From 64299375b544de91dab75d62610d7dc7f1f8328d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 10 Jul 2000 05:40:43 +0000 Subject: Moved winbind client functions from various odd locations to nsswitch/wb_client.c Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG. (This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c) --- source3/nsswitch/wb_common.c | 347 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 347 insertions(+) create mode 100644 source3/nsswitch/wb_common.c (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c new file mode 100644 index 0000000000..5d1f3431cc --- /dev/null +++ b/source3/nsswitch/wb_common.c @@ -0,0 +1,347 @@ +/* + Unix SMB/Netbios implementation. + Version 2.0 + + winbind client common code + + Copyright (C) Tim Potter 2000 + Copyright (C) Andrew Tridgell 2000 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +#include "winbind_nss_config.h" +#include "winbindd_nss.h" + +/* Global variables. These are effectively the client state information */ + +static int established_socket = -1; /* fd for winbindd socket */ + +/* + * Utility and helper functions + */ + +void init_request(struct winbindd_request *req,int rq_type) +{ + static char *domain_env; + static BOOL initialised; + + req->cmd = rq_type; + req->pid = getpid(); + req->domain[0] = '\0'; + + if (!initialised) { + initialised = True; + domain_env = getenv(WINBINDD_DOMAIN_ENV); + } + + if (domain_env) { + strncpy(req->domain, domain_env, + sizeof(req->domain) - 1); + req->domain[sizeof(req->domain) - 1] = '\0'; + } +} + +/* Close established socket */ + +void close_sock(void) +{ + if (established_socket != -1) { + close(established_socket); + established_socket = -1; + } +} + +/* Connect to winbindd socket */ + +static int open_pipe_sock(void) +{ + struct sockaddr_un sunaddr; + static pid_t our_pid; + struct stat st; + pstring path; + + if (our_pid != getpid()) { + if (established_socket != -1) { + close(established_socket); + } + established_socket = -1; + our_pid = getpid(); + } + + if (established_socket != -1) { + return established_socket; + } + + /* Check permissions on unix socket directory */ + + if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { + return -1; + } + + if (!S_ISDIR(st.st_mode) || (st.st_uid != 0)) { + return -1; + } + + /* Connect to socket */ + + strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + + strncat(path, "/", sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + + strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + + ZERO_STRUCT(sunaddr); + sunaddr.sun_family = AF_UNIX; + strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); + + /* If socket file doesn't exist, don't bother trying to connect + with retry. This is an attempt to make the system usable when + the winbindd daemon is not running. */ + + if (lstat(path, &st) == -1) { + return -1; + } + + /* Check permissions on unix socket file */ + + if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0)) { + return -1; + } + + /* Connect to socket */ + + if ((established_socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + return -1; + } + + if (connect(established_socket, (struct sockaddr *)&sunaddr, + sizeof(sunaddr)) == -1) { + close_sock(); + return -1; + } + + return established_socket; +} + +/* Write data to winbindd socket with timeout */ + +int write_sock(void *buffer, int count) +{ + int result, nwritten; + + /* Open connection to winbind daemon */ + + restart: + + if (open_pipe_sock() == -1) { + return -1; + } + + /* Write data to socket */ + + nwritten = 0; + + while(nwritten < count) { + struct timeval tv; + fd_set r_fds; + int selret; + + /* Catch pipe close on other end by checking if a read() + call would not block by calling select(). */ + + FD_ZERO(&r_fds); + FD_SET(established_socket, &r_fds); + ZERO_STRUCT(tv); + + if ((selret = select(established_socket + 1, &r_fds, + NULL, NULL, &tv)) == -1) { + close_sock(); + return -1; /* Select error */ + } + + /* Write should be OK if fd not available for reading */ + + if (!FD_ISSET(established_socket, &r_fds)) { + + /* Do the write */ + + result = write(established_socket, + (char *)buffer + nwritten, + count - nwritten); + + if ((result == -1) || (result == 0)) { + + /* Write failed */ + + close_sock(); + return -1; + } + + nwritten += result; + + } else { + + /* Pipe has closed on remote end */ + + close_sock(); + goto restart; + } + } + + return nwritten; +} + +/* Read data from winbindd socket with timeout */ + +static int read_sock(void *buffer, int count) +{ + int result = 0, nread = 0; + + /* Read data from socket */ + + while(nread < count) { + + result = read(established_socket, (char *)buffer + nread, + count - nread); + + if ((result == -1) || (result == 0)) { + + /* Read failed. I think the only useful thing we + can do here is just return -1 and fail since the + transaction has failed half way through. */ + + close_sock(); + return -1; + } + + nread += result; + } + + return result; +} + +/* Read reply */ + +int read_reply(struct winbindd_response *response) +{ + int result1, result2 = 0; + + if (!response) { + return -1; + } + + /* Read fixed length response */ + + if ((result1 = read_sock(response, sizeof(struct winbindd_response))) + == -1) { + + return -1; + } + + /* We actually send the pointer value of the extra_data field from + the server. This has no meaning in the client's address space + so we clear it out. */ + + response->extra_data = NULL; + + /* Read variable length response */ + + if (response->length > sizeof(struct winbindd_response)) { + int extra_data_len = response->length - + sizeof(struct winbindd_response); + + /* Mallocate memory for extra data */ + + if (!(response->extra_data = malloc(extra_data_len))) { + return -1; + } + + if ((result2 = read_sock(response->extra_data, extra_data_len)) + == -1) { + return -1; + } + } + + /* Return total amount of data read */ + + return result1 + result2; +} + +/* Free a response structure */ + +void free_response(struct winbindd_response *response) +{ + /* Free any allocated extra_data */ + + if (response && response->extra_data) { + free(response->extra_data); + response->extra_data = NULL; + } +} + +/* Handle simple types of requests */ + +enum nss_status winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response) +{ + struct winbindd_request lrequest; + struct winbindd_response lresponse; + + /* Check for our tricky environment variable */ + + if (getenv(WINBINDD_DONT_ENV)) { + return NSS_STATUS_NOTFOUND; + } + + if (!response) { + ZERO_STRUCT(lresponse); + response = &lresponse; + } + + if (!request) { + ZERO_STRUCT(lrequest); + request = &lrequest; + } + + /* Fill in request and send down pipe */ + init_request(request, req_type); + + if (write_sock(request, sizeof(*request)) == -1) { + return NSS_STATUS_UNAVAIL; + } + + /* Wait for reply */ + if (read_reply(response) == -1) { + return NSS_STATUS_UNAVAIL; + } + + /* Throw away extra data if client didn't request it */ + if (response == &lresponse) { + free_response(response); + } + + /* Copy reply data from socket */ + if (response->result != WINBINDD_OK) { + return NSS_STATUS_NOTFOUND; + } + + return NSS_STATUS_SUCCESS; +} -- cgit From da1f8dc23b58b0f5dbe1328dd67f74abd317c264 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 17 Jul 2000 02:37:11 +0000 Subject: Renamed a parameter in init_request() function. Initialise response structure correctly. (This used to be commit 587c8e58fdd79dce47fb59ce702596ea58c8b4a6) --- source3/nsswitch/wb_common.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 5d1f3431cc..42712d68da 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -30,18 +30,16 @@ static int established_socket = -1; /* fd for winbindd socket */ -/* - * Utility and helper functions - */ +/* Initialise a request structure */ -void init_request(struct winbindd_request *req,int rq_type) +void init_request(struct winbindd_request *request, int request_type) { static char *domain_env; static BOOL initialised; - req->cmd = rq_type; - req->pid = getpid(); - req->domain[0] = '\0'; + request->cmd = request_type; + request->pid = getpid(); + request->domain[0] = '\0'; if (!initialised) { initialised = True; @@ -49,12 +47,21 @@ void init_request(struct winbindd_request *req,int rq_type) } if (domain_env) { - strncpy(req->domain, domain_env, - sizeof(req->domain) - 1); - req->domain[sizeof(req->domain) - 1] = '\0'; + strncpy(request->domain, domain_env, + sizeof(request->domain) - 1); + request->domain[sizeof(request->domain) - 1] = '\0'; } } +/* Initialise a response structure */ + +void init_response(struct winbindd_response *response) +{ + /* Initialise return value */ + + response->result = NSS_STATUS_UNAVAIL; +} + /* Close established socket */ void close_sock(void) @@ -322,7 +329,9 @@ enum nss_status winbindd_request(int req_type, } /* Fill in request and send down pipe */ + init_request(request, req_type); + init_response(response); if (write_sock(request, sizeof(*request)) == -1) { return NSS_STATUS_UNAVAIL; -- cgit From 23f78fd7b91878176c518471cdca84cad826cba9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 4 Oct 2000 01:03:23 +0000 Subject: Adding Herb's compile warning fixes to HEAD. Jeremy. (This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42) --- source3/nsswitch/wb_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 42712d68da..3671cf2e4f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -37,7 +37,7 @@ void init_request(struct winbindd_request *request, int request_type) static char *domain_env; static BOOL initialised; - request->cmd = request_type; + request->cmd = (enum winbindd_cmd)request_type; request->pid = getpid(); request->domain[0] = '\0'; @@ -59,7 +59,7 @@ void init_response(struct winbindd_response *response) { /* Initialise return value */ - response->result = NSS_STATUS_UNAVAIL; + response->result = (enum winbindd_result)NSS_STATUS_UNAVAIL; } /* Close established socket */ -- cgit From 77076b01d286ad296930cd83cafc3a4bf0ae5db6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 25 Apr 2001 01:52:54 +0000 Subject: merge from 2_2 (This used to be commit b9137b613dc8cb45cbebfc6e57e20fde0517347a) --- source3/nsswitch/wb_common.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 3671cf2e4f..98a4b6758b 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -168,7 +168,6 @@ int write_sock(void *buffer, int count) while(nwritten < count) { struct timeval tv; fd_set r_fds; - int selret; /* Catch pipe close on other end by checking if a read() call would not block by calling select(). */ @@ -177,8 +176,8 @@ int write_sock(void *buffer, int count) FD_SET(established_socket, &r_fds); ZERO_STRUCT(tv); - if ((selret = select(established_socket + 1, &r_fds, - NULL, NULL, &tv)) == -1) { + if (select(established_socket + 1, &r_fds, + NULL, NULL, &tv) == -1) { close_sock(); return -1; /* Select error */ } -- cgit From 5f9dca64daea8bf910a66e1178ad0336628fdc9f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 25 Apr 2001 05:47:50 +0000 Subject: merge some of the nsswitch code from tng to head the libnss_winbind.so from head now works with the winbindd from tng (This used to be commit 67ccfd2826548a6ca22562f9fb3ae156a57bd7db) --- source3/nsswitch/wb_common.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 98a4b6758b..4040e1cff2 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -37,7 +37,7 @@ void init_request(struct winbindd_request *request, int request_type) static char *domain_env; static BOOL initialised; - request->cmd = (enum winbindd_cmd)request_type; + request->cmd = request_type; request->pid = getpid(); request->domain[0] = '\0'; @@ -59,7 +59,7 @@ void init_response(struct winbindd_response *response) { /* Initialise return value */ - response->result = (enum winbindd_result)NSS_STATUS_UNAVAIL; + response->result = WINBINDD_ERROR; } /* Close established socket */ @@ -141,6 +141,7 @@ static int open_pipe_sock(void) if (connect(established_socket, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { close_sock(); + established_socket = -1; return -1; } @@ -304,7 +305,7 @@ void free_response(struct winbindd_response *response) /* Handle simple types of requests */ -enum nss_status winbindd_request(int req_type, +NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response) { -- cgit From a36f9250e7c9446f3eece6d8db29fcbde99256fb Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 7 May 2001 04:32:40 +0000 Subject: Preliminary merge of winbind into HEAD. Note that this compiles and links but I haven't actually run it yet so it probably doesn't work. (-: (This used to be commit 59f95416b66db6df05289bde224de29c721978e5) --- source3/nsswitch/wb_common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 4040e1cff2..8376007424 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -169,6 +169,7 @@ int write_sock(void *buffer, int count) while(nwritten < count) { struct timeval tv; fd_set r_fds; + int selret; /* Catch pipe close on other end by checking if a read() call would not block by calling select(). */ @@ -177,8 +178,8 @@ int write_sock(void *buffer, int count) FD_SET(established_socket, &r_fds); ZERO_STRUCT(tv); - if (select(established_socket + 1, &r_fds, - NULL, NULL, &tv) == -1) { + if ((selret = select(established_socket + 1, &r_fds, + NULL, NULL, &tv)) == -1) { close_sock(); return -1; /* Select error */ } -- cgit From 955247fa38fcf5167edf7935a694e75514bc7dcf Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 8 Jul 2001 18:25:19 +0000 Subject: allow winbindd to run as non-root so we can test it more easily (This used to be commit 001129e2153633dbd079889b11331e9c27786e5b) --- source3/nsswitch/wb_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 8376007424..ed0075a358 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -99,7 +99,8 @@ static int open_pipe_sock(void) return -1; } - if (!S_ISDIR(st.st_mode) || (st.st_uid != 0)) { + if (!S_ISDIR(st.st_mode) || + (st.st_uid != 0 && st.st_uid != geteuid())) { return -1; } @@ -128,7 +129,8 @@ static int open_pipe_sock(void) /* Check permissions on unix socket file */ - if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0)) { + if (!S_ISSOCK(st.st_mode) || + (st.st_uid != 0 && st.st_uid != geteuid())) { return -1; } -- cgit From 6baa40e3fe59a68046d31a93eb154237d7bd0837 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2001 02:28:17 +0000 Subject: added winbind_exclude_domain() so smbd can tell the winbind client code not to do lookups for a particular domain. This allows winbind to operate on a Samba PDC (This used to be commit d472ee3a690fb6db03fd4536e4093a18fc37ddbb) --- source3/nsswitch/wb_common.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index ed0075a358..0ec29aa2d7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -29,6 +29,17 @@ /* Global variables. These are effectively the client state information */ static int established_socket = -1; /* fd for winbindd socket */ +static char *excluded_domain; + +/* + smbd needs to be able to exclude lookups for its own domain +*/ +void winbind_exclude_domain(const char *domain) +{ + if (excluded_domain) free(excluded_domain); + excluded_domain = strdup(domain); +} + /* Initialise a request structure */ @@ -321,6 +332,12 @@ NSS_STATUS winbindd_request(int req_type, return NSS_STATUS_NOTFOUND; } + /* smbd may have excluded this domain */ + if (excluded_domain && + strcasecmp(excluded_domain, request->domain) == 0) { + return NSS_STATUS_NOTFOUND; + } + if (!response) { ZERO_STRUCT(lresponse); response = &lresponse; -- cgit From 717533483b41ef975953f58e0c6be04828a3d467 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Fri, 24 Aug 2001 20:32:01 +0000 Subject: get rid of compiler warnings (This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 0ec29aa2d7..7fb2bc2cf5 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -48,7 +48,7 @@ void init_request(struct winbindd_request *request, int request_type) static char *domain_env; static BOOL initialised; - request->cmd = request_type; + request->cmd = (enum winbindd_cmd)request_type; request->pid = getpid(); request->domain[0] = '\0'; -- cgit From b50d10c2a313b45bbc195b13a353a20af0ab917a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 04:52:45 +0000 Subject: move to SAFE_FREE() (This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608) --- source3/nsswitch/wb_common.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 7fb2bc2cf5..0cfefa6f86 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -36,7 +36,7 @@ static char *excluded_domain; */ void winbind_exclude_domain(const char *domain) { - if (excluded_domain) free(excluded_domain); + SAFE_FREE(excluded_domain); excluded_domain = strdup(domain); } @@ -311,10 +311,8 @@ void free_response(struct winbindd_response *response) { /* Free any allocated extra_data */ - if (response && response->extra_data) { - free(response->extra_data); - response->extra_data = NULL; - } + if (response) + SAFE_FREE(response->extra_data); } /* Handle simple types of requests */ -- cgit From e674581416b3b473b919f890518939bd5f6ba574 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Sat, 22 Dec 2001 00:51:32 +0000 Subject: merge IRIX winbind support from Samba 2.2 branch (This used to be commit 20c5f042e3bb79ff96a993c70b843908dcfafb65) --- source3/nsswitch/wb_common.c | 108 +++++++++++++++++++++++++------------------ 1 file changed, 64 insertions(+), 44 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 0cfefa6f86..d3feaeb450 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -28,9 +28,19 @@ /* Global variables. These are effectively the client state information */ -static int established_socket = -1; /* fd for winbindd socket */ +int winbindd_fd = -1; /* fd for winbindd socket */ static char *excluded_domain; +/* Free a response structure */ + +void free_response(struct winbindd_response *response) +{ + /* Free any allocated extra_data */ + + if (response) + SAFE_FREE(response->extra_data); +} + /* smbd needs to be able to exclude lookups for its own domain */ @@ -77,15 +87,15 @@ void init_response(struct winbindd_response *response) void close_sock(void) { - if (established_socket != -1) { - close(established_socket); - established_socket = -1; + if (winbindd_fd != -1) { + close(winbindd_fd); + winbindd_fd = -1; } } /* Connect to winbindd socket */ -static int open_pipe_sock(void) +int winbind_open_pipe_sock(void) { struct sockaddr_un sunaddr; static pid_t our_pid; @@ -93,15 +103,12 @@ static int open_pipe_sock(void) pstring path; if (our_pid != getpid()) { - if (established_socket != -1) { - close(established_socket); - } - established_socket = -1; + close_sock(); our_pid = getpid(); } - if (established_socket != -1) { - return established_socket; + if (winbindd_fd != -1) { + return winbindd_fd; } /* Check permissions on unix socket directory */ @@ -147,18 +154,17 @@ static int open_pipe_sock(void) /* Connect to socket */ - if ((established_socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { return -1; } - if (connect(established_socket, (struct sockaddr *)&sunaddr, + if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { close_sock(); - established_socket = -1; return -1; } - return established_socket; + return winbindd_fd; } /* Write data to winbindd socket with timeout */ @@ -171,7 +177,7 @@ int write_sock(void *buffer, int count) restart: - if (open_pipe_sock() == -1) { + if (winbind_open_pipe_sock() == -1) { return -1; } @@ -182,28 +188,26 @@ int write_sock(void *buffer, int count) while(nwritten < count) { struct timeval tv; fd_set r_fds; - int selret; /* Catch pipe close on other end by checking if a read() call would not block by calling select(). */ FD_ZERO(&r_fds); - FD_SET(established_socket, &r_fds); + FD_SET(winbindd_fd, &r_fds); ZERO_STRUCT(tv); - if ((selret = select(established_socket + 1, &r_fds, - NULL, NULL, &tv)) == -1) { + if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { close_sock(); return -1; /* Select error */ } /* Write should be OK if fd not available for reading */ - if (!FD_ISSET(established_socket, &r_fds)) { + if (!FD_ISSET(winbindd_fd, &r_fds)) { /* Do the write */ - result = write(established_socket, + result = write(winbindd_fd, (char *)buffer + nwritten, count - nwritten); @@ -239,7 +243,7 @@ static int read_sock(void *buffer, int count) while(nread < count) { - result = read(established_socket, (char *)buffer + nread, + result = read(winbindd_fd, (char *)buffer + nread, count - nread); if ((result == -1) || (result == 0)) { @@ -296,6 +300,7 @@ int read_reply(struct winbindd_response *response) if ((result2 = read_sock(response->extra_data, extra_data_len)) == -1) { + free_response(response); return -1; } } @@ -305,24 +310,13 @@ int read_reply(struct winbindd_response *response) return result1 + result2; } -/* Free a response structure */ - -void free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* Handle simple types of requests */ +/* + * send simple types of requests + */ -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) +NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) { struct winbindd_request lrequest; - struct winbindd_response lresponse; /* Check for our tricky environment variable */ @@ -336,11 +330,6 @@ NSS_STATUS winbindd_request(int req_type, return NSS_STATUS_NOTFOUND; } - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - if (!request) { ZERO_STRUCT(lrequest); request = &lrequest; @@ -349,12 +338,29 @@ NSS_STATUS winbindd_request(int req_type, /* Fill in request and send down pipe */ init_request(request, req_type); - init_response(response); if (write_sock(request, sizeof(*request)) == -1) { return NSS_STATUS_UNAVAIL; } + return NSS_STATUS_SUCCESS; +} + +/* + * Get results from winbindd request + */ + +NSS_STATUS winbindd_get_response(struct winbindd_response *response) +{ + struct winbindd_response lresponse; + + if (!response) { + ZERO_STRUCT(lresponse); + response = &lresponse; + } + + init_response(response); + /* Wait for reply */ if (read_reply(response) == -1) { return NSS_STATUS_UNAVAIL; @@ -372,3 +378,17 @@ NSS_STATUS winbindd_request(int req_type, return NSS_STATUS_SUCCESS; } + +/* Handle simple types of requests */ + +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response) +{ + NSS_STATUS status; + + status = winbindd_send_request(req_type, request); + if (status != NSS_STATUS_SUCCESS) + return(status); + return winbindd_get_response(response); +} -- cgit From 85e06cebc018ce29cfd4788af857a376b13929e9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 10 Jan 2002 23:45:29 +0000 Subject: Since AB has been changing the winbind interface it's time to add the "mock swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5) --- source3/nsswitch/wb_common.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index d3feaeb450..58b18ec458 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -58,6 +58,8 @@ void init_request(struct winbindd_request *request, int request_type) static char *domain_env; static BOOL initialised; + request->length = sizeof(struct winbindd_request); + request->cmd = (enum winbindd_cmd)request_type; request->pid = getpid(); request->domain[0] = '\0'; -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/nsswitch/wb_common.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 58b18ec458..6a2143f8f0 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 2.0 + Unix SMB/CIFS implementation. winbind client common code -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/nsswitch/wb_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6a2143f8f0..89dd625241 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -86,7 +86,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -void close_sock(void) +static void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -168,7 +168,7 @@ int winbind_open_pipe_sock(void) return winbindd_fd; } -/* Write data to winbindd socket with timeout */ +/* Write data to winbindd socket */ int write_sock(void *buffer, int count) { @@ -234,7 +234,7 @@ int write_sock(void *buffer, int count) return nwritten; } -/* Read data from winbindd socket with timeout */ +/* Read data from winbindd socket */ static int read_sock(void *buffer, int count) { -- cgit From b2edf254eda92f775e7d3d9b6793b4d77f9000b6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 17 Aug 2002 17:00:51 +0000 Subject: sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290) --- source3/nsswitch/wb_common.c | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 89dd625241..9bc9faafb5 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -28,7 +28,6 @@ /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ -static char *excluded_domain; /* Free a response structure */ @@ -40,16 +39,6 @@ void free_response(struct winbindd_response *response) SAFE_FREE(response->extra_data); } -/* - smbd needs to be able to exclude lookups for its own domain -*/ -void winbind_exclude_domain(const char *domain) -{ - SAFE_FREE(excluded_domain); - excluded_domain = strdup(domain); -} - - /* Initialise a request structure */ void init_request(struct winbindd_request *request, int request_type) @@ -325,12 +314,6 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) return NSS_STATUS_NOTFOUND; } - /* smbd may have excluded this domain */ - if (excluded_domain && - strcasecmp(excluded_domain, request->domain) == 0) { - return NSS_STATUS_NOTFOUND; - } - if (!request) { ZERO_STRUCT(lrequest); request = &lrequest; -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/nsswitch/wb_common.c | 78 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 9bc9faafb5..51792f63fe 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -5,6 +5,8 @@ Copyright (C) Tim Potter 2000 Copyright (C) Andrew Tridgell 2000 + Copyright (C) Andrew Bartlett 2002 + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -75,7 +77,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -static void close_sock(void) +void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -83,14 +85,75 @@ static void close_sock(void) } } +/* Make sure socket handle isn't stdin, stdout or stderr */ +#define RECURSION_LIMIT 3 + +static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */) +{ + int new_fd; + if (fd >= 0 && fd <= 2) { +#ifdef F_DUPFD + if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { + return -1; + } + /* Parinoia */ + if (new_fd < 3) { + close(new_fd); + return -1; + } + close(fd); + return new_fd; +#else + if (limit <= 0) + return -1; + + new_fd = dup(fd); + if (new_fd == -1) + return -1; + + /* use the program stack to hold our list of FDs to close */ + new_fd = make_nonstd_fd_internals(new_fd, limit - 1); + close(fd); + return new_fd; +#endif + } + return fd; +} + +static int make_safe_fd(int fd) +{ + int result, flags; + int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); + if (new_fd == -1) { + close(fd); + return -1; + } + /* Socket should be closed on exec() */ + +#ifdef FD_CLOEXEC + result = flags = fcntl(new_fd, F_GETFD, 0); + if (flags >= 0) { + flags |= FD_CLOEXEC; + result = fcntl( new_fd, F_SETFD, flags ); + } + if (result < 0) { + close(new_fd); + return -1; + } +#endif + return new_fd; +} + /* Connect to winbindd socket */ int winbind_open_pipe_sock(void) { +#ifdef HAVE_UNIXSOCKET struct sockaddr_un sunaddr; static pid_t our_pid; struct stat st; pstring path; + int fd; if (our_pid != getpid()) { close_sock(); @@ -144,9 +207,13 @@ int winbind_open_pipe_sock(void) /* Connect to socket */ - if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { return -1; } + + if ((winbindd_fd = make_safe_fd( fd)) == -1) { + return winbindd_fd; + } if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { @@ -155,6 +222,9 @@ int winbind_open_pipe_sock(void) } return winbindd_fd; +#else + return -1; +#endif /* HAVE_UNIXSOCKET */ } /* Write data to winbindd socket */ @@ -366,8 +436,8 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response) /* Handle simple types of requests */ NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) + struct winbindd_request *request, + struct winbindd_response *response) { NSS_STATUS status; -- cgit From 8c93138982da3f9444bdef63cf48de37876866ed Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 20 Dec 2002 01:37:39 +0000 Subject: Merge removal of unpopular winbind client environment variable. (This used to be commit 0637f582fe1d41f8ef247e5989f84caa72162f05) --- source3/nsswitch/wb_common.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 51792f63fe..89c751a4ef 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -24,8 +24,7 @@ Boston, MA 02111-1307, USA. */ -#include "winbind_nss_config.h" -#include "winbindd_nss.h" +#include "winbind_client.h" /* Global variables. These are effectively the client state information */ @@ -45,25 +44,11 @@ void free_response(struct winbindd_response *response) void init_request(struct winbindd_request *request, int request_type) { - static char *domain_env; - static BOOL initialised; - request->length = sizeof(struct winbindd_request); request->cmd = (enum winbindd_cmd)request_type; request->pid = getpid(); - request->domain[0] = '\0'; - - if (!initialised) { - initialised = True; - domain_env = getenv(WINBINDD_DOMAIN_ENV); - } - if (domain_env) { - strncpy(request->domain, domain_env, - sizeof(request->domain) - 1); - request->domain[sizeof(request->domain) - 1] = '\0'; - } } /* Initialise a response structure */ -- cgit From 53beee9e5675a59c67d9ecfbaec50dca4ac01750 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Mar 2003 09:54:13 +0000 Subject: (merge from HEAD) NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664) --- source3/nsswitch/wb_common.c | 73 ++++++++++++++++++++++++++++++++------------ 1 file changed, 53 insertions(+), 20 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 89c751a4ef..ac1ccb217e 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -131,27 +131,16 @@ static int make_safe_fd(int fd) /* Connect to winbindd socket */ -int winbind_open_pipe_sock(void) +static int winbind_named_pipe_sock(const char *dir) { -#ifdef HAVE_UNIXSOCKET struct sockaddr_un sunaddr; - static pid_t our_pid; struct stat st; pstring path; int fd; - if (our_pid != getpid()) { - close_sock(); - our_pid = getpid(); - } - - if (winbindd_fd != -1) { - return winbindd_fd; - } - /* Check permissions on unix socket directory */ - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { + if (lstat(dir, &st) == -1) { return -1; } @@ -162,13 +151,13 @@ int winbind_open_pipe_sock(void) /* Connect to socket */ - strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); + strncpy(path, dir, sizeof(path) - 1); path[sizeof(path) - 1] = '\0'; - strncat(path, "/", sizeof(path) - 1); + strncat(path, "/", sizeof(path) - 1 - strlen(path)); path[sizeof(path) - 1] = '\0'; - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); + strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1 - strlen(path)); path[sizeof(path) - 1] = '\0'; ZERO_STRUCT(sunaddr); @@ -196,16 +185,60 @@ int winbind_open_pipe_sock(void) return -1; } - if ((winbindd_fd = make_safe_fd( fd)) == -1) { - return winbindd_fd; + if ((fd = make_safe_fd( fd)) == -1) { + return fd; } - if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, + if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { - close_sock(); + close(fd); return -1; } + return fd; +} + +/* Connect to winbindd socket */ + +int winbind_open_pipe_sock(void) +{ +#ifdef HAVE_UNIXSOCKET + static pid_t our_pid; + struct winbindd_request request; + struct winbindd_response response; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (our_pid != getpid()) { + close_sock(); + our_pid = getpid(); + } + + if (winbindd_fd != -1) { + return winbindd_fd; + } + + if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) { + return -1; + } + + /* version-check the socket */ + + if ((winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { + close_sock(); + return -1; + } + + /* try and get priv pipe */ + + if (winbindd_request(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { + int fd; + if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) { + close(winbindd_fd); + winbindd_fd = fd; + } + } + return winbindd_fd; #else return -1; -- cgit From 1d8cd8faf620cb068d740d8fad7968525d45e83a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 30 Jun 2003 16:18:29 +0000 Subject: fix for platforms that don't have unsetenv(). we now have to check the value for _NO_WINBINDD. "1" enables, and != "1" disables (use "0" by convention). (This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390) --- source3/nsswitch/wb_common.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index ac1ccb217e..adcfdaa9d8 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -395,11 +395,15 @@ int read_reply(struct winbindd_response *response) NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) { struct winbindd_request lrequest; - + char *env; + int value; + /* Check for our tricky environment variable */ - if (getenv(WINBINDD_DONT_ENV)) { - return NSS_STATUS_NOTFOUND; + if ( (env = getenv(WINBINDD_DONT_ENV)) != NULL ) { + value = atoi(env); + if ( value == 1 ) + return NSS_STATUS_NOTFOUND; } if (!request) { -- cgit From 0b18acb841f6a372b3aa285d4734875e5e35fe3b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 7 Jul 2003 05:11:10 +0000 Subject: and so it begins.... * remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8) --- source3/nsswitch/wb_common.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index adcfdaa9d8..acaf0ed17c 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -468,3 +468,19 @@ NSS_STATUS winbindd_request(int req_type, return(status); return winbindd_get_response(response); } + +/************************************************************************* + A couple of simple jfunctions to disable winbindd lookups and re- + enable them + ************************************************************************/ + +BOOL winbind_off( void ) +{ + return (setenv( WINBINDD_DONT_ENV, "1", 1 ) != -1); +} + +BOOL winbind_on( void ) +{ + return (setenv( WINBINDD_DONT_ENV, "0", 1 ) != -1); +} + -- cgit From 66ba34188c8300a8b4d5f266a392dc1924d9f755 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 1 Aug 2003 07:46:42 +0000 Subject: Fix a memory leak. I did not check all the calls to winbindd_request, but we might leak the extra_data somewhere else as well. Volker (This used to be commit 5d379345fa06f4253f67b40cb8127b70072db561) --- source3/nsswitch/wb_common.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index acaf0ed17c..79553e9e4f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -239,6 +239,8 @@ int winbind_open_pipe_sock(void) } } + SAFE_FREE(response.extra_data); + return winbindd_fd; #else return -1; -- cgit From 87f7226a0a945fd7b81eba260e72a197f4b2d4c0 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 13 Oct 2003 17:31:02 +0000 Subject: Add a better error message to wb_common.c when unable to connect to a pipe socket and add a comment to winbindd.c to explain the fancy calculation of buffer offset. (This used to be commit 7c7ef9680b7378e12ffdd0bf95ee7ad673bea2f5) --- source3/nsswitch/wb_common.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 79553e9e4f..468b532cbe 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -191,6 +191,8 @@ static int winbind_named_pipe_sock(const char *dir) if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { + DEBUG(10, ("error connecting to pipe socket: %s\n", + strerror(errno))); close(fd); return -1; } -- cgit From 69f0adb13dc88b39cf6f4c8c5ed595c793700a89 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 14 Oct 2003 02:19:19 +0000 Subject: Undo previous commit because it breaks the build. DEBUG() should not be called in winbind client code as it's actually dynamically linked by glibc into programs that use the nsswitch database functions. (This used to be commit 90380a684af244175d216344101e734c85220a7b) --- source3/nsswitch/wb_common.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 468b532cbe..79553e9e4f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -191,8 +191,6 @@ static int winbind_named_pipe_sock(const char *dir) if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { - DEBUG(10, ("error connecting to pipe socket: %s\n", - strerror(errno))); close(fd); return -1; } -- cgit From bafcc8497d0a77d2aadb3da4f2a945e56c78a246 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 21 Oct 2003 04:38:23 +0000 Subject: Merge of spelling fix from HEAD. (This used to be commit 1482933089bd1e6114ad29d77ce229482f2d161b) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 79553e9e4f..f146391653 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -81,7 +81,7 @@ static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */) if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { return -1; } - /* Parinoia */ + /* Paranoia */ if (new_fd < 3) { close(new_fd); return -1; -- cgit From 1f05df2b36d0782129e8cc4cfb23099ffb1cd775 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 2 Nov 2003 16:22:28 +0000 Subject: Use putenv() instead of setenv() in the winbind_{off,on}() functions. Some platforms don't have setenv(). (This used to be commit a8b487c4cb5d181e59755f49063512b2729bccb5) --- source3/nsswitch/wb_common.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index f146391653..793d4a30b8 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -472,17 +472,44 @@ NSS_STATUS winbindd_request(int req_type, } /************************************************************************* - A couple of simple jfunctions to disable winbindd lookups and re- + A couple of simple functions to disable winbindd lookups and re- enable them ************************************************************************/ +/* Use putenv() instead of setenv() as not all environments have the + latter. */ + +static int set_winbind_dont_env(char value) +{ + int len = strlen(WINBINDD_DONT_ENV) + 3; /* len("_NO_WINBINDD=1\0") */ + char *s = malloc(len); + int result; + + if (s == NULL) + return -1; + + /* It's OK to use strcpy here as we have allocated the correct + buffer size and no user or network data is used. */ + + strcpy(s, WINBINDD_DONT_ENV); + + s[strlen(WINBINDD_DONT_ENV)] = '='; + s[strlen(WINBINDD_DONT_ENV) + 1] = value; + s[strlen(WINBINDD_DONT_ENV) + 2] = '\0'; + + result = putenv(s); + + free(s); + return result; +} + BOOL winbind_off( void ) { - return (setenv( WINBINDD_DONT_ENV, "1", 1 ) != -1); + return set_winbind_dont_env('1') != -1; } BOOL winbind_on( void ) { - return (setenv( WINBINDD_DONT_ENV, "0", 1 ) != -1); + return set_winbind_dont_env('0') != -1; } -- cgit From 82f8a8aabd5f8d5b327ea70d9a65c4af29807958 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 4 Nov 2003 05:49:23 +0000 Subject: Use a static string instead of malloced one in winbind_{off,on}() utility functions. (This used to be commit 7710232ba21305a1e3c9523ace82a5a419526b50) --- source3/nsswitch/wb_common.c | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 793d4a30b8..40221b69fe 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -476,40 +476,19 @@ NSS_STATUS winbindd_request(int req_type, enable them ************************************************************************/ -/* Use putenv() instead of setenv() as not all environments have the - latter. */ - -static int set_winbind_dont_env(char value) -{ - int len = strlen(WINBINDD_DONT_ENV) + 3; /* len("_NO_WINBINDD=1\0") */ - char *s = malloc(len); - int result; - - if (s == NULL) - return -1; - - /* It's OK to use strcpy here as we have allocated the correct - buffer size and no user or network data is used. */ - - strcpy(s, WINBINDD_DONT_ENV); - - s[strlen(WINBINDD_DONT_ENV)] = '='; - s[strlen(WINBINDD_DONT_ENV) + 1] = value; - s[strlen(WINBINDD_DONT_ENV) + 2] = '\0'; - - result = putenv(s); - - free(s); - return result; -} +/* Use putenv() instead of setenv() in these functions as not all + environments have the latter. */ BOOL winbind_off( void ) { - return set_winbind_dont_env('1') != -1; + static char *s = WINBINDD_DONT_ENV "=1"; + + return putenv(s) != -1; } BOOL winbind_on( void ) { - return set_winbind_dont_env('0') != -1; -} + static char *s = WINBINDD_DONT_ENV "=0"; + return putenv(s) != -1; +} -- cgit From 758e36a9bba1f3703e07886571d4b8ad26049399 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 May 2004 22:09:09 +0000 Subject: r651: Patch from kawasa_r@itg.hitachi.co.jp to connect to winbind pipe in non-blocking mode to prevent process hang. Jeremy. (This used to be commit dece22de8e0bd18ee5a152dea7f682ae04e5cba0) --- source3/nsswitch/wb_common.c | 96 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 94 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 40221b69fe..ef8fc3e40f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -70,6 +70,10 @@ void close_sock(void) } } +#define CONNECT_TIMEOUT 30 +#define WRITE_TIMEOUT CONNECT_TIMEOUT +#define READ_TIMEOUT CONNECT_TIMEOUT + /* Make sure socket handle isn't stdin, stdout or stderr */ #define RECURSION_LIMIT 3 @@ -105,6 +109,14 @@ static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */) return fd; } +/**************************************************************************** + Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, + else + if SYSV use O_NDELAY + if BSD use FNDELAY + Set close on exec also. +****************************************************************************/ + static int make_safe_fd(int fd) { int result, flags; @@ -113,8 +125,32 @@ static int make_safe_fd(int fd) close(fd); return -1; } + + /* Socket should be nonblocking. */ +#ifdef O_NONBLOCK +#define FLAG_TO_SET O_NONBLOCK +#else +#ifdef SYSV +#define FLAG_TO_SET O_NDELAY +#else /* BSD */ +#define FLAG_TO_SET FNDELAY +#endif +#endif + + if ((flags = fcntl(new_fd, F_GETFL)) == -1) { + close(new_fd); + return -1; + } + + flags |= FLAG_TO_SET; + if (fcntl(new_fd, F_SETFL, flags) == -1) { + close(new_fd); + return -1; + } + +#undef FLAG_TO_SET + /* Socket should be closed on exec() */ - #ifdef FD_CLOEXEC result = flags = fcntl(new_fd, F_GETFD, 0); if (flags >= 0) { @@ -137,6 +173,8 @@ static int winbind_named_pipe_sock(const char *dir) struct stat st; pstring path; int fd; + int wait_time; + int slept; /* Check permissions on unix socket directory */ @@ -185,10 +223,64 @@ static int winbind_named_pipe_sock(const char *dir) return -1; } + /* Set socket non-blocking and close on exec. */ + if ((fd = make_safe_fd( fd)) == -1) { return fd; } - + + for (wait_time = 0; connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1; + wait_time += slept) { + struct timeval tv; + fd_set w_fds; + int ret; + int connect_errno = 0, errnosize; + + if (wait_time >= CONNECT_TIMEOUT) + goto error_out; + + switch (errno) { + case EINPROGRESS: + FD_ZERO(&w_fds); + FD_SET(fd, &w_fds); + tv.tv_sec = CONNECT_TIMEOUT - wait_time; + tv.tv_usec = 0; + + ret = select(fd + 1, NULL, &w_fds, NULL, &tv); + + if (ret > 0) { + errnosize = sizeof(connect_errno); + + ret = getsockopt(fd, SOL_SOCKET, + SO_ERROR, &connect_errno, &errnosize); + + if (ret >= 0 && connect_errno == 0) { + /* Connect succeed */ + goto out; + } + } + + slept = CONNECT_TIMEOUT; + break; + case EAGAIN: + slept = rand() % 3 + 1; + sleep(slept); + break; + default: + goto error_out; + } + + } + + out: + + return fd; + + error_out: + + close(fd); + return -1; + if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { close(fd); -- cgit From 8fd6298df0c219c522e2262e16eaf97c47f3799f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 13 May 2004 18:37:54 +0000 Subject: r698: Now wb pipe is non-blocking remember to read in non-blocking mode... Jeremy. (This used to be commit 3399727864f3aa8981f022254dfed622fcb50c49) --- source3/nsswitch/wb_common.c | 55 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 11 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index ef8fc3e40f..9caf7affc3 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -410,25 +410,58 @@ int write_sock(void *buffer, int count) static int read_sock(void *buffer, int count) { int result = 0, nread = 0; + int total_time = 0, selret; /* Read data from socket */ - while(nread < count) { + struct timeval tv; + fd_set r_fds; - result = read(winbindd_fd, (char *)buffer + nread, - count - nread); + /* Catch pipe close on other end by checking if a read() + call would not block by calling select(). */ + + FD_ZERO(&r_fds); + FD_SET(winbindd_fd, &r_fds); + ZERO_STRUCT(tv); + /* Wait for 5 seconds for a reply. May need to parameterise this... */ + tv.tv_sec = 5; + + if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) { + close_sock(); + return -1; /* Select error */ + } - if ((result == -1) || (result == 0)) { + if (selret == 0) { + /* Not ready for read yet... */ + if (total_time >= 30) { + /* Timeout */ + close_sock(); + return -1; + } + total_time += 5; + continue; + } + + if (FD_ISSET(winbindd_fd, &r_fds)) { - /* Read failed. I think the only useful thing we - can do here is just return -1 and fail since the - transaction has failed half way through. */ + /* Do the Read */ + + result = read(winbindd_fd, (char *)buffer + nread, + count - nread); + + if ((result == -1) || (result == 0)) { + + /* Read failed. I think the only useful thing we + can do here is just return -1 and fail since the + transaction has failed half way through. */ + + close_sock(); + return -1; + } + + nread += result; - close_sock(); - return -1; } - - nread += result; } return result; -- cgit From 9840db418bad5a39edc4a32a1786f5e2d2c9dff8 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Thu, 31 Mar 2005 05:06:04 +0000 Subject: r6149: Fixes bugs #2498 and 2484. 1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb) --- source3/nsswitch/wb_common.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 9caf7affc3..6ba0cbbf42 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -26,6 +26,9 @@ #include "winbind_client.h" +#define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) +#define CONST_ADD(type, ptr) ((type) ((const void *) (ptr))) + /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ @@ -606,14 +609,14 @@ NSS_STATUS winbindd_request(int req_type, BOOL winbind_off( void ) { - static char *s = WINBINDD_DONT_ENV "=1"; + static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); return putenv(s) != -1; } BOOL winbind_on( void ) { - static char *s = WINBINDD_DONT_ENV "=0"; + static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=0"); return putenv(s) != -1; } -- cgit From f1714eacf7365c731f6802972bff3fc62e72b8d0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 7 May 2005 15:03:00 +0000 Subject: r6643: fix some build issues on IRIX;l patch from james peach (This used to be commit 8f78ee6abab9c1dd3e8b15ea3d1d96a651ee0426) --- source3/nsswitch/wb_common.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6ba0cbbf42..40cf534c41 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -26,9 +26,6 @@ #include "winbind_client.h" -#define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) -#define CONST_ADD(type, ptr) ((type) ((const void *) (ptr))) - /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ -- cgit From 583b7ed6595e85e8366632dd0ab5dbfcdc1838e6 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Tue, 31 May 2005 18:36:38 +0000 Subject: r7148: Fix #2736: winbind race condition with detecting idle clients winbind idle connection closing logic is getting invoked under high loads for clients which may already have commands in the pipe. This race condition causes clients to fail with NSS_STATUS_UNAVAIL sometimes. We now retry several times hoping (still not guaranteed, though) it will work. (This used to be commit 05c04cfd2526b8b9a82916b5dffc18bf27c3f198) --- source3/nsswitch/wb_common.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 40cf534c41..d2e8b9cc6a 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -588,12 +588,18 @@ NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response) { - NSS_STATUS status; + NSS_STATUS status = NSS_STATUS_UNAVAIL; + int count = 0; - status = winbindd_send_request(req_type, request); - if (status != NSS_STATUS_SUCCESS) - return(status); - return winbindd_get_response(response); + while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { + status = winbindd_send_request(req_type, request); + if (status != NSS_STATUS_SUCCESS) + return(status); + status = winbindd_get_response(response); + count += 1; + } + + return status; } /************************************************************************* @@ -606,7 +612,7 @@ NSS_STATUS winbindd_request(int req_type, BOOL winbind_off( void ) { - static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); + static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); return putenv(s) != -1; } -- cgit From 19ca97a70f6b7b41d251eaa76e4d3c980c6eedff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Jun 2005 20:25:18 +0000 Subject: r7882: Looks like a large patch - but what it actually does is make Samba safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a) --- source3/nsswitch/wb_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index d2e8b9cc6a..b6f617eb95 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -316,14 +316,14 @@ int winbind_open_pipe_sock(void) /* version-check the socket */ - if ((winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { + if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { close_sock(); return -1; } /* try and get priv pipe */ - if (winbindd_request(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { + if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { int fd; if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) { close(winbindd_fd); @@ -584,7 +584,7 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response) /* Handle simple types of requests */ -NSS_STATUS winbindd_request(int req_type, +NSS_STATUS winbindd_request_response(int req_type, struct winbindd_request *request, struct winbindd_response *response) { -- cgit From 8c072021efba737539b46e993df0c21a6438a82a Mon Sep 17 00:00:00 2001 From: James Peach Date: Tue, 30 Aug 2005 06:41:32 +0000 Subject: r9780: Clean up a bunch of compiler warnings. (This used to be commit 623d2e69319ffead31a780a4d6156dae45f386d7) --- source3/nsswitch/wb_common.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index b6f617eb95..5ed0b9161e 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -280,14 +280,6 @@ static int winbind_named_pipe_sock(const char *dir) close(fd); return -1; - - if (connect(fd, (struct sockaddr *)&sunaddr, - sizeof(sunaddr)) == -1) { - close(fd); - return -1; - } - - return fd; } /* Connect to winbindd socket */ -- cgit From 7bd1888cdf95b0e32fe1a2993d7bcb2b16e475b1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 19 Sep 2005 18:49:18 +0000 Subject: r10321: Fix winbindd recursion bug found by Ingo Steuwer . Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b) --- source3/nsswitch/wb_common.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 5ed0b9161e..6d09666525 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -284,7 +284,7 @@ static int winbind_named_pipe_sock(const char *dir) /* Connect to winbindd socket */ -int winbind_open_pipe_sock(void) +static int winbind_open_pipe_sock(int recursing) { #ifdef HAVE_UNIXSOCKET static pid_t our_pid; @@ -302,12 +302,17 @@ int winbind_open_pipe_sock(void) return winbindd_fd; } + if (recursing) { + return -1; + } + if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) { return -1; } /* version-check the socket */ + request.flags = WBFLAG_RECURSE; if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { close_sock(); return -1; @@ -315,6 +320,7 @@ int winbind_open_pipe_sock(void) /* try and get priv pipe */ + request.flags = WBFLAG_RECURSE; if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { int fd; if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) { @@ -333,7 +339,7 @@ int winbind_open_pipe_sock(void) /* Write data to winbindd socket */ -int write_sock(void *buffer, int count) +int write_sock(void *buffer, int count, int recursing) { int result, nwritten; @@ -341,7 +347,7 @@ int write_sock(void *buffer, int count) restart: - if (winbind_open_pipe_sock() == -1) { + if (winbind_open_pipe_sock(recursing) == -1) { return -1; } @@ -534,7 +540,7 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) init_request(request, req_type); - if (write_sock(request, sizeof(*request)) == -1) { + if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) { return NSS_STATUS_UNAVAIL; } -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/nsswitch/wb_common.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6d09666525..5521614965 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -543,6 +543,11 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) { return NSS_STATUS_UNAVAIL; } + + if ((request->extra_len != 0) && + (write_sock(request->extra_data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { + return NSS_STATUS_UNAVAIL; + } return NSS_STATUS_SUCCESS; } -- cgit From 8d7c88667190fe286971ac4fffb64ee5bd9eeeb0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Oct 2005 03:24:00 +0000 Subject: r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208) --- source3/nsswitch/wb_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 5521614965..0e20927941 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -234,7 +234,8 @@ static int winbind_named_pipe_sock(const char *dir) struct timeval tv; fd_set w_fds; int ret; - int connect_errno = 0, errnosize; + int connect_errno = 0; + socklen_t errnosize; if (wait_time >= CONNECT_TIMEOUT) goto error_out; -- cgit From 70b59a3b20bc3cd3e1456dc552c43cd1da22f1b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Mar 2006 18:55:39 +0000 Subject: r14760: Fix #3642, ensure we don't call FD_SET on read with fd == -1. Jeremy. (This used to be commit 6ae15544ccfc3ff5d97565ad41ba7f57c7d29b0f) --- source3/nsswitch/wb_common.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 0e20927941..dfefeb9f75 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -411,6 +411,10 @@ static int read_sock(void *buffer, int count) int result = 0, nread = 0; int total_time = 0, selret; + if (winbindd_fd == -1) { + return -1; + } + /* Read data from socket */ while(nread < count) { struct timeval tv; -- cgit From 6c9eaa6880897aabbc56ad3d7bd73dfc69f926f9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 2 Apr 2006 06:25:11 +0000 Subject: r14855: Various fixes: * depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d) --- source3/nsswitch/wb_common.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index dfefeb9f75..05f080e73a 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -618,16 +618,15 @@ NSS_STATUS winbindd_request_response(int req_type, /* Use putenv() instead of setenv() in these functions as not all environments have the latter. */ -BOOL winbind_off( void ) +BOOL winbind_putenv( const char *s ) { - static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); + fstring env; - return putenv(s) != -1; -} + if ( !s ) { + return False; + } -BOOL winbind_on( void ) -{ - static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=0"); + snprintf( env, sizeof(env), "%s=%s", WINBINDD_DONT_ENV, s ); - return putenv(s) != -1; + return putenv(env) != -1; } -- cgit From e4998337e75c5e9debe914ff4eb2c0b0fa97c156 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 2 Apr 2006 19:45:42 +0000 Subject: r14868: I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. ... Fix my brain dead inverted logic for turning winbindd on and off when run on a DC or when calling pdb functions from within winbindd. (This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee) --- source3/nsswitch/wb_common.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 05f080e73a..91ec912b7d 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -618,15 +618,17 @@ NSS_STATUS winbindd_request_response(int req_type, /* Use putenv() instead of setenv() in these functions as not all environments have the latter. */ -BOOL winbind_putenv( const char *s ) +BOOL winbind_off( void ) { - fstring env; + static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); - if ( !s ) { - return False; - } + return putenv(s) != -1; +} - snprintf( env, sizeof(env), "%s=%s", WINBINDD_DONT_ENV, s ); +BOOL winbind_on( void ) +{ + static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=0"); - return putenv(env) != -1; + return putenv(s) != -1; } + -- cgit From 8c9eb7631eecbe3f9bda30aff4b5d97d5e2a8737 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 12 Apr 2006 14:10:39 +0000 Subject: r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a) --- source3/nsswitch/wb_common.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 91ec912b7d..91ebdbd584 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -37,7 +37,7 @@ void free_response(struct winbindd_response *response) /* Free any allocated extra_data */ if (response) - SAFE_FREE(response->extra_data); + SAFE_FREE(response->extra_data.data); } /* Initialise a request structure */ @@ -324,13 +324,13 @@ static int winbind_open_pipe_sock(int recursing) request.flags = WBFLAG_RECURSE; if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { int fd; - if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) { + if ((fd = winbind_named_pipe_sock(response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; } } - SAFE_FREE(response.extra_data); + SAFE_FREE(response.extra_data.data); return winbindd_fd; #else @@ -492,7 +492,7 @@ int read_reply(struct winbindd_response *response) the server. This has no meaning in the client's address space so we clear it out. */ - response->extra_data = NULL; + response->extra_data.data = NULL; /* Read variable length response */ @@ -502,11 +502,11 @@ int read_reply(struct winbindd_response *response) /* Mallocate memory for extra data */ - if (!(response->extra_data = malloc(extra_data_len))) { + if (!(response->extra_data.data = malloc(extra_data_len))) { return -1; } - if ((result2 = read_sock(response->extra_data, extra_data_len)) + if ((result2 = read_sock(response->extra_data.data, extra_data_len)) == -1) { free_response(response); return -1; @@ -550,7 +550,7 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) } if ((request->extra_len != 0) && - (write_sock(request->extra_data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { + (write_sock(request->extra_data.data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { return NSS_STATUS_UNAVAIL; } -- cgit From fd8bae8b1660acefd327121ef3d8a356cb0c09fa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 20:51:55 +0000 Subject: r17345: Some C++ warnings (This used to be commit 21c8fa2fc8bfd35d203b089ff61efc7c292b4dc0) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 91ebdbd584..e665a0ffd5 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -324,7 +324,7 @@ static int winbind_open_pipe_sock(int recursing) request.flags = WBFLAG_RECURSE; if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { int fd; - if ((fd = winbind_named_pipe_sock(response.extra_data.data)) != -1) { + if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; } -- cgit From 2145eff91d5b7e16ee486b410181f4b849a3fb9e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 19 Oct 2006 22:34:58 +0000 Subject: r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn off winbindd and fail to disable the _NO_WINBIND environment. (This used to be commit a6366b40b3967853c20ca5399021108f09ffd505) --- source3/nsswitch/wb_common.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index e665a0ffd5..05238f16fb 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -525,15 +525,11 @@ int read_reply(struct winbindd_response *response) NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) { struct winbindd_request lrequest; - char *env; - int value; - + /* Check for our tricky environment variable */ - if ( (env = getenv(WINBINDD_DONT_ENV)) != NULL ) { - value = atoi(env); - if ( value == 1 ) - return NSS_STATUS_NOTFOUND; + if (winbind_env_set()) { + return NSS_STATUS_NOTFOUND; } if (!request) { @@ -632,3 +628,14 @@ BOOL winbind_on( void ) return putenv(s) != -1; } +BOOL winbind_env_set( void ) +{ + char *env; + + if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) { + if(strequal(env, "1")) { + return True; + } + } + return False; +} -- cgit From 80d40172efa3b5c051cc4a40d5599f73e6481737 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 19 Oct 2006 22:41:11 +0000 Subject: r19420: Remove strequal and use strcmp() instead. Meant to make the change before theprevious commit. (This used to be commit 815388c4c8be1274359679077a120fec4cc39b0f) --- source3/nsswitch/wb_common.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 05238f16fb..19ee72f9e4 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -518,6 +518,18 @@ int read_reply(struct winbindd_response *response) return result1 + result2; } +BOOL winbind_env_set( void ) +{ + char *env; + + if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) { + if(strcmp(env, "1") == 0) { + return True; + } + } + return False; +} + /* * send simple types of requests */ @@ -628,14 +640,3 @@ BOOL winbind_on( void ) return putenv(s) != -1; } -BOOL winbind_env_set( void ) -{ - char *env; - - if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) { - if(strequal(env, "1")) { - return True; - } - } - return False; -} -- cgit From e59e787b4868acffad49b6264e319d585643d5ab Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 20 Dec 2006 01:10:04 +0000 Subject: r20269: merge -r20264:20267 from SAMBA_3_0_24 more no previous prototype warnings (This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5) --- source3/nsswitch/wb_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 19ee72f9e4..f904dd1a59 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -26,6 +26,10 @@ #include "winbind_client.h" +BOOL winbind_env_set( void ); +BOOL winbind_off( void ); +BOOL winbind_on( void ); + /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ @@ -53,7 +57,7 @@ void init_request(struct winbindd_request *request, int request_type) /* Initialise a response structure */ -void init_response(struct winbindd_response *response) +static void init_response(struct winbindd_response *response) { /* Initialise return value */ -- cgit From d4e430d0c7f725b162bdfd09d1e915b1144fdda7 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Thu, 8 Feb 2007 02:17:29 +0000 Subject: r21231: get rid of unused defines that cause a redefined warning (This used to be commit 509ae5ffa17be340c41fecaaace75816c18316c6) --- source3/nsswitch/wb_common.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index f904dd1a59..05d2a660e7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -75,8 +75,6 @@ void close_sock(void) } #define CONNECT_TIMEOUT 30 -#define WRITE_TIMEOUT CONNECT_TIMEOUT -#define READ_TIMEOUT CONNECT_TIMEOUT /* Make sure socket handle isn't stdin, stdout or stderr */ #define RECURSION_LIMIT 3 -- cgit From 2b302791695fe29af369c3c17dc740f45d3cadd9 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Fri, 16 Feb 2007 19:49:12 +0000 Subject: r21396: fix wbinfo --lookup-rids command allow detection of libbiconv if all others fail - need for FreeBSD (This used to be commit 7acc9421b0643cb04bff1f1d98ecb899f9b09601) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 05d2a660e7..13cefd135d 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -504,7 +504,7 @@ int read_reply(struct winbindd_response *response) /* Mallocate memory for extra data */ - if (!(response->extra_data.data = malloc(extra_data_len))) { + if (!(response->extra_data.data = SMB_MALLOC(extra_data_len))) { return -1; } -- cgit From 6432e901c72f533d61a7f9b9ba35203bd9357f8d Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Fri, 16 Feb 2007 20:02:13 +0000 Subject: r21397: revert accidential commit (This used to be commit 9fe5f7885771e68b11c7794653d0e4771eeac403) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 13cefd135d..05d2a660e7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -504,7 +504,7 @@ int read_reply(struct winbindd_response *response) /* Mallocate memory for extra data */ - if (!(response->extra_data.data = SMB_MALLOC(extra_data_len))) { + if (!(response->extra_data.data = malloc(extra_data_len))) { return -1; } -- cgit From 3fdef9433a9e08064b32e34a16ce62a60ce144fb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 19 Mar 2007 21:04:56 +0000 Subject: r21878: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c) --- source3/nsswitch/wb_common.c | 47 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 40 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 05d2a660e7..fb84373aa6 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -33,6 +33,7 @@ BOOL winbind_on( void ); /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ +static int is_privileged = 0; /* Free a response structure */ @@ -287,7 +288,7 @@ static int winbind_named_pipe_sock(const char *dir) /* Connect to winbindd socket */ -static int winbind_open_pipe_sock(int recursing) +static int winbind_open_pipe_sock(int recursing, int need_priv) { #ifdef HAVE_UNIXSOCKET static pid_t our_pid; @@ -300,6 +301,10 @@ static int winbind_open_pipe_sock(int recursing) close_sock(); our_pid = getpid(); } + + if ((need_priv != 0) && (is_privileged == 0)) { + close_sock(); + } if (winbindd_fd != -1) { return winbindd_fd; @@ -313,6 +318,8 @@ static int winbind_open_pipe_sock(int recursing) return -1; } + is_privileged = 0; + /* version-check the socket */ request.flags = WBFLAG_RECURSE; @@ -329,9 +336,14 @@ static int winbind_open_pipe_sock(int recursing) if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; + is_privileged = 1; } } + if ((need_priv != 0) && (is_privileged == 0)) { + return -1; + } + SAFE_FREE(response.extra_data.data); return winbindd_fd; @@ -342,7 +354,7 @@ static int winbind_open_pipe_sock(int recursing) /* Write data to winbindd socket */ -int write_sock(void *buffer, int count, int recursing) +int write_sock(void *buffer, int count, int recursing, int need_priv) { int result, nwritten; @@ -350,7 +362,7 @@ int write_sock(void *buffer, int count, int recursing) restart: - if (winbind_open_pipe_sock(recursing) == -1) { + if (winbind_open_pipe_sock(recursing, need_priv) == -1) { return -1; } @@ -536,7 +548,8 @@ BOOL winbind_env_set( void ) * send simple types of requests */ -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) +NSS_STATUS winbindd_send_request(int req_type, int need_priv, + struct winbindd_request *request) { struct winbindd_request lrequest; @@ -555,12 +568,14 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) init_request(request, req_type); - if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) { + if (write_sock(request, sizeof(*request), + request->flags & WBFLAG_RECURSE, need_priv) == -1) { return NSS_STATUS_UNAVAIL; } if ((request->extra_len != 0) && - (write_sock(request->extra_data.data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { + (write_sock(request->extra_data.data, request->extra_len, + request->flags & WBFLAG_RECURSE, need_priv) == -1)) { return NSS_STATUS_UNAVAIL; } @@ -610,7 +625,25 @@ NSS_STATUS winbindd_request_response(int req_type, int count = 0; while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { - status = winbindd_send_request(req_type, request); + status = winbindd_send_request(req_type, 0, request); + if (status != NSS_STATUS_SUCCESS) + return(status); + status = winbindd_get_response(response); + count += 1; + } + + return status; +} + +NSS_STATUS winbindd_priv_request_response(int req_type, + struct winbindd_request *request, + struct winbindd_response *response) +{ + NSS_STATUS status = NSS_STATUS_UNAVAIL; + int count = 0; + + while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { + status = winbindd_send_request(req_type, 1, request); if (status != NSS_STATUS_SUCCESS) return(status); status = winbindd_get_response(response); -- cgit From 719f4657e8c987cd29e8824dd3938f5609da9d61 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 22 Mar 2007 18:36:09 +0000 Subject: r21935: Revert obviously not sufficiently tested code -- sorry for the pain. I am afraid I was basically off the net for the day (This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10) --- source3/nsswitch/wb_common.c | 47 +++++++------------------------------------- 1 file changed, 7 insertions(+), 40 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index fb84373aa6..05d2a660e7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -33,7 +33,6 @@ BOOL winbind_on( void ); /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ -static int is_privileged = 0; /* Free a response structure */ @@ -288,7 +287,7 @@ static int winbind_named_pipe_sock(const char *dir) /* Connect to winbindd socket */ -static int winbind_open_pipe_sock(int recursing, int need_priv) +static int winbind_open_pipe_sock(int recursing) { #ifdef HAVE_UNIXSOCKET static pid_t our_pid; @@ -301,10 +300,6 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) close_sock(); our_pid = getpid(); } - - if ((need_priv != 0) && (is_privileged == 0)) { - close_sock(); - } if (winbindd_fd != -1) { return winbindd_fd; @@ -318,8 +313,6 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) return -1; } - is_privileged = 0; - /* version-check the socket */ request.flags = WBFLAG_RECURSE; @@ -336,14 +329,9 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; - is_privileged = 1; } } - if ((need_priv != 0) && (is_privileged == 0)) { - return -1; - } - SAFE_FREE(response.extra_data.data); return winbindd_fd; @@ -354,7 +342,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) /* Write data to winbindd socket */ -int write_sock(void *buffer, int count, int recursing, int need_priv) +int write_sock(void *buffer, int count, int recursing) { int result, nwritten; @@ -362,7 +350,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) restart: - if (winbind_open_pipe_sock(recursing, need_priv) == -1) { + if (winbind_open_pipe_sock(recursing) == -1) { return -1; } @@ -548,8 +536,7 @@ BOOL winbind_env_set( void ) * send simple types of requests */ -NSS_STATUS winbindd_send_request(int req_type, int need_priv, - struct winbindd_request *request) +NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) { struct winbindd_request lrequest; @@ -568,14 +555,12 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv, init_request(request, req_type); - if (write_sock(request, sizeof(*request), - request->flags & WBFLAG_RECURSE, need_priv) == -1) { + if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) { return NSS_STATUS_UNAVAIL; } if ((request->extra_len != 0) && - (write_sock(request->extra_data.data, request->extra_len, - request->flags & WBFLAG_RECURSE, need_priv) == -1)) { + (write_sock(request->extra_data.data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { return NSS_STATUS_UNAVAIL; } @@ -625,25 +610,7 @@ NSS_STATUS winbindd_request_response(int req_type, int count = 0; while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { - status = winbindd_send_request(req_type, 0, request); - if (status != NSS_STATUS_SUCCESS) - return(status); - status = winbindd_get_response(response); - count += 1; - } - - return status; -} - -NSS_STATUS winbindd_priv_request_response(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - NSS_STATUS status = NSS_STATUS_UNAVAIL; - int count = 0; - - while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { - status = winbindd_send_request(req_type, 1, request); + status = winbindd_send_request(req_type, request); if (status != NSS_STATUS_SUCCESS) return(status); status = winbindd_get_response(response); -- cgit From 5b105eaf7c3ce4ad174f0c389ed9b0c60dec66ca Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 22 Mar 2007 21:41:36 +0000 Subject: r21940: Sorry Volker, I have to revert your revert in r21935. We can talk about this later if you still feel that strongly but I need to fix the build for now. (This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26) --- source3/nsswitch/wb_common.c | 47 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 40 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 05d2a660e7..fb84373aa6 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -33,6 +33,7 @@ BOOL winbind_on( void ); /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ +static int is_privileged = 0; /* Free a response structure */ @@ -287,7 +288,7 @@ static int winbind_named_pipe_sock(const char *dir) /* Connect to winbindd socket */ -static int winbind_open_pipe_sock(int recursing) +static int winbind_open_pipe_sock(int recursing, int need_priv) { #ifdef HAVE_UNIXSOCKET static pid_t our_pid; @@ -300,6 +301,10 @@ static int winbind_open_pipe_sock(int recursing) close_sock(); our_pid = getpid(); } + + if ((need_priv != 0) && (is_privileged == 0)) { + close_sock(); + } if (winbindd_fd != -1) { return winbindd_fd; @@ -313,6 +318,8 @@ static int winbind_open_pipe_sock(int recursing) return -1; } + is_privileged = 0; + /* version-check the socket */ request.flags = WBFLAG_RECURSE; @@ -329,9 +336,14 @@ static int winbind_open_pipe_sock(int recursing) if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; + is_privileged = 1; } } + if ((need_priv != 0) && (is_privileged == 0)) { + return -1; + } + SAFE_FREE(response.extra_data.data); return winbindd_fd; @@ -342,7 +354,7 @@ static int winbind_open_pipe_sock(int recursing) /* Write data to winbindd socket */ -int write_sock(void *buffer, int count, int recursing) +int write_sock(void *buffer, int count, int recursing, int need_priv) { int result, nwritten; @@ -350,7 +362,7 @@ int write_sock(void *buffer, int count, int recursing) restart: - if (winbind_open_pipe_sock(recursing) == -1) { + if (winbind_open_pipe_sock(recursing, need_priv) == -1) { return -1; } @@ -536,7 +548,8 @@ BOOL winbind_env_set( void ) * send simple types of requests */ -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) +NSS_STATUS winbindd_send_request(int req_type, int need_priv, + struct winbindd_request *request) { struct winbindd_request lrequest; @@ -555,12 +568,14 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) init_request(request, req_type); - if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) { + if (write_sock(request, sizeof(*request), + request->flags & WBFLAG_RECURSE, need_priv) == -1) { return NSS_STATUS_UNAVAIL; } if ((request->extra_len != 0) && - (write_sock(request->extra_data.data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) { + (write_sock(request->extra_data.data, request->extra_len, + request->flags & WBFLAG_RECURSE, need_priv) == -1)) { return NSS_STATUS_UNAVAIL; } @@ -610,7 +625,25 @@ NSS_STATUS winbindd_request_response(int req_type, int count = 0; while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { - status = winbindd_send_request(req_type, request); + status = winbindd_send_request(req_type, 0, request); + if (status != NSS_STATUS_SUCCESS) + return(status); + status = winbindd_get_response(response); + count += 1; + } + + return status; +} + +NSS_STATUS winbindd_priv_request_response(int req_type, + struct winbindd_request *request, + struct winbindd_response *response) +{ + NSS_STATUS status = NSS_STATUS_UNAVAIL; + int count = 0; + + while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) { + status = winbindd_send_request(req_type, 1, request); if (status != NSS_STATUS_SUCCESS) return(status); status = winbindd_get_response(response); -- cgit From fd881dad3fb03888b79cc84f287c093d163475c7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:31:50 +0000 Subject: r23794: convert more code from LGPLv2+ to LGPLv3+ (This used to be commit f3df6cd87e1927f41e95af51d750a71278282e15) --- source3/nsswitch/wb_common.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index fb84373aa6..3a3c048cbd 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -11,17 +11,15 @@ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 3 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. + You should have received a copy of the GNU Library General Public License + along with this program. If not, see . */ #include "winbind_client.h" -- cgit From 28b9d61076912adbc0c6571c71688aa6831506bf Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 04:04:46 +0000 Subject: r23800: LGPL is now called GNU Lesser General Public License not GNU Library General Public License (This used to be commit 727a6cf2cba8da6b40610409b264e86e6908eb0c) --- source3/nsswitch/wb_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 3a3c048cbd..52913668e5 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -9,7 +9,7 @@ This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public + modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. @@ -18,7 +18,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - You should have received a copy of the GNU Library General Public License + You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ -- cgit From a718a93d702d2f83e4a731c429eee24d119fe528 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 22 Aug 2007 13:51:44 +0000 Subject: r24629: Make read_sock return the total number of bytes read instead of the number of bytes read in the last of possibly several read calls. This was noted by Metze. Michael (This used to be commit 0193a49223c6314e2834c89fff9920ae7edc4f8a) --- source3/nsswitch/wb_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 52913668e5..5072b81515 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -420,7 +420,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) static int read_sock(void *buffer, int count) { - int result = 0, nread = 0; + int nread = 0; int total_time = 0, selret; if (winbindd_fd == -1) { @@ -461,7 +461,7 @@ static int read_sock(void *buffer, int count) /* Do the Read */ - result = read(winbindd_fd, (char *)buffer + nread, + int result = read(winbindd_fd, (char *)buffer + nread, count - nread); if ((result == -1) || (result == 0)) { @@ -479,7 +479,7 @@ static int read_sock(void *buffer, int count) } } - return result; + return nread; } /* Read reply */ -- cgit From c790f6437f465d9dda3dd48dca549c76d5d2fdb8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 28 Aug 2007 12:49:46 +0000 Subject: r24734: Move nss_err_str() to a more public place. Guenther (This used to be commit f62292c5a1bcae2bfa10632014c5ac06dd1f50bb) --- source3/nsswitch/wb_common.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 5072b81515..d717e9db7f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -673,3 +673,23 @@ BOOL winbind_on( void ) return putenv(s) != -1; } +/************************************************************************* + ************************************************************************/ + +const char *nss_err_str(NSS_STATUS ret) +{ + switch (ret) { + case NSS_STATUS_TRYAGAIN: + return "NSS_STATUS_TRYAGAIN"; + case NSS_STATUS_SUCCESS: + return "NSS_STATUS_SUCCESS"; + case NSS_STATUS_NOTFOUND: + return "NSS_STATUS_NOTFOUND"; + case NSS_STATUS_UNAVAIL: + return "NSS_STATUS_UNAVAIL"; + case NSS_STATUS_RETURN: + return "NSS_STATUS_RETURN"; + default: + return "UNKNOWN RETURN CODE!!!!!!!"; + } +} -- cgit From c087807ee4bc1fd81e28ea3397cc5d07292cdc3f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 28 Aug 2007 14:31:31 +0000 Subject: r24740: Fix the build. Guenther (This used to be commit a30549bbf4521232158262e117219b0fa8f5eb74) --- source3/nsswitch/wb_common.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index d717e9db7f..feae08ef3e 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -687,8 +687,10 @@ const char *nss_err_str(NSS_STATUS ret) return "NSS_STATUS_NOTFOUND"; case NSS_STATUS_UNAVAIL: return "NSS_STATUS_UNAVAIL"; +#ifdef NSS_STATUS_RETURN case NSS_STATUS_RETURN: return "NSS_STATUS_RETURN"; +#endif default: return "UNKNOWN RETURN CODE!!!!!!!"; } -- cgit From a090092cd2be31ee0785f3cf4cfd122fc11a168a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 28 Aug 2007 15:16:42 +0000 Subject: r24746: As the winbindd pipe is officially broken since a while: split out request specfic and generic flags in a winbindd_request. It turns out that the WBFLAG_RECURSE flag is the only non-PAM specific flag we put into the "flags" field of a winbind request anyway. Now each request command can use the entire space of the "flags" field. Guenther (This used to be commit 18b29763d1ea0e9198f45bafa460dd68cb69a3d5) --- source3/nsswitch/wb_common.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index feae08ef3e..809549ffd7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -320,7 +320,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) /* version-check the socket */ - request.flags = WBFLAG_RECURSE; + request.wb_flags = WBFLAG_RECURSE; if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { close_sock(); return -1; @@ -328,7 +328,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) /* try and get priv pipe */ - request.flags = WBFLAG_RECURSE; + request.wb_flags = WBFLAG_RECURSE; if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { int fd; if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { @@ -567,13 +567,13 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv, init_request(request, req_type); if (write_sock(request, sizeof(*request), - request->flags & WBFLAG_RECURSE, need_priv) == -1) { + request->wb_flags & WBFLAG_RECURSE, need_priv) == -1) { return NSS_STATUS_UNAVAIL; } if ((request->extra_len != 0) && (write_sock(request->extra_data.data, request->extra_len, - request->flags & WBFLAG_RECURSE, need_priv) == -1)) { + request->wb_flags & WBFLAG_RECURSE, need_priv) == -1)) { return NSS_STATUS_UNAVAIL; } -- cgit From 52936b1c86afcc6a317807a7e1ad6421b2e09379 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Sep 2007 14:14:02 +0000 Subject: r25130: make use only of base types which are provided by libreplace in winbind client and nss/pam stuff metze (This used to be commit 2e13e05fa91788bd128e6940bccc0d2cc7140986) --- source3/nsswitch/wb_common.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 809549ffd7..9f02b9b7c7 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -24,10 +24,6 @@ #include "winbind_client.h" -BOOL winbind_env_set( void ); -BOOL winbind_off( void ); -BOOL winbind_on( void ); - /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ @@ -530,16 +526,16 @@ int read_reply(struct winbindd_response *response) return result1 + result2; } -BOOL winbind_env_set( void ) +bool winbind_env_set(void) { char *env; if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) { if(strcmp(env, "1") == 0) { - return True; + return true; } } - return False; + return false; } /* @@ -656,21 +652,14 @@ NSS_STATUS winbindd_priv_request_response(int req_type, enable them ************************************************************************/ -/* Use putenv() instead of setenv() in these functions as not all - environments have the latter. */ - -BOOL winbind_off( void ) +bool winbind_off(void) { - static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=1"); - - return putenv(s) != -1; + return setenv(WINBINDD_DONT_ENV, "1", 1) != -1; } -BOOL winbind_on( void ) +bool winbind_on(void) { - static char *s = CONST_DISCARD(char *, WINBINDD_DONT_ENV "=0"); - - return putenv(s) != -1; + return setenv(WINBINDD_DONT_ENV, "0", 1) != -1; } /************************************************************************* -- cgit From 28d076d20f9ce8afbee9a5de157ec0c9e308c9cf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Sep 2007 07:07:59 +0000 Subject: r25143: rename public functions from winbind_client.h init_request => winbindd_init_request free_response => winbindd_free_response read_reply => winbindd_read_reply write_sock => winbind_write_sock read_sock => winbind_read_sock close_sock => winbind_close_sock(void) metze (This used to be commit 8a95d7a7edcfa5e45bccc6eda5c45d9c308cb95d) --- source3/nsswitch/wb_common.c | 60 +++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 28 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 9f02b9b7c7..bc65239b1b 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -31,7 +31,7 @@ static int is_privileged = 0; /* Free a response structure */ -void free_response(struct winbindd_response *response) +void winbindd_free_response(struct winbindd_response *response) { /* Free any allocated extra_data */ @@ -41,7 +41,7 @@ void free_response(struct winbindd_response *response) /* Initialise a request structure */ -void init_request(struct winbindd_request *request, int request_type) +void winbindd_init_request(struct winbindd_request *request, int request_type) { request->length = sizeof(struct winbindd_request); @@ -61,7 +61,7 @@ static void init_response(struct winbindd_response *response) /* Close established socket */ -void close_sock(void) +void winbind_close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); @@ -292,12 +292,12 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) ZERO_STRUCT(response); if (our_pid != getpid()) { - close_sock(); + winbind_close_sock(); our_pid = getpid(); } if ((need_priv != 0) && (is_privileged == 0)) { - close_sock(); + winbind_close_sock(); } if (winbindd_fd != -1) { @@ -318,7 +318,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) request.wb_flags = WBFLAG_RECURSE; if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) { - close_sock(); + winbind_close_sock(); return -1; } @@ -348,7 +348,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) /* Write data to winbindd socket */ -int write_sock(void *buffer, int count, int recursing, int need_priv) +int winbind_write_sock(void *buffer, int count, int recursing, int need_priv) { int result, nwritten; @@ -376,7 +376,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) ZERO_STRUCT(tv); if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { - close_sock(); + winbind_close_sock(); return -1; /* Select error */ } @@ -394,7 +394,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) /* Write failed */ - close_sock(); + winbind_close_sock(); return -1; } @@ -404,7 +404,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) /* Pipe has closed on remote end */ - close_sock(); + winbind_close_sock(); goto restart; } } @@ -414,7 +414,7 @@ int write_sock(void *buffer, int count, int recursing, int need_priv) /* Read data from winbindd socket */ -static int read_sock(void *buffer, int count) +int winbind_read_sock(void *buffer, int count) { int nread = 0; int total_time = 0, selret; @@ -438,7 +438,7 @@ static int read_sock(void *buffer, int count) tv.tv_sec = 5; if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) { - close_sock(); + winbind_close_sock(); return -1; /* Select error */ } @@ -446,7 +446,7 @@ static int read_sock(void *buffer, int count) /* Not ready for read yet... */ if (total_time >= 30) { /* Timeout */ - close_sock(); + winbind_close_sock(); return -1; } total_time += 5; @@ -466,7 +466,7 @@ static int read_sock(void *buffer, int count) can do here is just return -1 and fail since the transaction has failed half way through. */ - close_sock(); + winbind_close_sock(); return -1; } @@ -480,7 +480,7 @@ static int read_sock(void *buffer, int count) /* Read reply */ -int read_reply(struct winbindd_response *response) +int winbindd_read_reply(struct winbindd_response *response) { int result1, result2 = 0; @@ -490,9 +490,9 @@ int read_reply(struct winbindd_response *response) /* Read fixed length response */ - if ((result1 = read_sock(response, sizeof(struct winbindd_response))) - == -1) { - + result1 = winbind_read_sock(response, + sizeof(struct winbindd_response)); + if (result1 == -1) { return -1; } @@ -514,9 +514,10 @@ int read_reply(struct winbindd_response *response) return -1; } - if ((result2 = read_sock(response->extra_data.data, extra_data_len)) - == -1) { - free_response(response); + result2 = winbind_read_sock(response->extra_data.data, + extra_data_len); + if (result2 == -1) { + winbindd_free_response(response); return -1; } } @@ -560,16 +561,19 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv, /* Fill in request and send down pipe */ - init_request(request, req_type); + winbindd_init_request(request, req_type); - if (write_sock(request, sizeof(*request), - request->wb_flags & WBFLAG_RECURSE, need_priv) == -1) { + if (winbind_write_sock(request, sizeof(*request), + request->wb_flags & WBFLAG_RECURSE, + need_priv) == -1) { return NSS_STATUS_UNAVAIL; } if ((request->extra_len != 0) && - (write_sock(request->extra_data.data, request->extra_len, - request->wb_flags & WBFLAG_RECURSE, need_priv) == -1)) { + (winbind_write_sock(request->extra_data.data, + request->extra_len, + request->wb_flags & WBFLAG_RECURSE, + need_priv) == -1)) { return NSS_STATUS_UNAVAIL; } @@ -592,13 +596,13 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response) init_response(response); /* Wait for reply */ - if (read_reply(response) == -1) { + if (winbindd_read_reply(response) == -1) { return NSS_STATUS_UNAVAIL; } /* Throw away extra data if client didn't request it */ if (response == &lresponse) { - free_response(response); + winbindd_free_response(response); } /* Copy reply data from socket */ -- cgit From 6e4bf4c18897640f0ec795fba75526a4e0892f25 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 15 Sep 2007 18:55:04 +0000 Subject: r25177: if configured using --enable-socket-wrapper allow overwritting the location of the WINBINDD_SOCKET_DIR via an environment variable metze (This used to be commit 93bdd2724cc711005a5f2f223b499199394e78e7) --- source3/nsswitch/wb_common.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index bc65239b1b..2ae85dcb1e 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -280,6 +280,20 @@ static int winbind_named_pipe_sock(const char *dir) return -1; } +static const char *winbindd_socket_dir(void) +{ +#ifdef SOCKET_WRAPPER + const char *env_dir; + + env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR); + if (env_dir) { + return env_dir; + } +#endif + + return WINBINDD_SOCKET_DIR; +} + /* Connect to winbindd socket */ static int winbind_open_pipe_sock(int recursing, int need_priv) @@ -308,7 +322,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) return -1; } - if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) { + if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) { return -1; } -- cgit From 80c2446321c519797a57b8006942a983f8481d79 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 26 Nov 2007 17:24:56 -0800 Subject: Remove pstrings from nsswitch/ and registry/ Jeremy. (This used to be commit 331c0d6216e1a1607a49ed7eb4078e10138ec16a) --- source3/nsswitch/wb_common.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 2ae85dcb1e..49a2935bff 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -168,54 +168,51 @@ static int winbind_named_pipe_sock(const char *dir) { struct sockaddr_un sunaddr; struct stat st; - pstring path; + char *path = NULL; int fd; int wait_time; int slept; - + /* Check permissions on unix socket directory */ - + if (lstat(dir, &st) == -1) { return -1; } - - if (!S_ISDIR(st.st_mode) || + + if (!S_ISDIR(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { return -1; } - + /* Connect to socket */ - - strncpy(path, dir, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, "/", sizeof(path) - 1 - strlen(path)); - path[sizeof(path) - 1] = '\0'; - - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1 - strlen(path)); - path[sizeof(path) - 1] = '\0'; - + + if (asprintf(&path, "%s/%s", dir, WINBINDD_SOCKET_NAME) < 0) { + return -1; + } + ZERO_STRUCT(sunaddr); sunaddr.sun_family = AF_UNIX; strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); - + /* If socket file doesn't exist, don't bother trying to connect with retry. This is an attempt to make the system usable when the winbindd daemon is not running. */ if (lstat(path, &st) == -1) { + SAFE_FREE(path); return -1; } - + + SAFE_FREE(path); /* Check permissions on unix socket file */ - - if (!S_ISSOCK(st.st_mode) || + + if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { return -1; } - + /* Connect to socket */ - + if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { return -1; } -- cgit From cedfcaec0c36b58a88eaaa60283a807e0a8a71fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Feb 2008 18:35:58 +0100 Subject: nsswitch: convert winbind_env_set(), winbind_on() and winbind_off() into macros metze (This used to be commit 5f623f54a919cc687d0ff16c16038c05a501008d) --- source3/nsswitch/wb_common.c | 27 --------------------------- 1 file changed, 27 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 49a2935bff..b113fc3336 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -538,18 +538,6 @@ int winbindd_read_reply(struct winbindd_response *response) return result1 + result2; } -bool winbind_env_set(void) -{ - char *env; - - if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) { - if(strcmp(env, "1") == 0) { - return true; - } - } - return false; -} - /* * send simple types of requests */ @@ -662,21 +650,6 @@ NSS_STATUS winbindd_priv_request_response(int req_type, return status; } -/************************************************************************* - A couple of simple functions to disable winbindd lookups and re- - enable them - ************************************************************************/ - -bool winbind_off(void) -{ - return setenv(WINBINDD_DONT_ENV, "1", 1) != -1; -} - -bool winbind_on(void) -{ - return setenv(WINBINDD_DONT_ENV, "0", 1) != -1; -} - /************************************************************************* ************************************************************************/ -- cgit From cf710f04644e19add5c954e2a2a9f24ec7148aef Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 20 Aug 2008 13:00:40 -0500 Subject: nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT According to the GNU libc nss guide, we should always set errno to ENOENT when returning NSS_UNAVAIL. http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface At least the MQ Series message queing service that runs on WebSphere will fail if you return any other errno in this case. (This used to be commit ee26664602445fa7798e2061f6bcbef0756d6528) --- source3/nsswitch/wb_common.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/wb_common.c') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index b113fc3336..6e6d2bbbf8 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -176,11 +176,13 @@ static int winbind_named_pipe_sock(const char *dir) /* Check permissions on unix socket directory */ if (lstat(dir, &st) == -1) { + errno = ENOENT; return -1; } if (!S_ISDIR(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { + errno = ENOENT; return -1; } @@ -199,6 +201,7 @@ static int winbind_named_pipe_sock(const char *dir) the winbindd daemon is not running. */ if (lstat(path, &st) == -1) { + errno = ENOENT; SAFE_FREE(path); return -1; } @@ -208,6 +211,7 @@ static int winbind_named_pipe_sock(const char *dir) if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { + errno = ENOENT; return -1; } @@ -368,6 +372,7 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv) restart: if (winbind_open_pipe_sock(recursing, need_priv) == -1) { + errno = ENOENT; return -1; } @@ -564,7 +569,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv, if (winbind_write_sock(request, sizeof(*request), request->wb_flags & WBFLAG_RECURSE, - need_priv) == -1) { + need_priv) == -1) + { + /* Set ENOENT for consistency. Required by some apps */ + errno = ENOENT; + return NSS_STATUS_UNAVAIL; } @@ -572,7 +581,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv, (winbind_write_sock(request->extra_data.data, request->extra_len, request->wb_flags & WBFLAG_RECURSE, - need_priv) == -1)) { + need_priv) == -1)) + { + /* Set ENOENT for consistency. Required by some apps */ + errno = ENOENT; + return NSS_STATUS_UNAVAIL; } @@ -596,6 +609,9 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response) /* Wait for reply */ if (winbindd_read_reply(response) == -1) { + /* Set ENOENT for consistency. Required by some apps */ + errno = ENOENT; + return NSS_STATUS_UNAVAIL; } -- cgit