @@ #define _WBCLIENT_H #include -#include +#include + +/* Define error types */ + +/** + * @brief Status codes returned from wbc functions + **/ + +enum _wbcErrType { + WBC_ERR_SUCCESS = 0, /**< Successful completion **/ + WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/ + WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/ + WBC_ERR_NO_MEMORY, /**< Memory allocation error **/ + WBC_ERR_INVALID_SID, /**< Invalid SID format **/ + WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ + WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ + WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ + WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ + WBC_ERR_NSS_ERROR /**< NSS_STATUS error **/ +}; + +typedef enum _wbcErrType wbcErr; + +#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) + +char *wbcErrorString(wbcErr error); /* * Data types used by the Winbind Client API -- cgit From fa32063d074cfd8906b76c13a72fee1bc2bd899d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 19 Jan 2008 11:08:49 +0100 Subject: libwbclient: use the same style in each switch case for the error mapping metze (This used to be commit 0b85f7173d0770f8d9a0bac9e43355eb45bc181f) --- source3/nsswitch/libwbclient/wbclient.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 321a7db669..42a9943523 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -72,10 +72,10 @@ wbcErr wbcRequestResponse(int cmd, wbc_status = WBC_ERR_SUCCESS; break; case NSS_STATUS_UNAVAIL: - return WBC_ERR_WINBIND_NOT_AVAILABLE; + wbc_status = WBC_ERR_WINBIND_NOT_AVAILABLE; break; case NSS_STATUS_NOTFOUND: - return WBC_ERR_DOMAIN_NOT_FOUND; + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; break; default: wbc_status = WBC_ERR_NSS_ERROR; -- cgit From 4ee9d715a01b3770707b11561cc10798aba790ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 24 Jan 2008 17:40:35 -0800 Subject: Fix missing error check that caused crash when winbindd not running. Jeremy. (This used to be commit f5ca241e2c1adf2ae836fae33a4adac916f46416) --- source3/nsswitch/libwbclient/wbc_sid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index abe1457cc1..f5f553c4c6 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -355,6 +355,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, &request, &response); talloc_free(ridlist); + BAIL_ON_WBC_ERROR(wbc_status); domain_name = talloc_strdup(NULL, response.data.domain_name); BAIL_ON_PTR_ERROR(domain_name, wbc_status); -- cgit From 9758043a4411f0306bd4fb975777807dff42e235 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 29 Jan 2008 14:49:38 -0600 Subject: Allow NULL request and/or response pointers to be passed to wbcRequestResponse(). This is a valid parameter set for things like setpwent() and ping(). (This used to be commit c1cdf6085329d55cf29ccc8c980fc853a03a695e) --- source3/nsswitch/libwbclient/wbclient.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 42a9943523..304e49cf55 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -59,11 +59,7 @@ wbcErr wbcRequestResponse(int cmd, wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; - if (!request || !response) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - + /* for some calls the request and/or response cna be NULL */ nss_status = winbindd_request_response(cmd, request, response); -- cgit From 1852c29b6e202c9988755cf649786c1635574aa5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Jan 2008 23:01:23 +0100 Subject: Fix uninitialized variables response.extra_data.data is not initialized on the first error path Found by the IBM checker (This used to be commit e9b3115c85e3d04eeaa04bfa71972d393272afca) --- source3/nsswitch/libwbclient/wbc_pwd.c | 20 ++++++++++---------- source3/nsswitch/libwbclient/wbc_sid.c | 10 +++++----- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index b24e198bc5..b7febcce0c 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -209,16 +209,16 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) struct winbindd_request request; struct winbindd_response response; - if (!name || !grp) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialize request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!name || !grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + /* dst is already null terminated from the memset above */ strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1); @@ -254,16 +254,16 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) struct winbindd_request request; struct winbindd_response response; - if (!grp) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialize request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + request.data.gid = gid; wbc_status = wbcRequestResponse(WINBINDD_GETGRGID, diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index f5f553c4c6..0519d8bf9f 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -311,16 +311,16 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, char *domain_name = NULL; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - if (!dom_sid || (num_rids == 0)) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialise request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!dom_sid || (num_rids == 0)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + wbc_status = wbcSidToString(dom_sid, &sid_string); BAIL_ON_WBC_ERROR(wbc_status); -- cgit From 3850c2f451ea43f65c040f4e107f400005272206 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jan 2008 12:48:20 +0100 Subject: Fix build warning. Guenther (This used to be commit a3417be934e34af2525ddb731af288034d51432b) --- source3/nsswitch/libwbclient/wbclient.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 304e49cf55..2f76f76635 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -78,7 +78,6 @@ wbcErr wbcRequestResponse(int cmd, break; } -done: return wbc_status; } -- cgit From f47b518940f67ba6be40cae7eb8e8ba556b5f404 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Feb 2008 16:29:28 +0100 Subject: libwbclient: implement wbcErrorString() metze (This used to be commit 97a8069075d820c43c17e761b1186d4f0b3c785d) --- source3/nsswitch/libwbclient/wbclient.c | 34 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 2 +- 2 files changed, 35 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 2f76f76635..5aad378ad0 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -81,6 +81,40 @@ wbcErr wbcRequestResponse(int cmd, return wbc_status; } +/** @brief Translate an error value into a string + * + * @param error + * + * @return a pointer to a static string + **/ +const char *wbcErrorString(wbcErr error) +{ + switch (error) { + case WBC_ERR_SUCCESS: + return "WBC_ERR_SUCCESS"; + case WBC_ERR_NOT_IMPLEMENTED: + return "WBC_ERR_NOT_IMPLEMENTED"; + case WBC_ERR_UNKNOWN_FAILURE: + return "WBC_ERR_UNKNOWN_FAILURE"; + case WBC_ERR_NO_MEMORY: + return "WBC_ERR_NO_MEMORY"; + case WBC_ERR_INVALID_SID: + return "WBC_ERR_INVALID_SID"; + case WBC_ERR_INVALID_PARAM: + return "WBC_ERR_INVALID_PARAM"; + case WBC_ERR_WINBIND_NOT_AVAILABLE: + return "WBC_ERR_WINBIND_NOT_AVAILABLE"; + case WBC_ERR_DOMAIN_NOT_FOUND: + return "WBC_ERR_DOMAIN_NOT_FOUND"; + case WBC_INVALID_RESPONSE: + return "WBC_INVALID_RESPONSE"; + case WBC_ERR_NSS_ERROR: + return "WBC_ERR_NSS_ERROR"; + } + + return "unknown wbcErr value"; +}; + /** @brief Free library allocated memory * * @param *p Pointer to free diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 0b256d343f..ef9e3557da 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -48,7 +48,7 @@ typedef enum _wbcErrType wbcErr; #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) -char *wbcErrorString(wbcErr error); +const char *wbcErrorString(wbcErr error); /* * Data types used by the Winbind Client API -- cgit From 9d27ded946daaa7d484f8b93921bac961ea2e071 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 24 Jan 2008 14:05:59 +0100 Subject: libwbclient: add wbcAuthenticateUserEx() function This function will be used by auth_winbind.c. metze (This used to be commit 72af96a320a97ce1a730d6e33d01950123d6a97c) --- source3/nsswitch/libwbclient/wbc_pam.c | 300 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.c | 2 + source3/nsswitch/libwbclient/wbclient.h | 159 ++++++++++++++++- 3 files changed, 460 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 7f7c7b8140..e7bcdfe20d 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -63,3 +63,303 @@ wbcErr wbcAuthenticateUser(const char *username, done: return wbc_status; } + +static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, + const struct winbindd_response *resp, + struct wbcAuthUserInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthUserInfo *i; + struct wbcDomainSid domain_sid; + char *p; + uint32_t sn = 0; + uint32_t j; + + i = talloc(mem_ctx, struct wbcAuthUserInfo); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->user_flags = resp->data.auth.info3.user_flgs; + + i->account_name = talloc_strdup(i, resp->data.auth.info3.user_name); + BAIL_ON_PTR_ERROR(i->account_name, wbc_status); + i->user_principal= NULL; + i->full_name = talloc_strdup(i, resp->data.auth.info3.full_name); + BAIL_ON_PTR_ERROR(i->full_name, wbc_status); + i->domain_name = talloc_strdup(i, resp->data.auth.info3.logon_dom); + BAIL_ON_PTR_ERROR(i->domain_name, wbc_status); + i->dns_domain_name= NULL; + + i->acct_flags = resp->data.auth.info3.acct_flags; + memcpy(i->user_session_key, + resp->data.auth.user_session_key, + sizeof(i->user_session_key)); + memcpy(i->lm_session_key, + resp->data.auth.first_8_lm_hash, + sizeof(i->lm_session_key)); + + i->logon_count = resp->data.auth.info3.logon_count; + i->bad_password_count = resp->data.auth.info3.bad_pw_count; + + i->logon_time = resp->data.auth.info3.logon_time; + i->logoff_time = resp->data.auth.info3.logoff_time; + i->kickoff_time = resp->data.auth.info3.kickoff_time; + i->pass_last_set_time = resp->data.auth.info3.pass_last_set_time; + i->pass_can_change_time = resp->data.auth.info3.pass_can_change_time; + i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time; + + i->logon_server = talloc_strdup(i, resp->data.auth.info3.logon_srv); + BAIL_ON_PTR_ERROR(i->logon_server, wbc_status); + i->logon_script = talloc_strdup(i, resp->data.auth.info3.logon_script); + BAIL_ON_PTR_ERROR(i->logon_script, wbc_status); + i->profile_path = talloc_strdup(i, resp->data.auth.info3.profile_path); + BAIL_ON_PTR_ERROR(i->profile_path, wbc_status); + i->home_directory= talloc_strdup(i, resp->data.auth.info3.home_dir); + BAIL_ON_PTR_ERROR(i->home_directory, wbc_status); + i->home_drive = talloc_strdup(i, resp->data.auth.info3.dir_drive); + BAIL_ON_PTR_ERROR(i->home_drive, wbc_status); + + i->num_sids = 2; + i->num_sids += resp->data.auth.info3.num_groups; + i->num_sids += resp->data.auth.info3.num_other_sids; + + i->sids = talloc_array(i, struct wbcSidWithAttr, i->num_sids); + BAIL_ON_PTR_ERROR(i->sids, wbc_status); + + wbc_status = wbcStringToSid(resp->data.auth.info3.dom_sid, + &domain_sid); + BAIL_ON_WBC_ERROR(wbc_status); + +#define _SID_COMPOSE(s, d, r, a) { \ + (s).sid = d; \ + if ((s).sid.num_auths < MAXSUBAUTHS) { \ + (s).sid.sub_auths[(s).sid.num_auths++] = r; \ + } else { \ + wbc_status = WBC_ERR_INVALID_SID; \ + BAIL_ON_WBC_ERROR(wbc_status); \ + } \ + (s).attributes = a; \ +} while (0) + + sn = 0; + _SID_COMPOSE(i->sids[sn], domain_sid, + resp->data.auth.info3.user_rid, + 0); + sn++; + _SID_COMPOSE(i->sids[sn], domain_sid, + resp->data.auth.info3.group_rid, + 0); + sn++; + + p = resp->extra_data.data; + if (!p) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + for (j=0; j < resp->data.auth.info3.num_groups; j++) { + uint32_t rid; + uint32_t attrs; + int ret; + char *s = p; + char *e = strchr(p, '\n'); + if (!e) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + p = &e[1]; + + ret = sscanf(s, "0x%08X:0x%08X", &rid, &attrs); + if (ret != 2) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + _SID_COMPOSE(i->sids[sn], domain_sid, + rid, attrs); + sn++; + } + + for (j=0; j < resp->data.auth.info3.num_other_sids; j++) { + uint32_t attrs; + int ret; + char *s = p; + char *a; + char *e = strchr(p, '\n'); + if (!e) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + p = &e[1]; + + e = strchr(s, ':'); + if (!e) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + a = &e[1]; + + ret = sscanf(a, "0x%08X", + &attrs); + if (ret != 1) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcStringToSid(s, &i->sids[sn].sid); + BAIL_ON_WBC_ERROR(wbc_status); + + i->sids[sn].attributes = attrs; + sn++; + } + + i->num_sids = sn; + + *_i = i; + i = NULL; +done: + talloc_free(i); + return wbc_status; +} + +static wbcErr wbc_create_error_info(TALLOC_CTX *mem_ctx, + const struct winbindd_response *resp, + struct wbcAuthErrorInfo **_e) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthErrorInfo *e; + + e = talloc(mem_ctx, struct wbcAuthErrorInfo); + BAIL_ON_PTR_ERROR(e, wbc_status); + + e->nt_status = resp->data.auth.nt_status; + e->pam_error = resp->data.auth.pam_error; + e->nt_string = talloc_strdup(e, resp->data.auth.nt_status_string); + BAIL_ON_PTR_ERROR(e->nt_string, wbc_status); + + e->display_string = talloc_strdup(e, resp->data.auth.error_string); + BAIL_ON_PTR_ERROR(e->display_string, wbc_status); + + *_e = e; + e = NULL; + +done: + talloc_free(e); + return wbc_status; +} + +/** @brief Authenticate with more detailed information + * + * @param params Input parameters, only WBC_AUTH_USER_LEVEL_RESPONSE + * is supported yet + * @param info Output details on WBC_ERR_SUCCESS + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ + +wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd; + struct winbindd_request request; + struct winbindd_response response; + + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (error) { + *error = NULL; + } + + if (!params) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + switch (params->level) { + case WBC_AUTH_USER_LEVEL_PLAIN: + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + break; + + case WBC_AUTH_USER_LEVEL_HASH: + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + break; + + case WBC_AUTH_USER_LEVEL_RESPONSE: + cmd = WINBINDD_PAM_AUTH_CRAP; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + strncpy(request.data.auth_crap.user, + params->account_name, + sizeof(request.data.auth_crap.user)-1); + strncpy(request.data.auth_crap.domain, + params->domain_name, + sizeof(request.data.auth_crap.domain)-1); + if (params->workstation_name) { + strncpy(request.data.auth_crap.workstation, + params->workstation_name, + sizeof(request.data.auth_crap.workstation)-1); + } + + request.data.auth_crap.logon_parameters = + params->parameter_control; + + memcpy(request.data.auth_crap.chal, + params->password.response.challenge, + sizeof(request.data.auth_crap.chal)); + + request.data.auth_crap.lm_resp_len = + MIN(params->password.response.lm_length, + sizeof(request.data.auth_crap.lm_resp)); + request.data.auth_crap.nt_resp_len = + MIN(params->password.response.nt_length, + sizeof(request.data.auth_crap.nt_resp)); + memcpy(request.data.auth_crap.lm_resp, + params->password.response.lm_data, + request.data.auth_crap.lm_resp_len); + memcpy(request.data.auth_crap.nt_resp, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + + break; + } + + wbc_status = wbcRequestResponse(cmd, + &request, + &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + if (info) { + wbc_status = wbc_create_auth_info(NULL, + &response, + info); + BAIL_ON_WBC_ERROR(wbc_status); + } + +done: + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 5aad378ad0..e17296283f 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -110,6 +110,8 @@ const char *wbcErrorString(wbcErr error) return "WBC_INVALID_RESPONSE"; case WBC_ERR_NSS_ERROR: return "WBC_ERR_NSS_ERROR"; + case WBC_ERR_AUTH_ERROR: + return "WBC_ERR_AUTH_ERROR"; } return "unknown wbcErr value"; diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index ef9e3557da..c01db9618d 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -41,7 +41,8 @@ enum _wbcErrType { WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ - WBC_ERR_NSS_ERROR /**< NSS_STATUS error **/ + WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ + WBC_ERR_AUTH_ERROR /**< Authentication failed **/ }; typedef enum _wbcErrType wbcErr; @@ -87,6 +88,25 @@ enum wbcSidType { WBC_SID_NAME_COMPUTER=9 }; +/** + * @brief Security Identifier with attributes + **/ + +struct wbcSidWithAttr { + struct wbcDomainSid sid; + uint32_t attributes; +}; + +/* wbcSidWithAttr->attributes */ + +#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001 +#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002 +#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004 +#define WBC_SID_ATTR_GROUP_OWNER 0x00000008 +#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010 +#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000 +#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000 + /** * @brief Domain Information **/ @@ -104,6 +124,140 @@ struct wbcDomainInfo { #define WBC_DOMINFO_AD 0x00000002 #define WBC_DOMINFO_PRIMARY 0x00000004 +/** + * @brief Auth User Parameters + **/ + +struct wbcAuthUserParams { + const char *account_name; + const char *domain_name; + const char *workstation_name; + + uint32_t flags; + + uint32_t parameter_control; + + enum wbcAuthUserLevel { + WBC_AUTH_USER_LEVEL_PLAIN = 1, + WBC_AUTH_USER_LEVEL_HASH = 2, + WBC_AUTH_USER_LEVEL_RESPONSE = 3 + } level; + union { + const char *plaintext; + struct { + uint8_t nt_hash[16]; + uint8_t lm_hash[16]; + } hash; + struct { + uint8_t challenge[8]; + uint32_t nt_length; + uint8_t *nt_data; + uint32_t lm_length; + uint8_t *lm_data; + } response; + } password; +}; + +/* wbcAuthUserParams->parameter_control */ + +#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002 +#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004 +#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008 +#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020 +#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200 +#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800 + +/* wbcAuthUserParams->flags */ + +#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001 + +/** + * @brief Auth User Information + * + * Some of the strings are maybe NULL + **/ + +struct wbcAuthUserInfo { + uint32_t user_flags; + + char *account_name; + char *user_principal; + char *full_name; + char *domain_name; + char *dns_domain_name; + + uint32_t acct_flags; + uint8_t user_session_key[16]; + uint8_t lm_session_key[8]; + + uint16_t logon_count; + uint16_t bad_password_count; + + uint64_t logon_time; + uint64_t logoff_time; + uint64_t kickoff_time; + uint64_t pass_last_set_time; + uint64_t pass_can_change_time; + uint64_t pass_must_change_time; + + char *logon_server; + char *logon_script; + char *profile_path; + char *home_directory; + char *home_drive; + + /* + * the 1st one is the account sid + * the 2nd one is the primary_group sid + * followed by the rest of the groups + */ + uint32_t num_sids; + struct wbcSidWithAttr *sids; +}; + +/* wbcAuthUserInfo->user_flags */ + +#define WBC_AUTH_USER_INFO_GUEST 0x00000001 +#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002 +#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004 +#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008 +#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 +#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040 +#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080 +#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100 +#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200 +#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400 +#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000 + +/* wbcAuthUserInfo->acct_flags */ + +#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */ +#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */ +#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */ +#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */ +#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */ +#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */ +#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */ +#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */ +#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */ +#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */ +#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */ +#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */ +#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */ +#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */ +#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */ +#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */ +#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */ +#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ +#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ + +struct wbcAuthErrorInfo { + uint32_t nt_status; + char *nt_string; + int32_t pam_error; + char *display_string; +}; + /* * Memory Management */ @@ -205,5 +359,8 @@ wbcErr wbcDomainSequenceNumbers(void); wbcErr wbcAuthenticateUser(const char *username, const char *password); +wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error); #endif /* _WBCLIENT_H */ -- cgit From 4737a35ac81803275f2c1edc860a87f31d14f2eb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 14 Feb 2008 18:16:09 -0800 Subject: Fix "warning: 'cmd' may be used uninitialized in this function" Jeremy. (This used to be commit 58b0f022ffce7fda531f6f8ea7392a963e8ec0c5) --- source3/nsswitch/libwbclient/wbc_pam.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index e7bcdfe20d..d614474cb7 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -334,6 +334,9 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.nt_resp_len); break; + default: + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); } wbc_status = wbcRequestResponse(cmd, -- cgit From b8e0b5cbffb370aa0011cb8c0d4e85378044b99b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 15 Feb 2008 10:30:15 +0100 Subject: libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters metze (This used to be commit 491ba9c0c9d479bc686c75242a3749f14d103fcd) --- source3/nsswitch/libwbclient/wbc_pam.c | 60 +++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 12 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index e7bcdfe20d..cf56a8b6d6 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -265,11 +265,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthErrorInfo **error) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - int cmd; + int cmd = 0; struct winbindd_request request; struct winbindd_response response; - ZERO_STRUCT(request); ZERO_STRUCT(response); @@ -282,6 +281,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, BAIL_ON_WBC_ERROR(wbc_status); } + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + /* Initialize request */ switch (params->level) { @@ -301,12 +305,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_LMKEY; + if (params->password.response.lm_length && + params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.lm_length == 0 && + params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->password.response.nt_length && + !params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.nt_length == 0&& + params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + strncpy(request.data.auth_crap.user, params->account_name, sizeof(request.data.auth_crap.user)-1); - strncpy(request.data.auth_crap.domain, - params->domain_name, - sizeof(request.data.auth_crap.domain)-1); + if (params->domain_name) { + strncpy(request.data.auth_crap.domain, + params->domain_name, + sizeof(request.data.auth_crap.domain)-1); + } if (params->workstation_name) { strncpy(request.data.auth_crap.workstation, params->workstation_name, @@ -326,16 +354,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.nt_resp_len = MIN(params->password.response.nt_length, sizeof(request.data.auth_crap.nt_resp)); - memcpy(request.data.auth_crap.lm_resp, - params->password.response.lm_data, - request.data.auth_crap.lm_resp_len); - memcpy(request.data.auth_crap.nt_resp, - params->password.response.nt_data, - request.data.auth_crap.nt_resp_len); - + if (params->password.response.lm_data) { + memcpy(request.data.auth_crap.lm_resp, + params->password.response.lm_data, + request.data.auth_crap.lm_resp_len); + } + if (params->password.response.nt_data) { + memcpy(request.data.auth_crap.nt_resp, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } break; } + if (cmd == 0) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + wbc_status = wbcRequestResponse(cmd, &request, &response); -- cgit From a12528f82650aee6bef80fee858600d502464614 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 15 Feb 2008 10:34:46 +0100 Subject: libwbclient: implement WBC_AUTH_USER_LEVEL_PLAIN in wbcAuthenticateUserEx() metze (This used to be commit 423f139fd37496db2e690f20399357496367ed7c) --- source3/nsswitch/libwbclient/wbc_pam.c | 40 ++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index cf56a8b6d6..aac7e690ff 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -252,8 +252,8 @@ done: /** @brief Authenticate with more detailed information * - * @param params Input parameters, only WBC_AUTH_USER_LEVEL_RESPONSE - * is supported yet + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet * @param info Output details on WBC_ERR_SUCCESS * @param error Output details on WBC_ERR_AUTH_ERROR * @@ -290,8 +290,40 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, switch (params->level) { case WBC_AUTH_USER_LEVEL_PLAIN: - wbc_status = WBC_ERR_NOT_IMPLEMENTED; - BAIL_ON_WBC_ERROR(wbc_status); + cmd = WINBINDD_PAM_AUTH; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password.plaintext) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->domain_name && params->domain_name[0]) { + /* We need to get the winbind separator :-( */ + struct winbindd_response sep_response; + + ZERO_STRUCT(sep_response); + + wbc_status = wbcRequestResponse(WINBINDD_INFO, + NULL, &sep_response); + BAIL_ON_WBC_ERROR(wbc_status); + + snprintf(request.data.auth.user, + sizeof(request.data.auth.user)-1, + "%s%c%s", + params->domain_name, + sep_response.data.info.winbind_separator, + params->account_name); + } else { + strncpy(request.data.auth.user, + params->account_name, + sizeof(request.data.auth.user)-1); + } + strncpy(request.data.auth.pass, + params->password.plaintext, + sizeof(request.data.auth.user)-1); break; case WBC_AUTH_USER_LEVEL_HASH: -- cgit From 23b7f7ea095644b1a5ba104fde5841676dfc9ed4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 15 Feb 2008 10:46:19 +0100 Subject: libwbclient: let wbcAuthenticateUser() use wbcAuthenticateUserEx() metze (This used to be commit 237c2e9738ae29ca7046d6f886d6f777a6206045) --- source3/nsswitch/libwbclient/wbc_pam.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index aac7e690ff..de49a6b543 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -34,30 +34,16 @@ wbcErr wbcAuthenticateUser(const char *username, const char *password) { - wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - struct winbindd_request request; - struct winbindd_response response; - - if (!username) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - - /* Initialize request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthUserParams params; - /* dst is already null terminated from the memset above */ + ZERO_STRUCT(params); - strncpy(request.data.auth.user, username, - sizeof(request.data.auth.user)-1); - strncpy(request.data.auth.pass, password, - sizeof(request.data.auth.user)-1); + params.account_name = username; + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.password.plaintext = password; - wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH, - &request, - &response); + wbc_status = wbcAuthenticateUserEx(¶ms, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); done: -- cgit From 6dfb2614d81e2381c2fc5d9b4d4f152a56bfce5d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 23 Feb 2008 10:43:58 +0100 Subject: Fix a C++ warning (This used to be commit d993b4c3cea6ead74ff1e031ee9a42f2aa39a9f1) --- source3/nsswitch/libwbclient/wbc_pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 9b8a913a57..1164ab173a 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -136,7 +136,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, 0); sn++; - p = resp->extra_data.data; + p = (char *)resp->extra_data.data; if (!p) { wbc_status = WBC_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); -- cgit From a4a90c62e6d843599138ca46f6488dca0398aac3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 26 Mar 2008 01:27:36 +0100 Subject: Fix wbcAuthenticateUserEx(). Guenther (This used to be commit 79f7a519f8f61a31d84467c5b5975cae13db1c29) --- source3/nsswitch/libwbclient/wbc_pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 1164ab173a..c1457ccd08 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -324,7 +324,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, WBFLAG_PAM_LMKEY; if (params->password.response.lm_length && - params->password.response.lm_data) { + !params->password.response.lm_data) { wbc_status = WBC_ERR_INVALID_PARAM; BAIL_ON_WBC_ERROR(wbc_status); } -- cgit From fe0d12f8c25625e51641a57290188f69dd454655 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 27 Mar 2008 11:51:31 +0100 Subject: libwbclient: fix Coverity ID 536 remove duplicate error path (dead code). I leave the more explicit error path in the "if (cmd == 0)" block. Michael (This used to be commit 2ae19b5fb89e0a992962af14a81b641bf13b7892) --- source3/nsswitch/libwbclient/wbc_pam.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index c1457ccd08..2b33f55990 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -384,8 +384,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, } break; default: - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); + break; } if (cmd == 0) { -- cgit From f58ca063bba86b74f1f4982694b5a7ead442becb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 21 Mar 2008 10:18:54 +0100 Subject: libwbclient: add wbcLookupUserSids() metze (This used to be commit 38007a387a1f1b53877ef9ea518f83ecf026f4f3) --- source3/nsswitch/libwbclient/wbc_sid.c | 82 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 5 ++ 2 files changed, 87 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 0519d8bf9f..cd865b9bb5 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -423,3 +423,85 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, return wbc_status; } + +/** @brief Get the groups a user belongs to + * + **/ + +wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **_sids) +{ + uint32_t i; + const char *s; + struct winbindd_request request; + struct winbindd_response response; + char *sid_string = NULL; + struct wbcDomainSid *sids = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!user_sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcSidToString(user_sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + + if (domain_groups_only) { + cmd = WINBINDD_GETUSERDOMGROUPS; + } else { + cmd = WINBINDD_GETUSERSIDS; + } + + wbc_status = wbcRequestResponse(cmd, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.num_entries && + !response.extra_data.data) { + wbc_status = WBC_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + sids = talloc_array(NULL, struct wbcDomainSid, + response.data.num_entries); + BAIL_ON_PTR_ERROR(sids, wbc_status); + + s = (const char *)response.extra_data.data; + for (i = 0; i < response.data.num_entries; i++) { + char *n = strchr(s, '\n'); + if (n) { + *n = '\0'; + } + wbc_status = wbcStringToSid(s, &sids[i]); + BAIL_ON_WBC_ERROR(wbc_status); + s += strlen(s) + 1; + } + + *num_sids = response.data.num_entries; + *_sids = sids; + sids = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (sids) { + talloc_free(sids); + } + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index c01db9618d..4b6978080b 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -298,6 +298,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, const char ***names, enum wbcSidType **types); +wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **sids); + /* * SID/uid/gid Mappings */ -- cgit From eb98b08ccbd3f0128db07f84951f577450bb3f77 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 24 Mar 2008 20:31:37 +0100 Subject: libwbclient: add wbcListUsers() and wbcListGroups() metze (This used to be commit df127f0b40d36ea8ee605c24ea88558c7d40a7fe) --- source3/nsswitch/libwbclient/wbc_sid.c | 142 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 8 ++ 2 files changed, 150 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index cd865b9bb5..6ef9f44c3b 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -505,3 +505,145 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, return wbc_status; } + +/** @brief Lists Users + * + **/ + +wbcErr wbcListUsers(const char *domain_name, + uint32_t *_num_users, + const char ***_users) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t num_users = 0; + const char **users = NULL; + const char *next; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain_name) { + strncpy(request.domain_name, domain_name, + sizeof(request.domain_name)-1); + } + + wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Look through extra data */ + + next = (const char *)response.extra_data.data; + while (next) { + const char **tmp; + const char *current = next; + char *k = strchr(next, ','); + if (k) { + k[0] = '\0'; + next = k+1; + } else { + next = NULL; + } + + tmp = talloc_realloc(NULL, users, + const char *, + num_users+1); + BAIL_ON_PTR_ERROR(tmp, wbc_status); + users = tmp; + + users[num_users] = talloc_strdup(users, current); + BAIL_ON_PTR_ERROR(users[num_users], wbc_status); + + num_users++; + } + + *_num_users = num_users; + *_users = users; + users = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (users) { + talloc_free(users); + } + return wbc_status; +} + +/** @brief Lists Groups + * + **/ + +wbcErr wbcListGroups(const char *domain_name, + uint32_t *_num_groups, + const char ***_groups) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t num_groups = 0; + const char **groups = NULL; + const char *next; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain_name) { + strncpy(request.domain_name, domain_name, + sizeof(request.domain_name)-1); + } + + wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Look through extra data */ + + next = (const char *)response.extra_data.data; + while (next) { + const char **tmp; + const char *current = next; + char *k = strchr(next, ','); + if (k) { + k[0] = '\0'; + next = k+1; + } else { + next = NULL; + } + + tmp = talloc_realloc(NULL, groups, + const char *, + num_groups+1); + BAIL_ON_PTR_ERROR(tmp, wbc_status); + groups = tmp; + + groups[num_groups] = talloc_strdup(groups, current); + BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status); + + num_groups++; + } + + *_num_groups = num_groups; + *_groups = groups; + groups = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (groups) { + talloc_free(groups); + } + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 4b6978080b..30d8b761a3 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -303,6 +303,14 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, uint32_t *num_sids, struct wbcDomainSid **sids); +wbcErr wbcListUsers(const char *domain_name, + uint32_t *num_users, + const char ***users); + +wbcErr wbcListGroups(const char *domain_name, + uint32_t *num_groups, + const char ***groups); + /* * SID/uid/gid Mappings */ -- cgit From bfbd74f0590fdb16602a37a317a2cd88e600e6f6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 24 Mar 2008 21:07:01 +0100 Subject: libwbclient: remove prototype of non existing wbcDomainSequenceNumbers() metze (This used to be commit 7a4de23aa318bd24948e576a5582a5c74d335154) --- source3/nsswitch/libwbclient/wbclient.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 30d8b761a3..e5047af9f7 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -363,8 +363,6 @@ wbcErr wbcGetgrent(struct group **grp); wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **info); -wbcErr wbcDomainSequenceNumbers(void); - /* * Athenticate functions */ -- cgit From b6737afbc7b7f4cbfe068510fd82ec96241b5a2b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 31 Mar 2008 12:01:24 +0200 Subject: libwbclient: use WBC_ERROR_IS_OK() in BAIL_ON_WBC_ERROR() macro metze (This used to be commit de2e8d5db93d32e5ebf04a2018a08f766eb9a233) --- source3/nsswitch/libwbclient/wbc_err_internal.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_err_internal.h b/source3/nsswitch/libwbclient/wbc_err_internal.h index ea501cba31..83364b8cd9 100644 --- a/source3/nsswitch/libwbclient/wbc_err_internal.h +++ b/source3/nsswitch/libwbclient/wbc_err_internal.h @@ -24,10 +24,11 @@ /* Private macros */ -#define BAIL_ON_WBC_ERROR(x) \ - do { \ - if ((x) != WBC_ERR_SUCCESS) \ - goto done; \ +#define BAIL_ON_WBC_ERROR(x) \ + do { \ + if (!WBC_ERROR_IS_OK(x)) { \ + goto done; \ + } \ } while(0); #define BAIL_ON_PTR_ERROR(x, status) \ -- cgit From 949a3823f2e24f5e465d7dc6256ee29de0914153 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 28 Mar 2008 16:52:18 +0100 Subject: libwbclient: add wbcInterfaceDetails() metze (This used to be commit fee3806326b9ba214e35868271e6481c0c8b9c4b) --- source3/nsswitch/libwbclient/wbc_util.c | 75 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 15 +++++++ 2 files changed, 90 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index ff3cec8689..7bdae91544 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -44,6 +44,81 @@ wbcErr wbcPing(void) return wbcRequestResponse(WINBINDD_PING, &request, &response); } +wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **_details) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcInterfaceDetails *info; + struct wbcDomainInfo *domain = NULL; + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + info = talloc(NULL, struct wbcInterfaceDetails); + BAIL_ON_PTR_ERROR(info, wbc_status); + + /* first the interface version */ + wbc_status = wbcRequestResponse(WINBINDD_INTERFACE_VERSION, NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + info->interface_version = response.data.interface_version; + + /* then the samba version and the winbind separator */ + wbc_status = wbcRequestResponse(WINBINDD_INFO, NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->winbind_version = talloc_strdup(info, + response.data.info.samba_version); + BAIL_ON_PTR_ERROR(info->winbind_version, wbc_status); + info->winbind_separator = response.data.info.winbind_separator; + + /* then the local netbios name */ + wbc_status = wbcRequestResponse(WINBINDD_NETBIOS_NAME, NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->netbios_name = talloc_strdup(info, + response.data.netbios_name); + BAIL_ON_PTR_ERROR(info->netbios_name, wbc_status); + + /* then the local workgroup name */ + wbc_status = wbcRequestResponse(WINBINDD_DOMAIN_NAME, NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->netbios_domain = talloc_strdup(info, + response.data.domain_name); + BAIL_ON_PTR_ERROR(info->netbios_domain, wbc_status); + + wbc_status = wbcDomainInfo(info->netbios_domain, &domain); + if (wbc_status == WBC_ERR_DOMAIN_NOT_FOUND) { + /* maybe it's a standalone server */ + domain = NULL; + wbc_status = WBC_ERR_SUCCESS; + } else { + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (domain) { + info->dns_domain = talloc_strdup(info, + domain->dns_name); + wbcFreeMemory(domain); + BAIL_ON_PTR_ERROR(info->dns_domain, wbc_status); + } else { + info->dns_domain = NULL; + } + + *_details = info; + info = NULL; + + wbc_status = WBC_ERR_SUCCESS; + +done: + talloc_free(info); + return wbc_status; +} + + /** @brief Lookup the current status of a trusted domain * * @param domain Domain to query diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index e5047af9f7..4a9a3b2809 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -51,6 +51,19 @@ typedef enum _wbcErrType wbcErr; const char *wbcErrorString(wbcErr error); +/** + * @brief Some useful details about the running winbindd + * + **/ +struct wbcInterfaceDetails { + uint32_t interface_version; + const char *winbind_version; + char winbind_separator; + const char *netbios_name; + const char *netbios_domain; + const char *dns_domain; +}; + /* * Data types used by the Winbind Client API */ @@ -277,6 +290,8 @@ wbcErr wbcStringToSid(const char *sid_string, wbcErr wbcPing(void); +wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); + /* * Name/SID conversion */ -- cgit From c18dca113cd648029907d98112030a85ee5069f2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 6 Apr 2008 11:27:36 +0200 Subject: wbcAllocateGid returns a gid_t, not a uid_t (This used to be commit 3130fb7b32285b8501f5ee8cbc62b478c09cccd3) --- source3/nsswitch/libwbclient/wbc_idmap.c | 2 +- source3/nsswitch/libwbclient/wbclient.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 53f9678ee7..17f6fb8f9a 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -243,7 +243,7 @@ wbcErr wbcAllocateUid(uid_t *puid) * @return #wbcErr **/ -wbcErr wbcAllocateGid(uid_t *pgid) +wbcErr wbcAllocateGid(gid_t *pgid) { struct winbindd_request request; struct winbindd_response response; diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 4a9a3b2809..8590a30795 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -344,7 +344,7 @@ wbcErr wbcGidToSid(gid_t gid, wbcErr wbcAllocateUid(uid_t *puid); -wbcErr wbcAllocateGid(uid_t *pgid); +wbcErr wbcAllocateGid(gid_t *pgid); /* * NSS Lookup User/Group details -- cgit From cb4e77d991ae41ff112b14bb8043a896efedc72f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 6 Apr 2008 11:55:57 +0200 Subject: libwbclient: add wbcGetGroups() metze (This used to be commit 596d030b976102e7476a2460fce355914c4e8210) --- source3/nsswitch/libwbclient/wbc_pwd.c | 60 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 4 +++ 2 files changed, 64 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index b7febcce0c..baee3c3781 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -374,3 +374,63 @@ wbcErr wbcGetgrent(struct group **grp) return WBC_ERR_NOT_IMPLEMENTED; } +/** @brief Return the unix group array belonging to the given user + * + * @param *account The given user name + * @param *num_groups Number of elements returned in the groups array + * @param **groups Pointer to resulting gid_t array. + * + * @return #wbcErr + **/ +wbcErr wbcGetGroups(const char *account, + uint32_t *num_groups, + gid_t **_groups) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t i; + gid_t *groups = NULL; + + if (!account) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + strncpy(request.data.username, account, sizeof(request.data.username)-1); + + wbc_status = wbcRequestResponse(WINBINDD_GETGROUPS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + groups = talloc_array(NULL, gid_t, response.data.num_entries); + BAIL_ON_PTR_ERROR(groups, wbc_status); + + for (i = 0; i < response.data.num_entries; i++) { + groups[i] = ((gid_t *)response.extra_data.data)[i]; + } + + *num_groups = response.data.num_entries; + *_groups = groups; + groups = NULL; + + wbc_status = WBC_ERR_SUCCESS; + + done: + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (groups) { + talloc_free(groups); + } + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 8590a30795..16b68c0802 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -370,6 +370,10 @@ wbcErr wbcEndgrent(void); wbcErr wbcGetgrent(struct group **grp); +wbcErr wbcGetGroups(const char *account, + uint32_t *num_groups, + gid_t **_groups); + /* * Lookup Domain information -- cgit From 67be6b3af7b338cdcc03e5d0bcdbe6e8c46f4a2b Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Wed, 9 Apr 2008 18:20:07 +0200 Subject: fix some extrasemi compile warnings (This used to be commit cbdb79b7a1044945e515a294f487e4c1a9c91be5) --- source3/nsswitch/libwbclient/wbclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index e17296283f..b52c6b01e4 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -115,7 +115,7 @@ const char *wbcErrorString(wbcErr error) } return "unknown wbcErr value"; -}; +} /** @brief Free library allocated memory * -- cgit From dc9569e45fe39a6376dcb9a39295ac296e449ee7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 11 Apr 2008 09:28:20 +0200 Subject: libwbclient: add wbcSet[U|G]idMapping() and wbcSet[U|G]idHwm() functions metze (This used to be commit 364e146805bb74b46da4d3c187e9a684d4b99a01) --- source3/nsswitch/libwbclient/wbc_idmap.c | 149 +++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 8 ++ 2 files changed, 157 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 17f6fb8f9a..e32d66cd71 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -272,3 +272,152 @@ wbcErr wbcAllocateGid(gid_t *pgid) return wbc_status; } +/* we can't include smb.h here... */ +#define _ID_TYPE_UID 1 +#define _ID_TYPE_GID 2 + +/** @brief Set an user id mapping + * + * @param uid Uid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ +wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = uid; + request.data.dual_idmapset.type = _ID_TYPE_UID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Set a group id mapping + * + * @param gid Gid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ +wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = gid; + request.data.dual_idmapset.type = _ID_TYPE_GID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Set the highwater mark for allocated uids. + * + * @param uid_hwm The new uid highwater mark value + * + * @return #wbcErr + **/ +wbcErr wbcSetUidHwm(uid_t uid_hwm) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = uid_hwm; + request.data.dual_idmapset.type = _ID_TYPE_UID; + + wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Set the highwater mark for allocated gids. + * + * @param uid_hwm The new gid highwater mark value + * + * @return #wbcErr + **/ +wbcErr wbcSetGidHwm(gid_t gid_hwm) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = gid_hwm; + request.data.dual_idmapset.type = _ID_TYPE_GID; + + wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 16b68c0802..4e7e5aff25 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -346,6 +346,14 @@ wbcErr wbcAllocateUid(uid_t *puid); wbcErr wbcAllocateGid(gid_t *pgid); +wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); + +wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); + +wbcErr wbcSetUidHwm(uid_t uid_hwm); + +wbcErr wbcSetGidHwm(gid_t gid_hwm); + /* * NSS Lookup User/Group details */ -- cgit From 3458b708d280685bd8d66a8cc86661af0b707381 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 14 Apr 2008 09:31:46 +0200 Subject: libwbclient: add wbcResolveWinsByName() and wbcResolveWinsByIP() metze (This used to be commit 57ba71140fbf6b4a5a917fa3248fa76536be883b) --- source3/nsswitch/libwbclient/wbc_util.c | 81 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 6 +++ 2 files changed, 87 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 7bdae91544..edcad28221 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -187,3 +187,84 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) return wbc_status; } + + +/** @brief Resolve a NetbiosName via WINS + * + * @param name Name to resolve + * @param *ip Pointer to the ip address string + * + * @return #wbcErr + * + **/ +wbcErr wbcResolveWinsByName(const char *name, const char **ip) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + const char *ipaddr; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + strncpy(request.data.winsreq, name, + sizeof(request.data.winsreq)-1); + + wbc_status = wbcRequestResponse(WINBINDD_WINS_BYNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Display response */ + + ipaddr = talloc_strdup(NULL, response.data.winsresp); + BAIL_ON_PTR_ERROR(ipaddr, wbc_status); + + *ip = ipaddr; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +/** @brief Resolve an IP address via WINS into a NetbiosName + * + * @param ip The ip address string + * @param *name Pointer to the name + * + * @return #wbcErr + * + **/ +wbcErr wbcResolveWinsByIP(const char *ip, const char **name) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + const char *name_str; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + strncpy(request.data.winsreq, ip, + sizeof(request.data.winsreq)-1); + + wbc_status = wbcRequestResponse(WINBINDD_WINS_BYIP, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Display response */ + + name_str = talloc_strdup(NULL, response.data.winsresp); + BAIL_ON_PTR_ERROR(name_str, wbc_status); + + *name = name_str; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 4e7e5aff25..1303057b84 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -401,4 +401,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +/* + * Resolve functions + */ +wbcErr wbcResolveWinsByName(const char *name, const char **ip); +wbcErr wbcResolveWinsByIP(const char *ip, const char **name); + #endif /* _WBCLIENT_H */ -- cgit From 2d0a36f0a5f45760927f05e514a9e63ea5d43785 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Apr 2008 23:35:12 +0200 Subject: libwbclient: add wbcCheckTrustCredentials() This only accepts NULL as domain for now, because winbindd doesn't support checking trust passwords as a domain controller. metze (This used to be commit c084ccd70f42ce29ce24565969a9f440dde254e1) --- source3/nsswitch/libwbclient/wbc_pam.c | 52 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 6 ++++ 2 files changed, 58 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 2b33f55990..f6a355a413 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -419,3 +419,55 @@ done: return wbc_status; } + +/** @brief Trigger a verification of the trust credentials of a specific domain + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + * + **/ +wbcErr wbcCheckTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + const char *name_str; + + if (domain) { + /* + * the current protocol doesn't support + * specifying a domain + */ + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, + &request, + &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 1303057b84..b36b5bbe88 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -407,4 +407,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, wbcErr wbcResolveWinsByName(const char *name, const char **ip); wbcErr wbcResolveWinsByIP(const char *ip, const char **name); +/* + * Trusted domain functions + */ +wbcErr wbcCheckTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error); + #endif /* _WBCLIENT_H */ -- cgit From 43c4c8eed16292e146f3d4d455868aba673a720c Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 17 Apr 2008 17:49:53 +0200 Subject: Follow error code name convention in libwbclient. s/WBC_INVALID_RESPONSE/WBC_ERR_INVALID_RESPONSE/ (This used to be commit d91ce012b0afb30cd22b373412d17de27c55ca86) --- source3/nsswitch/libwbclient/wbc_pam.c | 12 ++++++------ source3/nsswitch/libwbclient/wbc_sid.c | 10 +++++----- source3/nsswitch/libwbclient/wbclient.c | 4 ++-- source3/nsswitch/libwbclient/wbclient.h | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index f6a355a413..00e1f46fd9 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -138,7 +138,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, p = (char *)resp->extra_data.data; if (!p) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } @@ -149,7 +149,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, char *s = p; char *e = strchr(p, '\n'); if (!e) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } e[0] = '\0'; @@ -157,7 +157,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, ret = sscanf(s, "0x%08X:0x%08X", &rid, &attrs); if (ret != 2) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } @@ -173,7 +173,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, char *a; char *e = strchr(p, '\n'); if (!e) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } e[0] = '\0'; @@ -181,7 +181,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, e = strchr(s, ':'); if (!e) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } e[0] = '\0'; @@ -190,7 +190,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, ret = sscanf(a, "0x%08X", &attrs); if (ret != 1) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 6ef9f44c3b..de9b02822f 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -372,21 +372,21 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, char *q; if (*p == '\0') { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10); if (*q != ' ') { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } p = q+1; if ((q = strchr(p, '\n')) == NULL) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } @@ -399,7 +399,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, } if (*p != '\0') { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } @@ -471,7 +471,7 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, if (response.data.num_entries && !response.extra_data.data) { - wbc_status = WBC_INVALID_RESPONSE; + wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index b52c6b01e4..9383fd5406 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -106,8 +106,8 @@ const char *wbcErrorString(wbcErr error) return "WBC_ERR_WINBIND_NOT_AVAILABLE"; case WBC_ERR_DOMAIN_NOT_FOUND: return "WBC_ERR_DOMAIN_NOT_FOUND"; - case WBC_INVALID_RESPONSE: - return "WBC_INVALID_RESPONSE"; + case WBC_ERR_INVALID_RESPONSE: + return "WBC_ERR_INVALID_RESPONSE"; case WBC_ERR_NSS_ERROR: return "WBC_ERR_NSS_ERROR"; case WBC_ERR_AUTH_ERROR: diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index b36b5bbe88..812751d9b5 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -40,7 +40,7 @@ enum _wbcErrType { WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ - WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ + WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ WBC_ERR_AUTH_ERROR /**< Authentication failed **/ }; -- cgit From 643bed203c26153aae96f82221277fcfa4ba41df Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 17 Apr 2008 18:06:10 +0200 Subject: Add wbcListTrusts() API call to libwbclient.so (This used to be commit 5c454e77cf664fee65fcb03e5811764c92e73696) --- source3/nsswitch/libwbclient/wbc_util.c | 219 +++++++++++++++++++++++++++++++- source3/nsswitch/libwbclient/wbclient.h | 25 +++- 2 files changed, 238 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index edcad28221..d7af4d1bf2 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -3,7 +3,7 @@ Winbind client API - Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Gerald (Jerry) Carter 2007-2008 This library is free software; you can redistribute it and/or @@ -170,11 +170,11 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) BAIL_ON_WBC_ERROR(wbc_status); if (response.data.domain_info.native_mode) - info->flags |= WBC_DOMINFO_NATIVE; + info->domain_flags |= WBC_DOMINFO_NATIVE; if (response.data.domain_info.active_directory) - info->flags |= WBC_DOMINFO_AD; + info->domain_flags |= WBC_DOMINFO_AD; if (response.data.domain_info.primary) - info->flags |= WBC_DOMINFO_PRIMARY; + info->domain_flags |= WBC_DOMINFO_PRIMARY; *dinfo = info; @@ -268,3 +268,214 @@ wbcErr wbcResolveWinsByIP(const char *ip, const char **name) done: return wbc_status; } + +/** + */ + +static wbcErr process_domain_info_string(TALLOC_CTX *ctx, + struct wbcDomainInfo *info, + char *info_string) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *r = NULL; + char *s = NULL; + + if (!info || !info_string) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + r = info_string; + + /* Short Name */ + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + info->short_name = talloc_strdup(ctx, r); + BAIL_ON_PTR_ERROR(info->short_name, wbc_status); + + + /* DNS Name */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + info->dns_name = talloc_strdup(ctx, r); + BAIL_ON_PTR_ERROR(info->dns_name, wbc_status); + + /* SID */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + wbc_status = wbcStringToSid(r, &info->sid); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Trust type */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "None") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE; + } else if (strcmp(r, "External") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_EXTERNAL; + } else if (strcmp(r, "Forest") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_FOREST; + } else if (strcmp(r, "In Forest") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_IN_FOREST; + } else { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Transitive */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_TRANSITIVE; + } + + /* Incoming */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_INCOMING; + } + + /* Outgoing */ + r = s; + if (r == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_OUTGOING; + } + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +/** @brief Enumerate the domain trusts known by Winbind + * + * @param **domains Pointer to the allocated domain list array + * @param *num_domains Pointer to number of domains returned + * + * @return #wbcErr + * + **/ +wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) +{ + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *p = NULL; + char *q = NULL; + char *extra_data = NULL; + int count = 0; + struct wbcDomainInfo *d_list = NULL; + int i = 0; + + *domains = NULL; + *num_domains = 0; + + ZERO_STRUCT(response); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_LIST_TRUSTDOM, + NULL, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Decode the response */ + + p = (char *)response.extra_data.data; + + if (strlen(p) == 0) { + /* We should always at least get back our + own SAM domain */ + + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Count number of domains */ + + count = 0; + while (p) { + count++; + + if ((q = strchr(p, '\n')) != NULL) + q++; + p = q; + } + + d_list = talloc_array(NULL, struct wbcDomainInfo, count); + BAIL_ON_PTR_ERROR(d_list, wbc_status); + + extra_data = strdup((char*)response.extra_data.data); + BAIL_ON_PTR_ERROR(extra_data, wbc_status); + + p = extra_data; + + /* Outer loop processes the list of domain information */ + + for (i=0; iflags */ +/* wbcDomainInfo->domain_flags */ +#define WBC_DOMINFO_UNKNOWN 0x00000000 #define WBC_DOMINFO_NATIVE 0x00000001 #define WBC_DOMINFO_AD 0x00000002 #define WBC_DOMINFO_PRIMARY 0x00000004 +/* wbcDomainInfo->trust_flags */ + +#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001 +#define WBC_DOMINFO_TRUST_INCOMING 0x00000002 +#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004 + +/* wbcDomainInfo->trust_type */ + +#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000 +#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001 +#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002 +#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003 + + /** * @brief Auth User Parameters **/ @@ -390,6 +407,10 @@ wbcErr wbcGetGroups(const char *account, wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **info); +wbcErr wbcListTrusts(struct wbcDomainInfo **domains, + size_t *num_domains); + + /* * Athenticate functions */ -- cgit From 20104eef70ea1e2a64acb762ade2b4d64af0ee57 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 17 Apr 2008 18:09:08 +0200 Subject: Remove unused variable from wbcCheckTrustCredentials(). (This used to be commit fea52dc46048ff869299267f7596b93a8c5c8b3d) --- source3/nsswitch/libwbclient/wbc_pam.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 00e1f46fd9..a0e91faaf3 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -436,7 +436,6 @@ wbcErr wbcCheckTrustCredentials(const char *domain, struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - const char *name_str; if (domain) { /* -- cgit From d7da0f57fa4564647637e025fd2f4c7ebd2e7293 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 20 Apr 2008 22:13:40 +0200 Subject: libwbclient: fix wbcResolveWinsByName() to take char * instead of const char ** This fixes a compile warning and seems the correct thing to me as the returned data is talloc_strdup't, so not const anyways. Michael (This used to be commit 13cfa7f48a541a934a129fab0544cbf66029c4c7) --- source3/nsswitch/libwbclient/wbc_util.c | 4 ++-- source3/nsswitch/libwbclient/wbclient.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index d7af4d1bf2..69cad380da 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -197,12 +197,12 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) * @return #wbcErr * **/ -wbcErr wbcResolveWinsByName(const char *name, const char **ip) +wbcErr wbcResolveWinsByName(const char *name, char **ip) { struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - const char *ipaddr; + char *ipaddr; ZERO_STRUCT(request); ZERO_STRUCT(response); diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 05cee9ab2b..a444c91da4 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -425,7 +425,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, /* * Resolve functions */ -wbcErr wbcResolveWinsByName(const char *name, const char **ip); +wbcErr wbcResolveWinsByName(const char *name, char **ip); wbcErr wbcResolveWinsByIP(const char *ip, const char **name); /* -- cgit From 8caaf0dc4331370793d7f79839ed75bb149c9e93 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 20 Apr 2008 22:17:39 +0200 Subject: libwbclient: change wbcResolveWinsByIP() to take char ** instead of const char ** Fix a compile warning. This seems the right thing since the data is created by talloc_strdup... Michael (This used to be commit f81da8e8ed8e2d75c77bd8b5e7fdd7c53bab7e49) --- source3/nsswitch/libwbclient/wbc_util.c | 4 ++-- source3/nsswitch/libwbclient/wbclient.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 69cad380da..a1b6626bd3 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -237,12 +237,12 @@ wbcErr wbcResolveWinsByName(const char *name, char **ip) * @return #wbcErr * **/ -wbcErr wbcResolveWinsByIP(const char *ip, const char **name) +wbcErr wbcResolveWinsByIP(const char *ip, char **name) { struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - const char *name_str; + char *name_str; ZERO_STRUCT(request); ZERO_STRUCT(response); diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index a444c91da4..d73ea297a3 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -426,7 +426,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, * Resolve functions */ wbcErr wbcResolveWinsByName(const char *name, char **ip); -wbcErr wbcResolveWinsByIP(const char *ip, const char **name); +wbcErr wbcResolveWinsByIP(const char *ip, char **name); /* * Trusted domain functions -- cgit From 5984097e0921996aacad0d6077e7f866f74d8c23 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 12:22:59 -0500 Subject: Rename WBC_DOMAIN_XXX domain flags to WBC_DOMINFO_DOMAIN_XXX Better consistency with the othre classes of WBC_DOMINDO_XXX_YYYY flags. (This used to be commit 1cb2305fc96be0c190621f7c86c0476e4ea1fff7) --- source3/nsswitch/libwbclient/wbc_util.c | 6 +++--- source3/nsswitch/libwbclient/wbclient.h | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index a1b6626bd3..c1b3affc72 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -170,11 +170,11 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) BAIL_ON_WBC_ERROR(wbc_status); if (response.data.domain_info.native_mode) - info->domain_flags |= WBC_DOMINFO_NATIVE; + info->domain_flags |= WBC_DOMINFO_DOMAIN_NATIVE; if (response.data.domain_info.active_directory) - info->domain_flags |= WBC_DOMINFO_AD; + info->domain_flags |= WBC_DOMINFO_DOMAIN_AD; if (response.data.domain_info.primary) - info->domain_flags |= WBC_DOMINFO_PRIMARY; + info->domain_flags |= WBC_DOMINFO_DOMAIN_PRIMARY; *dinfo = info; diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index d73ea297a3..67fa25691a 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -135,10 +135,10 @@ struct wbcDomainInfo { /* wbcDomainInfo->domain_flags */ -#define WBC_DOMINFO_UNKNOWN 0x00000000 -#define WBC_DOMINFO_NATIVE 0x00000001 -#define WBC_DOMINFO_AD 0x00000002 -#define WBC_DOMINFO_PRIMARY 0x00000004 +#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000 +#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001 +#define WBC_DOMINFO_DOMAIN_AD 0x00000002 +#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004 /* wbcDomainInfo->trust_flags */ -- cgit From de154dcf92ebaed23a33b6849af8aa14dc767a7d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 15:29:53 -0500 Subject: Mark a domain offline in the wbcDomainInfo structure using the domain_flags. Use the existing domain_flags fiueld in wbcDomainInfo to set a bit if the domain is marked as offline by Winbind. (This used to be commit 59cfba2c3d6d4594f08cbe3b7295ab36a7cfb044) --- source3/nsswitch/libwbclient/wbc_util.c | 15 ++++++++++++++- source3/nsswitch/libwbclient/wbclient.h | 1 + 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index c1b3affc72..3afd8a29d3 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -373,15 +373,28 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx, /* Outgoing */ r = s; - if (r == NULL) { + if ((s = strchr(r, '\\')) == NULL) { wbc_status = WBC_ERR_INVALID_RESPONSE; BAIL_ON_WBC_ERROR(wbc_status); } + *s = '\0'; + s++; if (strcmp(r, "Yes") == 0) { info->trust_flags |= WBC_DOMINFO_TRUST_OUTGOING; } + /* Online/Offline status */ + + r = s; + if (r == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + if ( strcmp(r, "Offline") == 0) { + info->domain_flags |= WBC_DOMINFO_DOMAIN_OFFLINE; + } + wbc_status = WBC_ERR_SUCCESS; done: diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 67fa25691a..f236c43e11 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -139,6 +139,7 @@ struct wbcDomainInfo { #define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001 #define WBC_DOMINFO_DOMAIN_AD 0x00000002 #define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004 +#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008 /* wbcDomainInfo->trust_flags */ -- cgit From 9cd646c166f2c9511158c09354e4f103ff681bcf Mon Sep 17 00:00:00 2001 From: coffeedude Date: Tue, 13 May 2008 12:52:20 -0500 Subject: libwbclient: Add wbcLogoffUser() and wbcLookupDomainController(). Add new APIs calls for WINBINDD_PAM_LOGOFF and WINBINDD_DSGETDCNAME ops. (This used to be commit cb5e8f60ac3313aec726c01687a040e6e0e42c10) --- source3/nsswitch/libwbclient/wbc_pam.c | 52 +++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbc_util.c | 62 +++++++++++++++++++++++++++++++-- source3/nsswitch/libwbclient/wbclient.c | 4 +++ source3/nsswitch/libwbclient/wbclient.h | 44 ++++++++++++++++++++++- 4 files changed, 159 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index a0e91faaf3..a3fb212d53 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain, done: return wbc_status; } + +/** @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + * + **/ + +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct passwd *pw = NULL; + + /* validate input */ + + if (!username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, username, + sizeof(request.data.logoff.user)-1); + request.data.logoff.uid = uid; + + if (ccfilename) { + strncpy(request.data.logoff.krb5ccname, ccfilename, + sizeof(request.data.logoff.krb5ccname)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + + done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 3afd8a29d3..24568f9101 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name) /** */ -static wbcErr process_domain_info_string(TALLOC_CTX *ctx, +static wbcErr process_domain_info_string(TALLOC_CTX *ctx, struct wbcDomainInfo *info, char *info_string) { @@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) p = (char *)response.extra_data.data; if (strlen(p) == 0) { - /* We should always at least get back our + /* We should always at least get back our own SAM domain */ wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; @@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) return wbc_status; } + +/** @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + * + **/ + + + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + struct wbcDomainControllerInfo *dc = NULL; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.domain_name, domain, sizeof(request.domain_name)-1); + + request.flags = flags; + + dc = talloc(NULL, struct wbcDomainControllerInfo); + BAIL_ON_PTR_ERROR(dc, wbc_status); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + dc->dc_name = talloc_strdup(dc, response.data.dc_name); + BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status); + + *dc_info = dc; + +done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(dc); + } + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 9383fd5406..6403c1565f 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error) return "WBC_ERR_INVALID_RESPONSE"; case WBC_ERR_NSS_ERROR: return "WBC_ERR_NSS_ERROR"; + case WBC_ERR_UNKNOWN_USER: + return "WBC_ERR_UNKNOWN_USER"; + case WBC_ERR_UNKNOWN_GROUP: + return "WBC_ERR_UNKNOWN_GROUP"; case WBC_ERR_AUTH_ERROR: return "WBC_ERR_AUTH_ERROR"; } diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index f236c43e11..da466b4041 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -42,7 +42,9 @@ enum _wbcErrType { WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ - WBC_ERR_AUTH_ERROR /**< Authentication failed **/ + WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ + WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ + WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */ }; typedef enum _wbcErrType wbcErr; @@ -289,6 +291,15 @@ struct wbcAuthErrorInfo { char *display_string; }; +/* + * DomainControllerInfo struct + */ +struct wbcDomainControllerInfo { + char *dc_name; +}; + + + /* * Memory Management */ @@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain, wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains); +/* Flags for wbcLookupDomainController */ + +#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001 +#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010 +#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020 +#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040 +#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080 +#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100 +#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200 +#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400 +#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800 +#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000 +#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000 +#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000 +#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000 +#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000 +#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000 +#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000 +#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000 +#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 +#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info); /* * Athenticate functions @@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename); + + /* * Resolve functions */ @@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); + #endif /* _WBCLIENT_H */ -- cgit From f9c46dbcee895a243175468a7dbe1a0beec36fad Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 15 May 2008 09:42:37 +0200 Subject: Fix build warning. Guenther (This used to be commit e90a4ce3c24ab2a33e34da5a9052a3b3ec4db962) --- source3/nsswitch/libwbclient/wbc_pam.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index a3fb212d53..0c1a32dded 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -490,7 +490,6 @@ wbcErr wbcLogoffUser(const char *username, struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - struct passwd *pw = NULL; /* validate input */ -- cgit From 532833de2428239ecf5407a391b083bc0c91aa25 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 23 May 2008 13:59:53 +0200 Subject: libwbclient: rename MAXSUBAUTHS => WBC_MAXSUBAUTHS metze (cherry picked from commit 04d465c622c614bec29f24793ae897a73bcb51f4) (This used to be commit e7dcbf56aef836e1b4be70b21064f65338221b5a) --- source3/nsswitch/libwbclient/wbc_pam.c | 2 +- source3/nsswitch/libwbclient/wbc_sid.c | 2 +- source3/nsswitch/libwbclient/wbclient.h | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 0c1a32dded..6385094235 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -117,7 +117,7 @@ static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, #define _SID_COMPOSE(s, d, r, a) { \ (s).sid = d; \ - if ((s).sid.num_auths < MAXSUBAUTHS) { \ + if ((s).sid.num_auths < WBC_MAXSUBAUTHS) { \ (s).sid.sub_auths[(s).sid.num_auths++] = r; \ } else { \ wbc_status = WBC_ERR_INVALID_SID; \ diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index de9b02822f..deec8e57c9 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -139,7 +139,7 @@ wbcErr wbcStringToSid(const char *str, p = q +1; sid->num_auths = 0; - while (sid->num_auths < MAXSUBAUTHS) { + while (sid->num_auths < WBC_MAXSUBAUTHS) { if ((x=(uint32_t)strtoul(p, &q, 10)) == 0) break; sid->sub_auths[sid->num_auths++] = x; diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index da466b4041..df61578c32 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -70,8 +70,8 @@ struct wbcInterfaceDetails { * Data types used by the Winbind Client API */ -#ifndef MAXSUBAUTHS -#define MAXSUBAUTHS 15 /* max sub authorities in a SID */ +#ifndef WBC_MAXSUBAUTHS +#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */ #endif /** @@ -83,7 +83,7 @@ struct wbcDomainSid { uint8_t sid_rev_num; uint8_t num_auths; uint8_t id_auth[6]; - uint32_t sub_auths[MAXSUBAUTHS]; + uint32_t sub_auths[WBC_MAXSUBAUTHS]; }; /** -- cgit From cfae28c268e3c0af490581c8737aea4bad9ecb41 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 23 May 2008 14:18:42 +0200 Subject: libwbclient: add wbcLibraryDetails() metze (cherry picked from commit b68916328e935e61840cb03560ebeeee15bb2c6f) (This used to be commit 196d9017627220786d8b726dc0d02e16e96c4c05) --- source3/nsswitch/libwbclient/wbclient.c | 23 +++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 15 +++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 6403c1565f..82decc2f78 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -136,5 +136,28 @@ void wbcFreeMemory(void *p) return; } +wbcErr wbcLibraryDetails(struct wbcLibraryDetails **_details) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcLibraryDetails *info; + + info = talloc(NULL, struct wbcLibraryDetails); + BAIL_ON_PTR_ERROR(info, wbc_status); + + info->major_version = WBCLIENT_MAJOR_VERSION; + info->minor_version = WBCLIENT_MINOR_VERSION; + info->vendor_version = talloc_strdup(info, + WBCLIENT_VENDOR_VERSION); + BAIL_ON_PTR_ERROR(info->vendor_version, wbc_status); + + *_details = info; + info = NULL; + + wbc_status = WBC_ERR_SUCCESS; + +done: + talloc_free(info); + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index df61578c32..2fefe0c072 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -53,6 +53,19 @@ typedef enum _wbcErrType wbcErr; const char *wbcErrorString(wbcErr error); +/** + * @brief Some useful details about the wbclient library + * + **/ +#define WBCLIENT_MAJOR_VERSION 0 +#define WBCLIENT_MINOR_VERSION 1 +#define WBCLIENT_VENDOR_VERSION "Samba libwbclient" +struct wbcLibraryDetails { + uint16_t major_version; + uint16_t minor_version; + const char *vendor_version; +}; + /** * @brief Some useful details about the running winbindd * @@ -319,6 +332,8 @@ wbcErr wbcStringToSid(const char *sid_string, wbcErr wbcPing(void); +wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); + wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); /* -- cgit From b7ef08507242bcf8dac09d9c204411ac074c7350 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 27 May 2008 16:40:44 +0200 Subject: libwbclient: fix typo. Guenther (This used to be commit 83c4a278dfefcef14a9640d319ddf5c7392cd16e) --- source3/nsswitch/libwbclient/wbc_pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 6385094235..c109625abf 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -309,7 +309,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, } strncpy(request.data.auth.pass, params->password.plaintext, - sizeof(request.data.auth.user)-1); + sizeof(request.data.auth.pass)-1); break; case WBC_AUTH_USER_LEVEL_HASH: -- cgit From cd7d7e1e8265324540276010f88b862f0afa68c0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 15 Jun 2008 00:14:27 +0200 Subject: Fix group parsing in libwbclient's copy_group_entry() This (also) fixes a flaw pointed out by the IBM checker. When verifying that I found out that the parsing was not working as I would have expected it to. Jerry, please check! (cherry picked from commit c2c7790155ab02e1e351caf2bed192ce72913663) (This used to be commit 26c05a52b73763dad5ad0525dab6e20014c3f8d6) --- source3/nsswitch/libwbclient/wbc_pwd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index baee3c3781..d23c378b5f 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -97,11 +97,13 @@ static struct group *copy_group_entry(struct winbindd_gr *g, grp->gr_mem[i] = talloc_strdup(grp, mem_p); BAIL_ON_PTR_ERROR(grp->gr_mem[i], wbc_status); - *mem_q = ','; - mem_p++; - mem_p = mem_q; + if (mem_q == NULL) { + i += 1; + break; + } + mem_p = mem_q + 1; } - grp->gr_mem[g->num_gr_mem] = NULL; + grp->gr_mem[i] = NULL; wbc_status = WBC_ERR_SUCCESS; -- cgit From 3fde7f5979fdf3f72df330a0c6977f677cca8a30 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 15 Jun 2008 00:22:47 +0200 Subject: Fix an uninitialized variable found by the IBM checker BAIL_ON_PTR_ERROR jumps to done: which will access extra_data before it's initialized. Stefan, please check! Volker (cherry picked from commit b59636f78d351ed6d52c4a9fdccdb7850388526c) (This used to be commit 5663587e5e4703f9e3ff6d78d1f3248053ccd4c0) --- source3/nsswitch/libwbclient/wbc_pwd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index d23c378b5f..b5f167369c 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -394,16 +394,16 @@ wbcErr wbcGetGroups(const char *account, uint32_t i; gid_t *groups = NULL; - if (!account) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialize request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!account) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + /* Send request */ strncpy(request.data.username, account, sizeof(request.data.username)-1); -- cgit From 8349e02b0b37232341d23b7eb55bb2b7468d42db Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2008 13:00:13 +0200 Subject: Fix a memleak in wbcAuthenticateUserEx() (cherry picked from commit 72b381689af9cae83ab08532cffd0188f2da4807) (This used to be commit 20110ee5f181168dc1cbc08b7c22820d68204960) --- source3/nsswitch/libwbclient/wbc_pam.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index c109625abf..293f71c347 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -416,6 +416,8 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, } done: + if (response.extra_data.data) + free(response.extra_data.data); return wbc_status; } -- cgit From c8ac22111e50528bff450f8f99925904c03a77f1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2008 14:31:07 +0200 Subject: Replace a very unusual variable declaration by a more conventional one (This used to be commit 9c1f334af3111e93bb8dceb661e1bc5519aa94c6) --- source3/nsswitch/libwbclient/wbc_sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index deec8e57c9..500be2f342 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -59,7 +59,7 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, BAIL_ON_PTR_ERROR(tmp, wbc_status); for (i=0; inum_auths; i++) { - char *tmp2 = + char *tmp2; tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]); BAIL_ON_PTR_ERROR(tmp2, wbc_status); -- cgit From 7f9acfae7327ce96bf02064f9a0683de0f985521 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2008 14:53:07 +0200 Subject: Fix a segfault in wbcLookupSid If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain and *name have not been initialized yet. So the cleanup routine in the done: part of the routine (which did not check for domain!=NULL etc) would access uninitialized memory. Jerry, please check! Thanks, Volker (cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de) (This used to be commit ac5ba26bb0488c3fb95072d84898c02b72c5b819) --- source3/nsswitch/libwbclient/wbc_sid.c | 48 ++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 19 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 500be2f342..93281a85fe 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain, **/ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, - char **domain, - char **name, - enum wbcSidType *name_type) + char **pdomain, + char **pname, + enum wbcSidType *pname_type) { struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; char *sid_string = NULL; + char *domain = NULL; + char *name = NULL; + enum wbcSidType name_type; if (!sid) { wbc_status = WBC_ERR_INVALID_PARAM; @@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, /* Copy out result */ - if (domain != NULL) { - *domain = talloc_strdup(NULL, response.data.name.dom_name); - BAIL_ON_PTR_ERROR((*domain), wbc_status); - } + domain = talloc_strdup(NULL, response.data.name.dom_name); + BAIL_ON_PTR_ERROR(domain, wbc_status); - if (name != NULL) { - *name = talloc_strdup(NULL, response.data.name.name); - BAIL_ON_PTR_ERROR((*name), wbc_status); - } + name = talloc_strdup(NULL, response.data.name.name); + BAIL_ON_PTR_ERROR(name, wbc_status); - if (name_type) { - *name_type = (enum wbcSidType)response.data.name.type; - } + name_type = (enum wbcSidType)response.data.name.type; wbc_status = WBC_ERR_SUCCESS; done: - if (!WBC_ERROR_IS_OK(wbc_status)) { - if (*domain) - talloc_free(*domain); - if (*name) - talloc_free(*name); + if (WBC_ERROR_IS_OK(wbc_status)) { + if (pdomain != NULL) { + *pdomain = domain; + } + if (pname != NULL) { + *pname = name; + } + if (pname_type != NULL) { + *pname_type = name_type; + } + } + else { + if (name != NULL) { + talloc_free(name); + } + if (domain != NULL) { + talloc_free(domain); + } } return wbc_status; -- cgit From 6f66dbcda681a374ceacce45567de9249d87864a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2008 15:17:22 +0200 Subject: Fix a segfault in wbcLookupRids The done: part could access uninitialized memory if intermediate BAIL_ON_WBC_ERROR fire. Jerry, please check! Thanks, Volker (cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e) (This used to be commit 5b12d8aa510689114e5413be5afe6aeb6ec2d9db) --- source3/nsswitch/libwbclient/wbc_sid.c | 37 +++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 16 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 93281a85fe..b0909263fc 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -309,8 +309,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, uint32_t *rids, const char **pp_domain_name, - const char ***names, - enum wbcSidType **types) + const char ***pnames, + enum wbcSidType **ptypes) { size_t i, len, ridbuf_size; char *ridlist; @@ -319,6 +319,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, struct winbindd_response response; char *sid_string = NULL; char *domain_name = NULL; + const char **names = NULL; + enum wbcSidType *types = NULL; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; /* Initialise request */ @@ -370,11 +372,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, domain_name = talloc_strdup(NULL, response.data.domain_name); BAIL_ON_PTR_ERROR(domain_name, wbc_status); - *names = talloc_array(NULL, const char*, num_rids); - BAIL_ON_PTR_ERROR((*names), wbc_status); + names = talloc_array(NULL, const char*, num_rids); + BAIL_ON_PTR_ERROR(names, wbc_status); - *types = talloc_array(NULL, enum wbcSidType, num_rids); - BAIL_ON_PTR_ERROR((*types), wbc_status); + types = talloc_array(NULL, enum wbcSidType, num_rids); + BAIL_ON_PTR_ERROR(types, wbc_status); p = (char *)response.extra_data.data; @@ -386,7 +388,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, BAIL_ON_WBC_ERROR(wbc_status); } - (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10); + types[i] = (enum wbcSidType)strtoul(p, &q, 10); if (*q != ' ') { wbc_status = WBC_ERR_INVALID_RESPONSE; @@ -402,8 +404,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, *q = '\0'; - (*names)[i] = talloc_strdup((*names), p); - BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status); + names[i] = talloc_strdup(names, p); + BAIL_ON_PTR_ERROR(names[i], wbc_status); p = q+1; } @@ -420,15 +422,18 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, free(response.extra_data.data); } - if (!WBC_ERROR_IS_OK(wbc_status)) { + if (WBC_ERROR_IS_OK(wbc_status)) { + *pp_domain_name = domain_name; + *pnames = names; + *ptypes = types; + } + else { if (domain_name) talloc_free(domain_name); - if (*names) - talloc_free(*names); - if (*types) - talloc_free(*types); - } else { - *pp_domain_name = domain_name; + if (names) + talloc_free(names); + if (types) + talloc_free(types); } return wbc_status; -- cgit From f287cdb1f046ccd5868c0553b6a79643f9782b01 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 27 Jun 2008 11:13:07 +0200 Subject: Remove a strlen check that will never kick in strlen(str)<2 will be caught by the explicit tests for str[0] and str[1] in the lines above this. Jerry, please check! Volker (This used to be commit 44a9e5b713c25ff2cc7215635a516f25359b045b) --- source3/nsswitch/libwbclient/wbc_sid.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index b0909263fc..eb115e1297 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -102,8 +102,7 @@ wbcErr wbcStringToSid(const char *str, if (!str || (str[0]!='S' && str[0]!='s') - || (str[1]!='-') - || (strlen(str)<2)) + || (str[1]!='-')) { wbc_status = WBC_ERR_INVALID_PARAM; BAIL_ON_WBC_ERROR(wbc_status); -- cgit From 2a5dee28928d412216bfbcbba0f6bc8352ca6674 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 27 Jun 2008 11:19:26 +0200 Subject: Fix an "invalid operation involving NULL pointer" found by the IBM checker Jerry, please check! Volker (This used to be commit eb6096a2d488d64cfa86e01be2a97e14e5773fe3) --- source3/nsswitch/libwbclient/wbc_sid.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index eb115e1297..f3d58960f2 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -141,9 +141,13 @@ wbcErr wbcStringToSid(const char *str, while (sid->num_auths < WBC_MAXSUBAUTHS) { if ((x=(uint32_t)strtoul(p, &q, 10)) == 0) break; + if (q == NULL) { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } sid->sub_auths[sid->num_auths++] = x; - if (q && ((*q!='-') || (*q=='\0'))) + if ((*q!='-') || (*q=='\0')) break; p = q + 1; } -- cgit From a935b1b6d61a05595cf126fbb51b4363026e56a5 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Thu, 17 Jul 2008 09:23:30 -0700 Subject: allow SID with 0 in subauthority to be converted properly from string representation. (This used to be commit 23f338d1da96fd4ea3283bc96ca7d496b23bf854) --- source3/nsswitch/libwbclient/wbc_sid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index f3d58960f2..475c9947e0 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -139,7 +139,8 @@ wbcErr wbcStringToSid(const char *str, p = q +1; sid->num_auths = 0; while (sid->num_auths < WBC_MAXSUBAUTHS) { - if ((x=(uint32_t)strtoul(p, &q, 10)) == 0) + x=(uint32_t)strtoul(p, &q, 10); + if (p == q) break; if (q == NULL) { wbc_status = WBC_ERR_INVALID_SID; -- cgit From 06d0790c0799112b89534a646e78d0cb38b06e20 Mon Sep 17 00:00:00 2001 From: Zach Loafman Date: Thu, 3 Jul 2008 22:53:42 -0700 Subject: Fix various build warnings This fixes various build warnings on our platform. I'm sure I haven't caught them all, but it's a start. (This used to be commit 6b73f259cb67d9dda9127907d706f9244a871fa3) --- source3/nsswitch/libwbclient/wbc_sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 475c9947e0..09bfc3e840 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -242,7 +242,7 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, char *sid_string = NULL; char *domain = NULL; char *name = NULL; - enum wbcSidType name_type; + enum wbcSidType name_type = WBC_SID_NAME_USE_NONE; if (!sid) { wbc_status = WBC_ERR_INVALID_PARAM; -- cgit From 4356a456822914c5a4c98c903b5ade3b0a3a909d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 16:59:11 +0200 Subject: libwbclient: let wbcStringToSid handle the global NULL sid. Guenther (This used to be commit 09fed085bea9dae5bb8aacd986deed3d458e3574) --- source3/nsswitch/libwbclient/wbc_sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 09bfc3e840..324a19bd56 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -123,7 +123,7 @@ wbcErr wbcStringToSid(const char *str, p = q+1; x = (uint32_t)strtol(p, &q, 10); - if (x==0 || !q || *q!='-') { + if (!q || *q!='-') { wbc_status = WBC_ERR_INVALID_SID; BAIL_ON_WBC_ERROR(wbc_status); } -- cgit From bb1d3a73c4171fdf8feb90fa190d4dd38490e5be Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Aug 2008 02:00:46 +0200 Subject: libwbclient: add wbcChangeUserPassword and wbcChangeUserPasswordEx. Guenther (This used to be commit 62e7b4aa32051bce34c890cb41270e5fe31111ca) --- source3/nsswitch/libwbclient/wbc_pam.c | 271 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.c | 2 + source3/nsswitch/libwbclient/wbclient.h | 78 ++++++++- 3 files changed, 350 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 293f71c347..20b42b6efb 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -236,6 +236,30 @@ done: return wbc_status; } +static wbcErr wbc_create_password_policy_info(TALLOC_CTX *mem_ctx, + const struct winbindd_response *resp, + struct wbcUserPasswordPolicyInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcUserPasswordPolicyInfo *i; + + i = talloc(mem_ctx, struct wbcUserPasswordPolicyInfo); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->min_passwordage = resp->data.auth.policy.min_passwordage; + i->min_length_password = resp->data.auth.policy.min_length_password; + i->password_history = resp->data.auth.policy.password_history; + i->password_properties = resp->data.auth.policy.password_properties; + i->expire = resp->data.auth.policy.expire; + + *_i = i; + i = NULL; + +done: + talloc_free(i); + return wbc_status; +} + /** @brief Authenticate with more detailed information * * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH @@ -523,3 +547,250 @@ wbcErr wbcLogoffUser(const char *username, done: return wbc_status; } + +/** @brief Change a password for a user with more detailed information upon + * failure + * @param params Input parameters + * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED + * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED + * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED + * + * @return #wbcErr + **/ + +wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd = 0; + + /* validate input */ + + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (error) { + *error = NULL; + } + + if (policy) { + *policy = NULL; + } + + if (reject_reason) { + *reject_reason = -1; + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + switch (params->level) { + case WBC_CHANGE_PASSWORD_LEVEL_PLAIN: + cmd = WINBINDD_PAM_CHAUTHTOK; + + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + strncpy(request.data.chauthtok.user, params->account_name, + sizeof(request.data.chauthtok.user) - 1); + + if (params->old_password.plaintext) { + strncpy(request.data.chauthtok.oldpass, + params->old_password.plaintext, + sizeof(request.data.chauthtok.oldpass) - 1); + } + + if (params->new_password.plaintext) { + strncpy(request.data.chauthtok.newpass, + params->new_password.plaintext, + sizeof(request.data.chauthtok.newpass) - 1); + } + break; + + case WBC_CHANGE_PASSWORD_LEVEL_RESPONSE: + cmd = WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP; + + if (!params->account_name || !params->domain_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->old_password.response.old_lm_hash_enc_length && + !params->old_password.response.old_lm_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->old_password.response.old_lm_hash_enc_length == 0 && + params->old_password.response.old_lm_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->old_password.response.old_nt_hash_enc_length && + !params->old_password.response.old_nt_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->old_password.response.old_nt_hash_enc_length == 0 && + params->old_password.response.old_nt_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->new_password.response.lm_length && + !params->new_password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->new_password.response.lm_length == 0 && + params->new_password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->new_password.response.nt_length && + !params->new_password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->new_password.response.nt_length == 0 && + params->new_password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + strncpy(request.data.chng_pswd_auth_crap.user, + params->account_name, + sizeof(request.data.chng_pswd_auth_crap.user) - 1); + + strncpy(request.data.chng_pswd_auth_crap.domain, + params->domain_name, + sizeof(request.data.chng_pswd_auth_crap.domain) - 1); + + if (params->new_password.response.nt_data) { + memcpy(request.data.chng_pswd_auth_crap.new_nt_pswd, + params->new_password.response.nt_data, + request.data.chng_pswd_auth_crap.new_nt_pswd_len); + request.data.chng_pswd_auth_crap.new_nt_pswd_len = + params->new_password.response.nt_length; + } + + if (params->new_password.response.lm_data) { + memcpy(request.data.chng_pswd_auth_crap.new_lm_pswd, + params->new_password.response.lm_data, + request.data.chng_pswd_auth_crap.new_lm_pswd_len); + request.data.chng_pswd_auth_crap.new_lm_pswd_len = + params->new_password.response.lm_length; + } + + if (params->old_password.response.old_nt_hash_enc_data) { + memcpy(request.data.chng_pswd_auth_crap.old_nt_hash_enc, + params->old_password.response.old_nt_hash_enc_data, + request.data.chng_pswd_auth_crap.old_nt_hash_enc_len); + request.data.chng_pswd_auth_crap.old_nt_hash_enc_len = + params->old_password.response.old_nt_hash_enc_length; + } + + if (params->old_password.response.old_lm_hash_enc_data) { + memcpy(request.data.chng_pswd_auth_crap.old_lm_hash_enc, + params->old_password.response.old_lm_hash_enc_data, + request.data.chng_pswd_auth_crap.old_lm_hash_enc_len); + request.data.chng_pswd_auth_crap.old_lm_hash_enc_len = + params->old_password.response.old_lm_hash_enc_length; + } + + break; + default: + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + break; + } + + if (cmd == 0) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(cmd, + &request, + &response); + if (WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + /* Take the response above and return it to the caller */ + + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + } + + if (policy) { + wbc_status = wbc_create_password_policy_info(NULL, + &response, + policy); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (reject_reason) { + *reject_reason = response.data.auth.reject_reason; + } + + wbc_status = WBC_ERR_PWD_CHANGE_FAILED; + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Change a password for a user + * + * @param username Name of user to authenticate + * @param old_password Old clear text password of user + * @param new_password New clear text password of user + * + * @return #wbcErr + **/ + +wbcErr wbcChangeUserPassword(const char *username, + const char *old_password, + const char *new_password) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcChangePasswordParams params; + + ZERO_STRUCT(params); + + params.account_name = username; + params.level = WBC_CHANGE_PASSWORD_LEVEL_PLAIN; + params.old_password.plaintext = old_password; + params.new_password.plaintext = new_password; + + wbc_status = wbcChangeUserPasswordEx(¶ms, + NULL, + NULL, + NULL); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 82decc2f78..bdde562a93 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -116,6 +116,8 @@ const char *wbcErrorString(wbcErr error) return "WBC_ERR_UNKNOWN_GROUP"; case WBC_ERR_AUTH_ERROR: return "WBC_ERR_AUTH_ERROR"; + case WBC_ERR_PWD_CHANGE_FAILED: + return "WBC_ERR_PWD_CHANGE_FAILED"; } return "unknown wbcErr value"; diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 2fefe0c072..cae3feec5b 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -44,7 +44,8 @@ enum _wbcErrType { WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ - WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */ + WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */ + WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */ }; typedef enum _wbcErrType wbcErr; @@ -204,6 +205,41 @@ struct wbcAuthUserParams { } password; }; +/** + * @brief ChangePassword Parameters + **/ + +struct wbcChangePasswordParams { + const char *account_name; + const char *domain_name; + + uint32_t flags; + + enum wbcChangePasswordLevel { + WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1, + WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2 + } level; + + union { + const char *plaintext; + struct { + uint32_t old_nt_hash_enc_length; + uint8_t *old_nt_hash_enc_data; + uint32_t old_lm_hash_enc_length; + uint8_t *old_lm_hash_enc_data; + } response; + } old_password; + union { + const char *plaintext; + struct { + uint32_t nt_length; + uint8_t *nt_data; + uint32_t lm_length; + uint8_t *lm_data; + } response; + } new_password; +}; + /* wbcAuthUserParams->parameter_control */ #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002 @@ -304,6 +340,38 @@ struct wbcAuthErrorInfo { char *display_string; }; +/** + * @brief User Password Policy Information + **/ + +/* wbcUserPasswordPolicyInfo->password_properties */ + +#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001 +#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002 +#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004 +#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008 +#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010 +#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020 + +struct wbcUserPasswordPolicyInfo { + uint32_t min_length_password; + uint32_t password_history; + uint32_t password_properties; + uint64_t expire; + uint64_t min_passwordage; +}; + +/** + * @brief Change Password Reject Reason + **/ + +enum wbcPasswordChangeRejectReason { + WBC_PWD_CHANGE_REJECT_OTHER=0, + WBC_PWD_CHANGE_REJECT_TOO_SHORT=1, + WBC_PWD_CHANGE_REJECT_IN_HISTORY=2, + WBC_PWD_CHANGE_REJECT_COMPLEXITY=5 +}; + /* * DomainControllerInfo struct */ @@ -478,6 +546,14 @@ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename); +wbcErr wbcChangeUserPassword(const char *username, + const char *old_password, + const char *new_password); + +wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy); /* * Resolve functions -- cgit From 9554f39b1245408e19bba4bda83f280020a49657 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 31 Aug 2008 12:15:35 +0200 Subject: Fix Coverity ID 589, dead code (This used to be commit 67c0835226e189deba5856710a1dea19ac5f30fd) --- source3/nsswitch/libwbclient/wbc_sid.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/nsswitch/libwbclient') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 324a19bd56..f4ffa4e5ca 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -294,9 +294,18 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, } } else { +#if 0 + /* + * Found by Coverity: In this particular routine we can't end + * up here with a non-NULL name. Further up there are just two + * exit paths that lead here, neither of which leave an + * allocated name. If you add more paths up there, re-activate + * this. + */ if (name != NULL) { talloc_free(name); } +#endif if (domain != NULL) { talloc_free(domain); } -- cgit