From 5c2dfd959c0facc299bca62356d1221bcea653bf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 13 Apr 2002 02:24:07 +0000 Subject: Tidy up winbindd debug. Added Bill Moran's hide unreadable fix. Jeremy. (This used to be commit a9895fcb30cdcb572cd254b0d370d79f95c7214d) --- source3/nsswitch/winbindd.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index e9ee2a7693..479be79574 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -397,11 +397,8 @@ static void client_read(struct winbindd_cli_state *state) } while (n == -1 && errno == EINTR); - DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); - - /* Read failed, kill client */ - if (n == -1 || n == 0) { + /* Read failed, kill client */ DEBUG(5,("read failed on sock %d, pid %d: %s\n", state->sock, state->pid, (n == -1) ? strerror(errno) : "EOF")); @@ -410,6 +407,8 @@ static void client_read(struct winbindd_cli_state *state) return; } + DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); + /* Update client state */ state->read_buf_len += n; -- cgit From 35bc06d35cfff9d5f4ebf3c0d47a57165df09fd6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Apr 2002 05:14:50 +0000 Subject: modified the ADS backend to accept either the long or short versions of long usernames (win2000 usernames can be longer than 20 characters) (This used to be commit 0719e756f60950b9ec04450fda5cc3776752e9a9) --- source3/nsswitch/winbindd_ads.c | 55 ++++++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 11 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 22bad667c3..e74bd1e04c 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -186,6 +186,24 @@ static enum SID_NAME_USE ads_atype_map(uint32 atype) return SID_NAME_UNKNOWN; } +/* + in order to support usernames longer than 21 characters we need to + use both the sAMAccountName and the userPrincipalName attributes + It seems that not all users have the userPrincipalName attribute set +*/ +char *pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg) +{ + char *ret, *p; + + ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName"); + if (ret && (p = strchr(ret, '@'))) { + *p = 0; + return ret; + } + return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); +} + + /* Query display info for a realm. This is the basic user list fn */ static NTSTATUS query_user_list(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -193,7 +211,9 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, WINBIND_USERINFO **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", "primaryGroupID", + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "name", "objectSid", "primaryGroupID", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -240,7 +260,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + name = pull_username(ads, mem_ctx, msg); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); @@ -281,7 +301,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, struct acct_info **info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", + const char *attrs[] = {"userPrincipalName", "sAMAccountName", + "name", "objectSid", "sAMAccountType", NULL}; int i, count; ADS_STATUS rc; @@ -326,7 +347,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, &account_type) || !(account_type & ATYPE_GROUP)) continue; - name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + name = pull_username(ads, mem_ctx, msg); gecos = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %s !?\n", name)); @@ -377,7 +398,14 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, ads = ads_cached_connection(domain); if (!ads) goto done; - asprintf(&exp, "(sAMAccountName=%s)", name); + /* when a name is longer than 20 characters, the sAMAccountName can + be long or short! */ + if (strlen(name) > 20) { + asprintf(&exp, "(|(sAMAccountName=%s)(sAMAccountName=%.20s))", + name, name); + } else { + asprintf(&exp, "(sAMAccountName=%s)", name); + } rc = ads_search_retry(ads, &res, exp, attrs); free(exp); if (!ADS_ERR_OK(rc)) { @@ -421,7 +449,9 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, enum SID_NAME_USE *type) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "sAMAccountType", NULL}; + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "sAMAccountType", NULL}; ADS_STATUS rc; void *msg = NULL; char *exp; @@ -448,7 +478,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, goto done; } - *name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + *name = pull_username(ads, mem_ctx, msg); *type = ads_atype_map(atype); status = NT_STATUS_OK; @@ -511,7 +541,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, WINBIND_USERINFO *info) { ADS_STRUCT *ads = NULL; - const char *attrs[] = {"sAMAccountName", "name", "objectSid", + const char *attrs[] = {"userPrincipalName", + "sAMAccountName", + "name", "objectSid", "primaryGroupID", NULL}; ADS_STATUS rc; int count; @@ -544,7 +576,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - info->acct_name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + info->acct_name = pull_username(ads, mem_ctx, msg); info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { DEBUG(1,("No sid for %d !?\n", user_rid)); @@ -654,7 +686,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 **name_types) { DOM_SID group_sid; - const char *attrs[] = {"sAMAccountName", "objectSid", "sAMAccountType", NULL}; + const char *attrs[] = {"userPrincipalName", "sAMAccountName", + "objectSid", "sAMAccountType", NULL}; ADS_STATUS rc; int count; void *res=NULL, *msg=NULL; @@ -698,7 +731,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 atype, rid; DOM_SID sid; - (*names)[*num_names] = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName"); + (*names)[*num_names] = pull_username(ads, mem_ctx, msg); if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) { continue; } -- cgit From 58c7f38368df7bb3d5757540ef3210c2505c6e73 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Apr 2002 05:46:23 +0000 Subject: hanle the case where the win2000 username is completely different from the pre-win2000 username (This used to be commit aa139ba507e4b898377fdfc9b27f7febf029d5a4) --- source3/nsswitch/winbindd_ads.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index e74bd1e04c..e7db6efab6 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -398,14 +398,9 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, ads = ads_cached_connection(domain); if (!ads) goto done; - /* when a name is longer than 20 characters, the sAMAccountName can - be long or short! */ - if (strlen(name) > 20) { - asprintf(&exp, "(|(sAMAccountName=%s)(sAMAccountName=%.20s))", - name, name); - } else { - asprintf(&exp, "(sAMAccountName=%s)", name); - } + /* accept either the win2000 or the pre-win2000 username */ + asprintf(&exp, "(|(sAMAccountName=%s)(userPrincipalName=%s@%s))", + name, name, ads->realm); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); if (!ADS_ERR_OK(rc)) { -- cgit From a83a0ac9c560f92ad6f7a67cd9d769708ec8a554 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Apr 2002 05:51:13 +0000 Subject: pull_username() is a local function (This used to be commit fbf154bcfb68b90eb43ada9de317c93f43711608) --- source3/nsswitch/winbindd_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index e7db6efab6..af0933716b 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -191,7 +191,7 @@ static enum SID_NAME_USE ads_atype_map(uint32 atype) use both the sAMAccountName and the userPrincipalName attributes It seems that not all users have the userPrincipalName attribute set */ -char *pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg) +static char *pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg) { char *ret, *p; -- cgit From d0386372b2f491cd9281fc6466b1b5d2f5cf59a9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 14 Apr 2002 11:21:25 +0000 Subject: The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. (This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe) --- source3/nsswitch/winbindd_rpc.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 5af42ee041..39433419b0 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -187,7 +187,6 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, NTSTATUS status; DOM_SID *sids = NULL; uint32 *types = NULL; - int num_sids; const char *full_name; if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) { @@ -209,9 +208,10 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, } status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, - &full_name, &sids, &types, &num_sids); + &full_name, &sids, &types); - /* Return rid and type if lookup successful */ + /* Return rid and type if lookup successful */ + if (NT_STATUS_IS_OK(status)) { sid_copy(sid, &sids[0]); *type = types[0]; @@ -234,15 +234,13 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, char **domains; char **names; uint32 *types; - int num_names; NTSTATUS status; if (!(hnd = cm_get_lsa_handle(domain->name))) return NT_STATUS_UNSUCCESSFUL; status = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol, - 1, sid, &domains, &names, &types, - &num_names); + 1, sid, &domains, &names, &types); if (NT_STATUS_IS_OK(status)) { *type = types[0]; -- cgit From c0a991943044e038b78f796fb35d7625eb843d85 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Apr 2002 06:56:44 +0000 Subject: fixed the fallback to a BDC for ADS connections (This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a) --- source3/nsswitch/winbindd_ads.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index af0933716b..6c00ddb95f 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -119,6 +119,8 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) if (resolve_name(domain->name, &server_ip, 0x1b)) { sname = inet_ntoa(server_ip); + } else if (resolve_name(domain->name, &server_ip, 0x1c)) { + sname = inet_ntoa(server_ip); } else { if (strcasecmp(domain->name, lp_workgroup()) != 0) { DEBUG(1,("can't find domain controller for %s\n", domain->name)); @@ -127,7 +129,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) sname = NULL; } - ads = ads_init(primary_realm, sname, NULL, NULL); + ads = ads_init(primary_realm, domain->name, NULL, NULL, NULL); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", domain->name)); return NULL; -- cgit From fc78c773f8216df1bbaa88d9007cf3f5df386e3d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 19 Apr 2002 03:00:29 +0000 Subject: fixed trust relationships in ADS winbindd after breaking them with my BDC changes ... (This used to be commit 8096032663690eafb6bb8b4f405d6231389d4f80) --- source3/nsswitch/winbindd_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 6c00ddb95f..c16231b25d 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -58,7 +58,7 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope if (*res) ads_msgfree(ads, *res); *res = NULL; - DEBUG(1,("Reopening ads connection to %s after error %s\n", + DEBUG(3,("Reopening ads connection to %s after error %s\n", ads->ldap_server, ads_errstr(status))); if (ads->ld) { ldap_unbind(ads->ld); -- cgit From a67b5ac62fcd3e8bcef668a29094635a548e5744 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Apr 2002 04:11:27 +0000 Subject: a new "dual daemon" operating mode for winbindd this mode improves the response time of winbindd by having a background process update the cache while the forground process responds to queries from cache. You can enable this mode using the -B command line option. It is quite experimental, which is why it is not the default. (This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2) --- source3/nsswitch/winbindd.c | 135 +++++++++++++++++++++++++------------- source3/nsswitch/winbindd_cache.c | 16 ++++- source3/nsswitch/winbindd_proto.h | 10 +++ 3 files changed, 112 insertions(+), 49 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 479be79574..b198b4a163 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -4,6 +4,7 @@ Winbind daemon for ntdom nss module Copyright (C) by Tim Potter 2000, 2001 + Copyright (C) Andrew Tridgell 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -26,7 +27,8 @@ struct winbindd_cli_state *client_list; static int num_clients; -BOOL opt_nocache; +BOOL opt_nocache = False; +BOOL opt_dual_daemon = False; /* Reload configuration */ @@ -365,9 +367,10 @@ static void remove_client(struct winbindd_cli_state *state) } } + /* Process a complete received packet from a client */ -static void process_packet(struct winbindd_cli_state *state) +void winbind_process_packet(struct winbindd_cli_state *state) { /* Process request */ @@ -379,11 +382,16 @@ static void process_packet(struct winbindd_cli_state *state) state->read_buf_len = 0; state->write_buf_len = sizeof(struct winbindd_response); + + /* we might need to send it to the dual daemon */ + if (opt_dual_daemon) { + dual_send_request(state); + } } /* Read some data from a client connection */ -static void client_read(struct winbindd_cli_state *state) +void winbind_client_read(struct winbindd_cli_state *state) { int n; @@ -397,8 +405,11 @@ static void client_read(struct winbindd_cli_state *state) } while (n == -1 && errno == EINTR); + DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); + + /* Read failed, kill client */ + if (n == -1 || n == 0) { - /* Read failed, kill client */ DEBUG(5,("read failed on sock %d, pid %d: %s\n", state->sock, state->pid, (n == -1) ? strerror(errno) : "EOF")); @@ -407,8 +418,6 @@ static void client_read(struct winbindd_cli_state *state) return; } - DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); - /* Update client state */ state->read_buf_len += n; @@ -528,6 +537,10 @@ static void process_loop(int accept_sock) timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; timeout.tv_usec = 0; + if (opt_dual_daemon) { + maxfd = dual_select_setup(&w_fds, maxfd); + } + /* Set up client readers and writers */ state = client_list; @@ -582,6 +595,10 @@ static void process_loop(int accept_sock) if (selret > 0) { + if (opt_dual_daemon) { + dual_select(&w_fds); + } + if (FD_ISSET(accept_sock, &r_fds)) new_connection(accept_sock); @@ -595,7 +612,7 @@ static void process_loop(int accept_sock) /* Read data */ - client_read(state); + winbind_client_read(state); /* * If we have the start of a @@ -619,7 +636,7 @@ static void process_loop(int accept_sock) if (state->read_buf_len == sizeof(state->request)) { - process_packet(state); + winbind_process_packet(state); } } @@ -655,6 +672,57 @@ static void process_loop(int accept_sock) } } + +/* + these are split out from the main winbindd for use by the background daemon + */ +int winbind_setup_common(void) +{ + load_interfaces(); + + secrets_init(); + + /* Get list of domains we look up requests for. This includes the + domain which we are a member of as well as any trusted + domains. */ + + init_domain_list(); + + ZERO_STRUCT(server_state); + + /* Winbind daemon initialisation */ + + if (!winbindd_param_init()) + return 1; + + if (!winbindd_idmap_init()) + return 1; + + /* Unblock all signals we are interested in as they may have been + blocked by the parent process. */ + + BlockSignals(False, SIGINT); + BlockSignals(False, SIGQUIT); + BlockSignals(False, SIGTERM); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGUSR2); + BlockSignals(False, SIGHUP); + + /* Setup signal handlers */ + + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ + CatchSignal(SIGQUIT, termination_handler); + CatchSignal(SIGTERM, termination_handler); + + CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ + + CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ + CatchSignal(SIGHUP, sighup_handler); + + return 0; +} + + /* Main function */ struct winbindd_state server_state; /* Server state information */ @@ -664,6 +732,7 @@ static void usage(void) { printf("Usage: winbindd [options]\n"); printf("\t-i interactive mode\n"); + printf("\t-B dual daemon mode\n"); printf("\t-n disable cacheing\n"); printf("\t-d level set debug level\n"); printf("\t-s configfile choose smb.conf location\n"); @@ -708,7 +777,7 @@ int main(int argc, char **argv) /* Initialise samba/rpc client stuff */ - while ((opt = getopt(argc, argv, "id:s:nh")) != EOF) { + while ((opt = getopt(argc, argv, "id:s:nhB")) != EOF) { switch (opt) { /* Don't become a daemon */ @@ -716,6 +785,11 @@ int main(int argc, char **argv) interactive = True; break; + /* dual daemon system */ + case 'B': + opt_dual_daemon = True; + break; + /* disable cacheing */ case 'n': opt_nocache = True; @@ -782,46 +856,13 @@ int main(int argc, char **argv) setpgid( (pid_t)0, (pid_t)0); #endif - load_interfaces(); - - secrets_init(); - - /* Get list of domains we look up requests for. This includes the - domain which we are a member of as well as any trusted - domains. */ - - init_domain_list(); - - ZERO_STRUCT(server_state); - - /* Winbind daemon initialisation */ - - if (!winbindd_param_init()) - return 1; + if (opt_dual_daemon) { + do_dual_daemon(); + } - if (!winbindd_idmap_init()) + if (winbind_setup_common() != 0) { return 1; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); + } /* Initialise messaging system */ diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 9bd95fdd86..f65705e0fb 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -51,7 +51,7 @@ void wcache_flush_cache(void) if (opt_nocache) return; wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, - TDB_DEFAULT, O_RDWR | O_CREAT | O_TRUNC, 0600); + TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600); if (!wcache->tdb) { DEBUG(0,("Failed to open winbindd_cache.tdb!\n")); @@ -205,11 +205,17 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) { NTSTATUS status; unsigned time_diff; + unsigned cache_time = lp_winbind_cache_time(); + + /* trying to reconnect is expensive, don't do it too often */ + if (domain->sequence_number == DOM_SEQUENCE_NONE) { + cache_time *= 8; + } time_diff = time(NULL) - domain->last_seq_check; /* see if we have to refetch the domain sequence number */ - if (!force && (time_diff < lp_winbind_cache_time())) { + if (!force && (time_diff < cache_time)) { return; } @@ -289,9 +295,15 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, centry->sequence_number = centry_uint32(centry); if (centry_expired(domain, centry)) { + extern BOOL opt_dual_daemon; + if (opt_dual_daemon) { + extern BOOL backgroud_process; + backgroud_process = True; + } else { centry_free(centry); return NULL; } + } return centry; } diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index f3830cd63c..8cac542b88 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -6,6 +6,9 @@ /* The following definitions come from nsswitch/winbindd.c */ +void winbind_process_packet(struct winbindd_cli_state *state); +void winbind_client_read(struct winbindd_cli_state *state); +int winbind_setup_common(void); int main(int argc, char **argv); /* The following definitions come from nsswitch/winbindd_ads.c */ @@ -39,6 +42,13 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, struct cli_state **cli); void winbindd_cm_status(void); +/* The following definitions come from nsswitch/winbindd_dual.c */ + +int dual_select_setup(fd_set *fds, int maxfd); +void dual_select(fd_set *fds); +void dual_send_request(struct winbindd_cli_state *state); +void do_dual_daemon(void); + /* The following definitions come from nsswitch/winbindd_group.c */ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); -- cgit From 6e1c478082b23551285ad28a0790a57536af2817 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Apr 2002 09:51:14 +0000 Subject: main() needs to be indented to make sure it doesn't generate a prototype (This used to be commit fdfde9b84cf825d84316344fea5af43a9b8ebcc9) --- source3/nsswitch/winbindd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index b198b4a163..2c88d11cae 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -739,7 +739,7 @@ static void usage(void) printf("\t-h show this help message\n"); } -int main(int argc, char **argv) + int main(int argc, char **argv) { extern BOOL AllowDebugChange; extern pstring global_myname; -- cgit From a87a63a958a8ab820562cb0671be2130576d9c9a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Apr 2002 09:59:48 +0000 Subject: damn! I forgot to commit winbindd_dual.c (This used to be commit f3764ab2c602d6af9dce15f0d525a9f11c1723f1) --- source3/nsswitch/winbindd_dual.c | 205 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 source3/nsswitch/winbindd_dual.c (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c new file mode 100644 index 0000000000..c91021adf8 --- /dev/null +++ b/source3/nsswitch/winbindd_dual.c @@ -0,0 +1,205 @@ +/* + Unix SMB/CIFS implementation. + + Winbind background daemon + + Copyright (C) Andrew Tridgell 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + the idea of the optional dual daemon mode is ot prevent slow domain + responses from clagging up the rest of the system. When in dual + daemon mode winbindd always responds to requests from cache if the + request is in cache, and if the cached answer is stale then it asks + the "dual daemon" to update the cache for that request + + */ + +#include "winbindd.h" + +extern BOOL opt_dual_daemon; +BOOL backgroud_process = False; +int dual_daemon_pipe = -1; + + +/* a list of requests ready to be sent to the dual daemon */ +struct dual_list { + struct dual_list *next; + char *data; + int length; + int offset; +}; + +static struct dual_list *dual_list; +static struct dual_list *dual_list_end; + +/* + setup a select() including the dual daemon pipe + */ +int dual_select_setup(fd_set *fds, int maxfd) +{ + if (dual_daemon_pipe == -1 || + !dual_list) { + return maxfd; + } + + FD_SET(dual_daemon_pipe, fds); + if (dual_daemon_pipe > maxfd) { + maxfd = dual_daemon_pipe; + } + return maxfd; +} + + +/* + a hook called from the main winbindd select() loop to handle writes + to the dual daemon pipe +*/ +void dual_select(fd_set *fds) +{ + int n; + + if (dual_daemon_pipe == -1 || + !dual_list || + !FD_ISSET(dual_daemon_pipe, fds)) { + return; + } + + n = write(dual_daemon_pipe, + &dual_list->data[dual_list->offset], + dual_list->length - dual_list->offset); + + if (n <= 0) { + /* the pipe is dead! fall back to normal operation */ + dual_daemon_pipe = -1; + return; + } + + dual_list->offset += n; + + if (dual_list->offset == dual_list->length) { + struct dual_list *next; + next = dual_list->next; + free(dual_list->data); + free(dual_list); + dual_list = next; + if (!dual_list) { + dual_list_end = NULL; + } + } +} + +/* + send a request to the background daemon + this is called for stale cached entries +*/ +void dual_send_request(struct winbindd_cli_state *state) +{ + struct dual_list *list; + + if (!backgroud_process) return; + + list = malloc(sizeof(*list)); + if (!list) return; + + list->next = NULL; + list->data = memdup(&state->request, sizeof(state->request)); + list->length = sizeof(state->request); + list->offset = 0; + + if (!dual_list_end) { + dual_list = list; + dual_list_end = list; + } else { + dual_list_end->next = list; + dual_list_end = list; + } + + backgroud_process = False; +} + + +/* +the main dual daemon +*/ +void do_dual_daemon(void) +{ + int fdpair[2]; + struct winbindd_cli_state state; + + if (pipe(fdpair) != 0) { + return; + } + + ZERO_STRUCT(state); + state.pid = getpid(); + + dual_daemon_pipe = fdpair[1]; + state.sock = fdpair[0]; + + if (fork() != 0) { + close(fdpair[0]); + return; + } + close(fdpair[1]); + + if (winbind_setup_common() != 0) _exit(0); + + dual_daemon_pipe = -1; + opt_dual_daemon = False; + + while (1) { + /* free up any talloc memory */ + lp_talloc_free(); + main_loop_talloc_free(); + + /* fetch a request from the main daemon */ + winbind_client_read(&state); + + if (state.finished) { + /* we lost contact with our parent */ + exit(0); + } + + /* process full rquests */ + if (state.read_buf_len == sizeof(state.request)) { + DEBUG(4,("dual daemon request %d\n", (int)state.request.cmd)); + + /* special handling for the stateful requests */ + switch (state.request.cmd) { + case WINBINDD_GETPWENT: + winbindd_setpwent(&state); + break; + + case WINBINDD_GETGRENT: + winbindd_setgrent(&state); + break; + default: + break; + } + + winbind_process_packet(&state); + SAFE_FREE(state.response.extra_data); + + free_getent_state(state.getpwent_state); + free_getent_state(state.getgrent_state); + state.getpwent_state = NULL; + state.getgrent_state = NULL; + } + } +} + -- cgit From 52c7c149c5675d5d718455099f89a9cc9911d545 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Apr 2002 00:56:43 +0000 Subject: Fix from Herb for upgrading from big-endian earlier databases. Jeremy. (This used to be commit e65563fc9eb454988c11c12e3e979dd07e3032a3) --- source3/nsswitch/winbindd_idmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index bae61449ee..6528efea43 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -374,8 +374,8 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - if (IREV(vers) == IDMAP_VERSION) { - /* Arrggghh ! Bytereversed - make order independent ! */ + if ((vers == -1) || (IREV(vers) == IDMAP_VERSION)) { + /* Arrggghh ! Bytereversed or missing - make order independent ! */ int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); @@ -385,7 +385,7 @@ static BOOL idmap_convert(const char *idmap_name) else wm = server_state.uid_low; - if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) { + if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n")); return False; } @@ -395,7 +395,7 @@ static BOOL idmap_convert(const char *idmap_name) wm = IREV(wm); else wm = server_state.gid_low; - if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { + if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } -- cgit From 9199721eba64b7808471f6f0811dfd20e85938ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Apr 2002 23:11:26 +0000 Subject: Attempt to fix big-endian upgrade problem (Herb, Jerry, please check). Jeremy. (This used to be commit 54261460b35cc531e033a99596d5596e94bebe24) --- source3/nsswitch/winbindd_idmap.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 6528efea43..3649b8ff7a 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -363,6 +363,7 @@ fail: static BOOL idmap_convert(const char *idmap_name) { + BOOL bytereversed = False; int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); if (vers == IDMAP_VERSION) @@ -374,15 +375,18 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - if ((vers == -1) || (IREV(vers) == IDMAP_VERSION)) { + bytereversed = (IREV(vers) == IDMAP_VERSION) ? True : False; + + if ((vers == -1) || bytereversed) { /* Arrggghh ! Bytereversed or missing - make order independent ! */ int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - if (wm != -1) + if (wm != -1 && bytereversed) { + /* A record existed and it was from a big endian machine. */ wm = IREV(wm); - else + } else if (wm == -1) wm = server_state.uid_low; if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { @@ -391,10 +395,12 @@ static BOOL idmap_convert(const char *idmap_name) } wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) + if (wm != -1 && bytereversed) { + /* A record existed and it was from a big endian machine. */ wm = IREV(wm); - else + } else if (wm == -1) wm = server_state.gid_low; + if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; @@ -404,7 +410,7 @@ static BOOL idmap_convert(const char *idmap_name) /* the old format stored as DOMAIN/rid - now we store the SID direct */ tdb_traverse(idmap_tdb, convert_fn, NULL); - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { + if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); return False; } -- cgit From 1d79e6b90eb6fc5ddc9c0b7320d1ec025f18f22f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 27 Apr 2002 01:18:31 +0000 Subject: Another attempt at fixing the endian problem when upgrading from 2.2.3a. Herb please check. Jeremy. (This used to be commit a312b5b2de117797ddfdc79316378aac93034718) --- source3/nsswitch/winbindd_idmap.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 3649b8ff7a..60ea188b1d 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -363,7 +363,6 @@ fail: static BOOL idmap_convert(const char *idmap_name) { - BOOL bytereversed = False; int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); if (vers == IDMAP_VERSION) @@ -375,16 +374,21 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - bytereversed = (IREV(vers) == IDMAP_VERSION) ? True : False; - - if ((vers == -1) || bytereversed) { + if ((vers == -1) || (IREV(vers) == IDMAP_VERSION)) { /* Arrggghh ! Bytereversed or missing - make order independent ! */ + /* + * If the header needed to be converted then the + * high and low records may have been created on a + * foreign endian machine and will need byte-reversing. + */ + + BOOL bytereverse_needed = (idmap_tdb->flags & TDB_CONVERT); int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - if (wm != -1 && bytereversed) { - /* A record existed and it was from a big endian machine. */ + if (wm != -1 && bytereverse_needed) { + /* A record existed and it was from a foreign endian machine. */ wm = IREV(wm); } else if (wm == -1) wm = server_state.uid_low; @@ -395,8 +399,8 @@ static BOOL idmap_convert(const char *idmap_name) } wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1 && bytereversed) { - /* A record existed and it was from a big endian machine. */ + if (wm != -1 && bytereverse_needed) { + /* A record existed and it was from a foreign endian machine. */ wm = IREV(wm); } else if (wm == -1) wm = server_state.gid_low; -- cgit From dec3433303cefed83e1a24ba23b79af99cb353e9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 27 Apr 2002 18:56:47 +0000 Subject: Merge Herb's idmap endian fix. Jeremy. (This used to be commit 7ddad4061a1b7ed25e4d6471c7a1f8f97a98ed37) --- source3/nsswitch/winbindd_idmap.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 60ea188b1d..0594f61680 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -364,6 +364,7 @@ fail: static BOOL idmap_convert(const char *idmap_name) { int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); + BOOL bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; if (vers == IDMAP_VERSION) return True; @@ -374,23 +375,20 @@ static BOOL idmap_convert(const char *idmap_name) return False; #endif - if ((vers == -1) || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or missing - make order independent ! */ + if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) { + /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ /* - * If the header needed to be converted then the - * high and low records may have been created on a - * foreign endian machine and will need byte-reversing. + * high and low records were created on a + * big endian machine and will need byte-reversing. */ - BOOL bytereverse_needed = (idmap_tdb->flags & TDB_CONVERT); int32 wm; wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - if (wm != -1 && bytereverse_needed) { - /* A record existed and it was from a foreign endian machine. */ + if (wm != -1) { wm = IREV(wm); - } else if (wm == -1) + } else wm = server_state.uid_low; if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { @@ -399,10 +397,9 @@ static BOOL idmap_convert(const char *idmap_name) } wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1 && bytereverse_needed) { - /* A record existed and it was from a foreign endian machine. */ + if (wm != -1) { wm = IREV(wm); - } else if (wm == -1) + } else wm = server_state.gid_low; if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { -- cgit From 6337369a903b07ef42c050f77d439d8b11b7f6bf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 May 2002 23:15:42 +0000 Subject: Merge in Jerry's called name fix. Jeremy. (This used to be commit 6d957924579d64407bdd94d7e78088fb1ea5c9ce) --- source3/nsswitch/winbindd_proto.h | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index 8cac542b88..ef44fb655e 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -9,7 +9,6 @@ void winbind_process_packet(struct winbindd_cli_state *state); void winbind_client_read(struct winbindd_cli_state *state); int winbind_setup_common(void); -int main(int argc, char **argv); /* The following definitions come from nsswitch/winbindd_ads.c */ -- cgit From 12ad4d8580285f3fb6bc4c3596cd8a086dfa2d3d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 9 May 2002 04:11:18 +0000 Subject: HP-UX 10.20 compiles fixes from SAMBA_2_2 (This used to be commit ddc0f556305fc12fc27ce89e01e00f98feb7d6c8) --- source3/nsswitch/hp_nss_common.h | 4 ++++ source3/nsswitch/nss.h | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/hp_nss_common.h b/source3/nsswitch/hp_nss_common.h index 5f39e9abb0..5bd5374182 100644 --- a/source3/nsswitch/hp_nss_common.h +++ b/source3/nsswitch/hp_nss_common.h @@ -23,8 +23,12 @@ Boston, MA 02111-1307, USA. */ +#ifdef HAVE_SYNCH_H #include +#endif +#ifdef HAVE_PTHREAD_H #include +#endif typedef enum { NSS_SUCCESS, diff --git a/source3/nsswitch/nss.h b/source3/nsswitch/nss.h index e021b013b5..d83a5e237e 100644 --- a/source3/nsswitch/nss.h +++ b/source3/nsswitch/nss.h @@ -72,7 +72,7 @@ typedef enum #define NSD_MEM_VOLATILE 1 #define NSD_MEM_DYNAMIC 2 -#elif defined(HPUX) +#elif defined(HPUX) && defined(HAVE_NSSWITCH_H) /* HP-UX 11 */ #include "nsswitch/hp_nss_common.h" -- cgit From f1554f0847971fca72e911e3774565166f2b07fe Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 9 May 2002 14:20:05 +0000 Subject: merge freom SAMBA_2_2 (This used to be commit 833fea47106444a4bcc0547c8bbb7d6d148fa1e7) --- source3/nsswitch/winbind_nss_config.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbind_nss_config.h b/source3/nsswitch/winbind_nss_config.h index 0de63878be..b9c738211e 100644 --- a/source3/nsswitch/winbind_nss_config.h +++ b/source3/nsswitch/winbind_nss_config.h @@ -129,11 +129,15 @@ typedef int BOOL; #endif /* zero a structure */ +#ifndef ZERO_STRUCT #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) +#endif /* zero a structure given a pointer to the structure */ +#ifndef ZERO_STRUCTP #define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } - +#endif + /* Some systems (SCO) treat UNIX domain sockets as FIFOs */ #ifndef S_IFSOCK -- cgit From fc26f277caa0baad3c3d101fd94e365dec565d54 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 10 May 2002 03:02:22 +0000 Subject: Fix for Solaris nscd issue pointed out by Mike Gerdts . The struct passwd in Solaris contains some extra fields which must be initialised otherwise nscd crashes. (This used to be commit a67323d07177ebc8e46dc14476efaf7e95944504) --- source3/nsswitch/winbind_nss.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index 0a49f5ec96..a396e5551b 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -659,6 +659,17 @@ static NSS_STATUS fill_pwent(struct passwd *result, strcpy(result->pw_shell, pw->pw_shell); + /* The struct passwd for Solaris has some extra fields which must + be initialised or nscd crashes. */ + +#if HAVE_PASSWD_PW_COMMENT + result->pw_comment = ""; +#endif + +#if HAVE_PASSWD_PW_AGE + result->pw_age = ""; +#endif + return NSS_STATUS_SUCCESS; } -- cgit From 52a832b3fac89b9d5487ba98f7c6497412a15ae4 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 13 May 2002 00:23:06 +0000 Subject: Merge of secrets_init() paranoia fix from 2.2 (This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72) --- source3/nsswitch/winbindd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 2c88d11cae..91215e0ef7 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -680,7 +680,12 @@ int winbind_setup_common(void) { load_interfaces(); - secrets_init(); + if (!secrets_init()) { + + DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); + return 1; + + } /* Get list of domains we look up requests for. This includes the domain which we are a member of as well as any trusted -- cgit From b35c18072a433a9447c996fffe45ff79dadcf43d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 13 May 2002 00:44:46 +0000 Subject: Merge of --set-auth-user updates from 2.2 (This used to be commit 0420ae846cc93d4598b16dd21a4b8f61ae270fa2) --- source3/nsswitch/wbinfo.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 4ea1e6a30a..541323f3c8 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -3,7 +3,7 @@ Winbind status program. - Copyright (C) Tim Potter 2000 + Copyright (C) Tim Potter 2000-2002 Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify @@ -625,7 +625,7 @@ static BOOL wbinfo_ping(void) static void usage(void) { d_printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm " - "| -a user%%password\n"); + "| -[aA] user%%password\n"); d_printf("\t-u\t\t\tlists all domain users\n"); d_printf("\t-g\t\t\tlists all domain groups\n"); d_printf("\t-n name\t\t\tconverts name to sid\n"); @@ -640,6 +640,7 @@ static void usage(void) d_printf("\t-m\t\t\tlist trusted domains\n"); d_printf("\t-r user\t\t\tget user groups\n"); d_printf("\t-a user%%password\tauthenticate user\n"); + d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); d_printf("\t-p 'ping' winbindd to see if it is alive\n"); d_printf("\t--sequence\t\tshow sequence numbers of all domains\n"); } @@ -683,7 +684,7 @@ int main(int argc, char **argv) { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE }, { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' }, { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' }, - { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, + { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, { "ping", 'p', POPT_ARG_NONE, 0, 'p' }, { 0, 0, 0, 0 } }; -- cgit From 0c9e6bb88f6ce7fddd561a6a4ef9107f4d77eca7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 13 May 2002 23:28:11 +0000 Subject: Don't store domain with username in secrets.tdb (This used to be commit 5c58b4290dbc364f3b2d6593fd0425fd50160993) --- source3/nsswitch/wbinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 541323f3c8..e36a144b8f 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -594,7 +594,7 @@ static BOOL wbinfo_set_auth_user(char *username) /* Store in secrets.tdb */ if (!secrets_store(SECRETS_AUTH_USER, username, - strlen(username) + 1) || + strlen(user) + 1) || !secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1) || !secrets_store(SECRETS_AUTH_PASSWORD, password, -- cgit From 6ee4366093b24251aa52c272512b2efacb9582d8 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Fri, 17 May 2002 03:37:37 +0000 Subject: Changes to allow head to translate NMB flags ... (This used to be commit c986a19cde0dfa96b512eb24d873203981e68c48) --- source3/nsswitch/winbindd_wins.c | 8 ++++---- source3/nsswitch/wins.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index af624170eb..5163cfcea1 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -85,7 +85,7 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) int fd; struct in_addr *ret = NULL; struct in_addr p; - int j; + int j, flags = 0; *count = 0; @@ -95,13 +95,13 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) p = wins_srv_ip(); if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count); + ret = name_query(fd,name,0x20,False,True, p, count, &flags); goto out; } if (lp_wins_support()) { /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); + ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count, &flags); goto out; } @@ -110,7 +110,7 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) j >= 0; j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags); if (ret) break; } diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 2133f817d1..b8fad9f973 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -118,7 +118,7 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) int fd; struct in_addr *ret = NULL; struct in_addr p; - int j; + int j, flags = 0; if (!initialised) { nss_wins_init(); @@ -132,13 +132,13 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) p = wins_srv_ip(); if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count); + ret = name_query(fd,name,0x20,False,True, p, count, &flags); goto out; } if (lp_wins_support()) { /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); + ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count, &flags); goto out; } @@ -147,7 +147,7 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) j >= 0; j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags); if (ret) break; } -- cgit From 3fe27b7f9df7d2bb2f7799fd46b79928f0e614b0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 May 2002 13:49:01 +0000 Subject: A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8) --- source3/nsswitch/winbindd_rpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 39433419b0..9388675525 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -558,6 +558,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, CLI_POLICY_HND *hnd; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 enum_ctx = 0; + uint32 pref_num_domains = 5; *num_domains = 0; @@ -565,8 +566,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, goto done; result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, - &hnd->pol, &enum_ctx, num_domains, - names, dom_sids); + &hnd->pol, &enum_ctx, &pref_num_domains, + num_domains, names, dom_sids); done: return result; } -- cgit From 3346a76674fc59ba8e1adb382d2fe477eddf1e96 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 May 2002 06:42:50 +0000 Subject: As per rsharpe's request, require only a Masters in Astrophysics to correctly configure winbind. (Next job: Fill in the 'error_msg' field with somthing useful) (This used to be commit 49ee2a25c131641887cbc438a6336652f042cfb0) --- source3/nsswitch/wbinfo.c | 24 ++++++++++-------------- source3/nsswitch/winbindd_misc.c | 10 ++++++++-- 2 files changed, 18 insertions(+), 16 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index e36a144b8f..38cc049297 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -248,25 +248,21 @@ static BOOL wbinfo_show_sequence(void) static BOOL wbinfo_check_secret(void) { struct winbindd_response response; - BOOL result; + NSS_STATUS result; ZERO_STRUCT(response); result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) == NSS_STATUS_SUCCESS; - - if (result) { - - if (response.data.num_entries == 0) - d_printf("Secret is good\n"); - else - d_printf("Secret is bad\n0x%08x\n", - response.data.num_entries); - - return True; - } - - return False; + + d_printf("checking the trust secret via RPC calls %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); + + return result == NSS_STATUS_SUCCESS; } /* Convert uid to sid */ diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 5678bdaa5a..f465f783b4 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -88,9 +88,15 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat "good" : "bad")); done: - state->response.data.num_entries = NT_STATUS_V(result); + state->response.data.auth.nt_status = NT_STATUS_V(result); + fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); + fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); + state->response.data.auth.pam_error = nt_status_to_pam(result); - return WINBINDD_OK; + DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", + state->response.data.auth.nt_status_string)); + + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state -- cgit From 4f8b957f4020e5f5c418de15fa33c755e28558f3 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Sun, 19 May 2002 07:08:32 +0000 Subject: A small change to print out the error message only if we could not check the secrets ... (This used to be commit 56eea2623a8a8f2a5a0311cda6d0282d0037a3cc) --- source3/nsswitch/wbinfo.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 38cc049297..8517a5ce1c 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -257,10 +257,11 @@ static BOOL wbinfo_check_secret(void) d_printf("checking the trust secret via RPC calls %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + + if (result != NSS_STATUS_SUCCESS) + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } -- cgit From e00dbecb88de54086988624b7d4a12d95c788ddb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 21 May 2002 07:53:28 +0000 Subject: debug classized (This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d) --- source3/nsswitch/wb_client.c | 3 +++ source3/nsswitch/wbinfo.c | 3 +++ source3/nsswitch/winbindd.h | 3 +++ 3 files changed, 9 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 53550ca353..9e34ecdd0d 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -25,6 +25,9 @@ #include "includes.h" #include "nsswitch/nss.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 8517a5ce1c..5a4af08c19 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -25,6 +25,9 @@ #include "winbindd.h" #include "debug.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Prototypes from common.h */ NSS_STATUS winbindd_request(int req_type, diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 4d35c27c21..11d399be49 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -29,6 +29,9 @@ #include "winbindd_nss.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Client state structure */ struct winbindd_cli_state { -- cgit From 9c3d5d6fd0dd9e2e62a33d0822a72d5209fe3ffb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 May 2002 05:14:16 +0000 Subject: Remove the password length paramater from cli_full_connection - it really didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40) --- source3/nsswitch/winbindd_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index ce484795f8..907282ddb9 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -348,7 +348,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password, strlen(ipc_password)); + ipc_password); SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); -- cgit From f5adb7909306b247695024dd7803353fa536a09a Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 24 May 2002 05:50:31 +0000 Subject: Fixed incorrect comment. (This used to be commit 2f74fb6e9893d306598ebedd54658f2dd56e988e) --- source3/nsswitch/wb_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6a2143f8f0..928b70d8b1 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -168,7 +168,7 @@ int winbind_open_pipe_sock(void) return winbindd_fd; } -/* Write data to winbindd socket with timeout */ +/* Write data to winbindd socket */ int write_sock(void *buffer, int count) { @@ -234,7 +234,7 @@ int write_sock(void *buffer, int count) return nwritten; } -/* Read data from winbindd socket with timeout */ +/* Read data from winbindd socket */ static int read_sock(void *buffer, int count) { -- cgit From e066e5e614f4072384b704c628b35b91fb52ffe3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 28 May 2002 14:35:11 +0000 Subject: Updates to better report some NTSTATUS errors into PAM, and update to PAM to correctly allow password changes on expired passwords. (No security implications, as its just a 'will I let you talk to the server' check). pam_winbind checks the password prior to changing it, so that users don't have to make up and type their new password when they havn't even got the old one right. This also helps with stacking etc. Andrew Bartlett (This used to be commit 2b78d493002a3ba13533429c6a14f5c0a92f43d1) --- source3/nsswitch/pam_winbind.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index b192a347f4..4739cfbf7a 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -155,6 +155,14 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) /* incorrect password */ _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", user); return retval; + case PAM_ACCT_EXPIRED: + /* account expired */ + _pam_log(LOG_WARNING, "user `%s' account expired", user); + return retval; + case PAM_AUTHTOK_EXPIRED: + /* password expired */ + _pam_log(LOG_WARNING, "user `%s' password expired", user); + return retval; case PAM_USER_UNKNOWN: /* the user does not exist */ if (ctrl & WINBIND_DEBUG_ARG) @@ -577,6 +585,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, retval = winbind_auth_request(user, pass_old, ctrl); if (retval != PAM_ACCT_EXPIRED + && retval != PAM_AUTHTOK_EXPIRED && retval != PAM_NEW_AUTHTOK_REQD && retval != PAM_SUCCESS) { pass_old = NULL; -- cgit From 5bbabf0ad275cf8eccae874b54029753377de727 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 29 May 2002 02:08:46 +0000 Subject: merge from 2.2 (This used to be commit 612584f7d5383db28960e1ae9aaeaa9b8b47486c) --- source3/nsswitch/wbinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 5a4af08c19..e41f2c6468 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -593,7 +593,7 @@ static BOOL wbinfo_set_auth_user(char *username) /* Store in secrets.tdb */ - if (!secrets_store(SECRETS_AUTH_USER, username, + if (!secrets_store(SECRETS_AUTH_USER, user, strlen(user) + 1) || !secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1) || -- cgit From 3940a2fec8433ed3b13d93985c8c718ba8f3b3fc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 2 Jun 2002 23:23:16 +0000 Subject: The last element of the definitions of enums can't have a trailing comma. Only initialisers can have this in ANSI C. (This used to be commit b6119f583552425c2be30662e9325270a5dbf096) --- source3/nsswitch/wbinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index e41f2c6468..f8510497b0 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -649,7 +649,7 @@ static void usage(void) enum { OPT_SET_AUTH_USER = 1000, - OPT_SEQUENCE, + OPT_SEQUENCE }; int main(int argc, char **argv) -- cgit From 9401cdbb514a65b96910117a5a850af0eef45dd7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 3 Jun 2002 03:04:35 +0000 Subject: fixed some debug messages (This used to be commit 8b5ac00ac60135f83145c65425d7b33a751a15b4) --- source3/nsswitch/winbindd_ads.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index c16231b25d..545ee411a4 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -321,13 +321,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, rc = ads_search_retry(ads, &res, "(objectCategory=group)", attrs); if (!ADS_ERR_OK(rc)) { - DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); + DEBUG(1,("enum_dom_groups ads_search: %s\n", ads_errstr(rc))); goto done; } count = ads_count_replies(ads, res); if (count == 0) { - DEBUG(1,("query_user_list: No users found\n")); + DEBUG(1,("enum_dom_groups: No groups found\n")); goto done; } -- cgit From 57bfec68d5c1ebac63722e703a950db6057946e1 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 4 Jun 2002 01:45:59 +0000 Subject: Fixed some formatting. (This used to be commit 25554b46ded273e8f4070f14661b691ccc9ddd17) --- source3/nsswitch/winbindd_cache.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index f65705e0fb..282a37230b 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -296,13 +296,14 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, if (centry_expired(domain, centry)) { extern BOOL opt_dual_daemon; + if (opt_dual_daemon) { extern BOOL backgroud_process; backgroud_process = True; } else { - centry_free(centry); - return NULL; - } + centry_free(centry); + return NULL; + } } return centry; -- cgit From 984806f959f6740cb93497cf9b2efc5d2c839796 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 4 Jun 2002 03:44:04 +0000 Subject: Store the key for a name to sid cache entry in upper case rather than whatever case the request was made in. This gets rid of duplicate cache entries. Also when doing a sid to name, prime the cache with the name to sid mapping result. We can't do the reverse as we don't know the correct case of the name to store in the cache. (This used to be commit f268b0d5fb811b364578b11a66ca69973717eea8) --- source3/nsswitch/winbindd_cache.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 282a37230b..407bd60f8a 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -423,6 +423,7 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta { struct cache_entry *centry; uint32 len; + fstring uname; centry = centry_start(domain, status); if (!centry) return; @@ -431,7 +432,9 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS sta centry_put_uint32(centry, type); sid_linearize(centry->data + centry->ofs, len, sid); centry->ofs += len; - centry_end(centry, "NS/%s/%s", domain->name, name); + fstrcpy(uname, name); + strupper(uname); + centry_end(centry, "NS/%s/%s", domain->name, uname); centry_free(centry); } @@ -610,10 +613,13 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, struct winbind_cache *cache = get_cache(domain); struct cache_entry *centry = NULL; NTSTATUS status; + fstring uname; if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, name); + fstrcpy(uname, name); + strupper(uname); + centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname); if (!centry) goto do_query; *type = centry_uint32(centry); sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid); @@ -633,6 +639,9 @@ do_query: /* and save it */ wcache_save_name_to_sid(domain, status, name, sid, *type); + /* We can't save the sid to name mapping as we don't know the + correct case of the name without looking it up */ + return status; } @@ -674,6 +683,7 @@ do_query: /* and save it */ refresh_sequence_number(domain, True); wcache_save_sid_to_name(domain, status, sid, *name, *type, rid); + wcache_save_name_to_sid(domain, status, *name, sid, *type); return status; } @@ -891,5 +901,3 @@ struct winbindd_methods cache_methods = { trusted_domains, domain_sid }; - - -- cgit From 08f0cbb33f74ee6b8ec591ca78f167498cf80074 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 5 Jun 2002 00:05:05 +0000 Subject: Fix for Linux kernel bug where signal mask set within a signal handler is being ignored on sighandler exit. This means we have to have a small array of fd's, not a single one. Jeremy. (This used to be commit b06862e2de8d3bafbc10a9807501ef5bf148a61c) --- source3/nsswitch/wins.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index b8fad9f973..2ecdbf1c51 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -319,5 +319,19 @@ _nss_wins_gethostbyname_r(const char *name, struct hostent *he, return NSS_STATUS_SUCCESS; } -#endif + +NSS_STATUS +_nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, + char *buffer, size_t buflen, int *errnop, + int *h_errnop) +{ + if(af!=AF_INET) { + *h_errnop = NO_DATA; + *errnop = EAFNOSUPPORT; + return NSS_STATUS_UNAVAIL; + } + + return _nss_wins_gethostbyname_r(name,he,buffer,buflen,errnop,h_errnop); +} +#endif -- cgit From 97b94ce7e0ce38f1ca44c8e2f34565dd338ad19a Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 5 Jun 2002 04:23:37 +0000 Subject: Store cache entry keys that have RID values in decimal to be consistent with other keys. (This used to be commit 1e5bdf974fb1e64b5f5b82e0e24eb97aeb229584) --- source3/nsswitch/winbindd_cache.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 407bd60f8a..dcb93fa3b5 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -464,7 +464,7 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI centry_put_string(centry, info->full_name); centry_put_uint32(centry, info->user_rid); centry_put_uint32(centry, info->group_rid); - centry_end(centry, "U/%s/%x", domain->name, info->user_rid); + centry_end(centry, "U/%s/%d", domain->name, info->user_rid); centry_free(centry); } @@ -701,7 +701,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "U/%s/%d", domain->name, user_rid); if (!centry) goto do_query; info->acct_name = centry_string(centry, mem_ctx); @@ -742,7 +742,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid); + centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid); if (!centry) goto do_query; *num_groups = centry_uint32(centry); @@ -777,7 +777,7 @@ do_query: for (i=0; i<(*num_groups); i++) { centry_put_uint32(centry, (*user_gids)[i]); } - centry_end(centry, "UG/%s/%x", domain->name, user_rid); + centry_end(centry, "UG/%s/%d", domain->name, user_rid); centry_free(centry); skip_save: @@ -798,7 +798,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!cache->tdb) goto do_query; - centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid); + centry = wcache_fetch(cache, domain, "GM/%s/%d", domain->name, group_rid); if (!centry) goto do_query; *num_names = centry_uint32(centry); @@ -847,7 +847,7 @@ do_query: centry_put_string(centry, (*names)[i]); centry_put_uint32(centry, (*name_types)[i]); } - centry_end(centry, "GM/%s/%x", domain->name, group_rid); + centry_end(centry, "GM/%s/%d", domain->name, group_rid); centry_free(centry); skip_save: -- cgit From 29744f4f4c67cbff1ff6963d0f7a203637b1a716 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Jun 2002 17:49:12 +0000 Subject: Merge pidfile fix. Jeremy. (This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f) --- source3/nsswitch/winbindd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 91215e0ef7..398845bdec 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -834,8 +834,6 @@ static void usage(void) exit(1); } - pidfile_create("winbindd"); - /* Setup names. */ if (!*global_myname) { @@ -849,8 +847,10 @@ static void usage(void) fstrcpy(global_myworkgroup, lp_workgroup()); - if (!interactive) + if (!interactive) { become_daemon(); + pidfile_create("winbindd"); + } #if HAVE_SETPGID /* -- cgit From 97a8dd6d9a3cf9351b4e636c4c8d1907080df9f8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 10 Jun 2002 09:40:58 +0000 Subject: With this file being automaticly regenerated, and cleaned up with 'make clean' I think it should be removed from CVS. This matches the other proto files. Andrew Bartlett (This used to be commit 5a8d573f1784b037fd848d85a96dabfebfad63fd) --- source3/nsswitch/winbindd_proto.h | 142 -------------------------------------- 1 file changed, 142 deletions(-) delete mode 100644 source3/nsswitch/winbindd_proto.h (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h deleted file mode 100644 index ef44fb655e..0000000000 --- a/source3/nsswitch/winbindd_proto.h +++ /dev/null @@ -1,142 +0,0 @@ -#ifndef _WINBINDD_PROTO_H_ -#define _WINBINDD_PROTO_H_ - -/* This file is automatically generated with "make proto". DO NOT EDIT */ - - -/* The following definitions come from nsswitch/winbindd.c */ - -void winbind_process_packet(struct winbindd_cli_state *state); -void winbind_client_read(struct winbindd_cli_state *state); -int winbind_setup_common(void); - -/* The following definitions come from nsswitch/winbindd_ads.c */ - -ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, - const char *exp, - const char **attrs, void **res); -ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, - const char *exp, - const char **attrs); -ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, - const char *dn, - const char **attrs); - -/* The following definitions come from nsswitch/winbindd_cache.c */ - -void wcache_flush_cache(void); -void winbindd_check_cache_size(time_t t); -struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status); - -/* The following definitions come from nsswitch/winbindd_cm.c */ - -CLI_POLICY_HND *cm_get_lsa_handle(char *domain); -CLI_POLICY_HND *cm_get_sam_handle(char *domain); -CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid); -CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, - uint32 user_rid); -CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, - uint32 group_rid); -NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, - struct cli_state **cli); -void winbindd_cm_status(void); - -/* The following definitions come from nsswitch/winbindd_dual.c */ - -int dual_select_setup(fd_set *fds, int maxfd); -void dual_select(fd_set *fds); -void dual_send_request(struct winbindd_cli_state *state); -void do_dual_daemon(void); - -/* The following definitions come from nsswitch/winbindd_group.c */ - -enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_idmap.c */ - -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid); -BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid); -BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid); -BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid); -BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup); -BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid); -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid); -BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, - struct winbindd_domain **domain); -BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, - struct winbindd_domain **domain); -BOOL winbindd_idmap_init(void); -BOOL winbindd_idmap_close(void); -void winbindd_idmap_status(void); - -/* The following definitions come from nsswitch/winbindd_misc.c */ - -enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state - *state); -enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state); -enum winbindd_result winbindd_ping(struct winbindd_cli_state - *state); -enum winbindd_result winbindd_info(struct winbindd_cli_state *state); -enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state); -enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_pam.c */ - -enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_rpc.c */ - - -/* The following definitions come from nsswitch/winbindd_sid.c */ - -enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state); -enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_user.c */ - -enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_util.c */ - -struct winbindd_domain *domain_list(void); -void free_domain_list(void); -BOOL init_domain_list(void); -struct winbindd_domain *find_domain_from_name(const char *domain_name); -struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); -BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, - const char *name, DOM_SID *sid, - enum SID_NAME_USE *type); -BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, - fstring dom_name, - fstring name, - enum SID_NAME_USE *type); -void free_getent_state(struct getent_state *state); -BOOL winbindd_param_init(void); -BOOL check_domain_env(char *domain_env, char *domain); -BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); -void fill_domain_username(fstring name, const char *domain, const char *user); - -/* The following definitions come from nsswitch/winbindd_wins.c */ - -enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state); -enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state); - -#endif /* _WINBINDD_PROTO_H_ */ -- cgit From 959ff024daf61b86ec1d487582dd663ab95d24d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 10 Jun 2002 12:27:05 +0000 Subject: Remove "sids.h" as it really wasn't being used anywhere, and was exporting the (now static) global_sam_sid. The only place it was being used was to return global_sid_NULL to some uid->sid functions - and I'm not convinced this is correct in any case. Andrew Bartlett (This used to be commit e2a76a7fc94dd59c09bba3cda91446fad9f8c0e0) --- source3/nsswitch/wb_client.c | 1 + source3/nsswitch/winbindd_sid.c | 1 - source3/nsswitch/winbindd_util.c | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 9e34ecdd0d..941d54a4c8 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -27,6 +27,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND +extern DOM_SID global_sid_NULL; /* NULL sid */ NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index a41bf75916..b65b12922b 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -21,7 +21,6 @@ */ #include "winbindd.h" -#include "sids.h" /* Convert a string */ diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 06804b3b43..3030a2839a 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -22,7 +22,6 @@ */ #include "winbindd.h" -#include "sids.h" /** * @file winbindd_util.c -- cgit From 9404025a02f2f47591e7e0e77f33b2a036f04903 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 12 Jun 2002 05:27:13 +0000 Subject: Ignore winbindd_proto.h (This used to be commit 8e51081333ae0b81a2aa2c609aa7a3ff8bf7f4ec) --- source3/nsswitch/.cvsignore | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/.cvsignore b/source3/nsswitch/.cvsignore index 090b859b37..658d50a680 100644 --- a/source3/nsswitch/.cvsignore +++ b/source3/nsswitch/.cvsignore @@ -1,3 +1,4 @@ *.po *.po32 diffs +winbindd_proto.h -- cgit From bad738e6536e983064eee7647229354bc9028183 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Jun 2002 14:06:08 +0000 Subject: Latest patch from metze to move most of samba across to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901) --- source3/nsswitch/winbindd_ads.c | 10 +++++----- source3/nsswitch/winbindd_cache.c | 3 ++- source3/nsswitch/winbindd_group.c | 3 ++- 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 545ee411a4..28aeb39730 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -273,7 +273,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, continue; } - if (!sid_peek_rid(&sid, &rid)) { + if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -356,7 +356,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, continue; } - if (!sid_peek_rid(&sid, &rid)) { + if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { DEBUG(1,("No rid for %s !?\n", name)); continue; } @@ -584,7 +584,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, goto done; } - if (!sid_peek_rid(&sid, &info->user_rid)) { + if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) { DEBUG(1,("No rid for %d !?\n", user_rid)); goto done; } @@ -662,7 +662,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, for (i=1;isid, &sids[i-1], &rid)) continue; (*user_gids)[*num_groups] = rid; (*num_groups)++; } @@ -737,7 +737,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, DEBUG(1,("No sid for %s !?\n", (*names)[*num_names])); continue; } - if (!sid_peek_rid(&sid, &rid)) { + if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { DEBUG(1,("No rid for %s !?\n", (*names)[*num_names])); continue; } diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index dcb93fa3b5..d9ed63baf8 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -658,7 +658,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, NTSTATUS status; uint32 rid = 0; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(&domain->sid, sid, &rid)) + return NT_STATUS_INVALID_PARAMETER; if (!cache->tdb) goto do_query; diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 4ef57513bb..ab8e1cfd78 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -228,7 +228,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } /* Fill in group structure */ - sid_peek_rid(&group_sid, &group_rid); + if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid)) + return WINBINDD_ERROR; if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { DEBUG(1, ("error converting unix gid to sid\n")); -- cgit From a60e37096d6576dcf749237df99e7c2c96359834 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 18 Jun 2002 09:20:13 +0000 Subject: more debug classess activated (This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e) --- source3/nsswitch/wb_client.c | 1 + source3/nsswitch/winbindd_ads.c | 3 +++ source3/nsswitch/winbindd_cache.c | 3 +++ source3/nsswitch/winbindd_cm.c | 3 +++ source3/nsswitch/winbindd_dual.c | 3 +++ source3/nsswitch/winbindd_group.c | 3 +++ source3/nsswitch/winbindd_idmap.c | 3 +++ source3/nsswitch/winbindd_misc.c | 3 +++ source3/nsswitch/winbindd_pam.c | 3 +++ source3/nsswitch/winbindd_rpc.c | 3 +++ source3/nsswitch/winbindd_sid.c | 3 +++ source3/nsswitch/winbindd_user.c | 3 +++ source3/nsswitch/winbindd_util.c | 3 +++ source3/nsswitch/winbindd_wins.c | 3 +++ 14 files changed, 40 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 941d54a4c8..bcb339864a 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -27,6 +27,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND + extern DOM_SID global_sid_NULL; /* NULL sid */ NSS_STATUS winbindd_request(int req_type, diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 28aeb39730..44aee8d307 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -24,6 +24,9 @@ #ifdef HAVE_ADS +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* the realm of our primary LDAP server */ static char *primary_realm; diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index d9ed63baf8..a607727867 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -22,6 +22,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + struct winbind_cache { struct winbindd_methods *backend; TDB_CONTEXT *tdb; diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 907282ddb9..bffa169ab1 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -60,6 +60,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Global list of connections. Initially a DLIST but can become a hash table or whatever later. */ diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index c91021adf8..d55e84ca51 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -31,6 +31,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + extern BOOL opt_dual_daemon; BOOL backgroud_process = False; int dual_daemon_pipe = -1; diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index ab8e1cfd78..94aae73baf 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /*************************************************************** Empty static struct for negative caching. ****************************************************************/ diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 0594f61680..6d184fec5f 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -22,6 +22,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* High water mark keys */ #define HWM_GROUP "GROUP HWM" diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index f465f783b4..45f2d42f98 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + extern pstring global_myname; /************************************************************************ diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index f7959c2feb..e608f826c9 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -24,6 +24,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Return a password structure from a username. */ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 9388675525..a4abc175bd 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Query display info for a domain. This returns enough information plus a bit extra to give an overview of domain users for the User Manager application. */ diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index b65b12922b..372898a08a 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -22,6 +22,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Convert a string */ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index d89717ad47..55593d6ae5 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Fill a pwent structure with information we have obtained */ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 3030a2839a..5a20066757 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /** * @file winbindd_util.c * diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index 5163cfcea1..a8b4566ba0 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -23,6 +23,9 @@ #include "winbindd.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + /* Use our own create socket code so we don't recurse.... */ static int wins_lookup_open_socket_in(void) -- cgit From 086d8a98e33e197d171edf76468c829ae977cf65 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Jun 2002 19:08:05 +0000 Subject: Fix from Andrew Esh for not checking return code. Jeremy. (This used to be commit 629cea2ff4f640cd60d9ecfa72acf2707b3f1ff4) --- source3/nsswitch/winbindd_rpc.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index a4abc175bd..dbfe1deda7 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -299,6 +299,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 0x15, &ctr); + if (!NT_STATUS_IS_OK(result)) + goto done; + cli_samr_close(hnd->cli, mem_ctx, &user_pol); got_user_pol = False; -- cgit From dd1bd8d0c8c09db23e944466a0443a5ad03bea26 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Jun 2002 01:40:44 +0000 Subject: Add a couple more DEBUG()s to winbindd. Andrew Bartlett (This used to be commit 3b2464ffdad5e64a05e227b50116cb59f6d34204) --- source3/nsswitch/winbindd_group.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 94aae73baf..dce75f60a3 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -84,8 +84,8 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names, &rid_mem, &names, &name_types); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("could not lookup membership for group rid %d in domain %s\n", - group_rid, domain->name)); + DEBUG(1, ("could not lookup membership for group rid %d in domain %s (error: %s)\n", + group_rid, domain->name, nt_errstr(status))); goto done; } @@ -363,8 +363,10 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state) /* Create a state record for this domain */ if ((domain_state = (struct getent_state *) - malloc(sizeof(struct getent_state))) == NULL) + malloc(sizeof(struct getent_state))) == NULL) { + DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n")); return WINBINDD_ERROR; + } ZERO_STRUCTP(domain_state); @@ -411,8 +413,10 @@ static BOOL get_sam_group_entries(struct getent_state *ent) return False; if (!(mem_ctx = talloc_init_named("get_sam_group_entries(%s)", - ent->domain_name))) + ent->domain_name))) { + DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n")); return False; + } /* Free any existing group info */ @@ -435,6 +439,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent) &sam_grp_entries); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s", nt_errstr(status))); result = False; goto done; } -- cgit From 07465761137adf756d771fa1f8592c294488e779 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Jun 2002 08:57:24 +0000 Subject: Update cli_full_connection() to take a 'flags' paramater, and try to get a few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7) --- source3/nsswitch/winbindd_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index bffa169ab1..0f36d3613c 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -351,7 +351,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password); + ipc_password, 0); SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); -- cgit From caeaa0acb02f681be6025e3eafded223983960a0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 26 Jun 2002 12:17:11 +0000 Subject: This commit finally gives us multiple wins server groups. We now accept an extended syntax for 'wins server' like this: wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1 The tags before the IPs don't mean anything, they are just a way of grouping IPs together. If you use the old syntax (ie. no ':') then an implicit group name of '*' is used. In general I'd recommend people use interface names for the group names, but it doesn't matter much. When we register in nmbd we try to register all our IPs with each group of WINS servers. We keep trying until all of them are registered with every group, falling back to the failover WINS servers for each group as we go. When we do a WINS lookup we try each of the WINS servers for each group. If a WINS server for a group gives a negative answer then we give up on that group and move to the next group. If it times out then we move to the next failover wins server in the group. In either case, if a WINS server doesn't respond then we mark it dead for 10 minutes, to prevent lengthy waits for dead servers. (This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5) --- source3/nsswitch/winbindd_wins.c | 21 +++++++-------------- source3/nsswitch/wins.c | 29 ++++++++++------------------- 2 files changed, 17 insertions(+), 33 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index a8b4566ba0..75d04349e6 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -92,20 +92,14 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) *count = 0; - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - p = wins_srv_ip(); - if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count, &flags); - goto out; + /* always try with wins first */ + if (resolve_wins(name,0x20,&ret,count)) { + return ret; } - if (lp_wins_support()) { - /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count, &flags); - goto out; + fd = wins_lookup_open_socket_in(); + if (fd == -1) { + return NULL; } /* uggh, we have to broadcast to each interface in turn */ @@ -113,12 +107,11 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) j >= 0; j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); if (ret) break; } out: - close(fd); return ret; } diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 2ecdbf1c51..8b629f1132 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -115,7 +115,7 @@ static struct node_status *lookup_byaddr_backend(char *addr, int *count) static struct in_addr *lookup_byname_backend(const char *name, int *count) { - int fd; + int fd = -1; struct in_addr *ret = NULL; struct in_addr p; int j, flags = 0; @@ -126,33 +126,24 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) *count = 0; - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - p = wins_srv_ip(); - if( !is_zero_ip(p) ) { - ret = name_query(fd,name,0x20,False,True, p, count, &flags); - goto out; + /* always try with wins first */ + if (resolve_wins(name,0x20,&ret,count)) { + return ret; } - if (lp_wins_support()) { - /* we are our own WINS server */ - ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count, &flags); - goto out; + fd = wins_lookup_open_socket_in(); + if (fd == -1) { + return NULL; } /* uggh, we have to broadcast to each interface in turn */ - for (j=iface_count() - 1; - j >= 0; - j--) { + for (j=iface_count() - 1;j >= 0;j--) { struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags); + ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); if (ret) break; } - out: - +out: close(fd); return ret; } -- cgit From 223ddc3f2daf25b16ce60230336747d5fab61e39 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Jun 2002 14:37:17 +0000 Subject: The next phase in the WINS rewrite! We now cope wiith multiple WINS groups and multiple failover servers for release and refresh as well as registration. We also do the regitrations in the same fashion as W2K does, where we don't try to register the next IP in the list for a name until the WINS server has acked the previos IP. This prevents us flooding the WINS server and also seems to make for much more reliable multi-homed registration. I also changed the dead WINS server code to mark pairs of IPs dead, not individual IPs. The idea is that a WINS server might be dead from the point of view of one of our interfaces, but not another, so we need to keep talking to it on one while moving onto a failover WINS server on the other interface. This copes much better with partial LAN outages and weird routing tables. (This used to be commit 313f2c9ff7a513802e4f893324865e70912d419e) --- source3/nsswitch/winbindd_wins.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index 75d04349e6..8f9a7414bd 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -87,7 +87,6 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) { int fd; struct in_addr *ret = NULL; - struct in_addr p; int j, flags = 0; *count = 0; @@ -111,7 +110,6 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) if (ret) break; } - out: close(fd); return ret; } -- cgit From fd8d5e56af81277030137e4d59296ce133dd4906 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 1 Jul 2002 04:47:29 +0000 Subject: fixed a bug handling startup when the ads server is not contactable (This used to be commit dbfd4e5101599bcb85600e4c5c93ce5390b9aa91) --- source3/nsswitch/winbindd_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 44aee8d307..360b37b61e 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -143,7 +143,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ads->password = secrets_fetch_machine_password(); status = ads_connect(ads); - if (!ADS_ERR_OK(status)) { + if (!ADS_ERR_OK(status) || !ads->realm) { extern struct winbindd_methods msrpc_methods; DEBUG(1,("ads_connect for domain %s failed: %s\n", domain->name, ads_errstr(status))); -- cgit From 9930b0b0650ae3e38c033c28672398425dd8228c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 1 Jul 2002 09:12:41 +0000 Subject: used findstatic.pl to make some variables static and remove some dead code (This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0) --- source3/nsswitch/wb_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 928b70d8b1..89dd625241 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -86,7 +86,7 @@ void init_response(struct winbindd_response *response) /* Close established socket */ -void close_sock(void) +static void close_sock(void) { if (winbindd_fd != -1) { close(winbindd_fd); -- cgit From 0df1e25542cfddbb383955e6f541207e38acf654 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jul 2002 00:44:39 +0000 Subject: Kill off codepage related stuff, now we don't use codepages any more. Andrew Bartlett (This used to be commit d1ca2b9f23ce701eb6b6becafb1acd813fc8fc3a) --- source3/nsswitch/wins.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 8b629f1132..9bb2d6755c 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -80,14 +80,10 @@ static void nss_wins_init(void) DEBUGLEVEL = 0; AllowDebugChange = False; - /* needed for lp_xx() functions */ - charset_initialise(); - TimeInit(); setup_logging("nss_wins",False); lp_load(dyn_CONFIGFILE,True,False,False); load_interfaces(); - codepage_initialise(lp_client_code_page()); } static struct node_status *lookup_byaddr_backend(char *addr, int *count) -- cgit From 5d827857560ecd23c0cd5179d73e1f14a7ed993a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 11 Jul 2002 05:28:08 +0000 Subject: this implements a completely new strategy for fetching group membership from an ADS server. We now use a 'member' query on the group and do a separate call to convert the resulting distinguished name to a name, rid etc. This is *much* faster for very large numbers of groups (on a quantum test system with 10000 groups it drops the time from an hour to about 35 seconds). strangely enough, this actually *increases* the amount of ldap traffic, its just that the MS LDAP server answers these queries much faster. (This used to be commit 5538048e4f6dd224b2990f3c6a3e99fd07065f77) --- source3/nsswitch/winbindd_ads.c | 116 ++++++++++++++++++++++++++++------------ 1 file changed, 83 insertions(+), 33 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 360b37b61e..b61348adfe 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -492,6 +492,50 @@ done: } +/* convert a DN to a name, rid and name type + this might become a major speed bottleneck if groups have + lots of users, in which case we could cache the results +*/ +static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + const char *dn, + char **name, uint32 *name_type, uint32 *rid) +{ + char *exp; + void *res = NULL; + const char *attrs[] = {"userPrincipalName", "sAMAccountName", + "objectSid", "sAMAccountType", NULL}; + ADS_STATUS rc; + uint32 atype; + DOM_SID sid; + + asprintf(&exp, "(distinguishedName=%s)", dn); + rc = ads_search_retry(ads, &res, exp, attrs); + free(exp); + if (!ADS_ERR_OK(rc)) { + goto failed; + } + + (*name) = pull_username(ads, mem_ctx, res); + + if (!ads_pull_uint32(ads, res, "sAMAccountType", &atype)) { + goto failed; + } + (*name_type) = ads_atype_map(atype); + + if (!ads_pull_sid(ads, res, "objectSid", &sid) || + !sid_peek_rid(&sid, rid)) { + goto failed; + } + + if (res) ads_msgfree(ads, res); + return True; + +failed: + if (res) ads_msgfree(ads, res); + return False; +} + + /* convert a sid to a distnguished name */ static NTSTATUS sid_to_distinguished_name(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -678,7 +722,9 @@ done: return status; } - +/* + find the members of a group, given a group rid and domain + */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 *num_names, @@ -686,14 +732,16 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 **name_types) { DOM_SID group_sid; - const char *attrs[] = {"userPrincipalName", "sAMAccountName", - "objectSid", "sAMAccountType", NULL}; ADS_STATUS rc; int count; - void *res=NULL, *msg=NULL; + void *res=NULL; ADS_STRUCT *ads = NULL; - char *exp, *dn = NULL; + char *exp; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *sidstr; + const char *attrs[] = {"member", NULL}; + char **members; + int i, num_members; *num_names = 0; @@ -701,17 +749,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!ads) goto done; sid_from_rid(domain, group_rid, &group_sid); - status = sid_to_distinguished_name(domain, mem_ctx, &group_sid, &dn); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3,("Failed to find distinguishedName for %s\n", sid_string_static(&group_sid))); - return status; - } + sidstr = sid_binstring(&group_sid); - /* search for all users who have that group sid as primary group or as member */ - asprintf(&exp, "(&(objectCategory=user)(|(primaryGroupID=%d)(memberOf=%s)))", - group_rid, dn); + /* search for all members of the group */ + asprintf(&exp, "(objectSid=%s)",sidstr); rc = ads_search_retry(ads, &res, exp, attrs); free(exp); + free(sidstr); + if (!ADS_ERR_OK(rc)) { DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); goto done; @@ -723,29 +768,33 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, goto done; } - (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * count); - (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * count); - (*names) = talloc_zero(mem_ctx, sizeof(char *) * count); + members = ads_pull_strings(ads, mem_ctx, res, "member"); + if (!members) { + /* no members? ok ... */ + status = NT_STATUS_OK; + goto done; + } - for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - uint32 atype, rid; - DOM_SID sid; + /* now we need to turn a list of members into rids, names and name types + the problem is that the members are in the form of distinguised names + */ + for (i=0;members[i];i++) /* noop */ ; + num_members = i; - (*names)[*num_names] = pull_username(ads, mem_ctx, msg); - if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) { - continue; - } - (*name_types)[*num_names] = ads_atype_map(atype); - if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { - DEBUG(1,("No sid for %s !?\n", (*names)[*num_names])); - continue; - } - if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { - DEBUG(1,("No rid for %s !?\n", (*names)[*num_names])); - continue; + (*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); + (*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * num_members); + (*names) = talloc_zero(mem_ctx, sizeof(char *) * num_members); + + for (i=0;i Date: Thu, 11 Jul 2002 17:31:49 +0000 Subject: Merge of init_domain_list() fix from APPLIANCE_HEAD. (This used to be commit 66c9cab369e38284c71572bfb3643538e253a451) --- source3/nsswitch/winbindd_util.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 5a20066757..d5668a2bb6 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -166,9 +166,6 @@ BOOL init_domain_list(void) DEBUG(1,("Added domain %s (%s)\n", domain->name, sid_string_static(&domain->sid))); - - /* this primes the connection */ - cache_methods.domain_sid(domain, &domain->sid); } } -- cgit From e4722d2fcbd8bf2a099d46187bac6c85c5da8e08 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 11 Jul 2002 23:11:42 +0000 Subject: Usage fixes from APPLIANCE_HEAD. (This used to be commit 952d722a3bba15b7a10b4cbabb5548f4dde682d7) --- source3/nsswitch/wbinfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index f8510497b0..d0af10a0e6 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -641,8 +641,9 @@ static void usage(void) d_printf("\t-r user\t\t\tget user groups\n"); d_printf("\t-a user%%password\tauthenticate user\n"); d_printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); - d_printf("\t-p 'ping' winbindd to see if it is alive\n"); + d_printf("\t-p\t\t\t'ping' winbindd to see if it is alive\n"); d_printf("\t--sequence\t\tshow sequence numbers of all domains\n"); + d_printf("\t--set-auth-user DOMAIN\\user%%password\tset password for restrict anonymous\n"); } /* Main program */ -- cgit From 35150ef8b50efcd871ec00dee586e5d15905a414 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 13 Jul 2002 09:11:20 +0000 Subject: I just noticed that I never added my copyright when I messed with this previously. Fix that. Andrew Bartlett (This used to be commit c552910477f0baca4d2173c2bdf4748de3c3b8ad) --- source3/nsswitch/winbindd_cm.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 0f36d3613c..3ab97ed408 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -4,6 +4,7 @@ Winbind daemon connection manager Copyright (C) Tim Potter 2001 + Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 13157d1494b99bf85632120c27286ba4d877a68f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Jul 2002 22:15:20 +0000 Subject: this is a trick to work around the fact that posix does not supply a getgr*() function that lists groups without numerating all the group members. Instead of definiing a new nss method (which might cause problems) I added an environment variable WINBIND_GETGRLST that tells winbind not to fill in the group members in a gergrent() request. This can speed up group listing by a factor of 20 or more (on my test system with 50000 groups it reduces the time from an hour to 2 minutes) (This used to be commit e3f73256d31ab9914daae49f41e984a534996870) --- source3/nsswitch/winbind_nss.c | 14 +++++++++++++- source3/nsswitch/winbindd.c | 1 + source3/nsswitch/winbindd_dual.c | 1 + source3/nsswitch/winbindd_group.c | 23 +++++++++++++++-------- source3/nsswitch/winbindd_nss.h | 3 +++ source3/nsswitch/winbindd_rpc.c | 20 ++++++++++++++++++++ 6 files changed, 53 insertions(+), 9 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index a396e5551b..681bcd2bf7 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -238,6 +238,7 @@ winbind_callback(nsd_file_t **rqp, int fd) free_response(&response); return(do_list(1,rq)); case WINBINDD_GETGRENT: + case WINBINDD_GETGRLST: nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - %d GETGRENT responses\n", response.data.num_entries); @@ -1060,6 +1061,7 @@ _nss_winbind_getgrent_r(struct group *result, NSS_STATUS ret; static struct winbindd_request request; static int called_again; + enum winbindd_cmd cmd; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrent\n", getpid()); @@ -1083,7 +1085,17 @@ _nss_winbind_getgrent_r(struct group *result, request.data.num_entries = MAX_GETGRENT_USERS; - ret = winbindd_request(WINBINDD_GETGRENT, &request, + /* this is a hack to work around the fact that posix doesn't + define a 'list groups' call and listing all group members can + be *very* expensive. We use an environment variable to give + us a saner call (tridge) */ + if (getenv("WINBIND_GETGRLST")) { + cmd = WINBINDD_GETGRLST; + } else { + cmd = WINBINDD_GETGRENT; + } + + ret = winbindd_request(cmd, &request, &getgrent_response); if (ret == NSS_STATUS_SUCCESS) { diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 398845bdec..358d9add3a 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -223,6 +223,7 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" }, { WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" }, { WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" }, + { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" }, /* PAM auth functions */ diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index d55e84ca51..d32d62edaa 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -189,6 +189,7 @@ void do_dual_daemon(void) break; case WINBINDD_GETGRENT: + case WINBINDD_GETGRLST: winbindd_setgrent(&state); break; default: diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index dce75f60a3..20563ba7bd 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -75,7 +75,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, *num_gr_mem = 0; if (group_name_type != SID_NAME_DOM_GRP) { - DEBUG(1, ("rid %d in domain %s isn't a " "domain group\n", + DEBUG(1, ("rid %d in domain %s isn't a domain group\n", group_rid, domain->name)); goto done; } @@ -580,14 +580,21 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) goto done; } - /* Get group membership */ + group_list[group_list_ndx].num_gr_mem = 0; + gr_mem = NULL; + gr_mem_len = 0; - result = fill_grent_mem( - domain, - name_list[ent->sam_entry_index].rid, - SID_NAME_DOM_GRP, - &group_list[group_list_ndx].num_gr_mem, - &gr_mem, &gr_mem_len); + /* Get group membership */ + if (state->request.cmd == WINBINDD_GETGRLST) { + result = True; + } else { + result = fill_grent_mem( + domain, + name_list[ent->sam_entry_index].rid, + SID_NAME_DOM_GRP, + &group_list[group_list_ndx].num_gr_mem, + &gr_mem, &gr_mem_len); + } } if (result) { diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 023d72306b..0f0e40a2ec 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -99,6 +99,9 @@ enum winbindd_cmd { WINBINDD_WINS_BYIP, WINBINDD_WINS_BYNAME, + /* this is like GETGRENT but gives an empty group list */ + WINBINDD_GETGRLST, + /* Placeholder for end of cmd list */ WINBINDD_NUM_CMDS diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index dbfe1deda7..2bb0e8c49f 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -41,6 +41,8 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; int i; + DEBUG(3,("rpc: query_user_list\n")); + *num_entries = 0; *info = NULL; @@ -133,6 +135,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, *num_entries = 0; *info = NULL; + DEBUG(3,("rpc: enum_dom_groups\n")); + if (!(hnd = cm_get_sam_handle(domain->name))) { return NT_STATUS_UNSUCCESSFUL; } @@ -192,6 +196,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, uint32 *types = NULL; const char *full_name; + DEBUG(3,("rpc: name_to_sid name=%s\n", name)); + if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) { DEBUG(0, ("talloc_init failed!\n")); return NT_STATUS_NO_MEMORY; @@ -239,6 +245,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, uint32 *types; NTSTATUS status; + DEBUG(3,("rpc: sid_to_name\n")); + if (!(hnd = cm_get_lsa_handle(domain->name))) return NT_STATUS_UNSUCCESSFUL; @@ -271,6 +279,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain, BOOL got_dom_pol = False, got_user_pol = False; SAM_USERINFO_CTR *ctr; + DEBUG(3,("rpc: query_user rid=%u\n", user_rid)); + /* Get sam handle */ if (!(hnd = cm_get_sam_handle(domain->name))) goto done; @@ -336,6 +346,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, DOM_GID *user_groups; int i; + DEBUG(3,("rpc: lookup_usergroups rid=%u\n", user_rid)); + *num_groups = 0; /* First try cached universal groups from logon */ @@ -407,6 +419,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; BOOL got_dom_pol = False, got_group_pol = False; + DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid)); + *num_names = 0; /* Get sam handle */ @@ -509,6 +523,8 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) BOOL got_dom_pol = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; + DEBUG(3,("rpc: sequence_number\n")); + *seq = DOM_SEQUENCE_NONE; if (!(mem_ctx = talloc_init_named("sequence_number[rpc]"))) @@ -566,6 +582,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, uint32 enum_ctx = 0; uint32 pref_num_domains = 5; + DEBUG(3,("rpc: trusted_domains\n")); + *num_domains = 0; if (!(hnd = cm_get_lsa_handle(lp_workgroup()))) @@ -586,6 +604,8 @@ static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) CLI_POLICY_HND *hnd; fstring level5_dom; + DEBUG(3,("rpc: domain_sid\n")); + if (!(mem_ctx = talloc_init_named("domain_sid[rpc]"))) return NT_STATUS_NO_MEMORY; -- cgit