From aeab22b55cb1484ff6da7242bd525e30b69e5752 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Mon, 23 Feb 2009 23:21:13 -0800 Subject: s3: Rename auth_onefs_wb and pdb_onefs_sam auth_onefs_wb.c -> auth_wbc.c pdb_onefs_sam.c -> pdb_wbc_sam.c No changes to functionality --- source3/Makefile.in | 10 +- source3/auth/auth_onefs_wb.c | 134 ------------ source3/auth/auth_wbc.c | 150 ++++++++++++++ source3/configure.in | 8 +- source3/passdb/pdb_onefs_sam.c | 433 --------------------------------------- source3/passdb/pdb_wbc_sam.c | 448 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 607 insertions(+), 576 deletions(-) delete mode 100644 source3/auth/auth_onefs_wb.c create mode 100644 source3/auth/auth_wbc.c delete mode 100644 source3/passdb/pdb_onefs_sam.c create mode 100644 source3/passdb/pdb_wbc_sam.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 73b2989421..8f1d1a5b77 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -689,7 +689,7 @@ AUTH_SAM_OBJ = auth/auth_sam.o AUTH_SERVER_OBJ = auth/auth_server.o AUTH_UNIX_OBJ = auth/auth_unix.o AUTH_WINBIND_OBJ = auth/auth_winbind.o -AUTH_ONEFS_WB_OBJ = auth/auth_onefs_wb.o +AUTH_WBC_OBJ = auth/auth_wbc.o AUTH_SCRIPT_OBJ = auth/auth_script.o AUTH_NETLOGOND_OBJ = auth/auth_netlogond.o @@ -2355,9 +2355,9 @@ bin/winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_WINBIND_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_WINBIND_OBJ) -bin/onefs_wb.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_ONEFS_WB_OBJ) +bin/wbc.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_WBC_OBJ) @echo "Building plugin $@" - @$(SHLD_MODULE) $(AUTH_ONEFS_WB_OBJ) + @$(SHLD_MODULE) $(AUTH_WBC_OBJ) bin/unix.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_UNIX_OBJ) @echo "Building plugin $@" @@ -2375,9 +2375,9 @@ bin/tdbsam.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_tdb.o @echo "Building plugin $@" @$(SHLD_MODULE) passdb/pdb_tdb.o -bin/onefs_sam.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_onefs_sam.o +bin/wbc_sam.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_wbc_sam.o @echo "Building plugin $@" - @$(SHLD_MODULE) passdb/pdb_onefs_sam.o + @$(SHLD_MODULE) passdb/pdb_wbc_sam.o bin/smbpasswd.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_smbpasswd.o @echo "Building plugin $@" diff --git a/source3/auth/auth_onefs_wb.c b/source3/auth/auth_onefs_wb.c deleted file mode 100644 index 49de6966b0..0000000000 --- a/source3/auth/auth_onefs_wb.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind authentication mechnism, customized for onefs - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Bartlett 2001 - 2002 - Copyright (C) Dan Sledz 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - -/* Authenticate a user with a challenge/response */ - -static NTSTATUS check_onefs_wb_security(const struct auth_context *auth_context, - void *my_private_data, - TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) -{ - NTSTATUS nt_status; - wbcErr wbc_status; - struct wbcAuthUserParams params; - struct wbcAuthUserInfo *info = NULL; - struct wbcAuthErrorInfo *err = NULL; - - if (!user_info || !auth_context || !server_info) { - return NT_STATUS_INVALID_PARAMETER; - } - /* Send off request */ - - params.account_name = user_info->smb_name; - params.domain_name = user_info->domain; - params.workstation_name = user_info->wksta_name; - - params.flags = 0; - params.parameter_control= user_info->logon_parameters; - - /* Handle plaintext */ - if (!user_info->encrypted) { - DEBUG(3,("Checking plaintext password for %s.\n", - user_info->internal_username)); - params.level = WBC_AUTH_USER_LEVEL_PLAIN; - - params.password.plaintext = user_info->plaintext_password.data; - } else { - DEBUG(3,("Checking encrypted password for %s.\n", - user_info->internal_username)); - params.level = WBC_AUTH_USER_LEVEL_RESPONSE; - - memcpy(params.password.response.challenge, - auth_context->challenge.data, - sizeof(params.password.response.challenge)); - - params.password.response.nt_length = user_info->nt_resp.length; - params.password.response.nt_data = user_info->nt_resp.data; - params.password.response.lm_length = user_info->lm_resp.length; - params.password.response.lm_data = user_info->lm_resp.data; - - } - - /* we are contacting the privileged pipe */ - become_root(); - wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err); - unbecome_root(); - - if (!WBC_ERROR_IS_OK(wbc_status)) { - DEBUG(10,("wbcAuthenticateUserEx failed (%d): %s\n", - wbc_status, wbcErrorString(wbc_status))); - } - - if (wbc_status == WBC_ERR_NO_MEMORY) { - return NT_STATUS_NO_MEMORY; - } - - if (wbc_status == WBC_ERR_AUTH_ERROR) { - nt_status = NT_STATUS(err->nt_status); - wbcFreeMemory(err); - return nt_status; - } - - if (!WBC_ERROR_IS_OK(wbc_status)) { - return NT_STATUS_LOGON_FAILURE; - } - - DEBUG(10,("wbcAuthenticateUserEx succeeded\n")); - - nt_status = make_server_info_wbcAuthUserInfo(mem_ctx, - user_info->smb_name, - user_info->domain, - info, server_info); - wbcFreeMemory(info); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - (*server_info)->nss_token |= user_info->was_mapped; - - return nt_status; -} - -/* module initialisation */ -static NTSTATUS auth_init_onefs_wb(struct auth_context *auth_context, const char *param, auth_methods **auth_method) -{ - if (!make_auth_methods(auth_context, auth_method)) { - return NT_STATUS_NO_MEMORY; - } - - (*auth_method)->name = "onefs_wb"; - (*auth_method)->auth = check_onefs_wb_security; - - return NT_STATUS_OK; -} - -NTSTATUS auth_onefs_wb_init(void) -{ - return smb_register_auth(AUTH_INTERFACE_VERSION, "onefs_wb", auth_init_onefs_wb); -} diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c new file mode 100644 index 0000000000..b0af9ffb1d --- /dev/null +++ b/source3/auth/auth_wbc.c @@ -0,0 +1,150 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client authentication mechanism designed to defer all + authentication to the winbind daemon. + + Copyright (C) Tim Potter 2000 + Copyright (C) Andrew Bartlett 2001 - 2002 + Copyright (C) Dan Sledz 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* This auth module is very similar to auth_winbind with 3 distinct + * differences. + * + * 1) Does not fallback to another auth module if winbindd is unavailable + * 2) Does not validate the domain of the user + * 3) Handles unencrypted passwords + * + * The purpose of this module is to defer all authentication decisions (ie: + * local user vs NIS vs LDAP vs AD; encrypted vs plaintext) to the wbc + * compatible daemon. This centeralizes all authentication decisions to a + * single provider. + * + * This auth backend is most useful when used in conjunction with pdb_wbc_sam. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +/* Authenticate a user with a challenge/response */ + +static NTSTATUS check_wbc_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status; + wbcErr wbc_status; + struct wbcAuthUserParams params; + struct wbcAuthUserInfo *info = NULL; + struct wbcAuthErrorInfo *err = NULL; + + if (!user_info || !auth_context || !server_info) { + return NT_STATUS_INVALID_PARAMETER; + } + /* Send off request */ + + params.account_name = user_info->smb_name; + params.domain_name = user_info->domain; + params.workstation_name = user_info->wksta_name; + + params.flags = 0; + params.parameter_control= user_info->logon_parameters; + + /* Handle plaintext */ + if (!user_info->encrypted) { + DEBUG(3,("Checking plaintext password for %s.\n", + user_info->internal_username)); + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + + params.password.plaintext = user_info->plaintext_password.data; + } else { + DEBUG(3,("Checking encrypted password for %s.\n", + user_info->internal_username)); + params.level = WBC_AUTH_USER_LEVEL_RESPONSE; + + memcpy(params.password.response.challenge, + auth_context->challenge.data, + sizeof(params.password.response.challenge)); + + params.password.response.nt_length = user_info->nt_resp.length; + params.password.response.nt_data = user_info->nt_resp.data; + params.password.response.lm_length = user_info->lm_resp.length; + params.password.response.lm_data = user_info->lm_resp.data; + + } + + /* we are contacting the privileged pipe */ + become_root(); + wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err); + unbecome_root(); + + if (!WBC_ERROR_IS_OK(wbc_status)) { + DEBUG(10,("wbcAuthenticateUserEx failed (%d): %s\n", + wbc_status, wbcErrorString(wbc_status))); + } + + if (wbc_status == WBC_ERR_NO_MEMORY) { + return NT_STATUS_NO_MEMORY; + } + + if (wbc_status == WBC_ERR_AUTH_ERROR) { + nt_status = NT_STATUS(err->nt_status); + wbcFreeMemory(err); + return nt_status; + } + + if (!WBC_ERROR_IS_OK(wbc_status)) { + return NT_STATUS_LOGON_FAILURE; + } + + DEBUG(10,("wbcAuthenticateUserEx succeeded\n")); + + nt_status = make_server_info_wbcAuthUserInfo(mem_ctx, + user_info->smb_name, + user_info->domain, + info, server_info); + wbcFreeMemory(info); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + (*server_info)->nss_token |= user_info->was_mapped; + + return nt_status; +} + +/* module initialisation */ +static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return NT_STATUS_NO_MEMORY; + } + + (*auth_method)->name = "wbc"; + (*auth_method)->auth = check_wbc_security; + + return NT_STATUS_OK; +} + +NTSTATUS auth_wbc_init(void) +{ + return smb_register_auth(AUTH_INTERFACE_VERSION, "wbc", auth_init_wbc); +} diff --git a/source3/configure.in b/source3/configure.in index bd3d4af40b..d67feccb9b 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -414,7 +414,7 @@ AC_SUBST(DYNEXP) dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss2 rpc_eventlog auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template" +default_static_modules="pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss2 rpc_eventlog auth_sam auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template" dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer" @@ -1088,7 +1088,7 @@ echo $samba_cv_HAVE_ONEFS if test x"$samba_cv_HAVE_ONEFS" = x"yes"; then AC_DEFINE(HAVE_ONEFS,1,[Whether building on Isilon OneFS]) default_shared_modules="$default_shared_modules vfs_onefs vfs_onefs_shadow_copy perfcount_onefs" - default_static_modules="$default_static_modules auth_onefs_wb pdb_onefs_sam" + default_static_modules="$default_static_modules" ONEFS_LIBS="-lisi_acl -lisi_ecs -lisi_event -lisi_util" # Need to also add general libs for oplocks support save_LIBS="$save_LIBS -lisi_ecs -lisi_event -lisi_util -ldevstat" @@ -6130,7 +6130,7 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o passdb/pdb_nds.o, "bin/ldapsam.$SHLIBEXT" [ PASSDB_LIBS="$PASSDB_LIBS $LDAP_LIBS" ] ) SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) -SMB_MODULE(pdb_onefs_sam, passdb/pdb_onefs_sam.o, "bin/onefs_sam.$SHLIBEXT", PDB) +SMB_MODULE(pdb_wbc_sam, passdb/pdb_wbc_sam.o, "bin/wbc_sam.$SHLIBEXT", PDB) SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o) @@ -6173,7 +6173,7 @@ SMB_SUBSYSTEM(CHARSET,lib/iconv.o) SMB_MODULE(auth_sam, \$(AUTH_SAM_OBJ), "bin/sam.$SHLIBEXT", AUTH) SMB_MODULE(auth_unix, \$(AUTH_UNIX_OBJ), "bin/unix.$SHLIBEXT", AUTH) SMB_MODULE(auth_winbind, \$(AUTH_WINBIND_OBJ), "bin/winbind.$SHLIBEXT", AUTH) -SMB_MODULE(auth_onefs_wb, \$(AUTH_ONEFS_WB_OBJ), "bin/onefs_wb.$SHLIBEXT", AUTH) +SMB_MODULE(auth_wbc, \$(AUTH_WBC_OBJ), "bin/wbc.$SHLIBEXT", AUTH) SMB_MODULE(auth_server, \$(AUTH_SERVER_OBJ), "bin/smbserver.$SHLIBEXT", AUTH) SMB_MODULE(auth_domain, \$(AUTH_DOMAIN_OBJ), "bin/domain.$SHLIBEXT", AUTH) SMB_MODULE(auth_builtin, \$(AUTH_BUILTIN_OBJ), "bin/builtin.$SHLIBEXT", AUTH) diff --git a/source3/passdb/pdb_onefs_sam.c b/source3/passdb/pdb_onefs_sam.c deleted file mode 100644 index 51b8618aad..0000000000 --- a/source3/passdb/pdb_onefs_sam.c +++ /dev/null @@ -1,433 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling for wbclient - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Simo Sorce 2003 - Copyright (C) Volker Lendecke 2006 - Copyright (C) Dan Sledz 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" - -/*************************************************************************** - Default implementations of some functions. - ****************************************************************************/ -static NTSTATUS _pdb_onefs_sam_getsampw(struct pdb_methods *methods, - struct samu *user, - const struct passwd *pwd) -{ - NTSTATUS result = NT_STATUS_OK; - - if (pwd == NULL) - return NT_STATUS_NO_SUCH_USER; - - memset(user, 0, sizeof(user)); - - /* Can we really get away with this little of information */ - user->methods = methods; - result = samu_set_unix(user, pwd); - - return result; -} - -static NTSTATUS pdb_onefs_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname) -{ - return _pdb_onefs_sam_getsampw(methods, user, winbind_getpwnam(sname)); -} - -static NTSTATUS pdb_onefs_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID *sid) -{ - return _pdb_onefs_sam_getsampw(methods, user, winbind_getpwsid(sid)); -} - -static bool pdb_onefs_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid, - DOM_SID *sid) -{ - return winbind_uid_to_sid(sid, uid); -} - -static bool pdb_onefs_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid, - DOM_SID *sid) -{ - return winbind_gid_to_sid(sid, gid); -} - -static bool pdb_onefs_sam_sid_to_id(struct pdb_methods *methods, - const DOM_SID *sid, - union unid_t *id, enum lsa_SidType *type) -{ - if (winbind_sid_to_uid(&id->uid, sid)) { - *type = SID_NAME_USER; - } else if (winbind_sid_to_gid(&id->gid, sid)) { - /* We assume all gids are groups, not aliases */ - *type = SID_NAME_DOM_GRP; - } else { - return false; - } - - return true; -} - -static NTSTATUS pdb_onefs_sam_enum_group_members(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - const DOM_SID *group, - uint32 **pp_member_rids, - size_t *p_num_members) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_onefs_sam_enum_group_memberships(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - struct samu *user, - DOM_SID **pp_sids, - gid_t **pp_gids, - size_t *p_num_groups) -{ - size_t i; - const char *username = pdb_get_username(user); - - if (!winbind_get_groups(mem_ctx, username, p_num_groups, pp_gids)) { - return NT_STATUS_NO_SUCH_USER; - } - - if (*p_num_groups == 0) { - smb_panic("primary group missing"); - } - - *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups); - - if (*pp_sids == NULL) { - TALLOC_FREE(*pp_gids); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i < *p_num_groups; i++) { - gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]); - } - - return NT_STATUS_OK; -} - -static NTSTATUS pdb_onefs_sam_lookup_rids(struct pdb_methods *methods, - const DOM_SID *domain_sid, - int num_rids, - uint32 *rids, - const char **names, - enum lsa_SidType *attrs) -{ - NTSTATUS result = NT_STATUS_OK; - char *domain = NULL; - char **account_names = NULL; - char name[256]; - enum lsa_SidType *attr_list = NULL; - int i; - - if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids, - (const char **)&domain, - (const char ***)&account_names, &attr_list)) - { - result = NT_STATUS_NONE_MAPPED; - goto done; - } - - memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType)); - - for (i=0; int_name, sizeof(map->nt_name), "%s%c%s", - domain, *lp_winbind_separator(), name); - map->sid_name_use = name_type; - map->sid = *sid; - map->gid = gid; - return true; -} - -static NTSTATUS pdb_onefs_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid) -{ - NTSTATUS result = NT_STATUS_OK; - char *name = NULL; - char *domain = NULL; - enum lsa_SidType name_type; - gid_t gid; - - if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, - (const char **) &name, &name_type)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if ((name_type != SID_NAME_DOM_GRP) && - (name_type != SID_NAME_DOMAIN) && - (name_type != SID_NAME_ALIAS) && - (name_type != SID_NAME_WKN_GRP)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!winbind_sid_to_gid(&gid, &sid)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - -done: - TALLOC_FREE(name); - TALLOC_FREE(domain); - return result; -} - -static NTSTATUS pdb_onefs_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid) -{ - NTSTATUS result = NT_STATUS_OK; - char *name = NULL; - char *domain = NULL; - DOM_SID sid; - enum lsa_SidType name_type; - - if (!winbind_gid_to_sid(&sid, gid)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, - (const char **)&name, &name_type)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if ((name_type != SID_NAME_DOM_GRP) && - (name_type != SID_NAME_DOMAIN) && - (name_type != SID_NAME_ALIAS) && - (name_type != SID_NAME_WKN_GRP)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - -done: - TALLOC_FREE(name); - TALLOC_FREE(domain); - - return result; -} - -static NTSTATUS pdb_onefs_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - const char *name) -{ - NTSTATUS result = NT_STATUS_OK; - char *user_name = NULL; - char *domain = NULL; - DOM_SID sid; - gid_t gid; - enum lsa_SidType name_type; - - if (!winbind_lookup_name(domain, user_name, &sid, &name_type)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if ((name_type != SID_NAME_DOM_GRP) && - (name_type != SID_NAME_DOMAIN) && - (name_type != SID_NAME_ALIAS) && - (name_type != SID_NAME_WKN_GRP)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!winbind_sid_to_gid(&gid, &sid)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - - if (!_make_group_map(methods, domain, user_name, name_type, gid, &sid, map)) { - result = NT_STATUS_NO_SUCH_GROUP; - goto done; - } - -done: - - return result; -} - -static NTSTATUS pdb_onefs_sam_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, - bool unix_only) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_onefs_sam_get_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_onefs_sam_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **pp_members, - size_t *p_num_members) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_onefs_sam_alias_memberships(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - const DOM_SID *members, - size_t num_members, - uint32 **pp_alias_rids, - size_t *p_num_alias_rids) -{ - if (!winbind_get_sid_aliases(mem_ctx, domain_sid, - members, num_members, pp_alias_rids, p_num_alias_rids)) - return NT_STATUS_UNSUCCESSFUL; - - return NT_STATUS_OK; -} - -static NTSTATUS pdb_init_onefs_sam(struct pdb_methods **pdb_method, const char *location) -{ - NTSTATUS result; - - if (!NT_STATUS_IS_OK(result = make_pdb_method( pdb_method))) { - return result; - } - - (*pdb_method)->name = "onefs_sam"; - - (*pdb_method)->getsampwnam = pdb_onefs_sam_getsampwnam; - (*pdb_method)->getsampwsid = pdb_onefs_sam_getsampwsid; - - (*pdb_method)->getgrsid = pdb_onefs_sam_getgrsid; - (*pdb_method)->getgrgid = pdb_onefs_sam_getgrgid; - (*pdb_method)->getgrnam = pdb_onefs_sam_getgrnam; - (*pdb_method)->enum_group_mapping = pdb_onefs_sam_enum_group_mapping; - (*pdb_method)->enum_group_members = pdb_onefs_sam_enum_group_members; - (*pdb_method)->enum_group_memberships = pdb_onefs_sam_enum_group_memberships; - (*pdb_method)->get_aliasinfo = pdb_onefs_sam_get_aliasinfo; - (*pdb_method)->enum_aliasmem = pdb_onefs_sam_enum_aliasmem; - (*pdb_method)->enum_alias_memberships = pdb_onefs_sam_alias_memberships; - (*pdb_method)->lookup_rids = pdb_onefs_sam_lookup_rids; - (*pdb_method)->get_account_policy = pdb_onefs_sam_get_account_policy; - (*pdb_method)->set_account_policy = pdb_onefs_sam_set_account_policy; - (*pdb_method)->uid_to_sid = pdb_onefs_sam_uid_to_sid; - (*pdb_method)->gid_to_sid = pdb_onefs_sam_gid_to_sid; - (*pdb_method)->sid_to_id = pdb_onefs_sam_sid_to_id; - - (*pdb_method)->search_groups = pdb_onefs_sam_search_groups; - (*pdb_method)->search_aliases = pdb_onefs_sam_search_aliases; - - (*pdb_method)->get_trusteddom_pw = pdb_onefs_sam_get_trusteddom_pw; - (*pdb_method)->set_trusteddom_pw = pdb_onefs_sam_set_trusteddom_pw; - (*pdb_method)->del_trusteddom_pw = pdb_onefs_sam_del_trusteddom_pw; - (*pdb_method)->enum_trusteddoms = pdb_onefs_sam_enum_trusteddoms; - - (*pdb_method)->private_data = NULL; - (*pdb_method)->free_private_data = NULL; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_onefs_sam_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "onefs_sam", pdb_init_onefs_sam); -} diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c new file mode 100644 index 0000000000..33dc03fe4c --- /dev/null +++ b/source3/passdb/pdb_wbc_sam.c @@ -0,0 +1,448 @@ +/* + Unix SMB/CIFS implementation. + + Password and authentication handling by wbclient + + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Jelmer Vernooij 2002 + Copyright (C) Simo Sorce 2003 + Copyright (C) Volker Lendecke 2006 + Copyright (C) Dan Sledz 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* This passdb module retrieves full passdb information for local users and + * groups from a wbclient compatible daemon. + * + * The purpose of this module is to defer all SAM authorization information + * storage and retrieval to a wbc compatible daemon. + * + * This passdb backend is most useful when used in conjunction with auth_wbc. + * + * A few current limitations of this module are: + * - read only interface + * - no privileges + */ + +#include "includes.h" + +/*************************************************************************** + Default implementations of some functions. + ****************************************************************************/ +static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods, + struct samu *user, + const struct passwd *pwd) +{ + NTSTATUS result = NT_STATUS_OK; + + if (pwd == NULL) + return NT_STATUS_NO_SUCH_USER; + + memset(user, 0, sizeof(user)); + + /* Can we really get away with this little of information */ + user->methods = methods; + result = samu_set_unix(user, pwd); + + return result; +} + +static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname) +{ + return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname)); +} + +static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID *sid) +{ + return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid)); +} + +static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid, + DOM_SID *sid) +{ + return winbind_uid_to_sid(sid, uid); +} + +static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid, + DOM_SID *sid) +{ + return winbind_gid_to_sid(sid, gid); +} + +static bool pdb_wbc_sam_sid_to_id(struct pdb_methods *methods, + const DOM_SID *sid, + union unid_t *id, enum lsa_SidType *type) +{ + if (winbind_sid_to_uid(&id->uid, sid)) { + *type = SID_NAME_USER; + } else if (winbind_sid_to_gid(&id->gid, sid)) { + /* We assume all gids are groups, not aliases */ + *type = SID_NAME_DOM_GRP; + } else { + return false; + } + + return true; +} + +static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const DOM_SID *group, + uint32 **pp_member_rids, + size_t *p_num_members) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct samu *user, + DOM_SID **pp_sids, + gid_t **pp_gids, + size_t *p_num_groups) +{ + size_t i; + const char *username = pdb_get_username(user); + + if (!winbind_get_groups(mem_ctx, username, p_num_groups, pp_gids)) { + return NT_STATUS_NO_SUCH_USER; + } + + if (*p_num_groups == 0) { + smb_panic("primary group missing"); + } + + *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups); + + if (*pp_sids == NULL) { + TALLOC_FREE(*pp_gids); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i < *p_num_groups; i++) { + gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]); + } + + return NT_STATUS_OK; +} + +static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods, + const DOM_SID *domain_sid, + int num_rids, + uint32 *rids, + const char **names, + enum lsa_SidType *attrs) +{ + NTSTATUS result = NT_STATUS_OK; + char *domain = NULL; + char **account_names = NULL; + char name[256]; + enum lsa_SidType *attr_list = NULL; + int i; + + if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids, + (const char **)&domain, + (const char ***)&account_names, &attr_list)) + { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType)); + + for (i=0; int_name, sizeof(map->nt_name), "%s%c%s", + domain, *lp_winbind_separator(), name); + map->sid_name_use = name_type; + map->sid = *sid; + map->gid = gid; + return true; +} + +static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid) +{ + NTSTATUS result = NT_STATUS_OK; + char *name = NULL; + char *domain = NULL; + enum lsa_SidType name_type; + gid_t gid; + + if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, + (const char **) &name, &name_type)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if ((name_type != SID_NAME_DOM_GRP) && + (name_type != SID_NAME_DOMAIN) && + (name_type != SID_NAME_ALIAS) && + (name_type != SID_NAME_WKN_GRP)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!winbind_sid_to_gid(&gid, &sid)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + +done: + TALLOC_FREE(name); + TALLOC_FREE(domain); + return result; +} + +static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid) +{ + NTSTATUS result = NT_STATUS_OK; + char *name = NULL; + char *domain = NULL; + DOM_SID sid; + enum lsa_SidType name_type; + + if (!winbind_gid_to_sid(&sid, gid)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, + (const char **)&name, &name_type)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if ((name_type != SID_NAME_DOM_GRP) && + (name_type != SID_NAME_DOMAIN) && + (name_type != SID_NAME_ALIAS) && + (name_type != SID_NAME_WKN_GRP)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + +done: + TALLOC_FREE(name); + TALLOC_FREE(domain); + + return result; +} + +static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + const char *name) +{ + NTSTATUS result = NT_STATUS_OK; + char *user_name = NULL; + char *domain = NULL; + DOM_SID sid; + gid_t gid; + enum lsa_SidType name_type; + + if (!winbind_lookup_name(domain, user_name, &sid, &name_type)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if ((name_type != SID_NAME_DOM_GRP) && + (name_type != SID_NAME_DOMAIN) && + (name_type != SID_NAME_ALIAS) && + (name_type != SID_NAME_WKN_GRP)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!winbind_sid_to_gid(&gid, &sid)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + + if (!_make_group_map(methods, domain, user_name, name_type, gid, &sid, map)) { + result = NT_STATUS_NO_SUCH_GROUP; + goto done; + } + +done: + + return result; +} + +static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods, + const DOM_SID *sid, enum lsa_SidType sid_name_use, + GROUP_MAP **pp_rmap, size_t *p_num_entries, + bool unix_only) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods, + const DOM_SID *sid, + struct acct_info *info) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods, + const DOM_SID *alias, DOM_SID **pp_members, + size_t *p_num_members) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID *members, + size_t num_members, + uint32 **pp_alias_rids, + size_t *p_num_alias_rids) +{ + if (!winbind_get_sid_aliases(mem_ctx, domain_sid, + members, num_members, pp_alias_rids, p_num_alias_rids)) + return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; +} + +static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *location) +{ + NTSTATUS result; + + if (!NT_STATUS_IS_OK(result = make_pdb_method( pdb_method))) { + return result; + } + + (*pdb_method)->name = "wbc_sam"; + + (*pdb_method)->getsampwnam = pdb_wbc_sam_getsampwnam; + (*pdb_method)->getsampwsid = pdb_wbc_sam_getsampwsid; + + (*pdb_method)->getgrsid = pdb_wbc_sam_getgrsid; + (*pdb_method)->getgrgid = pdb_wbc_sam_getgrgid; + (*pdb_method)->getgrnam = pdb_wbc_sam_getgrnam; + (*pdb_method)->enum_group_mapping = pdb_wbc_sam_enum_group_mapping; + (*pdb_method)->enum_group_members = pdb_wbc_sam_enum_group_members; + (*pdb_method)->enum_group_memberships = pdb_wbc_sam_enum_group_memberships; + (*pdb_method)->get_aliasinfo = pdb_wbc_sam_get_aliasinfo; + (*pdb_method)->enum_aliasmem = pdb_wbc_sam_enum_aliasmem; + (*pdb_method)->enum_alias_memberships = pdb_wbc_sam_alias_memberships; + (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids; + (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy; + (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy; + (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid; + (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid; + (*pdb_method)->sid_to_id = pdb_wbc_sam_sid_to_id; + + (*pdb_method)->search_groups = pdb_wbc_sam_search_groups; + (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases; + + (*pdb_method)->get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw; + (*pdb_method)->set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw; + (*pdb_method)->del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw; + (*pdb_method)->enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms; + + (*pdb_method)->private_data = NULL; + (*pdb_method)->free_private_data = NULL; + + return NT_STATUS_OK; +} + +NTSTATUS pdb_wbc_sam_init(void) +{ + return smb_register_passdb(PASSDB_INTERFACE_VERSION, "wbc_sam", pdb_init_wbc_sam); +} -- cgit