From 7fb1be73734915e027f86aca9ba62b86c56ca787 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 24 May 2004 17:41:47 +0000 Subject: r853: remove a real big bunch of unused code I really think that this is needed to get a better overview of what is currently used Also this stuff is really out of date so if we really ever need some of this stuff back, a 'svn copy' from the SAMBA_3_0 branch should be no big problem... metze (This used to be commit 972598d511c64f29bdc849fe58c9c82fbcf6a4a2) --- source4/nsswitch/README | 13 - source4/nsswitch/config.m4 | 105 --- source4/nsswitch/hp_nss_common.h | 51 -- source4/nsswitch/hp_nss_dbdefs.h | 105 --- source4/nsswitch/nss.h | 104 --- source4/nsswitch/pam_winbind.c | 754 ------------------ source4/nsswitch/pam_winbind.h | 93 --- source4/nsswitch/wb_client.c | 104 --- source4/nsswitch/wb_common.c | 433 ----------- source4/nsswitch/wbinfo.c | 891 --------------------- source4/nsswitch/winbind_client.h | 16 - source4/nsswitch/winbind_nss.c | 1341 -------------------------------- source4/nsswitch/winbind_nss_config.h | 165 ---- source4/nsswitch/winbind_nss_solaris.c | 301 ------- source4/nsswitch/winbindd.c | 951 ---------------------- source4/nsswitch/winbindd.h | 230 ------ source4/nsswitch/winbindd_ads.c | 837 -------------------- source4/nsswitch/winbindd_cache.c | 1016 ------------------------ source4/nsswitch/winbindd_cm.c | 954 ----------------------- source4/nsswitch/winbindd_dual.c | 210 ----- source4/nsswitch/winbindd_group.c | 896 --------------------- source4/nsswitch/winbindd_idmap.c | 196 ----- source4/nsswitch/winbindd_idmap_tdb.c | 441 ----------- source4/nsswitch/winbindd_misc.c | 235 ------ source4/nsswitch/winbindd_nss.h | 242 ------ source4/nsswitch/winbindd_pam.c | 368 --------- source4/nsswitch/winbindd_rpc.c | 776 ------------------ source4/nsswitch/winbindd_sid.c | 235 ------ source4/nsswitch/winbindd_user.c | 607 --------------- source4/nsswitch/winbindd_util.c | 553 ------------- source4/nsswitch/winbindd_wins.c | 210 ----- source4/nsswitch/wins.c | 322 -------- 32 files changed, 13755 deletions(-) delete mode 100644 source4/nsswitch/README delete mode 100644 source4/nsswitch/config.m4 delete mode 100644 source4/nsswitch/hp_nss_common.h delete mode 100644 source4/nsswitch/hp_nss_dbdefs.h delete mode 100644 source4/nsswitch/nss.h delete mode 100644 source4/nsswitch/pam_winbind.c delete mode 100644 source4/nsswitch/pam_winbind.h delete mode 100644 source4/nsswitch/wb_client.c delete mode 100644 source4/nsswitch/wb_common.c delete mode 100644 source4/nsswitch/wbinfo.c delete mode 100644 source4/nsswitch/winbind_client.h delete mode 100644 source4/nsswitch/winbind_nss.c delete mode 100644 source4/nsswitch/winbind_nss_config.h delete mode 100644 source4/nsswitch/winbind_nss_solaris.c delete mode 100644 source4/nsswitch/winbindd.c delete mode 100644 source4/nsswitch/winbindd.h delete mode 100644 source4/nsswitch/winbindd_ads.c delete mode 100644 source4/nsswitch/winbindd_cache.c delete mode 100644 source4/nsswitch/winbindd_cm.c delete mode 100644 source4/nsswitch/winbindd_dual.c delete mode 100644 source4/nsswitch/winbindd_group.c delete mode 100644 source4/nsswitch/winbindd_idmap.c delete mode 100644 source4/nsswitch/winbindd_idmap_tdb.c delete mode 100644 source4/nsswitch/winbindd_misc.c delete mode 100644 source4/nsswitch/winbindd_nss.h delete mode 100644 source4/nsswitch/winbindd_pam.c delete mode 100644 source4/nsswitch/winbindd_rpc.c delete mode 100644 source4/nsswitch/winbindd_sid.c delete mode 100644 source4/nsswitch/winbindd_user.c delete mode 100644 source4/nsswitch/winbindd_util.c delete mode 100644 source4/nsswitch/winbindd_wins.c delete mode 100644 source4/nsswitch/wins.c (limited to 'source4/nsswitch') diff --git a/source4/nsswitch/README b/source4/nsswitch/README deleted file mode 100644 index 9f0c581df6..0000000000 --- a/source4/nsswitch/README +++ /dev/null @@ -1,13 +0,0 @@ -This extension provides a "wins" module for NSS on glibc2/Linux. This -allows you to use a WINS entry in /etc/nsswitch.conf for hostname -resolution, allowing you to resolve netbios names via start unix -gethostbyname() calls. The end result is that you can use netbios -names as host names in unix apps. - -1) run configure -2) run "make nsswitch" -3) cp nsswitch/libnss_wins.so /lib/libnss_wins.so.2 -4) add a wins entry to the hosts line in /etc/nsswitch.conf -5) use it - -tridge@linuxcare.com diff --git a/source4/nsswitch/config.m4 b/source4/nsswitch/config.m4 deleted file mode 100644 index 2d5efe0eb6..0000000000 --- a/source4/nsswitch/config.m4 +++ /dev/null @@ -1,105 +0,0 @@ -################################################# -# Check whether winbind is supported on this platform. If so we need to -# build and install client programs, sbin programs and shared libraries - -AC_MSG_CHECKING(whether to build winbind) - -# Initially, the value of $host_os decides whether winbind is supported - -case "$host_os" in - *linux*|*irix*) - HAVE_WINBIND=yes - ;; - *solaris*) - HAVE_WINBIND=yes - WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" - WINBIND_NSS_EXTRA_LIBS="-lsocket" - ;; - *hpux11*) - HAVE_WINBIND=yes - WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" - ;; - *) - HAVE_WINBIND=no - winbind_no_reason=", unsupported on $host_os" - ;; -esac - -AC_SUBST(WINBIND_NSS_EXTRA_OBJS) -AC_SUBST(WINBIND_NSS_EXTRA_LIBS) - -# Check the setting of --with-winbindd - -AC_ARG_WITH(winbind, -[ --with-winbind Build winbind (default, if supported by OS)], -[ - case "$withval" in - yes) - HAVE_WINBIND=yes - ;; - no) - HAVE_WINBIND=no - winbind_reason="" - ;; - esac ], -) - -# We need unix domain sockets for winbind -if test x"$HAVE_WINBIND" = x"yes"; then - if test x"$samba_cv_unixsocket" = x"no"; then - winbind_no_reason=", no unix domain socket support on $host_os" - HAVE_WINBIND=no - fi -fi - -# Display test results - -if test x"$HAVE_WINBIND" = x"yes"; then - AC_MSG_RESULT(yes) - AC_DEFINE(WITH_WINBIND,1,[Whether to build winbind]) - - EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/wbinfo\$(EXEEXT)" - EXTRA_SBIN_PROGS="$EXTRA_SBIN_PROGS bin/winbindd\$(EXEEXT)" - if test x"$BLDSHARED" = x"true"; then - case "$host_os" in - *irix*) - SHLIB_PROGS="$SHLIB_PROGS nsswitch/libns_winbind.so" - ;; - *) - SHLIB_PROGS="$SHLIB_PROGS nsswitch/libnss_winbind.so" - ;; - esac - if test x"$with_pam" = x"yes"; then - SHLIB_PROGS="$SHLIB_PROGS nsswitch/pam_winbind.so" - fi - fi -else - AC_MSG_RESULT(no$winbind_no_reason) -fi - -# Solaris has some extra fields in struct passwd that need to be -# initialised otherwise nscd crashes. Unfortunately autoconf < 2.50 -# doesn't have the AC_CHECK_MEMBER macro which would be handy for checking -# this. - -#AC_CHECK_MEMBER(struct passwd.pw_comment, -# AC_DEFINE(HAVE_PASSWD_PW_COMMENT, 1, [Defined if struct passwd has pw_comment field]), -# [#include ]) - -AC_CACHE_CHECK([whether struct passwd has pw_comment],samba_cv_passwd_pw_comment, [ - AC_TRY_COMPILE([#include ],[struct passwd p; p.pw_comment;], - samba_cv_passwd_pw_comment=yes,samba_cv_passwd_pw_comment=no)]) -if test x"$samba_cv_passwd_pw_comment" = x"yes"; then - AC_DEFINE(HAVE_PASSWD_PW_COMMENT,1,[Whether struct passwd has pw_comment]) -fi - -#AC_CHECK_MEMBER(struct passwd.pw_age, -# AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]), -# [#include ]) - -AC_CACHE_CHECK([whether struct passwd has pw_age],samba_cv_passwd_pw_age, [ - AC_TRY_COMPILE([#include ],[struct passwd p; p.pw_age;], - samba_cv_passwd_pw_age=yes,samba_cv_passwd_pw_age=no)]) -if test x"$samba_cv_passwd_pw_age" = x"yes"; then - AC_DEFINE(HAVE_PASSWD_PW_AGE,1,[Whether struct passwd has pw_age]) -fi diff --git a/source4/nsswitch/hp_nss_common.h b/source4/nsswitch/hp_nss_common.h deleted file mode 100644 index 5bd5374182..0000000000 --- a/source4/nsswitch/hp_nss_common.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef _HP_NSS_COMMON_H -#define _HP_NSS_COMMON_H - -/* - Unix SMB/CIFS implementation. - - Donated by HP to enable Winbindd to build on HPUX 11.x. - Copyright (C) Jeremy Allison 2002. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifdef HAVE_SYNCH_H -#include -#endif -#ifdef HAVE_PTHREAD_H -#include -#endif - -typedef enum { - NSS_SUCCESS, - NSS_NOTFOUND, - NSS_UNAVAIL, - NSS_TRYAGAIN -} nss_status_t; - -struct nss_backend; - -typedef nss_status_t (*nss_backend_op_t)(struct nss_backend *, void *args); - -struct nss_backend { - nss_backend_op_t *ops; - int n_ops; -}; -typedef struct nss_backend nss_backend_t; -typedef int nss_dbop_t; - -#endif /* _HP_NSS_COMMON_H */ diff --git a/source4/nsswitch/hp_nss_dbdefs.h b/source4/nsswitch/hp_nss_dbdefs.h deleted file mode 100644 index bd24772e33..0000000000 --- a/source4/nsswitch/hp_nss_dbdefs.h +++ /dev/null @@ -1,105 +0,0 @@ -#ifndef _HP_NSS_DBDEFS_H -#define _HP_NSS_DBDEFS_H - -/* - Unix SMB/CIFS implementation. - - Donated by HP to enable Winbindd to build on HPUX 11.x. - Copyright (C) Jeremy Allison 2002. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include -#include -#include - -#ifndef NSS_INCLUDE_UNSAFE -#define NSS_INCLUDE_UNSAFE 1 /* Build old, MT-unsafe interfaces, */ -#endif /* NSS_INCLUDE_UNSAFE */ - -enum nss_netgr_argn { - NSS_NETGR_MACHINE, - NSS_NETGR_USER, - NSS_NETGR_DOMAIN, - NSS_NETGR_N -}; - -enum nss_netgr_status { - NSS_NETGR_FOUND, - NSS_NETGR_NO, - NSS_NETGR_NOMEM -}; - -typedef unsigned nss_innetgr_argc; -typedef char **nss_innetgr_argv; - -struct nss_innetgr_1arg { - nss_innetgr_argc argc; - nss_innetgr_argv argv; -}; - -typedef struct { - void *result; /* "result" parameter to getXbyY_r() */ - char *buffer; /* "buffer" " " */ - int buflen; /* "buflen" " " */ -} nss_XbyY_buf_t; - -extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size); -extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *); - -union nss_XbyY_key { - uid_t uid; - gid_t gid; - const char *name; - int number; - struct { - long net; - int type; - } netaddr; - struct { - const char *addr; - int len; - int type; - } hostaddr; - struct { - union { - const char *name; - int port; - } serv; - const char *proto; - } serv; - void *ether; -}; - -typedef struct nss_XbyY_args { - nss_XbyY_buf_t buf; - int stayopen; - /* - * Support for setXXXent(stayopen) - * Used only in hosts, protocols, - * networks, rpc, and services. - */ - int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen); - union nss_XbyY_key key; - - void *returnval; - int erange; - int h_errno; - nss_status_t status; -} nss_XbyY_args_t; - -#endif /* _NSS_DBDEFS_H */ diff --git a/source4/nsswitch/nss.h b/source4/nsswitch/nss.h deleted file mode 100644 index d83a5e237e..0000000000 --- a/source4/nsswitch/nss.h +++ /dev/null @@ -1,104 +0,0 @@ -#ifndef _NSSWITCH_NSS_H -#define _NSSWITCH_NSS_H -/* - Unix SMB/CIFS implementation. - - a common place to work out how to define NSS_STATUS on various - platforms - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifdef HAVE_NSS_COMMON_H - -/* Sun Solaris */ - -#include -#include -#include - -typedef nss_status_t NSS_STATUS; - -#define NSS_STATUS_SUCCESS NSS_SUCCESS -#define NSS_STATUS_NOTFOUND NSS_NOTFOUND -#define NSS_STATUS_UNAVAIL NSS_UNAVAIL -#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN - -#elif HAVE_NSS_H - -/* GNU */ - -#include - -typedef enum nss_status NSS_STATUS; - -#elif HAVE_NS_API_H - -/* SGI IRIX */ - -/* following required to prevent warnings of double definition - * of datum from ns_api.h -*/ -#ifdef DATUM -#define _DATUM_DEFINED -#endif - -#include - -typedef enum -{ - NSS_STATUS_SUCCESS=NS_SUCCESS, - NSS_STATUS_NOTFOUND=NS_NOTFOUND, - NSS_STATUS_UNAVAIL=NS_UNAVAIL, - NSS_STATUS_TRYAGAIN=NS_TRYAGAIN -} NSS_STATUS; - -#define NSD_MEM_STATIC 0 -#define NSD_MEM_VOLATILE 1 -#define NSD_MEM_DYNAMIC 2 - -#elif defined(HPUX) && defined(HAVE_NSSWITCH_H) -/* HP-UX 11 */ - -#include "nsswitch/hp_nss_common.h" -#include "nsswitch/hp_nss_dbdefs.h" -#include - -#ifndef _HAVE_TYPEDEF_NSS_STATUS -#define _HAVE_TYPEDEF_NSS_STATUS -typedef nss_status_t NSS_STATUS; - -#define NSS_STATUS_SUCCESS NSS_SUCCESS -#define NSS_STATUS_NOTFOUND NSS_NOTFOUND -#define NSS_STATUS_UNAVAIL NSS_UNAVAIL -#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN -#endif /* HPUX */ - -#else /* Nothing's defined. Neither gnu nor sun nor hp */ - -typedef enum -{ - NSS_STATUS_SUCCESS=0, - NSS_STATUS_NOTFOUND=1, - NSS_STATUS_UNAVAIL=2, - NSS_STATUS_TRYAGAIN=3 -} NSS_STATUS; - -#endif - -#endif /* _NSSWITCH_NSS_H */ diff --git a/source4/nsswitch/pam_winbind.c b/source4/nsswitch/pam_winbind.c deleted file mode 100644 index 123f670366..0000000000 --- a/source4/nsswitch/pam_winbind.c +++ /dev/null @@ -1,754 +0,0 @@ -/* pam_winbind module - - Copyright Andrew Tridgell 2000 - Copyright Tim Potter 2000 - Copyright Andrew Bartlett 2002 - - largely based on pam_userdb by Christian Gafton - also contains large slabs of code from pam_unix by Elliot Lee - (see copyright below for full details) -*/ - -#include "pam_winbind.h" - -/* data tokens */ - -#define MAX_PASSWD_TRIES 3 - -/* some syslogging */ -static void _pam_log(int err, const char *format, ...) -{ - va_list args; - - va_start(args, format); - openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); -} - -static int _pam_parse(int argc, const char **argv) -{ - int ctrl; - /* step through arguments */ - for (ctrl = 0; argc-- > 0; ++argv) { - - /* generic options */ - - if (!strcmp(*argv,"debug")) - ctrl |= WINBIND_DEBUG_ARG; - else if (!strcasecmp(*argv, "use_authtok")) - ctrl |= WINBIND_USE_AUTHTOK_ARG; - else if (!strcasecmp(*argv, "use_first_pass")) - ctrl |= WINBIND_USE_FIRST_PASS_ARG; - else if (!strcasecmp(*argv, "try_first_pass")) - ctrl |= WINBIND_TRY_FIRST_PASS_ARG; - else if (!strcasecmp(*argv, "unknown_ok")) - ctrl |= WINBIND_UNKNOWN_OK_ARG; - else { - _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv); - } - } - - return ctrl; -} - -/* --- authentication management functions --- */ - -/* Attempt a conversation */ - -static int converse(pam_handle_t *pamh, int nargs, - struct pam_message **message, - struct pam_response **response) -{ - int retval; - struct pam_conv *conv; - - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv ) ; - if (retval == PAM_SUCCESS) { - retval = conv->conv(nargs, (const struct pam_message **)message, - response, conv->appdata_ptr); - } - - return retval; /* propagate error status */ -} - - -static int _make_remark(pam_handle_t * pamh, int type, const char *text) -{ - int retval = PAM_SUCCESS; - - struct pam_message *pmsg[1], msg[1]; - struct pam_response *resp; - - pmsg[0] = &msg[0]; - msg[0].msg = text; - msg[0].msg_style = type; - - resp = NULL; - retval = converse(pamh, 1, pmsg, &resp); - - if (resp) { - _pam_drop_reply(resp, 1); - } - return retval; -} - -static int pam_winbind_request(enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - - /* Fill in request and send down pipe */ - init_request(request, req_type); - - if (write_sock(request, sizeof(*request)) == -1) { - _pam_log(LOG_ERR, "write to socket failed!"); - close_sock(); - return PAM_SERVICE_ERR; - } - - /* Wait for reply */ - if (read_reply(response) == -1) { - _pam_log(LOG_ERR, "read from socket failed!"); - close_sock(); - return PAM_SERVICE_ERR; - } - - /* We are done with the socket - close it and avoid mischeif */ - close_sock(); - - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - if (response->data.auth.pam_error != PAM_SUCCESS) { - _pam_log(LOG_ERR, "request failed: %s, PAM error was %d, NT error was %s", - response->data.auth.error_string, - response->data.auth.pam_error, - response->data.auth.nt_status_string); - return response->data.auth.pam_error; - } else { - _pam_log(LOG_ERR, "request failed, but PAM error 0!"); - return PAM_SERVICE_ERR; - } - } - - return PAM_SUCCESS; -} - -static int pam_winbind_request_log(enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response, - int ctrl, - const char *user) -{ - int retval; - - retval = pam_winbind_request(req_type, request, response); - - switch (retval) { - case PAM_AUTH_ERR: - /* incorrect password */ - _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", user); - return retval; - case PAM_ACCT_EXPIRED: - /* account expired */ - _pam_log(LOG_WARNING, "user `%s' account expired", user); - return retval; - case PAM_AUTHTOK_EXPIRED: - /* password expired */ - _pam_log(LOG_WARNING, "user `%s' password expired", user); - return retval; - case PAM_NEW_AUTHTOK_REQD: - /* password expired */ - _pam_log(LOG_WARNING, "user `%s' new password required", user); - return retval; - case PAM_USER_UNKNOWN: - /* the user does not exist */ - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_NOTICE, "user `%s' not found", - user); - if (ctrl & WINBIND_UNKNOWN_OK_ARG) { - return PAM_IGNORE; - } - return retval; - case PAM_SUCCESS: - if (req_type == WINBINDD_PAM_AUTH) { - /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' granted acces", user); - } else if (req_type == WINBINDD_PAM_CHAUTHTOK) { - /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' password changed", user); - } else { - /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' OK", user); - } - return retval; - default: - /* we don't know anything about this return value */ - _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'", - retval, user); - return retval; - } -} - -/* talk to winbindd */ -static int winbind_auth_request(const char *user, const char *pass, int ctrl) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - - strncpy(request.data.auth.user, user, - sizeof(request.data.auth.user)-1); - - strncpy(request.data.auth.pass, pass, - sizeof(request.data.auth.pass)-1); - - - return pam_winbind_request_log(WINBINDD_PAM_AUTH, &request, &response, ctrl, user); -} - -/* talk to winbindd */ -static int winbind_chauthtok_request(const char *user, const char *oldpass, - const char *newpass, int ctrl) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - - if (request.data.chauthtok.user == NULL) return -2; - - strncpy(request.data.chauthtok.user, user, - sizeof(request.data.chauthtok.user) - 1); - - if (oldpass != NULL) { - strncpy(request.data.chauthtok.oldpass, oldpass, - sizeof(request.data.chauthtok.oldpass) - 1); - } else { - request.data.chauthtok.oldpass[0] = '\0'; - } - - if (newpass != NULL) { - strncpy(request.data.chauthtok.newpass, newpass, - sizeof(request.data.chauthtok.newpass) - 1); - } else { - request.data.chauthtok.newpass[0] = '\0'; - } - - return pam_winbind_request_log(WINBINDD_PAM_CHAUTHTOK, &request, &response, ctrl, user); -} - -/* - * Checks if a user has an account - * - * return values: - * 1 = User not found - * 0 = OK - * -1 = System error - */ -static int valid_user(const char *user) -{ - if (getpwnam(user)) return 0; - return 1; -} - -static char *_pam_delete(register char *xx) -{ - _pam_overwrite(xx); - _pam_drop(xx); - return NULL; -} - -/* - * obtain a password from the user - */ - -static int _winbind_read_password(pam_handle_t * pamh - ,unsigned int ctrl - ,const char *comment - ,const char *prompt1 - ,const char *prompt2 - ,const char **pass) -{ - int authtok_flag; - int retval; - const char *item; - char *token; - - /* - * make sure nothing inappropriate gets returned - */ - - *pass = token = NULL; - - /* - * which authentication token are we getting? - */ - - authtok_flag = on(WINBIND__OLD_PASSWORD, ctrl) ? PAM_OLDAUTHTOK : PAM_AUTHTOK; - - /* - * should we obtain the password from a PAM item ? - */ - - if (on(WINBIND_TRY_FIRST_PASS_ARG, ctrl) || on(WINBIND_USE_FIRST_PASS_ARG, ctrl)) { - retval = pam_get_item(pamh, authtok_flag, (const void **) &item); - if (retval != PAM_SUCCESS) { - /* very strange. */ - _pam_log(LOG_ALERT, - "pam_get_item returned error to unix-read-password" - ); - return retval; - } else if (item != NULL) { /* we have a password! */ - *pass = item; - item = NULL; - return PAM_SUCCESS; - } else if (on(WINBIND_USE_FIRST_PASS_ARG, ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ - } else if (on(WINBIND_USE_AUTHTOK_ARG, ctrl) - && off(WINBIND__OLD_PASSWORD, ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; - } - } - /* - * getting here implies we will have to get the password from the - * user directly. - */ - - { - struct pam_message msg[3], *pmsg[3]; - struct pam_response *resp; - int i, replies; - - /* prepare to converse */ - - if (comment != NULL) { - pmsg[0] = &msg[0]; - msg[0].msg_style = PAM_TEXT_INFO; - msg[0].msg = comment; - i = 1; - } else { - i = 0; - } - - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt1; - replies = 1; - - if (prompt2 != NULL) { - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt2; - ++replies; - } - /* so call the conversation expecting i responses */ - resp = NULL; - retval = converse(pamh, i, pmsg, &resp); - - if (resp != NULL) { - - /* interpret the response */ - - if (retval == PAM_SUCCESS) { /* a good conversation */ - - token = x_strdup(resp[i - replies].resp); - if (token != NULL) { - if (replies == 2) { - - /* verify that password entered correctly */ - if (!resp[i - 1].resp - || strcmp(token, resp[i - 1].resp)) { - _pam_delete(token); /* mistyped */ - retval = PAM_AUTHTOK_RECOVER_ERR; - _make_remark(pamh ,PAM_ERROR_MSG, MISTYPED_PASS); - } - } - } else { - _pam_log(LOG_NOTICE - ,"could not recover authentication token"); - } - - } - /* - * tidy up the conversation (resp_retcode) is ignored - * -- what is it for anyway? AGM - */ - - _pam_drop_reply(resp, i); - - } else { - retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR : retval; - } - } - - if (retval != PAM_SUCCESS) { - if (on(WINBIND_DEBUG_ARG, ctrl)) - _pam_log(LOG_DEBUG, - "unable to obtain a password"); - return retval; - } - /* 'token' is the entered password */ - - /* we store this password as an item */ - - retval = pam_set_item(pamh, authtok_flag, token); - _pam_delete(token); /* clean it up */ - if (retval != PAM_SUCCESS - || (retval = pam_get_item(pamh, authtok_flag - ,(const void **) &item)) - != PAM_SUCCESS) { - - _pam_log(LOG_CRIT, "error manipulating password"); - return retval; - - } - - *pass = item; - item = NULL; /* break link to password */ - - return PAM_SUCCESS; -} - -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - const char *username; - const char *password; - int retval = PAM_AUTH_ERR; - - /* parse arguments */ - int ctrl = _pam_parse(argc, argv); - - /* Get the username */ - retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_DEBUG,"can not get the username"); - return PAM_SERVICE_ERR; - } - - retval = _winbind_read_password(pamh, ctrl, NULL, - "Password: ", NULL, - &password); - - if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "Could not retrieve user's password"); - return PAM_AUTHTOK_ERR; - } - - if (ctrl & WINBIND_DEBUG_ARG) { - - /* Let's not give too much away in the log file */ - -#ifdef DEBUG_PASSWORD - _pam_log(LOG_INFO, "Verify user `%s' with password `%s'", - username, password); -#else - _pam_log(LOG_INFO, "Verify user `%s'", username); -#endif - } - - /* Now use the username to look up password */ - return winbind_auth_request(username, password, ctrl); -} - -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return PAM_SUCCESS; -} - -/* - * Account management. We want to verify that the account exists - * before returning PAM_SUCCESS - */ -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - const char *username; - int retval = PAM_USER_UNKNOWN; - - /* parse arguments */ - int ctrl = _pam_parse(argc, argv); - - /* Get the username */ - retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_DEBUG,"can not get the username"); - return PAM_SERVICE_ERR; - } - - /* Verify the username */ - retval = valid_user(username); - switch (retval) { - case -1: - /* some sort of system error. The log was already printed */ - return PAM_SERVICE_ERR; - case 1: - /* the user does not exist */ - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_NOTICE, "user `%s' not found", - username); - if (ctrl & WINBIND_UNKNOWN_OK_ARG) - return PAM_IGNORE; - return PAM_USER_UNKNOWN; - case 0: - /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' granted acces", username); - return PAM_SUCCESS; - default: - /* we don't know anything about this return value */ - _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'", - retval, username); - return PAM_SERVICE_ERR; - } - - /* should not be reached */ - return PAM_IGNORE; -} -PAM_EXTERN -int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - /* parse arguments */ - int ctrl = _pam_parse(argc, argv); - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_DEBUG,"libpam_winbind:pam_sm_open_session handler"); - return PAM_SUCCESS; -} -PAM_EXTERN -int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - /* parse arguments */ - int ctrl = _pam_parse(argc, argv); - if (ctrl & WINBIND_DEBUG_ARG) - _pam_log(LOG_DEBUG,"libpam_winbind:pam_sm_close_session handler"); - return PAM_SUCCESS; -} - - - -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, - int argc, const char **argv) -{ - unsigned int lctrl; - int retval; - unsigned int ctrl = _pam_parse(argc, argv); - - /* */ - const char *user; - char *pass_old, *pass_new; - /* */ - - char *Announce; - - int retry = 0; - - /* - * First get the name of a user - */ - retval = pam_get_user(pamh, &user, "Username: "); - if (retval == PAM_SUCCESS) { - if (user == NULL) { - _pam_log(LOG_ERR, "username was NULL!"); - return PAM_USER_UNKNOWN; - } - if (retval == PAM_SUCCESS && on(WINBIND_DEBUG_ARG, ctrl)) - _pam_log(LOG_DEBUG, "username [%s] obtained", - user); - } else { - if (on(WINBIND_DEBUG_ARG, ctrl)) - _pam_log(LOG_DEBUG, - "password - could not identify user"); - return retval; - } - - /* - * obtain and verify the current password (OLDAUTHTOK) for - * the user. - */ - - if (flags & PAM_PRELIM_CHECK) { - - /* instruct user what is happening */ -#define greeting "Changing password for " - Announce = (char *) malloc(sizeof(greeting) + strlen(user)); - if (Announce == NULL) { - _pam_log(LOG_CRIT, - "password - out of memory"); - return PAM_BUF_ERR; - } - (void) strcpy(Announce, greeting); - (void) strcpy(Announce + sizeof(greeting) - 1, user); -#undef greeting - - lctrl = ctrl | WINBIND__OLD_PASSWORD; - retval = _winbind_read_password(pamh, lctrl - ,Announce - ,"(current) NT password: " - ,NULL - ,(const char **) &pass_old); - free(Announce); - - if (retval != PAM_SUCCESS) { - _pam_log(LOG_NOTICE - ,"password - (old) token not obtained"); - return retval; - } - /* verify that this is the password for this user */ - - retval = winbind_auth_request(user, pass_old, ctrl); - - if (retval != PAM_ACCT_EXPIRED - && retval != PAM_AUTHTOK_EXPIRED - && retval != PAM_NEW_AUTHTOK_REQD - && retval != PAM_SUCCESS) { - pass_old = NULL; - return retval; - } - - retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); - pass_old = NULL; - if (retval != PAM_SUCCESS) { - _pam_log(LOG_CRIT, - "failed to set PAM_OLDAUTHTOK"); - } - } else if (flags & PAM_UPDATE_AUTHTOK) { - - /* - * obtain the proposed password - */ - - /* - * get the old token back. - */ - - retval = pam_get_item(pamh, PAM_OLDAUTHTOK - ,(const void **) &pass_old); - - if (retval != PAM_SUCCESS) { - _pam_log(LOG_NOTICE, "user not authenticated"); - return retval; - } - - lctrl = ctrl; - - if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) { - ctrl = WINBIND_USE_FIRST_PASS_ARG | lctrl; - } - retry = 0; - retval = PAM_AUTHTOK_ERR; - while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) { - /* - * use_authtok is to force the use of a previously entered - * password -- needed for pluggable password strength checking - */ - - retval = _winbind_read_password(pamh, lctrl - ,NULL - ,"Enter new NT password: " - ,"Retype new NT password: " - ,(const char **) &pass_new); - - if (retval != PAM_SUCCESS) { - if (on(WINBIND_DEBUG_ARG, ctrl)) { - _pam_log(LOG_ALERT - ,"password - new password not obtained"); - } - pass_old = NULL;/* tidy up */ - return retval; - } - - /* - * At this point we know who the user is and what they - * propose as their new password. Verify that the new - * password is acceptable. - */ - - if (pass_new[0] == '\0') {/* "\0" password = NULL */ - pass_new = NULL; - } - } - - /* - * By reaching here we have approved the passwords and must now - * rebuild the password database file. - */ - - retval = winbind_chauthtok_request(user, pass_old, pass_new, ctrl); - _pam_overwrite(pass_new); - _pam_overwrite(pass_old); - pass_old = pass_new = NULL; - } else { - retval = PAM_SERVICE_ERR; - } - - return retval; -} - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_winbind_modstruct = { - MODULE_NAME, - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif - -/* - * Copyright (c) Andrew Tridgell 2000 - * Copyright (c) Tim Potter 2000 - * Copyright (c) Andrew Bartlettt 2002 - * Copyright (c) Jan Rêkorajski 1999. - * Copyright (c) Andrew G. Morgan 1996-8. - * Copyright (c) Alex O. Yuriev, 1996. - * Copyright (c) Cristian Gafton 1996. - * Copyright (C) Elliot Lee 1996, Red Hat Software. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/source4/nsswitch/pam_winbind.h b/source4/nsswitch/pam_winbind.h deleted file mode 100644 index fae635d806..0000000000 --- a/source4/nsswitch/pam_winbind.h +++ /dev/null @@ -1,93 +0,0 @@ -/* pam_winbind header file - (Solaris needs some macros from Linux for common PAM code) - - Shirish Kalele 2000 -*/ - -#ifdef HAVE_FEATURES_H -#include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#define MODULE_NAME "pam_winbind" -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_PASSWORD - -#if defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) - -/* Solaris always uses dynamic pam modules */ -#define PAM_EXTERN extern -#include - -#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR -#endif - -#ifdef HAVE_SECURITY_PAM_MODULES_H -#include -#endif - -#ifdef HAVE_SECURITY__PAM_MACROS_H -#include -#else -/* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */ -#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - int reply_i; \ - \ - for (reply_i=0; reply_i size) { - result = -1; - errno = EINVAL; /* This is what getgroups() does */ - goto done; - } - - /* Copy list of groups across */ - - for (i = 0; i < result; i++) { - list[i] = groups[i]; - } - - done: - SAFE_FREE(groups); - return result; -} diff --git a/source4/nsswitch/wb_common.c b/source4/nsswitch/wb_common.c deleted file mode 100644 index 89c751a4ef..0000000000 --- a/source4/nsswitch/wb_common.c +++ /dev/null @@ -1,433 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - winbind client common code - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Tridgell 2000 - Copyright (C) Andrew Bartlett 2002 - - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include "winbind_client.h" - -/* Global variables. These are effectively the client state information */ - -int winbindd_fd = -1; /* fd for winbindd socket */ - -/* Free a response structure */ - -void free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* Initialise a request structure */ - -void init_request(struct winbindd_request *request, int request_type) -{ - request->length = sizeof(struct winbindd_request); - - request->cmd = (enum winbindd_cmd)request_type; - request->pid = getpid(); - -} - -/* Initialise a response structure */ - -void init_response(struct winbindd_response *response) -{ - /* Initialise return value */ - - response->result = WINBINDD_ERROR; -} - -/* Close established socket */ - -void close_sock(void) -{ - if (winbindd_fd != -1) { - close(winbindd_fd); - winbindd_fd = -1; - } -} - -/* Make sure socket handle isn't stdin, stdout or stderr */ -#define RECURSION_LIMIT 3 - -static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */) -{ - int new_fd; - if (fd >= 0 && fd <= 2) { -#ifdef F_DUPFD - if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { - return -1; - } - /* Parinoia */ - if (new_fd < 3) { - close(new_fd); - return -1; - } - close(fd); - return new_fd; -#else - if (limit <= 0) - return -1; - - new_fd = dup(fd); - if (new_fd == -1) - return -1; - - /* use the program stack to hold our list of FDs to close */ - new_fd = make_nonstd_fd_internals(new_fd, limit - 1); - close(fd); - return new_fd; -#endif - } - return fd; -} - -static int make_safe_fd(int fd) -{ - int result, flags; - int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); - if (new_fd == -1) { - close(fd); - return -1; - } - /* Socket should be closed on exec() */ - -#ifdef FD_CLOEXEC - result = flags = fcntl(new_fd, F_GETFD, 0); - if (flags >= 0) { - flags |= FD_CLOEXEC; - result = fcntl( new_fd, F_SETFD, flags ); - } - if (result < 0) { - close(new_fd); - return -1; - } -#endif - return new_fd; -} - -/* Connect to winbindd socket */ - -int winbind_open_pipe_sock(void) -{ -#ifdef HAVE_UNIXSOCKET - struct sockaddr_un sunaddr; - static pid_t our_pid; - struct stat st; - pstring path; - int fd; - - if (our_pid != getpid()) { - close_sock(); - our_pid = getpid(); - } - - if (winbindd_fd != -1) { - return winbindd_fd; - } - - /* Check permissions on unix socket directory */ - - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { - return -1; - } - - if (!S_ISDIR(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, "/", sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - ZERO_STRUCT(sunaddr); - sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); - - /* If socket file doesn't exist, don't bother trying to connect - with retry. This is an attempt to make the system usable when - the winbindd daemon is not running. */ - - if (lstat(path, &st) == -1) { - return -1; - } - - /* Check permissions on unix socket file */ - - if (!S_ISSOCK(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - return -1; - } - - if ((winbindd_fd = make_safe_fd( fd)) == -1) { - return winbindd_fd; - } - - if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, - sizeof(sunaddr)) == -1) { - close_sock(); - return -1; - } - - return winbindd_fd; -#else - return -1; -#endif /* HAVE_UNIXSOCKET */ -} - -/* Write data to winbindd socket */ - -int write_sock(void *buffer, int count) -{ - int result, nwritten; - - /* Open connection to winbind daemon */ - - restart: - - if (winbind_open_pipe_sock() == -1) { - return -1; - } - - /* Write data to socket */ - - nwritten = 0; - - while(nwritten < count) { - struct timeval tv; - fd_set r_fds; - - /* Catch pipe close on other end by checking if a read() - call would not block by calling select(). */ - - FD_ZERO(&r_fds); - FD_SET(winbindd_fd, &r_fds); - ZERO_STRUCT(tv); - - if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { - close_sock(); - return -1; /* Select error */ - } - - /* Write should be OK if fd not available for reading */ - - if (!FD_ISSET(winbindd_fd, &r_fds)) { - - /* Do the write */ - - result = write(winbindd_fd, - (char *)buffer + nwritten, - count - nwritten); - - if ((result == -1) || (result == 0)) { - - /* Write failed */ - - close_sock(); - return -1; - } - - nwritten += result; - - } else { - - /* Pipe has closed on remote end */ - - close_sock(); - goto restart; - } - } - - return nwritten; -} - -/* Read data from winbindd socket */ - -static int read_sock(void *buffer, int count) -{ - int result = 0, nread = 0; - - /* Read data from socket */ - - while(nread < count) { - - result = read(winbindd_fd, (char *)buffer + nread, - count - nread); - - if ((result == -1) || (result == 0)) { - - /* Read failed. I think the only useful thing we - can do here is just return -1 and fail since the - transaction has failed half way through. */ - - close_sock(); - return -1; - } - - nread += result; - } - - return result; -} - -/* Read reply */ - -int read_reply(struct winbindd_response *response) -{ - int result1, result2 = 0; - - if (!response) { - return -1; - } - - /* Read fixed length response */ - - if ((result1 = read_sock(response, sizeof(struct winbindd_response))) - == -1) { - - return -1; - } - - /* We actually send the pointer value of the extra_data field from - the server. This has no meaning in the client's address space - so we clear it out. */ - - response->extra_data = NULL; - - /* Read variable length response */ - - if (response->length > sizeof(struct winbindd_response)) { - int extra_data_len = response->length - - sizeof(struct winbindd_response); - - /* Mallocate memory for extra data */ - - if (!(response->extra_data = malloc(extra_data_len))) { - return -1; - } - - if ((result2 = read_sock(response->extra_data, extra_data_len)) - == -1) { - free_response(response); - return -1; - } - } - - /* Return total amount of data read */ - - return result1 + result2; -} - -/* - * send simple types of requests - */ - -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) -{ - struct winbindd_request lrequest; - - /* Check for our tricky environment variable */ - - if (getenv(WINBINDD_DONT_ENV)) { - return NSS_STATUS_NOTFOUND; - } - - if (!request) { - ZERO_STRUCT(lrequest); - request = &lrequest; - } - - /* Fill in request and send down pipe */ - - init_request(request, req_type); - - if (write_sock(request, sizeof(*request)) == -1) { - return NSS_STATUS_UNAVAIL; - } - - return NSS_STATUS_SUCCESS; -} - -/* - * Get results from winbindd request - */ - -NSS_STATUS winbindd_get_response(struct winbindd_response *response) -{ - struct winbindd_response lresponse; - - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - - init_response(response); - - /* Wait for reply */ - if (read_reply(response) == -1) { - return NSS_STATUS_UNAVAIL; - } - - /* Throw away extra data if client didn't request it */ - if (response == &lresponse) { - free_response(response); - } - - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - return NSS_STATUS_NOTFOUND; - } - - return NSS_STATUS_SUCCESS; -} - -/* Handle simple types of requests */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - NSS_STATUS status; - - status = winbindd_send_request(req_type, request); - if (status != NSS_STATUS_SUCCESS) - return(status); - return winbindd_get_response(response); -} diff --git a/source4/nsswitch/wbinfo.c b/source4/nsswitch/wbinfo.c deleted file mode 100644 index 68dc178bcd..0000000000 --- a/source4/nsswitch/wbinfo.c +++ /dev/null @@ -1,891 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind status program. - - Copyright (C) Tim Potter 2000-2002 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" -#include "debug.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -extern int winbindd_fd; - -static char winbind_separator(void) -{ - struct winbindd_response response; - static BOOL got_sep; - static char sep; - - if (got_sep) - return sep; - - ZERO_STRUCT(response); - - /* Send off request */ - - if (winbindd_request(WINBINDD_INFO, NULL, &response) != - NSS_STATUS_SUCCESS) { - d_printf("could not obtain winbind separator!\n"); - /* HACK: (this module should not call lp_ funtions) */ - return *lp_winbind_separator(); - } - - sep = response.data.info.winbind_separator; - got_sep = True; - - if (!sep) { - d_printf("winbind separator was NULL!\n"); - /* HACK: (this module should not call lp_ funtions) */ - sep = *lp_winbind_separator(); - } - - return sep; -} - -static const char *get_winbind_domain(void) -{ - struct winbindd_response response; - static fstring winbind_domain; - - ZERO_STRUCT(response); - - /* Send off request */ - - if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) != - NSS_STATUS_SUCCESS) { - d_printf("could not obtain winbind domain name!\n"); - - /* HACK: (this module should not call lp_ funtions) */ - return lp_workgroup(); - } - - fstrcpy(winbind_domain, response.data.domain_name); - - return winbind_domain; - -} - -/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the - form DOMAIN/user into a domain and a user */ - -static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain, - fstring user) -{ - - char *p = strchr(domuser,winbind_separator()); - - if (!p) { - fstrcpy(user, domuser); - fstrcpy(domain, get_winbind_domain()); - return True; - } - - fstrcpy(user, p+1); - fstrcpy(domain, domuser); - domain[PTR_DIFF(p, domuser)] = 0; - strupper(domain); - - return True; -} - -/* List groups a user is a member of */ - -static BOOL wbinfo_get_usergroups(char *user) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - int i; - - ZERO_STRUCT(response); - - /* Send request */ - - fstrcpy(request.data.username, user); - - result = winbindd_request(WINBINDD_GETGROUPS, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return False; - - for (i = 0; i < response.data.num_entries; i++) - d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]); - - SAFE_FREE(response.extra_data); - - return True; -} - -/* Convert NetBIOS name to IP */ - -static BOOL wbinfo_wins_byname(char *name) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - fstrcpy(request.data.winsreq, name); - - if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) != - NSS_STATUS_SUCCESS) { - return False; - } - - /* Display response */ - - printf("%s\n", response.data.winsresp); - - return True; -} - -/* Convert IP to NetBIOS name */ - -static BOOL wbinfo_wins_byip(char *ip) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - fstrcpy(request.data.winsreq, ip); - - if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) != - NSS_STATUS_SUCCESS) { - return False; - } - - /* Display response */ - - printf("%s\n", response.data.winsresp); - - return True; -} - -/* List trusted domains */ - -static BOOL wbinfo_list_domains(void) -{ - struct winbindd_response response; - fstring name; - - ZERO_STRUCT(response); - - /* Send request */ - - if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - if (response.extra_data) { - const char *extra_data = (char *)response.extra_data; - - while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); - - SAFE_FREE(response.extra_data); - } - - return True; -} - - -/* show sequence numbers */ -static BOOL wbinfo_show_sequence(void) -{ - struct winbindd_response response; - - ZERO_STRUCT(response); - - /* Send request */ - - if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - if (response.extra_data) { - char *extra_data = (char *)response.extra_data; - d_printf("%s", extra_data); - SAFE_FREE(response.extra_data); - } - - return True; -} - -/* Check trust account password */ - -static BOOL wbinfo_check_secret(void) -{ - struct winbindd_response response; - NSS_STATUS result; - - ZERO_STRUCT(response); - - result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response); - - d_printf("checking the trust secret via RPC calls %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - - if (result != NSS_STATUS_SUCCESS) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - return result == NSS_STATUS_SUCCESS; -} - -/* Convert uid to sid */ - -static BOOL wbinfo_uid_to_sid(uid_t uid) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - request.data.uid = uid; - - if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%s\n", response.data.sid.sid); - - return True; -} - -/* Convert gid to sid */ - -static BOOL wbinfo_gid_to_sid(gid_t gid) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - request.data.gid = gid; - - if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%s\n", response.data.sid.sid); - - return True; -} - -/* Convert sid to uid */ - -static BOOL wbinfo_sid_to_uid(char *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - fstrcpy(request.data.sid, sid); - - if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%d\n", (int)response.data.uid); - - return True; -} - -static BOOL wbinfo_sid_to_gid(char *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send request */ - - fstrcpy(request.data.sid, sid); - - if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%d\n", (int)response.data.gid); - - return True; -} - -/* Convert sid to string */ - -static BOOL wbinfo_lookupsid(char *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Send off request */ - - fstrcpy(request.data.sid, sid); - - if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%s%c%s %d\n", response.data.name.dom_name, - winbind_separator(), response.data.name.name, - response.data.name.type); - - return True; -} - -/* Convert string to sid */ - -static BOOL wbinfo_lookupname(char *name) -{ - struct winbindd_request request; - struct winbindd_response response; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - parse_wbinfo_domain_user(name, request.data.name.dom_name, - request.data.name.name); - - if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Display response */ - - d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type); - - return True; -} - -/* Authenticate a user with a plaintext password */ - -static BOOL wbinfo_auth(char *username) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - char *p; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - p = strchr(username, '%'); - - if (p) { - *p = 0; - fstrcpy(request.data.auth.user, username); - fstrcpy(request.data.auth.pass, p + 1); - *p = '%'; - } else - fstrcpy(request.data.auth.user, username); - - result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); - - /* Display response */ - - d_printf("plaintext password authentication %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - return result == NSS_STATUS_SUCCESS; -} - -/* Authenticate a user with a challenge/response */ - -static BOOL wbinfo_auth_crap(char *username) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - fstring name_user; - fstring name_domain; - fstring pass; - char *p; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - p = strchr(username, '%'); - - if (p) { - *p = 0; - fstrcpy(pass, p + 1); - } - - parse_wbinfo_domain_user(username, name_domain, name_user); - - fstrcpy(request.data.auth_crap.user, name_user); - - fstrcpy(request.data.auth_crap.domain, name_domain); - - generate_random_buffer(request.data.auth_crap.chal, 8, False); - - SMBencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.lm_resp); - SMBNTencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.nt_resp); - - request.data.auth_crap.lm_resp_len = 24; - request.data.auth_crap.nt_resp_len = 24; - - result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); - - /* Display response */ - - d_printf("challenge/response password authentication %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - return result == NSS_STATUS_SUCCESS; -} - -/* Print domain users */ - -static BOOL print_domain_users(void) -{ - struct winbindd_response response; - const char *extra_data; - fstring name; - - /* Send request to winbind daemon */ - - ZERO_STRUCT(response); - - if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Look through extra data */ - - if (!response.extra_data) - return False; - - extra_data = (const char *)response.extra_data; - - while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); - - SAFE_FREE(response.extra_data); - - return True; -} - -/* Print domain groups */ - -static BOOL print_domain_groups(void) -{ - struct winbindd_response response; - const char *extra_data; - fstring name; - - ZERO_STRUCT(response); - - if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) != - NSS_STATUS_SUCCESS) - return False; - - /* Look through extra data */ - - if (!response.extra_data) - return False; - - extra_data = (const char *)response.extra_data; - - while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); - - SAFE_FREE(response.extra_data); - - return True; -} - -/* Set the authorised user for winbindd access in secrets.tdb */ - -static BOOL wbinfo_set_auth_user(char *username) -{ - char *password; - fstring user, domain; - - /* Separate into user and password */ - - parse_wbinfo_domain_user(username, domain, user); - - password = strchr(user, '%'); - - if (password) { - *password = 0; - password++; - } else - password = ""; - - /* Store or remove DOMAIN\username%password in secrets.tdb */ - - secrets_init(); - - if (user[0]) { - - if (!secrets_store(SECRETS_AUTH_USER, user, - strlen(user) + 1)) { - d_fprintf(stderr, "error storing username\n"); - return False; - } - - /* We always have a domain name added by the - parse_wbinfo_domain_user() function. */ - - if (!secrets_store(SECRETS_AUTH_DOMAIN, domain, - strlen(domain) + 1)) { - d_fprintf(stderr, "error storing domain name\n"); - return False; - } - - } else { - secrets_delete(SECRETS_AUTH_USER); - secrets_delete(SECRETS_AUTH_DOMAIN); - } - - if (password[0]) { - - if (!secrets_store(SECRETS_AUTH_PASSWORD, password, - strlen(password) + 1)) { - d_fprintf(stderr, "error storing password\n"); - return False; - } - - } else - secrets_delete(SECRETS_AUTH_PASSWORD); - - return True; -} - -static void wbinfo_get_auth_user(void) -{ - char *user, *domain, *password; - - /* Lift data from secrets file */ - - secrets_init(); - - user = secrets_fetch(SECRETS_AUTH_USER, NULL); - domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); - - if (!user && !domain && !password) { - d_printf("No authorised user configured\n"); - return; - } - - /* Pretty print authorised user info */ - - d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? "\\" : "", - user, password ? "%" : "", password ? password : ""); - - SAFE_FREE(user); - SAFE_FREE(domain); - SAFE_FREE(password); -} - -static BOOL wbinfo_ping(void) -{ - NSS_STATUS result; - - result = winbindd_request(WINBINDD_PING, NULL, NULL); - - /* Display response */ - - d_printf("'ping' to winbindd %s on fd %d\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd); - - return result == NSS_STATUS_SUCCESS; -} - -/* Main program */ - -enum { - OPT_SET_AUTH_USER = 1000, - OPT_GET_AUTH_USER, - OPT_SEQUENCE -}; - -int main(int argc, char **argv) -{ - int opt; - - poptContext pc; - static char *string_arg; - static int int_arg; - BOOL got_command = False; - int result = 1; - - struct poptOption long_options[] = { - POPT_AUTOHELP - - /* longName, shortName, argInfo, argPtr, value, descrip, - argDesc */ - - { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"}, - { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" }, - { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)", "NETBIOS-NAME" }, - { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)", "IP" }, - { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" }, - { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" }, - { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" }, - { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" }, - { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, - { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, - { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, - { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, - { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" }, - { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" }, - { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, - { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, - { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL }, - { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" }, - { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version}, - { 0, 0, 0, 0 } - }; - - /* Samba client initialisation */ - - if (!lp_load(dyn_CONFIGFILE, True, False, False)) { - d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n", - dyn_CONFIGFILE, strerror(errno)); - exit(1); - } - - if (!init_names()) - return 1; - - load_interfaces(); - - /* Parse options */ - - pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); - - /* Parse command line options */ - - if (argc == 1) { - poptPrintHelp(pc, stderr, 0); - return 1; - } - - while((opt = poptGetNextOpt(pc)) != -1) { - if (got_command) { - d_fprintf(stderr, "No more than one command may be specified at once.\n"); - exit(1); - } - got_command = True; - } - - poptFreeContext(pc); - - pc = poptGetContext(NULL, argc, (const char **)argv, long_options, - POPT_CONTEXT_KEEP_FIRST); - - while((opt = poptGetNextOpt(pc)) != -1) { - switch (opt) { - case 'u': - if (!print_domain_users()) { - d_printf("Error looking up domain users\n"); - goto done; - } - break; - case 'g': - if (!print_domain_groups()) { - d_printf("Error looking up domain groups\n"); - goto done; - } - break; - case 's': - if (!wbinfo_lookupsid(string_arg)) { - d_printf("Could not lookup sid %s\n", string_arg); - goto done; - } - break; - case 'n': - if (!wbinfo_lookupname(string_arg)) { - d_printf("Could not lookup name %s\n", string_arg); - goto done; - } - break; - case 'N': - if (!wbinfo_wins_byname(string_arg)) { - d_printf("Could not lookup WINS by name %s\n", string_arg); - goto done; - } - break; - case 'I': - if (!wbinfo_wins_byip(string_arg)) { - d_printf("Could not lookup WINS by IP %s\n", string_arg); - goto done; - } - break; - case 'U': - if (!wbinfo_uid_to_sid(int_arg)) { - d_printf("Could not convert uid %d to sid\n", int_arg); - goto done; - } - break; - case 'G': - if (!wbinfo_gid_to_sid(int_arg)) { - d_printf("Could not convert gid %d to sid\n", - int_arg); - goto done; - } - break; - case 'S': - if (!wbinfo_sid_to_uid(string_arg)) { - d_printf("Could not convert sid %s to uid\n", - string_arg); - goto done; - } - break; - case 'Y': - if (!wbinfo_sid_to_gid(string_arg)) { - d_printf("Could not convert sid %s to gid\n", - string_arg); - goto done; - } - break; - case 't': - if (!wbinfo_check_secret()) { - d_printf("Could not check secret\n"); - goto done; - } - break; - case 'm': - if (!wbinfo_list_domains()) { - d_printf("Could not list trusted domains\n"); - goto done; - } - break; - case OPT_SEQUENCE: - if (!wbinfo_show_sequence()) { - d_printf("Could not show sequence numbers\n"); - goto done; - } - break; - case 'r': - if (!wbinfo_get_usergroups(string_arg)) { - d_printf("Could not get groups for user %s\n", - string_arg); - goto done; - } - break; - case 'a': { - BOOL got_error = False; - - if (!wbinfo_auth(string_arg)) { - d_printf("Could not authenticate user %s with " - "plaintext password\n", string_arg); - got_error = True; - } - - if (!wbinfo_auth_crap(string_arg)) { - d_printf("Could not authenticate user %s with " - "challenge/response\n", string_arg); - got_error = True; - } - - if (got_error) - goto done; - break; - } - case 'p': { - if (!wbinfo_ping()) { - d_printf("could not ping winbindd!\n"); - goto done; - } - break; - } - case OPT_SET_AUTH_USER: - wbinfo_set_auth_user(string_arg); - break; - case OPT_GET_AUTH_USER: - wbinfo_get_auth_user(); - break; - default: - d_fprintf(stderr, "Invalid option\n"); - poptPrintHelp(pc, stderr, 0); - goto done; - } - } - - result = 0; - - /* Exit code */ - - done: - poptFreeContext(pc); - return result; -} diff --git a/source4/nsswitch/winbind_client.h b/source4/nsswitch/winbind_client.h deleted file mode 100644 index 4de2d57cc7..0000000000 --- a/source4/nsswitch/winbind_client.h +++ /dev/null @@ -1,16 +0,0 @@ -#include "winbind_nss_config.h" -#include "winbindd_nss.h" - -void init_request(struct winbindd_request *req,int rq_type); -NSS_STATUS winbindd_send_request(int req_type, - struct winbindd_request *request); -NSS_STATUS winbindd_get_response(struct winbindd_response *response); -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); -int winbind_open_pipe_sock(void); -int write_sock(void *buffer, int count); -int read_reply(struct winbindd_response *response); -void close_sock(void); -void free_response(struct winbindd_response *response); - diff --git a/source4/nsswitch/winbind_nss.c b/source4/nsswitch/winbind_nss.c deleted file mode 100644 index 0b4c0ce1d0..0000000000 --- a/source4/nsswitch/winbind_nss.c +++ /dev/null @@ -1,1341 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Windows NT Domain nsswitch module - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include "winbind_client.h" - -#ifdef HAVE_NS_API_H -#undef VOLATILE - -#include -#endif - -#define MAX_GETPWENT_USERS 250 -#define MAX_GETGRENT_USERS 250 - -/* Prototypes from wb_common.c */ - -extern int winbindd_fd; - - -#ifdef HAVE_NS_API_H -/* IRIX version */ - -static int send_next_request(nsd_file_t *, struct winbindd_request *); -static int do_list(int state, nsd_file_t *rq); - -static nsd_file_t *current_rq = NULL; -static int current_winbind_xid = 0; -static int next_winbind_xid = 0; - -typedef struct winbind_xid { - int xid; - nsd_file_t *rq; - struct winbindd_request *request; - struct winbind_xid *next; -} winbind_xid_t; - -static winbind_xid_t *winbind_xids = (winbind_xid_t *)0; - -static int -winbind_xid_new(int xid, nsd_file_t *rq, struct winbindd_request *request) -{ - winbind_xid_t *new; - - nsd_logprintf(NSD_LOG_LOW, - "entering winbind_xid_new xid = %d rq = 0x%x, request = 0x%x\n", - xid, rq, request); - new = (winbind_xid_t *)nsd_calloc(1,sizeof(winbind_xid_t)); - if (!new) { - nsd_logprintf(NSD_LOG_RESOURCE,"winbind_xid_new: failed malloc\n"); - return NSD_ERROR; - } - - new->xid = xid; - new->rq = rq; - new->request = request; - new->next = winbind_xids; - winbind_xids = new; - - return NSD_CONTINUE; -} - -/* -** This routine will look down the xid list and return the request -** associated with an xid. We remove the record if it is found. -*/ -nsd_file_t * -winbind_xid_lookup(int xid, struct winbindd_request **requestp) -{ - winbind_xid_t **last, *dx; - nsd_file_t *result=0; - - for (last = &winbind_xids, dx = winbind_xids; dx && (dx->xid != xid); - last = &dx->next, dx = dx->next); - if (dx) { - *last = dx->next; - result = dx->rq; - *requestp = dx->request; - SAFE_FREE(dx); - } - nsd_logprintf(NSD_LOG_LOW, - "entering winbind_xid_lookup xid = %d rq = 0x%x, request = 0x%x\n", - xid, result, dx->request); - - return result; -} - -static int -winbind_startnext_timeout(nsd_file_t **rqp, nsd_times_t *to) -{ - nsd_file_t *rq; - struct winbindd_request *request; - - nsd_logprintf(NSD_LOG_MIN, "timeout (winbind startnext)\n"); - rq = to->t_file; - *rqp = rq; - nsd_timeout_remove(rq); - request = to->t_clientdata; - return(send_next_request(rq, request)); -} - -static void -dequeue_request() -{ - nsd_file_t *rq; - struct winbindd_request *request; - - /* - * Check for queued requests - */ - if (winbind_xids) { - nsd_logprintf(NSD_LOG_MIN, "timeout (winbind) unqueue xid %d\n", - current_winbind_xid); - rq = winbind_xid_lookup(current_winbind_xid++, &request); - /* cause a timeout on the queued request so we can send it */ - nsd_timeout_new(rq,1,winbind_startnext_timeout,request); - } -} - -static int -do_request(nsd_file_t *rq, struct winbindd_request *request) -{ - if (winbind_xids == NULL) { - /* - * No outstanding requests. - * Send off the request to winbindd - */ - nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) sending request\n"); - return(send_next_request(rq, request)); - } else { - /* - * Just queue it up for now - previous callout or timout - * will start it up - */ - nsd_logprintf(NSD_LOG_MIN, - "lookup (winbind): queue request xid = %d\n", - next_winbind_xid); - return(winbind_xid_new(next_winbind_xid++, rq, request)); - } -} - -static int -winbind_callback(nsd_file_t **rqp, int fd) -{ - struct winbindd_response response; - struct winbindd_pw *pw = &response.data.pw; - struct winbindd_gr *gr = &response.data.gr; - nsd_file_t *rq; - NSS_STATUS status; - fstring result; - char *members; - int i, maxlen; - - dequeue_request(); - - nsd_logprintf(NSD_LOG_MIN, "entering callback (winbind)\n"); - - rq = current_rq; - *rqp = rq; - - nsd_timeout_remove(rq); - nsd_callback_remove(fd); - - ZERO_STRUCT(response); - status = winbindd_get_response(&response); - - if (status != NSS_STATUS_SUCCESS) { - /* free any extra data area in response structure */ - free_response(&response); - nsd_logprintf(NSD_LOG_MIN, - "callback (winbind) returning not found, status = %d\n", - status); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; - } - - maxlen = sizeof(result) - 1; - - switch ((int)rq->f_cmd_data) { - case WINBINDD_WINS_BYNAME: - case WINBINDD_WINS_BYIP: - snprintf(result,maxlen,"%s\n",response.data.winsresp); - break; - case WINBINDD_GETPWUID: - case WINBINDD_GETPWNAM: - snprintf(result,maxlen,"%s:%s:%d:%d:%s:%s:%s\n", - pw->pw_name, - pw->pw_passwd, - pw->pw_uid, - pw->pw_gid, - pw->pw_gecos, - pw->pw_dir, - pw->pw_shell); - break; - case WINBINDD_GETGRNAM: - case WINBINDD_GETGRGID: - if (gr->num_gr_mem && response.extra_data) - members = response.extra_data; - else - members = ""; - snprintf(result,maxlen,"%s:%s:%d:%s\n", - gr->gr_name, gr->gr_passwd, gr->gr_gid, members); - break; - case WINBINDD_SETGRENT: - case WINBINDD_SETPWENT: - nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - SETPWENT/SETGRENT\n"); - free_response(&response); - return(do_list(1,rq)); - case WINBINDD_GETGRENT: - case WINBINDD_GETGRLST: - nsd_logprintf(NSD_LOG_MIN, - "callback (winbind) - %d GETGRENT responses\n", - response.data.num_entries); - if (response.data.num_entries) { - gr = (struct winbindd_gr *)response.extra_data; - if (! gr ) { - nsd_logprintf(NSD_LOG_MIN, " no extra_data\n"); - free_response(&response); - return NSD_ERROR; - } - members = (char *)response.extra_data + - (response.data.num_entries * sizeof(struct winbindd_gr)); - for (i = 0; i < response.data.num_entries; i++) { - snprintf(result,maxlen,"%s:%s:%d:%s\n", - gr->gr_name, gr->gr_passwd, gr->gr_gid, - &members[gr->gr_mem_ofs]); - nsd_logprintf(NSD_LOG_MIN, " GETGRENT %s\n",result); - nsd_append_element(rq,NS_SUCCESS,result,strlen(result)); - gr++; - } - } - i = response.data.num_entries; - free_response(&response); - if (i < MAX_GETPWENT_USERS) - return(do_list(2,rq)); - else - return(do_list(1,rq)); - case WINBINDD_GETPWENT: - nsd_logprintf(NSD_LOG_MIN, - "callback (winbind) - %d GETPWENT responses\n", - response.data.num_entries); - if (response.data.num_entries) { - pw = (struct winbindd_pw *)response.extra_data; - if (! pw ) { - nsd_logprintf(NSD_LOG_MIN, " no extra_data\n"); - free_response(&response); - return NSD_ERROR; - } - for (i = 0; i < response.data.num_entries; i++) { - snprintf(result,maxlen,"%s:%s:%d:%d:%s:%s:%s", - pw->pw_name, - pw->pw_passwd, - pw->pw_uid, - pw->pw_gid, - pw->pw_gecos, - pw->pw_dir, - pw->pw_shell); - nsd_logprintf(NSD_LOG_MIN, " GETPWENT %s\n",result); - nsd_append_element(rq,NS_SUCCESS,result,strlen(result)); - pw++; - } - } - i = response.data.num_entries; - free_response(&response); - if (i < MAX_GETPWENT_USERS) - return(do_list(2,rq)); - else - return(do_list(1,rq)); - case WINBINDD_ENDGRENT: - case WINBINDD_ENDPWENT: - nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - ENDPWENT/ENDGRENT\n"); - nsd_append_element(rq,NS_SUCCESS,"\n",1); - free_response(&response); - return NSD_NEXT; - default: - free_response(&response); - nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - no valid command\n"); - return NSD_NEXT; - } - nsd_logprintf(NSD_LOG_MIN, "callback (winbind) %s\n", result); - /* free any extra data area in response structure */ - free_response(&response); - nsd_set_result(rq,NS_SUCCESS,result,strlen(result),VOLATILE); - return NSD_OK; -} - -static int -winbind_timeout(nsd_file_t **rqp, nsd_times_t *to) -{ - nsd_file_t *rq; - - dequeue_request(); - - nsd_logprintf(NSD_LOG_MIN, "timeout (winbind)\n"); - - rq = to->t_file; - *rqp = rq; - - /* Remove the callback and timeout */ - nsd_callback_remove(winbindd_fd); - nsd_timeout_remove(rq); - - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; -} - -static int -send_next_request(nsd_file_t *rq, struct winbindd_request *request) -{ - NSS_STATUS status; - long timeout; - - timeout = 1000; - - nsd_logprintf(NSD_LOG_MIN, "send_next_request (winbind) %d to = %d\n", - rq->f_cmd_data, timeout); - status = winbindd_send_request((int)rq->f_cmd_data,request); - SAFE_FREE(request); - - if (status != NSS_STATUS_SUCCESS) { - nsd_logprintf(NSD_LOG_MIN, - "send_next_request (winbind) error status = %d\n",status); - rq->f_status = status; - return NSD_NEXT; - } - - current_rq = rq; - - /* - * Set up callback and timeouts - */ - nsd_logprintf(NSD_LOG_MIN, "send_next_request (winbind) fd = %d\n",winbindd_fd); - nsd_callback_new(winbindd_fd,winbind_callback,NSD_READ); - nsd_timeout_new(rq,timeout,winbind_timeout,(void *)0); - return NSD_CONTINUE; -} - -int init(void) -{ - nsd_logprintf(NSD_LOG_MIN, "entering init (winbind)\n"); - return(NSD_OK); -} - -int lookup(nsd_file_t *rq) -{ - char *map; - char *key; - struct winbindd_request *request; - - nsd_logprintf(NSD_LOG_MIN, "entering lookup (winbind)\n"); - if (! rq) - return NSD_ERROR; - - map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0); - key = nsd_attr_fetch_string(rq->f_attrs, "key", (char*)0); - if (! map || ! key) { - nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) table or key not defined\n"); - rq->f_status = NS_BADREQ; - return NSD_ERROR; - } - - nsd_logprintf(NSD_LOG_MIN, "lookup (winbind %s)\n",map); - - request = (struct winbindd_request *)nsd_calloc(1,sizeof(struct winbindd_request)); - if (! request) { - nsd_logprintf(NSD_LOG_RESOURCE, - "lookup (winbind): failed malloc\n"); - return NSD_ERROR; - } - - if (strcasecmp(map,"passwd.byuid") == 0) { - request->data.uid = atoi(key); - rq->f_cmd_data = (void *)WINBINDD_GETPWUID; - } else if (strcasecmp(map,"passwd.byname") == 0) { - strncpy(request->data.username, key, - sizeof(request->data.username) - 1); - request->data.username[sizeof(request->data.username) - 1] = '\0'; - rq->f_cmd_data = (void *)WINBINDD_GETPWNAM; - } else if (strcasecmp(map,"group.byname") == 0) { - strncpy(request->data.groupname, key, - sizeof(request->data.groupname) - 1); - request->data.groupname[sizeof(request->data.groupname) - 1] = '\0'; - rq->f_cmd_data = (void *)WINBINDD_GETGRNAM; - } else if (strcasecmp(map,"group.bygid") == 0) { - request->data.gid = atoi(key); - rq->f_cmd_data = (void *)WINBINDD_GETGRGID; - } else if (strcasecmp(map,"hosts.byname") == 0) { - strncpy(request->data.winsreq, key, sizeof(request->data.winsreq) - 1); - request->data.winsreq[sizeof(request->data.winsreq) - 1] = '\0'; - rq->f_cmd_data = (void *)WINBINDD_WINS_BYNAME; - } else if (strcasecmp(map,"hosts.byaddr") == 0) { - strncpy(request->data.winsreq, key, sizeof(request->data.winsreq) - 1); - request->data.winsreq[sizeof(request->data.winsreq) - 1] = '\0'; - rq->f_cmd_data = (void *)WINBINDD_WINS_BYIP; - } else { - /* - * Don't understand this map - just return not found - */ - nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) unknown table\n"); - SAFE_FREE(request); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; - } - - return(do_request(rq, request)); -} - -int list(nsd_file_t *rq) -{ - char *map; - - nsd_logprintf(NSD_LOG_MIN, "entering list (winbind)\n"); - if (! rq) - return NSD_ERROR; - - map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0); - if (! map ) { - nsd_logprintf(NSD_LOG_MIN, "list (winbind) table not defined\n"); - rq->f_status = NS_BADREQ; - return NSD_ERROR; - } - - nsd_logprintf(NSD_LOG_MIN, "list (winbind %s)\n",map); - - return (do_list(0,rq)); -} - -static int -do_list(int state, nsd_file_t *rq) -{ - char *map; - struct winbindd_request *request; - - nsd_logprintf(NSD_LOG_MIN, "entering do_list (winbind) state = %d\n",state); - - map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0); - request = (struct winbindd_request *)nsd_calloc(1,sizeof(struct winbindd_request)); - if (! request) { - nsd_logprintf(NSD_LOG_RESOURCE, - "do_list (winbind): failed malloc\n"); - return NSD_ERROR; - } - - if (strcasecmp(map,"passwd.byname") == 0) { - switch (state) { - case 0: - rq->f_cmd_data = (void *)WINBINDD_SETPWENT; - break; - case 1: - request->data.num_entries = MAX_GETPWENT_USERS; - rq->f_cmd_data = (void *)WINBINDD_GETPWENT; - break; - case 2: - rq->f_cmd_data = (void *)WINBINDD_ENDPWENT; - break; - default: - nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown state\n"); - SAFE_FREE(request); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; - } - } else if (strcasecmp(map,"group.byname") == 0) { - switch (state) { - case 0: - rq->f_cmd_data = (void *)WINBINDD_SETGRENT; - break; - case 1: - request->data.num_entries = MAX_GETGRENT_USERS; - rq->f_cmd_data = (void *)WINBINDD_GETGRENT; - break; - case 2: - rq->f_cmd_data = (void *)WINBINDD_ENDGRENT; - break; - default: - nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown state\n"); - SAFE_FREE(request); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; - } - } else { - /* - * Don't understand this map - just return not found - */ - nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown table\n"); - SAFE_FREE(request); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; - } - - return(do_request(rq, request)); -} - -#else - -/* Allocate some space from the nss static buffer. The buffer and buflen - are the pointers passed in by the C library to the _nss_ntdom_* - functions. */ - -static char *get_static(char **buffer, int *buflen, int len) -{ - char *result; - - /* Error check. We return false if things aren't set up right, or - there isn't enough buffer space left. */ - - if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) { - return NULL; - } - - /* Return an index into the static buffer */ - - result = *buffer; - *buffer += len; - *buflen -= len; - - return result; -} - -/* I've copied the strtok() replacement function next_token() from - lib/util_str.c as I really don't want to have to link in any other - objects if I can possibly avoid it. */ - -BOOL next_token(char **ptr,char *buff,char *sep, size_t bufsize) -{ - char *s; - BOOL quoted; - size_t len=1; - - if (!ptr) return(False); - - s = *ptr; - - /* default to simple separators */ - if (!sep) sep = " \t\n\r"; - - /* find the first non sep char */ - while (*s && strchr(sep,*s)) s++; - - /* nothing left? */ - if (! *s) return(False); - - /* copy over the token */ - for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) { - if (*s == '\"') { - quoted = !quoted; - } else { - len++; - *buff++ = *s; - } - } - - *ptr = (*s) ? s+1 : s; - *buff = 0; - - return(True); -} - - -/* Fill a pwent structure from a winbindd_response structure. We use - the static data passed to us by libc to put strings and stuff in. - Return NSS_STATUS_TRYAGAIN if we run out of memory. */ - -static NSS_STATUS fill_pwent(struct passwd *result, - struct winbindd_pw *pw, - char **buffer, size_t *buflen) -{ - /* User name */ - - if ((result->pw_name = - get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->pw_name, pw->pw_name); - - /* Password */ - - if ((result->pw_passwd = - get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->pw_passwd, pw->pw_passwd); - - /* [ug]id */ - - result->pw_uid = pw->pw_uid; - result->pw_gid = pw->pw_gid; - - /* GECOS */ - - if ((result->pw_gecos = - get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->pw_gecos, pw->pw_gecos); - - /* Home directory */ - - if ((result->pw_dir = - get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->pw_dir, pw->pw_dir); - - /* Logon shell */ - - if ((result->pw_shell = - get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->pw_shell, pw->pw_shell); - - /* The struct passwd for Solaris has some extra fields which must - be initialised or nscd crashes. */ - -#if HAVE_PASSWD_PW_COMMENT - result->pw_comment = ""; -#endif - -#if HAVE_PASSWD_PW_AGE - result->pw_age = ""; -#endif - - return NSS_STATUS_SUCCESS; -} - -/* Fill a grent structure from a winbindd_response structure. We use - the static data passed to us by libc to put strings and stuff in. - Return NSS_STATUS_TRYAGAIN if we run out of memory. */ - -static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr, - char *gr_mem, char **buffer, size_t *buflen) -{ - fstring name; - int i; - char *tst; - - /* Group name */ - - if ((result->gr_name = - get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->gr_name, gr->gr_name); - - /* Password */ - - if ((result->gr_passwd = - get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy(result->gr_passwd, gr->gr_passwd); - - /* gid */ - - result->gr_gid = gr->gr_gid; - - /* Group membership */ - - if ((gr->num_gr_mem < 0) || !gr_mem) { - gr->num_gr_mem = 0; - } - - /* this next value is a pointer to a pointer so let's align it */ - - /* Calculate number of extra bytes needed to align on pointer size boundry */ - if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0) - i = sizeof(char*) - i; - - if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) * - sizeof(char *)+i))) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - result->gr_mem = (char **)(tst + i); - - if (gr->num_gr_mem == 0) { - - /* Group is empty */ - - *(result->gr_mem) = NULL; - return NSS_STATUS_SUCCESS; - } - - /* Start looking at extra data */ - - i = 0; - - while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) { - - /* Allocate space for member */ - - if (((result->gr_mem)[i] = - get_static(buffer, buflen, strlen(name) + 1)) == NULL) { - - /* Out of memory */ - - return NSS_STATUS_TRYAGAIN; - } - - strcpy((result->gr_mem)[i], name); - i++; - } - - /* Terminate list */ - - (result->gr_mem)[i] = NULL; - - return NSS_STATUS_SUCCESS; -} - -/* - * NSS user functions - */ - -static struct winbindd_response getpwent_response; - -static int ndx_pw_cache; /* Current index into pwd cache */ -static int num_pw_cache; /* Current size of pwd cache */ - -/* Rewind "file pointer" to start of ntdom password database */ - -NSS_STATUS -_nss_winbind_setpwent(void) -{ -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: setpwent\n", getpid()); -#endif - - if (num_pw_cache > 0) { - ndx_pw_cache = num_pw_cache = 0; - free_response(&getpwent_response); - } - - return winbindd_request(WINBINDD_SETPWENT, NULL, NULL); -} - -/* Close ntdom password database "file pointer" */ - -NSS_STATUS -_nss_winbind_endpwent(void) -{ -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: endpwent\n", getpid()); -#endif - - if (num_pw_cache > 0) { - ndx_pw_cache = num_pw_cache = 0; - free_response(&getpwent_response); - } - - return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL); -} - -/* Fetch the next password entry from ntdom password database */ - -NSS_STATUS -_nss_winbind_getpwent_r(struct passwd *result, char *buffer, - size_t buflen, int *errnop) -{ - NSS_STATUS ret; - struct winbindd_request request; - static int called_again; - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: getpwent\n", getpid()); -#endif - - /* Return an entry from the cache if we have one, or if we are - called again because we exceeded our static buffer. */ - - if ((ndx_pw_cache < num_pw_cache) || called_again) { - goto return_result; - } - - /* Else call winbindd to get a bunch of entries */ - - if (num_pw_cache > 0) { - free_response(&getpwent_response); - } - - ZERO_STRUCT(request); - ZERO_STRUCT(getpwent_response); - - request.data.num_entries = MAX_GETPWENT_USERS; - - ret = winbindd_request(WINBINDD_GETPWENT, &request, - &getpwent_response); - - if (ret == NSS_STATUS_SUCCESS) { - struct winbindd_pw *pw_cache; - - /* Fill cache */ - - ndx_pw_cache = 0; - num_pw_cache = getpwent_response.data.num_entries; - - /* Return a result */ - - return_result: - - pw_cache = getpwent_response.extra_data; - - /* Check data is valid */ - - if (pw_cache == NULL) { - return NSS_STATUS_NOTFOUND; - } - - ret = fill_pwent(result, &pw_cache[ndx_pw_cache], - &buffer, &buflen); - - /* Out of memory - try again */ - - if (ret == NSS_STATUS_TRYAGAIN) { - called_again = True; - *errnop = errno = ERANGE; - return ret; - } - - *errnop = errno = 0; - called_again = False; - ndx_pw_cache++; - - /* If we've finished with this lot of results free cache */ - - if (ndx_pw_cache == num_pw_cache) { - ndx_pw_cache = num_pw_cache = 0; - free_response(&getpwent_response); - } - } - - return ret; -} - -/* Return passwd struct from uid */ - -NSS_STATUS -_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, - size_t buflen, int *errnop) -{ - NSS_STATUS ret; - static struct winbindd_response response; - struct winbindd_request request; - static int keep_response=0; - - /* If our static buffer needs to be expanded we are called again */ - if (!keep_response) { - - /* Call for the first time */ - - ZERO_STRUCT(response); - ZERO_STRUCT(request); - - request.data.uid = uid; - - ret = winbindd_request(WINBINDD_GETPWUID, &request, &response); - - if (ret == NSS_STATUS_SUCCESS) { - ret = fill_pwent(result, &response.data.pw, - &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - } - - } else { - - /* We've been called again */ - - ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - - keep_response = False; - *errnop = errno = 0; - } - - free_response(&response); - return ret; -} - -/* Return passwd struct from username */ - -NSS_STATUS -_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer, - size_t buflen, int *errnop) -{ - NSS_STATUS ret; - static struct winbindd_response response; - struct winbindd_request request; - static int keep_response; - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name); -#endif - - /* If our static buffer needs to be expanded we are called again */ - - if (!keep_response) { - - /* Call for the first time */ - - ZERO_STRUCT(response); - ZERO_STRUCT(request); - - strncpy(request.data.username, name, - sizeof(request.data.username) - 1); - request.data.username - [sizeof(request.data.username) - 1] = '\0'; - - ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response); - - if (ret == NSS_STATUS_SUCCESS) { - ret = fill_pwent(result, &response.data.pw, &buffer, - &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - } - - } else { - - /* We've been called again */ - - ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - - keep_response = False; - *errnop = errno = 0; - } - - free_response(&response); - return ret; -} - -/* - * NSS group functions - */ - -static struct winbindd_response getgrent_response; - -static int ndx_gr_cache; /* Current index into grp cache */ -static int num_gr_cache; /* Current size of grp cache */ - -/* Rewind "file pointer" to start of ntdom group database */ - -NSS_STATUS -_nss_winbind_setgrent(void) -{ -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: setgrent\n", getpid()); -#endif - - if (num_gr_cache > 0) { - ndx_gr_cache = num_gr_cache = 0; - free_response(&getgrent_response); - } - - return winbindd_request(WINBINDD_SETGRENT, NULL, NULL); -} - -/* Close "file pointer" for ntdom group database */ - -NSS_STATUS -_nss_winbind_endgrent(void) -{ -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: endgrent\n", getpid()); -#endif - - if (num_gr_cache > 0) { - ndx_gr_cache = num_gr_cache = 0; - free_response(&getgrent_response); - } - - return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL); -} - -/* Get next entry from ntdom group database */ - -static NSS_STATUS -winbind_getgrent(enum winbindd_cmd cmd, - struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - NSS_STATUS ret; - static struct winbindd_request request; - static int called_again; - - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: getgrent\n", getpid()); -#endif - - /* Return an entry from the cache if we have one, or if we are - called again because we exceeded our static buffer. */ - - if ((ndx_gr_cache < num_gr_cache) || called_again) { - goto return_result; - } - - /* Else call winbindd to get a bunch of entries */ - - if (num_gr_cache > 0) { - free_response(&getgrent_response); - } - - ZERO_STRUCT(request); - ZERO_STRUCT(getgrent_response); - - request.data.num_entries = MAX_GETGRENT_USERS; - - ret = winbindd_request(cmd, &request, - &getgrent_response); - - if (ret == NSS_STATUS_SUCCESS) { - struct winbindd_gr *gr_cache; - int mem_ofs; - - /* Fill cache */ - - ndx_gr_cache = 0; - num_gr_cache = getgrent_response.data.num_entries; - - /* Return a result */ - - return_result: - - gr_cache = getgrent_response.extra_data; - - /* Check data is valid */ - - if (gr_cache == NULL) { - return NSS_STATUS_NOTFOUND; - } - - /* Fill group membership. The offset into the extra data - for the group membership is the reported offset plus the - size of all the winbindd_gr records returned. */ - - mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs + - num_gr_cache * sizeof(struct winbindd_gr); - - ret = fill_grent(result, &gr_cache[ndx_gr_cache], - ((char *)getgrent_response.extra_data)+mem_ofs, - &buffer, &buflen); - - /* Out of memory - try again */ - - if (ret == NSS_STATUS_TRYAGAIN) { - called_again = True; - *errnop = errno = ERANGE; - return ret; - } - - *errnop = 0; - called_again = False; - ndx_gr_cache++; - - /* If we've finished with this lot of results free cache */ - - if (ndx_gr_cache == num_gr_cache) { - ndx_gr_cache = num_gr_cache = 0; - free_response(&getgrent_response); - } - } - - return ret; -} - - -NSS_STATUS -_nss_winbind_getgrent_r(struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop); -} - -NSS_STATUS -_nss_winbind_getgrlst_r(struct group *result, - char *buffer, size_t buflen, int *errnop) -{ - return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop); -} - -/* Return group struct from group name */ - -NSS_STATUS -_nss_winbind_getgrnam_r(const char *name, - struct group *result, char *buffer, - size_t buflen, int *errnop) -{ - NSS_STATUS ret; - static struct winbindd_response response; - struct winbindd_request request; - static int keep_response; - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name); -#endif - - /* If our static buffer needs to be expanded we are called again */ - - if (!keep_response) { - - /* Call for the first time */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - strncpy(request.data.groupname, name, - sizeof(request.data.groupname)); - request.data.groupname - [sizeof(request.data.groupname) - 1] = '\0'; - - ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response); - - if (ret == NSS_STATUS_SUCCESS) { - ret = fill_grent(result, &response.data.gr, - response.extra_data, - &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - } - - } else { - - /* We've been called again */ - - ret = fill_grent(result, &response.data.gr, - response.extra_data, &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - - keep_response = False; - *errnop = 0; - } - - free_response(&response); - return ret; -} - -/* Return group struct from gid */ - -NSS_STATUS -_nss_winbind_getgrgid_r(gid_t gid, - struct group *result, char *buffer, - size_t buflen, int *errnop) -{ - NSS_STATUS ret; - static struct winbindd_response response; - struct winbindd_request request; - static int keep_response; - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid); -#endif - - /* If our static buffer needs to be expanded we are called again */ - - if (!keep_response) { - - /* Call for the first time */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - request.data.gid = gid; - - ret = winbindd_request(WINBINDD_GETGRGID, &request, &response); - - if (ret == NSS_STATUS_SUCCESS) { - - ret = fill_grent(result, &response.data.gr, - response.extra_data, - &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - } - - } else { - - /* We've been called again */ - - ret = fill_grent(result, &response.data.gr, - response.extra_data, &buffer, &buflen); - - if (ret == NSS_STATUS_TRYAGAIN) { - keep_response = True; - *errnop = errno = ERANGE; - return ret; - } - - keep_response = False; - *errnop = 0; - } - - free_response(&response); - return ret; -} - -/* Initialise supplementary groups */ - -NSS_STATUS -_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, - long int *size, gid_t **groups, long int limit, - int *errnop) -{ - NSS_STATUS ret; - struct winbindd_request request; - struct winbindd_response response; - int i; - -#ifdef DEBUG_NSS - fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(), - user, group); -#endif - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - strncpy(request.data.username, user, - sizeof(request.data.username) - 1); - - ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response); - - if (ret == NSS_STATUS_SUCCESS) { - int num_gids = response.data.num_entries; - gid_t *gid_list = (gid_t *)response.extra_data; - - /* Copy group list to client */ - - for (i = 0; i < num_gids; i++) { - - /* Skip primary group */ - - if (gid_list[i] == group) continue; - - /* Add to buffer */ - - if (*start == *size && limit <= 0) { - (*groups) = realloc( - (*groups), (2 * (*size) + 1) * sizeof(**groups)); - if (! *groups) goto done; - *size = 2 * (*size) + 1; - } - - if (*start == *size) goto done; - - (*groups)[*start] = gid_list[i]; - *start += 1; - - /* Filled buffer? */ - - if (*start == limit) goto done; - } - } - - /* Back to your regularly scheduled programming */ - - done: - return ret; -} - -#endif diff --git a/source4/nsswitch/winbind_nss_config.h b/source4/nsswitch/winbind_nss_config.h deleted file mode 100644 index 2faaa30d1b..0000000000 --- a/source4/nsswitch/winbind_nss_config.h +++ /dev/null @@ -1,165 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifndef _WINBIND_NSS_CONFIG_H -#define _WINBIND_NSS_CONFIG_H - -/* Include header files from data in config.h file */ - -#ifndef NO_CONFIG_H -#include -#endif - -#include - -#ifdef HAVE_STDLIB_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifdef HAVE_SYS_SELECT_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_UNIXSOCKET -#include -#endif - -#ifdef HAVE_SYS_TIME_H -#include -#endif - -#ifdef HAVE_GRP_H -#include -#endif - -#ifdef HAVE_STRING_H -#include -#endif - -#ifdef HAVE_FCNTL_H -#include -#else -#ifdef HAVE_SYS_FCNTL_H -#include -#endif -#endif - -#include -#include -#include -#include -#include "nsswitch/nss.h" - -/* Declarations for functions in winbind_nss.c - needed in winbind_nss_solaris.c (solaris wrapper to nss) */ - -NSS_STATUS _nss_winbind_setpwent(void); -NSS_STATUS _nss_winbind_endpwent(void); -NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result, - char* buffer, size_t buflen, int* errnop); - -NSS_STATUS _nss_winbind_setgrent(void); -NSS_STATUS _nss_winbind_endgrent(void); -NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getgrnam_r(const char *name, - struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, - struct group *result, char *buffer, - size_t buflen, int *errnop); - -/* I'm trying really hard not to include anything from smb.h with the - result of some silly looking redeclaration of structures. */ - -#ifndef _PSTRING -#define _PSTRING -#define PSTRING_LEN 1024 -#define FSTRING_LEN 256 -typedef char pstring[PSTRING_LEN]; -typedef char fstring[FSTRING_LEN]; -#endif - -#ifndef _BOOL -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#define False (0) -#define True (1) -#define Auto (2) -typedef int BOOL; -#endif - -#if !defined(uint32) -#if (SIZEOF_INT == 4) -#define uint32 unsigned int -#elif (SIZEOF_LONG == 4) -#define uint32 unsigned long -#elif (SIZEOF_SHORT == 4) -#define uint32 unsigned short -#endif -#endif - -#if !defined(uint16) -#if (SIZEOF_SHORT == 4) -#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; -#else /* SIZEOF_SHORT != 4 */ -#define uint16 unsigned short -#endif /* SIZEOF_SHORT != 4 */ -#endif - -#ifndef uint8 -#define uint8 unsigned char -#endif - -/* zero a structure */ -#ifndef ZERO_STRUCT -#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) -#endif - -/* zero a structure given a pointer to the structure */ -#ifndef ZERO_STRUCTP -#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } -#endif - -/* Some systems (SCO) treat UNIX domain sockets as FIFOs */ - -#ifndef S_IFSOCK -#define S_IFSOCK S_IFIFO -#endif - -#ifndef S_ISSOCK -#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK) -#endif - -#endif diff --git a/source4/nsswitch/winbind_nss_solaris.c b/source4/nsswitch/winbind_nss_solaris.c deleted file mode 100644 index f3bd05b77a..0000000000 --- a/source4/nsswitch/winbind_nss_solaris.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - Solaris NSS wrapper for winbind - - Shirish Kalele 2000 - - Based on Luke Howard's ldap_nss module for Solaris - */ - -/* - Copyright (C) 1997-2003 Luke Howard. - This file is part of the nss_ldap library. - - The nss_ldap library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The nss_ldap library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the nss_ldap library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include -#include -#include -#include -#include -#include "includes.h" -#include -#if !defined(HPUX) -#include -#endif /*hpux*/ -#include "winbind_nss_config.h" - -#if defined(HAVE_NSS_COMMON_H) || defined(HPUX) - -#undef NSS_DEBUG - -#ifdef NSS_DEBUG -#define NSS_DEBUG(str) syslog(LOG_DEBUG, "nss_winbind: %s", str); -#else -#define NSS_DEBUG(str) ; -#endif - -#define NSS_ARGS(args) ((nss_XbyY_args_t *)args) - -#define make_pwent_str(dest, src) \ -{ \ - if((dest = get_static(buffer, buflen, strlen(src)+1)) == NULL) \ - { \ - *errnop = ERANGE; \ - NSS_DEBUG("ERANGE error"); \ - return NSS_STATUS_TRYAGAIN; \ - } \ - strcpy(dest, src); \ -} - -static NSS_STATUS _nss_winbind_setpwent_solwrap (nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_setpwent_solwrap"); - return _nss_winbind_setpwent(); -} - -static NSS_STATUS -_nss_winbind_endpwent_solwrap (nss_backend_t * be, void *args) -{ - NSS_DEBUG("_nss_winbind_endpwent_solwrap"); - return _nss_winbind_endpwent(); -} - -static NSS_STATUS -_nss_winbind_getpwent_solwrap (nss_backend_t* be, void *args) -{ - NSS_STATUS ret; - char* buffer = NSS_ARGS(args)->buf.buffer; - int buflen = NSS_ARGS(args)->buf.buflen; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - int* errnop = &NSS_ARGS(args)->erange; - char logmsg[80]; - - ret = _nss_winbind_getpwent_r(result, buffer, - buflen, errnop); - - if(ret == NSS_STATUS_SUCCESS) - { - snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning user: %s\n", - result->pw_name); - NSS_DEBUG(logmsg); - NSS_ARGS(args)->returnval = (void*) result; - } else { - snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning error: %d.\n",ret); - NSS_DEBUG(logmsg); - } - - return ret; -} - -static NSS_STATUS -_nss_winbind_getpwnam_solwrap (nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getpwnam_solwrap"); - - ret = _nss_winbind_getpwnam_r (NSS_ARGS(args)->key.name, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getpwuid_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getpwuid_solwrap"); - ret = _nss_winbind_getpwuid_r (NSS_ARGS(args)->key.uid, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS _nss_winbind_passwd_destr (nss_backend_t * be, void *args) -{ - SAFE_FREE(be); - NSS_DEBUG("_nss_winbind_passwd_destr"); - return NSS_STATUS_SUCCESS; -} - -static nss_backend_op_t passwd_ops[] = -{ - _nss_winbind_passwd_destr, - _nss_winbind_endpwent_solwrap, /* NSS_DBOP_ENDENT */ - _nss_winbind_setpwent_solwrap, /* NSS_DBOP_SETENT */ - _nss_winbind_getpwent_solwrap, /* NSS_DBOP_GETENT */ - _nss_winbind_getpwnam_solwrap, /* NSS_DBOP_PASSWD_BYNAME */ - _nss_winbind_getpwuid_solwrap /* NSS_DBOP_PASSWD_BYUID */ -}; - -nss_backend_t* -_nss_winbind_passwd_constr (const char* db_name, - const char* src_name, - const char* cfg_args) -{ - nss_backend_t *be; - - if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) ) - return NULL; - - be->ops = passwd_ops; - be->n_ops = sizeof(passwd_ops) / sizeof(nss_backend_op_t); - - NSS_DEBUG("Initialized nss_winbind passwd backend"); - return be; -} - -/***************************************************************** - GROUP database backend - *****************************************************************/ - -static NSS_STATUS _nss_winbind_setgrent_solwrap (nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_setgrent_solwrap"); - return _nss_winbind_setgrent(); -} - -static NSS_STATUS -_nss_winbind_endgrent_solwrap (nss_backend_t * be, void *args) -{ - NSS_DEBUG("_nss_winbind_endgrent_solwrap"); - return _nss_winbind_endgrent(); -} - -static NSS_STATUS -_nss_winbind_getgrent_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - char* buffer = NSS_ARGS(args)->buf.buffer; - int buflen = NSS_ARGS(args)->buf.buflen; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - int* errnop = &NSS_ARGS(args)->erange; - char logmsg[80]; - - ret = _nss_winbind_getgrent_r(result, buffer, - buflen, errnop); - - if(ret == NSS_STATUS_SUCCESS) - { - snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning group: %s\n", result->gr_name); - NSS_DEBUG(logmsg); - NSS_ARGS(args)->returnval = (void*) result; - } else { - snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning error: %d.\n", ret); - NSS_DEBUG(logmsg); - } - - return ret; - -} - -static NSS_STATUS -_nss_winbind_getgrnam_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getgrnam_solwrap"); - ret = _nss_winbind_getgrnam_r(NSS_ARGS(args)->key.name, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getgrgid_solwrap(nss_backend_t* be, void* args) -{ - NSS_STATUS ret; - struct group* result = (struct group*) NSS_ARGS(args)->buf.result; - - NSS_DEBUG("_nss_winbind_getgrgid_solwrap"); - ret = _nss_winbind_getgrgid_r (NSS_ARGS(args)->key.gid, - result, - NSS_ARGS(args)->buf.buffer, - NSS_ARGS(args)->buf.buflen, - &NSS_ARGS(args)->erange); - - if(ret == NSS_STATUS_SUCCESS) - NSS_ARGS(args)->returnval = (void*) result; - - return ret; -} - -static NSS_STATUS -_nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args) -{ - NSS_DEBUG("_nss_winbind_getgroupsbymember"); - return NSS_STATUS_NOTFOUND; -} - -static NSS_STATUS -_nss_winbind_group_destr (nss_backend_t* be, void* args) -{ - SAFE_FREE(be); - NSS_DEBUG("_nss_winbind_group_destr"); - return NSS_STATUS_SUCCESS; -} - -static nss_backend_op_t group_ops[] = -{ - _nss_winbind_group_destr, - _nss_winbind_endgrent_solwrap, - _nss_winbind_setgrent_solwrap, - _nss_winbind_getgrent_solwrap, - _nss_winbind_getgrnam_solwrap, - _nss_winbind_getgrgid_solwrap, - _nss_winbind_getgroupsbymember_solwrap -}; - -nss_backend_t* -_nss_winbind_group_constr (const char* db_name, - const char* src_name, - const char* cfg_args) -{ - nss_backend_t* be; - - if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) ) - return NULL; - - be->ops = group_ops; - be->n_ops = sizeof(group_ops) / sizeof(nss_backend_op_t); - - NSS_DEBUG("Initialized nss_winbind group backend"); - return be; -} - -#endif /* SUN_NSS */ - - diff --git a/source4/nsswitch/winbindd.c b/source4/nsswitch/winbindd.c deleted file mode 100644 index 23394f5e8c..0000000000 --- a/source4/nsswitch/winbindd.c +++ /dev/null @@ -1,951 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) by Tim Potter 2000-2002 - Copyright (C) Andrew Tridgell 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -BOOL opt_nocache = False; -BOOL opt_dual_daemon = False; - -/* Reload configuration */ - -static BOOL reload_services_file(BOOL test) -{ - BOOL ret; - pstring logfile; - - if (lp_loaded()) { - pstring fname; - - pstrcpy(fname,lp_configfile()); - if (file_exist(fname,NULL) && !strcsequal(fname,dyn_CONFIGFILE)) { - pstrcpy(dyn_CONFIGFILE,fname); - test = False; - } - } - - snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE); - lp_set_logfile(logfile); - - reopen_logs(); - ret = lp_load(dyn_CONFIGFILE,False,False,True); - - snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE); - lp_set_logfile(logfile); - - reopen_logs(); - load_interfaces(); - - return(ret); -} - -/******************************************************************* - Print out all talloc memory info. -********************************************************************/ - -void return_all_talloc_info(int msg_type, pid_t src_pid, void *buf, size_t len) -{ - TALLOC_CTX *ctx = talloc_init("info context"); - char *info = NULL; - - if (!ctx) - return; - - info = talloc_describe_all(ctx); - if (info) - DEBUG(10,(info)); - message_send_pid(src_pid, MSG_TALLOC_USAGE, info, info ? strlen(info) + 1: 0, True); - talloc_destroy(ctx); -} - -#if DUMP_CORE - -/**************************************************************************** ** - Prepare to dump a core file - carefully! - **************************************************************************** */ - -static BOOL dump_core(void) -{ - char *p; - pstring dname; - pstrcpy( dname, lp_logfile() ); - if ((p=strrchr(dname,'/'))) - *p=0; - pstrcat( dname, "/corefiles" ); - mkdir( dname, 0700 ); - sys_chown( dname, getuid(), getgid() ); - chmod( dname, 0700 ); - if ( chdir(dname) ) - return( False ); - umask( ~(0700) ); - -#ifdef HAVE_GETRLIMIT -#ifdef RLIMIT_CORE - { - struct rlimit rlp; - getrlimit( RLIMIT_CORE, &rlp ); - rlp.rlim_cur = MAX( 4*1024*1024, rlp.rlim_cur ); - setrlimit( RLIMIT_CORE, &rlp ); - getrlimit( RLIMIT_CORE, &rlp ); - DEBUG( 3, ( "Core limits now %d %d\n", (int)rlp.rlim_cur, (int)rlp.rlim_max ) ); - } -#endif -#endif - - DEBUG(0,("Dumping core in %s\n",dname)); - abort(); - return( True ); -} /* dump_core */ -#endif - -/**************************************************************************** ** - Handle a fault.. - **************************************************************************** */ - -static void fault_quit(void) -{ -#if DUMP_CORE - dump_core(); -#endif -} - -static void winbindd_status(void) -{ - struct winbindd_cli_state *tmp; - - DEBUG(0, ("winbindd status:\n")); - - /* Print client state information */ - - DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients())); - - if (DEBUGLEVEL >= 2 && winbindd_num_clients()) { - DEBUG(2, ("\tclient list:\n")); - for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) { - DEBUG(2, ("\t\tpid %d, sock %d, rbl %d, wbl %d\n", - tmp->pid, tmp->sock, tmp->read_buf_len, - tmp->write_buf_len)); - } - } -} - -/* Print winbindd status to log file */ - -static void print_winbindd_status(void) -{ - winbindd_status(); - winbindd_idmap_status(); - winbindd_cm_status(); -} - -/* Flush client cache */ - -static void flush_caches(void) -{ - /* Clear cached user and group enumation info */ - wcache_flush_cache(); -} - -/* Handle the signal by unlinking socket and exiting */ - -static void terminate(void) -{ - pstring path; - - winbindd_idmap_close(); - - /* Remove socket file */ - snprintf(path, sizeof(path), "%s/%s", - WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME); - unlink(path); - exit(0); -} - -static BOOL do_sigterm; - -static void termination_handler(int signum) -{ - do_sigterm = True; - sys_select_signal(); -} - -static BOOL do_sigusr2; - -static void sigusr2_handler(int signum) -{ - do_sigusr2 = True; - sys_select_signal(); -} - -static BOOL do_sighup; - -static void sighup_handler(int signum) -{ - do_sighup = True; - sys_select_signal(); -} - -struct dispatch_table { - enum winbindd_cmd cmd; - enum winbindd_result (*fn)(struct winbindd_cli_state *state); - const char *winbindd_cmd_name; -}; - -static struct dispatch_table dispatch_table[] = { - - /* User functions */ - - { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" }, - { WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" }, - - { WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" }, - { WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" }, - { WINBINDD_GETPWENT, winbindd_getpwent, "GETPWENT" }, - - { WINBINDD_GETGROUPS, winbindd_getgroups, "GETGROUPS" }, - - /* Group functions */ - - { WINBINDD_GETGRNAM, winbindd_getgrnam, "GETGRNAM" }, - { WINBINDD_GETGRGID, winbindd_getgrgid, "GETGRGID" }, - { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" }, - { WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" }, - { WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" }, - { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" }, - - /* PAM auth functions */ - - { WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" }, - { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" }, - { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" }, - - /* Enumeration functions */ - - { WINBINDD_LIST_USERS, winbindd_list_users, "LIST_USERS" }, - { WINBINDD_LIST_GROUPS, winbindd_list_groups, "LIST_GROUPS" }, - { WINBINDD_LIST_TRUSTDOM, winbindd_list_trusted_domains, "LIST_TRUSTDOM" }, - { WINBINDD_SHOW_SEQUENCE, winbindd_show_sequence, "SHOW_SEQUENCE" }, - - /* SID related functions */ - - { WINBINDD_LOOKUPSID, winbindd_lookupsid, "LOOKUPSID" }, - { WINBINDD_LOOKUPNAME, winbindd_lookupname, "LOOKUPNAME" }, - - /* Lookup related functions */ - - { WINBINDD_SID_TO_UID, winbindd_sid_to_uid, "SID_TO_UID" }, - { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" }, - { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" }, - { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" }, - - /* Miscellaneous */ - - { WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" }, - { WINBINDD_PING, winbindd_ping, "PING" }, - { WINBINDD_INFO, winbindd_info, "INFO" }, - { WINBINDD_INTERFACE_VERSION, winbindd_interface_version, "INTERFACE_VERSION" }, - { WINBINDD_DOMAIN_NAME, winbindd_domain_name, "DOMAIN_NAME" }, - { WINBINDD_NETBIOS_NAME, winbindd_netbios_name, "NETBIOS_NAME" }, - - /* WINS functions */ - - { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" }, - { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" }, - - /* End of list */ - - { WINBINDD_NUM_CMDS, NULL, "NONE" } -}; - -static void process_request(struct winbindd_cli_state *state) -{ - struct dispatch_table *table = dispatch_table; - - /* Free response data - we may be interrupted and receive another - command before being able to send this data off. */ - - SAFE_FREE(state->response.extra_data); - - ZERO_STRUCT(state->response); - - state->response.result = WINBINDD_ERROR; - state->response.length = sizeof(struct winbindd_response); - - /* Process command */ - - for (table = dispatch_table; table->fn; table++) { - if (state->request.cmd == table->cmd) { - DEBUG(10,("process_request: request fn %s\n", table->winbindd_cmd_name )); - state->response.result = table->fn(state); - break; - } - } - - if (!table->fn) - DEBUG(10,("process_request: unknown request fn number %d\n", (int)state->request.cmd )); - - /* In case extra data pointer is NULL */ - - if (!state->response.extra_data) - state->response.length = sizeof(struct winbindd_response); -} - -/* Process a new connection by adding it to the client connection list */ - -static void new_connection(int listen_sock) -{ - struct sockaddr_un sunaddr; - struct winbindd_cli_state *state; - socklen_t len; - int sock; - - /* Accept connection */ - - len = sizeof(sunaddr); - - do { - sock = accept(listen_sock, (struct sockaddr *)&sunaddr, &len); - } while (sock == -1 && errno == EINTR); - - if (sock == -1) - return; - - DEBUG(6,("accepted socket %d\n", sock)); - - /* Create new connection structure */ - - if ((state = (struct winbindd_cli_state *) - malloc(sizeof(*state))) == NULL) - return; - - ZERO_STRUCTP(state); - state->sock = sock; - - state->last_access = time(NULL); - - /* Add to connection list */ - - winbindd_add_client(state); -} - -/* Remove a client connection from client connection list */ - -static void remove_client(struct winbindd_cli_state *state) -{ - /* It's a dead client - hold a funeral */ - - if (state != NULL) { - - /* Close socket */ - - close(state->sock); - - /* Free any getent state */ - - free_getent_state(state->getpwent_state); - free_getent_state(state->getgrent_state); - - /* We may have some extra data that was not freed if the - client was killed unexpectedly */ - - SAFE_FREE(state->response.extra_data); - - /* Remove from list and free */ - - winbindd_remove_client(state); - SAFE_FREE(state); - } -} - - -/* Shutdown client connection which has been idle for the longest time */ - -static BOOL remove_idle_client(void) -{ - struct winbindd_cli_state *state, *remove_state = NULL; - time_t last_access = 0; - int nidle = 0; - - for (state = winbindd_client_list(); state; state = state->next) { - if (state->read_buf_len == 0 && state->write_buf_len == 0 && - !state->getpwent_state && !state->getgrent_state) { - nidle++; - if (!last_access || state->last_access < last_access) { - last_access = state->last_access; - remove_state = state; - } - } - } - - if (remove_state) { - DEBUG(5,("Found %d idle client connections, shutting down sock %d, pid %u\n", - nidle, remove_state->sock, (unsigned int)remove_state->pid)); - remove_client(remove_state); - return True; - } - - return False; -} - -/* Process a complete received packet from a client */ - -void winbind_process_packet(struct winbindd_cli_state *state) -{ - /* Process request */ - - /* Ensure null termination of entire request */ - state->request.null_term = '\0'; - - state->pid = state->request.pid; - - process_request(state); - - /* Update client state */ - - state->read_buf_len = 0; - state->write_buf_len = sizeof(struct winbindd_response); - - /* we might need to send it to the dual daemon */ - if (opt_dual_daemon) { - dual_send_request(state); - } -} - -/* Read some data from a client connection */ - -void winbind_client_read(struct winbindd_cli_state *state) -{ - int n; - - /* Read data */ - - n = sys_read(state->sock, state->read_buf_len + - (char *)&state->request, - sizeof(state->request) - state->read_buf_len); - - DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); - - /* Read failed, kill client */ - - if (n == -1 || n == 0) { - DEBUG(5,("read failed on sock %d, pid %d: %s\n", - state->sock, state->pid, - (n == -1) ? strerror(errno) : "EOF")); - - state->finished = True; - return; - } - - /* Update client state */ - - state->read_buf_len += n; - state->last_access = time(NULL); -} - -/* Write some data to a client connection */ - -static void client_write(struct winbindd_cli_state *state) -{ - char *data; - int num_written; - - /* Write some data */ - - if (!state->write_extra_data) { - - /* Write response structure */ - - data = (char *)&state->response + sizeof(state->response) - - state->write_buf_len; - - } else { - - /* Write extra data */ - - data = (char *)state->response.extra_data + - state->response.length - - sizeof(struct winbindd_response) - - state->write_buf_len; - } - - num_written = sys_write(state->sock, data, state->write_buf_len); - - DEBUG(10,("client_write: wrote %d bytes.\n", num_written )); - - /* Write failed, kill cilent */ - - if (num_written == -1 || num_written == 0) { - - DEBUG(3,("write failed on sock %d, pid %d: %s\n", - state->sock, state->pid, - (num_written == -1) ? strerror(errno) : "EOF")); - - state->finished = True; - - SAFE_FREE(state->response.extra_data); - - return; - } - - /* Update client state */ - - state->write_buf_len -= num_written; - state->last_access = time(NULL); - - /* Have we written all data? */ - - if (state->write_buf_len == 0) { - - /* Take care of extra data */ - - if (state->write_extra_data) { - - SAFE_FREE(state->response.extra_data); - - state->write_extra_data = False; - - DEBUG(10,("client_write: client_write: complete response written.\n")); - - } else if (state->response.length > - sizeof(struct winbindd_response)) { - - /* Start writing extra data */ - - state->write_buf_len = - state->response.length - - sizeof(struct winbindd_response); - - DEBUG(10,("client_write: need to write %d extra data bytes.\n", (int)state->write_buf_len)); - - state->write_extra_data = True; - } - } -} - -/* Process incoming clients on listen_sock. We use a tricky non-blocking, - non-forking, non-threaded model which allows us to handle many - simultaneous connections while remaining impervious to many denial of - service attacks. */ - -static void process_loop(void) -{ - /* We'll be doing this a lot */ - - while (1) { - struct winbindd_cli_state *state; - fd_set r_fds, w_fds; - int maxfd, listen_sock, selret; - struct timeval timeout; - - /* Handle messages */ - - message_dispatch(); - - /* rescan the trusted domains list. This must be done - regularly to cope with transitive trusts */ - rescan_trusted_domains(False); - - /* Free up temporary memory */ - - lp_talloc_free(); - main_loop_talloc_free(); - - /* Initialise fd lists for select() */ - - listen_sock = open_winbindd_socket(); - - if (listen_sock == -1) { - perror("open_winbind_socket"); - exit(1); - } - - maxfd = listen_sock; - - FD_ZERO(&r_fds); - FD_ZERO(&w_fds); - FD_SET(listen_sock, &r_fds); - - timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; - timeout.tv_usec = 0; - - if (opt_dual_daemon) { - maxfd = dual_select_setup(&w_fds, maxfd); - } - - /* Set up client readers and writers */ - - state = winbindd_client_list(); - - while (state) { - - /* Dispose of client connection if it is marked as - finished */ - - if (state->finished) { - struct winbindd_cli_state *next = state->next; - - remove_client(state); - state = next; - continue; - } - - /* Select requires we know the highest fd used */ - - if (state->sock > maxfd) - maxfd = state->sock; - - /* Add fd for reading */ - - if (state->read_buf_len != sizeof(state->request)) - FD_SET(state->sock, &r_fds); - - /* Add fd for writing */ - - if (state->write_buf_len) - FD_SET(state->sock, &w_fds); - - state = state->next; - } - - /* Call select */ - - selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout); - - if (selret == 0) - continue; - - if ((selret == -1 && errno != EINTR) || selret == 0) { - - /* Select error, something is badly wrong */ - - perror("select"); - exit(1); - } - - /* Create a new connection if listen_sock readable */ - - if (selret > 0) { - - if (opt_dual_daemon) { - dual_select(&w_fds); - } - - if (FD_ISSET(listen_sock, &r_fds)) { - while (winbindd_num_clients() > WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { - DEBUG(5,("winbindd: Exceeding %d client connections, removing idle connection.\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - if (!remove_idle_client()) { - DEBUG(0,("winbindd: Exceeding %d client connections, no idle connection found\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - break; - } - } - new_connection(listen_sock); - } - - /* Process activity on client connections */ - - for (state = winbindd_client_list(); state; - state = state->next) { - - /* Data available for reading */ - - if (FD_ISSET(state->sock, &r_fds)) { - - /* Read data */ - - winbind_client_read(state); - - /* - * If we have the start of a - * packet, then check the - * length field to make sure - * the client's not talking - * Mock Swedish. - */ - - if (state->read_buf_len >= sizeof(uint32) - && *(uint32 *) &state->request != sizeof(state->request)) { - DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n", - state->request.pid, *(uint32 *) &state->request, sizeof(state->request))); - - remove_client(state); - break; - } - - /* A request packet might be - complete */ - - if (state->read_buf_len == - sizeof(state->request)) { - winbind_process_packet(state); - } - } - - /* Data available for writing */ - - if (FD_ISSET(state->sock, &w_fds)) - client_write(state); - } - } - -#if 0 - winbindd_check_cache_size(time(NULL)); -#endif - - /* Check signal handling things */ - - if (do_sigterm) - terminate(); - - if (do_sighup) { - - DEBUG(3, ("got SIGHUP\n")); - - /* Flush various caches */ - - flush_caches(); - reload_services_file(True); - do_sighup = False; - } - - if (do_sigusr2) { - print_winbindd_status(); - do_sigusr2 = False; - } - } -} - - -/* - these are split out from the main winbindd for use by the background daemon - */ -BOOL winbind_setup_common(void) -{ - load_interfaces(); - - if (!secrets_init()) { - - DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); - return False; - } - - namecache_enable(); /* Enable netbios namecache */ - - /* Check winbindd parameters are valid */ - - ZERO_STRUCT(server_state); - - if (!winbindd_param_init()) - return False; - - /* Winbind daemon initialisation */ - - if (!winbindd_idmap_init()) - return False; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); - - return True; -} - - -/* Main function */ - -struct winbindd_state server_state; /* Server state information */ - - -static void usage(void) -{ - printf("Usage: winbindd [options]\n"); - printf("\t-F daemon in foreground mode\n"); - printf("\t-S log to stdout\n"); - printf("\t-i interactive mode\n"); - printf("\t-B dual daemon mode\n"); - printf("\t-n disable cacheing\n"); - printf("\t-d level set debug level\n"); - printf("\t-s configfile choose smb.conf location\n"); - printf("\t-h show this help message\n"); -} - - int main(int argc, char **argv) -{ - extern BOOL AllowDebugChange; - pstring logfile; - BOOL interactive = False; - BOOL Fork = True; - BOOL log_stdout = False; - int opt; - - /* glibc (?) likes to print "User defined signal 1" and exit if a - SIGUSR[12] is received before a handler is installed */ - - CatchSignal(SIGUSR1, SIG_IGN); - CatchSignal(SIGUSR2, SIG_IGN); - - fault_setup((void (*)(void *))fault_quit ); - - snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE); - lp_set_logfile(logfile); - - /* Initialise for running in non-root mode */ - - sec_init(); - - /* Set environment variable so we don't recursively call ourselves. - This may also be useful interactively. */ - - setenv(WINBINDD_DONT_ENV, "1", 1); - - /* Initialise samba/rpc client stuff */ - - while ((opt = getopt(argc, argv, "FSid:s:nhB")) != EOF) { - switch (opt) { - - case 'F': - Fork = False; - break; - case 'S': - log_stdout = True; - break; - /* Don't become a daemon */ - case 'i': - interactive = True; - log_stdout = True; - Fork = False; - break; - - /* dual daemon system */ - case 'B': - opt_dual_daemon = True; - break; - - /* disable cacheing */ - case 'n': - opt_nocache = True; - break; - - /* Run with specified debug level */ - case 'd': - DEBUGLEVEL = atoi(optarg); - AllowDebugChange = False; - break; - - /* Load a different smb.conf file */ - case 's': - pstrcpy(dyn_CONFIGFILE,optarg); - break; - - case 'h': - usage(); - exit(0); - - default: - printf("Unknown option %c\n", (char)opt); - exit(1); - } - } - - if (log_stdout && Fork) { - printf("Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n"); - usage(); - exit(1); - } - - snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE); - lp_set_logfile(logfile); - setup_logging("winbindd", log_stdout?DEBUG_STDOUT:DEBUG_FILE); - reopen_logs(); - - DEBUG(1, ("winbindd version %s started.\n", VERSION ) ); - DEBUGADD( 1, ( "Copyright The Samba Team 2000-2001\n" ) ); - - if (!reload_services_file(False)) { - DEBUG(0, ("error opening config file\n")); - exit(1); - } - - /* Setup names. */ - - if (!init_names()) - exit(1); - - if (!interactive) { - become_daemon(Fork); - pidfile_create("winbindd"); - } - - -#if HAVE_SETPGID - /* - * If we're interactive we want to set our own process group for - * signal management. - */ - if (interactive) - setpgid( (pid_t)0, (pid_t)0); -#endif - - if (!winbind_setup_common()) { - return 1; - } - - if (opt_dual_daemon) { - do_dual_daemon(); - } - - /* Initialise messaging system */ - - if (!message_init()) { - DEBUG(0, ("unable to initialise messaging system\n")); - exit(1); - } - - register_msg_pool_usage(); - message_register(MSG_REQ_TALLOC_USAGE, return_all_talloc_info); - - /* Loop waiting for requests */ - - process_loop(); - - trustdom_cache_shutdown(); - uni_group_cache_shutdown(); - return 0; -} diff --git a/source4/nsswitch/winbindd.h b/source4/nsswitch/winbindd.h deleted file mode 100644 index 42ef209faf..0000000000 --- a/source4/nsswitch/winbindd.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifndef _WINBINDD_H -#define _WINBINDD_H - -#include "includes.h" -#include "nterr.h" - -#include "winbindd_nss.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Client state structure */ - -struct winbindd_cli_state { - struct winbindd_cli_state *prev, *next; /* Linked list pointers */ - int sock; /* Open socket from client */ - pid_t pid; /* pid of client */ - int read_buf_len, write_buf_len; /* Indexes in request/response */ - BOOL finished; /* Can delete from list */ - BOOL write_extra_data; /* Write extra_data field */ - time_t last_access; /* Time of last access (read or write) */ - struct winbindd_request request; /* Request from client */ - struct winbindd_response response; /* Respose to client */ - struct getent_state *getpwent_state; /* State for getpwent() */ - struct getent_state *getgrent_state; /* State for getgrent() */ -}; - -/* State between get{pw,gr}ent() calls */ - -struct getent_state { - struct getent_state *prev, *next; - void *sam_entries; - uint32 sam_entry_index, num_sam_entries; - BOOL got_sam_entries; - fstring domain_name; -}; - -/* Storage for cached getpwent() user entries */ - -struct getpwent_user { - fstring name; /* Account name */ - fstring gecos; /* User information */ - DOM_SID user_sid; /* NT user and primary group SIDs */ - DOM_SID group_sid; -}; - -/* Server state structure */ - -struct winbindd_state { - - /* User and group id pool */ - - uid_t uid_low, uid_high; /* Range of uids to allocate */ - gid_t gid_low, gid_high; /* Range of gids to allocate */ -}; - -extern struct winbindd_state server_state; /* Server information */ - -typedef struct { - char *acct_name; - char *full_name; - DOM_SID *user_sid; /* NT user and primary group SIDs */ - DOM_SID *group_sid; -} WINBIND_USERINFO; - -/* Structures to hold per domain information */ - -struct winbindd_domain { - fstring name; /* Domain name */ - fstring alt_name; /* alt Domain name (if any) */ - DOM_SID sid; /* SID for this domain */ - BOOL native_mode; /* is this a win2k domain in native mode ? */ - - /* Lookup methods for this domain (LDAP or RPC) */ - - struct winbindd_methods *methods; - - /* Private data for the backends (used for connection cache) */ - - void *private; - - /* Sequence number stuff */ - - time_t last_seq_check; - uint32 sequence_number; - - /* Linked list info */ - - struct winbindd_domain *prev, *next; -}; - -/* per-domain methods. This is how LDAP vs RPC is selected - */ -struct winbindd_methods { - /* does this backend provide a consistent view of the data? (ie. is the primary group - always correct) */ - BOOL consistent; - - /* get a list of users, returning a WINBIND_USERINFO for each one */ - NTSTATUS (*query_user_list)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info); - - /* get a list of domain groups */ - NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info); - - /* get a list of domain local groups */ - NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info); - - /* convert one user or group name to a sid */ - NTSTATUS (*name_to_sid)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type); - - /* convert a sid to a user or group name */ - NTSTATUS (*sid_to_name)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - char **name, - enum SID_NAME_USE *type); - - /* lookup user info for a given SID */ - NTSTATUS (*query_user)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - WINBIND_USERINFO *user_info); - - /* lookup all groups that a user is a member of. The backend - can also choose to lookup by username or rid for this - function */ - NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids); - - /* find all members of the group with the specified group_rid */ - NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *group_sid, - uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types); - - /* return the current global sequence number */ - NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq); - - /* enumerate trusted domains */ - NTSTATUS (*trusted_domains)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids); - - /* find the domain sid */ - NTSTATUS (*domain_sid)(struct winbindd_domain *domain, - DOM_SID *sid); - - /* setup the list of alternate names for the domain, if any */ - NTSTATUS (*alternate_name)(struct winbindd_domain *domain); -}; - -/* Used to glue a policy handle and cli_state together */ - -typedef struct { - struct cli_state *cli; - POLICY_HND pol; -} CLI_POLICY_HND; - -/* Filled out by IDMAP backends */ -struct idmap_methods { - /* Called when backend is first loaded */ - BOOL (*init)(void); - - BOOL (*get_sid_from_uid)(uid_t uid, DOM_SID *sid); - BOOL (*get_sid_from_gid)(gid_t gid, DOM_SID *sid); - - BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid); - BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid); - - /* Called when backend is unloaded */ - BOOL (*close)(void); - /* Called to dump backend status */ - void (*status)(void); -}; - -#include "winbindd_proto.h" - -#include "rpc_parse.h" -#include "rpc_client.h" - -#define WINBINDD_ESTABLISH_LOOP 30 -#define WINBINDD_RESCAN_FREQ 300 - -#define DOM_SEQUENCE_NONE ((uint32)-1) - -#endif /* _WINBINDD_H */ diff --git a/source4/nsswitch/winbindd_ads.c b/source4/nsswitch/winbindd_ads.c deleted file mode 100644 index de3757aa44..0000000000 --- a/source4/nsswitch/winbindd_ads.c +++ /dev/null @@ -1,837 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind ADS backend functions - - Copyright (C) Andrew Tridgell 2001 - Copyright (C) Andrew Bartlett 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#ifdef HAVE_ADS - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* the realm of our primary LDAP server */ -static char *primary_realm; - - -/* - return our ads connections structure for a domain. We keep the connection - open to make things faster -*/ -static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) -{ - ADS_STRUCT *ads; - ADS_STATUS status; - - if (domain->private) { - return (ADS_STRUCT *)domain->private; - } - - /* we don't want this to affect the users ccache */ - setenv("KRB5CCNAME", "MEMORY:winbind_ccache", 1); - - ads = ads_init(domain->alt_name, domain->name, NULL); - if (!ads) { - DEBUG(1,("ads_init for domain %s failed\n", domain->name)); - return NULL; - } - - /* the machine acct password might have change - fetch it every time */ - SAFE_FREE(ads->auth.password); - ads->auth.password = secrets_fetch_machine_password(); - - if (primary_realm) { - SAFE_FREE(ads->auth.realm); - ads->auth.realm = strdup(primary_realm); - } - - status = ads_connect(ads); - if (!ADS_ERR_OK(status) || !ads->config.realm) { - extern struct winbindd_methods msrpc_methods; - DEBUG(1,("ads_connect for domain %s failed: %s\n", - domain->name, ads_errstr(status))); - ads_destroy(&ads); - - /* if we get ECONNREFUSED then it might be a NT4 - server, fall back to MSRPC */ - if (status.error_type == ADS_ERROR_SYSTEM && - status.err.rc == ECONNREFUSED) { - DEBUG(1,("Trying MSRPC methods\n")); - domain->methods = &msrpc_methods; - } - return NULL; - } - - /* remember our primary realm for trusted domain support */ - if (!primary_realm) { - primary_realm = strdup(ads->config.realm); - } - - domain->private = (void *)ads; - return ads; -} - - -/* Query display info for a realm. This is the basic user list fn */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", - "sAMAccountName", - "name", "objectSid", "primaryGroupID", - "sAMAccountType", NULL}; - int i, count; - ADS_STATUS rc; - void *res = NULL; - void *msg = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - *num_entries = 0; - - DEBUG(3,("ads: query_user_list\n")); - - ads = ads_cached_connection(domain); - if (!ads) goto done; - - rc = ads_search_retry(ads, &res, "(objectCategory=user)", attrs); - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); - goto done; - } - - count = ads_count_replies(ads, res); - if (count == 0) { - DEBUG(1,("query_user_list: No users found\n")); - goto done; - } - - (*info) = talloc_zero(mem_ctx, count * sizeof(**info)); - if (!*info) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - i = 0; - - for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - char *name, *gecos; - DOM_SID sid; - DOM_SID *sid2; - DOM_SID *group_sid; - uint32 group; - uint32 atype; - - if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype) || - ads_atype_map(atype) != SID_NAME_USER) { - DEBUG(1,("Not a user account? atype=0x%x\n", atype)); - continue; - } - - name = ads_pull_username(ads, mem_ctx, msg); - gecos = ads_pull_string(ads, mem_ctx, msg, "name"); - if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { - DEBUG(1,("No sid for %s !?\n", name)); - continue; - } - if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group)) { - DEBUG(1,("No primary group for %s !?\n", name)); - continue; - } - - sid2 = talloc(mem_ctx, sizeof(*sid2)); - if (!sid2) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - sid_copy(sid2, &sid); - - group_sid = rid_to_talloced_sid(domain, mem_ctx, group); - - (*info)[i].acct_name = name; - (*info)[i].full_name = gecos; - (*info)[i].user_sid = sid2; - (*info)[i].group_sid = group_sid; - i++; - } - - (*num_entries) = i; - status = NT_STATUS_OK; - - DEBUG(3,("ads query_user_list gave %d entries\n", (*num_entries))); - -done: - if (res) ads_msgfree(ads, res); - - return status; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", "sAMAccountName", - "name", "objectSid", - "sAMAccountType", NULL}; - int i, count; - ADS_STATUS rc; - void *res = NULL; - void *msg = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - uint32 group_flags; - - *num_entries = 0; - - DEBUG(3,("ads: enum_dom_groups\n")); - - ads = ads_cached_connection(domain); - if (!ads) goto done; - - rc = ads_search_retry(ads, &res, "(objectCategory=group)", attrs); - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("enum_dom_groups ads_search: %s\n", ads_errstr(rc))); - goto done; - } - - count = ads_count_replies(ads, res); - if (count == 0) { - DEBUG(1,("enum_dom_groups: No groups found\n")); - goto done; - } - - (*info) = talloc_zero(mem_ctx, count * sizeof(**info)); - if (!*info) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - i = 0; - - group_flags = ATYPE_GLOBAL_GROUP; - if ( domain->native_mode ) - group_flags |= ATYPE_LOCAL_GROUP; - - for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - char *name, *gecos; - DOM_SID sid; - uint32 rid; - uint32 account_type; - - if (!ads_pull_uint32(ads, msg, "sAMAccountType", &account_type) || !(account_type & group_flags) ) - continue; - - name = ads_pull_username(ads, mem_ctx, msg); - gecos = ads_pull_string(ads, mem_ctx, msg, "name"); - if (!ads_pull_sid(ads, msg, "objectSid", &sid)) { - DEBUG(1,("No sid for %s !?\n", name)); - continue; - } - - if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) { - DEBUG(1,("No rid for %s !?\n", name)); - continue; - } - - fstrcpy((*info)[i].acct_name, name); - fstrcpy((*info)[i].acct_desc, gecos); - (*info)[i].rid = rid; - i++; - } - - (*num_entries) = i; - - status = NT_STATUS_OK; - - DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*num_entries))); - -done: - if (res) ads_msgfree(ads, res); - - return status; -} - -/* list all domain local groups */ -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - /* - * This is a stub function only as we returned the domain - * ocal groups in enum_dom_groups() if the domain->native field - * was true. This is a simple performance optimization when - * using LDAP. - * - * if we ever need to enumerate domain local groups separately, - * then this the optimization in enum_dom_groups() will need - * to be split out - */ - *num_entries = 0; - - return NT_STATUS_OK; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - ADS_STRUCT *ads; - - DEBUG(3,("ads: name_to_sid\n")); - - ads = ads_cached_connection(domain); - if (!ads) - return NT_STATUS_UNSUCCESSFUL; - - return ads_name_to_sid(ads, name, sid, type); -} - -/* convert a sid to a user or group name */ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - ADS_STRUCT *ads = NULL; - DEBUG(3,("ads: sid_to_name\n")); - ads = ads_cached_connection(domain); - if (!ads) - return NT_STATUS_UNSUCCESSFUL; - - return ads_sid_to_name(ads, mem_ctx, sid, name, type); -} - - -/* convert a DN to a name, SID and name type - this might become a major speed bottleneck if groups have - lots of users, in which case we could cache the results -*/ -static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const char *dn, - char **name, uint32 *name_type, DOM_SID *sid) -{ - char *exp; - void *res = NULL; - const char *attrs[] = {"userPrincipalName", "sAMAccountName", - "objectSid", "sAMAccountType", NULL}; - ADS_STATUS rc; - uint32 atype; - char *escaped_dn = escape_ldap_string_alloc(dn); - - if (!escaped_dn) { - return False; - } - - asprintf(&exp, "(distinguishedName=%s)", dn); - rc = ads_search_retry(ads, &res, exp, attrs); - SAFE_FREE(exp); - SAFE_FREE(escaped_dn); - - if (!ADS_ERR_OK(rc)) { - goto failed; - } - - (*name) = ads_pull_username(ads, mem_ctx, res); - - if (!ads_pull_uint32(ads, res, "sAMAccountType", &atype)) { - goto failed; - } - (*name_type) = ads_atype_map(atype); - - if (!ads_pull_sid(ads, res, "objectSid", sid)) { - goto failed; - } - - if (res) ads_msgfree(ads, res); - return True; - -failed: - if (res) ads_msgfree(ads, res); - return False; -} - -/* Lookup user information from a rid */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - WINBIND_USERINFO *info) -{ - ADS_STRUCT *ads = NULL; - const char *attrs[] = {"userPrincipalName", - "sAMAccountName", - "name", - "primaryGroupID", NULL}; - ADS_STATUS rc; - int count; - void *msg = NULL; - char *exp; - char *sidstr; - uint32 group_rid; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - DOM_SID *sid2; - fstring sid_string; - - DEBUG(3,("ads: query_user\n")); - - ads = ads_cached_connection(domain); - if (!ads) goto done; - - sidstr = sid_binstring(sid); - asprintf(&exp, "(objectSid=%s)", sidstr); - rc = ads_search_retry(ads, &msg, exp, attrs); - free(exp); - free(sidstr); - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("query_user(sid=%s) ads_search: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc))); - goto done; - } - - count = ads_count_replies(ads, msg); - if (count != 1) { - DEBUG(1,("query_user(sid=%s): Not found\n", sid_to_string(sid_string, sid))); - goto done; - } - - info->acct_name = ads_pull_username(ads, mem_ctx, msg); - info->full_name = ads_pull_string(ads, mem_ctx, msg, "name"); - - if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) { - DEBUG(1,("No primary group for %s !?\n", sid_to_string(sid_string, sid))); - goto done; - } - - sid2 = talloc(mem_ctx, sizeof(*sid2)); - if (!sid2) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - sid_copy(sid2, sid); - - info->user_sid = sid2; - - info->group_sid = rid_to_talloced_sid(domain, mem_ctx, group_rid); - - status = NT_STATUS_OK; - - DEBUG(3,("ads query_user gave %s\n", info->acct_name)); -done: - if (msg) ads_msgfree(ads, msg); - - return status; -} - -/* Lookup groups a user is a member of - alternate method, for when - tokenGroups are not available. */ -static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *user_dn, - DOM_SID *primary_group, - uint32 *num_groups, DOM_SID ***user_gids) -{ - ADS_STATUS rc; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - int count; - void *res = NULL; - void *msg = NULL; - char *exp; - ADS_STRUCT *ads; - const char *group_attrs[] = {"objectSid", NULL}; - - ads = ads_cached_connection(domain); - if (!ads) goto done; - - /* buggy server, no tokenGroups. Instead lookup what groups this user - is a member of by DN search on member*/ - if (asprintf(&exp, "(&(member=%s)(objectClass=group))", user_dn) == -1) { - DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn)); - return NT_STATUS_NO_MEMORY; - } - - rc = ads_search_retry(ads, &res, exp, group_attrs); - free(exp); - - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("lookup_usergroups ads_search member=%s: %s\n", user_dn, ads_errstr(rc))); - return ads_ntstatus(rc); - } - - count = ads_count_replies(ads, res); - if (count == 0) { - DEBUG(5,("lookup_usergroups: No supp groups found\n")); - - status = ads_ntstatus(rc); - goto done; - } - - (*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1)); - (*user_gids)[0] = primary_group; - - *num_groups = 1; - - for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { - DOM_SID group_sid; - - if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) { - DEBUG(1,("No sid for this group ?!?\n")); - continue; - } - - if (sid_equal(&group_sid, primary_group)) continue; - - (*user_gids)[*num_groups] = talloc(mem_ctx, sizeof(***user_gids)); - if (!(*user_gids)[*num_groups]) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - sid_copy((*user_gids)[*num_groups], &group_sid); - - (*num_groups)++; - - } - - status = NT_STATUS_OK; - - DEBUG(3,("ads lookup_usergroups (alt) for dn=%s\n", user_dn)); -done: - if (res) ads_msgfree(ads, res); - if (msg) ads_msgfree(ads, msg); - - return status; -} - -/* Lookup groups a user is a member of. */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - ADS_STRUCT *ads = NULL; - const char *attrs[] = {"distinguishedName", NULL}; - const char *attrs2[] = {"tokenGroups", "primaryGroupID", NULL}; - ADS_STATUS rc; - int count; - void *msg = NULL; - char *exp; - char *user_dn; - DOM_SID *sids; - int i; - DOM_SID *primary_group; - uint32 primary_group_rid; - char *sidstr; - fstring sid_string; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(3,("ads: lookup_usergroups\n")); - *num_groups = 0; - - ads = ads_cached_connection(domain); - if (!ads) goto done; - - if (!(sidstr = sid_binstring(sid))) { - DEBUG(1,("lookup_usergroups(sid=%s) sid_binstring returned NULL\n", sid_to_string(sid_string, sid))); - status = NT_STATUS_NO_MEMORY; - goto done; - } - if (asprintf(&exp, "(objectSid=%s)", sidstr) == -1) { - free(sidstr); - DEBUG(1,("lookup_usergroups(sid=%s) asprintf failed!\n", sid_to_string(sid_string, sid))); - status = NT_STATUS_NO_MEMORY; - goto done; - } - - rc = ads_search_retry(ads, &msg, exp, attrs); - free(exp); - free(sidstr); - - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("lookup_usergroups(sid=%s) ads_search: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc))); - goto done; - } - - user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName"); - if (!user_dn) { - DEBUG(1,("lookup_usergroups(sid=%s) ads_search did not return a a distinguishedName!\n", sid_to_string(sid_string, sid))); - if (msg) ads_msgfree(ads, msg); - goto done; - } - - if (msg) ads_msgfree(ads, msg); - - rc = ads_search_retry_dn(ads, &msg, user_dn, attrs2); - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc))); - goto done; - } - - if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) { - DEBUG(1,("%s: No primary group for sid=%s !?\n", domain->name, sid_to_string(sid_string, sid))); - goto done; - } - - primary_group = rid_to_talloced_sid(domain, mem_ctx, primary_group_rid); - - count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids); - - if (msg) ads_msgfree(ads, msg); - - /* there must always be at least one group in the token, - unless we are talking to a buggy Win2k server */ - if (count == 0) { - return lookup_usergroups_alt(domain, mem_ctx, user_dn, - primary_group, - num_groups, user_gids); - } - - (*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1)); - (*user_gids)[0] = primary_group; - - *num_groups = 1; - - for (i=0;iprivate = NULL; - } - return ads_ntstatus(rc); -} - -/* get a list of trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - ADS_STRUCT *ads; - ADS_STATUS rc; - - *num_domains = 0; - *names = NULL; - - ads = ads_cached_connection(domain); - if (!ads) return NT_STATUS_UNSUCCESSFUL; - - rc = ads_trusted_domains(ads, mem_ctx, num_domains, names, alt_names, dom_sids); - - return ads_ntstatus(rc); -} - -/* find the domain sid for a domain */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - ADS_STRUCT *ads; - ADS_STATUS rc; - - ads = ads_cached_connection(domain); - if (!ads) return NT_STATUS_UNSUCCESSFUL; - - rc = ads_domain_sid(ads, sid); - - if (!ADS_ERR_OK(rc)) { - /* its a dead connection */ - ads_destroy(&ads); - domain->private = NULL; - } - - return ads_ntstatus(rc); -} - - -/* find alternate names list for the domain - for ADS this is the - netbios name */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - ADS_STRUCT *ads; - ADS_STATUS rc; - TALLOC_CTX *ctx; - char *workgroup; - - ads = ads_cached_connection(domain); - if (!ads) return NT_STATUS_UNSUCCESSFUL; - - if (!(ctx = talloc_init("alternate_name"))) { - return NT_STATUS_NO_MEMORY; - } - - rc = ads_workgroup_name(ads, ctx, &workgroup); - - if (ADS_ERR_OK(rc)) { - fstrcpy(domain->name, workgroup); - fstrcpy(domain->alt_name, ads->config.realm); - strupper(domain->alt_name); - strupper(domain->name); - } - - talloc_destroy(ctx); - - return ads_ntstatus(rc); -} - -/* the ADS backend methods are exposed via this structure */ -struct winbindd_methods ads_methods = { - True, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; - -#endif diff --git a/source4/nsswitch/winbindd_cache.c b/source4/nsswitch/winbindd_cache.c deleted file mode 100644 index 5fb59e7467..0000000000 --- a/source4/nsswitch/winbindd_cache.c +++ /dev/null @@ -1,1016 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind cache backend functions - - Copyright (C) Andrew Tridgell 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -struct winbind_cache { - struct winbindd_methods *backend; - TDB_CONTEXT *tdb; -}; - -struct cache_entry { - NTSTATUS status; - uint32 sequence_number; - uint8 *data; - uint32 len, ofs; -}; - -#define WINBINDD_MAX_CACHE_SIZE (50*1024*1024) - -static struct winbind_cache *wcache; - -/* flush the cache */ -void wcache_flush_cache(void) -{ - extern BOOL opt_nocache; - - if (!wcache) return; - if (wcache->tdb) { - tdb_close(wcache->tdb); - wcache->tdb = NULL; - } - if (opt_nocache) return; - - wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, - TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600); - - if (!wcache->tdb) { - DEBUG(0,("Failed to open winbindd_cache.tdb!\n")); - } -} - -void winbindd_check_cache_size(time_t t) -{ - static time_t last_check_time; - struct stat st; - - if (last_check_time == (time_t)0) - last_check_time = t; - - if (t - last_check_time < 60 && t - last_check_time > 0) - return; - - if (wcache == NULL || wcache->tdb == NULL) { - DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n")); - return; - } - - if (fstat(wcache->tdb->fd, &st) == -1) { - DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) )); - return; - } - - if (st.st_size > WINBINDD_MAX_CACHE_SIZE) { - DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n", - (unsigned long)st.st_size, - (unsigned long)WINBINDD_MAX_CACHE_SIZE)); - wcache_flush_cache(); - } -} - -/* get the winbind_cache structure */ -static struct winbind_cache *get_cache(struct winbindd_domain *domain) -{ - extern struct winbindd_methods msrpc_methods; - struct winbind_cache *ret = wcache; - - if (ret) return ret; - - ret = smb_xmalloc(sizeof(*ret)); - ZERO_STRUCTP(ret); - switch (lp_security()) { -#ifdef HAVE_ADS - case SEC_ADS: { - extern struct winbindd_methods ads_methods; - ret->backend = &ads_methods; - break; - } -#endif - default: - ret->backend = &msrpc_methods; - } - - wcache = ret; - wcache_flush_cache(); - - return ret; -} - -/* - free a centry structure -*/ -static void centry_free(struct cache_entry *centry) -{ - if (!centry) return; - SAFE_FREE(centry->data); - free(centry); -} - - -/* - pull a uint32 from a cache entry -*/ -static uint32 centry_uint32(struct cache_entry *centry) -{ - uint32 ret; - if (centry->len - centry->ofs < 4) { - DEBUG(0,("centry corruption? needed 4 bytes, have %d\n", - centry->len - centry->ofs)); - smb_panic("centry_uint32"); - } - ret = IVAL(centry->data, centry->ofs); - centry->ofs += 4; - return ret; -} - -/* - pull a uint8 from a cache entry -*/ -static uint8 centry_uint8(struct cache_entry *centry) -{ - uint8 ret; - if (centry->len - centry->ofs < 1) { - DEBUG(0,("centry corruption? needed 1 bytes, have %d\n", - centry->len - centry->ofs)); - smb_panic("centry_uint32"); - } - ret = CVAL(centry->data, centry->ofs); - centry->ofs += 1; - return ret; -} - -/* pull a string from a cache entry, using the supplied - talloc context -*/ -static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx) -{ - uint32 len; - char *ret; - - len = centry_uint8(centry); - - if (len == 0xFF) { - /* a deliberate NULL string */ - return NULL; - } - - if (centry->len - centry->ofs < len) { - DEBUG(0,("centry corruption? needed %d bytes, have %d\n", - len, centry->len - centry->ofs)); - smb_panic("centry_string"); - } - - ret = talloc(mem_ctx, len+1); - if (!ret) { - smb_panic("centry_string out of memory\n"); - } - memcpy(ret,centry->data + centry->ofs, len); - ret[len] = 0; - centry->ofs += len; - return ret; -} - -/* pull a string from a cache entry, using the supplied - talloc context -*/ -static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx) -{ - DOM_SID *sid; - char *sid_string; - sid = talloc(mem_ctx, sizeof(*sid)); - if (!sid) return NULL; - - sid_string = centry_string(centry, mem_ctx); - if (!string_to_sid(sid, sid_string)) { - return NULL; - } - return sid; -} - -/* the server is considered down if it can't give us a sequence number */ -static BOOL wcache_server_down(struct winbindd_domain *domain) -{ - if (!wcache->tdb) return False; - return (domain->sequence_number == DOM_SEQUENCE_NONE); -} - - -/* - refresh the domain sequence number. If force is True - then always refresh it, no matter how recently we fetched it -*/ -static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) -{ - NTSTATUS status; - unsigned time_diff; - unsigned cache_time = lp_winbind_cache_time(); - - /* trying to reconnect is expensive, don't do it too often */ - if (domain->sequence_number == DOM_SEQUENCE_NONE) { - cache_time *= 8; - } - - time_diff = time(NULL) - domain->last_seq_check; - - /* see if we have to refetch the domain sequence number */ - if (!force && (time_diff < cache_time)) { - return; - } - - status = wcache->backend->sequence_number(domain, &domain->sequence_number); - - if (!NT_STATUS_IS_OK(status)) { - domain->sequence_number = DOM_SEQUENCE_NONE; - } - - domain->last_seq_check = time(NULL); -} - -/* - decide if a cache entry has expired -*/ -static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry) -{ - /* if the server is OK and our cache entry came from when it was down then - the entry is invalid */ - if (domain->sequence_number != DOM_SEQUENCE_NONE && - centry->sequence_number == DOM_SEQUENCE_NONE) { - return True; - } - - /* if the server is down or the cache entry is not older than the - current sequence number then it is OK */ - if (wcache_server_down(domain) || - centry->sequence_number == domain->sequence_number) { - return False; - } - - /* it's expired */ - return True; -} - -/* - fetch an entry from the cache, with a varargs key. auto-fetch the sequence - number and return status -*/ -static struct cache_entry *wcache_fetch(struct winbind_cache *cache, - struct winbindd_domain *domain, - const char *format, ...) PRINTF_ATTRIBUTE(3,4); -static struct cache_entry *wcache_fetch(struct winbind_cache *cache, - struct winbindd_domain *domain, - const char *format, ...) -{ - va_list ap; - char *kstr; - TDB_DATA data; - struct cache_entry *centry; - TDB_DATA key; - - refresh_sequence_number(domain, False); - - va_start(ap, format); - smb_xvasprintf(&kstr, format, ap); - va_end(ap); - - key.dptr = kstr; - key.dsize = strlen(kstr); - data = tdb_fetch(wcache->tdb, key); - free(kstr); - if (!data.dptr) { - /* a cache miss */ - return NULL; - } - - centry = smb_xmalloc(sizeof(*centry)); - centry->data = data.dptr; - centry->len = data.dsize; - centry->ofs = 0; - - if (centry->len < 8) { - /* huh? corrupt cache? */ - centry_free(centry); - return NULL; - } - - centry->status = NT_STATUS(centry_uint32(centry)); - centry->sequence_number = centry_uint32(centry); - - if (centry_expired(domain, centry)) { - extern BOOL opt_dual_daemon; - - if (opt_dual_daemon) { - extern BOOL background_process; - background_process = True; - } else { - centry_free(centry); - return NULL; - } - } - - return centry; -} - -/* - make sure we have at least len bytes available in a centry -*/ -static void centry_expand(struct cache_entry *centry, uint32 len) -{ - uint8 *p; - if (centry->len - centry->ofs >= len) return; - centry->len *= 2; - p = realloc(centry->data, centry->len); - if (!p) { - DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len)); - smb_panic("out of memory in centry_expand"); - } - centry->data = p; -} - -/* - push a uint32 into a centry -*/ -static void centry_put_uint32(struct cache_entry *centry, uint32 v) -{ - centry_expand(centry, 4); - SIVAL(centry->data, centry->ofs, v); - centry->ofs += 4; -} - -/* - push a uint8 into a centry -*/ -static void centry_put_uint8(struct cache_entry *centry, uint8 v) -{ - centry_expand(centry, 1); - SCVAL(centry->data, centry->ofs, v); - centry->ofs += 1; -} - -/* - push a string into a centry - */ -static void centry_put_string(struct cache_entry *centry, const char *s) -{ - int len; - - if (!s) { - /* null strings are marked as len 0xFFFF */ - centry_put_uint8(centry, 0xFF); - return; - } - - len = strlen(s); - /* can't handle more than 254 char strings. Truncating is probably best */ - if (len > 254) len = 254; - centry_put_uint8(centry, len); - centry_expand(centry, len); - memcpy(centry->data + centry->ofs, s, len); - centry->ofs += len; -} - -static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) -{ - int len; - fstring sid_string; - centry_put_string(centry, sid_to_string(sid_string, sid)); -} - -/* - start a centry for output. When finished, call centry_end() -*/ -struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status) -{ - struct cache_entry *centry; - - if (!wcache->tdb) return NULL; - - centry = smb_xmalloc(sizeof(*centry)); - - centry->len = 8192; /* reasonable default */ - centry->data = smb_xmalloc(centry->len); - centry->ofs = 0; - centry->sequence_number = domain->sequence_number; - centry_put_uint32(centry, NT_STATUS_V(status)); - centry_put_uint32(centry, centry->sequence_number); - return centry; -} - -/* - finish a centry and write it to the tdb -*/ -static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3); -static void centry_end(struct cache_entry *centry, const char *format, ...) -{ - va_list ap; - char *kstr; - TDB_DATA key, data; - - va_start(ap, format); - smb_xvasprintf(&kstr, format, ap); - va_end(ap); - - key.dptr = kstr; - key.dsize = strlen(kstr); - data.dptr = centry->data; - data.dsize = centry->ofs; - - tdb_store(wcache->tdb, key, data, TDB_REPLACE); - free(kstr); -} - -static void wcache_save_name_to_sid(struct winbindd_domain *domain, - NTSTATUS status, - const char *name, DOM_SID *sid, - enum SID_NAME_USE type) -{ - struct cache_entry *centry; - uint32 len; - fstring uname; - fstring sid_string; - - centry = centry_start(domain, status); - if (!centry) return; - centry_put_sid(centry, sid); - fstrcpy(uname, name); - strupper(uname); - centry_end(centry, "NS/%s", sid_to_string(sid_string, sid)); - centry_free(centry); -} - -static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status, - DOM_SID *sid, const char *name, enum SID_NAME_USE type) -{ - struct cache_entry *centry; - fstring sid_string; - - centry = centry_start(domain, status); - if (!centry) return; - if (NT_STATUS_IS_OK(status)) { - centry_put_uint32(centry, type); - centry_put_string(centry, name); - } - centry_end(centry, "SN/%s", sid_to_string(sid_string, sid)); - centry_free(centry); -} - - -static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info) -{ - struct cache_entry *centry; - fstring sid_string; - - centry = centry_start(domain, status); - if (!centry) return; - centry_put_string(centry, info->acct_name); - centry_put_string(centry, info->full_name); - centry_put_sid(centry, info->user_sid); - centry_put_sid(centry, info->group_sid); - centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid)); - centry_free(centry); -} - - -/* Query display info. This is the basic user list fn */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - unsigned int i; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "UL/%s", domain->name); - if (!centry) goto do_query; - - *num_entries = centry_uint32(centry); - - if (*num_entries == 0) goto do_cached; - - (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries)); - if (! (*info)) smb_panic("query_user_list out of memory"); - for (i=0; i<(*num_entries); i++) { - (*info)[i].acct_name = centry_string(centry, mem_ctx); - (*info)[i].full_name = centry_string(centry, mem_ctx); - (*info)[i].user_sid = centry_sid(centry, mem_ctx); - (*info)[i].group_sid = centry_sid(centry, mem_ctx); - } - -do_cached: - status = centry->status; - centry_free(centry); - return status; - -do_query: - *num_entries = 0; - *info = NULL; - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - - status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info); - - /* and save it */ - refresh_sequence_number(domain, True); - centry = centry_start(domain, status); - if (!centry) goto skip_save; - centry_put_uint32(centry, *num_entries); - for (i=0; i<(*num_entries); i++) { - centry_put_string(centry, (*info)[i].acct_name); - centry_put_string(centry, (*info)[i].full_name); - centry_put_sid(centry, (*info)[i].user_sid); - centry_put_sid(centry, (*info)[i].group_sid); - if (cache->backend->consistent) { - /* when the backend is consistent we can pre-prime some mappings */ - wcache_save_name_to_sid(domain, NT_STATUS_OK, - (*info)[i].acct_name, - (*info)[i].user_sid, - SID_NAME_USER); - wcache_save_sid_to_name(domain, NT_STATUS_OK, - (*info)[i].user_sid, - (*info)[i].acct_name, - SID_NAME_USER); - wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]); - } - } - centry_end(centry, "UL/%s", domain->name); - centry_free(centry); - -skip_save: - return status; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - unsigned int i; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name); - if (!centry) goto do_query; - - *num_entries = centry_uint32(centry); - - if (*num_entries == 0) goto do_cached; - - (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries)); - if (! (*info)) smb_panic("enum_dom_groups out of memory"); - for (i=0; i<(*num_entries); i++) { - fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx)); - fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx)); - (*info)[i].rid = centry_uint32(centry); - } - -do_cached: - status = centry->status; - centry_free(centry); - return status; - -do_query: - *num_entries = 0; - *info = NULL; - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - - status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info); - - /* and save it */ - refresh_sequence_number(domain, True); - centry = centry_start(domain, status); - if (!centry) goto skip_save; - centry_put_uint32(centry, *num_entries); - for (i=0; i<(*num_entries); i++) { - centry_put_string(centry, (*info)[i].acct_name); - centry_put_string(centry, (*info)[i].acct_desc); - centry_put_uint32(centry, (*info)[i].rid); - } - centry_end(centry, "GL/%s/domain", domain->name); - centry_free(centry); - -skip_save: - return status; -} - -/* list all domain groups */ -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - unsigned int i; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name); - if (!centry) goto do_query; - - *num_entries = centry_uint32(centry); - - if (*num_entries == 0) goto do_cached; - - (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries)); - if (! (*info)) smb_panic("enum_dom_groups out of memory"); - for (i=0; i<(*num_entries); i++) { - fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx)); - fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx)); - (*info)[i].rid = centry_uint32(centry); - } - -do_cached: - - /* If we are returning cached data and the domain controller - is down then we don't know whether the data is up to date - or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to - indicate this. */ - - if (wcache_server_down(domain)) { - DEBUG(10, ("query_user_list: returning cached user list and server was down\n")); - status = NT_STATUS_MORE_PROCESSING_REQUIRED; - } else - status = centry->status; - - centry_free(centry); - return status; - -do_query: - *num_entries = 0; - *info = NULL; - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - - status = cache->backend->enum_local_groups(domain, mem_ctx, num_entries, info); - - /* and save it */ - refresh_sequence_number(domain, True); - centry = centry_start(domain, status); - if (!centry) goto skip_save; - centry_put_uint32(centry, *num_entries); - for (i=0; i<(*num_entries); i++) { - centry_put_string(centry, (*info)[i].acct_name); - centry_put_string(centry, (*info)[i].acct_desc); - centry_put_uint32(centry, (*info)[i].rid); - } - centry_end(centry, "GL/%s/local", domain->name); - centry_free(centry); - -skip_save: - return status; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - fstring uname; - DOM_SID *sid2; - - if (!cache->tdb) goto do_query; - - fstrcpy(uname, name); - strupper(uname); - centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname); - if (!centry) goto do_query; - *type = centry_uint32(centry); - sid2 = centry_sid(centry, mem_ctx); - if (!sid2) { - ZERO_STRUCTP(sid); - } else { - sid_copy(sid, sid2); - } - - status = centry->status; - centry_free(centry); - return status; - -do_query: - ZERO_STRUCTP(sid); - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - status = cache->backend->name_to_sid(domain, mem_ctx, name, sid, type); - - /* and save it */ - wcache_save_name_to_sid(domain, status, name, sid, *type); - - /* We can't save the sid to name mapping as we don't know the - correct case of the name without looking it up */ - - return status; -} - -/* convert a sid to a user or group name. The sid is guaranteed to be in the domain - given */ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - fstring sid_string; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid)); - if (!centry) goto do_query; - if (NT_STATUS_IS_OK(centry->status)) { - *type = centry_uint32(centry); - *name = centry_string(centry, mem_ctx); - } - status = centry->status; - centry_free(centry); - return status; - -do_query: - *name = NULL; - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type); - - /* and save it */ - refresh_sequence_number(domain, True); - wcache_save_sid_to_name(domain, status, sid, *name, *type); - wcache_save_name_to_sid(domain, status, *name, sid, *type); - - return status; -} - - -/* Lookup user information from a rid */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - WINBIND_USERINFO *info) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - fstring sid_string; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "U/%s", sid_to_string(sid_string, user_sid)); - if (!centry) goto do_query; - - info->acct_name = centry_string(centry, mem_ctx); - info->full_name = centry_string(centry, mem_ctx); - info->user_sid = centry_sid(centry, mem_ctx); - info->group_sid = centry_sid(centry, mem_ctx); - status = centry->status; - centry_free(centry); - return status; - -do_query: - ZERO_STRUCTP(info); - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - - status = cache->backend->query_user(domain, mem_ctx, user_sid, info); - - /* and save it */ - refresh_sequence_number(domain, True); - wcache_save_user(domain, status, info); - - return status; -} - - -/* Lookup groups a user is a member of. */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - unsigned int i; - fstring sid_string; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid)); - if (!centry) goto do_query; - - *num_groups = centry_uint32(centry); - - if (*num_groups == 0) goto do_cached; - - (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups)); - if (! (*user_gids)) smb_panic("lookup_usergroups out of memory"); - for (i=0; i<(*num_groups); i++) { - (*user_gids)[i] = centry_sid(centry, mem_ctx); - } - -do_cached: - status = centry->status; - centry_free(centry); - return status; - -do_query: - (*num_groups) = 0; - (*user_gids) = NULL; - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - status = cache->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids); - - /* and save it */ - refresh_sequence_number(domain, True); - centry = centry_start(domain, status); - if (!centry) goto skip_save; - centry_put_uint32(centry, *num_groups); - for (i=0; i<(*num_groups); i++) { - centry_put_sid(centry, (*user_gids)[i]); - } - centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid)); - centry_free(centry); - -skip_save: - return status; -} - - -static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *group_sid, uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types) -{ - struct winbind_cache *cache = get_cache(domain); - struct cache_entry *centry = NULL; - NTSTATUS status; - unsigned int i; - fstring sid_string; - - if (!cache->tdb) goto do_query; - - centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid)); - if (!centry) goto do_query; - - *num_names = centry_uint32(centry); - - if (*num_names == 0) goto do_cached; - - (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names)); - (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names)); - (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names)); - - if (! (*sid_mem) || ! (*names) || ! (*name_types)) { - smb_panic("lookup_groupmem out of memory"); - } - - for (i=0; i<(*num_names); i++) { - (*sid_mem)[i] = centry_sid(centry, mem_ctx); - (*names)[i] = centry_string(centry, mem_ctx); - (*name_types)[i] = centry_uint32(centry); - } - -do_cached: - status = centry->status; - centry_free(centry); - return status; - -do_query: - (*num_names) = 0; - (*sid_mem) = NULL; - (*names) = NULL; - (*name_types) = NULL; - - - if (wcache_server_down(domain)) { - return NT_STATUS_SERVER_DISABLED; - } - status = cache->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names, - sid_mem, names, name_types); - - /* and save it */ - refresh_sequence_number(domain, True); - centry = centry_start(domain, status); - if (!centry) goto skip_save; - centry_put_uint32(centry, *num_names); - for (i=0; i<(*num_names); i++) { - centry_put_sid(centry, (*sid_mem)[i]); - centry_put_string(centry, (*names)[i]); - centry_put_uint32(centry, (*name_types)[i]); - } - centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid)); - centry_free(centry); - -skip_save: - return status; -} - -/* find the sequence number for a domain */ -static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) -{ - refresh_sequence_number(domain, False); - - *seq = domain->sequence_number; - - return NT_STATUS_OK; -} - -/* enumerate trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - struct winbind_cache *cache = get_cache(domain); - - /* we don't cache this call */ - return cache->backend->trusted_domains(domain, mem_ctx, num_domains, - names, alt_names, dom_sids); -} - -/* find the domain sid */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - struct winbind_cache *cache = get_cache(domain); - - /* we don't cache this call */ - return cache->backend->domain_sid(domain, sid); -} - -/* find the alternate names for the domain, if any */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - struct winbind_cache *cache = get_cache(domain); - - /* we don't cache this call */ - return cache->backend->alternate_name(domain); -} - -/* the ADS backend methods are exposed via this structure */ -struct winbindd_methods cache_methods = { - True, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; diff --git a/source4/nsswitch/winbindd_cm.c b/source4/nsswitch/winbindd_cm.c deleted file mode 100644 index 0748a1c534..0000000000 --- a/source4/nsswitch/winbindd_cm.c +++ /dev/null @@ -1,954 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon connection manager - - Copyright (C) Tim Potter 2001 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - We need to manage connections to domain controllers without having to - mess up the main winbindd code with other issues. The aim of the - connection manager is to: - - - make connections to domain controllers and cache them - - re-establish connections when networks or servers go down - - centralise the policy on connection timeouts, domain controller - selection etc - - manage re-entrancy for when winbindd becomes able to handle - multiple outstanding rpc requests - - Why not have connection management as part of the rpc layer like tng? - Good question. This code may morph into libsmb/rpc_cache.c or something - like that but at the moment it's simply staying as part of winbind. I - think the TNG architecture of forcing every user of the rpc layer to use - the connection caching system is a bad idea. It should be an optional - method of using the routines. - - The TNG design is quite good but I disagree with some aspects of the - implementation. -tpot - - */ - -/* - TODO: - - - I'm pretty annoyed by all the make_nmb_name() stuff. It should be - moved down into another function. - - - There needs to be a utility function in libsmb/namequery.c that does - cm_get_dc_name() - - - Take care when destroying cli_structs as they can be shared between - various sam handles. - - */ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Global list of connections. Initially a DLIST but can become a hash - table or whatever later. */ - -struct winbindd_cm_conn { - struct winbindd_cm_conn *prev, *next; - fstring domain; - fstring controller; - fstring pipe_name; - size_t mutex_ref_count; - struct cli_state *cli; - POLICY_HND pol; -}; - -static struct winbindd_cm_conn *cm_conns = NULL; - -/* Get a domain controller name. Cache positive and negative lookups so we - don't go to the network too often when something is badly broken. */ - -#define GET_DC_NAME_CACHE_TIMEOUT 30 /* Seconds between dc lookups */ - -struct get_dc_name_cache { - fstring domain_name; - fstring srv_name; - time_t lookup_time; - struct get_dc_name_cache *prev, *next; -}; - -/* - find the DC for a domain using methods appropriate for a ADS domain -*/ -static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name) -{ - ADS_STRUCT *ads; - const char *realm = domain; - - if (strcasecmp(realm, lp_workgroup()) == 0) - realm = lp_realm(); - - ads = ads_init(realm, domain, NULL); - if (!ads) - return False; - - /* we don't need to bind, just connect */ - ads->auth.flags |= ADS_AUTH_NO_BIND; - - DEBUG(4,("cm_ads_find_dc: domain=%s\n", domain)); - -#ifdef HAVE_ADS - /* a full ads_connect() is actually overkill, as we don't srictly need - to do the SASL auth in order to get the info we need, but libads - doesn't offer a better way right now */ - ads_connect(ads); -#endif - - if (!ads->config.realm) - return False; - - fstrcpy(srv_name, ads->config.ldap_server_name); - strupper(srv_name); - *dc_ip = ads->ldap_ip; - ads_destroy(&ads); - - DEBUG(4,("cm_ads_find_dc: using server='%s' IP=%s\n", - srv_name, inet_ntoa(*dc_ip))); - - return True; -} - - - -static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) -{ - static struct get_dc_name_cache *get_dc_name_cache; - struct get_dc_name_cache *dcc; - struct in_addr dc_ip; - BOOL ret; - - /* Check the cache for previous lookups */ - - for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) { - - if (!strequal(domain, dcc->domain_name)) - continue; /* Not our domain */ - - if ((time(NULL) - dcc->lookup_time) > - GET_DC_NAME_CACHE_TIMEOUT) { - - /* Cache entry has expired, delete it */ - - DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain)); - - DLIST_REMOVE(get_dc_name_cache, dcc); - SAFE_FREE(dcc); - - break; - } - - /* Return a positive or negative lookup for this domain */ - - if (dcc->srv_name[0]) { - DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain)); - fstrcpy(srv_name, dcc->srv_name); - return True; - } else { - DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain)); - return False; - } - } - - /* Add cache entry for this lookup. */ - - DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain)); - - if (!(dcc = (struct get_dc_name_cache *) - malloc(sizeof(struct get_dc_name_cache)))) - return False; - - ZERO_STRUCTP(dcc); - - fstrcpy(dcc->domain_name, domain); - dcc->lookup_time = time(NULL); - - DLIST_ADD(get_dc_name_cache, dcc); - - zero_ip(&dc_ip); - - ret = False; - if (lp_security() == SEC_ADS) - ret = cm_ads_find_dc(domain, &dc_ip, srv_name); - - if (!ret) { - /* fall back on rpc methods if the ADS methods fail */ - ret = rpc_find_dc(domain, srv_name, &dc_ip); - } - - if (!ret) - return False; - - /* We have a name so make the cache entry positive now */ - fstrcpy(dcc->srv_name, srv_name); - - DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, - inet_ntoa(dc_ip), domain)); - - *ip_out = dc_ip; - - return True; -} - -/* Choose between anonymous or authenticated connections. We need to use - an authenticated connection if DCs have the RestrictAnonymous registry - entry set > 0, or the "Additional restrictions for anonymous - connections" set in the win2k Local Security Policy. - - Caller to free() result in domain, username, password -*/ - -static void cm_get_ipc_userpass(char **username, char **domain, char **password) -{ - *username = secrets_fetch(SECRETS_AUTH_USER, NULL); - *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); - - if (*username && **username) { - - if (!*domain || !**domain) - *domain = smb_xstrdup(lp_workgroup()); - - if (!*password || !**password) - *password = smb_xstrdup(""); - - DEBUG(3, ("IPC$ connections done by user %s\\%s\n", - *domain, *username)); - - } else { - DEBUG(3, ("IPC$ connections done anonymously\n")); - *username = smb_xstrdup(""); - *domain = smb_xstrdup(""); - *password = smb_xstrdup(""); - } -} - -/* Open a new smb pipe connection to a DC on a given domain. Cache - negative creation attempts so we don't try and connect to broken - machines too often. */ - -#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */ - -struct failed_connection_cache { - fstring domain_name; - fstring controller; - time_t lookup_time; - NTSTATUS nt_status; - struct failed_connection_cache *prev, *next; -}; - -static struct failed_connection_cache *failed_connection_cache; - -/* Add an entry to the failed conneciton cache */ - -static void add_failed_connection_entry(struct winbindd_cm_conn *new_conn, - NTSTATUS result) -{ - struct failed_connection_cache *fcc; - - SMB_ASSERT(!NT_STATUS_IS_OK(result)); - - /* Check we already aren't in the cache */ - - for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - if (strequal(fcc->domain_name, new_conn->domain)) { - DEBUG(10, ("domain %s already tried and failed\n", - fcc->domain_name)); - return; - } - } - - /* Create negative lookup cache entry for this domain and controller */ - - if (!(fcc = (struct failed_connection_cache *) - malloc(sizeof(struct failed_connection_cache)))) { - DEBUG(0, ("malloc failed in add_failed_connection_entry!\n")); - return; - } - - ZERO_STRUCTP(fcc); - - fstrcpy(fcc->domain_name, new_conn->domain); - fstrcpy(fcc->controller, new_conn->controller); - fcc->lookup_time = time(NULL); - fcc->nt_status = result; - - DLIST_ADD(failed_connection_cache, fcc); -} - -/* Open a connction to the remote server, cache failures for 30 seconds */ - -static NTSTATUS cm_open_connection(const char *domain, const int pipe_index, - struct winbindd_cm_conn *new_conn, BOOL keep_mutex) -{ - struct failed_connection_cache *fcc; - NTSTATUS result; - char *ipc_username, *ipc_domain, *ipc_password; - struct in_addr dc_ip; - int i; - BOOL retry = True; - BOOL got_mutex = False; - - ZERO_STRUCT(dc_ip); - - fstrcpy(new_conn->domain, domain); - fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index)); - - /* Look for a domain controller for this domain. Negative results - are cached so don't bother applying the caching for this - function just yet. */ - - if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) { - result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - add_failed_connection_entry(new_conn, result); - return result; - } - - /* Return false if we have tried to look up this domain and netbios - name before and failed. */ - - for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { - - if (!(strequal(domain, fcc->domain_name) && - strequal(new_conn->controller, fcc->controller))) - continue; /* Not our domain */ - - if ((time(NULL) - fcc->lookup_time) > - FAILED_CONNECTION_CACHE_TIMEOUT) { - - /* Cache entry has expired, delete it */ - - DEBUG(10, ("cm_open_connection cache entry expired for %s, %s\n", domain, new_conn->controller)); - - DLIST_REMOVE(failed_connection_cache, fcc); - free(fcc); - - break; - } - - /* The timeout hasn't expired yet so return false */ - - DEBUG(10, ("returning negative open_connection_cache entry for %s, %s\n", domain, new_conn->controller)); - - result = fcc->nt_status; - SMB_ASSERT(!NT_STATUS_IS_OK(result)); - return result; - } - - /* Initialise SMB connection */ - - cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password); - - DEBUG(5, ("connecting to %s from %s with username [%s]\\[%s]\n", - new_conn->controller, lp_netbios_name(), ipc_domain, ipc_username)); - - for (i = 0; retry && (i < 3); i++) { - - if (!secrets_named_mutex(new_conn->controller, WINBIND_SERVER_MUTEX_WAIT_TIME, &new_conn->mutex_ref_count)) { - DEBUG(0,("cm_open_connection: mutex grab failed for %s\n", new_conn->controller)); - result = NT_STATUS_POSSIBLE_DEADLOCK; - continue; - } - - got_mutex = True; - - result = cli_full_connection(&new_conn->cli, lp_netbios_name(), new_conn->controller, - &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password, 0, &retry); - - if (NT_STATUS_IS_OK(result)) - break; - - secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count); - got_mutex = False; - } - - SAFE_FREE(ipc_username); - SAFE_FREE(ipc_domain); - SAFE_FREE(ipc_password); - - if (!NT_STATUS_IS_OK(result)) { - if (got_mutex) - secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count); - add_failed_connection_entry(new_conn, result); - return result; - } - - if ( !cli_nt_session_open (new_conn->cli, pipe_index) ) { - result = NT_STATUS_PIPE_NOT_AVAILABLE; - /* - * only cache a failure if we are not trying to open the - * **win2k** specific lsarpc UUID. This could be an NT PDC - * and therefore a failure is normal. This should probably - * be abstracted to a check for 2k specific pipes and wondering - * if the PDC is an NT4 box. but since there is only one 2k - * specific UUID right now, i'm not going to bother. --jerry - */ - if (got_mutex) - secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count); - if ( !is_win2k_pipe(pipe_index) ) - add_failed_connection_entry(new_conn, result); - cli_shutdown(new_conn->cli); - return result; - } - - if ((got_mutex) && !keep_mutex) - secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count); - return NT_STATUS_OK; -} - -/* Return true if a connection is still alive */ - -static BOOL connection_ok(struct winbindd_cm_conn *conn) -{ - if (!conn) { - smb_panic("Invalid paramater passed to conneciton_ok(): conn was NULL!\n"); - return False; - } - - if (!conn->cli) { - DEBUG(0, ("Connection to %s for domain %s (pipe %s) has NULL conn->cli!\n", - conn->controller, conn->domain, conn->pipe_name)); - smb_panic("connection_ok: conn->cli was null!"); - return False; - } - - if (!conn->cli->initialised) { - DEBUG(0, ("Connection to %s for domain %s (pipe %s) was never initialised!\n", - conn->controller, conn->domain, conn->pipe_name)); - smb_panic("connection_ok: conn->cli->initialised is False!"); - return False; - } - - if (conn->cli->fd == -1) { - DEBUG(3, ("Connection to %s for domain %s (pipe %s) has died or was never started (fd == -1)\n", - conn->controller, conn->domain, conn->pipe_name)); - return False; - } - - return True; -} - -/* Get a connection to the remote DC and open the pipe. If there is already a connection, use that */ - -static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_name, - struct winbindd_cm_conn **conn_out, BOOL keep_mutex) -{ - struct winbindd_cm_conn *conn, conn_temp; - NTSTATUS result; - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, pipe_name)) { - if (!connection_ok(conn)) { - if (conn->cli) - cli_shutdown(conn->cli); - ZERO_STRUCT(conn_temp); - conn_temp.next = conn->next; - DLIST_REMOVE(cm_conns, conn); - SAFE_FREE(conn); - conn = &conn_temp; /* Just to keep the loop moving */ - } else { - if (keep_mutex) { - if (!secrets_named_mutex(conn->controller, - WINBIND_SERVER_MUTEX_WAIT_TIME, &conn->mutex_ref_count)) - DEBUG(0,("get_connection_from_cache: mutex grab failed for %s\n", - conn->controller)); - } - break; - } - } - } - - if (!conn) { - if (!(conn = malloc(sizeof(*conn)))) - return NT_STATUS_NO_MEMORY; - - ZERO_STRUCTP(conn); - - if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, get_pipe_index(pipe_name), conn, keep_mutex))) { - DEBUG(3, ("Could not open a connection to %s for %s (%s)\n", - domain, pipe_name, nt_errstr(result))); - SAFE_FREE(conn); - return result; - } - DLIST_ADD(cm_conns, conn); - } - - *conn_out = conn; - return NT_STATUS_OK; -} - - -/********************************************************************************** -**********************************************************************************/ - -BOOL cm_check_for_native_mode_win2k( const char *domain ) -{ - NTSTATUS result; - struct winbindd_cm_conn conn; - DS_DOMINFO_CTR ctr; - BOOL ret = False; - - ZERO_STRUCT( conn ); - ZERO_STRUCT( ctr ); - - - if ( !NT_STATUS_IS_OK(result = cm_open_connection(domain, PI_LSARPC_DS, &conn, False)) ) { - DEBUG(5, ("cm_check_for_native_mode_win2k: Could not open a connection to %s for PIPE_LSARPC (%s)\n", - domain, nt_errstr(result))); - return False; - } - - if ( conn.cli ) { - if ( !NT_STATUS_IS_OK(cli_ds_getprimarydominfo( conn.cli, - conn.cli->mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr)) ) { - ret = False; - goto done; - } - } - - if ( (ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING) - && !(ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) ) - ret = True; - -done: - if ( conn.cli ) - cli_shutdown( conn.cli ); - - return ret; -} - - - -/* Return a LSA policy handle on a domain */ - -CLI_POLICY_HND *cm_get_lsa_handle(const char *domain) -{ - struct winbindd_cm_conn *conn; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - NTSTATUS result; - static CLI_POLICY_HND hnd; - - /* Look for existing connections */ - - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn, False))) - return NULL; - - /* This *shitty* code needs scrapping ! JRA */ - if (policy_handle_is_valid(&conn->pol)) { - hnd.pol = conn->pol; - hnd.cli = conn->cli; - return &hnd; - } - - result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False, - des_access, &conn->pol); - - if (!NT_STATUS_IS_OK(result)) { - /* Hit the cache code again. This cleans out the old connection and gets a new one */ - if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */ - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn, False))) - return NULL; - - result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False, - des_access, &conn->pol); - } - - if (!NT_STATUS_IS_OK(result)) { - cli_shutdown(conn->cli); - DLIST_REMOVE(cm_conns, conn); - SAFE_FREE(conn); - return NULL; - } - } - - hnd.pol = conn->pol; - hnd.cli = conn->cli; - - return &hnd; -} - -/* Return a SAM policy handle on a domain */ - -CLI_POLICY_HND *cm_get_sam_handle(char *domain) -{ - struct winbindd_cm_conn *conn; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - NTSTATUS result; - static CLI_POLICY_HND hnd; - - /* Look for existing connections */ - - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn, False))) - return NULL; - - /* This *shitty* code needs scrapping ! JRA */ - if (policy_handle_is_valid(&conn->pol)) { - hnd.pol = conn->pol; - hnd.cli = conn->cli; - return &hnd; - } - result = cli_samr_connect(conn->cli, conn->cli->mem_ctx, - des_access, &conn->pol); - - if (!NT_STATUS_IS_OK(result)) { - /* Hit the cache code again. This cleans out the old connection and gets a new one */ - if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */ - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn, False))) - return NULL; - - result = cli_samr_connect(conn->cli, conn->cli->mem_ctx, - des_access, &conn->pol); - } - - if (!NT_STATUS_IS_OK(result)) { - cli_shutdown(conn->cli); - DLIST_REMOVE(cm_conns, conn); - SAFE_FREE(conn); - return NULL; - } - } - - hnd.pol = conn->pol; - hnd.cli = conn->cli; - - return &hnd; -} - -#if 0 /* This code now *well* out of date */ - -/* Return a SAM domain policy handle on a domain */ - -CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid) -{ - struct winbindd_cm_conn *conn, *basic_conn = NULL; - static CLI_POLICY_HND hnd; - NTSTATUS result; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - - /* Look for existing connections */ - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM) { - - if (!connection_ok(conn)) { - /* Shutdown cli? Free conn? Allow retry of DC? */ - DLIST_REMOVE(cm_conns, conn); - return NULL; - } - - goto ok; - } - } - - /* Create a basic handle to open a domain handle from */ - - if (!cm_get_sam_handle(domain)) - return False; - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_BASIC) - basic_conn = conn; - } - - if (!(conn = (struct winbindd_cm_conn *) - malloc(sizeof(struct winbindd_cm_conn)))) - return NULL; - - ZERO_STRUCTP(conn); - - fstrcpy(conn->domain, basic_conn->domain); - fstrcpy(conn->controller, basic_conn->controller); - fstrcpy(conn->pipe_name, basic_conn->pipe_name); - - conn->pipe_data.samr.pipe_type = SAM_PIPE_DOM; - conn->cli = basic_conn->cli; - - result = cli_samr_open_domain(conn->cli, conn->cli->mem_ctx, - &basic_conn->pol, des_access, - domain_sid, &conn->pol); - - if (!NT_STATUS_IS_OK(result)) - return NULL; - - /* Add to list */ - - DLIST_ADD(cm_conns, conn); - - ok: - hnd.pol = conn->pol; - hnd.cli = conn->cli; - - return &hnd; -} - -/* Return a SAM policy handle on a domain user */ - -CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, - uint32 user_rid) -{ - struct winbindd_cm_conn *conn, *basic_conn = NULL; - static CLI_POLICY_HND hnd; - NTSTATUS result; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - - /* Look for existing connections */ - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_USER && - conn->pipe_data.samr.rid == user_rid) { - - if (!connection_ok(conn)) { - /* Shutdown cli? Free conn? Allow retry of DC? */ - DLIST_REMOVE(cm_conns, conn); - return NULL; - } - - goto ok; - } - } - - /* Create a domain handle to open a user handle from */ - - if (!cm_get_sam_dom_handle(domain, domain_sid)) - return NULL; - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM) - basic_conn = conn; - } - - if (!basic_conn) { - DEBUG(0, ("No domain sam handle was created!\n")); - return NULL; - } - - if (!(conn = (struct winbindd_cm_conn *) - malloc(sizeof(struct winbindd_cm_conn)))) - return NULL; - - ZERO_STRUCTP(conn); - - fstrcpy(conn->domain, basic_conn->domain); - fstrcpy(conn->controller, basic_conn->controller); - fstrcpy(conn->pipe_name, basic_conn->pipe_name); - - conn->pipe_data.samr.pipe_type = SAM_PIPE_USER; - conn->cli = basic_conn->cli; - conn->pipe_data.samr.rid = user_rid; - - result = cli_samr_open_user(conn->cli, conn->cli->mem_ctx, - &basic_conn->pol, des_access, user_rid, - &conn->pol); - - if (!NT_STATUS_IS_OK(result)) - return NULL; - - /* Add to list */ - - DLIST_ADD(cm_conns, conn); - - ok: - hnd.pol = conn->pol; - hnd.cli = conn->cli; - - return &hnd; -} - -/* Return a SAM policy handle on a domain group */ - -CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, - uint32 group_rid) -{ - struct winbindd_cm_conn *conn, *basic_conn = NULL; - static CLI_POLICY_HND hnd; - NTSTATUS result; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - - /* Look for existing connections */ - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_GROUP && - conn->pipe_data.samr.rid == group_rid) { - - if (!connection_ok(conn)) { - /* Shutdown cli? Free conn? Allow retry of DC? */ - DLIST_REMOVE(cm_conns, conn); - return NULL; - } - - goto ok; - } - } - - /* Create a domain handle to open a user handle from */ - - if (!cm_get_sam_dom_handle(domain, domain_sid)) - return NULL; - - for (conn = cm_conns; conn; conn = conn->next) { - if (strequal(conn->domain, domain) && - strequal(conn->pipe_name, PIPE_SAMR) && - conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM) - basic_conn = conn; - } - - if (!basic_conn) { - DEBUG(0, ("No domain sam handle was created!\n")); - return NULL; - } - - if (!(conn = (struct winbindd_cm_conn *) - malloc(sizeof(struct winbindd_cm_conn)))) - return NULL; - - ZERO_STRUCTP(conn); - - fstrcpy(conn->domain, basic_conn->domain); - fstrcpy(conn->controller, basic_conn->controller); - fstrcpy(conn->pipe_name, basic_conn->pipe_name); - - conn->pipe_data.samr.pipe_type = SAM_PIPE_GROUP; - conn->cli = basic_conn->cli; - conn->pipe_data.samr.rid = group_rid; - - result = cli_samr_open_group(conn->cli, conn->cli->mem_ctx, - &basic_conn->pol, des_access, group_rid, - &conn->pol); - - if (!NT_STATUS_IS_OK(result)) - return NULL; - - /* Add to list */ - - DLIST_ADD(cm_conns, conn); - - ok: - hnd.pol = conn->pol; - hnd.cli = conn->cli; - - return &hnd; -} - -#endif - -/* Get a handle on a netlogon pipe. This is a bit of a hack to re-use the - netlogon pipe as no handle is returned. */ - -NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_passwd, - struct cli_state **cli) -{ - NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - struct winbindd_cm_conn *conn; - uint32 neg_flags = 0x000001ff; - - if (!cli) - return NT_STATUS_INVALID_PARAMETER; - - /* Open an initial conection - keep the mutex. */ - - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn, True))) - return result; - - result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2); - - if (conn->mutex_ref_count) - secrets_named_mutex_release(conn->controller, &conn->mutex_ref_count); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("error connecting to domain password server: %s\n", - nt_errstr(result))); - - /* Hit the cache code again. This cleans out the old connection and gets a new one */ - if (conn->cli->fd == -1) { - - if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn, True))) - return result; - - /* Try again */ - result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2); - - if (conn->mutex_ref_count) - secrets_named_mutex_release(conn->controller, &conn->mutex_ref_count); - } - - if (!NT_STATUS_IS_OK(result)) { - cli_shutdown(conn->cli); - DLIST_REMOVE(cm_conns, conn); - SAFE_FREE(conn); - return result; - } - } - - *cli = conn->cli; - - return result; -} - -/* Dump the current connection status */ - -static void dump_conn_list(void) -{ - struct winbindd_cm_conn *con; - - DEBUG(0, ("\tDomain Controller Pipe\n")); - - for(con = cm_conns; con; con = con->next) { - char *msg; - - /* Display pipe info */ - - if (asprintf(&msg, "\t%-15s %-15s %-16s", con->domain, con->controller, con->pipe_name) < 0) { - DEBUG(0, ("Error: not enough memory!\n")); - } else { - DEBUG(0, ("%s\n", msg)); - SAFE_FREE(msg); - } - } -} - -void winbindd_cm_status(void) -{ - /* List open connections */ - - DEBUG(0, ("winbindd connection manager status:\n")); - - if (cm_conns) - dump_conn_list(); - else - DEBUG(0, ("\tNo active connections\n")); -} diff --git a/source4/nsswitch/winbindd_dual.c b/source4/nsswitch/winbindd_dual.c deleted file mode 100644 index 207757bcea..0000000000 --- a/source4/nsswitch/winbindd_dual.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind background daemon - - Copyright (C) Andrew Tridgell 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - the idea of the optional dual daemon mode is ot prevent slow domain - responses from clagging up the rest of the system. When in dual - daemon mode winbindd always responds to requests from cache if the - request is in cache, and if the cached answer is stale then it asks - the "dual daemon" to update the cache for that request - - */ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -extern BOOL opt_dual_daemon; -BOOL background_process = False; -int dual_daemon_pipe = -1; - - -/* a list of requests ready to be sent to the dual daemon */ -struct dual_list { - struct dual_list *next; - char *data; - int length; - int offset; -}; - -static struct dual_list *dual_list; -static struct dual_list *dual_list_end; - -/* - setup a select() including the dual daemon pipe - */ -int dual_select_setup(fd_set *fds, int maxfd) -{ - if (dual_daemon_pipe == -1 || - !dual_list) { - return maxfd; - } - - FD_SET(dual_daemon_pipe, fds); - if (dual_daemon_pipe > maxfd) { - maxfd = dual_daemon_pipe; - } - return maxfd; -} - - -/* - a hook called from the main winbindd select() loop to handle writes - to the dual daemon pipe -*/ -void dual_select(fd_set *fds) -{ - int n; - - if (dual_daemon_pipe == -1 || - !dual_list || - !FD_ISSET(dual_daemon_pipe, fds)) { - return; - } - - n = sys_write(dual_daemon_pipe, - &dual_list->data[dual_list->offset], - dual_list->length - dual_list->offset); - - if (n <= 0) { - /* the pipe is dead! fall back to normal operation */ - dual_daemon_pipe = -1; - return; - } - - dual_list->offset += n; - - if (dual_list->offset == dual_list->length) { - struct dual_list *next; - next = dual_list->next; - free(dual_list->data); - free(dual_list); - dual_list = next; - if (!dual_list) { - dual_list_end = NULL; - } - } -} - -/* - send a request to the background daemon - this is called for stale cached entries -*/ -void dual_send_request(struct winbindd_cli_state *state) -{ - struct dual_list *list; - - if (!background_process) return; - - list = malloc(sizeof(*list)); - if (!list) return; - - list->next = NULL; - list->data = memdup(&state->request, sizeof(state->request)); - list->length = sizeof(state->request); - list->offset = 0; - - if (!dual_list_end) { - dual_list = list; - dual_list_end = list; - } else { - dual_list_end->next = list; - dual_list_end = list; - } - - background_process = False; -} - - -/* -the main dual daemon -*/ -void do_dual_daemon(void) -{ - int fdpair[2]; - struct winbindd_cli_state state; - - if (pipe(fdpair) != 0) { - return; - } - - ZERO_STRUCT(state); - state.pid = getpid(); - - dual_daemon_pipe = fdpair[1]; - state.sock = fdpair[0]; - - if (fork() != 0) { - close(fdpair[0]); - return; - } - close(fdpair[1]); - - if (!winbind_setup_common()) - _exit(0); - - dual_daemon_pipe = -1; - opt_dual_daemon = False; - - while (1) { - /* free up any talloc memory */ - lp_talloc_free(); - main_loop_talloc_free(); - - /* fetch a request from the main daemon */ - winbind_client_read(&state); - - if (state.finished) { - /* we lost contact with our parent */ - exit(0); - } - - /* process full rquests */ - if (state.read_buf_len == sizeof(state.request)) { - DEBUG(4,("dual daemon request %d\n", (int)state.request.cmd)); - - /* special handling for the stateful requests */ - switch (state.request.cmd) { - case WINBINDD_GETPWENT: - winbindd_setpwent(&state); - break; - - case WINBINDD_GETGRENT: - case WINBINDD_GETGRLST: - winbindd_setgrent(&state); - break; - default: - break; - } - - winbind_process_packet(&state); - SAFE_FREE(state.response.extra_data); - - free_getent_state(state.getpwent_state); - free_getent_state(state.getgrent_state); - state.getpwent_state = NULL; - state.getgrent_state = NULL; - } - } -} - diff --git a/source4/nsswitch/winbindd_group.c b/source4/nsswitch/winbindd_group.c deleted file mode 100644 index d06db5943c..0000000000 --- a/source4/nsswitch/winbindd_group.c +++ /dev/null @@ -1,896 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - Copyright (C) Jeremy Allison 2001. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/*************************************************************** - Empty static struct for negative caching. -****************************************************************/ - -/* Fill a grent structure from various other information */ - -static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name, - const char *gr_name, gid_t unix_gid) -{ - fstring full_group_name; - /* Fill in uid/gid */ - fill_domain_username(full_group_name, dom_name, gr_name); - - gr->gr_gid = unix_gid; - - /* Group name and password */ - - safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1); - safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1); - - return True; -} - -/* Fill in the group membership field of a NT group given by group_sid */ - -static BOOL fill_grent_mem(struct winbindd_domain *domain, - DOM_SID *group_sid, - enum SID_NAME_USE group_name_type, - int *num_gr_mem, char **gr_mem, int *gr_mem_len) -{ - DOM_SID **sid_mem = NULL; - uint32 num_names = 0; - uint32 *name_types = NULL; - unsigned int buf_len, buf_ndx, i; - char **names = NULL, *buf; - BOOL result = False; - TALLOC_CTX *mem_ctx; - NTSTATUS status; - fstring sid_string; - - if (!(mem_ctx = talloc_init("fill_grent_mem(%s)", domain->name))) - return False; - - /* Initialise group membership information */ - - DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid))); - - *num_gr_mem = 0; - - if (group_name_type != SID_NAME_DOM_GRP) { - DEBUG(1, ("SID %s in domain %s isn't a domain group\n", - sid_to_string(sid_string, group_sid), domain->name)); - goto done; - } - - /* Lookup group members */ - status = domain->methods->lookup_groupmem(domain, mem_ctx, group_sid, &num_names, - &sid_mem, &names, &name_types); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("could not lookup membership for group rid %s in domain %s (error: %s)\n", - sid_to_string(sid_string, group_sid), domain->name, nt_errstr(status))); - - goto done; - } - - DEBUG(10, ("looked up %d names\n", num_names)); - - if (DEBUGLEVEL >= 10) { - for (i = 0; i < num_names; i++) - DEBUG(10, ("\t%20s %s %d\n", names[i], sid_to_string(sid_string, sid_mem[i]), - name_types[i])); - } - - /* Add members to list */ - - buf = NULL; - buf_len = buf_ndx = 0; - - again: - - for (i = 0; i < num_names; i++) { - char *the_name; - fstring name; - int len; - - the_name = names[i]; - - DEBUG(10, ("processing name %s\n", the_name)); - - /* FIXME: need to cope with groups within groups. These - occur in Universal groups on a Windows 2000 native mode - server. */ - - if (name_types[i] != SID_NAME_USER) { - DEBUG(3, ("name %s isn't a domain user\n", the_name)); - continue; - } - - /* Don't bother with machine accounts */ - - if (the_name[strlen(the_name) - 1] == '$') { - DEBUG(10, ("%s is machine account\n", the_name)); - continue; - } - - /* Append domain name */ - - fill_domain_username(name, domain->name, the_name); - - len = strlen(name); - - /* Add to list or calculate buffer length */ - - if (!buf) { - buf_len += len + 1; /* List is comma separated */ - (*num_gr_mem)++; - DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len)); - } else { - DEBUG(10, ("appending %s at ndx %d\n", name, len)); - safe_strcpy(&buf[buf_ndx], name, len); - buf_ndx += len; - buf[buf_ndx] = ','; - buf_ndx++; - } - } - - /* Allocate buffer */ - - if (!buf && buf_len != 0) { - if (!(buf = malloc(buf_len))) { - DEBUG(1, ("out of memory\n")); - result = False; - goto done; - } - memset(buf, 0, buf_len); - goto again; - } - - if (buf && buf_ndx > 0) { - buf[buf_ndx - 1] = '\0'; - } - - *gr_mem = buf; - *gr_mem_len = buf_len; - - DEBUG(10, ("num_mem = %d, len = %d, mem = %s\n", *num_gr_mem, - buf_len, *num_gr_mem ? buf : "NULL")); - result = True; - -done: - - talloc_destroy(mem_ctx); - - DEBUG(10, ("fill_grent_mem returning %d\n", result)); - - return result; -} - -/* Return a group structure from a group name */ - -enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) -{ - DOM_SID group_sid; - struct winbindd_domain *domain; - enum SID_NAME_USE name_type; - fstring name_domain, name_group; - char *tmp, *gr_mem; - gid_t gid; - int gr_mem_len; - - /* Ensure null termination */ - state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; - - DEBUG(3, ("[%5d]: getgrnam %s\n", state->pid, - state->request.data.groupname)); - - /* Parse domain and groupname */ - - memset(name_group, 0, sizeof(fstring)); - - tmp = state->request.data.groupname; - if (!parse_domain_user(tmp, name_domain, name_group)) - return WINBINDD_ERROR; - - /* Get info for the domain */ - - if ((domain = find_domain_from_name(name_domain)) == NULL) { - DEBUG(0, ("could not get domain sid for domain %s\n", - name_domain)); - return WINBINDD_ERROR; - } - - /* Get rid and name type from name */ - - if (!winbindd_lookup_sid_by_name(domain, name_group, &group_sid, - &name_type)) { - DEBUG(1, ("group %s in domain %s does not exist\n", - name_group, name_domain)); - return WINBINDD_ERROR; - } - - if ((name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_DOM_GRP)) { - DEBUG(1, ("name '%s' is not a local or domain group: %d\n", - name_group, name_type)); - return WINBINDD_ERROR; - } - - if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { - DEBUG(1, ("error converting unix gid to sid\n")); - return WINBINDD_ERROR; - } - - if (!fill_grent(&state->response.data.gr, name_domain, - name_group, gid) || - !fill_grent_mem(domain, &group_sid, name_type, - &state->response.data.gr.num_gr_mem, - &gr_mem, &gr_mem_len)) { - return WINBINDD_ERROR; - } - - /* Group membership lives at start of extra data */ - - state->response.data.gr.gr_mem_ofs = 0; - - state->response.length += gr_mem_len; - state->response.extra_data = gr_mem; - - return WINBINDD_OK; -} - -/* Return a group structure from a gid number */ - -enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - DOM_SID group_sid; - enum SID_NAME_USE name_type; - fstring dom_name; - fstring group_name; - int gr_mem_len; - char *gr_mem; - - DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid, - state->request.data.gid)); - - /* Bug out if the gid isn't in the winbind range */ - - if ((state->request.data.gid < server_state.gid_low) || - (state->request.data.gid > server_state.gid_high)) - return WINBINDD_ERROR; - - /* Get rid from gid */ - - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { - DEBUG(1, ("could not convert gid %d to rid\n", - state->request.data.gid)); - return WINBINDD_ERROR; - } - - /* Get name from sid */ - - if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name, &name_type)) { - DEBUG(1, ("could not lookup sid\n")); - return WINBINDD_ERROR; - } - - if (!((name_type == SID_NAME_ALIAS) || - (name_type == SID_NAME_DOM_GRP))) { - DEBUG(1, ("name '%s' is not a local or domain group: %d\n", - group_name, name_type)); - return WINBINDD_ERROR; - } - - /* Fill in group structure */ - - domain = find_domain_from_sid(&group_sid); - - if (!domain) { - DEBUG(1,("Can't find domain from sid\n")); - return WINBINDD_ERROR; - } - - if (!fill_grent(&state->response.data.gr, dom_name, group_name, - state->request.data.gid) || - !fill_grent_mem(domain, &group_sid, name_type, - &state->response.data.gr.num_gr_mem, - &gr_mem, &gr_mem_len)) - return WINBINDD_ERROR; - - /* Group membership lives at start of extra data */ - - state->response.data.gr.gr_mem_ofs = 0; - - state->response.length += gr_mem_len; - state->response.extra_data = gr_mem; - - return WINBINDD_OK; -} - -/* - * set/get/endgrent functions - */ - -/* "Rewind" file pointer for group database enumeration */ - -enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - - DEBUG(3, ("[%5d]: setgrent\n", state->pid)); - - /* Check user has enabled this */ - - if (!lp_winbind_enum_groups()) - return WINBINDD_ERROR; - - /* Free old static data if it exists */ - - if (state->getgrent_state != NULL) { - free_getent_state(state->getgrent_state); - state->getgrent_state = NULL; - } - - /* Create sam pipes for each domain we know about */ - - for (domain = domain_list(); domain != NULL; domain = domain->next) { - struct getent_state *domain_state; - - /* Create a state record for this domain */ - - if ((domain_state = (struct getent_state *) - malloc(sizeof(struct getent_state))) == NULL) { - DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n")); - return WINBINDD_ERROR; - } - - ZERO_STRUCTP(domain_state); - - fstrcpy(domain_state->domain_name, domain->name); - - /* Add to list of open domains */ - - DLIST_ADD(state->getgrent_state, domain_state); - } - - return WINBINDD_OK; -} - -/* Close file pointer to ntdom group database */ - -enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state) -{ - DEBUG(3, ("[%5d]: endgrent\n", state->pid)); - - free_getent_state(state->getgrent_state); - state->getgrent_state = NULL; - - return WINBINDD_OK; -} - -/* Get the list of domain groups and domain aliases for a domain. We fill in - the sam_entries and num_sam_entries fields with domain group information. - The dispinfo_ndx field is incremented to the index of the next group to - fetch. Return True if some groups were returned, False otherwise. */ - -#define MAX_FETCH_SAM_ENTRIES 100 - -static BOOL get_sam_group_entries(struct getent_state *ent) -{ - NTSTATUS status; - uint32 num_entries; - struct acct_info *name_list = NULL, *tmp_name_list = NULL; - TALLOC_CTX *mem_ctx; - BOOL result = False; - struct acct_info *sam_grp_entries = NULL; - struct winbindd_domain *domain; - - if (ent->got_sam_entries) - return False; - - if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", - ent->domain_name))) { - DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n")); - return False; - } - - /* Free any existing group info */ - - SAFE_FREE(ent->sam_entries); - ent->num_sam_entries = 0; - ent->got_sam_entries = True; - - /* Enumerate domain groups */ - - num_entries = 0; - - if (!(domain = find_domain_from_name(ent->domain_name))) { - DEBUG(3, ("no such domain %s in get_sam_group_entries\n", ent->domain_name)); - goto done; - } - - /* always get the domain global groups */ - - status = domain->methods->enum_dom_groups(domain, mem_ctx, &num_entries, &sam_grp_entries); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s\n", nt_errstr(status))); - result = False; - goto done; - } - - /* Copy entries into return buffer */ - - if (num_entries) { - if ( !(name_list = malloc(sizeof(struct acct_info) * num_entries)) ) { - DEBUG(0,("get_sam_group_entries: Failed to malloc memory for %d domain groups!\n", - num_entries)); - result = False; - goto done; - } - memcpy( name_list, sam_grp_entries, num_entries * sizeof(struct acct_info) ); - } - - ent->num_sam_entries = num_entries; - - /* get the domain local groups if we are a member of - a native win2k domain */ - - if ( domain->native_mode && domain->methods->enum_local_groups ) - { - DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n")); - - status = domain->methods->enum_local_groups(domain, mem_ctx, &num_entries, &sam_grp_entries); - - if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(3,("get_sam_group_entries: Failed to enumerate domain local groups!\n")); - num_entries = 0; - } - else - DEBUG(4,("get_sam_group_entries: Returned %d local groups\n", num_entries)); - - /* Copy entries into return buffer */ - - if ( num_entries ) { - if ( !(tmp_name_list = Realloc( name_list, sizeof(struct acct_info) * (ent->num_sam_entries+num_entries))) ) - { - DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n", - num_entries)); - result = False; - SAFE_FREE( name_list ); - goto done; - } - - name_list = tmp_name_list; - - memcpy( &name_list[ent->num_sam_entries], sam_grp_entries, - num_entries * sizeof(struct acct_info) ); - } - - ent->num_sam_entries += num_entries; - } - - - /* Fill in remaining fields */ - - ent->sam_entries = name_list; - ent->sam_entry_index = 0; - - result = (ent->num_sam_entries > 0); - - done: - talloc_destroy(mem_ctx); - - return result; -} - -/* Fetch next group entry from ntdom database */ - -#define MAX_GETGRENT_GROUPS 500 - -enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) -{ - struct getent_state *ent; - struct winbindd_gr *group_list = NULL; - int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0; - char *new_extra_data, *gr_mem_list = NULL; - - DEBUG(3, ("[%5d]: getgrent\n", state->pid)); - - /* Check user has enabled this */ - - if (!lp_winbind_enum_groups()) - return WINBINDD_ERROR; - - num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries); - - if ((state->response.extra_data = - malloc(num_groups * sizeof(struct winbindd_gr))) == NULL) - return WINBINDD_ERROR; - - state->response.data.num_entries = 0; - - group_list = (struct winbindd_gr *)state->response.extra_data; - - if (!(ent = state->getgrent_state)) - return WINBINDD_ERROR; - - /* Start sending back groups */ - - for (i = 0; i < num_groups; i++) { - struct acct_info *name_list = NULL; - fstring domain_group_name; - uint32 result; - gid_t group_gid; - int gr_mem_len; - char *gr_mem, *new_gr_mem_list; - DOM_SID group_sid; - struct winbindd_domain *domain; - - /* Do we need to fetch another chunk of groups? */ - - tryagain: - - DEBUG(10, ("entry_index = %d, num_entries = %d\n", - ent->sam_entry_index, ent->num_sam_entries)); - - if (ent->num_sam_entries == ent->sam_entry_index) { - - while(ent && !get_sam_group_entries(ent)) { - struct getent_state *next_ent; - - DEBUG(10, ("freeing state info for domain %s\n", ent->domain_name)); - - /* Free state information for this domain */ - - SAFE_FREE(ent->sam_entries); - - next_ent = ent->next; - DLIST_REMOVE(state->getgrent_state, ent); - - SAFE_FREE(ent); - ent = next_ent; - } - - /* No more domains */ - - if (!ent) - break; - } - - name_list = ent->sam_entries; - - if (!(domain = - find_domain_from_name(ent->domain_name))) { - DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name)); - result = False; - goto done; - } - - /* Lookup group info */ - - sid_copy(&group_sid, &domain->sid); - sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - - if (!winbindd_idmap_get_gid_from_sid( - &group_sid, - &group_gid)) { - - DEBUG(1, ("could not look up gid for group %s\n", - name_list[ent->sam_entry_index].acct_name)); - - ent->sam_entry_index++; - goto tryagain; - } - - DEBUG(10, ("got gid %d for group %x\n", group_gid, - name_list[ent->sam_entry_index].rid)); - - /* Fill in group entry */ - - fill_domain_username(domain_group_name, ent->domain_name, - name_list[ent->sam_entry_index].acct_name); - - result = fill_grent(&group_list[group_list_ndx], - ent->domain_name, - name_list[ent->sam_entry_index].acct_name, - group_gid); - - /* Fill in group membership entry */ - - if (result) { - DOM_SID member_sid; - group_list[group_list_ndx].num_gr_mem = 0; - gr_mem = NULL; - gr_mem_len = 0; - - /* Get group membership */ - if (state->request.cmd == WINBINDD_GETGRLST) { - result = True; - } else { - sid_copy(&member_sid, &domain->sid); - sid_append_rid(&member_sid, name_list[ent->sam_entry_index].rid); - result = fill_grent_mem( - domain, - &member_sid, - SID_NAME_DOM_GRP, - &group_list[group_list_ndx].num_gr_mem, - &gr_mem, &gr_mem_len); - } - } - - if (result) { - /* Append to group membership list */ - new_gr_mem_list = Realloc( - gr_mem_list, - gr_mem_list_len + gr_mem_len); - - if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) { - DEBUG(0, ("out of memory\n")); - SAFE_FREE(gr_mem_list); - gr_mem_list_len = 0; - break; - } - - DEBUG(10, ("list_len = %d, mem_len = %d\n", - gr_mem_list_len, gr_mem_len)); - - gr_mem_list = new_gr_mem_list; - - memcpy(&gr_mem_list[gr_mem_list_len], gr_mem, - gr_mem_len); - - SAFE_FREE(gr_mem); - - group_list[group_list_ndx].gr_mem_ofs = - gr_mem_list_len; - - gr_mem_list_len += gr_mem_len; - } - - ent->sam_entry_index++; - - /* Add group to return list */ - - if (result) { - - DEBUG(10, ("adding group num_entries = %d\n", - state->response.data.num_entries)); - - group_list_ndx++; - state->response.data.num_entries++; - - state->response.length += - sizeof(struct winbindd_gr); - - } else { - DEBUG(0, ("could not lookup domain group %s\n", - domain_group_name)); - } - } - - /* Copy the list of group memberships to the end of the extra data */ - - if (group_list_ndx == 0) - goto done; - - new_extra_data = Realloc( - state->response.extra_data, - group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len); - - if (!new_extra_data) { - DEBUG(0, ("out of memory\n")); - group_list_ndx = 0; - SAFE_FREE(state->response.extra_data); - SAFE_FREE(gr_mem_list); - - return WINBINDD_ERROR; - } - - state->response.extra_data = new_extra_data; - - memcpy(&((char *)state->response.extra_data) - [group_list_ndx * sizeof(struct winbindd_gr)], - gr_mem_list, gr_mem_list_len); - - SAFE_FREE(gr_mem_list); - - state->response.length += gr_mem_list_len; - - DEBUG(10, ("returning %d groups, length = %d\n", - group_list_ndx, gr_mem_list_len)); - - /* Out of domains */ - - done: - - return (group_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR; -} - -/* List domain groups without mapping to unix ids */ - -enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) -{ - uint32 total_entries = 0; - struct winbindd_domain *domain; - char *extra_data = NULL; - char *ted = NULL; - unsigned int extra_data_len = 0, i; - - DEBUG(3, ("[%5d]: list groups\n", state->pid)); - - /* Enumerate over trusted domains */ - - for (domain = domain_list(); domain; domain = domain->next) { - struct getent_state groups; - - ZERO_STRUCT(groups); - - /* Get list of sam groups */ - ZERO_STRUCT(groups); - fstrcpy(groups.domain_name, domain->name); - - get_sam_group_entries(&groups); - - if (groups.num_sam_entries == 0) { - /* this domain is empty or in an error state */ - continue; - } - - /* keep track the of the total number of groups seen so - far over all domains */ - total_entries += groups.num_sam_entries; - - /* Allocate some memory for extra data. Note that we limit - account names to sizeof(fstring) = 128 characters. */ - ted = Realloc(extra_data, sizeof(fstring) * total_entries); - - if (!ted) { - DEBUG(0,("failed to enlarge buffer!\n")); - SAFE_FREE(extra_data); - return WINBINDD_ERROR; - } else - extra_data = ted; - - /* Pack group list into extra data fields */ - for (i = 0; i < groups.num_sam_entries; i++) { - char *group_name = ((struct acct_info *) - groups.sam_entries)[i].acct_name; - fstring name; - - fill_domain_username(name, domain->name, group_name); - /* Append to extra data */ - memcpy(&extra_data[extra_data_len], name, - strlen(name)); - extra_data_len += strlen(name); - extra_data[extra_data_len++] = ','; - } - - free(groups.sam_entries); - } - - /* Assign extra_data fields in response structure */ - if (extra_data) { - extra_data[extra_data_len - 1] = '\0'; - state->response.extra_data = extra_data; - state->response.length += extra_data_len; - } - - /* No domains may have responded but that's still OK so don't - return an error. */ - - return WINBINDD_OK; -} - -/* Get user supplementary groups. This is much quicker than trying to - invert the groups database. */ - -enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) -{ - fstring name_domain, name_user; - DOM_SID user_sid; - enum SID_NAME_USE name_type; - uint32 num_groups, num_gids; - NTSTATUS status; - DOM_SID **user_gids; - struct winbindd_domain *domain; - enum winbindd_result result = WINBINDD_ERROR; - gid_t *gid_list; - unsigned int i; - TALLOC_CTX *mem_ctx; - - /* Ensure null termination */ - state->request.data.username[sizeof(state->request.data.username)-1]='\0'; - - DEBUG(3, ("[%5d]: getgroups %s\n", state->pid, - state->request.data.username)); - - if (!(mem_ctx = talloc_init("winbindd_getgroups(%s)", - state->request.data.username))) - return WINBINDD_ERROR; - - /* Parse domain and username */ - - if (!parse_domain_user(state->request.data.username, name_domain, - name_user)) - goto done; - - /* Get info for the domain */ - - if ((domain = find_domain_from_name(name_domain)) == NULL) { - DEBUG(0, ("could not find domain entry for domain %s\n", - name_domain)); - goto done; - } - - /* Get rid and name type from name. The following costs 1 packet */ - - if (!winbindd_lookup_sid_by_name(domain, name_user, &user_sid, - &name_type)) { - DEBUG(1, ("user '%s' does not exist\n", name_user)); - goto done; - } - - if (name_type != SID_NAME_USER) { - DEBUG(1, ("name '%s' is not a user name: %d\n", - name_user, name_type)); - goto done; - } - - status = domain->methods->lookup_usergroups(domain, mem_ctx, - &user_sid, &num_groups, - &user_gids); - if (!NT_STATUS_IS_OK(status)) goto done; - - /* Copy data back to client */ - - num_gids = 0; - gid_list = malloc(sizeof(gid_t) * num_groups); - - if (state->response.extra_data) - goto done; - - for (i = 0; i < num_groups; i++) { - if (!winbindd_idmap_get_gid_from_sid( - user_gids[i], - &gid_list[num_gids])) { - fstring sid_string; - - DEBUG(1, ("unable to convert group sid %s to gid\n", - sid_to_string(sid_string, user_gids[i]))); - continue; - } - - num_gids++; - } - - state->response.data.num_entries = num_gids; - state->response.extra_data = gid_list; - state->response.length += num_gids * sizeof(gid_t); - - result = WINBINDD_OK; - - done: - - talloc_destroy(mem_ctx); - - return result; -} diff --git a/source4/nsswitch/winbindd_idmap.c b/source4/nsswitch/winbindd_idmap.c deleted file mode 100644 index de547cde41..0000000000 --- a/source4/nsswitch/winbindd_idmap.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Winbind ID Mapping - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -static struct { - const char *name; - /* Function to create a member of the idmap_methods list */ - BOOL (*reg_meth)(struct idmap_methods **methods); - struct idmap_methods *methods; -} builtin_idmap_functions[] = { - { "tdb", winbind_idmap_reg_tdb, NULL }, - /* { "ldap", winbind_idmap_reg_ldap, NULL },*/ - { NULL, NULL, NULL } -}; - -/* singleton pattern: uberlazy evaluation */ -static struct idmap_methods *impl; - -static struct idmap_methods *get_impl(const char *name) -{ - int i = 0; - struct idmap_methods *ret = NULL; - - while (builtin_idmap_functions[i].name && - strcmp(builtin_idmap_functions[i].name, name)) { - i++; - } - - if (builtin_idmap_functions[i].name) { - if (!builtin_idmap_functions[i].methods) { - builtin_idmap_functions[i].reg_meth(&builtin_idmap_functions[i].methods); - } - - ret = builtin_idmap_functions[i].methods; - } - - return ret; -} - -/* Initialize backend */ -BOOL winbindd_idmap_init(void) -{ - BOOL ret = False; - - DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", - lp_idmap_backend())); - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - } - - if (impl) { - ret = impl->init(); - } - - DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false")); - - return ret; -} - -/* Get UID from SID */ -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - } - - if (impl) { - ret = impl->get_uid_from_sid(sid, uid); - } - - return ret; -} - -/* Get GID from SID */ -BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - } - - if (impl) { - ret = impl->get_gid_from_sid(sid, gid); - } - - return ret; -} - -/* Get SID from UID */ -BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - } - - if (impl) { - ret = impl->get_sid_from_uid(uid, sid); - } - - return ret; -} - -/* Get SID from GID */ -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - } - - if (impl) { - ret = impl->get_sid_from_gid(gid, sid); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - - return ret; -} - -/* Close backend */ -BOOL winbindd_idmap_close(void) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_idmap_backend()); - } - - if (impl) { - ret = impl->close(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } - - return ret; -} - -/* Dump backend status */ -void winbindd_idmap_status(void) -{ - if (!impl) { - impl = get_impl(lp_idmap_backend()); - } - - if (impl) { - impl->status(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_idmap_backend())); - } -} - diff --git a/source4/nsswitch/winbindd_idmap_tdb.c b/source4/nsswitch/winbindd_idmap_tdb.c deleted file mode 100644 index 911b3b41d2..0000000000 --- a/source4/nsswitch/winbindd_idmap_tdb.c +++ /dev/null @@ -1,441 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related function - - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* High water mark keys */ -#define HWM_GROUP "GROUP HWM" -#define HWM_USER "USER HWM" - -/* idmap version determines auto-conversion */ -#define IDMAP_VERSION 2 - -/* Globals */ -static TDB_CONTEXT *idmap_tdb; - -/* convert one record to the new format */ -static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data, - void *ignored) -{ - struct winbindd_domain *domain; - char *p; - DOM_SID sid; - uint32 rid; - fstring keystr; - fstring dom_name; - TDB_DATA key2; - - p = strchr(key.dptr, '/'); - if (!p) - return 0; - - *p = 0; - fstrcpy(dom_name, key.dptr); - *p++ = '/'; - - domain = find_domain_from_name(dom_name); - if (!domain) { - /* We must delete the old record. */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to find domain %s\n", - dom_name)); - DEBUG(0, - ("winbindd: tdb_convert_fn : deleting record %s\n", - key.dptr)); - tdb_delete(idmap_tdb, key); - return 0; - } - - rid = atoi(p); - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); - - sid_to_string(keystr, &sid); - key2.dptr = keystr; - key2.dsize = strlen(keystr) + 1; - - if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - key2.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - data.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - tdb_delete(idmap_tdb, key); - - return 0; -} - -/***************************************************************************** - Convert the idmap database from an older version. -*****************************************************************************/ -static BOOL tdb_idmap_convert(const char *idmap_name) -{ - int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - BOOL bigendianheader = - (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; - - if (vers == IDMAP_VERSION) - return True; - - if (((vers == -1) && bigendianheader) - || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ - /* - * high and low records were created on a - * big endian machine and will need byte-reversing. - */ - - int32 wm; - - wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.uid_low; - - if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n")); - return False; - } - - wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.gid_low; - - if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - } - - /* the old format stored as DOMAIN/rid - now we store the SID direct */ - tdb_traverse(idmap_tdb, tdb_convert_fn, NULL); - - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == - -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - - return True; -} - -/* Allocate either a user or group id from the pool */ -static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup) -{ - int hwm; - - /* Get current high water mark */ - if ((hwm = tdb_fetch_int32(idmap_tdb, - isgroup ? HWM_GROUP : HWM_USER)) == - -1) { - return False; - } - - /* Return next available uid in list */ - if ((isgroup && (hwm > server_state.gid_high)) || - (!isgroup && (hwm > server_state.uid_high))) { - DEBUG(0, - ("winbind %sid range full!\n", isgroup ? "g" : "u")); - return False; - } - - if (id) { - *id = hwm; - } - - hwm++; - - /* Store new high water mark */ - tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); - - return True; -} - -/* Get a sid from an id */ -static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup) -{ - TDB_DATA key, data; - fstring keystr; - BOOL result = False; - - slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", - id); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - result = string_to_sid(sid, data.dptr); - SAFE_FREE(data.dptr); - } - - return result; -} - -/* Get an id from a sid */ -static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup) -{ - TDB_DATA data, key; - fstring keystr; - BOOL result = False; - - /* Check if sid is present in database */ - sid_to_string(keystr, sid); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - fstring scanstr; - int the_id; - - /* Parse and return existing uid */ - fstrcpy(scanstr, isgroup ? "GID" : "UID"); - fstrcat(scanstr, " %d"); - - if (sscanf(data.dptr, scanstr, &the_id) == 1) { - /* Store uid */ - if (id) { - *id = the_id; - } - - result = True; - } - - SAFE_FREE(data.dptr); - } else { - - /* Allocate a new id for this sid */ - if (id && tdb_allocate_id(id, isgroup)) { - fstring keystr2; - - /* Store new id */ - slprintf(keystr2, sizeof(keystr2), "%s %d", - isgroup ? "GID" : "UID", *id); - - data.dptr = keystr2; - data.dsize = strlen(keystr2) + 1; - - tdb_store(idmap_tdb, key, data, TDB_REPLACE); - tdb_store(idmap_tdb, data, key, TDB_REPLACE); - - result = True; - } - } - - return result; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static BOOL tdb_idmap_init(void) -{ - /* Open tdb cache */ - if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, - 0600))) { - DEBUG(0, - ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* possibly convert from an earlier version */ - if (!tdb_idmap_convert(lock_path("winbindd_idmap.tdb"))) { - DEBUG(0, - ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* Create high water marks for group and user id */ - if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_USER, server_state.uid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); - return False; - } - } - - if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); - return False; - } - } - - return True; -} - -/* Get a sid from a uid */ -static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) uid, sid, False); -} - -/* Get a sid from a gid */ -static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) gid, sid, True); -} - -/* Get a uid from a sid */ -static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid) -{ - return tdb_get_id_from_sid(sid, uid, False); -} - -/* Get a gid from a group sid */ -static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid) -{ - return tdb_get_id_from_sid(sid, gid, True); -} - -/* Close the tdb */ -static BOOL tdb_idmap_close(void) -{ - if (idmap_tdb) - return (tdb_close(idmap_tdb) == 0); - return True; -} - - -/* Dump status information to log file. Display different stuff based on - the debug level: - - Debug Level Information Displayed - ================================================================= - 0 Percentage of [ug]id range allocated - 0 High water marks (next allocated ids) -*/ - -#define DUMP_INFO 0 - -static void tdb_idmap_status(void) -{ - int user_hwm, group_hwm; - - DEBUG(0, ("winbindd idmap status:\n")); - - /* Get current high water marks */ - - if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get userid high water mark!\n")); - } - - if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get groupid high water mark!\n")); - } - - /* Display next ids to allocate */ - - if (user_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext userid to allocate is %d\n", user_hwm)); - } - - if (group_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext groupid to allocate is %d\n", group_hwm)); - } - - /* Display percentage of id range already allocated. */ - - if (user_hwm != -1) { - int num_users = user_hwm - server_state.uid_low; - int total_users = - server_state.uid_high - server_state.uid_low; - - DEBUG(DUMP_INFO, - ("\tUser id range is %d%% full (%d of %d)\n", - num_users * 100 / total_users, num_users, - total_users)); - } - - if (group_hwm != -1) { - int num_groups = group_hwm - server_state.gid_low; - int total_groups = - server_state.gid_high - server_state.gid_low; - - DEBUG(DUMP_INFO, - ("\tGroup id range is %d%% full (%d of %d)\n", - num_groups * 100 / total_groups, num_groups, - total_groups)); - } - - /* Display complete mapping of users and groups to rids */ -} - -struct idmap_methods tdb_idmap_methods = { - tdb_idmap_init, - - tdb_get_sid_from_uid, - tdb_get_sid_from_gid, - - tdb_get_uid_from_sid, - tdb_get_gid_from_sid, - - tdb_idmap_close, - - tdb_idmap_status -}; - -BOOL winbind_idmap_reg_tdb(struct idmap_methods **meth) -{ - *meth = &tdb_idmap_methods; - - return True; -} diff --git a/source4/nsswitch/winbindd_misc.c b/source4/nsswitch/winbindd_misc.c deleted file mode 100644 index b85cd0570d..0000000000 --- a/source4/nsswitch/winbindd_misc.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - miscellaneous other functions - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Check the machine account password is valid */ - -enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state) -{ - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uchar trust_passwd[16]; - int num_retries = 0; - struct cli_state *cli; - DEBUG(3, ("[%5d]: check machine account\n", state->pid)); - - /* Get trust account password */ - - again: - if (!secrets_fetch_trust_account_password( - lp_workgroup(), trust_passwd, NULL)) { - result = NT_STATUS_INTERNAL_ERROR; - goto done; - } - - /* This call does a cli_nt_setup_creds() which implicitly checks - the trust account password. */ - - /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("could not open handle to NETLOGON pipe\n")); - goto done; - } - - /* There is a race condition between fetching the trust account - password and the periodic machine password change. So it's - possible that the trust account password has been changed on us. - We are returned NT_STATUS_ACCESS_DENIED if this happens. */ - -#define MAX_RETRIES 8 - - if ((num_retries < MAX_RETRIES) && - NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { - num_retries++; - goto again; - } - - /* Pass back result code - zero for success, other values for - specific failures. */ - - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ? - "good" : "bad")); - - done: - state->response.data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", - state->response.data.auth.nt_status_string)); - - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; -} - -enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state - *state) -{ - struct winbindd_domain *domain; - int total_entries = 0, extra_data_len = 0; - char *ted, *extra_data = NULL; - - DEBUG(3, ("[%5d]: list trusted domains\n", state->pid)); - - /* We need to refresh the trusted domain list as the domains may - have changed since we last looked. There may be a sequence - number or something we should use but I haven't found it yet. */ - - if (!init_domain_list()) { - DEBUG(1, ("winbindd_list_trusted_domains: could not " - "refresh trusted domain list\n")); - return WINBINDD_ERROR; - } - - for(domain = domain_list(); domain; domain = domain->next) { - - /* Skip own domain */ - - if (strequal(domain->name, lp_workgroup())) continue; - - /* Add domain to list */ - - total_entries++; - ted = Realloc(extra_data, sizeof(fstring) * - total_entries); - - if (!ted) { - DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n")); - SAFE_FREE(extra_data); - return WINBINDD_ERROR; - } else - extra_data = ted; - - memcpy(&extra_data[extra_data_len], domain->name, - strlen(domain->name)); - - extra_data_len += strlen(domain->name); - extra_data[extra_data_len++] = ','; - } - - if (extra_data) { - if (extra_data_len > 1) - extra_data[extra_data_len - 1] = '\0'; - state->response.extra_data = extra_data; - state->response.length += extra_data_len; - } - - return WINBINDD_OK; -} - - -enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - char *extra_data = NULL; - - DEBUG(3, ("[%5d]: show sequence\n", state->pid)); - - extra_data = strdup(""); - - /* this makes for a very simple data format, and is easily parsable as well - if that is ever needed */ - for (domain = domain_list(); domain; domain = domain->next) { - char *s; - - domain->methods->sequence_number(domain, &domain->sequence_number); - - if (DOM_SEQUENCE_NONE == (unsigned)domain->sequence_number) { - asprintf(&s,"%s%s : DISCONNECTED\n", extra_data, - domain->name); - } else { - asprintf(&s,"%s%s : %u\n", extra_data, - domain->name, (unsigned)domain->sequence_number); - } - free(extra_data); - extra_data = s; - } - - state->response.extra_data = extra_data; - /* must add one to length to copy the 0 for string termination */ - state->response.length += strlen(extra_data) + 1; - - return WINBINDD_OK; -} - -enum winbindd_result winbindd_ping(struct winbindd_cli_state - *state) -{ - DEBUG(3, ("[%5d]: ping\n", state->pid)); - - return WINBINDD_OK; -} - -/* List various tidbits of information */ - -enum winbindd_result winbindd_info(struct winbindd_cli_state *state) -{ - - DEBUG(3, ("[%5d]: request misc info\n", state->pid)); - - state->response.data.info.winbind_separator = *lp_winbind_separator(); - fstrcpy(state->response.data.info.samba_version, VERSION); - - return WINBINDD_OK; -} - -/* Tell the client the current interface version */ - -enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state) -{ - - DEBUG(3, ("[%5d]: request interface version\n", state->pid)); - - state->response.data.interface_version = WINBIND_INTERFACE_VERSION; - - return WINBINDD_OK; -} - -/* What domain are we a member of? */ - -enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state) -{ - - DEBUG(3, ("[%5d]: request domain name\n", state->pid)); - - fstrcpy(state->response.data.domain_name, lp_workgroup()); - - return WINBINDD_OK; -} - -/* What's my name again? */ - -enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state) -{ - - DEBUG(3, ("[%5d]: request netbios name\n", state->pid)); - - fstrcpy(state->response.data.netbios_name, lp_netbios_name()); - - return WINBINDD_OK; -} diff --git a/source4/nsswitch/winbindd_nss.h b/source4/nsswitch/winbindd_nss.h deleted file mode 100644 index 2c87a77100..0000000000 --- a/source4/nsswitch/winbindd_nss.h +++ /dev/null @@ -1,242 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifndef SAFE_FREE -#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0) -#endif - -#ifndef _WINBINDD_NTDOM_H -#define _WINBINDD_NTDOM_H - -#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */ -#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ - -#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ -#define WINBINDD_DONT_ENV "_NO_WINBINDD" - -/* Update this when you change the interface. */ - -#define WINBIND_INTERFACE_VERSION 7 - -/* Socket commands */ - -enum winbindd_cmd { - - WINBINDD_INTERFACE_VERSION, /* Always a well known value */ - - /* Get users and groups */ - - WINBINDD_GETPWNAM, - WINBINDD_GETPWUID, - WINBINDD_GETGRNAM, - WINBINDD_GETGRGID, - WINBINDD_GETGROUPS, - - /* Enumerate users and groups */ - - WINBINDD_SETPWENT, - WINBINDD_ENDPWENT, - WINBINDD_GETPWENT, - WINBINDD_SETGRENT, - WINBINDD_ENDGRENT, - WINBINDD_GETGRENT, - - /* PAM authenticate and password change */ - - WINBINDD_PAM_AUTH, - WINBINDD_PAM_AUTH_CRAP, - WINBINDD_PAM_CHAUTHTOK, - - /* List various things */ - - WINBINDD_LIST_USERS, /* List w/o rid->id mapping */ - WINBINDD_LIST_GROUPS, /* Ditto */ - WINBINDD_LIST_TRUSTDOM, - - /* SID conversion */ - - WINBINDD_LOOKUPSID, - WINBINDD_LOOKUPNAME, - - /* Lookup functions */ - - WINBINDD_SID_TO_UID, - WINBINDD_SID_TO_GID, - WINBINDD_UID_TO_SID, - WINBINDD_GID_TO_SID, - - /* Miscellaneous other stuff */ - - WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ - WINBINDD_PING, /* Just tell me winbind is running */ - WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ - WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ - - WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */ - - /* WINS commands */ - - WINBINDD_WINS_BYIP, - WINBINDD_WINS_BYNAME, - - /* this is like GETGRENT but gives an empty group list */ - WINBINDD_GETGRLST, - - WINBINDD_NETBIOS_NAME, /* The netbios name of the server */ - /* Placeholder for end of cmd list */ - - WINBINDD_NUM_CMDS -}; - -#define WINBIND_PAM_INFO3_NDR 0x0001 -#define WINBIND_PAM_INFO3_TEXT 0x0002 -#define WINBIND_PAM_NTKEY 0x0004 -#define WINBIND_PAM_LMKEY 0x0008 -#define WINBIND_PAM_CONTACT_TRUSTDOM 0x0010 - -/* Winbind request structure */ - -struct winbindd_request { - uint32 length; - enum winbindd_cmd cmd; /* Winbindd command to execute */ - pid_t pid; /* pid of calling process */ - - union { - fstring winsreq; /* WINS request */ - fstring username; /* getpwnam */ - fstring groupname; /* getgrnam */ - uid_t uid; /* getpwuid, uid_to_sid */ - gid_t gid; /* getgrgid, gid_to_sid */ - struct { - /* We deliberatedly don't split into domain/user to - avoid having the client know what the separator - character is. */ - fstring user; - fstring pass; - } auth; /* pam_winbind auth module */ - struct { - unsigned char chal[8]; - fstring user; - fstring domain; - fstring lm_resp; - uint16 lm_resp_len; - fstring nt_resp; - uint16 nt_resp_len; - fstring workstation; - uint32 flags; - } auth_crap; - struct { - fstring user; - fstring oldpass; - fstring newpass; - } chauthtok; /* pam_winbind passwd module */ - fstring sid; /* lookupsid, sid_to_[ug]id */ - struct { - fstring dom_name; /* lookupname */ - fstring name; - } name; - uint32 num_entries; /* getpwent, getgrent */ - } data; - char null_term; -}; - -/* Response values */ - -enum winbindd_result { - WINBINDD_ERROR, - WINBINDD_OK -}; - -/* Winbind response structure */ - -struct winbindd_response { - - /* Header information */ - - uint32 length; /* Length of response */ - enum winbindd_result result; /* Result code */ - - /* Fixed length return data */ - - union { - int interface_version; /* Try to ensure this is always in the same spot... */ - - fstring winsresp; /* WINS response */ - - /* getpwnam, getpwuid */ - - struct winbindd_pw { - fstring pw_name; - fstring pw_passwd; - uid_t pw_uid; - gid_t pw_gid; - fstring pw_gecos; - fstring pw_dir; - fstring pw_shell; - } pw; - - /* getgrnam, getgrgid */ - - struct winbindd_gr { - fstring gr_name; - fstring gr_passwd; - gid_t gr_gid; - int num_gr_mem; - int gr_mem_ofs; /* offset to group membership */ - } gr; - - uint32 num_entries; /* getpwent, getgrent */ - struct winbindd_sid { - fstring sid; /* lookupname, [ug]id_to_sid */ - int type; - } sid; - struct winbindd_name { - fstring dom_name; /* lookupsid */ - fstring name; - int type; - } name; - uid_t uid; /* sid_to_uid */ - gid_t gid; /* sid_to_gid */ - struct winbindd_info { - char winbind_separator; - fstring samba_version; - } info; - fstring domain_name; - fstring netbios_name; - - struct auth_reply { - uint32 nt_status; - fstring nt_status_string; - fstring error_string; - int pam_error; - char nt_session_key[16]; - char first_8_lm_hash[8]; - } auth; - } data; - - /* Variable length return data */ - - void *extra_data; /* getgrnam, getgrgid, getgrent */ -}; - -#endif diff --git a/source4/nsswitch/winbindd_pam.c b/source4/nsswitch/winbindd_pam.c deleted file mode 100644 index 8a0326b42c..0000000000 --- a/source4/nsswitch/winbindd_pam.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - pam auth funcions - - Copyright (C) Andrew Tridgell 2000 - Copyright (C) Tim Potter 2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - - -static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx, - struct winbindd_cli_state *state, - NET_USER_INFO_3 *info3) -{ - prs_struct ps; - uint32 size; - if (!prs_init(&ps, 256 /* Random, non-zero number */, mem_ctx, MARSHALL)) { - return NT_STATUS_NO_MEMORY; - } - if (!net_io_user_info3("", info3, &ps, 1, 3)) { - prs_mem_free(&ps); - return NT_STATUS_UNSUCCESSFUL; - } - - size = prs_data_size(&ps); - state->response.extra_data = malloc(size); - if (!state->response.extra_data) { - prs_mem_free(&ps); - return NT_STATUS_NO_MEMORY; - } - prs_copy_all_data_out(state->response.extra_data, &ps); - state->response.length += size; - prs_mem_free(&ps); - return NT_STATUS_OK; -} - -/* Return a password structure from a username. */ - -enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) -{ - NTSTATUS result; - fstring name_domain, name_user; - unsigned char trust_passwd[16]; - time_t last_change_time; - uint32 smb_uid_low; - NET_USER_INFO_3 info3; - struct cli_state *cli = NULL; - uchar chal[8]; - TALLOC_CTX *mem_ctx = NULL; - DATA_BLOB lm_resp; - DATA_BLOB nt_resp; - - /* Ensure null termination */ - state->request.data.auth.user[sizeof(state->request.data.auth.user)-1]='\0'; - - /* Ensure null termination */ - state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0'; - - DEBUG(3, ("[%5d]: pam auth %s\n", state->pid, - state->request.data.auth.user)); - - if (!(mem_ctx = talloc_init("winbind pam auth for %s", state->request.data.auth.user))) { - DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - /* Parse domain and username */ - - if (!parse_domain_user(state->request.data.auth.user, name_domain, - name_user)) { - DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - { - unsigned char local_lm_response[24]; - unsigned char local_nt_response[24]; - - generate_random_buffer(chal, 8, False); - SMBencrypt(state->request.data.auth.pass, chal, local_lm_response); - - SMBNTencrypt(state->request.data.auth.pass, chal, local_nt_response); - - lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response)); - nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response)); - } - - /* - * Get the machine account password for our primary domain - */ - - if (!secrets_fetch_trust_account_password( - lp_workgroup(), trust_passwd, &last_change_time)) { - DEBUG(0, ("winbindd_pam_auth: could not fetch trust account " - "password for domain %s\n", lp_workgroup())); - result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - goto done; - } - - /* We really don't care what LUID we give the user. */ - - generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - - ZERO_STRUCT(info3); - - /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("could not open handle to NETLOGON pipe\n")); - goto done; - } - - result = cli_netlogon_sam_network_logon(cli, mem_ctx, - name_user, name_domain, - lp_netbios_name(), chal, - lm_resp, nt_resp, - &info3); - - uni_group_cache_store_netlogon(mem_ctx, &info3); -done: - - state->response.data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", - state->request.data.auth.user, - state->response.data.auth.nt_status_string, - state->response.data.auth.pam_error)); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; -} - -/* Challenge Response Authentication Protocol */ - -enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) -{ - NTSTATUS result; - unsigned char trust_passwd[16]; - time_t last_change_time; - NET_USER_INFO_3 info3; - struct cli_state *cli = NULL; - TALLOC_CTX *mem_ctx = NULL; - char *user = NULL; - const char *domain = NULL; - const char *contact_domain; - const char *workstation; - - DATA_BLOB lm_resp, nt_resp; - - /* Ensure null termination */ - state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]='\0'; - - /* Ensure null termination */ - state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]='\0'; - - if (!(mem_ctx = talloc_init("winbind pam auth crap for (utf8) %s", state->request.data.auth_crap.user))) { - DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (pull_utf8_talloc(mem_ctx, &user, state->request.data.auth_crap.user) == (size_t)-1) { - DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n")); - } - - if (*state->request.data.auth_crap.domain) { - char *dom = NULL; - if (pull_utf8_talloc(mem_ctx, &dom, state->request.data.auth_crap.domain) == (size_t)-1) { - DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n")); - } - domain = dom; - } else if (lp_winbind_use_default_domain()) { - domain = lp_workgroup(); - } else { - DEBUG(5,("no domain specified with username (%s) - failing auth\n", - user)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid, - domain, user)); - - if (lp_allow_trusted_domains() && (state->request.data.auth_crap.flags & WINBIND_PAM_CONTACT_TRUSTDOM)) { - contact_domain = domain; - } else { - contact_domain = lp_workgroup(); - } - - if (*state->request.data.auth_crap.workstation) { - char *wrk = NULL; - if (pull_utf8_talloc(mem_ctx, &wrk, state->request.data.auth_crap.workstation) == (size_t)-1) { - DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n")); - } - workstation = wrk; - } else { - workstation = lp_netbios_name(); - } - - if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) - || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { - DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", - state->request.data.auth_crap.lm_resp_len, - state->request.data.auth_crap.nt_resp_len)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); - nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); - - /* - * Get the machine account password for the domain to contact. - * This is either our own domain for a workstation, or possibly - * any domain for a PDC with trusted domains. - */ - - if (!secrets_fetch_trust_account_password ( - contact_domain, trust_passwd, &last_change_time)) { - DEBUG(0, ("winbindd_pam_auth: could not fetch trust account " - "password for domain %s\n", contact_domain)); - result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - goto done; - } - - ZERO_STRUCT(info3); - - /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(contact_domain, trust_passwd, &cli); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result))); - goto done; - } - - result = cli_netlogon_sam_network_logon(cli, mem_ctx, - user, domain, - workstation, state->request.data.auth_crap.chal, - lm_resp, nt_resp, - &info3); - - if (NT_STATUS_IS_OK(result)) { - uni_group_cache_store_netlogon(mem_ctx, &info3); - if (state->request.data.auth_crap.flags & WINBIND_PAM_INFO3_NDR) { - result = append_info3_as_ndr(mem_ctx, state, &info3); - } - -#if 0 - /* we don't currently do this stuff right */ - /* Doing an assert in a daemon is going to be a pretty bad - idea. - tpot */ - if (state->request.data.auth_crap.flags & WINBIND_PAM_NTKEY) { - SMB_ASSERT(sizeof(state->response.data.auth.nt_session_key) == sizeof(info3.user_sess_key)); - memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); - } - if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - SMB_ASSERT(sizeof(state->response.data.auth.nt_session_key) <= sizeof(info3.user_sess_key)); - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); - } -#endif - } - -done: - - state->response.data.auth.nt_status = NT_STATUS_V(result); - push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, - ("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n", - domain, - user, - state->response.data.auth.nt_status_string, - state->response.data.auth.pam_error)); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; -} - -/* Change a user password */ - -enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state) -{ - NTSTATUS result; - char *oldpass, *newpass; - fstring domain, user; - CLI_POLICY_HND *hnd; - - DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid, - state->request.data.chauthtok.user)); - - /* Setup crap */ - - if (state == NULL) - return WINBINDD_ERROR; - - if (!parse_domain_user(state->request.data.chauthtok.user, domain, - user)) { - result = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - /* Change password */ - - oldpass = state->request.data.chauthtok.oldpass; - newpass = state->request.data.chauthtok.newpass; - - /* Get sam handle */ - - if (!(hnd = cm_get_sam_handle(domain))) { - DEBUG(1, ("could not get SAM handle on DC for %s\n", domain)); - result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - goto done; - } - - if (!cli_oem_change_password(hnd->cli, user, newpass, oldpass)) { - DEBUG(1, ("password change failed for user %s/%s\n", domain, - user)); - result = NT_STATUS_WRONG_PASSWORD; - } else { - result = NT_STATUS_OK; - } - -done: - state->response.data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, - ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n", - domain, - user, - state->response.data.auth.nt_status_string, - state->response.data.auth.pam_error)); - - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; -} diff --git a/source4/nsswitch/winbindd_rpc.c b/source4/nsswitch/winbindd_rpc.c deleted file mode 100644 index 9989f27109..0000000000 --- a/source4/nsswitch/winbindd_rpc.c +++ /dev/null @@ -1,776 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind rpc backend functions - - Copyright (C) Tim Potter 2000-2001,2003 - Copyright (C) Andrew Tridgell 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - - -/* Query display info for a domain. This returns enough information plus a - bit extra to give an overview of domain users for the User Manager - application. */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol; - BOOL got_dom_pol = False; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - unsigned int i, start_idx, retry; - - DEBUG(3,("rpc: query_user_list\n")); - - *num_entries = 0; - *info = NULL; - - retry = 0; - do { - /* Get sam handle */ - - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - i = start_idx = 0; - do { - TALLOC_CTX *ctx2; - char **dom_users; - uint32 num_dom_users, *dom_rids, j, size = 0xffff; - uint16 acb_mask = ACB_NORMAL; - - if (!(ctx2 = talloc_init("winbindd enum_users"))) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - result = cli_samr_enum_dom_users( - hnd->cli, ctx2, &dom_pol, &start_idx, acb_mask, - size, &dom_users, &dom_rids, &num_dom_users); - - *num_entries += num_dom_users; - - *info = talloc_realloc( - mem_ctx, *info, - (*num_entries) * sizeof(WINBIND_USERINFO)); - - if (!(*info)) { - result = NT_STATUS_NO_MEMORY; - talloc_destroy(ctx2); - goto done; - } - - for (j = 0; j < num_dom_users; i++, j++) { - (*info)[i].acct_name = - talloc_strdup(mem_ctx, dom_users[j]); - (*info)[i].full_name = talloc_strdup(mem_ctx, ""); - (*info)[i].user_sid = rid_to_talloced_sid(domain, mem_ctx, dom_rids[j]); - /* For the moment we set the primary group for - every user to be the Domain Users group. - There are serious problems with determining - the actual primary group for large domains. - This should really be made into a 'winbind - force group' smb.conf parameter or - something like that. */ - (*info)[i].group_sid - = rid_to_talloced_sid(domain, - mem_ctx, - DOMAIN_GROUP_RID_USERS); - } - - talloc_destroy(ctx2); - - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - - done: - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - CLI_POLICY_HND *hnd; - POLICY_HND dom_pol; - NTSTATUS status; - uint32 start = 0; - int retry; - - *num_entries = 0; - *info = NULL; - - DEBUG(3,("rpc: enum_dom_groups\n")); - - retry = 0; - do { - if (!(hnd = cm_get_sam_handle(domain->name))) - return NT_STATUS_UNSUCCESSFUL; - - status = cli_samr_open_domain(hnd->cli, mem_ctx, - &hnd->pol, des_access, &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(status) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(status)) - return status; - - do { - struct acct_info *info2 = NULL; - uint32 count = 0; - TALLOC_CTX *mem_ctx2; - - mem_ctx2 = talloc_init("enum_dom_groups[rpc]"); - - /* start is updated by this call. */ - status = cli_samr_enum_dom_groups(hnd->cli, mem_ctx2, &dom_pol, - &start, - 0xFFFF, /* buffer size? */ - &info2, &count); - - if (!NT_STATUS_IS_OK(status) && - !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - talloc_destroy(mem_ctx2); - break; - } - - (*info) = talloc_realloc(mem_ctx, *info, - sizeof(**info) * ((*num_entries) + count)); - if (! *info) { - talloc_destroy(mem_ctx2); - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - return NT_STATUS_NO_MEMORY; - } - - memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); - (*num_entries) += count; - talloc_destroy(mem_ctx2); - } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); - - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return status; -} - -/* List all domain groups */ - -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - CLI_POLICY_HND *hnd; - POLICY_HND dom_pol; - NTSTATUS result; - int retry; - - *num_entries = 0; - *info = NULL; - - retry = 0; - do { - if ( !(hnd = cm_get_sam_handle(domain->name)) ) - return NT_STATUS_UNSUCCESSFUL; - - result = cli_samr_open_domain( hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if ( !NT_STATUS_IS_OK(result)) - return result; - - do { - struct acct_info *info2 = NULL; - uint32 count = 0, start = *num_entries; - TALLOC_CTX *mem_ctx2; - - mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]"); - - result = cli_samr_enum_als_groups( hnd->cli, mem_ctx2, &dom_pol, - &start, 0xFFFF, &info2, &count); - - if ( !NT_STATUS_IS_OK(result) - && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) - { - talloc_destroy(mem_ctx2); - break; - } - - (*info) = talloc_realloc(mem_ctx, *info, - sizeof(**info) * ((*num_entries) + count)); - if (! *info) { - talloc_destroy(mem_ctx2); - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - return NT_STATUS_NO_MEMORY; - } - - memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); - (*num_entries) += count; - talloc_destroy(mem_ctx2); - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - CLI_POLICY_HND *hnd; - NTSTATUS status; - DOM_SID *sids = NULL; - uint32 *types = NULL; - const char *full_name; - int retry; - - DEBUG(3,("rpc: name_to_sid name=%s\n", name)); - - full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain->name, name); - - if (!full_name) { - DEBUG(0, ("talloc_asprintf failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - retry = 0; - do { - if (!(hnd = cm_get_lsa_handle(domain->name))) { - return NT_STATUS_UNSUCCESSFUL; - } - - status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, - &full_name, &sids, &types); - } while (!NT_STATUS_IS_OK(status) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - /* Return rid and type if lookup successful */ - - if (NT_STATUS_IS_OK(status)) { - sid_copy(sid, &sids[0]); - *type = types[0]; - } - - return status; -} - -/* - convert a domain SID to a user or group name -*/ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - CLI_POLICY_HND *hnd; - char **domains; - char **names; - uint32 *types; - NTSTATUS status; - int retry; - - DEBUG(3,("rpc: sid_to_name\n")); - - retry = 0; - do { - if (!(hnd = cm_get_lsa_handle(domain->name))) - return NT_STATUS_UNSUCCESSFUL; - - status = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol, - 1, sid, &domains, &names, &types); - } while (!NT_STATUS_IS_OK(status) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (NT_STATUS_IS_OK(status)) { - *type = types[0]; - *name = names[0]; - DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); - - /* Paranoia */ - if (strcasecmp(domain->name, domains[0]) != 0) { - DEBUG(1, ("domain name from domain param and PDC lookup return differ! (%s vs %s)\n", domain->name, domains[0])); - return NT_STATUS_UNSUCCESSFUL; - } - } - return status; -} - -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - WINBIND_USERINFO *user_info) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol, user_pol; - BOOL got_dom_pol = False, got_user_pol = False; - SAM_USERINFO_CTR *ctr; - int retry; - fstring sid_string; - uint32 user_rid; - - DEBUG(3,("rpc: query_user rid=%s\n", sid_to_string(sid_string, user_sid))); - if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) { - goto done; - } - - retry = 0; - do { - /* Get sam handle */ - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - /* Get user handle */ - result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_user_pol = True; - - /* Get user info */ - result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, - 0x15, &ctr); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - cli_samr_close(hnd->cli, mem_ctx, &user_pol); - got_user_pol = False; - - user_info->user_sid = rid_to_talloced_sid(domain, mem_ctx, user_rid); - user_info->group_sid = rid_to_talloced_sid(domain, mem_ctx, ctr->info.id21->group_rid); - user_info->acct_name = unistr2_tdup(mem_ctx, - &ctr->info.id21->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, - &ctr->info.id21->uni_full_name); - - done: - /* Clean up policy handles */ - if (got_user_pol) - cli_samr_close(hnd->cli, mem_ctx, &user_pol); - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - -/* Lookup groups a user is a member of. I wish Unix had a call like this! */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol, user_pol; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - BOOL got_dom_pol = False, got_user_pol = False; - DOM_GID *user_groups; - unsigned int i; - unsigned int retry; - fstring sid_string; - uint32 user_rid; - - DEBUG(3,("rpc: lookup_usergroups sid=%s\n", sid_to_string(sid_string, user_sid))); - - *num_groups = 0; - - /* First try cached universal groups from logon */ - *user_gids = uni_group_cache_fetch(&domain->sid, user_sid, mem_ctx, num_groups); - if((*num_groups > 0) && *user_gids) { - return NT_STATUS_OK; - } else { - *user_gids = NULL; - *num_groups = 0; - } - - retry = 0; - do { - /* Get sam handle */ - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - - if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) { - goto done; - } - - /* Get user handle */ - result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol, - des_access, user_rid, &user_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_user_pol = True; - - /* Query user rids */ - result = cli_samr_query_usergroups(hnd->cli, mem_ctx, &user_pol, - num_groups, &user_groups); - - if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0) - goto done; - - (*user_gids) = talloc(mem_ctx, sizeof(uint32) * (*num_groups)); - if (!(*user_gids)) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0;i<(*num_groups);i++) { - (*user_gids)[i] = rid_to_talloced_sid(domain, mem_ctx, user_groups[i].g_rid); - } - - done: - /* Clean up policy handles */ - if (got_user_pol) - cli_samr_close(hnd->cli, mem_ctx, &user_pol); - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - - -/* Lookup group membership given a rid. */ -static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - DOM_SID *group_sid, uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i, total_names = 0; - POLICY_HND dom_pol, group_pol; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - BOOL got_dom_pol = False, got_group_pol = False; - uint32 *rid_mem = NULL; - uint32 group_rid; - int retry; - unsigned int j; - fstring sid_string; - - DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name, sid_to_string(sid_string, group_sid))); - - if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) { - goto done; - } - - *num_names = 0; - - retry = 0; - do { - /* Get sam handle */ - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - /* Get group handle */ - - result = cli_samr_open_group(hnd->cli, mem_ctx, &dom_pol, - des_access, group_rid, &group_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_group_pol = True; - - /* Step #1: Get a list of user rids that are the members of the - group. */ - - result = cli_samr_query_groupmem(hnd->cli, mem_ctx, - &group_pol, num_names, &rid_mem, - name_types); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - /* Step #2: Convert list of rids into list of usernames. Do this - in bunches of ~1000 to avoid crashing NT4. It looks like there - is a buffer overflow or something like that lurking around - somewhere. */ - -#define MAX_LOOKUP_RIDS 900 - - *names = talloc_zero(mem_ctx, *num_names * sizeof(char *)); - *name_types = talloc_zero(mem_ctx, *num_names * sizeof(uint32)); - *sid_mem = talloc_zero(mem_ctx, *num_names * sizeof(DOM_SID *)); - - for (j=0;j<(*num_names);j++) { - (*sid_mem)[j] = rid_to_talloced_sid(domain, mem_ctx, (rid_mem)[j]); - } - - if (!*names || !*name_types) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) { - int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS); - uint32 tmp_num_names = 0; - char **tmp_names = NULL; - uint32 *tmp_types = NULL; - - /* Lookup a chunk of rids */ - - result = cli_samr_lookup_rids(hnd->cli, mem_ctx, - &dom_pol, 1000, /* flags */ - num_lookup_rids, - &rid_mem[i], - &tmp_num_names, - &tmp_names, &tmp_types); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - /* Copy result into array. The talloc system will take - care of freeing the temporary arrays later on. */ - - memcpy(&(*names)[i], tmp_names, sizeof(char *) * - tmp_num_names); - - memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) * - tmp_num_names); - - total_names += tmp_num_names; - } - - *num_names = total_names; - - done: - if (got_group_pol) - cli_samr_close(hnd->cli, mem_ctx, &group_pol); - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - return result; -} - -/* find the sequence number for a domain */ -static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) -{ - TALLOC_CTX *mem_ctx; - CLI_POLICY_HND *hnd; - SAM_UNK_CTR ctr; - uint16 switch_value = 2; - NTSTATUS result; - uint32 seqnum = DOM_SEQUENCE_NONE; - POLICY_HND dom_pol; - BOOL got_dom_pol = False; - uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - int retry; - - DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name)); - - *seq = DOM_SEQUENCE_NONE; - - if (!(mem_ctx = talloc_init("sequence_number[rpc]"))) - return NT_STATUS_NO_MEMORY; - - retry = 0; - do { - /* Get sam handle */ - if (!(hnd = cm_get_sam_handle(domain->name))) - goto done; - - /* Get domain handle */ - result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - got_dom_pol = True; - - /* Query domain info */ - - result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol, - switch_value, &ctr); - - if (NT_STATUS_IS_OK(result)) { - seqnum = ctr.info.inf2.seq_num; - DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)seqnum )); - } else { - DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n", - (unsigned)seqnum, domain->name )); - } - - done: - - if (got_dom_pol) - cli_samr_close(hnd->cli, mem_ctx, &dom_pol); - - talloc_destroy(mem_ctx); - - *seq = seqnum; - - return result; -} - -/* get a list of trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - CLI_POLICY_HND *hnd; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 enum_ctx = 0; - int retry; - - DEBUG(3,("rpc: trusted_domains\n")); - - *num_domains = 0; - *alt_names = NULL; - - retry = 0; - do { - if (!(hnd = cm_get_lsa_handle(lp_workgroup()))) - goto done; - - result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, - &hnd->pol, &enum_ctx, - num_domains, names, dom_sids); - } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - -done: - return result; -} - -/* find the domain sid for a domain */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - CLI_POLICY_HND *hnd; - fstring level5_dom; - int retry; - - DEBUG(3,("rpc: domain_sid\n")); - - if (!(mem_ctx = talloc_init("domain_sid[rpc]"))) - return NT_STATUS_NO_MEMORY; - - retry = 0; - do { - /* Get sam handle */ - if (!(hnd = cm_get_lsa_handle(domain->name))) - goto done; - - status = cli_lsa_query_info_policy(hnd->cli, mem_ctx, - &hnd->pol, 0x05, level5_dom, sid); - } while (!NT_STATUS_IS_OK(status) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); - -done: - talloc_destroy(mem_ctx); - return status; -} - -/* find alternate names list for the domain - none for rpc */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - return NT_STATUS_OK; -} - - -/* the rpc backend methods are exposed via this structure */ -struct winbindd_methods msrpc_methods = { - False, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; diff --git a/source4/nsswitch/winbindd_sid.c b/source4/nsswitch/winbindd_sid.c deleted file mode 100644 index 6ab2eaa646..0000000000 --- a/source4/nsswitch/winbindd_sid.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - sid related functions - - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Convert a string */ - -enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) -{ - extern DOM_SID global_sid_Builtin; - enum SID_NAME_USE type; - DOM_SID sid, tmp_sid; - uint32 rid; - fstring name; - fstring dom_name; - - /* Ensure null termination */ - state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; - - DEBUG(3, ("[%5d]: lookupsid %s\n", state->pid, - state->request.data.sid)); - - /* Lookup sid from PDC using lsa_lookup_sids() */ - - if (!string_to_sid(&sid, state->request.data.sid)) { - DEBUG(5, ("%s not a SID\n", state->request.data.sid)); - return WINBINDD_ERROR; - } - - /* Don't look up BUILTIN sids */ - - sid_copy(&tmp_sid, &sid); - sid_split_rid(&tmp_sid, &rid); - - if (sid_equal(&tmp_sid, &global_sid_Builtin)) { - return WINBINDD_ERROR; - } - - /* Lookup the sid */ - - if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) { - return WINBINDD_ERROR; - } - - fstrcpy(state->response.data.name.dom_name, dom_name); - fstrcpy(state->response.data.name.name, name); - - state->response.data.name.type = type; - - return WINBINDD_OK; -} - - -/** - * Look up the SID for a qualified name. - **/ -enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) -{ - enum SID_NAME_USE type; - fstring sid_str; - char *name_domain, *name_user; - DOM_SID sid; - struct winbindd_domain *domain; - - /* Ensure null termination */ - state->request.data.sid[sizeof(state->request.data.name.dom_name)-1]='\0'; - - /* Ensure null termination */ - state->request.data.sid[sizeof(state->request.data.name.name)-1]='\0'; - - DEBUG(3, ("[%5d]: lookupname %s%s%s\n", state->pid, - state->request.data.name.dom_name, - lp_winbind_separator(), - state->request.data.name.name)); - - name_domain = state->request.data.name.dom_name; - name_user = state->request.data.name.name; - - if ((domain = find_domain_from_name(name_domain)) == NULL) { - DEBUG(0, ("could not find domain entry for domain %s\n", - name_domain)); - return WINBINDD_ERROR; - } - - /* Lookup name from PDC using lsa_lookup_names() */ - if (!winbindd_lookup_sid_by_name(domain, name_user, &sid, &type)) { - return WINBINDD_ERROR; - } - - sid_to_string(sid_str, &sid); - fstrcpy(state->response.data.sid.sid, sid_str); - state->response.data.sid.type = type; - - return WINBINDD_OK; -} - -/* Convert a sid to a uid. We assume we only have one rid attached to the - sid. */ - -enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - - /* Ensure null termination */ - state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; - - DEBUG(3, ("[%5d]: sid to uid %s\n", state->pid, - state->request.data.sid)); - - /* Split sid into domain sid and user rid */ - if (!string_to_sid(&sid, state->request.data.sid)) { - DEBUG(1, ("Could not get convert sid %s from string\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - /* Find uid for this sid and return it */ - if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) { - DEBUG(1, ("Could not get uid for sid %s\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - return WINBINDD_OK; -} - -/* Convert a sid to a gid. We assume we only have one rid attached to the - sid.*/ - -enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - - /* Ensure null termination */ - state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; - - DEBUG(3, ("[%5d]: sid to gid %s\n", state->pid, - state->request.data.sid)); - - if (!string_to_sid(&sid, state->request.data.sid)) { - DEBUG(1, ("Could not cvt string to sid %s\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - /* Find gid for this sid and return it */ - if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) { - DEBUG(1, ("Could not get gid for sid %s\n", - state->request.data.sid)); - return WINBINDD_ERROR; - } - - return WINBINDD_OK; -} - -/* Convert a uid to a sid */ - -enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - - /* Bug out if the uid isn't in the winbind range */ - - if ((state->request.data.uid < server_state.uid_low ) || - (state->request.data.uid > server_state.uid_high)) { - return WINBINDD_ERROR; - } - - DEBUG(3, ("[%5d]: uid to sid %d\n", state->pid, - state->request.data.uid)); - - /* Lookup rid for this uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) { - DEBUG(1, ("Could not convert uid %d to rid\n", - state->request.data.uid)); - return WINBINDD_ERROR; - } - - sid_to_string(state->response.data.sid.sid, &sid); - state->response.data.sid.type = SID_NAME_USER; - - return WINBINDD_OK; -} - -/* Convert a gid to a sid */ - -enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) -{ - DOM_SID sid; - - /* Bug out if the gid isn't in the winbind range */ - - if ((state->request.data.gid < server_state.gid_low) || - (state->request.data.gid > server_state.gid_high)) { - return WINBINDD_ERROR; - } - - DEBUG(3, ("[%5d]: gid to sid %d\n", state->pid, - state->request.data.gid)); - - /* Lookup sid for this uid */ - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) { - DEBUG(1, ("Could not convert gid %d to sid\n", - state->request.data.gid)); - return WINBINDD_ERROR; - } - - /* Construct sid and return it */ - sid_to_string(state->response.data.sid.sid, &sid); - state->response.data.sid.type = SID_NAME_DOM_GRP; - - return WINBINDD_OK; -} diff --git a/source4/nsswitch/winbindd_user.c b/source4/nsswitch/winbindd_user.c deleted file mode 100644 index ee05543d30..0000000000 --- a/source4/nsswitch/winbindd_user.c +++ /dev/null @@ -1,607 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related functions - - Copyright (C) Tim Potter 2000 - Copyright (C) Jeremy Allison 2001. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Fill a pwent structure with information we have obtained */ - -static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, - DOM_SID *user_sid, DOM_SID *group_sid, - char *full_name, struct winbindd_pw *pw) -{ - extern userdom_struct current_user_info; - fstring output_username; - pstring homedir; - fstring sid_string; - - if (!pw || !dom_name || !user_name) - return False; - - /* Resolve the uid number */ - - if (!winbindd_idmap_get_uid_from_sid(user_sid, - &pw->pw_uid)) { - DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid))); - return False; - } - - /* Resolve the gid number */ - - if (!winbindd_idmap_get_gid_from_sid(group_sid, - &pw->pw_gid)) { - DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid))); - return False; - } - - /* Username */ - - fill_domain_username(output_username, dom_name, user_name); - - safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1); - - /* Full name (gecos) */ - - safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1); - - /* Home directory and shell - use template config parameters. The - defaults are /tmp for the home directory and /bin/false for - shell. */ - - /* The substitution of %U and %D in the 'template homedir' is done - by lp_string() calling standard_sub_basic(). */ - - fstrcpy(current_user_info.smb_name, user_name); - sub_set_smb_name(user_name); - fstrcpy(current_user_info.domain, dom_name); - - pstrcpy(homedir, lp_template_homedir()); - - safe_strcpy(pw->pw_dir, homedir, sizeof(pw->pw_dir) - 1); - - safe_strcpy(pw->pw_shell, lp_template_shell(), - sizeof(pw->pw_shell) - 1); - - /* Password - set to "x" as we can't generate anything useful here. - Authentication can be done using the pam_winbind module. */ - - safe_strcpy(pw->pw_passwd, "x", sizeof(pw->pw_passwd) - 1); - - return True; -} - -/* Return a password structure from a username. */ - -enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) -{ - WINBIND_USERINFO user_info; - DOM_SID user_sid; - NTSTATUS status; - fstring name_domain, name_user; - enum SID_NAME_USE name_type; - struct winbindd_domain *domain; - TALLOC_CTX *mem_ctx; - - /* Ensure null termination */ - state->request.data.username[sizeof(state->request.data.username)-1]='\0'; - - DEBUG(3, ("[%5d]: getpwnam %s\n", state->pid, - state->request.data.username)); - - /* Parse domain and username */ - - if (!parse_domain_user(state->request.data.username, name_domain, - name_user)) - return WINBINDD_ERROR; - - if ((domain = find_domain_from_name(name_domain)) == NULL) { - DEBUG(5, ("no such domain: %s\n", name_domain)); - return WINBINDD_ERROR; - } - - /* Get rid and name type from name */ - - if (!winbindd_lookup_sid_by_name(domain, name_user, &user_sid, &name_type)) { - DEBUG(1, ("user '%s' does not exist\n", name_user)); - return WINBINDD_ERROR; - } - - if (name_type != SID_NAME_USER) { - DEBUG(1, ("name '%s' is not a user name: %d\n", name_user, - name_type)); - return WINBINDD_ERROR; - } - - /* Get some user info. Split the user rid from the sid obtained - from the winbind_lookup_by_name() call and use it in a - winbind_lookup_userinfo() */ - - if (!(mem_ctx = talloc_init("winbindd_getpwnam([%s]\\[%s])", - name_domain, name_user))) { - DEBUG(1, ("out of memory\n")); - return WINBINDD_ERROR; - } - - status = domain->methods->query_user(domain, mem_ctx, &user_sid, - &user_info); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("error getting user info for user '[%s]\\[%s]'\n", - name_domain, name_user)); - talloc_destroy(mem_ctx); - return WINBINDD_ERROR; - } - - /* Now take all this information and fill in a passwd structure */ - if (!winbindd_fill_pwent(name_domain, name_user, - user_info.user_sid, user_info.group_sid, - user_info.full_name, - &state->response.data.pw)) { - talloc_destroy(mem_ctx); - return WINBINDD_ERROR; - } - - talloc_destroy(mem_ctx); - - return WINBINDD_OK; -} - -/* Return a password structure given a uid number */ - -enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) -{ - DOM_SID user_sid; - struct winbindd_domain *domain; - fstring dom_name; - fstring user_name; - enum SID_NAME_USE name_type; - WINBIND_USERINFO user_info; - gid_t gid; - TALLOC_CTX *mem_ctx; - NTSTATUS status; - - /* Bug out if the uid isn't in the winbind range */ - - if ((state->request.data.uid < server_state.uid_low ) || - (state->request.data.uid > server_state.uid_high)) - return WINBINDD_ERROR; - - DEBUG(3, ("[%5d]: getpwuid %d\n", state->pid, - state->request.data.uid)); - - /* Get rid from uid */ - - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, - &user_sid)) { - DEBUG(1, ("could not convert uid %d to SID\n", - state->request.data.uid)); - return WINBINDD_ERROR; - } - - /* Get name and name type from rid */ - - if (!winbindd_lookup_name_by_sid(&user_sid, dom_name, user_name, &name_type)) { - fstring temp; - - sid_to_string(temp, &user_sid); - DEBUG(1, ("could not lookup sid %s\n", temp)); - return WINBINDD_ERROR; - } - - domain = find_domain_from_sid(&user_sid); - - if (!domain) { - DEBUG(1,("Can't find domain from sid\n")); - return WINBINDD_ERROR; - } - - /* Get some user info */ - - if (!(mem_ctx = talloc_init("winbind_getpwuid(%d)", - state->request.data.uid))) { - - DEBUG(1, ("out of memory\n")); - return WINBINDD_ERROR; - } - - status = domain->methods->query_user(domain, mem_ctx, &user_sid, - &user_info); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("error getting user info for user '%s'\n", - user_name)); - talloc_destroy(mem_ctx); - return WINBINDD_ERROR; - } - - /* Resolve gid number */ - - if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) { - DEBUG(1, ("error getting group id for user %s\n", user_name)); - talloc_destroy(mem_ctx); - return WINBINDD_ERROR; - } - - /* Fill in password structure */ - - if (!winbindd_fill_pwent(domain->name, user_name, user_info.user_sid, - user_info.group_sid, - user_info.full_name, &state->response.data.pw)) { - talloc_destroy(mem_ctx); - return WINBINDD_ERROR; - } - - talloc_destroy(mem_ctx); - - return WINBINDD_OK; -} - -/* - * set/get/endpwent functions - */ - -/* Rewind file pointer for ntdom passwd database */ - -enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - - DEBUG(3, ("[%5d]: setpwent\n", state->pid)); - - /* Check user has enabled this */ - - if (!lp_winbind_enum_users()) - return WINBINDD_ERROR; - - /* Free old static data if it exists */ - - if (state->getpwent_state != NULL) { - free_getent_state(state->getpwent_state); - state->getpwent_state = NULL; - } - - /* Create sam pipes for each domain we know about */ - - for(domain = domain_list(); domain != NULL; domain = domain->next) { - struct getent_state *domain_state; - - /* Create a state record for this domain */ - - if ((domain_state = (struct getent_state *) - malloc(sizeof(struct getent_state))) == NULL) - return WINBINDD_ERROR; - - ZERO_STRUCTP(domain_state); - - fstrcpy(domain_state->domain_name, domain->name); - - /* Add to list of open domains */ - - DLIST_ADD(state->getpwent_state, domain_state); - } - - return WINBINDD_OK; -} - -/* Close file pointer to ntdom passwd database */ - -enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state) -{ - DEBUG(3, ("[%5d]: endpwent\n", state->pid)); - - free_getent_state(state->getpwent_state); - state->getpwent_state = NULL; - - return WINBINDD_OK; -} - -/* Get partial list of domain users for a domain. We fill in the sam_entries, - and num_sam_entries fields with domain user information. The dispinfo_ndx - field is incremented to the index of the next user to fetch. Return True if - some users were returned, False otherwise. */ - -#define MAX_FETCH_SAM_ENTRIES 100 - -static BOOL get_sam_user_entries(struct getent_state *ent) -{ - NTSTATUS status; - uint32 num_entries; - WINBIND_USERINFO *info; - struct getpwent_user *name_list = NULL; - BOOL result = False; - TALLOC_CTX *mem_ctx; - struct winbindd_domain *domain; - struct winbindd_methods *methods; - unsigned int i; - - if (ent->num_sam_entries) - return False; - - if (!(mem_ctx = talloc_init("get_sam_user_entries(%s)", - ent->domain_name))) - return False; - - if (!(domain = find_domain_from_name(ent->domain_name))) { - DEBUG(3, ("no such domain %s in get_sam_user_entries\n", - ent->domain_name)); - return False; - } - - methods = domain->methods; - - /* Free any existing user info */ - - SAFE_FREE(ent->sam_entries); - ent->num_sam_entries = 0; - - /* Call query_user_list to get a list of usernames and user rids */ - - num_entries = 0; - - status = methods->query_user_list(domain, mem_ctx, &num_entries, - &info); - - if (num_entries) { - struct getpwent_user *tnl; - - tnl = (struct getpwent_user *)Realloc(name_list, - sizeof(struct getpwent_user) * - (ent->num_sam_entries + - num_entries)); - - if (!tnl) { - DEBUG(0,("get_sam_user_entries realloc failed.\n")); - SAFE_FREE(name_list); - goto done; - } else - name_list = tnl; - } - - for (i = 0; i < num_entries; i++) { - /* Store account name and gecos */ - if (!info[i].acct_name) { - fstrcpy(name_list[ent->num_sam_entries + i].name, ""); - } else { - fstrcpy(name_list[ent->num_sam_entries + i].name, - info[i].acct_name); - } - if (!info[i].full_name) { - fstrcpy(name_list[ent->num_sam_entries + i].gecos, ""); - } else { - fstrcpy(name_list[ent->num_sam_entries + i].gecos, - info[i].full_name); - } - - /* User and group ids */ - sid_copy(&name_list[ent->num_sam_entries+i].user_sid, info[i].user_sid); - sid_copy(&name_list[ent->num_sam_entries+i].group_sid, info[i].group_sid); - } - - ent->num_sam_entries += num_entries; - - /* Fill in remaining fields */ - - ent->sam_entries = name_list; - ent->sam_entry_index = 0; - result = ent->num_sam_entries > 0; - - done: - - talloc_destroy(mem_ctx); - - return result; -} - -/* Fetch next passwd entry from ntdom database */ - -#define MAX_GETPWENT_USERS 500 - -enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state) -{ - struct getent_state *ent; - struct winbindd_pw *user_list; - int num_users, user_list_ndx = 0, i; - - DEBUG(3, ("[%5d]: getpwent\n", state->pid)); - - /* Check user has enabled this */ - - if (!lp_winbind_enum_users()) - return WINBINDD_ERROR; - - /* Allocate space for returning a chunk of users */ - - num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries); - - if ((state->response.extra_data = - malloc(num_users * sizeof(struct winbindd_pw))) == NULL) - return WINBINDD_ERROR; - - memset(state->response.extra_data, 0, num_users * - sizeof(struct winbindd_pw)); - - user_list = (struct winbindd_pw *)state->response.extra_data; - - if (!(ent = state->getpwent_state)) - return WINBINDD_ERROR; - - /* Start sending back users */ - - for (i = 0; i < num_users; i++) { - struct getpwent_user *name_list = NULL; - fstring domain_user_name; - uint32 result; - - /* Do we need to fetch another chunk of users? */ - - if (ent->num_sam_entries == ent->sam_entry_index) { - - while(ent && !get_sam_user_entries(ent)) { - struct getent_state *next_ent; - - /* Free state information for this domain */ - - SAFE_FREE(ent->sam_entries); - - next_ent = ent->next; - DLIST_REMOVE(state->getpwent_state, ent); - - SAFE_FREE(ent); - ent = next_ent; - } - - /* No more domains */ - - if (!ent) - break; - } - - name_list = ent->sam_entries; - - /* Skip machine accounts */ - - if (name_list[ent->sam_entry_index]. - name[strlen(name_list[ent->sam_entry_index].name) - 1] - == '$') { - ent->sam_entry_index++; - continue; - } - - /* Lookup user info */ - - result = winbindd_fill_pwent( - ent->domain_name, - name_list[ent->sam_entry_index].name, - &name_list[ent->sam_entry_index].user_sid, - &name_list[ent->sam_entry_index].group_sid, - name_list[ent->sam_entry_index].gecos, - &user_list[user_list_ndx]); - - ent->sam_entry_index++; - - /* Add user to return list */ - - if (result) { - - user_list_ndx++; - state->response.data.num_entries++; - state->response.length += - sizeof(struct winbindd_pw); - - } else - DEBUG(1, ("could not lookup domain user %s\n", - domain_user_name)); - } - - /* Out of domains */ - - return (user_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR; -} - -/* List domain users without mapping to unix ids */ - -enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) -{ - struct winbindd_domain *domain; - WINBIND_USERINFO *info; - uint32 num_entries = 0, total_entries = 0; - char *ted, *extra_data = NULL; - int extra_data_len = 0; - TALLOC_CTX *mem_ctx; - enum winbindd_result rv = WINBINDD_ERROR; - - DEBUG(3, ("[%5d]: list users\n", state->pid)); - - if (!(mem_ctx = talloc_init("winbindd_list_users"))) - return WINBINDD_ERROR; - - /* Enumerate over trusted domains */ - - for (domain = domain_list(); domain; domain = domain->next) { - NTSTATUS status; - struct winbindd_methods *methods; - unsigned int i; - - methods = domain->methods; - - /* Query display info */ - status = methods->query_user_list(domain, mem_ctx, - &num_entries, &info); - - if (num_entries == 0) - continue; - - /* Allocate some memory for extra data */ - total_entries += num_entries; - - ted = Realloc(extra_data, sizeof(fstring) * total_entries); - - if (!ted) { - DEBUG(0,("failed to enlarge buffer!\n")); - SAFE_FREE(extra_data); - goto done; - } else - extra_data = ted; - - /* Pack user list into extra data fields */ - - for (i = 0; i < num_entries; i++) { - fstring acct_name, name; - - if (!info[i].acct_name) { - fstrcpy(acct_name, ""); - } else { - fstrcpy(acct_name, info[i].acct_name); - } - - fill_domain_username(name, domain->name, acct_name); - - /* Append to extra data */ - memcpy(&extra_data[extra_data_len], name, - strlen(name)); - extra_data_len += strlen(name); - extra_data[extra_data_len++] = ','; - } - } - - /* Assign extra_data fields in response structure */ - - if (extra_data) { - extra_data[extra_data_len - 1] = '\0'; - state->response.extra_data = extra_data; - state->response.length += extra_data_len; - } - - /* No domains responded but that's still OK so don't return an - error. */ - - rv = WINBINDD_OK; - - done: - - talloc_destroy(mem_ctx); - - return rv; -} diff --git a/source4/nsswitch/winbindd_util.c b/source4/nsswitch/winbindd_util.c deleted file mode 100644 index 7ccf032041..0000000000 --- a/source4/nsswitch/winbindd_util.c +++ /dev/null @@ -1,553 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000-2001 - Copyright (C) 2001 by Martin Pool - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/** - * @file winbindd_util.c - * - * Winbind daemon for NT domain authentication nss module. - **/ - - -/** - * Used to clobber name fields that have an undefined value. - * - * Correct code should never look at a field that has this value. - **/ - -static const fstring name_deadbeef = ""; - -/* The list of trusted domains. Note that the list can be deleted and - recreated using the init_domain_list() function so pointers to - individual winbindd_domain structures cannot be made. Keep a copy of - the domain name instead. */ - -static struct winbindd_domain *_domain_list; - -struct winbindd_domain *domain_list(void) -{ - /* Initialise list */ - - if (!_domain_list) - init_domain_list(); - - return _domain_list; -} - -/* Free all entries in the trusted domain list */ - -void free_domain_list(void) -{ - struct winbindd_domain *domain = _domain_list; - - while(domain) { - struct winbindd_domain *next = domain->next; - - DLIST_REMOVE(_domain_list, domain); - SAFE_FREE(domain); - domain = next; - } -} - - -/* Add a trusted domain to our list of domains */ -static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, - struct winbindd_methods *methods, - DOM_SID *sid) -{ - struct winbindd_domain *domain; - - /* We can't call domain_list() as this function is called from - init_domain_list() and we'll get stuck in a loop. */ - for (domain = _domain_list; domain; domain = domain->next) { - if (strcasecmp(domain_name, domain->name) == 0 || - strcasecmp(domain_name, domain->alt_name) == 0) { - return domain; - } - if (alt_name && *alt_name) { - if (strcasecmp(alt_name, domain->name) == 0 || - strcasecmp(alt_name, domain->alt_name) == 0) { - return domain; - } - } - } - - /* Create new domain entry */ - - if ((domain = (struct winbindd_domain *) - malloc(sizeof(*domain))) == NULL) - return NULL; - - /* Fill in fields */ - - ZERO_STRUCTP(domain); - - /* prioritise the short name */ - if (strchr_m(domain_name, '.') && alt_name && *alt_name) { - fstrcpy(domain->name, alt_name); - fstrcpy(domain->alt_name, domain_name); - } else { - fstrcpy(domain->name, domain_name); - if (alt_name) { - fstrcpy(domain->alt_name, alt_name); - } - } - - domain->methods = methods; - domain->sequence_number = DOM_SEQUENCE_NONE; - domain->last_seq_check = 0; - if (sid) { - sid_copy(&domain->sid, sid); - } - - /* see if this is a native mode win2k domain, but only for our own domain */ - - if ( strequal( lp_workgroup(), domain_name) ) { - domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); - DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, - domain->native_mode ? "native" : "mixed" )); - } - - /* Link to domain list */ - DLIST_ADD(_domain_list, domain); - - DEBUG(1,("Added domain %s %s %s\n", - domain->name, domain->alt_name, - sid?sid_string_static(&domain->sid):"")); - - return domain; -} - - -/* - rescan our domains looking for new trusted domains - */ -void rescan_trusted_domains(BOOL force) -{ - struct winbindd_domain *domain; - TALLOC_CTX *mem_ctx; - static time_t last_scan; - time_t t = time(NULL); - - /* trusted domains might be disabled */ - if (!lp_allow_trusted_domains()) { - return; - } - - /* Only rescan every few minutes but force if necessary */ - - if (((unsigned)(t - last_scan) < WINBINDD_RESCAN_FREQ) && !force) - return; - - last_scan = t; - - DEBUG(1, ("scanning trusted domain list\n")); - - if (!(mem_ctx = talloc_init("init_domain_list"))) - return; - - for (domain = _domain_list; domain; domain = domain->next) { - NTSTATUS result; - char **names; - char **alt_names; - int num_domains = 0; - DOM_SID *dom_sids; - int i; - - result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains, - &names, &alt_names, &dom_sids); - if (!NT_STATUS_IS_OK(result)) { - continue; - } - - /* Add each domain to the trusted domain list. Each domain inherits - the access methods of its parent */ - for(i = 0; i < num_domains; i++) { - DEBUG(10,("Found domain %s\n", names[i])); - add_trusted_domain(names[i], alt_names?alt_names[i]:NULL, - domain->methods, &dom_sids[i]); - - /* store trusted domain in the cache */ - trustdom_cache_store(mem_ctx, names[i], alt_names ? alt_names[i] : NULL, - &dom_sids[i], t + WINBINDD_RESCAN_FREQ); - } - } - - talloc_destroy(mem_ctx); -} - -/* Look up global info for the winbind daemon */ -BOOL init_domain_list(void) -{ - extern struct winbindd_methods cache_methods; - struct winbindd_domain *domain; - - /* Free existing list */ - free_domain_list(); - - /* Add ourselves as the first entry */ - domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL); - if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) { - DEBUG(1, ("Could not fetch sid for our domain %s\n", - domain->name)); - return False; - } - - /* get any alternate name for the primary domain */ - cache_methods.alternate_name(domain); - - /* do an initial scan for trusted domains */ - rescan_trusted_domains(True); - - return True; -} - -/* Given a domain name, return the struct winbindd domain info for it - if it is actually working. */ - -struct winbindd_domain *find_domain_from_name(const char *domain_name) -{ - struct winbindd_domain *domain; - - /* Search through list */ - - for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (strequal(domain_name, domain->name) || - (domain->alt_name[0] && strequal(domain_name, domain->alt_name))) - return domain; - } - - /* Not found */ - - return NULL; -} - -/* Given a domain sid, return the struct winbindd domain info for it */ - -struct winbindd_domain *find_domain_from_sid(DOM_SID *sid) -{ - struct winbindd_domain *domain; - - /* Search through list */ - - for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (sid_compare_domain(sid, &domain->sid) == 0) - return domain; - } - - /* Not found */ - - return NULL; -} - -/* Lookup a sid in a domain from a name */ - -BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, - const char *name, DOM_SID *sid, - enum SID_NAME_USE *type) -{ - NTSTATUS result; - TALLOC_CTX *mem_ctx; - /* Don't bother with machine accounts */ - - if (name[strlen(name) - 1] == '$') - return False; - - mem_ctx = talloc_init("lookup_sid_by_name for %s\n", name); - if (!mem_ctx) - return False; - - /* Lookup name */ - result = domain->methods->name_to_sid(domain, mem_ctx, name, sid, type); - - talloc_destroy(mem_ctx); - - /* Return rid and type if lookup successful */ - if (!NT_STATUS_IS_OK(result)) { - *type = SID_NAME_UNKNOWN; - } - - return NT_STATUS_IS_OK(result); -} - -/** - * @brief Lookup a name in a domain from a sid. - * - * @param sid Security ID you want to look up. - * - * @param name On success, set to the name corresponding to @p sid. - * - * @param dom_name On success, set to the 'domain name' corresponding to @p sid. - * - * @param type On success, contains the type of name: alias, group or - * user. - * - * @retval True if the name exists, in which case @p name and @p type - * are set, otherwise False. - **/ -BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, - fstring dom_name, - fstring name, - enum SID_NAME_USE *type) -{ - char *names; - NTSTATUS result; - TALLOC_CTX *mem_ctx; - BOOL rv = False; - struct winbindd_domain *domain; - - domain = find_domain_from_sid(sid); - - if (!domain) { - DEBUG(1,("Can't find domain from sid\n")); - return False; - } - - /* Lookup name */ - - if (!(mem_ctx = talloc_init("winbindd_lookup_name_by_sid"))) - return False; - - result = domain->methods->sid_to_name(domain, mem_ctx, sid, &names, type); - - /* Return name and type if successful */ - - if ((rv = NT_STATUS_IS_OK(result))) { - fstrcpy(dom_name, domain->name); - fstrcpy(name, names); - } else { - *type = SID_NAME_UNKNOWN; - fstrcpy(name, name_deadbeef); - } - - talloc_destroy(mem_ctx); - - return rv; -} - - -/* Free state information held for {set,get,end}{pw,gr}ent() functions */ - -void free_getent_state(struct getent_state *state) -{ - struct getent_state *temp; - - /* Iterate over state list */ - - temp = state; - - while(temp != NULL) { - struct getent_state *next; - - /* Free sam entries then list entry */ - - SAFE_FREE(state->sam_entries); - DLIST_REMOVE(state, state); - next = temp->next; - - SAFE_FREE(temp); - temp = next; - } -} - -/* Parse winbindd related parameters */ - -BOOL winbindd_param_init(void) -{ - /* Parse winbind uid and winbind_gid parameters */ - - if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) { - DEBUG(0, ("winbind uid range missing or invalid\n")); - return False; - } - - if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) { - DEBUG(0, ("winbind gid range missing or invalid\n")); - return False; - } - - return True; -} - -/* Check if a domain is present in a comma-separated list of domains */ - -BOOL check_domain_env(char *domain_env, char *domain) -{ - fstring name; - const char *tmp = domain_env; - - while(next_token(&tmp, name, ",", sizeof(fstring))) { - if (strequal(name, domain)) - return True; - } - - return False; -} - -/* Parse a string of the form DOMAIN/user into a domain and a user */ - -BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) -{ - char *p = strchr(domuser,*lp_winbind_separator()); - - if (!(p || lp_winbind_use_default_domain())) - return False; - - if(!p && lp_winbind_use_default_domain()) { - fstrcpy(user, domuser); - fstrcpy(domain, lp_workgroup()); - } else { - fstrcpy(user, p+1); - fstrcpy(domain, domuser); - domain[PTR_DIFF(p, domuser)] = 0; - } - strupper(domain); - return True; -} - -/* - Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and - 'winbind separator' options. - This means: - - omit DOMAIN when 'winbind use default domain = true' and DOMAIN is - lp_workgroup - -*/ -void fill_domain_username(fstring name, const char *domain, const char *user) -{ - if(lp_winbind_use_default_domain() && - !strcmp(lp_workgroup(), domain)) { - strlcpy(name, user, sizeof(fstring)); - } else { - slprintf(name, sizeof(fstring) - 1, "%s%s%s", - domain, lp_winbind_separator(), - user); - } -} - -/* - * Winbindd socket accessor functions - */ - -/* Open the winbindd socket */ - -static int _winbindd_socket = -1; - -int open_winbindd_socket(void) -{ - if (_winbindd_socket == -1) { - _winbindd_socket = create_pipe_sock( - WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME, 0755); - DEBUG(10, ("open_winbindd_socket: opened socket fd %d\n", - _winbindd_socket)); - } - - return _winbindd_socket; -} - -/* Close the winbindd socket */ - -void close_winbindd_socket(void) -{ - if (_winbindd_socket != -1) { - DEBUG(10, ("close_winbindd_socket: closing socket fd %d\n", - _winbindd_socket)); - close(_winbindd_socket); - _winbindd_socket = -1; - } -} - -/* - * Client list accessor functions - */ - -static struct winbindd_cli_state *_client_list; -static int _num_clients; - -/* Return list of all connected clients */ - -struct winbindd_cli_state *winbindd_client_list(void) -{ - return _client_list; -} - -/* Add a connection to the list */ - -void winbindd_add_client(struct winbindd_cli_state *cli) -{ - DLIST_ADD(_client_list, cli); - _num_clients++; -} - -/* Remove a client from the list */ - -void winbindd_remove_client(struct winbindd_cli_state *cli) -{ - DLIST_REMOVE(_client_list, cli); - _num_clients--; -} - -/* Close all open clients */ - -void winbindd_kill_all_clients(void) -{ - struct winbindd_cli_state *cl = winbindd_client_list(); - - DEBUG(10, ("winbindd_kill_all_clients: going postal\n")); - - while (cl) { - struct winbindd_cli_state *next; - - next = cl->next; - winbindd_remove_client(cl); - cl = next; - } -} - -/* Return number of open clients */ - -int winbindd_num_clients(void) -{ - return _num_clients; -} - -/* Help with RID -> SID conversion */ - -DOM_SID *rid_to_talloced_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 rid) -{ - DOM_SID *sid; - sid = talloc(mem_ctx, sizeof(*sid)); - if (!sid) { - smb_panic("rid_to_to_talloced_sid: talloc for DOM_SID failed!\n"); - } - sid_copy(sid, &domain->sid); - sid_append_rid(sid, rid); - return sid; -} - diff --git a/source4/nsswitch/winbindd_wins.c b/source4/nsswitch/winbindd_wins.c deleted file mode 100644 index 8ddd5dc10d..0000000000 --- a/source4/nsswitch/winbindd_wins.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - WINS related functions - - Copyright (C) Andrew Tridgell 1999 - Copyright (C) Herb Lewis 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* Use our own create socket code so we don't recurse.... */ - -static int wins_lookup_open_socket_in(void) -{ - struct sockaddr_in sock; - int val=1; - int res; - - memset((char *)&sock,'\0',sizeof(sock)); - -#ifdef HAVE_SOCK_SIN_LEN - sock.sin_len = sizeof(sock); -#endif - sock.sin_port = 0; - sock.sin_family = AF_INET; - sock.sin_addr.s_addr = interpret_addr("0.0.0.0"); - res = socket(AF_INET, SOCK_DGRAM, 0); - if (res == -1) - return -1; - - setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)); -#ifdef SO_REUSEPORT - setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)); -#endif /* SO_REUSEPORT */ - - /* now we've got a socket - we need to bind it */ - - if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0) { - close(res); - return(-1); - } - - set_socket_options(res,"SO_BROADCAST"); - - return res; -} - - -static struct node_status *lookup_byaddr_backend(char *addr, int *count) -{ - int fd; - struct in_addr ip; - struct nmb_name nname; - struct node_status *status; - - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - make_nmb_name(&nname, "*", 0); - ip = *interpret_addr2(addr); - status = node_status_query(fd,&nname,ip, count); - - close(fd); - return status; -} - -static struct in_addr *lookup_byname_backend(const char *name, int *count) -{ - int fd; - struct in_addr *ret = NULL; - int j, flags = 0; - - *count = 0; - - /* always try with wins first */ - if (resolve_wins(name,0x20,&ret,count)) { - return ret; - } - - fd = wins_lookup_open_socket_in(); - if (fd == -1) { - return NULL; - } - - /* uggh, we have to broadcast to each interface in turn */ - for (j=iface_count() - 1; - j >= 0; - j--) { - struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); - if (ret) break; - } - - close(fd); - return ret; -} - -/* Get hostname from IP */ - -enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state) -{ - fstring response; - int i, count, maxlen, size; - struct node_status *status; - - /* Ensure null termination */ - state->request.data.winsreq[sizeof(state->request.data.winsreq)-1]='\0'; - - DEBUG(3, ("[%5d]: wins_byip %s\n", state->pid, - state->request.data.winsreq)); - - *response = '\0'; - maxlen = sizeof(response) - 1; - - if ((status = lookup_byaddr_backend(state->request.data.winsreq, &count))){ - size = strlen(state->request.data.winsreq); - if (size > maxlen) { - SAFE_FREE(status); - return WINBINDD_ERROR; - } - safe_strcat(response,state->request.data.winsreq,maxlen); - safe_strcat(response,"\t",maxlen); - for (i = 0; i < count; i++) { - /* ignore group names */ - if (status[i].flags & 0x80) continue; - if (status[i].type == 0x20) { - size = sizeof(status[i].name) + strlen(response); - if (size > maxlen) { - SAFE_FREE(status); - return WINBINDD_ERROR; - } - safe_strcat(response, status[i].name, maxlen); - safe_strcat(response, " ", maxlen); - } - } - /* make last character a newline */ - response[strlen(response)-1] = '\n'; - SAFE_FREE(status); - } - fstrcpy(state->response.data.winsresp,response); - return WINBINDD_OK; -} - -/* Get IP from hostname */ - -enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) -{ - struct in_addr *ip_list; - int i, count, maxlen, size; - fstring response; - char * addr; - - /* Ensure null termination */ - state->request.data.winsreq[sizeof(state->request.data.winsreq)-1]='\0'; - - DEBUG(3, ("[%5d]: wins_byname %s\n", state->pid, - state->request.data.winsreq)); - - *response = '\0'; - maxlen = sizeof(response) - 1; - - if ((ip_list = lookup_byname_backend(state->request.data.winsreq,&count))){ - for (i = count; i ; i--) { - addr = inet_ntoa(ip_list[i-1]); - size = strlen(addr); - if (size > maxlen) { - SAFE_FREE(ip_list); - return WINBINDD_ERROR; - } - if (i != 0) { - /* Clear out the newline character */ - response[strlen(response)-1] = ' '; - } - safe_strcat(response,addr,maxlen); - safe_strcat(response,"\t",maxlen); - } - size = strlen(state->request.data.winsreq) + strlen(response); - if (size > maxlen) { - SAFE_FREE(ip_list); - return WINBINDD_ERROR; - } - safe_strcat(response,state->request.data.winsreq,maxlen); - safe_strcat(response,"\n",maxlen); - SAFE_FREE(ip_list); - } else - return WINBINDD_ERROR; - - fstrcpy(state->response.data.winsresp,response); - - return WINBINDD_OK; -} diff --git a/source4/nsswitch/wins.c b/source4/nsswitch/wins.c deleted file mode 100644 index d5791d7af5..0000000000 --- a/source4/nsswitch/wins.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - Unix SMB/CIFS implementation. - a WINS nsswitch module - Copyright (C) Andrew Tridgell 1999 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "includes.h" -#ifdef HAVE_NS_API_H -#undef VOLATILE - -#include -#endif - -#ifndef INADDRSZ -#define INADDRSZ 4 -#endif - -static int initialised; - -extern BOOL AllowDebugChange; - -/* Use our own create socket code so we don't recurse.... */ - -static int wins_lookup_open_socket_in(void) -{ - struct sockaddr_in sock; - int val=1; - int res; - - memset((char *)&sock,'\0',sizeof(sock)); - -#ifdef HAVE_SOCK_SIN_LEN - sock.sin_len = sizeof(sock); -#endif - sock.sin_port = 0; - sock.sin_family = AF_INET; - sock.sin_addr.s_addr = interpret_addr("0.0.0.0"); - res = socket(AF_INET, SOCK_DGRAM, 0); - if (res == -1) - return -1; - - setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)); -#ifdef SO_REUSEPORT - setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)); -#endif /* SO_REUSEPORT */ - - /* now we've got a socket - we need to bind it */ - - if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0) { - close(res); - return(-1); - } - - set_socket_options(res,"SO_BROADCAST"); - - return res; -} - - -static void nss_wins_init(void) -{ - initialised = 1; - DEBUGLEVEL = 0; - AllowDebugChange = False; - - TimeInit(); - setup_logging("nss_wins",DEBUG_FILE); - lp_load(dyn_CONFIGFILE,True,False,False); - load_interfaces(); -} - -static struct node_status *lookup_byaddr_backend(char *addr, int *count) -{ - int fd; - struct in_addr ip; - struct nmb_name nname; - struct node_status *status; - - if (!initialised) { - nss_wins_init(); - } - - fd = wins_lookup_open_socket_in(); - if (fd == -1) - return NULL; - - make_nmb_name(&nname, "*", 0); - ip = *interpret_addr2(addr); - status = node_status_query(fd,&nname,ip, count); - - close(fd); - return status; -} - -static struct in_addr *lookup_byname_backend(const char *name, int *count) -{ - int fd = -1; - struct in_addr *ret = NULL; - struct in_addr p; - int j, flags = 0; - - if (!initialised) { - nss_wins_init(); - } - - *count = 0; - - /* always try with wins first */ - if (resolve_wins(name,0x20,&ret,count)) { - return ret; - } - - fd = wins_lookup_open_socket_in(); - if (fd == -1) { - return NULL; - } - - /* uggh, we have to broadcast to each interface in turn */ - for (j=iface_count() - 1;j >= 0;j--) { - struct in_addr *bcast = iface_n_bcast(j); - ret = name_query(fd,name,0x20,True,True,*bcast,count, &flags, NULL); - if (ret) break; - } - -out: - close(fd); - return ret; -} - - -#ifdef HAVE_NS_API_H -/* IRIX version */ - -int init(void) -{ - nsd_logprintf(NSD_LOG_MIN, "entering init (wins)\n"); - nss_wins_init(); - return NSD_OK; -} - -int lookup(nsd_file_t *rq) -{ - char *map; - char *key; - char *addr; - struct in_addr *ip_list; - struct node_status *status; - int i, count, len, size; - char response[1024]; - BOOL found = False; - - nsd_logprintf(NSD_LOG_MIN, "entering lookup (wins)\n"); - if (! rq) - return NSD_ERROR; - - map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0); - if (! map) { - rq->f_status = NS_FATAL; - return NSD_ERROR; - } - - key = nsd_attr_fetch_string(rq->f_attrs, "key", (char*)0); - if (! key || ! *key) { - rq->f_status = NS_FATAL; - return NSD_ERROR; - } - - response[0] = '\0'; - len = sizeof(response) - 2; - - /* - * response needs to be a string of the following format - * ip_address[ ip_address]*\tname[ alias]* - */ - if (strcasecmp(map,"hosts.byaddr") == 0) { - if ( status = lookup_byaddr_backend(key, &count)) { - size = strlen(key) + 1; - if (size > len) { - free(status); - return NSD_ERROR; - } - len -= size; - strncat(response,key,size); - strncat(response,"\t",1); - for (i = 0; i < count; i++) { - /* ignore group names */ - if (status[i].flags & 0x80) continue; - if (status[i].type == 0x20) { - size = sizeof(status[i].name) + 1; - if (size > len) { - free(status); - return NSD_ERROR; - } - len -= size; - strncat(response, status[i].name, size); - strncat(response, " ", 1); - found = True; - } - } - response[strlen(response)-1] = '\n'; - free(status); - } - } else if (strcasecmp(map,"hosts.byname") == 0) { - if (ip_list = lookup_byname_backend(key, &count)) { - for (i = count; i ; i--) { - addr = inet_ntoa(ip_list[i-1]); - size = strlen(addr) + 1; - if (size > len) { - free(ip_list); - return NSD_ERROR; - } - len -= size; - if (i != 0) - response[strlen(response)-1] = ' '; - strncat(response,addr,size); - strncat(response,"\t",1); - } - size = strlen(key) + 1; - if (size > len) { - free(ip_list); - return NSD_ERROR; - } - strncat(response,key,size); - strncat(response,"\n",1); - found = True; - free(ip_list); - } - } - - if (found) { - nsd_logprintf(NSD_LOG_LOW, "lookup (wins %s) %s\n",map,response); - nsd_set_result(rq,NS_SUCCESS,response,strlen(response),VOLATILE); - return NSD_OK; - } - nsd_logprintf(NSD_LOG_LOW, "lookup (wins) not found\n"); - rq->f_status = NS_NOTFOUND; - return NSD_NEXT; -} - -#else -/**************************************************************************** -gethostbyname() - we ignore any domain portion of the name and only -handle names that are at most 15 characters long - **************************************************************************/ -NSS_STATUS -_nss_wins_gethostbyname_r(const char *name, struct hostent *he, - char *buffer, size_t buflen, int *errnop, - int *h_errnop) -{ - char **host_addresses; - struct in_addr *ip_list; - int i, count; - size_t namelen = strlen(name) + 1; - - memset(he, '\0', sizeof(*he)); - - ip_list = lookup_byname_backend(name, &count); - if (!ip_list) { - return NSS_STATUS_NOTFOUND; - } - - if (buflen < namelen + (2*count+1)*INADDRSZ) { - /* no ENOMEM error type?! */ - return NSS_STATUS_NOTFOUND; - } - - - host_addresses = (char **)buffer; - he->h_addr_list = host_addresses; - host_addresses[count] = NULL; - buffer += (count + 1) * INADDRSZ; - buflen += (count + 1) * INADDRSZ; - he->h_addrtype = AF_INET; - he->h_length = INADDRSZ; - - for (i=0;ih_name = buffer; - - return NSS_STATUS_SUCCESS; -} - - -NSS_STATUS -_nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, - char *buffer, size_t buflen, int *errnop, - int *h_errnop) -{ - if(af!=AF_INET) { - *h_errnop = NO_DATA; - *errnop = EAFNOSUPPORT; - return NSS_STATUS_UNAVAIL; - } - - return _nss_wins_gethostbyname_r(name,he,buffer,buflen,errnop,h_errnop); -} -#endif -- cgit